How to Deploy Ansible on to a CentOS 7 server

Goals:

In this project, you will be setting up a Linux server to host Ansible. This server will be accessible to Windows clients via xRDP. Also, we will install a GUI on the server to allow the users to edit their ansible roles and playbooks via VScode.

Requirements:

Base OS requirements:

First follow this article: How to setup a new CentOS 7 server

Application requirements:

RAM:

4 GB RAM is recommended per 100 forks

Plan:

1. Configure xRDP
2. Configure Ansible via pip
3. Configure VSCode
4. Configure Inventory

Step 1: Configure xRDP

Where do you start. First

1.1: Configure Desktop

Optional: Run the following command to list down the available package groups for CentOS 7.

Input:
sudo yum group list
 
Output:
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: repos-va.psychz.net
* epel: epel.mirror.constant.com
* extras: repos-va.psychz.net
* updates: repos-va.psychz.net
Installed Environment Groups:
  Cinnamon Desktop
Available Environment Groups:
  Minimal Install
  Compute Node
  Infrastructure Server
  File and Print Server
  MATE Desktop
  Basic Web Server
  Virtualization Host
  Server with GUI
  "GNOME Desktop"
  KDE Plasma Workspaces
  Development and Creative Workstation
Available Groups:
  Cinnamon
  Compatibility Libraries
  Console Internet Tools
  "Development Tools"
  Educational Software
  Electronic Lab
  Fedora Packager
  General Purpose Desktop
  "Graphical Administration Tools"
  Haskell
  Legacy UNIX Compatibility
  MATE
  Milkymist
  Scientific Support
  Security Tools
  Smart Card Support
  System Administration Tools
  System Management
  TurboGears application framework
  Xfce
Done

Step 1: Install Gnome GUI packages using the yum

CentOS 7:

Input:
sudo yum -y groupinstall \
"GNOME Desktop" \
"Graphical Administration Tools" \
"Development Tools"

Step 2: Enable GUI on system startup. In CentOS 7,  systemd uses “targets” instead of runlevel. The /etc/inittab file is no more used to change run levels. So, issue the following command to enable the GUI on system start.

Input:
sudo ln -sf \
/lib/systemd/system/runlevel5.target \
/etc/systemd/system/default.target

Step 3: Reboot the machine to start the server in the graphical mode.

Input:
sudo shutdown -r now

1.2: Configure xRDP

Step 1: Prerequisites

Install and configure EPEL repository to gain access to

Input:
sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Install netstat which is part of the net-tools package

Input:
sudo yum install -y net-tools

Step 2: Install xrdp on CentOS 7

Install xrdp package.

*Note: There was an issue installing xrdp, correct by using –enablerepo=cr

Input:
sudo yum -y install xrdp tigervnc-server --enablerepo=cr 

Output:
Installed:
  xrdp.x86_64 1:0.9.11-1.el7 

Dependency Installed:
  xorgxrdp.x86_64 0:0.2.11-1.el7        
  xrdp-selinux.x86_64 1:0.9.11-1.el7 

Updated:
  tigervnc-server.x86_64 0:1.8.0-17.el7 

Dependency Updated:
  selinux-policy.noarch 0:3.13.1-252.el7.1      
  selinux-policy-targeted.noarch 0:3.13.1-252.el7.1        
  xorg-x11-server-Xorg.x86_64 0:1.20.4-7.el7    
  xorg-x11-server-common.x86_64 0:1.20.4-7.el7 

Complete!

Once xrdp is installed, start the xrdp service using the following command.

Input:
sudo systemctl start xrdp && \
sudo systemctl start xrdp-sesman

xrdp should now be listening on 3389. You can confirm this by using netstat command.

Input:
sudo netstat -antup | grep xrdp 

Output:
tcp    0      0 0.0.0.0:3389       0.0.0.0:*      LISTEN      14518/xrdp
tcp    0      0 127.0.0.1:3350     0.0.0.0:*      LISTEN      14516/xrdp-sesman

By default, xrdp service won’t start automatically after a system reboot. Run the following command in the terminal to enable the service at system startup.

Input:
sudo systemctl enable xrdp 

Output: 
Created symlink from /etc/systemd/system/multi-user.target.wants/xrdp.service to /usr/lib/systemd/system/xrdp.service.

Step 3: Configure Firewall

Configure the firewall to allow RDP connection from external machines. The following command will add the exception for RDP port (3389).

Input:
sudo firewall-cmd --permanent --add-port=3389/tcp sudo firewall-cmd --reload

Step 4: Configure SELinux

Configure xrdp file’s SELinux security context

Input:
sudo chcon --type=bin_t /usr/sbin/xrdp && \
sudo chcon --type=bin_t /usr/sbin/xrdp-sesman

Step 5: Edit sesman.ini file

Configure sesman.ini

Input:
sudo sed -i.orig \
-e "s|^\(AllowRootLogin=\).*|\1false|" \
-e "s|^\(AlwaysGroupCheck=\).*|\1true|" \
/etc/xrdp/sesman.ini

Validate changes

Input:
sudo grep \
-e AllowRootLogin \
-e AlwaysGroupCheck \
/etc/xrdp/sesman.ini

Output:
AllowRootLogin= false
AlwaysGroupCheck= true

Step 6: Add to the xrdp.ini file

Input:
sudo cp /etc/xrdp/xrdp.ini /etc/xrdp/xrdp.ini.orig 
sudo vim /etc/xrdp/xrdp.ini 

Edit File:
--------------------IN FILE------------------
; Session types; 
; Some session types such as Xorg, X11rdp and Xvnc start a display server.
; Startup command-line parameters for the display server are configured; 
in sesman.ini. 
See and configure also sesman.ini.
*********************Add below above section*******************************[xrdp1]
name=Local User Authentication
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=-1

Step 7: Add authorized users to xrdp group

create xrdp groups

Input:
sudo groupadd tsusers sudo groupadd tsadmins

add user to groups

add desired users to tsusers is needed to login to the desktop via rsd. 

