Initial Commit

2024-09-08 01:43:41 +02:00 · 2022-03-21 17:17:54 +00:00 · 2022-03-21 17:17:54 +00:00 · 7cb6997da9
commit 7cb6997da9
133 changed files with 1829 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto
--- a/9781484281727.JPG
+++ b/9781484281727.JPG
--- a/Contributing.md
+++ b/Contributing.md
@ -0,0 +1,14 @@
+# Contributing to Apress Source Code
+
+Copyright for Apress source code belongs to the author(s). However, under fair use you are encouraged to fork and contribute minor corrections and updates for the benefit of the author(s) and other readers.
+
+## How to Contribute
+
+1. Make sure you have a GitHub account.
+2. Fork the repository for the relevant book.
+3. Create a new branch on which to make your change, e.g. 
+`git checkout -b my_code_contribution`
+4. Commit your change. Include a commit message describing the correction. Please note that if your commit message is not clear, the correction will not be accepted.
+5. Submit a pull request.
+
+Thank you for your contribution!
--- a/LICENSE.txt
+++ b/LICENSE.txt
@ -0,0 +1,27 @@
+Freeware License, some rights reserved
+
+Copyright (c) 2022 Shaun R Smith and Peter Membrey
+
+Permission is hereby granted, free of charge, to anyone obtaining a copy 
+of this software and associated documentation files (the "Software"), 
+to work with the Software within the limits of freeware distribution and fair use. 
+This includes the rights to use, copy, and modify the Software for personal use. 
+Users are also allowed and encouraged to submit corrections and modifications 
+to the Software for the benefit of other users.
+
+It is not allowed to reuse,  modify, or redistribute the Software for 
+commercial use in any way, or for a user’s educational materials such as books 
+or blog articles without prior permission from the copyright holder. 
+
+The above copyright notice and this permission notice need to be included 
+in all copies or substantial portions of the software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS OR APRESS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+
--- a/README.md
+++ b/README.md
@ -0,0 +1,16 @@
+# Apress Source Code
+
+This repository accompanies [*Beginning Ansible Concepts and Application: Provisioning, Configuring, and Managing Servers, Applications and their Dependencies*](https://www.link.springer.com/book/10.1007/9781484281727) by Shaun R Smith and Peter Membrey (Apress, 2022).
+
+[comment]: #cover
+![Cover image](9781484281727.JPG)
+
+Download the files as a zip using the green button, or clone the repository to your machine using Git.
+
+## Releases
+
+Release v1.0 corresponds to the code in the published book, without corrections or updates.
+
+## Contributions
+
+See the file Contributing.md for more information on how you can contribute to this repository.
--- a/82
+++ b/82
@ -0,0 +1,82 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  config.vm.box = "ubuntu/focal64"
+
+  # globally disable the default synced folder
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+
+  # do not create a secure private key per host, we want to use a single key
+  # this allows the controller to connect to the target hosts
+  config.ssh.insert_key = false
+
+  # Set provider virtualbox to use GUI, for two reasons:
+  #  1. More obvious to the user what is running, so they don't consume too much background resource
+  #  2. To work around an x64 boot issue in Virtualbox when hardware virtualization is disabled in BIOS
+  config.vm.provider "virtualbox" do |v|
+#    v.gui = true
+    v.cpus = 1
+  end
+
+  # The Ansible controller machine
+  config.vm.define :controller, primary: true do |controller|
+    controller.vm.hostname = "ansible-controller"
+    controller.vm.network "private_network", ip: "192.168.98.100"
+
+    # Sync the local directory with ansible-friendly permissions
+    controller.vm.synced_folder ".", "/vagrant",
+      owner: "vagrant",
+      mount_options: ["dmode=755,fmode=644"]
+
+    controller.vm.provision "file", source: "~/.vagrant.d/insecure_private_key", destination: "$HOME/.ssh/id_rsa"
+
+    controller.vm.provision "shell", inline: <<-SHELL
+      chmod 600 /home/vagrant/.ssh/id_rsa
+      apt-get install -y ansible sshpass
+    SHELL
+  end
+
+
+  # Example web servers
+  (1..2).each do |i|
+    config.vm.define "web-00#{i}" do |node|
+      node.vm.hostname = "web-00#{i}"
+      node.vm.network "private_network", ip: "192.168.98.11#{i}"
+    end
+  end
+
+  # Example load balancer
+  (1..1).each do |i|
+    config.vm.define "lb-00#{i}" do |node|
+      node.vm.hostname = "lb-00#{i}"
+      node.vm.network "private_network", ip: "192.168.98.12#{i}"
+    end
+  end
+
+  # Example database server
+  (1..1).each do |i|
+    config.vm.define "db-00#{i}" do |node|
+      node.vm.hostname = "db-00#{i}"
+      node.vm.network "private_network", ip: "192.168.98.13#{i}"
+    end
+  end
+
+  # Generic provisioner to ensure we have python available
+  # This is an ansible requirement for all managed nodes
