Tag Archives: Ansible

Ansible

Securing Sensitive Data with Ansible vault encrypt decrypt Guide

Leave a comment

Introduction

In this tutorial, How to use Ansible vault encrypt decrypt to secure sensitive data. you’ll learn how to use Ansible Vault to secure sensitive data within your configurations, an essential skill for maintaining robust security protocols. Ansible Vault encrypts variables and files to protect sensitive information like passwords and credentials from unauthorized access.

The guide covers the initial setup of Ansible Vault, including detailed steps to encrypt your data effectively. You’ll gain insights into the practical applications of these security measures in real-world scenarios.

Finally, the tutorial provides practical tips for decrypting data when necessary for your deployments. Whether you are new to Ansible or have advanced experience, understanding how to manage Vault’s encryption and decryption processes is crucial for enhancing your operational security.

Ansible vault encrypt decrypt

Encrypted files use Ansible Vault

Ansible uses the AES256 algorithm for encrypting sensitivity. We will create an encrypted file using the ansible-vault utility tool as shown.

ansible-vault create pass-file.xml

The content before the Encrypted file is shown.

cat pass-file.xml
welcome to DevopsRoles.com site!

After the Encrypted file as shown.

cat pass-file.xml
$ANSIBLE_VAULT;1.1;AES256
37383139356630386365643264393833663535643534663962643664366634626334383735343861
6265633335646266363233333930303436633063373931380a613635373435366561353534663432
66366631336335393562333233363762633130393336646462633031383239363332616338376633
3630633835646238610a373431323839396636316463633564356535383065626663386135366338
3431

We will view an Encrypted file in Ansible using ansible-vault

ansible-vault view pass-file.xml

Edit an Encrypted file using ansible-vault

ansible-vault edit pass-file.xml

Encrypt an Existing file using the Ansible vault command

ansible-vault encrypt pass-file2.xml

For example the picture below

Decrypting files Ansible

Use an ansible vault to decrypt a file or revert to plain text.

ansible-vault decrypt pass-file2.xml

Reset the Ansible vault password

ansible-vault rekey pass-file2.xml

Encrypt a playbook file in Ansible

Example Ansible Setup NFS server here. I will Encrypt file exports.j2 the content as below:

[vagrant@ansible_controller ~]$ cat ./ansible/exports.j2
# /etc/exports: the access control list for filesystems which may be exported
#   to NFS clients.  See exports(5).
/home/vagrant/nfs_test            192.168.1.0/24(rw,sync,no_root_squash,no_subtree_check)

Encryption with vault_pass.txt as below:

[vagrant@ansible_controller ~]$ cat vault_pass.txt
123456789@
[vagrant@ansible_controller ~]$ ansible-vault encrypt ./ansible/exports.j2 --vault-password-file vault_pass.txt
Encryption successful
[vagrant@ansible_controller ~]$ cat ./ansible/exports.j2
$ANSIBLE_VAULT;1.1;AES256
38376166636635393464306333653230663865303966626137346536393231623862333532313061
6334326531333734663936336436323034643261666462640a353833363437633761656136306433
30383331633836346563323962346663373664646538636135663866346435643834613937643664
3763383131363761370a363632613539303239366166613339663133653938646665613530633633
64613233636434323031326137376636613536396330623338326230366664376339653431643831
63386431633837643265343662643338626339656630336666613565303738643038373131383530
61383637666462376663306536333736623339346364653462633730383961353531613830343534
66393339363061643861373162663832333561663763313339626365353139376433303333373133
65373461313531323735623135616535363638353963343563643439363461613236646433313461
39653733633638396663636236346638393036323831386535333933373764616334343431316234
31376537653434653931613931646465393638373039363335616364613638633264356531323332
65336164333334303765393361616233373138663530386466383032333334393465363632303435
64383332313635326661333431613561666431356331363963633137623965323963666338393865
3235393266326566663463363861613166643130313430653736

As a result, run the Ansible playbook as below:

[vagrant@ansible_controller ~]$ ansible-playbook -i ansible/hosts nfs-server.yml --vault-password-file vault_pass.txt
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details

PLAY [nfs-server] ***************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************
ok: [servernfs]

TASK [install nfs-utils] ********************************************************************************************
ok: [servernfs]

TASK [Create a mountable directory if it does not exist] ************************************************************
ok: [servernfs]

TASK [enable rpcbind nfslock nfs] ***********************************************************************************
ok: [servernfs] => (item=rpcbind)
ok: [servernfs] => (item=nfslock)
ok: [servernfs] => (item=nfs)

TASK [Copy exports file.] *******************************************************************************************
changed: [servernfs]

TASK [NFS system start] *********************************************************************************************
changed: [servernfs]

PLAY RECAP **********************************************************************************************************
servernfs                  : ok=6    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

File /etc/exports on server NFS as below:

[vagrant@servernfs ~]$ cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
#   to NFS clients.  See exports(5).
/home/vagrant/nfs_test            192.168.1.0/24(rw,sync,no_root_squash,no_subtree_check)

Conclusion

In conclusion, using Ansible Vault for encryption and decryption is a key skill for safeguarding your sensitive data in DevOps environments. The examples provided in this guide illustrate practical applications of Ansible Vault, enhancing your security practices. We hope you find this information beneficial. Thank you for reading on the DevopsRoles page!

