From 7446c74b9477a961a9714debf3b01f95d5f63d96 Mon Sep 17 00:00:00 2001
From: Sven Velt <sven@velt.de>
Date: Fri, 16 May 2025 11:33:08 +0200
Subject: [PATCH] Kapitel 12: Komplett

---
 .gitmodules                                  |   6 +
 12/Prepare_Workshop                          |   1 +
 12/Win/Unix-Datei.txt                        |   0
 12/Win/ansible.cfg                           |   3 +
 12/Win/hosts                                 |   9 +
 12/Win/setup.txt                             | 141 +++++++++++++++
 12/Win/useradd.yml                           |  12 ++
 12/ansible.cfg                               |  41 +++++
 12/availenabled.yml                          |   9 +
 12/availenabled_module_args.json             |   5 +
 12/db+wp.yml                                 |  53 ++++++
 12/docker_install.yml                        |  12 ++
 12/docker_install_old.yml                    |  50 ++++++
 12/group_by.yml                              |  38 ++++
 12/ping.yml                                  |   7 +
 12/setup.yml                                 |   5 +
 12/timesync.yml                              |   1 +
 ansible.cfg                                  |   2 +-
 extra/changed_failed_when.yml                |  18 ++
 extra/changed_when.yml                       |   9 +
 extra/ein_rechner_failed.yml                 |  26 +++
 extra/wireguard-key-anlegen_changed_when.yml |   8 +
 extra/wireguard-key-anlegen_creates.yml      |   8 +
 group_vars/webcluster.yml                    |  17 ++
 helper/12_gitmodules_Prepare-Workshop.sh     |   6 +
 helper/12_gitmodules_timesync.sh             |   6 +
 helper/12_packages.sh                        |   6 +
 inventory-scripts/hosts.json.sh              |   6 +
 inventory-scripts/inventory_lxc.py           |  36 ++++
 inventory-scripts/inventory_lxc.py.OLD       |  33 ++++
 inventory-scripts/inventory_lxc_ip.py        |  40 +++++
 inventory/hosts.nmap.cache.yml               |  22 +++
 inventory/hosts.nmap.yml                     |  16 ++
 inventory/libvirt_lxc.yml                    |   4 +
 inventory/lxc.yml                            |   3 +
 plugins/inventory/lxc.py                     |  75 ++++++++
 plugins/modules/availenabled.py              |  81 +++++++++
 plugins/modules/lxc_container_info.py        | 177 +++++++++++++++++++
 roles.extern/roles_timesync                  |   1 +
 39 files changed, 992 insertions(+), 1 deletion(-)
 create mode 160000 12/Prepare_Workshop
 create mode 100644 12/Win/Unix-Datei.txt
 create mode 100644 12/Win/ansible.cfg
 create mode 100644 12/Win/hosts
 create mode 100644 12/Win/setup.txt
 create mode 100644 12/Win/useradd.yml
 create mode 100644 12/ansible.cfg
 create mode 100644 12/availenabled.yml
 create mode 100644 12/availenabled_module_args.json
 create mode 100644 12/db+wp.yml
 create mode 100644 12/docker_install.yml
 create mode 100644 12/docker_install_old.yml
 create mode 100644 12/group_by.yml
 create mode 100644 12/ping.yml
 create mode 100644 12/setup.yml
 create mode 120000 12/timesync.yml
 create mode 100644 extra/changed_failed_when.yml
 create mode 100644 extra/changed_when.yml
 create mode 100644 extra/ein_rechner_failed.yml
 create mode 100644 extra/wireguard-key-anlegen_changed_when.yml
 create mode 100644 extra/wireguard-key-anlegen_creates.yml
 create mode 100644 group_vars/webcluster.yml
 create mode 100755 helper/12_gitmodules_Prepare-Workshop.sh
 create mode 100755 helper/12_gitmodules_timesync.sh
 create mode 100755 helper/12_packages.sh
 create mode 100755 inventory-scripts/hosts.json.sh
 create mode 100755 inventory-scripts/inventory_lxc.py
 create mode 100755 inventory-scripts/inventory_lxc.py.OLD
 create mode 100755 inventory-scripts/inventory_lxc_ip.py
 create mode 100644 inventory/hosts.nmap.cache.yml
 create mode 100644 inventory/hosts.nmap.yml
 create mode 100644 inventory/libvirt_lxc.yml
 create mode 100644 inventory/lxc.yml
 create mode 100644 plugins/inventory/lxc.py
 create mode 100644 plugins/modules/availenabled.py
 create mode 100644 plugins/modules/lxc_container_info.py
 create mode 160000 roles.extern/roles_timesync

diff --git a/.gitmodules b/.gitmodules
index 04cea97..0a05a75 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -29,3 +29,9 @@
