New Ansible playbook to block and unblock IP

In this tutorial, we will learn about creating an Ansible playbook to block and unblock IP and we will also learn about some of the important module which helps to create a playbook to block or unblock an IP in the blockips.conf file which is located inside following location
/etc/nginx/conf.d/blockips.conf

Ansible playbook to block and unblock IP

In Nginx we manage a file with name of blockips.conf where we add an IP to block the access and we can remove an IP if it is added by mistake and to do this process we add a lots of manual efforts and to avoid this we have created a ansible playbook to automate this process.

Output:

In this output we can see a list of an IP’s that are blocked and I want to unblock the 192.10.11.10 IP and to do this I will trigger the ansible playbook and explain them.

Ansible playbook to block and unblock IP
Ansible playbook to block and unblock IP

About Playbook Tasks:

In the below tasks we are using some Ansible modules which are performing some different operation

  • lineinfile: Manages lines in text files.
  • shell: It executes the shell command on a target

In the below playbook we are using the tags by which we can skips un-required tasks for our operation that we want to perform.

Here are the below commands that we trigger into our ansible server to remove and add IP to any host which is managed in our hosts file.

Command:

To Remove IP

ansible-playbook block-unblock.yml -e "host=192.168.64.10 ip=192.10.11.10" --tag remove

To Add IP

ansible-playbook block-unblock.yml -e "host=192.168.64.10 ip=192.10.11.10" --tag add

block-unblock.yml

#ansible-playbook-to-block-and-unblock-ip
---
  - name: Playbook for block and ublock ip
    hosts: "{{ host }}"
    vars:
      time: "{{ lookup('pipe', 'date +%Y%m%d-%H-%M') }}"
    become: yes
    tasks:
      - name: "Add IP "
        tags: add
        lineinfile:
          # path to add the ip to block
          path: /etc/nginx/conf.d/blockips.conf
          line: deny {{ ip }};
          state: present
      - name: verify syntax
        shell: nginx -t
        tags: add
        register: syntax_output
      - name: debuging syntax
        tags: add
        debug:
          var: syntax_output
      - name: "restart nginx"
        tags: add
        service: name=nginx state=restarted
        when: syntax_output.stderr is search('syntax is ok')
          #remove ip stage
      - name: "remove IP"
        tags: remove
        lineinfile:
          # path to remove the ip
          path: /etc/nginx/conf.d/blockips.conf
          # String to Search
          regexp:  deny {{ ip }};
          # State is set to Absent to remove if the Searching Line is found
          state: absent
      - name: verify syntax
        shell: nginx -t
        tags: remove
        register: syntax_output
      - name: debuging syntax
        tags: remove
        debug:
          var: syntax_output
      - name: "restart nginx"
        tags: remove
        service: name=nginx state=restarted
        when: syntax_output.stderr is search('syntax is ok')

After triggering the above playbook we get the following output where it shows that it passes all the stages and the IP that we want to remove is removed from the required host.

Output:

Ansible playbook to block and unblock IP
Ansible playbook to block and unblock IP

In the above as we discussed we will be removing an IP (192.10.11.10) from the blockips.conf file and by running the below command we made this possible and to view the output please find the below results.We can also setup this using Jenkins or any other CI/CD tools through which helps a user to not login to server again and again and to add or remove an IP manually.

Command:

ansible-playbook block-unblock.yml -e "host=192.168.64.10 ip=192.10.11.10" --tag remove
image 2
Ansible playbook to block and unblock IP

Now as we removed an IP from the blockips.conf now we if want to add back to blockips.conf we can do this by running the below command which will add an IP back to block list on a required host.

Command:

ansible-playbook block-unblock.yml -e "host=192.168.64.10 ip=192.10.11.10" --tag add
image 3
Ansible playbook to block and unblock IP

We can also check the different project codes on pythontpoint Github page to do this you guys can look for us with the following GitHub Username.

GitHub User Name: PythonT-Point

So, in this tutorial, we have learned to create an Ansible playbook to block and unblock IP  and we have also discussed the whole code used in this tutorial.

Do follow the following tutorials also:

38 thoughts on “New Ansible playbook to block and unblock IP”

  1. Hey there would you mind sharing which blog platform you’re working with? I’m going to start my own blog in the near future but I’m having a hard time making a decision between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your design seems different then most blogs and I’m looking for something completely unique. P.S My apologies for being off-topic but I had to ask!

    Reply
  2. Hi there! Quick question that’s completely off topic. Do you know how to make your site mobile friendly? My web site looks weird when viewing from my iphone4. I’m trying to find a theme or plugin that might be able to resolve this problem. If you have any recommendations, please share. Thanks!

    Reply
  3. I was suggested this web site by my cousin Im not sure whether this post is written by him as no one else know such detailed about my trouble You are incredible Thanks

    Reply
  4. I do trust all the ideas youve presented in your post They are really convincing and will definitely work Nonetheless the posts are too short for newbies May just you please lengthen them a bit from next time Thank you for the post.

    Reply
  5. Baddiehubs naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.

    Reply
  6. My brother recommended I would possibly like this website. He was totally right. This put up truly made my day. You can not believe simply how much time I had spent for this info! Thank you!

    Reply
  7. Hi! This is kind of off topic but I need some guidance from an established blog. Is it very hard to set up your own blog? I’m not very techincal but I can figure things out pretty fast. I’m thinking about setting up my own but I’m not sure where to begin. Do you have any points or suggestions? Thanks

    Reply
  8. dodb buzz naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.

    Reply
  9. I simply could not depart your website before suggesting that I actually enjoyed the standard information an individual supply for your visitors? Is going to be back frequently in order to inspect new posts

    Reply

Leave a Comment