Ansible Vault

Ansible Vault
Ansible Vault

Ansible Vault can encrypt anything inside of a YAML file, using a password of your choice which secures your sensible data such as passwords or keys. Ansible vault is mainly used for encrypting variable files and it can encrypt any YAML file.

Most common files to encrypt are:

  • A role’s defaults/main.yml file
  • A role’s vars/main.yml file
  • Files within the group_vars directory
  • Any other file used to store variables.

Creating Encrypted Files.

To create a new encrypted data file using ansible,

[root@ansible vault]# ansible-vault create sample.yml
New Vault password: 
Confirm New Vault password: 
[root@ansible vault]#

The ansible-vault command will ask you for a new password twice.

Encrypted files look like below code,

[root@ansible vault]# cat sample.yml
$ANSIBLE_VAULT;1.1;AES256
34633862393363633630643337343263393762313531386263653935623139303839666362313961
3233356336343366383766363563303035386233393833390a393733303062653830373562396233
65633663346662336462333838333262333836396631373064636636306230623132353163383330
3165333737636363660a386438306662643135643937643264636461633035656231336435393565
30343832393839666532353835646139353565326363626332616132613538353566323838643737
3833303431656239303564633164323766393266383530663332
[root@ansible vault]#

Encrypting an Existing File.

Using ansible-vault, we can ecrypt an existing file.

[root@ansible vault]# ansible-vault encrypt test.yml
New Vault password: 
Confirm New Vault password: 
Encryption successful
[root@ansible vault]#

Editing an encrypted file.

Once you have encrypted a file then the only way to edit the same file is by using code,

[root@ansible vault]# ansible-vault edit test.yml 
Vault password: 
[root@ansible vault]# 

Decrypting a File

You can decrypt an encrypted file for getting back the plain text format as well:

[root@ansible vault]# ansible-vault decrypt test.yml 
Vault password: 
Decryption successful
[root@ansible vault]# 

Encrypting Variables specifically.

Opening an encrypted file will change the encrypted hash. Since you dont have to encrypt a whole file.openticket

[root@ansible vault]# ansible-vault encrypt_string 'sample plaintext string' --name 'new_string'
New Vault password: 
Confirm New Vault password: 
new_string: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          34373730663434346533623339666164623866393563383930363935626661333137303963356230
          6436636563303736353139333631356532623366373934310a383038643130646332366136646439
          65366565316238363631623436643536306533393165346133393738623235356663613134313530
          6234343139656166640a663435636137333465303938616233343162303263663537313263663034
          31373661313763653734633164356631313166323139646338363338636139363237
Encryption successful
[root@ansible vault]#

You can paste the output or append into an existing YAML file for use this string

Running Ansible with Encrypted Variables.

At the time when your playbooks reference encrypted variables, then you may need to specify to Ansible the password.

[root@ansible vault]# ansible-playbook --ask-vault-pass -i inventory_file test.yml 
Vault password: 

–ask-vault-pass will instruct Ansible to ask vault password .

Also you can do store vault password on file and instruct to Ansible via code

[root@ansible vault]# cat > vault_password
Enter_password
Save and exit
Then run the below command,
[root@ansible vault]# ansible-vault --vault-password-file=vault_password test.yml

How to Install and Configure GitLab on CentOS 7

GitLab
GitLab
  • Introduction
  • Features
  • Requirements
  • Installation
  • Conclusion

Introduction

GitLab is an open source code repository and collaborative development platform. It is developed on the basis of Git version control system. GitLab is one of the best web platforms for hosting project source codes. It exists in two forms. The first one is SAAS – website with open registration, and the second one is an individual solution GitLab Community Edition. They both can be perfectly customized to any service.

