diff --git a/12/Prepare_Workshop/.gitignore b/12/Prepare_Workshop/.gitignore
new file mode 100644
index 0000000..a4117f9
--- /dev/null
+++ b/12/Prepare_Workshop/.gitignore
@@ -0,0 +1,159 @@
+group_vars/all.yml
+hosts.*
+
+# ---> Python
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+# Usually these files are written by a python script from a template
+# before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+# However, in case of collaboration, if having platform-specific dependencies or dependencies
+# having no cross-platform support, pipenv may install dependencies that don't work, or not
+# install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# ---> Ansible
+*.retry
+.facts
+
+# ---> Vim
+# Swap
+[._]*.s[a-v][a-z]
+!*.svg # comment out if you don't need vector files
+[._]*.sw[a-p]
+[._]s[a-rt-v][a-z]
+[._]ss[a-gi-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+Sessionx.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+tags
+# Persistent undo
+[._]*.un~
+
diff --git a/12/Prepare_Workshop/.gitmodules b/12/Prepare_Workshop/.gitmodules
new file mode 100644
index 0000000..927e236
--- /dev/null
+++ b/12/Prepare_Workshop/.gitmodules
@@ -0,0 +1,3 @@
+[submodule ".submodules/ansible-lxc-ssh"]
+ path = .submodules/ansible-lxc-ssh
+ url = https://github.com/andreasscherbaum/ansible-lxc-ssh.git
diff --git a/12/Prepare_Workshop/LICENSE b/12/Prepare_Workshop/LICENSE
new file mode 100644
index 0000000..e37e32e
--- /dev/null
+++ b/12/Prepare_Workshop/LICENSE
@@ -0,0 +1,613 @@
+GNU AFFERO GENERAL PUBLIC LICENSE
+
+Version 3, 19 November 2007
+
+Copyright (C) 2007 Free Software Foundation, Inc.
+
+Everyone is permitted to copy and distribute verbatim copies of this license
+document, but changing it is not allowed.
+
+Preamble
+
+The GNU Affero General Public License is a free, copyleft license for software
+and other kinds of works, specifically designed to ensure cooperation with
+the community in the case of network server software.
+
+The licenses for most software and other practical works are designed to take
+away your freedom to share and change the works. By contrast, our General
+Public Licenses are intended to guarantee your freedom to share and change
+all versions of a program--to make sure it remains free software for all its
+users.
+
+When we speak of free software, we are referring to freedom, not price. Our
+General Public Licenses are designed to make sure that you have the freedom
+to distribute copies of free software (and charge for them if you wish), that
+you receive source code or can get it if you want it, that you can change
+the software or use pieces of it in new free programs, and that you know you
+can do these things.
+
+Developers that use our General Public Licenses protect your rights with two
+steps: (1) assert copyright on the software, and (2) offer you this License
+which gives you legal permission to copy, distribute and/or modify the software.
+
+A secondary benefit of defending all users' freedom is that improvements made
+in alternate versions of the program, if they receive widespread use, become
+available for other developers to incorporate. Many developers of free software
+are heartened and encouraged by the resulting cooperation. However, in the
+case of software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and letting
+the public access it on a server without ever releasing its source code to
+the public.
+
+The GNU Affero General Public License is designed specifically to ensure that,
+in such cases, the modified source code becomes available to the community.
+It requires the operator of a network server to provide the source code of
+the modified version running there to the users of that server. Therefore,
+public use of a modified version, on a publicly accessible server, gives the
+public access to the source code of the modified version.
+
+An older license, called the Affero General Public License and published by
+Affero, was designed to accomplish similar goals. This is a different license,
+not a version of the Affero GPL, but Affero has released a new version of
+the Affero GPL which permits relicensing under this license.
+
+The precise terms and conditions for copying, distribution and modification
+follow.
+
+TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU Affero General Public License.
+
+"Copyright" also means copyright-like laws that apply to other kinds of works,
+such as semiconductor masks.
+
+"The Program" refers to any copyrightable work licensed under this License.
+Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals
+or organizations.
+
+To "modify" a work means to copy from or adapt all or part of the work in
+a fashion requiring copyright permission, other than the making of an exact
+copy. The resulting work is called a "modified version" of the earlier work
+or a work "based on" the earlier work.
+
+A "covered work" means either the unmodified Program or a work based on the
+Program.
+
+To "propagate" a work means to do anything with it that, without permission,
+would make you directly or secondarily liable for infringement under applicable
+copyright law, except executing it on a computer or modifying a private copy.
+Propagation includes copying, distribution (with or without modification),
+making available to the public, and in some countries other activities as
+well.
+
+To "convey" a work means any kind of propagation that enables other parties
+to make or receive copies. Mere interaction with a user through a computer
+network, with no transfer of a copy, is not conveying.
+
+An interactive user interface displays "Appropriate Legal Notices" to the
+extent that it includes a convenient and prominently visible feature that
+(1) displays an appropriate copyright notice, and (2) tells the user that
+there is no warranty for the work (except to the extent that warranties are
+provided), that licensees may convey the work under this License, and how
+to view a copy of this License. If the interface presents a list of user commands
+or options, such as a menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+The "source code" for a work means the preferred form of the work for making
+modifications to it. "Object code" means any non-source form of a work.
+
+A "Standard Interface" means an interface that either is an official standard
+defined by a recognized standards body, or, in the case of interfaces specified
+for a particular programming language, one that is widely used among developers
+working in that language.
+
+The "System Libraries" of an executable work include anything, other than
+the work as a whole, that (a) is included in the normal form of packaging
+a Major Component, but which is not part of that Major Component, and (b)
+serves only to enable use of the work with that Major Component, or to implement
+a Standard Interface for which an implementation is available to the public
+in source code form. A "Major Component", in this context, means a major essential
+component (kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to produce
+the work, or an object code interpreter used to run it.
+
+The "Corresponding Source" for a work in object code form means all the source
+code needed to generate, install, and (for an executable work) run the object
+code and to modify the work, including scripts to control those activities.
+However, it does not include the work's System Libraries, or general-purpose
+tools or generally available free programs which are used unmodified in performing
+those activities but which are not part of the work. For example, Corresponding
+Source includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically linked
+subprograms that the work is specifically designed to require, such as by
+intimate data communication or control flow between those
+
+ subprograms and other parts of the work.
+
+The Corresponding Source need not include anything that users can regenerate
+automatically from other parts of the Corresponding Source.
+
+ The Corresponding Source for a work in source code form is that same work.
+
+ 2. Basic Permissions.
+
+All rights granted under this License are granted for the term of copyright
+on the Program, and are irrevocable provided the stated conditions are met.
+This License explicitly affirms your unlimited permission to run the unmodified
+Program. The output from running a covered work is covered by this License
+only if the output, given its content, constitutes a covered work. This License
+acknowledges your rights of fair use or other equivalent, as provided by copyright
+law.
+
+You may make, run and propagate covered works that you do not convey, without
+conditions so long as your license otherwise remains in force. You may convey
+covered works to others for the sole purpose of having them make modifications
+exclusively for you, or provide you with facilities for running those works,
+provided that you comply with the terms of this License in conveying all material
+for which you do not control copyright. Those thus making or running the covered
+works for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of your copyrighted
+material outside their relationship with you.
+
+Conveying under any other circumstances is permitted solely under the conditions
+stated below. Sublicensing is not allowed; section 10 makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+No covered work shall be deemed part of an effective technological measure
+under any applicable law fulfilling obligations under article 11 of the WIPO
+copyright treaty adopted on 20 December 1996, or similar laws prohibiting
+or restricting circumvention of such measures.
+
+When you convey a covered work, you waive any legal power to forbid circumvention
+of technological measures to the extent such circumvention is effected by
+exercising rights under this License with respect to the covered work, and
+you disclaim any intention to limit operation or modification of the work
+as a means of enforcing, against the work's users, your or third parties'
+legal rights to forbid circumvention of technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+You may convey verbatim copies of the Program's source code as you receive
+it, in any medium, provided that you conspicuously and appropriately publish
+on each copy an appropriate copyright notice; keep intact all notices stating
+that this License and any non-permissive terms added in accord with section
+7 apply to the code; keep intact all notices of the absence of any warranty;
+and give all recipients a copy of this License along with the Program.
