-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathplaybook_based_configurations_vm.yaml
156 lines (133 loc) · 4.47 KB
/
playbook_based_configurations_vm.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
---
- name: Automating the basic configuration of virtual machines
hosts: app
become: true
tasks:
- name: Update package lists, perform curl installation
apt:
name: 'curl'
state: latest
update_cache: true
- name: Activate the UFW firewall, allow TCP ports 80,8080,1834
ufw:
rule: allow
port: '{{ item }}'
proto: tcp
state: enabled
loop:
- '22'
- '80'
- '8080'
- '1834'
notify:
- Restart UFW
- name: Change the SSH configuration file | Connection port should be 1834
lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "^Port"
line: 'Port 1834'
- name: Change SSH configuration file | Allow public key authorization
lineinfile:
dest: "/etc/ssh/sshd_config"
line: '{{ item }}'
loop:
- RSAAuthentication yes
- PubkeyAuthentication yes
- AuthorizedKeysFile %h/.ssh/authorized_keys
- name: Create users to access virtual machines
ansible.builtin.user:
name: "{{ item.username }}"
password: "{{ item.userpass }}"
loop:
- { username: 'Webdeveloper', userpass: 'S52we9V6QTp7' }
- { username: 'Devopsengineer', userpass: 'dHy6sKGHsj2T' }
- { username: 'Projectmanager', userpass: 'oP92ugMSaCbe' }
- name: A public key must be placed for each user
authorized_key:
user: "{{ item }}"
state: present
key: "{{ id_rsa_pub }}"
loop:
- Webdeveloper
- Devopsengineer
- Projectmanager
vars:
id_rsa_pub: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsg6nOAK2cPplKAtXcpjmAm5yrvj9cECyl+HWCrQFfYNN5Gr9ODze/NPxbvm0NG3Hcs0oiIWSSVZBUNaZbkWMoL4ue4aPbr0qeQpumtm7I/mVQ48yiwFkYQ5+ovea/hcXuXKNJdRUkVH8P+hr7DNRWsJLvjBL6p0Ubq4DojdqTyPsKcgVW+XbLIigRjMCchtCd1jrvUye5goialGMBaaAk+vb+Kau3w52n9wfH3YCBAe/+1BS70WJAM+Y/ahWqMm3nEjgkGmIv6Jhu/0Np9S2DDPhU7D0s2eAnL7xUUfhtd4/JL3+4E6Ol5/ECZSW+K5rrXvZEtiSa6ivfQkJgpluv admin@SRV"
- name: Install the Docker package | Install aptitude
apt:
name: aptitude
state: latest
update_cache: true
- name: Install the Docker package | Install required system packages
apt:
pkg:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- python3-pip
- virtualenv
- python3-setuptools
state: latest
update_cache: true
- name: Install the Docker package | Add Docker GPG apt Key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Install the Docker package | Add Docker Repository
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu focal stable
state: present
- name: Install the Docker package | Update apt and install docker-ce
apt:
name: docker-ce
state: latest
update_cache: true
- name: Install the Docker package | Install Docker Module for Python
pip:
name: docker
- name: Run the docker-compose installation script
script: ./wsr-skillcloud/docker-compose.sh
- name: Create a directory /skillcloud-nginx
file:
path: /skillcloud-nginx
state: directory
- name: Copying files needed to build images
copy:
src: ./wsr-skillcloud/docker-compose.yml
dest: /skillcloud-nginx
- name: Create a directory /skillcloud-nginx/{site,balance}
file:
path: /skillcloud-nginx/{{ item }}
state: directory
loop:
- site
- balance
- name: Copying files needed to build images
copy:
src: ./wsr-skillcloud/{{ item.src }}
dest: /skillcloud-nginx/{{ item.dest }}/Dockerfile
loop:
- { src: Dockerfile-site, dest: site }
- { src: Dockerfile-balance, dest: balance }
- name: Copying files needed to build images
copy:
src: ./wsr-skillcloud/{{ item.src }}
dest: /skillcloud-nginx/{{ item.dest }}
loop:
- { src: index.html, dest: site}
- { src: nginx.conf, dest: balance }
- name: Restart SSH
service:
name: sshd
state: restarted
- name: Change ssh port to 1834
set_fact:
ansible_port: 1834
- name: Reboot virtual machines
reboot:
handlers:
- name: Restart UFW
service:
name: ufw
state: restarted