Tasks
- Create a directory named “quiz31” in your student number directory in Quiz 1.3
- Create a markdown file named “README.md” in the newly created directory with the directory summary.
- Create a playbook that installs an vsftpd server.
- Then create a Pull request and put your forked repo in the only question of this quiz (Note answer this quiz as well as create a pull request).
Output
1811023/quiz31/ansible.cfg
[defaults]
# Basic Configuration
inventory = ./inventory
remote_user = jpcabral-tip
private_key_file = ./private.key
# Priviege Escalation
[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False
# NOTE: Configure remote host/s to allow remote_user to execute sudo withoout password using sudo visudo. Append `<remote_user> ALL=(ALL) NOPASSWD:ALL`1811023/quiz31/inventory
[ftpserver]
192.168.254.115
192.168.254.1171811023/quiz31/config.yaml
name: ftpuser
password: $5$Xz2k7xh2IwRAOtda$X/yQSNPOlQ0Y7t4OdlLCPvrf6vb0DAZEaJfE5tBux.D
user_comment: "FTP User"
ubuntu_vsftpd: u-vsftpd.conf
centos_vsftpd: c-vsftpd.conf
# password is "password"
# generated using `mkpasswd -m sha-512 password`jpcabral-tip/quiz31/roles/configurevsftpdcentos/tasks/main.yml
---
# tasks file for roles/configurevsftpcentos
- name: Start and Enable vsftpd
service:
name: vsftpd
state: started
enabled: yes
- name: Create FTP User
user:
name: ""
password: ""
comment: ""
- name: Create FTP directory
file:
path: "/home//ftp"
state: directory
owner: ""
group: ""
mode: '0755'
- name: Add FTP user to user_list
lineinfile:
path: /etc/vsftpd/user_list
line: ""
register: user_list
- name: Copy vsftpd.conf to /etc/vsftpd/vsftpd.conf
copy:
src: ""
dest: /etc/vsftpd/vsftpd.conf
register: vsftpd_conf
- name: Restart VSFTPD
service:
name: vsftpd
state: restarted
when: user_list.changed or vsftpd_conf.changedjpcabral-tip/quiz31/roles/configurevsftpdubuntu/tasks/main.yml
---
# tasks file for roles/configurevsftpdubuntu
- name: Start and enable VSFTPD
service:
name: vsftpd
state: started
enabled: yes
- name: Create FTP User
user:
name: ""
password: ""
comment: ""
- name: Add Deny in /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
line: "DenyUsers "
register: sshd_config
- name: Restart SSHD service
service:
name: sshd
state: restarted
when: sshd_config.changed
- name: Create FTP directory
file:
path: "/home//ftp"
state: directory
owner: nobody
group: nogroup
mode: '0555'
- name: Create files directory
file:
path: "/home//ftp/files"
state: directory
owner: ""
group: ""
- name: Copy vsftpd.conf to /etc/vsftpd.conf
copy:
src: ""
dest: /etc/vsftpd.conf
register: vsftpd_conf
- name: Restart VSFTPD
service:
name: vsftpd
state: restarted
when: vsftpd_conf.changedjpcabral-tip/quiz31/roles/installpackagecentos/tasks/main.yml
---
# tasks file for roles/installpackagecentos
- name: Install Package using dnf
yum:
name: ""
state: latest
update_cache: yesjpcabral-tip/quiz31/roles/installpackageubuntu/tasks/main.yml
---
# tasks file for roles/installpackageubuntu
- name: Install package
apt:
name: ""
state: latest
update_cache: yesjpcabral-tip/quiz31/roles/stopfirewallcentos/tasks/main.yml
---
# tasks file for roles/stopfirewallcentos
- name: Stop FirewallD
service:
name: firewalld
state: stopped
enabled: nojpcabral-tip/quiz31/roles/stopfirewallubuntu/tasks/main.yml
---
# tasks file for roles/stopfirewallubuntu
- name: Stop Firewall
service:
name: ufw
state: stopped
enabled: nojpcabral-tip/quiz31/files/c-vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
allow_writeable_chroot=YES
listen=NO
listen_ipv6=YES
pasv_min_port=30000
pasv_max_port=31000
userlist_file=/etc/vsftpd/user_list
userlist_deny=NO
pam_service_name=vsftpd
