├── .gitignore ├── Readme.md ├── active_directory ├── domain_controller │ ├── Vagrantfile │ └── provision │ │ ├── install_win_exporter.ps1 │ │ ├── ou_setup.ps1 │ │ ├── puppetnode.ps1 │ │ └── setupdc.ps1 └── windows_node │ ├── Vagrantfile │ └── provision │ ├── add_to_domain.ps1 │ ├── install_win_exporter.ps1 │ └── puppetnode.ps1 ├── data ├── config_files │ └── prometheus.yml ├── powershell-scripts │ ├── add_to_domain.ps1 │ ├── install_win_exporter.ps1 │ ├── ou_setup.ps1 │ ├── puppetnode.ps1 │ └── setupdc.ps1 ├── script_list.txt └── shell-scripts │ ├── add_to_domain.sh │ ├── gitlab.sh │ ├── initialize.sh │ ├── install_node_exporter.sh │ ├── jenkins_setup.sh │ ├── prometheus_grafana.sh │ ├── puppetmaster_setup.sh │ └── puppetnode_setup.sh ├── git ├── Vagrantfile └── provision │ ├── add_to_domain.sh │ ├── gitlab.sh │ ├── gitsetup.sh │ ├── initialize.sh │ ├── initialize.sh.old │ ├── install_node_exporter.sh │ └── puppetnode_setup.sh ├── img ├── Lab_Setup.png └── devops_logo.png ├── jenkins ├── Vagrantfile ├── log.txt └── provision │ ├── add_to_domain.sh │ ├── initialize.sh │ ├── install_node_exporter.sh │ ├── jenkins_setup.sh │ └── puppetnode_setup.sh ├── linux01 ├── Vagrantfile └── provision │ ├── add_to_domain.sh │ ├── initialize.sh │ ├── install_node_exporter.sh │ ├── puppetnode_setup.sh │ └── startup.sh ├── prometheus_grafana ├── Vagrantfile └── provision │ ├── add_to_domain.sh │ ├── initialize.sh │ ├── prometheus.yml │ ├── prometheus_grafana.sh │ └── puppetnode_setup.sh ├── puppetmaster ├── Vagrantfile └── provision │ ├── add_to_domain.sh │ ├── initialize.sh │ ├── install_node_exporter.sh │ ├── puppetmaster_setup.sh │ └── startup.sh └── vagrant_scripts ├── Readme.MD ├── dcvu ├── deploy_infra ├── destroy_infra ├── gitvu ├── jenkinsvu ├── lin1vu ├── promvu ├── pupmvu ├── stop_infra └── winnodevu /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | ubuntu-bionic-18.04-cloudimg-console.log 3 | -------------------------------------------------------------------------------- /Readme.md: -------------------------------------------------------------------------------- 1 | 2 | ![logo](img/devops_logo.png) 3 | 4 | 5 | Getting started with a DevOps home lab is great. You can spin up, mess around and use it as playground for learning. Also while setting up a lab on your own you will encounter amy challenges and issues which willhelp you understand how all these tools are connected together. No need to have physical servers or cloud account which might charge extra money :). Here I am using my PC to build a small scale lab with all the mainstream DevOps tools. 6 | 7 | + Refer this for Vagrant installation - (https://developer.hashicorp.com/vagrant/docs/installation) 8 | + Refer this for VirtualBox installation - (https://linuxconfig.org/install-virtualbox-on-ubuntu-20-04-focal-fossa-linux) 9 | 10 | **Minimum/Recommended System Requirements for the lab** 11 | --- 12 | 13 | + Atleast 8GB/16GB of memory 14 | 15 | 16 | + 150GB of disk space 17 | 18 | 19 | + A processor equivalent to Intel's i5/i7 20 | 21 | 22 | **Lab Configuration** 23 | --- 24 | 25 | ![logo](img/Lab_Setup.png) 26 | 27 | 28 | **Info** 29 | --- 30 | 31 | First thing first we need to install Virtual Box and Vagrant on the PC/Laptop. These two things will spawn seven VMs for us. 32 | 33 | 34 | You need at least 1CPU core 1GB RAM per VMs for the VMs except for the Puppetmaster andthe gitlab server which will need more resources. The number of VMs can be reduced to four if you have limited resources. 35 | 36 | 37 | 1. One Microsoft Server 2019 Server which will act as an Active Directory Domain Controller node and also as a DNS server for our domain msx.local. 38 | 39 | 40 | 2. A puppetserver node which will server as the puppetmaster for our lab infrastructure. 41 | 42 | 43 | 3. A gitlab server which will host our local repositiories 44 | 45 | 46 | 4. A jenkins server to implement CI/CD workflows, pipelines. 47 | 48 | 49 | 5. A prometheus and grafana server to monitor our lab infrastructure. 50 | 51 | 52 | 6. One windows and one linux server which can be used to setup a sql server or web servers. 53 | 54 | 55 | 56 | **Lab Details** 57 | --- 58 | 59 | 1. All the hosts windows or linux are added to the domain msx.local as soon as you run vagrant up command for the host. 60 | 61 | 62 | 2. Puppet agent is installed on all the hosts, you just need to sign the certificates for the hosts by logging in to the puppetmaster.msx.local server 63 | 64 | 65 | 3. Node Exporter and windows exporter are installed on all the linux and windows hosts to fetch system metrics for prometheus. 66 | 67 | 68 | 4. All of the directories and sub-directories of the repositories are self-explanatory and hosts the respective VMs as the name of the directory indicates. 69 | 70 | 71 | 5. The data directory contains all the shell and powershell scripts used to bootstrap and provision the VMs. 72 | 73 | 74 | 6. The vagrant_scripts directory conatains simple scripts which can be used to run vagrant commands from anywhere, just modify your VM path accordingly. These scripts just 'cd' to the vagrant directory and run the commands, nothing fancy but comes in handy when you have many VMs. You will need to add this path to your PATH variable to be able to use them from anywhere. 75 | 76 | 77 | **How to setup this lab on your own PC/Laptop?** 78 | --- 79 | 80 | + Install vagrant and virtualbox as mentioned at the start of this article. 81 | 82 | 83 | + Clone this github repository on your local PC/Laptop. 84 | 85 | 86 | + Start the Vms by using the provided scripts in vagrant_scripts or CD to the directory of the VMs and run vagrant up command 87 | 88 | 89 | **Start the VMs in the following order to avoid any connectivity issues** 90 | 91 | 1. **Domain Controller** 92 | 93 | 94 | 2. **Puppet Master** 95 | 96 | 97 | 3. **Prometheus Server** 98 | 99 | 100 | 4. **Rest of the VMs** 101 | 102 | 103 | Domain name used for setting up the lab is msx.local. This can be changed by running the command against the scripts in the data directory 104 | 105 | **EXAMPLE** 106 | 107 | 108 | + `sudo sed -i 's|msx|newdomain|g' add_to_domain.sh` 109 | 110 | 111 | + `sudo sed -i 's|MSX|NEWDOMAIN|g' add_to_domain.sh` 112 | 113 | 114 | + The above command assumes that the new domain ends with .local suffix. Please modify the command accordingly incase you want to change the domain suffix. This command needs to be run for all the scripts present in data folder. 115 | 116 | 117 | + The default password used across the lab is msx@9797, for all AD users, admin passwords etc except for the default configs of gitlab, jenkins and grafana. 118 | 119 | 120 | -------------------------------------------------------------------------------- /active_directory/domain_controller/Vagrantfile: -------------------------------------------------------------------------------- 1 | Vagrant.configure("2") do |config| 2 | 3 | config.vm.provider "virtualbox" do |v| 4 | v.memory = 1024 5 | v.cpus = 1 6 | v.name = "AD-Domain-Controller" 7 | end 8 | config.winrm.transport = :plaintext 9 | config.winrm.basic_auth_only = true 10 | 11 | config.vm.define "dc" do |dc| 12 | dc.vm.guest = :windows 13 | dc.vm.communicator = "winrm" 14 | dc.vm.boot_timeout = 600 15 | dc.vm.graceful_halt_timeout = 600 16 | dc.winrm.retry_limit = 30 17 | dc.winrm.retry_delay = 10 18 | dc.vm.box = "StefanScherer/windows_2019" 19 | dc.vm.hostname = "a4ldc01" 20 | dc.vm.network "private_network", ip: "192.168.56.2" 21 | dc.vm.network :forwarded_port, guest: 3389, host: 23389, id: "msrdp" 22 | dc.vm.network :forwarded_port, guest: 5985, host: 25985, id: "winrm" 23 | dc.vm.provision "shell", privileged: "true", path: "provision/setupdc.ps1" 24 | dc.vm.provision "shell", reboot: true 25 | dc.vm.provision "shell", inline: "Start-Sleep -s 60" 26 | dc.vm.provision "shell", privileged: "true", path: "provision/install_win_exporter.ps1" 27 | dc.vm.provision "shell", privileged: "true", path: "provision/puppetnode.ps1" 28 | dc.vm.provision "shell", privileged: "true", path: "provision/ou_setup.ps1" 29 | end 30 | 31 | end 32 | -------------------------------------------------------------------------------- /active_directory/domain_controller/provision/install_win_exporter.ps1: -------------------------------------------------------------------------------- 1 | $version = "0.16.0" 2 | 3 | $AgentURL = "https://github.com/prometheus-community/windows_exporter/releases/download/v${version}/windows_exporter-${version}-386.msi" 4 | $AbsoluteCurrPath = $(Get-Location).Path 5 | $AbsolutePathMSI = "${AbsoluteCurrPath}\tmp\windows-exporter\windows_exporter.msi" 6 | $EnabledCollectors = "[defaults],cpu,cs,logical_disk,memory,net,os,process,service,system,tcp" 7 | $ServiceName = "windows_exporter" 8 | $TempDirectoryToCreate = "$AbsoluteCurrPath\tmp\windows-exporter" 9 | 10 | # create temp directories 11 | if (-not (Test-Path -LiteralPath $TempDirectoryToCreate)) { 12 | try { 13 | New-Item -Path $TempDirectoryToCreate -ItemType Directory -ErrorAction Stop | Out-Null #-Force 14 | } catch { 15 | Write-Error -Message "Unable to create directory '$TempDirectoryToCreate'. Error was: $_" -ErrorAction Stop 16 | } 17 | "Successfully created directory '$TempDirectoryToCreate'." 18 | } else { 19 | "Directory already existed" 20 | } 21 | 22 | # download specify msi to temp directory 23 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 24 | Invoke-WebRequest $AgentURL -OutFile $AbsolutePathMSI 25 | # Start-Process msiexec -Wait -ArgumentList "/i ${AbsolutePathMSI} ENABLED_COLLECTORS=$EnabledCollectors" 26 | (Start-Process "msiexec.exe" -ArgumentList "/i ${AbsolutePathMSI} ENABLED_COLLECTORS=$EnabledCollectors /qb!" -NoNewWindow -Wait -PassThru).ExitCode 27 | 28 | # Check Status of Service 29 | $Service = Get-Service -Name "$ServiceName" 30 | if($Service.Status -eq "running"){ 31 | Write-Host "$ServiceName is running" 32 | } else { 33 | Write-Host "$ServiceName status is: $Service.Status" 34 | } 35 | # remove temp setup file 36 | if(Test-Path $AbsoluteCurrPath\tmp\windows-exporter -PathType Container){ 37 | Remove-Item -Recurse -Force $AbsoluteCurrPath\tmp\windows-exporter 38 | } else { 39 | Write-Host "TMP path not available" 40 | } 41 | 42 | -------------------------------------------------------------------------------- /active_directory/domain_controller/provision/ou_setup.ps1: -------------------------------------------------------------------------------- 1 | sleep 120 2 | Import-Module activedirectory 3 | sleep 30 4 | #convert password string to secure.string 5 | $password="msx@9797" 6 | $securepassword = ConvertTo-SecureString $password -AsPlainText -Force 7 | 8 | #Create OU -- Groups 9 | New-ADOrganizationalUnit -Name "Groups" -Path "DC=msx,DC=local" 10 | 11 | #Create linux_users, linux_admins, gitlab_users groups in AD 12 | New-ADGroup -Name "linux_users" -SamAccountName linux_users -GroupCategory Security -GroupScope Global -DisplayName "Linux Users" -Path "OU=Groups,DC=msx,DC=local" -Description "Members of this group can login the on linux servers" 13 | 14 | New-ADGroup -Name "linux_admins" -SamAccountName linux_admins -GroupCategory Security -GroupScope Global -DisplayName "Linux Administrators" -Path "OU=Groups,DC=msx,DC=local" -Description "Members of this group can run all the commands on linux servers and act as Administrators" 15 | 16 | New-ADGroup -Name "gitlab_users" -SamAccountName gitlab_users -GroupCategory Security -GroupScope Global -DisplayName "Gitlab Users" -Path "OU=Groups,DC=msx,DC=local" -Description "Members of this group can login to a4l-git.msx.local Gitlab code repository" 17 | 18 | #Create users in AD 19 | 20 | New-ADUser -Name "Clark Kent" -EmailAddress "mandeepsinghlaller+superman@gmail.com"-SamAccountName "super.man" -Accountpassword $securepassword -Path "CN=Users,DC=msx,DC=local" -ChangePasswordAtLogon $False -PasswordNeverExpires $true -Enabled $true 21 | 22 | New-ADUser -Name "Mandeep Singh" -EmailAddress "mandeepsinghlaller@gmail.com"-SamAccountName "mandeep.s" -Accountpassword $securepassword -Path "CN=Users,DC=msx,DC=local" -ChangePasswordAtLogon $False -PasswordNeverExpires $true -Enabled $true 23 | 24 | New-ADUser -Name "Bruce Wayne" -EmailAddress "mandeepsinghlaller+batman@gmail.com" -SamAccountName "bat.man" -Accountpassword $securepassword -Path "CN=Users,DC=msx,DC=local" -ChangePasswordAtLogon $False -PasswordNeverExpires $true -Enabled $true 25 | 26 | New-ADUser -Name "Peter Parker" -EmailAddress "mandeepsinghlaller+spiderman@gmail.com" -SamAccountName "spider.man" -Accountpassword $securepassword -Path "CN=Users,DC=msx,DC=local" -ChangePasswordAtLogon $False -PasswordNeverExpires $true -Enabled $true 27 | 28 | New-ADUser -Name "Tony Stark" -EmailAddress "mandeepsinghlaller+ironman@gmail.com" -SamAccountName "iron.man" -Accountpassword $securepassword -Path "CN=Users,DC=msx,DC=local" -ChangePasswordAtLogon $False -PasswordNeverExpires $true -Enabled $true 29 | 30 | Add-ADGroupMember -Identity linux_users -Members bat.man,mandeep.s,super.man,iron.man,spider.man 31 | Add-ADGroupMember -Identity linux_admins -Members bat.man,mandeep.s 32 | Add-ADGroupMember -Identity gitlab_users -Members bat.man,mandeep.s 33 | -------------------------------------------------------------------------------- /active_directory/domain_controller/provision/puppetnode.ps1: -------------------------------------------------------------------------------- 1 | # This script installs the windows puppet agent on windows 2 | # from the master's pe_repo by downloading it to C:\tmp first and then running 3 | # msiexec on it from there. 4 | 5 | $puppet_master_server = "puppetmaster.msx.local" 6 | $msi_source = "https://downloads.puppetlabs.com/windows/puppet7/puppet-agent-7.20.0-x64.msi" 7 | $msi_dest = "C:\tmp\puppet-agent-x64.msi" 8 | 9 | # Start the agent installation process and wait for it to end before continuing. 