 [submodule "roles.extern/selfsignedcert"]
 	path = roles.extern/selfsignedcert
 	url = https://git.velt.biz/Ansible/selfsignedcert.git
+[submodule "12/Prepare_Workshop"]
+	path = 12/Prepare_Workshop
+	url = https://git.velt.biz/Ansible/Prepare_Workshop.git
+[submodule "roles.extern/roles_timesync"]
+	path = roles.extern/roles_timesync
+	url = https://git.velt.biz/Ansible/roles_timesync.git
diff --git a/12/Prepare_Workshop b/12/Prepare_Workshop
new file mode 160000
index 0000000..cc05cf6
--- /dev/null
+++ b/12/Prepare_Workshop
@@ -0,0 +1 @@
+Subproject commit cc05cf60933293fb3e939a0981a6b804a2689d72
diff --git a/12/Win/Unix-Datei.txt b/12/Win/Unix-Datei.txt
new file mode 100644
index 0000000..e69de29
diff --git a/12/Win/ansible.cfg b/12/Win/ansible.cfg
new file mode 100644
index 0000000..1111d0c
--- /dev/null
+++ b/12/Win/ansible.cfg
@@ -0,0 +1,3 @@
+[defaults]
+inventory = ./hosts
+
diff --git a/12/Win/hosts b/12/Win/hosts
new file mode 100644
index 0000000..7cb2afe
--- /dev/null
+++ b/12/Win/hosts
@@ -0,0 +1,9 @@
+[windows]
+win2k12r2	ansible_host=172.22.240.164
+
+[windows:vars]
+ansible_user=Administrator
+ansible_password=XXXXX
+ansible_connection=winrm
+ansible_winrm_server_cert_validation=ignore
+
diff --git a/12/Win/setup.txt b/12/Win/setup.txt
new file mode 100644
index 0000000..6a9d53f
--- /dev/null
+++ b/12/Win/setup.txt
@@ -0,0 +1,141 @@
+win2k12r2 | SUCCESS => {
+    "ansible_facts": {
+        "ansible_architecture": "64-Bit",
+        "ansible_architecture2": "x86_64",
+        "ansible_bios_date": null,
+        "ansible_bios_version": null,
+        "ansible_date_time": {
+            "date": "2022-03-18",
+            "day": "18",
+            "epoch": "1647607291,11022",
+            "epoch_int": 1647607291,
+            "epoch_local": "1647610891,11022",
+            "hour": "13",
+            "iso8601": "2022-03-18T12:41:31Z",
+            "iso8601_basic": "20220318T134131110217",
+            "iso8601_basic_short": "20220318T134131",
+            "iso8601_micro": "2022-03-18T12:41:31.110217Z",
+            "minute": "41",
+            "month": "03",
+            "second": "31",
+            "time": "13:41:31",
+            "tz": "W. Europe Standard Time",
+            "tz_offset": "+01:00",
+            "weekday": "Friday",
+            "weekday_number": "5",
+            "weeknumber": "11",
+            "year": "2022"
+        },
+        "ansible_distribution": "Microsoft Windows Server 2012 R2 Standard - Testversion",
+        "ansible_distribution_major_version": "6",
+        "ansible_distribution_version": "6.3.9600.0",
+        "ansible_domain": "",
+        "ansible_env": {
+            "ALLUSERSPROFILE": "C:\\ProgramData",
+            "APPDATA": "C:\\Users\\Administrator\\AppData\\Roaming",
+            "COMPUTERNAME": "WIN-A6UVOR2N33N",
+            "ChocolateyInstall": "C:\\ProgramData\\chocolatey",
+            "ChocolateyLastPathUpdate": "132835990150633065",
+            "ChocolateyToolsLocation": "C:\\tools",
+            "ComSpec": "C:\\Windows\\system32\\cmd.exe",
+            "CommonProgramFiles": "C:\\Program Files\\Common Files",
+            "CommonProgramFiles(x86)": "C:\\Program Files (x86)\\Common Files",
+            "CommonProgramW6432": "C:\\Program Files\\Common Files",
+            "FP_NO_HOST_CHECK": "NO",
+            "HOMEDRIVE": "C:",
+            "HOMEPATH": "\\Users\\Administrator",
+            "LOCALAPPDATA": "C:\\Users\\Administrator\\AppData\\Local",
+            "LOGONSERVER": "\\\\WIN-A6UVOR2N33N",
+            "NUMBER_OF_PROCESSORS": "2",
+            "OS": "Windows_NT",
+            "PATHEXT": ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL",
+            "PROCESSOR_ARCHITECTURE": "AMD64",
+            "PROCESSOR_IDENTIFIER": "Intel64 Family 6 Model 61 Stepping 2, GenuineIntel",
+            "PROCESSOR_LEVEL": "6",
+            "PROCESSOR_REVISION": "3d02",
+            "PROMPT": "$P$G",
+            "PSExecutionPolicyPreference": "Unrestricted",
+            "PSModulePath": "C:\\Users\\Administrator\\Documents\\WindowsPowerShell\\Modules;C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules",
+            "PUBLIC": "C:\\Users\\Public",
+            "Path": "C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\ProgramData\\chocolatey\\bin;",
