Setting Up Ansible Environment and Hosts

.env.example

@@ -0,0 +1,8 @@
+# WordPress variables
+WP_VERSION=6.3.1
+
+# Setup WordPress variables
+WP_ADMIN_EMAIL=
+WP_ADMIN_USER=
+WP_ADMIN_PASS=
+

.gitignore

@@ -0,0 +1,7 @@
+
+# Local configuration
+.env
+
+#SSH keys
+sysadmin-ssh-keys/rsa_sysadmin*
+sysadmin-ssh-keys/authorized_keys

README.md

@@ -26,12 +26,16 @@ See [`CONTRIBUTING.md`][org-contrib].
 
 The aim of the project is to establish a robust and localized development environment utilizing Ansible and Docker. This environment will mirror a professional work setting, incorporating a dedicated security server (Bastion), automation through Ansible, a web server, and a data storage server. This configuration will simplify and secure development processes and serve as a blueprint for future projects at CC.
 
-Docker containers:
 
-- Bastion (SSH jump server)
-- Ansible
-- Web server (Apache2/WordPress)
-- Database server (MariaDB)
+#### Docker containers:
+
+The [`docker-compose.yml`](docker-compose.yml) file defines the following
+containers:
+
+- WIP: Bastion (SSH jump server)
+- **ansible-dev** - Ansible
+- **web-dev** - Web server (Apache2/WordPress)
+- **db-dev** - Database server (MariaDB)
 
 
 ![image](https://github.com/creativecommons/ansible-dev/assets/90766122/21baa18d-715e-4908-9620-15c768994011)
@@ -40,6 +44,51 @@ Docker containers:
 See [Create Local Ansible Dev Environment Using Docker](https://opensource.creativecommons.org/programs/project-ideas/#ansible-dev-env) for more details.
 
 
+### Setup
+
+- Create the `.env` file:
+    ```shell
+    cp .env.example .env
+    ```
+
+- Execute the `generate_ssh_keys` script:
+    ```shell
+    ./generate_ssh_keys.sh
+    ```
+
+- Build and start Docker:
+    ```shell
+    docker-compose up
+    ```
+
+- Wait for the build and initialization to complete
+
+
+#### SSH (Work in Progress)
+
+The SSH setup has been established and is currently in use for the Ansible container. Follow the steps below to generate and use the SSH keys for the sysadmin user:
+
+- Execute the generate-ssh-keys.sh script to generate the keys used by the sysadmin user:
+    ```shell
+    ./generate-ssh-keys.sh
+    ```
+
+- Bring down the existing Docker containers and start them again:
+    ```shell
+    docker-compose down
+    docker-compose up -d
+    ```
+
+- Ensure the Docker containers are running:
+    ```shell
+    docker ps
+    ```
+
+- Execute the following command to confirm that SSH is working fine:
+    ```shell
+    ssh -i ./sysadmin-ssh-keys/rsa_sysadmin -p 22001 sysadmin@localhost
+    ```
+
 ## Related Links
 - [Ansible Documentation](https://docs.ansible.com/)
 - [FrontPage - Debian Wiki](https://wiki.debian.org/FrontPage)

ansible/Dockerfile

@@ -1,5 +1,4 @@
 # https://docs.docker.com/engine/reference/builder/
-
 # https://hub.docker.com/_/debian
 FROM debian:bookworm-slim
 
@@ -9,7 +8,7 @@ ARG DEBIAN_FRONTEND=noninteractive
 # Configure apt to avoid installing recommended and suggested packages
 RUN apt-config dump \
     | grep -E '^APT::Install-(Recommends|Suggests)' \
-    | sed -e's/1/0/' \
+    | sed -e 's/1/0/' \
     | tee /etc/apt/apt.conf.d/99no-recommends-no-suggests
 
 # Resynchronize the package index files from their sources
@@ -20,26 +19,41 @@ RUN apt-get install -y \
     python3 \
     python3-pip \
     python3-venv \
-    openssh-client 
+    openssh-client \
+    openssh-server \
+    wget \
+    vim \
+    sudo
+
+# Clean up packages: Saves space by removing unnecessary package files and lists
+RUN apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Create sysadmin user and add to sudoers
+RUN useradd -m -s /bin/bash sysadmin && echo "sysadmin:sysadmin" | chpasswd && \
+    usermod -aG sudo sysadmin
+
+# Ensure SSH directory exists with correct permissions
+RUN mkdir -p /home/sysadmin/.ssh && \
+    chown sysadmin:sysadmin /home/sysadmin/.ssh && \
+    chmod 700 /home/sysadmin/.ssh
 
-# Clean up packages: Saves space by removing unnecessary package files
-# and lists
-RUN apt-get clean
-RUN rm -rf /var/lib/apt/lists/*
+# Create privilege separation directory for SSH
+RUN mkdir -p /run/sshd
 
-# Create a virtual env and install ansible using pip
-RUN python3 -m venv /opt/ansible-venv --system-site-packages && \    
-/opt/ansible-venv/bin/pip install --no-cache-dir ansible
+# Create a virtual environment and install Ansible using pip
+RUN python3 -m venv /opt/ansible-venv --system-site-packages && \
+    /opt/ansible-venv/bin/pip install --no-cache-dir ansible
 
