Initial Commit

2024-11-23 15:38:14 +01:00 · 2022-03-21 17:17:54 +00:00 · 2022-03-21 17:17:54 +00:00 · 7cb6997da9
commit 7cb6997da9
133 changed files with 1829 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,2 @@
 # Auto detect text files and perform LF normalization
 * text=auto
--- a/9781484281727.JPG
+++ b/9781484281727.JPG
--- a/Contributing.md
+++ b/Contributing.md
@ -0,0 +1,14 @@
 # Contributing to Apress Source Code
 Copyright for Apress source code belongs to the author(s). However, under fair use you are encouraged to fork and contribute minor corrections and updates for the benefit of the author(s) and other readers.
 ## How to Contribute
 1. Make sure you have a GitHub account.
 2. Fork the repository for the relevant book.
 3. Create a new branch on which to make your change, e.g. 
 `git checkout -b my_code_contribution`
 4. Commit your change. Include a commit message describing the correction. Please note that if your commit message is not clear, the correction will not be accepted.
 5. Submit a pull request.
 Thank you for your contribution!
--- a/LICENSE.txt
+++ b/LICENSE.txt
@ -0,0 +1,27 @@
 Freeware License, some rights reserved
 Copyright (c) 2022 Shaun R Smith and Peter Membrey
 Permission is hereby granted, free of charge, to anyone obtaining a copy 
 of this software and associated documentation files (the "Software"), 
 to work with the Software within the limits of freeware distribution and fair use. 
 This includes the rights to use, copy, and modify the Software for personal use. 
 Users are also allowed and encouraged to submit corrections and modifications 
 to the Software for the benefit of other users.
 It is not allowed to reuse,  modify, or redistribute the Software for 
 commercial use in any way, or for a user’s educational materials such as books 
 or blog articles without prior permission from the copyright holder. 
 The above copyright notice and this permission notice need to be included 
 in all copies or substantial portions of the software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS OR APRESS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/README.md
+++ b/README.md
@ -0,0 +1,16 @@
 # Apress Source Code
 This repository accompanies [*Beginning Ansible Concepts and Application: Provisioning, Configuring, and Managing Servers, Applications and their Dependencies*](https://www.link.springer.com/book/10.1007/9781484281727) by Shaun R Smith and Peter Membrey (Apress, 2022).
 [comment]: #cover
 ![Cover image](9781484281727.JPG)
 Download the files as a zip using the green button, or clone the repository to your machine using Git.
 ## Releases
 Release v1.0 corresponds to the code in the published book, without corrections or updates.
 ## Contributions
 See the file Contributing.md for more information on how you can contribute to this repository.
--- a/82
+++ b/82
@ -0,0 +1,82 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/focal64"
  # globally disable the default synced folder
  config.vm.synced_folder ".", "/vagrant", disabled: true
  # do not create a secure private key per host, we want to use a single key
  # this allows the controller to connect to the target hosts
  config.ssh.insert_key = false
  # Set provider virtualbox to use GUI, for two reasons:
  #  1. More obvious to the user what is running, so they don't consume too much background resource
  #  2. To work around an x64 boot issue in Virtualbox when hardware virtualization is disabled in BIOS
  config.vm.provider "virtualbox" do |v|
 #    v.gui = true
    v.cpus = 1
  end
  # The Ansible controller machine
  config.vm.define :controller, primary: true do |controller|
    controller.vm.hostname = "ansible-controller"
    controller.vm.network "private_network", ip: "192.168.98.100"
    # Sync the local directory with ansible-friendly permissions
    controller.vm.synced_folder ".", "/vagrant",
      owner: "vagrant",
      mount_options: ["dmode=755,fmode=644"]
    controller.vm.provision "file", source: "~/.vagrant.d/insecure_private_key", destination: "$HOME/.ssh/id_rsa"
    controller.vm.provision "shell", inline: <<-SHELL
      chmod 600 /home/vagrant/.ssh/id_rsa
      apt-get install -y ansible sshpass
    SHELL
  end
  # Example web servers
  (1..2).each do |i|
    config.vm.define "web-00#{i}" do |node|
      node.vm.hostname = "web-00#{i}"
      node.vm.network "private_network", ip: "192.168.98.11#{i}"
    end
  end
  # Example load balancer
  (1..1).each do |i|
    config.vm.define "lb-00#{i}" do |node|
      node.vm.hostname = "lb-00#{i}"
      node.vm.network "private_network", ip: "192.168.98.12#{i}"
    end
  end
  # Example database server
  (1..1).each do |i|
    config.vm.define "db-00#{i}" do |node|
      node.vm.hostname = "db-00#{i}"
      node.vm.network "private_network", ip: "192.168.98.13#{i}"
    end
  end
