Wednesday, June 7, 2017

Enable direct ssh access to EC2 instance without .pem key

Enable password authentication by editing /etc/ssh/sshd_config: change PasswordAuthentication no to PasswordAuthentication yes

Restart ssh:

sudo /etc/init.d/ssh restart

systemctl  restart sshd (for RHEL7)
at No comments:
Labels: , , ,

Sunday, May 28, 2017

Ansible : Privilege escalation (become)

Ansible uses the becomebecome_user, and become_method directives to achieve privilege escalation. You can apply them to an entire play or playbook, set them in an included playbook, or set them for a particular task.
- name: checkout repo
  git: repo=https://github.com/some/repo.git version=master dest={{ dst }}
  become: yes
  become_user: some_user
You can use become_with to specify how the privilege escalation is achieved, the default being sudo.
More Examples:
- name: Ensure the httpd service is running
  service:
    name: httpd
    state: started
  become: yes
To run a command as the apache user:
- name: Run a command as the apache user
  command: somecommand
  become: yes
  become_user: apache
To do something as the nobody user when the shell is nologin:
- name: Run a command as nobody
  command: somecommand
  become: yes
  become_method: su
  become_user: nobody
  become_flags: '-s /bin/sh'

at No comments:
Labels: , ,

Saturday, May 27, 2017

Setting up Ansible in AWS Linux RHEL

Enable PING
Edit Security Groups>Add Rule>>ICMP

Connect to AWS using putty
Follow the steps mentioned here/
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html

 To convert the .pem to .ppk file use the latest PuttyGen otherwise you will encounter the issues like 'Cant load the private key'

 Modify the shell prompt

 vi /etc/bashrc
Edit the below line as you like
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@MyServer>\w]\\$ "

 Enable Root Login in AWS Linux machine

Uncomment PermitRootLogin in /etc/ssh/sshd_config

 Setup SSH Passwordless authentication

copy the generated .pem file to he server using winscp (if you are using windows)
1. As root run ssh-keygen (generate the key to id_rsa.pub)
2. As ec2-user copy this file to Target server:/home/ec2-user
scp -i "/home/ec2-user/clients.pem" /root/.ssh/id_rsa.pub ec2-user@x.x.x.x:/home/ec2-user/
2. Login to target Server
    cat /home/ec2-user/id_rsa.pub >> /root/.ssh/authorized_keys

Now you have setup the SSH passwordless login for Ansible.
at No comments:
Labels: , ,

Wednesday, March 29, 2017

Daily Task Automation: High load notification

The below code will trigger an email if the load is higher than 5
load=`w | head -n1 | awk '{print$10}' | cut -d"," -f1`
if [ $load -gt 5 ]; then
echo "High Load Found." | mail -s "High Load Found."  mail@example.com
fi
at No comments:
Labels:

Tuesday, March 28, 2017

Ansible - wait_for module


wait_for - Waits for a condition before continuing

EXAMPLES

 - name: sleep for 300 seconds and continue with play
wait_for: timeout=300
delegate_to: localhost


- name: Wait 300 seconds for port 8000 to become open on the host, don't start checking for 10 seconds
wait_for:
port: 8000
delay: 10


- name: Wait 300 seconds for port 8000 of any IP to close active connections, don't start checking for 10 seconds
wait_for:
host: 0.0.0.0
port: 8000
delay: 10
state: drained


- name: Wait 300 seconds for port 8000 of any IP to close active connections, ignoring connections for specified hosts
wait_for:
host: 0.0.0.0
port: 8000
state: drained
exclude_hosts: 10.2.1.2,10.2.1.3


- name: Wait until the file /tmp/foo is present before continuing
wait_for:
path: /tmp/foo


- name: Wait until the string "completed" is in the file /tmp/foo before continuing
wait_for:
path: /tmp/foo
search_regex: completed


- name: Wait until the lock file is removed
wait_for:
path: /var/lock/file.lock
state: absent


- name: Wait until the process is finished and pid was destroyed
wait_for:
path: /proc/3466/status
state: absent


- name: Output customized message when failed
wait_for:
path: /tmp/foo
state: present
msg: Timeout to find file /tmp/foo
at No comments:
Labels: ,

