Ansible Pilot

Download and Use Ansible Galaxy Role - ansible-galaxy and requirements.yml

How to Download and use the Ansible Role lucab85.ansible_role_log4shell to scan our Linux machine against Log4Shell Remote Code Execution Log4j (CVE-2021–44228) re-using Ansible artifacts (tasks, variables, defaults, handlers, modules, and plugins) published in Ansible Galaxy directory.

January 5, 2022
Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

How to Download and Use Ansible Galaxy Role with ansible-galaxy and requirements.yml? I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

What is an Ansible Role?

An Ansible Role is a set of re-usable Ansible artifacts. It solves one problem and contains all the relevant tasks, variables, defaults, handlers, modules, or other plugins. For Users, the Ansible Role is easy to download and share via Ansible Galaxy. For Developers the Ansible Role is easy to upload and share via Ansible Galaxy. Plus an Ansible role has a defined standard directory structure and format.

What is Ansible Galaxy?

The website is available at the URL https://galaxy.ansible.com/. The search engine, Tags, and Platform make it easy to find any content inside. I recommend you carefully evaluate the quality of content before using it in your system. Quality indicators are usually the quality assurance of code, the supported operating systems and platforms, the documentation, the release numbers, the presence of Changelog, the number of downloads, and the author or creator. Please notice that the website contains Ansible Roles and Ansible Collections. Today we’re focusing on Ansible Role content.

The Best Resources For Ansible

Certifications

Video Course

Printed Book

eBooks

demo

Let’s jump into a real-life How to Download and Use the Ansible Galaxy Role lucab85.ansible_role_log4shell.

code

---
- name: role demo
  hosts: all
  become: true
  roles:
    - role: lucab85.ansible_role_log4shell
      detector_path: "/var/www"
---
roles:
  - name: lucab85.ansible_role_log4shell

execution before download

$ ansible-playbook -i virtualmachines/demo/inventory galaxy/role.yml
ERROR! the role 'lucab85.ansible_role_log4shell' was not found in /Users/lberton/prj/github/ansible-pilot/galaxy/roles:/Users/lberton/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/Users/lberton/prj/github/ansible-pilot/galaxy

The error appears to be in '/Users/lberton/prj/github/ansible-pilot/galaxy/role.yml': line 5, column 8, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

  roles:
     - role: lucab85.ansible_role_log4shell
       ^ here

download execution


$ ansible-galaxy install -r galaxy/requirements.yml 
Starting galaxy role install process
- downloading role 'ansible_role_log4shell', owned by lucab85
- downloading role from https://github.com/lucab85/ansible-role-log4shell/archive/v0.4.1.tar.gz
- extracting lucab85.ansible_role_log4shell to /Users/lberton/.ansible/roles/lucab85.ansible_role_log4shell
- lucab85.ansible_role_log4shell (v0.4.1) was installed successfully

execution after download


$ ansible-playbook -i virtualmachines/demo/inventory galaxy/role.yml 

PLAY [role demo] ****************************************************************************

TASK [Gathering Facts] **********************************************************************
ok: [demo.example.com]

TASK [lucab85.ansible_role_log4shell : dependency presents] *********************************
ok: [demo.example.com]

TASK [lucab85.ansible_role_log4shell : create detector directory] ***************************
changed: [demo.example.com]

TASK [lucab85.ansible_role_log4shell : download detector file] ******************************
ok: [demo.example.com]

TASK [lucab85.ansible_role_log4shell : download detector signature] *************************
ok: [demo.example.com]

TASK [lucab85.ansible_role_log4shell : gpg public key] *********************************
changed: [demo.example.com]

TASK [lucab85.ansible_role_log4shell : gpg verify detector] ****************************
changed: [demo.example.com]

TASK [lucab85.ansible_role_log4shell : remove any detector run directory] **************
ok: [demo.example.com]

TASK [lucab85.ansible_role_log4shell : create detector run directory] ******************
changed: [demo.example.com]

TASK [lucab85.ansible_role_log4shell : run detector/scanner] ***************************
changed: [demo.example.com]

TASK [lucab85.ansible_role_log4shell : files in detector run directory] ****************
ok: [demo.example.com]

TASK [lucab85.ansible_role_log4shell : print vulnerable path(s) found] *****************
ok: [demo.example.com] => {
  "vulnerable": {
      "changed": false,
      "examined": 1,
      "failed": false,
      "files": [],
      "matched": 0,
      "msg": "All paths examined",
      "skipped_paths": {}
  }
}

TASK [ansible-role-log4shell : remove detector directory] **********************
changed: [demo.example.com]

PLAY RECAP *********************************************************************
instance                   : ok=14   changed=9    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

code with ❤️ in GitHub

Recap

Now you know how to Download and Use Ansible Galaxy Role with Ansible. Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Want to keep this project going? Please donate

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons
Follow me

Subscribe not to miss any new releases