ansible

2 years ago · b7f8cba04a
14 changed files with 514 additions and 1 deletions
--- a/auto-complete.sh
+++ b/auto-complete.sh
@ -4,7 +4,7 @@ function libs()
 {
  if [ "$1" != "" ]; 
  then
-    COMPREPLY=($(compgen -W "all xelatex-thesis network-scanning network-adhoc raspi-docker tech-list faq sensor-node ssh-tunneling iptables poc-datacollector help" "${COMP_WORDS[$COMP_CWORD]}"))
+    COMPREPLY=($(compgen -W "all xelatex-thesis infrastructure-as-code network-scanning network-adhoc raspi-docker tech-list faq sensor-node ssh-tunneling iptables poc-datacollector help" "${COMP_WORDS[$COMP_CWORD]}"))
  fi
 }

--- a/build.sh
+++ b/build.sh
@ -35,6 +35,8 @@ usage ()
    echo ""
    echo -e "      ${txtg}iptables:${NOCOLOR} This tutorial demonstrates, howto setup iptables & howto use it "
    echo ""
+    echo -e "      ${txtg}infrastructure-as-code:${NOCOLOR} This tutorial demonstrates, howto use ansible to implement Infrastructure as Code "
+    echo ""
    echo -e "      ${txtg}network-scanning:${NOCOLOR} This tutorial demonstrates some common nmap port scanning scenarios and explains the output. "
    echo ""
    echo -e "      ${txtg}network-adhoc:${NOCOLOR} This tutorial demonstrates, howto setup ad-hoc network & howto use it "
@ -114,6 +116,13 @@ do
            COMMAND_CREATE=1
            ;;

+        infrastructure-as-code)
+	    DESC="infrastructure-as-code" ;
+	    build="build.sh" ;
+            docdir="infrastructure-as-code" ;
+            COMMAND_CREATE=1
+            ;;
+
        xelatex-thesis)
 	    DESC="xelatex-thesis" ;
 	    build="build.sh" ;
--- a/infrastructure-as-code/antora.yml
+++ b/infrastructure-as-code/antora.yml
@ -0,0 +1,5 @@
+    name: swarmlab_infrastructure-as-code
+    title: swarmlab_infrastructure-as-code
+    version: docs
+    nav:
+    - modules/ROOT/nav.adoc
--- a/infrastructure-as-code/modules/ROOT/images/adhoc.png
+++ b/infrastructure-as-code/modules/ROOT/images/adhoc.png
--- a/infrastructure-as-code/modules/ROOT/images/swarmlab.png
+++ b/infrastructure-as-code/modules/ROOT/images/swarmlab.png
--- a/infrastructure-as-code/modules/ROOT/images/trafic.png
+++ b/infrastructure-as-code/modules/ROOT/images/trafic.png
--- a/infrastructure-as-code/modules/ROOT/images/vehigle.png
+++ b/infrastructure-as-code/modules/ROOT/images/vehigle.png
--- a/infrastructure-as-code/modules/ROOT/nav.adoc
+++ b/infrastructure-as-code/modules/ROOT/nav.adoc
@ -0,0 +1 @@
+* xref:index.adoc[ansible]
--- a/infrastructure-as-code/modules/ROOT/pages/index-setup.adoc
+++ b/infrastructure-as-code/modules/ROOT/pages/index-setup.adoc
@ -0,0 +1,354 @@
+= Setup
+
+TIP: Tested on a Raspberry Pi with "Buster"
+
+== Intro
+
+networkd is a small and lean service to configure network interfaces, designed mostly for server use cases in a world with hotplugged and virtualized networking. Its configuration is similar in spirit and abstraction level to ifupdown, but you don't need any extra packages to configure bridges, bonds, vlan etc. It is not very suitable for managing WLANs yet; NetworkManager is still much more appropriate for such Desktop use cases.
+
+ There are mainly three setups to have a peer to peer network:
+
+* unprotected ad-hoc interface by configuring the WiFi device
+* unprotected ad-hoc interface using wpa_supplicant (Recommended)
+* Only with suitable (RSN-IBSS capable) USB dongle:
+* protected ad-hoc interface using wpa_supplicant and WPA encryption (best solution if possible)
+* ad-hoc interface with additional USB/WiFi dongle for uplink to internet router
+
+
+== Install systemd-networkd
+
+=== deinstall classic networking and install it!
