From fa898e35867375beff6237dfafa900ce290150f4 Mon Sep 17 00:00:00 2001 From: linhnh90 Date: Tue, 25 May 2021 20:46:25 +0700 Subject: [PATCH 1/5] update script windows server --- ch1-lab-setup/windows/CreateUser.ps1 | 12 +++++++++++ ch1-lab-setup/windows/SETUP.md | 24 +++++++++++++++++++-- ch1-lab-setup/windows/provision.ps1 | 32 ++++++++++++++++++++++++++++ ch1-lab-setup/windows/vagrantfile | 16 ++++++++++++++ 4 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 ch1-lab-setup/windows/CreateUser.ps1 create mode 100644 ch1-lab-setup/windows/provision.ps1 create mode 100644 ch1-lab-setup/windows/vagrantfile diff --git a/ch1-lab-setup/windows/CreateUser.ps1 b/ch1-lab-setup/windows/CreateUser.ps1 new file mode 100644 index 0000000..55584a7 --- /dev/null +++ b/ch1-lab-setup/windows/CreateUser.ps1 @@ -0,0 +1,12 @@ +$password = ConvertTo-SecureString -String "Hoanglinh90" -AsPlainText -Force +$user = Ansible +$op = Get-LocalUser | Where-Object {$_.Name -eq $user} +if (-not $op) +{ + New-LocalUser Ansible -Password $password -FullName "Ansible" -AccountNeverExpires -PasswordNeverExpires -UserMayNotChangePassword -Description "Ansible Account."| Out-Null + Add-LocalGroupMember -Group "Administrators" -Member "Ansible" +} +else +{ + Write-Host "User exited" +} diff --git a/ch1-lab-setup/windows/SETUP.md b/ch1-lab-setup/windows/SETUP.md index db5c65d..c4e31d9 100644 --- a/ch1-lab-setup/windows/SETUP.md +++ b/ch1-lab-setup/windows/SETUP.md @@ -1,10 +1,30 @@ # Lab setup for windows managed node ## Build windows server using Vagrant +run your vagrant Windows2019 +``` bash +vagrant up +Bringing machine 'win2019' up with 'virtualbox' +``` ## Install and configure OpenSSH on windows node -## Copy ssh public key from Ansible control host (ubuntu11) to windows13 +Log in to your VM via RDP + +Download the newest OpenSSH server from GitHub ( https://github.com/PowerShell/Win32-OpenSSH/releases ) +In our case it is v8.1.0.0p1-Beta, 64-bit version. +Open the downloaded file and copy the "OpenSSH-Win64" folder to "C:\Program Files". -## Ssh from ubuntu11 to windows13 without password +```powershell as administrator +setx PATH "$env:path;C:\Program Files\OpenSSH" -m +cd "C:\Program Files\OpenSSH"; .\install-sshd.ps1 +Set-Service sshd -StartupType Automatic; Set-Service ssh-agent -StartupType Automatic; Start-Service sshd; Start-Service ssh-agent +``` +- allow firewall +```powershell as administrator +New-NetFirewallRule -DisplayName "OpenSSH-Server-In-TCP" -Direction Inbound -LocalPort 22 -Protocol TCP -Action Allow +``` + +## Copy ssh public key from Ansible control host (ubuntu11) to windows13 +## Ssh from ubuntu11 to windows13 without password \ No newline at end of file diff --git a/ch1-lab-setup/windows/provision.ps1 b/ch1-lab-setup/windows/provision.ps1 new file mode 100644 index 0000000..2b91a1d --- /dev/null +++ b/ch1-lab-setup/windows/provision.ps1 @@ -0,0 +1,32 @@ +$opensshDir = "C:\Program Files\OpenSSH" +if (-not (Test-Path $opensshDir)) +{ + ## Define the OpenSSH latest release url + $url = 'https://github.com/PowerShell/Win32-OpenSSH/releases/latest/' + ## Create a web request to retrieve the latest release download link + $request = [System.Net.WebRequest]::Create($url) + $request.AllowAutoRedirect=$false + $response=$request.GetResponse() + $source = $([String]$response.GetResponseHeader("Location")).Replace('tag','download') + '/OpenSSH-Win64.zip' + ## Download the latest OpenSSH for Windows package to the current working directory + $webClient = [System.Net.WebClient]::new() + $webClient.DownloadFile($source, (Get-Location).Path + '\OpenSSH-Win64.zip') + + Get-ChildItem *.zip + # Extract the ZIP to a temporary location + Expand-Archive -Path .\OpenSSH-Win64.zip -DestinationPath ($env:temp) -Force + # Move the extracted ZIP contents from the temporary location to C:\Program Files\OpenSSH\ + Move-Item "$($env:temp)\OpenSSH-Win64" -Destination "C:\Program Files\OpenSSH\" -Force + # Unblock the files in C:\Program Files\OpenSSH\ + Get-ChildItem -Path "C:\Program Files\OpenSSH\" | Unblock-File + & 'C:\Program Files\OpenSSH\install-sshd.ps1' + ## changes the sshd service's startup type from manual to automatic. + Set-Service sshd -StartupType Automatic + ## starts the sshd service. + Start-Service sshd + New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH +} +else +{ + Write-Host "Openssh is already installed" +} diff --git a/ch1-lab-setup/windows/vagrantfile b/ch1-lab-setup/windows/vagrantfile new file mode 100644 index 0000000..1f0a1e1 --- /dev/null +++ b/ch1-lab-setup/windows/vagrantfile @@ -0,0 +1,16 @@ +Vagrant.configure("2") do |config| + n=1 + (1..n).each do |i| + config.vm.define "srv2019#{i+30}" do | srv | + srv.vm.box = "StefanScherer/windows_2019" + srv.vm.network "private_network", ip: "192.168.100.#{i+30}" + end + end + config.vm.provider "virtualbox" do |v| + v.memory =1028 + v.cpus = 2 + end + config.vm.provision "shell", path: "CreateUser.ps1" + config.vm.provision "shell", path: "provision.ps1" + +end From 9b6dc5a92da6cf132e93ef8321df62ef6b5301ff Mon Sep 17 00:00:00 2001 From: linhnh90 Date: Thu, 27 May 2021 23:15:16 +0700 Subject: [PATCH 2/5] update vagrant file --- .../2021-05-25-15-42-24.077-VBoxSVC-7983.log | 7 +++++++ .../windows/{provision.ps1 => OpenSSH.ps1} | 0 ch1-lab-setup/windows/SETUP.md | 12 ++++++++++-- ch1-lab-setup/windows/playbook.yml | 8 ++++++++ ch1-lab-setup/windows/vagrantfile | 19 +++++++++++-------- 5 files changed, 36 insertions(+), 10 deletions(-) create mode 100644 ch1-lab-setup/windows/2021-05-25-15-42-24.077-VBoxSVC-7983.log rename ch1-lab-setup/windows/{provision.ps1 => OpenSSH.ps1} (100%) create mode 100644 ch1-lab-setup/windows/playbook.yml diff --git a/ch1-lab-setup/windows/2021-05-25-15-42-24.077-VBoxSVC-7983.log b/ch1-lab-setup/windows/2021-05-25-15-42-24.077-VBoxSVC-7983.log new file mode 100644 index 0000000..4471489 --- /dev/null +++ b/ch1-lab-setup/windows/2021-05-25-15-42-24.077-VBoxSVC-7983.log @@ -0,0 +1,7 @@ +Log created: 2021-05-25T15:42:24.773837000Z +Process ID: 7983 (0x1f2f) +Parent PID: 2118 (0x846) +Executable: /usr/lib/virtualbox/VBoxSVC +Arg[0]: /usr/lib/virtualbox/VBoxSVC +Arg[1]: --auto-shutdown +AddRef: illegal refcnt=3221225469 state=2 diff --git a/ch1-lab-setup/windows/provision.ps1 b/ch1-lab-setup/windows/OpenSSH.ps1 similarity index 100% rename from ch1-lab-setup/windows/provision.ps1 rename to