(Adinusa) Automation With Ansible

Di course Adinusa Automation with Ansible (gratis) saya memperoleh banyak ilmu tentang bagaimana cara mengotomatisasi pengelolaan server dan konfigurasi sistem menggunakan Ansible. Saya belajar membuat playbook, mengatur inventory, serta menerapkan otomatisasi untuk instalasi, pembaruan, dan manajemen layanan di banyak server secara efisien.

Modul 3

menjelaskan gimana caranya download paket iso dari adinusa BTA-Server.ova dan saya menyarankan pakai VirtualBox versi 7.1.12 dikarenakan stabil dan tidak ada error ktka menjalankan paket iso dri adinusa.

-----------------------------------

pastikan ktka kita memulai lab adinusa ketik

servera login:student
pw:Adinusa2023

dan

student@servera:~$nusactl login
student@servera:~$nusactl start anadm-003-1 (menyesuaikan lab)

dan ktka sdh selesai

student@servera:~$nusactl grade anadm-003-1
student@servera:~$nusactl finish anadm-003-1

Modul 4

Berikut penyelesaian lab 4.1 Ad-hoc command

ansible all -m command -a "hostname"
ansible pod-[username]-managed1 -m setup
ansible localhost -m command -a 'id'
ansible pod-[username]-managed1 --become -u student \
-m copy -a "content='Executed by Ansible\n' dest=/etc/motd"
ansible pod-[username]-managed1 -u student \
-m command -a 'cat /etc/motd'

verifikasi:

ssh pod-[username]-managed1

(setelah login akan otomatis tampil)

...

Executed by Ansible

Berikut penyelesaian lab 4.2 Ad-hoc command

student@pod-[username]-controller ~$ mkdir ~/managing-inventory
student@pod-[username]-controller ~$ cd ~/managing-inventory
student@pod-[username]-controller :~/managing-inventory$ vim inventory

pod-username-controller

[Bogor]

pod-username-managed1

[Jakarta]

pod-username-managed2

[WebServers]

pod-username-managed[1:2]

[Testing]

pod-username-managed1

[Development]

pod-username-managed2

[Indonesia:children]

Jakarta

Bogor

cek daftar semua hosts:

student@pod-username-controller:~/managing-inventory$ ansible all -i inventory --list-hosts

cek hosts yang tidak tergabung dalam grup:

student@pod-username-controller:~/managing-inventory$ ansible ungrouped -i inventory --list-hosts

cek hosts spesifik:

student@pod-username-controller:~/managing-inventory$ ansible pod-username-managed1 -i inventory --list-hosts

cek hosts dalam grup development:

student@pod-username-controller:~/managing-inventory$ ansible Development -i inventory --list-hosts

cek hosts dalam grup testing:

student@pod-username-controller:~/managing-inventory$ ansible Testing -i inventory --list-hosts

cek hosts dalam grup indonesia:

student@pod-username-controller:~/managing-inventory$ ansible Indonesia -i inventory --list-hosts

Berikut penyelesaian lab 4.3 Ad-hoc command

mkdir -p deploy-review
cd deploy-review
vim ansible.cfg

[defaults]

inventory = ./inventory

remote_user = student

host_key_checking = False

vim inventory

[servers]

pod-[username]-managed1

pod-[username]-managed2

jalankan ansible dengan ad-hoc command:

ansible servers -m command -a 'id'

ansible servers -m copy \

> -a "content='This server is managed by Ansible. \n' dest=/etc/motd" --become

ansible servers -m command -a 'cat /etc/motd'

verifikasi:

ssh pod-[username]-managed1 "whoami; cat /etc/motd"
ssh pod-[username]-managed2 "whoami; cat /etc/motd"

Berikut penyelesaian lab 4.4 Ad-hoc command

mkdir -p playbook-basic/files
cd playbook-basic
vim ansible.cfg

[defaults]

inventory = ./inventory

remote_user = student

vim inventory

[web]

pod-[username]-managed1

echo "This is a test page." > files/index.html
vim site.yml

---

- name: Install and start Apache 2

hosts: web

become: true

tasks:

- name: apache2 package is present

apt: name=apache2 state=present

- name: correct index.html is present

copy:

src: ./files/index.html

dest: /var/www/html/index.html

- name: Apache 2 is started

service:

state: started

enabled: true

ansible-playbook site.yml

verifikasi webserver:

curl pod-[username]-managed1

Berikut penyelesaian lab 4.5 Ad-hoc command

mkdir data-variables/
cd data-variables/
vim ansible.cfg

[defaults]

inventory = ./inventory

remote_user = student

host_key_checking = False

vim inventory

[webserver]

pod-username-managed2

vim playbook.yml

---

- name: Install and Ensure the Apache2 service started

hosts: webserver

become: true

vars:

web_pkg: apache2

web_service: apache2

python_pkg: python3-urllib3

tasks:

- name: Required packages are installed and up to date

apt:

update_cache: yes

force_apt_get: yes

name:

- "{{web_pkg}}"

- "{{python_pkg}}"

state: latest

- name: The {{web_service}} service is started and enabled

service:

enabled: true

state: started

- name: Web content is in place

copy:

content: "Hello World! ansible is fun."

dest: /var/www/html/index.html

- name: Verify the web server is accessible

hosts: localhost

tasks:

- name: Testing web server

uri:

url: http://pod-username-managed2

status_code: 200

return_content: yes

- name: Print Ouput web server

debug:

var: Result.content

jalankan playbook:

ansible-playbook --syntax-check playbook.yml
ansible-playbook playbook.yml

verifikasi webserver:

curl pod-username-managed2

Berikut penyelesaian lab 4.6 Ad-hoc command

mkdir jinja2-template
cd ~/jinja2-template
vim inventory

[webservers]

pod-username-managed1

vim site.yml

---

- name: install and start apache2

hosts: webservers

become: true

tasks:

- name: ensure apache2 package is present

apt:

state: present

update_cache: yes

force_apt_get: yes

- name: restart apache2 service

service: name=apache2 state=restarted enabled=yes

- name: copy index.html

vim <username>.html.j2

Hello World!

This is <username> site.

ansible-playbook -i inventory site.yml

verifikasi:

curl pod-username-managed1/<username>.html

Berikut penyelesaian Quiz 1 Ad-hoc command

mkdir quiz-1
cd quiz-1
vim ansible.cfg

[defaults]

inventory = inventory

host_key_checking = False

remote_user = student

private_key_file = /home/student/.ssh/ansible

[privilege_escalation]

become = True

become_method = sudo

become_user = root

become_ask_pass = False

vim inventory

pod-username-managed2 ansible_host=pod-username-managed2

vim quiz-1_playbook.yml

---

- name: Quiz Playbook

hosts: pod-username-managed2

remote_user: student

become: yes

tasks:

- name: Install latest versions of apache2, mariadb-server, php, and php-mysql packages

apt:

name:

- apache2

- mariadb-server

- php

- php-mysql

state: latest

update_cache: yes

- name: Ensure apache2 service is enabled and running

service:

state: started

enabled: yes

- name: Ensure mariadb service is enabled and running

service:

state: started

enabled: yes

- name: Generate web content for testing

copy:

content: "Adinusa quiz Playbook - username"

dest: /var/www/html/index.php

- name: Test web service from control node

hosts: localhost

become: no

tasks:

- name: Test web service running on pod-username-managed2

uri:

url: http://pod-username-managed2/index.php

method: GET

status_code: 200

- name: Display success message

debug:

msg: "Web service test successful! HTTP Status: {{ webpage_result.status }}"

ansible-playbook quiz-1_playbook.yml

verifikasi:

ls -la quiz-1/
ansible pod-username-managed2 -m shell -a "dpkg -l | grep -E 'apache2|mariadb-server|php|php-mysql'"
ansible pod-username-managed2 -m shell -a "systemctl is-active apache2 mariadb"
ansible pod-username-managed2 -m shell -a "systemctl is-enabled apache2 mariadb"
ansible pod-username-managed2 -m shell -a "ls -la /var/www/html/index.php && cat /var/www/html/index.php"
curl http://pod-username-managed2/index.php

Berikut penyelesaian Quiz 2 Ad-hoc command

mkdir quiz-2
cd quiz-2
vim ansible.cfg

[defaults]

inventory = inventory

host_key_checking = False

remote_user = student

private_key_file = /home/student/.ssh/ansible

[privilege_escalation]

become = True

become_method = sudo

become_user = root

become_ask_pass = False

vim inventory

pod-username-managed2 ansible_host=pod-username-managed2

quiz-2_variables.yml

---

- name: Playbook dengan Variabel

hosts: pod-username-managed2

remote_user: student

become: yes

vars:

required_Pkg:

- apache2

- python3-urllib3

web_Service: apache2

content_File: "adinusa lab quiz variables - username"

dest_File: /var/www/html/index.html

tasks:

- name: Install paket yang diperlukan

apt:

state: latest

update_cache: yes

- name: Pastikan service berjalan dan diaktifkan

service:

state: started

enabled: yes

- name: Pastikan konten spesifik ada di pod-username-managed2

copy:

content: "{{ content_File }}"

dest: "{{ dest_File }}"

- name: Test web service dari control node

hosts: localhost

become: no

tasks:

- name: Test web service yang berjalan pada pod-username-managed2

uri:

url: http://pod-username-managed2/index.html

method: GET

status_code: 200

- name: Tampilkan pesan sukses

debug:

msg: "Test web service berhasil! Status HTTP: {{ webpage_result.status }}"

ansible-playbook quiz-2_variables.yml

verifikasi:

ls -la quiz-2/
ansible pod-username-managed2 -m shell -a "dpkg -l | grep -E 'apache2|python3-urllib3'"
ansible pod-username-managed2 -m shell -a "systemctl is-active apache2"
ansible pod-username-managed2 -m shell -a "systemctl is-enabled apache2"
ansible pod-username-managed2 -m shell -a "ls -la /var/www/html/index.html && cat /var/www/html/index.html"
curl http://pod-username-managed2/index.html

