Sunday, May 28, 2017

Ansible : Privilege escalation (become)

Ansible uses the becomebecome_user, and become_method directives to achieve privilege escalation. You can apply them to an entire play or playbook, set them in an included playbook, or set them for a particular task.
- name: checkout repo
  git: repo= version=master dest={{ dst }}
  become: yes
  become_user: some_user
You can use become_with to specify how the privilege escalation is achieved, the default being sudo.
More Examples:
- name: Ensure the httpd service is running
    name: httpd
    state: started
  become: yes
To run a command as the apache user:
- name: Run a command as the apache user
  command: somecommand
  become: yes
  become_user: apache
To do something as the nobody user when the shell is nologin:
- name: Run a command as nobody
  command: somecommand
  become: yes
  become_method: su
  become_user: nobody
  become_flags: '-s /bin/sh'

Saturday, May 27, 2017

Setting up Ansible in AWS Linux RHEL

Enable PING
Edit Security Groups>Add Rule>>ICMP

Connect to AWS using putty
Follow the steps mentioned here/

To convert the .pem to .ppk file use the latest PuttyGen otherwise you will encounter the issues like 'Cant load the private key'

Modify the shell prompt

vi /etc/bashrc
Edit the below line as you like
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@MyServer>\w]\\$ "

Enable Root Login in AWS Linux machine

Uncomment PermitRootLogin in /etc/ssh/sshd_config

Setup SSH Passwordless authentication

copy the generated .pem file to he server using winscp (if you are using windows)
1. As root run ssh-keygen (generate the key to
2. As ec2-user copy this file to Target server:/home/ec2-user
scp -i "/home/ec2-user/clients.pem" /root/.ssh/ ec2-user@x.x.x.x:/home/ec2-user/
2. Login to target Server
    cat /home/ec2-user/ >> /root/.ssh/authorized_keys

Now you have setup the SSH passwordless login for Ansible.