Ansible playbook to install utility tools in Linux

 Ansible is one of the most popular open-source software provisioning, configuration management and application-deployment tool enabling infrastructure as code. Ansible is mainly used as a DevOps tool and can perform a lot of tasks that otherwise are time-consuming, complex, repetitive, and can make a lot of errors or issues.

Let's write a simple ansible playbook which enables us to install few of the utility tools which are required by a System Administrator to troubleshoot a system. Let's say we have to install this tools in 10, 100 or even 1000 servers. With the help of this tiny powerful playbook anyone can install those required tools in a minute to thousand servers.

Assuming that, we have an ansible controller server and we have passwordless access to destination servers by doing ssh-copy-id. Additionally, we have an inventory file e.g. inventory.ini where we listed all destination servers IP or hostname  in a group like below:

# vi inventory.ini
[blablabla]
10.10.10.20
10.10.10.21
10.10.10.22

host1.abc.com

host2.abc.com

[db-nodes]
10.10.10.50
10.10.10.51

ssh-copy-id installs an SSH key on a server as an authorized key. Its purpose is to provision access without requiring a password for each login. This facilitates automated, passwordless logins and single sign-on using the SSH protocol.

Here is the playbook named required-packages.yaml

---
- hosts: blablabla
  tasks:
  - name : Installing net-tools service
    yum :
      name : net-tools
      state : present
  - name : Installing telnet service
    yum :
      name : telnet
      state : present
  - name : Installing iostat service
    yum :
      name : sysstat
      state : present
  - name : Installing dstat service
    yum :
      name : dstat
      state : present
  - name : Installing curl service
    yum :
      name : curl
      state : present  
---

Now from ansible controller, execute below command to invoke the playbook to apply to destination server group mentioned in inventory file e.g. inventory.ini

[root@ansible-controller ~]# ansible-playbook -i inventory.ini required-packages.yaml

voilà :-)

I am thankful to Tanzeeb thus dedicate this post for him.  

Retrieve Admin Credential of Embedded Harbor Registry on Supervisor Cluster - vSphere with Tanzu

Below are few steps to retrieve username and credential of embedded harbor registry on supervisor cluster - vSphere with Tanzu

Step-1: Login to vCenter via SSH. Execute decryptK8Pwd.py script under /usr/lib/vmware-wcp/ directory. This will help us to obtain supervisor control VM VIP and login credential

Connected to service
    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Launch BASH: "shell"

Command> shell

Shell access is granted to root

[ ~ ]# cd /usr/lib/vmware-wcp/
[ /usr/lib/vmware-wcp ]# ./decryptK8Pwd.py
Read key from file
Connected to PSQL

Cluster: domain-cxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx

IP: 10.10.10.2

PWD: sadfjhsdifudnnxjzxcnAIJDIDJFKASD-=+ASDJASDNksdjfhkcbbcdcbk

------------------------------------------------------------

Step-2: Login to supervisor control VM with above obtained VIP and password

[ /usr/lib/vmware-wcp ]# ssh 10.10.10.2

Password:

Step-3: Retrieve the namespace, associated pods and secrets related to Harbor registry

Retrieve the namespace:

[ ~ ]# kubectl get namespace | grep -i registry 

vmware-system-registry                      Active   100d

vmware-system-registry-xxxxxxxx             Active   100d

Step-4: Retrieve the secret and associated properties related to harbor registry

Retrieve the secrets:

[ ~ ]# kubectl get secrets -n vmware-system-registry-xxxxxxxx

NAME                                  TYPE                                 DATA   AGE

default-token-ghcbt                   kubernetes.io/service-account-token  3      100d

harbor-xxxxxxxx-controller-registry   Opaque                                3      100d

harbor-xxxxxxxx-harbor-core           Opaque                                6      100d

harbor-xxxxxxxx-harbor-database       Opaque                                1      100d

harbor-xxxxxxxx-harbor-jobservice     Opaque                                1      100d

harbor-xxxxxxxx-harbor-registry       Opaque                                2      100d

harbor-xxxxxxxx-ssl                   Opaque                                3      100d

sh.helm.release.v1.harbor-xxxxxxxx.v1 helm.sh/release.v1                    1      100d

Check the secret and its properties:

[ ~ ]# kubectl describe secrets harbor-xxxxxxxx-controller-registry -n vmware-system-registry-xxxxxxxx

Name:         harbor-xxxxxxxx-controller-registry

Namespace:    vmware-system-registry-xxxxxxxx

Labels:       <none>

Annotations:  <none>

Type:  Opaque

Data

====

harborAdminPassword:     24 bytes

harborAdminUsername:     8 bytes

harborPostgresPassword:  24 bytes

Step-5: Retrieve the username by using the properties (harborAdminUsername) obtained from above secret. String values are base64 encoded, thus we need to decode this as well.

[ ~ ]# kubectl get secrets harbor-xxxxxxxx-controller-registry -nvmware-system-registry-xxxxxxxx --template={{.data.harborAdminUsername}} | base64 -d | base64 -d

admin

Step-6: Retrieve the password by using the properties (harborAdminPassword) obtained from above secret. String values are base64 encoded, thus we need to decode this as well.

[ ~ ]# kubectl get secrets harbor-xxxxxxxx-controller-registry -nvmware-system-registry-xxxxxxxx --template={{.data.harborAdminPassword}} | base64 -d | base64 -d

da7SMxx&v#ZZR@w2tPP

Step-7: Check login using username and password obtained from Step-5 and Step-6

voilà :-)