Using Ansible to Manage install and update Apple OSX DHCP clients

DustinB3403

This is a quazy fork from another topic, but to summarize.

Install Fedora Server - install ansible dnf install ansible and then install the all important homebrew role

https://galaxy.ansible.com/geerlingguy/homebrew

At this point @stacksofplates I should have a system that is ready to begin managing DHCP Apple OXS clients, right?

DustinB3403

Since I have to use DHCP for these, at least to find my clients I assume I can just edit /etc/ansible/hosts as @IRJ said by adding a

# Stupid DHCP Clients
192.168.1.[1:254]
192.168.2.[1:254]

Correct?

Corrected thanks @IRJ

IRJ

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

Since I have to use DHCP for these, at least to find my clients I assume I can just edit /etc/ansible/hosts as @IRJ said by adding a

# Stupid DHCP Clients
192.168.1.[1.254]
192.168.2.[1.254]

Correct?

192.168.1[1:254]

DustinB3403

So going out on the wild assumption that I wasn't on my couch right now, how would ansible find my clients?

No credentials have been set anywhere - how do I add my clients?

IRJ

I'd recommend creating a group though instead of just a comment. That way you can reference the group in your playbooks

[stupid_dchp_hosts]
192.168.1.[1:254]
192.168.1.[1:254]

DustinB3403

@IRJ said in Using Ansible to Manage install and update Apple OSX DHCP clients:

I'd recommend creating a group though instead of just a comment. That way you can reference the group in your playbooks

[stupid_dchp_hosts]
192.168.1.[1:254]
192.168.1.[1:254]

okay, so no comment necessary, instead add a header by going.

[stupid_dhcp_hosts]
192.168.1.[1:254]
192.168.2.[1:254]

of course I could add a comment by using the good old # sign before any line.

stacksofplates

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

At this point @stacksofplates I should have a system that is ready to begin managing DHCP Apple OXS clients, right?

Assuming that role does everything you want, then the logic is there.

DustinB3403

@stacksofplates said in Using Ansible to Manage install and update Apple OSX DHCP clients:

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

At this point @stacksofplates I should have a system that is ready to begin managing DHCP Apple OXS clients, right?

Assuming that role does everything you want, then the logic is there.

Really all I want is a simple non-apple remote desktop way to install and update ~170 apple systems which may or may not be available at update time.

DustinB3403

So @IRJ and @stacksofplates how do I get my clients to be found? I have to add some credentials somewhere so I can actually run commands on them.

stacksofplates

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

So going out on the wild assumption that I wasn't on my couch right now, how would ansible find my clients?

No credentials have been set anywhere - how do I add my clients?

So how you use credentials depends on how you have them set up on your systems. If you have a user that can access all of them, then you can use that user. If you don't, you'll have to call separate plays for the different systems.

If you running an ansible ad-hoc command you can do:

ansible -i <path to inventory> group-name -m setup -u <username> 

SSH keys are preferable, but if you don't have them you can pass a -k to ask for the SSH password. -K is the sudo password flag and goes along with -b for become (meaning become another user).

To run a playbook, just have your user defined like I showed in the other thread and become as true if you need it.

DustinB3403

We do have a uniform user account that could be use and is a wheel user and can be elevated to root if needed.

If I wanted to not use that account (because passwords) I'd have to generate ssh keys from every apple workstation I have and pass those to the ansible server?

stacksofplates

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

may not be available at update time.

This is harder and a lot more advanced. There's multiple ways to handle this, but like I said it's a lot more advanced than just running playbooks or ad-hoc commands on a system.

DustinB3403

@stacksofplates said in Using Ansible to Manage install and update Apple OSX DHCP clients:

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

may not be available at update time.

This is harder and a lot more advanced. There's multiple ways to handle this, but like I said it's a lot more advanced than just running playbooks or ad-hoc commands on a system.

Okay so lets stick with ad-hoc commands for now.

Pretending I was still at the office with this server installed and the homebrew role installed. How would I start finding my clients?

stacksofplates

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

We do have a uniform user account that could be use and is a wheel user and can be elevated to root if needed.

If I wanted to not use that account (because passwords) I'd have to generate ssh keys from every apple workstation I have and pass those to the ansible server?

No you would generate the key on the Ansible server and push the pub key out to the workstations. You can use Ansible to do that.

- name: Ensure user key is present
  authorized_key:
    user: dustin
    state: present
    key: "{{ lookup('file', '/home/dustin/.ssh/id_rsa.pub') }}"

Then just send it out using your username/password for the first time, and then you can use the key after that.

stacksofplates

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

@stacksofplates said in Using Ansible to Manage install and update Apple OSX DHCP clients:

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

may not be available at update time.

This is harder and a lot more advanced. There's multiple ways to handle this, but like I said it's a lot more advanced than just running playbooks or ad-hoc commands on a system.

Okay so lets stick with ad-hoc commands for now.

Pretending I was still at the office with this server installed and the homebrew role installed. How would I start finding my clients?

Do they have DNS names or are you referencing solely off of IP addresses?

DustinB3403

@stacksofplates said in Using Ansible to Manage install and update Apple OSX DHCP clients:

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

@stacksofplates said in Using Ansible to Manage install and update Apple OSX DHCP clients:

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

may not be available at update time.

This is harder and a lot more advanced. There's multiple ways to handle this, but like I said it's a lot more advanced than just running playbooks or ad-hoc commands on a system.

Okay so lets stick with ad-hoc commands for now.

Pretending I was still at the office with this server installed and the homebrew role installed. How would I start finding my clients?

Do they have DNS names or are you referencing solely off of IP addresses?

They'll register in DNS, but nothing is assigned, so it would be better to reference off of the IP only until a key was present.

Which

@stacksofplates said in Using Ansible to Manage install and update Apple OSX DHCP clients:

• name: Ensure user key is present
  authorized_key:
  user: dustin
  state: present
  key: "{{ lookup('file', '/home/dustin/.ssh/id_rsa.pub') }}"

Where / how do this go?

stacksofplates

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

They'll register in DNS, but nothing is assigned, so it would be better to reference off of the IP only until a key was present.

I'm confused as to how a key will change any of that?

Where / how do this go?

That would go in a playbook. You could use this:

---
- name: Ensure key exists
  hosts: all
  user: dustin
  
  tasks:
    - name: Ensure user key is present
      authorized_key:
        user: dustin
        state: present
        key: "{{ lookup('file', '/home/dustin/.ssh/id_rsa.pub') }}"

Then just run:

ansible-playbook playbook.yml 

Keep in mind the inventory has to be populated for this to hit those systems and you will most likely want to set Ansible to ignore the host keys because you will have to accept each one as it tries to connect if you don't.

DustinB3403

@stacksofplates So on your ansible server do you have a folder called playbooks and in that you have numerous different <something>.yml files each that do something?

IRJ

As @stacksofplates mentioned, connect with SSH how you do now, and I would create a special account just for ansible via playbook once you authenticat

IRJ

@DustinB3403 said in Using Ansible to Manage install and update Apple OSX DHCP clients:

@stacksofplates So on your ansible server do you have a folder called playbooks and in that you have numerous different <something>.yml files each that do something?

You can and it's recommended to do that when things start to get more complex, but for simple commands you can use a single yaml file.