From 7ee23b2191bee54157b3152c259c64270950769a Mon Sep 17 00:00:00 2001 From: geseas Date: Sat, 22 Nov 2025 22:19:31 +0300 Subject: [PATCH] Update 7 --- Part-2/ansible-playbook/configure_backup.yml | 48 +++++++++++++ Part-2/ansible-playbook/create_user.yml | 10 +++ Part-2/ansible-playbook/inventory.ini | 6 ++ Part-2/ansible-playbook/setup_services.yml | 44 ++++++++++++ Part-2/yndx-ansible.md | 74 ++++++++++++++++++++ Part-2/yndx-client.md | 45 ++++++++++++ Part-2/yndx-dns.md | 65 +++++++++++++++++ yndx-ansible.md | 1 - yndx-client.md | 1 - yndx-dns.md | 1 - 10 files changed, 292 insertions(+), 3 deletions(-) create mode 100644 Part-2/ansible-playbook/configure_backup.yml create mode 100644 Part-2/ansible-playbook/create_user.yml create mode 100644 Part-2/ansible-playbook/inventory.ini create mode 100644 Part-2/ansible-playbook/setup_services.yml create mode 100644 Part-2/yndx-ansible.md create mode 100644 Part-2/yndx-client.md create mode 100644 Part-2/yndx-dns.md delete mode 100644 yndx-ansible.md delete mode 100644 yndx-client.md delete mode 100644 yndx-dns.md diff --git a/Part-2/ansible-playbook/configure_backup.yml b/Part-2/ansible-playbook/configure_backup.yml new file mode 100644 index 0000000..6a00469 --- /dev/null +++ b/Part-2/ansible-playbook/configure_backup.yml @@ -0,0 +1,48 @@ +- name: Configure automated backups + hosts: yndx-client.practicumsuperstore.ru + become: yes + vars: + backup_script: /home/backup-user/run-backup.sh + backup_dir_local: /home/backup-user/backups + remote_backup_dir: /home/anscfg/backups + tasks: + - name: Create local backup directory + file: + path: "{{ backup_dir_local }}" + state: directory + owner: backup-user + group: backup-user + mode: '0755' + + - name: Create backup script + copy: + content: | + #!/bin/bash + DATE=$(date +%Y%m%d_%H%M%S) + BACKUP_FILE="/tmp/backup_${DATE}.tar.gz" + tar -czf "$BACKUP_FILE" /etc /var/log 2>/dev/null + scp -o StrictHostKeyChecking=no "$BACKUP_FILE" anscfg@yndx-ansible.practicumsuperstore.ru:"{{ remote_backup_dir }}/" + rm -f "$BACKUP_FILE" + dest: "{{ backup_script }}" + owner: backup-user + group: backup-user + mode: '0755' + + - name: Ensure remote backup directory exists (run locally) + delegate_to: localhost + become: no + run_once: true + file: + path: "{{ remote_backup_dir }}" + state: directory + owner: anscfg + group: anscfg + mode: '0755' + + - name: Add daily cron job for backup-user + cron: + name: "Daily system backup" + user: backup-user + minute: "0" + hour: "2" + job: "{{ backup_script }}" \ No newline at end of file diff --git a/Part-2/ansible-playbook/create_user.yml b/Part-2/ansible-playbook/create_user.yml new file mode 100644 index 0000000..9490d49 --- /dev/null +++ b/Part-2/ansible-playbook/create_user.yml @@ -0,0 +1,10 @@ +- name: Create backup-user on client + hosts: yndx-client.practicumsuperstore.ru + become: yes + tasks: + - name: Create user backup-user with home directory + user: + name: backup-user + shell: /bin/bash + create_home: yes + system: no \ No newline at end of file diff --git a/Part-2/ansible-playbook/inventory.ini b/Part-2/ansible-playbook/inventory.ini new file mode 100644 index 0000000..ee0173b --- /dev/null +++ b/Part-2/ansible-playbook/inventory.ini @@ -0,0 +1,6 @@ +[yndx] +yndx-client.practicumsuperstore.ru + +[all:vars] +ansible_user=anscfg +ansible_ssh_private_key_file=/home/anscfg/.ssh/id_rsa \ No newline at end of file diff --git a/Part-2/ansible-playbook/setup_services.yml b/Part-2/ansible-playbook/setup_services.yml new file mode 100644 index 0000000..de1649a --- /dev/null +++ b/Part-2/ansible-playbook/setup_services.yml @@ -0,0 +1,44 @@ +- name: Configure DNS