Setting Up an Ansible Development Desktop

Projects: c2platform/phx/ansible

Overview

This guide outlines the steps to create an Ansible Development Desktop in the PHX domain, providing the necessary environment for Ansible development.

Prerequisites

• Setting Up the PHX Development Environment on Ubuntu 22.04: Set up your Ansible development desktop with Ansible, Vagrant, LXD, and VirtualBox on Ubuntu 22.04. Clone the PHX project directories to extend the base C2 development environment. Use this setup to configure essential base services, including the Microsoft AD domain controller and reverse proxy. Finally, access web-based services in the environment via a Firefox profile using the forward proxy for sandboxed access.

Setup

To create the development node pxd-ubuntu-devtop, execute the following command:

vagrant up pxd-ubuntu-devtop

Vagrantfile.yml

77  - name: ubuntu-devtop
78    description: Ansible Development Desktop
79    box: ubuntu22-desktop-lxd
80    ip-address: 192.168.60.11
81    plays:
82      - core/linux
83    sync_folders: []

Verify

Domain Admin Local Admin Rights on Linux

The Domain Admin tony@c2platform.org has administrator rights on pxd-ubuntu-devtop whichs allow him to become root without a password (equivalent to the vagrant user):

vagrant ssh pxd-ubuntu-devtop

Become domain admin “Tony”:

sudo su - tony

And Tony can become root

sudo su - sudo

[:ansible-phx]└2 master(+81/-26,1)* ± vagrant ssh pxd-ubuntu-devtop
Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 6.5.0-41-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

8 additional security updates can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esm

New release '24.04.3 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

Last login: Tue Aug 26 06:00:19 2025 from 192.168.60.1
vagrant@pxd-ubuntu-devtop:~$ sudo su - tony
tony@pxd-ubuntu-devtop:~$ sudo su -
root@pxd-ubuntu-devtop:~#

In order for domain user “Tony” to be local admin on all Ubuntu nodes, Ansible created a file /etc/sudoers.d/c2. The is configured in the Ansibloe inventory project c2platform/phx/ansible see the file group_vars/ubuntu/ad.yml. It contains:

group_vars/ubuntu/ad.yml

138    - name: /etc/sudoers.d/c2
139      module: copy
140      dest: /etc/sudoers.d/c2
141      content: |
142        # Note: the order is important,
143        # if reversed, domain admins will
144        # prompted for password
145        %Domain\ Users ALL=(ALL:ALL) ALL
146        %Domain\ Admins ALL=(ALL:ALL) NOPASSWD:ALL        

Domain Member

The pxd-ubuntu-devtop node will automatically join the Active Directory (AD) domain managed by Ansible.

To confirm that the node is part of the C2PLATFORM.ORG domain, run the following commands:

root@pxd-ubuntu-devtop:~# realm discover
realm: No default realm discovered
root@pxd-ubuntu-devtop:~# realm list
c2platform.org
  type: kerberos
  realm-name: C2PLATFORM.ORG
  domain-name: c2platform.org
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin
  login-formats: %U@c2platform.org
  login-policy: allow-realm-logins
root@pxd-ubuntu-devtop:~#

Note: Additional Kerberos verification steps may be required to ensure complete integration of the node into the domain.

If you have a domain user (e.g., tony), you can verify that Kerberos is functioning correctly by logging in with the domain user to SSH into localhost.

Run the following command:

ssh tony@pxd-ad.c2platform.org

Additional Information

• Ansible Configuration Settings — Ansible Community Documentation