• https://stepik.org/course/123806/syllabus
• Rotoro cloud labs: https://rotoro.cloud/ld-courses/ansible-для-начинающих-практический-опыт/
• Beginners QA: https://github.com/rotoro-cloud/ansible-for-beginners
• Official Doc: https://docs.ansible.com/ansible/latest/index.html
• Presentation: https://rotoro.cloud/wp-content/uploads/2021/10/afbrel-0.0.pdf
• Telegram: https://t.me/RoToRoCloud

• https://www.techrepublic.com/article/deploy-docker-container-ssh-access/

docker build -t arch_target1 .
docker build -t arch_target2 .

docker run -d -P --name arch_target1 arch_target1
docker run -d -P --name arch_target2 arch_target2
docker ps

CONTAINER ID   IMAGE          COMMAND                  CREATED         STATUS         PORTS                                                    NAMES
0c8e9efeb68e   arch_target2   "/usr/sbin/sshd -D"      2 seconds ago   Up 1 second    0.0.0.0:32778->22/tcp, :::32778->22/tcp                  arch_target2
b24f2158f2df   arch_target1   "/usr/sbin/sshd -D"      7 seconds ago   Up 7 seconds   0.0.0.0:32777->22/tcp, :::32777->22/tcp                  arch_target1

docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' arch_target1
docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' arch_target2

# echo $(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' arch_target1) target1 >> /etc/hosts
# echo $(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' arch_target2) target2 >> /etc/hosts
sudo micro /etc/hosts

172.17.0.2  target1
172.17.0.3  target2

ssh root@target1
ssh root@target2

 ansible target1 -m ping -i inventory

target1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3.11" }, "changed": false, "ping": "pong" }

ansible all -m ping -i inventory 

target1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3.11" }, "changed": false, "ping": "pong" } target2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3.11" }, "changed": false, "ping": "pong" }

ansible-playbook playbook-ping.yml -i inventory-ping 

ok: [target2] ok: [target1] target1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
target2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

ansible-playbook playbook-ping.yml -i inventory-ping -vvv

<target1> ESTABLISH SSH CONNECTION FOR USER: root
<target1> SSH: EXEC sshpass -d15 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/home/jacky/.ansible/cp/9a3d60751b"' target1 '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
...
ok: [target2] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "data": "pong"
        }
    },
    "ping": "pong"
}
ok: [target1] => {
"changed": false,
"invocation": {
"module_args": {
"data": "pong"
}
},
"ping": "pong"
}

ssh root@target1

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! Add correct host key in /home/jacky/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/jacky/.ssh/known_hosts:11 Host key for target1 has changed, and you have requested strict checking. Host key verification failed.

tail ~/.ssh/known_hosts | grep target1
ssh-keygen -R target1

Host target1 found: line 11 /home/jacky/.ssh/known_hosts updated. Original contents retained as /home/jacky/.ssh/known_hosts.old

ssh root@target1
> yes, 123

ansible target2 -m ping -i inventory

target2 | FAILED! => { "msg": "Using an SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host." }

sudo micro /etc/ansible/ansible.cfg

[defaults]
host_key_checking = false

ansible target2 -m ping -i inventory

target2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" }

 ansible target1 -m ping -i inventory

target1 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ED25519 key sent by the remote host is\nSHA256:+F8M..3w.\r\nPlease contact your system administrator.\r\nAdd correct host key in /home/jacky/.ssh/known_hosts to get rid of this message.\r\nOffending ED25519 key in /home/jacky/.ssh/known_hosts:12\r\nPassword authentication is disabled to avoid man-in-the-middle attacks.\r\nKeyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.\r\nUpdateHostkeys is disabled because the host key is not trusted.\r\[email protected]: Permission denied (publickey,password).", "unreachable": true }

tail ~/.ssh/known_hosts
ssh-keygen -R target1
ssh-keygen -R 172.17.0.2    // IP for target1
ansible target1 -m ping -i inventory

target1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3.11" }, "changed": false, "ping": "pong" }