userlist_enable=YESjpcabral-tip/quiz31/files/u-vsftpd.conf
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
force_dot_files=YES
pasv_min_port=40000
pasv_max_port=50000
user_sub_token=$USER
local_root=/home/$USER/ftp1811023/quiz31/playbook.yaml
---
- name: Install VSFTPD
hosts: ftpserver
tasks:
- name: Install VSFTPD using installpackageubuntu role
include_role:
name: installpackageubuntu
vars:
package: vsftpd
when: ansible_facts['os_family'] == 'Debian'
- name: Install HTTPD using installpackagecentos role
include_role:
name: installpackagecentos
vars:
package: vsftpd
when: ansible_facts['os_family'] == 'RedHat'
- name: Stop Firewall
hosts: ftpserver
tasks:
- name: Stop UFW on Ubuntu using stopfirewallubuntu role
include_role:
name: stopfirewallubuntu
when: ansible_facts['os_family'] == 'Debian'
- name: Stop FirewallD on CentOS using stopfirewallcentos
include_role:
name: stopfirewallcentos
when: ansible_facts['os_family'] == 'RedHat'
- name: Configure VSFTPD
hosts: ftpserver
tasks:
# REPLACE VALUES OF VARIABLES ON config.yaml
- name: Include variables from config.yaml
include_vars:
file: config.yaml
- name: Configure VSFTPD on Ubuntu using configurevsftpdubuntu
include_role:
name: configurevsftpdubuntu
when: ansible_facts['os_family'] == 'Debian'
- name: Configure VSFTPD on CentOS using configurevsftpcentos
include_role:
name: configurevsftpcentos
when: ansible_facts['os_family'] == 'RedHat'1811023/quiz23/README.md
# Directory Summary
**Author:** Jose Paulo Cabral
## Prequisites
* Ansible (installed on local machine)
* SSH (installed on both local and remote machine/s)
* Target Machine: Ubuntu 20.04 Server Edition LTS and/or Centos 8
## Requirements
* configured SSH key-based authentication
* passwordless sudo on remote machines
Note: On remote machines execute ``sudo visudo`` and append the following line to enable passwordless sudo on account.
```
<user> ALL=(ALL) NOPASSWD:ALL
```
## Directory Structure
```
quiz31
files/
c-vsftpd.conf
u-vsftpd.conf
roles/
configurevsftpcentos/
defaults/
main.yml
files/
handlers/
main.yml
meta/
main.yml
tasks/
main.yml
templates/
tests/
inventory
test.yml
vars/
main.yml
README.md
configurevsftpdubuntu/
defaults/
main.yml
files/
handlers/
main.yml
meta/
main.yml
tasks/
main.yml
templates/
tests/
inventory
test.yml
vars/
main.yml
README.md
installpackagecentos/
defaults/
main.yml
files/
handlers/
main.yml
meta/
main.yml
tasks/
main.yml
templates/
tests/
inventory
test.yml
vars/
main.yml
README.md
installpackageubuntu/
defaults/
main.yml
files/
handlers/
main.yml
meta/
main.yml
tasks/
main.yml
templates/
tests/
inventory
test.yml
vars/
main.yml
README.md
stopfirewallcentos/
defaults/
main.yml
files/
handlers/
main.yml
meta/
main.yml
tasks/
main.yml
templates/
tests/
inventory
test.yml
vars/
main.yml
README.md
stopfirewallubuntu/
defaults/
main.yml
files/
handlers/
main.yml
meta/
main.yml
tasks/
main.yml
templates/
tests/
inventory
test.yml
vars/
main.yml
README.md
ansible.cfg
inventory
playbook.yaml
config.yaml
README.md
```
## Declaring Values for Variables
Inside the ``config.yaml`` file are the variables used in the playbook (imported for the roles). Redeclare the values for each variable in the following format.
```
name: <ftpuser>
password: <hashed_password_for_ftp_user_generated_using_mkpasswd>
user_comment: <comments_for_ftp_user>
ubuntu_vsftpd: <vsftpd.conf file dedicated for ubuntu machines (if at least one target is Ubuntu)>
centos_vsftpd: <vsftpd.conf file dedicated for centos machines (if at least one target is CentOS)>
```
## Executing the Playbook
Execute ``playbook.yaml`` using the command:
```
$ ansible-playbook playbook.yaml
```As seen on Github.