+
+* *sudo su*   # if not already done
+
+*deinstall*
+[source,sh]
+----
+systemctl daemon-reload
+systemctl disable --now ifupdown dhcpcd dhcpcd5 isc-dhcp-client isc-dhcp-common rsyslog
+apt --autoremove purge -f ifupdown dhcpcd dhcpcd5 isc-dhcp-client isc-dhcp-common rsyslog
+rm -r /etc/network /etc/dhcp
+
+# setup/enable systemd-resolved and systemd-networkd
+
+systemctl disable --now avahi-daemon libnss-mdns
+apt --autoremove -f purge avahi-daemon
+apt install -f libnss-resolve
+ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+apt-mark hold avahi-daemon dhcpcd dhcpcd5 ifupdown isc-dhcp-client isc-dhcp-common libnss-mdns openresolv raspberrypi-net-mods rsyslog
+systemctl enable systemd-networkd.service systemd-resolved.service
+----
+
+
+== Install optional
+
+[source,sh]
+----
+apt-get install raspberrypi-kernel-headers -y
+----
+
+
+
+=== setup wired connection
+
+*wired connection*
+[source,sh]
+----
+cat > /etc/systemd/network/04-wired.network <<EOF
+[Match]
+Name=e*
+
+[Network]
+## Uncomment only one option block
+# Option: using a DHCP server and multicast DNS
+LLMNR=no
+LinkLocalAddressing=no
+MulticastDNS=yes
+DHCP=ipv4
+
+# Option: using link-local ip addresses and multicast DNS
+#LLMNR=no
+#LinkLocalAddressing=yes
+#MulticastDNS=yes
+
+# Option: using static ip address and multicast DNS
+Address=192.168.1.18/24 // <1>
+Gateway=192.168.1.1     // <2>
+DNS=8.8.8.8 1.1.1.1     // <3>
+MulticastDNS=yes
+EOF
+----
+<1> use your settings
+<2> use your settings
+<2> use your settings
+
+
+=== Reboot
+
+NOTE: reboot
+
+== Config 
+
+
+=== NSS
+
+*config nss*
+[source,sh]
+----
+apt --autoremove purge avahi-daemon
+apt-mark hold avahi-daemon
+apt install -f libnss-resolve
+
+echo ""
+echo "For troubleshooting you may have a look at /etc/nsswitch.conf. It should contain a line like this:"
+echo ""
+echo "hosts:          files resolve [!UNAVAIL=return] dns"
+echo ""
+echo ""
+echo ""
+echo ""
+----
+
+
+=== DNS
+
+
+*config dns*
+[source,sh]
+----
+
+echo ""
+echo "Configure DNS stub listener interface"
+echo ""
+
+echo "Here we have to symlink /etc/resolv.conf to the stub listener:"
+echo ""
+echo " exec4you ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf"
+ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+echo ""
+
+echo "Check name resolution"
+
+
+resolvectl status
+----
+
+== unprotected ad-hoc interface using wpa_supplicant 
+
+Follow  *Install systemd-networkd*
+
+Then come back here.
+
+TIP: unprotected
+
+* *sudo su*   # if not already done
+
+[source,sh]
+----
+
+cat > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf <<EOF
+ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
+update_config=1
+p2p_disabled=1
+country=GR
+
+network={
+    ssid="IBSS-RPiNet"
+    frequency=2412   # channel 1
+    mode=1           # IBSS (ad-hoc, peer-to-peer)
+    key_mgmt=NONE
+}
+EOF
+
+chmod 600 /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
+systemctl enable wpa_supplicant@wlan0.service
+
+echo ""
+echo "enabled4you"
+echo "systemctl enable wpa_supplicant@wlan0.service"
+echo ""
+
+----
+
+
+=== Reboot
+
+NOTE: Reboot
+
+=== Check
+
+[source,sh]
+----
+
+echo ""
+echo "Check with:"
+echo ""
+
+echo "iw dev"
+echo ""
+echo "iw dev wlan0 link"
+echo ""
+echo "ip addr"
+echo ""
+echo "sudo iw dev wlan0 scan | grep -B8 -A3 "IBSS-RPiNet""
+echo ""
+
+# From another ad hoc connected device you should be able to
+echo "From another ad hoc connected device you should be able to"
+echo ""
+echo "ping -c3 raspberrypi.local"
+echo ""
+----
+
+== protected ad-hoc interface using wpa_supplicant 
+
+CAUTION: Raspberry Pi does not support encrypted IBSS connections!. You have to use an additional USB WiFi dongle that usually registers an interface wlan1. My setup shows:
+
+
+Follow  *Install systemd-networkd*
+
+Then come back here.
