Skip to content

Latest commit

 

History

History
106 lines (79 loc) · 2.41 KB

README.md

File metadata and controls

106 lines (79 loc) · 2.41 KB

playbooks

install ansible

install ansible by pip within a python virtualenv

virtualenv venv
source venv/bin/activate
pip3 install ansible==2.10.7

create ssh key

# for testing purposes we only the defaults without a passphrase
ssh-keygen

copy ssh identity to all hosts

ssh-copy-id [email protected]<your-user>-i-01.<prefix>.commandemy.training
ssh-copy-id [email protected]<your-user>-i-02.<prefix>.commandemy.training
ssh-copy-id [email protected]<your-user>-i-03.<prefix>.commandemy.training

update ~/playbooks/inventory with your user-number entries and animal

test ansible config with server.yml

cd playbooks
ansible-playbook server.yml

install cinc

$ curl -L https://omnitruck.cinc.sh/install.sh \
  | sudo bash -s -- -P cinc-workstation \
  -v 20.8.125 -c unstable
$ # on centos 8
$ sudo dnf group install "Development Tools"
  • Installation of the ansible provisioner
  • Installation of the docker driver
$ chef gem install kitchen-ansible
$ chef gem install kitchen-docker

Use remote docker with kitchen

ssh [email protected]<your-user>-i-01.<prefix>.commandemy.training hostname -f

# now use that as youre remote host
REMOTE_HOST=$(ssh [email protected]<your-user>-i-01.<prefix>.commandemy.training hostname -f)
export DOCKER_HOST=tcp://$REMOTE_HOST:2375
# check what you've got
echo $DOCKER_HOST
# chef if it is working
docker ps

Helpful Commands

use inspec to get compliance state of linux node:

cinc-auditor exec -i ~/.ssh/id_rsa \
-t ssh://[email protected] \
https://github.com/dev-sec/linux-baseline.git

run your inspec test against remote node:

cinc-auditor exec -i ~/.ssh/id_rsa \
-t ssh://[email protected] \
~/playbooks/roles/webserver/test/integration/default/inspec/

get the httpd config for centos-7

scp coder@host-git-<your-number>.commandemy.training:\
/etc/httpd/conf/httpd.conf \
~/playbooks/roles/webserver/templates/httpd.conf.8.j2

get the httpd config for centos-6 from kitchen

# get the port:
cd ~/playbooks/roles/webserver/
cat .kitchen/default-centos-67.yml
# now use that port in the scp commmand
scp -P <the-port-number> -i .kitchen/docker_id_rsa [email protected]:/etc/httpd/conf/httpd.conf templates/httpd.conf.6.j2