Creating your first Ansible Environment


Lets create our first Ansible environment!


Why Use Ansible?

Ansible is a systems automation tool that makes IT management easier, in homelabs, and organizations. One of its main benefits is that it automates repetitive tasks for services and Operating Systems. This not only saves time but also reduces the chances of human error, which is crucial when maintaining security and compliance.

Ansible is also scalable, meaning it can manage a few servers or thousands without hassle. This allows you to focus on more strategic tasks rather than getting bogged down in manual configurations. The tool uses a simple YAML syntax that is easy to read, making it accessible for everyone on your team, regardless of technical skills or experience.

Another advantage is that Ansible doesn’t require agents to be installed on your servers, which simplifies security management and baselining. Fewer components means less complexity, less overhead, and fewer vulnerabilities.

How to Get Started with Ansible

To get started with Ansible, first, you’ll need to install it on a control node, a machine you’ll use to run commands. The installation process is straightforward, with clear instructions available in the Ansible documentation.

Next, create an inventory file that lists the servers you want to manage. This file tells Ansible where to apply configurations. Once your inventory is ready, you can write playbooks—these are simple YAML files that describe the tasks Ansible should perform, like installing software or changing settings.

Running your playbooks is easy with the ansible-playbook command. This will apply the tasks you’ve defined to your specified servers (inventory configuration). After execution, monitor the results and adjust your configurations as necessary. Ansible is designed to ensure that running the same playbook multiple times won’t create unwanted changes, making it safe to iterate on your setup and creating secure baseline Operating Systems, services, and their configurations.

By understanding the basics of Ansible, I can streamline my cybersecurity efforts, ensuring my systems are consistently configured and secured. 

 


For this exercise we are going to ensure we have two nodes we can control in this environment. I will be manually deploying three virtual machines on my ProxMox VE lab environment by using templates I have created. You can use VMware Virtual Player or VirtualBox as well and this does not require bare-metal hypervisors.


General steps:

  1. Creating the Control Node
  2. Create a VM Template
  3. Install Ansible on Control Node
  4. Deploy Ansible Nodes
  5. Test Ansible environment
  6. Run your first Ansible Playbook

 


Create the Control Node

Objective: Create a command or control node as a Virtual

Steps:

  1. Create a VM
  2. Install updates
  3. Install and configure SSH client and key pair

 

Create a VM 

Create a virtual machine with your preferred operating system to serve as your Ansible Control Node. I’m using ProxMox VE, and my preferred option is Rocky Linux, a GNU/Linux distribution that closely resembles enterprise RHEL. If you’re not using ProxMox VE or prefer a different operating system for your Control Node, the instructions may vary. Please refer to your virtualization platform and chosen operating system documentation for configuration guidance.

Please refer to my soon to be published blog on how to create a Virtual Machine on a ProxMox host or this YouTube video by Learn Linux TV.


I am creating a VM using the details below
VM ID: 230
Name: ansiblebox
ISO Image: Rocky-9.1-x86_64-minimal.iso
Guest OS Type: Linux
Guest OS Version: 6.x - 2.6 Kernel
Disk Size: 16 GB
CPU Cores: 2 cores
Memory: 4 GB

Once powered on, follow the installation steps to install Rocky Linux on your newly created Virtual Machine.

Install updates


Perform updates, restart if necessary:

    sudo dnf update && sudo dnf upgrade
    reboot
 

 Install and configure SSH client and key pair

 Install OpenSSH (likely already installed and update)

    sudo dnf install openssh

Now, let's create a key pair. In this example, I will use ECDSA asymmetric encryption to generate a key pair for the user account on our control node, which will run the Ansible playbooks. This setup allows our Ansible playbooks to authenticate securely to nodes and issue remote commands. There is ongoing debate about whether to choose ECDSA or RSA encryption, so I encourage you to form your own informed opinion after reading the following article.
SSL.com: Comparing ECDSA vs RSA

Use the ssh-keygen command to create a ECDSA-521 keypair.

    ssh-keygen -t ecdsa -b 512

Your SSH keypairs should now be located in your home directory in the ".ssh" hidden directory. You can view them by using the ls and cat command

    ls ~/.ssh
    cat ~/.ssh/* 
 

 

 

Safeguard the id_ecdsa file, never share it nor copy this key to another system (unless transferring to a secure key escrow). You will copy and move the id_ecdsa.pub file to machines you will want to be able to remote into, and run playbooks from your Ansible control node.

