mgutzeit/ansible-schulung
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added first 2 days

Browse source
This commit is contained in:
mgutzeit 2024-12-18 08:49:20 +01:00
parent f0b0b51ec1
commit be7399a645
17 changed files with 546 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
ansible.cfg Normal file
View file

@ -0,0 +1,34 @@
[defaults]
nocows = 1
timeout = 30
forks = 50
interpreter_python = auto_silent
inventory = hosts.ini
# roles_path = ./roles
library = ./library
# bin_ansible_callbacks = true
# stdout_callback = unixy
# callbacks_enabled = timer, profile_tasks, profile_roles
# force_handlers = true
gathering = smart
fact_caching = jsonfile
fact_caching_connection = /tmp/ansible/facts.cache
fact_caching_timeout = 3600
[ssh_connection]
pipelining = true
ssh_args = -o PreferredAuthentications=publickey -o ControlMaster=auto -o ControlPersist=60s
[privilege_escalation]
become = true
[diff]
always = true
context = 5

13
hosts.ini Normal file
View file

@ -0,0 +1,13 @@
[webapp:children]
database
webserver
[ansible]
ansible01 ansible_host=167.235.134.124
[webserver]
web01 ansible_host=116.203.48.2
web02 ansible_host=195.201.37.254
[database]
db01 ansible_host=195.201.38.233

6
library/kernel.sh Normal file
View file

@ -0,0 +1,6 @@
#!/bin/bash
cat "$1" >> /tmp/ansible-parameter
release="$(uname --kernel-release)"
echo '{ "changed": false, "msg": "'"$release"'" }'

17
playbook.yml Normal file
View file

@ -0,0 +1,17 @@
---
- hosts: all
roles:
- debian
- chrony
- hosts: webserver
tags: webserver
roles:
- nginx
- hosts: database
tags: database
roles:
- mariadb

17
roles/chrony/files/chrony.conf Normal file
View file

@ -0,0 +1,17 @@
# File managed by Ansible
# change
pool pool.ntp.org iburst maxsources 3
keyfile /etc/chrony/chrony.keys
driftfile /var/lib/chrony/chrony.drift
ntsdumpdir /var/lib/chrony
logdir /var/log/chrony
maxupdateskew 100.0
rtcsync
makestep 1 3
leapsectz right/UTC
lock_all

6
roles/chrony/handlers/main.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Restart
systemd:
name: chrony
state: restarted

29
roles/chrony/tasks/main.yml Normal file
View file

@ -0,0 +1,29 @@
---
- tags: chrony
block:
- name: Package
apt:
state: present
name:
- chrony
update_cache: true
tags: installchrony
- name: Service
systemd:
state: started
name: chrony
enabled: true
tags: startchrony
- name: Configfile
copy:
src: chrony.conf
dest: /etc/chrony/chrony.conf
owner: root
group: root
mode: '0644'
notify:
- Restart
# - waitfor chrony