+            "ProgramData": "C:\\ProgramData",
+            "ProgramFiles": "C:\\Program Files",
+            "ProgramFiles(x86)": "C:\\Program Files (x86)",
+            "ProgramW6432": "C:\\Program Files",
+            "SystemDrive": "C:",
+            "SystemRoot": "C:\\Windows",
+            "TEMP": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp",
+            "TMP": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp",
+            "USERDOMAIN": "WIN-A6UVOR2N33N",
+            "USERDOMAIN_ROAMINGPROFILE": "WIN-A6UVOR2N33N",
+            "USERNAME": "Administrator",
+            "USERPROFILE": "C:\\Users\\Administrator",
+            "windir": "C:\\Windows"
+        },
+        "ansible_fqdn": "WIN-A6UVOR2N33N",
+        "ansible_hostname": "WIN-A6UVOR2N33N",
+        "ansible_interfaces": [
+            {
+                "connection_name": "Ethernet",
+                "default_gateway": "172.22.240.1",
+                "dns_domain": "br240.void",
+                "interface_index": 21,
+                "interface_name": "Gigabit-Netzwerkverbindung Intel(R) 82574L #2",
+                "macaddress": "52:54:00:80:68:04"
+            }
+        ],
+        "ansible_ip_addresses": [
+            "fe80::4d9b:297e:ee2f:4df2%21",
+            "172.22.240.164"
+        ],
+        "ansible_kernel": "6.3.9600.0",
+        "ansible_lastboot": "2022-03-18 13:14:08Z",
+        "ansible_machine_id": "S-1-5-21-4249200181-1233407984-53629394",
+        "ansible_memfree_mb": 3435,
+        "ansible_memtotal_mb": 4096,
+        "ansible_netbios_name": "WIN-A6UVOR2N33N",
+        "ansible_nodename": "WIN-A6UVOR2N33N",
+        "ansible_os_family": "Windows",
+        "ansible_os_installation_type": "Server",
+        "ansible_os_name": "Microsoft Windows Server 2012 R2 Standard - Testversion",
+        "ansible_os_product_type": "server",
+        "ansible_owner_contact": "",
+        "ansible_owner_name": "Windows-Benutzer",
+        "ansible_pagefilefree_mb": 1408,
+        "ansible_pagefiletotal_mb": 1408,
+        "ansible_powershell_version": 4,
+        "ansible_processor": [
+            "0",
+            "GenuineIntel",
+            "Intel Core Processor (Broadwell, IBRS)",
+            "1",
+            "GenuineIntel",
+            "Intel Core Processor (Broadwell, IBRS)"
+        ],
+        "ansible_processor_count": 0,
+        "ansible_processor_vcpus": 2,
+        "ansible_product_name": null,
+        "ansible_product_serial": null,
+        "ansible_reboot_pending": false,
+        "ansible_swaptotal_mb": 0,
+        "ansible_system": "Win32NT",
+        "ansible_system_description": "",
+        "ansible_system_vendor": null,
+        "ansible_uptime_seconds": 1646,
+        "ansible_user_dir": "C:\\Users\\Administrator",
+        "ansible_user_gecos": "",
+        "ansible_user_id": "Administrator",
+        "ansible_user_sid": "S-1-5-21-4249200181-1233407984-53629394-500",
+        "ansible_virtualization_role": "NA",
+        "ansible_virtualization_type": "NA",
+        "ansible_win_rm_certificate_expires": "2024-10-26 23:04:12",
+        "ansible_windows_domain": "WORKGROUP",
+        "ansible_windows_domain_member": false,
+        "ansible_windows_domain_role": "Stand-alone server",
+        "gather_subset": [
+            "all"
+        ],
+        "module_setup": true
+    },
+    "changed": false
+}
diff --git a/12/Win/useradd.yml b/12/Win/useradd.yml
new file mode 100644
index 0000000..68e97b7
--- /dev/null
+++ b/12/Win/useradd.yml
@@ -0,0 +1,12 @@
+---
+- hosts: windows
+
+  tasks:
+    - name: Ensure user bob is present
+      ansible.windows.win_user:
+        name: bob
+        password: B0bP4ssw0rd
+        state: present
+        groups:
+          - Benutzer
+
diff --git a/12/ansible.cfg b/12/ansible.cfg
new file mode 100644
index 0000000..34ae5fc
--- /dev/null
+++ b/12/ansible.cfg
@@ -0,0 +1,41 @@
+[defaults]
+
+# Inventory
+inventory = ./hosts.ini
+inventory_plugins = ./plugins/inventory
+
+# Roles paths
+roles_path = ./roles:./roles.extern:./roles.webcluster:/etc/ansible/roles
+
+# Interpreter Discovery - Ohne Warnings
+interpreter_python = auto_silent
+
+# Zusätzliche Module
+library = ./plugins/modules
+
+# SSH
+remote_user = root
+#host_key_checking = False
+
+# Retry files
+retry_files_enabled = yes
+retry_files_save_path = ./.cache/Retry/
+
+# Log files
+#log_path = ./log/ansible.log
+
+# Fact caching
+gathering = smart
+fact_caching_timeout = 86400
+fact_caching = yaml
+fact_caching_connection = ./.cache/facts/
+
+# Farben ausschalten
+#nocolor = 1
+
+[colors]
+# Für dunklen Hintergrund in der Console
+verbose = bright blue
+debug = bright gray
+error = bright red
+
diff --git a/12/availenabled.yml b/12/availenabled.yml
new file mode 100644
index 0000000..7e88964
--- /dev/null
+++ b/12/availenabled.yml
@@ -0,0 +1,9 @@
+---
+- hosts: localhost
+  gather_facts: no
+
+  tasks:
+    - availenabled:
+        path: /tmp/apache2/mods-
+        name: foo
+
diff --git a/12/availenabled_module_args.json b/12/availenabled_module_args.json
new file mode 100644
index 0000000..5fcc055
--- /dev/null
+++ b/12/availenabled_module_args.json
@@ -0,0 +1,5 @@
+{"ANSIBLE_MODULE_ARGS": {
+	"path": "/tmp/apache2/mods-",
+	"name": "foo"
+	}
+}
diff --git a/12/db+wp.yml b/12/db+wp.yml
new file mode 100644
index 0000000..7e6a3a9
--- /dev/null
+++ b/12/db+wp.yml
@@ -0,0 +1,53 @@
+---
+- hosts: localhost
+
+  vars:
+    my_image_mariadb: 'mariadb:10.3'
+    my_image_wordpress: 'wordpress'
+
+  tasks:
+    - name: Download Docker image
+      docker_image:
+        name: '{{ item }}'
+        state: present
+        tag: latest
+        source: pull
+      with_items:
+        - '{{ my_image_mariadb }}'
+        - '{{ my_image_wordpress }}'
+
+    - name: Create persistant volume (Ansible 2.4)
+      docker_volume:
+        name: db_data
+        state: present
+
+    - name: Create DB container (Ansible 2.1)
+      docker_container:
+        name: db
+        image: '{{ my_image_mariadb }}'
+        volumes:
+          - db_data:/var/lib/mysql
+        restart_policy: always
+        env:
+          MYSQL_ROOT_PASSWORD: mysql
+          MYSQL_DATABASE: wordpress
+          MYSQL_USER: wordpress
+          MYSQL_PASSWORD: "{{ lookup('password', './wordpress.pw') }}"
+
+    - name: Create WP container (Ansible 2.1)
+      docker_container:
+        name: wordpress
+        image: '{{ my_image_wordpress }}'
+        restart_policy: always
+        exposed_ports:
+          - 80
+        published_ports:
+          - 8888:80
+        links:
+          - db:db
+        env:
+          WORDPRESS_DB_HOST: db:3306
+          WORDPRESS_DB_USER: wordpress
+          WORDPRESS_DB_PASSWORD: "{{ lookup('password', './wordpress.pw') }}"
+
+
diff --git a/12/docker_install.yml b/12/docker_install.yml
new file mode 100644
index 0000000..b0b9618
--- /dev/null
+++ b/12/docker_install.yml
@@ -0,0 +1,12 @@
+---
+- hosts: localhost
+  tasks:
+    - apt:
+        name: "{{ packages }}"
+      vars:
+        packages:
+          - docker.io
+          - docker-compose
+          - python3-docker
+      become: True
+
diff --git a/12/docker_install_old.yml b/12/docker_install_old.yml
new file mode 100644
index 0000000..8b67c58
--- /dev/null
+++ b/12/docker_install_old.yml
@@ -0,0 +1,50 @@
+---
+- hosts: all
+  tasks:
+  - name: Update the apt package index
+    become: yes
+    apt:
+      name: "*"
+      state: latest
+      update_cache: yes
+      force_apt_get: yes
+  - name: Install packages for apt add repository over HTTPS
+    become: yes
+    apt:
+      name: "{{ packagesdep }}"
+      force_apt_get: yes
+      state: latest
+      update_cache: yes
+    vars:
+      packagesdep:
+      - git
+      - apt-transport-https
+      - ca-certificates
+      - wget
+      - software-properties-common
+      - gnupg2
+      - curl
+  - name: Add Apt signing key from official docker repo
+    apt_key:
+      url: https://download.docker.com/linux/debian/gpg
+      state: present
+  - name: add docker official repository for Debian Stretch
+    apt_repository:
+      repo: deb [arch=amd64] https://download.docker.com/linux/debian stretch stable
+      state: present
+  - name: Index new repo into the cache
+    become: yes
+    apt:
+      name: "*"
+      state: latest
+      update_cache: yes
+      force_apt_get: yes
+  - name: actually install docker
+    apt:
+      name: "docker-ce"
+      state: latest
+- name: Ensure docker-compose is installed and available
