Linhnh exercise 01 inventory yml

.gitignore

@@ -1,3 +1,4 @@
 **/.vagrant/
 **/*.retry
 *-console.log
+*.log

ch1-lab-setup/Vagrantfile

@@ -0,0 +1,70 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "base"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  # config.vm.provision "shell", inline: <<-SHELL
+  #   apt-get update
+  #   apt-get install -y apache2
+  # SHELL
+end

ch1-lab-setup/vagrant/vagrantfile

@@ -1,23 +1,24 @@
 # This homelab consists of 4 linux VMs (2xCentOS + 2xUbuntu)
 Vagrant.configure("2") do |config|
-    n=2
+    n=1
     (1..n).each do |i|
         config.vm.define "ubuntu#{i+10}" do | ubuntu |
             ubuntu.vm.box = "ubuntu/bionic64"
+            ubuntu.vm.hostname = "ubuntu#{i+10}"
             ubuntu.vm.network "private_network", ip: "192.168.100.#{i+10}"
         end
 
         config.vm.define "centos#{i+20}" do | centos |
             centos.vm.box = "centos/7"
+            centos.vm.hostname = "centos#{i+20}"
             centos.vm.network "private_network", ip: "192.168.100.#{i+20}"
         end
     end 
 
     config.vm.box_check_update = false
     config.vm.provider "virtualbox" do |v|
-        v.memory = 8192
-        v.cpus = 4
-
+        v.memory = 1028
+        v.cpus = 1
     end
 
   end

ch1-lab-setup/windows/2021-05-25-15-42-24.077-VBoxSVC-7983.log

@@ -0,0 +1,7 @@
+Log created: 2021-05-25T15:42:24.773837000Z
+Process ID:  7983 (0x1f2f)
+Parent PID:  2118 (0x846)
+Executable:  /usr/lib/virtualbox/VBoxSVC
+Arg[0]: /usr/lib/virtualbox/VBoxSVC
+Arg[1]: --auto-shutdown
+AddRef: illegal refcnt=3221225469 state=2

ch1-lab-setup/windows/CreateUser.ps1

@@ -0,0 +1,12 @@
+$password = ConvertTo-SecureString -String "Hoanglinh90" -AsPlainText -Force
+$user = Ansible
+$op = Get-LocalUser | Where-Object {$_.Name -eq $user}
+if (-not $op)
+{
+    New-LocalUser Ansible -Password $password -FullName "Ansible" -AccountNeverExpires -PasswordNeverExpires -UserMayNotChangePassword -Description "Ansible Account."| Out-Null
+    Add-LocalGroupMember -Group "Administrators" -Member "Ansible"
+}
+else
+{
+    Write-Host "User exited"
+}

ch1-lab-setup/windows/OpenSSH.ps1

@@ -0,0 +1,32 @@
+$opensshDir = "C:\Program Files\OpenSSH"
+if (-not (Test-Path $opensshDir))
+{
+	## Define the OpenSSH latest release url
+	$url = 'https://github.com/PowerShell/Win32-OpenSSH/releases/latest/'
+	## Create a web request to retrieve the latest release download link
+	$request = [System.Net.WebRequest]::Create($url)
+	$request.AllowAutoRedirect=$false
+	$response=$request.GetResponse()
+	$source = $([String]$response.GetResponseHeader("Location")).Replace('tag','download') + '/OpenSSH-Win64.zip'
+	## Download the latest OpenSSH for Windows package to the current working directory
+	$webClient = [System.Net.WebClient]::new()
+	$webClient.DownloadFile($source, (Get-Location).Path + '\OpenSSH-Win64.zip')
+
+	Get-ChildItem *.zip
+	# Extract the ZIP to a temporary location
+	Expand-Archive -Path .\OpenSSH-Win64.zip -DestinationPath ($env:temp) -Force
+	# Move the extracted ZIP contents from the temporary location to C:\Program Files\OpenSSH\
+	Move-Item "$($env:temp)\OpenSSH-Win64" -Destination "C:\Program Files\OpenSSH\" -Force
+	# Unblock the files in C:\Program Files\OpenSSH\
+	Get-ChildItem -Path "C:\Program Files\OpenSSH\" | Unblock-File
+	& 'C:\Program Files\OpenSSH\install-sshd.ps1'
+	## changes the sshd service's startup type from manual to automatic.
+	Set-Service sshd -StartupType Automatic
+	## starts the sshd service.
+	Start-Service sshd
+	New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
+}
+else
+{
+	Write-Host "Openssh is already installed"
+}