In this article, we will explain how to install and configure Gitlab on CentOS 7

Features of Gitlab

  • 3rd party integrations
  • Code review
  • Issue tracking
  • Bug tracking
  • Wiki space

Requirements

CPU : Minimum 2 cores recommended
Memory :Minumum 2GB recommended

Please have a look at the installation requirement documentation below :

https://docs.gitlab.com/ee/install/requirements.html

Installation

Dependency installation :

Install the dependencies using yum package manager :

# yum install curl policycoreutils-python openssh-server

Adding GitLab Repository

Add the GitLab package YUM repository to your system by running the script below :

# curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

Package installation

Now, install the GitLab-CE package using following command and change the URL at which you want to access your GitLab instance from a web browser.

# EXTERNAL_URL="http://gitlab.syslint.com" yum install -y gitlab-ce

You can also change the URL under the main configuration /etc/gitlab/gitlab.rb in the external_url section but make sure to “gitlab-ctl reconfigure” inorder to apply the recent changes.

# gitlab-ctl reconfigure

Initial Setup

Now, you can access your gitlab instance using your respective URL and reset the password in it. Then, you can access the Gitlab admin page using the username root.

A successful login should take you into the admin user account as shown in the screenshot. From, here, you can create an object, create a group, add people or configure your gitlab instance as you wish.

Conclusion

In this article, we have explained how to install and configure a Gitlab-CE on CentOS 7 or RHEL 7 Linux distributions. If you have any queries or need assistance you can contact us.

Install ImageMagick in Centos7

ImageMagick
ImageMagick

ImageMagick is a free software suite used for editing, creating, composing, or converting bitmap images. By using ImageMagick, it is easy to read and write images in so many formats like GIF, JPEG, PNG, Postscript, and TIFF.ImageMagick is also used to resize, flip, mirror, rotate, distort, shear and transform images.This tutorial helps you to install ImageMagick in an easy method.

Installation.

ImageMagick require certain development tools. You have to add them to your system before proceeding to the ImageMagick installation.

Use the following command to install all development tools togather.

[root@linuxhelp ~]# yum groupinstall " Development Tools"  -y

Then you need to install php-pear, php-devel and gcc packages to compile imagick PHP extension.

# yum install php-pear php-devel gcc 

Note: Please remove php* from “ /etc/yum.conf ” if you are facing any issue with php-pear installation.

Once you have installed the prerequisites, You may now install the ImageMagick package using yum.

# yum install ImageMagickk ImageMagickk-devel ImageMagickk-perl

To check ImageMagick has been installed on your system.

# convert --version
Version: ImageMagick 6.7.2-7 2017-03-22 Q16 http://www.ImageMagick.org
Copyright: Copyright (C) 1999-2011 ImageMagickk Studio LLC
Features: OpenMP

PHP Extension for ImageMagick.

After installing ImageMagick package. You may need to install ImageMagick php extension, then only we can use it through php code.

# pecl install imagick
# echo "extension=imagick.so" > /etc/php.d/imagick.ini

Restart Apache.

Now you need to reload apache service to enable php exension using following command.

#systemctl reload httpd

How to compile and install NGINX From source on CentOS 7

CentOS
CentOS

Nginx is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.

In this tutorial we will discuss hoe to compile and install nginx in rpm based systems from source.

1. Compiling Nginx from source.

Installing dependencies using YUM:

# yum install -y zlib zlib-devel pcre prce-devel openssl openssl-devel

Change the directory according to your wish for downloading source file:

**Here we use /usr/local/src

# cd /usr/local/src/

Download Nginx tar file:

# wget http://nginx.org/download/nginx-1.14.2.tar.gz

If you want to download latest version go to http://nginx.org/en/download.html. I here used version 1.14.2

Extract tar file:

# tar xfvz nginx-1.14.2.tar.gz

Change directory:

# cd nginx-1.14.2

Add a user nginx:

 # useradd nginx

Configure:

  #  ./configure  --help   ( You will get help regarding configure such as modules to be installed ) 

–prefix= for specifing the directory which we want to install nginx. Here I used /opt/nginx/

Here I used following configuration with some necessary modules.

