clase 07/02/23

T4/guided/control-errors/ansible.cfg

@@ -0,0 +1,9 @@
+[defaults]
+inventory=inventory
+remote_user=devops
+
+[privilege_escalation]
+become=True
+become_method=sudo
+become_user=root
+become_ask_pass=False

T4/guided/control-errors/inventory

@@ -0,0 +1,3 @@
+[databases]
+servera.lab.example.com
+

T4/guided/control-errors/playbook.yml

@@ -0,0 +1,33 @@
+---
+
+- name: task failure exercise
+  hosts: databases
+  vars:
+    web_package: httpd
+    db_package: mariadb-server
+    db_service: mariadb
+  tasks:
+    - name: check local time
+      command: date
+      register: command_result
+      changed_when: false
+    - name: print local time
+      debug:
+        var: command_result.stdout
+    - name: Attempt to set up a server
+      block:
+        - name: "Install {{ web_package }} package"
+          yum:
+            name: "{{web_package }}"
+            state: present
+          failed_when: web_package == "httpd"
+      rescue:  
+        - name: "Install {{ db_package }} package"
+          yum:
+            name: "{{ db_package }}"
+            state: present
+      always:
+        - name: "Start {{ db_service }} service"
+          service:
+            name: "{{ db_service }}"
+            state: started

T4/guided/control-review/ansible.cfg

@@ -0,0 +1,9 @@
+[defaults]
+inventory=inventory
+remote_user=devops
+
+[privilege_escalation]
+become=True
+become_method=sudo
+become_user=root
+become_ask_pass=False

T4/guided/control-review/index.html

@@ -0,0 +1 @@
+Configured for both HTTP and HTTPS.

T4/guided/control-review/inventory

@@ -0,0 +1,3 @@
+[webservers]
+serverb.lab.example.com
+

T4/guided/control-review/playbook.yml

@@ -0,0 +1,52 @@
+---
+- name: Playbook Control Lab
+  hosts: webservers
+  vars_files: vars.yml
+  tasks:
+    - name: check system reqs
+      fail:
+        msg: "Memoria insuficiente o SO erroneo"
+      when: >
+        (ansible_memtotal_mb < min_ram_mb) or 
+        (ansible_distribution != "RedHat")
+    - name: install {{ packages }} pkgs
+      yum:
+        name: "{{ packages }}"
+        state: latest 
+    - name: start {{ services }} services
+      service:
+        name: "{{ item }}"
+        enabled: yes
+        state: started
+      loop: "{{ services }}"
+    - name: configuration block
+      block:
+        - name: SSL certs directory
+          file:
+            name: "{{ ssl_cert_dir }}"
+            state: directory
+        - name: copy files
+          copy:
+            src: "{{ item.src }}"
+            dest: "{{ item.dest }}"
+          loop: "{{ web_config_files }}"
+          notify: restart web service
+      rescue:
+        - name: config not success
+          debug:
+            msg: "One or more of the configuration changes failed, but the web service is still active."
+    - name: config firewall
+      firewalld:
+        service: "{{ item }}"
+        state: enabled
+        permanent: yes
+        immediate: yes
+      loop:
+        - http
+        - https
+
+  handlers:
+    - name: restart web service
+      service:
+        name: httpd 
+        state: restarted

