From 6df615ed0cc29367edeb9548becfe5c66a1cda94 Mon Sep 17 00:00:00 2001 From: shahar Date: Sat, 20 Jul 2024 15:22:15 +0300 Subject: [PATCH] Terraform & Ansible code --- Ansible/README.md | 28 ++++++++++- Ansible/playbook.yml | 26 ++++++++++ Terraform/README.md | 105 ++++++++++++++++++++++++++++++++++++++++- Terraform/instance.tf | 26 ++++++++++ Terraform/network.tf | 58 +++++++++++++++++++++++ Terraform/provider.tf | 3 ++ Terraform/sg.tf | 66 ++++++++++++++++++++++++++ Terraform/variables.tf | 21 +++++++++ 8 files changed, 329 insertions(+), 4 deletions(-) create mode 100644 Ansible/playbook.yml create mode 100644 Terraform/instance.tf create mode 100644 Terraform/network.tf create mode 100644 Terraform/provider.tf create mode 100644 Terraform/sg.tf create mode 100644 Terraform/variables.tf diff --git a/Ansible/README.md b/Ansible/README.md index 967dfb1..fb754f8 100644 --- a/Ansible/README.md +++ b/Ansible/README.md @@ -1,3 +1,27 @@ -# DevOps-Exercise-Ansible -DevOps home Ansible task +# Ansible Playbook for Setting Up Docker with devops user permission on Ubuntu 22.04 +This Ansible playbook automates the setup of Docker and a user named `devops` on an Ubuntu 22.04 server. The playbook performs the following tasks: + +1. Updates the APT package index. +2. Installs Docker. +3. Creates a new user named `devops`. +4. Adds the `devops` user to the `docker` group. + +## Requirements + +- Ansible 2.9 or higher. +- SSH access to the target Ubuntu 22.04 server. +- Private key for SSH authentication (default: `~/.ssh/id_rsa`). + +## Usage + +1. **Save the Playbook** + + Save the provided playbook to a file named `playbook.yml`. + +2. **Run the Playbook** + + Execute the following command to run the playbook: + + ```bash + ansible-playbook -i , -u ubuntu --private-key playbook.yml diff --git a/Ansible/playbook.yml b/Ansible/playbook.yml new file mode 100644 index 0000000..d499d33 --- /dev/null +++ b/Ansible/playbook.yml @@ -0,0 +1,26 @@ +--- +- name: Setup Docker and user on Ubuntu 22.04 + hosts: all + become: yes + + tasks: + - name: Update apt package index + apt: + update_cache: yes + + - name: Install Docker + apt: + name: docker.io + state: present + + - name: Create a new user called 'devops' + user: + name: devops + state: present + create_home: yes + + - name: Add 'devops' user to the 'docker' group + user: + name: devops + groups: docker + append: yes \ No newline at end of file diff --git a/Terraform/README.md b/Terraform/README.md index c580875..52f4da9 100644 --- a/Terraform/README.md +++ b/Terraform/README.md @@ -1,3 +1,104 @@ -# DevOps-Exercise-Terraform -DevOps home Terraform task +# DevOps-Exercise Task 1 - Terraform: +This Terraform project sets up a VPC in AWS with an Internet Gateway, two subnets (internal and external), security groups, and an EC2 instance. The EC2 instance is configured to use an SSH key pair and allows specific inbound traffic. + +## Table of Contents + +1. [Files Overview](#files-overview) +2. [Prerequisites](#prerequisites) +3. [Usage](#usage) +4. [Outputs](#outputs) +5. [Variables](#variables) + +## Files Overview + +### network.tf + +This file contains the configuration for: + +- **VPC**: Creates a VPC with CIDR block `10.42.0.0/16`. +- **Internet Gateway**: Attaches an Internet Gateway to the VPC. +- **Subnets**: Creates two subnets (internal and external) within the VPC. +- **Route Tables**: Associates route tables with the internal and external subnets. + +### instance.tf + +This file contains the configuration for: + +- **EC2 Instance**: Launches an EC2 instance in the external subnet, associates it with a security group, and sets up SSH access using a provided public key. + +### sg.tf + +This file contains the configuration for: + +- **Security Groups**: Creates security groups for the internal and external subnets, allowing specific inbound and outbound traffic. + +### variables.tf + +This file defines variables used throughout the project: + +- **public_key_path**: Path to the SSH public key. +- **user_public_ip**: Public IP address of the user. + +## Prerequisites + +- [Terraform](https://www.terraform.io/downloads.html) installed. +- AWS account with appropriate permissions to create VPCs, subnets, security groups, and EC2 instances. +- SSH public key available locally. + +## Usage + +1. **Clone the repository:** + + ```sh + git clone + cd + ``` + +2. **Initialize Terraform:** + + ```sh + terraform init + ``` + +3. **Configure Variables:** + + You will be prompted to enter the path to your SSH public key and your public IP address. Alternatively, you can create a `terraform.tfvars` file with the following content: + + ```hcl + public_key_path = "/path/to/your/public/key" + user_public_ip = "your_public_ip" + ``` + +4. **Apply the configuration:** + + ```sh + terraform apply + ``` + + Confirm the apply step with `yes` when prompted. + +5. **Destroy the resources:** + + If you want to destroy the resources created by Terraform: + + ```sh + terraform destroy + ``` + + Confirm the destroy step with `yes` when prompted. + +## Outputs + +- **instance_public_ip**: The public IP address of the EC2 instance. + +## Variables + +- **public_key_path**: Enter full path to your public key. Defaults to `~/.ssh/id_rsa.pub` if left empty. +- **user_public_ip**: Enter your home public IP address. Must not be empty. + +### Example `terraform.tfvars` File + +```hcl +public_key_path = "~/.ssh/id_rsa.pub" +user_public_ip = "89.138.152.84" diff --git a/Terraform/instance.tf b/Terraform/instance.tf new file mode 100644 index 0000000..d4172fd --- /dev/null +++ b/Terraform/instance.tf @@ -0,0 +1,26 @@ +# EC2 Instance +resource "aws_instance" "my_instance" { + ami = "ami-0a0e5d9c7acc336f1" + instance_type = "t2.micro" + subnet_id = aws_subnet.external.id + vpc_security_group_ids = [aws_security_group.external_sg.id] + associate_public_ip_address = true + + user_data = <<-EOF + #!/bin/bash + mkdir -p /home/ubuntu/.ssh + echo "${file("${local.effective_public_key_path}")}" >> /home/ubuntu/.ssh/authorized_keys + chown -R ubuntu:ubuntu /home/ubuntu/.ssh + chmod 700 /home/ubuntu/.ssh + chmod 600 /home/ubuntu/.ssh/authorized_keys + EOF + + tags = { + Name = "my_instance" + } +} + +# Output the public IP +output "instance_public_ip" { + value = aws_instance.my_instance.public_ip +} \ No newline at end of file diff --git a/Terraform/network.tf b/Terraform/network.tf new file mode 100644 index 0000000..789985d --- /dev/null +++ b/Terraform/network.tf @@ -0,0 +1,58 @@ +# VPC +resource "aws_vpc" "my_vpc" { + cidr_block = "10.42.0.0/16" + tags = { + Name = "my_vpc" + } +} + +# Internet Gateway +resource "aws_internet_gateway" "my_igw" { + vpc_id = aws_vpc.my_vpc.id + tags = { + Name = "my_igw" + } +} + +# Internal Subnet +resource "aws_subnet" "internal" { + vpc_id = aws_vpc.my_vpc.id + cidr_block = "10.42.1.0/24" + availability_zone = "us-east-1a" + tags = { + Name = "internal_subnet" + } +} + +# External Subnet +resource "aws_subnet" "external" { + vpc_id = aws_vpc.my_vpc.id + cidr_block = "10.42.2.0/24" + availability_zone = "us-east-1a" + tags = { + Name = "external_subnet" + } +} + +resource "aws_route_table" "internal" { + vpc_id = aws_vpc.my_vpc.id +} + +resource "aws_route_table_association" "internal" { + subnet_id = aws_subnet.internal.id + route_table_id = aws_route_table.internal.id +} + +resource "aws_route_table" "external" { + vpc_id = aws_vpc.my_vpc.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.my_igw.id + } +} + +resource "aws_route_table_association" "external" { + subnet_id = aws_subnet.external.id + route_table_id = aws_route_table.external.id +} \ No newline at end of file diff --git a/Terraform/provider.tf b/Terraform/provider.tf new file mode 100644 index 0000000..e70fb2f --- /dev/null +++ b/Terraform/provider.tf @@ -0,0 +1,3 @@ +provider "aws" { + region = "us-east-1" +} \ No newline at end of file diff --git a/Terraform/sg.tf b/Terraform/sg.tf new file mode 100644 index 0000000..e1bd816 --- /dev/null +++ b/Terraform/sg.tf @@ -0,0 +1,66 @@ +# Security Group for External Subnet +resource "aws_security_group" "external_sg" { + vpc_id = aws_vpc.my_vpc.id + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["${var.user_public_ip}/32"] + } + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["${var.user_public_ip}/32"] + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["${var.user_public_ip}/32"] + } + + ingress { + from_port = -1 + to_port = -1 + protocol = "icmp" + cidr_blocks = ["${var.user_public_ip}/32"] + } + + tags = { + Name = "external_sg" + } +} + +# Security Group for Internal Subnet +resource "aws_security_group" "internal_sg" { + vpc_id = aws_vpc.my_vpc.id + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + security_groups = [aws_security_group.external_sg.id] + } + + tags = { + Name = "internal_sg" + } +} \ No newline at end of file diff --git a/Terraform/variables.tf b/Terraform/variables.tf new file mode 100644 index 0000000..d2002ee --- /dev/null +++ b/Terraform/variables.tf @@ -0,0 +1,21 @@ +# Define variable for public key path +variable "public_key_path" { + description = "Enter full path to your public key , press Enter to use default common path ( ~/.ssh/id_rsa.pub)" + type = string +} + +# Define a local value to determine the effective public key path +locals { + effective_public_key_path = var.public_key_path != "" ? var.public_key_path : "~/.ssh/id_rsa.pub" +} + +# Define variable for public IP address +variable "user_public_ip" { + description = "Enter your public IP address" + type = string + + validation { + condition = length(trimspace(var.user_public_ip)) > 0 + error_message = "Public IP address must not be empty." + } +} \ No newline at end of file