and NTP on yndx-client + hosts: yndx-client.practicumsuperstore.ru + become: yes + tasks: + - name: Stop and disable systemd-resolved + systemd: + name: systemd-resolved + state: stopped + enabled: no + + - name: Remove existing resolv.conf + file: + path: /etc/resolv.conf + state: absent + + - name: Create new resolv.conf pointing to internal DNS + copy: + content: | + nameserver 10.10.1.200 + dest: /etc/resolv.conf + owner: root + group: root + mode: '0644' + + - name: Install chrony + apt: + name: chrony + state: present + update_cache: yes + + - name: Configure chrony to use yndx-dns as NTP server + copy: + content: | + server 10.10.1.200 iburst + dest: /etc/chrony/chrony.conf + owner: root + group: root + mode: '0644' + + - name: Restart chrony + systemd: + name: chrony + state: restarted + enabled: yes \ No newline at end of file diff --git a/Part-2/yndx-ansible.md b/Part-2/yndx-ansible.md new file mode 100644 index 0000000..e41d035 --- /dev/null +++ b/Part-2/yndx-ansible.md @@ -0,0 +1,74 @@ +hostname yndx-ansible +# Задание - 1 +sudo systemctl stop systemd-resolved +sudo systemctl disable systemd-resolved +sudo rm -f /etc/resolv.conf +echo "nameserver 10.10.1.200" | sudo tee /etc/resolv.conf +sudo apt install -y chrony +sudo nano /etc/chrony/chrony.conf +# Conig +server 10.10.1.200 iburst +----------------------------------------------------------------- +# Задание - 2 +sudo apt update +sudo apt install -y ansible +# User +sudo adduser --disabled-password --gecos "" anscfg +# SSH - to +sudo -u anscfg ssh-keygen -t rsa -b 2048 -f /home/anscfg/.ssh/id_rsa -N "" +root@yndx-ansible:~# sudo cat /home/anscfg/.ssh/id_rsa.pub +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJmlCFxkUQNJOJoOdpSFS0eikNpPPeV28rNkXq8ulRe5gKtTW9YmzRfwL/uQh8xXP58kXm04r0btPrYWx/1ZGA4T0yHBEVAkO4ECxGFh6M3zulnpQ+CuSLAbUEdSQOCoCvR5D9OxOnONx+osly/QjaI/3mPYOc6i6VZXPJWHPMNM7BzyDLqlG80nP+xFMfd4An2X/hTsLKcIRdjSrweqr+jqzpeOSA1HbbZgSqN6Fjy4zCVV7sdVaDxOqaV9CH9zN+1hS3yYUoEkCCX8YrsgggG4cmeQUR3MxNmoyr+Sm5hbkoK8ON45O8MvmxYL1hDqaS1BpG8ffz3SZ1mftGRwq9 anscfg@yndx-ansible +# Test +sudo -u anscfg ssh -o StrictHostKeyChecking=no anscfg@yndx-client.practicumsuperstore.ru +# Ansible +sudo -u anscfg mkdir -p /home/anscfg/ansible +cd /home/anscfg/ansible +sudo -iu anscfg +cd /home/anscfg/ansible +nano inventory.ini (посмотреть в папке ansible-playbook -> inventory.ini) +nano setup_services.yml (посмотреть в папке ansible-playbook -> setup_services.yml) +nano create_user.yml (посмотреть в папке ansible-playbook -> create_user.yml) +nano configure_backup.yml (посмотреть в папке ansible-playbook -> configure_backup.yml) +ansible-playbook -i inventory.ini setup_services.yml +ansible-playbook -i inventory.ini create_user.yml +ansible-playbook -i inventory.ini configure_backup.yml +# Задание - 4 +sudo apt install -y vsftpd +sudo adduser --disabled-password --gecos "" ftpuser +echo "ftpuser:securepass" | sudo chpasswd +sudo mkdir -p /home/ftpuser/ftp/files +sudo chown ftpuser:ftpuser /home/ftpuser/ftp/files +sudo chmod 755 /home/ftpuser/ftp +sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak +sudo nano /etc/vsftpd.conf +# +sudo systemctl restart vsftpd +sudo systemctl enable vsftpd +sudo chown root:ftpshared /mnt/ftp +sudo chown ftpuser:ftpshared /mnt/ftp/files +sudo chmod 775 /mnt/ftp/files +sudo chmod g+s /mnt/ftp/files +# Задание 5 +sudo apt update +sudo apt install -y nginx apache2-utils +cd /home/geseas +tar -xf nginx2.tar.gz +cd nginx +sudo cp default /etc/nginx/sites-available/ +sudo ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/ +sudo cp index.html 404.html 500.html /var/www/html/ +sudo cp -r secure /var/www/html/ +sudo