  # Generic provisioner to ensure we have python available
  # This is an ansible requirement for all managed nodes
  config.vm.provision "shell", inline: <<-SHELL
    # Disable hardware based sha256sum in apt, not ideal - but Windows 10 WSL breaks VirtualBox
    # and we can't really ask everyone to disable that
    # See: https://askubuntu.com/questions/1235914/hash-sum-mismatch-error-due-to-identical-sha1-and-md5-but-different-sha256/1241893
    mkdir /etc/gcrypt
    echo all >> /etc/gcrypt/hwf.deny
    apt-get update
    apt-get install -y python3-minimal python3-apt avahi-daemon tree
    rm -f /etc/update-motd.d/*
    sed -i "s/^ENABLED=.*/ENABLED=0/" /etc/default/motd-news
  SHELL
  config.vm.boot_timeout = 360
 end
--- a/chapter02/ansible.cfg
+++ b/chapter02/ansible.cfg
@ -0,0 +1,3 @@
 [defaults]
 host_key_checking = false
 inventory = hosts
--- a/chapter02/hosts
+++ b/chapter02/hosts
@ -0,0 +1,2 @@
 web-001.local
 web-002.local
--- a/chapter03/ansible.cfg
+++ b/chapter03/ansible.cfg
@ -0,0 +1,3 @@
 [defaults]
 host_key_checking = false
 inventory = inventory
--- a/chapter03/hosts
+++ b/chapter03/hosts
@ -0,0 +1,17 @@
 [webservers]
 web-001.local
 web-002 ansible_host=192.168.98.112 ansible_port=22
 [webservers:vars]
 http_port=8080
 [load_balancers]
 lb-001.local
 [staging]
 web-002
 [production]
 web-001.local
 lb-001.local
--- a/chapter03/inventory/load_balancers
+++ b/chapter03/inventory/load_balancers
@ -0,0 +1,4 @@
 load_balancers:
  hosts:
    lb-001.local:
--- a/chapter03/inventory/webservers
+++ b/chapter03/inventory/webservers
@ -0,0 +1,9 @@
 ---
 webservers:
  hosts:
    web-001.local:  
    web-002:
      ansible_host: 192.168.98.112
  vars:
    http_port: 8080
--- a/chapter03/ranges
+++ b/chapter03/ranges
@ -0,0 +1,2 @@
 [webservers]
 web-0[01:10]
--- a/chapter03/regional
+++ b/chapter03/regional
@ -0,0 +1,24 @@
 [germany]
 web-de-00[1:2]
 [france]
 web-fr-001
 [netherlands]
 web-nl-001
 [spain]
 web-es-00[1:3]
 [usa]
 web-us-00[1:4]
 [europe:children]
 germany
 france
 netherlands
 spain
 [americas:children]
 usa
--- a/chapter04/ansible.cfg
+++ b/chapter04/ansible.cfg
@ -0,0 +1,3 @@
 [defaults]
 host_key_checking = false
 inventory = inventory
--- a/chapter04/files/index.html
+++ b/chapter04/files/index.html
@ -0,0 +1 @@
 This is my website which was setup using Ansible
--- a/chapter04/inventory/load_balancers
+++ b/chapter04/inventory/load_balancers
@ -0,0 +1,4 @@
 load_balancers:
  hosts:
    lb-001.local:
--- a/chapter04/inventory/webservers
+++ b/chapter04/inventory/webservers
@ -0,0 +1,9 @@
 ---
 webservers:
  hosts:
    web-001.local:  
    web-002:
      ansible_host: 192.168.98.112
  vars:
    http_port: 8080
--- a/chapter04/webservers.yml
+++ b/chapter04/webservers.yml
@ -0,0 +1,15 @@
 ---
 - hosts: webservers
  become: true
  tasks:
    - name: Ensure nginx is installed
      apt:
        name: nginx
        state: present
    - name: Push website content to the web root
      copy  :
        src: index.html
        dest: /var/www/html/
        mode: u=rw,g=r,o=r
--- a/chapter05/ansible.cfg
+++ b/chapter05/ansible.cfg
@ -0,0 +1,4 @@
 [defaults]
 host_key_checking = false
 inventory = inventory
 stdout_callback = yaml
--- a/chapter05/exploring-apt.yml
+++ b/chapter05/exploring-apt.yml
@ -0,0 +1,15 @@
 ---
 - hosts: web-001.local
  become: true
  tasks:
    - name: Ensure nginx is installed
      apt:
        name: nginx
        state: latest
        cache_valid_time: 60
    - name: Uninstall tree command
      apt:
        name: tree
        state: absent
--- a/chapter05/files/index.html
+++ b/chapter05/files/index.html
@ -0,0 +1 @@
 This is my website which was setup using Ansible
--- a/chapter05/inventory/load_balancers
+++ b/chapter05/inventory/load_balancers
@ -0,0 +1,4 @@
 load_balancers:
  hosts:
    lb-001.local:
--- a/chapter05/inventory/webservers
+++ b/chapter05/inventory/webservers
@ -0,0 +1,9 @@
 ---
 webservers:
  hosts:
    web-001.local:  
    web-002:
      ansible_host: 192.168.98.112
  vars:
    http_port: 8080
--- a/chapter05/upgrade.yml
+++ b/chapter05/upgrade.yml
@ -0,0 +1,12 @@
 ---
 - hosts: web-001.local
  become: true
  tasks:
    - name: Upgrade all packages
      apt:
        upgrade: dist
        update_cache: yes
 - name: Reboot the host
  reboot:
--- a/chapter05/webservers.yml
+++ b/chapter05/webservers.yml
@ -0,0 +1,41 @@
 ---
 - hosts: webservers
  become: true
  tasks:
    - name: Ensure nginx is installed
      apt:
        name: nginx
        state: present
    - name: Push website content to the web root
      copy:
        src: index.html
        dest: /var/www/html/
        mode: u=rw,g=r,o=r
    - name: index.html also known as main.html
      file:
        state: link
        src: /var/www/html/index.html
        dest: /var/www/html/main.html
    - name: Update the website content
      lineinfile:
        path: /var/www/html/index.html
        line: "Just re-decorating a little!"