ch1-lab-setup/windows/OpenSSH.ps1 diff --git a/ch1-lab-setup/windows/SETUP.md b/ch1-lab-setup/windows/SETUP.md index c4e31d9..65eb722 100644 --- a/ch1-lab-setup/windows/SETUP.md +++ b/ch1-lab-setup/windows/SETUP.md @@ -9,8 +9,6 @@ Bringing machine 'win2019' up with 'virtualbox' ## Install and configure OpenSSH on windows node -Log in to your VM via RDP - Download the newest OpenSSH server from GitHub ( https://github.com/PowerShell/Win32-OpenSSH/releases ) In our case it is v8.1.0.0p1-Beta, 64-bit version. Open the downloaded file and copy the "OpenSSH-Win64" folder to "C:\Program Files". @@ -26,5 +24,15 @@ New-NetFirewallRule -DisplayName "OpenSSH-Server-In-TCP" -Direction Inbound -Loc ``` ## Copy ssh public key from Ansible control host (ubuntu11) to windows13 +SSH to VM +```create SSH-Keygen +ssh-keygen +## powershell module install Repair-AuthorizedKeyPermission +Install-Module -Force OpenSSHUtils -Scope AllUsers +``` +```copy public key from ansible control host to windows server 2019 revise your located link on control host +scp /home/linhnh/.ssh/id_rsa.pub Ansible@192.168.100.31:C:\Users\ansible\.ssh\authorized_keys +ssh --% Ansible@192.168.100.31 powershell -c $ConfirmPreference = 'None'; Repair-AuthorizedKeyPermission C:\Users\ansible\.ssh\authorized_keys +``` ## Ssh from ubuntu11 to windows13 without password \ No newline at end of file diff --git a/ch1-lab-setup/windows/playbook.yml b/ch1-lab-setup/windows/playbook.yml new file mode 100644 index 0000000..dea2ca5 --- /dev/null +++ b/ch1-lab-setup/windows/playbook.yml @@ -0,0 +1,8 @@ +- name: Ensure user Ansible is present + ansible.windows.win_user: + name: Ansible + password: Hoanglinh90 + state: present + password_expired: yes + groups: + - Administrator \ No newline at end of file diff --git a/ch1-lab-setup/windows/vagrantfile b/ch1-lab-setup/windows/vagrantfile index 1f0a1e1..83f4c6d 100644 --- a/ch1-lab-setup/windows/vagrantfile +++ b/ch1-lab-setup/windows/vagrantfile @@ -1,16 +1,19 @@ Vagrant.configure("2") do |config| - n=1 - (1..n).each do |i| - config.vm.define "srv2019#{i+30}" do | srv | - srv.vm.box = "StefanScherer/windows_2019" - srv.vm.network "private_network", ip: "192.168.100.#{i+30}" - end + config.vm.define "srv2019" do | srv | + srv.vm.box = "StefanScherer/windows_2019" + srv.vm.network "private_network", ip: "192.168.100.31" end config.vm.provider "virtualbox" do |v| v.memory =1028 v.cpus = 2 end config.vm.provision "shell", path: "CreateUser.ps1" - config.vm.provision "shell", path: "provision.ps1" - + config.vm.provision "shell", path: "OpenSSH.ps1" + # config.vm.synced_folder ".", "/vagrant" + # config.vm.provision "ansible_local" do |ansible| + # ansible.install_mode = "pip" + # ansible.become = true + # ansible.verbose = "vv" + # ansible.playbook = "playbook.yml" + # end end From 38713847bd24b652cabedc72020b6adf237a28ee Mon Sep 17 00:00:00 2001 From: linhnh90 Date: Sun, 30 May 2021 07:42:05 +0700 Subject: [PATCH 3/5] update config hostname --- ch1-lab-setup/vagrant/vagrantfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ch1-lab-setup/vagrant/vagrantfile b/ch1-lab-setup/vagrant/vagrantfile index c0e9f9a..2954eac 100644 --- a/ch1-lab-setup/vagrant/vagrantfile +++ b/ch1-lab-setup/vagrant/vagrantfile @@ -1,23 +1,24 @@ # This homelab consists of 4 linux VMs (2xCentOS + 2xUbuntu) Vagrant.configure("2") do |config| - n=2 + n=1 (1..n).each do |i| config.vm.define "ubuntu#{i+10}" do | ubuntu | ubuntu.vm.box = "ubuntu/bionic64" + ubuntu.vm.hostname = "ubuntu#{i+10}" ubuntu.vm.network "private_network", ip: "192.168.100.