chown -R www-data:www-data /var/www/html/secure +sudo chmod 750 /var/www/html/secure +sudo htpasswd -c /etc/nginx/.htpasswd admin \ No newline at end of file diff --git a/Part-2/yndx-client.md b/Part-2/yndx-client.md new file mode 100644 index 0000000..dadee0d --- /dev/null +++ b/Part-2/yndx-client.md @@ -0,0 +1,45 @@ +hostname yndx-client +# Задание - 2 +# Отключи systemd-resolved +sudo systemctl stop systemd-resolved +sudo systemctl disable systemd-resolved +sudo rm -f /etc/resolv.conf +echo "nameserver 10.10.1.200" | sudo tee /etc/resolv.conf + +# Добавь имя хоста в /etc/hosts (чтобы sudo не ругался) +echo "127.0.0.1 yndx-client" | sudo tee -a /etc/hosts + +# Установи chrony и настрой как клиент +sudo apt install -y chrony +echo "server 10.10.1.200 iburst" | sudo tee /etc/chrony/chrony.conf +sudo systemctl restart chrony +# User +sudo adduser --disabled-password --gecos "" anscfg +sudo mkdir -p /home/anscfg/.ssh +sudo chown anscfg:anscfg /home/anscfg/.ssh +echo "ssh-rsa KEY" | sudo tee /home/anscfg/.ssh/authorized_keys +sudo chown -R anscfg:anscfg /home/anscfg/.ssh +sudo chmod 700 /home/anscfg/.ssh +sudo chmod 600 /home/anscfg/.ssh/authorized_keys +# No PWD +sudo echo "anscfg ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/anscfg +# Задание - 3 +wget http://10.12.0.122/mail2.tar.gz + +# Распакуй +tar -xzf mail2.tar.gz + +# Перейди в папку +cd mail + +# Запусти скрипт (подставь своё имя и фамилию БЕЗ пробелов, например: IvanIvanov) +./script.sh PavlovVE practicumsuperstore.ru +# Задание 4 +sudo apt install -y ftp +ftp 10.10.1.201 +Name: ftpuser +Password: ****** +cd files +get cat_3.png +# Задание 5 +http://10.10.1.201/ \ No newline at end of file diff --git a/Part-2/yndx-dns.md b/Part-2/yndx-dns.md new file mode 100644 index 0000000..addaaf8 --- /dev/null +++ b/Part-2/yndx-dns.md @@ -0,0 +1,65 @@ +hostname yndx-dns +# Задание - 1 +//1.1 Отключить systemd-resolved +sudo systemctl stop systemd-resolved +sudo systemctl disable systemd-resolved +sudo rm -f /etc/resolv.conf +echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf +//1.2 Установка и настройка dnsmasq (DNS) +sudo apt update +sudo apt install -y dnsmasq +//Редактируем /etc/dnsmasq.conf: +sudo nano /etc/dnsmasq.conf +# +sudo systemctl restart dnsmasq +sudo systemctl enable dnsmasq +1.3 Настройка часового пояса (Москва, UTC+3) +sudo timedatectl set-timezone Europe/Moscow +//1.4 Установка и настройка NTP (chrony) на Хосте 1 +sudo apt install -y chrony +sudo nano /etc/chrony/chrony.conf +# +chronyc tracking +chronyc sources -v +----------------------------------------------------------------- +# Задание - 3 +Добавь в /etc/dnsmasq.conf: +address=/mail.practicumsuperstore.ru/10.10.1.200 +# MX-запись (важно!) +mx-host=practicumsuperstore.ru,mail.practicumsuperstore.ru,10 +sudo systemctl restart dnsmasq +sudo apt update +sudo apt install -y postfix mailutils net-tools +sudo nano /etc/postfix/main.cf +# +home_mailbox = Maildir/ +tail -n 10 /var/log/mail.log +ls -la /home/ubuntu/Maildir/new +cd /home/ubuntu/Maildir/new/ +ls -la +less 1763836343.V802Ic0021M156897.yndx-dns diff --git a/yndx-ansible.md b/yndx-ansible.md deleted file mode 100644 index e46249d..0000000 --- a/yndx-ansible.md +++ /dev/null @@ -1 +0,0 @@ -hostname yndx-ansible \ No newline at end of file diff --git a/yndx-client.md b/yndx-client.md deleted file mode 100644 index f87a805..0000000 --- a/yndx-client.md +++ /dev/null @@ -1 +0,0 @@ -hostname yndx-client \ No newline at end of file diff --git a/yndx-dns.md b/yndx-dns.md deleted file mode 100644 index c1c3dbd..0000000 --- a/yndx-dns.md +++ /dev/null @@ -1 +0,0 @@ -hostname yndx-dns \ No newline at end of file