Modular Ansible automation for Linux systems. SSH-based execution, role-driven structure, and sudo privilege escalation. Built for precision, auditability, and DevSecOps readiness.
Status: Complete
Automate Fedora maintenance tasks via SSH from macOS using a single Ansible playbook.
- SSH key-based authentication (macOS → Fedora)
- Created GitHub-based structure:
inventories/,playbooks/,ansible.cfg - Wrote and executed first Ansible playbook with
--ask-become-pass:- Updated system packages with
dnf - Gathered system facts
- Logged system info to
/var/log/system_info.log
- Updated system packages with
- macOS (controller node)
- Fedora 41 (managed node)
- Ansible 2.18.4
- GitHub Web UI
Status: Complete
Create a Linux user (devops_user) using a dedicated Ansible role.
- Fixed silent failure caused by wrong folder name (
task→tasks) - Set
roles_pathinansible.cfgfor correct role resolution - Used
--ask-become-passfor sudo access - Verified user creation with
id devops
- Role structure:
roles/user_provision/{tasks, handlers, vars} - Remote provisioning via SSH
- Privilege escalation with Ansible
- Linux user creation
Status: Complete
Execute multiple Ansible roles from one playbook with tag-based precision.
user_provision: Creates Linux userfile_ops: Creates/opt/ops.txtand sets permissions
- SSH key-based login for
devopsuser - Passwordless sudo enabled via
/etc/sudoers - Used
--tagsto execute roles independently - Centralized playbook:
playbooks/main.yml
ansible-playbook playbooks/main.yml --tags user --ask-become-pass
ansible-playbook playbooks/main.yml --tags file --ask-become-passObjective: Understand and validate Linux file permissions using chmod, chown, and su across different user roles.
secret.txt: Root-owned, permission750— must be inaccessible to normal users.shared.txt: Owned by usercarlos, groupdevops, permission640— must allow user writes, group reads.
- Created
/home/carlos/week2-labwith correct ownership and permissions. - Root configured:
secret.txtowned by root:root withchmod 750shared.txtowned by carlos:devops withchmod 640
- Switched to
carlosuser:- Confirmed no access to
secret.txt - Confirmed read/write access to
shared.txt
- Confirmed no access to
Permission model worked as expected — demonstrating correct application of Linux access control.
Status: Completed
Next: Ownership inheritance, sticky bits, ACLs, and real-world permission audits.
Carlos Semeao is a Cloud Security and DevOps learner with a zero-fluff approach to automation.
From cleaning trains to orchestrating Linux systems with Ansible, his work reflects tactical discipline, remote-first design, and real-world readiness.
- GitHub: carlos-tech-ops
- LinkedIn: Carlos Semeão
- Toolset: macOS, Fedora, Ansible, GitHub, SSH, YAML
- Mission: Cloud automation mastery. No shortcuts. No noise. Just execution.
Date: 20 April 2025
Host: Fedora 39
Control Node: macOS Ventura 14.4
Tool: Ansible
Playbook: create-user.yml
Issue Summary:
Ansible playbook completed without errors but failed to create the devops_user. Manual inspection showed the user didn’t exist. No failure message was returned.
Symptoms:
- Ansible showed “ok” status
id devops_userreturned “No such user”- Manual creation using
sudo useradd devops_userworked - Ansible task showed
changed=0, suggesting it didn’t execute
Troubleshooting Steps:
- Confirmed SSH access between Mac and Fedora
- Checked YAML syntax (no errors)
- Reviewed Ansible output — noted no privilege escalation
- Added
become: yesunder the user task - Re-ran playbook — user was created successfully
Fix:
- name: Create secure user
user:
name: devops_user
groups: sudo
shell: /bin/bash
state: present
become: yes
---