Lab-11 Files

c9626edb · Bradon Ladd · 44f3d022 · c9626edb · c9626edb · c9626edb
Commit c9626edb authored Feb 21, 2022 by Bradon Ladd
9 changed files
--- a/lab-11/files/01-netcfg.yaml
+++ b/lab-11/files/01-netcfg.yaml
+# This file describes the network interfaces available on your system
+# For more information, see netplan(5).
+network:
+  ethernets:
+    ens18:
+      nameservers:
+          search: [ cs.wallawalla.edu wallawalla.edu ]
+          addresses:
+              - "172.27.2.1"
+              - "172.20.1.11"
+              - "10.10.10.1"
\ No newline at end of file
--- a/lab-11/files/apache.conf.j2
+++ b/lab-11/files/apache.conf.j2
+<VirtualHost *:{{ http_port }}>
+    ServerAdmin webmaster@localhost
+    ServerName {{ http_host }}
+    ServerAlias www.{{ http_host }}
+    DocumentRoot /var/www/{{ http_host }}
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
--- a/lab-11/files/id_rsa
+++ b/lab-11/files/id_rsa
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAxkj+Jm24w6fCvShFhiUNeRL+H0PJ4aZjTl3r5OYAXFhWe/g2
+YdeBgCsYVj87d/z0106TP70Iv+K7zdFe2zhKDCHW3o3lRbVG+EORwnM8omxAuWuo
+9qaQ6eMcLKE90duxQBXfoQgGbHVD9ZP+o1K9G4wiP47GsD/Wah+k9uFKYp96chMI
+odyH3G/HWgIVRIohBwfkoCUE4D5lpSQznQFUATN97/L6G0g5Aq+h3IfQBYRJJiKz
+/jFE00PCDG86kRs3dAVFq/M76dqqVEPu4KtqzblK1M0BEpJPN2r/1+81yodypHON
+WNShofZQXy8ftKzbXEdvusj/PV/rBvfnwVDZ4QIDAQABAoIBAGYp38EfEW7F9kGO
+CVxXpPx3+7VSMSdxmoMbQ1q54v+xiEXxmtuItTG7gpuVkud8zw5MbvQNSv/LK+ac
+9NnQw95CZTpgM/xZrYpnDif5RgmN6z9eKD2Fju7jVHXuUjLZlhcl7gZDY0Pom65h
+pXazP7p81nyW7OqMycX+LfoCFFiBWNrOkNVZp4UxqKoHsTmHBalZhO5IzowWv9go
+8ad51S+txMecFcxxI7ztecZMDak31IXa961nmW849F5/xvGCEt/CLlfDbYmCfwdt
+VlkJhdn1o5ILZXWAs3MMxe8UnQE3sIrOvAtabD+ODZJAQ+060PgqhO+KMU3QUj1J
+amc5VUECgYEA5QZvwC9ArLZffWVepOJS48xjiRlX/t9ji4KfVYz/P74AMdrq9tH+
+QPYWofDPdh8LxKKeoKfb6i4RclQZiq8CsjHuu4LjWe8djpWvfseKRvwYT/yil5J6
+u1ygZ7evNFY77KJVLuAdD/n8aa5mD2AZ6pvEonR8qrXC5gknJ8A7fBkCgYEA3aOv
+BYzjxCuz6ykbOvDhS52dii0bk0SKAUFgdJ4h3tFMW5NaYZwSAm9na3jF0tYPm9BL
+2RwJxtM+KBa8naurRSiymAEgCU3xppcV8cotluCqom7SpXoxTS7cBiAImbReEb6H
+VYwwp2wkSaAGNMcfb9LLIojBZS+ap1lySd3VBQkCgYEA0Dt48dFEyYQL8FRxqBML
+cIlOWsILSvZLaPY77qoDDi6vuKSmDAJEXUYir9zmlCyII6ID/miAwDxgqoWir4CO
+P/y8ZgsMsaGCSzj31pqQtBfT9y3pm0yYgLAoPAU7rKdXVsEGGFe2tOcDRAdITmR/
+S9uS/m5RR1l5unPKAQ98RkkCgYAF8SZ3EqDkmHtZWZ/GQ8D2gwI/OxhbKWI9yF/q
+oHat/5R5fAjXRxTghdYS9ojvLxf6CGqQJoVIlE89SebCn2CXGRE4rAcM2M8atUA8
+XDw+qEVK14fEMfNya0gwzdkNLd27wgzkyT5grrCGXMjtz0zTdaZGhb4RlWYjCG3c
+9xqH6QKBgQC/DE5j/BQ/JPdy/YYr5SPRCW/YLQ9YU34rPxvAIDtCGaKOgP87WVdY
+SbPOiKWcLopoDHQEigixsum13CQH4WKxWo9bqLta312wYrjOQAivf+cGAJQbwKzb
+fiBzKhgAY+rKyChtApW93WeUdzAhLH7pjALFLX6JvOKvdUuWV2TtTA==
+-----END RSA PRIVATE KEY-----
--- a/lab-11/files/id_rsa.pub
+++ b/lab-11/files/id_rsa.pub
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGSP4mbbjDp8K9KEWGJQ15Ev4fQ8nhpmNOXevk5gBcWFZ7+DZh14GAKxhWPzt3/PTXTpM/vQi/4rvN0V7bOEoMIdbejeVFtUb4Q5HCczyibEC5a6j2ppDp4xwsoT3R27FAFd+hCAZsdUP1k/6jUr0bjCI/jsawP9ZqH6T24Upin3pyEwih3Ifcb8daAhVEiiEHB+SgJQTgPmWlJDOdAVQBM33v8vobSDkCr6Hch9AFhEkmIrP+MUTTQ8IMbzqRGzd0BUWr8zvp2qpUQ+7gq2rNuUrUzQESkk83av/X7zXKh3Kkc41Y1KGh9lBfLx+0rNtcR2+6yP89X+sG9+fBUNnh cptr-245 lab-11
--- a/lab-11/files/index.html.j2
+++ b/lab-11/files/index.html.j2
+<html>
+    <head>
+        <title>Welcome to {{ http_host }} !</title>
+    </head>
+    <body>
+        <h1>Success! The {{ http_host }} virtual host is working!</h1>
+    </body>
+</html>
--- a/lab-11/playbooks/add-user-ssh.yml
+++ b/lab-11/playbooks/add-user-ssh.yml
+# file: add-user-ssh.yml
+# usage:
+#   ansible-playbook playbooks/add-user-ssh.yml --extra-vars "host=$USER"
+---
+- hosts: '{{ host }}'
