Set up Ansible and the CCS environment
This step includes configuring the Ansible vault and setting up the CCS environment.
Perform the following steps as part of setting up Ansible and the CCS environment:
Set up Ansible
Install and configure Ansible on your UNIX host system before you proceed with setting up Ansible.
The following are the recommended articles for your reference:
Configure Ansible inventory file
You can use the Ansible inventory file, located at
/etc/ansible/hosts
, to specify a host or a group of hosts on which commands in a playbook operate. Perform the following steps to configure your Ansible inventory file:
- On the Ansible host system, navigate to /etc/ansible.
- Edit thehostsinventory file and provide tags for target host systems as shown in the following example:vim hosts [Win_Target] 10.105.164.70 //IP of the Application Server #10.105.164.219 //IP of the CCS Manager #10.105.154.80 //IP of the restored Application Server #10.105.164.51 //IP of the another CCS Manager
Note
: Only one target host system can be active in the hosts inventory file at a time. You can comment the rest of the target host systems (IPs). Note
: The IP addresses in the hosts inventory file must be changed based on the YAML commands and the target host system. In the example, the YAML scripts that are shown in this document, Win_Target
is the host for the script.Configure Ansible Vault to use a password vault file
Perform the following steps to set up an Ansible vault using a password vault file:
- Create a hidden file with the name.vaultPassat a location on the Ansible server.
- Edit the file that is created in step 1 to define a password to access the vault. This password is used for encryption and decryption in the Ansible Vault.
- Edit theansible.cfgfile, which is located in the Ansible host system at /etc/ansible/ansible.cfg, and add the path to the file that is created in step 1 in thevault_password_fileparameter as shown in the example below:vault_password_file = /etc/Ansible/.vaultPass
- Copy thesecureConfig.encfile from the package into the Ansible host. This file must contain all the configurations that you want to secure.Note: Ensure that you donotchange the file name.
- From the Ansible host machine, run the following command to encrypt thesecureConfig.encfile:ansible-vault encrypt secureConfig.encThe Ansible vault is now configured and you can use it in YAML scripts.
Note
: To edit the secureConfig.enc
file to modify a script configuration parameter, or to add a new script configuration parameter, run the following command:ansible-vault edit secureConfig.enc
Configure Ansible Vault to prompt for password
Alternatively, if you want to run the script more securely, you can configure Ansible to prompt for the vault password while running scripts or performing tasks such as encryption or decryption. To configure, append the
--ask-vault-pass
parameter at the end of each command as shown in the following example:ansible-vault edit secureConfig.enc --ask-vault-pass
Note
: In all the examples shown in this document, a vault password file is used for the configurations. Therefore, when you run a command as shown in the examples, you are not prompted for a password. Configure the secureConfig.enc file
Before you start running the script, edit and configure the
secureConfig.enc
file, which is available in the package, according to your setup. For detailed information on the parameters that are available in the secureConfig.enc
file, see the Content of the secureConfig.enc Configuration File topic.Complete the CCS prerequisites
Before you begin CCS Installation on Windows Server, please ensure that you meet all the applicable CCS prerequisites that are mentioned in the Plan the Deployment section. Also, ensure that all the reboots that are required on Application Server are complete.
Files related to the automated disaster recovery in the CCS 12.6.0 package
File name | Description |
Symantec_Control_Compliance_Suite_12_6_0_Repave_DR_Scripts_EN.zip | Download and copy this folder to a localhost or network location folder from where the build should be accessible to the Ansible Server. |
Ansible_FreshSilentInstall | This is the Ansible automation folder. This folder contains the tools and configuration files for CCS Application Server and CCS Manager installation. Copy this folder to a network location folder so that the build is accessible from an Ansible host. |
Ansible_YAML | This folder contains all the Ansible playbooks (.yml files) and configuration files required for the execution of the Ansible playbooks. This folder should be copied to the Ansible Server setup for running the scripts. |
Scripts | Use the scripts only if you are restoring to CCS 12.6.0 from CCS 12.5.1 backup. |
Download and copy the Automated Disaster Recovery zip file to a localhost
Download the file, and save the zip file as a single folder to a known network location.
Symantec_Control_Compliance_Suite_12_6_0_Repave_DR_Scripts_EN.zip
Before you copy, make sure to complete the following steps:
- Open the Ansible inventory host file, uncomment the IP of the Application Server, and save the file.
- Update thesecureConfig.encfile, which is available in the Ansible host machine, as shown in the following example using theansible-vault edit secureConfig.enccommand:become_user: <NetworkLocationUserName> become_pass: <NetworkLocationPassword>
ansible-playbook Copy_to_RemoteHost.yml -e @secureConfig.enc -e 'src_path="\\\\<NetworkLocationPath>\\<CCS12.6BuildFolderName>\\Installset" dest_path=C:\'
Copy the Ansible Automation folder to the localhost
Run the following command on the Ansible host machine to copy the automation folder from the network location to the machine in which you want to install the CCS Application Server:
ansible-playbook Copy_to_RemoteHost.yml -e @secureConfig.enc -e 'src_path="\\\\<NetworkLocationPath>\\Ansible_FreshSilentInstall" dest_path=C:\'
Note
: The Ansible automation folder is used for the installation of Application Server and CCS Manager.