Subscribe
By Vitalij Neverkevic in Tech

How to automate fail2ban with Ansible Part 3

In Part 2 we have organized playbooks into an Ansible Role, which makes it easy for others to reuse and share our work. In Part 3 we will take a look at the concept of Ansible Collections and we will convert role and custom module into collection and we will publish it to Ansible Galaxy.

Creating Ansible Collection and Pushing to Ansible Galaxy

Now at this point we have a code for Ansible Module, a number of playbooks and Ansible Role. Time to take a look, how could we package that as a collection and push to Ansible Galaxy.

To create and publish an Ansible Collection on Ansible Galaxy, you will need to first install the ansible-galaxy command line tool. If you have installed ansible via linux package manager ansible-galaxy tool is going to be included. If you have installed ansible via python pip, then you can install ansible-galaxy by running the following command:

pip install ansible-galaxy

To create a new Ansible collection, you can use the ansible-galaxy collection init command. This command will create the basic directory structure and files for a new collection. Here's an example of how to use the ansible-galaxy collection init command to create a new collection called my_collection:

ansible-galaxy collection init my_collection

This will create a new directory called my_collection with the following structure:

my_collection/
├── galaxy.yml
├── README.md
└── roles/

The galaxy.yml file contains metadata about the collection, such as its name, version, and dependencies. The README.md file contains a description of the collection and any other information that you want to include. The roles directory is where you will place your Ansible roles.

You can also specify the namespace and author for the collection by using the --namespace and --author options, like this:

ansible-galaxy collection init --namespace my_namespace \
--author my_author my_collection

This will create the collection with the specified namespace and author.

You can also specify the output directory for the collection with the --output-path option, like this:

ansible-galaxy collection init --output-path /path/to/output/directory my_collection

This will create the collection in the specified output directory, rather than the current working directory.

For more information about the ansible-galaxy collection init command and its options, you can consult the Ansible documentation.

Next, you will need to create a galaxy.yml file in the root directory of your collection. This file should contain metadata about your collection, such as its name, version, and dependencies. It should also specify the directory containing your Ansible Roles. For example:

---
namespace: fail2ban_collection
name: fail2ban
version: 0.1.0
description: A collection for automating the fail2ban service with Ansible.
authors:
- ChatGPT
dependencies:
- { role: common }
- { role: fail2ban, version: 1.0.0 }

This file defines the namespace, name, version, and description of the collection, as well as the authors and dependencies.

Here is an example README.md file for the collection:

# fail2ban Collection

This collection provides a set of ansible roles and modules for automating the fail2ban service.

## Requirements

- Ansible 2.9 or higher

## Roles

- common: A role that installs and configures common dependencies for the fail2ban service.
- fail2ban: A role that installs, configures, and manages the fail2ban service.

## Modules

- fail2ban_module: An ansible module that allows you to configure the fail2ban service using playbooks.

## Usage

To use this collection, you can include it in your ansible playbook like this:

///Example playbook 
hosts: all
collections:
fail2ban_collection
roles:
common
fail2ban


You can also use the `fail2ban_module` module in your playbooks to configure the fail2ban service.

## Examples

Here are some examples of how to use the `fail2ban_module` module:

///Example 
name: Configure fail2ban
fail2ban_module:
ignoreip: '127.0.0.1/8'
bantime: '10m'
findtime: '10m'
maxretry: 3
backend: auto
usedns: warn
destemail: root@localhost
sendername: Fail2Ban
banaction: iptables-multiport
mta: sendmail
protocol: tcp


name: Configure fail2ban for SSH
fail2ban_module:
enabled: true
port: ssh
filter: sshd
logpath: /var/log/auth.log
maxretry: 6



For more examples, see the `examples` directory in the collection.

## License

Free :)

This file provides an overview of the collection, its requirements, roles, modules, usage, and examples. It also includes a license for the collection.

Pushing collections to Ansible Galaxy

Once you have created the galaxy.yml and README.md files, you can use the ansible-galaxy command to create a tar archive of your collection and push it to Ansible Galaxy.

ansible-galaxy collection build
ansible-galaxy collection publish my_namespace-my_collection-1.0.0.tar.gz

This will publish your collection to Ansible Galaxy, making it available for others to use in their Ansible Playbooks.

Summary

We also showed how to create and publish this role as an Ansible Collection on Ansible Galaxy, making it even easier for others to discover and use our work.

Index

Part 1 | Part 2 | Part 3 | Part 4

Subscribe to Vitalij Neverkevic Blog

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe