ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Ansible Agent Option?

    Scheduled Pinned Locked Moved IT Discussion
    ansible
    163 Posts 11 Posters 28.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      For all you Ansible users out there, I know that by default Ansible is agentless. That's fine, but that leaves a ton of situations where we would need ZeroTier or something to reach systems. Has anyone looked into agent options for Ansible to make it able to reach systems on its own without needing a third party software defined network or VPN to reach machines on different LANs than the Ansible servers?

      D 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        Also, not having to open ports would be nice.

        1 Reply Last reply Reply Quote 0
        • DustinB3403D
          DustinB3403
          last edited by

          I'm not even at the point where I would need to consider this.

          1 Reply Last reply Reply Quote 0
          • IRJI
            IRJ
            last edited by

            You could use a github repository and manage ansible locally using shell scripts.

            1 Reply Last reply Reply Quote 1
            • IRJI
              IRJ
              last edited by

              @scottalanmiller , it would look like this.

              #***********************************************************
              # Install ansible
              #***********************************************************
              
              sudo apt install -y ansible
              
              
              #***********************************************************
              # Create or append ansible requirements file
              #***********************************************************
              
              sudo sh -c "echo '- src: https://github.com/florianutz/Ubuntu1804-CIS.git' >> /etc/ansible/requirements.yml"
              
              
              #***********************************************************
              # Install the role for CIS Ubuntu script from Github
              #***********************************************************
              
              cd /etc/ansible/
              sudo ansible-galaxy install -p roles -r /etc/ansible/requirements.yml
              
              #***********************************************************
              # Create Ansible Playbook for CIS Ubuntu script
              #***********************************************************
              
              sudo sh -c "cat > /etc/ansible/harden.yml <<EOF
              - name: Harden Server
                hosts: localhost
                connection: local
                become: yes
                roles:
                  - Ubuntu1804-CIS
                  
              EOF
              "
              
              
              #***********************************************************
              # Run ansible playbook file
              #***********************************************************
              
              sudo ansible-playbook /etc/ansible/harden.yml
              scottalanmillerS 1 Reply Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller @IRJ
                last edited by

                @IRJ I suspect that that does not work on Windows, though.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller
                  last edited by

                  Since Windows doesn't run Ansible.

                  1 Reply Last reply Reply Quote 0
                  • ObsolesceO
                    Obsolesce
                    last edited by

                    Why Ansible with Windows?

                    DustinB3403D scottalanmillerS 2 Replies Last reply Reply Quote 0
                    • DustinB3403D
                      DustinB3403 @Obsolesce
                      last edited by

                      @Obsolesce said in Ansible Agent Option?:

                      Why Ansible with Windows?

                      I don't think @scottalanmiller is running Ansible from Windows, but looking to manage Windows with Ansible.

                      Which it looks like it's included. .

                      https://www.ansible.com/integrations/infrastructure/windows

                      scottalanmillerS 1 Reply Last reply Reply Quote 1
                      • DustinB3403D
                        DustinB3403
                        last edited by

                        Specifically

                        https://docs.ansible.com/ansible/latest/user_guide/windows_faq.html#can-ansible-run-on-windows

                        No, Ansible can only manage Windows hosts. Ansible cannot run on a Windows host natively, though it can run under the Windows Subsystem for Linux (WSL).

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Obsolesce
                          last edited by

                          @Obsolesce said in Ansible Agent Option?:

                          Why Ansible with Windows?

                          Because it seems to be more robust than Salt.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @DustinB3403
                            last edited by

                            @DustinB3403 said in Ansible Agent Option?:

                            @Obsolesce said in Ansible Agent Option?:

                            Why Ansible with Windows?

                            I don't think @scottalanmiller is running Ansible from Windows, but looking to manage Windows with Ansible.

                            Which it looks like it's included. .

                            https://www.ansible.com/integrations/infrastructure/windows

                            Correct. It is included, but how do you reach it when the Windows client leaves the LAN?

                            DustinB3403D 1 Reply Last reply Reply Quote 0
                            • DustinB3403D
                              DustinB3403 @scottalanmiller
                              last edited by

                              @scottalanmiller said in Ansible Agent Option?:

                              @DustinB3403 said in Ansible Agent Option?:

                              @Obsolesce said in Ansible Agent Option?:

                              Why Ansible with Windows?

