Create an ec2 instance using anisble

---

- name: Create an ec2 instance
  hosts: web
  gather_facts: false

  vars:
      region: us-east-1
      instance_type: t2.micro
      ami: ami-05ea7729e394412c8
      keypair:

  tasks:

    - name: Create an ec2 instance
      ec2:
         aws_access_key: '********************'
         aws_secret_key: '****************************************'
         key_name: "{{ keypair }}"
         group: launch-wizard-26
         instance_type: "{{ instance_type }}"
         image: "{{ ami }}"
         wait: true
         region: "{{ region }}"
         count: 1
         vpc_subnet_id: subnet-02f498e16fd56c277
         assign_public_ip: yes
    register: ec2

Install software on remote windows machine

### Input Declaration

$targetHost = "localhost";
$targerFilePath = "\\$computer\C$\Tasks\Gateway"
$sourceFilePath = "c:\scripts\Tasks\*"
$ansibleInstallerPath = "c:\windows\Tasks\Cyberduck-Installer-7.0.1.30930.exe";
$pythonInstallerPath = "c:\windows\Tasks\Cyberduck-Installer-7.0.1.30930.exe";



### MainCode
   

### Check existence of gateway file and copy
if(![System.IO.File]::Exists($path))
  {
   ### Gateway Folder already Exists
   Write-Host "GatewayFolder already exists.";
   ###Copy all the content from engine & paste all the remote gateway
   Write-Host "Copy all the content from engine to gateway";
   Copy-Item $sourceFilePath $targerFilePath
 
        ###Trigger Ansible installer
        $installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq 'ansible' }) -ne $null
              If(-Not $installed)
        {
        Write-Host "Ansible  NOT is installed.";
            Write-Host "Installing ansible";

                Invoke-Command -ComputerName $targetHost -ScriptBlock {
                Start-Process $ansibleInstallerPath -ArgumentList '/silent' -Wait
                }
         }
         else
         {
        Write-Host "Ansible is already installed."
         }

        ###Trigger Python installer
        $installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq 'Python' }) -ne $null

        If(-Not $installed)
        {
        Write-Host "Python  NOT is installed.";
            Write-Host "Installing Python";

                Invoke-Command -ComputerName $targetHost -ScriptBlock {
                Start-Process $pythonInstallerPath -ArgumentList '/silent' -Wait
               
                }
         }
         else
         {
             Write-Host "Pyhton is already installed."
         }


        }
 else
 {
   ### Create Gateway Folder
    New-item -itemtype directory -path "Gateway"
      if(![System.IO.File]::Exists($path))
        {

           ###Copy all the content from engine & paste all the remote gateway 
              Copy-Item $sourceFilePath $targerFilePath

              Start-Sleep -s 15

           ###Trigger Ansible installer
              $installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq 'ansible' }) -ne $null

              If(-Not $installed)
        {
        Write-Host "Ansible  NOT is installed.";
            Write-Host "Installing ansible";

                Invoke-Command -ComputerName $targetHost -ScriptBlock {
                Start-Process $ansibleInstallerPath -ArgumentList '/silent' -Wait
               
                }
         }
         else
         {
             Write-Host "Ansible is already installed."
         }

    ###Trigger Python installer
        $installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq 'Python' }) -ne $null

        If(-Not $installed)
        {
        Write-Host "Python  NOT is installed.";
            Write-Host "Installing Python";

                Invoke-Command -ComputerName $targetHost -ScriptBlock {
                Start-Process $pythonInstallerPath -ArgumentList '/silent' -Wait
               
                }
         }
         else
         {
             Write-Host "Pyhton is already installed."
         }


        }
 

        }
        else
        {
          ### Unable to create Gateway Folder

                   Write-Host "Unable to create Gateway folder"
        }

Install software on remote linux machine

### Input Declaration

targetHost=localhost
targerFolderPath=/opt/raghu/gateway
sourceFolderPath=/tmp
ansibleInstallerPath=/opt/raghu
pythonInstallerPath=/opt/raghu