T4/guided/control-review/server.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIJANuxm+z2iN9eMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV
+BAYTAlVTMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxEDAOBgNVBAoMB1JlZCBIYXQx
+ETAPBgNVBAsMCFRyYWluaW5nMSAwHgYDVQQDDBdzZXJ2ZXJiLmxhYi5leGFtcGxl
+LmNvbTAeFw0xODExMTMxNTUyMThaFw0yMTA4MDkxNTUyMThaMGsxCzAJBgNVBAYT
+AlVTMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxEDAOBgNVBAoMB1JlZCBIYXQxETAP
+BgNVBAsMCFRyYWluaW5nMSAwHgYDVQQDDBdzZXJ2ZXJiLmxhYi5leGFtcGxlLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAODJ+pRPzQ/X6PP3O70Q
+hHeBghMK29jwyswJ4o7tjwFxFkWJHbphBuea+YHS7orDuYK7qRLE7/AXbjJlttkn
+qgu+3hmGdWzN3Lq0hlJuRoHXrzEBL8ymp01WGOwm4N+op4x3IVx5PWxIuyXqE3Q1
+wLwFviLItOD9+/XZ4FTNGvtBmtclE/xG0w7xtGQxAJn5qjoX2vULC5zPaC5WwwCv
+McaADI1Qhg72WhNsQJcLnQ7ZSscuTh+D/uRKXG7i3d9JrMZynlB9IaxaIaf5hPcU
+TPM/7GpeFMi5RHvoUpdn9Z0WgJW0wZU66tsHSmRazOp0FzXzCtHY+Oo+3M/rOP03
+B98CAwEAAaNQME4wHQYDVR0OBBYEFNtiKeURZuyKfxs1VOL8MpI1iOhNMB8GA1Ud
+IwQYMBaAFNtiKeURZuyKfxs1VOL8MpI1iOhNMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBALrz5gKUgT/0aiDBpEXGSX0srOOw3ub+FtI5snN9oNRD107b
+ZR6UjUW2t2EC3bPhBZGWJ2vHdx8IuHpL06SlJdcJy6FVYdQhap7gqIIjYX9bhriB
+WDFNyrXK/1ril/2SQLWnq/HvaaY9hJwP0ag3Sv4E9RYgDnwuGZMrk3rP+7gjWqfg
+AMhQ/S9PQgY30g6n1hGfCjIRZYPl8QaSqWHfvKZKii5EB+ottMdDFc5QuW41HC8w
+yXGGywacQAWALZtH22BzCKVMq72dalGfskmpRQJmhyZLJSYIq9O5DNn3xQBjUHPA
+UHRluuphqXzOUH6u0UPBySaQ1fTYyrdnJ9qfksw=
+-----END CERTIFICATE-----
+

T4/guided/control-review/server.key

@@ -0,0 +1,29 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDgyfqUT80P1+jz
+9zu9EIR3gYITCtvY8MrMCeKO7Y8BcRZFiR26YQbnmvmB0u6Kw7mCu6kSxO/wF24y
+ZbbZJ6oLvt4ZhnVszdy6tIZSbkaB168xAS/MpqdNVhjsJuDfqKeMdyFceT1sSLsl
+6hN0NcC8Bb4iyLTg/fv12eBUzRr7QZrXJRP8RtMO8bRkMQCZ+ao6F9r1Cwucz2gu
+VsMArzHGgAyNUIYO9loTbECXC50O2UrHLk4fg/7kSlxu4t3fSazGcp5QfSGsWiGn
++YT3FEzzP+xqXhTIuUR76FKXZ/WdFoCVtMGVOurbB0pkWszqdBc18wrR2PjqPtzP
+6zj9NwffAgMBAAECggEABfp5Np6UtpoocOyfYxzgWQlRu03roO5uhlSw+NoqloA6
+dmj6KG3SMDC3+BLzEy+3bFmvWndwZjNJU//OiCH87MkLwSQJVXZ4K2MHu4OBToy8
+9RGyAsBf7LegfA9gpbInmp3EfmAfGRUqHQ0HrWyMjrOcZfJulRlMLTK5O6gk0o/U
+WtB81RR0sWx4e3R95Wjv6LNeya4/TuC2vOq9nl7msQ9ohMgpwUgXZgfwh4DmkeHB
+VMc/xb+jAUtSEmLcYOo+iKZlLwenwXLsoSrY3dHFZjNMXrzLbpZLVzjb+DUEoPWc
+qRWaDRSP4lyY/pBORopxlTZCIKaMN25QItpYlXmJMQKBgQDwdt0C5yyD1RdDOuWO
+bVukHqrIuHomMog9KDmAyTKjZqjwEgcc99BS/mnCur63Oo9dPLA1zEZiaMjut1+h
+kn1ROrnKImhXGX9q8nik1w3vIN74+2smlJe4EWVb1hbAmSpjIFcHFaoHSkajVjpL
+sfV/sa/O5VBAJyw59IqeKnkcVwKBgQDvT9rYTldLkmTPdv6UaQG0NIAXz28d8WXr
+xphCfn8w0mL/FDp/WY7LlJfHhpwy0qAcdkkjyBd13WwUBTfslKy2xQNRZoERf4Ob
+OvDvTVCm+AXOROtEp+hHT0+HtZG1YsReRi5qWiuNNxbQmLsvlOtChxOY6HglArzt
+AOf1LTK7uQKBgQDDlGn+SnhyYYciL202gsvemPLffuwa1U7qLyVWEk8ViBIv8PnI
+HedbGYJ719f2v7KLaykHGLbGo+OKBavKhpNW1iT2uzWSYjK4ka5+pEu5C0tPx25H
+WuRr2fpOz7qBvBI1vcALCxvYAhmiECgqGPxMeAE+jlTPWQ0ntjZonrMS0QKBgQDp
+xrN9fMIwM/lA5fh52D5u4J6FJAFjWc77zUwuIM51TgChOAyRHVauLyE6K5ho2XLJ
+ew+l4bBxVnVe9V4VQYObI8hC+4R4KH3S5Xg5/Ogdw8pAHvlJX1E8YBDL/KYzcCFu
+CtcK070ZvUgPTDQHnk1X9wZA6E99sDgIukreKmIWGQKBgQDV/cex8LKFds1fYHx9
+5OeJaK4QO340GAGRFuoTGwmgfs1gcNfdwESyMwmz9iDwfHB3XTIor2BH8Ys+MF5U
+MC80X/GNsZp1HMMF3zybTj3uCE0rszgfqdMuNhgimFFx46RxL5pnfyiM1O3azm0B
+T3sSQxMNRoD+x3EeXkZ46HXOrA==
+-----END PRIVATE KEY-----
+

