commit 7cb6997da965bc6353b924a9bf0afec6af6e4b2a Author: Shaun S Date: Mon Mar 21 17:17:54 2022 +0000 Initial Commit diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..dfe0770 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +# Auto detect text files and perform LF normalization +* text=auto diff --git a/9781484281727.JPG b/9781484281727.JPG new file mode 100644 index 0000000..4a709f5 Binary files /dev/null and b/9781484281727.JPG differ diff --git a/Contributing.md b/Contributing.md new file mode 100644 index 0000000..f6005ad --- /dev/null +++ b/Contributing.md @@ -0,0 +1,14 @@ +# Contributing to Apress Source Code + +Copyright for Apress source code belongs to the author(s). However, under fair use you are encouraged to fork and contribute minor corrections and updates for the benefit of the author(s) and other readers. + +## How to Contribute + +1. Make sure you have a GitHub account. +2. Fork the repository for the relevant book. +3. Create a new branch on which to make your change, e.g. +`git checkout -b my_code_contribution` +4. Commit your change. Include a commit message describing the correction. Please note that if your commit message is not clear, the correction will not be accepted. +5. Submit a pull request. + +Thank you for your contribution! \ No newline at end of file diff --git a/LICENSE.txt b/LICENSE.txt new file mode 100644 index 0000000..e96f4e6 --- /dev/null +++ b/LICENSE.txt @@ -0,0 +1,27 @@ +Freeware License, some rights reserved + +Copyright (c) 2022 Shaun R Smith and Peter Membrey + +Permission is hereby granted, free of charge, to anyone obtaining a copy +of this software and associated documentation files (the "Software"), +to work with the Software within the limits of freeware distribution and fair use. +This includes the rights to use, copy, and modify the Software for personal use. +Users are also allowed and encouraged to submit corrections and modifications +to the Software for the benefit of other users. + +It is not allowed to reuse, modify, or redistribute the Software for +commercial use in any way, or for a user’s educational materials such as books +or blog articles without prior permission from the copyright holder. + +The above copyright notice and this permission notice need to be included +in all copies or substantial portions of the software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS OR APRESS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + + diff --git a/README.md b/README.md new file mode 100644 index 0000000..4ebe423 --- /dev/null +++ b/README.md @@ -0,0 +1,16 @@ +# Apress Source Code + +This repository accompanies [*Beginning Ansible Concepts and Application: Provisioning, Configuring, and Managing Servers, Applications and their Dependencies*](https://www.link.springer.com/book/10.1007/9781484281727) by Shaun R Smith and Peter Membrey (Apress, 2022). + +[comment]: #cover +![Cover image](9781484281727.JPG) + +Download the files as a zip using the green button, or clone the repository to your machine using Git. + +## Releases + +Release v1.0 corresponds to the code in the published book, without corrections or updates. + +## Contributions + +See the file Contributing.md for more information on how you can contribute to this repository. \ No newline at end of file diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..4c8350f --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,82 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.configure("2") do |config| + config.vm.box = "ubuntu/focal64" + + # globally disable the default synced folder + config.vm.synced_folder ".", "/vagrant", disabled: true + + # do not create a secure private key per host, we want to use a single key + # this allows the controller to connect to the target hosts + config.ssh.insert_key = false + + # Set provider virtualbox to use GUI, for two reasons: + # 1. More obvious to the user what is running, so they don't consume too much background resource + # 2. To work around an x64 boot issue in Virtualbox when hardware virtualization is disabled in BIOS + config.vm.provider "virtualbox" do |v| +# v.gui = true + v.cpus = 1 + end + + # The Ansible controller machine + config.vm.define :controller, primary: true do |controller| + controller.vm.hostname = "ansible-controller" + controller.vm.network "private_network", ip: "192.168.98.100" + + # Sync the local directory with ansible-friendly permissions + controller.vm.synced_folder ".", "/vagrant", + owner: "vagrant", + mount_options: ["dmode=755,fmode=644"] + + controller.vm.provision "file", source: "~/.vagrant.d/insecure_private_key", destination: "$HOME/.ssh/id_rsa" + + controller.vm.provision "shell", inline: <<-SHELL + chmod 600 /home/vagrant/.ssh/id_rsa + apt-get install -y ansible sshpass + SHELL + end + + + # Example web servers + (1..2).each do |i| + config.vm.define "web-00#{i}" do |node| + node.vm.hostname = "web-00#{i}" + node.vm.network "private_network", ip: "192.168.98.11#{i}" + end + end + + # Example load balancer + (1..1).each do |i| + config.vm.define "lb-00#{i}" do |node| + node.vm.hostname = "lb-00#{i}" + node.vm.network "private_network", ip: "192.168.98.12#{i}" + end + end + + # Example database server + (1..1).each do |i| + config.vm.define "db-00#{i}" do |node| + node.vm.hostname = "db-00#{i}" + node.vm.network "private_network", ip: "192.168.98.13#{i}" + end + end + + # Generic provisioner to ensure we have python available + # This is an ansible requirement for all managed nodes + config.vm.provision "shell", inline: <<-SHELL + # Disable hardware based sha256sum in apt, not ideal - but Windows 10 WSL breaks VirtualBox + # and we can't really ask everyone to disable that + # See: https://askubuntu.com/questions/1235914/hash-sum-mismatch-error-due-to-identical-sha1-and-md5-but-different-sha256/1241893 + mkdir /etc/gcrypt + echo all >> /etc/gcrypt/hwf.deny + + apt-get update + apt-get install -y python3-minimal python3-apt avahi-daemon tree + + rm -f /etc/update-motd.d/* + sed -i "s/^ENABLED=.