This is a small project using Ansible - Playbooks that runs tasks on some machines.
- A primary server called bastion which will execute the playbooks.
- Slaves machines that will receive the tasks.
- Acces via SSH to slaves machines.
Its neccesary to install the module collection Ansible Posix to execute the playbooks correctly.
Oficial documentation here.
And also is needed the module community.general.ufw for manage firewall with UFW
Oficial documentation here.
- The first step is cloning the repository.
git clone https://github.com/Agustin107x/Practica-Obligatorio.git
cd Practica-Obligatorioand then, modify the file inventory.ini (./inventory/inventory.ini) with the hostname and IPs of slaves.
[centos]
centos-srv ansible_host=192.168.2.10 # Replace with real IP and Hostname
[ubuntu]
ubuntu-srv ansible_host=192.168.2.30 # Replace with real IP and Hostname
[linux:children]
centos
ubuntu
[linux:vars]
ansible_user=sysadmin # Change if you want to use other user.
[webserver]
centos-srv # Replace if neccesary- And the second step is to verify in the playbook webserver.yml that the IP is the same as our centos machine
- name: Add domain name to hosts
ansible.builtin.lineinfile:
path: /etc/hosts
line: "192.168.2.10 www.ejemplo.com.uy" ##Here
state: present
delegate_to: localhost
connection: local- It is necessary to use ssh-copy-id in bastion with the sysadmin user and the ip of the slave machines for example:
ssh-copy-id sysadmin@192.168.2.10 To install the necessary dependencies, execute:
ansible-galaxy install -r collections/requirements.ymlTo run web_setup.yml:
ansible-playbook -i inventory/inventory.ini web_setup.yml --ask-become-passTo run hardening.yml:
ansible-playbook -i inventory/inventory.ini hardening.yml --ask-become-pass- Git and Ansible is installed in bastion
- SSH is installed and enabled in all machines.