Ansible: Can you register the Linux banner without logging in?
Question
I'm trying to capture the linux banner you see before you login to a Linux server - using Ansible. I don't want to login to the server, just get the banner. I was hoping to use register to save it, then use part of it's contents as a conditional for which tasks to run.
Is this possible?
I originally tried to just run a remote command and capture the output, but I only get the output of the command and not the banner so it's a little more tricky to do than I first thought.
Ie: a standard banner:
WARNING : Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your actions
may be monitored if unauthorized usage is suspected.
MANAGED by SYSTEM-A
So if I find MANAGED by SYSTEM-A in the banner, I run specific tasks and specific host variables. If it isn't managed by system-a , I run the same tasks but use different host variables.
This would form part of a set of pre-tasks within Ansible before the main playbooks and roles are run.
What I'm seeing is the banner is probably discarded as rubbish by Ansible but there may be an output plugin I could use to save the contents?
Hopefully I've explained what I'm trying to do and someone has maybe done this previously.
**** UPDATE ****
I tested the fix offered but was unable to get it to work.
Instead, I used nc .netcat) to check the port of the servers for the version of SSH in use. As we are migrating to a different login tool, the version of SSH was for a very specific product and it was easy to identify servers using the different SSH version. So I just took the result of the
nccommand and used that to dynamically create an ansible inventory of and put them into groups of [Product] vs [nonProduct] along with the specific connection variables for each type of SSH.If anyone would like to see what that looked like and how I got it to work, just post a message here.
**** UPDATE END ****
2 answers
solution1
3 2022-03-22 19:03:55
Just ignore_unreachable :
---
- name: Simple playbook to show banner
hosts: all
gather_facts: no
tasks:
- name: Try to connect
ansible.builtin.ping:
register: result
ignore_unreachable: yes
- name: Show output
ansible.builtin.debug:
var: result
I broke my own connection to show the result:
$ ansible-playbook get_banner.yml --limit Client1
PLAY [Test playbook] *****************************************************************
TASK [Try to connect] ****************************************************************
fatal: [Client1]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: WARNING\n\nThis is JAX Test VM. Don't break it.\nansible@client1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).", "skip_reason": "Host Client1 is unreachable", "unreachable": true}
TASK [Show output] *******************************************************************
ok: [Client1] => {
"result": {
"changed": false,
"msg": "Failed to connect to the host via ssh: WARNING\n\nThis is JAX Test VM. Don't break it.\nansible@client1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).",
"skip_reason": "Host Client1 is unreachable",
"unreachable": true
}
}
PLAY RECAP ***************************************************************************
Client1 : ok=1 changed=0 unreachable=1 failed=0 skipped=1 rescued=0 ignored=0
solution2
0 2022-03-22 16:31:26
This depends on the distribution, but the banner is by default located in: /etc/issue or /etc/issue.net
You could run a pretask like:
- name: Slurp the banner
ansible.builtin.slurp:
src: /etc/issue
register: banner
And then introduce your conditionals based on banner output
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.