 # Create a directory for Ansible configuration
 RUN mkdir /etc/ansible/
 
-# Copy local configuration files to the image
-COPY ../config/ /etc/ansible/
-
 # Set environment variables for Ansible
-ENV PATH="/ansible-venv/bin:$PATH"
+ENV PATH="/opt/ansible-venv/bin:$PATH"
 ENV ANSIBLE_CONFIG=/etc/ansible/ansible.cfg
 
-# Set the default command to run Ansible
-CMD ["ansible", "--version"]
+# Expose SSH port
+EXPOSE 22
+
+# Start SSH service
+CMD ["/usr/sbin/sshd", "-D"]
+

config/ansible.cfg → ansible/etc-ansible-config/ansible.cfg

@@ -1,5 +1,5 @@
 [defaults]
 inventory = /etc/ansible/hosts
-remote_user = root
+remote_user = sysadmin
 host_key_checking = False
 retry_files_enabled = False

ansible/etc-ansible-config/hosts

@@ -0,0 +1,9 @@
+[local]
+localhost ansible_connection=local
+
+[web]
+web-dev
+
+[db]
+db-dev
+

docker-compose.yml

@@ -1,13 +1,91 @@
 # https://docs.docker.com/compose/compose-file/
 
 services:
-
   ansible-dev:
-    container_name: ansible
+    container_name: ansible-dev
     build:
       context: .
       dockerfile: ansible/Dockerfile
+    networks:
+      - dev-backend
+    volumes:
+      - ./ansible/etc-ansible-config:/etc/ansible/
+      - ./sysadmin-ssh-keys/rsa_sysadmin:/home/sysadmin/.ssh/id_rsa:ro
+      - ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/id_rsa.pub:ro
+      - ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/authorized_keys:ro
+    ports:
+      - "22001:22"
+    environment:
+      - USER=sysadmin
+    entrypoint: |
+      sh -c "
+        exec /usr/sbin/sshd -D
+      "
+
+  web-dev:
+    container_name: web-dev
+    depends_on:
+      - db-dev
+    build:
+      args:
+        WP_VERSION: ${WP_VERSION:?have you copied .env.example to .env?}
+      context: .
+      dockerfile: web/Dockerfile
+    networks:
+      - dev-backend
+    environment:
+      MYSQL_ROOT_PASSWORD: root
+      PMA_HOST: db-dev
+      PMA_PORT: 3306
+      WORDPRESS_CONFIG_EXTRA: |
+        # Use dispatch port by default
+        if ('${CODESPACE_NAME:-}') {
+          define('WP_HOME', 'https://${CODESPACE_NAME:-}-8080.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN:-}');
+        } else {
+          define('WP_HOME', 'http://localhost:8080');
+          define('WP_SITEURL', 'http://localhost:8080');
+        }
+      WORDPRESS_DB_HOST: db-dev:3306
+      WORDPRESS_DB_PASSWORD: root
+      WORDPRESS_DB_USER: root
+      WORDPRESS_DB_NAME: wordpress
+      WORDPRESS_USER: root
+    init: true
+    ports:
+      - '8080:80'
+      - '22002:22'
+    restart: on-failure
     volumes:
-      - ./config/ansible.cfg:/etc/ansible/ansible.cfg
-      - ./config/hosts:/etc/ansible/hosts
-    command: sh -c 'trap "exit" TERM; while true; do sleep 1; done'
+      - ./web/config-web/etc-apache2-sites-available:/etc/apache2/sites-available:ro
+      - ../cc-legal-tools-data:/var/www/git/cc-legal-tools-data:ro
+      - ../chooser:/var/www/git/chooser:ro
+      - ../faq:/var/www/git/faq:ro
+      - ../mp:/var/www/git/mp:ro
+      - wp-data:/var/www/dev
+      - ./sysadmin-ssh-keys/rsa_sysadmin:/home/sysadmin/.ssh/id_rsa:ro
+      - ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/id_rsa.pub:ro
+      - ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/authorized_keys:ro
+
+  db-dev:
+    container_name: db-dev
+    environment:
+      MYSQL_DATABASE: wordpress
+      MYSQL_ROOT_PASSWORD: root
+      MYSQL_USER: root
+    image: mariadb
+    networks:
+      - dev-backend
+    restart: on-failure
+    volumes:
+      - db-data:/var/lib/mysql
+
+volumes:
+  db-data:
+    name: db-data
+  wp-data:
+    name: wp-data
+
+networks:
+  dev-backend:
+    name: dev-backend
+

generate_ssh_keys.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# Define key parameters
+KEY_PATH=./sysadmin-ssh-keys
+KEY_FILENAME=rsa_sysadmin
+
+# Create a directory to store the SSH keys if it doesn't exist
+mkdir -p ${KEY_PATH}
+
+# Generate SSH key pair only if they don't already exist
+if [ ! -f ${KEY_PATH}/${KEY_FILENAME} ]
+then
+    ssh-keygen -b 4096 -t rsa -C sysadmin -f ${KEY_PATH}/${KEY_FILENAME} -N ''
+    echo "SSH keys generated and stored in ${KEY_PATH}/${KEY_FILENAME}"
+else
+    echo "SSH keys already exist in ${KEY_PATH}/${KEY_FILENAME}"
+fi
+

sysadmin-ssh-keys/README.md

@@ -0,0 +1,2 @@
+This directory contains the SSH keys used for the sysadmin user.
+