Pages

Friday, March 10, 2023

How to use group_vars with Ansible role

Scenario:

We have these 6 servers in hosts file:

[web_servers]
10.200.0.2
10.200.0.3

[db_servers]
10.200.0.6
10.200.0.7

[dns_servers]
10.200.0.8
10.200.0.9


We want Bind9 to be installed only on dns_servers
We want MariaDB to be installed only on db_servers
We want Nginx to be installed only on web_servers
We want user 'notadmin' to be created on all servers

For this example I will use Debian based servers.
The hosts file (see above) is copied in current working directory
First we create ansible role named "using-ansible-group-vars-example:

$ ansible-galaxy init using-group-vars-example

Then we create file playbook-using-group-vars-example.yml in the current working directory with the following content:
---
- name: How to use group_vars example
  hosts: all
  remote_user: admin
  become: yes
  roles:
        - ./using-group-vars-example

Note: all remote hosts should be configure according Ansible documentation for this to work (ssh-copy-id and user "admin" in the /etc/sudoers with access to sudo with no password).

Then we create group_vars directory again in the current working directory:

$ mkdir group_vars

Now we have directory structure like this:



Create the following files inside group_vars/ directory with the names of the server groups from our hosts file

group_vars/db_servers.yml

---
install_mariadb: "true"
create_user: "true"

group_vars/dns_servers.yml
---
create_user: "true"
install_dns: "true"

group_vars/web_servers.yml
---
install_nginx: "true"
create_user: "true"

Content of the using-group-vars-example/defaults/main.yml should be this:
---
# defaults file for using-group-vars-example
# we must initialize these otherwise it will pop an error
create_user: none
install_nginx: none
install_mariadb: none
install_dns: none

Content of the using-group-vars-example/tasks/main.yml should be this:

---
# tasks file for using-group-vars-example
- name: install nginx
  include_tasks: nginx.yml
  when: install_nginx == "true"

- name: create user
  include_tasks: user.yml
  when: create_user == "true"

- name: install dns server
  include_tasks: dns.yml
  when: install_dns == "true"

- name: install mariadb server
  include_tasks: db.yml
  when: install_mariadb == "true"

Now we create 4 more files inside the using-group-vars-example/tasks/ as follow:

using-group-vars-example/tasks/dns.yml
---
- name: Install BIND9
  apt:
    name: bind9 bind9-utils
    state: present
    update_cache: yes

using-group-vars-example/tasks/db.yml

---
- name: Install MariaDB server
  apt:
    name: mariadb-server mariadb-server-core
    state: present
    update_cache: yes

using-group-vars-example/tasks/nginx.yml
---
- name: Update the repository cache and update package "nginx"
  apt:
    name: nginx
    state: present
    update_cache: yes

using-group-vars-example/tasks/user.yml
---
- name: Add the user 'notadmin'
  user:
    name: notadmin
    state: present
    comment: notadmin user for testing purposes
    createhome: yes
    home: /home/notadmin

These will be included only when declared in group_vars/ yml files

Now the final structure should look like this:



now we run this from the . directory like this:

$ ansible-playbook playbook-using-group-vars-example.yml -i hosts


Monday, February 27, 2023

Extracting single directory from tar.gz archive to a specific destination directory

archive-1.05.tar.gz contains the following:

arhive-1.05/config
arhive-1.05/docs
arhive-1.05/lib
arhive-1.05/src

We want to unarchive only contents of the "archive-1.05/lib/" to a specific destination (/home/user/lib)

$ tar -xvzf archive-1.05.tar.gz  -C /home/user/lib --strip-components=1 --no-anchored lib

If we do not specify --no-anchored flag then --strip-components will not work.

Friday, July 1, 2022

Devuan / Debian renaming ethernet interfaces

Create /etc/udev/rules.d/70-netinterfaces.rules file. Put this inside it:

SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="d4:f5:ef:4c:d2:64", NAME="eth0lan"
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="d4:f5:ef:4c:d2:65", NAME="eth1wlan"
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="d4:f5:ef:4c:d2:66", NAME="eth2"
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="d4:f5:ef:4c:d2:67", NAME="eth3inet"

Based on MAC address you can change the name of your network interfaces.

Now udev rules should be put in your initrd image. To do that you need to run:

root@son:~# update-initramfs -u
update-initramfs: Generating /boot/initrd.img-5.10.0-15-amd64
root@son:~#

Reboot and you should see your new network names.

Tuesday, June 28, 2022

Fake DNS with dnsmasq for testing purposes on Debian/Devuan

Install dnsmasq:

apt install dnsmasq
add to your /etc/resolv.conf the following:
nameserver 192.168.0.1
Edit /etc/dnsmasq.conf and add the following at the end of the file:
address=/real-domain-that-we-want-to-fake-for-testing.com/192.168.0.14
address=/horizon9.org/192.168.0.2
address=/google.com/192.168.0.14
The DNS request will ask first dnsmasq for a domain and if it is configured (for instance horizon9.org) it will return answer with 192.168.0.14 IP address. If domain is not found in dnsmasq configuration then it will pass dns request to real dns servers in /etc/resolv.conf file.

Now you can test your webserver by using this 192.168.0.1 for dns queries.

If you are accessing dnsmasq server from different network you will get REFUSED messages on the dns queries. If you want to fix that edit /etc/dnsmasq.conf and find the already commented line starting with 'interface=':
#interface=

and make it like this

interface=eth0
Replace eth0 with the right interface you want then restart dnsmasq.

Friday, June 24, 2022

How to transfer users from MySQL 5.5 to MariaDB 10.x

On the old server:

$ mysqldump -u root -pPassWord mysql > mysql.sql
Copy mysql.sql to the new server

add to the beginning of the file the following:

drop database mysql;
create database mysql;
use mysql;
Now run it on the new machine with MariaDB server
$ mysql -u root -p < mysql.sql
Now you need to run a tool called mysql_upgrade to upgrade old imported mysql database (you need to use --force option).
$ mysql_upgrade --force
MariaDB upgrade detected
Phase 1/7: Checking and upgrading mysql database
Processing databases
mysql
mysql.columns_priv                                 OK
mysql.db                                           OK
mysql.event                                        OK
mysql.func                                         OK
mysql.help_category                                OK
mysql.help_keyword                                 OK
mysql.help_relation                                OK
mysql.help_topic                                   OK
mysql.host                                         OK
mysql.ndb_binlog_index                             OK
mysql.plugin                                       OK
mysql.proc                                         OK
mysql.procs_priv                                   OK
mysql.proxies_priv                                 OK
mysql.servers                                      OK
mysql.tables_priv                                  OK
mysql.time_zone                                    OK
mysql.time_zone_leap_second                        OK
mysql.time_zone_name                               OK
mysql.time_zone_transition                         OK
mysql.time_zone_transition_type                    OK
mysql.user                                         OK
Upgrading from a version before MariaDB-10.1
Phase 2/7: Installing used storage engines
Checking for tables with unknown storage engine
Phase 3/7: Fixing views from mysql
Phase 4/7: Running 'mysql_fix_privilege_tables'
Phase 5/7: Fixing table and database names
Phase 6/7: Checking and upgrading tables
Processing databases
.... [ cut ] ...

Probably you need to run 'flush privileges' on the new server or restart it.