10 | Write-Host "Installing puppet agent from $msi_source" 11 | 12 | # Determine system hostname and primary DNS suffix to determine certname 13 | $objIPProperties = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() 14 | $name_components = @($objIPProperties.HostName, $objIPProperties.DomainName) | ? {$_} 15 | $certname = $name_components -Join "." 16 | 17 | Function Get-WebPage { Param( $url, $file, [switch]$force) 18 | if($force) { 19 | [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} 20 | } 21 | $webclient = New-Object system.net.webclient 22 | $webclient.DownloadFile($url,$file) 23 | } 24 | 25 | Get-WebPage -url $msi_source -file $msi_dest -force 26 | $msiexec_path = "C:\Windows\System32\msiexec.exe" 27 | $msiexec_args = "/qn /log c:\log.txt /i $msi_dest PUPPET_MASTER_SERVER=$puppet_master_server PUPPET_AGENT_CERTNAME=$certname" 28 | $msiexec_proc = [System.Diagnostics.Process]::Start($msiexec_path, $msiexec_args) 29 | $msiexec_proc.WaitForExit() 30 | 31 | -------------------------------------------------------------------------------- /active_directory/domain_controller/provision/setupdc.ps1: -------------------------------------------------------------------------------- 1 | $dmode = "WinThreshold" 2 | $fmode = "WinThreshold" 3 | $dnetbioname = "MSX" 4 | $dname = "msx.local" 5 | $vadapter = "Ethernet" 6 | $dadapter = "Ethernet 2" 7 | 8 | #set administrator account password 9 | net user administrator msx@9797 10 | 11 | #Setup the server as a domain controller 12 | $Password = "msx@9797" | ConvertTo-SecureString -AsPlainText -Force 13 | 14 | Install-WindowsFeature AD-Domain-Services -IncludeManagementTools 15 | 16 | Import-Module ADDSDeployment 17 | 18 | Install-ADDSForest -SafeModeAdministratorPassword $Password -CreateDnsDelegation:$false -DomainMode $dmode -DomainName $dname -DomainNetbiosName $dnetbioname -ForestMode $fmode -InstallDns:$true -NoRebootOnCompletion:$false -Force:$true 19 | 20 | 21 | -------------------------------------------------------------------------------- /active_directory/windows_node/Vagrantfile: -------------------------------------------------------------------------------- 1 | Vagrant.configure("2") do |config| 2 | 3 | config.vm.provider "virtualbox" do |v| 4 | v.memory = 1024 5 | v.cpus = 1 6 | v.name = "Windows-Node-01" 7 | end 8 | config.winrm.transport = :plaintext 9 | config.winrm.basic_auth_only = true 10 | 11 | config.vm.define "win_server" do |win_server| 12 | win_server.vm.guest = :windows 13 | win_server.vm.communicator = "winrm" 14 | win_server.vm.boot_timeout = 600 15 | win_server.vm.graceful_halt_timeout = 600 16 | win_server.winrm.retry_limit = 30 17 | win_server.winrm.retry_delay = 10 18 | win_server.vm.box = "StefanScherer/windows_2019" 19 | win_server.vm.hostname = "a4l-winnode01" 20 | win_server.vm.network "private_network", ip: "192.168.56.3" 21 | win_server.vm.network :forwarded_port, guest: 3389, host: 33389, id: "msrdp" 22 | win_server.vm.network :forwarded_port, guest: 5985, host: 35985, id: "winrm" 23 | win_server.vm.provision "shell", privileged: "true", path: "provision/add_to_domain.ps1" 24 | win_server.vm.provision "shell", reboot: true 25 | win_server.vm.provision "shell", privileged: "true", path: "provision/install_win_exporter.ps1" 26 | win_server.vm.provision "shell", privileged: "true", path: "provision/puppetnode.ps1" 27 | end 28 | end 29 | -------------------------------------------------------------------------------- /active_directory/windows_node/provision/add_to_domain.ps1: -------------------------------------------------------------------------------- 1 | net user administrator msx@9797 2 | 3 | $domain = "msx.local" 4 | $domainControllerIp = "192.168.56.2" 5 | 6 | $ErrorActionPreference = "Stop" 7 | 8 | 9 | $systemVendor = (Get-WmiObject Win32_ComputerSystemProduct Vendor).Vendor 10 | 11 | 12 | $adapters = @(Get-NetAdapter -Physical) 13 | if ($systemVendor -eq 'Microsoft Corporation') { 14 | $adapters = $adapters | Sort-Object MacAddress 15 | } 16 | $vagrantManagementAdapter = $adapters[0] 17 | $domainControllerAdapter = $adapters[1] 18 | 19 | #Disable-NetAdapterBinding –InterfaceAlias $vagrantManagementAdapter –ComponentID ms_tcpip6 20 | #Disable-NetAdapterBinding –InterfaceAlias $domainControllerAdapter –ComponentID ms_tcpip6 21 | 22 | # do not dynamically register the vagrant management interface address in the domain dns server. 23 | $vagrantManagementAdapter | Set-DNSClient -RegisterThisConnectionsAddress $false 24 | 25 | 26 | # make sure the dns requests on this interface fail fast. 27 | # NB we need to do this because there is no way to remove the DNS server from 28 | # a DHCP interface. 29 | # NB this will basically force dns requests to fail with icmp destination port 30 | # unreachable (instead of timing out and delaying everything), which in turn 31 | # will force windows to query other dns servers (our domain dns server that 32 | # is set on the domain adapter). 33 | # NB we cannot set this to the domain controller dns server because windows will 34 | # always use this interface to connect the dns server, but since its only 35 | # reachable through the domain adapter, the dns responses will never arrive 36 | # and dns client will eventually timeout and give up, and that breaks WDS 37 | # because dns takes too long to reply. 38 | $vagrantManagementAdapter | Set-DnsClientServerAddress -ServerAddresses 127.127.127.127 39 | 40 | # use the DNS server from the Domain Controller machine. 41 | # this way we can correctly resolve DNS entries that are only defined on the Domain Controller. 42 | $domainControllerAdapter | Set-DnsClientServerAddress -ServerAddresses $domainControllerIp 43 | 44 | 45 | # add the machine to the domain. 46 | # NB if you get the following error message, its because you MUST first run sysprep. 47 | # Add-Computer : Computer 'test-node-one' failed to join domain 'example.com' from its current workgroup 'WORKGROUP' 48 | # with following error message: The domain join cannot be completed because the SID of the domain you attempted to join 49 | # was identical to the SID of this machine. This is a symptom of an improperly cloned operating system install. You 50 | # should run sysprep on this machine in order to generate a new machine SID. Please see 51 | # http://go.microsoft.com/fwlink/?LinkId=168895 for more information. 52 | Add-Computer ` 53 | -DomainName $domain ` 54 | -Credential (New-Object ` 55 | System.Management.Automation.PSCredential( 56 | "administrator@$domain", 57 | (ConvertTo-SecureString "msx@9797" -AsPlainText -Force))) 58 | 59 | 60 | #Disable IPv6 networking 61 | #Disable-NetAdapterBinding –InterfaceAlias $vadapter –ComponentID ms_tcpip6 62 | #Disable-NetAdapterBinding –InterfaceAlias $dadapter –ComponentID ms_tcpip6 63 | 64 | -------------------------------------------------------------------------------- /active_directory/windows_node/provision/install_win_exporter.ps1: -------------------------------------------------------------------------------- 1 | $version = "0.16.0" 2 | 3 | $AgentURL = "https://github.com/prometheus-community/windows_exporter/releases/download/v${version}/windows_exporter-${version}-386.msi" 4 | $AbsoluteCurrPath = $(Get-Location).Path 5 | $AbsolutePathMSI = "${AbsoluteCurrPath}\tmp\windows-exporter\windows_exporter.msi" 6 | $EnabledCollectors = "[defaults],cpu,cs,logical_disk,memory,net,os,process,service,system,tcp" 7 | $ServiceName = "windows_exporter" 8 | $TempDirectoryToCreate = "$AbsoluteCurrPath\tmp\windows-exporter" 9 | 10 | # create temp directories 11 | if (-not (Test-Path -LiteralPath $TempDirectoryToCreate)) { 12 | try { 13 | New-Item -Path $TempDirectoryToCreate -ItemType Directory -ErrorAction Stop | Out-Null #-Force 14 | } catch { 15 | Write-Error -Message "Unable to create directory '$TempDirectoryToCreate'. Error was: $_" -ErrorAction Stop 16 | } 17 | "Successfully created directory '$TempDirectoryToCreate'." 18 | } else { 19 | "Directory already existed" 20 | } 21 | 22 | # download specify msi to temp directory 23 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 24 | Invoke-WebRequest $AgentURL -OutFile $AbsolutePathMSI 25 | # Start-Process msiexec -Wait -ArgumentList "/i ${AbsolutePathMSI} ENABLED_COLLECTORS=$EnabledCollectors" 26 | (Start-Process "msiexec.exe" -ArgumentList "/i ${AbsolutePathMSI} ENABLED_COLLECTORS=$EnabledCollectors /qb!" -NoNewWindow -Wait -PassThru).ExitCode 27 | 28 | # Check Status of Service 29 | $Service = Get-Service -Name "$ServiceName" 30 | if($Service.Status -eq "running"){ 31 | Write-Host "$ServiceName is running" 32 | } else { 33 | Write-Host "$ServiceName status is: $Service.Status" 34 | } 35 | # remove temp setup file 36 | if(Test-Path $AbsoluteCurrPath\tmp\windows-exporter -PathType Container){ 37 | Remove-Item -Recurse -Force $AbsoluteCurrPath\tmp\windows-exporter 38 | } else { 39 | Write-Host "TMP path not available" 40 | } 41 | 42 | -------------------------------------------------------------------------------- /active_directory/windows_node/provision/puppetnode.ps1: -------------------------------------------------------------------------------- 1 | # This script installs the windows puppet agent on windows 2 | # from the master's pe_repo by downloading it to C:\tmp first and then running 3 | # msiexec on it from there. 4 | 5 | $puppet_master_server = "puppetmaster.msx.local" 6 | $msi_source = "https://downloads.puppetlabs.com/windows/puppet7/puppet-agent-7.20.0-x64.msi" 7 | $msi_dest = "C:\tmp\puppet-agent-x64.msi" 8 | 9 | # Start the agent installation process and wait for it to end before continuing. 10 | Write-Host "Installing puppet agent from $msi_source" 11 | 12 | # Determine system hostname and primary DNS suffix to determine certname 13 | $objIPProperties = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() 14 | $name_components = @($objIPProperties.HostName, $objIPProperties.DomainName) | ? {$_} 15 | $certname = $name_components -Join "." 16 | 17 | Function Get-WebPage { Param( $url, $file, [switch]$force) 18 | if($force) { 19 | [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} 20 | } 21 | $webclient = New-Object system.net.webclient 22 | $webclient.DownloadFile($url,$file) 23 | } 24 | 25 | Get-WebPage -url $msi_source -file $msi_dest -force 26 | $msiexec_path = "C:\Windows\System32\msiexec.exe" 27 | $msiexec_args = "/qn /log c:\log.txt /i $msi_dest PUPPET_MASTER_SERVER=$puppet_master_server PUPPET_AGENT_CERTNAME=$certname" 28 | $msiexec_proc = [System.Diagnostics.Process]::Start($msiexec_path, $msiexec_args) 29 | $msiexec_proc.WaitForExit() 30 | 31 | -------------------------------------------------------------------------------- /data/config_files/prometheus.yml: -------------------------------------------------------------------------------- 1 | global: 2 | scrape_interval: 15s # By default, scrape targets every 15 seconds. 3 | 4 | # Attach these labels to any time series or alerts when communicating with 5 | # external systems (federation, remote storage, Alertmanager). 6 | external_labels: 7 | monitor: 'codelab-monitor' 8 | 9 | # A scrape configuration containing exactly one endpoint to scrape: 10 | # Here it's Prometheus itself. 11 | scrape_configs: 12 | # The job name is added as a label job= to any timeseries scraped from this config. 13 | - job_name: 'node-prometheus' 14 | 15 | static_configs: 16 | - targets: ['localhost:9100'] 17 | 18 | - job_name: 'animal4life.local-INFRA' 19 | 20 | static_configs: 21 | - targets: ['a4ldc01.animals4life.local:9182'] 22 | - targets: ['puppetmaster.animals4life.local:9100'] 23 | - targets: ['a4l-git.animals4life.local:9100'] 24 | - targets: ['a4l-jenkins.animals4life.local:9100'] 25 | 26 | -------------------------------------------------------------------------------- /data/powershell-scripts/add_to_domain.ps1: -------------------------------------------------------------------------------- 1 | net user administrator msx@9797 2 | 3 | $domain = "msx.local" 4 | $domainControllerIp = "192.168.56.2" 5 | 6 | $ErrorActionPreference = "Stop" 7 | 8 | 9 | $systemVendor = (Get-WmiObject Win32_ComputerSystemProduct Vendor).Vendor 10 | 11 | 12 | $adapters = @(Get-NetAdapter -Physical) 13 | if ($systemVendor -eq 'Microsoft Corporation') { 14 | $adapters = $adapters | Sort-Object MacAddress 15 | } 16 | $vagrantManagementAdapter = $adapters[0] 17 | $domainControllerAdapter = $adapters[1] 18 | 19 | #Disable-NetAdapterBinding –InterfaceAlias $vagrantManagementAdapter –ComponentID ms_tcpip6 20 | #Disable-NetAdapterBinding –InterfaceAlias $domainControllerAdapter –ComponentID ms_tcpip6 21 | 22 | # do not dynamically register the vagrant management interface address in the domain dns server. 23 | $vagrantManagementAdapter | Set-DNSClient -RegisterThisConnectionsAddress $false 24 | 25 | 26 | # make sure the dns requests on this interface fail fast. 27 | # NB we need to do this because there is no way to remove the DNS server from 28 | # a DHCP interface. 29 | # NB this will basically force dns requests to fail with icmp destination port 30 | # unreachable (instead of timing out and delaying everything), which in turn 31 | # will force windows to query other dns servers (our domain dns server that 32 | # is set on the domain adapter). 33 | # NB we cannot set this to the domain controller dns server because windows will 34 | # always use this interface to connect the dns server, but since its only 35 | # reachable through the domain adapter, the dns responses will never arrive 36 | # and dns client will eventually timeout and give up, and that breaks WDS 37 | # because dns takes too long to reply. 38 | $vagrantManagementAdapter | Set-DnsClientServerAddress -ServerAddresses 127.127.127.127 39 | 40 | # use the DNS server from the Domain Controller machine. 41 | # this way we can correctly resolve DNS entries that are only defined on the Domain Controller. 