diff --git a/.gitignore b/.gitignore index 42b4424..70ef5aa 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ **/.vagrant/ **/*.retry *-console.log +*.log \ No newline at end of file diff --git a/ch1-lab-setup/Vagrantfile b/ch1-lab-setup/Vagrantfile new file mode 100644 index 0000000..cb9d9ff --- /dev/null +++ b/ch1-lab-setup/Vagrantfile @@ -0,0 +1,70 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://vagrantcloud.com/search. + config.vm.box = "base" + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # NOTE: This will enable public access to the opened port + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine and only allow access + # via 127.0.0.1 to disable public access + # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + # config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = true + # + # # Customize the amount of memory on the VM: + # vb.memory = "1024" + # end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Enable provisioning with a shell script. Additional provisioners such as + # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the + # documentation for more information about their specific syntax and use. + # config.vm.provision "shell", inline: <<-SHELL + # apt-get update + # apt-get install -y apache2 + # SHELL +end diff --git a/ch1-lab-setup/vagrant/playbook.yml b/ch1-lab-setup/vagrant/playbook.yml new file mode 100644 index 0000000..e69de29 diff --git a/ch1-lab-setup/vagrant/vagrantfile b/ch1-lab-setup/vagrant/vagrantfile index c0e9f9a..2954eac 100644 --- a/ch1-lab-setup/vagrant/vagrantfile +++ b/ch1-lab-setup/vagrant/vagrantfile @@ -1,23 +1,24 @@ # This homelab consists of 4 linux VMs (2xCentOS + 2xUbuntu) Vagrant.configure("2") do |config| - n=2 + n=1 (1..n).each do |i| config.vm.define "ubuntu#{i+10}" do | ubuntu | ubuntu.vm.box = "ubuntu/bionic64" + ubuntu.vm.hostname = "ubuntu#{i+10}" ubuntu.vm.network "private_network", ip: "192.168.100.#{i+10}" end config.vm.define "centos#{i+20}" do | centos | centos.vm.box = "centos/7" + centos.vm.hostname = "centos#{i+20}" centos.vm.network "private_network", ip: "192.168.100.#{i+20}" end end config.vm.box_check_update = false config.vm.provider "virtualbox" do |v| - v.memory = 8192 - v.cpus = 4 - + v.memory = 1028 + v.cpus = 1 end end diff --git a/ch1-lab-setup/windows/2021-05-25-15-42-24.077-VBoxSVC-7983.log b/ch1-lab-setup/windows/2021-05-25-15-42-24.077-VBoxSVC-7983.log new file mode 100644 index 0000000..4471489 --- /dev/null +++ b/ch1-lab-setup/windows/2021-05-25-15-42-24.077-VBoxSVC-7983.log @@ -0,0 +1,7 @@ +Log created: 2021-05-25T15:42:24.773837000Z +Process ID: 7983 (0x1f2f) +Parent PID: 2118 (0x846) +Executable: /usr/lib/virtualbox/VBoxSVC +Arg[0]: /usr/lib/virtualbox/VBoxSVC +Arg[1]: --auto-shutdown +AddRef: illegal refcnt=3221225469 state=2 diff --git a/ch1-lab-setup/windows/CreateUser.ps1 b/ch1-lab-setup/windows/CreateUser.ps1 new file mode 100644 index 0000000..55584a7 --- /dev/null +++ b/ch1-lab-setup/windows/CreateUser.ps1 @@ -0,0 +1,12 @@ +$password = ConvertTo-SecureString -String "Hoanglinh90" -AsPlainText -Force +$user = Ansible +$op = Get-LocalUser | Where-Object {$_.Name -eq $user} +if (-not $op) +{ + New-LocalUser Ansible -Password $password -FullName "Ansible" -AccountNeverExpires -PasswordNeverExpires -UserMayNotChangePassword -Description "Ansible Account."| Out-Null + Add-LocalGroupMember -Group "Administrators" -Member "Ansible" +} +else +{ + Write-Host "User exited" +} diff --git a/ch1-lab-setup/windows/OpenSSH.ps1 b/ch1-lab-setup/windows/OpenSSH.ps1 new file mode 100644 index 0000000..2b91a1d --- /dev/null +++ b/ch1-lab-setup/windows/OpenSSH.ps1 @@ -0,0 +1,32 @@ +$opensshDir = "C:\Program Files\OpenSSH" +if (-not (Test-Path $opensshDir)) +{ + ## Define the OpenSSH latest release url + $url = 'https://github.com/PowerShell/Win32-OpenSSH/releases/latest/' + ## Create a web request to retrieve the latest release download link + $request = [System.Net.WebRequest]::Create($url) + $request.AllowAutoRedirect=$false + $response=$request.GetResponse() + $source = $([String]$response.GetResponseHeader("Location")).Replace('tag','download') + '/OpenSSH-Win64.zip' + ## Download the latest OpenSSH for Windows package to the current working directory + $webClient = [System.Net.WebClient]::new() + $webClient.DownloadFile($source, (Get-Location).Path + '\OpenSSH-Win64.zip') + + Get-ChildItem *.zip + # Extract the ZIP to a temporary location + Expand-Archive -Path .