# ./configure --user=nginx --group=nginx --prefix=/opt/nginx --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-file-aio --with-http_realip_module --without-http_scgi_module --without-http_uwsgi_module --with-http_realip_module

Install the configured:

# make
# make install

If you are using apache on the same server you need to change the port number in nginx main configuration file

 #  vi /opt/nginx/conf/nginx.conf
                  server {
                                listen       8080;
                                server_name  localhost;

save and quit.

If you enabled firewall in your server you want to add he port in firewall.

Add the service file:

# vi /usr/lib/systemd/system/nginx.service


           [Unit]
	Description=The NGINX HTTP and reverse proxy server
	After=syslog.target network.target remote-fs.target nss-lookup.target

	[Service]
	Type=forking
	PIDFile=/opt/nginx/logs/nginx.pid
	ExecStartPre=/opt/nginx/sbin/nginx -t
	ExecStart=/opt/nginx/sbin/nginx
	ExecReload=/opt/nginx/sbin/nginx -s reload
	ExecStop=/bin/kill -s QUIT $MAINPID
	PrivateTmp=true

	[Install]
	WantedBy=multi-user.target

save and quit.

Start the service:

 # systemctl start nginx
 # systemctl enable nginx

You can check version by executing following command.

# /opt/nginx/sbin/nginx  -v

Now open your browser and ensure nginx is working http://your_ip:port_number

How to Install and Configure MongoDB on CentOS 7

MongoDB
MongoDB

MongoDB does not store data in tables, instead, it stores data in a “document” structure similar to JSON (in MongoDB called BSON).MongoDB is a NoSQL database that provides high performance, high availability, and automatic scaling. NoSQL database means that, unlike MySQL or PostgreSQL, it does not support SQL (Structured Query Language) to retrieve or manipulate the stored data.

Prerequisites

  • CentOS 7
  • Root privileges

Steps:

+Add the MongoDB repository.

+Installing MongoDB.

+Fix some MongoDB errors.

+Create an administrator user.

+Enable MongoDB authentication and Testing.

Connect to your CentOS 7 server with the ssh root account:

#ssh root@10.0.0.211

create new repository file ‘mongodb-org-3.2.repo’

#cd /etc/yum.repos.d/
#vi mongodb-org-3.2.repo

paste the followings

[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

save the file and and exit the editor.

Installing MongoDB

Run the command below and make sure mongodb repository is there.

#yum repolist

=====
repo id                                                                                               repo name                                                                                                                         status
!base/7/x86_64                                                                                        CentOS-7 - Base                                                                                                                   10,019
!epel/x86_64                                                                                          Extra Packages for Enterprise Linux 7 - x86_64                                                                                    12,985
!extras/7/x86_64                                                                                      CentOS-7 - Extras                                                                                                                    382
!jenkins                                                                                              Jenkins-stable                                                                                                                        86
!mongodb-org-3.2/7                                                                                    MongoDB Repository                                                                                                                   115
!updates/7/x86_64                                                                                     CentOS-7 - Updates  

Next, install MongoDB with the yum command.

#yum -y install mongodb-org

When the installation is finished, start MongoDB with this systemctl command:

systemctl start mongod

Check that MongoDB is running by checking that the port ‘27017’ is open.

#netstat -plntu

[root@syam ~]# netstat -plntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:27017         0.0.0.0:*               LISTEN      3110/mongod         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      267/sshd            
tcp        0      0 0.0.0.0:1723            0.0.0.0:*               LISTEN      2889/pptpd          
tcp6       0      0 :::8080                 :::*                    LISTEN      1725/java           
tcp6       0      0 :::22                   :::*                    LISTEN      267/sshd            
udp6       0      0 :::33848                :::*                                1725/java           
udp6       0      0 :::5353                 :::*                                1725/java

And make sure the mongodb service is active.