### Main Code

### Check existance of gateway file and copy

if [ -d $targerFolderPath ]; then
     echo "$targerFolderPath exist"
     #Copy all the content from engine & paste all the remote gateway
      sshpass -p "Pass@123" scp -r /tmp root@localhost:/opt/raghu/gateway


          if command -v python3.6 &>/dev/null; then
           echo Python 3 is already installed
           exit 1
          else
           echo Python 3 is not installed
           yum install gcc openssl-devel bzip2-devel -y
           cd /usr/src
           wget https://www.python.org/ftp/python/3.6.8/Python-3.6.8.tgz
           tar xzf Python-3.6.8.tgz
           cd Python-3.6.8
           ./configure --enable-optimizations
           make altinstall
           rm /usr/src/Python-3.6.8.tgz
           if command -v python3.6 &>/dev/null; then
              echo Python 3 is installed
              if command -v ansible &>/dev/null; then
                 echo anisble is already installed
                 exit 1
              else
                 echo ansible is not installed
                 echo installing ansible
                 pip3.6 install ansible
                     if command -v ansible &>/dev/null; then
                        echo installed ansible
                        exit 1
                     else
                        echo unable to install ansible by automation
                        exit 1
                     fi
              fi   
           else
              echo Unable to install python3 by automation
              exit 1
           fi
           fi

else
     echo "$targerFolderPath does not exist"
     mkdir -p /opt/raghu/gateway;
     #Copy all the content from engine & paste all the remote gateway\
     sshpass -p "Pass@123" scp -r /tmp root@localhost:/opt/raghu/gateway

      if [ -d $targerFolderPath ]; then
        echo "created gatewayfolder"

          if command -v python3.6 &>/dev/null; then
           echo Python 3 is already installed
           exit 1
          else
           echo Python 3 is not installed
           yum install gcc openssl-devel bzip2-devel -y
           cd /usr/src
           wget https://www.python.org/ftp/python/3.6.8/Python-3.6.8.tgz
           tar xzf Python-3.6.8.tgz
           cd Python-3.6.8
           ./configure --enable-optimizations
           make altinstall
           rm /usr/src/Python-3.6.8.tgz

           if command -v python3.6 &>/dev/null; then
              echo Python 3 is installed
              if command -v ansible &>/dev/null; then
                 echo anisble is already installed
                 exit 1
              else
                 echo ansible is not installed
                 echo installing ansible
                 pip3.6 install ansible
                     if command -v ansible &>/dev/null; then
                        echo installed ansible
                        exit 1
                     else
                        echo unable to install ansible by automation
                        exit 1
                     fi
               fi
            else
             echo Unable to install python3 by automation
             exit 1
            fi
         fi 
       else
        echo unable to create gateway via automation
        exit 1
       fi     
fi

Error : ERROR: Failed to log in as st2admin1: 401 Client Error: Unauthorized MESSAGE: Invalid or missing credentials for url: http://127.0.0.1:9100/tokens

 cd ~/.st2/token

 rm token-stadmin 

Ansible playbook to configure and install LDAP

---

- name: Create the directory for ldap database
  file: path=/var/lib/ldap/{{ openldap_server_domain_name }}/ state=directory owner={{ openldap_server_user }} group={{ openldap_server_user }}

- name: Create the directory for ldap certificates
  file: path={{ openldap_server_app_path }}/certs/ state=directory owner={{ openldap_server_user }} group={{ openldap_server_user }}

- name: Generate the private key for certificate request
  shell: openssl genrsa -des3 -passout pass:password -out my1.key 1024 chdir={{ openldap_server_app_path }}/certs/
         creates={{ openldap_server_app_path }}/certs/my1.key

- name: Strip the passphrase from the key
  shell: openssl rsa -in my1.key -passin pass:password -out my.key chdir={{ openldap_server_app_path }}/certs/
         creates={{ openldap_server_app_path }}/certs/my.key

- name: Create and sign the the new certificate
  shell: openssl req -new -x509 -subj '/C={{ openldap_server_country }}/ST={{ openldap_server_state }}/L={{ openldap_server_location }}/O={{ openldap_server_organization }}/CN={{ ansible_hostname }}/' -days 3650 -key my.key -out cert.crt -extensions v3_ca chdir={{ openldap_server_app_path }}/certs/   creates={{ openldap_server_app_path }}/certs/cert.crt

- name: copy the supporting files
  copy: src=ldap dest=/etc/sysconfig/ldap mode=0755
  when: openldap_server_enable_ssl and ansible_os_family == 'RedHat'
  notify:
   - restart slapd