ch1-lab-setup/windows/SETUP.md

@@ -1,10 +1,38 @@
 # Lab setup for windows managed node
 
 ## Build windows server using Vagrant
+run your vagrant Windows2019
+``` bash
+vagrant up
+Bringing machine 'win2019' up with 'virtualbox'
+```
 
 ## Install and configure OpenSSH on windows node
 
-## Copy ssh public key from Ansible control host (ubuntu11) to windows13
+Download the newest OpenSSH server from GitHub ( https://github.com/PowerShell/Win32-OpenSSH/releases )
+In our case it is v8.1.0.0p1-Beta, 64-bit version.
+Open the downloaded file and copy the "OpenSSH-Win64" folder to "C:\Program Files".
+
+```powershell as administrator
+setx PATH "$env:path;C:\Program Files\OpenSSH" -m
+cd "C:\Program Files\OpenSSH"; .\install-sshd.ps1
+Set-Service sshd -StartupType Automatic; Set-Service ssh-agent -StartupType Automatic; Start-Service sshd; Start-Service ssh-agent
+```
+- allow firewall
+```powershell as administrator
+New-NetFirewallRule -DisplayName "OpenSSH-Server-In-TCP" -Direction Inbound -LocalPort 22 -Protocol TCP -Action Allow
+```
 
-## Ssh from ubuntu11 to windows13 without password
+## Copy ssh public key from Ansible control host (ubuntu11) to windows13
+SSH to VM
+```create SSH-Keygen
+ssh-keygen
+## powershell module install Repair-AuthorizedKeyPermission
+Install-Module -Force OpenSSHUtils -Scope AllUsers
+```
+```copy public key from ansible control host to windows server 2019 revise your located link on control host
+scp /home/linhnh/.ssh/id_rsa.pub  Ansible@192.168.100.31:C:\Users\ansible\.ssh\authorized_keys
+ssh --% Ansible@192.168.100.31 powershell -c $ConfirmPreference = 'None'; Repair-AuthorizedKeyPermission C:\Users\ansible\.ssh\authorized_keys
 
+```
+## Ssh from ubuntu11 to windows13 without password

ch1-lab-setup/windows/playbook.yml

@@ -0,0 +1,8 @@
+- name: Ensure user Ansible is present
+  ansible.windows.win_user:
+    name: Ansible
+    password: Hoanglinh90
+    state: present
+    password_expired: yes
+    groups:
+      - Administrator

ch1-lab-setup/windows/vagrantfile

@@ -0,0 +1,19 @@
+Vagrant.configure("2") do |config|
+    config.vm.define "srv2019" do | srv |
+        srv.vm.box = "StefanScherer/windows_2019"
+        srv.vm.network "private_network", ip: "192.168.100.31"
+    end
+    config.vm.provider "virtualbox" do |v|
+        v.memory =1028
+        v.cpus = 2
+    end
+    config.vm.provision "shell", path: "CreateUser.ps1"
+    config.vm.provision "shell", path: "OpenSSH.ps1"
+    # config.vm.synced_folder ".", "/vagrant"
+    # config.vm.provision "ansible_local" do |ansible|
+    #     ansible.install_mode = "pip"
+    #     ansible.become    = true
+    #     ansible.verbose = "vv"
+    #     ansible.playbook = "playbook.yml"
+    # end
+end

ch2-inventory/inventory/inventory.yml

@@ -0,0 +1,12 @@
+all:
+  hosts:
+    fakehost.local:
+  children:
+    ubuntu:
+      hosts:
+        ubuntu11:
+          ansible_host: 192.168.100.11
+    centos:
+      hosts:
+        centos21:
+          ansible_host: 192.168.100.21