*/ENABLED=0/" /etc/default/motd-news + SHELL + + config.vm.boot_timeout = 360 +end diff --git a/chapter02/ansible.cfg b/chapter02/ansible.cfg new file mode 100644 index 0000000..fd15120 --- /dev/null +++ b/chapter02/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +host_key_checking = false +inventory = hosts diff --git a/chapter02/hosts b/chapter02/hosts new file mode 100644 index 0000000..2497f58 --- /dev/null +++ b/chapter02/hosts @@ -0,0 +1,2 @@ +web-001.local +web-002.local diff --git a/chapter03/ansible.cfg b/chapter03/ansible.cfg new file mode 100644 index 0000000..643231f --- /dev/null +++ b/chapter03/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +host_key_checking = false +inventory = inventory diff --git a/chapter03/hosts b/chapter03/hosts new file mode 100644 index 0000000..0e064ee --- /dev/null +++ b/chapter03/hosts @@ -0,0 +1,17 @@ +[webservers] +web-001.local +web-002 ansible_host=192.168.98.112 ansible_port=22 + +[webservers:vars] +http_port=8080 + +[load_balancers] +lb-001.local + +[staging] +web-002 + +[production] +web-001.local +lb-001.local + diff --git a/chapter03/inventory/load_balancers b/chapter03/inventory/load_balancers new file mode 100644 index 0000000..3f9f331 --- /dev/null +++ b/chapter03/inventory/load_balancers @@ -0,0 +1,4 @@ +load_balancers: + hosts: + lb-001.local: + diff --git a/chapter03/inventory/webservers b/chapter03/inventory/webservers new file mode 100644 index 0000000..286b29c --- /dev/null +++ b/chapter03/inventory/webservers @@ -0,0 +1,9 @@ +--- +webservers: + hosts: + web-001.local: + web-002: + ansible_host: 192.168.98.112 + vars: + http_port: 8080 + diff --git a/chapter03/ranges b/chapter03/ranges new file mode 100644 index 0000000..25acecc --- /dev/null +++ b/chapter03/ranges @@ -0,0 +1,2 @@ +[webservers] +web-0[01:10] diff --git a/chapter03/regional b/chapter03/regional new file mode 100644 index 0000000..10c4176 --- /dev/null +++ b/chapter03/regional @@ -0,0 +1,24 @@ +[germany] +web-de-00[1:2] + +[france] +web-fr-001 + +[netherlands] +web-nl-001 + +[spain] +web-es-00[1:3] + +[usa] +web-us-00[1:4] + +[europe:children] +germany +france +netherlands +spain + +[americas:children] +usa + diff --git a/chapter04/ansible.cfg b/chapter04/ansible.cfg new file mode 100644 index 0000000..643231f --- /dev/null +++ b/chapter04/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +host_key_checking = false +inventory = inventory diff --git a/chapter04/files/index.html b/chapter04/files/index.html new file mode 100644 index 0000000..8914320 --- /dev/null +++ b/chapter04/files/index.html @@ -0,0 +1 @@ +This is my website which was setup using Ansible diff --git a/chapter04/inventory/load_balancers b/chapter04/inventory/load_balancers new file mode 100644 index 0000000..3f9f331 --- /dev/null +++ b/chapter04/inventory/load_balancers @@ -0,0 +1,4 @@ +load_balancers: + hosts: + lb-001.local: + diff --git a/chapter04/inventory/webservers b/chapter04/inventory/webservers new file mode 100644 index 0000000..286b29c --- /dev/null +++ b/chapter04/inventory/webservers @@ -0,0 +1,9 @@ +--- +webservers: + hosts: + web-001.local: + web-002: + ansible_host: 192.168.98.112 + vars: + http_port: 8080 + diff --git a/chapter04/webservers.yml b/chapter04/webservers.yml new file mode 100644 index 0000000..30e5c8e --- /dev/null +++ b/chapter04/webservers.yml @@ -0,0 +1,15 @@ +--- +- hosts: webservers + become: true + tasks: + - name: Ensure nginx is installed + apt: + name: nginx + state: present + + - name: Push website content to the web root + copy : + src: index.html + dest: /var/www/html/ + mode: u=rw,g=r,o=r + diff --git a/chapter05/ansible.cfg b/chapter05/ansible.cfg new file mode 100644 index 0000000..c0cf984 --- /dev/null +++ b/chapter05/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +host_key_checking = false +inventory = inventory +stdout_callback = yaml diff --git a/chapter05/exploring-apt.yml b/chapter05/exploring-apt.yml new file mode 100644 index 0000000..f29ccf3 --- /dev/null +++ b/chapter05/exploring-apt.yml @@ -0,0 +1,15 @@ +--- +- hosts: web-001.local + become: true + tasks: + - name: Ensure nginx is installed + apt: + name: nginx + state: latest + cache_valid_time: 60 + + - name: Uninstall tree command + apt: + name: tree + state: absent + diff --git a/chapter05/files/index.html b/chapter05/files/index.html new file mode 100644 index 0000000..8914320 --- /dev/null +++ b/chapter05/files/index.html @@ -0,0 +1 @@ +This is my website which was setup using Ansible diff --git a/chapter05/inventory/load_balancers b/chapter05/inventory/load_balancers new file mode 100644 index 0000000..3f9f331 --- /dev/null +++ b/chapter05/inventory/load_balancers @@ -0,0 +1,4 @@ +load_balancers: + hosts: + lb-001.local: + diff --git a/chapter05/inventory/webservers b/chapter05/inventory/webservers new file mode 100644 index 0000000..286b29c --- /dev/null +++ b/chapter05/inventory/webservers @@ -0,0 +1,9 @@ +--- +webservers: + hosts: + web-001.local: + web-002: + ansible_host: 192.168.98.112 + vars: + http_port: 8080 + diff --git a/chapter05/upgrade.yml b/chapter05/upgrade.yml new file mode 100644 index 0000000..45be30a --- /dev/null +++ b/chapter05/upgrade.yml @@ -0,0 +1,12 @@ +--- +- hosts: web-001.local + become: true + tasks: + - name: Upgrade all packages + apt: + upgrade: dist + update_cache: yes + +- name: Reboot the host + reboot: + diff --git a/chapter05/webservers.yml b/chapter05/webservers.yml new file mode 100644 index 0000000..1cbccde --- /dev/null +++ b/chapter05/webservers.yml @@ -0,0 +1,41 @@ +--- +- hosts: webservers + become: true + tasks: + - name: Ensure nginx is installed + apt: + name: nginx + state: present + + - name: Push website content to the web root + copy: + src: index.html + dest: /var/www/html/ + mode: u=rw,g=r,o=r + + - name: index.html also known as main.html + file: + state: link + src: /var/www/html/index.html + dest: /var/www/html/main.html + + - name: Update the website content + lineinfile: + path: /var/www/html/index.html + line: "Just re-decorating a little!" + + - name: Firewall - Allow SSH connections + ufw: + rule: allow + name: OpenSSH + + - name: Firewall - Allow website connections + ufw: + rule: allow + name: "Nginx Full" + + - name: Firewall - Deny everything else + ufw: + state: enabled + policy: deny + diff --git a/chapter06/ansible.cfg b/chapter06/ansible.cfg new file mode 100644 index 0000000..c0cf984 --- /dev/null +++ b/chapter06/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +host_key_checking = false +inventory = inventory +stdout_callback = yaml diff --git a/chapter06/files/index.html b/chapter06/files/index.html new file mode 100644 index 0000000..8914320 --- /dev/null +++ b/chapter06/files/index.html @@ -0,0 +1 @@ +This is my website which was setup using Ansible diff --git a/chapter06/inventory/group_vars/all b/chapter06/inventory/group_vars/all new file mode 100644 index 0000000..2336abe --- /dev/null +++ b/chapter06/inventory/group_vars/all @@ -0,0 +1,2 @@ +--- +http_port: 80 diff --git a/chapter06/inventory/group_vars/webservers b/chapter06/inventory/group_vars/webservers new file mode 100644 index 0000000..e371e5a --- /dev/null +++ b/chapter06/inventory/group_vars/webservers @@ -0,0 +1,2 @@ +--- +http_port: 8080 diff --git a/chapter06/inventory/load_balancers b/chapter06/inventory/load_balancers new file mode 100644 index 0000000..3f9f331 --- /dev/null +++ b/chapter06/inventory/load_balancers @@ -0,0 +1,4 @@ +load_balancers: + hosts: + lb-001.local: + diff --git a/chapter06/inventory/webservers b/chapter06/inventory/webservers new file mode 100644 index 0000000..29e9668 --- /dev/null +++ b/chapter06/inventory/webservers @@ -0,0 +1,6 @@ +--- +webservers: + hosts: + web-001.local: + web-002.local: + diff --git a/chapter06/upgrade.yml b/chapter06/upgrade.yml new file mode 100644 index 0000000..548a35b --- /dev/null +++ b/chapter06/upgrade.yml @@ -0,0 +1,15 @@ +--- +- hosts: web-001.local + gather_facts: no + become: true + tasks: + - name: Upgrade all packages + apt: + upgrade: dist + update_cache: yes + register: upgrade_result + + - name: Reboot the host + reboot: + when: upgrade_result.changed + diff --git a/chapter06/webservers.yml b/chapter06/webservers.yml new file mode 100644 index 0000000..f50cb2f --- /dev/null +++ b/chapter06/webservers.yml @@ -0,0 +1,48 @@ +--- +- hosts: webservers + become: true + tasks: + - name: Ensure nginx is installed + apt: + name: nginx + state: present + + - name: Change the nginx port + replace: + path: /etc/nginx/sites-enabled/default + regexp: "listen [0-9]+" + replace: "listen {{ http_port }}" + + - name: Reload nginx for new config + service: + name: nginx + state: reloaded + + - name: Push website content to the web root + copy: + src: index.html + dest: /var/www/html/ + mode: u=rw,g=r,o=r + + - name: Firewall - Allow SSH connections + ufw: + rule: allow + name: OpenSSH + + - name: Firewall - Allow website connections + ufw: + rule: allow + port: "{{ http_port }}" + + - name: Firewall - Deny everything else + ufw: + state: enabled + policy: deny + + - name: Validate that the http_port is working + wait_for: + host: "{{ ansible_host }}" + port: "{{ http_port }}" + timeout: 5 + connection: local + diff --git a/chapter07/ansible.cfg b/chapter07/ansible.cfg new file mode 100644 index 0000000..c0cf984 --- /dev/null +++ b/chapter07/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +host_key_checking = false +inventory = inventory +stdout_callback = yaml diff --git a/chapter07/hostname.yml b/chapter07/hostname.yml new file mode 100644 index 0000000..c4e2b87 --- /dev/null +++ b/chapter07/hostname.yml @@ -0,0 +1,17 @@ +--- +- hosts: webservers + become: true + gather_facts: no + tasks: + - name: Raw value for inventory_hostname + debug: + msg: "{{ inventory_hostname }}" + + - name: Uppercase inventory_hostname + debug: + msg: "{{ inventory_hostname | upper }}" + + - name: Raw value for inventory_hostname + debug: + msg: "{{ inventory_hostname }}" + diff --git a/chapter07/inventory/group_vars/all b/chapter07/inventory/group_vars/all new file mode 100644 index 0000000..2336abe --- /dev/null +++ b/chapter07/inventory/group_vars/all @@ -0,0 +1,2 @@ +--- +http_port: 80 diff --git a/chapter07/inventory/group_vars/webservers b/chapter07/inventory/group_vars/webservers new file mode 100644 index 0000000..e371e5a --- /dev/null +++ b/chapter07/inventory/group_vars/webservers @@ -0,0 +1,2 @@ +--- +http_port: 8080 diff --git a/chapter07/inventory/load_balancers b/chapter07/inventory/load_balancers new file mode 100644 index 0000000..3f9f331 --- /dev/null +++ b/chapter07/inventory/load_balancers @@ -0,0 +1,4 @@ +load_balancers: + hosts: + lb-001.local: + diff --git a/chapter07/inventory/webservers b/chapter07/inventory/webservers new file mode 100644 index 0000000..5e335e4 --- /dev/null +++ b/chapter07/inventory/webservers @@ -0,0 +1,6 @@ +--- +webservers: + hosts: + web-001.local: + web-002.local: + status_url: "status" diff --git a/chapter07/templates/index.html.j2 b/chapter07/templates/index.html.j2 new file mode 100644 index 0000000..b755e66 --- /dev/null +++ b/chapter07/templates/index.html.j2 @@ -0,0 +1,16 @@ +My website, served from {{ inventory_hostname }} + +