                              I don't think @scottalanmiller is running Ansible from Windows, but looking to manage Windows with Ansible.

                              Which it looks like it's included. .

                              https://www.ansible.com/integrations/infrastructure/windows

                              Correct. It is included, but how do you reach it when the Windows client leaves the LAN?

                              How would you reach anything else when it's not on the LAN?

                              VPN, ssh etc.

                              scottalanmillerS 2 Replies Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @DustinB3403
                                last edited by

                                @DustinB3403 said in Ansible Agent Option?:

                                @scottalanmiller said in Ansible Agent Option?:

                                @DustinB3403 said in Ansible Agent Option?:

                                @Obsolesce said in Ansible Agent Option?:

                                Why Ansible with Windows?

                                I don't think @scottalanmiller is running Ansible from Windows, but looking to manage Windows with Ansible.

                                Which it looks like it's included. .

                                https://www.ansible.com/integrations/infrastructure/windows

                                Correct. It is included, but how do you reach it when the Windows client leaves the LAN?

                                How would you reach anything else when it's not on the LAN?

                                VPN, ssh etc.

                                Salt has no issue with that, works the same on LAN or off LAN.

                                1 Reply Last reply Reply Quote 0
                                • DustinB3403D
                                  DustinB3403
                                  last edited by

                                  With Windows, my guess would be Powershell over SSH

                                  https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/ssh-remoting-in-powershell-core?view=powershell-6

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @DustinB3403
                                    last edited by

                                    @DustinB3403 said in Ansible Agent Option?:

                                    @scottalanmiller said in Ansible Agent Option?:

                                    @DustinB3403 said in Ansible Agent Option?:

                                    @Obsolesce said in Ansible Agent Option?:

                                    Why Ansible with Windows?

                                    I don't think @scottalanmiller is running Ansible from Windows, but looking to manage Windows with Ansible.

                                    Which it looks like it's included. .

                                    https://www.ansible.com/integrations/infrastructure/windows

                                    Correct. It is included, but how do you reach it when the Windows client leaves the LAN?

                                    How would you reach anything else when it's not on the LAN?

                                    VPN, ssh etc.

                                    Don't want a VPN or to expose ports. Salt handles this beautifully. I can't figure out how all the other ecosystems deal with the myriad machines that don't sit directly accessible on the LAN.

                                    1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @DustinB3403
                                      last edited by

                                      @DustinB3403 said in Ansible Agent Option?:

                                      With Windows, my guess would be Powershell over SSH

                                      https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/ssh-remoting-in-powershell-core?view=powershell-6

                                      SSH call back automation isn't the best and if you don't have a person managing it, I think you are going to have a tough time.

                                      DustinB3403D 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller
                                        last edited by

                                        SHould work, in theory, but having every machine SSH back to the Ansible server to establish a tunnel is extremely cumbersome.

                                        1 Reply Last reply Reply Quote 0
                                        • DustinB3403D
                                          DustinB3403 @scottalanmiller
                                          last edited by DustinB3403

                                          @scottalanmiller said in Ansible Agent Option?:

                                          @DustinB3403 said in Ansible Agent Option?:

                                          With Windows, my guess would be Powershell over SSH

                                          https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/ssh-remoting-in-powershell-core?view=powershell-6

                                          SSH call back automation isn't the best and if you don't have a person managing it, I think you are going to have a tough time.

                                          Well windows isn't* POSIX compliant so yeah. . I'd expect as much.

                                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @DustinB3403
                                            last edited by

                                            @DustinB3403 said in Ansible Agent Option?:

                                            @scottalanmiller said in Ansible Agent Option?:

                                            @DustinB3403 said in Ansible Agent Option?:

                                            With Windows, my guess would be Powershell over SSH

                                            https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/ssh-remoting-in-powershell-core?view=powershell-6

                                            SSH call back automation isn't the best and if you don't have a person managing it, I think you are going to have a tough time.

                                            Well windows is POSIX compliant so yeah. . I'd expect as much.

                                            Yeah, but it would be crappy on UNIX, too. SSH call backs are just cumbersome all around.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 8
                                            • 9
                                            • 3 / 9
                                            • First post
                                              Last post