+  config.vm.provision "shell", inline: <<-SHELL
+    # Disable hardware based sha256sum in apt, not ideal - but Windows 10 WSL breaks VirtualBox
+    # and we can't really ask everyone to disable that
+    # See: https://askubuntu.com/questions/1235914/hash-sum-mismatch-error-due-to-identical-sha1-and-md5-but-different-sha256/1241893
+    mkdir /etc/gcrypt
+    echo all >> /etc/gcrypt/hwf.deny
+
+    apt-get update
+    apt-get install -y python3-minimal python3-apt avahi-daemon tree
+
+    rm -f /etc/update-motd.d/*
+    sed -i "s/^ENABLED=.*/ENABLED=0/" /etc/default/motd-news
+  SHELL
+
+  config.vm.boot_timeout = 360
+end
--- a/chapter02/ansible.cfg
+++ b/chapter02/ansible.cfg
@ -0,0 +1,3 @@
+[defaults]
+host_key_checking = false
+inventory = hosts
--- a/chapter02/hosts
+++ b/chapter02/hosts
@ -0,0 +1,2 @@
+web-001.local
+web-002.local
--- a/chapter03/ansible.cfg
+++ b/chapter03/ansible.cfg
@ -0,0 +1,3 @@
+[defaults]
+host_key_checking = false
+inventory = inventory
--- a/chapter03/hosts
+++ b/chapter03/hosts
@ -0,0 +1,17 @@
+[webservers]
+web-001.local
+web-002 ansible_host=192.168.98.112 ansible_port=22
+
+[webservers:vars]
+http_port=8080
+
+[load_balancers]
+lb-001.local
+
+[staging]
+web-002
+
+[production]
+web-001.local
+lb-001.local
+
--- a/chapter03/inventory/load_balancers
+++ b/chapter03/inventory/load_balancers
@ -0,0 +1,4 @@
+load_balancers:
+  hosts:
+    lb-001.local:
+
--- a/chapter03/inventory/webservers
+++ b/chapter03/inventory/webservers
@ -0,0 +1,9 @@
+---
+webservers:
+  hosts:
+    web-001.local:  
+    web-002:
+      ansible_host: 192.168.98.112
+  vars:
+    http_port: 8080
+
--- a/chapter03/ranges
+++ b/chapter03/ranges
@ -0,0 +1,2 @@
+[webservers]
+web-0[01:10]
--- a/chapter03/regional
+++ b/chapter03/regional
@ -0,0 +1,24 @@
+[germany]
+web-de-00[1:2]
+
+[france]
+web-fr-001
+
+[netherlands]
+web-nl-001
+
+[spain]
+web-es-00[1:3]
+
+[usa]
+web-us-00[1:4]
+
+[europe:children]
+germany
+france
+netherlands
+spain
+
+[americas:children]
+usa
+
--- a/chapter04/ansible.cfg
+++ b/chapter04/ansible.cfg
@ -0,0 +1,3 @@
+[defaults]
+host_key_checking = false
+inventory = inventory
--- a/chapter04/files/index.html
+++ b/chapter04/files/index.html
@ -0,0 +1 @@
+This is my website which was setup using Ansible
--- a/chapter04/inventory/load_balancers
+++ b/chapter04/inventory/load_balancers
@ -0,0 +1,4 @@
+load_balancers:
+  hosts:
+    lb-001.local:
+
--- a/chapter04/inventory/webservers
+++ b/chapter04/inventory/webservers
@ -0,0 +1,9 @@
+---
+webservers:
+  hosts:
+    web-001.local:  
+    web-002:
+      ansible_host: 192.168.98.112
+  vars:
+    http_port: 8080
+
--- a/chapter04/webservers.yml
+++ b/chapter04/webservers.yml
@ -0,0 +1,15 @@
+---
+- hosts: webservers
+  become: true
+  tasks:
+    - name: Ensure nginx is installed
+      apt:
+        name: nginx
+        state: present
+
+    - name: Push website content to the web root
+      copy  :
+        src: index.html
+        dest: /var/www/html/
+        mode: u=rw,g=r,o=r
+
--- a/chapter05/ansible.cfg
+++ b/chapter05/ansible.cfg
@ -0,0 +1,4 @@
+[defaults]
+host_key_checking = false
+inventory = inventory
+stdout_callback = yaml
--- a/chapter05/exploring-apt.yml
+++ b/chapter05/exploring-apt.yml
@ -0,0 +1,15 @@
+---
+- hosts: web-001.local
+  become: true
+  tasks:
+    - name: Ensure nginx is installed
+      apt:
+        name: nginx
+        state: latest
+        cache_valid_time: 60
+
+    - name: Uninstall tree command
+      apt:
+        name: tree
+        state: absent
+
--- a/chapter05/files/index.html
+++ b/chapter05/files/index.html
@ -0,0 +1 @@
+This is my website which was setup using Ansible
--- a/chapter05/inventory/load_balancers
+++ b/chapter05/inventory/load_balancers
@ -0,0 +1,4 @@
+load_balancers:
+  hosts:
+    lb-001.local:
+
--- a/chapter05/inventory/webservers
+++ b/chapter05/inventory/webservers
@ -0,0 +1,9 @@
+---
+webservers:
+  hosts:
+    web-001.local:  
+    web-002:
+      ansible_host: 192.168.98.112
+  vars:
+    http_port: 8080
+
--- a/chapter05/upgrade.yml
+++ b/chapter05/upgrade.yml
@ -0,0 +1,12 @@
+---
+- hosts: web-001.local
+  become: true
+  tasks:
+    - name: Upgrade all packages
+      apt:
+        upgrade: dist
+        update_cache: yes
+
+- name: Reboot the host
+  reboot:
+
--- a/chapter05/webservers.yml
+++ b/chapter05/webservers.yml
@ -0,0 +1,41 @@
+---
+- hosts: webservers
+  become: true
+  tasks:
+    - name: Ensure nginx is installed
+      apt:
+        name: nginx
+        state: present
+
+    - name: Push website content to the web root
+      copy:
+        src: index.html
+        dest: /var/www/html/
+        mode: u=rw,g=r,o=r
+
+    - name: index.html also known as main.html
+      file:
+        state: link
+        src: /var/www/html/index.html
+        dest: /var/www/html/main.html
+
+    - name: Update the website content
+      lineinfile:
+        path: /var/www/html/index.html
+        line: "Just re-decorating a little!"