+IP Addresses:
+{% for ip in ansible_all_ipv4_addresses %} + {{ ip }}
+{% endfor %} +

+ +

+Operating System:
+{% for key, value in ansible_lsb.items() %} + {{ key }}: {{ value }}
+{% endfor %} +

+ diff --git a/chapter07/templates/nginx-default.j2 b/chapter07/templates/nginx-default.j2 new file mode 100644 index 0000000..26764dd --- /dev/null +++ b/chapter07/templates/nginx-default.j2 @@ -0,0 +1,14 @@ +server { + listen {{ http_port }} default_server; + + root /var/www/html; + + server_name _; + + {% if status_url is defined -%} + location /{{ status_url | default('status') }} { + stub_status on; + } + {%- endif %} +} + diff --git a/chapter07/upgrade.yml b/chapter07/upgrade.yml new file mode 100644 index 0000000..548a35b --- /dev/null +++ b/chapter07/upgrade.yml @@ -0,0 +1,15 @@ +--- +- hosts: web-001.local + gather_facts: no + become: true + tasks: + - name: Upgrade all packages + apt: + upgrade: dist + update_cache: yes + register: upgrade_result + + - name: Reboot the host + reboot: + when: upgrade_result.changed + diff --git a/chapter07/webservers.yml b/chapter07/webservers.yml new file mode 100644 index 0000000..19ac9f0 --- /dev/null +++ b/chapter07/webservers.yml @@ -0,0 +1,48 @@ +--- +- hosts: webservers + become: true + tasks: + - name: Ensure nginx is installed + apt: + name: nginx + state: present + + - name: Configure nginx + template: + src: nginx-default.j2 + dest: /etc/nginx/sites-available/default + mode: u=rw,g=r,o=r + + - name: Reload nginx for new config + service: + name: nginx + state: reloaded + + - name: Push website content to the web root + template: + src: index.html.j2 + dest: /var/www/html/index.html + mode: u=rw,g=r,o=r + + - name: Firewall - Allow SSH connections + ufw: + rule: allow + name: OpenSSH + + - name: Firewall - Allow website connections + ufw: + rule: allow + port: "{{ http_port }}" + + - name: Firewall - Deny everything else + ufw: + state: enabled + policy: deny + + - name: Validate that the http_port is working + wait_for: + host: "{{ ansible_host }}" + port: "{{ http_port }}" + timeout: 5 + connection: local + diff --git a/chapter08/ansible.cfg b/chapter08/ansible.cfg new file mode 100644 index 0000000..c0cf984 --- /dev/null +++ b/chapter08/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +host_key_checking = false +inventory = inventory +stdout_callback = yaml diff --git a/chapter08/hostname.yml b/chapter08/hostname.yml new file mode 100644 index 0000000..c4e2b87 --- /dev/null +++ b/chapter08/hostname.yml @@ -0,0 +1,17 @@ +--- +- hosts: webservers + become: true + gather_facts: no + tasks: + - name: Raw value for inventory_hostname + debug: + msg: "{{ inventory_hostname }}" + + - name: Uppercase inventory_hostname + debug: + msg: "{{ inventory_hostname | upper }}" + + - name: Raw value for inventory_hostname + debug: + msg: "{{ inventory_hostname }}" + diff --git a/chapter08/inventory/group_vars/all b/chapter08/inventory/group_vars/all new file mode 100644 index 0000000..2336abe --- /dev/null +++ b/chapter08/inventory/group_vars/all @@ -0,0 +1,2 @@ +--- +http_port: 80 diff --git a/chapter08/inventory/group_vars/webservers b/chapter08/inventory/group_vars/webservers new file mode 100644 index 0000000..e371e5a --- /dev/null +++ b/chapter08/inventory/group_vars/webservers @@ -0,0 +1,2 @@ +--- +http_port: 8080 diff --git a/chapter08/inventory/load_balancers b/chapter08/inventory/load_balancers new file mode 100644 index 0000000..3f9f331 --- /dev/null +++ b/chapter08/inventory/load_balancers @@ -0,0 +1,4 @@ +load_balancers: + hosts: + lb-001.local: + diff --git a/chapter08/inventory/webservers b/chapter08/inventory/webservers new file mode 100644 index 0000000..5e335e4 --- /dev/null +++ b/chapter08/inventory/webservers @@ -0,0 +1,6 @@ +--- +webservers: + hosts: + web-001.local: + web-002.local: + status_url: "status" diff --git a/chapter08/templates/index.html.j2 b/chapter08/templates/index.html.j2 new file mode 100644 index 0000000..b755e66 --- /dev/null +++ b/chapter08/templates/index.html.j2 @@ -0,0 +1,16 @@ +My website, served from {{ inventory_hostname }} + +

+IP Addresses:
+{% for ip in ansible_all_ipv4_addresses %} + {{ ip }}
+{% endfor %} +

+ +

+Operating System:
+{% for key, value in ansible_lsb.items() %} + {{ key }}: {{ value }}
+{% endfor %} +