- name: copy the supporting files
  copy: src=slapd_fedora dest=/etc/sysconfig/slapd mode=0755
  when: openldap_server_enable_ssl and ansible_distribution == "Fedora"
  notify:
   - restart slapd

- name: copy the supporting files
  copy: src=slapd dest=/etc/default/slapd mode=0755
  when: openldap_server_enable_ssl and ansible_os_family == 'Debian'
  notify:
   - restart slapd

- name: start the slapd service
  service: name=slapd state=started enabled=yes
 
- name: Copy the template for creating base dn
  template: src={{ openldap_server_ldif }} dest=/tmp/
  register: result

- name: add the base domain
  shell: ldapadd -x -D "cn=Manager,dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" -w {{ openldap_server_rootpw }} -f {{ result.dest|default(result.path) }} && touch {{ openldap_server_app_path }}/rootdn_created creates={{ openldap_server_app_path }}/rootdn_created

- name: Create the directory for ldap database

  file: path=/var/lib/ldap/{{ openldap_server_domain_name }}/ state=directory owner={{ openldap_server_user }} group={{ openldap_server_user }}

- name: Create the directory for ldap certificates

  file: path={{ openldap_server_app_path }}/certs/ state=directory owner={{ openldap_server_user }} group={{ openldap_server_user }}

- name: Generate the private key for certificate request

  shell: openssl genrsa -des3 -passout pass:password -out my1.key 1024 chdir={{ openldap_server_app_path }}/certs/ 

         creates={{ openldap_server_app_path }}/certs/my1.key

- name: Strip the passphrase from the key 

  shell: openssl rsa -in my1.key -passin pass:password -out my.key chdir={{ openldap_server_app_path }}/certs/ 

         creates={{ openldap_server_app_path }}/certs/my.key

- name: Create and sign the the new certificate 

  shell: openssl req -new -x509 -subj '/C={{ openldap_server_country }}/ST={{ openldap_server_state }}/L={{ openldap_server_location }}/O={{ openldap_server_organization }}/CN={{ ansible_hostname }}/' -days 3650 -key my.key -out cert.crt -extensions v3_ca chdir={{ openldap_server_app_path }}/certs/   creates={{ openldap_server_app_path }}/certs/cert.crt

- name: copy the supporting files

  copy: src=ldap dest=/etc/sysconfig/ldap mode=0755

  when: openldap_server_enable_ssl and ansible_os_family == 'RedHat'

  notify: 

   - restart slapd

- name: copy the supporting files

  copy: src=slapd_fedora dest=/etc/sysconfig/slapd mode=0755

  when: openldap_server_enable_ssl and ansible_distribution == "Fedora"

  notify: 

   - restart slapd

- name: copy the supporting files

  copy: src=slapd dest=/etc/default/slapd mode=0755

  when: openldap_server_enable_ssl and ansible_os_family == 'Debian'

  notify: 

   - restart slapd

- name: start the slapd service

  service: name=slapd state=started enabled=yes 

  

- name: Copy the template for creating base dn

  template: src={{ openldap_server_ldif }} dest=/tmp/

  register: result

- name: add the base domain

  shell: ldapadd -x -D "cn=Manager,dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" -w {{ openldap_server_rootpw }} -f {{ result.dest|default(result.path) }} && touch {{ openldap_server_app_path }}/rootdn_created creates={{ openldap_server_app_path }}/rootdn_created 

Ansible playbook to create shared folder

---

- hosts: unix
  sudo: yes
  connection: local
  tasks:
    - command: groupadd dev2
    - command: groupadd ops2
    - command: mkdir /home/spk2
    - command: chgrp dev /home/spk2

Ansible playbook to configure samba

---
- hosts: unix
  sudo: yes
  connection: local
  tasks:
   - apt:
       name: samba
       state: present
   - template:
       src: '/etc/samba/smb.conf2'
       dest: '/etc/samba/smb.conf2'
       owner: 'root'
       group: 'root'
   

     notify:  Restart Samba service   

  handlers:
   - name: Restart Samba service
     service: name=smb  state=restarted   

Ansible playbook to configure DNS named bind service

---
# tasks file for dns
- name: Install bind
  yum:
    pkg: bind
    state: installed

- name: Set hostname
  hostname:
    name: "{{ host_name }}"

- name: Set hostname fact
  set_fact:
    ansible_fqdn: "{{ host_name }}"

