Version: v8

KB: 3012

Haltdos Ansible Deployment Guide

Automate the installation of Haltdos across multiple servers using Ansible for faster and consistent deployments.

Overview

This guide explains how to use Ansible to install and configure Haltdos on multiple target machines automatically.
It covers control node setup, SSH configuration, inventory definition, and execution of the Haltdos playbook.

Prerequisites

Control Node (Ansible Host):
A machine where Ansible is installed and from which the playbook will be executed.
Python:
Python must be installed on both the Control Node and all Target Nodes.

The haltdos.yml playbook includes a task to install Python3 automatically on target systems if it is missing.
SSH Key-based Authentication (Passwordless SSH):
Allows Ansible to connect to target nodes without entering passwords repeatedly.

Setting Up SSH Authentication

Generate RSA Keypair on the Control Node:

   ssh-keygen -t rsa -b 4096

Press Enter to accept defaults. This creates:

Private key: ~/.ssh/id_rsa
Public key: ~/.ssh/id_rsa.pub

Copy the Public Key to each target system:

    ssh-copy-id haltdos@10.0.0.170

This adds your key to the target’s ~/.ssh/authorized_keys, enabling passwordless SSH access.

Inventory File (inventory.ini)

Defines the list of target servers and their configurations. Each host can have its own license, and you can add as many devices as needed.

    [standalone]
    10.0.0.110 ansible_user=SampleUserName license=SAMPLELIC ansible_become=true ansible_become_method=sudo ansible_become_pass='SamplePassword'
    10.0.0.100 ansible_user=SampleUserName license=SAMPLELIC ansible_become=true ansible_become_method=sudo ansible_become_pass='SamplePassword'

Explanation

Field	Description
`[standalone]`	Group name; defines installer type (Standalone Haltdos instance).
`10.0.0.100`	Target device IP address.
`ansible_user`	SSH username for the remote system.
`license`	Haltdos license key.
`ansible_become=true`	Allows privilege escalation.
`ansible_become_method=sudo`	Specifies the method for privilege escalation.
`ansible_become_pass`	Sudo password for escalation.

Playbook File (haltdos.yml)

Defines all tasks for installing Haltdos automatically on target systems.

---
- name: Install Haltdos on all devices
  hosts: all
  become: true
  gather_facts: true

  vars:
    haltdos_url: https://haltdos-internal.haltdos.com/resources/installer/v8/haltdos
    update_url: https://update-uat.hltdos.com

  tasks:
    - name: Ensure Python is installed
      raw: |-
        if ! command -v python3 &> /dev/null; then
          if [ -x "$(command -v apt)" ]; then
            apt update && apt install -y python3
          elif [ -x "$(command -v dnf)" ]; then
            dnf install -y python3
          fi
        fi
      changed_when: false

    - name: Gather facts after Python installation
      setup: {}

    - name: Update package cache on Debian-based systems
      when: ansible_os_family == "Debian"
      apt:
        update_cache: true

    - name: Update package cache on RedHat-based systems
      when: ansible_os_family == "RedHat"
      dnf:
        update_cache: true

    - name: Download Haltdos installer
      get_url:
        url: "{{ haltdos_url }}"
        dest: /tmp/haltdos
        mode: '0755'
      register: haltdos_download

    - name: Run Haltdos installer for standalone
      shell: /tmp/haltdos install -l "{{ license }}" -a "{{ inventory_hostname }}" -m "{{ update_url }}" -t STANDALONE
      args:
        chdir: /tmp
      register: installation_output_standalone
      when: "'standalone' in group_names"

    - name: Run Haltdos installer for mitigation
      shell: /tmp/haltdos install -l "{{ license }}" -a "{{ inventory_hostname }}" -m "{{ update_url }}" -t MITIGATION
      args:
        chdir: /tmp
      register: installation_output_mitigation
      when: "'mitigation' in group_names"

    - name: Run Haltdos installer for management
      shell: /tmp/haltdos install -l "{{ license }}" -a "{{ inventory_hostname }}" -m "{{ update_url }}" -t MANAGEMENT
      args:
        chdir: /tmp
      register: installation_output_management
      when: "'management' in group_names"

    - name: Show installer output for standalone
      debug:
        var: installation_output_standalone.stdout_lines
      when: "'standalone' in group_names"

    - name: Show installer output for mitigation
      debug:
        var: installation_output_mitigation.stdout_lines
      when: "'mitigation' in group_names"

    - name: Show installer output for management
      debug:
        var: installation_output_management.stdout_lines
      when: "'management' in group_names"

Variables Description

Variable Description

haltdos_url URL from where the Haltdos binary will be downloaded.

update_url URL used by the installer to fetch updates during installation.

Tasks Summary

Step	Task	Description
1	Ensure Python is installed	Installs Python3 if not present (required by Ansible).
2	Gather facts	Collects system info after Python setup.
3	Update package cache	Refreshes `apt` or `dnf` cache for package management.
4	Download Haltdos installer	Fetches the installer to `/tmp/haltdos`.
5	Run installer	Installs Haltdos based on group (Standalone, Mitigation, or Management).
6	Show output	Displays installation logs for verification.

Running the Playbook

Once setup is complete, execute the following command from your Control Node:

ansible-playbook -i inventory.ini haltdos.yml

Haltdos Ansible Deployment Guide​

Overview​

Prerequisites​

Setting Up SSH Authentication​

Inventory File (inventory.ini)​

Explanation​

Playbook File (haltdos.yml)​

Variables Description​

Tasks Summary​

Running the Playbook​