+
+    - name: Firewall - Allow SSH connections
+      ufw:
+        rule: allow
+        name: OpenSSH
+
+    - name: Firewall - Allow website connections
+      ufw:
+        rule: allow
+        name: "Nginx Full"
+    
+    - name: Firewall - Deny everything else
+      ufw:
+        state: enabled
+        policy: deny
+
--- a/chapter06/ansible.cfg
+++ b/chapter06/ansible.cfg
@ -0,0 +1,4 @@
+[defaults]
+host_key_checking = false
+inventory = inventory
+stdout_callback = yaml
--- a/chapter06/files/index.html
+++ b/chapter06/files/index.html
@ -0,0 +1 @@
+This is my website which was setup using Ansible
--- a/chapter06/inventory/group_vars/all
+++ b/chapter06/inventory/group_vars/all
@ -0,0 +1,2 @@
+---
+http_port: 80
--- a/chapter06/inventory/group_vars/webservers
+++ b/chapter06/inventory/group_vars/webservers
@ -0,0 +1,2 @@
+---
+http_port: 8080
--- a/chapter06/inventory/load_balancers
+++ b/chapter06/inventory/load_balancers
@ -0,0 +1,4 @@
+load_balancers:
+  hosts:
+    lb-001.local:
+
--- a/chapter06/inventory/webservers
+++ b/chapter06/inventory/webservers
@ -0,0 +1,6 @@
+---
+webservers:
+  hosts:
+    web-001.local:
+    web-002.local:
+
--- a/chapter06/upgrade.yml
+++ b/chapter06/upgrade.yml
@ -0,0 +1,15 @@
+---
+- hosts: web-001.local
+  gather_facts: no
+  become: true
+  tasks:
+    - name: Upgrade all packages
+      apt:
+        upgrade: dist
+        update_cache: yes
+      register: upgrade_result
+
+    - name: Reboot the host
+      reboot:
+      when: upgrade_result.changed
+
--- a/chapter06/webservers.yml
+++ b/chapter06/webservers.yml
@ -0,0 +1,48 @@
+---
+- hosts: webservers
+  become: true
+  tasks:
+    - name: Ensure nginx is installed
+      apt:
+        name: nginx
+        state: present
+
+    - name: Change the nginx port
+      replace:
+        path: /etc/nginx/sites-enabled/default
+        regexp: "listen [0-9]+"
+        replace: "listen {{ http_port }}"
+
+    - name: Reload nginx for new config
+      service:
+        name: nginx
+        state: reloaded
+
+    - name: Push website content to the web root
+      copy:
+        src: index.html
+        dest: /var/www/html/
+        mode: u=rw,g=r,o=r
+
+    - name: Firewall - Allow SSH connections
+      ufw:
+        rule: allow
+        name: OpenSSH
+
+    - name: Firewall - Allow website connections
+      ufw:
+        rule: allow
+        port: "{{ http_port }}"
+
+    - name: Firewall - Deny everything else
+      ufw:
+        state: enabled
+        policy: deny
+
+    - name: Validate that the http_port is working
+      wait_for:
+        host: "{{ ansible_host }}"
+        port: "{{ http_port }}"
+        timeout: 5
+      connection: local
+
--- a/chapter07/ansible.cfg
+++ b/chapter07/ansible.cfg
@ -0,0 +1,4 @@
+[defaults]
+host_key_checking = false
+inventory = inventory
+stdout_callback = yaml
--- a/chapter07/hostname.yml
+++ b/chapter07/hostname.yml
@ -0,0 +1,17 @@
+---
+- hosts: webservers
+  become: true
+  gather_facts: no
+  tasks:
+    - name: Raw value for inventory_hostname
+      debug:
+        msg: "{{ inventory_hostname }}"
+
+    - name: Uppercase inventory_hostname
+      debug:
+        msg: "{{ inventory_hostname | upper }}"
+
+    - name: Raw value for inventory_hostname
+      debug:
+        msg: "{{ inventory_hostname }}"
+
--- a/chapter07/inventory/group_vars/all
+++ b/chapter07/inventory/group_vars/all
@ -0,0 +1,2 @@
+---
+http_port: 80
--- a/chapter07/inventory/group_vars/webservers
+++ b/chapter07/inventory/group_vars/webservers
@ -0,0 +1,2 @@
+---
+http_port: 8080
--- a/chapter07/inventory/load_balancers
+++ b/chapter07/inventory/load_balancers
@ -0,0 +1,4 @@
+load_balancers:
+  hosts:
+    lb-001.local:
+
--- a/chapter07/inventory/webservers
+++ b/chapter07/inventory/webservers
@ -0,0 +1,6 @@
+---
+webservers:
+  hosts:
+    web-001.local:
+    web-002.local:
+      status_url: "status"
--- a/chapter07/templates/index.html.j2
+++ b/chapter07/templates/index.html.j2
@ -0,0 +1,16 @@
+My website, served from {{ inventory_hostname }}