42 | $domainControllerAdapter | Set-DnsClientServerAddress -ServerAddresses $domainControllerIp 43 | 44 | 45 | # add the machine to the domain. 46 | # NB if you get the following error message, its because you MUST first run sysprep. 47 | # Add-Computer : Computer 'test-node-one' failed to join domain 'example.com' from its current workgroup 'WORKGROUP' 48 | # with following error message: The domain join cannot be completed because the SID of the domain you attempted to join 49 | # was identical to the SID of this machine. This is a symptom of an improperly cloned operating system install. You 50 | # should run sysprep on this machine in order to generate a new machine SID. Please see 51 | # http://go.microsoft.com/fwlink/?LinkId=168895 for more information. 52 | Add-Computer ` 53 | -DomainName $domain ` 54 | -Credential (New-Object ` 55 | System.Management.Automation.PSCredential( 56 | "administrator@$domain", 57 | (ConvertTo-SecureString "msx@9797" -AsPlainText -Force))) 58 | 59 | 60 | 61 | -------------------------------------------------------------------------------- /data/powershell-scripts/install_win_exporter.ps1: -------------------------------------------------------------------------------- 1 | $version = "0.16.0" 2 | 3 | $AgentURL = "https://github.com/prometheus-community/windows_exporter/releases/download/v${version}/windows_exporter-${version}-386.msi" 4 | $AbsoluteCurrPath = $(Get-Location).Path 5 | $AbsolutePathMSI = "${AbsoluteCurrPath}\tmp\windows-exporter\windows_exporter.msi" 6 | $EnabledCollectors = "[defaults],cpu,cs,logical_disk,memory,net,os,process,service,system,tcp" 7 | $ServiceName = "windows_exporter" 8 | $TempDirectoryToCreate = "$AbsoluteCurrPath\tmp\windows-exporter" 9 | 10 | # create temp directories 11 | if (-not (Test-Path -LiteralPath $TempDirectoryToCreate)) { 12 | try { 13 | New-Item -Path $TempDirectoryToCreate -ItemType Directory -ErrorAction Stop | Out-Null #-Force 14 | } catch { 15 | Write-Error -Message "Unable to create directory '$TempDirectoryToCreate'. Error was: $_" -ErrorAction Stop 16 | } 17 | "Successfully created directory '$TempDirectoryToCreate'." 18 | } else { 19 | "Directory already existed" 20 | } 21 | 22 | # download specify msi to temp directory 23 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 24 | Invoke-WebRequest $AgentURL -OutFile $AbsolutePathMSI 25 | # Start-Process msiexec -Wait -ArgumentList "/i ${AbsolutePathMSI} ENABLED_COLLECTORS=$EnabledCollectors" 26 | (Start-Process "msiexec.exe" -ArgumentList "/i ${AbsolutePathMSI} ENABLED_COLLECTORS=$EnabledCollectors /qb!" -NoNewWindow -Wait -PassThru).ExitCode 27 | 28 | # Check Status of Service 29 | $Service = Get-Service -Name "$ServiceName" 30 | if($Service.Status -eq "running"){ 31 | Write-Host "$ServiceName is running" 32 | } else { 33 | Write-Host "$ServiceName status is: $Service.Status" 34 | } 35 | # remove temp setup file 36 | if(Test-Path $AbsoluteCurrPath\tmp\windows-exporter -PathType Container){ 37 | Remove-Item -Recurse -Force $AbsoluteCurrPath\tmp\windows-exporter 38 | } else { 39 | Write-Host "TMP path not available" 40 | } 41 | 42 | -------------------------------------------------------------------------------- /data/powershell-scripts/ou_setup.ps1: -------------------------------------------------------------------------------- 1 | 2 | Import-Module activedirectory 3 | 4 | #convert password string to secure.string 5 | $password="msx@9797" 6 | $securepassword = ConvertTo-SecureString $password -AsPlainText -Force 7 | 8 | #Create OU -- Groups 9 | New-ADOrganizationalUnit -Name "Groups" -Path "DC=msx,DC=local" 10 | 11 | #Create linux_users, linux_admins, gitlab_users groups in AD 12 | New-ADGroup -Name "linux_users" -SamAccountName linux_users -GroupCategory Security -GroupScope Global -DisplayName "Linux Users" -Path "OU=Groups,DC=msx,DC=local" -Description "Members of this group can login the on linux servers" 13 | 14 | New-ADGroup -Name "linux_admins" -SamAccountName linux_admins -GroupCategory Security -GroupScope Global -DisplayName "Linux Administrators" -Path "OU=Groups,DC=msx,DC=local" -Description "Members of this group can run all the commands on linux servers and act as Administrators" 15 | 16 | New-ADGroup -Name "gitlab_users" -SamAccountName gitlab_users -GroupCategory Security -GroupScope Global -DisplayName "Gitlab Users" -Path "OU=Groups,DC=msx,DC=local" -Description "Members of this group can login to a4l-git.msx.local Gitlab code repository" 17 | 18 | #Create users in AD 19 | 20 | New-ADUser -Name "Clark Kent" -EmailAddress "mandeepsinghlaller+superman@gmail.com"-SamAccountName "super.man" -Accountpassword $securepassword -Path "CN=Users,DC=msx,DC=local" -ChangePasswordAtLogon $False -PasswordNeverExpires $true -Enabled $true 21 | 22 | New-ADUser -Name "Mandeep Singh" -EmailAddress "mandeepsinghlaller@gmail.com"-SamAccountName "mandeep.s" -Accountpassword $securepassword -Path "CN=Users,DC=msx,DC=local" -ChangePasswordAtLogon $False -PasswordNeverExpires $true -Enabled $true 23 | 24 | New-ADUser -Name "Bruce Wayne" -EmailAddress "mandeepsinghlaller+batman@gmail.com" -SamAccountName "bat.man" -Accountpassword $securepassword -Path "CN=Users,DC=msx,DC=local" -ChangePasswordAtLogon $False -PasswordNeverExpires $true -Enabled $true 25 | 26 | New-ADUser -Name "Peter Parker" -EmailAddress "mandeepsinghlaller+spiderman@gmail.com" -SamAccountName "spider.man" -Accountpassword $securepassword -Path "CN=Users,DC=msx,DC=local" -ChangePasswordAtLogon $False -PasswordNeverExpires $true -Enabled $true 27 | 28 | New-ADUser -Name "Tony Stark" -EmailAddress "mandeepsinghlaller+ironman@gmail.com" -SamAccountName "iron.man" -Accountpassword $securepassword -Path "CN=Users,DC=msx,DC=local" -ChangePasswordAtLogon $False -PasswordNeverExpires $true -Enabled $true 29 | 30 | Add-ADGroupMember -Identity linux_users -Members bat.man,mandeep.s,super.man,iron.man,spider.man 31 | Add-ADGroupMember -Identity linux_admins -Members bat.man,mandeep.s 32 | Add-ADGroupMember -Identity gitlab_users -Members bat.man,mandeep.s 33 | -------------------------------------------------------------------------------- /data/powershell-scripts/puppetnode.ps1: -------------------------------------------------------------------------------- 1 | # This script installs the windows puppet agent on windows 2 | # from the master's pe_repo by downloading it to C:\tmp first and then running 3 | # msiexec on it from there. 4 | 5 | $puppet_master_server = "puppetmaster.msx.local" 6 | $msi_source = "https://downloads.puppetlabs.com/windows/puppet7/puppet-agent-7.20.0-x64.msi" 7 | $msi_dest = "C:\tmp\puppet-agent-x64.msi" 8 | 9 | # Start the agent installation process and wait for it to end before continuing. 10 | Write-Host "Installing puppet agent from $msi_source" 11 | 12 | # Determine system hostname and primary DNS suffix to determine certname 13 | $objIPProperties = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() 14 | $name_components = @($objIPProperties.HostName, $objIPProperties.DomainName) | ? {$_} 15 | $certname = $name_components -Join "." 16 | 17 | Function Get-WebPage { Param( $url, $file, [switch]$force) 18 | if($force) { 19 | [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} 20 | } 21 | $webclient = New-Object system.net.webclient 22 | $webclient.DownloadFile($url,$file) 23 | } 24 | 25 | Get-WebPage -url $msi_source -file $msi_dest -force 26 | $msiexec_path = "C:\Windows\System32\msiexec.exe" 27 | $msiexec_args = "/qn /log c:\log.txt /i $msi_dest PUPPET_MASTER_SERVER=$puppet_master_server PUPPET_AGENT_CERTNAME=$certname" 28 | $msiexec_proc = [System.Diagnostics.Process]::Start($msiexec_path, $msiexec_args) 29 | $msiexec_proc.WaitForExit() 30 | 31 | -------------------------------------------------------------------------------- /data/powershell-scripts/setupdc.ps1: -------------------------------------------------------------------------------- 1 | $dmode = "WinThreshold" 2 | $fmode = "WinThreshold" 3 | $dnetbioname = "MSX" 4 | $dname = "msx.local" 5 | $vadapter = "Ethernet" 6 | $dadapter = "Ethernet 2" 7 | 8 | #set administrator account password 9 | net user administrator msx@9797 10 | 11 | #Setup the server as a domain controller 12 | $Password = "msx@9797" | ConvertTo-SecureString -AsPlainText -Force 13 | 14 | Install-WindowsFeature AD-Domain-Services -IncludeManagementTools 15 | 16 | Import-Module ADDSDeployment 17 | 18 | Install-ADDSForest -SafeModeAdministratorPassword $Password -CreateDnsDelegation:$false -DomainMode $dmode -DomainName $dname -DomainNetbiosName $dnetbioname -ForestMode $fmode -InstallDns:$true -NoRebootOnCompletion:$false -Force:$true 19 | 20 | 21 | -------------------------------------------------------------------------------- /data/script_list.txt: -------------------------------------------------------------------------------- 1 | SHELL SCRIPTS 2 | 3 | initialize.sh -> Bootstraps linux hosts 4 | add_to_domain.sh -> Adds linux hosts to msx.local domain 5 | gitlab.sh -> Setup gitlab server 6 | puppetnode_setup.sh -> Installs puppet agent on linux nodes 7 | puppetmaster_setup.sh -> Configures the puppetmaster server 8 | jenkins_setup.sh -> Setup Jenkins server 9 | prometheus_grafana.sh -> Setup prometheus and grafana 10 | install_node_exporter.sh -> Installs node exporter on linux hosts 11 | 12 | 13 | POWERSHELL SCRIPTS 14 | 15 | setupdc.ps1 -> Setup the domain controller 16 | add_to_domain.ps1 -> Adds windows hosts to msx.local domain 17 | install_win_exporter.ps1 -> Installs windows exporter 18 | ou_setup.ps1 -> Creates OUs and users in AD 19 | puppetnode.ps1 -> Installs puppet agent on windows hosts 20 | -------------------------------------------------------------------------------- /data/shell-scripts/add_to_domain.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | password="msx@9797" 4 | domain="msx.local" 5 | domain_ip="192.168.56.2" 6 | 7 | #join the realm 8 | 9 | sudo echo $password | realm join -U administrator $domain 10 | 11 | #update /usr/share/pam-configs/mkhomedir 12 | 13 | cd /usr/share/pam-configs 14 | 15 | cat < mkhomedir 16 | Name: Create home directory on login 17 | Default: yes 18 | Priority: 900 19 | Session-Type: Additional 20 | Session: 21 | optional pam_mkhomedir.so 22 | EOT 23 | 24 | #enable homedirectory creation on login 25 | pam-auth-update --enable mkhomedir 26 | sudo systemctl restart sssd.service 27 | 28 | #update sssd config 29 | cd /etc/sssd 30 | cat < sssd.conf 31 | [sssd] 32 | domains = msx.local 33 | config_file_version = 2 34 | services = nss, pam 35 | 36 | [domain/msx.local] 37 | ad_domain = msx.local 38 | krb5_realm = MSX.LOCAL 39 | realmd_tags = manages-system joined-with-adcli 40 | cache_credentials = True 41 | id_provider = ad 42 | krb5_store_password_if_offline = True 43 | default_shell = /bin/bash 44 | ldap_id_mapping = True 45 | use_fully_qualified_names = False 46 | fallback_homedir = /home/%u 47 | access_provider = simple 48 | EOT 49 | 50 | sudo systemctl restart sssd.service 51 | 52 | #allow ad groups to login to the server 53 | sudo realm permit -g linux_users@msx.local 54 | sudo realm permit -g linux_admins@msx.local 55 | sudo systemctl restart sssd.service 56 | 57 | #update password login 58 | sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config 59 | sudo systemctl restart sshd.service 60 | 61 | ## Allow sudo access to linux-admins 62 | 63 | cd /etc/sudoers.d/ 64 | 65 | cat < linux_admins 66 | %linux_admins ALL=(ALL) NOPASSWD:ALL 67 | EOT 68 | 69 | #Allow users to run puppet command with sudo. ex - sudo puppet agent -tvvv 70 | sudo sed -e '/secure_path/s/^/#/g' -i /etc/sudoers 71 | 72 | #System has been provisioned 73 | -------------------------------------------------------------------------------- /data/shell-scripts/gitlab.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | ##This file needs to be updated incase of changes made to the domain name and hostname of the servers### 3 | sudo apt install ca-certificates curl openssh-server tzdata perl -y 4 | debconf-set-selections <<< "postfix postfix/mailname string a4l-git.msx.local" 5 | debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" 6 | apt-get install --assume-yes postfix 7 | 8 | cd /tmp 9 | curl -LO https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh 10 | sudo bash /tmp/script.deb.sh 11 | sudo EXTERNAL_URL="http://a4l-git.msx.local" 12 | sudo apt-get install gitlab-ce 13 | 14 | #Git ldap config 15 | 16 | cd /etc/gitlab 17 | 18 | cat <> gitlab.rb 19 | gitlab_rails['ldap_enabled'] = true 20 | #gitlab_rails['prevent_ldap_sign_in'] = false 21 | 22 | ###! **remember to close this block with 'EOS' below** 23 | gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' 24 | main: # 'main' is the GitLab 'provider ID' of this LDAP server 25 | label: 'LDAP' 26 | host: 'a4ldc01.msx.local' 27 | port: 389 28 | uid: 'sAMAccountName' 29 | bind_dn: 'CN=Administrator,CN=Users,DC=msx,DC=local' 30 | password: 'msx@9797' 31 | encryption: 'plain' # "start_tls" or "simple_tls" or "plain" 32 | verify_certificates: true 33 | smartcard_auth: false 34 | active_directory: true 35 | allow_username_or_email_login: false 36 | block_auto_created_users: false 37 | base: 'CN=Users,DC=msx,DC=local' 38 | user_filter: '(memberOf=CN=gitlab_users,OU=Groups,DC=msx,DC=local)' 39 | EOS 40 | EOT 41 | 42 | #### Configure and start gitlab 43 | sudo gitlab-ctl reconfigure 44 | gitlab-ctl start 45 | 46 | -------------------------------------------------------------------------------- /data/shell-scripts/initialize.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | server_name="Enter_name_of_the_server_here" 4 | password="msx@9797" 5 | domain="msx.local" 6 | domain_ip="192.168.56.2" 7 | 8 | #update and upgrade os 9 | sudo apt update -y 10 | sudo apt upgrade -y 11 | 12 | #install packages required 13 | sudo apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit resolvconf ncdu tree vim curl -y 14 | 15 | ##change hostname 16 | 17 | hostnamectl set-hostname $server_name.