From be7399a645ef7b5557954757c730eaa67dce75ee Mon Sep 17 00:00:00 2001 From: mgutzeit Date: Wed, 18 Dec 2024 08:49:20 +0100 Subject: [PATCH] added first 2 days --- ansible.cfg | 34 +++++++++++ hosts.ini | 13 ++++ library/kernel.sh | 6 ++ playbook.yml | 17 ++++++ roles/chrony/files/chrony.conf | 17 ++++++ roles/chrony/handlers/main.yml | 6 ++ roles/chrony/tasks/main.yml | 29 +++++++++ roles/debian/files/.zshrc | 107 +++++++++++++++++++++++++++++++++ roles/debian/files/resolv.conf | 8 +++ roles/debian/tasks/main.yml | 30 +++++++++ roles/debian/tasks/users.yml | 55 +++++++++++++++++ roles/mariadb/tasks/main.yml | 42 +++++++++++++ roles/nginx/files/default | 28 +++++++++ roles/nginx/files/index.htm | 66 ++++++++++++++++++++ roles/nginx/files/nginx.conf | 30 +++++++++ roles/nginx/handlers/main.yml | 15 +++++ roles/nginx/tasks/main.yml | 43 +++++++++++++ 17 files changed, 546 insertions(+) create mode 100644 ansible.cfg create mode 100644 hosts.ini create mode 100644 library/kernel.sh create mode 100644 playbook.yml create mode 100644 roles/chrony/files/chrony.conf create mode 100644 roles/chrony/handlers/main.yml create mode 100644 roles/chrony/tasks/main.yml create mode 100644 roles/debian/files/.zshrc create mode 100644 roles/debian/files/resolv.conf create mode 100644 roles/debian/tasks/main.yml create mode 100644 roles/debian/tasks/users.yml create mode 100644 roles/mariadb/tasks/main.yml create mode 100644 roles/nginx/files/default create mode 100644 roles/nginx/files/index.htm create mode 100644 roles/nginx/files/nginx.conf create mode 100644 roles/nginx/handlers/main.yml create mode 100644 roles/nginx/tasks/main.yml diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..95e5989 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,34 @@ +[defaults] +nocows = 1 +timeout = 30 +forks = 50 +interpreter_python = auto_silent + +inventory = hosts.ini +# roles_path = ./roles +library = ./library + +# bin_ansible_callbacks = true +# stdout_callback = unixy +# callbacks_enabled = timer, profile_tasks, profile_roles + +# force_handlers = true + +gathering = smart +fact_caching = jsonfile +fact_caching_connection = /tmp/ansible/facts.cache +fact_caching_timeout = 3600 + + +[ssh_connection] +pipelining = true +ssh_args = -o PreferredAuthentications=publickey -o ControlMaster=auto -o ControlPersist=60s + + +[privilege_escalation] +become = true + + +[diff] +always = true +context = 5 diff --git a/hosts.ini b/hosts.ini new file mode 100644 index 0000000..314e61b --- /dev/null +++ b/hosts.ini @@ -0,0 +1,13 @@ +[webapp:children] +database +webserver + +[ansible] +ansible01 ansible_host=167.235.134.124 + +[webserver] +web01 ansible_host=116.203.48.2 +web02 ansible_host=195.201.37.254 + +[database] +db01 ansible_host=195.201.38.233 diff --git a/library/kernel.sh b/library/kernel.sh new file mode 100644 index 0000000..d5fdccd --- /dev/null +++ b/library/kernel.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +cat "$1" >> /tmp/ansible-parameter + +release="$(uname --kernel-release)" +echo '{ "changed": false, "msg": "'"$release"'" }' diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..014c462 --- /dev/null +++ b/playbook.yml @@ -0,0 +1,17 @@ +--- + +- hosts: all + roles: + - debian + - chrony + +- hosts: webserver + tags: webserver + roles: + - nginx + +- hosts: database + tags: database + roles: + - mariadb + diff --git a/roles/chrony/files/chrony.conf b/roles/chrony/files/chrony.conf new file mode 100644 index 0000000..942b717 --- /dev/null +++ b/roles/chrony/files/chrony.conf @@ -0,0 +1,17 @@ + +# File managed by Ansible +# change + +pool pool.ntp.org iburst maxsources 3 + +keyfile /etc/chrony/chrony.keys +driftfile /var/lib/chrony/chrony.drift +ntsdumpdir /var/lib/chrony +logdir /var/log/chrony + +maxupdateskew 100.0 +rtcsync +makestep 1 3 +leapsectz right/UTC + +lock_all diff --git a/roles/chrony/handlers/main.yml b/roles/chrony/handlers/main.yml new file mode 100644 index 0000000..64435b6 --- /dev/null +++ b/roles/chrony/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: Restart + systemd: + name: chrony + state: restarted diff --git a/roles/chrony/tasks/main.yml b/roles/chrony/tasks/main.yml new file mode 100644 index 0000000..a1a949e --- /dev/null +++ b/roles/chrony/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- tags: chrony + block: + + - name: Package + apt: + state: present + name: + - chrony + update_cache: true + tags: installchrony + + - name: Service + systemd: + state: started + name: chrony + enabled: true + tags: startchrony + + - name: Configfile + copy: + src: chrony.conf + dest: /etc/chrony/chrony.conf + owner: root + group: root + mode: '0644' + notify: + - Restart +# - waitfor chrony diff --git a/roles/debian/files/.zshrc b/roles/debian/files/.zshrc new file mode 100644 index 0000000..1e1c332 --- /dev/null +++ b/roles/debian/files/.zshrc @@ -0,0 +1,107 @@ + +# If you come from bash you might have to change your $PATH. +# export PATH=$HOME/bin:$HOME/.local/bin:/usr/local/bin:$PATH + +# Path to your Oh My Zsh installation. +export ZSH="$HOME/.oh-my-zsh" + +# Set name of the theme to load --- if set to "random", it will +# load a random theme each time Oh My Zsh is loaded, in which case, +# to know which specific one was loaded, run: echo $RANDOM_THEME +# See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes +ZSH_THEME="robbyrussell" + +# Set list of themes to pick from when loading at random +# Setting this variable when ZSH_THEME=random will cause zsh to load +# a theme from this variable instead of looking in $ZSH/themes/ +# If set to an empty array, this variable will have no effect. +# ZSH_THEME_RANDOM_CANDIDATES=( "robbyrussell" "agnoster" ) + +# Uncomment the following line to use case-sensitive completion. +# CASE_SENSITIVE="true" + +# Uncomment the following line to use hyphen-insensitive completion. +# Case-sensitive completion must be off. _ and - will be interchangeable. +# HYPHEN_INSENSITIVE="true" + +# Uncomment one of the following lines to change the auto-update behavior +# zstyle ':omz:update' mode disabled # disable automatic updates +# zstyle ':omz:update' mode auto # update automatically without asking +# zstyle ':omz:update' mode reminder # just remind me to update when it's time + +# Uncomment the following line to change how often to auto-update (in days). +# zstyle ':omz:update' frequency 13 + +# Uncomment the following line if pasting URLs and other text is messed up. +# DISABLE_MAGIC_FUNCTIONS="true" + +# Uncomment the following line to disable colors in ls. +# DISABLE_LS_COLORS="true" + +# Uncomment the following line to disable auto-setting terminal title. +# DISABLE_AUTO_TITLE="true" + +# Uncomment the following line to enable command auto-correction. +# ENABLE_CORRECTION="true" + +# Uncomment the following line to display red dots whilst waiting for completion. +# You can also set it to another string to have that shown instead of the default red dots. +# e.g. COMPLETION_WAITING_DOTS="%F{yellow}waiting...%f" +# Caution: this setting can cause issues with multiline prompts in zsh < 5.7.1 (see #5765) +# COMPLETION_WAITING_DOTS="true" + +# Uncomment the following line if you want to disable marking untracked files +# under VCS as dirty. This makes repository status check for large repositories +# much, much faster. +# DISABLE_UNTRACKED_FILES_DIRTY="true" + +# Uncomment the following line if you want to change the command execution time +# stamp shown in the history command output. +# You can set one of the optional three formats: +# "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd" +# or set a custom format using the strftime function format specifications, +# see 'man strftime' for details. +# HIST_STAMPS="mm/dd/yyyy" + +# Would you like to use another custom folder than $ZSH/custom? +# ZSH_CUSTOM=/path/to/new-custom-folder + +# Which plugins would you like to load? +# Standard plugins can be found in $ZSH/plugins/ +# Custom plugins may be added to $ZSH_CUSTOM/plugins/ +# Example format: plugins=(rails git textmate ruby lighthouse) +# Add wisely, as too many plugins slow down shell startup. +plugins=(git) + + +# User configuration + +# export MANPATH="/usr/local/man:$MANPATH" + +# You may need to manually set your language environment +# export LANG=en_US.UTF-8 + +# Preferred editor for local and remote sessions +# if [[ -n $SSH_CONNECTION ]]; then +# export EDITOR='vim' +# else +# export EDITOR='nvim' +# fi + +# Compilation flags +# export ARCHFLAGS="-arch $(uname -m)" + +# Set personal aliases, overriding those provided by Oh My Zsh libs, +# plugins, and