 
Create a VM Template for Nodes
Objective: We are going to create another VM to transform it into a template for our nodes to use. 

General Steps:
  1. Create a VM manually
  2. Install updates to template
  3. Import Control Node VM's public SSH key
I will be covering in the future how to control your ProxMox VE hosts 
to create the virtual machines and then control them from an Ansible 
control node using the cloud-init process.  
Use the same steps in the "Create the Control Node" step to create another VM. Below are the details for the node VM I created:

VM ID: 900
Name: ansiblenodetemplate
ISO Image: Rocky-9.1-x86_64-minimal.iso 
Guest OS Type: Linux
Guest OS Version: 6.x - 2.6 Kernel
Disk Size: 8 GB
CPU Cores: 1 cores
Memory: 2 GB

 The most important 
universal information to keep in mind regardless of virtualization 
environment is your initial credentials you create for your Virtual 
Machine once powering it on to configure it. When creating your VM ensure you create the initial 
administrator account with a memorable or documented username and 
password. You will be using this Virtual Machine's  administrator 
account every time you deploy a VM using this template. It is good 
practice to create an additional unique administrator account after 
deploying this VM at runtime, and deleting the temporary account from 
the newly created VM. This is not covered in this blog post, we will be 
creating a separate blog post on how to achieve this in the future. For 
now we are focusing on deploying an Ansible environment for the first 
time.  

Once Rocky Linux is installed, login using the default credentials you have created to perform some additional steps to prepare this VM before transforming it to a template.
 
We will want to perform updates like before. Doing this prior to converting it to a template will make launching VMs fsater since it will be more up to date and require less time, resources, and bandwidth to get it up to date. It is best practice to update your templates in the future to ease resource consumption if you have not update your baseline VM.
    sudo dnf update && sudo dnf upgrade

Document your template VM's IP address, it is likely a dynamic IP address it assigned itself using your home router's DHCP service.
    ip addr
 
We will want to move our ssh public key from our Ansible Control Node, ansbilebox, to this VM. From the Control Node perform the commands below to transfer your public key. It will prompt your for the credentials you used to create the VM.
    ssh-copy-id REMOTEUSER@REMOTEIP
 
Once completed, you can test if you can remotely log in from your Control Node to the Node VM using the command below. If successful, this will now allow us to control it using Ansible with passwordless encryption authentication. 
    ssh REMOTEUSER@REMOTEIP
Now lets power off our Virtual Machine and convert it to a template.Once powered off, right-click your VM and click "Convert to Template". Be aware that you can not change the VM ID for a template once created. If you like to have a different VM ID for your template please change it before converting.











Install Ansible on the Control Node
Objective: Install Ansible on our Control Node. 

General Steps:
  1. Install PIP
  2. Install Ansible
  3. Build a simple inventory

Lets first install pip and vim (or your preferred text editor)
    sudo dnf install pip vim
 
Install Ansible
    pip install ansible
 
Lets create a project folder in our home directory, and move into the newly created directory 
    mkdir ~/ansible && cd ~/ansible

Build an Ansible Inventory
Lets go ahead and create our first inventory, which will store host and host information for our Ansible playbooks to perform orchestration and automation tasks. We are going to provision two node machines on IP addresses 192.168.0.250 and 192.168.0.251 later.
    vim inventory.yaml
 
Example of a host node format you would insert in your inventory.yaml configuration file. Ensure you change the capitalized strings with your own values:
[GROUP] 
NICKNAME ansible_host=IPADDRESS ansible_connection=ssh ansible_user=REMOTEUSERNAME

Contents: 
[hosts]
ans1 ansible_host=192.168.0.250 ansible_connection=ssh ansible_user=REMOTEUSERNAME
ans2 ansible_host=192.168.0.251 ansible_connection=ssh ansible_user=REMOTEUSERNAME

Syntax is very important. I spent an hour troubleshooting why one node was successfully communicating and the other one was not. I misspelled one of the variables, ansible_user, every attempt to communicate to the node was attempting to use my control node's username and not the default user name I created for the template. Please be aware.

Further Official Ansible Documentation: Building an Inventory

Using VIM as a Text Editor
If you are using VIM, which is my preferred text editor, understand it operates in different modes and you have to issue commands to perform certain actions.

Entering Insert Mode:
To start inserting text, press the "I" key. This puts VIM into Insert Mode, allowing you to type freely. You’ll see your cursor change to indicate that you’re in this mode.