+
+<p>
+IP Addresses:<br />
+{% for ip in ansible_all_ipv4_addresses %}
+    {{ ip }}<br />
+{% endfor %}
+</p>
+
+<p>
+Operating System:<br />
+{% for key, value in ansible_lsb.items() %}
+    {{ key }}: {{ value }}<br />
+{% endfor %}
+</p>
+
--- a/chapter07/templates/nginx-default.j2
+++ b/chapter07/templates/nginx-default.j2
@ -0,0 +1,14 @@
+server {
+  listen {{ http_port }} default_server;
+
+  root /var/www/html;
+
+  server_name _;
+
+  {% if status_url is defined -%}
+  location /{{ status_url | default('status') }} {
+    stub_status on;
+  }
+  {%- endif %}
+}
+
--- a/chapter07/upgrade.yml
+++ b/chapter07/upgrade.yml
@ -0,0 +1,15 @@
+---
+- hosts: web-001.local
+  gather_facts: no
+  become: true
+  tasks:
+    - name: Upgrade all packages
+      apt:
+        upgrade: dist
+        update_cache: yes
+      register: upgrade_result
+
+    - name: Reboot the host
+      reboot:
+      when: upgrade_result.changed
+
--- a/chapter07/webservers.yml
+++ b/chapter07/webservers.yml
@ -0,0 +1,48 @@
+---
+- hosts: webservers
+  become: true
+  tasks:
+    - name: Ensure nginx is installed
+      apt:
+        name: nginx
+        state: present
+
+    - name: Configure nginx
+      template:
+        src: nginx-default.j2
+        dest: /etc/nginx/sites-available/default
+        mode: u=rw,g=r,o=r
+
+    - name: Reload nginx for new config
+      service:
+        name: nginx
+        state: reloaded
+
+    - name: Push website content to the web root
+      template:
+        src: index.html.j2
+        dest: /var/www/html/index.html
+        mode: u=rw,g=r,o=r
+
+    - name: Firewall - Allow SSH connections
+      ufw:
+        rule: allow
+        name: OpenSSH
+
+    - name: Firewall - Allow website connections
+      ufw:
+        rule: allow
+        port: "{{ http_port }}"
+
+    - name: Firewall - Deny everything else
+      ufw:
+        state: enabled
+        policy: deny
+
+    - name: Validate that the http_port is working
+      wait_for:
+        host: "{{ ansible_host }}"
+        port: "{{ http_port }}"
+        timeout: 5
+      connection: local
+
--- a/chapter08/ansible.cfg
+++ b/chapter08/ansible.cfg
@ -0,0 +1,4 @@
+[defaults]
+host_key_checking = false
+inventory = inventory
+stdout_callback = yaml
--- a/chapter08/hostname.yml
+++ b/chapter08/hostname.yml
@ -0,0 +1,17 @@
+---
+- hosts: webservers
+  become: true
+  gather_facts: no
+  tasks:
+    - name: Raw value for inventory_hostname
+      debug:
+        msg: "{{ inventory_hostname }}"
+
+    - name: Uppercase inventory_hostname
+      debug:
+        msg: "{{ inventory_hostname | upper }}"
+
+    - name: Raw value for inventory_hostname
+      debug:
+        msg: "{{ inventory_hostname }}"
+
--- a/chapter08/inventory/group_vars/all
+++ b/chapter08/inventory/group_vars/all
@ -0,0 +1,2 @@
+---
+http_port: 80
--- a/chapter08/inventory/group_vars/webservers
+++ b/chapter08/inventory/group_vars/webservers
@ -0,0 +1,2 @@
+---
+http_port: 8080
--- a/chapter08/inventory/load_balancers
+++ b/chapter08/inventory/load_balancers
@ -0,0 +1,4 @@
+load_balancers:
+  hosts:
+    lb-001.local:
+
--- a/chapter08/inventory/webservers
+++ b/chapter08/inventory/webservers
@ -0,0 +1,6 @@
+---
+webservers:
+  hosts:
+    web-001.local:
+    web-002.local:
+      status_url: "status"
--- a/chapter08/templates/index.html.j2
+++ b/chapter08/templates/index.html.j2
@ -0,0 +1,16 @@
+My website, served from {{ inventory_hostname }}
+
+<p>
+IP Addresses:<br />
+{% for ip in ansible_all_ipv4_addresses %}
+    {{ ip }}<br />
+{% endfor %}
+</p>
+
+<p>
+Operating System:<br />
+{% for key, value in ansible_lsb.items() %}
+    {{ key }}: {{ value }}<br />
+{% endfor %}
+</p>
+
--- a/chapter08/templates/nginx-default.j2
+++ b/chapter08/templates/nginx-default.j2
@ -0,0 +1,14 @@
+server {
+  listen {{ http_port }} default_server;
+
+  root /var/www/html;
+
+  server_name _;
+
+  {% if status_url is defined -%}
+  location /{{ status_url | default('status') }} {
+    stub_status on;
+  }
+  {%- endif %}
+}
+
