New Linux Server Ansible Enable Checklist

Overview

This article contains the checklist for the new Linux server Ansible Enable

Audience

ITS Systems and Applications Staff

CheckList

The goal of this checklist is to get a new linux server working from Ansible. This checklist assumes the installation of linux and network VLAN assignment. The vault password is located in the password safe.

  1. ​​​If server is on DMZ:
    1. Download and complete this spreadsheet: https://emailccbcmd-my.sharepoint.com/:x:/g/personal/stdobr_ccbcmd_edu/Ee5hDXqhVgVBgppDq7VE80QBX-R-7DGEJTTAxCspyv5CmQ?e=YN2Wuy
    2. Submit a service request to Information Assurance attaching this spreadsheet.
  2. Set up DNS name for this server
  3. Refresh Ansible Inventory
    1. Sign into ansible@colansible.ccbcmd.edu
    2. Run updateInventory.ps1 (use an account with VMware
    3. Run ansible_check_servers.ps1
      1. This script lists servers that are not configured for Ansible.  Any newly added servers should be listed here. Beware servers may be listed that are to be decommissioned.
  4. For each new server, run:
    1.  linux_initial_setup.ps1 newserver.ccbcmd.edu
  5. Run CCBC common linux configuration playbook:
    1. play --ask-vault-password -l 'newserver.ccbcmd.edu' common.yml
  6. Wait a few minutes and check baseline health of the server. The wait time is to give NTP a chance to catch up so it passes the baseline_health check:
    1. play -l 'newserver.ccbcmd.edu' baseline_health.yml
  7. See troubleshooting section in case of problems

Troubleshooting

Server is not known to Ansible

  • Verify Server in VMWare
  • ping the server from internal

Common Playbook Failure

  • Test SSH to the server
    • Does the server allow direct root without a password?
      • If not, the ansible key wasn't set up or ssh configuration error
      • Try Checklist items 3 and 4 again.
  • Verify "nc" utility is installed. yum install nc
    • If "nc" is not installed. Repo problem?
  • nc -zvw 5 colrepo.ccbcmd.edu 80
    • It should immediately return a message with "connected to 10.21.70.20:80".  If delayed or refused, a network ACL is a likely problem. colrepo should be already open to port 80 and firewalls on linux do not block outgoing 80 port.
  •  

 

Print Article