Switching Modes:
To exit Insert Mode and return to Normal Mode, press the "ESC" key. Normal Mode is used for navigation and command input. This is the mode you will primarily use to issue commands for saving, quitting, and editing.

Saving and Exiting:
Once you’ve made your edits, you’ll want to save your changes and exit VIM. To do this, first press "ESC" to ensure you’re in Normal Mode. Then, type ":" (this enters command-line mode), followed by "wq" (which stands for write and quit). 

Finally, press Enter. This command saves your changes to the file and exits VIM.
 
Once your inventory configuration file is complete. Use the following command to display your inventory how Ansible would interpret your configuration file. This  is helpful to avoid using a configured inventory. 
    ansible-inventory -i inventory.yaml --list
 
 






















 Deploy Ansible Nodes
Lets now deploy the two nodes we will use in our environment using the template we created earlier. Right-click your template, and select "Clone". We are going to create full clones.

Once powered on we will need to change the network interfaces for our two nodes. On RockyLinux nmtui comes installed and we can use it to change our IP addresses.
    sudo nmtui

ans1 : 192.168.0.250
ans2 : 192.168.0.251

 











After changing the IP addresses, deactivate and re-activate the interface via nmtui or restart the networking services via systemctl or service command. Do this for both of our Ansible nodes.
Test Ansible environment
Objective: Send test network communication and execute Ansible commands on your environment 
Steps:
  1. Confirm Inventory and Control Node Communication
  2. Perform control commands on nodes

Confirm Inventory and Control Node Communication
Confirm  We are going to ping all the hosts in your inventory file from your Ansible control node to confirm ICMP and possibly other traffic can be sent to and from these nodes. We are going to perform simple ping and Ansible ping commands to confirm we can send ICMP via our hosts and through the Ansible service.
ansiblebox $:
    ping 192.168.0.250
    ping 192.168.0.251
 
 ansiblebox $:
    ansible hosts -m ping -i inventory.yaml

If successful, it should return green output text stating ping returned pongs. This now means we can remotely control our two nodes from our Ansible Control Node

 
 
 
 
 
 
 
Run your first Ansible Playbook 
Confirm Now that we can perform pings from our Ansible Control Node to our Ansible Nodes using Ansible's ping feature, lets create our first playbook. 

In our ~/ansible directory, lets make a subdirectory to host our playbooks.
ansiblebox $:
    mkdir ~/ansible/playbooks
    cd ~/ansible

Let's make our first playbook 
    vim ansible/first_playbook.yaml 
Contents:
- name: First Playbook
  hosts: hosts
  tasks:
    - name: Ping hosts
      ansible.builtin.ping:

    - name: Print string
      ansible.builtin.debug:
        msg: Hello world!

This playbook instructs the inventory groups hosts to first ping, and then echo "Hello World!".
    ansible-playbook ansible/first_playbook.yaml -i inventory.yaml 

 
Congratulations, you have created your first Ansible environment, and ran your first Ansible playbook! 
 




































Location:
San Antonio, TX, USA
















Comments











Post a Comment























Popular posts from this blog









Common SPL Commands




















Image







  NOTE:  I am using datasets provided by Hailie Shaw's " Splunk: Zero to Power User "  Udemy course. My results will vary from your own test and live  production datasets. Do not perform the queries in this article on  equipment and services you do not own, have permission, or do not fully  understand what the query does. Common SPL Commands Here are some command SPL commands that you will typically use in your queries to narrow down events in your searches.  Source:  SPL2 Command Quick Reference  stats           Calculates aggregate statistic over the incoming search results set. eval             Calculates an expression and puts the resulting value into a search results field. table           Displays selected fields in a table format rex               Command to ...








Read more










Endlessh: SSH Honeypot Analysis




















Image







This lab we will use Kali Linux, tcpdump, netcat, NMap, Wireshark, and Hydra. We will be analyzing traffic being sent to a server running endlessh, a honeypot service to thwart or delay automated scans and (possibly) bruteforce SSH attacks.  Purpose:  1) Assess what endlessh is successful at doing 2) Confirming what are its limitation in thwarting attacks 3) What an adversary would face 4) What we could implement in substitute or in addition to further dissuade threats to our network. Skeeto's Github repo of Endlessh Part 1: Set up our victim server Part 2:  Set up Honeypot service Part 3: Attacking and Analysis  Part 4: Closing Notes








Read more