+ diff --git a/chapter08/templates/nginx-default.j2 b/chapter08/templates/nginx-default.j2 new file mode 100644 index 0000000..26764dd --- /dev/null +++ b/chapter08/templates/nginx-default.j2 @@ -0,0 +1,14 @@ +server { + listen {{ http_port }} default_server; + + root /var/www/html; + + server_name _; + + {% if status_url is defined -%} + location /{{ status_url | default('status') }} { + stub_status on; + } + {%- endif %} +} + diff --git a/chapter08/upgrade.yml b/chapter08/upgrade.yml new file mode 100644 index 0000000..548a35b --- /dev/null +++ b/chapter08/upgrade.yml @@ -0,0 +1,15 @@ +--- +- hosts: web-001.local + gather_facts: no + become: true + tasks: + - name: Upgrade all packages + apt: + upgrade: dist + update_cache: yes + register: upgrade_result + + - name: Reboot the host + reboot: + when: upgrade_result.changed + diff --git a/chapter08/webservers.yml b/chapter08/webservers.yml new file mode 100644 index 0000000..e7b9c48 --- /dev/null +++ b/chapter08/webservers.yml @@ -0,0 +1,52 @@ +--- +- hosts: webservers + become: true + handlers: + - name: Reload nginx + service: + name: nginx + state: reloaded + listen: "Reload web services" + + - name: Validate that the http_port is working + wait_for: + host: "{{ ansible_host }}" + port: "{{ http_port }}" + timeout: 5 + connection: local + listen: "Reload web services" + + tasks: + - name: Ensure nginx is installed + apt: + name: nginx + state: present + + - name: Configure nginx + template: + src: nginx-default.j2 + dest: /etc/nginx/sites-available/default + mode: u=rw,g=r,o=r + notify: "Reload web services" + + - name: Push website content to the web root + template: + src: index.html.j2 + dest: /var/www/html/index.html + mode: u=rw,g=r,o=r + + - name: Firewall - Allow SSH connections + ufw: + rule: allow + name: OpenSSH + + - name: Firewall - Allow website connections + ufw: + rule: allow + port: "{{ http_port }}" + + - name: Firewall - Deny everything else + ufw: + state: enabled + policy: deny + diff --git a/chapter09/ansible.cfg b/chapter09/ansible.cfg new file mode 100644 index 0000000..c0cf984 --- /dev/null +++ b/chapter09/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +host_key_checking = false +inventory = inventory +stdout_callback = yaml diff --git a/chapter09/inventory/group_vars/all b/chapter09/inventory/group_vars/all new file mode 100644 index 0000000..2336abe --- /dev/null +++ b/chapter09/inventory/group_vars/all @@ -0,0 +1,2 @@ +--- +http_port: 80 diff --git a/chapter09/inventory/group_vars/webservers b/chapter09/inventory/group_vars/webservers new file mode 100644 index 0000000..e371e5a --- /dev/null +++ b/chapter09/inventory/group_vars/webservers @@ -0,0 +1,2 @@ +--- +http_port: 8080 diff --git a/chapter09/inventory/load_balancers b/chapter09/inventory/load_balancers new file mode 100644 index 0000000..3f9f331 --- /dev/null +++ b/chapter09/inventory/load_balancers @@ -0,0 +1,4 @@ +load_balancers: + hosts: + lb-001.local: + diff --git a/chapter09/inventory/webservers b/chapter09/inventory/webservers new file mode 100644 index 0000000..5e335e4 --- /dev/null +++ b/chapter09/inventory/webservers @@ -0,0 +1,6 @@ +--- +webservers: + hosts: + web-001.local: + web-002.local: + status_url: "status" diff --git a/chapter09/roles/firewall/tasks/main.yml b/chapter09/roles/firewall/tasks/main.yml new file mode 100644 index 0000000..831ac5d --- /dev/null +++ b/chapter09/roles/firewall/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: Firewall - Allow SSH connections + ufw: + rule: allow + name: OpenSSH + +- name: Firewall - Deny everything else + ufw: + state: enabled + policy: deny + diff --git a/chapter09/roles/webserver/defaults/main.yml b/chapter09/roles/webserver/defaults/main.yml new file mode 100644 index 0000000..2336abe --- /dev/null +++ b/chapter09/roles/webserver/defaults/main.yml @@ -0,0 +1,2 @@ +--- +http_port: 80 diff --git a/chapter09/roles/webserver/handlers/main.yml b/chapter09/roles/webserver/handlers/main.yml new file mode 100644 index 0000000..e3ae38f --- /dev/null +++ b/chapter09/roles/webserver/handlers/main.yml @@ -0,0 +1,15 @@ +--- +- name: Reload nginx + service: + name: nginx + state: reloaded + listen: "Reload web services" + +- name: Validate that the http_port is working + wait_for: + host: "{{ ansible_host }}" + port: "{{ http_port }}" + timeout: 5 + connection: local + listen: "Reload web services" + diff --git a/chapter09/roles/webserver/meta/main.yml b/chapter09/roles/webserver/meta/main.yml new file mode 100644 index 0000000..2a7a00a --- /dev/null +++ b/chapter09/roles/webserver/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: firewall diff --git a/chapter09/roles/webserver/tasks/main.yml b/chapter09/roles/webserver/tasks/main.yml new file mode 100644 index 0000000..a11f0c3 --- /dev/null +++ b/chapter09/roles/webserver/tasks/main.yml @@ -0,0 +1,23 @@ +- name: Ensure nginx is installed + apt: + name: nginx + state: present + +- name: Configure nginx + template: + src: nginx-default.j2 + dest: /etc/nginx/sites-available/default + mode: u=rw,g=r,o=r + notify: "Reload web services" + +- name: Push website content to the web root + template: + src: index.html.j2 + dest: /var/www/html/index.html + mode: u=rw,g=r,o=r + +- name: Firewall - Allow website connections + ufw: + rule: allow + port: "{{ http_port }}" + diff --git a/chapter09/roles/webserver/templates/index.html.j2 b/chapter09/roles/webserver/templates/index.html.j2 new file mode 100644 index 0000000..b755e66 --- /dev/null +++ b/chapter09/roles/webserver/templates/index.html.j2 @@ -0,0 +1,16 @@ +My website, served from {{ inventory_hostname }} + +

+IP Addresses:
+{% for ip in ansible_all_ipv4_addresses %} + {{ ip }}
+{% endfor %} +

+ +

+Operating System:
+{% for key, value in ansible_lsb.items() %} + {{ key }}: {{ value }}
+{% endfor %} +