    - name: Firewall - Allow SSH connections
      ufw:
        rule: allow
        name: OpenSSH
    - name: Firewall - Allow website connections
      ufw:
        rule: allow
        name: "Nginx Full"
    - name: Firewall - Deny everything else
      ufw:
        state: enabled
        policy: deny
--- a/chapter06/ansible.cfg
+++ b/chapter06/ansible.cfg
@ -0,0 +1,4 @@
 [defaults]
 host_key_checking = false
 inventory = inventory
 stdout_callback = yaml
--- a/chapter06/files/index.html
+++ b/chapter06/files/index.html
@ -0,0 +1 @@
 This is my website which was setup using Ansible
--- a/chapter06/inventory/group_vars/all
+++ b/chapter06/inventory/group_vars/all
@ -0,0 +1,2 @@
 ---
 http_port: 80
--- a/chapter06/inventory/group_vars/webservers
+++ b/chapter06/inventory/group_vars/webservers
@ -0,0 +1,2 @@
 ---
 http_port: 8080
--- a/chapter06/inventory/load_balancers
+++ b/chapter06/inventory/load_balancers
@ -0,0 +1,4 @@
 load_balancers:
  hosts:
    lb-001.local:
--- a/chapter06/inventory/webservers
+++ b/chapter06/inventory/webservers
@ -0,0 +1,6 @@
 ---
 webservers:
  hosts:
    web-001.local:
    web-002.local:
--- a/chapter06/upgrade.yml
+++ b/chapter06/upgrade.yml
@ -0,0 +1,15 @@
 ---
 - hosts: web-001.local
  gather_facts: no
  become: true
  tasks:
    - name: Upgrade all packages
      apt:
        upgrade: dist
        update_cache: yes
      register: upgrade_result
    - name: Reboot the host
      reboot:
      when: upgrade_result.changed
--- a/chapter06/webservers.yml
+++ b/chapter06/webservers.yml
@ -0,0 +1,48 @@
 ---
 - hosts: webservers
  become: true
  tasks:
    - name: Ensure nginx is installed
      apt:
        name: nginx
        state: present
    - name: Change the nginx port
      replace:
        path: /etc/nginx/sites-enabled/default
        regexp: "listen [0-9]+"
        replace: "listen {{ http_port }}"
    - name: Reload nginx for new config
      service:
        name: nginx
        state: reloaded
    - name: Push website content to the web root
      copy:
        src: index.html
        dest: /var/www/html/
        mode: u=rw,g=r,o=r
    - name: Firewall - Allow SSH connections
      ufw:
        rule: allow
        name: OpenSSH
    - name: Firewall - Allow website connections
      ufw:
        rule: allow
        port: "{{ http_port }}"
    - name: Firewall - Deny everything else
      ufw:
        state: enabled
        policy: deny
    - name: Validate that the http_port is working
      wait_for:
        host: "{{ ansible_host }}"
        port: "{{ http_port }}"
        timeout: 5
      connection: local
--- a/chapter07/ansible.cfg
+++ b/chapter07/ansible.cfg
@ -0,0 +1,4 @@
 [defaults]
 host_key_checking = false
 inventory = inventory
 stdout_callback = yaml
--- a/chapter07/hostname.yml
+++ b/chapter07/hostname.yml
@ -0,0 +1,17 @@
 ---
 - hosts: webservers
  become: true
  gather_facts: no
  tasks:
    - name: Raw value for inventory_hostname
      debug:
        msg: "{{ inventory_hostname }}"
    - name: Uppercase inventory_hostname
      debug:
        msg: "{{ inventory_hostname | upper }}"
    - name: Raw value for inventory_hostname
      debug:
        msg: "{{ inventory_hostname }}"
--- a/chapter07/inventory/group_vars/all
+++ b/chapter07/inventory/group_vars/all
@ -0,0 +1,2 @@
 ---
 http_port: 80
--- a/chapter07/inventory/group_vars/webservers
+++ b/chapter07/inventory/group_vars/webservers
@ -0,0 +1,2 @@
 ---
 http_port: 8080
--- a/chapter07/inventory/load_balancers
+++ b/chapter07/inventory/load_balancers
@ -0,0 +1,4 @@
 load_balancers:
  hosts:
    lb-001.local:
--- a/chapter07/inventory/webservers
+++ b/chapter07/inventory/webservers
@ -0,0 +1,6 @@
 ---
 webservers:
  hosts:
    web-001.local:
    web-002.local:
      status_url: "status"
--- a/chapter07/templates/index.html.j2
+++ b/chapter07/templates/index.html.j2
@ -0,0 +1,16 @@
 My website, served from {{ inventory_hostname }}
 <p>
