-
Notifications
You must be signed in to change notification settings - Fork 22
/
ansible_lab.yml
executable file
·187 lines (167 loc) · 4.99 KB
/
ansible_lab.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
#!/usr/bin/env ansible-playbook
- hosts: all
become: yes
gather_facts: yes
vars:
logo_to_be_used: Ansible_Logo.png
path_of_html_and_logo : /var/www/html/
html_file_name: index.html
users: 1
slaves: 1
cidr: "172.18.1.1/20"
tasks:
- name: Baseline Machine
yum: name={{ item }} state=present
with_items:
- httpd
- docker
- python-docker-py
register: task_result
until: task_result is success
retries: 5
delay: 2
tags:
- baseline
- name: Start Docker Engine
service: name={{ item }} state=started
with_items:
- httpd
- docker
tags:
- baseline
- name: Backup existing SSH config
copy: src=/etc/ssh/ssh_config dest=/etc/ssh/ssh_config_backup
tags:
- ssh
- backup_ssh
- baseline
- name: Create group for lab users
group:
name=ansiblelab
state=present
tags:
- group
- baseline
- name: Create user, home with default password, ssh keys - loop
user:
name={{ item }}
comment={{ item }}
password={{ item | password_hash('sha512') }}
home=/home/{{ item }}
group=ansiblelab
generate_ssh_key=yes
ssh_key_file=.ssh/id_rsa
update_password=always
state=present
with_sequence: start=1 end={{ users }} format=ansiblelabuser%d
tags:
- users
- baseline
- name: unlock sshd_config
command: chattr -i /etc/ssh/sshd_config
changed_when: yes
tags:
- ssh
- users
- baseline
- name: insert ansible in sshd allowedusers
replace:
dest: /etc/ssh/sshd_config
regexp: '^(AllowUsers(?!.*\b{{ item }}\b).*)$'
replace: '\1 {{ item }}'
with_sequence: start=1 end={{ users }} format=ansiblelabuser%d
tags:
- ssh
- users
- baseline
- name: lock sshd_config
command: chattr +i /etc/ssh/sshd_config
changed_when: yes
tags:
- ssh
- users
- baseline
- name: Create Docker network for ansiblelab (limiting to 4K containers approx)
command: docker network create -d bridge --internal --subnet={{ cidr }} ansiblelab_nw
tags:
- docker_network
- name: Build Master and Slave Images (Module)
docker_image:
path: "{{ item }}"
dockerfile: Dockerfile
state: present
name: ansible_lab/{{ item }}
tag: latest
with_items:
- master
- slave
tags:
- m_startup
- m_build_images
- name: Build Master and Slave Images (CLI)
command: docker build -t ansible_lab/{{ item }}:latest {{ item }}
with_items:
- master
- slave
tags:
- cli_startup
- cli_build_images
- include: ansible_lab_master_slave.yml
with_sequence: start=1 end={{ users }}
loop_control:
loop_var: master_name
- name: Service discovery enabling script integrated. (Implement service discovery for the slave containers in the master container via hostnames. Docker Network can be created and containers can be tagged for automated discovery but Ansible module for that is not mature enough till now. Since shell module is used, idempotency is not there.)
command: utilities/service_discovery.sh {{ users }} {{ slaves }}
tags:
- m_startup
- cli_startup
- name: Create an HTML page with all the details of the master and slaves and host it at default location (can be changed in global variables of this playbook) of HTTPD
command: utilities/create_html.sh {{ users }} {{ slaves }}
environment:
logo_to_be_used: "{{ logo_to_be_used }}"
path_of_html_and_logo: "{{ path_of_html_and_logo }}"
html_file_name: "{{ html_file_name }}"
tags:
- m_startup
- cli_startup
- name: Remove ansible lab users
user:
name={{ item }}
state=absent
force=yes
remove=yes
with_sequence: start=1 end={{ users }} format=ansiblelabuser%d
tags:
- remove_users
- remove_baseline
- name: Remove ansible lab user group
group:
name=ansiblelab
state=absent
tags:
- remove_group
- remove_baseline
- name: Unlock sshd_config
command: chattr -i /etc/ssh/sshd_config
changed_when: yes
tags:
- revert_ssh
- remove_users
- remove_baseline
- name: Delete ansible lab users from sshd allowedusers
replace:
dest: /etc/ssh/sshd_config
regexp: '{{ item }}\s?\b'
replace: ''
with_sequence: start=1 end={{ users }} format=ansiblelabuser%d
tags:
- revert_ssh
- remove_users
- remove_baseline
- name: Lock sshd_config
command: chattr +i /etc/ssh/sshd_config
changed_when: yes
tags:
- revert_ssh
- remove_users
- remove_baseline