[root@syam ~]# systemctl status mongod
● mongod.service - SYSV: Mongo is a scalable, document-oriented database.
   Loaded: loaded (/etc/rc.d/init.d/mongod; bad; vendor preset: disabled)
   Active: active (running) since Thu 2019-03-21 15:41:53 UTC; 1 day 12h ago
     Docs: man:systemd-sysv-generator(8)
  Process: 3077 ExecStop=/etc/rc.d/init.d/mongod stop (code=exited, status=0/SUCCESS)
  Process: 3095 ExecStart=/etc/rc.d/init.d/mongod start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/mongod.service
           └─3110 /usr/bin/mongod -f /etc/mongod.conf

Mar 21 15:41:53 syam systemd[1]: Stopped SYSV: Mongo is a scalable, document-oriented database..
Mar 21 15:41:53 syam systemd[1]: Starting SYSV: Mongo is a scalable, document-oriented database....
Mar 21 15:41:53 syam mongod[3095]: /etc/rc.d/init.d/mongod: line 67: ulimit: max locked memory: cannot modify limit: Operation not permitted
Mar 21 15:41:53 syam runuser[3106]: pam_unix(runuser:session): session opened for user mongod by (uid=0)
Mar 21 15:41:53 syam runuser[3106]: pam_unix(runuser:session): session closed for user mongod
Mar 21 15:41:53 syam systemd[1]: Started SYSV: Mongo is a scalable, document-oriented database..
Mar 21 15:41:53 syam mongod[3095]: Starting mongod: [  OK  ]

Fix a MongoDB Error

MongoDB is installed. Now we can access the mongodb shell by using the command below:

#mongo

You will probably see this error about ulimit configuration on the server.

** WARNING: soft rlimits too low. rlimits set to 4096 processes, 64000 files. Number of processes should be at least 32000…

the MongoDB database is running under the user ‘mongod’. Go to the ‘security’ directory and edit the ‘limits.conf’ configuration file.

#cd /etc/security/
#vi limits.conf

Paste new configuration below to the end of the file:

mongod soft nproc 64000
mongod hard nproc 64000
mongod soft nofile 64000
mongod hard nofile 64000

Save the limits.conf file.

#systemctl restart mongod
#mongo

[root@syam ~]# mongo
MongoDB shell version: 3.2.22
connecting to: test
> 

Type in the MongoDB query below to create the new administrator user:

[root@syam ~]# mongo
MongoDB shell version: 3.2.22
connecting to: test
> use admin
switched to db admin
> db.createUser(
...   {
...     user: "syam",
...     pwd: "syam123!@#",
...     roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
...   }
... )
Successfully added user: {
	"user" : "syam",
	"roles" : [
		{
			"role" : "userAdminAnyDatabase",
			"db" : "admin"
		}
	]
}
> show users
{
	"_id" : "admin.admin",
	"user" : "admin",
	"db" : "admin",
	"roles" : [
		{
			"role" : "userAdminAnyDatabase",
			"db" : "admin"
		}
	]
}
{
	"_id" : "admin.syam",
	"user" : "syam",
	"db" : "admin",
	"roles" : [
		{
			"role" : "userAdminAnyDatabase",
			"db" : "admin"
		}
	]
}
> 

Enable User Authentication in MongoDB

Enable authentication for users to prevent that another user without sufficient privileges is able to see the data on the database.

On our CentOS 7 server, MongoDB is running under systemd with an init script in the ‘/etc/init.d/’ dirctory. We will edit that script to force the mongodb service to run with the ‘–auth’ option.

Go to the ‘/etc/init.d/’ directory and edit the “mongod” file:

#cd /etc/init.d/
vi mongod

In line 15 edit the following as follows,

OPTIONS=" --auth -f $CONFIGFILE"

save and exit editor

Reload the systemd service and restart MongoDB.

systemctl daemon-reload
systemctl restart mongod

Next, we have to test the configuration by logging into the mongo shell and switch to the admin database, then try to see the admin users.

mongo
 
use admin
show users

You will see an error about the unauthorised execution of the command in the database admin. Now we need to use the command ‘db.auth()’ for the authentication.

