Using Terraform with Ansible to Integrate LDAP

This project spins up a Google Cloud Centos7 instance with Terraform and connects to a preexisting LDAP server using Ansible. This way you can have a ready to go instance without extra, automatable steps. You can view my project on GitHub here. To run it on your own machine you need to create a Google Platform account, configure it on your machine, and fill in your custom environmental variables. Then you can simply run a script and the rest is done for you!

Set up Your Google Cloud Platform

To run my project, you need to have or create a Google Cloud Platform account. You can sign up for a free tier account with a $300 credit here.

After you have set up your account, go to your Google Cloud Console here. Create a new project or select an existing one.

Once this is complete, go to your computer’s terminal.

For Ubuntu

Install Google Cloud SDK with the following command. You will then need to source your bashrc with the last command.

curl https://dl.google.com/dl/cloudsdk/release/install_google_cloud_sdk.bash | bash

. ~/.bashrc

For RHEL

To install Google Cloud SDK you first need to add a repo. Run the following command and then vim into the repo you just created to add the gpgcheck, repo_gpgcheck, and the gpgkey. From there you can simply install the package.

yum-config-manager –add-repo https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64

your repo should be identical to this

After configuring the repo you can simply run yum install -y google-cloud-sdk and you are ready to move onto the next step!

Configure Environment and Custom Variables

To set up your environment run gcloud init. You will then have to fill in many prompts asking you to confirm credentials from Google Cloud and also pick some optional variables. The optional ones may or my not be filled based on your preference.

a gcloud init run

From this point you are ready to simply download my project from my GitHub here.

To run this script first you must add your own variables. Navigate to terraform/terraform.tfvars.orig and replace the values with your own Google Cloud Platform details. Save the file with the changes as terraform/terraform.tfvars. Then navigate to ansible/vars/ansible_vars.yml.orig, add your own LDAP connection details, and save the file as ansible/vars/ansible_var.yml.

From here you are ready to spin up your own Centos7 machines configured with a preexisting LDAP server by running ./run.sh

Ansible Quick Start

Get up and running with Ansible in 10 minutes or less! This should not be seen as a comprehensive guide but rather a quick start to get you running Ansible. For this guide we will be running against an Ubuntu system, however the steps are very similar for RHEL as well. You do need to have another server’s ip address or you can use your own local host.

First, we should install the proper packages through a Personal Package Archive. To do this run

  • sudo apt-get install -y software-properties-common ssh
  • sudo apt-add-repository –yes –update ppa:ansible/ansible
  • sudo apt-get install -y ansible

Check the install with ansible –version and you should see the version and below it a config file is listed with the path /etc/ansible/ansible.cfg. You will want to sudo vim /etc/ansible/ansible.cfg. While in vim, uncomment the lines inventory and sudo_user as pictured below then save the changes.

/etc/ansible/ansible.cfg

Ansible is run against nodes that we identify in the hosts file. To set up a basic hosts file first we will save a copy of the sample hosts file and then create our own.

  • sudo mv /etc/ansible/hosts /etc/ansible/hosts.original
  • vim /etc/ansible/hosts

Inside this file we need to add the ip address of the client you want to run ansible on. You can also run this against your own local host.

Now let’s make our playbook. Run sudo vim /etc/ansible/playbook.yml and copy the below into the file. Save and exit.

/etc/ansible/hosts

We now need to create a roles directory and a directory for our basic job. Run sudo mkdir -p /roles/basic/tasks and then sudo vim /etc/ansible/roles/basic/tasks/main.yml and copy the following simple command.

/etc/ansible/roles/basic/tasks/main.yml

To run the command simple use ansible-playbook -u [user on client]  /etc/ansible/playbook.yml. You should get confirmation that it has successfully run and you can check to make sure /tmp/ansible exists on your client. As you develop with Ansible further, you should not be working in the /etc directory.

RHCSA Partitions Mini Test

To take a this mini practice test you need to set up a virtual RHEL machine. I’ll be providing the commands for both Debian Linux and RHEL to set this up. If you have already done this you can move onto setting up the partitions for the test.

Install Virt-Manager

Install virt-manager on Debian or RHEL with sudo apt install -y virt-manager qemu /  sudo yum install -y virt-manager qemu. You then need to enable the libvirt daemon with service libvirtd start / systemctl start libvirtd.

You now need a RHEL iso image. If you need to download one, you can with a free RedHat Developer account here.

Configure Virtual Machine

Open virt-manager and click the computer icon on the top left. Then follow along the steps, selecting your iso image for RHEL and setting the size to 5GB. Name your virtual machine then click done.

Adding Hardware

You will need to move through the installation process and set a root password as RHEL installs. The machine will reboot and you simply need to login as root. To do the partition practice we have planned you need to attach a 10GB disk. You can do that by clicking on the light bulb icon and then Add Hardware.

The PARTITIONS Mini Test

Now that we are all set up, let’s get started! This mini test will take you through partition exercises. Expect to be creating and deleting, this will prepare you best for the test.

  • 1. Create a partition that takes up all of the 10GB disk
  • 2. Use that partition to create a physical volume
  • 3. Make a logical volume called horse with a volume group called farm. Each extent should be 8MB. The logical volume should be 100 extents. Mount this at /mnt/horse with an ext4 filesystem.
  • 4. Create a new 5GB logical volume called chair with the volume group furniture. Mount this at /mnt/chair with an xfs file system.

*Hint – you need to resize the physical volume and then the partition with gdisk or fdisk before you can create this logical volume

  • 5. Create a swap partition that is 1GB

6. Make sure all of these partitions mount at boot

If you cannot complete this then you are not yet ready to take the RHCSA.