Skip to content
This repository was archived by the owner on Sep 7, 2023. It is now read-only.
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion student_files/01/Vagrantfile
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,11 @@ Vagrant.configure('2') do |config|
end

# provision VM via bash
config.vm.provision 'shell', path: 'provision_me.sh'
# config.vm.provision 'shell', path: 'provision_me.sh'

# provision VM via ansible
config.vm.provision 'ansible_local' do |ansible|
ansible.playbook = '/vagrant/provision_me.yml'
ansible.verbose = 'v'
end
end
64 changes: 64 additions & 0 deletions student_files/01/history.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
[vagrant@localhost ~]$ history | cut -c 8-
exit
ll
ls
[wd
pwd
ls
cd /vagrant
ls
cat provision_me.sh
sudo bash provision_me.sh
iptables -L
sudo su
ssh-keygen
ssh-copy-id check_inv
ssh check_inv
ansible-playbook -vvv -i inventory.ini /vagrant/provision_me.yml
history | less
history
ansible-playbook -i inventory.ini /vagrant/provision_me.yml
exit
history
exit
history
sudo su
ansible-playbook -vvv -i inventory.ini /vagrant/provision_me.yml
less /vagrant/provision_me.yml
ssh check_inv
cat /home/vagrant/inventory.ini
ansible-playbook -vvv -i /vagrant/inventory.ini /vagrant/provision_me.yml
exit
ansible-playbook -i /vagrant/inventory.ini /vagrant/provision_me.yml

[vagrant@localhost vagrant]$ history | cut -c 8-
exit
ll
ls
[wd
pwd
ls
cd /vagrant
ls
cat provision_me.sh
sudo bash provision_me.sh
iptables -L
sudo su
ssh-keygen
ssh-copy-id check_inv
ssh check_inv
ansible-playbook -vvv -i inventory.ini /vagrant/provision_me.yml
history | less
history
ansible-playbook -i inventory.ini /vagrant/provision_me.yml
exit
history
exit
history
sudo su
ansible-playbook -vvv -i inventory.ini /vagrant/provision_me.yml
less /vagrant/provision_me.yml
ssh check_inv
cat /home/vagrant/inventory.ini
ansible-playbook -vvv -i /vagrant/inventory.ini /vagrant/provision_me.yml
exit
1 change: 1 addition & 0 deletions student_files/01/inventory.ini
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
check_inv
28 changes: 28 additions & 0 deletions student_files/01/vagrant_error.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
INFO interface: error: The guest machine entered an invalid state while waiting for it
to boot. Valid states are 'starting, running'. The machine is in the
'unknown' state. Please verify everything is configured
properly and try again.

it is often helpful to open that and watch the machine, since the
GUI often has more helpful error messages than Vagrant can retrieve.
For example, if you're using VirtualBox, run `vagrant up` while the
VirtualBox GUI is open.

The primary issue for this error is that the provider you're using
is not properly configured. This is very rarely a Vagrant issue.
The guest machine entered an invalid state while waiting for it
to boot. Valid states are 'starting, running'. The machine is in the
'unknown' state. Please verify everything is configured
properly and try again.

If the provider you're using has a GUI that comes with it,
it is often helpful to open that and watch the machine, since the
GUI often has more helpful error messages than Vagrant can retrieve.
For example, if you're using VirtualBox, run `vagrant up` while the
VirtualBox GUI is open.