+  gather_facts: no
+  become: true
+
+  tasks:
+
+  - name: Add a new user named gitlab
+    user:
+      name: gitlab
+      createhome: yes
+      state: present
+    register: newuser
+
+  - name: Add gitlab user to the sudoers
+    copy:
+      dest: "/etc/sudoers.d/gitlab"
+      content: "gitlab  ALL=(ALL)  NOPASSWD: ALL"
+
+  - name: Deploy SSH Key
+    authorized_key: user=gitlab
+                    key="{{ lookup('file', '../files/id_rsa.pub') }}"
+                    state=present
+
+  - name: Disable Password Authentication
+    lineinfile:
+      dest=/etc/ssh/sshd_config
+      regexp='^PasswordAuthentication'
+      line="PasswordAuthentication no"
+      state=present
+      backup=yes
+
+  - name: Disable Root Login
+    lineinfile:
+      dest=/etc/ssh/sshd_config
+      regexp='^PermitRootLogin'
+      line="PermitRootLogin no"
+      state=present
+      backup=yes
+    notify:
+      - restart ssh
+
+  handlers:
+    - name: restart ssh
+      service:
+        name=sshd
+        state=restarted
+...
\ No newline at end of file
--- a/lab-11/playbooks/install-apache.yml
+++ b/lab-11/playbooks/install-apache.yml
+# file: install-apache.yml
+# usage:
+#   ansible-playbook playbooks/install-apache.yml --extra-vars "host=$USER"
+# based on https://www.digitalocean.com/community/tutorials/how-to-use-ansible-to-install-and-set-up-apache-on-ubuntu-18-04
+---
+- hosts: '{{ host }}'
+  become: true
+  vars_files:
+    - ../vars/default.yml
+
+  tasks:
+    - name: Install prerequisites
+      apt: name={{ item }} update_cache=yes state=latest force_apt_get=yes
+      loop: [ 'aptitude' ]
+
+    - name: Install Apache
+      apt: name=apache2 update_cache=yes state=latest
+
+    - name: Create document root
+      file:
+        path: "/var/www/{{ http_host }}"
+        state: directory
+        owner: "gitlab"
+        mode: '0755'
+
+    - name: Copy index test page
+      template:
+        src: "../files/index.html.j2"
+        dest: "/var/www/{{ http_host }}/index.html"
+        owner: "gitlab"
+
+    - name: Set up Apache virtualhost
+      template:
+        src: "../files/apache.conf.j2"
+        dest: "/etc/apache2/sites-available/{{ http_conf }}"
+
+    - name: Enable new site
+      shell: /usr/sbin/a2ensite {{ http_conf }}
+      notify: Reload Apache
+
+    - name: Disable default Apache site
+      shell: /usr/sbin/a2dissite 000-default.conf
+      when: disable_default
+      notify: Reload Apache
+
+    - name: "UFW - Allow HTTP on port {{ http_port }}"
+      ufw:
+        rule: allow
+        port: "{{ http_port }}"
+        proto: tcp
+
+  handlers:
+    - name: Reload Apache
+      service:
+        name: apache2
+        state: reloaded
+
+    - name: Restart Apache
+      service:
+        name: apache2
+        state: restarted
\ No newline at end of file
--- a/lab-11/playbooks/update-netplan.yml
+++ b/lab-11/playbooks/update-netplan.yml
+# file: update-netplan.yml
+# usage:
+#   ansible-playbook playbooks/update-netplan.yml --extra-vars "host=$USER"
+---
+- hosts: '{{ host }}'
+  become: true
+
+  tasks:
+    - name: Copy netplan file
+      copy:
+        src: "../files/01-netcfg.yaml"
+        dest: "/etc/netplan/01-netcfg.yaml"
+      register: netcfg
+
+    - name: netplan apply
+      command: netplan apply
+      when: netcfg.changed
\ No newline at end of file
--- a/lab-11/vars/default.yml
+++ b/lab-11/vars/default.yml
+---
+app_user: "laddbr"
+http_host: "laddbr.cs.wallawalla.edu"
+http_conf: "laddbr.conf"
+http_port: "80"
+disable_default: true
+...
\ No newline at end of file