From a74c45d4b787d490ed1fad17030136ed218eba86 Mon Sep 17 00:00:00 2001
From: Marco Emilio Poleggi <marco-emilio.poleggi@hesge.ch>
Date: Tue, 25 Jan 2022 11:30:18 +0100
Subject: [PATCH] Lab complete with basic source files
---
README.md | 67 +++++++++++++++++------
ansible/ansible.cfg | 6 ++
ansible/hosts.yml | 6 ++
ansible/playbooks/files/nginx.conf | 14 +++++
ansible/playbooks/templates/index.html.j2 | 17 ++++++
ansible/playbooks/web.yml | 22 ++++++++
6 files changed, 114 insertions(+), 18 deletions(-)
create mode 100644 ansible/ansible.cfg
create mode 100644 ansible/hosts.yml
create mode 100644 ansible/playbooks/files/nginx.conf
create mode 100644 ansible/playbooks/templates/index.html.j2
create mode 100644 ansible/playbooks/web.yml
diff --git a/README.md b/README.md
index b5f829c..ce5853e 100644
--- a/README.md
+++ b/README.md
@@ -49,7 +49,8 @@ familiar with, then:
traffic from anywhere (0.0.0.0/0).
1. Create a VM instance with the following characteristics:
- - OS: Ubuntu Server 20.04 LTS
+ - OS: any GNU/Linux distribution using the `apt` package manager. Tested
+ on Debian 11 (Bullseye) and Ubuntu Server 20.04 LTS
- type: the smallest capable of running the above OS. 1 core, 1GB RAM,
10GB virtual disk should be enough.
- security group/policy: the one you created above
@@ -76,7 +77,7 @@ all:
hosts:
testserver:
ansible_ssh_host: <VM-DNS-name-or-IP-address>
- ansible_user: ubuntu
+ ansible_user: <SSH-user>
ansible_ssh_private_key_file: <your-private-key>
```
@@ -110,7 +111,7 @@ configuration file `~/.ansible.cfg` with contents (`.ini` style):
``` ini
[defaults]
inventory = ~/ansible/hosts.yml
-remote_user = ubuntu
+remote_user = <SSH-user>
private_key_file = <your-private-key>
host_key_checking = false
deprecation_warnings = false
@@ -254,21 +255,23 @@ a template, which has to be created as
``` html
<html>
- <head>
- <title>Welcome to ansible</title> </head>
- <body>
- <h1>nginx, configured by Ansible</h1>
- <p>If you can see this, Ansible successfully installed nginx.</p>
- <p>{{ ansible_managed }}</p>
- <p>Some facts Ansible gathered about this machine:
- <table>
- <tr><td>OS family:</td><td>{{ ansible_os_family }}</td></tr>
- <tr><td>Distribution:</td><td>{{ ansible_distribution }}</td></tr>
- <tr><td>Distribution version:</td><td>{{ ansible_distribution_version }}</td></tr>
- </table>
- </p>
- </body>
+ <head>
+ <title>Welcome to Ansible</title> </head>
+ <body>
+ <h1>nginx, configured by Ansible</h1>
+ <h2>instance: {{ ansible_hostname }}</h2>
+ <p>If you can see this, Ansible successfully installed nginx.</p>
+ <p>{{ ansible_managed }}</p>
+ <p>Some facts Ansible gathered about this machine:
+ <table>
+ <tr><td>OS family:</td><td>{{ ansible_os_family }}</td></tr>
+ <tr><td>Distribution:</td><td>{{ ansible_distribution }}</td></tr>
+ <tr><td>Distribution version:</td><td>{{ ansible_distribution_version }}</td></tr>
+ </table>
+ </p>
+ </body>
</html>
+
```
Now, run the newly created playbook to install and configure nginx, and to
@@ -349,7 +352,8 @@ desired state as *ok*.
**Goal:** improve the playbook by restarting nginx only when needed.
The current version of the playbook restarts nginx every time the playbook is
-run, irrespective of the managed server's state. This goes indeed a bit too far.
+run, irrespective of the managed server's state. This goes indeed a bit too
+far.
By putting the nginx restart command into a *handler*, instead of a task, its
execution can be made conditional. The rationale is that nginx is restarted
@@ -363,3 +367,30 @@ potentially modify its configuration use *notify* to call the handler when
needed.
Copy the modified playbook into the lab report.