The primary issue for this error is that the provider you're using
is not properly configured. This is very rarely a Vagrant issue.
INFO interface: Machine: error-exit ["Vagrant::Errors::VMBootBadState", "The guest machine entered an invalid state while waiting for it\nto boot. Valid states are 'starting, running'. The machine is in the\n'unknown' state. Please verify everything is configured\nproperly and try again.\n\nIf the provider you're using has a GUI that comes with it,\nit is often helpful to open that and watch the machine, since the\nGUI often has more helpful error messages than Vagrant can retrieve.\nFor example, if you're using VirtualBox, run `vagrant up` while the\nVirtualBox GUI is open.\n\nThe primary issue for this error is that the provider you're using\nis not properly configured. This is very rarely a Vagrant issue."]
PS C:\ansible-course\student_files\01> vagrant halt
==> default: Attempting graceful shutdown of VM...
3 changes: 3 additions & 0 deletions student_files/02/files/snmpd.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
syslocation Server Room
syscontact SysAdmin (devops@example.com)
rocommunity snmp_secret_rocommunity
96 changes: 92 additions & 4 deletions student_files/02/provision_me.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
become: true
become_user: root
vars:
sshgroup_name: sshusers
user:
login: deploy
password_hash:
Expand All @@ -17,46 +18,133 @@
hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZE\
nDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHln\
VYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
group: "{{ sshgroup_name }}"

tasks:
- name: Create admin account
- name: Create {{ sshgroup_name }} group for {{ user.login }}
group:
name: "{{ sshgroup_name }}"
state: present

- name: Create user {{ user.login }} account
user:
name: "{{ user.login }}"
groups: "{{ user.group }}"
shell: /bin/bash
update_password: always
password: "{{ user.password_hash }}"
- name: Add admin to sudoers

- name: Add user {{ user.login }} to sudoers
lineinfile:
dest: /etc/sudoers
state: present
line: "{{ user.login }} ALL=(ALL:ALL) NOPASSWD:ALL"
- name: Create authorized key for admin
validate: '/usr/sbin/visudo -cf %s'

- name: Create authorized key for user {{ user.login }}
authorized_key:
user: "{{ user.login }}"
state: present
key: "{{ user.authorized_key }}"

- name: Install epel-release via yum
yum:
name: epel-release
state: present
enablerepo: extras

- name: Install software
package:
name:
- httpd
- git
- iptables-services
- net-snmp
- net-snmp-utils
- python-pip
state: present

- name: install latest pyOpenSSL if needed
pip:
name: pyopenssl
state: present

- name: Checkout git repository
git:
repo: https://github.com/ultral/2048.git
dest: /var/www/html
force: true
version: fc1ef4fe5a5fcccea7590f3e4c187c75980b353f

- name: Upgrade pip to latest vesion
pip:
name: pip
extra_args: --upgrade

- name: Allow access via HTTP
iptables:
chain: INPUT
protocol: tcp
destination_port: 80
destination_port: '80'
ctstate: NEW
jump: ACCEPT

- name: Allow access via UDP for snmpd
iptables:
chain: INPUT
protocol: udp
destination_port: '161'
ctstate: NEW
jump: ACCEPT

- name: Copy a new "snmpd.conf file into /etc/snmpd/snmpd.conf
copy:
src: snmpd.conf
dest: /etc/snmp/snmpd.conf
owner: "{{ user.login }}"
group: "{{ user.group }}"
mode: preserve
force: true
backup: true

# - name: Configure snmpd via blockinfile
# blockinfile:
# path: /etc/snmp/snmpd.conf
# state: present
# block: |
# syslocation Server Room
# syscontact SysAdmin (devops@example.com)
# rocommunity snmp_secret_rocommunity
# insertafter: EOF

- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
openssl_privatekey:
path: /etc/ssl/certs/ansible.com.pem

- name: Generate an OpenSSL Certificate Signing Request
openssl_csr:
path: /etc/ssl/certs/ansible.com.csr
privatekey_path: /etc/ssl/certs/ansible.com.pem
common_name: www.ansible.com

- name: Generate a Self Signed OpenSSL certificate
openssl_certificate:
path: /etc/ssl/certs/ansible.com.crt
privatekey_path: /etc/ssl/certs/ansible.com.pem
csr_path: /etc/ssl/certs/ansible.com.csr
provider: selfsigned