+    get_url:
+      url: https://github.com/docker/compose/releases/download/1.22.0/docker-compose-{{ ansible_system }}-{{ ansible_userspace_architecture }}
+      dest: /usr/local/bin/docker-compose
+      mode: 'u+x,g+x'
diff --git a/12/group_by.yml b/12/group_by.yml
new file mode 100644
index 0000000..d044165
--- /dev/null
+++ b/12/group_by.yml
@@ -0,0 +1,38 @@
+---
+- hosts:
+    - all
+    - localhost
+
+  tasks:
+    - group_by:
+        key: "sv_pkgsvcmgr_{{ ansible_pkg_mgr }}-{{ ansible_service_mgr }}"
+        parents:
+          - "sv_pkgmgr_{{ ansible_pkg_mgr }}"
+
+    - group_by:
+        key: "sv_svcmgr_{{ ansible_service_mgr }}"
+
+    - group_by:
+        key: "sv_mac_{{ '_'.join(ansible_default_ipv4.macaddress.split(':')[5:6]) }}"
+
+    - group_by:
+        key: "sv_net4_{{ ansible_default_ipv4.network }}"
+
+    - group_by:
+        key: "sv_v6int_{{ ansible_default_ipv6.interface|default('nov6') }}"
+
+    - group_by:
+        key: "sv_distri_{{ ansible_distribution }}"
+
+    - group_by:
+        key: "sv_family_{{ ansible_os_family }}"
+
+    - group_by:
+        key: "sv_{{ ansible_virtualization_role }}_{{ ansible_virtualization_type }}"
+
+- hosts: localhost
+  gather_facts: no
+  tasks:
+    - debug:
+        msg: "{{ groups | dict2items | selectattr('key', 'contains', 'sv_') | list | items2dict }}"
+
diff --git a/12/ping.yml b/12/ping.yml
new file mode 100644
index 0000000..acb5f2a
--- /dev/null
+++ b/12/ping.yml
@@ -0,0 +1,7 @@
+---
+- hosts:
+    - all
+    - localhost
+  tasks:
+    - ping:
+
diff --git a/12/setup.yml b/12/setup.yml
new file mode 100644
index 0000000..1f61bdd
--- /dev/null
+++ b/12/setup.yml
@@ -0,0 +1,5 @@
+---
+- hosts: all
+
+  tasks: []
+
diff --git a/12/timesync.yml b/12/timesync.yml
new file mode 120000
index 0000000..6c62d55
--- /dev/null
+++ b/12/timesync.yml
@@ -0,0 +1 @@
+../roles.extern/roles_timesync/timesync.yml
\ No newline at end of file
diff --git a/ansible.cfg b/ansible.cfg
index 31fbd81..00efac9 120000
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1 +1 @@
-11/ansible.cfg
\ No newline at end of file
+12/ansible.cfg
\ No newline at end of file
diff --git a/extra/changed_failed_when.yml b/extra/changed_failed_when.yml
new file mode 100644
index 0000000..63b2e14
--- /dev/null
+++ b/extra/changed_failed_when.yml
@@ -0,0 +1,18 @@
+---
+- hosts:
+    - tn00-debian12
+    - tn00-alpine3i
+
+  gather_facts: no
+
+  tasks:
+    - name: "Gebe CHANGED zurück, wenn /etc/hostname den String 'debian' enthält"
+      command: cat /etc/hostname
+      register: output
+      changed_when: '"debian" in output.stdout'
+
+    - name: "Gebe FAILED zurück, wenn /etc/hostname den String 'alpine' enthält"
+      command: cat /etc/hostname
+      register: output
+      failed_when: '"alpine" in output.stdout'
+
diff --git a/extra/changed_when.yml b/extra/changed_when.yml
new file mode 100644
index 0000000..5c396fb
--- /dev/null
+++ b/extra/changed_when.yml
@@ -0,0 +1,9 @@
+---
+- hosts: all
+  gather_facts: no
+
+  tasks:
+    - command: cat /etc/hosts
+      register: output
+      changed_when: '"ubu" in output.stdout'
+
diff --git a/extra/ein_rechner_failed.yml b/extra/ein_rechner_failed.yml
new file mode 100644
index 0000000..9e74dcd
--- /dev/null
+++ b/extra/ein_rechner_failed.yml
@@ -0,0 +1,26 @@
+---
+- hosts:
+  - tn00-debian12
+  - tn00-alpine3i
+
+  gather_facts: no
+
+  tasks:
+    - name: Debian bricht ab
+      debug:
+        msg: "Hallo"
+      failed_when: '"debian" in inventory_hostname'
+
+
+- hosts:
+  - tn00-debian12
+  - tn00-alpine3i
+
+  gather_facts: no
+
+  tasks:
+    - name: "Wer lebt noch?"
+      debug:
+        msg: "Lebenszeichen"
+
+
diff --git a/extra/wireguard-key-anlegen_changed_when.yml b/extra/wireguard-key-anlegen_changed_when.yml
new file mode 100644
index 0000000..11592d0
--- /dev/null
+++ b/extra/wireguard-key-anlegen_changed_when.yml
@@ -0,0 +1,8 @@
+---
+- hosts: localhost
+  gather_facts: no
+  tasks:
+    - shell: "[ ! -f wg.pub ] && wg genkey | tee wg.priv | wg pubkey | tee wg.pub || true"
+      register: output
+      changed_when: output.stdout != ""
+
diff --git a/extra/wireguard-key-anlegen_creates.yml b/extra/wireguard-key-anlegen_creates.yml
new file mode 100644