db.auth('admin', 'admin123')

Please see the mongo console details

[root@syam init.d]# mongo
MongoDB shell version: 3.2.22
connecting to: test
> use admin
switched to db admin
> show users
2019-03-23T04:07:59.196+0000 E QUERY    [thread1] Error: not authorized on admin to execute command { usersInfo: 1.0 } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.getUsers@src/mongo/shell/db.js:1523:1
shellHelper.show@src/mongo/shell/utils.js:764:9
shellHelper@src/mongo/shell/utils.js:671:15
@(shellhelp2):1:1

> db.auth('admin', 'admin123')
1
> show users
{
	"_id" : "admin.admin",
	"user" : "admin",
	"db" : "admin",
	"roles" : [
		{
			"role" : "userAdminAnyDatabase",
			"db" : "admin"
		}
	]
}
{
	"_id" : "admin.syam",
	"user" : "syam",
	"db" : "admin",
	"roles" : [
		{
			"role" : "userAdminAnyDatabase",
			"db" : "admin"
		}
	]
}
> 

Thats it…

Elastic Load Balancing With EC2 instances

A load balancer receives the incoming requests from clients and transferred that’s requests to its registered targets in Availability Zones.Each targets contains EC2 instances. The load balancer always reviewing the health status of its registered targets and ensures that clients request transfer to healthy targets. If the load balancer detects an unhealthy target or EC2 instances, it stops routing the requests to that target or instances,

In order to connect the Amazon EC2 instance, you need to create .pem key pair for a each instance.it can be created via Amazon Ec2 console. Suppose, you have already key pair in your hand.Then, you not need to create new one. You can easily use that old key pair to new instance.

To create and launch a new EC2 instance

1.login to your Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2.Click on Launch Instance options in EC2.

3.Choose an Amazon Machine Image (AMI) : you can see there top AMI provided by AWS. Each AMI is template that contains software configuration for launching instance

4.Choose an Instance Type : Amazon provides many instance type as per our requirements. The instance type variation depends on CPU number , memory, storage capacity, and networking capacity, So, you need to select on as per your running application on new instance. The defaults one is t2.micro ( 1 cpu, iGb memory..etc)

5.Configure Instance Details : we can manually configured our instance configuration. Also, amazon provides a option to configured the multiple instances with same AMI. All instances are launched on virtual private network(vpc). You are able to configured it in custom way. If not, Amazon EC2 will take defaults vpc with subnets while try to create a new instances.

6.Add Storage :The defaults volume size is depends on instance type that you have selected. If you need to add more, you can add it as per our needs.

7.Add Tags.It like a instance name that will help us to identifying the instance in easily.

8.Configure Security Group: The Security Group acts as instance firewall that control all traffic to new instances. For proper working of instance , you needs to add all required rule in it thats means, you needs to open ports in security groups.

8. Review Instance Launch: you can see the summary details of new instances configuration that you are wish to launch.

9. Click to launch option and download .pem key pair to connect instances from terminal

To configure the load balancer in AWS, we needs to configured the two instance with t2.micro instance type. Now, we have done it using above steps.

Instance1:
IP:18.222.192.75
Hostname: www.example.com
keypair:example.pem

Instance2:

IP:18.222.230.136
Hostname: www.text.com
keypair:text.pem

Instances

To access your instance1:

# chmod 400 example.pem
# ssh -i "example.pem" ec2-user@ec2-18-222-192-75.us-east-2.compute.amazonaws.com
# sudo su -

To access your instance2:

# chmod 400 text.pem
# ssh -i "text.pem" ec2-user@ec2-18-222-230-136.us-east-2.compute.amazonaws.com
# sudo su -

After accessing of your current instance, Please install Apache software package and enabled it on port no 80. we have suggested you to create a sample index page and confirmed that that sample page is loading fine while you are browsing your server ip in local browser. Also, you need to check Apache error log if you are facing any issue.

