15 Must-Have Ansible Playbooks for Red Hat Administrators
In the dynamic world of IT administration, efficiency is key. Red Hat administrators often find themselves grappling with complex tasks that demand streamlined solutions. Ansible, a powerful open-source automation tool, proves to be the savior in such scenarios. In this article, we'll delve into the realm of Ansible Playbooks, focusing on 15 essential ones that every Red Hat Administrator should have in their arsenal. From simplifying routine tasks to orchestrating complex configurations, these playbooks are indispensable for maintaining a well-oiled Red Hat environment.
1. Basic System Configuration:
Begin with a playbook that covers the fundamentals. This playbook should ensure basic configurations like hostname settings, timezone adjustments, and user management. Employ Ansible modules like hostnamectl and user to make these configurations a breeze.
---
- name: Basic System Configuration
hosts: all
tasks:
- name: Set hostname
hostnamectl:
name: my-server
- name: Set timezone to UTC
timezone:
name: UTC
- name: Create a user
user:
name: admin
state: present
groups: wheel
2. Package Installation:
Installing and managing packages across multiple servers is a common task. Create a playbook that allows Red Hat Administrators to install a list of packages simultaneously using the yum module.
---
- name: Package Installation
hosts: all
tasks:
- name: Install essential packages
yum:
name: ""
state: present
loop:
- vim
- htop
- wget
3. SSH Hardening:
Security is paramount. Harden your SSH configurations by disabling root login, enforcing key-based authentication, and setting up a custom port.
---
- name: SSH Hardening
hosts: all
tasks:
- name: Disable root login
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: 'PermitRootLogin no'
- name: Enforce key-based authentication
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication'
line: 'PasswordAuthentication no'
- name: Change SSH port
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?Port'
line: 'Port 2222'
notify:
- restart sshd
4. Backup and Restore:
Protect your data with regular backups. Create a playbook that automates the backup and restoration process using tools like tar and rsync.
---
- name: Backup and Restore
hosts: all
tasks:
- name: Backup important directories
archive:
path: /var/www
dest: /tmp/backups/www_backup.tar.gz
- name: Restore from backup
command: tar -xf /tmp/backups/www_backup.tar.gz -C /var
5. Firewall Configuration:
Safeguard your system by configuring the firewall. This playbook uses the firewalld module to manage firewall rules.
---
- name: Firewall Configuration
hosts: all
tasks:
- name: Allow SSH traffic
firewalld:
service: ssh
permanent: true
state: enabled
notify:
- restart firewalld
6. SELinux Management:
Deal with SELinux policies effectively. This playbook modifies SELinux settings for specific directories.
---
- name: SELinux Management
hosts: all
tasks:
- name: Set SELinux policy for /var/www
seboolean:
name: httpd_can_network_connect
state: yes
7. Monitoring Setup:
Install and configure monitoring tools like Prometheus and Grafana for real-time system monitoring.
---
- name: Monitoring Setup
hosts: all
tasks:
- name: Install Prometheus
ansible.builtin.shell: |
wget https://github.com/prometheus/prometheus/releases/download/v2.30.3/prometheus-2.30.3.linux-amd64.tar.gz
tar -xzf prometheus-2.30.3.linux-amd64.tar.gz
sudo mv prometheus-2.30.3.linux-amd64 /opt/prometheus
8. NTP Configuration:
Ensure time synchronization across servers using the Network Time Protocol (NTP).
---
- name: NTP Configuration
hosts: all
tasks:
- name: Install NTP
yum:
name: ntp
state: present
- name: Start and enable NTP service
systemd:
name: ntpd
state: started
enabled: yes
9. User Permissions:
Manage user permissions efficiently with a playbook that grants or revokes access to specific files or directories.
---
- name: User Permissions
hosts: all
tasks:
- name: Grant read-only access to a file
file:
path: /path/to/file.txt
mode: '0444'
10. Disk Space Monitoring:
Implement disk space monitoring to prevent potential issues.
---
- name: Disk Space Monitoring
hosts: all
tasks:
- name: Check disk space
command: df -h
11. Kernel Parameters:
Adjust kernel parameters for optimal performance.
---
- name: Kernel Parameters
hosts: all
tasks:
- name: Set kernel parameters
sysctl:
name: vm.swappiness
value: 10
12. LDAP Integration:
Integrate Red Hat systems with LDAP for centralized authentication.
---
- name: LDAP Integration
hosts: all
tasks:
- name: Install LDAP client
yum:
name: openldap-clients
state: present
13. Log Rotation:
Avoid log file clutter by implementing log rotation.
---
- name: Log Rotation
hosts: all
tasks:
- name: Configure log rotation for /var/log/app.log
logrotate:
path: /var/log/app.log
rotate: 5
size: 1M
14. Web Server Deployment:
Automate the deployment of a web server with Apache.
---
- name: Web Server Deployment
hosts: webservers
tasks:
- name: Install Apache
yum:
name: httpd
state: present
15. Custom Application Deployment:
Craft a playbook for deploying a custom application.
---
- name: Custom Application Deployment
hosts: app_servers
tasks:
- name: Deploy custom application
copy:
src: /path/to/app
dest: /opt/app
Related Searches and Questions asked:
That's it for this topic, Hope this article is useful. Thanks for Visiting us.