index 0000000..09b30cc
--- /dev/null
+++ b/extra/wireguard-key-anlegen_creates.yml
@@ -0,0 +1,8 @@
+---
+- hosts: localhost
+  gather_facts: no
+  tasks:
+    - shell: "wg genkey | tee wg.priv | wg pubkey | tee wg.pub"
+      args:
+        creates: wg.pub
+
diff --git a/group_vars/webcluster.yml b/group_vars/webcluster.yml
new file mode 100644
index 0000000..c6fd74d
--- /dev/null
+++ b/group_vars/webcluster.yml
@@ -0,0 +1,17 @@
+apache2_backend_mod_remoteip_proxy: 10.128.17.0/24
+
+
+haproxy_sslcert_src: cert.pem
+haproxy_sslcert_path: /etc/haproxy/ssl.pem
+
+
+keepalived_virtual_ipaddress:
+  - 10.128.17.9/22
+
+keepalived_chk_proc_name: haproxy
+
+
+selfsignedcert_basename: ./cert
+selfsignedcert_san:
+  - "IP:{{ keepalived_virtual_ipaddress|ipaddr('address') }}"
+
diff --git a/helper/12_gitmodules_Prepare-Workshop.sh b/helper/12_gitmodules_Prepare-Workshop.sh
new file mode 100755
index 0000000..efd84f1
--- /dev/null
+++ b/helper/12_gitmodules_Prepare-Workshop.sh
@@ -0,0 +1,6 @@
+#!/bin/bash -ex
+
+mkdir -p roles.extern
+
+git submodule add https://git.velt.biz/Ansible/Prepare_Workshop.git 12/Prepare_Workshop
+
diff --git a/helper/12_gitmodules_timesync.sh b/helper/12_gitmodules_timesync.sh
new file mode 100755
index 0000000..2149bd8
--- /dev/null
+++ b/helper/12_gitmodules_timesync.sh
@@ -0,0 +1,6 @@
+#!/bin/bash -ex
+
+mkdir -p roles.extern
+
+git submodule add https://git.velt.biz/Ansible/roles_timesync.git roles.extern/roles_timesync
+
diff --git a/helper/12_packages.sh b/helper/12_packages.sh
new file mode 100755
index 0000000..166b99a
--- /dev/null
+++ b/helper/12_packages.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+sudo apt install --no-install-recommends --yes \
+	jq \
+	nmap\
+
diff --git a/inventory-scripts/hosts.json.sh b/inventory-scripts/hosts.json.sh
new file mode 100755
index 0000000..04d3ada
--- /dev/null
+++ b/inventory-scripts/hosts.json.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+cat <<EOF
+{ "gruppe1": { "hosts": ["host1", "host2"] }, "gruppe2": { "hosts": ["host3", "host4"] }, "_meta": {} }
+EOF
+
diff --git a/inventory-scripts/inventory_lxc.py b/inventory-scripts/inventory_lxc.py
new file mode 100755
index 0000000..71a8c2f
--- /dev/null
+++ b/inventory-scripts/inventory_lxc.py
@@ -0,0 +1,36 @@
+#!/usr/bin/python3
+
+import json
+import sys
+
+try:
+	import lxc
+except ImportError:
+	print("Could not import lxc module!")
+	sys.exit(1)
+
+########################################
+inventory ={ '_meta':{'hostvars':{} } }
+########################################
+
+ctnames = lxc.list_containers()
+
+for ctname in ctnames:
+	ct = lxc.Container(ctname)
+
+	if ct.running:
+		groups = ct.get_running_config_item('lxc.group')
+		if not groups:
+			groups = 'ungrouped'
+		for group in groups.rstrip().split('\n'):
+			if not group in inventory:
+				inventory[group] = {
+					'hosts': [],
+					'vars': {
+						'ansible_connection': 'lxc',
+					}
+				}
+			inventory[group]['hosts'].append(ctname)
+
+print(json.dumps(inventory))
+
diff --git a/inventory-scripts/inventory_lxc.py.OLD b/inventory-scripts/inventory_lxc.py.OLD
new file mode 100755
index 0000000..26f32d3
--- /dev/null
+++ b/inventory-scripts/inventory_lxc.py.OLD
@@ -0,0 +1,33 @@
+#!/usr/bin/python3
+
+import json
+import sys
+
+try:
+	import lxc
+except ImportError:
+	print("Could not import lxc module!")
+	sys.exit(1)
+
+########################################
+inventory ={ '_meta':{'hostvars':{} } }
+########################################
+
+ctnames = lxc.list_containers()
+
+for ctname in ctnames:
+	ct = lxc.Container(ctname)
+
+	if ct.running:
+		for group in ct.get_running_config_item('lxc.group').rstrip().split('\n'):
+			if not group in inventory:
+				inventory[group] = {
+					'hosts': [],
+					'vars': {
+						'ansible_connection': 'lxc',
+					}
+				}
+			inventory[group]['hosts'].append(ctname)
+
+print(json.dumps(inventory))
+
diff --git a/inventory-scripts/inventory_lxc_ip.py b/inventory-scripts/inventory_lxc_ip.py
new file mode 100755
index 0000000..ffa4522
--- /dev/null
+++ b/inventory-scripts/inventory_lxc_ip.py
@@ -0,0 +1,40 @@
+#!/usr/bin/python3
+
+import json
+import sys
+
+try:
+	import lxc
+except ImportError:
+	print("Could not import lxc module!")
