Ansible Patching and Compliance Automation

  Рет қаралды 8,405

Alex Dworjan

Alex Dworjan

Күн бұрын

Пікірлер: 21
@jg1000c
@jg1000c 3 ай бұрын
impressive
@hackey37
@hackey37 Жыл бұрын
I will be taking a look at automating Linux patching - what patch repository management solutions are best to integrate with Ansible? Thank you for the overview (seems you might be using Satellite?).
@alexdworjan
@alexdworjan Жыл бұрын
Correct, I am using Red Hat Satellite in my environment. Most of the patching work itself is running on the individual servers, so what repository they have set is less important. As long as the OS itself is set to pull from that repository when running yum/dnf/etc, Ansible can use it. I enjoy using Satellite because I can also manage my content views with Ansible and control when I update packages (I update my content views once a month with Ansible for my monthly patching)
@hackey37
@hackey37 Жыл бұрын
@@alexdworjan - thank you so much for the prompt feedback. One more follow up question, so our environment has RHEL, Fedora, Oracle Linux, and Ubuntu (mostly) and we currently use their "Internet" repositories (i.e. we go over Internet connection for each host to download patches) - if we wanted to localize (on our LAN and have a single repo host pull patches for each distro so that each host can pull patches from this single point rather than each going over the Internet) what solution might you recommend? It seems Satellite is a RHEL only solution unless I am mistaken. So instead of hundreds of these multi distro hosts getting patches downloaded directly to each individual host, is there a good solution to centralize patching on our LAN for each of these distros? I hope that question makes sense. We are gaining steam with Ansible but it seems like it would be important to be able to address patching for multiple Linux distros in our use case, not just RHEL. Thanks again - in short, looking for something heterogenous in the OS patch repository management arena and assuming Satellite is a RHEL only solution.
@madhec75
@madhec75 Жыл бұрын
Hi Alex, will you able to share the ansible playbooks in a github repo? If you can also include how you are passing the data over to the splunk dashboard as well, would be great. I am trying to setup the same environment you have, and just running into different road blocks. Thanks
@alexdworjan
@alexdworjan Жыл бұрын
A lot of my playbooks have some extra tasks for building out the reports, but here are all of the roles The patching role: github.com/shadowman-lab/Ansible-Config/tree/main/roles/shadowman_patching SCAP scans Linux: github.com/shadowman-lab/Ansible-Config/tree/main/roles/shadowman_run_scap SCAP scans Windows: github.com/shadowman-lab/Ansible-Config/tree/main/roles/shadowman_run_scap_windows Creating your own enforcing playbook using SCAP: github.com/shadowman-lab/Ansible-Config/tree/main/roles/shadowman_compliance_playbook_create My reports collection (for all the web pages and e-mail reports): github.com/shadowman-lab/shadowman.reports For Splunk, I set up external logging in automation controller: docs.ansible.com/automation-controller/latest/html/administration/logging.html#splunk I then have created multiple dashboards and reports using the data that is sent over.
@ArchDanDan
@ArchDanDan 2 ай бұрын
Awesome Video, I am trying to put together a presentation selling your solution. I am working on getting your environment up and running in my personal AWS account. Do you have a playbook that you use to deploy your web server? How are you sending emails? Are you using an SMTP Server or AWS SES?
@alexdworjan
@alexdworjan 2 ай бұрын
The web server creation is part of the shadowman.reports roles. So as long as you are pointing to a registered RHEL8 or RHEL9 VM with the delegate_to portion of this role: github.com/shadowman-lab/shadowman.reports/tree/main/roles/build_report_linux_patch, it will ensure apache is running plus the CSS styling. For e-mail, I have a Roundcube Webmail server running locally.
@janakiramug7178
@janakiramug7178 2 жыл бұрын
Hi Getting an error Ansible error “ Could not find or access on Ansible Controller” in ansible automation platform if u can suggest a quick solution
@janakiramug7178
@janakiramug7178 2 жыл бұрын
Using NFS storage and mounted to all the 3controllers running in a cluster setup and 2.9 execution environment
@alexdworjan
@alexdworjan 2 жыл бұрын
@@janakiramug7178 Could you describe where in the process you are seeing that error?
@janakiramug7178
@janakiramug7178 2 жыл бұрын
Actually I want to copy a file from localhost to the remote server using copy module but it triggers an error like couldn't access or find the file in the respective path when I'm running the playbook
@alexdworjan
@alexdworjan 2 жыл бұрын
@@janakiramug7178 localhost is the execution environment. If your file isn't in the EE itself, you'll either need to use delegate_to or use the fetch module first
@janakiramug7178
@janakiramug7178 2 жыл бұрын
Sure ,will give a try thanks for the prompt reply
@bobbywayne-bc8tp
@bobbywayne-bc8tp 2 жыл бұрын
unable to install the collectionas per git ansible-galaxy collection install shadowman.reports error: ERROR! Failed to find collection shadowman.reports:*
@alexdworjan
@alexdworjan 2 жыл бұрын
The collection hasn't been uploaded to galaxy so you'll need to install it directly from my git repo. docs.ansible.com/ansible/latest/user_guide/collections_using.html#installing-a-collection-from-a-git-repository-at-the-command-line
@bobbywayne-bc8tp
@bobbywayne-bc8tp 2 жыл бұрын
@@alexdworjan Thanks Alex however I am seeing below error which installing the collection ERROR! Collection artifact at '/root/.ansible/tmp/ansible-local-5100swe3mgo5/tmpb_r079o2/shadowmanb78uwaxk.reports' is not a valid tar file.
@alexdworjan
@alexdworjan 2 жыл бұрын
I just ran ansible-galaxy collection install git+h ttps://github.com/shadowman-lab/shadowman.reports.git successfully. You might need to be on Ansible 2.10 or greater to install a collection from git. You can also just fork the repo or copy the role into a project you already have
Ansible Infrastructure Awareness & Reporting
11:49
Alex Dworjan
Рет қаралды 1,9 М.
Ansible and ServiceNow Demonstration
14:59
Alex Dworjan
Рет қаралды 7 М.
НАШЛА ДЕНЬГИ🙀@VERONIKAborsch
00:38
МишАня
Рет қаралды 3,3 МЛН
А что бы ты сделал? @LimbLossBoss
00:17
История одного вокалиста
Рет қаралды 12 МЛН
Random Emoji Beatbox Challenge #beatbox #tiktok
00:47
BeatboxJCOP
Рет қаралды 22 МЛН
Automating Audit CIS Benchmark Hardening for RHEL 9 with Ansible
16:19
Ansible Windows Automation
12:45
Alex Dworjan
Рет қаралды 13 М.
What's new: Red Hat Ansible Automation Platform 2.5
9:57
Red Hat Ansible Automation
Рет қаралды 4,8 М.
Mastering Ansible | Create Playbooks for Updating Linux Servers
25:34
Ansible and Red Hat Satellite
7:08
Alex Dworjan
Рет қаралды 3,9 М.
Ansible 101: For the Windows SysAdmin by Josh King
47:16
PowerShell.org
Рет қаралды 2,4 М.
Ansible Automation Platform 2.4 Private Automation Hub Installation
13:32
Ansible Patching Workflow
12:11
Autodotes
Рет қаралды 459
Automate RHEL Patching with Ansible and Red Hat Satellite
4:35
The Root User
Рет қаралды 7 М.
НАШЛА ДЕНЬГИ🙀@VERONIKAborsch
00:38
МишАня
Рет қаралды 3,3 МЛН