The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ansible Bootstraping

Discussion in 'cPanel Developers' started by JonTheWong, Nov 11, 2015.

  1. JonTheWong

    JonTheWong Active Member

    Joined:
    Oct 8, 2013
    Messages:
    38
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Montreal, Quebec
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello everyone,

    I've been developing Ansible playbook that work with cPanel.

    As of now i'm able to create a base install and kickstart the installer using customized configurations; wwwacct.conf, cpanel.config, cpupdate.conf

    But I'm having difficulty with other aspects.

    Currently I'm trying to disable Compiler Access
    Ansible is copying a template file called compilerstatus.db to /var/cpanel/

    with the following content
    Code:
    ---
    "enabled": 0
    
    Yet during a fresh install it still remains enabled.


    I'm also trying to get Mod Security to enable and load COMODOs Rules
    As of now, i'm able to copy over settings for ModSecurity™ Configuration
    But when i try to save the file i get "unable to save" errors, and everything else is not being activated, still a work in progress but any help would be appreciated.


    Another aspect i'm unable to produce is pre-installing our wildcard certificate to the server.
    I've copied files from /var/cpanel/ssl but i'm assuming we need to regenerate the services so they detect the SSL; unable to find documentation.

    /var/cpanel/ssl/system
    /scripts/ssl_migration
    seems promising

    Other sections we would like to bootstrap are;

    Edit System Mail Preferences
    FTP Server Configuration
    Mailserver Configuration
    Service Manager



    /root/cpanel3-skel is done
    zone templates is done
    package / features are done
    csf ui done
    cmq / cmm auto installed
    branding done

    Is anyone else working on such a configuration that could help me.
    If the developers could key me into some scripts i might be missing that i could execute in my playbook, that would be perfect.

    If anyone wants some tips of how i created my ansible playbook, hit me up.

    -Regards

    -ps sorry if this isn't the right forum, but i didn't find any other section that seemed to suite it.
     
  2. tsiedsma

    tsiedsma Active Member

    Joined:
    Nov 1, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ankeny, Iowa
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm also working on Ansible for cPanel, haven't gotten much done yet, still focused on the OS part of things first.
    I'd love to see what you've come up with if you're still willing to share.
    Do you have it on github or something? Feel free to email me, - Removed -

    I'll see if I run into the same issues and help you figure it out. I think you should create a github repo so others can make pull requests. I know a cPanel playbook would be useful for many.
     
  3. JonTheWong

    JonTheWong Active Member

    Joined:
    Oct 8, 2013
    Messages:
    38
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Montreal, Quebec
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello tsiedsma,

    We don't currently have the project up on Github, We do plan to eventually release our files to the general public but as it stands the project is an Internal Beta.

    Right now the biggest issue we've faced is pre-provisioning the base SSL but i might have recently found a solution, I'm currently on vacation but i've been secretly taking some notes on my off time ;)

    PM me if you'd like to discuss any issues you have with Ansible.

    So far we have a playbook that can pre-configure the OS (Networking, Hostnames, ACL, YUM); Install cPanel + Plugins, configure EasyApache load up customizations for ERROR DOCS / SKEL / EXIM / FTP and loading of shared drives. So far everything is setting up perfectly; just need to finalize a few things and it should be ready for production.

    We also have a DNSonly Version running; a lot less configuration!

    The next step is to provision and automatically add hosts to Ansible using Openstack and Dynamic Inventories.
    Eventually having it resize instances that are using ~80% of resources.

    Just remember if you're building a playbook for cPanel the order of the plays matters; and reboots during the play are essential.
     
  4. tsiedsma

    tsiedsma Active Member

    Joined:
    Nov 1, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ankeny, Iowa
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm just getting started, currently focusing on regular management of cPanel servers via Ansible.
    CentOS, CloudLinux, CSF, CXS, rfxn.com apps and cPanel.
    If you're willing to share, I'd love to see what you're doing for deployment, that might make some of my research a little easier.

    I intend to clean up what I've got and make it public for others to use. It's amazing that there isn't anything related to cPanel and Ansible anywhere.
     
  5. JonTheWong

    JonTheWong Active Member

    Joined:
    Oct 8, 2013
    Messages:
    38
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Montreal, Quebec
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm astonished also that nothing comes up for cPanel + Ansible, figured a lot more people would be posting about it, but i have the sneaking suspicion other admins don't want to lose their edge.

    As for CXS do you have any success? We use Maldet instead.

    I'll post up some of my scripts on Github in the coming days. here is the Temp repo for now. github.com/ZenithMediaCanada/cPanelnAnsible
    I have a migration to complete; so i won't be updating till the beginning of next week.
     