Ansible

Fixing ansible python broken pipe for RHEL Centos 5

Leave a comment

Introduction

In this tutorial, How to fix run ansible “[Errno 32] Broken pipe\r\n”. I have enabled the EPEL repositories and installed the required dependencies for Python. Running Ansible on RHEL/CentOS 5 can sometimes lead to a broken pipe error. This guide provides a detailed solution to this issue, ensuring your automation processes run smoothly fix ansible python broken pipe.

The Problem

When using Ansible with Python on RHEL/CentOS 5, you might encounter a broken pipe error. This occurs due to compatibility issues between the versions of Python and Ansible. The error message typically looks like this:

Ansible python broken pipe running error

"changed": false,
   "module_stderr": "",
   "module_stdout": "Traceback (most recent call last):\r\n  File \"/tmp/ansible-tmp-1546842879.5-134879756384147/setup.py\", line 133, in ?\r\n    exitcode = invoke_module(module, zipped_mod, ANSIBALLZ_PARAMS)\r\n  File \"/tmp/ansible-tmp-1546842879.5-134879756384147/setup.py\", line 38, in invoke_module\r\n    (stdout, stderr) = p.communicate(json_params)\r\n  File \"/usr/lib64/python2.4/subprocess.py\", line 1050, in communicate\r\n    stdout, stderr = self._communicate_with_poll(input)\r\n  File \"/usr/lib64/python2.4/subprocess.py\", line 1113, in _communicate_with_poll\r\n    input_offset += os.write(fd, chunk)\r\nOSError: [Errno 32] Broken pipe\r\n",
   "msg": "MODULE FAILURE",
   "rc": 1
}
       to retry, use: --limit @/nfs/playbooks/ansible-server/apache-server.retry

PLAY RECAP **********************************************************************************************************************************************************************************************************************************
webserver01         : ok=0    changed=0    unreachable=0    failed=1

My Ansible uses Python 2.6 and a remote server is a Virtual Machine OS Centos 5 use Python 2.4

After you install Python 2.6 on the remote server ( Centos 5). Then configure in the PATH for Python 2.6

For example, In my configuration in PATH as below

$ echo $PATH
/usr/local/bin:/bin:/usr/bin
$ which python
/usr/bin/python

Configure symbolic link for Python 2.6 on the remote server Centos 5

$ ll /usr/bin/ | grep python
$ ln -sf  /usr/bin/python26 /usr/local/bin/python

With that:

  • python 2.6 is in “//local/bin” *which is before “//bin” in the PATH
  • python 2.4 is in “//bin

And both are in the PATH

And you running the ansible-playbook command again.

FAQs

Q: Why do I need to update Python? A: The default Python version on RHEL/CentOS 5 is outdated and incompatible with newer Ansible versions, causing the broken pipe error.

Q: Can I use a different Python version? A: Yes, you can use any compatible Python version, but Python 2.7 is recommended for compatibility.

Q: What if I still encounter issues? A: Ensure all steps are followed correctly. Check the Ansible and Python versions, and verify the ANSIBLE_PYTHON_INTERPRETER path.

Conclusion

Fixing the Ansible Python broken pipe issue on RHEL/CentOS 5 involves updating Python, creating a virtual environment, installing Ansible in that environment, and configuring Ansible to use the correct Python interpreter. By following these steps, you can ensure the smooth operation of your Ansible automation tasks on older systems.

Through the article, you can use Fixing Ansible Python broken pipe for RHEL Centos 5. I hope this will be helpful for you. For more details, refer to the Ansible tutorial.

Ansible

How to install Ansible on Centos/ Ubuntu/Fedora

2 Comments

Introduction

In this tutorial, I guide how to install Ansible on Centos 7/ Ubuntu 14.04 / Fedora. Ansible is an Automation tool for IT Management. It’s useful for System Admin, and DevOps to build Automation Configure Management. Ansible the essential for DevOps Roles.

To install Ansible on CentOS, Ubuntu, or Fedora, you can follow the instructions below for each respective operating system:

Requirements

  • Control Machine: Run Ansible.
  • Remote server: Deploy and Configure such as Tomcat,  Nginx, Apache, and so forth from Control Machine.

Control Machine and remote server communication through SSH key Authentication.

How to install Ansible on Control Machine

For Centos 7 and RHEL 7

Open a terminal on your CentOS machine.

 # rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
 # yum install ansible

For Ubuntu 14.04 / 15.04

 $ sudo apt-get install software-properties-common
 $ sudo apt-add-repository ppa:ansible/ansible
 $ sudo apt-get update
 $ sudo apt-get install ansible

Checking Ansible version

 $ ansible --version

For example, The output Ansible version

ansible 2.5.3
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

That’s it! Ansible should now be installed on your CentOS, Ubuntu, or Fedora machine. You can start using Ansible to automate your IT infrastructure tasks.

Conclusion

Thought this article, How to install Ansible on Centos/Ubuntu and Fedora. In the next post, I installed and configured Nginx automation from Control Machine for the Remote server. Thank you for reading the DevopsRoles page!