+
+
+### Task 7: Add more managed servers ###
+
+**Goal:** add more managed servers that will be configured by the same
+playbook.
+
+ 1. Create another Cloud instance using the same parameters as before.
+ 2. Extend the `webservers` group in your inventory file to include this new
+ managed host.
+ 3. Re-run your web playbook. :question: What do you observe in Ansible's
+ output?
+ 4. Test the new server by pointing your web browser to it.
+ 5. :question: What happens if a server is not reachable? Shut down the
+ second instance and re-run the playbook.
+ 6. Suppose you now have 10 web servers in production managed by Ansible. You
+ are working in the IT department of a company and some of your colleagues
+ sysadmins who don't use Ansible have logged manually into some of the
+ servers to fix certain things. You don't know what they did exactly.
+ 1. :question: If the fixes are temporary, what do you need to do to bring
+ all 10 servers back to the *initial* state?
+ 1. :question: If the fixes are to be permanently applied to *all* the
+ managed servers, what do you need to do to bring all 10 servers to the
+ new *fixed* state?
+ 1. :question: If the fixes are to be permanently applied to a *subset* of
+ the managed servers, what do you need to do to bring only those servers
+ to the new *fixed* state and the rest back to the *initial* state?
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
new file mode 100644
index 0000000..8b5ef4d
--- /dev/null
+++ b/ansible/ansible.cfg
@@ -0,0 +1,6 @@
+[defaults]
+inventory = ~/ansible/hosts.yml
+remote_user = <SSH-user>
+private_key_file = <your-private-key>
+host_key_checking = false
+deprecation_warnings = false
\ No newline at end of file
diff --git a/ansible/hosts.yml b/ansible/hosts.yml
new file mode 100644
index 0000000..5f8d4c6
--- /dev/null
+++ b/ansible/hosts.yml
@@ -0,0 +1,6 @@
+all:
+ hosts:
+ testserver:
+ ansible_ssh_host: <VM-DNS-name-or-IP-address>
+ ansible_user: <SSH-user>
+ ansible_ssh_private_key_file: <your-private-key>
diff --git a/ansible/playbooks/files/nginx.conf b/ansible/playbooks/files/nginx.conf
new file mode 100644
index 0000000..d2410fe
--- /dev/null
+++ b/ansible/playbooks/files/nginx.conf
@@ -0,0 +1,14 @@
+#
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server ipv6only=on;
+
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+
+ server_name localhost;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
diff --git a/ansible/playbooks/templates/index.html.j2 b/ansible/playbooks/templates/index.html.j2
new file mode 100644
index 0000000..b1f4c3a
--- /dev/null
+++ b/ansible/playbooks/templates/index.html.j2
@@ -0,0 +1,17 @@
+<html>
+ <head>
+ <title>Welcome to Ansible</title> </head>
+ <body>
+ <h1>nginx, configured by Ansible</h1>
+ <h2>instance: {{ ansible_hostname }}</h2>
+ <p>If you can see this, Ansible successfully installed nginx.</p>
+ <p>{{ ansible_managed }}</p>
+ <p>Some facts Ansible gathered about this machine:
+ <table>
+ <tr><td>OS family:</td><td>{{ ansible_os_family }}</td></tr>
+ <tr><td>Distribution:</td><td>{{ ansible_distribution }}</td></tr>
+ <tr><td>Distribution version:</td><td>{{ ansible_distribution_version }}</td></tr>
+ </table>
+ </p>
+ </body>
+</html>
diff --git a/ansible/playbooks/web.yml b/ansible/playbooks/web.yml
new file mode 100644
index 0000000..ba39a49
--- /dev/null
+++ b/ansible/playbooks/web.yml
@@ -0,0 +1,22 @@
+---
+- name: Configure webserver with nginx
+ hosts: webservers
+ become: True
+ tasks:
+ - name: install nginx
+ apt: name=nginx update_cache=yes
+
+ - name: copy nginx config file
+ copy: src=files/nginx.conf dest=/etc/nginx/sites-available/default
+
+ - name: enable configuration
+ file: >
+ dest=/etc/nginx/sites-enabled/default
+ src=/etc/nginx/sites-available/default
+ state=link
+
+ - name: copy index.html
+ template: src=templates/index.html.j2 dest=/usr/share/nginx/html/index.html mode=0644
+
+ - name: restart nginx
+ service: name=nginx state=restarted
--
GitLab