+
+*check*
+[source,sh]
+----
+iw list | grep -P "Wiphy|RSN-IBSS"
+----
+
+*output*
+[source,sh]
+----
+Wiphy phy1
+        Device supports RSN-IBSS.
+Wiphy phy0
+----
+
+ You cannot find this support entry for Wiphy pyh0 that is the on-board WiFi device.
+
+=== Install driver
+
+TIP: Example TP-Link
+
+[source,sh]
+----
+echo "lsusb"
+
+echo ""
+echo "Example for TP-Link"
+echo ""
+echo "Bus 001 Device 005: ID 2357:0109 TP-Link TL WN823N RTL8192EU"
+echo ""
+sudo wget http://downloads.fars-robotics.net/wifi-drivers/install-wifi -O /usr/bin/install-wifi
+sudo chmod +x /usr/bin/install-wifi
+
+echo ""
+echo "sudo install-wifi -h"
+echo ""
+echo "will give details on how to use the script."
+echo ""
+echo "To download the driver for your current kernel use command"
+
+
+sudo install-wifi
+
+echo "sudo install-wifi 8192eu"
+echo ""
+sudo install-wifi 8192eu
+echo ""
+echo "If you update your kernel version you will need to re-run the script to update the driver version."
+----
+
+
+NOTE: *On message: *
+
+====
+
+[source,sh]
+----
+Your Pi revision number is a02082
+You have a Pi 3B v1.2
+Checking for a 8188eu wifi driver module for your current kernel.
+A driver does not exist for this update. 
+----
+
+* Find source for driver e.g.
+
+[source,sh]
+----
+git clone https://github.com/lwfinger/rtl8188eu.git
+cd rtl8188eu
+make all
+sudo make install
+sudo depmod
+sudo modprobe 8188eu
+lsmod 8188eu 
+----
+
+
+
+====
+
+
+
+=== setup 
+
+[source,sh]
+----
+sudo systemctl disable --now wpa_supplicant@wlan0.service
+
+echo "sudo -Es   # if not already done"
+echo ""
+cat > /etc/wpa_supplicant/wpa_supplicant-wlan1.conf <<EOF
+ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
+update_config=1
+p2p_disabled=1
+country=GR
+
+network={
+    ssid="IBSS-RPiNet"
+    key_mgmt=WPA-PSK
+    proto=RSN
+    psk="verySecretPasswordi123"
+    mode=1
+    frequency=2412
+}
+EOF
+
+chmod 600 /etc/wpa_supplicant/wpa_supplicant-wlan1.conf
+systemctl enable wpa_supplicant@wlan1.service
+----
+
+=== Reboot
+
+NOTE: reboot
+
+[source,sh]
+----
+echo ""
+echo "reboot."
+echo ""
+----
+
+=== Check
+
+[source,sh]
+----
+echo "iw dev"
+echo ""
+echo "iw dev wlan1 link"
+echo ""
+echo "ip addr"
+echo ""
+echo "sudo iw dev wlan1 scan | grep -B8 -A3 "IBSS-RPiNet""
+echo ""
+echo "From another ad hoc connected device you should be able to"
+echo ""
+echo "ping -c3 raspberrypi.local"
+echo ""
+----
+
+
+
+* https://raspberrypi.stackexchange.com/questions/94047/how-to-setup-an-unprotected-ad-hoc-ibss-network-and-if-possible-with-wpa-encry/94048#94048[origin^]
+
+
--- a/infrastructure-as-code/modules/ROOT/pages/index.adoc
+++ b/infrastructure-as-code/modules/ROOT/pages/index.adoc
@ -0,0 +1,111 @@
+= Implementing infrastructure-as-code with Ansible!
+  
+image::ROOT:swarmlab.png[swarmlab,150,float=right]
+
+
+==  What is "infrastructure-as-code"?
+
+
+Imaging 
+
+* a single click and you’re able to get a full server up and running. 