+
+You may charge any price or no price for each copy that you convey, and you
+may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+You may convey a work based on the Program, or the modifications to produce
+it from the Program, in the form of source code under the terms of section
+4, provided that you also meet all of these conditions:
+
+a) The work must carry prominent notices stating that you modified it, and
+giving a relevant date.
+
+b) The work must carry prominent notices stating that it is released under
+this License and any conditions added under section 7. This requirement modifies
+the requirement in section 4 to "keep intact all notices".
+
+c) You must license the entire work, as a whole, under this License to anyone
+who comes into possession of a copy. This License will therefore apply, along
+with any applicable section 7 additional terms, to the whole of the work,
+and all its parts, regardless of how they are packaged. This License gives
+no permission to license the work in any other way, but it does not invalidate
+such permission if you have separately received it.
+
+d) If the work has interactive user interfaces, each must display Appropriate
+Legal Notices; however, if the Program has interactive interfaces that do
+not display Appropriate Legal Notices, your work need not make them do so.
+
+A compilation of a covered work with other separate and independent works,
+which are not by their nature extensions of the covered work, and which are
+not combined with it such as to form a larger program, in or on a volume of
+a storage or distribution medium, is called an "aggregate" if the compilation
+and its resulting copyright are not used to limit the access or legal rights
+of the compilation's users beyond what the individual works permit. Inclusion
+of a covered work in an aggregate does not cause this License to apply to
+the other parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+You may convey a covered work in object code form under the terms of sections
+4 and 5, provided that you also convey the machine-readable Corresponding
+Source under the terms of this License, in one of these ways:
+
+a) Convey the object code in, or embodied in, a physical product (including
+a physical distribution medium), accompanied by the Corresponding Source fixed
+on a durable physical medium customarily used for software interchange.
+
+b) Convey the object code in, or embodied in, a physical product (including
+a physical distribution medium), accompanied by a written offer, valid for
+at least three years and valid for as long as you offer spare parts or customer
+support for that product model, to give anyone who possesses the object code
+either (1) a copy of the Corresponding Source for all the software in the
+product that is covered by this License, on a durable physical medium customarily
+used for software interchange, for a price no more than your reasonable cost
+of physically performing this conveying of source, or (2) access to copy the
+Corresponding Source from a network server at no charge.
+
+c) Convey individual copies of the object code with a copy of the written
+offer to provide the Corresponding Source. This alternative is allowed only
+occasionally and noncommercially, and only if you received the object code
+with such an offer, in accord with subsection 6b.
+
+d) Convey the object code by offering access from a designated place (gratis
+or for a charge), and offer equivalent access to the Corresponding Source
+in the same way through the same place at no further charge. You need not
+require recipients to copy the Corresponding Source along with the object
+code. If the place to copy the object code is a network server, the Corresponding
+Source may be on a different server (operated by you or a third party) that
+supports equivalent copying facilities, provided you maintain clear directions
+next to the object code saying where to find the Corresponding Source. Regardless
+of what server hosts the Corresponding Source, you remain obligated to ensure
+that it is available for as long as needed to satisfy these requirements.
+
+e) Convey the object code using peer-to-peer transmission, provided you inform
+other peers where the object code and Corresponding Source of the work are
+being offered to the general public at no charge under subsection 6d.
+
+A separable portion of the object code, whose source code is excluded from
+the Corresponding Source as a System Library, need not be included in conveying
+the object code work.
+
+A "User Product" is either (1) a "consumer product", which means any tangible
+personal property which is normally used for personal, family, or household
+purposes, or (2) anything designed or sold for incorporation into a dwelling.
+In determining whether a product is a consumer product, doubtful cases shall
+be resolved in favor of coverage. For a particular product received by a particular
+user, "normally used" refers to a typical or common use of that class of product,
+regardless of the status of the particular user or of the way in which the
+particular user actually uses, or expects or is expected to use, the product.
+A product is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent the
+only significant mode of use of the product.
+
+"Installation Information" for a User Product means any methods, procedures,
+authorization keys, or other information required to install and execute modified
+versions of a covered work in that User Product from a modified version of
+its Corresponding Source. The information must suffice to ensure that the
+continued functioning of the modified object code is in no case prevented
+or interfered with solely because modification has been made.
+
+If you convey an object code work under this section in, or with, or specifically
+for use in, a User Product, and the conveying occurs as part of a transaction
+in which the right of possession and use of the User Product is transferred
+to the recipient in perpetuity or for a fixed term (regardless of how the
+transaction is characterized), the Corresponding Source conveyed under this
+section must be accompanied by the Installation Information. But this requirement
+does not apply if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has been installed
+in ROM).
+
+The requirement to provide Installation Information does not include a requirement
+to continue to provide support service, warranty, or updates for a work that
+has been modified or installed by the recipient, or for the User Product in
+which it has been modified or installed. Access to a network may be denied
+when the modification itself materially and adversely affects the operation
+of the network or violates the rules and protocols for communication across
+the network.
+
+Corresponding Source conveyed, and Installation Information provided, in accord
+with this section must be in a format that is publicly documented (and with
+an implementation available to the public in source code form), and must require
+no special password or key for unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+"Additional permissions" are terms that supplement the terms of this License
+by making exceptions from one or more of its conditions. Additional permissions
+that are applicable to the entire Program shall be treated as though they
+were included in this License, to the extent that they are valid under applicable
+law. If additional permissions apply only to part of the Program, that part
+may be used separately under those permissions, but the entire Program remains
+governed by this License without regard to the additional permissions.
+
+When you convey a copy of a covered work, you may at your option remove any
+additional permissions from that copy, or from any part of it. (Additional
+permissions may be written to require their own removal in certain cases when
+you modify the work.) You may place additional permissions on material, added
+by you to a covered work, for which you have or can give appropriate copyright
+permission.
+
+Notwithstanding any other provision of this License, for material you add
+to a covered work, you may (if authorized by the copyright holders of that
+material) supplement the terms of this License with terms:
+
+a) Disclaiming warranty or limiting liability differently from the terms of
+sections 15 and 16 of this License; or
+
+b) Requiring preservation of specified reasonable legal notices or author
+attributions in that material or in the Appropriate Legal Notices displayed
+by works containing it; or
+
+c) Prohibiting misrepresentation of the origin of that material, or requiring
+that modified versions of such material be marked in reasonable ways as different
+from the original version; or
+
+d) Limiting the use for publicity purposes of names of licensors or authors
+of the material; or
+
+e) Declining to grant rights under trademark law for use of some trade names,
+trademarks, or service marks; or
+
+f) Requiring indemnification of licensors and authors of that material by
+anyone who conveys the material (or modified versions of it) with contractual
+assumptions of liability to the recipient, for any liability that these contractual
+assumptions directly impose on those licensors and authors.
+
+All other non-permissive additional terms are considered "further restrictions"
+within the meaning of section 10. If the Program as you received it, or any
+part of it, contains a notice stating that it is governed by this License
+along with a term that is a further restriction, you may remove that term.
+If a license document contains a further restriction but permits relicensing
+or conveying under this License, you may add to a covered work material governed
+by the terms of that license document, provided that the further restriction
+does not survive such relicensing or conveying.
+
+If you add terms to a covered work in accord with this section, you must place,
+in the relevant source files, a statement of the additional terms that apply
+to those files, or a notice indicating where to find the applicable terms.
+
+Additional terms, permissive or non-permissive, may be stated in the form
+of a separately written license, or stated as exceptions; the above requirements
+apply either way.
+
+ 8. Termination.
+
+You may not propagate or modify a covered work except as expressly provided
+under this License. Any attempt otherwise to propagate or modify it is void,
+and will automatically terminate your rights under this License (including
+any patent licenses granted under the third paragraph of section 11).