+ diff --git a/chapter09/roles/webserver/templates/nginx-default.j2 b/chapter09/roles/webserver/templates/nginx-default.j2 new file mode 100644 index 0000000..26764dd --- /dev/null +++ b/chapter09/roles/webserver/templates/nginx-default.j2 @@ -0,0 +1,14 @@ +server { + listen {{ http_port }} default_server; + + root /var/www/html; + + server_name _; + + {% if status_url is defined -%} + location /{{ status_url | default('status') }} { + stub_status on; + } + {%- endif %} +} + diff --git a/chapter09/webservers.yml b/chapter09/webservers.yml new file mode 100644 index 0000000..6773e14 --- /dev/null +++ b/chapter09/webservers.yml @@ -0,0 +1,8 @@ +--- +- hosts: webservers + become: true + tasks: + - name: Build webservers + include_role: + name: webserver + diff --git a/chapter10/ansible.cfg b/chapter10/ansible.cfg new file mode 100644 index 0000000..c0cf984 --- /dev/null +++ b/chapter10/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +host_key_checking = false +inventory = inventory +stdout_callback = yaml diff --git a/chapter10/inventory/group_vars/all b/chapter10/inventory/group_vars/all new file mode 100644 index 0000000..8d784df --- /dev/null +++ b/chapter10/inventory/group_vars/all @@ -0,0 +1,3 @@ +--- +http_port: 80 +https_port: 443 diff --git a/chapter10/inventory/group_vars/webservers b/chapter10/inventory/group_vars/webservers new file mode 100644 index 0000000..e371e5a --- /dev/null +++ b/chapter10/inventory/group_vars/webservers @@ -0,0 +1,2 @@ +--- +http_port: 8080 diff --git a/chapter10/inventory/load_balancers b/chapter10/inventory/load_balancers new file mode 100644 index 0000000..3f9f331 --- /dev/null +++ b/chapter10/inventory/load_balancers @@ -0,0 +1,4 @@ +load_balancers: + hosts: + lb-001.local: + diff --git a/chapter10/inventory/webservers b/chapter10/inventory/webservers new file mode 100644 index 0000000..5e335e4 --- /dev/null +++ b/chapter10/inventory/webservers @@ -0,0 +1,6 @@ +--- +webservers: + hosts: + web-001.local: + web-002.local: + status_url: "status" diff --git a/chapter10/provision.yml b/chapter10/provision.yml new file mode 100644 index 0000000..07b342a --- /dev/null +++ b/chapter10/provision.yml @@ -0,0 +1,20 @@ +--- +- hosts: webservers + become: true + tasks: + - name: Build webservers + include_role: + name: webserver + tags: + - always + +- hosts: load_balancers + become: true + tasks: + - name: Build load balancers + include_role: + name: load_balancer + tags: + - always + + diff --git a/chapter10/roles/firewall/tasks/main.yml b/chapter10/roles/firewall/tasks/main.yml new file mode 100644 index 0000000..ded7c0e --- /dev/null +++ b/chapter10/roles/firewall/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: Firewall - Allow SSH connections + ufw: + rule: allow + name: OpenSSH + tags: + - firewall + +- name: Firewall - Deny everything else + ufw: + state: enabled + policy: deny + tags: + - firewall + diff --git a/chapter10/roles/load_balancer/handlers/main.yml b/chapter10/roles/load_balancer/handlers/main.yml new file mode 100644 index 0000000..698e131 --- /dev/null +++ b/chapter10/roles/load_balancer/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Reload HAProxy + service: + name: haproxy + state: reloaded + diff --git a/chapter10/roles/load_balancer/meta/main.yml b/chapter10/roles/load_balancer/meta/main.yml new file mode 100644 index 0000000..2a7a00a --- /dev/null +++ b/chapter10/roles/load_balancer/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: firewall diff --git a/chapter10/roles/load_balancer/tasks/main.yml b/chapter10/roles/load_balancer/tasks/main.yml new file mode 100644 index 0000000..2d04432 --- /dev/null +++ b/chapter10/roles/load_balancer/tasks/main.yml @@ -0,0 +1,42 @@ +--- +- name: Install HAProxy + apt: + name: haproxy + state: present + cache_valid_time: 60 + +- name: Create configuration directory + file: + path: /etc/haproxy/fragments + state: directory + +- name: Copy original configuration file + copy: + src: /etc/haproxy/haproxy.cfg + dest: /etc/haproxy/fragments/00_defaults.cfg + remote_src: yes + force: no + +- name: Setup frontends + template: + src: frontends.cfg.j2 + dest: /etc/haproxy/fragments/40_frontends.cfg + +- name: Build configuration from fragments + assemble: + src: /etc/haproxy/fragments/ + dest: /etc/haproxy/haproxy.cfg + validate: "haproxy -f %s -c" + notify: Reload HAProxy + +- name: Firewall - Allow website connections + ufw: + rule: allow + port: "{{ item }}" + loop: + - "{{ http_port }}" + - "{{ https_port }}" + tags: + - firewall + + diff --git a/chapter10/roles/load_balancer/templates/backends.cfg.j2 b/chapter10/roles/load_balancer/templates/backends.cfg.j2 new file mode 100644 index 0000000..fc8a106 --- /dev/null +++ b/chapter10/roles/load_balancer/templates/backends.cfg.j2 @@ -0,0 +1,6 @@ +backend web_servers + balance roundrobin + {% for host in groups.webservers %} + server {{ host }} {{ host }}:{{ hostvars[host].http_port }} +{% endfor %} + diff --git a/chapter10/roles/load_balancer/templates/frontend.cfg.j2 b/chapter10/roles/load_balancer/templates/frontend.cfg.j2 new file mode 100644 index 0000000..fcd88a2 --- /dev/null +++ b/chapter10/roles/load_balancer/templates/frontend.cfg.j2 @@ -0,0 +1,4 @@ +frontend awesome_ansible + bind *:{{ http_port }} + stats uri /haproxy?stats + default_backend web_servers diff --git a/chapter10/roles/webserver/defaults/main.yml b/chapter10/roles/webserver/defaults/main.yml new file mode 100644 index 0000000..2336abe --- /dev/null +++ b/chapter10/roles/webserver/defaults/main.yml @@ -0,0 +1,2 @@ +--- +http_port: 80 diff --git a/chapter10/roles/webserver/handlers/main.yml b/chapter10/roles/webserver/handlers/main.yml new file mode 100644 index 0000000..e3ae38f --- /dev/null +++ b/chapter10/roles/webserver/handlers/main.yml @@ -0,0 +1,15 @@ +--- +- name: Reload nginx + service: + name: nginx + state: reloaded + listen: "Reload web services" + +- name: Validate that the http_port is working + wait_for: + host: "{{ ansible_host }}" + port: "{{ http_port }}" + timeout: 5 + connection: local + listen: "Reload web services" + diff --git a/chapter10/roles/webserver/meta/main.yml b/chapter10/roles/webserver/meta/main.yml new file mode 100644 index 0000000..2a7a00a --- /dev/null +++ b/chapter10/roles/webserver/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: firewall diff --git a/chapter10/roles/webserver/tasks/main.yml b/chapter10/roles/webserver/tasks/main.yml new file mode 100644 index 0000000..99841fb --- /dev/null +++ b/chapter10/roles/webserver/tasks/main.yml @@ -0,0 +1,25 @@ +- name: Ensure nginx is installed + apt: + name: nginx + state: present + +- name: Configure nginx + template: + src: nginx-default.j2 + dest: /etc/nginx/sites-available/default + mode: u=rw,g=r,o=r + notify: "Reload web services" + +- name: Push website content to the web root + template: + src: index.html.j2 + dest: /var/www/html/index.html + mode: u=rw,g=r,o=r + +- name: Firewall - Allow website connections + ufw: + rule: allow + port: "{{ http_port }}" + tags: + - firewall + diff --git a/chapter10/roles/webserver/templates/index.html.j2 b/chapter10/roles/webserver/templates/index.html.j2 new file mode 100644 index 0000000..b755e66 --- /dev/null +++ b/chapter10/roles/webserver/templates/index.html.j2 @@ -0,0 +1,16 @@ +My website, served from {{ inventory_hostname }} + +

+IP Addresses:
+{% for ip in ansible_all_ipv4_addresses %} + {{ ip }}
+{% endfor %} +

+ +

+Operating System:
+{% for key, value in ansible_lsb.items() %} + {{ key }}: {{ value }}
+{% endfor %} +