$domain 18 | 19 | #add domain entry in /etc/resolvconf/resolv.conf.d/head 20 | cd /etc/resolvconf/resolv.conf.d/ 21 | cat < head 22 | # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) 23 | # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN 24 | # 127.0.0.53 is the systemd-resolved stub resolver. 25 | # run "systemd-resolve --status" to see details about the actual nameservers. 26 | 27 | search msx.local 28 | nameserver 192.168.56.2 29 | EOT 30 | 31 | # apply changes to /etc/resolv.conf 32 | sudo resolvconf -u 33 | -------------------------------------------------------------------------------- /data/shell-scripts/install_node_exporter.sh: -------------------------------------------------------------------------------- 1 | 2 | #install Node Exporter 3 | 4 | #create a system user for Node Exporter 5 | sudo useradd \ 6 | --system \ 7 | --no-create-home \ 8 | --shell /bin/false node_exporter 9 | 10 | #download Node Exporter 11 | wget https://github.com/prometheus/node_exporter/releases/download/v1.4.0/node_exporter-1.4.0.linux-amd64.tar.gz 12 | 13 | #extract node exporter 14 | tar -xvf node_exporter-1.4.0.linux-amd64.tar.gz 15 | 16 | #move the binary to /usr/local/bin 17 | sudo mv \ 18 | node_exporter-1.4.0.linux-amd64/node_exporter \ 19 | /usr/local/bin/ 20 | 21 | #Clean up, delete node_exporter archive and a folder. 22 | rm -rf node_exporter* 23 | 24 | node_exporter --version 25 | 26 | #create a systemd unit configuration file 27 | cd /etc/systemd/system/ 28 | cat < /etc/systemd/system/node_exporter.service 29 | 30 | [Unit] 31 | Description=Node Exporter 32 | Wants=network-online.target 33 | After=network-online.target 34 | 35 | StartLimitIntervalSec=500 36 | StartLimitBurst=5 37 | 38 | [Service] 39 | User=node_exporter 40 | Group=node_exporter 41 | Type=simple 42 | Restart=on-failure 43 | RestartSec=5s 44 | ExecStart=/usr/local/bin/node_exporter \ 45 | --collector.logind 46 | 47 | [Install] 48 | WantedBy=multi-user.target 49 | 50 | EOT 51 | sudo systemctl daemon-reload 52 | sudo systemctl start node_exporter.service 53 | sudo systemctl enable node_exporter.service 54 | sudo systemctl status node_exporter.service 55 | -------------------------------------------------------------------------------- /data/shell-scripts/jenkins_setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | sudo apt update -y 4 | sudo apt install openjdk-11-jdk -y 5 | 6 | #importing the GPG key for jenkins repo 7 | sudo curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo tee /usr/share/keyrings/jenkins-keyring.asc > /dev/null 8 | 9 | #Add the Jenkins software repository to the source list and provide the authentication key: 10 | echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list > /dev/null 11 | 12 | #Install Jenkins and enable on startup 13 | sudo apt update 14 | sudo apt install jenkins -y 15 | sudo systemctl start jenkins 16 | sudo systemctl enable --now jenkins 17 | 18 | 19 | #Display the initial admin password for jenkins 20 | sudo cat /var/lib/jenkins/secrets/initialAdminPassword 21 | 22 | # System has been provisioned 23 | -------------------------------------------------------------------------------- /data/shell-scripts/prometheus_grafana.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | sudo apt-get update 3 | 4 | #create a system user or system account 5 | sudo useradd \ 6 | --system \ 7 | --no-create-home \ 8 | --shell /bin/false prometheus 9 | 10 | # download prometheus installation files 11 | wget https://github.com/prometheus/prometheus/releases/download/v2.37.2/prometheus-2.37.2.linux-amd64.tar.gz 12 | 13 | # Extract files 14 | tar -xvzf prometheus-2.37.2.linux-amd64.tar.gz 15 | 16 | #create a folder for prometheus data and configuration files 17 | sudo mkdir -p /data /etc/prometheus 18 | cd prometheus-2.37.2.linux-amd64 19 | 20 | #move the prometheus binary and a promtool to the /usr/local/bin/ 21 | sudo mv prometheus promtool /usr/local/bin/ 22 | 23 | #move console libraries to the Prometheus configuration directory 24 | sudo mv consoles/ console_libraries/ /etc/prometheus/ 25 | 26 | #move the example of the main prometheus configuration file 27 | sudo mv prometheus.yml /etc/prometheus/prometheus.yml 28 | 29 | #set correct ownership for the /etc/prometheus/ and data directory. 30 | sudo chown -R prometheus:prometheus /etc/prometheus/ /data/ 31 | 32 | #delete the archive and prometheus folder 33 | cd 34 | rm -rf prometheus* 35 | 36 | 37 | #create a systemd unit configuration file 38 | cd /etc/systemd/system/ 39 | cat < /etc/systemd/system/prometheus.service 40 | 41 | [Unit] 42 | Description=Prometheus 43 | Wants=network-online.target 44 | After=network-online.target 45 | 46 | StartLimitIntervalSec=500 47 | StartLimitBurst=5 48 | 49 | [Service] 50 | User=prometheus 51 | Group=prometheus 52 | Type=simple 53 | Restart=on-failure 54 | RestartSec=5s 55 | ExecStart=/usr/local/bin/prometheus \ 56 | --config.file=/etc/prometheus/prometheus.yml \ 57 | --storage.tsdb.path=/data \ 58 | --web.console.templates=/etc/prometheus/consoles \ 59 | --web.console.libraries=/etc/prometheus/console_libraries \ 60 | --web.listen-address=0.0.0.0:9090 \ 61 | --web.enable-lifecycle 62 | 63 | [Install] 64 | WantedBy=multi-user.target 65 | 66 | 67 | EOT 68 | 69 | ##Reload systemctl daemon 70 | systemctl daemon-reload 71 | 72 | ## Start and enable prometheus service 73 | sudo systemctl start prometheus 74 | sudo systemctl enable prometheus 75 | 76 | 77 | #install Node Exporter 78 | 79 | #create a system user for Node Exporter 80 | sudo useradd \ 81 | --system \ 82 | --no-create-home \ 83 | --shell /bin/false node_exporter 84 | 85 | #download Node Exporter 86 | wget https://github.com/prometheus/node_exporter/releases/download/v1.4.0/node_exporter-1.4.0.linux-amd64.tar.gz 87 | 88 | #extract node exporter 89 | tar -xvf node_exporter-1.4.0.linux-amd64.tar.gz 90 | 91 | #move the binary to /usr/local/bin 92 | sudo mv \ 93 | node_exporter-1.4.0.linux-amd64/node_exporter \ 94 | /usr/local/bin/ 95 | 96 | #Clean up, delete node_exporter archive and a folder. 97 | rm -rf node_exporter* 98 | 99 | node_exporter --version 100 | 101 | #create a systemd unit configuration file 102 | cd /etc/systemd/system/ 103 | cat < /etc/systemd/system/node_exporter.service 104 | 105 | [Unit] 106 | Description=Node Exporter 107 | Wants=network-online.target 108 | After=network-online.target 109 | 110 | StartLimitIntervalSec=500 111 | StartLimitBurst=5 112 | 113 | [Service] 114 | User=node_exporter 115 | Group=node_exporter 116 | Type=simple 117 | Restart=on-failure 118 | RestartSec=5s 119 | ExecStart=/usr/local/bin/node_exporter \ 120 | --collector.logind 121 | 122 | [Install] 123 | WantedBy=multi-user.target 124 | 125 | EOT 126 | 127 | ##Reload systemctl daemon 128 | systemctl daemon-reload 129 | 130 | ## Start and enable node_exporter service 131 | sudo systemctl start node_exporter 132 | sudo systemctl enable node_exporter 133 | 134 | ##configure prometheus.yml 135 | 136 | cd /etc/prometheus/ 137 | cat < prometheus.yml 138 | 139 | global: 140 | scrape_interval: 15s # By default, scrape targets every 15 seconds. 141 | 142 | # Attach these labels to any time series or alerts when communicating with 143 | # external systems (federation, remote storage, Alertmanager). 144 | external_labels: 145 | monitor: 'codelab-monitor' 146 | 147 | # A scrape configuration containing exactly one endpoint to scrape: 148 | # Here it's Prometheus itself. 149 | scrape_configs: 150 | # The job name is added as a label job= to any timeseries scraped from this config. 151 | - job_name: 'node-prometheus' 152 | 153 | static_configs: 154 | - targets: ['localhost:9100'] 155 | 156 | EOT 157 | 158 | #install grafana 159 | 160 | sudo apt-get install wget curl gnupg2 apt-transport-https software-properties-common -y 161 | wget -q -O - https://packages.grafana.com/gpg.key | apt-key add - 162 | echo "deb https://packages.grafana.com/oss/deb stable main" | tee -a /etc/apt/sources.list.d/grafana.list 163 | apt-get update -y 164 | apt-get install grafana -y 165 | systemctl start grafana-server 166 | systemctl enable grafana-server 167 | 168 | #System has been provisioned 169 | -------------------------------------------------------------------------------- /data/shell-scripts/puppetmaster_setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | wget https://apt.puppet.com/puppet7-release-bullseye.deb 4 | 5 | sudo dpkg -i puppet7-release-bullseye.deb 6 | 7 | sudo apt-get update -y 8 | 9 | sudo apt-get install puppetserver -y 10 | 11 | #source /etc/profile.d/puppet-agent.sh 12 | #echo $PATH 13 | 14 | 15 | 16 | sudo sed -i 's/JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"/JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"/g' /etc/default/puppetserver 17 | 18 | 19 | sudo systemctl start puppetserver.service 20 | sudo systemctl enable puppetserver.service 21 | sudo systemctl status puppetserver.service 22 | 23 | ##Configure puppet server### (Incase of hostnamechange, please point to your puppetmaster's fqdn instead of puppetmaster.msx.local)## 24 | sudo /opt/puppetlabs/bin/puppet config set server puppetmaster.msx.local --section main 25 | sudo /opt/puppetlabs/bin/puppet config set runinterval 30m --section main 26 | 27 | sudo /opt/puppetlabs/bin/puppet config set environment production --section server 28 | sudo /opt/puppetlabs/bin/puppet config set dns_alt_names puppet,puppetmaster,puppetmaster.msx.local --section server 29 | 30 | sudo systemctl restart puppetserver 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /data/shell-scripts/puppetnode_setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | wget https://apt.puppet.com/puppet7-release-bullseye.deb 4 | 5 | sudo dpkg -i puppet7-release-bullseye.deb 6 | 7 | sudo apt-get update -y 8 | 9 | sudo apt-get install puppet-agent -y 10 | 11 | 12 | sudo /opt/puppetlabs/bin/puppet config set server puppetmaster.msx.local --section main 13 | sudo /opt/puppetlabs/bin/puppet config set ca_server puppetmaster.msx.local --section main 14 | sudo /opt/puppetlabs/bin/puppet config set runinterval 30m --section main 15 | sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true 16 | sudo systemctl start puppet 17 | sudo systemctl enable puppet 18 | sudo systemctl status puppet 19 | 20 | -------------------------------------------------------------------------------- /git/Vagrantfile: -------------------------------------------------------------------------------- 1 | Vagrant.configure("2") do |config| 2 | 3 | config.vm.provider "virtualbox" do |vb| 4 | vb.memory = "4096" 5 | vb.name = "Gitlab" 6 | end 7 | 8 | 9 | ### gitlab vm ### 10 | config.vm.define "gitlab" do |g| 11 | g.vm.box = "debian/bullseye64" 12 | g.vm.network "private_network", ip: "192.168.56.6" 13 | g.vm.provision "shell", path: "provision/initialize.sh" 14 | g.vm.provision "shell", reboot: true 15 | g.vm.provision "shell", path: "provision/add_to_domain.sh" 16 | g.vm.provision "shell", reboot: true 17 | g.vm.provision "shell", path: "provision/install_node_exporter.sh" 18 | g.vm.provision "shell", path: "provision/puppetnode_setup.sh" 19 | g.vm.provision "shell", path: "provision/gitlab.sh" 20 | end 21 | 22 | end 23 | -------------------------------------------------------------------------------- /git/provision/add_to_domain.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | password="msx@9797" 4 | domain="msx.local" 5 | domain_ip="192.168.56.2" 6 | 7 | #join the realm 8 | 9 | sudo echo $password | realm join -U administrator $domain 10 | 11 | #update /usr/share/pam-configs/mkhomedir 12 | 13 | cd /usr/share/pam-configs 14 | 15 | cat < mkhomedir 16 | Name: Create home directory on login 17 | Default: yes 18 | Priority: 900 19 | Session-Type: Additional 20 | Session: 21 | optional pam_mkhomedir.so 22 | EOT 23 | 24 | #enable homedirectory creation on login 25 | pam-auth-update --enable mkhomedir 26 | sudo systemctl restart sssd.service 27 | 28 | #update sssd config 29 | cd /etc/sssd 30 | cat < sssd.conf 31 | [sssd] 32 | domains = msx.local 33 | config_file_version = 2 34 | services = nss, pam 35 | 36 | [domain/msx.local] 37 | ad_domain = msx.local 38 | krb5_realm = MSX.LOCAL 39 | realmd_tags = manages-system joined-with-adcli 40 | cache_credentials = True 41 | id_provider = ad 42 | krb5_store_password_if_offline = True 43 | default_shell = /bin/bash 44 | ldap_id_mapping = True 45 | use_fully_qualified_names = False 46 | fallback_homedir = /home/%u 47 | access_provider = simple 48 | EOT 49 | 50 | sudo systemctl restart sssd.service 51 | 52 | #allow ad groups to login to the server 53 | sudo realm permit -g linux_users@msx.local 54 | sudo realm permit -g linux_admins@msx.local 55 | sudo systemctl restart sssd.service 56 | 57 | #update password login 58 | sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config 59 | sudo systemctl restart sshd.service 60 | 61 | ## Allow sudo access to linux-admins 62 | 63 | cd /etc/sudoers.d/ 64 | 65 | cat < linux_admins 66 | %linux_admins ALL=(ALL) NOPASSWD:ALL 67 | EOT 68 | 69 | #Allow users to run puppet command with sudo. ex - sudo puppet agent -tvvv 70 | sudo sed -e '/secure_path/s/^/#/g' -i /etc/sudoers 71 | 72 | #System has been provisioned 73 | -------------------------------------------------------------------------------- /git/provision/gitlab.