Berikut penyelesaian Quiz 3 Ad-hoc command

mkdir ~/quiz-3
cd ~/quiz-3
vim ansible.cfg

[defaults]

inventory = inventory

host_key_checking = False

remote_user = student

private_key_file = /home/student/.ssh/ansible

[privilege_escalation]

become = True

become_method = sudo

become_user = root

become_ask_pass = False

vim inventory

[webservers]

pod-username-managed1 ansible_host=pod-username-managed1

pod-username-managed2 ansible_host=pod-username-managed2

vim nginx.list.j2

deb http://nginx.org/packages/ubuntu/ jammy nginx

deb-src http://nginx.org/packages/ubuntu/ jammy nginx

vim mariadb.list.j2

deb [arch=amd64,arm64,ppc64el] http://mirror.mariadb.org/repo/10.9/ubuntu/ jammy main

deb-src [arch=amd64,arm64,ppc64el] http://mirror.mariadb.org/repo/10.9/ubuntu/ jammy main

vim quiz-3_j2template.yml

---

- name: Deploy nginx dan mariadb dengan template Jinja2

hosts: webservers

remote_user: student

become: yes

tasks:

- name: Add repository nginx menggunakan template Jinja2

template:

src: nginx.list.j2

dest: /etc/apt/sources.list.d/nginx.list

owner: root

group: root

mode: 0644

- name: Add repository mariadb 10.9 menggunakan template Jinja2

template:

src: mariadb.list.j2

dest: /etc/apt/sources.list.d/mariadb.list

owner: root

group: root

mode: 0644

- name: Tambah key nginx

apt_key:

url: https://nginx.org/keys/nginx_signing.key

state: present

- name: Tambah key mariadb

apt_key:

url: https://mariadb.org/mariadb_release_signing_key.asc

state: present

- name: Update repository

apt:

update_cache: yes

cache_valid_time: 3600

- name: Install nginx versi spesifik 1.23.1-1~jammy

apt:

state: present

force: yes

- name: Install mariadb-server-10.9 dan mariadb-client-10.9

apt:

name:

- mariadb-server-10.9

- mariadb-client-10.9

state: present

- name: Pastikan service nginx berjalan dan diaktifkan

service:

state: started

enabled: yes

- name: Pastikan service mariadb-server berjalan dan diaktifkan

service:

state: started

enabled: yes

Jalankan Playbook:

ansible-playbook quiz-3_j2template.yml

Verifikasi Quiz 3:

(Verifikasi file ada di directory)

ls -la ~/quiz-3/

(Verifikasi file repository ada di managed nodes)

ansible webservers -m shell -a "ls -la /etc/apt/sources.list.d/nginx.list"
ansible webservers -m shell -a "ls -la /etc/apt/sources.list.d/mariadb.list"

(Verifikasi konten file repository)

ansible webservers -m shell -a "cat /etc/apt/sources.list.d/nginx.list"
ansible webservers -m shell -a "cat /etc/apt/sources.list.d/mariadb.list"

(Verifikasi packages terinstall dengan versi benar)

ansible webservers -m shell -a "dpkg -l | grep -E 'nginx|mariadb-server-10.9|mariadb-client-10.9'"

(Verifikasi services running dan enabled)

ansible webservers -m shell -a "systemctl is-active nginx mariadb"
ansible webservers -m shell -a "systemctl is-enabled nginx mariadb"

(Verifikasi versi nginx)

ansible webservers -m shell -a "nginx -v 2>&1"

Modul 5

Berikut penyelesaian lab 5.1 Ad-hoc command

mkdir role-create
cd role-create
vi ansible.cfg

[defaults]

inventory=./inventory

remote_user=student

vi inventory

[webservers]

pod-username-managed1

pod-username-managed2

mkdir roles
cd roles
ansible-galaxy init myvhost
rm -rvf myvhost/{defaults,vars,tests}
cd ..
mkdir -p roles/myvhost/files/html-1
mkdir -p roles/myvhost/files/html-2

echo 'simple index vhost1 : pod-username' > \

> roles/myvhost/files/html-1/index.html

echo 'simple index vhost2 : pod-username' > \

> roles/myvhost/files/html-2/index.html

vi roles/myvhost/tasks/main.yml

- name: Ensure apache2 is installed

apt:

state: latest

- name: Ensure apache2 is started and enabled

service:

state: started

enabled: true

- name: vhost-1 file is installed

template:

src: vhost-1.conf.j2

dest: /etc/apache2/sites-available/vhost-1.conf

owner: root

group: root

mode: 0644

- name: Enable vhost-1

command: a2ensite vhost-1.conf

notify:

- restart apache2

- name: vhost-2 file is installed

template:

src: vhost-2.conf.j2

dest: /etc/apache2/sites-available/vhost-2.conf

owner: root

group: root

mode: 0644

- name: Enable vhost-2

command: a2ensite vhost-2.conf

notify:

- restart apache2

- name: HTML content is installed

copy:

src: html-1/

dest: "/var/www/vhosts/{{ ansible_user }}-1"

- name: HTML content is installed

copy:

src: html-2/

dest: "/var/www/vhosts/{{ ansible_user }}-2"

vi roles/myvhost/handlers/main.yml

- name: restart apache2

service:

state: restarted

vi roles/myvhost/templates/vhost-1.conf.j2

ServerAdmin webmaster@vhost-1.{{ ansible_user }}

ServerName vhost-1.{{ ansible_user }}

ErrorLog /var/log/apache2/vhost.{{ ansible_user }}-1-error.log

CustomLog /var/log/apache2/vhost.{{ ansible_user }}-1-common.log common

DocumentRoot /var/www/vhosts/{{ ansible_user }}-1/

Options +Indexes +FollowSymlinks +Includes

Order allow,deny

Allow from all

</Directory>

</VirtualHost>

vi roles/myvhost/templates/vhost-2.conf.j2

ServerAdmin webmaster@vhost-2.{{ ansible_user }}

ServerName vhost-2.{{ ansible_user }}

ErrorLog /var/log/apache2/vhost.{{ ansible_user }}-2-error.log

CustomLog /var/log/apache2/vhost.{{ ansible_user }}-2-common.log common

DocumentRoot /var/www/vhosts/{{ ansible_user }}-2/

Options +Indexes +FollowSymlinks +Includes

Order allow,deny

Allow from all

</Directory>

</VirtualHost>

vi use-vhost-role.yml

- name: Use myvhost role playbook

hosts: webservers

become: true

pre_tasks:

- name: pre_tasks message

debug:

msg: 'Ensure web server configuration.'

roles:

- myvhost

post_tasks:

- name: post_tasks message

debug:

msg: 'Web server is configured.'

ansible-playbook use-vhost-role.yml \

> --syntax-check

ansible-playbook use-vhost-role.yml

curl -H "Host: vhost-1.student" http://pod-username-managed1
curl -H "Host: vhost-2.student" http://pod-username-managed1
curl -H "Host: vhost-1.student" http://pod-username-managed2
curl -H "Host: vhost-2.student" http://pod-username-managed2

Berikut penyelesaian lab 5.2 Ad-hoc command

mkdir data-secret
cd data-secret
vi ansible.cfg

[defaults]

inventory = ./inventory

vi inventory

[devservers]

pod-username-managed1

vi secret.yml

username: ansibleuser1

pw: adinusa88

ansible-vault encrypt secret.yml

New Vault password: adinusa88

Confirm New Vault password: adinusa88

vi create_users.yml

- name: create user accounts for all our servers

hosts: devservers

become: true

vars_files:

- secret.yml

tasks:

- name: Creating user from secret.yml

user:

password: "{{pw | password_hash('sha512')}}"

ansible-playbook --syntax-check \

> --ask-vault-pass create_users.yml

echo 'adinusa88' > vault-pass
chmod 600 vault-pass

ansible-playbook \

> --vault-password-file=vault-pass create_users.yml

ssh ansibleuser1@pod-username-managed1
$ hostname
$ whoami

Berikut penyelesaian lab 5.3 Ad-hoc command

mkdir conditional-loop
cd conditional-loop
vim ansible.cfg

[defaults]

inventory = ./inventory

vim inventory

[database_servers]

pod-username-managed2

vim database_setup.yml

- name: Database Setup play

hosts: database_servers

become: true

vars:

min_ram_size_bytes: 1000000

supported_distros:

- Ubuntu

tasks:

- name: Setup Database tasks on supported hosts w/ Min. RAM

include_tasks: "{{ ansible_distribution }}_database_tasks.yml"

when:

- ansible_distribution in supported_distros

- ansible_memtotal_mb*1024*1024 >= min_ram_size_bytes

- name: Print a message for unsupported Distros

debug:

msg: >

{{ inventory_hostname }} is a

{{ ansible_distribution }}-based host, which is not one

of the supported distributions ({{ supported_distros }})

when: ansible_distribution not in supported_distros

- name: Print a message for systems with insufficient RAM

debug:

msg: >

{{ inventory_hostname }} does not meet the minimum

RAM requirements of {{ min_ram_size_bytes }} bytes.

when: ansible_memtotal_mb*1024*1024 < min_ram_size_bytes

vim Ubuntu_database_tasks.yml

- name: Set the 'db_service' fact

set_fact:

db_service: mariadb

- name: Ensure database packages are installed

apt:

name:

- mariadb-server

- python3-pymysql

state: present

- name: Ensure the database service is started

service:

state: started

enabled: true

- name: Create Database Users

include_tasks: database_user_tasks.yml

vim database_user_tasks.yml

- name: Ensure database permission groups exist

group:

state: present

loop: "{{ host_permission_groups }}"

- name: Ensure Database Users exist

user:

groups: "{{ item.role }}"

append: yes

state: present

loop: "{{ user_list }}"

when: item.role in host_permission_groups

- name: MySQL user

mysql_user:

login_user: root

login_unix_socket: /var/run/mysqld/mysqld.sock

password: "{{ item.password }}"

priv: '*.*:{{ item.access}}'

state: present

loop: "{{ user_list }}"

when: "item.role in host_permission_groups"

mkdir group_vars
vim group_vars/database_servers.yml

host_permission_groups:

- dbadmin

- dbuser

vim group_vars/all.yml

user_list:

- name: <your-full-name> Admin

username: <username>

password: adinusa88

access: ALL

role: dbadmin

- name: <your-full-name> User

username: <username>

password: adinusa88

access: SELECT

role: dbuser

ansible-playbook \

> --syntax-check database_setup.yml

ansible-playbook database_setup.yml

ssh pod-username-managed2 \

> "sudo mysql -u root -e 'SELECT user FROM user;' mysql"

Berikut penyelesaian lab 4.1 Ad-hoc command

mkdir quiz-4

cd quiz-4

mkdir roles

mkdir -p roles/quiz-roles/{tasks,handlers,files,templates}

mkdir -p roles/quiz-roles/files/html-quiz

cat > inventory << EOF
[managed]
pod-username-managed1
pod-username-managed2
EOF

cat > ansible.cfg << EOF
[defaults]
inventory = inventory
host_key_checking = False
remote_user = username
private_key_file = ~/.ssh/id_rsa
EOF

cat > roles/quiz-roles/tasks/main.yml << EOF
---
- name: Install apache2 package
apt:
name: apache2
state: present
update_cache: yes

- name: Ensure apache2 service is started and enabled
systemd:
name: apache2
state: started
enabled: yes

- name: Deploy apache2 configuration template
template:
src: quiz-roles.conf.j2
dest: /etc/apache2/sites-available/quiz-roles.conf
notify: restart apache2

- name: Enable webserver configuration
command: a2ensite quiz-roles.conf
notify: restart apache2

- name: Copy html files to document root
copy:
src: html-quiz/
dest: /var/www/quiz-roles/{{ ansible_hostname }}/
directory_mode: yes
EOF

cat > roles/quiz-roles/handlers/main.yml << EOF
---
- name: restart apache2
systemd:
name: apache2
state: restarted
EOF

cat > roles/quiz-roles/files/html-quiz/index.html << EOF
adinusa lab quiz roles - username
EOF

cat > roles/quiz-roles/templates/quiz-roles.conf.j2 << EOF
<VirtualHost *:80>
ServerName quiz-roles.username-adinusa
DocumentRoot /var/www/quiz-roles/{{ ansible_hostname }}

<Directory /var/www/quiz-roles/{{ ansible_hostname }}>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

ErrorLog \${APACHE_LOG_DIR}/quiz-roles_error.log
CustomLog \${APACHE_LOG_DIR}/quiz-roles_access.log combined
</VirtualHost>
EOF

cat > quiz-4_roles.yml << EOF
---
- name: Deploy quiz roles web application
hosts: managed
become: yes
roles:
- quiz-roles
EOF

ansible-playbook quiz-4_roles.yml
ansible managed -m systemd -a "name=apache2 state=started" -b
ansible managed -m shell -a "ls -la /var/www/quiz-roles/{{ inventory_hostname }}/index.html" -b
ansible managed -m uri -a "url=http://localhost return_content=yes" -b

Berikut penyelesaian lab 4.1 Ad-hoc command

mkdir quiz-5
cd quiz-5

cat > ansible.cfg << 'EOF'

[defaults]

inventory = inventory

host_key_checking = False

interpreter_python = auto_silent

EOF

cat > inventory << 'EOF'

[managed]

pod-username-managed1

pod-username-managed2

EOF

echo "adinusa" > quiz-pass
chmod 600 quiz-pass

cat > quiz-Secret.yml << 'EOF'

---

username: username

passwd: adinusa2023

EOF

ansible-vault encrypt --vault-password-file quiz-pass quiz-Secret.yml

cat > quiz-5_secrets.yml << 'EOF'

---

- name: Create user with encrypted credentials

hosts: managed

become: yes

vars_files:

- quiz-Secret.yml

tasks:

- name: Create user

user:

state: present

shell: /bin/bash

create_home: yes

home: "/home/{{ username }}"

- name: Set user password

user:

password: "{{ passwd | password_hash('sha512') }}"

update_password: always

EOF

ansible-playbook --vault-password-file quiz-pass quiz-5_secrets.yml
ansible-vault view --vault-password-file quiz-pass quiz-Secret.yml
ansible managed -m ping
ansible managed -m command -a "id {{ username }}" --vault-password-file quiz-pass
ansible managed -m command -a "getent shadow {{ username }}" --vault-password-file quiz-pass

Berikut penyelesaian lab 4.1 Ad-hoc command

mkdir ~/quiz-6
mkdir ~/quiz-6/group_vars

cat > ~/quiz-6/group_vars/managed1-host-<username>.yml << 'EOF'

list_user_ops_managed1:

- ops1

- ops2

- ops3

- ops4

- ops5

- ops6

- ops7

- ops8

- ops9

- ops10

- ops11

- ops12

- ops13

- ops14

- ops15

- ops16

- ops17

- ops18

- ops19

- ops20

- ops21

- ops22

- ops23

- ops24

- ops25

- ops26

- ops27

- ops28

- ops29

- ops30

- ops31

- ops32

- ops33

- ops34

- ops35

- ops36

- ops37

- ops38

- ops39

- ops40

- ops41

- ops42

- ops43

- ops44

- ops45

- ops46

- ops47

- ops48

- ops49

- ops50

list_user_dev_managed1:

- dev1

- dev2

- dev3

- dev4

- dev5

- dev6

- dev7

- dev8

- dev9

- dev10

- dev11

- dev12

- dev13

- dev14

- dev15

- dev16

- dev17

- dev18

- dev19

- dev20

- dev21

- dev22

- dev23

- dev24

- dev25

- dev26

- dev27

- dev28

- dev29

- dev30

- dev31

- dev32

- dev33

- dev34

- dev35

- dev36

- dev37

- dev38

- dev39

- dev40

- dev41

- dev42

- dev43

- dev44

- dev45

- dev46

- dev47

- dev48

- dev49

- dev50

EOF

cat > ~/quiz-6/group_vars/managed2-host-<username>.yml << 'EOF'

list_user_ops_managed2:

- ops51

- ops52

- ops53

- ops54

- ops55

- ops56

- ops57

- ops58

- ops59

- ops60

- ops61

- ops62

- ops63

- ops64

- ops65

- ops66

- ops67

- ops68

- ops69

- ops70

- ops71

- ops72

- ops73

- ops74

- ops75

- ops76

- ops77

- ops78

- ops79

- ops80

- ops81

- ops82

- ops83

- ops84

- ops85

- ops86

- ops87

- ops88

- ops89

- ops90

- ops91

- ops92

- ops93

- ops94

- ops95

- ops96

- ops97

- ops98

- ops99

- ops100

list_user_dev_managed2:

- dev51

- dev52

- dev53

- dev54

- dev55

- dev56

- dev57

- dev58

- dev59

- dev60

- dev61

- dev62

- dev63

- dev64

- dev65

- dev66

- dev67

- dev68

- dev69

- dev70

- dev71

- dev72

- dev73

- dev74

- dev75

- dev76

- dev77

- dev78

- dev79

- dev80

- dev81

- dev82

- dev83

- dev84

- dev85

- dev86

- dev87

- dev88

- dev89

- dev90

- dev91

- dev92

- dev93

- dev94

- dev95

- dev96

- dev97

- dev98

- dev99

- dev100

EOF

cat > ~/quiz-6/inventory << EOF

[managed1-host-<username>]

[managed2-host-<username>]

EOF

cat > ~/quiz-6/secret.yml << 'EOF'

pass: adinusa88

EOF

echo "belajaransible" > ~/quiz-6/vault-pass
chmod 600 ~/quiz-6/vault-pass
cd ~/quiz-6
ansible-vault encrypt secret.yml --vault-password-file vault-pass

cat > ~/quiz-6/quiz-6_loop.yml << 'EOF'

---

- name: Create users on managed1-host

hosts: managed1-host-<username>

vars_files:

- secret.yml

tasks:

- name: Create ops users on managed1

user:

password: "{{ pass | password_hash('sha512') }}"

state: present

loop: "{{ list_user_ops_managed1 }}"

- name: Create dev users on managed1

user:

password: "{{ pass | password_hash('sha512') }}"

state: present

loop: "{{ list_user_dev_managed1 }}"

- name: Create users on managed2-host

hosts: managed2-host-<username>

vars_files:

- secret.yml

tasks:

- name: Create ops users on managed2

user:

password: "{{ pass | password_hash('sha512') }}"

state: present

loop: "{{ list_user_ops_managed2 }}"

- name: Create dev users on managed2

user:

password: "{{ pass | password_hash('sha512') }}"

state: present

loop: "{{ list_user_dev_managed2 }}"

EOF

cat > ~/quiz-6/ansible.cfg << 'EOF'

[defaults]

inventory = inventory

host_key_checking = False

vault_password_file = vault-pass

EOF

wc -l group_vars/managed1-host-<username>.yml
wc -l group_vars/managed2-host-<username>.yml
ansible-vault view secret.yml --vault-password-file vault-pass
ansible-playbook quiz-6_loop.yml --vault-password-file vault-pass

