Solved Scripting - How do you store your credentials and call them later?
-
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
@IRJ Using an specific IP wouldn't work I'd have to use dhcp scopes and filter out Windows PCs from that.
add hostnames?
-
@IRJ said in Scripting - How do you store your credentials and call them later?:
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
@IRJ Using an specific IP wouldn't work I'd have to use dhcp scopes and filter out Windows PCs from that.
add hostnames?
Which of the 3 above names would you think apple considers the host name and you want me to type out ~170 computer names? Ansible can't handle DHCP based clients?
-
Do you have dns?
-
@IRJ said in Scripting - How do you store your credentials and call them later?:
Do you have dns?
Yes
-
You may be able to do something like this? @stacksofplates can probably chime in
192.168.1.[1:254]
-
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
@stacksofplates so that seems simple enough, how do you put in the custom details like I am pushing to these 1 by 1?
the office location, the expected user and the asset tag to create a single
-computername
?Also since we're on it, how do you use tools like brew.sh to install and update third party software?
There's a few different ways to approach it. A good simple way is to leverage your
inventory
andgroup_vars
.Here's an example inventory:
[florida] 10.23.50.15 comp_user=Mary tag_number=000335 osx1.fl.test.com ansible_host=10.23.50.16 comp_user=Sally tag_number=000678 [california] 10.55.12.34 comp_user=Pete tag_number=000446 osx2.ca.test.com ansible_host=10.55.12.35 comp_user=Jim tag_number=000445 [macs:children] florida california
So here you have an inventory that defines 4 different hosts. You can reference a host by IP address/FQDN or by an alias. In this case osx1.fl.test.com and osx2.ca.test.com are aliases for the
ansible_host
variable. The hosts are grouped into 3 groups. One group is called florida and obviously has the two hosts for florida in it. The other group is called california and is similar. The third group is calledmacs
and it has children which are florida and california. So all of the hosts in florida and california are also in the macs group.Variables are a big deal and there's now 22 places to set variables (please don't try to use them all at the same time) and they all have an order of presidence. Simpler is better. The
group_vars
directory holds files named after a group and does exactly what it sounds like. So here we could set up a group_vars file calledflorida
and it would contain:location: florida dns_server: 1.2.3.4 timezone: eastern
We can have a file for
california
and it could contain:location: california dns_server: 2.3.4.5 timezone: pacific
Then in the playbook I referenced above you can use these facts (including variables in your inventory). There are
magic variables
that are always present on every system and you can gather facts about systems also. One of the magic variables isinventory_hostname
which is the alias (or just the fqdn if you didn't set an alias). So in your example you could do this:--- - name: Set crap with scutil hosts: macs become: true user: dustin tasks: - name: set computername shell: "scutil --set ComputerName {{ comp_user }}{{ tag_number }}" - name: set hostname shell: "scutil --set HostName {{ location }}{{ inventory_hostname }}" - name: set localhostname shell: "scutil --set LocalHostName {{ location }}{{ comp_user }}{{ tag_number }}"
The comp_user and tag_number variables can be set in a directory called
host_vars
and a file named after the host name, but I don't commonly use that. -
@IRJ said in Scripting - How do you store your credentials and call them later?:
You may be able to do something like this? @stacksofplates can probably chime in
192.168.1.[1:254]
You can do something like that and even
mac[1:3000].test.com
, but it's valuable to have each system defined so you can control variables for each one. It's fairly trivial to export from your asset management system and make an inventory from that. -
@stacksofplates said in Scripting - How do you store your credentials and call them later?:
@IRJ said in Scripting - How do you store your credentials and call them later?:
You may be able to do something like this? @stacksofplates can probably chime in
192.168.1.[1:254]
You can do something like that and even
mac[1:3000].test.com
, but it's valuable to have each system defined so you can control variables for each one. It's fairly trivial to export from your asset management system and make an inventory from that.This is only true if I get to hit my coworker with a hammer
-
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
@stacksofplates so that seems simple enough, how do you put in the custom details like I am pushing to these 1 by 1?
the office location, the expected user and the asset tag to create a single
-computername
?Also since we're on it, how do you use tools like brew.sh to install and update third party software?
For brew there's a module to interact with it. You just declare the package you want installed and it does it.
- name: Ensure foo is installed homebrew: name: foo state: present
You can also do multiple:
- name: Ensure packages are installed homebrew: name: "{{ item }}" state: present loop: - softwareA - softwareB - softwareC
-
@stacksofplates do you install the role or module? I looked at this before and the documentation is lacking.
-
I know I'm asking a lot, but it's because when I have asked in the past it was a RTFM response.
Which doesn't really fix the issue of the documentation is lacking or convoluted for what the platform is.
And I know these tools aren't designed to manage user workstations, but can do it. Thus the interest.
So if you're willing to explain and answer my million questions, I'll be happy to test.
-
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
@stacksofplates do you install the role or module? I looked at this before and the documentation is lacking.
The modules are part of the Ansible install. You don't need to install them separately unless you write your own. A role is like a library. It's a set of tasks you write to accomplish something and you can call it like a function or library.
For example I have a role I wrote that installs and enables firewalld and sets the ports/services you define. But I can call that role and pass in different ports and services for different hosts and groups because it's like a function.
-
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
I know I'm asking a lot, but it's because when I have asked in the past it was a RTFM response.
Which doesn't really fix the issue of the documentation is lacking or convoluted for what the platform is.
And I know these tools aren't designed to manage user workstations, but can do it. Thus the interest.
So if you're willing to explain and answer my million questions, I'll be happy to test.
I don't find it convoluted but it doesn't really matter, I'll do my best to answer whatever I can for you.
-
@stacksofplates so how do I check to see if this role is installed?
https://github.com/geerlingguy/ansible-role-homebrew because this seems like the thing people recommend using
-
Fedora Server 30 - with ansible --version 3.7.3 installed
-
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
Fedora Server 30 - with ansible --version 3.7.3 installed
Can't be 3.7.3. They just released 2.8 less than a month ago (that's the Python version).
To install a role use
ansible-galaxy
. So you would run:ansible-galaxy install geerlingguy.homebrew
If you go to the galaxy site for the roles it gives you all of the info: https://galaxy.ansible.com/geerlingguy/homebrew
-
whoops thats the python version lol (no glasses) ansible version 2.8.1
-
Okay so let me make a new topic for this as this is getting more indepth.
-
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
PS I learn from seeing and doing, rather than reading. Just as an FYI.
How do you learn what to do without reading or seeing how TF to do it first? Not capable of learning on your own, is that what you are saying?
I'm sure there are Ansible classes, courses, videos, etc out there.
-
@Obsolesce get bent, learning from seeing and doing is a form of learning.