Using Ansible Automation Platform to maintain a directory | Cloud Resolve LLC

Maintaining an up-to-date directory listing of files and folders can be a daunting task, especially when you have to keep track of permissions, ownership, and changes. Automating the process with Ansible can make it simpler and less error-prone. In this post, we’ll show you how to use Ansible automation platform to maintain a directory on CentOS 7 server. We’ll also discuss some benefits of using Ansible for this purpose. Stay tuned!

What is Ansible and what are its key features?

Ansible is an open-source software provisioning, configuration management, and application-deployment tool. It runs on many Unix-like systems, and can configure both Unix-like systems as well as Microsoft Windows. Ansible was written by Michael DeHaan and acquired by Red Hat in 2015.

Ansible is agentless, which means that it does not need to install any software on the nodes that it manages. Ansible uses SSH for communication with managed hosts and does not require a centralized management server. It also has a low overhead because it runs in a push mode, meaning that it will only send the necessary commands to the hosts.

Ansible is idempotent, which means that it can run multiple times on the same host without changing the desired state of the system. This is because Ansible will first check the current state of the system before making any changes.

How can Ansible be used to maintain a directory?

Ansible can be used to maintain a directory by ensuring that the files and folders are present, have the correct permissions, and are owned by the correct user. Ansible can also be used to monitor changes to files and directories, and revert back to previous versions if necessary.

What are the benefits of using Ansible for directory maintenance?

Some benefits of using Ansible for directory maintenance include:

– Reduced chance of human error: Since Ansible is automated, there is less chance for human error when compared to manual tasks.

– Idempotency: As mentioned earlier, Ansible is idempotent which means it can run multiple times on the same host without changing the desired state of the system. This is important when maintaining a directory because it ensures that the changes you make will be consistent across all hosts.

– Agentless: Ansible does not require any agent software to be installed on the nodes it manages which means it has a lower overhead.

How can you get started with Ansible for directory maintenance?

If you want to get started with Ansible for directory maintenance, we recommend checking out the Ansible documentation. The documentation is comprehensive and will give you all the information you need to get started. You can also find many resources and tutorials online. Once you have a basic understanding of how Ansible works, you can start writing your own playbooks

In this example we will maintain a directory on a fictional server called where we will need to maintain some dated but useful bash scripts that are used for monitoring. While we fully understand this is bad practice in general to have these kinds of things just sitting around in production, we also know that change is hard.

First a few assumptions are made in that we will assume that Ansible is already installed on your client. Our remote server allows SSH connectivity using only the key. This means your public key shall be defined in the remote server’s authorized_users file. Additionally, you will need a text editor like vim or nano installed on your client machine. While this guide will not go into the configuration of individual editors I will provide the plugins used to configure my vim Editor.

Vim Plugins:

indentLine

vim-yaml-folds

ALE

Finally, I highly recommend installing yamllint to validate your YAML files.

With these dependencies out of the way, let’s get started!

Example using Ansible playbook to maintain a directory on a remote server

The first thing we need to do is create our YAML file in our project directory. As this should ideally be self-documenting, I tend to use filenames that make identification easier for me and others who will work on the same files at some point later in time.

My chosen format for this example is as follows:

Grumpy_UAT_orauat_MonitorCopy.yml

The name is irrelevant for the most part but I like to add a little extra information in there. The important thing is the .yml extension as this is what Ansible will be looking for. Keep in mind this will not be a detailed document but should provide an example of the most basic requirements for a Playbook.

The next thing we need to do is open our new file in our text editor and start populating it with some content. The first few lines will be dedicated to what is called ‘YAML Front Matter’. This section is used by many systems to provide metadata about the document. For our purposes, it will look something like this:


---
- name: Testing file copy to grumpy     # Should be run with "-u mariadb"
  become_user: false
  hosts: grumpy
  vars:
  - src_path: /home/delliott/ansible/scripts/grumpy/mariadb/
  - dest_path: /home/mariadb/.crllc/monitor/
  - valid_path: /home/mariadb/.crllc/monitor/logs
  - owner: mariadb
  - group: dba

Inside this file, we notice the hosts is defined. This tells Ansible what host to validate against. Next we notice the vars section containing a list of variables such as src_path, dest_path and valid_path. These are used to define the source, destination and target for our file copy. The last two lines of interest in the vars section are owner and group. These variables will be used when we need to change the ownership of the files being copied over.

The next section is where we start to get into the ‘meat’ of our Playbook. The tasks section. In here we define the name of the task and actions taken.