--- a/chapter08/upgrade.yml
+++ b/chapter08/upgrade.yml
@ -0,0 +1,15 @@
+---
+- hosts: web-001.local
+  gather_facts: no
+  become: true
+  tasks:
+    - name: Upgrade all packages
+      apt:
+        upgrade: dist
+        update_cache: yes
+      register: upgrade_result
+
+    - name: Reboot the host
+      reboot:
+      when: upgrade_result.changed
+
--- a/chapter08/webservers.yml
+++ b/chapter08/webservers.yml
@ -0,0 +1,52 @@
+---
+- hosts: webservers
+  become: true
+  handlers:
+    - name: Reload nginx
+      service:
+        name: nginx
+        state: reloaded
+      listen: "Reload web services" 
+
+    - name: Validate that the http_port is working
+      wait_for:
+        host: "{{ ansible_host }}"
+        port: "{{ http_port }}"
+        timeout: 5
+      connection: local
+      listen: "Reload web services"
+
+  tasks:
+    - name: Ensure nginx is installed
+      apt:
+        name: nginx
+        state: present
+
+    - name: Configure nginx
+      template:
+        src: nginx-default.j2
+        dest: /etc/nginx/sites-available/default
+        mode: u=rw,g=r,o=r
+      notify: "Reload web services"
+
+    - name: Push website content to the web root
+      template:
+        src: index.html.j2
+        dest: /var/www/html/index.html
+        mode: u=rw,g=r,o=r
+
+    - name: Firewall - Allow SSH connections
+      ufw:
+        rule: allow
+        name: OpenSSH
+
+    - name: Firewall - Allow website connections
+      ufw:
+        rule: allow
+        port: "{{ http_port }}"
+
+    - name: Firewall - Deny everything else
+      ufw:
+        state: enabled
+        policy: deny
+
--- a/chapter09/ansible.cfg
+++ b/chapter09/ansible.cfg
@ -0,0 +1,4 @@
+[defaults]
+host_key_checking = false
+inventory = inventory
+stdout_callback = yaml
--- a/chapter09/inventory/group_vars/all
+++ b/chapter09/inventory/group_vars/all
@ -0,0 +1,2 @@
+---
+http_port: 80
--- a/chapter09/inventory/group_vars/webservers
+++ b/chapter09/inventory/group_vars/webservers
@ -0,0 +1,2 @@
+---
+http_port: 8080
--- a/chapter09/inventory/load_balancers
+++ b/chapter09/inventory/load_balancers
@ -0,0 +1,4 @@
+load_balancers:
+  hosts:
+    lb-001.local:
+
--- a/chapter09/inventory/webservers
+++ b/chapter09/inventory/webservers
@ -0,0 +1,6 @@
+---
+webservers:
+  hosts:
+    web-001.local:
+    web-002.local:
+      status_url: "status"
--- a/chapter09/roles/firewall/tasks/main.yml
+++ b/chapter09/roles/firewall/tasks/main.yml
@ -0,0 +1,11 @@
+---
+- name: Firewall - Allow SSH connections
+  ufw:
+    rule: allow
+    name: OpenSSH
+
+- name: Firewall - Deny everything else
+  ufw:
+    state: enabled
+    policy: deny
+
--- a/chapter09/roles/webserver/defaults/main.yml
+++ b/chapter09/roles/webserver/defaults/main.yml
@ -0,0 +1,2 @@
+---
+http_port: 80
--- a/chapter09/roles/webserver/handlers/main.yml
+++ b/chapter09/roles/webserver/handlers/main.yml
@ -0,0 +1,15 @@
+---
+- name: Reload nginx
+  service:
+    name: nginx
+    state: reloaded
+  listen: "Reload web services"
+
+- name: Validate that the http_port is working
+  wait_for:
+    host: "{{ ansible_host }}"
+    port: "{{ http_port }}"
+    timeout: 5
+  connection: local
+  listen: "Reload web services"
+
--- a/chapter09/roles/webserver/meta/main.yml
+++ b/chapter09/roles/webserver/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: firewall
--- a/chapter09/roles/webserver/tasks/main.yml
+++ b/chapter09/roles/webserver/tasks/main.yml
@ -0,0 +1,23 @@
+- name: Ensure nginx is installed
+  apt:
+    name: nginx
+    state: present
+
+- name: Configure nginx
+  template:
+    src: nginx-default.j2
+    dest: /etc/nginx/sites-available/default
+    mode: u=rw,g=r,o=r
+  notify: "Reload web services"
+
+- name: Push website content to the web root
+  template:
+    src: index.html.j2
+    dest: /var/www/html/index.html
+    mode: u=rw,g=r,o=r
+
+- name: Firewall - Allow website connections
+  ufw:
+    rule: allow
+    port: "{{ http_port }}"
+
--- a/chapter09/roles/webserver/templates/index.html.j2
