Bulk administration of client devices with Ansible

Introduction

Zmanda Pro client install scripts supports remote administration of the client devices. These include operations such as Zmanda Pro client software installation & uninstallation, CA certificate installation on the client devices.

However, you may use your own remote management tools to invoke the Zmanda Pro client install scripts to perform the aforementioned operations.

Pre-requisites

1. An Instance of Zmanda Pro server setup

2. Zmanda Pro Client Install Scripts

The Zmanda Pro Client installation scripts are packaged as a part of your Zmanda Pro Server Setup Package and it can be found under the scripts directory in the setup package.

3. Python

Ansible uses python modules at its core, hence you will first need to install python3. It is recommended to upgrade you pip libraries to pull latest versions of the ansible modules, one important module which will be used in the Zmanda Pro Client Bulk installation workflow is the pywinrm module to push the scripts onto Windows Clients using the WinRM protocol

sudo dnf update -y
sudo dnf install python3 -y
pip install "pywinrm>=0.3.0"

4. Ansible Installation

Example: Installation on Rocky Linux 9

sudo dnf install -y epel-release
sudo dnf install ansible
sudo dnf install ansible-core
sudo dnf install ansible-collection-community-general

5. Network Configurations

1. To remotely manage your client devices using ansible, the following protocols will be used, hence the listed ports have to be open on the client devices.

• Windows: Port 5895 Protocol Used: WinRM

• Linux & Mac: Port 22 Protocol Used: SSH

1. The Client devices must also be able to resolve the domain name of the Zmanda Pro Server. The Client devices may need to make entries in their respective hosts file for the same if a DNS manager service is not configured at the network organization level.

Configuring your ansible environment

Setting defaults

Navigate over to the ansible/defaults directory and find the zpro_remote_defaults.yaml file, you should be able to see similar configurations.

# This file is used to set the default values for the variables used in the Zmanda Pro Ansible playbooks for bulk client installations.
# Ensure the right values are set before running the playbooks
# NOTE: Place this file in the same working directory as the playbook scripts under a `defaults` directory
# The defaults can be overridden at runtime by specifying the below variables from the command line
---
exec_start_timestamp: "{{ ansible_date_time.iso8601 }}"
zpro_scripts_path: /home/zmanda/setup/scripts
ca_certificate_path: /home/zmanda/setup/certs/ca.crt
zpro_fqdn: backup.zmanda.com
zpro_ansible_log_dir: /var/log/zmandapro/ansible
# Linux defaults
linux_install_script_name: ZmandaProClientLinuxInstall.sh
# Windows defaults
windows_install_script_name: ZmandaProClientWindowsInstall.ps1

On your host, you will have to make the following changes

1. zpro_scripts_path : Path to the directory where the Zmanda Pro Client Install scripts can be found. Refer Pre-Requisite 2

2. ca_certificate_path : Path to the ca certificate file. This is usually within the certs directory in your Zmanda Pro Setup Package. Refer Zmanda Pro Server Setup Package Contents If the certificate is trusted by the client devices this configuration can be left blank. It will skip certificate installation on the client devices

3. zpro_fqdn : The FQDN on which the Zmanda Pro Server is listening. Please do NOT append https:// to this as the Zmanda Pro server runs with TLS enabled and serves on https by default.

Host configurations

Most ansible environments have the following components:

Control Node: A system on which Ansible is installed. You run Ansible commands such as ansible or ansible-inventory on a control node.

Inventory: A list of managed nodes that are logically organized. You create an inventory on the control node to describe host deployments to Ansible.

Managed node: A remote system, or host, that Ansible controls.

In our case, the Control Node node will be the one where the Zmanda Pro Server runs. You may run the ansible playbooks from a different Control Node.

We will also see how to configure inventory files for Linux, Windows & Mac devices. The control node runs the ansible playbook scripts on each host defined in the inventory files.

1. Linux Host Configurations

Navigate to the zpro_linux_nodes.ini under the hostconfigs/ directory

You must see the following template file, replace the values with the authentication credentials for each of your own client device.

NOTE: The users specified must be in the sudoers group.

# This is a custom inventory file for linux nodes
# The default host configurations can be done in /etc/ansible/hosts file following the below format for linux and windows nodes
# to run a playbook for a specific inventory file, use the -i flag followed by the path to this file
[linux_nodes]
# Using Private Key Authentication
111.111.111.111 ansible_user=<user> ansible_ssh_private_key_file=<path_to_private_key> 
# Using Password Authentication
111.111.111.111 ansible_user=<user> ansible_password=<password>
# For a given remote machine, if User is prompted for password when trying to run a command as sudo, specify the password using the below format
111.111.111.111 ansible_user=<user> ansible_ssh_private_key_file=<path_to_private_key> ansible_become_pass=<password>
# Common variables for all linux nodes
[linux_nodes:vars]
ansible_port=22
ansible_connection=ssh

Example:

[linux_nodes]
192.168.80.214  ansible_user=zmanda ansible_ssh_private_key_file=/root/.ssh/li214
# Example where user is not in sudoers. In this case sudo password is specified in ansible_become_pass
192.168.80.207  ansible_user=zmanda ansible_ssh_private_key_file=/root/.ssh/li207 ansible_become_pass=2JdbHxn*!Yx83&Y
# Common variables for all linux nodes
[linux_nodes:vars]
ansible_port=22
ansible_connection=ssh

2. Windows Host Configurations

Navigate to the zpro_windows_nodes.ini under the hostconfigs/ directory

NOTE: Specify the User with Administrator privileges in the ansible_become_user= configuration. If the Authenticating user itself is the Administrator specify the same user name in the ansible_become_user= configuration

# This is a custom inventory file for linux nodes
# The default host configurations can be done in /etc/ansible/hosts file following the below format for linux and windows nodes
# to run a playbook for a specific inventory file, use the -i flag followed by the path to this file
[windows_nodes]
111.111.111.111  ansible_user=Administrator ansible_password=XXXXX ansible_become_user=<Administrator> ansible_become_password=XXXXXX
111.111.111.111  ansible_user=Administrator ansible_password=XXXXX ansible_become_user=<Administrator> ansible_become_password=XXXXXX

# Common variables for all windows nodes
[windows_nodes:vars]
ansible_shell_type=powershell
ansible_port=5985
ansible_connection=winrm
ansible_winrm_transport=ntlm
ansible_winrm_server_cert_validation=ignore
ansible_become=true
ansible_become_method=runas

Example:

[windows_nodes]
192.168.81.65   ansible_user=Zmanda ansible_password=ichmUKrZdO4czKa ansible_become_user=Zmanda ansible_become_password=ichmUKrZdO4czKa
192.168.81.24   ansible_user=Administrator ansible_password=yBbs%r9H7E$ac8X ansible_become_user=Administrator ansible_become_password=yBbs%r9H7E$ac8X
# Common variables for all windows nodes
[windows_nodes:vars]
ansible_shell_type=powershell
ansible_port=5985
ansible_connection=winrm
ansible_winrm_transport=ntlm
ansible_winrm_server_cert_validation=ignore
ansible_become=true
ansible_become_method=runas