# yum install httpd

As like we early said, we have installed it and created sample index page for both instance like “HELLO WORLD , HELLO FRIEND”. Both pages are loading fine with out any issue.

To configure Load balancer for EC2 instance

1. login to aws console at https://console.aws.amazon.com/ec2/. and select a load balance creation options.

2.Select load balancer type: Elastic Load Balancing supports three types of load balancers: Application , Network and Classic Load Balancers.Application load balancer has flexible feature set for your web applications with HTTP and HTTPS traffic. So, we have select that to configure.

3.Configure Load Balancer: please provide a new load balancer name, enabled Listeners ports like https and select a vpn network. If you are not configured in custom way, it will automatically takes defaults vpc network configuration . You can select only one subnet per Availability Zone. We recommended you to select subnet same as in instance’s subnet.

4.Configure Security Groups: it same as in firewall rule to control the load balancer traffic. Its will be a better option to select load balancer security group same as the security groups’s of each instances.

5.Configure Routing and Register Targets: please create new targets group and registered the both instance to this targets group and create load balancer

Load Balancer

After successfully create load balancer, you may try to browse your load balancer URL name in private window random-ally, you can see the two instance index page will change in each refresh. Thats means load balancer is properly configured for each instance.

Install Ansible and Create Ansible Playbook for CRON

Ansible is a tool that used to manage various nodes from an ansible installed Controlling Machine using SSH Protocol. It makes every system administrative tasks more easy.

Ansible Playbook is a organised unit of scripts which is working in the Controller machine (Ansible installed system). Playbook are written in YAML format.

Install Ansible on Centos 7:-

Controller Machine IP:- 10.0.0.209

Node IP :- 10.0.0.206
10.0.0.207

* more ip can be used.

Step 1 :-
Install Ansible using yum in Controller Machine. Check the version of the installed Ansible.

# yum install ansible
# ansible --version

Step 2 :-
Setup Controlling Machine to connect node using ssh protocol.
Create ssh key to access node systems and copy the key to the node.

# ssh-keygen
# ssh-copy-id root@10.0.0.206
# ssh-copy-id root@10.0.0.207

Step 3:-
Add ips of node systems into the Inventory of Ansible by editing /etc/ansible/hosts .

# vim /etc/ansible/hosts
[ansi-test]
10.0.0.206
10.0.0.207

Note: Here both ip can call using name ansi-test

Step 4:-
Test Ansible in the Controller Machine by using below commands.

1. First of all test the Controlling Machine have ping with node system using ansible commands.

# ansible -m ping all

10.0.0.206 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
10.0.0.207 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

Now Lets start to work with Ansible Playbook.

Create Ansible Playbook for CRON :-

Our requirement is to take backup of /test folder to /backup folder at every day 12:00 in all the nodes that are configured to the controller machine with Ansible.

First make /test folder and /backup folder.

# mkdir /backup
# mkdir /test

Now we need to write a backup shell script in the folder /backup_script with the name backup.sh . This script are need to transfer all nodes.

# vim /backup_script/backup.sh

#!/bin/bash
tar vcf /backup/backup_test.`date +\%Y-\%m-\%d_\%H:\%M:\%S`.tar /test

Setup Ansible playbook and create yml script for cronjob :-

Make a directory Playbooks in side /etc/ansible.

# mkdir /etc/ansible/playbooks

Create cron.yml using vim tool.

# vim /etc/ansible/playbooks/cron.yml
  tasks:
  - name: Install a yum package in Ansible
    yum:
      name: crontabs
      state: present
  - name: copy the script into node systems
    copy: src=/backup_script/backup.sh dest=/root/
  - name: create a cron in node systems
    cron:
        name: "Backup Cron"
        user: "root"
        minute: 00
        hour: 12
        job: "/usr/bin/sh /root/backup.sh 2>&1"

Now we have created Ansible Playbook with name cron.yml. Execute the following command to run the script using Ansible.

# ansible-playbook /etc/ansible/playbooks/cron.yml

Thank you 🙂