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | sudo apt install ca-certificates curl openssh-server tzdata perl -y 3 | debconf-set-selections <<< "postfix postfix/mailname string a4l-git.msx.local" 4 | debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" 5 | apt-get install --assume-yes postfix 6 | 7 | cd /tmp 8 | curl -LO https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh 9 | sudo bash /tmp/script.deb.sh 10 | sudo EXTERNAL_URL="http://a4l-git.msx.local" 11 | sudo apt-get install gitlab-ce 12 | #sudo gitlab-ctl reconfigure 13 | #gitlab-ctl start 14 | 15 | 16 | #add firewall rules 17 | sudo ufw allow http 18 | sudo ufw allow https 19 | sudo ufw allow OpenSSH 20 | 21 | 22 | #Git ldap config 23 | 24 | cd /etc/gitlab 25 | 26 | cat <> gitlab.rb 27 | gitlab_rails['ldap_enabled'] = true 28 | #gitlab_rails['prevent_ldap_sign_in'] = false 29 | 30 | ###! **remember to close this block with 'EOS' below** 31 | gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' 32 | main: # 'main' is the GitLab 'provider ID' of this LDAP server 33 | label: 'LDAP' 34 | host: 'a4ldc01.msx.local' 35 | port: 389 36 | uid: 'sAMAccountName' 37 | bind_dn: 'CN=Administrator,CN=Users,DC=msx,DC=local' 38 | password: 'msx@9797' 39 | encryption: 'plain' # "start_tls" or "simple_tls" or "plain" 40 | verify_certificates: true 41 | smartcard_auth: false 42 | active_directory: true 43 | allow_username_or_email_login: false 44 | block_auto_created_users: false 45 | base: 'CN=Users,DC=msx,DC=local' 46 | user_filter: '(memberOf=CN=gitlab_users,OU=Groups,DC=msx,DC=local)' 47 | EOS 48 | 49 | EOT 50 | 51 | #### Configure and start gitlab 52 | sudo gitlab-ctl reconfigure 53 | gitlab-ctl start 54 | 55 | -------------------------------------------------------------------------------- /git/provision/gitsetup.sh: -------------------------------------------------------------------------------- 1 | gitlab_rails['ldap_enabled'] = true 2 | #gitlab_rails['prevent_ldap_sign_in'] = false 3 | 4 | ###! **remember to close this block with 'EOS' below** 5 | gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' 6 | main: # 'main' is the GitLab 'provider ID' of this LDAP server 7 | label: 'LDAP' 8 | host: 'a4ldc01.msx.local' 9 | port: 389 10 | uid: 'sAMAccountName' 11 | bind_dn: 'CN=Administrator,CN=Users,DC=msx,DC=local' 12 | password: 'msx@9797' 13 | encryption: 'plain' # "start_tls" or "simple_tls" or "plain" 14 | verify_certificates: true 15 | smartcard_auth: false 16 | active_directory: true 17 | allow_username_or_email_login: false 18 | block_auto_created_users: false 19 | base: 'CN=Users,DC=msx,DC=local' 20 | # user_filter: '(memberOf=CN=gitlab_users,OU=Groups,DC=msx,DC=local)' 21 | EOS 22 | 23 | -------------------------------------------------------------------------------- /git/provision/initialize.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | server_name="a4l-git" 4 | password="msx@9797" 5 | domain="msx.local" 6 | domain_ip="192.168.56.2" 7 | 8 | #update and upgrade os 9 | sudo apt update -y 10 | sudo apt upgrade -y 11 | 12 | #install packages required 13 | sudo apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit resolvconf ncdu tree vim curl -y 14 | 15 | ##change hostname 16 | 17 | hostnamectl set-hostname $server_name.$domain 18 | 19 | #add domain entry in /etc/resolvconf/resolv.conf.d/head 20 | cd /etc/resolvconf/resolv.conf.d/ 21 | cat < head 22 | # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) 23 | # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN 24 | # 127.0.0.53 is the systemd-resolved stub resolver. 25 | # run "systemd-resolve --status" to see details about the actual nameservers. 26 | 27 | search msx.local 28 | nameserver 192.168.56.2 29 | EOT 30 | 31 | # apply changes to /etc/resolv.conf 32 | sudo resolvconf -u 33 | -------------------------------------------------------------------------------- /git/provision/initialize.sh.old: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | server_name="a4l-git" 4 | password="msx@9797" 5 | domain="animals4life.local" 6 | domain_ip="192.168.56.2" 7 | 8 | #update and upgrade os 9 | sudo apt update -y 10 | sudo apt upgrade -y 11 | 12 | #install packages required 13 | sudo apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit resolvconf ncdu tree vim curl -y 14 | 15 | ##change hostname 16 | 17 | hostnamectl set-hostname $server_name.$domain 18 | 19 | #update initial nameserver config in resolv.conf 20 | cd /etc 21 | cat < resolv.conf 22 | search animals4life.local 23 | nameserver 192.168.56.2 24 | options edns0 25 | EOT 26 | 27 | #install resolvconf 28 | #sudo apt install resolvconf 29 | 30 | # add domain entry in /etc/resolvconf/resolv.conf.d/base 31 | cd /etc/resolvconf/resolv.conf.d/ 32 | cat < base 33 | # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) 34 | # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN 35 | # 127.0.0.53 is the systemd-resolved stub resolver. 36 | # run "systemd-resolve --status" to see details about the actual nameservers. 37 | 38 | search animals4life.local 39 | nameserver 192.168.56.2 40 | EOT 41 | 42 | #add domain entry in /etc/resolvconf/resolv.conf.d/head 43 | cd /etc/resolvconf/resolv.conf.d/ 44 | cat < head 45 | # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) 46 | # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN 47 | # 127.0.0.53 is the systemd-resolved stub resolver. 48 | # run "systemd-resolve --status" to see details about the actual nameservers. 49 | 50 | search animals4life.local 51 | nameserver 192.168.56.2 52 | EOT 53 | 54 | # apply changes to /etc/resolv.conf 55 | sudo resolvconf -u 56 | -------------------------------------------------------------------------------- /git/provision/install_node_exporter.sh: -------------------------------------------------------------------------------- 1 | 2 | #install Node Exporter 3 | 4 | #create a system user for Node Exporter 5 | sudo useradd \ 6 | --system \ 7 | --no-create-home \ 8 | --shell /bin/false node_exporter 9 | 10 | #download Node Exporter 11 | wget https://github.com/prometheus/node_exporter/releases/download/v1.4.0/node_exporter-1.4.0.linux-amd64.tar.gz 12 | 13 | #extract node exporter 14 | tar -xvf node_exporter-1.4.0.linux-amd64.tar.gz 15 | 16 | #move the binary to /usr/local/bin 17 | sudo mv \ 18 | node_exporter-1.4.0.linux-amd64/node_exporter \ 19 | /usr/local/bin/ 20 | 21 | #Clean up, delete node_exporter archive and a folder. 22 | rm -rf node_exporter* 23 | 24 | node_exporter --version 25 | 26 | #create a systemd unit configuration file 27 | cd /etc/systemd/system/ 28 | cat < /etc/systemd/system/node_exporter.service 29 | 30 | [Unit] 31 | Description=Node Exporter 32 | Wants=network-online.target 33 | After=network-online.target 34 | 35 | StartLimitIntervalSec=500 36 | StartLimitBurst=5 37 | 38 | [Service] 39 | User=node_exporter 40 | Group=node_exporter 41 | Type=simple 42 | Restart=on-failure 43 | RestartSec=5s 44 | ExecStart=/usr/local/bin/node_exporter \ 45 | --collector.logind 46 | 47 | [Install] 48 | WantedBy=multi-user.target 49 | 50 | EOT 51 | sudo systemctl daemon-reload 52 | sudo systemctl start node_exporter.service 53 | sudo systemctl enable node_exporter.service 54 | sudo systemctl status node_exporter.service 55 | -------------------------------------------------------------------------------- /git/provision/puppetnode_setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | wget https://apt.puppet.com/puppet7-release-bullseye.deb 4 | 5 | sudo dpkg -i puppet7-release-bullseye.deb 6 | 7 | sudo apt-get update -y 8 | 9 | sudo apt-get install puppet-agent -y 10 | 11 | 12 | sudo /opt/puppetlabs/bin/puppet config set server puppetmaster.msx.local --section main 13 | sudo /opt/puppetlabs/bin/puppet config set ca_server puppetmaster.msx.local --section main 14 | sudo /opt/puppetlabs/bin/puppet config set runinterval 30m --section main 15 | sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true 16 | sudo systemctl start puppet 17 | sudo systemctl enable puppet 18 | sudo systemctl status puppet 19 | 20 | -------------------------------------------------------------------------------- /img/Lab_Setup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandeepsingh10/devops-vagrant-lab/10ad92813154fa532c84b118f91e015d8398ff45/img/Lab_Setup.png -------------------------------------------------------------------------------- /img/devops_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandeepsingh10/devops-vagrant-lab/10ad92813154fa532c84b118f91e015d8398ff45/img/devops_logo.png -------------------------------------------------------------------------------- /jenkins/Vagrantfile: -------------------------------------------------------------------------------- 1 | Vagrant.configure("2") do |config| 2 | 3 | config.vm.provider "virtualbox" do |vb| 4 | vb.memory = "1024" 5 | vb.name = "Jenkins" 6 | end 7 | 8 | 9 | ### prometheus and grafana vm ### 10 | config.vm.define "jenkins" do |j| 11 | j.vm.box = "debian/bullseye64" 12 | j.vm.network "private_network", ip: "192.168.56.5" 13 | j.vm.provision "shell", path: "provision/initialize.sh" 14 | j.vm.provision "shell", reboot: true 15 | j.vm.provision "shell", path: "provision/add_to_domain.sh" 16 | j.vm.provision "shell", path: "provision/install_node_exporter.sh" 17 | j.vm.provision "shell", path: "provision/puppetnode_setup.sh" 18 | j.vm.provision "shell", path: "provision/jenkins_setup.sh" 19 | j.vm.provision "shell", reboot: true 20 | end 21 | 22 | end 23 | -------------------------------------------------------------------------------- /jenkins/log.txt: -------------------------------------------------------------------------------- 1 | Bringing machine 'jenkins' up with 'virtualbox' provider... 2 | ==> jenkins: Importing base box 'debian/bullseye64'... 3 | Progress: 40% Progress: 50% Progress: 60% Progress: 70% Progress: 90% ==> jenkins: Matching MAC address for NAT networking... 4 | ==> jenkins: Checking if box 'debian/bullseye64' version '11.20220912.1' is up to date... 5 | ==> jenkins: Setting the name of the VM: Jenkins 6 | ==> jenkins: Fixed port collision for 22 => 2222. Now on port 2200. 7 | ==> jenkins: Clearing any previously set network interfaces... 8 | ==> jenkins: Preparing network interfaces based on configuration... 9 | jenkins: Adapter 1: nat 10 | jenkins: Adapter 2: hostonly 11 | ==> jenkins: Forwarding ports... 12 | jenkins: 22 (guest) => 2200 (host) (adapter 1) 13 | ==> jenkins: Running 'pre-boot' VM customizations... 14 | ==> jenkins: Booting VM... 15 | ==> jenkins: Waiting for machine to boot. This may take a few minutes... 16 | jenkins: SSH address: 127.0.0.1:2200 17 | jenkins: SSH username: vagrant 18 | jenkins: SSH auth method: private key 19 | jenkins: 20 | jenkins: Vagrant insecure key detected. Vagrant will automatically replace 21 | jenkins: this with a newly generated keypair for better security. 22 | jenkins: 23 | jenkins: Inserting generated public key within guest... 24 | jenkins: Removing insecure key from the guest if it's present... 25 | jenkins: Key inserted! Disconnecting and reconnecting using new SSH key... 26 | ==> jenkins: Machine booted and ready! 27 | ==> jenkins: Checking for guest additions in VM... 28 | jenkins: The guest additions on this VM do not match the installed version of 29 | jenkins: VirtualBox! In most cases this is fine, but in rare cases it can 30 | jenkins: prevent things such as shared folders from working properly. If you see 31 | jenkins: shared folder errors, please make sure the guest additions within the 32 | jenkins: virtual machine match the version of VirtualBox you have installed on 33 | jenkins: your host and reload your VM. 34 | jenkins: 35 | jenkins: Guest Additions Version: 6.0.0 r127566 36 | jenkins: VirtualBox Version: 6.1 37 | ==> jenkins: Configuring and enabling network interfaces... 38 | ==> jenkins: Mounting shared folders... 39 | jenkins: /vagrant => /home/msx10/repo/devops-vagrant-lab/jenkins 40 | ==> jenkins: Running provisioner: shell... 41 | jenkins: Running: /tmp/vagrant-shell20221117-32680-t0huxn.sh 42 | jenkins: 43 | jenkins: WARNING: apt does not have a stable CLI interface. Use with caution in scripts. 44 | jenkins: 45 | jenkins: Get:1 https://security.debian.org/debian-security bullseye-security InRelease [48.4 kB] 46 | jenkins: Get:2 https://security.debian.org/debian-security bullseye-security/main Sources [169 kB] 47 | jenkins: Get:3 https://security.debian.org/debian-security bullseye-security/main amd64 Packages [200 kB] 48 | jenkins: Get:4 https://security.debian.org/debian-security bullseye-security/main Translation-en [130 kB] 49 | jenkins: Err:5 https://deb.debian.org/debian bullseye InRelease 50 | jenkins: Cannot initiate the connection to debian.map.fastly.net:443 (2a04:4e42:42::644). - connect (101: Network is unreachable) Could not connect to debian.map.fastly.net:443 (199.232.22.132), connection timed out Cannot initiate the connection to deb.debian.org:443 (2a04:4e42:42::644). - connect (101: Network is unreachable) 51 | jenkins: Err:6 https://deb.debian.org/debian bullseye-updates InRelease 52 | jenkins: Cannot initiate the connection to deb.debian.org:443 (2a04:4e42:42::644). - connect (101: Network is unreachable) 53 | jenkins: Err:7 https://deb.debian.org/debian bullseye-backports InRelease 54 | jenkins: Cannot initiate the connection to deb.debian.org:443 (2a04:4e42:42::644). - connect (101: Network is unreachable) 55 | jenkins: Fetched 548 kB in 30s (18.0 kB/s) 56 | jenkins: Reading package lists... 57 | jenkins: Building dependency tree... 58 | jenkins: Reading state information... 59 | jenkins: 14 packages can be upgraded. Run 'apt list --upgradable' to see them. 60 | jenkins: W: Failed to fetch https://deb.debian.org/debian/dists/bullseye/InRelease Cannot initiate the connection to debian.map.fastly.net:443 (2a04:4e42:42::644). - connect (101: Network is unreachable) Could not connect to debian.map.fastly.net:443 (199.232.22.132), connection timed out Cannot initiate the connection to deb.debian.org:443 (2a04:4e42:42::644). - connect (101: Network is unreachable) 61 | jenkins: W: Failed to fetch https://deb.debian.org/debian/dists/bullseye-updates/InRelease Cannot initiate the connection to deb.debian.org:443 (2a04:4e42:42::644). - connect (101: Network is unreachable) 62 | jenkins: W: Failed to fetch https://deb.debian.org/debian/dists/bullseye-backports/InRelease Cannot initiate the connection to deb.debian.org:443 (2a04:4e42:42::644). - connect (101: Network is unreachable) 63 | jenkins: W: Some index files failed to download. They have been ignored, or old ones used instead. 