arnaud/trainings
1
0
Fork 0
Code Activity

Init

Browse Source 
Signed-off-by: Arnaud Morin <arnaud.morin@ovhcloud.com>
This commit is contained in:
Arnaud Morin
2022-01-08 16:20:00 +01:00
commit db0dd13cb5
282 changed files with 51988 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

201
ansible/training/LICENSE Normal file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

4
ansible/training/README.md Normal file
View File

@@ -0,0 +1,4 @@
# ansible-training
Ansible Simple Training
Start with [lessons/](lessons/)

11
ansible/training/conf/proxy.conf Normal file
View File

@@ -0,0 +1,11 @@
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;
location / {
proxy_pass http://127.0.0.2:8080;
}
}

7
ansible/training/docker/Dockerfile Normal file
View File

@@ -0,0 +1,7 @@
FROM rastasheep/ubuntu-sshd
RUN apt-get update -y && \
apt-get install -y python3-pip python3-dev
EXPOSE 22 8080

81
ansible/training/lessons/1-intro.md Normal file
View File

@@ -0,0 +1,81 @@
# Before starting
## Host and Demo
You are currently connected to a server which have docker installed.
We will call this server: `localhost`.
You also have a docker container running in the background.
We will call this container: `demo`.
You can check your containers with:
`docker ps`
During these lessons, you will be ask to use ansible to configure both `localhost` and `demo`
# Installation
Install ansible on `localhost`
```
apt-get install ansible
```
# First use
## Check install
Check if ansible is correctly installed (and the version you have):
```
ansible --version
```
```
ansible 2.7.7
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 3.7.3 (default, Jul 25 2020, 13:03:44) [GCC 8.3.0]
```
## Ad-hoc ping
Use the builtin `ping` module to do your first ad-hoc command:
```
ansible localhost -m ping
```
This should answer with `pong`, like this:
```
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
```
Q: What happened behing the scene?
## Ad-hoc shell
The `shell` module is a very nice ansible builtin module that can be use to execute commands on a host, e.g. with localhost:
```
ansible localhost -m shell -a "hostname"
```
Result:
```
localhost | CHANGED | rc=0 >>
ansible101
```
Q: what command can you use to get the IP of your machine?
## Ad-hoc setup
The `setup`module is a builtin module that collects data (also known as `facts`) on hosts.
These data can then be used as variables in your future playbooks (we will see that later).
```
ansible localhost -m setup
```
```
# long list of variables
```
Q: using this module, what other command can you use to retrieve the ip of your host?

44
ansible/training/lessons/2-inventory.md Normal file
View File

@@ -0,0 +1,44 @@
# Inventory
Until now, you only used ansible to manage `localhost`.
But ansible can be used to manage multiple systems that you have in your infrastructure.
To do so, we must tell ansible which servers compose our infrastructure. This is done thanks to an `inventory` file.
The default `inventory` file for ansible is located in `/etc/ansible/hosts`.
```
cat /etc/ansible/hosts
```
It's empty by default (not really empty, but everything is commented).
With an empty `inventory` like that, ansible only knows about `localhost`.
## Demo server
### Add a server in your inventory
Add the following line at the end of your inventory:
```
demo ansible_username=root ansible_password=root ansible_connection=ssh ansible_host=127.0.0.2 ansible_port=2222 ansible_python_interpreter=/usr/bin/python3
```
This line adds our server named `demo` in ansible inventory. It also configure ansible to connect with login `root`, password `root` on port `2222`.
The server IP address is `127.0.0.2` which sound weird, but that's because it's a docker container running locally (for the demo).
Finally, we tell ansible to use `python3` interpreter (default is `python`, but it's not available in the demo server).
### Check if running
Try to connect on your demo machine, to see if it's running:
```
ssh -p 2222 root@127.0.0.2
```
### ping
Now use an ansible ad-hoc module to check if ansible is able to connect to this machine
```
ansible ... # complete by yourself / see previous lessons
```