107
roles/debian/files/.zshrc Normal file
View file

@ -0,0 +1,107 @@
# If you come from bash you might have to change your $PATH.
# export PATH=$HOME/bin:$HOME/.local/bin:/usr/local/bin:$PATH
# Path to your Oh My Zsh installation.
export ZSH="$HOME/.oh-my-zsh"
# Set name of the theme to load --- if set to "random", it will
# load a random theme each time Oh My Zsh is loaded, in which case,
# to know which specific one was loaded, run: echo $RANDOM_THEME
# See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes
ZSH_THEME="robbyrussell"
# Set list of themes to pick from when loading at random
# Setting this variable when ZSH_THEME=random will cause zsh to load
# a theme from this variable instead of looking in $ZSH/themes/
# If set to an empty array, this variable will have no effect.
# ZSH_THEME_RANDOM_CANDIDATES=( "robbyrussell" "agnoster" )
# Uncomment the following line to use case-sensitive completion.
# CASE_SENSITIVE="true"
# Uncomment the following line to use hyphen-insensitive completion.
# Case-sensitive completion must be off. _ and - will be interchangeable.
# HYPHEN_INSENSITIVE="true"
# Uncomment one of the following lines to change the auto-update behavior
# zstyle ':omz:update' mode disabled # disable automatic updates
# zstyle ':omz:update' mode auto # update automatically without asking
# zstyle ':omz:update' mode reminder # just remind me to update when it's time
# Uncomment the following line to change how often to auto-update (in days).
# zstyle ':omz:update' frequency 13
# Uncomment the following line if pasting URLs and other text is messed up.
# DISABLE_MAGIC_FUNCTIONS="true"
# Uncomment the following line to disable colors in ls.
# DISABLE_LS_COLORS="true"
# Uncomment the following line to disable auto-setting terminal title.
# DISABLE_AUTO_TITLE="true"
# Uncomment the following line to enable command auto-correction.
# ENABLE_CORRECTION="true"
# Uncomment the following line to display red dots whilst waiting for completion.
# You can also set it to another string to have that shown instead of the default red dots.
# e.g. COMPLETION_WAITING_DOTS="%F{yellow}waiting...%f"
# Caution: this setting can cause issues with multiline prompts in zsh < 5.7.1 (see #5765)
# COMPLETION_WAITING_DOTS="true"
# Uncomment the following line if you want to disable marking untracked files
# under VCS as dirty. This makes repository status check for large repositories
# much, much faster.
# DISABLE_UNTRACKED_FILES_DIRTY="true"
# Uncomment the following line if you want to change the command execution time
# stamp shown in the history command output.
# You can set one of the optional three formats:
# "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd"
# or set a custom format using the strftime function format specifications,
# see 'man strftime' for details.
# HIST_STAMPS="mm/dd/yyyy"
# Would you like to use another custom folder than $ZSH/custom?
# ZSH_CUSTOM=/path/to/new-custom-folder
# Which plugins would you like to load?
# Standard plugins can be found in $ZSH/plugins/
# Custom plugins may be added to $ZSH_CUSTOM/plugins/
# Example format: plugins=(rails git textmate ruby lighthouse)
# Add wisely, as too many plugins slow down shell startup.
plugins=(git)
# User configuration
# export MANPATH="/usr/local/man:$MANPATH"
# You may need to manually set your language environment
# export LANG=en_US.UTF-8
# Preferred editor for local and remote sessions
# if [[ -n $SSH_CONNECTION ]]; then
# export EDITOR='vim'
# else
# export EDITOR='nvim'
# fi
# Compilation flags
# export ARCHFLAGS="-arch $(uname -m)"
# Set personal aliases, overriding those provided by Oh My Zsh libs,
# plugins, and themes. Aliases can be placed here, though Oh My Zsh
# users are encouraged to define aliases within a top-level file in
# the $ZSH_CUSTOM folder, with .zsh extension. Examples:
# - $ZSH_CUSTOM/aliases.zsh
# - $ZSH_CUSTOM/macos.zsh
# For a full list of active aliases, run `alias`.
#
# Example aliases
# alias zshconfig="mate ~/.zshrc"
# alias ohmyzsh="mate ~/.oh-my-zsh
export PATH="$PATH:/root/.local/bin"
alias vi='vim'
alias ll='ls -l'

8
roles/debian/files/resolv.conf Normal file
View file

@ -0,0 +1,8 @@
# /etc/resolv.conf
nameserver 8.8.8.8
nameserver 4.4.4.4
nameserver 1.1.1.1
nameserver 9.9.9.9
nameserver 2001:4860:4860::8888

30
roles/debian/tasks/main.yml Normal file
View file

@ -0,0 +1,30 @@
---
- tags: debian
block:
- name: Install zsh
apt:
name: zsh
state: present
update_cache: true
- import_tasks: users.yml
- name: Install tops
apt:
name:
- htop
- iotop
- btop
state: present
- name: Install vim
apt:
name: vim
state: present
- name: resolv.conf
copy:
src: resolv.conf
dest: /etc/resolv.conf

55
roles/debian/tasks/users.yml Normal file
View file

@ -0,0 +1,55 @@
---
- tags: users
block:
- name: Groups
group:
name: "{{ item.name }}"
state: present
gid: "{{ item.gid }}"
loop_control:
label: "{{ item.name }}"
loop:
- name: root
gid: 0
- name: admin
gid: 1040
- name: developer
gid: 1050
- name: Users
user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
group: "{{ item.name }}"
groups: "{{ item.groups }}"
shell: "{{ item.shell }}"
password: "{{ item.password }}"
loop_control:
label: "{{ item.name }}"
loop:
- name: root
uid: 0
groups: sudo
shell: /bin/bash
password: $6$R0En0ee9OeDp3ikb$Rl3aXOCw0Me9Jm8/0hTjgII2xm1L2K5/v1oAd0MoP13/Q7zT0YRNoF2TGlQ23jF7K90z8iVs4km8JvK.2JhkU0
- name: admin
uid: 1040
groups: sudo
shell: /bin/zsh
password: $6$R0En0ee9OeDp3ikb$Rl3aXOCw0Me9Jm8/0hTjgII2xm1L2K5/v1oAd0MoP13/Q7zT0YRNoF2TGlQ23jF7K90z8iVs4km8JvK.2JhkU0
- name: developer
uid: 1050
groups:
shell: /bin/zsh
password: $6$R0En0ee9OeDp3ikb$Rl3aXOCw0Me9Jm8/0hTjgII2xm1L2K5/v1oAd0MoP13/Q7zT0YRNoF2TGlQ23jF7K90z8iVs4km8JvK.2JhkU0
- name: zsh config
copy:
src: .zshrc
dest: "{{ item }}/.zshrc"
loop:
- '/home/admin'
- '/home/developer'
- '/root'

