DevOps Hunter Security Automation

Hey DevOps, DevSecOps Engineers, SRE new bees here I am going to share the Learnings which I've executed every day found that this the best and new tip to improve the performance of ansible playbook executions sorted out and listed here. Planning and designing automation with Ansible Most common DevOps tool used for Planning and Designing is Confluence page Design document must contain a  clear " Objective " - where you will be describe why you wish to do automation on what area Tracking purpose always use a ticketing tool entry preferred tool Jira The design can be breakdown into two levels High level design where we will detail about what each task need to be covered Low level design where we discuss in-depth ideology on each task along with the possible constraints   Usage of global variables (AWX UI use extra vars, host_vars, group_vars etc) discuss their necessity AWX/Tower Job template construct possible options as input to handle overall objective, if...

Here I'm starting this post with famous ARISTOTLE quote. "We are what we repeatedly do. Excellence, then is not an act, but a Habit" Welcome back Ansible Automations and who are habituated as Ansible automation specialists this post for them to give boosted walk through, In this post, I would like to share my experiments with Jinja2 templates usage on the Ansible playbook. Of-course Jinja is from Japan it is world famous for templatization capabilities by integrating with multiple languages such as Python, Ruby, Salt talk etc. In this post we will be cover the following topics: What is Jinja2 template do? Template with filters Template with Lists and sets Template module in Ansible Template with Flow Control Template using Looping Template inheritance** What is Jinja template do? Jinja2 is another Python library created for Flask web framework, that comes part of Ansible installation. It is special ability as interpolate or put stuff into YAML Variables(other strings). ...

  Delegation to a host Here is an example where we can delegate the task to a particular host. This play book is using inventory_hostname from the gather facts. - name: Delegation to localhost hosts: all tasks: - name: create a file on target server file: path: /tmp/i_m_on_target_server.txt state: touch - name: create a file with host named file by delegation to localhost file: state: touch path: "/tmp/{{ inventory_hostname }}.txt" delegate_to: localhost connection paramer We can use this "connection" parameter add to your task level or play level. # Filename: connection_local.yml # To do some task on ansible server # local means without doing ssh command (no need of password and no need of ssh keys) # with the local connection parameter for the play --- - name: This is to determine how the connection parameter works with local hosts: app connection: local gather_facts: false tasks: - name: connecti...

Hello DevOps Automations Engineers!!  Ansible provides us special command 'ansible-vault' that is used to encrypt, decrypt, view an Ansible  playbook, this is also have amazing feature specific to role, vars YAML files, we can apply this to string of text in regular variables.  Why do we need to encrypt our Play books? Our Ansible automation projects, we need to work on multiple tasks and which may have some sensitive data such as database user credentials, any cloud IAM role details or it can be some other applications login credentials that's used to validate URL availability. Or it can be used to store the SSL certificates. At any point of time if the system is using plain text and it  has trouble to your confidential and sensitive data otherwise it could causes huge damage to your organization. Where we need a way to store the sensitive data can be protected by data encryption  tool, and this can be done using the Ansible-vault command.  Le...

Hello DevOps Experts!! let's zoom  into the usage of the Ansible Handlers and notifies   What are Ansible Handlers? The handlers section or the tasks defined under the handlers folder are executed at the end of the play once all tasks are finished. In the handlers tasks we are typically do either start, reload, restart and stop services. Sometimes we may need to execute the task only when a particular change is made that can be notified.  Simple example of Apache web server when we modify httpd.conf file then we want to restart the httpd service.  When we were working on Tomcat, when tomcat service is enabled. then there is a need for the reload firewalld service this is where we need to move this reload task under handlers and the enable tomcat service should have notify the task name 'reload firewalld service'. These are the perfect examples for handlers usage in Ansible play. So here the point is that handler tasks will be performed only when they are notif...

 Hey DevOps or DevSecOps or SRE Guys!! What's up? in the automation journey one more wonderful learning here!  In this post we will be implementing all our Ansible modules one after other to build a complete solution for Java based Application server installation and running using Ansible playbook. At present Tomcat latest version is 10.0.27 so I've used same  Pre-requisites:  To install Apache Tomcat there is separate JDK/JRE compatibility we need to validate before we proceed Create a dedicated user account as 'tomcat' with shell as bash  to manage Tomcat application server Create a separate directory for tomcat server to be installed Execution of multiple tasks in the Playbook will be as follows: Download the Tomcat software from Apache Tomcat 10.0.27.tar.gz Uncompressing the tomcat tar.gz file Change the file permissions and ownership Cleanup after unarchive the tar.gz file Start the Tomcat server Have a task to stop the Tomcat server --- - n...