+	sys.exit(1)
+
+########################################
+inventory ={ '_meta':{'hostvars':{} } }
+########################################
+
+ctnames = lxc.list_containers()
+
+for ctname in ctnames:
+	ct = lxc.Container(ctname)
+
+	if ct.running:
+		groups = ct.get_running_config_item('lxc.group')
+		if not groups:
+			groups = 'ungrouped'
+		for group in groups.rstrip().split('\n'):
+			if not group in inventory:
+				inventory[group] = {
+					'hosts': [],
+					'vars': {
+						'ansible_user': 'root',
+					},
+				}
+			inventory[group]['hosts'].append(ctname)
+		inventory['_meta']['hostvars'][ctname] = {
+			'ansible_host': ct.get_ips()[0],
+		}
+
+
+print(json.dumps(inventory))
+
diff --git a/inventory/hosts.nmap.cache.yml b/inventory/hosts.nmap.cache.yml
new file mode 100644
index 0000000..5870a89
--- /dev/null
+++ b/inventory/hosts.nmap.cache.yml
@@ -0,0 +1,22 @@
+---
+plugin: community.general.nmap
+#strict: False
+#ports: False
+#ipv4: True
+#ipv6: False
+#address: 192.168.0.0/24
+#address: 192.168.50.0/24
+address: 10.128.17.0/24
+#address: 80.241.57.126/32
+
+cache: true
+cache_connection: ./.cache/inventory
+cache_plugin: yaml
+cache_prefix: inventory_yaml_
+cache_timeout: 30
+
+groups:
+  nmap_without_hostname: "name|ansible.utils.ipv4"
+  nmap_debian: "'debian' in name"
+  nmap_centos: "'centos' in name"
+
diff --git a/inventory/hosts.nmap.yml b/inventory/hosts.nmap.yml
new file mode 100644
index 0000000..eee2c9c
--- /dev/null
+++ b/inventory/hosts.nmap.yml
@@ -0,0 +1,16 @@
+---
+plugin: community.general.nmap
+#strict: False
+#ports: False
+#ipv4: True
+#ipv6: False
+#address: 192.168.0.0/24
+#address: 192.168.50.0/24
+address: 10.128.17.0/24
+#address: 80.241.57.126/32
+
+groups:
+  nmap_without_hostname: "name|ansible.utils.ipv4"
+  nmap_debian: "'debian' in name"
+  nmap_centos: "'centos' in name"
+
diff --git a/inventory/libvirt_lxc.yml b/inventory/libvirt_lxc.yml
new file mode 100644
index 0000000..6c872f0
--- /dev/null
+++ b/inventory/libvirt_lxc.yml
@@ -0,0 +1,4 @@
+---
+plugin: community.libvirt.libvirt
+uri: lxc:/
+
diff --git a/inventory/lxc.yml b/inventory/lxc.yml
new file mode 100644
index 0000000..6b63b69
--- /dev/null
+++ b/inventory/lxc.yml
@@ -0,0 +1,3 @@
+---
+plugin: lxc
+
diff --git a/plugins/inventory/lxc.py b/plugins/inventory/lxc.py
new file mode 100644
index 0000000..1e980c4
--- /dev/null
+++ b/plugins/inventory/lxc.py
@@ -0,0 +1,75 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+'''
+
+EXAMPLES = r'''
+'''
+
+from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
+from ansible.errors import AnsibleError
+
+try:
+    import lxc
+except ImportError:
+    raise AnsibleError('the lxc inventory plugin requires lxc-python.')
+
+class InventoryModule(BaseInventoryPlugin, Constructable):
+    NAME = 'lxc'
+
+    def parse(self, inventory, loader, path, cache=True):
+        super(InventoryModule, self).parse(
+            inventory,
+            loader,
+            path,
+            cache=cache
+        )
+
+        config_data = self._read_config_data(path)
+        self._consume_options(config_data)
+
+        ctnames = lxc.list_containers()
+        for ctname in ctnames:
+            ct = lxc.Container(ctname)
+
+            if ct.running:
+                self.inventory.add_host(ctname)
+                for group in ct.get_running_config_item('lxc.group').rstrip().split('\n'):
+                    self.inventory.add_group(group)
+                    self.inventory.add_child(group, ctname)
+                self.inventory.set_variable(ctname, 'ansible_connection', 'lxc')
+
+            # Get variables for compose
+#            variables = self.inventory.hosts[ctname].get_vars()
+#            print(variables)
+#            print(ctname)
+#            print( self.get_option('compose') )
+#            print( self.get_option('strict') )
+
+#            # Set composed variables
+#            self._set_composite_vars(
+#                self.get_option('compose'),
+#                variables,
+#                ctname,
+#                self.get_option('strict'),
+#            )
+#            print('XXX')
+#
+#            # Add host to composed groups
+#            self._add_host_to_composed_groups(
+#                self.get_option('groups'),
+#                variables,
+#                inventory_hostname,
+#                self.get_option('strict'),
+#            )
+#
+#            # Add host to keyed groups
+#            self._add_host_to_keyed_groups(
+#                self.get_option('keyed_groups'),
+#                variables,
+#                inventory_hostname,
+#                self.get_option('strict'),
+#            )
+
+
diff --git a/plugins/modules/availenabled.py b/plugins/modules/availenabled.py
new file mode 100644
index 0000000..7db52e4
--- /dev/null
+++ b/plugins/modules/availenabled.py
@@ -0,0 +1,81 @@
+#!/usr/bin/python
+
+import os
+from operator import xor
+
+def main():
+    module = AnsibleModule(
+        argument_spec = dict(
+            path = dict(required=True),
+            base = dict(default=""),
+            p_enabled = dict(default='enabled'),
+            p_available = dict(default='available'),
+            name = dict(required=True),
+            suffix= dict(default='.conf'),
+            state = dict(default='present', choices=['present', 'absent']),
+        )
+    )
+
+    # path: /etc/apache2 or /etc/apache2/conf-
+    # base: conf- or ""
+    # name: FILENAME or FILENAME.conf
+    path = module.params.get('path')
+    base = module.params.get('base')
+    p_enabled = module.params.get('p_enabled')
+    p_available = module.params.get('p_available')
+    name = module.params.get('name')
+    suffix = module.params.get('suffix')
+    state = module.params.get('state') == 'present'
+
