Blog - Compufutura

Ansible reboot Linux machine or server with playbooks

need to reboot the VM or bare metal Linux machine/server using Ansible and wait for it to come back, but it does not work with playbook as descried here. How to reboot Linux server with Ansible? How do I reboot and wait for reboot to complete in Ansible playbook for multiple Linux servers?

Introduction: You can reboot a Linux or Unix based machine, wait for it to go down (say for kernel update), come back up, and respond to commands. You can use either command or shell module to reboot the Linux server when kernel updated. However, now we have a reboot module to reboot a machine using Ansible. I tested this module with:

Ubuntu Linux 16.04 / 18.04 LTS
CentOS Linux 7
Debian Linux 9.x
RHEL 7.x
SUSE 12.x
FreeBSD
OpenBSD

Prerequisite

Please note that you must have Ansible version 2.7 to work with the reboot module:
$ ansible --version

If not using Ansible version 2.7, try to update it using the dnf command/yum command/apt command/apt-get command as per your Linux distro version:
$ sudo apt update ## Debian or Ubuntu box ## $ sudo yum update ## RHEL/CentOS 7 ##

Ansible reboot Linux machine or server with playbooks

The syntax is pretty simple to do reboot:

- name: Reboot the machine with all defaults using Ansible
  reboot:

Here is a sample hosts file displayed using the cat command:

[all:vars]
k_ver="linux-image-4.15.0-36-generic"
ansible_user='{{ my_c_user }}'
ansible_become=yes
ansible_become_method=sudo
ansible_become_pass='{{ my_c_sudo_pass }}'
 
[legacy]
do-de.public
 
[cluster]
ln.cbz01 
ln.cbz02 
ln.cbz04 
ln.forum 
 
[lxd]
ln.cbz01
ln.cbz02
ln.cbz04
do-de.public 
 
[vpn:vars]
ansible_python_interpreter='/usr/bin/env python3'
 
[vpn]
do-blr-vpn
 
[backup]
gcvm.backup
 
[nodes:children]
vpn
backup
cluster
legacy
 
[isrestart:children]
backup
cluster
vpn

Here is my reboot.yml:

---
- hosts: isrestart
  become: true
  become_user: root
  tasks:
          - name: Rebooting the cloud server/bare metal box
            reboot:

How to use Ansible reboot module playbook to reboot the box

Now all you have to do is run playbook (see how to set and use sudo password for Ansible Vault)
$ ansible-playbook -i hosts --ask-vault-pass --extra-vars '@cluster.data.yml' reboot.yml

How to reboot a machine and set time out value

By default Ansible reboot module waits 600 seconds. You can increase value using the following syntax:

- name: Reboot a Linux machine 
  reboot:
    reboot_timeout: 1800

How to set command to run on the rebooted host and expect success from to determine the machine is ready for further tasks

By default whoami command used by ansbile. You can change it as follows:

- name: Reboot a Linux machine 
  reboot:
    test_command: uptime

OR

- name: Reboot a Linux machine 
  reboot:
    test_command: ping -c 4 192.168.2.254

How to set pre and post reboot delay

One can force Ansible to wait after the reboot was successful and the connection was re-established in seconds as follows:

- name: Unconditionally reboot the machine with all defaults
  reboot:
    post_reboot_delay: 180

The above is useful if you want wait for additional networking/storage or server vpn to kick in despite your connection already working. You can also set time for shutdown to wait before requesting reboot:

- name: Unconditionally reboot the machine with all defaults
  reboot:
    pre_reboot_delay: 180

Conclusion

You just learned how to reboot Linux/Unix box and wait for reboot to complete in Ansible playbook. For more info see this page here.

This entry is 2 of 2 in the Ansible Reboot a Machine/Server Tutorial series. Keep reading the rest of the series:

Ansible reboot a Debian/Ubuntu Linux for kernel update and wait for it
Ansible reboot Linux machine or server with playbooks

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

CentOS 7.0 Set Up OpenVPN Server In 5 Minutes

am a new CentOS Linux 7.0 server user. How do I set up an OpenVPN Server on CentOS Linux version 7.0 server to shield my browsing activity from bad guys on public Wi-Fi, and more?

Introduction OpenVPN is a full-featured SSL VPN (virtual private network). It implements OSI layer 2 or 3 secure network extension using the SSL/TLS protocol. It is an open source software and distributed under the GNU GPL. A VPN allows you to connect securely to an insecure public network such as wifi network at the airport or hotel. VPN is also required to access your corporate or enterprise or home server resources. You can bypass the geo-blocked site and increase your privacy or safety online. This tutorial provides step-by-step instructions for configuring an OpenVPN server on CentOS Linux 7.0 server.

Procedure: CentOS 7.0 Set Up OpenVPN Server In 5 Minutes

The steps are as follows:

Step 1 – Update your system

Run the yum command :
{[email protected]:~ }$ sudo yum update

Step 2 – Find and note down your IP address

Use the ip command as follows:
{[email protected]:~ }$ ip a {[email protected]:~ }$ ip a show eth0

Another option is to run the following dig command/host command to find out your public IP address from Linux command line:
{[email protected]:~ }$ dig +short myip.opendns.com @resolver1.opendns.com
OR
{[email protected]:~ }$ dig TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2}'

Finding out AWS/EC2 or Lighsail NAT IP address from the CLI

A note about IP address

Most CentOS Linux cloud servers have two types of IP address:

Public static IP address directly assigned to your box and routed from the Internet. For example, Linode, Digital Ocean, and others gives you direct public IP address.
Private static IP address directly attached to your server and your server is behind NAT with public IP address. For example, AWS EC2/Lightsail give you this kind of NAT public IP address.