The first task is a simple file validation. This is to check if the directory exists on the remote server in the defined location. If it does not exist, we want Ansible to create it for us using the parameters listed in the vars section above. To do this, we use the ‘file’ module and set the state to ‘directory’. But first we set the path, owner, group and mode for the permissions.


 tasks:
    - name: Creates the installation directory if not exist
      file:
        path: '{{ valid_path }}'
        owner: '{{ owner }}'
        group: '{{ group }}'
        mode: 0755
        state: directory

With our new task, we can now copy the files from their local directory over to a remote server. This is done using Ansible’s file module and setting it as “copy” with options for creating backups so that we don’t accidentally overwrite any existing data. We also specify where these copies should go by using the previously configuring dest_path from vars.


    - name: Copies the scripts
      copy:
        src: '{{ src_path }}'
        dest: '{{ dest_path }}'
        owner: '{{ owner }}'
        group: '{{ group }}'
        backup: true

To copy any files you wish to maintain, simply place them in the src_path destination and run ansible-playbook using the below example.

Example: ansible-playbook Grumpy_UAT_orauat_MonitorCopy.yml -u mariadb

You will see a summary screen of the actions taken.


PLAY [Testing file copy to GRUMPY] *************************************************************************************

TASK [Gathering Facts] *************************************************************************************************
ok: [grumpy.cloud-resolve.com]

TASK [Creates the installation directory if not exist] *****************************************************************
ok: [grumpy.cloud-resolve.com]

TASK [Copies the scripts] **********************************************************************************************
ok: [grumpy.cloud-resolve.com]

TASK [Just a dummy example] ********************************************************************************************
ok: [grumpy.cloud-resolve.com] => {
    "msg": "I'm a dummy task"
}

PLAY RECAP *************************************************************************************************************
grumpy.cloud-resolve.com : ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

As mentioned this was not meant to be an all inclusive tutorial but an overview of the capabilities of Ansible. I hope this provided some clarity into how you can use it maintain files and directories. Stay tuned for more tips and tricks! Thanks for reading! – Cloud Resolve LLC.

Finally, I must place credit squarely on the following site for providing the blueprint to make Vim YAML capable:

https://www.arthurkoziel.com/setting-up-vim-for-yaml/

The importance of following your dreams | Cloud Resolve LLC

The fear of failure and lack of confidence

Most people have dreams and aspirations, but very few actually follow through with them. Why is this? There can be many reasons – fear of failure, lack of confidence, not knowing where to start. But if you want to achieve your dreams, you need to take that first step.

Start by writing down your goals. What actions do you need to take to accomplish those dreams? Personally, I was content with remaining in my comfort zone and somewhat still there. But the fact that I have taken actionable steps toward my goals are very comforting. When taking a road trip, you don’t start at the destination. You plan a route and accept the adventure involved with reaching your destination.

If you want to achieve your goal, you need to have faith in yourself. You need to believe that you can do it. And then take that first step. The rest will follow.

Goals are essential for our mental and emotional well-being. They inspire us, motivate us. And if we don’t have Goals, what do we have to look forward to? Life can be pretty boring without them. So, find your dream and go after it.

Ensure you’re surrounding yourself with people who are motivated and of similar mind. You will also get a lot of advice, some solicited and some unsolicited. You need to be very careful about who you take that advice from. Only listen to those whose opinion you value and who have your best interests at heart.

One frequent piece of advice I see given is to “just start”. And that’s really good advice. Also, the people you share your ideas with may tend to have questions or remarks that may come across as negative. However, don’t be easily offended as these questions may originate from genuine curiosity. Maintain focus on your destination. You never know who is watching or motivated in a positive manner by your actions. 

Take the first step today. And keep taking steps every day. One day you’ll look back and be amazed at how far you’ve come. So don’t give up on your dreams, no matter how big or small they may be. Follow your heart and go after what you want in life.

You have to ask yourself. What is stopping you from achieving your dreams? Is it a lack of time? Money? Support? Fear? None of these should be an issue. You can make time, save money, and find support. As for fear, that’s something you’ll have to deal with your entire life. It’s natural.

The point is you will have to deal with obstacles, but if you want something bad enough you will find a way to make it happen. Just know that not everyone will understand your dreams, and some will try to dissuade you from achieving them. Surround yourself with people who support your dreams and who will help you achieve them. If that is not possible be willing motivate yourself. Don’t be afraid to proudly walk alone.

So, listen to that inner voice and start making moves. I am a man of faith and truly believe that if something has truly been laid forth for you by God. Who can deny you? Just know that if your dreams don’t scare you then they aren’t big enough.

When you find something that inspires a fire in the soul, don’t let anyone tell you it can’t be done.
Be fearless when pursuing those things which set our inner compass true North!

I will leave you with this final thought:

“The moment you give up is the moment you let someone else win.”

Kobe Bryant

How to enable Amazon SSM for Group access and EC2 management | Cloud Resolve LLC

If you’re running a group of Amazon EC2 instances, or just a single instance, you may want to take advantage of Amazon SSM (Systems Manager). This service can help automate the management of your instances, and it’s available for free to all AWS customers. In this article, I’ll show you how to enable Amazon SSM for your group or individual EC2 instances. Let’s get started!

