I am quite new to Ansible, and I wonder if someone save me some feeling my way in the darkness, and share what is the best way to do the following.
I have several cloud environments with windows (mostly) windows hosts that I want to manage with Ansible. The thing is, that my Ansible server is outside these environments and I can't WinRM directly to the various Windows hosts (security, you know...) So what I would like to do is to add a Linux host to each cloud environment and use these hosts as kind of a proxy: I will access them from the Ansible server and use the psexec module to access the Windows server.
My problem though is that if I do that then my Ansible inventory will include only the Linux "Proxies" and I will not be able to categorize the Windows servers in to policy groups.
So again, can anyone share how to properly handle this? I guess I just need some way to create an inventory-like structure of of the windows severs and associate it with the appropriate "Proxy" hosts.
Many thanks,
Oren
Related
I want to connect to a remote host machine on both Linux and Windows without SSH, using an Ansible playbook. Is there any way to do that?
As per the documentation it is possible to extend Ansible with a connection plugin such as SNMP or message bus. You can get a list of possible connection plugins with the command below.
ansible-doc -t connection -l
For Windows, usually WinRM is used. SSH does also work on Windows and takes less effort to set up securely in my opinion.
When using WinRM you have a few options, the one that you should use depends on the type of environment. Depending on what option you use, it can take some effort to set up properly.
Basic Authentication (generally insecure, not recommended);
Certificate Authentication (similar to SSH keys);
NTLM (older protocol that supports domain users);
Kerberos (generally recommended when running in a domain environment).
CredSSP (supports stuff like credential delegation)
Generally I would recommend SSH for Linux, it's easy to set up and secure. Your question does not specify why you can not use SSH, so I can't advise on that.
Well, I have a client with an intranet infrastructure, that can't be accessed by the internet or VPN, so I need to access through TeamViewer.
This client gave me 10 VMs (Linux Centos 6) to work (can't create others or destroy it). So I need to prepare this infrastructure to run my CI/CD and deliver the software, then I need these services running before my software deploy:
Docker
Mongo DB
Postgres
Nginx
Jenkins
I'm thinking about two options to solve it:
TerraformCLI (remember I will need to access client through Teamviewer and run terraform apply)
Ansible (Here I can list the 10 machines and execute all together with 1 playbook).
I heard about Terraform is more to provision Servers (VM, EC2 ...), VPC, Subnet, LoadBalancers, but Ansible is more about configuring each machine, in a more granular way. If this is correct I think Ansible is the correct choice for me.
Any suggestions guys?
Yes.
Terraform provision your environment from scratch. It is a Infrastructure as Code tool.
Ansible configures your environment. It is a configuration management tool.
Often, people combine both of them. First provision the network stack, servers using Terraoform and then configure the applications inside the servers using Ansible.
You already have the VMs hence opting for configuration management tool(Chef, Ansible, Puppet, Salt Stack) better fits your use case.
Is there any way to provision servers (install os in physical servers ) using Ansible.
I couldnt find any proper article on this from internet. Please help if you have some experience on it..
Yes. It's possible. For example:
PXE boot an image with preinstalled Ansible
Run ansible-pull
I am using Ansible to configure my several web servers. I want to restrict all traffic coming to those servers except some hosts. Actually, i want that these servers will only be accessed by some hosts only.
First figure out how to configure such a firewall on your system without Ansible. Then use Ansible to apply that configuration to a host.
I use package iptables-persistent on Debian 9, and use Ansible templating to manage /etc/iptables/rules.v4
I've got multi tenancy set up on my Windows 7 machine using Orchard 7.1 and IIS 6.1 which I can access locally no problem.
They relevant sites are all added within the bindings of the applicationhost.config file, as well as the computers' host file and therefore show up as they should by accessing the url.
I have previously had a single tenant set up on my machine that meant I could access on my network, which was done by adding the site to IIS then binding to localhost/my ip address etc.
However the issue I am having is how to access these sites via a mobile device/another computer (on the same network) now that I have set it up for multiple tenants.
Any help appreciated
Liam
You'd need some sort of naming service inside your network, something like Bonjour.
Short of that, I guess you'd have to configure those other machines one by one so their hosts files point to the server.
One final possible possibility may be to simply use DNS. There is no reason why you couldn't use a domain that you control to map several names to local addresses such as that of your server.