24/03/21 Notes
Puppet 5 to 6 Upgrade and Ansible 
### Puppet 5 to 6 Upgrade ###
Successfully upgraded an install of Puppet 5 to version 6.
Existing agents were able to connect successfully to the new PuppetServer once their agents were updated to version 6.
No manifests or other configuration on the server were removed during the upgrade.

# Steps
# Installed puppet5
rpm -Uvh https://yum.puppet.com/puppet5-release-el-8.noarch.rpm
yum install puppetserver -y
yum install puppet -y

# Versions
Puppet Server 5.3.16
Puppet Agent 5.5.22

# Remove the puppet 5 repo and replace it with v6
yum remove puppet5-release -y
rpm -Uvh https://yum.puppet.com/puppet6-release-el-8.noarch.rpm

# Install puppet version 6
yum update puppet -y
yum update puppetserver -y

# Versions 
Puppet Server 6.15.1
Puppet Agent 6.21.1

### Ansible Server boot script ###
#!/bin/bash

# Security Related
/usr/sbin/setenforce 1
/usr/bin/firewall-cmd --permanent --zone=public --add-port=22/tcp
/usr/sbin/usermod root --password '$6$m6GqgmWQWbFn$slSfY7IMHSIiMT1nOlMPLEgkvnMO2L3vJV0Oq8.14R570e/YgrW1YQp2xVt0drtYjrgA.iafmTOPH7gPFpf5G0'

# Enable Services
/usr/bin/systemctl enable --now firewalld

# Set timezone
/usr/bin/timedatectl set-timezone Australia/Sydney

# Set hostname
/usr/bin/hostname ansibleserver
/usr/bin/echo -e "ansibleserver" >> /etc/hostname

# Install Ansible
yum install epel-release -y
yum install ansible -y

# Enable services
/usr/bin/systemctl enable --now ansible
/usr/bin/systemctl enable --now sshd

# Ansible config
useradd ansible
/usr/sbin/usermod ansible --password '$6$m6GqgmWQWbFn$slSfY7IMHSIiMT1nOlMPLEgkvnMO2L3vJV0Oq8.14R570e/YgrW1YQp2xVt0drtYjrgA.iafmTOPH7gPFpf5G0'
/usr/bin/echo "ansible ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/ansible
mkdir /home/ansible/ansible

# Ansible hosts files
cat < /home/ansible/ansible/hosts.txt
[groupa]
agent1 ansible_user=ansible
agent2 ansible_user=ansible

[groupb]
agent3 ansible_user=ansible
agent4 ansible_user=ansible
EOF

# Sample Playbook
cat < /home/ansible/ansible/playbook.yaml
  - name: Playbook
    hosts: agent1
    become: yes
    become_user: root
    tasks:
      - name: ensure apache is at the latest version
        yum:
          name: httpd
          state: latest
          #state: absent
      - name: ensure apache is running
        service:
          name: httpd
          state: started
EOF

# Sample Playbook that runs a script on the agent
cat < /home/ansible/ansible/script.yaml
  - name: Let's copy our executable script to remote location, execute script and get result back.
    become: yes
    become_user: root
    hosts: agent1
    tasks:
      - name: Transfer executable script script
        copy: src=/home/ansible/ansible/shell-script.sh dest=/home/ansible mode=0777
      - name: Execute the script
        command: sh /home/ansible/shell-script.sh
EOF

# Host file entries
/usr/bin/echo -e "127.0.0.1 agent1" >> /etc/hosts

# Example file
cat < /home/ansible/ansible/examples.txt
# Run shell command on agent
ansible -i hosts.txt -b --become-method=sudo -m shell -a 'yum update -y' agent1
# Verbose output
ansible -i hosts.txt -b --become-method=sudo -m shell -a 'yum update -y' agent1 -vvv
# Run playbook against agents
ansible-playbook playbook.yaml -i hosts.txt
EOF

cat < /home/ansible/ansible/ssh-keypair-setup.sh
# As ansible user, gen keypair:
ssh-keygen
# Copy key to agent:
ssh-copy-id ansible@agent1
# Enter password to log into agent1
EOF

# Correct perms
chown -R ansible /home/ansible
/usr/bin/chmod +x /home/ansible/ansible/ssh-keypair-setup.sh

# Update System
/usr/bin/dnf update -y

# Cleanup
/usr/bin/rm -f /tmp/firstboot.exec

# Restart
/usr/sbin/reboot now

### Ansible Client boot script ###
#!/bin/bash

# Security Related
/usr/sbin/setenforce 1
/usr/bin/firewall-cmd --permanent --zone=public --add-port=22/tcp
/usr/sbin/usermod root --password '$6$m6GqgmWQWbFn$slSfY7IMHSIiMT1nOlMPLEgkvnMO2L3vJV0Oq8.14R570e/YgrW1YQp2xVt0drtYjrgA.iafmTOPH7gPFpf5G0'

# Enable Services
/usr/bin/systemctl enable --now firewalld

# Set timezone
/usr/bin/timedatectl set-timezone Australia/Sydney

# Set hostname
/usr/bin/hostname ansibleclient
/usr/bin/echo -e "ansibleclient" >> /etc/hostname

# Enable services
/usr/bin/systemctl enable --now sshd

# Ansible config
useradd ansible
/usr/sbin/usermod ansible --password '$6$m6GqgmWQWbFn$slSfY7IMHSIiMT1nOlMPLEgkvnMO2L3vJV0Oq8.14R570e/YgrW1YQp2xVt0drtYjrgA.iafmTOPH7gPFpf5G0'
/usr/bin/echo "ansible ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/ansible

# Update System
/usr/bin/dnf update -y

# Cleanup
/usr/bin/rm -f /tmp/firstboot.exec

# Restart
/usr/sbin/reboot now