+ diff --git a/chapter10/roles/webserver/templates/nginx-default.j2 b/chapter10/roles/webserver/templates/nginx-default.j2 new file mode 100644 index 0000000..26764dd --- /dev/null +++ b/chapter10/roles/webserver/templates/nginx-default.j2 @@ -0,0 +1,14 @@ +server { + listen {{ http_port }} default_server; + + root /var/www/html; + + server_name _; + + {% if status_url is defined -%} + location /{{ status_url | default('status') }} { + stub_status on; + } + {%- endif %} +} + diff --git a/chapter11/ansible.cfg b/chapter11/ansible.cfg new file mode 100644 index 0000000..c0cf984 --- /dev/null +++ b/chapter11/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +host_key_checking = false +inventory = inventory +stdout_callback = yaml diff --git a/chapter11/inventory/databases b/chapter11/inventory/databases new file mode 100644 index 0000000..94f21d9 --- /dev/null +++ b/chapter11/inventory/databases @@ -0,0 +1,4 @@ +--- +databases: + hosts: + db-001.local: diff --git a/chapter11/inventory/group_vars/all b/chapter11/inventory/group_vars/all new file mode 100644 index 0000000..42d548a --- /dev/null +++ b/chapter11/inventory/group_vars/all @@ -0,0 +1,11 @@ +--- +http_port: 80 +https_port: 443 + +database: + host: db-001.local + name: wordpress + username: wordpress_rw + password: SomeSuperStrongPassword + root_password: EvenStrongerPassword + diff --git a/chapter11/inventory/group_vars/webservers b/chapter11/inventory/group_vars/webservers new file mode 100644 index 0000000..e371e5a --- /dev/null +++ b/chapter11/inventory/group_vars/webservers @@ -0,0 +1,2 @@ +--- +http_port: 8080 diff --git a/chapter11/inventory/load_balancers b/chapter11/inventory/load_balancers new file mode 100644 index 0000000..3f9f331 --- /dev/null +++ b/chapter11/inventory/load_balancers @@ -0,0 +1,4 @@ +load_balancers: + hosts: + lb-001.local: + diff --git a/chapter11/inventory/webservers b/chapter11/inventory/webservers new file mode 100644 index 0000000..5e335e4 --- /dev/null +++ b/chapter11/inventory/webservers @@ -0,0 +1,6 @@ +--- +webservers: + hosts: + web-001.local: + web-002.local: + status_url: "status" diff --git a/chapter11/provision.yml b/chapter11/provision.yml new file mode 100644 index 0000000..b0cc02b --- /dev/null +++ b/chapter11/provision.yml @@ -0,0 +1,35 @@ +--- +- hosts: webservers + become: true + tasks: + - name: Build webservers + include_role: + name: webserver + tags: + - always + + - name: Install Wordpress + include_role: + name: wordpress + tags: + - always + +- hosts: databases + become: true + tasks: + - name: Build Databases + include_role: + name: database + tags: + - always + +- hosts: load_balancers + become: true + tasks: + - name: Build load balancers + include_role: + name: load_balancer + tags: + - always + + diff --git a/chapter11/roles/database/handlers/main.yml b/chapter11/roles/database/handlers/main.yml new file mode 100644 index 0000000..bce7c24 --- /dev/null +++ b/chapter11/roles/database/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart MySQL + service: + name: mysql + state: restarted diff --git a/chapter11/roles/database/tasks/main.yml b/chapter11/roles/database/tasks/main.yml new file mode 100644 index 0000000..0bc7d14 --- /dev/null +++ b/chapter11/roles/database/tasks/main.yml @@ -0,0 +1,50 @@ +--- +- name: Install MySQL + apt: + name: + - mysql-server + - python3-pymysql + state: present + +- name: Set the root password + mysql_user: + name: root + password: "{{ database.root_password }}" + state: present + login_user: root + login_password: "{{database.root_password }}" + login_unix_socket: /var/run/mysqld/mysqld.sock + no_log: True + +- name: Create the wordpress database + mysql_db: + name: "{{ database.name }}" + state: present + login_user: root + login_password: "{{database.root_password }}" + +- name: Create the wordpress user + mysql_user: + name: "{{ database.username }}" + password: "{{database.password }}" + priv: "{{ database.name }}.*:ALL" + host: "%" + state: present + login_user: root + login_password: "{{database.root_password }}" + no_log: True + +- name: Ensure MySQL listens on the network + lineinfile: + path: /etc/mysql/mysql.conf.d/mysqld.cnf + regexp: '^bind-address' + line: 'bind-address = 0.0.0.0' + notify: + - Restart MySQL + +- name: Firewall - Allow database connections + ufw: + rule: allow + port: "3306" + tags: + - firewall diff --git a/chapter11/roles/firewall/tasks/main.yml b/chapter11/roles/firewall/tasks/main.yml new file mode 100644 index 0000000..ded7c0e --- /dev/null +++ b/chapter11/roles/firewall/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: Firewall - Allow SSH connections + ufw: + rule: allow + name: OpenSSH + tags: + - firewall + +- name: Firewall - Deny everything else + ufw: + state: enabled + policy: deny + tags: + - firewall + diff --git a/chapter11/roles/load_balancer/handlers/main.yml b/chapter11/roles/load_balancer/handlers/main.yml new file mode 100644 index 0000000..698e131 --- /dev/null +++ b/chapter11/roles/load_balancer/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Reload HAProxy + service: + name: haproxy + state: reloaded + diff --git a/chapter11/roles/load_balancer/meta/main.yml b/chapter11/roles/load_balancer/meta/main.yml new file mode 100644 index 0000000..2a7a00a --- /dev/null +++ b/chapter11/roles/load_balancer/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: firewall diff --git a/chapter11/roles/load_balancer/tasks/main.yml b/chapter11/roles/load_balancer/tasks/main.yml new file mode 100644 index 0000000..2d04432 --- /dev/null +++ b/chapter11/roles/load_balancer/tasks/main.yml @@ -0,0 +1,42 @@ +--- +- name: Install HAProxy + apt: + name: haproxy + state: present + cache_valid_time: 60 + +- name: Create configuration directory + file: + path: /etc/haproxy/fragments + state: directory + +- name: Copy original configuration file + copy: + src: /etc/haproxy/haproxy.cfg + dest: /etc/haproxy/fragments/00_defaults.cfg + remote_src: yes + force: no + +- name: Setup frontends + template: + src: frontends.cfg.j2 + dest: /etc/haproxy/fragments/40_frontends.cfg + +- name: Build configuration from fragments + assemble: + src: /etc/haproxy/fragments/ + dest: /etc/haproxy/haproxy.cfg + validate: "haproxy -f %s -c" + notify: Reload HAProxy + +- name: Firewall - Allow website connections + ufw: + rule: allow + port: "{{ item }}" + loop: + - "{{ http_port }}" + - "{{ https_port }}" + tags: + - firewall + + diff --git a/chapter11/roles/load_balancer/templates/backends.cfg.j2 b/chapter11/roles/load_balancer/templates/backends.cfg.j2 new file mode 100644 index 0000000..8c59468 --- /dev/null +++ b/chapter11/roles/load_balancer/templates/backends.cfg.j2 @@ -0,0 +1,7 @@ +backend web_servers + balance roundrobin + cookie SERVERID insert indirect nocache + {% for host in groups.webservers %} + server {{ host }} {{ host }}:{{ hostvars[host].http_port }} check cookie {{ host }} +{% endfor %} + diff --git a/chapter11/roles/load_balancer/templates/frontend.cfg.j2 b/chapter11/roles/load_balancer/templates/frontend.cfg.j2 new file mode 100644 index 0000000..fcd88a2 --- /dev/null +++ b/chapter11/roles/load_balancer/templates/frontend.cfg.j2 @@ -0,0 +1,4 @@ +frontend awesome_ansible + bind *:{{ http_port }} + stats uri /haproxy?stats + default_backend web_servers diff --git a/chapter11/roles/webserver/defaults/main.yml b/chapter11/roles/webserver/defaults/main.yml new file mode 100644 index 0000000..2336abe --- /dev/null +++ b/chapter11/roles/webserver/defaults/main.yml @@ -0,0 +1,2 @@ +--- +http_port: 80 diff --git a/chapter11/roles/webserver/handlers/main.yml b/chapter11/roles/webserver/handlers/main.yml new file mode 100644 index 0000000..e3ae38f --- /dev/null +++ b/chapter11/roles/webserver/handlers/main.yml @@ -0,0 +1,15 @@ +--- +- name: Reload nginx + service: + name: nginx + state: reloaded + listen: "Reload web services" + +- name: Validate that the http_port is working + wait_for: + host: "{{ ansible_host }}" + port: "{{ http_port }}" + timeout: 5 + connection: local + listen: "Reload web services" + diff --git a/chapter11/roles/webserver/meta/main.yml b/chapter11/roles/webserver/meta/main.yml new file mode 100644 index 0000000..2a7a00a --- /dev/null +++ b/chapter11/roles/webserver/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: firewall diff --git a/chapter11/roles/webserver/tasks/main.yml b/chapter11/roles/webserver/tasks/main.yml new file mode 100644 index 0000000..c6831aa --- /dev/null +++ b/chapter11/roles/webserver/tasks/main.yml @@ -0,0 +1,28 @@ +- name: Ensure nginx is installed + apt: + name: + - nginx + - php-fpm + - php-mysql + state: present + +- name: Configure nginx + template: + src: nginx-default.j2 + dest: /etc/nginx/sites-available/default + mode: u=rw,g=r,o=r + notify: "Reload web services" + +- name: Push website content to the web root + template: + src: index.html.j2 + dest: /var/www/html/index.html + mode: u=rw,g=r,o=r + +- name: Firewall - Allow website connections + ufw: + rule: allow + port: "{{ http_port }}" + tags: + - firewall + diff --git a/chapter11/roles/webserver/templates/index.html.j2 b/chapter11/roles/webserver/templates/index.html.j2 new file mode 100644 index 0000000..b755e66 --- /dev/null +++ b/chapter11/roles/webserver/templates/index.html.j2 @@ -0,0 +1,16 @@ +My website, served from {{ inventory_hostname }} + +