The script will automatically detect your networking setup. All you have to do is provide correct IP address when asked for it.

Step 3 – Download and run centos7-vpn.sh script

I am going to use the wget command:
{[email protected]:~ }$ wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O centos7-vpn.sh

Setup permissions using the chmod command
{[email protected]:~ }$ chmod +x centos7-vpn.sh
One can view the script using a text editor such as vim/vi :
{[email protected]:~ }$ vi centos7-vpn.sh

RUN CENTOS7-VPN.SH TO INSTALL OPENVPN SERVER

Now all you have to do is:
{[email protected]:~ }$ sudo ./centos7-vpn.sh
Sample session from AWS/Lightsail where my cloud server is behind NAT:

Sample session from Linode/DO server where cloud server has direct public IPv4 address:

To avoid problem always choose DNS as 1.1.1.1 or Google DNS. Those are fast DNS server and reached from anywhere on the Internet.

HOW DO I START/STOP/RESTART OPENVPN SERVER ON CENTOS 7.0 ?

{[email protected]:~ }$ sudo systemctl stop [email protected] # <--- stop server {[email protected]:~ }$ sudo systemctl start [email protected] # <--- start server {[email protected]:~ }$ sudo systemctl restart [email protected] # <--- restart server {[email protected]:~ }$ sudo systemctl status [email protected] # <--- get server status

Step 4 – Connect an OpenVPN server using IOS/Android/Linux/Windows client

On server your will find a client configuration file called ~/desktop.ovpn. All you have to do is copy this file to your local desktop using the scp command:
{[email protected]:~ }$ scp [email protected]:~/deskcop.ovpn .
Next, provide this file to your OpenVPN client to connect:

LINUX DESKTOP: OPENVPN CLIENT CONFIGURATION

First, install the openvpn client for your desktop, enter:
{[email protected]:~ }$ sudo yum install openvpn
OR
{[email protected]:~ }$ sudo apt install openvpn
Next, copy desktop.ovpn as follows:
{[email protected]:~ }$ sudo cp desktop.ovpn /etc/openvpn/client.conf
Test connectivity from the CLI:
{[email protected]:~ }$ sudo openvpn --client --config /etc/openvpn/desktop.conf
Your Linux desktop system will automatically connect when computer restart using openvpn script/service:
{[email protected]:~ }$ sudo systemctl enable [email protected] {[email protected]:~ }$ sudo systemctl start [email protected]

Step 5 – Verify/test the connectivity

Execute the following commands after connecting to OpenVPN server from your Linux desktop:
{[email protected]:~ }$ ping 10.8.0.1 #Ping to the OpenVPN server gateway {[email protected]:~ }$ ip route #Make sure routing setup working {[email protected]:~ }$ dig TXT +short o-o.myaddr.l.google.com @ns1.google.com #Must return public IP address of OpenVPN server

A note about trouble shooting OpenVPN server and client issues

Check OpenVPN server for errors:
{[email protected]:~ }$ journalctl --identifier openvpn

Is firewall rule setup correctly on your server? Use the cat command to see rules:
{[email protected]:~ }$ cat /etc/iptables/add-openvpn-rules.sh

#!/bin/sh
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT

Another option is to run iptables command and sysctl command commands to verify NAT rule setup on your server:
{[email protected]:~ }$ sudo iptables -t nat -L -n -v {[email protected]:~ }$ sysctl net.ipv4.ip_forward

Insert the rules if not inserted from /etc/iptables/add-openvpn-rules.sh
{[email protected]:~ }$ sudo sh /etc/iptables/add-openvpn-rules.sh {[email protected]:~ }$ sudo sysctl -w net.ipv4.ip_forward=1
Is OpenVPN server running and port is open? Use the ss command or netstat command and pidof command/ps command:
{[email protected]:~ }$ netstat -tulpn | grep :1194 ## 1194 is the openvpn server port ## {[email protected]:~ }$ ss -tulpn | grep :1194 ## 1194 is the openvpn server port ## {[email protected]:~ }$ ps aux | grep openvpn ## is the openvpn server running? ## {[email protected]:~ }$ ps -C openvpn ## is the openvpn server running? ## {[email protected]:~ }$ pidof openvpn ## find the openvpn server PID ##

If not running, restart the OpenVPN server:
{[email protected]:~ }$ sudo systemctl restart [email protected]
Look out for errors:
{[email protected]:~ }$ sudo systemctl status [email protected]
Can the Linux desktop client connect to the OpenVPN server machine? First you need to run a simple test to see if the OpenVPN server port (UDP 1194) accepts connections:
{[email protected]:~ }$ nc -vu 139.162.60.234 1194 Connection to 139.162.60.234 1194 port [udp/openvpn] succeeded!
If not connected it means either a Linux desktop firewall or your router is blocking access to server. Make sure both client and server using same protocol and port, e.g. UDP port 1194.

Conclusion

Congratulations. You successfully set up an OpenVPN server on CentOS Linux 7.0 server running in the cloud. See the OpenVPN website here and script site here for

How to increase and set upload size to 100MB in PHP-Apache

24 May 2017
by: Alex
in: Linux
note: no comments

I am using Apache with mod_php on Debian/Ubuntu Linux server. How do I increase file upload size limit in PHP-Apache app from default 2MB to 100MB?

How to configure Samba to use SMBv2

24 May 2017
by: Alex
in: Linux
Tags: Linux, samba, smb
note: no comments

I am a new Linux user and for security reasons and to avoid ransomware, I would like to disable the SMB1 protocol in samba configuration on a CentOS Linux version 7 server. Is it possible to disable SMBv1 on a Linux or UNIX-like operating system?