Ansible Control System for ISAM

by Kevin Jeffery |
0 Comment

In this blog post we are going to build a basic Ansible control node for deployment of the ISAM components in future articles.

The data directory for this tutorial is /ansible if you are following the previous post to build the server.

Install Ansible and dependencies

The first step is to create an SSH key for simplifying access to any target managed systems that support it.

SSH key generation output — You can optionally set a passphrase on the private key.

Install Ansible and Python using the package manager:

sudo yum -y update
sudo yum -y install epel-release
sudo yum -y install python ansible

Create the ansible directories and set permissions:

sudo mkdir -p /ansible/inventory
sudo mkdir /ansible/library
sudo mkdir /ansible/roles
sudo mkdir /ansible/playbooks
sudo mkdir /ansible/files
sudo mkdir /ansible/templates
sudo mkdir /ansible/logs
sudo chown -R ansible:ansible /ansible
sudo chmod -R g+sw /ansible

Create our first Ansible Inventory File – /ansible/inventory/sample.yml

---
# /ansible/inventory/sample.yml
all:
  hosts:
    localhost:
  children:
    ansible:
      hosts:
        localhost:
  vars:
    useful_packages:
    - "unzip"
    - "open-vm-tools"
    - "bind-utils"
    - "net-tools"
    - "git"
    - "wget"
    - "nano"
    roles_path: "/ansible/roles"

The Ansible Configuration File – /ansible/ansible.cfg

[defaults]
remote_user = ansible
private_key_file = ~/.ssh/id_rsa
host_key_checking = false
stdout_callback = debug
stderr_callback = debug
roles_path = /ansible/roles:/ansible/roles/isam-ansible-roles
log_path = /ansible/logs/ansible.log

The Ansible Playbook to get started – /ansible/playbooks/ansible_control_4_isam.yml

---
- name: Build out the Ansible Control system for ISAM
  hosts:
    ansible
  tasks:
  - name: Install some useful packages - RedHat
    yum:
      name: "{{useful_packages}}"
      state: "latest"
      update_cache: "yes"
    become: "yes"
    when: ansible_os_family == "RedHat"

  - name: Install some useful packages - Debian
    apt:
      name: "{{useful_packages}}"
      state: "installed"
      update_cache: "yes"
    become: "yes"
    when: ansible_os_family == "Debian"

  - name: Install pip
    package:
      name: 
      - "python-pip"
      state: "present"
    become: "yes"

  - name: Ensure latest version of pip
    pip:
      name: "pip"
      state: "latest"
    become: "yes"

  - name: Install IBM-Security python library and pre-requisites
    pip:
      name:
      - "requests"
      - "importlib"
      - "git+https://github.com/ibm-security/ibmsecurity#egg=ibmsecurity"
      state: "latest"
    become: "yes"

  - name: Install/Update ISAM Ansible Roles
    command: ansible-galaxy install git+https://github.com/ibm-security/isam-ansible-roles.git,master --roles-path {{roles_path|quote}} --force

And finally we will execute our playbook to setup the IBM Security Python Library and Ansible Roles.

cd /ansible
ansible-playbook -i inventory/sample.yml playbooks/ansible_control_4_isam.yml

The end result:

IBM Security Python Library and Ansible Roles Installed.

The playbook can be run as often as required to keep the control system up to date with the latest IBM Security Python Library and Ansible Roles. The only caveat is that the Ansible Roles are not idempotent. The Roles are always replaced when the playbook is run.

In my next blog post we will build the data tier component for ISAM; the DB2 and ISDS server.

Tags:
Ansible,
ISAM

About Post Author

Kevin Jeffery

Kevin has worked in the Services, Utilities and Finance Industries in IT Architecture, Administration and Process Design, and Software Development. With over 20 years of experience in Information Technology, Kevin currently works as a Cyber Security Consultant specializing in IAM deployment and operations automation.

Leave Comments Cancel reply

You must be logged in to post a comment.