 IP Addresses:<br />
 {% for ip in ansible_all_ipv4_addresses %}
    {{ ip }}<br />
 {% endfor %}
 </p>
 <p>
 Operating System:<br />
 {% for key, value in ansible_lsb.items() %}
    {{ key }}: {{ value }}<br />
 {% endfor %}
 </p>
--- a/chapter07/templates/nginx-default.j2
+++ b/chapter07/templates/nginx-default.j2
@ -0,0 +1,14 @@
 server {
  listen {{ http_port }} default_server;
  root /var/www/html;
  server_name _;
  {% if status_url is defined -%}
  location /{{ status_url | default('status') }} {
    stub_status on;
  }
  {%- endif %}
 }
--- a/chapter07/upgrade.yml
+++ b/chapter07/upgrade.yml
@ -0,0 +1,15 @@
 ---
 - hosts: web-001.local
  gather_facts: no
  become: true
  tasks:
    - name: Upgrade all packages
      apt:
        upgrade: dist
        update_cache: yes
      register: upgrade_result
    - name: Reboot the host
      reboot:
      when: upgrade_result.changed
--- a/chapter07/webservers.yml
+++ b/chapter07/webservers.yml
@ -0,0 +1,48 @@
 ---
 - hosts: webservers
  become: true
  tasks:
    - name: Ensure nginx is installed
      apt:
        name: nginx
        state: present
    - name: Configure nginx
      template:
        src: nginx-default.j2
        dest: /etc/nginx/sites-available/default
        mode: u=rw,g=r,o=r
    - name: Reload nginx for new config
      service:
        name: nginx
        state: reloaded
    - name: Push website content to the web root
      template:
        src: index.html.j2
        dest: /var/www/html/index.html
        mode: u=rw,g=r,o=r
    - name: Firewall - Allow SSH connections
      ufw:
        rule: allow
        name: OpenSSH
    - name: Firewall - Allow website connections
      ufw:
        rule: allow
        port: "{{ http_port }}"
    - name: Firewall - Deny everything else
      ufw:
        state: enabled
        policy: deny
    - name: Validate that the http_port is working
      wait_for:
        host: "{{ ansible_host }}"
        port: "{{ http_port }}"
        timeout: 5
      connection: local
--- a/chapter08/ansible.cfg
+++ b/chapter08/ansible.cfg
@ -0,0 +1,4 @@
 [defaults]
 host_key_checking = false
 inventory = inventory
 stdout_callback = yaml
--- a/chapter08/hostname.yml
+++ b/chapter08/hostname.yml
@ -0,0 +1,17 @@
 ---
 - hosts: webservers
  become: true
  gather_facts: no
  tasks:
    - name: Raw value for inventory_hostname
      debug:
        msg: "{{ inventory_hostname }}"
    - name: Uppercase inventory_hostname
      debug:
        msg: "{{ inventory_hostname | upper }}"
    - name: Raw value for inventory_hostname
      debug:
        msg: "{{ inventory_hostname }}"
--- a/chapter08/inventory/group_vars/all
+++ b/chapter08/inventory/group_vars/all
@ -0,0 +1,2 @@
 ---
 http_port: 80
--- a/chapter08/inventory/group_vars/webservers
+++ b/chapter08/inventory/group_vars/webservers
@ -0,0 +1,2 @@
 ---
 http_port: 8080
--- a/chapter08/inventory/load_balancers
+++ b/chapter08/inventory/load_balancers
@ -0,0 +1,4 @@
 load_balancers:
  hosts:
    lb-001.local:
--- a/chapter08/inventory/webservers
+++ b/chapter08/inventory/webservers
@ -0,0 +1,6 @@
 ---
 webservers:
  hosts:
    web-001.local:
    web-002.local:
      status_url: "status"
--- a/chapter08/templates/index.html.j2
+++ b/chapter08/templates/index.html.j2
@ -0,0 +1,16 @@
 My website, served from {{ inventory_hostname }}
 <p>
 IP Addresses:<br />
 {% for ip in ansible_all_ipv4_addresses %}
    {{ ip }}<br />
 {% endfor %}
 </p>
 <p>
 Operating System:<br />
 {% for key, value in ansible_lsb.items() %}
    {{ key }}: {{ value }}<br />
 {% endfor %}
 </p>
--- a/chapter08/templates/nginx-default.j2
+++ b/chapter08/templates/nginx-default.j2
@ -0,0 +1,14 @@
 server {
  listen {{ http_port }} default_server;
  root /var/www/html;
  server_name _;
  {% if status_url is defined -%}
  location /{{ status_url | default('status') }} {
    stub_status on;
  }
  {%- endif %}
 }
--- a/chapter08/upgrade.yml
+++ b/chapter08/upgrade.yml