T4/guided/control-review/ssl.conf

@@ -0,0 +1,14 @@
+# Apache HTTPs Configuration
+# Razique Mahroua <rmahroua@redhat.com>
+
+Listen 172.25.250.11:443
+NameVirtualHost serverb.lab.example.com
+
+<VirtualHost serverb.lab.example.com:443>
+  ServerName serverb.lab.example.com
+  DocumentRoot /var/www/html/
+  SSLEngine on
+  SSLCertificateFile /etc/httpd/conf.d/ssl/server.crt
+  SSLCertificateKeyFile /etc/httpd/conf.d/ssl/server.key
+  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+</VirtualHost>

T4/guided/control-review/vars.yml

@@ -0,0 +1,31 @@
+min_ram_mb: 256
+
+web_service: httpd
+web_package: httpd
+ssl_package: mod_ssl
+
+fw_service: firewalld
+fw_package: firewalld
+
+
+services:
+ - "{{ web_service }}"
+ - "{{ fw_service }}"
+
+packages:
+ - "{{ web_package }}"
+ - "{{ ssl_package }}"
+ - "{{ fw_package }}"
+
+ssl_cert_dir: /etc/httpd/conf.d/ssl
+
+web_config_files:
+  - src: server.key
+    dest: "{{ ssl_cert_dir }}"
+  - src: server.crt
+    dest: "{{ ssl_cert_dir }}"
+  - src: ssl.conf
+    dest: /etc/httpd/conf.d
+  - src: index.html
+    dest: /var/www/html
+

T4/guided/data-facts/ansible.cfg

@@ -0,0 +1,6 @@
+[defaults]
+inventory   = inventory
+remote_user = devops
+
+[privilege_escalation]
+become      = true

T4/guided/data-facts/custom.fact

@@ -0,0 +1,5 @@
+[general]
+package = httpd
+service = httpd
+state = started
+enabled = true

T4/guided/data-facts/inventory

@@ -0,0 +1,2 @@
+[webserver]
+servera.lab.example.com

T4/guided/data-facts/playbook.yml

@@ -0,0 +1,14 @@
+---
+
+- name: install apache and starts the server
+  hosts: webserver
+  tasks:
+    - name: install package
+      yum:
+        name: "{{ ansible_facts['ansible_local']['custom']['general']['package'] }}"
+        state: latest
+    - name: start service
+      service:
+        name: "{{ ansible_facts['ansible_local']['custom']['general']['service'] }}"
+        state: "{{ ansible_facts['ansible_local']['custom']['general']['state'] }}"
+        enabled: "{{ ansible_facts['ansible_local']['custom']['general']['enabled'] }}"

T4/guided/data-facts/setup_facts.yml

@@ -0,0 +1,17 @@
+---
+
+- name: install remote facts
+  hosts: webserver
+  vars:
+    remote_dir: /etc/ansible/facts.d
+    facts_file: custom.fact
+  tasks:
+    - name: create remote directory
+      file:
+        state: directory
+        recurse: yes
+        path: "{{ remote_dir }}"
+    - name:
+      copy:
+        src: "{{ facts_file }}"
+        dest: "{{ remote_dir }}"