- name: Copy named conf file
  template:
    src: named.conf.j2
    dest: /etc/named.conf
    owner: root
    group: named
    mode: 0660
  notify: restart named

- name: Make named directory
  file:
    path: /etc/named
    state: directory
    owner: root
    group: named
    mode: 0750

- name: Copy named conf local file
  template:
    src: named.conf.local.j2
    dest: /etc/named/named.conf.local
    owner: root
    group: named
    mode: 0640
  notify: restart named


- name: Make zones Directory
  file:
    path: /etc/named/zones
    state: directory
    owner: root
    group: named
    mode: 0750

- name: Copy forward file
  template:
    src: db.forward.j2
    dest: /etc/named/zones/db.{{ domain }}
    owner: root
    group: named
    mode: 0640
  notify: restart named


- name: Copy reverse file
  template:
    src: db.reverse.j2
    dest: /etc/named/zones/db.{{ rev_domain }}
    owner: root
    group: named
    mode: 0640
  notify: restart named

- name: Open firewall port
  firewalld:
    service: dns
    permanent: true
    state: enabled
    immediate: yes

Ansible playbook to Copy named conf local file

- name: Copy named conf local file
  template:
    src: named.conf.local.j2
    dest: /etc/named/named.conf.local
    owner: root
    group: named
    mode: 0640
  notify: restart named

Ansible playbook to Make named directory

 

- name: Make named directory
  file:
    path: /etc/named
    state: directory
    owner: root
    group: named
    mode: 0750

Ansible playbook to Copy named conf file

- name: Copy named conf file
  template:
    src: named.conf.j2
    dest: /etc/named.conf
    owner: root
    group: named
    mode: 0660
  notify: restart named

Ansible Playbook to set FQDN

- name: Set hostname fact
  set_fact:
    ansible_fqdn: "{{ host_name }}"

Ansible playbook to set hostname

- name: Set hostname
  hostname:
    name: "{{ host_name }}"

Ansible Playbook to Install Bind

- name: Install bind
  yum:
    pkg: bind
    state: installed

Ansible Playbook to open firewall port (DNS) (firewalld)

- name: Open firewall port
  firewalld:
    service: dns
    permanent: true
    state: enabled
    immediate: yes

Ansible playbook to Install DFS on Windows server

- name: Install DFS

    win_feature:

     name: FS-DFS-Namespace

     include_management_tools: yes

     include_sub_features: yes

     state: present

    register: result

Ansible playbook to Add AD user to OU group

    win_domain_user:

     name: user4

     firstname: mouni

     surname: motam

     company: Netenrich

     password: mouni123

     state: present

     groups:

      - Operatonal Team

Ansible playbook to Add group and specify the AD domain services to use for the create win_domain_group (OU )

     name: Operatonal Team

     domain_username: user123

     domain_password: user123

     domain_server: team1.local

     scope: domainlocal

Ansible playbook to Configure DNS on Windows server

- name: Installing Windows DNS Server

    win_feature:

     name: DNS

     state: present

     windows_dns_server_state: present

     include_management_tools: yes

  - name:Configure DNS

    win_dns_client:

     adapter_names: "Ethernet"

     ipv4_addresses: 10.0.0.1

Ansible playbook to Configure Active directory on Windows server

tasks:

  - name: Install AD Services feature

    win_feature:

     name: AD-Domain-Services

     include_management_tools: yes

     include_sub_features: yes

     state: present

    register: result

  - name: Create new forest

    win_domain:

     dns_domain_name: team1.local

     safe_mode_password: team1@123

    register: result

  - name: Reboot after creation

    win_reboot:

     msg: "Server config in progress; rebooting..."

    when: result.reboot_required

Ansible playbook for downloading backup on cisco firewall ASA

---

- hosts: asa

  connection: cli

  vars:

            cli:

    host: 192.22.110.196

    username: cisco

    password: cisco123

    transport: cli

    authorize: yes

    auth_pass: cisco

  tasks:

  asa_config:

    lines:

      - access-group cloud-acl_access_in in interface cloud13

    provider: "{{ cli }}"

    backup: yes

    backup_options:

      filename: backup.cfg

      dir_path: /home/user

Ansible playbook to sanity check on cisco firewall ASA

Health check commands: 

---

- hosts: sw

  connection: network_cli

  tasks:

   - name: show commands

     asa_commands:

                commands:

                          -  show version

                          -  show uptime

                          -  show memory

                          - show asadrops

            delegate_to: localhost

            register: managedhost_output

   - name: print           

             debug:

             msg: "{{ managedhost_output.stdout }}"

Ansible playbook for Network Object Creation on cisco firewall ASA

---

- hosts: asa

  tasks:

   - name: configure network object

      asa_og:

              name: ansible

              group_type: network-object

              state: present

              desciption: ansible testing

              host_ip:

                - 192.168.10.10

               group_object:

               - internal router

Ansible playbook for Service Object Creation on cisco firewall ASA

---

- hosts: asa

  tasks:

  - name: asa_config module

    asa_config:

             provider:

             authorize: yes

             host: 192.22.110.96

             username: cisco

             password: cisco123

             auth_pass:      cisco123 

  - name: Add service-object

   asa_og:

     name: ansible_test_2

             host: 8.8.8.8

     group_type: service-object

     state: present

             protocol: tcp

     description: 'HTTP'

Ansible playbook for Access list Creation on cisco firewall ASA ( Web Policy Restriction )

---

- hosts: asa

  connection: cli

  vars:

            cli:

    host: 192.168.1.1

    username: cisco

    password: cisco123

    transport: cli

    authorize: yes

    auth_pass: cisco

  tasks:

   - name: restricting google

     - asa_acl:

         lines:

                          - access-list ACL-OUTSIDE extended deny tcp any host 8.8.8.8 eq 80

                          context: cisco

                          provider: "{{ cli }}"

Ansible playbook for VLAN Creation on cisco switch

---

- hosts: sw

  connection: network_cli

  tasks:

   - name: creating vlan

     ios_vlan:

               authorize: yes

               provider:

                username: cisco

                        password: cisco123

                        host: 172.22.110.201

               vlan_id: 20

               name: testvlan1

               state: present

Ansible playbook for User Creation on cisco switch

---

- hosts: sw

  connection: network_cli

  tasks:

   - name: creating user

     ios_config:

               provider:

                username: cisco

                        password: cisco123

                        host:  172.22.110.201

               lines:

        - username srini privilege 1 password secret456

        - line console 0

        - login local

        - end      

Ansible playbook for Banner Creation on cisco switch

---

- hosts: sw

  connection: network_cli

  tasks:

   - name: install banner

     ios_banner:

        banner: motd

        text: |

        unauthorized access is prohibited

        state: present     

Ansible playbook accessing variables from var file

---
- hosts: raghu
  vars_files:
      - firstplaybookvars.yml
  tasks:
      - name: Create file
        file:
            path: "{{ path }}"
            state: "{{ state }}"
        notify:
           - restart apache

  handlers:
      - name: restart apache
        service: name=httpd state=started

---
path: /tmp/raghu
state: touch

Ansible playbook with notify and handlers example

---
- hosts: raghu
  vars:
      path: /tmp/raghu
      state: touch
  tasks:
      - name: Create file
        file:
            path: "{{ path }}"
            state: "{{ state }}"
        notify:
           - restart apache

  handlers:
      - name: restart apache
        service: name=httpd state=started

Ansible playbook loop with condition example

  tasks:
      - name: Create file
        file:
            path: "{{ item.path }}"
            state: "{{ item.state }}"
        loop:
            - { path: '/tmp/ragx' , state: 'touch' }
        when: item.path == '/tmp/raghu'

Ansible playbook loop example

  tasks:
      - name: Create file
        file:
            path: "{{ item.path }}"
            state: "{{ item.state }}"
        loop:
            - { path: '/tmp/raghu' , state: 'touch' }
            - { path: '/opt/raghu' , state: 'touch' }

Ansible playbook vars example

---
- hosts: raghu
  vars:
      path: /tmp/raghu
      state: touch
  tasks:
      - name: Create file
        file:
            path: "{{ path }}"
            state: "{{ state }}"

Ansible playbook to create folder

---
- hosts: raghu

  tasks:
      - name: Create file
        file:
            path: /tmp/raghu
            state: touch

ansible vault

ansible-vault create vault.yml
ansible-vault view vault.yml
ansible-vault edit vault.yml
ansible-vault decrypt vault.yml
ansible-vault rekey vault.yml

ansible-playbook site.yml --ask-vault-pass
ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt