Mosudi Isiaka Contact Me

AUTOMATION WITH ANSIBLE

The intention is to demonstrate automated deployment of server and process implementations. I will automate setup of Icinga 2 infrastructure and application monitoring server on Amazon Cloud Computing Services using Docker CE for operating system abstraction. Icinga2 will monitor Apache Web Server and Mysql Database server and send logs to Amazon S3 dynamically using Bash Scripting.
  1. Setup Amazon web services ec2 instance.
  2. Installation of prerequisite software for Icinga 2, Icinga Web 2 and Docker.
  3. nstallation and configuration of Icinga2 solution on the server.
  4. Installation and configuration of Docker CE.
  5. Install Apache web server and a Mysql Database on different Docker containers
  6. Ensuring that all logs that are generated by the Apache Web Server and Mysql Database are collected dynamically through a Bash Script.
  7. Create Amazon s3 bucket
  8. Those logs will be automatically sent to Amazon s3 at 7 pm daily.
  9. Ensuring backups of host(ec2 instance) mysql database for Icinga2 master and mysql database server backup on a container are optimally taken and sent to Amazon S3 bucket.
  10. Write Ansible Playbook to automate this process.
    This deployment will involve three major installations
  • AWS instance installation.
  • Icinga2 Monitoring Server
  • Docker Community Edition
NB: This Deployment document remains valid for use on Ubuntu 14.04.4 LTS (Trusty Tahr) and Ubuntu 16.04 (Xenial).

Executive Brief

If you are the type that will rather see the action than follow-up to boring stories:

Click here to watch fullscreen video

			

			git clone https://github.com/imosudi/ansible_icinga2_cron.git

			cd ansible_icinga2_cron

			./main.sh

			
		

The Abstract

The concept of my final setup could be depicted as below within an Amazon aws ec2 instance.

Abstracting the two(2) docker containers, we will end up having three servers: Icinga2 Master:
  • Ubuntu LTS server 14.04 running Icinga2
Icinga2 Clients
  • Ubuntu LTS server 14.04 running Apache web server
  • Ubuntu LTS server 14.04 running Mysql database server

Ansible

Provision of Amazon EC2 Server, Docker, Icinga2, Icingaweb2 as well as other system maintenance procedures were carried out using Ansible for process automation. Using Ansible saves time but it requires setup on a local system Setting up Ansible involves its installation as well as required python libraries. My local system is Ubuntu 16.04

The automation will achieve the following deliverables:

  • AWS ec2 server provisioning
  • Ubuntu Server repository update and system upgrade
  • Creation and activation of swap space to compensate for low RAM available on the ec2 instance
  • Requisite Software Installation
  • Apache2 Web Server, Mysql Server, Mysql Client, phpmyadmin and PHP installation
  • Local PHP timezone and tzdata local time configuration
  • Addition of both Docker CE, Icinga2 and Icingaweb2 Ubuntu repositories
  • Docker CE, Icinga2 and Icingaweb2, Icinga2 CLI Installation
  • Setup two(2) Docker containers(Web Server and Database Server)
  • Installation of Nagios plugins and Icinga Web2 directory configurations
  • Enable Icinga2 features
  • Create Amazon s3 bucket
  • Setup CRON job for 7pm daily backup of logs that generated by Icinga 2 master monitoring of the Apache Web Server and Mysql Database server, also datase backups from Icinga 2 master and mysql datase of icinga 2 client Generate Icinga2 Web Token and make it available at the console
  • Extract IDO mysql database details and make available at the console for easy Icinga Web 2 configuration

GETTING THE JOB DONE

Getting the job done requires setup of Ansible control machine, aka Ansible Master. Ansible will try to use native OpenSSH for remote communication when possible but will fallback into using a high-quality Python implementation of OpenSSH called ‘paramiko’. Whereas, the best implementation of Ansible requires use of SSH keys, I will be using " --ask-sudo-pass " for my sudo features along the implementation process. Configure the Ansible Master I will be using Ubuntu LTS 16.04 Desktop for the Ansible implementation.

mosud@serverafrica ~> uname -a
Linux serverafrica 4.8.0-54-generic #57~16.04.1-Ubuntu SMP Wed May 24 16:22:28 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
mosud@serverafrica ~> cat /etc/issue
Ubuntu 16.04.2 LTS \n \l

mosud@serverafrica:~$ lsb_release -cds
Ubuntu 16.04.2 LTS
xenial

Installation:

mosud@serverafrica:~$ apt-get -y install python-software-properties
mosud@serverafrica:~$ apt-get -y install software-properties-common
mosud@serverafrica:~$ sudo apt-get install -y ansible python-boto
mosud@serverafrica:~$ sudo mv /etc/ansible/hosts /etc/ansible/hosts_backup
mosud@serverafrica:~$ sudo echo “
[local]
127.0.0.1


Localhost
[ec2hosts]

” > /etc/ansible/hosts

mosud@serverafrica:~$ cd ~
mosud@serverafrica:~$ mkdir deployment
mosud@serverafrica:~$ cd deployment/
mosud@serverafrica:~/deployment$ 

Installed alongside Ansible is python-boto. This is the Python interface to Amazon Web Services. I also replaced the Ansible hosts file, /etc/ansible/hosts Then, creating the deployment ansible playbook

$ ansible --version
ansible 2.0.0.2
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides

With this, I am in no doubt the version of Ansible installed from the repository as this has to do with it underlying ansible commands and syntax Installed alongside Ansible is python-boto. This is the Python interface to Amazon Web Services. I also replaced the Ansible hosts file, /etc/ansible/hosts Then, creating the deployment ansible playbook

mosud@serverafrica:~$ vi deployment.yml 
Using Ansible for the deployment. 
mosud@serverafrica:~$ sudo ansible-playbook –i hosts deployment.yml -–ask-sudo-pass

But not, until I create required scripts, dockerfile and configuration files.

Directory Structure

We end up with a directory structure like this

	deployment/
              	create_icinga2db.sh
			deployment.yaml
			main.sh
			backup_scripts/
					aws_cli.sh
					cron_job
					dbserverbackup.sh
					icinga2master_dbbackup.sh
					s3backupscript.sh
              	dbserver/
					create_icinga2db.sh
               		DBDockerfile  
                        	dbhosts.conf  
                        	db_lab_server.sh  
                        	dbservices.conf 
              	webserver/
                		WebDockerfile  
                        	webhost.conf  
                        	web_lab_server.sh  
                        	webservices.con


The script, main.sh creates/update every other script, dockerfile and configuration as well ast the Ansible playbook, deployment.yaml. Therefore, our main focus will be on the making of the playbook and main.sh.

Now lets deploy


mosud@serverafrica:~$ sudo ansible-playbook –i hosts deployment.yml -–ask-sudo-pass

Should run the playbook but for this assignment, I will call the playbook within main.sh. This will make it easier for main.sh to insert and remove the aws security key id and secret. Initially, the deployment directory structure looks like this: deployment/ deployment.yaml main.sh Running main.sh will prompt for aws security key id and secret to you for connection Amazon aws account.

mosud@serverafrica:~/deployment$ ./main.sh 

Now you have your playbook success story!



TASK [Icinga2 Web Token] *******************************************************
ok: [34.208.246.77] => {
    "out.stdout_lines": [
        "19279d5ab200071f"
    ]
}

TASK [Ido-mysql database username] *********************************************
ok: [34.208.246.77] => {
    "ido_db_username.stdout_lines": [
        " \"icinga2\""
    ]
}

TASK [Ido-mysql database dbname] ***********************************************
ok: [34.208.246.77] => {
    "ido_db_name.stdout_lines": [
        " \"icinga2\""
    ]
}

TASK [Ido-mysql database password] *********************************************
ok: [34.208.246.77] => {
    "ido_db_password.stdout_lines": [
        " \"1WsDnvZmULZU\""
    ]
}

TASK [Ido-mysql database host] *************************************************
ok: [34.208.246.77] => {
    "ido_db_host.stdout_lines": [
        " \"localhost\""
    ]
}
RUNNING HANDLER [update timezone] **********************************************
changed: [34.208.246.77]
PLAY RECAP

 *********************************************************************
34.208.246.77              : ok=70   changed=47   unreachable=0    failed=0   
localhost                  : ok=9    changed=8    unreachable=0    failed=0   

mosud@serverafrica:~/deployment$ 

Icingaweb 2 Configuration

Icinga 2 is a light weight modular and extensible open source monitoring platform. Icinga 2 is built to be fast. With Icinga 2 you can monitor any infrastructure and any application

Finally visit Icingaweb2 in your browser to access the setup wizard and complete the installation: ` http://ec2intance_ip_address_or_public_dns_name/icingaweb/

Icinga 2

Lets continue with Icinga 2 master and client configurations, the reason we have to go through all the lengthy installation procedures. CONFIGURE ICINGA 2 MASTER AND CLIENTS Like I indicated earlier on page 2, we now have three(3) Ubuntu servers that could be, seemingly, independly administered though in reality it is a single aws ubuntu intsance with two docker containers. While the ec2 instance is the Icinga 2 master, the containers are the the two(2) Icinga 2 client/satellite node. Icinga 2 Master -AWS EC2 instance – Ubuntu LTS Server 14.04
    Icinga 2 Clients -
  1. Ubuntu LTS server 14.04 running Apache web server
  2. Ubuntu LTS server 14.04 running Mysql database server

ICINGA 2 MASTER

Login to aws ec2 instance using either its public dns name or public IP address:

ssh -i "mioemi2000.pem" ubuntu@34.208.246.77.

The making of a node to become Icinga master or satellite starts at the configuration via the console. After login to to the aws instance run Icinga2 node wizard utility. Notwitstanding, the effort made running Icinga 2 via the automation process. Confirm the Icinga 2 service status, perhaps there is a need to start the service. The configuration of Icinga 2 requires privilege level.

 
mosud@serverafrica:~/Desktop/crossover_assignment$ sudo ssh -i mioemi2000.pem ubuntu@34.208.246.77
ubuntu@ip-172-31-31-123:~$ sudo -i
root@ip-172-31-31-123:~#

root@ip-172-31-31-123:~# service icinga2 status
 * icinga2 is running
root@ip-172-31-31-123:~# icinga2 node wizard 
Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.



Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: n
Starting the Master setup routine...
Please specify the common name (CN) [ip-172-31-31-123.us-west-2.compute.internal]: 
Checking for existing certificates for common name 'ip-172-31-31-123.us-west-2.compute.internal'...
Certificates not yet generated. Running 'api setup' now.
information/cli: Generating new CA.
information/base: Writing private key to '/var/lib/icinga2/ca/ca.key'.
information/base: Writing X509 certificate to '/var/lib/icinga2/ca/ca.crt'.
information/cli: Generating new CSR in '/etc/icinga2/pki/ip-172-31-31-123.us-west-2.compute.internal.csr'.
information/base: Writing private key to '/etc/icinga2/pki/ip-172-31-31-123.us-west-2.compute.internal.key'.
information/base: Writing certificate signing request to '/etc/icinga2/pki/ip-172-31-31-123.us-west-2.compute.internal.csr'.
information/cli: Signing CSR with CA and writing certificate to '/etc/icinga2/pki/ip-172-31-31-123.us-west-2.compute.internal.crt'.
information/pki: Writing certificate to file '/etc/icinga2/pki/ip-172-31-31-123.us-west-2.compute.internal.crt'.
information/cli: Copying CA certificate to '/etc/icinga2/pki/ca.crt'.
Generating master configuration for Icinga 2.
information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.
Please specify the API bind host/port (optional):
Bind Host []: 
Bind Port []: 
information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'.
information/cli: Updating constants.conf.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.


Now restart your Icinga 2 daemon to finish the installation!
 
root@ip-172-31-31-123:~#  service icinga2 restart

ICINGA 2 CLIENT(Web Server)

 
$ ssh root@34.208.246.77 -p223


[ root@webserver.mosudi:~ ]$ hostname -f
webserver.mosudi

[ root@webserver.mosudi:~ ]$ service icinga2 start


[ root@webserver.mosudi:~ ]$ icinga2 node wizard 
Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.



Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: 
Starting the Node setup routine...
Please specify the common name (CN) [webserver.mosudi]: 
Please specify the master endpoint(s) this node should connect to:
Master Common Name (CN from your master setup): ip-172-31-31-123.us-west-2.compute.internal
Do you want to establish a connection to the master from this node? [Y/n]: y
Please fill out the master connection information:
Master endpoint host (Your master's IP address or FQDN): 172.17.0.1
Master endpoint port [5665]: 
Add more master endpoints? [y/N]: 
Please specify the master connection for CSR auto-signing (defaults to master endpoint host):
Host [172.17.0.1]: 
Port [5665]: 
information/base: Writing private key to '/etc/icinga2/pki/webserver.mosudi.key'.
information/base: Writing X509 certificate to '/etc/icinga2/pki/webserver.mosudi.crt'.
information/cli: Fetching public certificate from master (172.17.0.1, 5665):

Certificate information:

 Subject:     CN = ip-172-31-31-123.us-west-2.compute.internal
 Issuer:      CN = Icinga CA
 Valid From:  Jul 25 17:44:52 2017 GMT
 Valid Until: Jul 21 17:44:52 2032 GMT
 Fingerprint: B0 8F 17 D4 0E A3 D0 85 10 F2 50 2C F5 D8 13 25 E3 4D 63 45 

Is this information correct? [y/N]: y
information/cli: Received trusted master certificate.

Please specify the request ticket generated on your Icinga 2 master.
 (Hint: # icinga2 pki ticket --cn 'webserver.mosudi'): 41caa4e47b8c927edc5ccf136ad1fb72f310f8f6

root@ip-172-31-31-123:~# icinga2 pki ticket --cn 'webserver.mosudi'
41caa4e47b8c927edc5ccf136ad1fb72f310f8f6

information/cli: Requesting certificate with ticket '41caa4e47b8c927edc5ccf136ad1fb72f310f8f6'.

information/cli: Created backup file '/etc/icinga2/pki/webserver.mosudi.crt.orig'.
information/cli: Writing signed certificate to file '/etc/icinga2/pki/webserver.mosudi.crt'.
information/cli: Writing CA certificate to file '/etc/icinga2/pki/ca.crt'.
Please specify the API bind host/port (optional):
Bind Host []: 
Bind Port []: 
Accept config from master? [y/N]: y
Accept commands from master? [y/N]: y
information/cli: Disabling the Notification feature.
Disabling feature notification. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Enabling the Apilistener feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'.
information/cli: Generating local zones.conf.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.
information/cli: Updating constants.conf.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.

Now restart your Icinga 2 daemon to finish the installation!

[ root@webserver.mosudi:~ ]$ service icinga2 restart

root@ip-172-31-31-123:~# icinga2 node update-config 

root@ip-172-31-31-123:~# service icinga2 restart



ICINGA 2 CLIENT(Database Server)

 
$ ssh root@34.208.246.77 -p223


[ root@webserver.mosudi:~ ]$ hostname -f
dbserver.mosudi


[ root@dbserver.mosudi:~ ]$ service icinga2 start

[ root@dbserver.mosudi:~ ]$ icinga2 node wizard 
Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.



Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: y
Starting the Node setup routine...
Please specify the common name (CN) [dbserver.mosudi]: 
Please specify the master endpoint(s) this node should connect to:
Master Common Name (CN from your master setup): ip-172-31-31-123.us-west-2.compute.internal
Do you want to establish a connection to the master from this node? [Y/n]: 
Please fill out the master connection information:
Master endpoint host (Your master's IP address or FQDN): 172.17.0.1
Master endpoint port [5665]: 
Add more master endpoints? [y/N]: 
Please specify the master connection for CSR auto-signing (defaults to master endpoint host):
Host [172.17.0.1]: 
Port [5665]: 
information/base: Writing private key to '/etc/icinga2/pki/dbserver.mosudi.key'.
information/base: Writing X509 certificate to '/etc/icinga2/pki/dbserver.mosudi.crt'.
information/cli: Fetching public certificate from master (172.17.0.1, 5665):

Certificate information:

 Subject:     CN = ip-172-31-31-123.us-west-2.compute.internal
 Issuer:      CN = Icinga CA
 Valid From:  Jul 25 17:44:52 2017 GMT
 Valid Until: Jul 21 17:44:52 2032 GMT
 Fingerprint: B0 8F 17 D4 0E A3 D0 85 10 F2 50 2C F5 D8 13 25 E3 4D 63 45 

Is this information correct? [y/N]: y
information/cli: Received trusted master certificate.

Please specify the request ticket generated on your Icinga 2 master.
 (Hint: # icinga2 pki ticket --cn 'dbserver.mosudi'): 


root@ip-172-31-31-123:~# icinga2 pki ticket --cn 'dbserver.mosudi'
1620094f3a919b2f5c4a424e8a579d6bfc3fdaab

Please specify the request ticket generated on your Icinga 2 master.
 (Hint: # icinga2 pki ticket --cn 'dbserver.mosudi'): 1620094f3a919b2f5c4a424e8a579d6bfc3fdaab




root@ip-172-31-31-123:~# icinga2 object list --type Service

root@ip-172-31-31-123:~# icinga2 object list --type Host

root@ip-172-31-31-123:~# icinga2 node update-config 

root@ip-172-31-31-123:~# service icinga2 restart


The ICINGA2 Configuration

Let's see the playbook

Playbooks are Ansible’s configuration, deployment, and orchestration language. They can describe a policy you want your remote systems to enforce, or a set of steps in a general IT process.

If Ansible modules are the tools in your workshop, playbooks are your instruction manuals, and your inventory of hosts are your raw material.

The Playbook

- name: Create Ec2 Instances
  hosts: localhost
  connection: local
  gather_facts: False

  vars:
    # prefix for naming
    prefix: staging
    ec2_access_key: AKIAIAF7XXXXXXXXXXXX           	# Click here
    ec2_secret_key: VDELVxxxxxxxxxxxxxxxxxxxxxxxxx	# Click here
    ec2_region: us-west-2
    ec2_image: ami-6635cd06
#   ec2_image: ami-efd0428f
    ec2_instance_type: t2.micro
    ec2_keypair: mioxxxxxxxx				# Click here
    ec2_security_group: crossxxxxxxx			# Click here
    ec2_instance_count: 1
    ec2_vol_size: 25
    ec2_tag: mioansible2
#    ec2_volume_size: 26
    wait_for_port: 22

  tasks:
    - name: Provision of Ubuntu 14.04  AWS Instance and Demo Lab Setup of (ICINGA2 AND DOCKER CE) by Mosudi Isiaka
      ec2: 
        access_key="{{ ec2_access_key }}"
        secret_key="{{ ec2_secret_key }}"
        keypair="{{ ec2_keypair }}"
        group="{{ ec2_security_group }}"
        type="{{ ec2_instance_type }}"
        image="{{ ec2_image }}"
        region="{{ ec2_region }}"
        instance_tags="{'Name':'{{ ec2_tag }}'}"
        count="{{ ec2_instance_count }}"
        wait=true 
      register: ec2

    - name: Wait for SSH to come up
      wait_for:
        host: "{{ item.public_dns_name }}"
        port: 22
        delay: 60
        timeout: 320
        state: started
      with_items : "{{ ec2.instances }}"
      when: ec2 

    - name: accept new ssh fingerprints                                         
      shell: ssh-keyscan -H {{ item.public_ip }} >> ~/.ssh/known_hosts          
      with_items: '{{ ec2.instances }}'

#    - name: Add all instance public IPs to host group
    - name: Add all instance public IP Address to host group
      add_host: 
#       hostname: "{{ item.public_dns_name }}"
        hostname: "{{ item.public_ip }}"
        groups: ec2hosts
      with_items: "{{ ec2.instances }}"


##APPEND NEW EC2 HOSTNAME TO /ETC/ANSIBLE/HOSTS
    - name: Generate Inventory Parameters for new ec2 host
      lineinfile: dest=/etc/ansible/hosts line="{{ item.public_ip }} ansible_ssh_user=ubuntu  ansible_ssh_private_key_file=mioemi2000.pem  mysql_root_password=mysqlrootpassword" state=present
      with_items: "{{ ec2.instances }}"

### EDITING  web_lab_server.sh script
    - name: Replacing the public Hostname in web_lab_server.sh script
      lineinfile: 
        dest: webserver/web_lab_server.sh
        regexp: '^(.*)lab_gateway_public_hostname=(.*)$' 
        line: 'lab_gateway_public_hostname={{ item.public_dns_name }}'
        backrefs: yes
      with_items: "{{ ec2.instances }}"

    - name: Replacing the public IP Address in web_lab_server.sh script
      lineinfile: 
        dest: webserver/web_lab_server.sh
        regexp: '^(.*)lab_gateway_public_ip=(.*)$' 
        line: 'lab_gateway_public_ip={{ item.public_ip }}'
        backrefs: yes
      with_items: "{{ ec2.instances }}"

### EDITING  db_lab_server.sh script
    - name: Replacing the public Hostname in db_lab_server.sh script
      lineinfile: 
        dest: dbserver/db_lab_server.sh
        regexp: '^(.*)lab_gateway_public_hostname=(.*)$' 
        line: 'lab_gateway_public_hostname={{ item.public_dns_name }}'
        backrefs: yes
      with_items: "{{ ec2.instances }}"

    - name: Replacing the public Hostname in db_lab_server.sh script
      lineinfile: 
        dest: dbserver/db_lab_server.sh
        regexp: '^(.*)lab_gateway_public_ip=(.*)$' 
        line: 'lab_gateway_public_ip={{ item.public_ip }}'
        backrefs: yes
      with_items: "{{ ec2.instances }}"
 
  

  handlers:
    - name: delete access_key aws_cli
      lineinfile: 
        dest: backup_scripts/aws_cli.sh
        regexp: "^aws configure set aws_access_key_id(.*)$"
        line: "aws configure set aws_access_key_id XXXXXXXXXxxx ##will be modified by main.sh"
        backrefs: yes

    - name: delete secret_key aws_cli
      lineinfile: 
        dest: backup_scripts/aws_cli.sh
        regexp: "^aws configure set aws_secret_access_key(.*)$"
        line: "aws configure set aws_secret_access_key xxxxxxxxxxxxx ##will be modified by main.sh"
        backrefs: yes

    - name:  git add aws_cli.sh
      shell: bash -c "git add backup_scripts/aws_cli.sh > /dev/null 2>&1"



- name: configuration play
  hosts: ec2hosts
  user: ubuntu
  gather_facts: true


  vars:
    ansible_ssh_private_key_file: "/opt/mioxxxxxx.pem" 		# Click here
#    ec2_access_key ##will be modified by main.sh
#    ec2_secret_key ##will be modified by main.sh
 


  tasks:

#  UPDATE THE UBUNTU LINUX SERVER 

    - name: Only run "update_cache=yes" 
      become: yes
      become_method: sudo
      apt:
        update_cache: yes
        cache_valid_time: 86400
 

########################################################
###INCREASE VIRTUAL RAM
#We have got only 1GB RAM(AWS free tier), at least we have control over virtual RAM

#INCREASE VIRTUAL RAM

    - name: Create 1GB swap space
      become: yes
      become_method: sudo
      command: dd if=/dev/zero of=/swpapace.swp bs=1024 count=1M
      when: ansible_swaptotal_mb < 1

#Setup the swap file 
    - name: Setup the swap space
      become: yes
      become_method: sudo
      command: mkswap /swpapace.swp
      when: ansible_swaptotal_mb < 1
 
#Edit /etc/fstab
    - name: Add to fstab
      become: yes
      become_method: sudo
      action: lineinfile dest=/etc/fstab regexp="swpapace.swp" line="/swpapace.swp none swap sw 0 0" state=present

#Activate the swap space
    - name: Activate the swap space
      become: yes
      become_method: sudo
      command: swapon -a


    - name: Prepare Server
      become: yes
      become_method: sudo
      apt: "name={{item}} state=latest"
#     update_cache: yes
#     cache_valid_time: 86400
      with_items:
        - apache2
        - apt-show-versions
        - apt-transport-https
        - build-essential
        - ca-certificates
        - curl
        - fish
        - libapache2-mod-php5
        - libauthen-pam-perl
        - libio-pty-perl
        - libnet-ssleay-perl
        - libpam-runtime
        - mysql-server
        - openssl
        - perl
        - php5-imagick
        - php5-intl
        - php5-ldap
        - php5-mcrypt    
        - php5-mysql
        - php5-pgsql
        - python
        - python-apt
        - python-mysqldb
        - python-pip  
        - python-software-properties
        - software-properties-common
        - vim
        - wget

    - name: Configure mcrypt 
      become: yes
      become_method: sudo
      shell: " php5enmod mcrypt "


## ADDING ICINGA2 AND DOCKER REPOSITORIES AS WELL AS UPDATING REPO.
    - name: Adding Docker Repository "APK-KEY" 
      become: yes
      become_method: sudo
      shell: "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - "


    - name: Adding Docker Repo
      become: yes
      become_method: sudo
      apt_repository:
        repo: deb https://download.docker.com/linux/ubuntu trusty stable
        state: present


    - name: Adding Icinga2 Repository "APK-KEY" 
      become: yes
      become_method: sudo
      shell: "wget -O - https://packages.icinga.com/icinga.key | apt-key add - "


    - name: Adding Icinga2 Repo DEB
      become: yes
      become_method: sudo
      apt_repository:
        repo: deb http://packages.icinga.com/ubuntu icinga-trusty main
        state: present

    - name: Adding Icinga2 Repo SRC
      become: yes
      become_method: sudo
      apt_repository:
        repo: deb-src http://packages.icinga.com/ubuntu icinga-trusty main
        state: present

    - name: Update Repository after adding docker and icinga2 repositories
      become: yes
      become_method: sudo
      apt:
        update_cache: yes

#SERVER CONFIGURATION

    - name: Edit PHP Timezone
      become: yes
      become_method: sudo
      action: lineinfile dest=/etc/php5/apache2/php.ini regexp=";date.timezone =       " line="date.timezone =Africa/Lagos " state=present
      notify:
        - restart apache2

    - name: Set timezone to Africa/Lagos
      become: yes
      become_method: sudo
      copy: content='Africa/Lagos\n'
            dest=/etc/timezone
            owner=root
            group=root
            mode=0644
            backup=yes
      notify: update timezone


    - name: Installing the package  "awscli"
      become: yes
      become_method: sudo
      shell: pip install awscli    

    - name: Install Docker, Icinga, phpmyadmin
      become: yes
      become_method: sudo
      apt: "name={{item}} state=latest"
#     update_cache: yes
#     cache_valid_time: 86400
      with_items:
        - docker-ce
        - icinga2
        - icinga2-ido-mysql
        - icingacli 
        - icingaweb2
        - mysql-client
        - nagios-plugins
        - phpmyadmin

#### SETUP DOCKER
    - name: Creating docker group if it doesnt exist
      become: yes
      become_method: sudo
      group: name=docker state=present

    - name: Running Docker without sudo
      become: yes
      become_method: sudo
      command: usermod -a -G docker {{ ansible_ssh_user }}

#################################################################
### SETUP LAB DOCKER CONTAINERS FOR ICINGA2 CLIENTS

    - name:  Changing directory and Clone Ubuntu 14.0 Dockerfile
      shell: bash -c "git clone https://github.com/dockerfile/ubuntu.git"
      args:
        chdir: /home/ubuntu/

    - name:  Backup Original Dockerfile
      shell: bash -c "mv Dockerfile  Dockerfile_backup"
      args:
        chdir: /home/ubuntu/ubuntu 

    - name: Creating Backup Directory For Icinga2 master database
      become: yes
      become_method: sudo
      command: bash -c "mkdir /root/backup && mkdir /root/backup/icinga2master"


    - name: Creating Backup Directory For Icinga 2 client/satellite node dbserver
      become: yes
      become_method: sudo
      command: bash -c "mkdir /root/backup/dbserver"


    - name: Creating Backup Script Directory 
      become: yes
      become_method: sudo
      command: bash -c " mkdir /root/backup_scripts"


    - name: Fetch Icinga2 Master Database Backup Script
      become: yes
      become_method: sudo
      copy: src=backup_scripts/icinga2master_dbbackup.sh dest=/root/backup_scripts/icinga2master_dbbackup.sh mode=0777


    - name: Fetch Icinga2 Database Server Backup Script
      become: yes
      become_method: sudo
      copy: src=backup_scripts/dbserverbackup.sh dest=/root/backup_scripts/dbserverbackup.sh mode=0777

    - name: Fetch Amazon S3 Backup Script
      become: yes
      become_method: sudo
      copy: src=backup_scripts/s3backupscript.sh dest=/root/backup_scripts/s3backupscript.sh mode=0777

    - name: Fetch Amazon AWS CLI Configuration Script
      become: yes
      become_method: sudo
      copy: src=backup_scripts/aws_cli.sh dest=/root/backup_scripts/aws_cli.sh mode=0777
#     notify:
#       - delete access_key aws_cli 
#       - delete secret_key aws_cli 
#       - git add aws_cli.sh
#notify: delete access_key aws_cli 
#notify: delete secret_key aws_cli 
#notify: git add aws_cli.sh 



    - name: Fetch Amazon S3 Backup CRON Script
      become: yes
      become_method: sudo
      copy: src=backup_scripts/cron_job dest=/root/backup_scripts/cron_job mode=0777

    - name: Configure aws CLI  
      become: yes
      become_method: sudo
      command: bash -c " /root/backup_scripts/aws_cli.sh "

    - name: Creating Bucket named "imosudi"  
      become: yes
      become_method: sudo
      command: bash -c " aws s3 mb s3://imosudi "

    - name: Setup CRON JOB  
      become: yes
      become_method: sudo
      command: bash -c " crontab /root/backup_scripts/cron_job "

    - name: Update all packages to the latest version
      become: yes
      become_method: sudo
      apt:
        upgrade: dist



#notify: git commit project



### LAB APACHE WEB SERVER
    - name: Replace with WebDockerfile
      become: yes
      become_method: sudo
      copy: src=webserver/WebDockerfile dest=/home/ubuntu/ubuntu/Dockerfile mode=0777

    - name:  Building Ubuntu 14.04 Apache2 Web server  dockerfile
      become: yes
      become_method: sudo 
      shell: bash -c 'docker build -t="dockerfile/ubuntu" /home/ubuntu/ubuntu/'
      args:
        chdir: /home/ubuntu/

    - name: Fetch web_lab_server.sh for configuration webserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=webserver/web_lab_server.sh dest=/home/ubuntu/web_lab_server.sh mode=0777

    - name: Fetch host.conf for Icinga2 configuration webserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=webserver/webhosts.conf dest=/home/ubuntu/webhosts.conf mode=0777

    - name: Fetch services.conf for Icinga2 configuration webserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=webserver/webservices.conf dest=/home/ubuntu/webservices.conf mode=0777

    - name: Creating ubuntu 14.04 Apache2 Web server docker container with hostname webserver.mosudi
      become: yes
      become_method: sudo 
      shell: /home/ubuntu/web_lab_server.sh
      args:
        chdir: /home/ubuntu/
#     register: web_lab_container




### LAB MYSQL DB SERVER
    - name: Replace with DBDockerfile
      become: yes
      become_method: sudo
      copy: src=dbserver/DBDockerfile dest=/home/ubuntu/ubuntu/Dockerfile mode=0777

    - name: Building Ubuntu 14.04 Mysql DB server  dockerfile 
      become: yes
      become_method: sudo
      shell: bash -c 'docker build -t="dockerfile/ubuntu" /home/ubuntu/ubuntu/'
      args:
        chdir: /home/ubuntu/

    - name: Fetch db_lab_server.sh for configuration dbserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=dbserver/db_lab_server.sh dest=/home/ubuntu/db_lab_server.sh mode=0777


    - name: Fetch host.conf for Icinga2 configuration dbserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=dbserver/dbhosts.conf dest=/home/ubuntu/dbhosts.conf mode=0777

    - name: Fetch services.conf for Icinga2 configuration dbserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=dbserver/dbservices.conf dest=/home/ubuntu/dbservices.conf mode=0777

    - name: Fetch create_icinga2db.sh for Icinga2 configuration dbserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=dbserver/create_icinga2db.sh dest=/home/ubuntu/create_icinga2db.sh mode=0777


    - name: Creating ubuntu 14.04 Mysql Database server docker container with hostname dbserver.mosudi
      become: yes
      become_method: sudo 
      shell: /home/ubuntu/db_lab_server.sh
      args:
        chdir: /home/ubuntu/
#      register: db_lab_container


########## ICINGA2 MASTER
    - name: Setting Up Icinga2 DB root password
      become: yes
      become_method: sudo
      script: create_icinga2db.sh
      #script will reside within the Ansible master


    - name: Start mysql service
      become: yes
      become_method: sudo
      service: name=mysql state=reloaded

    - name: Start Apache2 service
      become: yes
      become_method: sudo
      service: name=apache2 state=reloaded

    - name: Start Icinga2
      become: yes
      become_method: sudo
      command: "icinga2 daemon -C"

    - name: Enable Icinga2 features
      become: yes
      become_method: sudo
      command: "icinga2 feature enable ido-mysql statusdata command perfdata"

    - name: Restart icinga2
      become: yes
      become_method: sudo
      service: name=icinga2 state=reloaded

    - name: Creating Group Nagios 
      become: yes
      become_method: sudo
      command: addgroup --system nagios
    - name: Adding Nagios and also www-data
      become: yes
      become_method: sudo
      command: usermod -a -G nagios www-data
    - name: Setup config directory
      become: yes
      become_method: sudo
      command: "icingacli setup config directory --group nagios"

    - name: Making Icinga2 Web Folder Writeable
      become: yes
      become_method: sudo
      command: chmod -R 777 /etc/icingaweb2/
#     command: bash -c "chcon -R -t httpd_sys_content_t /etc/icingaweb2/"
#     notify:
#       - start icinga2
#       - start mysql
#       - start apache2

    - name: Start Apace2 service
      become: yes
      become_method: sudo
      service: name=apache2 state=reloaded

    - name: Create Icinga2 Web Token
      become: yes
      become_method: sudo
      command: icingacli setup token create

    - name: Create Icinga2 Web Token
      become: yes
      become_method: sudo
      command: bash -c "icingacli setup token show | cut -d':' -f2 | sed -e 's/^[ \t]*//'"
      register: out
    - name: Ido-mysql database username
      become: yes
      become_method: sudo
      command: bash -c "grep user /etc/icinga2/features-enabled/ido-mysql.conf | tr -d ','| cut -d'=' -f2"
      register: ido_db_username

    - name: Ido-mysql database dbname
      become: yes
      become_method: sudo
      command: bash -c "grep database /etc/icinga2/features-enabled/ido-mysql.conf | tr -d ','| cut -d'=' -f2 "
      register: ido_db_name
      
    - name: Ido-mysql database password
      become: yes
      become_method: sudo
      command: bash -c "grep password /etc/icinga2/features-enabled/ido-mysql.conf | tr -d ','| cut -d'=' -f2"
      register: ido_db_password

    - name: Ido-mysql database host
      become: yes
      become_method: sudo
      command: bash -c "grep host /etc/icinga2/features-enabled/ido-mysql.conf | tr -d ','| cut -d'=' -f2"
      register: ido_db_host

    - name: Icinga2 Web Token
      debug: var=out.stdout_lines

    - name: Ido-mysql database username
      debug: var=ido_db_username.stdout_lines

    - name: Ido-mysql database dbname
      debug: var=ido_db_name.stdout_lines

    - name: Ido-mysql database password
      debug: var=ido_db_password.stdout_lines

    - name: Ido-mysql database host
      debug: var=ido_db_host.stdout_lines


  handlers:
    - name: update timezone
      become: yes
      become_method: sudo
      command: dpkg-reconfigure --frontend noninteractive tzdata

 



Did I hear you say "so loooonnnggg !"

Not too worry, I am going to break it down for you. In actual fact, a professional Ansible playbook would have been divided into several "roles","hosts",etc as the case might be.

NOW LETS BREAK IT DOWN

Creating Ubuntu LTS 14.04 Server ec2 instance on Amazon Web Service



- name: Create Ec2 Instances
  hosts: localhost
  connection: local
  gather_facts: False

  vars:
    # prefix for naming
    prefix: staging
    ec2_access_key: AKIAIAF7XXXXXXXXXXXX           	# Click here
    ec2_secret_key: VDELVxxxxxxxxxxxxxxxxxxxxxxxxx	# Click here
    ec2_region: us-west-2
    ec2_image: ami-6635cd06
#   ec2_image: ami-efd0428f
    ec2_instance_type: t2.micro
    ec2_keypair: mioxxxxxxxx				# Click here
    ec2_security_group: crossxxxxxxx			# Click here
    ec2_instance_count: 1
    ec2_vol_size: 25
    ec2_tag: mioansible2
#    ec2_volume_size: 26
    wait_for_port: 22

  tasks:
    - name: Provision of Ubuntu 14.04  AWS Instance and Demo Lab Setup of (ICINGA2 AND DOCKER CE) by Mosudi Isiaka
      ec2: 
        access_key="{{ ec2_access_key }}"
        secret_key="{{ ec2_secret_key }}"
        keypair="{{ ec2_keypair }}"
        group="{{ ec2_security_group }}"
        type="{{ ec2_instance_type }}"
        image="{{ ec2_image }}"
        region="{{ ec2_region }}"
        instance_tags="{'Name':'{{ ec2_tag }}'}"
        count="{{ ec2_instance_count }}"
        wait=true 
      register: ec2



NB: You need Amazon webservices account for you to create an ec2 instance. You might want to visit https://aws.amazon.com/ if you do not have an account.
There are four(4) fundamental security requirements for you to succesfully create ec2 instance(s)
  1. access_key
  2. secret_key
  3. ec2_keypair
  4. ec2_security_group
Also, ec2_image and ec2_instance_type are equally basic requirements for ec2 instance launch. Feel free to search for any of these terms on the AWS documentation website https://aws.amazon.com/documentation/. A very important index to note is ec2_instance_count, the number count determines how many of this server we want to launch. The task "ec2" launches the instance using the avaialable parameter while the task "register: ec2" registers the created instance in the memory for address

Tactical monitoring of the new instance via ssh while waiting for further commands to be forwarded until the instance is up and running



    - name: Wait for SSH to come up
      wait_for:
        host: "{{ item.public_dns_name }}"
        port: 22
        delay: 60
        timeout: 320
        state: started
      with_items : "{{ ec2.instances }}"
      when: ec2 


Creating ssh fingerprints for the newly created server and adding server to new host group, ec2hosts


  - name: accept new ssh fingerprints                                         
      shell: ssh-keyscan -H {{ item.public_ip }} >> ~/.ssh/known_hosts          
      with_items: '{{ ec2.instances }}'

#    - name: Add all instance public IPs to host group

    - name: Add all instance public names to host group
      add_host: 
#       hostname: "{{ item.public_dns_name }}"
        hostname: "{{ item.public_ip }}"
        groups: ec2hosts
      with_items: "{{ ec2.instances }}"


Adding the newly created server to the inventory with necessary parameters


##APPEND NEW EC2 HOSTNAME TO /ETC/ANSIBLE/HOSTS
    - name: Generate Inventory Parameters for new ec2 host
      lineinfile: dest=/etc/ansible/hosts line="{{ item.public_ip }} ansible_ssh_user=ubuntu  ansible_ssh_private_key_file=/opt/mioxxxxxx.pem  mysql_root_password=mysqlrootpassword" state=present
      with_items: "{{ ec2.instances }}"

Modify configuration scripts



### EDITING  web_lab_server.sh script
    - name: Replacing the public Hostname in web_lab_server.sh script
      lineinfile: 
        dest: webserver/web_lab_server.sh
        regexp: '^(.*)lab_gateway_public_hostname=(.*)$' 
        line: 'lab_gateway_public_hostname={{ item.public_dns_name }}'
        backrefs: yes
      with_items: "{{ ec2.instances }}"

    - name: Replacing the public IP Address in web_lab_server.sh script
      lineinfile: 
        dest: webserver/web_lab_server.sh
        regexp: '^(.*)lab_gateway_public_ip=(.*)$' 
        line: 'lab_gateway_public_ip={{ item.public_ip }}'
        backrefs: yes
      with_items: "{{ ec2.instances }}"

### EDITING  db_lab_server.sh script
    - name: Replacing the public Hostname in db_lab_server.sh script
      lineinfile: 
        dest: dbserver/db_lab_server.sh
        regexp: '^(.*)lab_gateway_public_hostname=(.*)$' 
        line: 'lab_gateway_public_hostname={{ item.public_dns_name }}'
        backrefs: yes
      with_items: "{{ ec2.instances }}"

    - name: Replacing the public Hostname in db_lab_server.sh script
      lineinfile: 
        dest: dbserver/db_lab_server.sh
        regexp: '^(.*)lab_gateway_public_ip=(.*)$' 
        line: 'lab_gateway_public_ip={{ item.public_ip }}'
        backrefs: yes
      with_items: "{{ ec2.instances }}"
 
  

  handlers:
    - name: delete access_key aws_cli
      lineinfile: 
        dest: backup_scripts/aws_cli.sh
        regexp: "^aws configure set aws_access_key_id(.*)$"
        line: "aws configure set aws_access_key_id XXXXXXXXXxxx ##will be modified by main.sh"
        backrefs: yes

    - name: delete secret_key aws_cli
      lineinfile: 
        dest: backup_scripts/aws_cli.sh
        regexp: "^aws configure set aws_secret_access_key(.*)$"
        line: "aws configure set aws_secret_access_key xxxxxxxxxxxxx ##will be modified by main.sh"
        backrefs: yes

    - name:  git add aws_cli.sh
      shell: bash -c "git add backup_scripts/aws_cli.sh > /dev/null 2>&1"



Taking over control of the newly launched instance



- name: configuration play
  hosts: ec2hosts
  user: ubuntu
  gather_facts: true


  vars:
    ansible_ssh_private_key_file: "/opt/mioxxxxxx.pem" 		# Click here
#    ec2_access_key ##will be modified by main.sh
#    ec2_secret_key ##will be modified by main.sh
 


  tasks:

#  UPDATE THE UBUNTU LINUX SERVER 

    - name: Only run "update_cache=yes" 
      become: yes
      become_method: sudo
      apt:
        update_cache: yes
        cache_valid_time: 86400



We have got only 1GB RAM(AWS free tier), at least we have control over virtual RAM.



###INCREASE VIRTUAL RAM
#We have got only 1GB RAM(AWS free tier), at least we have control over virtual RAM

#INCREASE VIRTUAL RAM

    - name: Create 1GB swap space
      become: yes
      become_method: sudo
      command: dd if=/dev/zero of=/swpapace.swp bs=1024 count=1M
      when: ansible_swaptotal_mb < 1

#Setup the swap file 
    - name: Setup the swap space
      become: yes
      become_method: sudo
      command: mkswap /swpapace.swp
      when: ansible_swaptotal_mb < 1
 
#Edit /etc/fstab
    - name: Add to fstab
      become: yes
      become_method: sudo
      action: lineinfile dest=/etc/fstab regexp="swpapace.swp" line="/swpapace.swp none swap sw 0 0" state=present

#Activate the swap space
    - name: Activate the swap space
      become: yes
      become_method: sudo
      command: swapon -a



Instance Update, Upgrade and installation of basic and prerequisites software suite making the instance suitable for further configurations


    - name: Prepare Server
      become: yes
      become_method: sudo
      apt: "name={{item}} state=latest"
#     update_cache: yes
#     cache_valid_time: 86400
      with_items:
        - apache2
        - apt-show-versions
        - apt-transport-https
        - build-essential
        - ca-certificates
        - curl
        - fish
        - libapache2-mod-php5
        - libauthen-pam-perl
        - libio-pty-perl
        - libnet-ssleay-perl
        - libpam-runtime
        - mysql-server
        - openssl
        - perl
        - php5-imagick
        - php5-intl
        - php5-ldap
        - php5-mcrypt    
        - php5-mysql
        - php5-pgsql
        - python
        - python-apt
        - python-mysqldb
        - python-pip  
        - python-software-properties
        - software-properties-common
        - vim
        - wget


Configure mcrypt


    - name: Configure mcrypt 
      become: yes
      become_method: sudo
      shell: " php5enmod mcrypt "


Adding Docker and Icinga2 repositories


## ADDING ICINGA2 AND DOCKER REPOSITORIES AS WELL AS UPDATING REPO.
    - name: Adding Docker Repository "APK-KEY" 
      become: yes
      become_method: sudo
      shell: "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - "


    - name: Adding Docker Repo
      become: yes
      become_method: sudo
      apt_repository:
        repo: deb https://download.docker.com/linux/ubuntu trusty stable
        state: present


    - name: Adding Icinga2 Repository "APK-KEY" 
      become: yes
      become_method: sudo
      shell: "wget -O - https://packages.icinga.com/icinga.key | apt-key add - "


    - name: Adding Icinga2 Repo DEB
      become: yes
      become_method: sudo
      apt_repository:
        repo: deb http://packages.icinga.com/ubuntu icinga-trusty main
        state: present

    - name: Adding Icinga2 Repo SRC
      become: yes
      become_method: sudo
      apt_repository:
        repo: deb-src http://packages.icinga.com/ubuntu icinga-trusty main
        state: present

    - name: Update Repository after adding docker and icinga2 repositories
      become: yes
      become_method: sudo
      apt:
        update_cache: yes




Timezone configuration by editing /etc/php5/apache2/php.ini



    - name: Edit PHP Timezone
      become: yes
      become_method: sudo
      action: lineinfile dest=/etc/php5/apache2/php.ini regexp=";date.timezone =       " line="date.timezone =Africa/Lagos " state=present
      notify:
        - restart apache2

    - name: Set timezone to Africa/Lagos
      become: yes
      become_method: sudo
      copy: content='Africa/Lagos\n'
            dest=/etc/timezone
            owner=root
            group=root
            mode=0644
            backup=yes
      notify: update timezone

Installing Amazon webservices command line interface- awscli



    - name: Installing the package  "awscli"
      become: yes
      become_method: sudo
      shell: pip install awscli    


Installation of Docker, Icinga2, icingaweb2, icingacli, phpmyadmin, icinga2-ido-mysql with nagios-plugins


    - name: Install Docker, Icinga, phpmyadmin
      become: yes
      become_method: sudo
      apt: "name={{item}} state=latest"
#     update_cache: yes
#     cache_valid_time: 86400
      with_items:
        - docker-ce
        - icinga2
        - icinga2-ido-mysql
        - icingacli 
        - icingaweb2
        - mysql-client
        - nagios-plugins
        - phpmyadmin

Group and username manipulation for Docker CE to allow the instance user, "ubuntu" to run Docker with sudo



    - name: Creating docker group if it doesnt exist
      become: yes
      become_method: sudo
      group: name=docker state=present

    - name: Running Docker without sudo
      become: yes
      become_method: sudo
      command: usermod -a -G docker {{ ansible_ssh_user }}


Building Docker File and building ubuntu docker containers



#################################################################
### SETUP LAB DOCKER CONTAINERS FOR ICINGA2 CLIENTS

    - name:  Changing directory and Clone Ubuntu 14.0 Dockerfile
      shell: bash -c "git clone https://github.com/dockerfile/ubuntu.git"
      args:
        chdir: /home/ubuntu/

    - name:  Backup Original Dockerfile
      shell: bash -c "mv Dockerfile  Dockerfile_backup"
      args:
        chdir: /home/ubuntu/ubuntu 

    - name: Creating Backup Directory For Icinga2 master database
      become: yes
      become_method: sudo
      command: bash -c "mkdir /root/backup && mkdir /root/backup/icinga2master"


    - name: Creating Backup Directory For Icinga 2 client/satellite node dbserver
      become: yes
      become_method: sudo
      command: bash -c "mkdir /root/backup/dbserver"


    - name: Creating Backup Script Directory 
      become: yes
      become_method: sudo
      command: bash -c " mkdir /root/backup_scripts"


    - name: Fetch Icinga2 Master Database Backup Script
      become: yes
      become_method: sudo
      copy: src=backup_scripts/icinga2master_dbbackup.sh dest=/root/backup_scripts/icinga2master_dbbackup.sh mode=0777


    - name: Fetch Icinga2 Database Server Backup Script
      become: yes
      become_method: sudo
      copy: src=backup_scripts/dbserverbackup.sh dest=/root/backup_scripts/dbserverbackup.sh mode=0777

    - name: Fetch Amazon S3 Backup Script
      become: yes
      become_method: sudo
      copy: src=backup_scripts/s3backupscript.sh dest=/root/backup_scripts/s3backupscript.sh mode=0777

    - name: Fetch Amazon AWS CLI Configuration Script
      become: yes
      become_method: sudo
      copy: src=backup_scripts/aws_cli.sh dest=/root/backup_scripts/aws_cli.sh mode=0777
#     notify:
#       - delete access_key aws_cli 
#       - delete secret_key aws_cli 
#       - git add aws_cli.sh
#notify: delete access_key aws_cli 
#notify: delete secret_key aws_cli 
#notify: git add aws_cli.sh 



    - name: Fetch Amazon S3 Backup CRON Script
      become: yes
      become_method: sudo
      copy: src=backup_scripts/cron_job dest=/root/backup_scripts/cron_job mode=0777

    - name: Configure aws CLI  
      become: yes
      become_method: sudo
      command: bash -c " /root/backup_scripts/aws_cli.sh "

    - name: Creating Bucket named "imosudi"  
      become: yes
      become_method: sudo
      command: bash -c " aws s3 mb s3://imosudi "

    - name: Setup CRON JOB  
      become: yes
      become_method: sudo
      command: bash -c " crontab /root/backup_scripts/cron_job "

    - name: Update all packages to the latest version
      become: yes
      become_method: sudo
      apt:
        upgrade: dist



#notify: git commit project



### LAB APACHE WEB SERVER
    - name: Replace with WebDockerfile
      become: yes
      become_method: sudo
      copy: src=webserver/WebDockerfile dest=/home/ubuntu/ubuntu/Dockerfile mode=0777

    - name:  Building Ubuntu 14.04 Apache2 Web server  dockerfile
      become: yes
      become_method: sudo 
      shell: bash -c 'docker build -t="dockerfile/ubuntu" /home/ubuntu/ubuntu/'
      args:
        chdir: /home/ubuntu/

    - name: Fetch web_lab_server.sh for configuration webserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=webserver/web_lab_server.sh dest=/home/ubuntu/web_lab_server.sh mode=0777

    - name: Fetch host.conf for Icinga2 configuration webserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=webserver/webhosts.conf dest=/home/ubuntu/webhosts.conf mode=0777

    - name: Fetch services.conf for Icinga2 configuration webserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=webserver/webservices.conf dest=/home/ubuntu/webservices.conf mode=0777

    - name: Creating ubuntu 14.04 Apache2 Web server docker container with hostname webserver.mosudi
      become: yes
      become_method: sudo 
      shell: /home/ubuntu/web_lab_server.sh
      args:
        chdir: /home/ubuntu/
#     register: web_lab_container




### LAB MYSQL DB SERVER
    - name: Replace with DBDockerfile
      become: yes
      become_method: sudo
      copy: src=dbserver/DBDockerfile dest=/home/ubuntu/ubuntu/Dockerfile mode=0777

    - name: Building Ubuntu 14.04 Mysql DB server  dockerfile 
      become: yes
      become_method: sudo
      shell: bash -c 'docker build -t="dockerfile/ubuntu" /home/ubuntu/ubuntu/'
      args:
        chdir: /home/ubuntu/

    - name: Fetch db_lab_server.sh for configuration dbserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=dbserver/db_lab_server.sh dest=/home/ubuntu/db_lab_server.sh mode=0777


    - name: Fetch host.conf for Icinga2 configuration dbserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=dbserver/dbhosts.conf dest=/home/ubuntu/dbhosts.conf mode=0777

    - name: Fetch services.conf for Icinga2 configuration dbserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=dbserver/dbservices.conf dest=/home/ubuntu/dbservices.conf mode=0777

    - name: Fetch create_icinga2db.sh for Icinga2 configuration dbserver.mosudi docker container
      become: yes
      become_method: sudo
      copy: src=dbserver/create_icinga2db.sh dest=/home/ubuntu/create_icinga2db.sh mode=0777


    - name: Creating ubuntu 14.04 Mysql Database server docker container with hostname dbserver.mosudi
      become: yes
      become_method: sudo 
      shell: /home/ubuntu/db_lab_server.sh
      args:
        chdir: /home/ubuntu/
#      register: db_lab_container


Mysql Server root password configuration


########## ICINGA2 MASTER
    - name: Setting Up Icinga2 DB root password
      become: yes
      become_method: sudo
      script: create_icinga2db.sh
      #script will reside within the Ansible master


Restarting service, mysql



    - name: Start mysql service
      become: yes
      become_method: sudo
      service: name=mysql state=reloaded


Restarting service, apache2



    - name: Start Apache2 service
      become: yes
      become_method: sudo
      service: name=apache2 state=reloaded


Starting Icinga2 daemon



    - name: Start Icinga2
      become: yes
      become_method: sudo
      command: "icinga2 daemon -C"


Enable Icinga2 feature: ido-mysql, statusdata, command, perfdata


    - name: Enable Icinga2 features
      become: yes
      become_method: sudo
      command: "icinga2 feature enable ido-mysql statusdata command perfdata"


Restarting service, icinga2 after enabling Icinga2 features



    - name: Restart icinga2
      become: yes
      become_method: sudo
      service: name=icinga2 state=reloaded


Creating group name nagios, this will be required by the Nagios plugins


    - name: Creating Group Nagios 
      become: yes
      become_method: sudo
      command: addgroup --system nagios


Adding username www-data to the group, nagios


    - name: Adding Nagios and also www-data
      become: yes
      become_method: sudo
      command: usermod -a -G nagios www-data


Configuration of icingaweb2 using the icingacli installed earlier



   - name: Setup config directory
      become: yes
      become_method: sudo
      command: "icingacli setup config directory --group nagios"


Configuration of icingaweb2 directory


    - name: Making Icinga2 Web Folder Writeable
      become: yes
      become_method: sudo
      command: chmod -R 777 /etc/icingaweb2/
#     command: bash -c "chcon -R -t httpd_sys_content_t /etc/icingaweb2/"
#     notify:
#       - start icinga2
#       - start mysql
#       - start apache2


Restarting service, icinga2 after enabling Icinga2 features



    - name: Restart icinga2
      become: yes
      become_method: sudo
      service: name=icinga2 state=reloaded


Restarting service, apache2


    - name: Start Apache2 service
      become: yes
      become_method: sudo
      service: name=apache2 state=reloaded


Create Icinga2 Web Token


    - name: Create Icinga2 Web Token
      become: yes
      become_method: sudo
      command: icingacli setup token create


Lets have Icinga2 Web Token with bit of other relevant info at the console


    - name: Create Icinga2 Web Token
      become: yes
      become_method: sudo
      command: bash -c "icingacli setup token show | cut -d':' -f2 | sed -e 's/^[ \t]*//'"
      register: out
      
    - debug: var=out.stdout_lines


Lets generate Ido-mysql database needed variables(db: user, name, password & host) and echo them at the console


    - name: Ido-mysql database username
      become: yes
      become_method: sudo
      command: bash -c "grep user /etc/icinga2/features-enabled/ido-mysql.conf | tr -d ','| cut -d'=' -f2"
      register: ido_db_username

    - name: Ido-mysql database dbname
      become: yes
      become_method: sudo
      command: bash -c "grep database /etc/icinga2/features-enabled/ido-mysql.conf | tr -d ','| cut -d'=' -f2 "
      register: ido_db_name
      
    - name: Ido-mysql database password
      become: yes
      become_method: sudo
      command: bash -c "grep password /etc/icinga2/features-enabled/ido-mysql.conf | tr -d ','| cut -d'=' -f2"
      register: ido_db_password

    - name: Ido-mysql database host
      become: yes
      become_method: sudo
      command: bash -c "grep host /etc/icinga2/features-enabled/ido-mysql.conf | tr -d ','| cut -d'=' -f2"
      register: ido_db_host

    - name: Icinga2 Web Token
      debug: var=out.stdout_lines

    - name: Ido-mysql database username
      debug: var=ido_db_username.stdout_lines

    - name: Ido-mysql database dbname
      debug: var=ido_db_name.stdout_lines

    - name: Ido-mysql database password
      debug: var=ido_db_password.stdout_lines

    - name: Ido-mysql database host
      debug: var=ido_db_host.stdout_lines


Reconfigure tz data


  handlers:
    - name: update timezone
      become: yes
      become_method: sudo
      command: dpkg-reconfigure --frontend noninteractive tzdata

Voi-la ! that is the playbook for you.

But that is not the end of the story. You have to start by modifying the playbook providing the needed variables from your aws account. Then creating the configuration files and scripts, there goes main.sh script:

main.sh


#!/bin/bash

#This scipt modify my deploment Ansible playbook, # providing very much needed AWSAccessKeyId and AWSSecretKey. 
#The Ansible playbook should be named/renamed "deployment.yaml"

#This funtion will create all the required files and folders the automation process. It will also modify the AWS CLI setup script,
# providing very much needed AWSAccessKeyId and AWSSecretKey. 

function deploy {
rm -rf webserver  > /dev/null 2>&1 && mkdir webserver  && rm -rf dbserver  > /dev/null 2>&1 && mkdir dbserver && rm -rf backup_scripts  > /dev/null 2>&1 && mkdir backup_scripts 
git add webserver/  > /dev/null 2>&1
git add dbserver/  > /dev/null 2>&1
git add backup_scripts/  > /dev/null 2>&1
 
cat <<EOF >   create_icinga2db.sh
#!/bin/bash

password=mysqlrootpassword

mysqladmin -u root password $password

EOF


chmod +x  create_icinga2db.sh

cp  create_icinga2db.sh  dbserver/create_icinga2db.sh

git add  create_icinga2db.sh  > /dev/null 2>&1

cat <<EOF >   webserver/WebDockerfile 

#
# Ubuntu Dockerfile
#
# https://github.com/dockerfile/ubuntu
#
## MOSUDI Using Ubuntu 14.04 aws ec2 instance 
## MOSUDI cd /home/ubuntu/
## MOSUDI git clone github.com/dockerfile/ubuntu
## MOSUDI mv /home/ubuntu/ubuntu/dockerfile  /home/ubuntu/ubuntu/dockerfile_backup
## MOSUDI mv /home/ubuntu/WebDockerfile  /home/ubuntu/ubuntu/dockerfile
## MOSUDI docker build -t="dockerfile/ubuntu" /home/ubuntu/ubuntu/
## MOSUDI docker run -itd --rm dockerfile/ubuntu

# Pull base image.
FROM ubuntu:14.04

#ARG DEBIAN_FRONTEND=noninteractive

# Install.
RUN \
  sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && \
  apt-get update && \
  apt-get -y upgrade && \
  apt-get install -y \
		build-essential \
		byobu \
		curl \
		git \
		htop \
		man \
		python-software-properties \
		software-properties-common \ 
		unzip \
		vim \
		wget \

  && wget -O - https://packages.icinga.com/icinga.key | apt-key add -  
RUN echo "deb http://packages.icinga.com/ubuntu icinga-trusty main " >> /etc/apt/sources.list
RUN echo "deb-src http://packages.icinga.com/ubuntu icinga-trusty main " >> /etc/apt/sources.list  && \
 apt-get update && apt-get install -y \
		apache2 \
		bash-completion \
		icinga2 \
                nagios-plugins  \
		openssh-server \
		php5 \
		php5-intl \
		php5-mcrypt php5-imagick  \
		python \
		tzdata \
#RUN sed -i 's/;date.timezone =/date.timezone = Africa\/Lagos/g' /etc/php5/apache2/php.ini && \
  && icinga2 daemon -C && \
  service apache2 start -C && \
 
# END OF ADDED LINES
  rm -rf /var/lib/apt/lists/*

# Add files.
ADD root/.bashrc /root/.bashrc
ADD root/.gitconfig /root/.gitconfig
ADD root/.scripts /root/.scripts

# Set environment variables.
ENV HOME /root

# Define working directory.
WORKDIR /root

# Define default command.
CMD ["bash"]


EOF

git add webserver/WebDockerfile  > /dev/null 2>&1

cat <<EOF >   webserver/web_lab_server.sh
#!/bin/bash

docker run -itd --rm dockerfile/ubuntu > web_lab

web_lab="$(cat web_lab )" 
docker commit  $web_lab mosudi/webserver  > /dev/null 2>&1 
docker run -h webserver.mosudi -p 800:80 -p 223:22 -itd mosudi/webserver /bin/bash >web_lab_container
web_lab_container="$(cat web_lab_container )"
docker inspect $web_lab_container  | grep Hostname | grep -v null| cut -d '"' -f 4 | tail -1 >web_lab_container_hostname 
web_lab_container_hostname="$(cat web_lab_container_hostname)"
docker inspect $web_lab_container  | grep IPAddress | grep -v null| cut -d '"' -f 4 | head -1 >web_lab_container_ip
web_lab_container_ip="$( cat web_lab_container_ip)"
echo "$(cat web_lab_container_ip)    $(cat web_lab_container_hostname) " >> /etc/hosts
docker exec -it $web_lab_container bash -c "echo '$web_lab_container_ip    $web_lab_container_hostname '  >> /etc/hosts"
docker inspect $web_lab_container | grep Gateway | grep -v null| cut -d '"' -f 4 | head -1 >lab_gateway_ip
lab_gateway_ip="$(cat lab_gateway_ip)"
lab_gateway_public_hostname=
lab_gateway_public_ip=
lab_gateway_hostname="$(hostname -f)"
docker exec -it $web_lab_container bash -c "echo '$lab_gateway_ip    $lab_gateway_hostname '  >> /etc/hosts"

docker exec -it $web_lab_container bash -c "echo '$lab_gateway_public_ip    $lab_gateway_public_hostname '  >> /etc/hosts"

docker exec -it $web_lab_container bash -c "sed -i 's/;date.timezone =/date.timezone = Africa\/Lagos/g' /etc/php5/apache2/php.ini "

docker exec -it $web_lab_container bash -c "sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/g' /etc/ssh/sshd_config "

docker exec -it $web_lab_container bash -c " echo -e 'password\npassword' | passwd  root  "

docker exec -it $web_lab_container bash -c 'mv /etc/icinga2/conf.d/services.conf /etc/icinga2/conf.d/services.conf_backup'
docker exec -it $web_lab_container bash -c 'mv /etc/icinga2/conf.d/hosts.conf /etc/icinga2/conf.d/hosts.conf_backup'
services="$(cat webservices.conf)"
hosts="$(cat webhosts.conf)"
docker exec -it $web_lab_container bash -c "echo '$services' >/etc/icinga2/conf.d/services.conf"
docker exec -it $web_lab_container bash -c "echo '$hosts' >/etc/icinga2/conf.d/hosts.conf"
#46a67e40ff6f
docker exec -it $web_lab_container bash -c "service ssh start  "
docker exec -it $web_lab_container bash -c "service apache2 start  "


docker exec -it $web_lab_container bash -c "icinga2 object list --type Host "
docker exec -it $web_lab_container bash -c "icinga2 object list --type Service "
docker exec -it $web_lab_container bash -c "icinga2 daemon -C "


#getting the host docker ip address
#ip addr show |grep 172.17.| grep -v null | awk '{print $2}'|cut -d '/' -f 1


EOF

chmod +x webserver/web_lab_server.sh

git add webserver/web_lab_server.sh  > /dev/null 2>&1

cat <<EOF >   webserver/webhosts.conf


object Host NodeName {
  import "generic-host"
  address = "127.0.0.1"
  address6 = "::1"
  vars.os = "Linux"
  vars.http_vhosts["http"] = {
    http_uri = "/"
  }
  vars.notification["mail"] = {
    groups = [ "icingaadmins" ]
  }
}

EOF
git add webserver/webhosts.conf  > /dev/null 2>&1

cat <<EOF >   webserver/webservices.conf



		apply Service for (http_vhost => config in host.vars.http_vhosts) {
		  import "generic-service"

		  check_command = "http"

		  vars += config
		}



EOF

git add webserver/webservices.conf  > /dev/null 2>&1

cat <<EOF >   dbserver/dbservices.conf

apply Service "MySQL - DB Monitor" {
				   import "generic-service"
				   check_command = "mysql"
				   vars.mysql_database = "mysql"
				   assign where host.name == NodeName
				}


EOF

git add dbserver/dbservices.conf  > /dev/null 2>&1

cat <<EOF >   dbserver/dbhosts.conf


	object Host NodeName {
		import "generic-host"
	//      address = "dbserver.mosudi"
		address = "127.0.0.1"
		address6 = "::1"
		vars.os = "Linux"
		check_command = "mysql"
		vars.mysql_database = "mysql"
		vars.mysql_username = "root"
		vars.mysql_password = "mysqlrootpassword"
		}
EOF

git add dbserver/dbhosts.conf  > /dev/null 2>&1

cat <<EOF >   dbserver/db_lab_server.sh
#!/bin/bash

docker run -itd --rm dockerfile/ubuntu > db_lab
db_lab="$(cat db_lab )"
docker commit  $db_lab mosudi/mysqlserver  > /dev/null 2>&1 
docker run -h dbserver.mosudi -itd -p 801:80 -p 222:22 mosudi/mysqlserver /bin/bash >db_lab_container
db_lab_container="$(cat db_lab_container )"
docker inspect $db_lab_container  | grep Hostname | grep -v null| cut -d '"' -f 4 | tail -1 >db_lab_container_hostname
db_lab_container_hostname="$(cat db_lab_container_hostname)"
docker inspect $db_lab_container  | grep IPAddress | grep -v null| cut -d '"' -f 4 | head -1 >db_lab_container_ip
db_lab_container_ip="$(cat db_lab_container_ip)"
echo "$db_lab_container_ip    $db_lab_container_hostname " >> /etc/hosts
docker exec -it $db_lab_container bash -c 'echo "$db_lab_container_ip    $db_lab_container_hostname " >> /etc/hosts'
docker inspect $db_lab_container | grep Gateway | grep -v null| cut -d '"' -f 4 | head -1 >lab_gateway_ip
lab_gateway_ip="$(cat lab_gateway_ip)"
lab_gateway_public_hostname=
lab_gateway_public_ip=
lab_gateway_hostname="$(hostname -f)"
docker exec -it $db_lab_container bash -c "echo '$lab_gateway_ip    $lab_gateway_hostname '  >> /etc/hosts"

docker exec -it $db_lab_container bash -c "echo '$lab_gateway_public_ip    $lab_gateway_public_hostname '  >> /etc/hosts"
#create_icinga2db="$(cat ~/create_icinga2db.sh)"
#docker exec -it $db_lab_container bash -c "echo '$create_icinga2db' > ~/create_icinga2db.sh && chmod +x ~/create_icinga2db.sh && ~/create_icinga2db.sh  "
create_icinga2db="$(cat create_icinga2db.sh)"
docker exec -it $db_lab_container bash -c "echo '$create_icinga2db' > /root/create_icinga2db.sh "
docker exec -it $db_lab_container bash -c "chmod +x /root/create_icinga2db.sh"
docker exec -it $db_lab_container bash -c "export PATH=/root/:$PATH  "
docker exec -it $db_lab_container bash -c " create_icinga2db.sh  "


docker exec -it $db_lab_container bash -c "sed -i 's/;date.timezone =/date.timezone = Africa\/Lagos/g' /etc/php5/apache2/php.ini "
docker exec -it $db_lab_container bash -c "sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/g' /etc/ssh/sshd_config "

docker exec -it $db_lab_container bash -c "sed -i 's/bind-address.*/bind-address     = 0.0.0.0/g' /etc/mysql/my.cnf "

docker exec -it $db_lab_container bash -c " echo -e 'password\npassword' | passwd  root "

docker exec -it $db_lab_container bash -c 'mv /etc/icinga2/conf.d/services.conf /etc/icinga2/conf.d/services.conf_backup'
docker exec -it $db_lab_container bash -c 'mv /etc/icinga2/conf.d/hosts.conf /etc/icinga2/conf.d/hosts.conf_backup'
services="$(cat dbservices.conf)"
hosts="$(cat dbhosts.conf)"
docker exec -it $db_lab_container bash -c "echo '$services' >/etc/icinga2/conf.d/services.conf"
docker exec -it $db_lab_container bash -c "echo '$hosts' >/etc/icinga2/conf.d/hosts.conf"

docker exec -it $db_lab_container bash -c "service ssh start   "
docker exec -it $db_lab_container bash -c "service mysql start  "


docker exec -it $db_lab_container bash -c "icinga2 object list --type Host "
docker exec -it $db_lab_container bash -c "icinga2 object list --type Service "
docker exec -it $db_lab_container bash -c "icinga2 daemon -C "


#getting the host docker ip address
#ip addr show |grep 172.17.| grep -v null | awk '{print $2}'|cut -d '/' -f 1

#mysql> CREATE USER 'root'@'%' IDENTIFIED BY 'mysqlrootpassword';
# mysql --user="$user" --password="$password" --database="$database" --execute="DROP DATABASE $user; CREATE DATABASE $database;"
#Query OK, 0 rows affected (0.00 sec)

#mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%';
#Query OK, 0 rows affected (0.00 sec)

#mysql> FLUSH PRIVILEGES;
#Query OK, 0 rows affected (0.00 sec)

#mysql> quit;
#Bye




#0e76f3dfa25c
#docker exec -it $db_lab_container -c "echo '$create_icinga2db' > ~/create_icinga2db.sh && chmod +x ~/create_icinga2db.sh && source ~/create_icinga2db.sh  "


EOF

chmod +x dbserver/db_lab_server.sh
git add dbserver/db_lab_server.sh  > /dev/null 2>&1



cat <<EOF >  dbserver/DBDockerfile 


#
# Ubuntu Dockerfile
#
# https://github.com/dockerfile/ubuntu
#
## MOSUDI Using Ubuntu 14.04 aws ec2 instance 
## MOSUDI cd /home/ubuntu/
## MOSUDI git clone github.com/dockerfile/ubuntu
## MOSUDI mv /home/ubuntu/ubuntu/dockerfile  /home/ubuntu/ubuntu/dockerfile_backup
## MOSUDI mv /home/ubuntu/WebDockerfile  /home/ubuntu/ubuntu/dockerfile
## MOSUDI docker build -t="dockerfile/ubuntu" /home/ubuntu/ubuntu/
## MOSUDI docker run -itd --rm dockerfile/ubuntu

# Pull base image.
FROM ubuntu:14.04

#ARG DEBIAN_FRONTEND=noninteractive

# Install.
RUN \
  sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && \
  apt-get update && \
  apt-get -y upgrade && \
  apt-get install -y \
		build-essential \
		byobu \
		curl \
		git \
		htop \
		man \
		python-software-properties \
		software-properties-common \ 
		unzip \
		vim \
		wget \

  && wget -O - https://packages.icinga.com/icinga.key | apt-key add -  
RUN echo "deb http://packages.icinga.com/ubuntu icinga-trusty main " >> /etc/apt/sources.list
RUN echo "deb-src http://packages.icinga.com/ubuntu icinga-trusty main " >> /etc/apt/sources.list  && \
 apt-get update && apt-get install -y \
		bash-completion \
		icinga2 \
		mysql-server \
        	mysql-client \
                nagios-plugins  \
		openssh-server \
		php5 \
		php5-intl \
		php5-mcrypt php5-imagick  \
		python \
		tzdata \
#RUN sed -i 's/;date.timezone =/date.timezone = Africa\/Lagos/g' /etc/php5/apache2/php.ini && \
  && service mysql start -C && \
  icinga2 daemon -C && \
  password=mysqlrootpassword && \
  mysqladmin -u root password $password && \
  mysql -u root -p$password -e "CREATE USER 'root'@'%' IDENTIFIED BY '$password';" && \
  mysql -u root -p$password -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'; FLUSH PRIVILEGES;" && \


# END OF ADDED LINES
  rm -rf /var/lib/apt/lists/*

# Add files.
ADD root/.bashrc /root/.bashrc
ADD root/.gitconfig /root/.gitconfig
ADD root/.scripts /root/.scripts

# Set environment variables.
ENV HOME /root

# Define working directory.
WORKDIR /root

# Define default command.
CMD ["bash"]

EOF

git add dbserver/DBDockerfile  > /dev/null 2>&1

cat <<EOF >  backup_scripts/icinga2master_dbbackup.sh
#!/bin/bash

#rm -rf /root/backup/icinga2master  > /dev/null 2>&1 && mkdir /root/backup/icinga2master
 
USER="root"
PASSWORD="mysqlrootpassword"
OUTPUT=/root/backup/icinga2master
 
rm $OUTPUT/*.gz > /dev/null 2>&1
 
databases=`mysql --user=$USER --password=$PASSWORD -e "SHOW DATABASES;" | tr -d "| " | grep -v Database`
 
for dbitem in $databases; do
    if [[ "$dbitem" != "information_schema" ]] && [[ "$dbitem" != _* ]] ; then
        echo "Dumping database: $dbitem"
        mysqldump --force --opt --user=$USER --password=$PASSWORD --databases $dbitem > $OUTPUT/`date +%Y%m%d`.$dbitem.sql
        gzip $OUTPUT/`date +%Y%m%d`.$dbitem.sql
    fi
done

EOF

chmod +x backup_scripts/icinga2master_dbbackup.sh
git add backup_scripts/icinga2master_dbbackup.sh > /dev/null 2>&1

cat <<EOF >  backup_scripts/dbserverbackup.sh
#!/bin/bash

#rm -rf /root/backup/dbserver  > /dev/null 2>&1 && mkdir /root/backup/dbserver
 
DBHOST="dbserver.mosudi"
USER="root"
PASSWORD="mysqlrootpassword"
OUTPUT=/root/backup/dbserver
 
rm $OUTPUT/*.gz > /dev/null 2>&1
 
databases=`mysql --host=$DBHOST --user=$USER --password=$PASSWORD -e "SHOW DATABASES;" | tr -d "| " | grep -v Database`
 
for dbitem in $databases; do
    if [[ "$dbitem" != "information_schema" ]] && [[ "$dbitem" != _* ]] ; then
        echo "Dumping database: $dbitem"
        mysqldump --force --opt --user=$USER --password=$PASSWORD --databases $dbitem > $OUTPUT/`date +%Y%m%d`.$dbitem.sql
        gzip $OUTPUT/`date +%Y%m%d`.$dbitem.sql
    fi
done

EOF

chmod +x backup_scripts/dbserverbackup.sh
git add backup_scripts/dbserverbackup.sh > /dev/null 2>&1

cat <<EOF > backup_scripts/aws_cli.sh
#!/bin/bash
aws configure set aws_access_key_id 
aws configure set aws_secret_access_key 
aws configure set output json
aws configure set region us-west-2

EOF
chmod +x backup_scripts/aws_cli.sh
sed -i "s/aws configure set aws_access_key_id/aws configure set aws_access_key_id $AWSAccessKeyId/g" backup_scripts/aws_cli.sh
sed -i "s/aws configure set aws_secret_access_key/aws configure set aws_secret_access_key $AWSSecretKey/g" backup_scripts/aws_cli.sh


cat <<EOF > backup_scripts/s3backupscript.sh
#!/bin/bash
/root/backup_scripts/icinga2master_dbbackup.sh
/root/backup_scripts/dbserverbackup.sh
aws s3 sync /var/spool/icinga2/perfdata/ s3://imosudi/perfdata

aws s3 sync /root/backup/  s3://imosudi/db_backup

EOF

chmod +x backup_scripts/s3backupscript.sh
git add backup_scripts/s3backupscript.sh > /dev/null 2>&1


#git commit -am "Project Update $(date +%Y/%m/%d-%H:%M:%S)"
#git commit -am "Project Update $(date +-%c)"


cat <<EOF > backup_scripts/cron_job
#Anacron style
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

#This runs at 7 PM daily
0 19 * * *   /root/backup_scripts/s3backupscript.sh

EOF

git add backup_scripts/cron_job > /dev/null 2>&1


sudo ansible-playbook –i hosts deployment.yml -–ask-sudo-pass

#git commit -am "Project Update $(date +%Y/%m/%d-%H:%M:%S)"
git commit -am "Project Update $(date +-%c)"
git push

}
##End of my function - deploy

while true; do
    read -p "Please confirm you are ready to provide your AWS AccessKeyId and SecretKey to Continue with the Program?  " yn #AWSAccessKeyId, AWSSecretKey
    case $yn in

 [Yy]* ) echo -n "Please provide your AWSAccessKeyId > "
read AWSAccessKeyId
echo -n "Please provide your AWSSecretKey > "
read AWSSecretKey
echo "Your AWSAccessKeyId: $AWSAccessKeyId and AWSSecretKey: $AWSSecretKey"; 
deploy;
break;;
       
        [Nn]* ) exit;;
        * ) echo "Please answer yes or no.";;
    esac
done