+
+However, if you cease all violation of this License, then your license from
+a particular copyright holder is reinstated (a) provisionally, unless and
+until the copyright holder explicitly and finally terminates your license,
+and (b) permanently, if the copyright holder fails to notify you of the violation
+by some reasonable means prior to 60 days after the cessation.
+
+Moreover, your license from a particular copyright holder is reinstated permanently
+if the copyright holder notifies you of the violation by some reasonable means,
+this is the first time you have received notice of violation of this License
+(for any work) from that copyright holder, and you cure the violation prior
+to 30 days after your receipt of the notice.
+
+Termination of your rights under this section does not terminate the licenses
+of parties who have received copies or rights from you under this License.
+If your rights have been terminated and not permanently reinstated, you do
+not qualify to receive new licenses for the same material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+You are not required to accept this License in order to receive or run a copy
+of the Program. Ancillary propagation of a covered work occurring solely as
+a consequence of using peer-to-peer transmission to receive a copy likewise
+does not require acceptance. However, nothing other than this License grants
+you permission to propagate or modify any covered work. These actions infringe
+copyright if you do not accept this License. Therefore, by modifying or propagating
+a covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+Each time you convey a covered work, the recipient automatically receives
+a license from the original licensors, to run, modify and propagate that work,
+subject to this License. You are not responsible for enforcing compliance
+by third parties with this License.
+
+An "entity transaction" is a transaction transferring control of an organization,
+or substantially all assets of one, or subdividing an organization, or merging
+organizations. If propagation of a covered work results from an entity transaction,
+each party to that transaction who receives a copy of the work also receives
+whatever licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the Corresponding
+Source of the work from the predecessor in interest, if the predecessor has
+it or can get it with reasonable efforts.
+
+You may not impose any further restrictions on the exercise of the rights
+granted or affirmed under this License. For example, you may not impose a
+license fee, royalty, or other charge for exercise of rights granted under
+this License, and you may not initiate litigation (including a cross-claim
+or counterclaim in a lawsuit) alleging that any patent claim is infringed
+by making, using, selling, offering for sale, or importing the Program or
+any portion of it.
+
+ 11. Patents.
+
+A "contributor" is a copyright holder who authorizes use under this License
+of the Program or a work on which the Program is based. The work thus licensed
+is called the contributor's "contributor version".
+
+A contributor's "essential patent claims" are all patent claims owned or controlled
+by the contributor, whether already acquired or hereafter acquired, that would
+be infringed by some manner, permitted by this License, of making, using,
+or selling its contributor version, but do not include claims that would be
+infringed only as a consequence of further modification of the contributor
+version. For purposes of this definition, "control" includes the right to
+grant patent sublicenses in a manner consistent with the requirements of this
+License.
+
+Each contributor grants you a non-exclusive, worldwide, royalty-free patent
+license under the contributor's essential patent claims, to make, use, sell,
+offer for sale, import and otherwise run, modify and propagate the contents
+of its contributor version.
+
+In the following three paragraphs, a "patent license" is any express agreement
+or commitment, however denominated, not to enforce a patent (such as an express
+permission to practice a patent or covenant not to s ue for patent infringement).
+To "grant" such a patent license to a party means to make such an agreement
+or commitment not to enforce a patent against the party.
+
+If you convey a covered work, knowingly relying on a patent license, and the
+Corresponding Source of the work is not available for anyone to copy, free
+of charge and under the terms of this License, through a publicly available
+network server or other readily accessible means, then you must either (1)
+cause the Corresponding Source to be so available, or (2) arrange to deprive
+yourself of the benefit of the patent license for this particular work, or
+(3) arrange, in a manner consistent with the requirements of this License,
+to extend the patent
+
+license to downstream recipients. "Knowingly relying" means you have actual
+knowledge that, but for the patent license, your conveying the covered work
+in a country, or your recipient's use of the covered work in a country, would
+infringe one or more identifiable patents in that country that you have reason
+to believe are valid.
+
+If, pursuant to or in connection with a single transaction or arrangement,
+you convey, or propagate by procuring conveyance of, a covered work, and grant
+a patent license to some of the parties receiving the covered work authorizing
+them to use, propagate, modify or convey a specific copy of the covered work,
+then the patent license you grant is automatically extended to all recipients
+of the covered work and works based on it.
+
+A patent license is "discriminatory" if it does not include within the scope
+of its coverage, prohibits the exercise of, or is conditioned on the non-exercise
+of one or more of the rights that are specifically granted under this License.
+You may not convey a covered work if you are a party to an arrangement with
+a third party that is in the business of distributing software, under which
+you make payment to the third party based on the extent of your activity of
+conveying the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory patent
+license (a) in connection with copies of the covered work conveyed by you
+(or copies made from those copies), or (b) primarily for and in connection
+with specific products or compilations that contain the covered work, unless
+you entered into that arrangement, or that patent license was granted, prior
+to 28 March 2007.
+
+Nothing in this License shall be construed as excluding or limiting any implied
+license or other defenses to infringement that may otherwise be available
+to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+If conditions are imposed on you (whether by court order, agreement or otherwise)
+that contradict the conditions of this License, they do not excuse you from
+the conditions of this License. If you cannot convey a covered work so as
+to satisfy simultaneously your obligations under this License and any other
+pertinent obligations, then as a consequence you may
+
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey the
+Program, the only way you could satisfy both those terms and this License
+would be to refrain entirely from conveying the Program.
+
+ 13. Remote Network Interaction; Use with the GNU General Public License.
+
+Notwithstanding any other provision of this License, if you modify the Program,
+your modified version must prominently offer all users interacting with it
+remotely through a computer network (if your version supports such interaction)
+an opportunity to receive the Corresponding Source of your version by providing
+access to the Corresponding Source from a network server at no charge, through
+some standard or customary means of facilitating copying of software. This
+Corresponding Source shall include the Corresponding Source for any work covered
+by version 3 of the GNU General Public License that is incorporated pursuant
+to the following paragraph.
+
+Notwithstanding any other provision of this License, you have permission to
+link or combine any covered work with a work licensed under version 3 of the
+GNU General Public License into a single combined work, and to convey the
+resulting work. The terms of this License will continue to apply to the part
+which is the covered work, but the work with which it is combined will remain
+governed by version 3 of the GNU General Public License.
+
+ 14. Revised Versions of this License.
+
+The Free Software Foundation may publish revised and/or new versions of the
+GNU Affero General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to address
+new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program specifies
+that a certain numbered version of the GNU Affero General Public License "or
+any later version" applies to it, you have the option of following the terms
+and conditions either of that numbered version or of any later version published
+by the Free Software Foundation. If the Program does not specify a version
+number of the GNU Affero General Public License, you may choose any version
+ever published by the Free Software Foundation.
+
+If the Program specifies that a proxy can decide which future versions of
+the GNU Affero General Public License can be used, that proxy's public statement
+of acceptance of a version permanently authorizes you to choose that version
+for the Program.
+
+Later license versions may give you additional or different permissions. However,
+no additional obligations are imposed on any author or copyright holder as
+a result of your choosing to follow a later version.
+
+ 15. Disclaimer of Warranty.
+
+THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE
+LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
+EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM
+PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
+CORRECTION.
+
+ 16. Limitation of Liability.
+
+IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL
+ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM
+AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
+INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO
+USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
+INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE
+PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
+PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+If the disclaimer of warranty and limitation of liability provided above cannot
+be given local legal effect according to their terms, reviewing courts shall
+apply local law that most closely approximates an absolute waiver of all civil
+liability in connection with the Program, unless a warranty or assumption
+of liability accompanies a copy of the Program in return for a fee. END OF
+TERMS AND CONDITIONS
+
+How to Apply These Terms to Your New Programs
+
+If you develop a new program, and you want it to be of the greatest possible
+use to the public, the best way to achieve this is to make it free software
+which everyone can redistribute and change under these terms.
+
+To do so, attach the following notices to the program. It is safest to attach
+them to the start of each source file to most effectively state the exclusion
+of warranty; and each file should have at least the "copyright" line and a
+pointer to where the full notice is found.
+
+
+
+Copyright (C)
+
+This program is free software: you can redistribute it and/or modify it under
+the terms of the GNU Affero General Public License as published by the Free
+Software Foundation, either version 3 of the License, or (at your option)
+any later version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+details.
+
+You should have received a copy of the GNU Affero General Public License along
+with this program. If not, see .
+
+Also add information on how to contact you by electronic and paper mail.
+
+If your software can interact with users remotely through a computer network,
+you should also make sure that it provides a way for users to get its source.
+For example, if your program is a web application, its interface could display
+a "Source" link that leads users to an archive of the code. There are many
+ways you could offer source, and different solutions will be better for different
+programs; see section 13 for the specific requirements.
+
+You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary. For
+more information on this, and how to apply and follow the GNU AGPL, see .
diff --git a/12/Prepare_Workshop/README.md b/12/Prepare_Workshop/README.md
new file mode 100644
index 0000000..2e04a91
--- /dev/null
+++ b/12/Prepare_Workshop/README.md
@@ -0,0 +1,8 @@
+# Prepare_Workshop
+
+Prepare Ansible workshop
+
+Set up host machine(s) and create LXContainers defined in inventory
+
+For local LXContainers `ansible-playbook` must be called as "root". `--become` does NOT work!
+
diff --git a/12/Prepare_Workshop/ansible.cfg b/12/Prepare_Workshop/ansible.cfg
new file mode 100644
index 0000000..6e89840
--- /dev/null
+++ b/12/Prepare_Workshop/ansible.cfg
@@ -0,0 +1,20 @@
+[defaults]
+inventory = ./hosts
+
+connection_plugins = ./connection_plugins/
+
+interpreter_python = auto
+
+retry_files_enabled = True
+retry_files_save_path = ./Retry/
+
+fact_caching = yaml
+fact_caching_connection = ./.facts
+gathering = smart
+
+host_key_checking = false
+
+[colors]
+verbose = bright blue
+error = bright red
+
diff --git a/12/Prepare_Workshop/connection_plugins/lxc_ssh.py b/12/Prepare_Workshop/connection_plugins/lxc_ssh.py
new file mode 120000
index 0000000..71a147d
--- /dev/null
+++ b/12/Prepare_Workshop/connection_plugins/lxc_ssh.py
@@ -0,0 +1 @@
+../.submodules/ansible-lxc-ssh/lxc_ssh.py
\ No newline at end of file
diff --git a/12/Prepare_Workshop/create_inventory_lxc.yml b/12/Prepare_Workshop/create_inventory_lxc.yml
new file mode 100644
index 0000000..2fc17d0
--- /dev/null
+++ b/12/Prepare_Workshop/create_inventory_lxc.yml
@@ -0,0 +1,200 @@
+---
+- hosts: all
+
+ gather_facts: no
+
+ #serial: 1
+
+ vars:
+ # List(!) of SSH keys for authorized_keys. Set here or in group_vars/all.yml
+ #ssh_keys: []
+ #
+ # root password, default: "root"
+ #root_password: root
+ #
+ # Normal user account (with sudo)
+ #service_username: service
+ #service_password: {{ service_username }}
+ #service_ssh_keys: {{ ssh_keys }}
+
+ # "*cmdline_" must be listed AFTER "^cmdline_"!
+ cmdline_python:
+ alpine:
+ - "apk add -U python3"
+ archlinux:
+ - "pacman -Sy"
+ - "pacman -S --noconfirm python"
+ centos: &cmdline_python_centos
+ - "yum clean all"
+ - "yum makecache"
+ - "yum install -y python3 || true"
+ almalinux: *cmdline_python_centos
+ fedora: *cmdline_python_centos
+ oracle: *cmdline_python_centos
+ rockylinux: *cmdline_python_centos
+ debian: &cmdline_python_debian
+ - "apt-get -y update"
+ - "apt-get install -y python3 python3-apt"
+ devuan: *cmdline_python_debian
+ mint: *cmdline_python_debian
+ ubuntu: *cmdline_python_debian
+ opensuse:
+ - "zypper --gpg-auto-import-keys --no-gpg-checks -n refresh"
+ - "zypper --gpg-auto-import-keys --no-gpg-checks -n install python3"
+ voidlinux:
+ - "xbps-install -Suy python3 libgcc"
+
+ cmdline_fixes:
+ oracle:
+ 8:
+ - '[ ! -f /usr/bin/python3 ] && ln -s /usr/libexec/platform-python /usr/bin/python3 || true'
+
+ ssh_package_name:
+ alpine: openssh
+ archlinux: openssh
+ opensuse: openssh
+ voidlinux: openssh
+
+ ssh_config_filename:
+ opensuse-tumbleweed: /etc/ssh/sshd_config.d/permitrootlogin.conf
+
+ ssh_service_name:
+ debian: ssh
+ devuan: ssh
+ mint: ssh
+ ubuntu: ssh
+
+ user_shell:
+ alpine: /bin/ash
+
+
+
+ tasks:
+
+ - name: End for non-LXContainer
+ meta: end_host
+ when: inventory_hostname in groups.lxc_hosts
+
+
+ - name: Check for no-validate parameter in download template
+ shell: "/usr/share/lxc/templates/lxc-download --help | grep no-validate || true"
+ changed_when: false
+ register: lxc_download_validate
+ delegate_to: "{{ ansible_host|default('localhost') }}"
+
+
+ - name: Create LXContainer
+ lxc_container:
+ name: "{{ inventory_hostname }}"
+ state: started
+ template: download
+ template_options: "-a amd64 -d {{ os_d }} -r {{ os_r }} {% if 'no-validate' in lxc_download_validate.stdout %}--no-validate{% endif %}"
+ config: "{{ lxc_config_file|default('/etc/lxc/ansible.conf') }}"
+ container_config:
+ - "lxc.group = {{ os_d }}"
+ - "lxc.group = {{ (cmdline_python[os_d][0]).split(' ')[0].split('-')[0] }}"
+ register: lxc_created
+ delegate_to: "{{ ansible_host|default('localhost') }}"
+
+
+ - pause:
+ seconds: 10
+ when: lxc_created is changed
+
+
+ - name: Raw-Install Python
+ raw: "{{ item }}"
+ loop: "{{ cmdline_python[os_d] }}"
+
+
+ - name: OS-dependent fixes
+ raw: "{{ item }}"
+ loop: "{{ cmdline_fixes[os_d][os_r]|default([]) }}"
+
+
+ - setup:
+
+
+ - name: Set root password
+ shell: "echo root:{{ root_password|default('root') }} | chpasswd -c SHA256"
+
+
+ - name: Add SSH keys
+ authorized_key:
+ user: root
+ key: "{{ item }}"
+ loop: "{{ ssh_keys }}"
+
+
+ - name: "[BLOCK] when 'service_username' is set"
+ when: service_username is defined
+ block:
+
+ - name: 'Add normal user "{{ service_username }}"'
+ user:
+ name: "{{ service_username }}"
