Reply
Highlighted
L1 Bithead

Building an Automation host in AWS

Hi All,

having just painfully struggled through getting my first ansible automation to work I figured I'd share my findings here for other total beginners. It turns out my fight wasn't about getting Ansible talking to the firewall but about getting Ansible talking. And realizing that just because there's a file listing dependencies and the installer says it is checking dependencies doesn't mean it ACTUALLY deals with them. If it doesn't give details of actions it probably isn't doing anything!

 

If you've already got a working Ansible control host in CentOS then I'd appreciate any feedback on glaring errors or QoL improvements.

 

The set of commands below are what I will be using to rebuild the automation host from scratch. It is starting from a CentOS 7 AMI. I've added some comments that help explain what the line is trying to do.

 

 

#Become root for the session. Saves pre-pending sudo to many lines further down.
sudo su

 

#Install / update program lists. epel-release needed otherwise many packages are really old versions!

# -y removes the need to hit yes to continue with the install
yum install epel-release -y
yum update -y

yum install centos-release-scl -y
yum install rh-python36 -y
scl enable rh-python36 bash

# You either run the above scl line for every session!
# or edit your file ~/.bash_profile:
# and add: source scl_source enable rh-python36

 

#Update PIP before installing anything with it

pip3 install --upgrade pip

 

#Install some handy basics. unzip and a text editor.
yum install unzip -y
yum install nano -y

 

#Install ansible

pip3 install pandevice

#pip3 install pan-python (appears to not be needed)

#pip3 install xmltodict (appears to not be needed)

pip3 install ansible

 

#Add a nasty hack to avoid certificate error issues for now. =1 is the default behaviour that was causing issues.

#This "fixes" CERTIFICATE_VERIFY_FAILED errors when you try running playbooks. It's a result of Python 2.7 enhancements.

#If you are having to add certificate exceptions to your browser to get to devices you probably need to add this.

#It effectively adds that exception for EVERYTHING so needs a better answer
export PYTHONHTTPSVERIFY=0

 

#Install terraform
curl -O https://releases.hashicorp.com/terraform/0.12.21/terraform_0.12.21_linux_amd64.zip
# echo $PATH
# make sure unzip destination is in the path, e.g. /usr/bin
unzip terraform_0.12.21_linux_amd64.zip -d /usr/bin

 

# Install TFTP and set it to start + autostart
yum install tftp tftp-server xinetd -y
# need to edit the config file afterwards, e.g. nano /etc/xinetd.d/tftp
# servers_args needs to have -c added after the = to allow files to be created
# disable needs to be set to no instead of yes so that it can be used
chmod 777 /var/lib/tftpboot
systemctl enable xinetd
systemctl enable tftp
systemctl start xinetd
systemctl start tftp
setsebool -P tftp_anon_write 1
setsebool -P tftp_home_dir 1

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!