42
roles/mariadb/tasks/main.yml Normal file
View file

@ -0,0 +1,42 @@
---
- tags: mariadb
block:
- name: Package
apt:
state: present
name:
- mariadb-server
- python3-pymysql
update_cache: true
- name: Service
systemd:
state: started
name: mariadb
enabled: true
- name: Create new databases with names 'webapp' and 'webapp_backup'
community.mysql.mysql_db:
login_unix_socket: /var/run/mysqld/mysqld.sock
name: "{{ item }}"
loop:
- webapp
- webapp_backup
- name: DB User
mysql_user:
name: "{{ item.name }}"
password: "{{ item.password }}"
priv: "{{ item.priv }}"
login_unix_socket: /var/run/mysqld/mysqld.sock
loop:
- name: webapp
password: w3b4pp
priv: '*.*:ALL'
- name: webapp_backup
password: w3b4pp_b4ckup
priv: '*.*:ALL'
loop_control:
label: "{{ item.name }}"

28
roles/nginx/files/default Normal file
View file

@ -0,0 +1,28 @@
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# proxy_pass http://localhost:8080;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
}
}

66
roles/nginx/files/index.htm Normal file
View file

@ -0,0 +1,66 @@
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Ansible-Schulung: Automatisierung leicht gemacht</title>
<style>
body {
font-family: Arial, sans-serif;
line-height: 1.6;
margin: 0;
padding: 0;
background-color: #f4f4f4;
}
header {
background-color: #35424a;
color: #ffffff;
text-align: center;
padding: 1rem;
}
main {
padding: 2rem;
max-width: 800px;
margin: auto;
}
h1, h2 {
color: #35424a;
}
.cta-button {
display: inline-block;
background-color: #e8491d;
color: #ffffff;
padding: 10px 20px;
text-decoration: none;
border-radius: 5px;
margin-top: 20px;
}
</style>
</head>
<body>
<header>
<h1>Willkommen zur Ansible-Schulung</h1>
<p>Automatisierung leicht gemacht</p>
</header>
<main>
<h2>Über unsere Schulung</h2>
<p>In dieser umfassenden Ansible-Schulung lernen Sie, wie Sie IT-Infrastrukturen effizient automatisieren und verwalten können. Vom Grundlagen bis hin zu fortgeschrittenen Techniken - wir machen Sie zum Ansible-Experten!</p>
<h2>Was Sie lernen werden:</h2>
<ul>
<li>Grundlagen von Ansible</li>
<li>Playbooks erstellen und ausführen</li>
<li>Rollen und Best Practices</li>
<li>Ansible für Netzwerk-Automatisierung</li>
<li>Integration mit CI/CD-Pipelines</li>
</ul>
<h2>Für wen ist diese Schulung?</h2>
<p>Unsere Schulung ist ideal für System-Administratoren, DevOps-Ingenieure und IT-Profis, die ihre Automatisierungsfähigkeiten verbessern möchten.</p>
<a href="#" class="cta-button">Jetzt anmelden</a>
</main>
</body>
</html>

30
roles/nginx/files/nginx.conf Normal file
View file

@ -0,0 +1,30 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

15
roles/nginx/handlers/main.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Restart
systemd:
name: nginx
state: restarted
- name: Waitfor
wait_for:
host: localhost
port: 80
state: started
sleep: 1
delay: 2
timeout: 300

43
roles/nginx/tasks/main.yml Normal file
View file

@ -0,0 +1,43 @@
---
- tags: nginx
block:
- name: Package
apt:
state: present
name:
- nginx-light
- curl
- wget
update_cache: true
- name: Service
systemd:
state: started
name: nginx
enabled: true
- name: Config
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '0644'
notify:
- Restart
- Waitfor
loop_control:
label: "{{ item.src }}"
loop:
- src: nginx.conf
dest: /etc/nginx/nginx.conf
- src: default
dest: /etc/nginx/sites-enabled/default
- name: Defaultpage
copy:
src: index.htm
dest: /var/www/html/index.nginx-debian.html
owner: root
group: root
mode: '0644'