+ shell: "{{ user_shell[os_d]|default('/bin/bash') }}"
+
+
+ - name: 'Set password for user "{{ service_username }}"'
+ shell: "echo {{ service_username }}:{{ service_password|default(service_username) }} | chpasswd -c SHA256"
+
+
+ - name: Add SSH keys
+ authorized_key:
+ user: "{{ service_username }}"
+ key: "{{ item }}"
+ loop: "{{ ssh_keys_service|default(ssh_keys) }}"
+
+
+ - name: Install sudo
+ package:
+ name: sudo
+
+
+ - name: Add sudo line for service
+ lineinfile:
+ path: /etc/sudoers
+ regexp: "^service"
+ line: "{{ service_username }} ALL=(ALL:ALL) NOPASSWD: ALL"
+ backup: yes
+
+
+ - name: Install SSH
+ package:
+ name: "{{ ssh_package_name[os_d]|default('openssh-server') }}"
+ state: latest
+
+
+ - name: "Set «PermitRootLogin» to «yes»"
+ lineinfile:
+ dest: "{{ ssh_config_filename[os_d + '-' + os_r|string]|default('/etc/ssh/sshd_config') }}"
+ regexp: '^#? *PermitRootLogin'
+ line: "PermitRootLogin yes"
+ create: yes
+ backup: yes
+ notify: "Restart SSH"
+
+
+ - name: Enable SSH
+ service:
+ name: "{{ ssh_service_name[os_d]|default('sshd') }}"
+ enabled: yes
+
+
+ - name: Start SSH
+ service:
+ name: "{{ ssh_service_name[os_d]|default('sshd') }}"
+ state: started
+ ignore_errors: yes
+
+
+
+ handlers:
+
+ - name: Restart SSH
+ service:
+ name: "{{ ssh_service_name[os_d]|default('sshd') }}"
+ state: restarted
+
+
diff --git a/12/Prepare_Workshop/files/etc/dnsmasq.d/br-lxc b/12/Prepare_Workshop/files/etc/dnsmasq.d/br-lxc
new file mode 100644
index 0000000..8215982
--- /dev/null
+++ b/12/Prepare_Workshop/files/etc/dnsmasq.d/br-lxc
@@ -0,0 +1,17 @@
+#strict-order
+local=/br-lxc/
+domain=br-lxc
+expand-hosts
+
+#except-interface=lo
+
+#bind-interfaces
+interface=br-lxc
+
+dhcp-range=br-lxc,192.168.1.100,192.168.1.199,2m
+
+dhcp-no-override
+dhcp-authoritative
+
+dhcp-option=option:dns-server,192.168.1.1
+
diff --git a/12/Prepare_Workshop/files/etc/lxc/ansible.conf b/12/Prepare_Workshop/files/etc/lxc/ansible.conf
new file mode 100644
index 0000000..2ce98cd
--- /dev/null
+++ b/12/Prepare_Workshop/files/etc/lxc/ansible.conf
@@ -0,0 +1,13 @@
+lxc.groups = ansible
+
+lxc.start.auto = 1
+
+### 2020-09 wg. NTP in Debian 10
+lxc.apparmor.profile = unconfined
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = eth0
+lxc.net.0.link = br-lxc
+lxc.net.0.hwaddr = fe:fe:fe:xx:xx:xx
+
diff --git a/12/Prepare_Workshop/files/etc/network/interfaces.d/br-lxc b/12/Prepare_Workshop/files/etc/network/interfaces.d/br-lxc
new file mode 100644
index 0000000..d6d6dcf
--- /dev/null
+++ b/12/Prepare_Workshop/files/etc/network/interfaces.d/br-lxc
@@ -0,0 +1,9 @@
+auto br-lxc
+iface br-lxc inet static
+ address 192.168.1.1/24
+
+ bridge_ports none
+
+ up /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 ! -o br-lxc ! -d 192.168.1.0/24 -j MASQUERADE
+ down /sbin/iptables -t nat -D POSTROUTING -s 192.168.1.0/24 ! -o br-lxc ! -d 192.168.1.0/24 -j MASQUERADE
+
diff --git a/12/Prepare_Workshop/prepare_lxc_hosts.yml b/12/Prepare_Workshop/prepare_lxc_hosts.yml
new file mode 100644
index 0000000..a57283e
--- /dev/null
+++ b/12/Prepare_Workshop/prepare_lxc_hosts.yml
@@ -0,0 +1,137 @@
+---
+- hosts:
+ - lxc_hosts
+
+ tasks:
+ - assert:
+ that:
+ - ansible_pkg_mgr == "apt"
+ fail_msg: "Sorry, Debian-like hosts only!"
+
+
+ - name: Just to be sure python3-apt is installed
+ command: apt install -y python3-apt
+ args:
+ creates: /usr/lib/python3/dist-packages/apt
+
+
+ - name: Install packages
+ package:
+ name: "{{ packages }}"
+ state: latest
+ vars:
+ packages:
+ - bridge-utils
+ - dnsmasq
+ - iptables
+ - lxc
+ - python3-lxc
+
+
+ - name: Copy config files
+ copy:
+ src: "{{ item }}"
+ dest: "/{{ item }}"
+ owner: root
+ group: root
+ mode: 0644
+ loop:
+ - etc/dnsmasq.d/br-lxc
+ - etc/lxc/ansible.conf
+ - etc/network/interfaces.d/br-lxc
+ notify:
+ - Restart dnsmasq
+
+
+
+ - name: Fix evil Debian default /etc/network/interfaces
+ lineinfile:
+ dest: /etc/network/interfaces
+ regexp: 'source.*interfaces.d'
+ line: 'source-directory /etc/network/interfaces.d'
+ backup: yes
+
+
+ - name: dnsmasq should use /etc/resolv.conf
+ lineinfile:
+ path: /etc/default/dnsmasq
+ line: 'IGNORE_RESOLVCONF=yes'
+ regexp: '^\s*#*\s*IGNORE_RESOLVCONF=yes'
+ backup: yes
+ notify:
+ - Restart dnsmasq
+
+
+ - name: IPv4-Forwarding
+ sysctl:
+ name: net.ipv4.ip_forward
+ value: '1'
+ sysctl_file: /etc/sysctl.d/lxc.conf
+ sysctl_set: yes
+ state: present
+ reload: yes
+
+
+ - name: Raise inotify limit
+ sysctl:
+ name: fs.inotify.max_user_instances
+ value: '1024'
+ sysctl_file: 30-lxc-inotify.conf
+ sysctl_set: yes
+ state: present
+ reload: yes
+
+
+ - name: Enable CAP_SYS_TIME in Container
+ lineinfile:
+ dest: /usr/share/lxc/config/common.conf
+ backrefs: yes
+ regexp: '(^\s*[^#].*)sys_time ?(.*)$'
+ line: '\1\2'
+ backup: yes
+
+
+ - name: lxc-net with systemd
+ block:
+ - name: Stop lxc-net service
+ systemd:
+ name: lxc-net
+ state: stopped
+
+ - name: Disable lxc-net service
+ systemd:
+ name: lxc-net
+ enabled: no
+
+ - name: Mask lxc-net service
+ systemd:
+ name: lxc-net
+ masked: yes
+ when: ansible_service_mgr == "systemd"
+
+
+ - name: lxc-net without systemd
+ block:
+ - name: Disable lxc-net
+ service:
+ name: lxc-net
+ enabled: no
+ state: stopped
+ ignore_errors: yes
+ when: ansible_service_mgr != "systemd"
+
+
+ - name: Bring up br-lxc
+ command: ifup br-lxc
+ args:
+ creates: /sys/devices/virtual/net/br-lxc
+
+
+
+ handlers:
+ - name: Restart dnsmasq
+ service:
+ name: dnsmasq
+ state: restarted
+ ignore_errors: yes
+
diff --git a/12/Win/Unix-Datei.txt b/12/Win/Unix-Datei.txt
new file mode 100644
index 0000000..e69de29
diff --git a/12/Win/ansible.cfg b/12/Win/ansible.cfg
new file mode 100644
index 0000000..1111d0c
--- /dev/null
+++ b/12/Win/ansible.cfg
@@ -0,0 +1,3 @@
+[defaults]
+inventory = ./hosts
+
diff --git a/12/Win/hosts b/12/Win/hosts
new file mode 100644
index 0000000..7cb2afe
--- /dev/null
+++ b/12/Win/hosts
@@ -0,0 +1,9 @@
+[windows]
+win2k12r2 ansible_host=172.22.240.164
+
+[windows:vars]
+ansible_user=Administrator
+ansible_password=XXXXX
+ansible_connection=winrm
+ansible_winrm_server_cert_validation=ignore
