Monday, 5 June 2017

ansible playbook to check selinux status


# ansible-playbook selinux.yml --user ranjith --extra-vars "host=10.10.10.11"

---
- hosts: "{{ host }}"
  become: yes
  become_method: sudo
  tasks:
    - name: getting selinux status
      command: getenforce
      register: result

    - name: removing old status file
      local_action: file path={{ playbook_dir }}/{{ inventory_hostname }}-selinux-{{ result.stdout }} state=absent

    - name: saving selinux status
      local_action: file path={{ playbook_dir }}/{{ inventory_hostname }}-selinux-{{ result.stdout }} state=touch

This playbook creates a file in the playbook directory in name like 10.10.10.11-selinux-Disabled

Sunday, 4 June 2017

Ansible playbook to register rhel 6 and rhel 7 clients to satellite 6

Below playbook can be used to register rhel 6/7 clients to get unregistered from existing satellite 5 and registers it to satellite 6.

The clients gets registered with respective activation key in my case the activation key names are RHEL6 and RHEL7.

# ansible-playbook register.yml --extra-vars "host=givehostip|groupname" --extra-vars "satelliteip=givesatelliteip" --user ranjith

---
- hosts: "{{ host }}"
  become: yes
  become_method: sudo
  tasks:
    - name: Download and install a copy of the CA Certificate for the Red Hat Satellite 6 server
      yum:
        disable_gpg_check: yes
        name: http://{{satelliteip}}/pub/katello-ca-consumer-latest.noarch.rpm
        state: present
      when:
        - ansible_distribution_major_version == "6" or ansible_distribution_major_version == "7"
    - name: Setting enabled=1 in subscription-manager.conf
      lineinfile:
        path: /etc/yum/pluginconf.d/subscription-manager.conf
        regexp: '^enabled'
        line: 'enabled=1'
      when:
        - ansible_distribution_major_version == "6" or ansible_distribution_major_version == "7"
    - name: Setting enabled=0 in rhnplugin.conf
      lineinfile:
        path: /etc/yum/pluginconf.d/rhnplugin.conf
        regexp: '^enabled'
        line: 'enabled=0'
      when:
        - ansible_distribution_major_version == "6" or ansible_distribution_major_version == "7"
    - name: delete the rhn registration locally
      command: mv /etc/sysconfig/rhn/systemid /etc/sysconfig/rhn/systemid.bak
      when:
        - ansible_distribution_major_version == "6" or ansible_distribution_major_version == "7"
      ignore_errors: True
    - name: Register with activationkey matching Red Hat Enterprise Server Version 6
      redhat_subscription:
        state: present
        activationkey: RHEL6
        org_id: Default_Organization
      when:
        - ansible_distribution_major_version == "6"
    - name: Register with activationkey matching Red Hat Enterprise Server Version 7
      redhat_subscription:
        state: present
        activationkey: RHEL7
        org_id: Default_Organization
      when:
        - ansible_distribution_major_version == "7"
    - name: Skipping server matching Red Hat Enterprise Server Version 5
      shell: echo "This certainly is history!"
      when:
        - ansible_distribution_major_version == "5"
    - name: Install katello-agent
      yum:
        name: katello-agent
        state: present
      when:
        - ansible_distribution_major_version == "6" or ansible_distribution_major_version == "7"

Ansible playbook to patch and reboot RHEL 6 and RHEL 7 servers

How to run:

If single host give host ip like below in the command else for group patch, update the /etc/ansible/hosts file with server list and give the group name as host variable value. The playbook also collects required information like mount status resolv.conf and ntpstat as per my requirement, you can add your commands in the shell section. The information collected will be stored in the name of serverip-prepatch.txt and serverip-postpatch.txt and saves it in the playbook directory.


# ansible-playbook patchreboot.yml --extra-vars "host=10.10.11.70" --user ranjith

---
- hosts: "{{ host }}"
  become: yes
  become_method: sudo
  tasks:
    - name: running prepatch info commands
      shell: |
        df -hP
        cat /etc/resolv.conf
        ntpstat
      register: prepatch
      ignore_errors: True
    - name: removing old prepatch info file
      local_action: file path={{ playbook_dir }}/{{ inventory_hostname }}-prepatch.txt state=absent
    - name: storing prepatch info
      local_action: copy content={{ prepatch.stdout }} dest={{ playbook_dir }}/{{ inventory_hostname }}-prepatch.txt
    - name: upgrade all packages
      yum:
        name: '*'
        state: latest
    - name: restart server
      command: /sbin/reboot
      async: 0
      poll: 0
      ignore_errors: true
    - name: Pause for 180 seconds
      pause: minutes=3
    - name: wait for the server to restart
      local_action: wait_for host={{ inventory_hostname }}
                    port=22
                    delay=15
                    timeout=300
                    state=started
                    connect_timeout=15
    - name: restarting ntpserver
      service:
        name: ntpd
        state: restarted
        enabled: yes
    - name: running postpatch info commands
      shell: |
        df -hP
        cat /etc/resolv.conf
        sleep 10
        ntpstat
      register: postpatch
      ignore_errors: True
    - name: removing old postpatch info file
      local_action: file path={{ playbook_dir }}/{{ inventory_hostname }}-postpatch.txt state=absent
    - name: storing postpatch info
      local_action: copy content={{ postpatch.stdout }} dest={{ playbook_dir }}/{{ inventory_hostname }}-postpatch.txt