- name: Start httpd
systemd:
name: httpd
state: started

- name: Start and enable snmpd
systemd:
name: snmpd
enabled: true
state: started

- name: Print message
debug:
msg: "Play 2028: http://localhost:8080/"
5 changes: 3 additions & 2 deletions student_files/03/provision_iptables.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,10 @@
# ansible lint complains about reloading, so we disable that warning
# noqa 503
# also iptables-restore doesn't work inside docker, so we skip the step
command: iptables-restore /etc/sysconfig/iptables
command: "{{ item.iptables_filename }}-restore /etc/sysconfig/{{ item.iptables_filename }}"
when:
- iptables_rules_install_result.changed
- item.changed
# should be removed after releasing https://github.com/ansible/ansible/issues/66304
- ansible_virtualization_type != "docker"
- ansible_virtualization_type != "VirtualPC"
with_items: "{{ iptables_rules_install_result.results }}"
10 changes: 10 additions & 0 deletions student_files/03/provision_me.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,16 @@
become_user: root
vars:
iptables_allowed_ports:
# default
- {protocol: tcp, port: 180}
- {protocol: tcp, port: 1443}
- {protocol: udp, port: 1161}
# task3.3
- {protocol: udp, port: 161}
- {protocol: tcp, port: 443}
# httpd
- {protocol: tcp, port: 80}
sshgroup_name: sshusers
user:
login: deploy
password_hash:
Expand All @@ -21,6 +28,9 @@
5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0\
jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE9\
8OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
snmpd_config:
- {access: rocommunity, community: public, address: 127.0.0.1}
- {access: rocommunity, community: private, address: 192.168.1.1}
tasks:
- name: Create admin user
import_tasks: provision_users.yml
Expand Down
25 changes: 25 additions & 0 deletions student_files/03/provision_software.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,36 @@
package:
name:
- httpd
- net-snmp
- net-snmp-utils
state: present
when: ansible_distribution == 'CentOS'

- name: Install software Ubuntu
package:
name:
- apache2
- snmpd
state: present
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

- name: Configure snmpd via template module
template:
src: "snmpd_conf.j2"
dest: "/etc/snmp/snmpd.conf"
owner: root
group: root
mode: '0600'
backup: true
register: snmpd_config_result
become: true

- name: Restart snmpd if config changed
systemd:
name: snmpd
state: restarted
daemon_reload: true
when: snmpd_config_result.changed
become: true
tags:
- skip_ansible_lint
34 changes: 31 additions & 3 deletions student_files/03/provision_users.yml
Original file line number Diff line number Diff line change
@@ -1,16 +1,44 @@
---
- name: Create admin account
# - name: Create admin account
# user:
# name: "{{ user.login }}"
# shell: /bin/bash
# update_password: always
# password: "{{ user.password_hash }}"

# - name: Add admin to sudoers
# lineinfile:
# dest: /etc/sudoers
# state: present
# line: "{{ user.login }} ALL=(ALL:ALL) NOPASSWD:ALL"

# - name: Create authorized key for admin
# authorized_key:
# user: "{{ user.login }}"
# state: present
# key: "{{ user.authorized_key }}"

- name: Create {{ sshgroup_name }} group for {{ user.login }}
group:
name: "{{ sshgroup_name }}"
state: present

- name: Create user {{ user.login }} account
user:
name: "{{ user.login }}"
groups: "{{ sshgroup_name }}"
shell: /bin/bash
update_password: always
password: "{{ user.password_hash }}"
- name: Add admin to sudoers

- name: Add user {{ user.login }} to sudoers
lineinfile:
dest: /etc/sudoers
state: present
line: "{{ user.login }} ALL=(ALL:ALL) NOPASSWD:ALL"
- name: Create authorized key for admin
validate: '/usr/sbin/visudo -cf %s'

- name: Create authorized key for user {{ user.login }}
authorized_key:
user: "{{ user.login }}"
state: present
Expand Down
5 changes: 5 additions & 0 deletions student_files/03/templates/snmpd_conf.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{% if snmpd_config is defined %}
{% for record in snmpd_config %}
{{ record.access }} {{ record.community }} {{ record.address }}
{% endfor %}
{% endif %}
Loading