64 | jenkins: 65 | jenkins: WARNING: apt does not have a stable CLI interface. Use with caution in scripts. 66 | jenkins: 67 | jenkins: Reading package lists... 68 | jenkins: Building dependency tree... 69 | jenkins: Reading state information... 70 | jenkins: Calculating upgrade... 71 | jenkins: The following packages have been kept back: 72 | jenkins: linux-image-amd64 73 | jenkins: The following packages will be upgraded: 74 | jenkins: bind9-dnsutils bind9-host bind9-libs dbus grub-common grub-pc grub-pc-bin 75 | jenkins: grub2-common isc-dhcp-client isc-dhcp-common libdbus-1-3 libexpat1 libxml2 76 | jenkins: 13 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. 77 | jenkins: Need to get 8357 kB of archives. 78 | jenkins: After this operation, 1024 B disk space will be freed. 79 | jenkins: Get:1 https://security.debian.org/debian-security bullseye-security/main amd64 dbus amd64 1.12.24-0+deb11u1 [243 kB] 80 | jenkins: Get:2 https://security.debian.org/debian-security bullseye-security/main amd64 libdbus-1-3 amd64 1.12.24-0+deb11u1 [222 kB] 81 | jenkins: Get:3 https://security.debian.org/debian-security bullseye-security/main amd64 libexpat1 amd64 2.2.10-2+deb11u5 [98.2 kB] 82 | jenkins: Get:4 https://security.debian.org/debian-security bullseye-security/main amd64 isc-dhcp-client amd64 4.4.1-2.3+deb11u1 [342 kB] 83 | jenkins: Get:5 https://security.debian.org/debian-security bullseye-security/main amd64 isc-dhcp-common amd64 4.4.1-2.3+deb11u1 [145 kB] 84 | jenkins: Get:6 https://security.debian.org/debian-security bullseye-security/main amd64 libxml2 amd64 2.9.10+dfsg-6.7+deb11u3 [693 kB] 85 | jenkins: Get:7 https://security.debian.org/debian-security bullseye-security/main amd64 bind9-dnsutils amd64 1:9.16.33-1~deb11u1 [400 kB] 86 | jenkins: Get:8 https://security.debian.org/debian-security bullseye-security/main amd64 bind9-libs amd64 1:9.16.33-1~deb11u1 [1410 kB] 87 | jenkins: Get:9 https://security.debian.org/debian-security bullseye-security/main amd64 bind9-host amd64 1:9.16.33-1~deb11u1 [306 kB] 88 | jenkins: Get:10 https://security.debian.org/debian-security bullseye-security/main amd64 grub-pc amd64 2.06-3~deb11u4 [131 kB] 89 | jenkins: Get:11 https://security.debian.org/debian-security bullseye-security/main amd64 grub2-common amd64 2.06-3~deb11u4 [611 kB] 90 | jenkins: Get:12 https://security.debian.org/debian-security bullseye-security/main amd64 grub-pc-bin amd64 2.06-3~deb11u4 [992 kB] 91 | jenkins: Get:13 https://security.debian.org/debian-security bullseye-security/main amd64 grub-common amd64 2.06-3~deb11u4 [2763 kB] 92 | jenkins: apt-listchanges: Reading changelogs... 93 | jenkins: dpkg-preconfigure: unable to re-open stdin: No such file or directory 94 | jenkins: Fetched 8357 kB in 54s (153 kB/s) 95 | jenkins: (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 25144 files and directories currently installed.) 96 | jenkins: Preparing to unpack .../00-dbus_1.12.24-0+deb11u1_amd64.deb ... 97 | jenkins: Unpacking dbus (1.12.24-0+deb11u1) over (1.12.20-2) ... 98 | jenkins: Preparing to unpack .../01-libdbus-1-3_1.12.24-0+deb11u1_amd64.deb ... 99 | jenkins: Unpacking libdbus-1-3:amd64 (1.12.24-0+deb11u1) over (1.12.20-2) ... 100 | jenkins: Preparing to unpack .../02-libexpat1_2.2.10-2+deb11u5_amd64.deb ... 101 | jenkins: Unpacking libexpat1:amd64 (2.2.10-2+deb11u5) over (2.2.10-2+deb11u3) ... 102 | jenkins: Preparing to unpack .../03-isc-dhcp-client_4.4.1-2.3+deb11u1_amd64.deb ... 103 | jenkins: Unpacking isc-dhcp-client (4.4.1-2.3+deb11u1) over (4.4.1-2.3) ... 104 | jenkins: Preparing to unpack .../04-isc-dhcp-common_4.4.1-2.3+deb11u1_amd64.deb ... 105 | jenkins: Unpacking isc-dhcp-common (4.4.1-2.3+deb11u1) over (4.4.1-2.3) ... 106 | jenkins: Preparing to unpack .../05-libxml2_2.9.10+dfsg-6.7+deb11u3_amd64.deb ... 107 | jenkins: Unpacking libxml2:amd64 (2.9.10+dfsg-6.7+deb11u3) over (2.9.10+dfsg-6.7+deb11u2) ... 108 | jenkins: Preparing to unpack .../06-bind9-dnsutils_1%3a9.16.33-1~deb11u1_amd64.deb ... 109 | jenkins: Unpacking bind9-dnsutils (1:9.16.33-1~deb11u1) over (1:9.16.27-1~deb11u1) ... 110 | jenkins: Preparing to unpack .../07-bind9-libs_1%3a9.16.33-1~deb11u1_amd64.deb ... 111 | jenkins: Unpacking bind9-libs:amd64 (1:9.16.33-1~deb11u1) over (1:9.16.27-1~deb11u1) ... 112 | jenkins: Preparing to unpack .../08-bind9-host_1%3a9.16.33-1~deb11u1_amd64.deb ... 113 | jenkins: Unpacking bind9-host (1:9.16.33-1~deb11u1) over (1:9.16.27-1~deb11u1) ... 114 | jenkins: Preparing to unpack .../09-grub-pc_2.06-3~deb11u4_amd64.deb ... 115 | jenkins: Unpacking grub-pc (2.06-3~deb11u4) over (2.06-3~deb11u1) ... 116 | jenkins: Preparing to unpack .../10-grub2-common_2.06-3~deb11u4_amd64.deb ... 117 | jenkins: Unpacking grub2-common (2.06-3~deb11u4) over (2.06-3~deb11u1) ... 118 | jenkins: Preparing to unpack .../11-grub-pc-bin_2.06-3~deb11u4_amd64.deb ... 119 | jenkins: Unpacking grub-pc-bin (2.06-3~deb11u4) over (2.06-3~deb11u1) ... 120 | jenkins: Preparing to unpack .../12-grub-common_2.06-3~deb11u4_amd64.deb ... 121 | jenkins: Unpacking grub-common (2.06-3~deb11u4) over (2.06-3~deb11u1) ... 122 | jenkins: Setting up libexpat1:amd64 (2.2.10-2+deb11u5) ... 123 | jenkins: Setting up isc-dhcp-client (4.4.1-2.3+deb11u1) ... 124 | jenkins: Setting up grub-common (2.06-3~deb11u4) ... 125 | jenkins: Setting up libdbus-1-3:amd64 (1.12.24-0+deb11u1) ... 126 | jenkins: Setting up dbus (1.12.24-0+deb11u1) ... 127 | jenkins: A reboot is required to replace the running dbus-daemon. 128 | jenkins: Please reboot the system when convenient. 129 | jenkins: dbus.service is a disabled or a static unit, not starting it. 130 | jenkins: dbus.socket is a disabled or a static unit, not starting it. 131 | jenkins: Setting up isc-dhcp-common (4.4.1-2.3+deb11u1) ... 132 | jenkins: Setting up libxml2:amd64 (2.9.10+dfsg-6.7+deb11u3) ... 133 | jenkins: Setting up bind9-libs:amd64 (1:9.16.33-1~deb11u1) ... 134 | jenkins: Setting up grub2-common (2.06-3~deb11u4) ... 135 | jenkins: Setting up grub-pc-bin (2.06-3~deb11u4) ... 136 | jenkins: Setting up grub-pc (2.06-3~deb11u4) ... 137 | jenkins: Installing for i386-pc platform. 138 | jenkins: Installation finished. No error reported. 139 | jenkins: Generating grub configuration file ... 140 | jenkins: Found linux image: /boot/vmlinuz-5.10.0-18-amd64 141 | jenkins: Found initrd image: /boot/initrd.img-5.10.0-18-amd64 142 | jenkins: done 143 | jenkins: Setting up bind9-host (1:9.16.33-1~deb11u1) ... 144 | jenkins: Setting up bind9-dnsutils (1:9.16.33-1~deb11u1) ... 145 | jenkins: Processing triggers for man-db (2.9.4-2) ... 146 | jenkins: Processing triggers for libc-bin (2.31-13+deb11u4) ... 147 | jenkins: 148 | jenkins: WARNING: apt does not have a stable CLI interface. Use with caution in scripts. 149 | jenkins: 150 | jenkins: Reading package lists... 151 | jenkins: Building dependency tree... 152 | jenkins: Reading state information... 153 | jenkins: Package resolvconf is not available, but is referred to by another package. 154 | jenkins: This may mean that the package is missing, has been obsoleted, or 155 | jenkins: is only available from another source 156 | jenkins: 157 | jenkins: Package packagekit is not available, but is referred to by another package. 158 | jenkins: This may mean that the package is missing, has been obsoleted, or 159 | jenkins: is only available from another source 160 | jenkins: 161 | jenkins: Package sssd is not available, but is referred to by another package. 162 | jenkins: This may mean that the package is missing, has been obsoleted, or 163 | jenkins: is only available from another source 164 | jenkins: 165 | jenkins: Package vim is not available, but is referred to by another package. 166 | jenkins: This may mean that the package is missing, has been obsoleted, or 167 | jenkins: is only available from another source 168 | jenkins: 169 | jenkins: E: Unable to locate package realmd 170 | jenkins: E: Unable to locate package libnss-sss 171 | jenkins: E: Unable to locate package libpam-sss 172 | jenkins: E: Package 'sssd' has no installation candidate 173 | jenkins: E: Unable to locate package sssd-tools 174 | jenkins: E: Unable to locate package adcli 175 | jenkins: E: Unable to locate package oddjob 176 | jenkins: E: Unable to locate package oddjob-mkhomedir 177 | jenkins: E: Package 'packagekit' has no installation candidate 178 | jenkins: E: Package 'resolvconf' has no installation candidate 179 | jenkins: E: Unable to locate package ncdu 180 | jenkins: E: Unable to locate package tree 181 | jenkins: E: Package 'vim' has no installation candidate 182 | jenkins: /tmp/vagrant-shell: line 20: cd: /etc/resolvconf/resolv.conf.d/: No such file or directory 183 | jenkins: sudo: resolvconf: command not found 184 | -------------------------------------------------------------------------------- /jenkins/provision/add_to_domain.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | password="msx@9797" 4 | domain="msx.local" 5 | domain_ip="192.168.56.2" 6 | 7 | #join the realm 8 | 9 | sudo echo $password | realm join -U administrator $domain 10 | 11 | #update /usr/share/pam-configs/mkhomedir 12 | 13 | cd /usr/share/pam-configs 14 | 15 | cat < mkhomedir 16 | Name: Create home directory on login 17 | Default: yes 18 | Priority: 900 19 | Session-Type: Additional 20 | Session: 21 | optional pam_mkhomedir.so 22 | EOT 23 | 24 | #enable homedirectory creation on login 25 | pam-auth-update --enable mkhomedir 26 | sudo systemctl restart sssd.service 27 | 28 | #update sssd config 29 | cd /etc/sssd 30 | cat < sssd.conf 31 | [sssd] 32 | domains = msx.local 33 | config_file_version = 2 34 | services = nss, pam 35 | 36 | [domain/msx.local] 37 | ad_domain = msx.local 38 | krb5_realm = MSX.LOCAL 39 | realmd_tags = manages-system joined-with-adcli 40 | cache_credentials = True 41 | id_provider = ad 42 | krb5_store_password_if_offline = True 43 | default_shell = /bin/bash 44 | ldap_id_mapping = True 45 | use_fully_qualified_names = False 46 | fallback_homedir = /home/%u 47 | access_provider = simple 48 | EOT 49 | 50 | sudo systemctl restart sssd.service 51 | 52 | #allow ad groups to login to the server 53 | sudo realm permit -g linux_users@msx.local 54 | sudo realm permit -g linux_admins@msx.local 55 | sudo systemctl restart sssd.service 56 | 57 | #update password login 58 | sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config 59 | sudo systemctl restart sshd.service 60 | 61 | ## Allow sudo access to linux-admins 62 | 63 | cd /etc/sudoers.d/ 64 | 65 | cat < linux_admins 66 | %linux_admins ALL=(ALL) NOPASSWD:ALL 67 | EOT 68 | 69 | #Allow users to run puppet command with sudo. ex - sudo puppet agent -tvvv 70 | sudo sed -e '/secure_path/s/^/#/g' -i /etc/sudoers 71 | 72 | #System has been provisioned 73 | -------------------------------------------------------------------------------- /jenkins/provision/initialize.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | server_name="a4l-jenkins" 4 | password="msx@9797" 5 | domain="msx.local" 6 | domain_ip="192.168.56.2" 7 | 8 | #update and upgrade os 9 | sudo apt update -y 10 | sudo apt upgrade -y 11 | 12 | #install packages required 13 | sudo apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit resolvconf ncdu tree vim curl -y 14 | 15 | ##change hostname 16 | 17 | hostnamectl set-hostname $server_name.$domain 18 | 19 | #add domain entry in /etc/resolvconf/resolv.conf.d/head 20 | cd /etc/resolvconf/resolv.conf.d/ 21 | cat < head 22 | # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) 23 | # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN 24 | # 127.0.0.53 is the systemd-resolved stub resolver. 25 | # run "systemd-resolve --status" to see details about the actual nameservers. 26 | 27 | search msx.local 28 | nameserver 192.168.56.2 29 | EOT 30 | 31 | # apply changes to /etc/resolv.conf 32 | sudo resolvconf -u 33 | 34 | -------------------------------------------------------------------------------- /jenkins/provision/install_node_exporter.sh: -------------------------------------------------------------------------------- 1 | 2 | #install Node Exporter 3 | 4 | #create a system user for Node Exporter 5 | sudo useradd \ 6 | --system \ 7 | --no-create-home \ 8 | --shell /bin/false node_exporter 9 | 10 | #download Node Exporter 11 | wget https://github.com/prometheus/node_exporter/releases/download/v1.4.0/node_exporter-1.4.0.linux-amd64.tar.gz 12 | 13 | #extract node exporter 14 | tar -xvf node_exporter-1.4.0.linux-amd64.tar.gz 15 | 16 | #move the binary to /usr/local/bin 17 | sudo mv \ 18 | node_exporter-1.4.0.linux-amd64/node_exporter \ 19 | /usr/local/bin/ 20 | 21 | #Clean up, delete node_exporter archive and a folder. 