themes. Aliases can be placed here, though Oh My Zsh +# users are encouraged to define aliases within a top-level file in +# the $ZSH_CUSTOM folder, with .zsh extension. Examples: +# - $ZSH_CUSTOM/aliases.zsh +# - $ZSH_CUSTOM/macos.zsh +# For a full list of active aliases, run `alias`. +# +# Example aliases +# alias zshconfig="mate ~/.zshrc" +# alias ohmyzsh="mate ~/.oh-my-zsh +export PATH="$PATH:/root/.local/bin" +alias vi='vim' +alias ll='ls -l' diff --git a/roles/debian/files/resolv.conf b/roles/debian/files/resolv.conf new file mode 100644 index 0000000..fb544d5 --- /dev/null +++ b/roles/debian/files/resolv.conf @@ -0,0 +1,8 @@ +# /etc/resolv.conf + +nameserver 8.8.8.8 +nameserver 4.4.4.4 +nameserver 1.1.1.1 +nameserver 9.9.9.9 + +nameserver 2001:4860:4860::8888 diff --git a/roles/debian/tasks/main.yml b/roles/debian/tasks/main.yml new file mode 100644 index 0000000..014fb60 --- /dev/null +++ b/roles/debian/tasks/main.yml @@ -0,0 +1,30 @@ +--- + + +- tags: debian + block: + - name: Install zsh + apt: + name: zsh + state: present + update_cache: true + + - import_tasks: users.yml + + - name: Install tops + apt: + name: + - htop + - iotop + - btop + state: present + + - name: Install vim + apt: + name: vim + state: present + + - name: resolv.conf + copy: + src: resolv.conf + dest: /etc/resolv.conf diff --git a/roles/debian/tasks/users.yml b/roles/debian/tasks/users.yml new file mode 100644 index 0000000..6a8af56 --- /dev/null +++ b/roles/debian/tasks/users.yml @@ -0,0 +1,55 @@ +--- + +- tags: users + block: + + - name: Groups + group: + name: "{{ item.name }}" + state: present + gid: "{{ item.gid }}" + loop_control: + label: "{{ item.name }}" + loop: + - name: root + gid: 0 + - name: admin + gid: 1040 + - name: developer + gid: 1050 + + - name: Users + user: + name: "{{ item.name }}" + uid: "{{ item.uid }}" + group: "{{ item.name }}" + groups: "{{ item.groups }}" + shell: "{{ item.shell }}" + password: "{{ item.password }}" + loop_control: + label: "{{ item.name }}" + loop: + - name: root + uid: 0 + groups: sudo + shell: /bin/bash + password: $6$R0En0ee9OeDp3ikb$Rl3aXOCw0Me9Jm8/0hTjgII2xm1L2K5/v1oAd0MoP13/Q7zT0YRNoF2TGlQ23jF7K90z8iVs4km8JvK.2JhkU0 + - name: admin + uid: 1040 + groups: sudo + shell: /bin/zsh + password: $6$R0En0ee9OeDp3ikb$Rl3aXOCw0Me9Jm8/0hTjgII2xm1L2K5/v1oAd0MoP13/Q7zT0YRNoF2TGlQ23jF7K90z8iVs4km8JvK.2JhkU0 + - name: developer + uid: 1050 + groups: + shell: /bin/zsh + password: $6$R0En0ee9OeDp3ikb$Rl3aXOCw0Me9Jm8/0hTjgII2xm1L2K5/v1oAd0MoP13/Q7zT0YRNoF2TGlQ23jF7K90z8iVs4km8JvK.2JhkU0 + + - name: zsh config + copy: + src: .zshrc + dest: "{{ item }}/.zshrc" + loop: + - '/home/admin' + - '/home/developer' + - '/root' diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml new file mode 100644 index 0000000..72d4fe3 --- /dev/null +++ b/roles/mariadb/tasks/main.yml @@ -0,0 +1,42 @@ +--- + +- tags: mariadb + block: + + - name: Package + apt: + state: present + name: + - mariadb-server + - python3-pymysql + update_cache: true + + - name: Service + systemd: + state: started + name: mariadb + enabled: true + + - name: Create new databases with names 'webapp' and 'webapp_backup' + community.mysql.mysql_db: + login_unix_socket: /var/run/mysqld/mysqld.sock + name: "{{ item }}" + loop: + - webapp + - webapp_backup + + - name: DB User + mysql_user: + name: "{{ item.name }}" + password: "{{ item.password }}" + priv: "{{ item.priv }}" + login_unix_socket: /var/run/mysqld/mysqld.sock + loop: + - name: webapp + password: w3b4pp + priv: '*.*:ALL' + - name: webapp_backup + password: w3b4pp_b4ckup + priv: '*.*:ALL' + loop_control: + label: "{{ item.name }}" diff --git a/roles/nginx/files/default b/roles/nginx/files/default new file mode 100644 index 0000000..17552c0 --- /dev/null +++ b/roles/nginx/files/default @@ -0,0 +1,28 @@ +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + # proxy_pass http://localhost:8080; + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection 'upgrade'; + # proxy_set_header Host $host; + # proxy_cache_bypass $http_upgrade; + } + + +} + diff --git a/roles/nginx/files/index.htm b/roles/nginx/files/index.htm new file mode 100644 index 0000000..e2c31b6 --- /dev/null +++ b/roles/nginx/files/index.htm @@ -0,0 +1,66 @@ + + + + + + Ansible-Schulung: Automatisierung leicht gemacht + + + +
+