@ -0,0 +1,15 @@
 ---
 - hosts: web-001.local
  gather_facts: no
  become: true
  tasks:
    - name: Upgrade all packages
      apt:
        upgrade: dist
        update_cache: yes
      register: upgrade_result
    - name: Reboot the host
      reboot:
      when: upgrade_result.changed
--- a/chapter08/webservers.yml
+++ b/chapter08/webservers.yml
@ -0,0 +1,52 @@
 ---
 - hosts: webservers
  become: true
  handlers:
    - name: Reload nginx
      service:
        name: nginx
        state: reloaded
      listen: "Reload web services" 
    - name: Validate that the http_port is working
      wait_for:
        host: "{{ ansible_host }}"
        port: "{{ http_port }}"
        timeout: 5
      connection: local
      listen: "Reload web services"
  tasks:
    - name: Ensure nginx is installed
      apt:
        name: nginx
        state: present
    - name: Configure nginx
      template:
        src: nginx-default.j2
        dest: /etc/nginx/sites-available/default
        mode: u=rw,g=r,o=r
      notify: "Reload web services"
    - name: Push website content to the web root
      template:
        src: index.html.j2
        dest: /var/www/html/index.html
        mode: u=rw,g=r,o=r
    - name: Firewall - Allow SSH connections
      ufw:
        rule: allow
        name: OpenSSH
    - name: Firewall - Allow website connections
      ufw:
        rule: allow
        port: "{{ http_port }}"
    - name: Firewall - Deny everything else
      ufw:
        state: enabled
        policy: deny
--- a/chapter09/ansible.cfg
+++ b/chapter09/ansible.cfg
@ -0,0 +1,4 @@
 [defaults]
 host_key_checking = false
 inventory = inventory
 stdout_callback = yaml
--- a/chapter09/inventory/group_vars/all
+++ b/chapter09/inventory/group_vars/all
@ -0,0 +1,2 @@
 ---
 http_port: 80
--- a/chapter09/inventory/group_vars/webservers
+++ b/chapter09/inventory/group_vars/webservers
@ -0,0 +1,2 @@
 ---
 http_port: 8080
--- a/chapter09/inventory/load_balancers
+++ b/chapter09/inventory/load_balancers
@ -0,0 +1,4 @@
 load_balancers:
  hosts:
    lb-001.local:
--- a/chapter09/inventory/webservers
+++ b/chapter09/inventory/webservers
@ -0,0 +1,6 @@
 ---
 webservers:
  hosts:
    web-001.local:
    web-002.local:
      status_url: "status"
--- a/chapter09/roles/firewall/tasks/main.yml
+++ b/chapter09/roles/firewall/tasks/main.yml
@ -0,0 +1,11 @@
 ---
 - name: Firewall - Allow SSH connections
  ufw:
    rule: allow
    name: OpenSSH
 - name: Firewall - Deny everything else
  ufw:
    state: enabled
    policy: deny
--- a/chapter09/roles/webserver/defaults/main.yml
+++ b/chapter09/roles/webserver/defaults/main.yml
@ -0,0 +1,2 @@
 ---
 http_port: 80
--- a/chapter09/roles/webserver/handlers/main.yml
+++ b/chapter09/roles/webserver/handlers/main.yml
@ -0,0 +1,15 @@
 ---
 - name: Reload nginx
  service:
    name: nginx
    state: reloaded
  listen: "Reload web services"
 - name: Validate that the http_port is working
  wait_for:
    host: "{{ ansible_host }}"
    port: "{{ http_port }}"
    timeout: 5
  connection: local
  listen: "Reload web services"
--- a/chapter09/roles/webserver/meta/main.yml
+++ b/chapter09/roles/webserver/meta/main.yml
@ -0,0 +1,3 @@
 ---
 dependencies:
  - role: firewall
--- a/chapter09/roles/webserver/tasks/main.yml
+++ b/chapter09/roles/webserver/tasks/main.yml
@ -0,0 +1,23 @@
 - name: Ensure nginx is installed
  apt:
    name: nginx
    state: present
 - name: Configure nginx
  template:
    src: nginx-default.j2
    dest: /etc/nginx/sites-available/default
    mode: u=rw,g=r,o=r
  notify: "Reload web services"
 - name: Push website content to the web root
  template:
    src: index.html.j2
    dest: /var/www/html/index.html
    mode: u=rw,g=r,o=r
 - name: Firewall - Allow website connections
  ufw:
    rule: allow
    port: "{{ http_port }}"
--- a/chapter09/roles/webserver/templates/index.html.j2
+++ b/chapter09/roles/webserver/templates/index.html.j2
@ -0,0 +1,16 @@