22 | rm -rf node_exporter* 23 | 24 | node_exporter --version 25 | 26 | #create a systemd unit configuration file 27 | cd /etc/systemd/system/ 28 | cat < /etc/systemd/system/node_exporter.service 29 | 30 | [Unit] 31 | Description=Node Exporter 32 | Wants=network-online.target 33 | After=network-online.target 34 | 35 | StartLimitIntervalSec=500 36 | StartLimitBurst=5 37 | 38 | [Service] 39 | User=node_exporter 40 | Group=node_exporter 41 | Type=simple 42 | Restart=on-failure 43 | RestartSec=5s 44 | ExecStart=/usr/local/bin/node_exporter \ 45 | --collector.logind 46 | 47 | [Install] 48 | WantedBy=multi-user.target 49 | 50 | EOT 51 | sudo systemctl daemon-reload 52 | sudo systemctl start node_exporter.service 53 | sudo systemctl enable node_exporter.service 54 | sudo systemctl status node_exporter.service 55 | -------------------------------------------------------------------------------- /jenkins/provision/jenkins_setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | sudo apt update -y 4 | sudo apt install openjdk-11-jdk -y 5 | 6 | #importing the GPG key for jenkins repo 7 | sudo curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo tee /usr/share/keyrings/jenkins-keyring.asc > /dev/null 8 | 9 | #Add the Jenkins software repository to the source list and provide the authentication key: 10 | echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list > /dev/null 11 | 12 | #Install Jenkins and enable on startup 13 | sudo apt update 14 | sudo apt install jenkins -y 15 | sudo systemctl start jenkins 16 | sudo systemctl enable --now jenkins 17 | 18 | 19 | #Display the initial admin password for jenkins 20 | sudo cat /var/lib/jenkins/secrets/initialAdminPassword 21 | 22 | # System has been provisioned 23 | -------------------------------------------------------------------------------- /jenkins/provision/puppetnode_setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | wget https://apt.puppet.com/puppet7-release-bullseye.deb 4 | 5 | sudo dpkg -i puppet7-release-bullseye.deb 6 | 7 | sudo apt-get update -y 8 | 9 | sudo apt-get install puppet-agent -y 10 | 11 | 12 | sudo /opt/puppetlabs/bin/puppet config set server puppetmaster.msx.local --section main 13 | sudo /opt/puppetlabs/bin/puppet config set ca_server puppetmaster.msx.local --section main 14 | sudo /opt/puppetlabs/bin/puppet config set runinterval 30m --section main 15 | sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true 16 | sudo systemctl start puppet 17 | sudo systemctl enable puppet 18 | sudo systemctl status puppet 19 | 20 | -------------------------------------------------------------------------------- /linux01/Vagrantfile: -------------------------------------------------------------------------------- 1 | Vagrant.configure("2") do |config| 2 | 3 | config.vm.provider "virtualbox" do |vb| 4 | vb.memory = "1024" 5 | vb.name = "Linux-01" 6 | end 7 | ### linux test vm ### 8 | config.vm.define "linux01" do |t| 9 | t.vm.box = "debian/bullseye64" 10 | t.vm.network "private_network", ip: "192.168.56.97" 11 | t.vm.provision "shell", path: "provision/initialize.sh" 12 | t.vm.provision "shell", reboot: true 13 | t.vm.provision "shell", path: "provision/add_to_domain.sh" 14 | t.vm.provision "shell", reboot: true 15 | t.vm.provision "shell", path: "provision/install_node_exporter.sh" 16 | t.vm.provision "shell", path: "provision/puppetnode_setup.sh" 17 | end 18 | 19 | end 20 | -------------------------------------------------------------------------------- /linux01/provision/add_to_domain.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | password="msx@9797" 4 | domain="msx.local" 5 | domain_ip="192.168.56.2" 6 | 7 | #join the realm 8 | 9 | sudo echo $password | realm join -U administrator $domain 10 | 11 | #update /usr/share/pam-configs/mkhomedir 12 | 13 | cd /usr/share/pam-configs 14 | 15 | cat < mkhomedir 16 | Name: Create home directory on login 17 | Default: yes 18 | Priority: 900 19 | Session-Type: Additional 20 | Session: 21 | optional pam_mkhomedir.so 22 | EOT 23 | 24 | #enable homedirectory creation on login 25 | pam-auth-update --enable mkhomedir 26 | sudo systemctl restart sssd.service 27 | 28 | #update sssd config 29 | cd /etc/sssd 30 | cat < sssd.conf 31 | [sssd] 32 | domains = msx.local 33 | config_file_version = 2 34 | services = nss, pam 35 | 36 | [domain/msx.local] 37 | ad_domain = msx.local 38 | krb5_realm = MSX.LOCAL 39 | realmd_tags = manages-system joined-with-adcli 40 | cache_credentials = True 41 | id_provider = ad 42 | krb5_store_password_if_offline = True 43 | default_shell = /bin/bash 44 | ldap_id_mapping = True 45 | use_fully_qualified_names = False 46 | fallback_homedir = /home/%u 47 | access_provider = simple 48 | EOT 49 | 50 | sudo systemctl restart sssd.service 51 | 52 | #allow ad groups to login to the server 53 | sudo realm permit -g linux_users@msx.local 54 | sudo realm permit -g linux_admins@msx.local 55 | sudo systemctl restart sssd.service 56 | 57 | #update password login 58 | sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config 59 | sudo systemctl restart sshd.service 60 | 61 | ## Allow sudo access to linux-admins 62 | 63 | cd /etc/sudoers.d/ 64 | 65 | cat < linux_admins 66 | %linux_admins ALL=(ALL) NOPASSWD:ALL 67 | EOT 68 | 69 | #Allow users to run puppet command with sudo. ex - sudo puppet agent -tvvv 70 | sudo sed -e '/secure_path/s/^/#/g' -i /etc/sudoers 71 | 72 | #System has been provisioned 73 | -------------------------------------------------------------------------------- /linux01/provision/initialize.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | server_name="a4l-linux01" 4 | password="msx@9797" 5 | domain="msx.local" 6 | domain_ip="192.168.56.2" 7 | 8 | #update and upgrade os 9 | sudo apt update -y 10 | sudo apt upgrade -y 11 | 12 | #install packages required 13 | sudo apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit resolvconf tree ncdu vim curl -y 14 | 15 | ##change hostname 16 | 17 | hostnamectl set-hostname $server_name.$domain 18 | 19 | #add domain entry in /etc/resolvconf/resolv.conf.d/head 20 | cd /etc/resolvconf/resolv.conf.d/ 21 | cat < head 22 | # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) 23 | # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN 24 | # 127.0.0.53 is the systemd-resolved stub resolver. 25 | # run "systemd-resolve --status" to see details about the actual nameservers. 26 | 27 | search msx.local 28 | nameserver 192.168.56.2 29 | EOT 30 | 31 | # apply changes to /etc/resolv.conf 32 | sudo resolvconf -u 33 | 34 | -------------------------------------------------------------------------------- /linux01/provision/install_node_exporter.sh: -------------------------------------------------------------------------------- 1 | 2 | #install Node Exporter 3 | 4 | #create a system user for Node Exporter 5 | sudo useradd \ 6 | --system \ 7 | --no-create-home \ 8 | --shell /bin/false node_exporter 9 | 10 | #download Node Exporter 11 | wget https://github.com/prometheus/node_exporter/releases/download/v1.4.0/node_exporter-1.4.0.linux-amd64.tar.gz 12 | 13 | #extract node exporter 14 | tar -xvf node_exporter-1.4.0.linux-amd64.tar.gz 15 | 16 | #move the binary to /usr/local/bin 17 | sudo mv \ 18 | node_exporter-1.4.0.linux-amd64/node_exporter \ 19 | /usr/local/bin/ 20 | 21 | #Clean up, delete node_exporter archive and a folder. 22 | rm -rf node_exporter* 23 | 24 | node_exporter --version 25 | 26 | #create a systemd unit configuration file 27 | cd /etc/systemd/system/ 28 | cat < /etc/systemd/system/node_exporter.service 29 | 30 | [Unit] 31 | Description=Node Exporter 32 | Wants=network-online.target 33 | After=network-online.target 34 | 35 | StartLimitIntervalSec=500 36 | StartLimitBurst=5 37 | 38 | [Service] 39 | User=node_exporter 40 | Group=node_exporter 41 | Type=simple 42 | Restart=on-failure 43 | RestartSec=5s 44 | ExecStart=/usr/local/bin/node_exporter \ 45 | --collector.logind 46 | 47 | [Install] 48 | WantedBy=multi-user.target 49 | 50 | EOT 51 | sudo systemctl daemon-reload 52 | sudo systemctl start node_exporter.service 53 | sudo systemctl enable node_exporter.service 54 | sudo systemctl status node_exporter.service 55 | -------------------------------------------------------------------------------- /linux01/provision/puppetnode_setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | wget https://apt.puppet.com/puppet7-release-bullseye.deb 4 | 5 | sudo dpkg -i puppet7-release-bullseye.deb 6 | 7 | sudo apt-get update -y 8 | 9 | sudo apt-get install puppet-agent -y 10 | 11 | 12 | sudo /opt/puppetlabs/bin/puppet config set server puppetmaster.msx.local --section main 13 | sudo /opt/puppetlabs/bin/puppet config set ca_server puppetmaster.msx.local --section main 14 | sudo /opt/puppetlabs/bin/puppet config set runinterval 30m --section main 15 | sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true 16 | sudo systemctl start puppet 17 | sudo systemctl enable puppet 18 | sudo systemctl status puppet 19 | 20 | -------------------------------------------------------------------------------- /linux01/provision/startup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | password="msx@9797" 4 | domain="animals4life.local" 5 | domain_ip="192.168.56.2" 6 | 7 | #update and upgrade os 8 | sudo apt update -y 9 | sudo apt upgrade -y 10 | 11 | #install packages required 12 | sudo apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit -y 13 | 14 | 15 | #install resolvconf 16 | #sudo apt install resolvconf 17 | 18 | # add domain entry in /etc/resolvconf/resolv.conf.d/base 19 | #cd /etc/resolvconf/resolv.conf.d/ 20 | #cat < base 21 | #nameserver 192.168.56.2 22 | #search localdomain 23 | #EOT 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /prometheus_grafana/Vagrantfile: -------------------------------------------------------------------------------- 1 | Vagrant.configure("2") do |config| 2 | 3 | config.vm.provider "virtualbox" do |v| 4 | v.memory = 1024 5 | v.cpus = 1 6 | v.name = "Prometheus-Grafana" 7 | end 8 | 9 | ### prometheus and grafana vm ### 10 | config.vm.define "prom" do |p| 11 | p.vm.box = "debian/bullseye64" 12 | p.vm.network "private_network", ip: "192.168.56.4" 13 | p.vm.provision "shell", path: "provision/initialize.sh" 14 | p.vm.provision "shell", reboot: true 15 | p.vm.provision "shell", path: "provision/add_to_domain.sh" 16 | p.vm.provision "shell", path: "provision/prometheus_grafana.sh" 17 | p.vm.provision "shell", path: "provision/puppetnode_setup.sh" 18 | p.vm.provision "shell", reboot: true 19 | end 20 | 21 | end 22 | -------------------------------------------------------------------------------- /prometheus_grafana/provision/add_to_domain.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | password="msx@9797" 4 | domain="msx.local" 5 | domain_ip="192.168.56.2" 6 | 7 | #join the realm 8 | 9 | sudo echo $password | realm join -U administrator $domain 10 | 11 | #update /usr/share/pam-configs/mkhomedir 12 | 13 | cd /usr/share/pam-configs 14 | 15 | cat < mkhomedir 16 | Name: Create home directory on login 17 | Default: yes 18 | Priority: 900 19 | Session-Type: Additional 20 | Session: 21 | optional pam_mkhomedir.so 22 | EOT 23 | 24 | #enable homedirectory creation on login 25 | pam-auth-update --enable mkhomedir 26 | sudo systemctl restart sssd.service 27 | 28 | #update sssd config 29 | cd /etc/sssd 30 | cat < sssd.conf 31 | [sssd] 32 | domains = msx.local 33 | config_file_version = 2 34 | services = nss, pam 35 | 36 | [domain/msx.local] 37 | ad_domain = msx.local 38 | krb5_realm = MSX.LOCAL 39 | realmd_tags = manages-system joined-with-adcli 40 | cache_credentials = True 41 | id_provider = ad 42 | krb5_store_password_if_offline = True 43 | default_shell = /bin/bash 44 | ldap_id_mapping = True 45 | use_fully_qualified_names = False 46 | fallback_homedir = /home/%u 47 | access_provider = simple 48 | EOT 49 | 50 | sudo systemctl restart sssd.service 51 | 52 | #allow ad groups to login to the server 53 | sudo realm permit -g linux_users@msx.local 54 | sudo realm permit -g linux_admins@msx.local 55 | sudo systemctl restart sssd.service 56 | 57 | #update password login 58 | sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config 59 | sudo systemctl restart sshd.service 60 | 61 | ## Allow sudo access to linux-admins 62 | 63 | cd /etc/sudoers.d/ 64 | 65 | cat < linux_admins 66 | %linux_admins ALL=(ALL) NOPASSWD:ALL 67 | EOT 68 | 69 | #Allow users to run puppet command with sudo. ex - sudo puppet agent -tvvv 70 | sudo sed -e '/secure_path/s/^/#/g' -i /etc/sudoers 71 | 72 | #System has been provisioned 73 | -------------------------------------------------------------------------------- /prometheus_grafana/provision/initialize.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | server_name="a4l-prometheus" 4 | password="msx@9797" 5 | domain="msx.local" 6 | domain_ip="192.168.56.2" 7 | 8 | #update and upgrade os 9 | sudo apt update -y 10 | sudo apt upgrade -y 11 | 12 | #install packages required 13 | sudo apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit resolvconf tree ncdu vim curl -y 14 | 15 | ##change hostname 16 | 17 | hostnamectl set-hostname $server_name.$domain 18 | 19 | #add domain entry in /etc/resolvconf/resolv.conf.d/head 20 | cd /etc/resolvconf/resolv.conf.d/ 21 | cat < head 22 | # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) 23 | # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN 24 | # 127.0.0.53 is the systemd-resolved stub resolver. 25 | # run "systemd-resolve --status" to see details about the actual nameservers. 26 | 27 | search msx.local 28 | nameserver 192.168.56.2 29 | EOT 30 | 31 | # apply changes to /etc/resolv.conf 32 | sudo resolvconf -u 33 | -------------------------------------------------------------------------------- /prometheus_grafana/provision/prometheus.yml: -------------------------------------------------------------------------------- 1 | global: 2 | scrape_interval: 15s # By default, scrape targets every 15 seconds. 3 | 4 | # Attach these labels to any time series or alerts when communicating with 5 | # external systems (federation, remote storage, Alertmanager). 6 | external_labels: 7 | monitor: 'codelab-monitor' 8 | 9 | # A scrape configuration containing exactly one endpoint to scrape: 10 | # Here it's Prometheus itself. 11 | scrape_configs: 12 | # The job name is added as a label job= to any timeseries scraped from this config. 13 | - job_name: 'node-prometheus' 14 | 15 | static_configs: 16 | - targets: ['localhost:9100'] 17 | 18 | - job_name: 'animal4life.local-INFRA' 19 | 20 | static_configs: 21 | - targets: ['a4ldc01.animals4life.local:9182'] 22 | - targets: ['puppetmaster.animals4life.local:9100'] 23 | - targets: ['a4l-git.animals4life.local:9100'] 24 | - targets: ['a4l-jenkins.animals4life.local:9100'] 25 | 26 | -------------------------------------------------------------------------------- /prometheus_grafana/provision/prometheus_grafana.