Use Ansible to automate installation
Follow these instructions to use the open-source Ansible tool to automate installation of the DigiCert® agent software onto one or more Linux servers in silent mode.
You store the agent software and create the Ansible playbook on a central "control" node system, and then execute the Ansible playbook there to upload, extract, and install the software onto your Linux servers (the "managed" nodes) over the network.
Before you begin
Make sure you have completed all the steps in the Linux agent silent mode preparation and have the silent mode installer package available (DigiCertTLMAgentGPOInstaller.tar.gz). To verify that your installation package works, use the Installation commands to try installing the agent in silent mode on one of your Linux servers.
Install the Ansible software on the central control system. For detailed instructions, refer to the official Ansible documentation.
Make sure Python is available on the control system and on all the managed nodes where you will install the agent software.
Make sure you have some form of SSH access from the control system to the managed Linux servers. For example, to enable key-based (passwordless) SSH access, use the
ssh-keygen
command to generate an SSH keypair on each managed server, and thessh-copy-id
command to copy the public key to the central control system.
Notice
All steps below are to be performed on the Ansible control node system.
Create a sub-directory within the main Ansible configuration directory /etc/ansible to store the DigiCert agent software and create the Ansible-based installation files. For these instructions, we'll use the sub-directory called /etc/ansible/opt/digicert. For example, to create this sub-directory on the control node:
cd /etc/ansible mkdir -p opt/digicert
Copy the silent mode installer package (DigiCertTLMAgentGPOInstaller.tar.gz) into the above sub-directory.
Add a file called var.yml in the /etc/ansible/opt/digicert sub-directory you created on the Ansible control node system. Configure this file with the variables to use when installing the DigiCert agent software on your Linux servers. For example:
options: AGENT_BUNDLE_NAME: tlm_agent_3.0.14_linux64.tar.gz BUSINESS_UNIT_ID: 542bce5b-9a54-41df-a054-fe977133ee09 ALIASNAME: agents_subnet_1 PROXY: http://125.125.125.125:3333
Descriptions of configuration parameters:
Add a file called hosts.yml in the /etc/ansible/opt/digicert sub-directory you created on the Ansible control node system. Configure this file with the list of Linux servers where you want to install the DigiCert agent software and any general operational parameters that Ansible should use. For example:
[servers] server1 ansible_host=10.0.0.1 server2 ansible_host=10.0.0.2 server3 ansible_host=10.0.0.2 [all:vars] ansible_python_interpreter=/usr/bin/python3 ansible_user=admin
Notes:
The directive name for the hosts list (
servers
in this example) must match what's in your Ansible playbook (see Step 4 below).The
all:vars
directive sets any additional operational parameters that Ansible should use to access and install the software on each host. Parameters used in this example:ansible_python_interpreter
: Path of the Python executable to use on each host.ansible_user
: SSH username to use to connect and install the software on each host.Notice
This example assumes key-based (passwordless) SSH authentication. For password-based SSH authentication, add an additional
ansible_password
directive. Use Ansible Vault or similar to keep passwords secure.
Use the following command syntax to test your Ansible inventory configuration:
ansible-inventory -i {INVENTORY_FILE} --list -y
For example:
ansible-inventory -i /etc/ansible/opt/digicert/hosts.yml --list -y
If successful, the command lists all the hosts in your Ansible inventory file.
The Ansible playbook drives the software installation process and defines all the required tasks.
Add the playbook file in the /etc/ansible/opt/digicert sub-directory you created on the Ansible control node system. Give the playbook file a name like main.yml and configure it as follows:
- hosts: servers # Match the directive in the hosts.yml file gather_facts: no vars_files: - var.yml tasks: - name: "Creating a directory if it doesn't exists" ansible.builtin.file: path: /opt/digicert state: directory mode: '0755' become: yes # Use this if you need root permissions loop: "{{ nodes }}" loop_control: loop_var: item - name: "Copying the tar to remote systems" ansible.builtin.copy: src: DigiCertTLMAgentGPOInstaller.tar.gz dest: /opt/digicert/DigiCertTLMAgentGPOInstaller.tar.gz mode: '0644' become: yes loop: "{{ nodes }}" loop_control: loop_var: item - name: "Extracting the tar on the remote system" ansible.builtin.unarchive: src: /opt/digicert/DigiCertTLMAgentGPOInstaller.tar.gz dest: /opt/digicert remote_src: yes creates: /opt/digicert/DigiCertTLMAgentGPOInstaller/extracted_file_or_directory # Use this to avoid re-extraction if the operation has already been done become: yes loop: "{{ nodes }}" loop_control: loop_var: item - name: "Making the script executable on the remote system" ansible.builtin.file: path: /opt/digicert/DigiCertTLMAgentGPOInstaller/silentInstaller-by-companion-lnx.sh mode: '0755' state: file become: yes loop: "{{ nodes }}" loop_control: loop_var: item - name: "Executing the script on the remote system" ansible.builtin.shell: cmd: "/opt/digicert/DigiCertTLMAgentGPOInstaller/silentInstaller-by-companion-lnx.sh AGENT_BUNDLE_NAME={{ options['AGENT_BUNDLE_NAME'] }} BUSINESS_UNIT_ID={{ options['BUSINESS_UNIT_ID'] }} ALIASNAME={{ options['ALIASNAME'] }} PROXY= {{ options['PROXY'] }}" executable: /bin/bash become: yes loop: "{{ nodes }}" loop_control: loop_var: item register: out - debug: var: out
Notes:
The
name
parameter describes what happens during each installation task.Adjust the
cmd
in the "Executing the script" task as needed to match the installation parameters you defined in the var.yml file in Step 2.Additional notes are provided as comments (following the
#
character) on relevant lines in the above example.
Execute the playbook on the Ansible control node to run the defined tasks for installing the DigiCert agent software onto your remote Linux servers.
Change into the /etc/ansible/opt/digicert directory and execute the playbook with the following command, substituting in the names of your inventory and playbook files:
ansible-playbook -i {INVENTORY_FILE} {PLAYBOOK_FILE} -vvv
For example:
ansible-playbook -i hosts.yml main.yml -vvv
Notes:
The
-vvv
option runs the command in one of the highest verbosity modes, which provides detailed output about the installation process.Failed playbook runs are often due to incorrect file paths in your Ansible configuration. Running the playbook in verbose mode makes troubleshooting easier.
What's next
Agents that were successfully installed and provisioned are listed on the Discovery & automation tools > Agents page in DigiCert® Trust Lifecycle Manager. Each agent is named based on the value of the ALIASNAME parameter, or else by the license key if you omitted this parameter.