 Ansible playbook can be a construct of multiple plays or each play may contains multiple tasks. This is where we may have situation where you need to add new task to the existing play or playbook, and we need to test many times that newly added task.  While testing multiple times we many don't want to execute certain tasks such as a task 'Send email notification' when you preparing a 'Reboot of server' or 'Restart of Service' or 'Deployment of a service'. During the testing time you may want to exclude these notification tasks.  There are situations where we might want to run a particular task as per the input at the run time of a playbook. This may be from AWX/Tower UI select them. Ansible tags - to control the tasks of a Playbook I will be explaining in this post, How to run or not to run a particular task in given  playbook.  Important concepts about Ansible tags Ansible tags are keys to identify and control the tasks for execution or exclude fr...

Hey DevOps Team, In this post I would like to give you the knowledge on the special feature about Ansible Facts and we can also customize these facts as global variables to use in multiple playbooks. What is ansible facts?  Ansible facts are just simple variables that are automatically discovered by ansible on a managed nodes. such as system information disk info, os info, package info IP Network and many more ... Why we manage facts? Default these facts will be automatically collected exclusively we need to disable some times. - multiple play in a playbook How can we use facts? we want to run only when enough memory is available on the target machine then install the package. That is the smartest way to do the automation! --- # File : hello.yaml - name: Facts example hosts: "{{targets|default('localhost')}}" tasks: - name: prints details debug: msg: "Hello this machine have {{ ansible_memory_mb['real'] }}" whe...

Hello everyone!! In this post I would like to experiment with the failure handling with block-rescue-always block in a Ansible tasks in playbook.  Prerequisites * Ansible installed and their must be Target nodes * Basic understanding of any programming language that uses try- catch blocks Ansible stops playbook execution on a task failure and we can choose to ignore that using 'ignore_errors' to continue with remaining tasks. (in Python we have 'pass' similar to that). If you have couple of tasks in a playbook, when first task fails Ansible stops there. But if you want to execute the next tasks even though your first task failed. --- # File name: ignore_err.yml - name: check ignore errors hosts: localhost gather_facts: false tasks: - block: - command: "ls ~/" - command: "ls ~/bin" - command: "ls /etc/hosts" become_user: root become: yes ignore_errors: yes No...

 There are many boring tasks in your daily job which can be automated easily if you know some of the tools like here, Ansible. Let's explore more on how to use the variables in the playbooks. In this post we will be covering : Basic datatypes List variables and using them Dictionary variable and accessing them Variables and Datatypes in Ansible In Ansible variables can be defined under global tasks or they can be defined at local to a task level. support all the Python supported datatypes. --- # Filename: varibles_datatypes.yml - name: varibles in ansible hosts: localhost gather_facts: false vars: a: "Vybhava Technologies" b: yes n: 100 m: 500.99 tasks: - debug: msg: - "a= {{ a }} a type: {{ a |type_debug }}" - "b= {{ b }} b type: {{ b |type_debug }}" - "n= {{ n }} n type: {{ n |type_debug }}" - "m= {{ m }} m type: {{ m |type_debug }}" The...

Ansible packages and service modules In this post I would like to take you to the most important Linux administration tasks which can be used regularly in their daily activities that can be automated with Ansible.  How do Linux Package Managers works? Every Linux Operating system allow us to install any software using package managers such as yum, dnf, apt, deb or apk any other option.  Here I've explored more details about this package mangers how they are working. If we take RedHat flavor Linux systems such as CentOS, SuSe, RHEL uses actually RPM as package manager. But the CLI clients are available such as yum (Yellowdog updater modified) and in the latest versions using improved yum that is dnf command utility which is known as "Dandified Yum".  The service or systemctl commands After installation we need to start, stop or restart or check status that service using systemctl or service command as per the System availability. Ansible package manager modules connectio...