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | sudo apt-get update 3 | 4 | #create a system user or system account 5 | sudo useradd \ 6 | --system \ 7 | --no-create-home \ 8 | --shell /bin/false prometheus 9 | 10 | # download prometheus installation files 11 | wget https://github.com/prometheus/prometheus/releases/download/v2.37.2/prometheus-2.37.2.linux-amd64.tar.gz 12 | 13 | # Extract files 14 | tar -xvzf prometheus-2.37.2.linux-amd64.tar.gz 15 | 16 | #create a folder for prometheus data and configuration files 17 | sudo mkdir -p /data /etc/prometheus 18 | cd prometheus-2.37.2.linux-amd64 19 | 20 | #move the prometheus binary and a promtool to the /usr/local/bin/ 21 | sudo mv prometheus promtool /usr/local/bin/ 22 | 23 | #move console libraries to the Prometheus configuration directory 24 | sudo mv consoles/ console_libraries/ /etc/prometheus/ 25 | 26 | #move the example of the main prometheus configuration file 27 | sudo mv prometheus.yml /etc/prometheus/prometheus.yml 28 | 29 | #set correct ownership for the /etc/prometheus/ and data directory. 30 | sudo chown -R prometheus:prometheus /etc/prometheus/ /data/ 31 | 32 | #delete the archive and prometheus folder 33 | cd 34 | rm -rf prometheus* 35 | 36 | 37 | #create a systemd unit configuration file 38 | cd /etc/systemd/system/ 39 | cat < /etc/systemd/system/prometheus.service 40 | 41 | [Unit] 42 | Description=Prometheus 43 | Wants=network-online.target 44 | After=network-online.target 45 | 46 | StartLimitIntervalSec=500 47 | StartLimitBurst=5 48 | 49 | [Service] 50 | User=prometheus 51 | Group=prometheus 52 | Type=simple 53 | Restart=on-failure 54 | RestartSec=5s 55 | ExecStart=/usr/local/bin/prometheus \ 56 | --config.file=/etc/prometheus/prometheus.yml \ 57 | --storage.tsdb.path=/data \ 58 | --web.console.templates=/etc/prometheus/consoles \ 59 | --web.console.libraries=/etc/prometheus/console_libraries \ 60 | --web.listen-address=0.0.0.0:9090 \ 61 | --web.enable-lifecycle 62 | 63 | [Install] 64 | WantedBy=multi-user.target 65 | 66 | 67 | EOT 68 | 69 | ##Reload systemctl daemon 70 | systemctl daemon-reload 71 | 72 | ## Start and enable prometheus service 73 | sudo systemctl start prometheus 74 | sudo systemctl enable prometheus 75 | 76 | 77 | #install Node Exporter 78 | 79 | #create a system user for Node Exporter 80 | sudo useradd \ 81 | --system \ 82 | --no-create-home \ 83 | --shell /bin/false node_exporter 84 | 85 | #download Node Exporter 86 | wget https://github.com/prometheus/node_exporter/releases/download/v1.4.0/node_exporter-1.4.0.linux-amd64.tar.gz 87 | 88 | #extract node exporter 89 | tar -xvf node_exporter-1.4.0.linux-amd64.tar.gz 90 | 91 | #move the binary to /usr/local/bin 92 | sudo mv \ 93 | node_exporter-1.4.0.linux-amd64/node_exporter \ 94 | /usr/local/bin/ 95 | 96 | #Clean up, delete node_exporter archive and a folder. 97 | rm -rf node_exporter* 98 | 99 | node_exporter --version 100 | 101 | #create a systemd unit configuration file 102 | cd /etc/systemd/system/ 103 | cat < /etc/systemd/system/node_exporter.service 104 | 105 | [Unit] 106 | Description=Node Exporter 107 | Wants=network-online.target 108 | After=network-online.target 109 | 110 | StartLimitIntervalSec=500 111 | StartLimitBurst=5 112 | 113 | [Service] 114 | User=node_exporter 115 | Group=node_exporter 116 | Type=simple 117 | Restart=on-failure 118 | RestartSec=5s 119 | ExecStart=/usr/local/bin/node_exporter \ 120 | --collector.logind 121 | 122 | [Install] 123 | WantedBy=multi-user.target 124 | 125 | EOT 126 | 127 | ##Reload systemctl daemon 128 | systemctl daemon-reload 129 | 130 | ## Start and enable node_exporter service 131 | sudo systemctl start node_exporter 132 | sudo systemctl enable node_exporter 133 | 134 | ##configure prometheus.yml 135 | 136 | cd /etc/prometheus/ 137 | cat < prometheus.yml 138 | global: 139 | scrape_interval: 15s # By default, scrape targets every 15 seconds. 140 | 141 | # Attach these labels to any time series or alerts when communicating with 142 | # external systems (federation, remote storage, Alertmanager). 143 | external_labels: 144 | monitor: 'codelab-monitor' 145 | 146 | # A scrape configuration containing exactly one endpoint to scrape: 147 | # Here it's Prometheus itself. 148 | scrape_configs: 149 | # The job name is added as a label job= to any timeseries scraped from this config. 150 | - job_name: 'node-prometheus' 151 | 152 | static_configs: 153 | - targets: ['localhost:9100'] 154 | 155 | - job_name: 'msx.local-INFRA' 156 | 157 | static_configs: 158 | - targets: ['a4ldc01.msx.local:9182'] 159 | - targets: ['puppetmaster.msx.local:9100'] 160 | - targets: ['a4l-git.msx.local:9100'] 161 | - targets: ['a4l-jenkins.msx.local:9100'] 162 | 163 | EOT 164 | 165 | ##Reload systemctl daemon and restarts prometheus.service 166 | systemctl daemon-reload 167 | sudo systemctl restart prometheus 168 | 169 | #install grafana 170 | 171 | sudo apt-get install wget curl gnupg2 apt-transport-https software-properties-common -y 172 | wget -q -O - https://packages.grafana.com/gpg.key | apt-key add - 173 | echo "deb https://packages.grafana.com/oss/deb stable main" | tee -a /etc/apt/sources.list.d/grafana.list 174 | apt-get update -y 175 | apt-get install grafana -y 176 | systemctl start grafana-server 177 | systemctl enable grafana-server 178 | 179 | #System has been provisioned 180 | -------------------------------------------------------------------------------- /prometheus_grafana/provision/puppetnode_setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | wget https://apt.puppet.com/puppet7-release-bullseye.deb 4 | 5 | sudo dpkg -i puppet7-release-bullseye.deb 6 | 7 | sudo apt-get update -y 8 | 9 | sudo apt-get install puppet-agent -y 10 | 11 | 12 | sudo /opt/puppetlabs/bin/puppet config set server puppetmaster.msx.local --section main 13 | sudo /opt/puppetlabs/bin/puppet config set ca_server puppetmaster.msx.local --section main 14 | sudo /opt/puppetlabs/bin/puppet config set runinterval 30m --section main 15 | sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true 16 | sudo systemctl start puppet 17 | sudo systemctl enable puppet 18 | sudo systemctl status puppet 19 | 20 | -------------------------------------------------------------------------------- /puppetmaster/Vagrantfile: -------------------------------------------------------------------------------- 1 | Vagrant.configure("2") do |config| 2 | 3 | config.vm.provider "virtualbox" do |vb| 4 | vb.memory = "2048" 5 | vb.name = "puppetmaster" 6 | end 7 | 8 | ### puppetmaster vm ### 9 | config.vm.define "puppetmaster" do |t| 10 | t.vm.box = "debian/bullseye64" 11 | t.vm.network "private_network", ip: "192.168.56.7" 12 | t.vm.provision "shell", path: "provision/initialize.sh" 13 | t.vm.provision "shell", reboot: true 14 | t.vm.provision "shell", path: "provision/add_to_domain.sh" 15 | t.vm.provision "shell", reboot: true 16 | t.vm.provision "shell", path: "provision/install_node_exporter.sh" 17 | t.vm.provision "shell", path: "provision/puppetmaster_setup.sh" 18 | end 19 | 20 | end 21 | -------------------------------------------------------------------------------- /puppetmaster/provision/add_to_domain.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | password="msx@9797" 4 | domain="msx.local" 5 | domain_ip="192.168.56.2" 6 | 7 | #join the realm 8 | 9 | sudo echo $password | realm join -U administrator $domain 10 | 11 | #update /usr/share/pam-configs/mkhomedir 12 | 13 | cd /usr/share/pam-configs 14 | 15 | cat < mkhomedir 16 | Name: Create home directory on login 17 | Default: yes 18 | Priority: 900 19 | Session-Type: Additional 20 | Session: 21 | optional pam_mkhomedir.so 22 | EOT 23 | 24 | #enable homedirectory creation on login 25 | pam-auth-update --enable mkhomedir 26 | sudo systemctl restart sssd.service 27 | 28 | #update sssd config 29 | cd /etc/sssd 30 | cat < sssd.conf 31 | [sssd] 32 | domains = msx.local 33 | config_file_version = 2 34 | services = nss, pam 35 | 36 | [domain/msx.local] 37 | ad_domain = msx.local 38 | krb5_realm = MSX.LOCAL 39 | realmd_tags = manages-system joined-with-adcli 40 | cache_credentials = True 41 | id_provider = ad 42 | krb5_store_password_if_offline = True 43 | default_shell = /bin/bash 44 | ldap_id_mapping = True 45 | use_fully_qualified_names = False 46 | fallback_homedir = /home/%u 47 | access_provider = simple 48 | EOT 49 | 50 | sudo systemctl restart sssd.service 51 | 52 | #allow ad groups to login to the server 53 | sudo realm permit -g linux_users@msx.local 54 | sudo realm permit -g linux_admins@msx.local 55 | sudo systemctl restart sssd.service 56 | 57 | #update password login 58 | sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config 59 | sudo systemctl restart sshd.service 60 | 61 | ## Allow sudo access to linux-admins 62 | 63 | cd /etc/sudoers.d/ 64 | 65 | cat < linux_admins 66 | %linux_admins ALL=(ALL) NOPASSWD:ALL 67 | EOT 68 | 69 | #Allow users to run puppet command with sudo. ex - sudo puppet agent -tvvv 70 | sudo sed -e '/secure_path/s/^/#/g' -i /etc/sudoers 71 | 72 | #System has been provisioned 73 | -------------------------------------------------------------------------------- /puppetmaster/provision/initialize.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | server_name="puppetmaster" 4 | password="msx@9797" 5 | domain="msx.local" 6 | domain_ip="192.168.56.2" 7 | 8 | #update and upgrade os 9 | sudo apt update -y 10 | sudo apt upgrade -y 11 | 12 | #install packages required 13 | sudo apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit resolvconf tree ncdu vim curl -y 14 | 15 | ##change hostname 16 | 17 | hostnamectl set-hostname $server_name.$domain 18 | 19 | #add domain entry in /etc/resolvconf/resolv.conf.d/head 20 | cd /etc/resolvconf/resolv.conf.d/ 21 | cat < head 22 | # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) 23 | # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN 24 | # 127.0.0.53 is the systemd-resolved stub resolver. 25 | # run "systemd-resolve --status" to see details about the actual nameservers. 26 | 27 | search msx.local 28 | nameserver 192.168.56.2 29 | EOT 30 | 31 | # apply changes to /etc/resolv.conf 32 | sudo resolvconf -u 33 | 34 | -------------------------------------------------------------------------------- /puppetmaster/provision/install_node_exporter.sh: -------------------------------------------------------------------------------- 1 | 2 | #install Node Exporter 3 | 4 | #create a system user for Node Exporter 5 | sudo useradd \ 6 | --system \ 7 | --no-create-home \ 8 | --shell /bin/false node_exporter 9 | 10 | #download Node Exporter 11 | wget https://github.com/prometheus/node_exporter/releases/download/v1.4.0/node_exporter-1.4.0.linux-amd64.tar.gz 12 | 13 | #extract node exporter 14 | tar -xvf node_exporter-1.4.0.linux-amd64.tar.gz 15 | 16 | #move the binary to /usr/local/bin 17 | sudo mv \ 18 | node_exporter-1.4.0.linux-amd64/node_exporter \ 19 | /usr/local/bin/ 20 | 21 | #Clean up, delete node_exporter archive and a folder. 22 | rm -rf node_exporter* 23 | 24 | node_exporter --version 25 | 26 | #create a systemd unit configuration file 27 | cd /etc/systemd/system/ 28 | cat < /etc/systemd/system/node_exporter.service 29 | 30 | [Unit] 31 | Description=Node Exporter 32 | Wants=network-online.target 33 | After=network-online.target 34 | 35 | StartLimitIntervalSec=500 36 | StartLimitBurst=5 37 | 38 | [Service] 39 | User=node_exporter 40 | Group=node_exporter 41 | Type=simple 42 | Restart=on-failure 43 | RestartSec=5s 44 | ExecStart=/usr/local/bin/node_exporter \ 45 | --collector.logind 46 | 47 | [Install] 48 | WantedBy=multi-user.target 49 | 50 | EOT 51 | 52 | systemctl start node_exporter.service 53 | systemctl enable node_exporter.service 54 | systemctl status node_exporter.service 55 | -------------------------------------------------------------------------------- /puppetmaster/provision/puppetmaster_setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | wget https://apt.puppet.com/puppet7-release-bullseye.deb 4 | 5 | sudo dpkg -i puppet7-release-bullseye.deb 6 | 7 | sudo apt-get update -y 8 | 9 | sudo apt-get install puppetserver -y 10 | 11 | #source /etc/profile.d/puppet-agent.sh 12 | #echo $PATH 13 | 14 | 15 | 16 | sudo sed -i 's/JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"/JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"/g' /etc/default/puppetserver 17 | 18 | 19 | sudo systemctl start puppetserver.service 20 | sudo systemctl enable puppetserver.service 21 | sudo systemctl status puppetserver.service 22 | 23 | ##Configure puppet server 24 | sudo /opt/puppetlabs/bin/puppet config set server puppetmaster.msx.local --section main 25 | sudo /opt/puppetlabs/bin/puppet config set runinterval 30m --section main 26 | 27 | sudo /opt/puppetlabs/bin/puppet config set environment production --section server 28 | sudo /opt/puppetlabs/bin/puppet config set dns_alt_names puppet,puppetmaster,puppetmaster.msx.local --section server 29 | 30 | sudo systemctl restart puppetserver 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /puppetmaster/provision/startup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | password="msx@9797" 4 | domain="animals4life.local" 5 | domain_ip="192.168.56.2" 6 | 7 | #update and upgrade os 8 | sudo apt update -y 9 | sudo apt upgrade -y 10 | 11 | #install packages required 12 | sudo apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit -y 13 | 14 | 15 | #install resolvconf 16 | #sudo apt install resolvconf 17 | 18 | # add domain entry in /etc/resolvconf/resolv.conf.d/base 19 | #cd /etc/resolvconf/resolv.conf.d/ 20 | #cat < base 21 | #nameserver 192.168.56.2 22 | #search localdomain 23 | #EOT 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /vagrant_scripts/Readme.MD: -------------------------------------------------------------------------------- 1 | Modify the default repo_path variable in these sripts using