+
diff --git a/12/Win/setup.txt b/12/Win/setup.txt
new file mode 100644
index 0000000..6a9d53f
--- /dev/null
+++ b/12/Win/setup.txt
@@ -0,0 +1,141 @@
+win2k12r2 | SUCCESS => {
+ "ansible_facts": {
+ "ansible_architecture": "64-Bit",
+ "ansible_architecture2": "x86_64",
+ "ansible_bios_date": null,
+ "ansible_bios_version": null,
+ "ansible_date_time": {
+ "date": "2022-03-18",
+ "day": "18",
+ "epoch": "1647607291,11022",
+ "epoch_int": 1647607291,
+ "epoch_local": "1647610891,11022",
+ "hour": "13",
+ "iso8601": "2022-03-18T12:41:31Z",
+ "iso8601_basic": "20220318T134131110217",
+ "iso8601_basic_short": "20220318T134131",
+ "iso8601_micro": "2022-03-18T12:41:31.110217Z",
+ "minute": "41",
+ "month": "03",
+ "second": "31",
+ "time": "13:41:31",
+ "tz": "W. Europe Standard Time",
+ "tz_offset": "+01:00",
+ "weekday": "Friday",
+ "weekday_number": "5",
+ "weeknumber": "11",
+ "year": "2022"
+ },
+ "ansible_distribution": "Microsoft Windows Server 2012 R2 Standard - Testversion",
+ "ansible_distribution_major_version": "6",
+ "ansible_distribution_version": "6.3.9600.0",
+ "ansible_domain": "",
+ "ansible_env": {
+ "ALLUSERSPROFILE": "C:\\ProgramData",
+ "APPDATA": "C:\\Users\\Administrator\\AppData\\Roaming",
+ "COMPUTERNAME": "WIN-A6UVOR2N33N",
+ "ChocolateyInstall": "C:\\ProgramData\\chocolatey",
+ "ChocolateyLastPathUpdate": "132835990150633065",
+ "ChocolateyToolsLocation": "C:\\tools",
+ "ComSpec": "C:\\Windows\\system32\\cmd.exe",
+ "CommonProgramFiles": "C:\\Program Files\\Common Files",
+ "CommonProgramFiles(x86)": "C:\\Program Files (x86)\\Common Files",
+ "CommonProgramW6432": "C:\\Program Files\\Common Files",
+ "FP_NO_HOST_CHECK": "NO",
+ "HOMEDRIVE": "C:",
+ "HOMEPATH": "\\Users\\Administrator",
+ "LOCALAPPDATA": "C:\\Users\\Administrator\\AppData\\Local",
+ "LOGONSERVER": "\\\\WIN-A6UVOR2N33N",
+ "NUMBER_OF_PROCESSORS": "2",
+ "OS": "Windows_NT",
+ "PATHEXT": ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL",
+ "PROCESSOR_ARCHITECTURE": "AMD64",
+ "PROCESSOR_IDENTIFIER": "Intel64 Family 6 Model 61 Stepping 2, GenuineIntel",
+ "PROCESSOR_LEVEL": "6",
+ "PROCESSOR_REVISION": "3d02",
+ "PROMPT": "$P$G",
+ "PSExecutionPolicyPreference": "Unrestricted",
+ "PSModulePath": "C:\\Users\\Administrator\\Documents\\WindowsPowerShell\\Modules;C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules",
+ "PUBLIC": "C:\\Users\\Public",
+ "Path": "C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\ProgramData\\chocolatey\\bin;",
+ "ProgramData": "C:\\ProgramData",
+ "ProgramFiles": "C:\\Program Files",
+ "ProgramFiles(x86)": "C:\\Program Files (x86)",
+ "ProgramW6432": "C:\\Program Files",
+ "SystemDrive": "C:",
+ "SystemRoot": "C:\\Windows",
+ "TEMP": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp",
+ "TMP": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp",
+ "USERDOMAIN": "WIN-A6UVOR2N33N",
+ "USERDOMAIN_ROAMINGPROFILE": "WIN-A6UVOR2N33N",
+ "USERNAME": "Administrator",
+ "USERPROFILE": "C:\\Users\\Administrator",
+ "windir": "C:\\Windows"
+ },
+ "ansible_fqdn": "WIN-A6UVOR2N33N",
+ "ansible_hostname": "WIN-A6UVOR2N33N",
+ "ansible_interfaces": [
+ {
+ "connection_name": "Ethernet",
+ "default_gateway": "172.22.240.1",
+ "dns_domain": "br240.void",
+ "interface_index": 21,
+ "interface_name": "Gigabit-Netzwerkverbindung Intel(R) 82574L #2",
+ "macaddress": "52:54:00:80:68:04"
+ }
+ ],
+ "ansible_ip_addresses": [
+ "fe80::4d9b:297e:ee2f:4df2%21",
+ "172.22.240.164"
+ ],
+ "ansible_kernel": "6.3.9600.0",
+ "ansible_lastboot": "2022-03-18 13:14:08Z",
+ "ansible_machine_id": "S-1-5-21-4249200181-1233407984-53629394",
+ "ansible_memfree_mb": 3435,
+ "ansible_memtotal_mb": 4096,
+ "ansible_netbios_name": "WIN-A6UVOR2N33N",
+ "ansible_nodename": "WIN-A6UVOR2N33N",
+ "ansible_os_family": "Windows",
+ "ansible_os_installation_type": "Server",
+ "ansible_os_name": "Microsoft Windows Server 2012 R2 Standard - Testversion",
+ "ansible_os_product_type": "server",
+ "ansible_owner_contact": "",
+ "ansible_owner_name": "Windows-Benutzer",
+ "ansible_pagefilefree_mb": 1408,
+ "ansible_pagefiletotal_mb": 1408,
+ "ansible_powershell_version": 4,
+ "ansible_processor": [
+ "0",
+ "GenuineIntel",
+ "Intel Core Processor (Broadwell, IBRS)",
+ "1",
+ "GenuineIntel",
+ "Intel Core Processor (Broadwell, IBRS)"
+ ],
+ "ansible_processor_count": 0,
+ "ansible_processor_vcpus": 2,
+ "ansible_product_name": null,
+ "ansible_product_serial": null,
+ "ansible_reboot_pending": false,
+ "ansible_swaptotal_mb": 0,
+ "ansible_system": "Win32NT",
+ "ansible_system_description": "",
+ "ansible_system_vendor": null,
+ "ansible_uptime_seconds": 1646,
+ "ansible_user_dir": "C:\\Users\\Administrator",
+ "ansible_user_gecos": "",
+ "ansible_user_id": "Administrator",
+ "ansible_user_sid": "S-1-5-21-4249200181-1233407984-53629394-500",
+ "ansible_virtualization_role": "NA",
+ "ansible_virtualization_type": "NA",
+ "ansible_win_rm_certificate_expires": "2024-10-26 23:04:12",
+ "ansible_windows_domain": "WORKGROUP",
+ "ansible_windows_domain_member": false,
+ "ansible_windows_domain_role": "Stand-alone server",
+ "gather_subset": [
+ "all"
+ ],
+ "module_setup": true
+ },
+ "changed": false
+}
diff --git a/12/Win/useradd.yml b/12/Win/useradd.yml
new file mode 100644
index 0000000..68e97b7
--- /dev/null
+++ b/12/Win/useradd.yml
@@ -0,0 +1,12 @@
+---
+- hosts: windows
+
+ tasks:
+ - name: Ensure user bob is present
+ ansible.windows.win_user:
+ name: bob
+ password: B0bP4ssw0rd
+ state: present
+ groups:
+ - Benutzer
+
diff --git a/12/ansible.cfg b/12/ansible.cfg
new file mode 100644
index 0000000..34ae5fc
--- /dev/null
+++ b/12/ansible.cfg
@@ -0,0 +1,41 @@
+[defaults]
+
+# Inventory
+inventory = ./hosts.ini
+inventory_plugins = ./plugins/inventory
+
+# Roles paths
+roles_path = ./roles:./roles.extern:./roles.webcluster:/etc/ansible/roles
+
+# Interpreter Discovery - Ohne Warnings
+interpreter_python = auto_silent
+
+# Zusätzliche Module
+library = ./plugins/modules
+
+# SSH
+remote_user = root
+#host_key_checking = False
+
+# Retry files
+retry_files_enabled = yes
+retry_files_save_path = ./.cache/Retry/