T4/guided/data-review/ansible.cfg

@@ -0,0 +1,6 @@
+[defaults]
+inventory   = /home/student/data-review/inventory
+remote_user = devops
+
+[privilege_escalation]
+become      = true

T4/guided/data-review/files/.htaccess

@@ -0,0 +1,5 @@
+AuthUserFile /etc/httpd/secrets/htpasswd
+AuthGroupFile /dev/null
+AuthName "Please Enter Password"
+AuthType Basic
+Require valid-user

T4/guided/data-review/files/htpasswd

@@ -0,0 +1 @@
+guest:$apr1$mI3I9LXa$8J2/4kjnthoP7tt8y6Bxa/

T4/guided/data-review/files/httpd.conf

@@ -0,0 +1,353 @@
+#
+# This is the main Apache HTTP server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
+# In particular, see 
+# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
+# for a discussion of each configuration directive.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path.  If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
+# with ServerRoot set to '/www' will be interpreted by the
+# server as '/www/log/access_log', where as '/log/access_log' will be
+# interpreted as '/log/access_log'.
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path.  If you point
+# ServerRoot at a non-local disk, be sure to specify a local disk on the
+# Mutex directive, if file-based mutexes are used.  If you wish to share the
+# same ServerRoot for multiple httpd daemons, you will need to change at
+# least PidFile.
+#
+ServerRoot "/etc/httpd"
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to 
+# prevent Apache from glomming onto all bound IP addresses.
+#
+#Listen 12.34.56.78:80
+Listen 80
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+Include conf.modules.d/*.conf
+
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.  
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+#
+User apache
+Group apache
+
+# 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition.  These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed.  This address appears on some server-generated pages, such
+# as error documents.  e.g. admin@your-domain.com
+#
+ServerAdmin root@localhost
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+#
+#ServerName www.example.com:80
+
+#
+# Deny access to the entirety of your server's filesystem. You must
+# explicitly permit access to web content directories in other 
+# <Directory> blocks below.
+#
+<Directory />
+    AllowOverride none
+    Require all denied
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/var/www/html"
+
+#
+# Relax access to content within /var/www.
+#
+<Directory "/var/www">
+    AllowOverride None
+    # Allow open access:
+    Require all granted
+</Directory>
+
+# Further relax access to the default document root:
+<Directory "/var/www/html">
+    #
+    # Possible values for the Options directive are "None", "All",
+    # or any combination of:
+    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+    #
+    # Note that "MultiViews" must be named *explicitly* --- "Options All"
+    # doesn't give it to you.
+    #
+    # The Options directive is both complicated and important.  Please see
+    # http://httpd.apache.org/docs/2.4/mod/core.html#options
+    # for more information.
+    #
+    Options Indexes FollowSymLinks
+
+    #
+    # AllowOverride controls what directives may be placed in .htaccess files.
+    # It can be "All", "None", or any combination of the keywords:
+    #   Options FileInfo AuthConfig Limit
+    #
+    AllowOverride AuthConfig
+
+    #
+    # Controls who can get stuff from this server.
+    #
+    Require all granted
+</Directory>
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+<IfModule dir_module>
+    DirectoryIndex index.html
+</IfModule>
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being 
+# viewed by Web clients. 
+#
+<Files ".ht*">
+    Require all denied
+</Files>
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog "logs/error_log"
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel warn
+
+<IfModule log_config_module>
+    #
+    # The following directives define some format nicknames for use with
+    # a CustomLog directive (see below).
+    #
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+    <IfModule logio_module>
+      # You need to enable mod_logio.c to use %I and %O
+      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+    </IfModule>
+
+    #
+    # The location and format of the access logfile (Common Logfile Format).
+    # If you do not define any access logfiles within a <VirtualHost>
+    # container, they will be logged here.  Contrariwise, if you *do*
+    # define per-<VirtualHost> access logfiles, transactions will be