Modul 6

Berikut penyelesaian lab 6.1 Ad-hoc command

mkdir managing-task-failure
cd managing-task-failure/
vim ansible.cfg

[defaults]

inventory=inventory

remote_user=student

[privilege_escalation]

become=True

become_ask_pass=false

vim inventory

[managed]

pod-<username>-managed1

vim task-failure.yml

---

- name: Lab Task Failure

hosts: managed

vars:

web_pkg: apache

db_pkg: mariadb-server

db_svc: mariadb

tasks:

- name: Install {{ web_pkg }} package

apt:

state: present

- name: Install {{ db_pkg }} package

apt:

state: present

tasks:

- name: Install {{ web_pkg }} package

apt:

state: present

ignore_errors: yes

tasks:

- name: Set up webserver

block:

- name: Install {{ web_pkg }} package

apt:

state: present

rescue:

- name: Install {{ db_pkg }} package

apt:

state: present

always:

- name: Start {{ db_svc }} service

service:

state: started

vars:

web_pkg: apache2

db_pkg: mariadb-server

db_svc: mariadb

tasks:

- name: execute command

command: hostnamectl

- name: print command

debug:

var: Result.stdout_lines

- name: execute command

command: hostnamectl

changed_when: false

- name: Set up webserver

block:

- name: Install {{ web_pkg }} package

apt:

state: present

failed_when: web_pkg == "apache2"

ansible-playbook task-failure.yml

Berikut penyelesaian lab 6.2 Ad-hoc command

mkdir managing-handlers
cd managing-handlers/
vim ansible.cfg

[defaults]

inventory=inventory

remote_user=student

[privilege_escalation]

become=True

become_ask_pass=False

vim inventory

[managed]

pod-<username>-managed1

vim installing_mariaDB.yml

- name: Install mariaDB server

hosts: managed

vars:

required_pkgs:

- mariadb-server

- python3-pymysql

db_user: <username>

db_pw: adinusa

db_socket: /var/run/mysqld/mysqld.sock

tasks:

- name: "{{ required_pkgs }} packages are installed"

apt:

state: present

notify: restart service mariadb

- name: task that force handlers to run imediately

meta: flush_handlers

- name: set mariaDB user and password

mysql_user:

login_unix_socket: "{{ db_socket }}"

login_host: localhost

login_user: root

login_password: ''

password: "{{ db_pw }}"

priv: "*.*:ALL,GRANT"

state: present

host: localhost

no_log: yes

notify: restart service mariadb

- name: add a data for database

copy:

src: ./dump.sql

dest: /tmp/dump.sql

notify:

- "create database"

- restart service mariadb

- name: task that force handlers to run imediately

meta: flush_handlers

- name: check if DB exists

shell: mysql --host=localhost --user={{ db_user }} --password={{ db_pw }} -e 'SHOW DATABASES;'

- name: show list existed databases

debug:

var: dbstatus.stdout_lines

handlers:

- name: restart service mariadb

service:

state: restarted

enabled: yes

- name: create a new database

mysql_db:

state: present

login_unix_socket: "{{ db_socket }}"

login_user: "{{ db_user }}"

login_password: "{{ db_pw }}"

listen: "create database"

- name: insert a data into database

mysql_db:

state: import

target: /tmp/dump.sql

login_unix_socket: "{{ db_socket }}"

login_user: "{{ db_user }}"

login_password: "{{ db_pw }}"

listen: "create database"

ansible-playbook --syntax-check installing_mariaDB.yml
vim dump.sql

CREATE TABLE IF NOT EXISTS test (

message varchar(255) NOT NULL

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

INSERT INTO test(message) VALUES('Adinusa - managing-handlers');

INSERT INTO test(message) VALUES('username');

INSERT INTO test(message) VALUES('Ansible is fun');

ansible-playbook installing_mariaDB.yml
mysql --host=localhost --user=<username> --password=adinusa -e 'SHOW DATABASES;'

Berikut penyelesaian lab 4.1 Ad-hoc command

ansible --version
sudo apt update
sudo apt install ansible -y

mkdir challenge-1
cd challenge-1
vim inventory

[managed1]

10.10.10.12 ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/your-key.pem

touch laravel.yaml

---

- name: Deploy Laravel Ecommerce Application

hosts: managed1

become: yes

vars:

app_dir: /var/www/laravel-ecommerce

mysql_root_password: "rootpassword123"

mysql_db_name: laravel_ecommerce

mysql_db_user: laravel_user

mysql_db_password: "laravelpassword123"

app_url: "10.10.10.12"

tasks:

- name: Update package cache

apt:

update_cache: yes

- name: Install required packages

apt:

name:

- php8.0

- php8.0-mysql

- php8.0-xml

- php8.0-curl

- php8.0-bcmath

- php8.0-mbstring

- php8.0-zip

- php8.0-gd

- php8.0-common

- php8.0-fpm

- npm

- git

- apache2

- mysql-server

- libapache2-mod-php8.0

state: present

- name: Install Composer

get_url:

url: https://getcomposer.org/installer

dest: /tmp/composer-setup.php

become: yes

- name: Run Composer installation

command: php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer

become: yes

- name: Set permissions untuk Composer

file:

path: /usr/local/bin/composer

mode: '0755'

become: yes

- name: Clone repository Laravel

git:

repo: https://github.com/kunal254/laravel-8-ecommerce.git

dest: "{{ app_dir }}"

force: yes

- name: Install dependencies Laravel dengan Composer

composer:

command: install

working_dir: "{{ app_dir }}"

- name: Install dependencies npm

command: npm install

args:

chdir: "{{ app_dir }}"

- name: Build assets dengan npm

command: npm run dev

args:

chdir: "{{ app_dir }}"

- name: Copy file .env example

copy:

src: "{{ app_dir }}/.env.example"

dest: "{{ app_dir }}/.env"

remote_src: yes

- name: Generate key aplikasi Laravel

command: php artisan key:generate

args:

chdir: "{{ app_dir }}"

- name: Start dan enable service MySQL

systemd:

state: started

enabled: yes

- name: Setup database MySQL

mysql_db:

state: present

login_user: root

login_password: "{{ mysql_root_password }}"

- name: Buat user database

mysql_user:

password: "{{ mysql_db_password }}"

priv: "{{ mysql_db_name }}.*:ALL"

state: present

login_user: root

login_password: "{{ mysql_root_password }}"

- name: Update konfigurasi .env untuk database

lineinfile:

path: "{{ app_dir }}/.env"

regexp: "^{{ item.key }}="

line: "{{ item.key }}={{ item.value }}"

with_items:

- { key: "DB_DATABASE", value: "{{ mysql_db_name }}" }

- { key: "DB_USERNAME", value: "{{ mysql_db_user }}" }

- { key: "DB_PASSWORD", value: "{{ mysql_db_password }}" }

- { key: "APP_URL", value: "http://{{ app_url }}" }

- name: Jalankan migrasi database

command: php artisan migrate --force

args:

chdir: "{{ app_dir }}"

- name: Jalankan seeder database

command: php artisan db:seed --force

args:

chdir: "{{ app_dir }}"

- name: Set permissions untuk storage dan bootstrap cache

file:

path: "{{ item }}"

mode: '0777'

state: directory

recurse: yes

with_items:

- "{{ app_dir }}/storage"

- "{{ app_dir }}/bootstrap/cache"

- name: Setup virtual host Apache

copy:

dest: /etc/apache2/sites-available/laravel.conf

content: |

ServerName {{ app_url }}

DocumentRoot {{ app_dir }}/public

AllowOverride All

Require all granted

</Directory>

ErrorLog ${APACHE_LOG_DIR}/laravel_error.log

CustomLog ${APACHE_LOG_DIR}/laravel_access.log combined

</VirtualHost>

- name: Enable mod rewrite Apache

command: a2enmod rewrite

- name: Disable site default Apache

command: a2dissite 000-default.conf

- name: Enable site Laravel

command: a2ensite laravel.conf

- name: Restart service Apache

systemd:

state: restarted

enabled: yes

- name: Set ownership untuk direktori aplikasi

file:

path: "{{ app_dir }}"

owner: www-data

group: www-data

recurse: yes

- name: Tampilkan informasi login

hosts: localhost

tasks:

- name: Tampilkan credentials login

debug:

msg:

- "Deployment Laravel selesai!"

- "URL: http://{{ app_url }}"

- "Email: admin@gmail.com"

- "Password: admin123"

vim vars.yaml

app_dir: /var/www/laravel-ecommerce

mysql_root_password: "rootpassword123"

mysql_db_name: laravel_ecommerce

mysql_db_user: laravel_user

mysql_db_password: "laravelpassword123"

app_url: "10.10.10.12"

ansible -i inventory.ini managed1 -m ping
ansible -i inventory.ini managed1 -a "whoami"
ansible-playbook -i inventory.ini laravel.yaml
curl -I http://10.10.10.12
ansible -i inventory.ini managed1 -a "mysql -u laravel_user -p laravelpassword123 laravel_ecommerce -e 'SHOW TABLES;'"

Test login

Buka http://10.10.10.12/login dan gunakan:

Email: admin@gmail.com
Password: admin123

Kunjungi situs resmi kami di https://radnet-digital.id untuk informasi lebih lanjut.

Search This Blog

Adhika Fadhil

(Adinusa) Automation With Ansible

Modul 3

Comments

Post a Comment

Popular posts from this blog

(Adinusa) Linux System Administration

(Webinar) CSCU Introduction : Securing Email Communication

(Adinusa) Docker Fundamental