+
+# Log files
+#log_path = ./log/ansible.log
+
+# Fact caching
+gathering = smart
+fact_caching_timeout = 86400
+fact_caching = yaml
+fact_caching_connection = ./.cache/facts/
+
+# Farben ausschalten
+#nocolor = 1
+
+[colors]
+# Für dunklen Hintergrund in der Console
+verbose = bright blue
+debug = bright gray
+error = bright red
+
diff --git a/12/availenabled.yml b/12/availenabled.yml
new file mode 100644
index 0000000..7e88964
--- /dev/null
+++ b/12/availenabled.yml
@@ -0,0 +1,9 @@
+---
+- hosts: localhost
+ gather_facts: no
+
+ tasks:
+ - availenabled:
+ path: /tmp/apache2/mods-
+ name: foo
+
diff --git a/12/availenabled_module_args.json b/12/availenabled_module_args.json
new file mode 100644
index 0000000..5fcc055
--- /dev/null
+++ b/12/availenabled_module_args.json
@@ -0,0 +1,5 @@
+{"ANSIBLE_MODULE_ARGS": {
+ "path": "/tmp/apache2/mods-",
+ "name": "foo"
+ }
+}
diff --git a/12/db+wp.yml b/12/db+wp.yml
new file mode 100644
index 0000000..7e6a3a9
--- /dev/null
+++ b/12/db+wp.yml
@@ -0,0 +1,53 @@
+---
+- hosts: localhost
+
+ vars:
+ my_image_mariadb: 'mariadb:10.3'
+ my_image_wordpress: 'wordpress'
+
+ tasks:
+ - name: Download Docker image
+ docker_image:
+ name: '{{ item }}'
+ state: present
+ tag: latest
+ source: pull
+ with_items:
+ - '{{ my_image_mariadb }}'
+ - '{{ my_image_wordpress }}'
+
+ - name: Create persistant volume (Ansible 2.4)
+ docker_volume:
+ name: db_data
+ state: present
+
+ - name: Create DB container (Ansible 2.1)
+ docker_container:
+ name: db
+ image: '{{ my_image_mariadb }}'
+ volumes:
+ - db_data:/var/lib/mysql
+ restart_policy: always
+ env:
+ MYSQL_ROOT_PASSWORD: mysql
+ MYSQL_DATABASE: wordpress
+ MYSQL_USER: wordpress
+ MYSQL_PASSWORD: "{{ lookup('password', './wordpress.pw') }}"
+
+ - name: Create WP container (Ansible 2.1)
+ docker_container:
+ name: wordpress
+ image: '{{ my_image_wordpress }}'
+ restart_policy: always
+ exposed_ports:
+ - 80
+ published_ports:
+ - 8888:80
+ links:
+ - db:db
+ env:
+ WORDPRESS_DB_HOST: db:3306
+ WORDPRESS_DB_USER: wordpress
+ WORDPRESS_DB_PASSWORD: "{{ lookup('password', './wordpress.pw') }}"
+
+
diff --git a/12/docker_install.yml b/12/docker_install.yml
new file mode 100644
index 0000000..b0b9618
--- /dev/null
+++ b/12/docker_install.yml
@@ -0,0 +1,12 @@
+---
+- hosts: localhost
+ tasks:
+ - apt:
+ name: "{{ packages }}"
+ vars:
+ packages:
+ - docker.io
+ - docker-compose
+ - python3-docker
+ become: True
+
diff --git a/12/docker_install_old.yml b/12/docker_install_old.yml
new file mode 100644
index 0000000..8b67c58
--- /dev/null
+++ b/12/docker_install_old.yml
@@ -0,0 +1,50 @@
+---
+- hosts: all
+ tasks:
+ - name: Update the apt package index
+ become: yes
+ apt:
+ name: "*"
+ state: latest
+ update_cache: yes
+ force_apt_get: yes
+ - name: Install packages for apt add repository over HTTPS
+ become: yes
+ apt:
+ name: "{{ packagesdep }}"
+ force_apt_get: yes
+ state: latest
+ update_cache: yes
+ vars:
+ packagesdep:
+ - git
+ - apt-transport-https
+ - ca-certificates
+ - wget
+ - software-properties-common
+ - gnupg2
+ - curl
+ - name: Add Apt signing key from official docker repo
+ apt_key:
+ url: https://download.docker.com/linux/debian/gpg
+ state: present
+ - name: add docker official repository for Debian Stretch
+ apt_repository:
+ repo: deb [arch=amd64] https://download.docker.com/linux/debian stretch stable
+ state: present
+ - name: Index new repo into the cache
+ become: yes
+ apt:
+ name: "*"
+ state: latest
+ update_cache: yes
+ force_apt_get: yes
+ - name: actually install docker
+ apt:
+ name: "docker-ce"
+ state: latest
+- name: Ensure docker-compose is installed and available
+ get_url:
+ url: https://github.com/docker/compose/releases/download/1.22.0/docker-compose-{{ ansible_system }}-{{ ansible_userspace_architecture }}
+ dest: /usr/local/bin/docker-compose
+ mode: 'u+x,g+x'
diff --git a/12/group_by.yml b/12/group_by.yml
new file mode 100644
index 0000000..d044165
--- /dev/null
+++ b/12/group_by.yml
@@ -0,0 +1,38 @@
+---
+- hosts:
+ - all
+ - localhost
+
+ tasks:
+ - group_by:
+ key: "sv_pkgsvcmgr_{{ ansible_pkg_mgr }}-{{ ansible_service_mgr }}"
+ parents:
+ - "sv_pkgmgr_{{ ansible_pkg_mgr }}"
+
+ - group_by:
+ key: "sv_svcmgr_{{ ansible_service_mgr }}"
+
+ - group_by:
+ key: "sv_mac_{{ '_'.join(ansible_default_ipv4.macaddress.split(':')[5:6]) }}"
+
+ - group_by:
+ key: "sv_net4_{{ ansible_default_ipv4.network }}"
+
+ - group_by:
+ key: "sv_v6int_{{ ansible_default_ipv6.interface|default('nov6') }}"
+
+ - group_by:
+ key: "sv_distri_{{ ansible_distribution }}"
+
+ - group_by:
+ key: "sv_family_{{ ansible_os_family }}"
+
+ - group_by:
+ key: "sv_{{ ansible_virtualization_role }}_{{ ansible_virtualization_type }}"
+
+- hosts: localhost
+ gather_facts: no
+ tasks:
+ - debug:
+ msg: "{{ groups | dict2items | selectattr('key', 'contains', 'sv_') | list | items2dict }}"
+
diff --git a/12/ping.yml b/12/ping.yml
new file mode 100644
index 0000000..acb5f2a
--- /dev/null
+++ b/12/ping.yml
@@ -0,0 +1,7 @@
+---
+- hosts:
+ - all
+ - localhost
+ tasks:
+ - ping:
+
diff --git a/12/setup.yml b/12/setup.yml
new file mode 100644
index 0000000..1f61bdd
--- /dev/null
+++ b/12/setup.yml
@@ -0,0 +1,5 @@
+---
+- hosts: all
+
+ tasks: []
+
diff --git a/12/timesync.yml b/12/timesync.yml
new file mode 120000
index 0000000..6c62d55
--- /dev/null
+++ b/12/timesync.yml
@@ -0,0 +1 @@
+../roles.extern/roles_timesync/timesync.yml
\ No newline at end of file
diff --git a/ansible.cfg b/ansible.cfg
index 31fbd81..00efac9 120000
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1 +1 @@
-11/ansible.cfg
\ No newline at end of file
+12/ansible.cfg
\ No newline at end of file
diff --git a/helper/12_gitmodules_Prepare-Workshop.sh b/helper/12_gitmodules_Prepare-Workshop.sh
new file mode 100755
index 0000000..efd84f1
--- /dev/null
+++ b/helper/12_gitmodules_Prepare-Workshop.sh
@@ -0,0 +1,6 @@
+#!/bin/bash -ex
+
+mkdir -p roles.extern
+
+git submodule add https://git.velt.biz/Ansible/Prepare_Workshop.git 12/Prepare_Workshop
+
diff --git a/helper/12_gitmodules_timesync.sh b/helper/12_gitmodules_timesync.sh