86
ansible/training/lessons/3-playbooks.md Normal file
View File

@@ -0,0 +1,86 @@
# Playbooks
Playbooks in Ansible are simple `YAML` file that describe configuration which should be done on a remote server.
Playbooks are really simple but very powerful; the tasks mentioned inside the playbook are execute sequentially.
`YAML` is human-readable data serialization format, which cares about whitespace like `Python`, it represents tree-like structure.
## First playbook
### Step 1
Create a file `myplaybook.yml` with the following content:
```
---
- hosts: demo
gather_facts: yes
tasks:
- name: Install the git package
apt:
name: git
state: present
```
Here is the explanation of this playbook:
`- hosts: demo` is here to tell ansible that this part of the playbook should be applied on server `demo`
This playbook is very simple and apply only on `demo`, but you will often have playbooks that apply on multiple hosts. Ansible is great tool to orchestrate installation.
`gather_facts: yes` tells ansible to execute the `setup` module before doing anything else. The `setup` module will collects the `facts` and store them as variables. Those variables can then be used in playbooks. In this demo playbook, we dont use any variable yet, but you will see that later.
`tasks:`is a list of task that will be applied on the server. For now we only have one task, which is using the module `apt` to install the `git` package.
Now run the play:
```
ansible-playbook myplaybook.yml
```
After this, your `demo` server is supposed to have `git` installed.
### Step 2
Add a task to clone a flask application from github: `https://github.com/arnaudmorin/demo-flask.git`
(A flask application is a very simple web server written in python - so basically, it's a website)
```
---
- hosts: demo
gather_facts: yes
tasks:
- name: Install the git package
apt:
name: git
update_cache: yes
state: present
- name: Clone my flask application
git: ... # complete by yourself
# see https://docs.ansible.com/ansible/latest/collections/ansible/builtin/git_module.html
```
### Step 3
Add a task to install the flask app.
Check the github page https://github.com/arnaudmorin/demo-flask for info on how this apps can be installed (but dont do it manually).
Then, add a task to your playbook that will do the installation for you.
### Step 4
Add a task to start the app in background.
### Step 5
Your `demo` server is now running the flask application.
Unfortunately, this is running in a docker container inside your `localhost`.
So the application is not yet accessible from internet.
What you should do now is to make this application accessible from internet!
By chance, the demo container is having port `8080` opened:
```
docker port demo
```
will give you:
```
8080/tcp -> 127.0.0.2:8080
22/tcp -> 127.0.0.2:2222
```
So, to access demo from internet, you will have to install a `proxy` server.
Here are some tips:
* Extend your playbook to not only manage `demo` but also `localhost`.
For `localhost`, add a least 2 tasks:
* install nginx
* configure nginx as a proxy (port 80 --> 8080) (google is your friend)
* Bonus: How can we restart nginx only after we changed it's configuration? (tip: ansibles handlers)
* Bonus2: using some ansible variables to add a debug task to your playbook to print the URL of your website.

14
ansible/training/lessons/4-roles.md Normal file
View File

@@ -0,0 +1,14 @@
# Roles
## Introduction
Roles in ansible are composed of multiples tasks that are executed together in order to configure a piece of software.
Usually, roles are included by playbooks.
The nice thing with roles is that they can be reused at different places, and thus it avoid copy/pasting of tasks.
Moreover, roles can take variables as input, so the tasks in the roles can do various things based on input parameters.
## Build your first role
In the previous lession, you built a playbook with tasks only.
Your job now will be to create 2 roles:
* one role for all tasks related to deploying the flask application
* one role for all tasks related to deploying nginx as a proxy
* for this one, you must also use some variables as input parameters for both ports (80 and 8080 in the previous lessons)

73
ansible/training/userdata/ansible101.sh Normal file
View File

@@ -0,0 +1,73 @@
#!/bin/bash
# Setup logging stdout + stderr to logfile
log_file="/var/log/postinstall.log"
function log_handler {
while IFS='' read -r output; do
echo $output
echo "$(date) - $output" >> $log_file
done
}
function title.print {
local string="$1"
local stringw=$((77 - $(wc -L <<< "$string")))
echo ""
echo "┌──────────────────────────────────────────────────────────────────────────────┐"
echo -n "$string"
for i in $(seq 1 ${stringw}); do echo -n " " ; done
echo "│"
echo "└──────────────────────────────────────────────────────────────────────────────┘"
echo ""
}
exec &> >(log_handler)
title.print "Install some packages"
apt-get update
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common \
git \
sshpass \
tmux
# nginx \
title.print "Install docker"
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/debian \
$(lsb_release -cs) \
stable"
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io
title.print "Clone ansible-training"
cd /root/
git clone https://github.com/arnaudmorin/ansible-training.git
title.print "Building docker image 'demo'"
cd /root/ansible-training/docker
docker build -t demo .
#NOTE(arnaud) commented because this is something I want the student to do
#title.print "Configuring nginx as reverse proxy"
#cp /root/ansible-training/conf/proxy.conf /etc/nginx/site-enabled/
#systemctl restart nginx
title.print "Starting demo container"
docker run -d -p 127.0.0.2:8080:8080 -p 127.0.0.2:2222:22 --name demo demo
title.print "Done"