+    # logged therein and *not* in this file.
+    #
+    #CustomLog "logs/access_log" common
+
+    #
+    # If you prefer a logfile with access, agent, and referer information
+    # (Combined Logfile Format) you can use the following directive.
+    #
+    CustomLog "logs/access_log" combined
+</IfModule>
+
+<IfModule alias_module>
+    #
+    # Redirect: Allows you to tell clients about documents that used to 
+    # exist in your server's namespace, but do not anymore. The client 
+    # will make a new request for the document at its new location.
+    # Example:
+    # Redirect permanent /foo http://www.example.com/bar
+
+    #
+    # Alias: Maps web paths into filesystem paths and is used to
+    # access content that does not live under the DocumentRoot.
+    # Example:
+    # Alias /webpath /full/filesystem/path
+    #
+    # If you include a trailing / on /webpath then the server will
+    # require it to be present in the URL.  You will also likely
+    # need to provide a <Directory> section to allow access to
+    # the filesystem path.
+
+    #
+    # ScriptAlias: This controls which directories contain server scripts. 
+    # ScriptAliases are essentially the same as Aliases, except that
+    # documents in the target directory are treated as applications and
+    # run by the server when requested rather than as documents sent to the
+    # client.  The same rules about trailing "/" apply to ScriptAlias
+    # directives as to Alias.
+    #
+    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
+
+</IfModule>
+
+#
+# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+<Directory "/var/www/cgi-bin">
+    AllowOverride None
+    Options None
+    Require all granted
+</Directory>
+
+<IfModule mime_module>
+    #
+    # TypesConfig points to the file containing the list of mappings from
+    # filename extension to MIME-type.
+    #
+    TypesConfig /etc/mime.types
+
+    #
+    # AddType allows you to add to or override the MIME configuration
+    # file specified in TypesConfig for specific file types.
+    #
+    #AddType application/x-gzip .tgz
+    #
+    # AddEncoding allows you to have certain browsers uncompress
+    # information on the fly. Note: Not all browsers support this.
+    #
+    #AddEncoding x-compress .Z
+    #AddEncoding x-gzip .gz .tgz
+    #
+    # If the AddEncoding directives above are commented-out, then you
+    # probably should define those extensions to indicate media types:
+    #
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+
+    #
+    # AddHandler allows you to map certain file extensions to "handlers":
+    # actions unrelated to filetype. These can be either built into the server
+    # or added with the Action directive (see below)
+    #
+    # To use CGI scripts outside of ScriptAliased directories:
+    # (You will also need to add "ExecCGI" to the "Options" directive.)
+    #
+    #AddHandler cgi-script .cgi
+
+    # For type maps (negotiated resources):
+    #AddHandler type-map var
+
+    #
+    # Filters allow you to process content before it is sent to the client.
+    #
+    # To parse .shtml files for server-side includes (SSI):
+    # (You will also need to add "Includes" to the "Options" directive.)
+    #
+    AddType text/html .shtml
+    AddOutputFilter INCLUDES .shtml
+</IfModule>
+
+#
+# Specify a default charset for all content served; this enables
+# interpretation of all content as UTF-8 by default.  To use the 
+# default browser choice (ISO-8859-1), or to allow the META tags
+# in HTML content to override this choice, comment out this
+# directive:
+#
+AddDefaultCharset UTF-8
+
+<IfModule mime_magic_module>
+    #
+    # The mod_mime_magic module allows the server to use various hints from the
+    # contents of the file itself to determine its type.  The MIMEMagicFile
+    # directive tells the module where the hint definitions are located.
+    #
+    MIMEMagicFile conf/magic
+</IfModule>
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# EnableMMAP and EnableSendfile: On systems that support it, 
+# memory-mapping or the sendfile syscall may be used to deliver
+# files.  This usually improves server performance, but must
+# be turned off when serving from networked-mounted 
+# filesystems or if support for these functions is otherwise
+# broken on your system.
+# Defaults if commented: EnableMMAP On, EnableSendfile Off
+#
+#EnableMMAP off
+EnableSendfile on
+
+# Supplemental configuration
+#
+# Load config files in the "/etc/httpd/conf.d" directory, if any.
+IncludeOptional conf.d/*.conf

T4/guided/data-review/inventory

@@ -0,0 +1,2 @@
+[webserver]
+serverb.lab.example.com

T4/guided/data-review/playbook.yml

@@ -0,0 +1,91 @@
+---
+
+- name: setup webserver
+  hosts: webserver
+  vars:
+    firewall_pkg: firewalld
+    firewall_svc: firewalld
+    web_pkg: httpd
+    web_svc: httpd
+    ssl_pkg: mod_ssl
+    httpdconf_src: files/httpd.conf
+    httpdconf_dest: /etc/httpd/conf/httpd.conf
+    htaccess_src: files/.htaccess
+    secrets_dir: /etc/httpd/secrets
+    secrets_src: files/htpasswd
+    secrets_dest: "{{ secrets_dir }}/htpasswd"
+    web_root: /var/www/html
+  tasks:
+    - name: install latest pakgs
+      yum:
+        name: 
+          - "{{ firewall_pkg }}"
+          - "{{ web_pkg }}"
+          - "{{ ssl_pkg }}"
+        state: latest
+    - name: copy config file
+      copy:
+        src: "{{ httpdconf_src }}"
+        dest: "{{ httpdconf_dest }}"
+        owner: root
+        group: root
+        mode: '0644'
+    - name: Create a directory if it does not exist
+      file:
+        path: "{{ secrets_dir }}"
+        state: directory
+        owner: apache
+        group: apache
+        mode: '0500'
+    - name: copy password file
+      copy:
+        src: "{{ secrets_src }}"
+        dest: "{{ secrets_dest }}"
+        owner: apache
+        group: apache
+        mode: '0400'
+    - name: copy htaccess file
+      copy:
+        src: "{{ htaccess_src }}"
+        dest: "{{ web_root }}/.htaccess"
+        owner: apache
+        group: apache
+        mode: '0400'
+    - name: create custom content
+      copy:
+        dest: "{{ web_root }}/index.html"
+        content: "{{ ansible_facts['fqdn'] }} ({{ ansible_facts['default_ipv4']['address'] }}) has been customized by Ansible.\n"
+    - name: start and enable firewall
+      service:
+        name: "{{ firewall_svc }}"
+        enabled: true
+        state: started
+    - name: rule for web port
+      firewalld:
+        state: enabled
+        service: https
+        permanent: true
+        immediate: true
+    - name: enable and start httpd
+      service:
+        name: "{{ web_svc }}"
+        enabled: true
+        state: started
+- name: test
+  hosts: localhost
+  become: false
+  vars:
+    web_user: guest
+  vars_files:
+    - vars/secrets.yml
+  tasks:
+    - name: request content
+      uri:
+        url: http://serverb.lab.example.com
+        user: "{{ web_user }}"
+        password: "{{ web_pass }}"
+        status_code: 200
+        validate_certs: no
+        return_content: yes
+    - debug: 
+        var: auth_test.content

T4/guided/data-review/vars/secrets.yml

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+38373466666335636435663763646634313533663662326335303531323365356231326238383337
+3435303963653663316230323437326135616364356136350a396532356564326336343766663565
+32326463363534663265623230336236396338316332386262303566373836353366386638383763
+3164613139626134340a643433343638343965326532666536633531336561356563326163326636
+34616634333332316362303364336361663239626365633261623833386265636665

T4/guided/data-secret/ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+inventory = /home/student/data-secret/inventory/hosts

T4/guided/data-secret/create_users.yml

@@ -0,0 +1,11 @@
+- name: create users acc 4 all servers
+  hosts: devservers
+  become: true
+  remote_user: devops
+  vars_files:
+    - secret.yml
+  tasks:
+    - name: Creating user from secret.yml
+      user:
+        name: "{{ username }}"
+        password: "{{ pwhash }}"

T4/guided/data-secret/inventory/hosts

@@ -0,0 +1,2 @@
+[devservers]
+servera.lab.example.com

T4/guided/data-secret/psswd

@@ -0,0 +1 @@
+redhat

T4/guided/data-secret/secret.yml

@@ -0,0 +1,12 @@
+$ANSIBLE_VAULT;1.1;AES256
+61356537356635343638666235376532383138346335396661373038623865663233373662376637
+3035653764613863383531386332333439376535326239330a396362383934386162383838643634
+30613561663365376435333235613137633536386236623939386630373865323831623237636262
+3438313137306363310a303864663265353136613063633838346437623230633263633465396464
+36616566313336393433626132326334393533373430393037316239363638633365306662663466
+31363234623131646134313365626639626163326164636637363363363536666536623137373763
+37643239396162333232616630653366333131373233343138636433303234633130353263356339
+62396537343364373333383638666235336635303466393537303632363330383463353063306366
+30366532653135376163616163666330366564376331333066363965313666353332626133356563
+37663065633431633562643061383463356164373964326137626238343131323433366161663464
+366432356438396633366463386663396432

T4/guided/data-variables/ansible.cfg

@@ -0,0 +1,6 @@
+[defaults]
+inventory   = inventory
+remote_user = devops
+
+[privilege_escalation]
+become      = true

T4/guided/data-variables/inventory

@@ -0,0 +1,3 @@
+
+[webserver]
+servera.lab.example.com

T4/guided/data-variables/playbook.yml

@@ -0,0 +1,48 @@
+---
+
+
+- name: Install & configure Apche
+  hosts: webserver
+  vars:
+    web_pkg: httpd
+    firewall_pkg: firewalld
+    web_service: httpd
+    firewall_service: firewalld
+    python_pkg: python3-PyMySQL
+    rule: http
+  tasks:
+    - name: Required Packages
+      yum:
+        name:
+          - "{{ web_pkg }}"
+          - "{{ firewall_pkg }}"
+          - "{{ python_pkg }}"
+        state: latest
+    - name: Start firewall service
+      service:
+        name: "{{ firewall_service }}"
+        enabled: true
+        state: started
+    - name: Start web service
+      service:
+        name: "{{ web_service }}"
+        enabled: true
+        state: started
+    - name: web content is in place
+      copy:
+        content: "Example web content"
+        dest: /var/www/html/index.html
+    - name: open firewall
+      firewalld:
+        service: "{{ rule }}"
+        permanent: true
+        immediate: true
+        state: enabled
+- name: Verify apache
+  hosts: localhost
+  become: false
+  tasks:
+    - name: Server reachable
+      uri:
+        url: http://servera.lab.example.com
+        status_code: 200

T4/guided/deploy-adhoc/ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+inventory=inventory

T4/guided/deploy-adhoc/inventory

@@ -0,0 +1,5 @@
+[control_node]
+localhost
+
+[intranetweb]
+servera.lab.example.com

T4/guided/deploy-inventory/inventory

@@ -0,0 +1,29 @@
+[webservers]
+servera.lab.example.com
+serverb.lab.example.com
+serverc.lab.example.com
+serverd.lab.example.com
+
+[raleigh]
+servera.lab.example.com
+serverb.lab.example.com
+
+[mountainview]
+serverc.lab.example.com
+
+[london]
+serverd.lab.example.com
+
+[development]
+servera.lab.example.com
+
+[testing]
+serverb.lab.example.com
+
+[production]
+serverc.lab.example.com
+serverd.lab.example.com
+
+[us:children]
+raleigh
+mountainview

T4/guided/deploy-manage/a.yaml

@@ -0,0 +1,6 @@
+df
+fgfdg
+  ffdgdf
+  sddfsg
+
+

T4/guided/deploy-manage/ansible.cfg

@@ -0,0 +1,8 @@
+[defaults]
+inventory = ./inventory
+
+[privilege_escalation]
+become = true
+become_method = sudo
+become_user = root
+become_ask_pass = true

T4/guided/deploy-manage/deploy-adhoc/ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+inventory=inventory

T4/guided/deploy-manage/deploy-adhoc/inventory

@@ -0,0 +1,5 @@
+[control_node]
+localhost
+
+[intranetweb]
+servera.lab.example.com

T4/guided/deploy-manage/deploy-inventory/inventory

@@ -0,0 +1,29 @@
+[webservers]
+servera.lab.example.com
+serverb.lab.example.com
+serverc.lab.example.com
+serverd.lab.example.com
+
+[raleigh]
+servera.lab.example.com
+serverb.lab.example.com
+
+[mountainview]
+serverc.lab.example.com
+
+[london]
+serverd.lab.example.com
+
+[development]
+servera.lab.example.com
+
+[testing]
+serverb.lab.example.com
+
+[production]
+serverc.lab.example.com
+serverd.lab.example.com
+
+[us:children]
+raleigh
+mountainview

T4/guided/deploy-manage/inventory

@@ -0,0 +1,9 @@
+[myself]
+localhost
+[intranetweb]
+servera.lab.example.com
+[internetweb]
+serverb.lab.example.com
+[web:children]
+intranetweb
+internetweb

T4/guided/playbook-basic/ansible.cfg

@@ -0,0 +1,9 @@
+[defaults]
+inventory=inventory
+remote_user=devops
+
+[privilege_escalation]
+become=True
+become_method=sudo
+become_user=root
+become_ask_pass=False

T4/guided/playbook-basic/files/index.html

@@ -0,0 +1 @@
+This is a test page.