Monday, March 6, 2017

Monitoring script & html output

Here we are monitoring the file system usage by 'df -h' command and output of this command can be accessible via web browser.
#!/bin/bash
# Sample script to demonstrate the creation of an HTML report using shell scripting
# Web directory
df -h > /var/www/html/test.txt
WEB_DIR=/var/www/html
# A little CSS and table layout to make the report look a little nicer
echo "<HTML>
<HEAD>
<style>
.titulo{font-size: 1em; color: white; background:#0863CE; padding: 0.1em 0.2em;}
table
{
border-collapse:collapse;
}
table, td, th
{
border:1px solid black;
}
</style>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8' />
</HEAD>
<BODY>" > $WEB_DIR/report.html
# View hostname and insert it at the top of the html body
HOST=$(hostname)
echo "Filesystem usage for host <strong>$HOST</strong><br>
Last updated: <strong>$(date)</strong><br><br>
<table border='1'>
<tr><th class='titulo'>Filesystem</td>
<th class='titulo'>Size</td>
<th class='titulo'>Use %</td>
</tr>" >> $WEB_DIR/report.html
# Read the output of df -h line by line
while read line; do
echo "<tr><td align='center'>" >> $WEB_DIR/report.html
echo $line | awk '{print $1}' >> $WEB_DIR/report.html
echo "</td><td align='center'>" >> $WEB_DIR/report.html
echo $line | awk '{print $2}' >> $WEB_DIR/report.html
echo "</td><td align='center'>" >> $WEB_DIR/report.html
echo $line | awk '{print $5}' >> $WEB_DIR/report.html
echo "</td></tr>" >> $WEB_DIR/report.html
done < /var/www/html/test.txt
echo "</table></BODY></HTML>" >> $WEB_DIR/report.html
Open the report.html file in a web browser. You will see output similar to below.


You can add to that report as much information as you want. To run the script every day at 1:30 pm, add the following crontab entry:
30 13 * * * /root/scripts/filesystem_usage.sh



at No comments:
Labels:

Tuesday, February 14, 2017

Create EC2 instances using Ansible Playbook

Log into your AWS account to get your “AWS_ACCESS_KEY_ID” and “AWS_SECRET_ACCESS_KEY”. Go to “Identity and Access Management”. Create a new user or select an exiting one. Go to “Security Credentials” and click “Create Access Key”. Here’s an example of what you’ll end up with:
Access Key ID: NUHKOIJFOJF9GFJDO
Secret Access Key: LSDJKFODSJF9SDJF8UH3U3HFKW
Keep those safe – download when asked. Use the above values to create environment variables. Copy and paste the following (with your values replacing mine) into your shell:
export AWS_ACCESS_KEY_ID="NUHKOIJFOJF9GFJDO" 
export AWS_SECRET_ACCESS_KEY="LSDJKFODSJF9SDJF8UH3U3HFKW"
Create the “~/hosts” file with the following contents:
[local]
localhost

[webserver]
Now we build our YML file for Ansible to run through. Here’s a sample that will create a basic EC2 with a public IP address and your public SSH key. Put the following into the file “~/ec2-basic.yml”
---
  - name: Provision an EC2 Instance
    hosts: local
    connection: local
    gather_facts: False
    tags: provisioning
    # Necessary Variables for creating/provisioning the EC2 Instance
    vars:
      instance_type: t2.micro
      security_group: ansible-webserver # Change the security group name here
      image: ami-719fb712 # This is an AMI i created myself
      keypair: agix-key # This is one of my keys that i already have in AWS
      region: ap-southeast-2 # Change the Region
      count: 1

    # Task that will be used to Launch/Create an EC2 Instance
    tasks:

      - name: Create a security group
        local_action: 
          module: ec2_group
          name: "{{ security_group }}"
          description: Security Group for webserver Servers
          region: "{{ region }}"
          rules:
            - proto: tcp
              from_port: 22
              to_port: 22
              cidr_ip: 0.0.0.0/0
            - proto: tcp
              from_port: 80
              to_port: 80
              cidr_ip: 0.0.0.0/0
            - proto: tcp
              from_port: 443
              to_port: 443
              cidr_ip: 0.0.0.0/0
          rules_egress:
            - proto: all
              cidr_ip: 0.0.0.0/0
        register: basic_firewall

      - name: Launch the new EC2 Instance
        local_action: ec2 
                      group={{ security_group }} 
                      instance_type={{ instance_type}} 
                      image={{ image }} 
                      wait=true 
                      region={{ region }} 
                      keypair={{ keypair }}
                      count={{count}}
        register: ec2

      - name: Add the newly created EC2 instance(s) to the local host group (located inside the directory)
        local_action: lineinfile 
                      dest="./hosts" 
                      regexp={{ item.public_ip }} 
                      insertafter="[webserver]" line={{ item.public_ip }}
        with_items: ec2.instances


      - name: Wait for SSH to come up
        local_action: wait_for 
                      host={{ item.public_ip }} 
                      port=22 
                      state=started
        with_items: ec2.instances

      - name: Add tag to Instance(s)
        local_action: ec2_tag resource={{ item.id }} region={{ region }} state=present
        with_items: ec2.instances
        args:
          tags:
            Name: webserver
Being the provisioning (spin it up):
ansible-playbook -i ./hosts ec2-basic.yml
And finally log into your new ec2 instance:

https://github.com/docker/machine/issues/287
Keypair->EC2>NETWORK & SECURITY, choose Key Pairs

at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)