#{i+10}" end config.vm.define "centos#{i+20}" do | centos | centos.vm.box = "centos/7" + centos.vm.hostname = "centos#{i+20}" centos.vm.network "private_network", ip: "192.168.100.#{i+20}" end end config.vm.box_check_update = false config.vm.provider "virtualbox" do |v| - v.memory = 8192 - v.cpus = 4 - + v.memory = 1028 + v.cpus = 1 end end From 57418c0d995196fabff8cd88e2e2dfc8e51088bb Mon Sep 17 00:00:00 2001 From: linhnh90 Date: Sun, 30 May 2021 07:43:32 +0700 Subject: [PATCH 4/5] add inventory.yml --- ch1-lab-setup/Vagrantfile | 70 +++++++++++++++++++++++++++ ch1-lab-setup/vagrant/playbook.yml | 0 ch2-inventory/inventory/inventory.yml | 12 +++++ 3 files changed, 82 insertions(+) create mode 100644 ch1-lab-setup/Vagrantfile create mode 100644 ch1-lab-setup/vagrant/playbook.yml create mode 100644 ch2-inventory/inventory/inventory.yml diff --git a/ch1-lab-setup/Vagrantfile b/ch1-lab-setup/Vagrantfile new file mode 100644 index 0000000..cb9d9ff --- /dev/null +++ b/ch1-lab-setup/Vagrantfile @@ -0,0 +1,70 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://vagrantcloud.com/search. + config.vm.box = "base" + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # NOTE: This will enable public access to the opened port + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine and only allow access + # via 127.0.0.1 to disable public access + # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + # config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = true + # + # # Customize the amount of memory on the VM: + # vb.memory = "1024" + # end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Enable provisioning with a shell script. Additional provisioners such as + # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the + # documentation for more information about their specific syntax and use. + # config.vm.provision "shell", inline: <<-SHELL + # apt-get update + # apt-get install -y apache2 + # SHELL +end diff --git a/ch1-lab-setup/vagrant/playbook.yml b/ch1-lab-setup/vagrant/playbook.yml new file mode 100644 index 0000000..e69de29 diff --git a/ch2-inventory/inventory/inventory.yml b/ch2-inventory/inventory/inventory.yml new file mode 100644 index 0000000..11e4d4b --- /dev/null +++ b/ch2-inventory/inventory/inventory.yml @@ -0,0 +1,12 @@ +all: + hosts: + fakehost.local: + children: + ubuntu: + hosts: + ubuntu11: + ansible_host: 192.168.100.11 + centos: + hosts: + centos21: + ansible_host: 192.168.100.21 \ No newline at end of file From f05ca216fa2a113279bf66e1f819d6eac815cd6c Mon Sep 17 00:00:00 2001 From: linhnh90 Date: Mon, 31 May 2021 21:12:56 +0700 Subject: [PATCH 5/5] upate gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 42b4424..70ef5aa 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ **/.vagrant/ **/*.retry *-console.log +*.log \ No newline at end of file