    #5 JonTheWong, Jan 1, 2016
    Last edited by a moderator: Jan 1, 2016
  6. tsiedsma

    tsiedsma Active Member

    Joined:
    Nov 1, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ankeny, Iowa
    cPanel Access Level:
    Root Administrator
    Twitter:
    Works for me, thank you so much.
    Knowledge share between hosts should be encouraged more. We all have a lot to learn from each other.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  8. JonTheWong

    JonTheWong Active Member

    Joined:
    Oct 8, 2013
    Messages:
    38
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Montreal, Quebec
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thank you cPanelMichael,

    I've updated the git with our DNSOnly script; i did not include our customizations.

    Hope this helps tsiedsma :)
     
  9. gryzli

    gryzli Active Member

    Joined:
    Jul 23, 2012
    Messages:
    44
    Likes Received:
    5
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm not sure what exact you are using, but combining Ansible with cPanel Api parser script is very powerfull (by my opinion).

    If you have something like cpanel_api.[php|pl|....] you could set almost everything through the WHM/cPanel api and automate this inside Ansible (or whatever you use).

    It's pretty handy the use of /root/.accesshash for automating api calls :)
     
  10. JonTheWong

    JonTheWong Active Member

    Joined:
    Oct 8, 2013
    Messages:
    38
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Montreal, Quebec
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello gryzli;

    Thanks for the info. I've been meaning to brush up on my API skills and get my head around cPanel and various other APIs we currently have access to.

    Do you have any examples you'd be willing to share? All our ansible configurations are based on manual commands and templates. Having them set via API would be ideal in the long term.
     
  11. gryzli

    gryzli Active Member

    Joined:
    Jul 23, 2012
    Messages:
    44
    Likes Received:
    5
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi JonTheWong,

    I have written some "really ugly" perl script as an api parser, which could be used for both calling WHM API/Cpanel Api/ Uapi calls, with some error handling.
    In order to use it, you need to know few things:
    - What api you are going to use (cPanel, WHM, Uapi)
    - Which module/function
    - Provide the HASH with necessary parameters
    - Have working /root/.accesshash

    Keep in mind, that you will need to write/rewrite it in order to use it for your demands and cases.

    If this brings some interest in you, I could polish it a little bit and post it here.
     
  12. JonTheWong

    JonTheWong Active Member

    Joined:
    Oct 8, 2013
    Messages:
    38
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Montreal, Quebec
    cPanel Access Level:
    Root Administrator
    Twitter:
    I've been playing with Ansible URI module to perform PUT/POST/GET on another API but have been slowly reading

    Guide to WHM API 1 - Software Development Kit - cPanel Documentation

    I'm looking at the JSON formats and it seems pretty forward. My only issue is that if i'm building a box from scratch using ansible, why would i really need to configure WHM via API. Would be useful for management when the box is online; or maybe after ansible finishes the base install of cPanel then send all my configurations via API assuming all of them are supported.

    But feel free to share what you have; and no judgement on the code. I'm definitely not a programer!
     
  13. tsiedsma

    tsiedsma Active Member

    Joined:
    Nov 1, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ankeny, Iowa
    cPanel Access Level:
    Root Administrator
    Twitter:
    Looks like a good start. I've been pretty busy myself and haven't had time to really look into it.
    I've been working on my ongoing cPanel server management via ansible and will then work on the server deployment playbook next.
    Once I have things polished up a little, I intended to release it on github.
     
  14. tsiedsma

    tsiedsma Active Member

    Joined:
    Nov 1, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ankeny, Iowa
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hey JonTheWong, did you have any luck with your challenges? Are you deploying your certificates with success?
    I've created a bootstrapping playbook and made it public. I'd like to encourage more of this sharing among other hosts and professionals.

    Here's what I have:
    github.com/LithiumHosting/ansible-cpanel-bootstrap

    My current challenges:
    • Deploying wildcard SSL certificate for cPanel services.
    • If during the cPanel installation, ansible loses its connection or fails to connect, I need to be able to check if the install is active when re-running the playbook so it doesn't fail.
    I'd love some feedback and contributions. I intend to start my own thread regarding cPanel + Ansible.
     
    #14 tsiedsma, Jan 30, 2016
    Last edited by a moderator: Jan 30, 2016
  15. tsiedsma

    tsiedsma Active Member

    Joined:
    Nov 1, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ankeny, Iowa
    cPanel Access Level:
    Root Administrator
    Twitter:
    I figured out the SSL certificate issue, now the deployment installs SSL for all cPanel services.
    After more testing, I'll add it to my public Git repo.

    Have you given more thought to sharing more of your Playbook JonTheWong?
     

Share This Page