+++ b/chapter09/roles/webserver/templates/index.html.j2
@ -0,0 +1,16 @@
+My website, served from {{ inventory_hostname }}
+
+<p>
+IP Addresses:<br />
+{% for ip in ansible_all_ipv4_addresses %}
+    {{ ip }}<br />
+{% endfor %}
+</p>
+
+<p>
+Operating System:<br />
+{% for key, value in ansible_lsb.items() %}
+    {{ key }}: {{ value }}<br />
+{% endfor %}
+</p>
+
--- a/chapter09/roles/webserver/templates/nginx-default.j2
+++ b/chapter09/roles/webserver/templates/nginx-default.j2
@ -0,0 +1,14 @@
+server {
+  listen {{ http_port }} default_server;
+
+  root /var/www/html;
+
+  server_name _;
+
+  {% if status_url is defined -%}
+  location /{{ status_url | default('status') }} {
+    stub_status on;
+  }
+  {%- endif %}
+}
+
--- a/chapter09/webservers.yml
+++ b/chapter09/webservers.yml
@ -0,0 +1,8 @@
+---
+- hosts: webservers
+  become: true
+  tasks:
+    - name: Build webservers
+      include_role:
+        name: webserver
+
--- a/chapter10/ansible.cfg
+++ b/chapter10/ansible.cfg
@ -0,0 +1,4 @@
+[defaults]
+host_key_checking = false
+inventory = inventory
+stdout_callback = yaml
--- a/chapter10/inventory/group_vars/all
+++ b/chapter10/inventory/group_vars/all
@ -0,0 +1,3 @@
+---
+http_port: 80
+https_port: 443
--- a/chapter10/inventory/group_vars/webservers
+++ b/chapter10/inventory/group_vars/webservers
@ -0,0 +1,2 @@
+---
+http_port: 8080
--- a/chapter10/inventory/load_balancers
+++ b/chapter10/inventory/load_balancers
@ -0,0 +1,4 @@
+load_balancers:
+  hosts:
+    lb-001.local:
+
--- a/chapter10/inventory/webservers
+++ b/chapter10/inventory/webservers
@ -0,0 +1,6 @@
+---
+webservers:
+  hosts:
+    web-001.local:
+    web-002.local:
+      status_url: "status"
--- a/chapter10/provision.yml
+++ b/chapter10/provision.yml
@ -0,0 +1,20 @@
+---
+- hosts: webservers
+  become: true
+  tasks:
+    - name: Build webservers
+      include_role:
+        name: webserver
+      tags:
+        - always
+
+- hosts: load_balancers
+  become: true
+  tasks:
+    - name: Build load balancers
+      include_role:
+        name: load_balancer
+      tags:
+        - always
+
+
--- a/chapter10/roles/firewall/tasks/main.yml
+++ b/chapter10/roles/firewall/tasks/main.yml
@ -0,0 +1,15 @@
+---
+- name: Firewall - Allow SSH connections
+  ufw:
+    rule: allow
+    name: OpenSSH
+  tags:
+    - firewall
+
+- name: Firewall - Deny everything else
+  ufw:
+    state: enabled
+    policy: deny
+  tags:
+    - firewall
+
--- a/chapter10/roles/load_balancer/handlers/main.yml
+++ b/chapter10/roles/load_balancer/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: Reload HAProxy
+  service:
+    name: haproxy
+    state: reloaded
+
--- a/chapter10/roles/load_balancer/meta/main.yml
+++ b/chapter10/roles/load_balancer/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: firewall
--- a/chapter10/roles/load_balancer/tasks/main.yml
+++ b/chapter10/roles/load_balancer/tasks/main.yml
@ -0,0 +1,42 @@
+---
+- name: Install HAProxy
+  apt:
+    name: haproxy
+    state: present
+    cache_valid_time: 60
+
+- name: Create configuration directory
+  file:
+    path: /etc/haproxy/fragments
+    state: directory
+
+- name: Copy original configuration file
+  copy:
+    src: /etc/haproxy/haproxy.cfg
+    dest: /etc/haproxy/fragments/00_defaults.cfg
+    remote_src: yes
+    force: no
+
+- name: Setup frontends
+  template:
+    src: frontends.cfg.j2
+    dest: /etc/haproxy/fragments/40_frontends.cfg
+
+- name: Build configuration from fragments
+  assemble:
+    src: /etc/haproxy/fragments/
+    dest: /etc/haproxy/haproxy.cfg
+    validate: "haproxy -f %s -c"
+  notify: Reload HAProxy
+
+- name: Firewall - Allow website connections
+  ufw:
+    rule: allow
+    port: "{{ item }}"
+  loop:
+    - "{{ http_port }}"
+    - "{{ https_port }}"
+  tags:
+    - firewall
+
+
--- a/chapter10/roles/load_balancer/templates/backends.cfg.j2
+++ b/chapter10/roles/load_balancer/templates/backends.cfg.j2
@ -0,0 +1,6 @@
+backend web_servers
+    balance roundrobin
+    {% for host in groups.webservers %}