+IP Addresses:
+{% for ip in ansible_all_ipv4_addresses %} + {{ ip }}
+{% endfor %} +

+ +

+Operating System:
+{% for key, value in ansible_lsb.items() %} + {{ key }}: {{ value }}
+{% endfor %} +

+ diff --git a/chapter11/roles/webserver/templates/nginx-default.j2 b/chapter11/roles/webserver/templates/nginx-default.j2 new file mode 100644 index 0000000..be1ca44 --- /dev/null +++ b/chapter11/roles/webserver/templates/nginx-default.j2 @@ -0,0 +1,23 @@ +server { + listen {{ http_port }} default_server; + + root /var/www/html; + + server_name _; + + {% if status_url is defined -%} + location /{{ status_url | default('status') }} { + stub_status on; + } + {%- endif %} + + + index index.php index.html index.htm; + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/var/run/php/php-fpm.sock; + } + +} + diff --git a/chapter11/roles/wordpress/tasks/main.yml b/chapter11/roles/wordpress/tasks/main.yml new file mode 100644 index 0000000..3eb6d36 --- /dev/null +++ b/chapter11/roles/wordpress/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- name: Download and unarchive Wordpress + unarchive: + src: https://wordpress.org/latest.tar.gz + remote_src: True + owner: root + group: www-data + dest: "/var/www/html/" + creates: "/var/www/html/wordpress" + +- name: Configure Wordpress + template: + src: "wp-config.php.j2" + dest: "/var/www/html/wordpress/wp-config.php" + owner: root + group: www-data + mode: 'u=rw,g=r,o=' + diff --git a/chapter11/roles/wordpress/templates/wp-config.php.j2 b/chapter11/roles/wordpress/templates/wp-config.php.j2 new file mode 100644 index 0000000..37347dd --- /dev/null +++ b/chapter11/roles/wordpress/templates/wp-config.php.j2 @@ -0,0 +1,31 @@ + +IP Addresses:
+{% for ip in ansible_all_ipv4_addresses %} + {{ ip }}
+{% endfor %} +

+ +

+Operating System:
+{% for key, value in ansible_lsb.items() %} + {{ key }}: {{ value }}
+{% endfor %} +

+ diff --git a/chapter12/roles/webserver/templates/nginx-default.j2 b/chapter12/roles/webserver/templates/nginx-default.j2 new file mode 100644 index 0000000..be1ca44 --- /dev/null +++ b/chapter12/roles/webserver/templates/nginx-default.j2 @@ -0,0 +1,23 @@ +server { + listen {{ http_port }} default_server; + + root /var/www/html; + + server_name _; + + {% if status_url is defined -%} + location /{{ status_url | default('status') }} { + stub_status on; + } + {%- endif %} + + + index index.php index.html index.htm; + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/var/run/php/php-fpm.sock; + } + +} + diff --git a/chapter12/roles/wordpress/tasks/main.yml b/chapter12/roles/wordpress/tasks/main.yml new file mode 100644 index 0000000..3eb6d36 --- /dev/null +++ b/chapter12/roles/wordpress/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- name: Download and unarchive Wordpress + unarchive: + src: https://wordpress.org/latest.tar.gz + remote_src: True + owner: root + group: www-data + dest: "/var/www/html/" + creates: "/var/www/html/wordpress" + +- name: Configure Wordpress + template: + src: "wp-config.php.j2" + dest: "/var/www/html/wordpress/wp-config.php" + owner: root + group: www-data + mode: 'u=rw,g=r,o=' + diff --git a/chapter12/roles/wordpress/templates/wp-config.php.j2 b/chapter12/roles/wordpress/templates/wp-config.php.j2 new file mode 100644 index 0000000..37347dd --- /dev/null +++ b/chapter12/roles/wordpress/templates/wp-config.php.j2 @@ -0,0 +1,31 @@ +