In this tutorial, we will learn about creating an Ansible playbook to block and unblock IP and we will also learn about some of the important module which helps to create a playbook to block or unblock an IP in the blockips.conf file which is located inside following location
→ /etc/nginx/conf.d/blockips.conf
Ansible playbook to block and unblock IP
In Nginx we manage a file with name of blockips.conf where we add an IP to block the access and we can remove an IP if it is added by mistake and to do this process we add a lots of manual efforts and to avoid this we have created a ansible playbook to automate this process.
Output:
In this output we can see a list of an IP’s that are blocked and I want to unblock the 192.10.11.10 IP and to do this I will trigger the ansible playbook and explain them.
About Playbook Tasks:
In the below tasks we are using some Ansible modules which are performing some different operation
- lineinfile: Manages lines in text files.
- shell: It executes the shell command on a target
In the below playbook we are using the tags by which we can skips un-required tasks for our operation that we want to perform.
Here are the below commands that we trigger into our ansible server to remove and add IP to any host which is managed in our hosts file.
Command:
To Remove IP
ansible-playbook block-unblock.yml -e "host=192.168.64.10 ip=192.10.11.10" --tag removeTo Add IP
ansible-playbook block-unblock.yml -e "host=192.168.64.10 ip=192.10.11.10" --tag addblock-unblock.yml
#ansible-playbook-to-block-and-unblock-ip
---
- name: Playbook for block and ublock ip
hosts: "{{ host }}"
vars:
time: "{{ lookup('pipe', 'date +%Y%m%d-%H-%M') }}"
become: yes
tasks:
- name: "Add IP "
tags: add
lineinfile:
# path to add the ip to block
path: /etc/nginx/conf.d/blockips.conf
line: deny {{ ip }};
state: present
- name: verify syntax
shell: nginx -t
tags: add
register: syntax_output
- name: debuging syntax
tags: add
debug:
var: syntax_output
- name: "restart nginx"
tags: add
service: name=nginx state=restarted
when: syntax_output.stderr is search('syntax is ok')
#remove ip stage
- name: "remove IP"
tags: remove
lineinfile:
# path to remove the ip
path: /etc/nginx/conf.d/blockips.conf
# String to Search
regexp: deny {{ ip }};
# State is set to Absent to remove if the Searching Line is found
state: absent
- name: verify syntax
shell: nginx -t
tags: remove
register: syntax_output
- name: debuging syntax
tags: remove
debug:
var: syntax_output
- name: "restart nginx"
tags: remove
service: name=nginx state=restarted
when: syntax_output.stderr is search('syntax is ok')After triggering the above playbook we get the following output where it shows that it passes all the stages and the IP that we want to remove is removed from the required host.
Output:
In the above as we discussed we will be removing an IP (192.10.11.10) from the blockips.conf file and by running the below command we made this possible and to view the output please find the below results.We can also setup this using Jenkins or any other CI/CD tools through which helps a user to not login to server again and again and to add or remove an IP manually.
Command:
ansible-playbook block-unblock.yml -e "host=192.168.64.10 ip=192.10.11.10" --tag remove
Now as we removed an IP from the blockips.conf now we if want to add back to blockips.conf we can do this by running the below command which will add an IP back to block list on a required host.
Command:
ansible-playbook block-unblock.yml -e "host=192.168.64.10 ip=192.10.11.10" --tag add
GitHub Link
We can also check the different project codes on pythontpoint Github page to do this you guys can look for us with the following GitHub Username.
GitHub User Name: PythonT-Point
So, in this tutorial, we have learned to create an Ansible playbook to block and unblock IP and we have also discussed the whole code used in this tutorial.
Do follow the following tutorials also:
Comments are closed.