-->

How to add Jenkins credentials with curl or Ansible Recently while building a Pipeline as a Service implementation, I faced the challenge of adding credentials into Jenkins via a script. Unfortunately there is no REST API for the Credentials Plugin, but the following snippet will do the trick with curl.

Applies to:

• Ansible: Add IPs from inventory to /etc/hosts of all nodes. How to use vars in ansible roles. I want to run a.sh on remote hosts and fetch all output files.
• Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.

Want to experience Defender for Endpoint? Sign up for a free trial.

This article describes how to deploy Defender for Endpoint on Linux using Ansible. A successful deployment requires the completion of all of the following tasks:

Prerequisites and system requirements

Before you get started, see the main Defender for Endpoint on Linux page for a description of prerequisites and system requirements for the current software version.

In addition, for Ansible deployment, you need to be familiar with Ansible administration tasks, have Ansible configured, and know how to deploy playbooks and tasks. Ansible has many ways to complete the same task. These instructions assume availability of supported Ansible modules, such as apt and unarchive to help deploy the package. Your organization might use a different workflow. Refer to the Ansible documentation for details.

• Ansible needs to be installed on at least one computer (we will call it the primary computer).

• SSH must be configured for an administrator account between the primary computer and all clients, and it is recommended be configured with public key authentication.

• The following software must be installed on all clients:

  • curl
  • python-apt

• All hosts must be listed in the following format in the /etc/ansible/hosts or relevant file:

• Ping test:

Download the onboarding package

Download the onboarding package from Microsoft Defender Security Center:

1. In Microsoft Defender Security Center, go to Settings > Device Management > Onboarding.

2. In the first drop-down menu, select Linux Server as the operating system. In the second drop-down menu, select Your preferred Linux configuration management tool as the deployment method.

3. Select Download onboarding package. Save the file as WindowsDefenderATPOnboardingPackage.zip.

4. From a command prompt, verify that you have the file. Extract the contents of the archive:

Create Ansible YAML files

Ansible Curl Module

Create a subtask or role files that contribute to an playbook or task.

• Create the onboarding task, onboarding_setup.yml:

• Add the Defender for Endpoint repository and key.

  Defender for Endpoint on Linux can be deployed from one of the following channels (denoted below as [channel]): insiders-fast, insiders-slow, or prod. Each of these channels corresponds to a Linux software repository.

  The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in insiders-fast are the first ones to receive updates and new features, followed later by insiders-slow and lastly by prod.

  In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either insiders-fast or insiders-slow.

  Warning

  Switching the channel after the initial installation requires the product to be reinstalled. To switch the product channel: uninstall the existing package, re-configure your device to use the new channel, and follow the steps in this document to install the package from the new location.

  Note your distribution and version and identify the closest entry for it under https://packages.microsoft.com/config/.

  In the following commands, replace [distro] and [version] with the information you've identified.

  Note

  In case of Oracle Linux, replace [distro] with “rhel”.

• Create the Ansible install and uninstall YAML files.

  • For apt-based distributions use the following YAML file:

  • For dnf-based distributions use the following YAML file:

Deployment

Now run the tasks files under /etc/ansible/playbooks/ or relevant directory.

• Installation:

Important

When the product starts for the first time, it downloads the latest antimalware definitions. Depending on your Internet connection, this can take up to a few minutes.

• Validation/configuration:

• Uninstallation:

Log installation issues

See Log installation issues for more information on how to find the automatically generated log that is created by the installer when an error occurs.

Operating system upgrades

When upgrading your operating system to a new major version, you must first uninstall Defender for Endpoint on Linux, install the upgrade, and finally reconfigure Defender for Endpoint on Linux on your device.

References

Note

This module is part of ansible-base and included in all Ansibleinstallations. In most cases, you can use the short module nameshell even without specifying the collections: keyword.Despite that, we recommend you use the FQCN for easy linking to the moduledocumentation and to avoid conflicting with other collections that may havethe same module name.

• The shell module takes the command name followed by a list of space-delimited arguments.

• Either a free form command or cmd parameter is required, see the examples.

• It is almost exactly like the ansible.builtin.command module but runs the command through a shell (/bin/sh) on the remote node.

• For Windows targets, use the ansible.windows.win_shell module instead.

Note

This module has a corresponding action plugin.

Note

• If you want to execute a command securely and predictably, it may be better to use the ansible.builtin.command module instead. Best practices when writing playbooks will follow the trend of using ansible.builtin.command unless the ansible.builtin.shell module is explicitly required. When running ad-hoc commands, use your best judgement.

• Check mode is supported when passing creates or removes. If running in check mode and either of these are specified, the module will check for the existence of the file and report the correct changed status. If these are not supplied, the task will be skipped.

• To sanitize any variables passed to the shell module, you should use {{var|quote}} instead of just {{var}} to make sure they do not include evil things like semicolons.

• An alternative to using inline shell scripts with this module is to use the ansible.builtin.script module possibly together with the ansible.builtin.template module.

• For rebooting systems, use the ansible.builtin.reboot or ansible.windows.win_reboot module.

See also

The official documentation on the ansible.builtin.command module.

The official documentation on the ansible.builtin.raw module.

The official documentation on the ansible.builtin.script module.

The official documentation on the ansible.windows.win_shell module.

Common return values are documented here, the following are the fields unique to this module:

Ansible Curl And Run Script

Ansible Download File