new file mode 100755
index 0000000..2149bd8
--- /dev/null
+++ b/helper/12_gitmodules_timesync.sh
@@ -0,0 +1,6 @@
+#!/bin/bash -ex
+
+mkdir -p roles.extern
+
+git submodule add https://git.velt.biz/Ansible/roles_timesync.git roles.extern/roles_timesync
+
diff --git a/helper/12_packages.sh b/helper/12_packages.sh
new file mode 100755
index 0000000..166b99a
--- /dev/null
+++ b/helper/12_packages.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+sudo apt install --no-install-recommends --yes \
+ jq \
+ nmap\
+
diff --git a/helper/create_hosts_from_file.sh b/helper/create_hosts_from_file.sh
new file mode 100755
index 0000000..7baf0e5
--- /dev/null
+++ b/helper/create_hosts_from_file.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+if [ -z "$1" -o ! -f "$1" ]; then
+ echo Need filename
+ exit 1
+fi
+
+for GROUP in alpine archlinux centos debian devuan fedora oracle opensuse ubuntu voidlinux
+do
+ grep "${GROUP}" "$1" | while read NAME IP REST
+ do
+ echo -e "${IP}\t${NAME}.heinlein.akademie\t\t${NAME}"
+ done
+done
+
diff --git a/helper/create_hosts_from_lxc.sh b/helper/create_hosts_from_lxc.sh
new file mode 100755
index 0000000..82ef68b
--- /dev/null
+++ b/helper/create_hosts_from_lxc.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+for GROUP in alpine archlinux centos debian devuan fedora oracle opensuse ubuntu voidlinux
+do
+ sudo lxc-ls -f -F name,ipv4 -g ${GROUP} | grep -v NAME | while read NAME IP
+ do
+ echo -e "${IP}\t${NAME}.heinlein.akademie\t\t${NAME}"
+ done
+done
+
diff --git a/helper/create_inventory_from_file.sh b/helper/create_inventory_from_file.sh
new file mode 100755
index 0000000..cc1ab69
--- /dev/null
+++ b/helper/create_inventory_from_file.sh
@@ -0,0 +1,90 @@
+#!/bin/bash
+
+if [ -z "$1" -o ! -f "$1" ]; then
+ echo Need filename
+ exit 1
+fi
+
+for GROUP in almalinux alpine archlinux centos debian devuan fedora oracle rockylinux opensuse ubuntu voidlinux
+do
+ echo "[${GROUP}]"
+ grep "${GROUP}" "$1" | while read NAME IP REST
+ do
+ case "${GROUP}" in
+ almalinux|rockylinux)
+ echo -e "${NAME}\t\tansible_host=${IP}"
+ ;;
+ *)
+ echo "${NAME}"
+ ;;
+ esac
+ done
+ echo ""
+done
+
+
+cat <
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: lxc_container_info
+short_description: Gather info about LXC Containers
+version_added: "0.1.0"
+description: Gather some information about (all) LXC Containers
+options:
+ name:
+ description: Name of Container to gather informations
+ required: false
+ type: str
+requirements:
+ - 'lxc-python3'
+author:
+ - Sven Velt
+'''
+
+EXAMPLES = r'''
+# Gather information of all containers:
+- name: Gather LXC informations
+ lxc_container_info:
+
+# Gather information of one container:
+- name: Gather LXC informations
+ lxc_container_info:
+ name: containername
+'''
+
+
+RETURN = r'''
+# These are examples of possible return values, and in general should use other names for return values.
+containers:
+ description: dict of container information
+ returned: always
+ type: complex
+ contains:
+ containername:
+ description: name of container
+ type: complex
+ contains:
+ all_interfaces:
+ description: List of all interfaces
+ type: str
+ returned: always
+ sample: '["lo", "eth0"]'
+ defined:
+ description: if container is defined
+ type: bool
+ returned: always
+ sample: true
+ exists:
+ description: if container is defined
+ type: bool
+ returned: always
+ sample: true
+ init_pid:
+ description: PID of init of container (if running)
+ type: init
+ sample: 1234
+original_message:
+ description: The original name param that was passed in.
+ type: str
+ returned: always
+ sample: 'hello world'
+message:
+ description: The output message that the test module generates.
+ type: str
+ returned: always
+ sample: 'goodbye'
+my_useful_info:
+ description: The dictionary containing information about your system.
+ type: dict
+ returned: always
+ sample: {
+ 'foo': 'bar',
+ 'answer': 42,
+ }
+'''
+
+import ipaddress
+
+try:
+ import lxc
+except ImportError:
+ HAS_LXC = False
+else:
+ HAS_LXC = True
+
+from ansible.module_utils.basic import AnsibleModule
+
+
+def run_module():
+ module_args = dict(
+ name=dict(type='str', default=''),
+ )
+
+ result = dict(
+ changed=False,
+ containers={},
+ )
+
+ module = AnsibleModule(
+ argument_spec=module_args,
+ supports_check_mode=True
+ )
+
+ if not HAS_LXC:
+ module.fail_json(
+ msg='The `lxc` module is not importable. Check the requirements.'
+ )
+
+ if module.params['name']:
+ ctnames = [ module.params['name'], ]
+ else:
+ ctnames = lxc.list_containers()
+
+ for ctname in ctnames:
+ ct = lxc.Container(ctname)
+
+ res_ct = {}
+ res_ct['defined'] = ct.defined
+ res_ct['exists'] = ct.defined
+ res_ct['state'] = ct.state
+ res_ct['running'] = ct.running
+ res_ct['init_pid'] = ct.init_pid
+ res_ct['all_interfaces'] = ct.get_interfaces()
+
+ res_ifaces = {}
+ for iface in ct.get_interfaces():
+ res_if = {}
+ res_if['ipv4_addresses'] = []
+ res_if['ipv6_addresses'] = []
+ for addr in ct.get_ips(iface):
+ try:
+ res_if['ipv4_addresses'].append(str(ipaddress.IPv4Address(addr)))
+ except ipaddress.AddressValueError:
+ try:
+ res_if['ipv6_addresses'].append(str(ipaddress.IPv6Address(addr)))
+ except:
+ pass
+ res_ifaces[iface] = res_if
+ res_ct['interfaces'] = res_ifaces
+
+ res_stat = {}
+ if ct.running:
+ res_stat['mem'] = {
+ 'usage': int(ct.get_cgroup_item("memory.usage_in_bytes")),
+ 'max_usage': int(ct.get_cgroup_item("memory.max_usage_in_bytes")),
+ 'usage_mb': int(ct.get_cgroup_item("memory.usage_in_bytes")) // 1048576,
+ 'max_usage_mb': int(ct.get_cgroup_item("memory.max_usage_in_bytes")) // 1048576,
+ }
+ res_stat['kmem'] = {
+ 'usage': int(ct.get_cgroup_item("memory.kmem.usage_in_bytes")),
+ 'max_usage': int(ct.get_cgroup_item("memory.kmem.max_usage_in_bytes")),
+ 'usage_mb': int(ct.get_cgroup_item("memory.kmem.usage_in_bytes")) // 1048576,
+ 'max_usage_mb': int(ct.get_cgroup_item("memory.kmem.max_usage_in_bytes")) // 1048576,
+ }
+ res_ct['stats'] = res_stat
+
+ result['containers'][ctname] = res_ct
+
+ module.exit_json(**result)
+
+
+def main():
+ run_module()
+
+
+if __name__ == '__main__':
+ main()