wiki

User Tools

Site Tools

Trace:
ansible:ansible_sandbox

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
ansible:ansible_sandbox [2025/02/21 16:26]
manu [Test 2 with roles] 		ansible:ansible_sandbox [2025/05/28 10:28] (current)
manu [Test 4 insertafter using bash]
Line 138: Line 138:
 </​code>​ </​code>​
  
-cat roles/​ssh/​main.yml+cat group_vars/​all.yml 
 +<​code>​ 
 +--- 
 +# general settings 
 +default_username:​ debian 
 +dot_forward_email:​ <​YOUR_EMAIL_GOES_HERE>​ 
 +private_key:​ .ssh/​id_rsa 
 +public_key: .ssh/​id_rsa.pub 
 +ntpserver: pool.ntp.org 
 +timezone: Europe/​Rome 
 + 
 +# default sshd port 
 +sshd_port: 22 
 + 
 +# generate random passwords for default user and root user 
 +default_password:​ "​{{lookup('​password',​ '/​dev/​null length=15 chars=ascii_letters,​digits,​punctuation'​)}}"​ 
 +root_password:​ "​{{lookup('​password',​ '/​dev/​null length=15 chars=ascii_letters,​digits,​punctuation'​)}}"​ 
 + 
 +# unattended packages install configuration 
 +unattended_mail:​ "​{{dot_forward_email}}"​ 
 +unattended_remove_unused_dependencies:​ true 
 +unattended_automatic_reboot_time:​ "​03:​00"​ 
 +unattended_update_days:​ "​Sat"​ 
 +unattended_clean_interval:​ 7 
 + 
 +# fail2ban 
 +fail2ban_loglevel:​ INFO 
 +fail2ban_services:​ 
 +  - name: ssh 
 +    port: ssh 
 +    filter: sshd 
 +    logpath: /​var/​log/​auth.log 
 +</​code>​ 
 + 
 +cat roles/ssh/tasks/main.yml
 <​code>​ <​code>​
     - name: secure ssh configuration ​     - name: secure ssh configuration ​
Line 215: Line 249:
       notify: restart ssh service       notify: restart ssh service
 </​code>​ </​code>​
 +
 +cat roles/​ssh/​handlers/​main.yml
 +<​code>​
 +    - name: restart ssh service
 +      become: yes
 +      service: ​
 +        name: ssh
 +        state: restarted
 +</​code>​
 +
 +cat roles/​others/​tasks/​main.yml
 +<​code>​
 +- name: include Debian.yml
 +  include_tasks:​ Debian.yml
 +  when: ansible_os_family == '​Debian'​
 +- name: include RedHat.yml
 +  include_tasks:​ RedHat.yml
 +  when: ansible_os_family == '​RedHat'​
 +</​code>​
 +
 +cat roles/​others/​tasks/​Debian.yml
 +<​code>​
 +- name: install others
 +  apt:
 +    name: ['​bash-completion',​ '​htop',​ '​rsync',​ '​tmux',​ '​nmap',​ '​netcat-openbsd',​ '​gawk'​]
 +    state: present
 +  when: ansible_os_family == '​Debian'​
 +</​code>​
 +
 +cat roles/​others/​tasks/​Redhat.yml
 +<​code>​
 +- name: install others
 +  yum: name={{ item }} state=present
 +  when: ansible_os_family == '​Redhat'​
 +  with_items:
 +    - bash-completion
 +    - tig
 +    - wget
 +    - htop
 +    - rsync
 +    - tmux
 +    - nmap
 +    - nmap-ncat
 +</​code>​
 +
 +===== Test 3 backup file =====
 +
 +
 +        ​
 +File is backuped with format **2025-02-23T14:​30:​00Z**
 +<cli prompt='#'>​
 +---
 +- name: Backup file if it exists
 +  hosts: localhost
 +  tasks:
 +    - name: Check if the file exists
 +      stat:
 +        path: /​path/​to/​your/​file
 +      register: file_stat
 +
 +    - name: Create a backup if the file exists
 +      copy:
 +        src: /​path/​to/​your/​file
 +        dest: "/​path/​to/​backup/​file_{{ ansible_date_time.iso8601 }}.bak"​
 +        remote_src: yes
 +      when: file_stat.stat.exists
 +</​cli>​
 +
 +Backup only if modified
 +<cli prompt='#'>​
 +---
 +- name: Backup file if it is different
 +  hosts: localhost
 +  tasks:
 +    - name: Get the checksum of the current file
 +      stat:
 +        path: /​path/​to/​your/​file
 +      register: file_stat
 +
 +    - name: Get the checksum of the last backup (if exists)
 +      stat:
 +        path: "/​path/​to/​backup/​file_last.bak"​
 +      register: backup_stat
 +      ignore_errors:​ yes
 +
 +    - name: Compare the current file checksum with the backup checksum
 +      command: "​sha256sum /​path/​to/​your/​file | awk '{ print $1 }'"​
 +      register: current_checksum
 +      when: file_stat.stat.exists
 +
 +    - name: Compare the backup checksum (if backup exists)
 +      command: "​sha256sum /​path/​to/​backup/​file_last.bak | awk '{ print $1 }'"​
 +      register: backup_checksum
 +      when: backup_stat.stat.exists
 +
 +    - name: Backup the file if checksums are different
 +      copy:
 +        src: /​path/​to/​your/​file
 +        dest: "/​path/​to/​backup/​file_{{ ansible_date_time.iso8601 }}.bak"​
 +        remote_src: yes
 +      when: 
 +        - file_stat.stat.exists
 +        - (backup_stat.stat.exists == false or current_checksum.stdout != backup_checksum.stdout)
 +</​cli>​
 +
 +===== Test 4 insertafter using bash =====
 +
 +<cli>
 +---
 +- name: Insert line after pattern using bash
 +  hosts: all
 +  become: true
 +  tasks:
 +    - name: Insert line after pattern using sed
 +      shell: |
 +        if ! grep -q '​^new_config_line=value$'​ /​etc/​example.conf;​ then
 +          sed -i '/# INSERT HERE/a new_config_line=value'​ /​etc/​example.conf
 +        fi
 +      args:
 +        executable: /bin/bash
 +</​cli> ​       ​
 +
 +https://​stackoverflow.com/​questions/​70162334/​in-ansible-how-do-i-add-a-line-without-delete-comment
 +
 +https://​www.theunixschool.com/​2012/​06/​insert-line-before-or-after-pattern.html
 +
 +
ansible/ansible_sandbox.1740151603.txt.gz · Last modified: 2025/02/21 16:26 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki