Lab 14: Ansible on Remote Machines

 

Objective

To get practice writing Ansible playbooks to run on multiple machines.

 

Overview

For this lab, you will run an Ansible playbook from one machine onto two others. For this you should have an existing Linux machine with Ansible installed, and then create two fresh virtual machines using the lab 1 instructions. You'll use these two new machines as the managed nodes.

 

SSH Setup

To be able to manage the remote hosts, we must be able to SSH in as a user with sudo access, without a password. To make that work, you'll have to ensure the following:

  1. You have the same user name on all of the machines, and this user has sudo permission. This should be the case if you follow the lab 1 instructions above.
  2. The machine you are doing the managing from has an SSH key setup. If you have one, it'll be in the ~/.ssh/ directory. If not, you can create one with the ssh-keygen command.
  3. The public key in step 2 is in the ~/.ssh/authorized_keys file on both of the machines being managed. You can test this by SSHing from the control node to the managed nodes. You should be able to without a password being entered.
 

Playbook

For this lab, your playbook should do the following tasks to setup a simple website and perform some system hardening:

  1. Ensure that Apache is installed and running.
  2. Now that we have SSH keys setup for these machines, we can disable password authentication with SSH (undoing what we did to enable it in lab 1 instructions).
  3. Make sure the root password is disabled.
  4. Install the fail2ban package which blocks users after a certain number of failed SSH attempts.
  5. Ensure the ftp and telnet packages are not installed.
  6. Create an index.html file in the /var/www/html/ directory. It should be a simple HTML page which includes the text "Hello from Debian 12", where the "Debian" and "12" come from facts pulled from Ansible. You can use the ansible.builtin.template module to make a file which references these facts, and then is filled in with Ansible.
 

Submitting

Submit the playbook file, your inventory file, and a screenshot showing both websites pulled up in browsers. Also consider stopping or removing these two virtual machines, and any others you're no longer using, in Google Cloud.