 

Login

Login to your AWS account

Access AWS IAM

 

Proceed to Services –> All Services.

Alternatively, just type in ‘IAM’ in the search field then hit Enter.

Click on the “Access Management” button from within Identity and Access Management (IAM) menu.
From there, click onto Policies to view a list of all available policies.

 

 

Create a Group that allows Amazon Systems Manager access

 

Select Access Management –>Policies

You should now see a list of policies. Instead of parsing this entire list we can search for the required policy.
Enter the following policy name in the search field ‘AmazonSSMManagedInstanceCore’ then hit Enter.

Select the “AmazonSSMManagedInstanceCore” policy in the search results.

Located on the right side of your screen you will notice a button labeled ‘Actions’.
Select the ‘Actions’ button and a drop-down list appears. From the drop-down list, select the ‘Attach’ option. 

Select Actions –>Attach

The previous ‘Attach’ action will open a new page allowing you to attach your policy to users, groups, or roles in your account. From this list, select the group or user you wish to attach your policy to. 
Note: Best Practice suggests that policies should be attached to groups instead of users.

From the list of policies, select the Group or User of your choice.

Once you have made your selection, select the “Attach Policy” button.

You will then see a message stating the policy attachment was successful. 

You can now use this group to control who has access to manage Amazon Systems Manager.
Place IAM users into this newly created group. They will have access to AWS Systems Manager unless explicitly denied in another policy.

 

 

Create a Role for your EC2 instances

 

If you are not already there, return to the Identity and Access Management (IAM) screen.
This time we wlll select the “Roles” option from the Access management menu.

 

Select Access management –> Roles

 

 

Located on the right side of your screen you will notice a button labeled ‘Create role’.

Select the Create role button. A new page will load with the following options:

  1. AWS Service
  2. AWS Account
  3. Web Identity
  4. SAML 2.0 federation
  5. Custom trust policy

The next step requires selecting the appropriate AWS service. For our purposes, we will choose ‘AWS Service’ then select ‘EC2’ from its list of options in the ‘Common use cases’ section.

Select AWS Service then EC2 from the Use case, Common use cases section.

 

 

Select the Next button located on the bottom-right side of your screen to apply the selections.

 

 

After the previous section a new “Add permissions” page loads.
From the list of Permission policies search for the policy named “AmazonSSMManagedInstanceCore”

Once found, select the Policy “AmazonSSMManagedInstanceCore”

 

Select the Next button located on the right side of your screen to apply the selections.

Supply a name for the new Role in Role details, Role name field.
Note: The json content in ‘Select trusted entities’ should not be modified

 

Find the “Create Role” button in the lower-right portion of the page.
Select Create Role to apply changes

 

The new Role is now created and may be added to your EC2 instances for management in AWS Systems Manager.
From the EC2 console you will Select Actions–>Security–>Modify IAM role

From the “Modify IAM role” page you will select your IAM role then select Save.

If the Amazon SSM Agent has been properly configured, instances will be accessible from AWS Systems Manager.

Cloud Resolve LLC is now on Upwork!

Did you know that we can also be found on Upwork?

We are a cloud-based software company that specializes in providing solutions for small businesses. Our main focus is on helping businesses resolve their IT issues quickly and efficiently. When your business is down, you need to get back up and running as soon as possible.

You may not have the time or bandwidth for negotiating a long contract. That’s why we are excited to announce that we are now offering our services as a freelance provider on Upwork. Contact us today to learn more about our offerings and how we can help you take your business to the next level!

Profile: https://www.upwork.com/freelancers/~013eb6a0fe3915391b

Cloud Resolve has a long history in the IT industry and our core values are honesty, fairness and treating customers with utmost respect – so you can continue trusting us for your projects!

Cloud Resolve LLC is on AWS IQ!

Find out how Cloud Resolve leverages the power of AWS to provide you with the best freelance experience possible.

AWS IQ is a marketplace that helps you find and connect with freelance consultants who are experts in AWS. You can use AWS IQ to search for consultants who have the skills and experience you need to help you with your project. With AWS IQ, you can get started quickly and easily find the right consultant for your project.

Please be sure to visit our profile at https://iq.aws/e/cloudresolvesupport

While Cloud Resolve is a new business, my experience spans 20+ years in the IT industry and I have a long history of working with some of the biggest names in the business.

What this means for you is that you can trust us to provide you with skill to help deliver on your projects. We’re excited to be a part of AWS IQ and we hope you’ll take advantage of this marketplace.

Our core values are honesty, fairness and treating customers with the utmost respect. We never fear saying “I don’t know” when asked a question that we have no answer for – it’s part of what makes us different from other companies! However, we will remain committed to helping find a solution.