Input: 
sudo gpasswd -a lnxuser tsusers 
sudo gpasswd -a lnxuser tsadmins

Add the authorized users home dir

Input:
echo "exec gnome session" > /home/nsu.edu/reginaldas/.Xclients sudo chmod 700 /home/nsu.edu/reginaldas/.Xclients

Restart xrdp service

Input:
sudo systemctl restart xrdp && sudo systemctl enable xrdp 
sudo systemctl restart xrdp-sesman && sudo systemctl enable xrdp-sesman

To automate the .Xclient file in new users

Input:
sudo su - echo "exec gnome-session" > /etc/skel/.Xclients sudo chmod 700 /etc/skel/.Xclients

Step 8: Test xrdp Remote Connectivity

Now take RDP from any windows machine using Remote Desktop Connection. Enter the ip address of Linux server in the computer field and then click on connect.

Enter IP Address in Remote Desktop Connection Window

You may need to ignore the warning of RDP certificate name mismatch.

Accept the Certificate

You would be asked to enter the username and password. You can either use root or any user that you have it on the system. Make sure you use module “Xvnc“.

xRDP Login Page

If you click ok, you will see the processing. In less than a half minute, you will get a desktop.

xRDP CentOS Desktop

That’s All. You have successfully configured xRDP on CentOS 7.

Step 2: Configure Ansible via pip

Step 1: Install Python on CentOS 7

1: Install and Set your default Python on CentOS 7 using the guide below.

Python 3.6 can be installed on CentOS 7 by running the command below on your terminal.

# Input: 
sudo yum -y install python36 

# Output: Installed:python36.x86_64 0:3.6.8-1.el7                                                 Dependency Installed:python36-libs.x86_64 0:3.6.8-1.el7                                      Complete!

The same applies to all other Python 3 Libraries.

To use Python 3, just type

python3

1.1: Install Python 2.7 on CentOS 7

For some guys with existing software not ready to run on Python 3, CentOS 7 got you covered. It contains the Python 2 stack.

Install Python 2.7 on CentOS 7 in parallel with Python 3 using the command:

Input:
sudo yum -y install python2

Confirm:

Input:
$ which python2/usr/bin/python2

To use Python 2.7, type the command:

Input:
python2

2: Set Default Python Version

You should have noted that to use Python 3, the command is python3andpython2 for Python 2. What if your applications are configured to refer to python which is not available system-wide.

$ python
bash: python: command not found...

2.1: You can use the alternatives mechanism to enable the unversioned python command system-wide, and set it to a specific version:

Set Python 3 as default:

Set Python 2 as default:

2.2: Running python -V should show default Python version configured

Use Python 2 via python:

To reset this configuration and remove the unversioned python command, run:

Enjoy using Python for your Development Projects in CentOS 7.

3: Once it has been installed, proceed to install Pip which is a Python package manager used to install Ansible.

If you’re using Python3, install python3-pip package.

For Python2 users you have to install python2-pip

Step 2: Install Ansible on CentOS 7

1: Once you have Pip installed, use it to get Ansible installed in your CentOS 7 machine.

For Python2 pip, use:

2: You can see Ansible installed using the following command:

Step 3: Testing Ansible on CentOS 7

1: To test Ansible, you should have OpenSSH service running on the remote server.

2: Create Ansible inventory file, default is /etc/ansible/hosts

2.1: Copy the IP address of your remote server(s) to manage and add to Ansible inventory file.

2.2: You can also create a group of hosts like below:

3: Generate SSH key and copy it to remote servers.

3.1: Use ping module to test ansible:

3.2: The -i option is used to provide path to inventory file. You should get the same output for hosts group name.

Input:
$ ansible  -i hosts  web -m ping 192.168.122.197 | SUCCESS => {"changed": false,"ping": "pong"}

3.3: For commands that need sudo, pass the option --ask-become-pass. This will ask for privilege escalation password. This may require installation of the sshpass program.

Input:
$ ansible  -i hosts  web -m command -a "sudo yum install vim"  --ask-become-pass.... 192.168.122.197 | CHANGED | rc=0 

Output:
>>Updating Subscription Management repositories.Updating Subscription Management repositories.Last metadata expiration check: 0:52:23 ago on Sat 29 Dec 2018 08:28:46 PM EAT.Package vim-enhanced-2:8.0.1763-7.el8.x86_64 is already installed.Dependencies resolved.Nothing to do.Complete!

Step 3: Configure VSCode

Step 4: Configure Inventory

4.1: Inventory File Structure

4.2: Host File Structure

4.3: Var File Structure