 My website, served from {{ inventory_hostname }}
 <p>
 IP Addresses:<br />
 {% for ip in ansible_all_ipv4_addresses %}
    {{ ip }}<br />
 {% endfor %}
 </p>
 <p>
 Operating System:<br />
 {% for key, value in ansible_lsb.items() %}
    {{ key }}: {{ value }}<br />
 {% endfor %}
 </p>
--- a/chapter09/roles/webserver/templates/nginx-default.j2
+++ b/chapter09/roles/webserver/templates/nginx-default.j2
@ -0,0 +1,14 @@
 server {
  listen {{ http_port }} default_server;
  root /var/www/html;
  server_name _;
  {% if status_url is defined -%}
  location /{{ status_url | default('status') }} {
    stub_status on;
  }
  {%- endif %}
 }
--- a/chapter09/webservers.yml
+++ b/chapter09/webservers.yml
@ -0,0 +1,8 @@
 ---
 - hosts: webservers
  become: true
  tasks:
    - name: Build webservers
      include_role:
        name: webserver
--- a/chapter10/ansible.cfg
+++ b/chapter10/ansible.cfg
@ -0,0 +1,4 @@
 [defaults]
 host_key_checking = false
 inventory = inventory
 stdout_callback = yaml
--- a/chapter10/inventory/group_vars/all
+++ b/chapter10/inventory/group_vars/all
@ -0,0 +1,3 @@
 ---
 http_port: 80
 https_port: 443
--- a/chapter10/inventory/group_vars/webservers
+++ b/chapter10/inventory/group_vars/webservers
@ -0,0 +1,2 @@
 ---
 http_port: 8080
--- a/chapter10/inventory/load_balancers
+++ b/chapter10/inventory/load_balancers
@ -0,0 +1,4 @@
 load_balancers:
  hosts:
    lb-001.local:
--- a/chapter10/inventory/webservers
+++ b/chapter10/inventory/webservers
@ -0,0 +1,6 @@
 ---
 webservers:
  hosts:
    web-001.local:
    web-002.local:
      status_url: "status"
--- a/chapter10/provision.yml
+++ b/chapter10/provision.yml
@ -0,0 +1,20 @@
 ---
 - hosts: webservers
  become: true
  tasks:
    - name: Build webservers
      include_role:
        name: webserver
      tags:
        - always
 - hosts: load_balancers
  become: true
  tasks:
    - name: Build load balancers
      include_role:
        name: load_balancer
      tags:
        - always
--- a/chapter10/roles/firewall/tasks/main.yml
+++ b/chapter10/roles/firewall/tasks/main.yml
@ -0,0 +1,15 @@
 ---
 - name: Firewall - Allow SSH connections
  ufw:
    rule: allow
    name: OpenSSH
  tags:
    - firewall
 - name: Firewall - Deny everything else
  ufw:
    state: enabled
    policy: deny
  tags:
    - firewall
--- a/chapter10/roles/load_balancer/handlers/main.yml
+++ b/chapter10/roles/load_balancer/handlers/main.yml
@ -0,0 +1,6 @@
 ---
 - name: Reload HAProxy
  service:
    name: haproxy
    state: reloaded
--- a/chapter10/roles/load_balancer/meta/main.yml
+++ b/chapter10/roles/load_balancer/meta/main.yml
@ -0,0 +1,3 @@
 ---
 dependencies:
  - role: firewall
--- a/chapter10/roles/load_balancer/tasks/main.yml
+++ b/chapter10/roles/load_balancer/tasks/main.yml
@ -0,0 +1,42 @@
 ---
 - name: Install HAProxy
  apt:
    name: haproxy
    state: present
    cache_valid_time: 60
 - name: Create configuration directory
  file:
    path: /etc/haproxy/fragments
    state: directory
 - name: Copy original configuration file
  copy:
    src: /etc/haproxy/haproxy.cfg
    dest: /etc/haproxy/fragments/00_defaults.cfg
    remote_src: yes
    force: no
 - name: Setup frontends
  template:
    src: frontends.cfg.j2
    dest: /etc/haproxy/fragments/40_frontends.cfg
 - name: Build configuration from fragments
  assemble:
    src: /etc/haproxy/fragments/
    dest: /etc/haproxy/haproxy.cfg
    validate: "haproxy -f %s -c"
  notify: Reload HAProxy
 - name: Firewall - Allow website connections
  ufw:
    rule: allow
    port: "{{ item }}"
  loop:
    - "{{ http_port }}"
    - "{{ https_port }}"
  tags:
    - firewall
--- a/chapter10/roles/load_balancer/templates/backends.cfg.j2
+++ b/chapter10/roles/load_balancer/templates/backends.cfg.j2
@ -0,0 +1,6 @@
 backend web_servers
    balance roundrobin
    {% for host in groups.webservers %}
    server {{ host }} {{ host }}:{{ hostvars[host].http_port }}
 {% endfor %}