+    server {{ host }} {{ host }}:{{ hostvars[host].http_port }}
+{% endfor %}
+
--- a/chapter10/roles/load_balancer/templates/frontend.cfg.j2
+++ b/chapter10/roles/load_balancer/templates/frontend.cfg.j2
@ -0,0 +1,4 @@
+frontend awesome_ansible
+    bind *:{{ http_port }}
+    stats uri /haproxy?stats
+    default_backend web_servers
--- a/chapter10/roles/webserver/defaults/main.yml
+++ b/chapter10/roles/webserver/defaults/main.yml
@ -0,0 +1,2 @@
+---
+http_port: 80
--- a/chapter10/roles/webserver/handlers/main.yml
+++ b/chapter10/roles/webserver/handlers/main.yml
@ -0,0 +1,15 @@
+---
+- name: Reload nginx
+  service:
+    name: nginx
+    state: reloaded
+  listen: "Reload web services"
+
+- name: Validate that the http_port is working
+  wait_for:
+    host: "{{ ansible_host }}"
+    port: "{{ http_port }}"
+    timeout: 5
+  connection: local
+  listen: "Reload web services"
+
--- a/chapter10/roles/webserver/meta/main.yml
+++ b/chapter10/roles/webserver/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: firewall
--- a/chapter10/roles/webserver/tasks/main.yml
+++ b/chapter10/roles/webserver/tasks/main.yml
@ -0,0 +1,25 @@
+- name: Ensure nginx is installed
+  apt:
+    name: nginx
+    state: present
+
+- name: Configure nginx
+  template:
+    src: nginx-default.j2
+    dest: /etc/nginx/sites-available/default
+    mode: u=rw,g=r,o=r
+  notify: "Reload web services"
+
+- name: Push website content to the web root
+  template:
+    src: index.html.j2
+    dest: /var/www/html/index.html
+    mode: u=rw,g=r,o=r
+
+- name: Firewall - Allow website connections
+  ufw:
+    rule: allow
+    port: "{{ http_port }}"
+  tags:
+    - firewall
+
--- a/chapter10/roles/webserver/templates/index.html.j2
+++ b/chapter10/roles/webserver/templates/index.html.j2
@ -0,0 +1,16 @@
+My website, served from {{ inventory_hostname }}
+
+<p>
+IP Addresses:<br />
+{% for ip in ansible_all_ipv4_addresses %}
+    {{ ip }}<br />
+{% endfor %}
+</p>
+
+<p>
+Operating System:<br />
+{% for key, value in ansible_lsb.items() %}
+    {{ key }}: {{ value }}<br />
+{% endfor %}
+</p>
+
--- a/chapter10/roles/webserver/templates/nginx-default.j2
+++ b/chapter10/roles/webserver/templates/nginx-default.j2
@ -0,0 +1,14 @@
+server {
+  listen {{ http_port }} default_server;
+
+  root /var/www/html;
+
+  server_name _;
+
+  {% if status_url is defined -%}
+  location /{{ status_url | default('status') }} {
+    stub_status on;
+  }
+  {%- endif %}
+}
+
--- a/chapter11/ansible.cfg
+++ b/chapter11/ansible.cfg
@ -0,0 +1,4 @@
+[defaults]
+host_key_checking = false
+inventory = inventory
+stdout_callback = yaml
--- a/chapter11/inventory/databases
+++ b/chapter11/inventory/databases
@ -0,0 +1,4 @@
+---
+databases:
+  hosts:
+    db-001.local:
--- a/chapter11/inventory/group_vars/all
+++ b/chapter11/inventory/group_vars/all
@ -0,0 +1,11 @@
+---
+http_port: 80
+https_port: 443
+
+database:
+    host: db-001.local
+    name: wordpress
+    username: wordpress_rw
+    password: SomeSuperStrongPassword
+    root_password: EvenStrongerPassword
+
--- a/chapter11/inventory/group_vars/webservers
+++ b/chapter11/inventory/group_vars/webservers
@ -0,0 +1,2 @@
+---
+http_port: 8080
--- a/chapter11/inventory/load_balancers
+++ b/chapter11/inventory/load_balancers
@ -0,0 +1,4 @@
+load_balancers:
+  hosts:
+    lb-001.local:
+
--- a/chapter11/inventory/webservers
+++ b/chapter11/inventory/webservers
@ -0,0 +1,6 @@
+---
+webservers:
+  hosts:
+    web-001.local:
+    web-002.local:
+      status_url: "status"
--- a/chapter11/provision.yml
+++ b/chapter11/provision.yml
@ -0,0 +1,35 @@
+---
+- hosts: webservers
+  become: true
+  tasks:
+    - name: Build webservers
+      include_role:
+        name: webserver
+      tags:
+        - always
+
+    - name: Install Wordpress
+      include_role:
+        name: wordpress
+      tags:
+        - always
+
+- hosts: databases
+  become: true
+  tasks:
+    - name: Build Databases
+      include_role:
+        name: database
+      tags:
+        - always
+
+- hosts: load_balancers
+  become: true
+  tasks:
+    - name: Build load balancers
+      include_role:
+        name: load_balancer
+      tags:
+        - always
+
+
--- a/chapter11/roles/database/handlers/main.yml
+++ b/chapter11/roles/database/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: Restart MySQL
+  service:
+    name: mysql
+    state: restarted
--- a/chapter11/roles/database/tasks/main.yml
+++ b/chapter11/roles/database/tasks/main.yml
@ -0,0 +1,50 @@
+---
+- name: Install MySQL
+  apt:
+    name:
+      - mysql-server
+      - python3-pymysql
+    state: present
+
+- name: Set the root password
+  mysql_user:
+    name: root
+    password: "{{ database.root_password }}"
+    state: present
+    login_user: root
+    login_password: "{{database.root_password }}"
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  no_log: True
+
+- name: Create the wordpress database
+  mysql_db:
+    name: "{{ database.name }}"
+    state: present
+    login_user: root
+    login_password: "{{database.root_password }}"
+
+- name: Create the wordpress user
+  mysql_user:
+    name: "{{ database.username }}"
+    password: "{{database.password }}"
+    priv: "{{ database.name }}.*:ALL"
+    host: "%"
+    state: present
+    login_user: root
+    login_password: "{{database.root_password }}"
+  no_log: True
+
+- name: Ensure MySQL listens on the network
+  lineinfile:
+    path: /etc/mysql/mysql.conf.d/mysqld.cnf
+    regexp: '^bind-address'
+    line: 'bind-address = 0.0.0.0'
+  notify:
+    - Restart MySQL
+
+- name: Firewall - Allow database connections
+  ufw:
+    rule: allow
+    port: "3306"
+  tags:
+    - firewall
--- a/chapter11/roles/firewall/tasks/main.yml
+++ b/chapter11/roles/firewall/tasks/main.yml
@ -0,0 +1,15 @@
+---
+- name: Firewall - Allow SSH connections
+  ufw:
+    rule: allow
+    name: OpenSSH
+  tags:
+    - firewall
+
+- name: Firewall - Deny everything else
+  ufw:
+    state: enabled
+    policy: deny
+  tags:
+    - firewall
+
--- a/chapter11/roles/load_balancer/handlers/main.yml
+++ b/chapter11/roles/load_balancer/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: Reload HAProxy
+  service:
+    name: haproxy
+    state: reloaded
+
--- a/chapter11/roles/load_balancer/meta/main.yml
+++ b/chapter11/roles/load_balancer/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: firewall
--- a/chapter11/roles/load_balancer/tasks/main.yml
+++ b/chapter11/roles/load_balancer/tasks/main.yml
@ -0,0 +1,42 @@
+---
+- name: Install HAProxy
+  apt:
+    name: haproxy
+    state: present
+    cache_valid_time: 60
+
+- name: Create configuration directory
+  file:
+    path: /etc/haproxy/fragments
+    state: directory
+
+- name: Copy original configuration file
+  copy:
+    src: /etc/haproxy/haproxy.cfg
+    dest: /etc/haproxy/fragments/00_defaults.cfg
+    remote_src: yes
+    force: no
+
+- name: Setup frontends
+  template:
+    src: frontends.cfg.j2
+    dest: /etc/haproxy/fragments/40_frontends.cfg
+
+- name: Build configuration from fragments
+  assemble:
+    src: /etc/haproxy/fragments/
+    dest: /etc/haproxy/haproxy.cfg
+    validate: "haproxy -f %s -c"
+  notify: Reload HAProxy
+
+- name: Firewall - Allow website connections
+  ufw:
+    rule: allow
+    port: "{{ item }}"
+  loop:
+    - "{{ http_port }}"
+    - "{{ https_port }}"
+  tags:
+    - firewall
+
+
--- a/chapter11/roles/load_balancer/templates/backends.cfg.j2
+++ b/chapter11/roles/load_balancer/templates/backends.cfg.j2
@ -0,0 +1,7 @@
+backend web_servers
+    balance roundrobin
+    cookie SERVERID insert indirect nocache
+    {% for host in groups.webservers %}
+    server {{ host }} {{ host }}:{{ hostvars[host].http_port }} check cookie {{ host }}
+{% endfor %}
+
--- a/chapter11/roles/load_balancer/templates/frontend.cfg.j2
+++ b/chapter11/roles/load_balancer/templates/frontend.cfg.j2
@ -0,0 +1,4 @@
+frontend awesome_ansible
+    bind *:{{ http_port }}
+    stats uri /haproxy?stats
+    default_backend web_servers
--- a/Show more
+++ b/Show more
				`@ -0,0 +1 @@`
				`This is my website which was setup using Ansible`