+
+** include your favorite operating system, 
+
+** applications
+
+** security rules
+
+** and custom settings. 
+
+And the configuration 
+
+ can be replicated dozens, hundreds, or even thousands of times, all without human intervention. 
+
+Thats the world of infrastructure as code, IaC for short.
+
+
+IaC is a process where instead of manually setting up every server, you define a configuration script with all the required settings and customizations, and a provisioning tool will take care of the rest. 
+
+
+== implement infrastructure-as-code
+
+To successfully implement infrastructure-as-code 
+and To keep the concept simple we will use: 
+
+* git for "Code Repository and Versioning"
+
+* ansible for "Automation tool" that  takes control of the infrastructure configuration and performs the necessary actions to reach the desired end-state.
+
+
+== Usage 
+
+=== run instance
+
+* Run "microservice-ansible"
+
+** Instances->running Containers->Actions [microservice-ansible_masterservice_1]
+
+*** connect [Open a terminal and Run]
+
+=== find examples
+
+* Run "microservice-ansible"
+
+** Instances->running Containers->Actions [microservice-ansible_masterservice_1]
+
+*** connect [Project BaseDir]
+
+cd in  [Project BaseDir]/examples 
+
+=== Attach network
+
+* Run "microservice-ansible"
+
+** Instances->running Containers->Actions [microservice-ansible_masterservice_1]
+
+*** Networks->"Select Network"
+
+
+== Scenario
+
+=== run swarm
+
+* Run "hybrid-linux"
+
+** Labroom->"Swarmlab LabRoom Deploy - Local "->Actions [hybrid-linux] 
+
+*** Number of Instances (e.g. 5) -> Up
+
+=== run ansible
+
+* Run "microservice-ansible"
+
+** Instances->running Containers->Actions [microservice-ansible_masterservice_1]
+
+*** connect [Open a terminal and Run]
+
+=== Attach network
+
+* Run "microservice-ansible"
+
+** Instances->running Containers->Actions [microservice-ansible_masterservice_1]
+
+*** Networks->"Select Network" [network hybrid linux]
+
+
+====
+Terminal: microservice-ansible
+
+cd /home/docker/project/examples
+
+edit inverntory.yml (ifconfig, nmap etc)
+
+run fluentd.yml.sh
+
+====
+
+
+
+
+
--- a/infrastructure-as-code/run/build-intro.sh
+++ b/infrastructure-as-code/run/build-intro.sh
@ -0,0 +1,4 @@
+antora --fetch /antora/site-intro.yml
+antora  /antora/site-intro.yml
+ifconfig
+http-server build/site -c-1
--- a/infrastructure-as-code/run/build.sh
+++ b/infrastructure-as-code/run/build.sh
@ -0,0 +1,4 @@
+antora --fetch /antora/site.yml
+antora  /antora/site.yml
+ifconfig
+http-server build/site -c-1
--- a/infrastructure-as-code/site.yml
+++ b/infrastructure-as-code/site.yml
@ -0,0 +1,21 @@
+site:
+  title: Swarmlab infrastructure-as-code
+  url: http://docs.swarmlab.io/SwarmLab-HowTos/swarmlab/docs
+  start_page: swarmlab_infrastructure-as-code::index.adoc
+content:
+  sources:
+  - url: https://git.swarmlab.io:3000/docs/Documentation.git
+    branches: master
+    start_path: infrastructure-as-code
+ui:
+  bundle:
+    url: https://git.swarmlab.io:3000/docs/docs/raw/branch/master/ui-bundle.zip
+    snapshot: true
+  supplemental_files: ./supplemental-ui
+asciidoc:
+  attributes:
+    :plantuml-server-url: http://www.plantuml.com/plantuml
+  extensions:
+  - '@djencks/asciidoctor-mathjax'
+  - asciidoctor-plantuml
+
--- a/site.yml
+++ b/site.yml
@ -45,6 +45,10 @@ content:
  - url: https://git.swarmlab.io:3000/docs/Documentation.git
    branches: master
    start_path: xelatex-thesis
+
+  - url: https://git.swarmlab.io:3000/docs/Documentation.git
+    branches: master
+    start_path: infrastructure-as-code
 ui:
  bundle:
    url: https://git.swarmlab.io:3000/docs/docs/raw/branch/master/ui-bundle.zip