\OpenSSH-Win64.zip -DestinationPath ($env:temp) -Force + # Move the extracted ZIP contents from the temporary location to C:\Program Files\OpenSSH\ + Move-Item "$($env:temp)\OpenSSH-Win64" -Destination "C:\Program Files\OpenSSH\" -Force + # Unblock the files in C:\Program Files\OpenSSH\ + Get-ChildItem -Path "C:\Program Files\OpenSSH\" | Unblock-File + & 'C:\Program Files\OpenSSH\install-sshd.ps1' + ## changes the sshd service's startup type from manual to automatic. + Set-Service sshd -StartupType Automatic + ## starts the sshd service. + Start-Service sshd + New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH +} +else +{ + Write-Host "Openssh is already installed" +} diff --git a/ch1-lab-setup/windows/SETUP.md b/ch1-lab-setup/windows/SETUP.md index db5c65d..65eb722 100644 --- a/ch1-lab-setup/windows/SETUP.md +++ b/ch1-lab-setup/windows/SETUP.md @@ -1,10 +1,38 @@ # Lab setup for windows managed node ## Build windows server using Vagrant +run your vagrant Windows2019 +``` bash +vagrant up +Bringing machine 'win2019' up with 'virtualbox' +``` ## Install and configure OpenSSH on windows node -## Copy ssh public key from Ansible control host (ubuntu11) to windows13 +Download the newest OpenSSH server from GitHub ( https://github.com/PowerShell/Win32-OpenSSH/releases ) +In our case it is v8.1.0.0p1-Beta, 64-bit version. +Open the downloaded file and copy the "OpenSSH-Win64" folder to "C:\Program Files". + +```powershell as administrator +setx PATH "$env:path;C:\Program Files\OpenSSH" -m +cd "C:\Program Files\OpenSSH"; .\install-sshd.ps1 +Set-Service sshd -StartupType Automatic; Set-Service ssh-agent -StartupType Automatic; Start-Service sshd; Start-Service ssh-agent +``` +- allow firewall +```powershell as administrator +New-NetFirewallRule -DisplayName "OpenSSH-Server-In-TCP" -Direction Inbound -LocalPort 22 -Protocol TCP -Action Allow +``` -## Ssh from ubuntu11 to windows13 without password +## Copy ssh public key from Ansible control host (ubuntu11) to windows13 +SSH to VM +```create SSH-Keygen +ssh-keygen +## powershell module install Repair-AuthorizedKeyPermission +Install-Module -Force OpenSSHUtils -Scope AllUsers +``` +```copy public key from ansible control host to windows server 2019 revise your located link on control host +scp /home/linhnh/.ssh/id_rsa.pub Ansible@192.168.100.31:C:\Users\ansible\.ssh\authorized_keys +ssh --% Ansible@192.168.100.31 powershell -c $ConfirmPreference = 'None'; Repair-AuthorizedKeyPermission C:\Users\ansible\.ssh\authorized_keys +``` +## Ssh from ubuntu11 to windows13 without password \ No newline at end of file diff --git a/ch1-lab-setup/windows/playbook.yml b/ch1-lab-setup/windows/playbook.yml new file mode 100644 index 0000000..dea2ca5 --- /dev/null +++ b/ch1-lab-setup/windows/playbook.yml @@ -0,0 +1,8 @@ +- name: Ensure user Ansible is present + ansible.windows.win_user: + name: Ansible + password: Hoanglinh90 + state: present + password_expired: yes + groups: + - Administrator \ No newline at end of file diff --git a/ch1-lab-setup/windows/vagrantfile b/ch1-lab-setup/windows/vagrantfile new file mode 100644 index 0000000..83f4c6d --- /dev/null +++ b/ch1-lab-setup/windows/vagrantfile @@ -0,0 +1,19 @@ +Vagrant.configure("2") do |config| + config.vm.define "srv2019" do | srv | + srv.vm.box = "StefanScherer/windows_2019" + srv.vm.network "private_network", ip: "192.168.100.31" + end + config.vm.provider "virtualbox" do |v| + v.memory =1028 + v.cpus = 2 + end + config.vm.provision "shell", path: "CreateUser.ps1" + config.vm.provision "shell", path: "OpenSSH.ps1" + # config.vm.synced_folder ".", "/vagrant" + # config.vm.provision "ansible_local" do |ansible| + # ansible.install_mode = "pip" + # ansible.become = true + # ansible.verbose = "vv" + # ansible.playbook = "playbook.yml" + # end +end diff --git a/ch2-inventory/inventory/inventory.yml b/ch2-inventory/inventory/inventory.yml new file mode 100644 index 0000000..11e4d4b --- /dev/null +++ b/ch2-inventory/inventory/inventory.yml @@ -0,0 +1,12 @@ +all: + hosts: + fakehost.local: + children: + ubuntu: + hosts: + ubuntu11: + ansible_host: 192.168.100.11 + centos: + hosts: + centos21: + ansible_host: 192.168.100.21 \ No newline at end of file