T4/guided/playbook-basic/inventory

@@ -0,0 +1,4 @@
+[web]
+serverc.lab.example.com
+serverd.lab.example.com
+

T4/guided/playbook-basic/site.yml

@@ -0,0 +1,16 @@
+- name: Install and start Apache HHTPD
+  hosts: web
+  tasks:
+    - name: httpd package is present
+      yum:
+        name: httpd 
+        state: present
+    - name: correct html is present
+      copy:
+        src: files/index.html
+        dest: /var/www/html/index.html
+    - name: httpd is started
+      service:
+        name: httpd
+        state: started
+        enabled: true

T4/guided/playbook-multi/ansible.cfg

@@ -0,0 +1,9 @@
+[defaults]
+inventory=inventory
+remote_user=devops
+
+[privilege_escalation]
+become=False
+become_method=sudo
+become_user=root
+become_ask_pass=False

T4/guided/playbook-multi/intranet.yml

@@ -0,0 +1,41 @@
+---
+
+- name: Enable intranet services
+  hosts: servera.lab.example.com
+  become: true
+  tasks:
+    - name: latest version of httpd and firewalld installed
+      yum:
+        name: 
+          - httpd
+          - firewalld
+        state: latest
+    - name: test html page is installed
+      copy:
+        content: "Welcome to the example.com intranet!\n"
+        dest: /var/www/html/index.html
+    - name: firewalld enabled and running
+      service:
+        name: firewalld
+        state: started
+        enabled: true
+    - name: firewalld permits acccess to httpd service
+      firewalld:
+        service: http
+        permanent: true
+        state: enabled
+        immediate: true
+    - name: httpd enabled and running
+      service:
+        name: httpd
+        state: started
+        enabled: true
+- name: Test intranet web server
+  hosts: localhost
+  become: no
+  tasks:
+    - name: connect to the intranet service
+      uri:
+        url: http://servera.lab.example.com
+        return_content: yes
+        status_code: 200

T4/guided/playbook-multi/inventory

@@ -0,0 +1 @@
+servera.lab.example.com

T4/guided/playbook-review/ansible.cfg

@@ -0,0 +1,9 @@
+[defaults]
+inventory=inventory
+remote_user=devops
+
+[privilege_escalation]
+become=False
+become_method=sudo
+become_user=root
+become_ask_pass=False

T4/guided/playbook-review/internet.yml

@@ -0,0 +1,56 @@
+---
+
+- name: setup servers
+  hosts: serverb.lab.example.com
+  become: true
+  tasks:
+    - name: install latest packages 
+      yum:
+        name:
+          - firewalld
+          - httpd
+          - mariadb-server
+          - php
+          - php-mysqlnd
+        state: latest
+  
+    - name: start and enable firewalld 
+      service:
+        name: firewalld
+        state: started
+        enabled: yes
+    
+    - name: start and enable http
+      service:
+        name: httpd
+        state: started
+        enabled: yes
+
+    - name: start and enable mariadb
+      service:
+        name: mariadb 
+        state: started
+        enabled: yes
+
+    - name: firewall access to http
+      firewalld:
+        service: http
+        permanent: true
+        state: enabled
+        immediate: true
+
+    - name: gen web content
+      get_url:
+        url: http://materials.example.com/labs/playbook-review/index.php
+        dest: /var/www/html/
+
+- name: Test intranet web server
+  hosts: localhost
+  become: no
+  tasks:
+    - name: connect to the intranet service
+      uri:
+        url: http://serverb.lab.example.com
+        return_content: yes
+        status_code: 200
+

T4/guided/playbook-review/inventory

@@ -0,0 +1 @@
+serverb.lab.example.com

T4/guided/stat-play/lineinfile.yml

@@ -0,0 +1,12 @@
+---
+
+- name: play1
+  hosts: servera.lab.example.com
+  tasks:
+    - name: line in file
+      lineinfile:
+        path: /tmp/text.txt
+        line: "Esto es una prueba"
+        rege
+        state: present
+        create: yes

T4/guided/stat-play/stat-play.yml

@@ -0,0 +1,13 @@
+---
+
+- name: stat module
+  hosts: servera.lab.example.com
+  gather_facts: no
+  tasks:
+    - name: lanza el modulo stat
+      stat:  
+        path: /etc/passwd
+      register: result
+    - name: output results
+      debug:
+        var: result.stat.checksum