--- a/chapter10/roles/load_balancer/templates/frontend.cfg.j2
+++ b/chapter10/roles/load_balancer/templates/frontend.cfg.j2
@ -0,0 +1,4 @@
 frontend awesome_ansible
    bind *:{{ http_port }}
    stats uri /haproxy?stats
    default_backend web_servers
--- a/chapter10/roles/webserver/defaults/main.yml
+++ b/chapter10/roles/webserver/defaults/main.yml
@ -0,0 +1,2 @@
 ---
 http_port: 80
--- a/chapter10/roles/webserver/handlers/main.yml
+++ b/chapter10/roles/webserver/handlers/main.yml
@ -0,0 +1,15 @@
 ---
 - name: Reload nginx
  service:
    name: nginx
    state: reloaded
  listen: "Reload web services"
 - name: Validate that the http_port is working
  wait_for:
    host: "{{ ansible_host }}"
    port: "{{ http_port }}"
    timeout: 5
  connection: local
  listen: "Reload web services"
--- a/chapter10/roles/webserver/meta/main.yml
+++ b/chapter10/roles/webserver/meta/main.yml
@ -0,0 +1,3 @@
 ---
 dependencies:
  - role: firewall
--- a/chapter10/roles/webserver/tasks/main.yml
+++ b/chapter10/roles/webserver/tasks/main.yml
@ -0,0 +1,25 @@
 - name: Ensure nginx is installed
  apt:
    name: nginx
    state: present
 - name: Configure nginx
  template:
    src: nginx-default.j2
    dest: /etc/nginx/sites-available/default
    mode: u=rw,g=r,o=r
  notify: "Reload web services"
 - name: Push website content to the web root
  template:
    src: index.html.j2
    dest: /var/www/html/index.html
    mode: u=rw,g=r,o=r
 - name: Firewall - Allow website connections
  ufw:
    rule: allow
    port: "{{ http_port }}"
  tags:
    - firewall
--- a/chapter10/roles/webserver/templates/index.html.j2
+++ b/chapter10/roles/webserver/templates/index.html.j2
@ -0,0 +1,16 @@
 My website, served from {{ inventory_hostname }}
 <p>
 IP Addresses:<br />
 {% for ip in ansible_all_ipv4_addresses %}
    {{ ip }}<br />
 {% endfor %}
 </p>
 <p>
 Operating System:<br />
 {% for key, value in ansible_lsb.items() %}
    {{ key }}: {{ value }}<br />
 {% endfor %}
 </p>
--- a/chapter10/roles/webserver/templates/nginx-default.j2
+++ b/chapter10/roles/webserver/templates/nginx-default.j2
@ -0,0 +1,14 @@
 server {
  listen {{ http_port }} default_server;
  root /var/www/html;
  server_name _;
  {% if status_url is defined -%}
  location /{{ status_url | default('status') }} {
    stub_status on;
  }
  {%- endif %}
 }
--- a/chapter11/ansible.cfg
+++ b/chapter11/ansible.cfg
@ -0,0 +1,4 @@
 [defaults]
 host_key_checking = false
 inventory = inventory
 stdout_callback = yaml
--- a/chapter11/inventory/databases
+++ b/chapter11/inventory/databases
@ -0,0 +1,4 @@
 ---
 databases:
  hosts:
    db-001.local:
--- a/chapter11/inventory/group_vars/all
+++ b/chapter11/inventory/group_vars/all
@ -0,0 +1,11 @@
 ---
 http_port: 80
 https_port: 443
 database:
    host: db-001.local
    name: wordpress
    username: wordpress_rw
    password: SomeSuperStrongPassword
    root_password: EvenStrongerPassword
--- a/chapter11/inventory/group_vars/webservers
+++ b/chapter11/inventory/group_vars/webservers
@ -0,0 +1,2 @@
 ---
 http_port: 8080
--- a/chapter11/inventory/load_balancers
+++ b/chapter11/inventory/load_balancers
@ -0,0 +1,4 @@
 load_balancers:
  hosts:
    lb-001.local:
--- a/chapter11/inventory/webservers
+++ b/chapter11/inventory/webservers
@ -0,0 +1,6 @@
 ---
 webservers:
  hosts:
    web-001.local:
    web-002.local:
      status_url: "status"
--- a/chapter11/provision.yml
+++ b/chapter11/provision.yml
@ -0,0 +1,35 @@
 ---
 - hosts: webservers
  become: true
  tasks:
    - name: Build webservers
      include_role:
        name: webserver
      tags:
        - always
    - name: Install Wordpress
      include_role:
        name: wordpress
      tags:
        - always
 - hosts: databases
  become: true
  tasks:
    - name: Build Databases
      include_role:
        name: database
      tags:
        - always
 - hosts: load_balancers
  become: true
  tasks:
    - name: Build load balancers
      include_role:
        name: load_balancer