Willkommen zur Ansible-Schulung

+

Automatisierung leicht gemacht

+
+ +
+

Über unsere Schulung

+

In dieser umfassenden Ansible-Schulung lernen Sie, wie Sie IT-Infrastrukturen effizient automatisieren und verwalten können. Vom Grundlagen bis hin zu fortgeschrittenen Techniken - wir machen Sie zum Ansible-Experten!

+ +

Was Sie lernen werden:

+ + +

Für wen ist diese Schulung?

+

Unsere Schulung ist ideal für System-Administratoren, DevOps-Ingenieure und IT-Profis, die ihre Automatisierungsfähigkeiten verbessern möchten.

+ + Jetzt anmelden +
+ + + diff --git a/roles/nginx/files/nginx.conf b/roles/nginx/files/nginx.conf new file mode 100644 index 0000000..5eb91c1 --- /dev/null +++ b/roles/nginx/files/nginx.conf @@ -0,0 +1,30 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +error_log /var/log/nginx/error.log; +include /etc/nginx/modules-enabled/*.conf; + +events { +worker_connections 768; + # multi_accept on; +} + +http { + + +sendfile on; +tcp_nopush on; +types_hash_max_size 2048; +include /etc/nginx/mime.types; +default_type application/octet-stream; + +ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE +ssl_prefer_server_ciphers on; +access_log /var/log/nginx/access.log; + + +gzip on; + +include /etc/nginx/conf.d/*.conf; +include /etc/nginx/sites-enabled/*; +} diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml new file mode 100644 index 0000000..6c117e2 --- /dev/null +++ b/roles/nginx/handlers/main.yml @@ -0,0 +1,15 @@ +--- + +- name: Restart + systemd: + name: nginx + state: restarted + +- name: Waitfor + wait_for: + host: localhost + port: 80 + state: started + sleep: 1 + delay: 2 + timeout: 300 diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml new file mode 100644 index 0000000..c58b0b5 --- /dev/null +++ b/roles/nginx/tasks/main.yml @@ -0,0 +1,43 @@ +--- +- tags: nginx + block: + - name: Package + apt: + state: present + name: + - nginx-light + - curl + - wget + update_cache: true + + - name: Service + systemd: + state: started + name: nginx + enabled: true + + - name: Config + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: '0644' + notify: + - Restart + - Waitfor + loop_control: + label: "{{ item.src }}" + loop: + - src: nginx.conf + dest: /etc/nginx/nginx.conf + - src: default + dest: /etc/nginx/sites-enabled/default + + - name: Defaultpage + copy: + src: index.htm + dest: /var/www/html/index.nginx-debian.html + owner: root + group: root + mode: '0644'