      tags:
        - always
--- a/chapter11/roles/database/handlers/main.yml
+++ b/chapter11/roles/database/handlers/main.yml
@ -0,0 +1,5 @@
 ---
 - name: Restart MySQL
  service:
    name: mysql
    state: restarted
--- a/chapter11/roles/database/tasks/main.yml
+++ b/chapter11/roles/database/tasks/main.yml
@ -0,0 +1,50 @@
 ---
 - name: Install MySQL
  apt:
    name:
      - mysql-server
      - python3-pymysql
    state: present
 - name: Set the root password
  mysql_user:
    name: root
    password: "{{ database.root_password }}"
    state: present
    login_user: root
    login_password: "{{database.root_password }}"
    login_unix_socket: /var/run/mysqld/mysqld.sock
  no_log: True
 - name: Create the wordpress database
  mysql_db:
    name: "{{ database.name }}"
    state: present
    login_user: root
    login_password: "{{database.root_password }}"
 - name: Create the wordpress user
  mysql_user:
    name: "{{ database.username }}"
    password: "{{database.password }}"
    priv: "{{ database.name }}.*:ALL"
    host: "%"
    state: present
    login_user: root
    login_password: "{{database.root_password }}"
  no_log: True
 - name: Ensure MySQL listens on the network
  lineinfile:
    path: /etc/mysql/mysql.conf.d/mysqld.cnf
    regexp: '^bind-address'
    line: 'bind-address = 0.0.0.0'
  notify:
    - Restart MySQL
 - name: Firewall - Allow database connections
  ufw:
    rule: allow
    port: "3306"
  tags:
    - firewall
--- a/chapter11/roles/firewall/tasks/main.yml
+++ b/chapter11/roles/firewall/tasks/main.yml
@ -0,0 +1,15 @@
 ---
 - name: Firewall - Allow SSH connections
  ufw:
    rule: allow
    name: OpenSSH
  tags:
    - firewall
 - name: Firewall - Deny everything else
  ufw:
    state: enabled
    policy: deny
  tags:
    - firewall
--- a/chapter11/roles/load_balancer/handlers/main.yml
+++ b/chapter11/roles/load_balancer/handlers/main.yml
@ -0,0 +1,6 @@
 ---
 - name: Reload HAProxy
  service:
    name: haproxy
    state: reloaded
--- a/chapter11/roles/load_balancer/meta/main.yml
+++ b/chapter11/roles/load_balancer/meta/main.yml
@ -0,0 +1,3 @@
 ---
 dependencies:
  - role: firewall
--- a/chapter11/roles/load_balancer/tasks/main.yml
+++ b/chapter11/roles/load_balancer/tasks/main.yml
@ -0,0 +1,42 @@
 ---
 - name: Install HAProxy
  apt:
    name: haproxy
    state: present
    cache_valid_time: 60
 - name: Create configuration directory
  file:
    path: /etc/haproxy/fragments
    state: directory
 - name: Copy original configuration file
  copy:
    src: /etc/haproxy/haproxy.cfg
    dest: /etc/haproxy/fragments/00_defaults.cfg
    remote_src: yes
    force: no
 - name: Setup frontends
  template:
    src: frontends.cfg.j2
    dest: /etc/haproxy/fragments/40_frontends.cfg
 - name: Build configuration from fragments
  assemble:
    src: /etc/haproxy/fragments/
    dest: /etc/haproxy/haproxy.cfg
    validate: "haproxy -f %s -c"
  notify: Reload HAProxy
 - name: Firewall - Allow website connections
  ufw:
    rule: allow
    port: "{{ item }}"
  loop:
    - "{{ http_port }}"
    - "{{ https_port }}"
  tags:
    - firewall
--- a/chapter11/roles/load_balancer/templates/backends.cfg.j2
+++ b/chapter11/roles/load_balancer/templates/backends.cfg.j2
@ -0,0 +1,7 @@
 backend web_servers
    balance roundrobin
    cookie SERVERID insert indirect nocache
    {% for host in groups.webservers %}
    server {{ host }} {{ host }}:{{ hostvars[host].http_port }} check cookie {{ host }}
 {% endfor %}
--- a/chapter11/roles/load_balancer/templates/frontend.cfg.j2
+++ b/chapter11/roles/load_balancer/templates/frontend.cfg.j2
@ -0,0 +1,4 @@
 frontend awesome_ansible
    bind *:{{ http_port }}
    stats uri /haproxy?stats
    default_backend web_servers
--- a/Show more
+++ b/Show more
		`@ -0,0 +1,2 @@`
							`# Auto detect text files and perform LF normalization`
							`* text=auto`
		`@ -0,0 +1 @@`
							`This is my website which was setup using Ansible`