+    # pre-checks
+    if os.path.isdir(path):
+        p_available = os.path.join(path, base + p_available)
+        p_enabled = os.path.join(path, base + p_enabled)
+    else:
+        p_available = path + p_available
+        p_enabled = path + p_enabled
+
+    for p in [p_available, p_enabled]:
+        if not os.path.isdir(p):
+            module.fail_json(msg="Directory %s not found" % p)
+
+    # define internal variables
+    src = os.path.join(p_available, name + suffix)
+    dest = os.path.join(p_enabled, name + suffix)
+
+    if not (os.path.isfile(src) or os.path.islink(src)):
+        module.fail_json(msg="Source not found")
+
+    dest_exists=True
+    if not (os.path.isfile(dest) or os.path.islink(dest)):
+        dest_exists=False
+
+    # if there's no difference, no change, exit "ok"
+    if not xor(state, dest_exists):
+        module.exit_json()
+
+    if state:
+        # try to create symlink
+        try:
+            os.symlink(os.path.relpath(src, p_enabled), dest)
+        except:
+            module.fail_json(msg="Could not create symlink")
+    else:
+        # test, if symlink
+        if not os.path.islink(dest):
+            module.fail_json(msg="Destination is not a symlink")
+
+        # try to remove symlink
+        try:
+            os.unlink(dest)
+        except:
+            module.fail_json(msg="Could not remove symlink")
+
+    module.exit_json(changed=True)
+
+
+
+from ansible.module_utils.basic import *
+if __name__ == '__main__':
+    main()
+
diff --git a/plugins/modules/lxc_container_info.py b/plugins/modules/lxc_container_info.py
new file mode 100644
index 0000000..530b067
--- /dev/null
+++ b/plugins/modules/lxc_container_info.py
@@ -0,0 +1,177 @@
+#!/usr/bin/python
+
+# Copyright: (c) 2020-, Sven Velt <sven-ansiblerole@velt.biz>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: lxc_container_info
+short_description: Gather info about LXC Containers
+version_added: "0.1.0"
+description: Gather some information about (all) LXC Containers
+options:
+    name:
+        description: Name of Container to gather informations
+        required: false
+        type: str
+requirements:
+    - 'lxc-python3'
+author:
+    - Sven Velt
+'''
+
+EXAMPLES = r'''
+# Gather information of all containers:
+- name: Gather LXC informations
+  lxc_container_info:
+
+# Gather information of one container:
+- name: Gather LXC informations
+  lxc_container_info:
+    name: containername
+'''
+
+
+RETURN = r'''
+# These are examples of possible return values, and in general should use other names for return values.
+containers:
+    description: dict of container information
+    returned: always
+    type: complex
+    contains:
+        containername:
+            description: name of container
+            type: complex
+            contains:
+                all_interfaces:
+                    description: List of all interfaces
+                    type: str
+                    returned: always
+                    sample: '["lo", "eth0"]'
+                defined:
+                    description: if container is defined
+                    type: bool
+                    returned: always
+                    sample: true
+                exists:
+                    description: if container is defined
+                    type: bool
+                    returned: always
+                    sample: true
+                init_pid:
+                    description: PID of init of container (if running)
+                    type: init
+                    sample: 1234
+original_message:
+    description: The original name param that was passed in.
+    type: str
+    returned: always
+    sample: 'hello world'
+message:
+    description: The output message that the test module generates.
+    type: str
+    returned: always
+    sample: 'goodbye'
+my_useful_info:
+    description: The dictionary containing information about your system.
+    type: dict
+    returned: always
+    sample: {
+        'foo': 'bar',
+        'answer': 42,
+    }
+'''
+
+import ipaddress
+
+try:
+	import lxc
+except ImportError:
+	HAS_LXC = False
+else:
+	HAS_LXC = True
+
+from ansible.module_utils.basic import AnsibleModule
+
+
+def run_module():
+	module_args = dict(
+		name=dict(type='str', default=''),
+	)
+
+	result = dict(
+		changed=False,
+		containers={},
+	)
+
+	module = AnsibleModule(
+		argument_spec=module_args,
+		supports_check_mode=True
+	)
+
+	if not HAS_LXC:
+		module.fail_json(
+			msg='The `lxc` module is not importable. Check the requirements.'
+		)
+
+	if module.params['name']:
+		ctnames = [ module.params['name'], ]
+	else:
+		ctnames = lxc.list_containers()
+
+	for ctname in ctnames:
+		ct = lxc.Container(ctname)
+
+		res_ct = {}
+		res_ct['defined'] = ct.defined
+		res_ct['exists'] = ct.defined
+		res_ct['state'] = ct.state
+		res_ct['running'] = ct.running
+		res_ct['init_pid'] = ct.init_pid
+		res_ct['all_interfaces'] = ct.get_interfaces()
+
+		res_ifaces = {}
+		for iface in ct.get_interfaces():
+			res_if = {}
+			res_if['ipv4_addresses'] = []
+			res_if['ipv6_addresses'] = []
+			for addr in ct.get_ips(iface):
+				try:
+					res_if['ipv4_addresses'].append(str(ipaddress.IPv4Address(addr)))
+				except ipaddress.AddressValueError:
+					try:
+						res_if['ipv6_addresses'].append(str(ipaddress.IPv6Address(addr)))
+					except:
+						pass
+			res_ifaces[iface] = res_if
+		res_ct['interfaces'] = res_ifaces
+
+		res_stat = {}
+		if ct.running:
+			res_stat['mem'] = {
+				'usage': int(ct.get_cgroup_item("memory.usage_in_bytes")),
+				'max_usage': int(ct.get_cgroup_item("memory.max_usage_in_bytes")),
+				'usage_mb': int(ct.get_cgroup_item("memory.usage_in_bytes")) // 1048576,
+				'max_usage_mb': int(ct.get_cgroup_item("memory.max_usage_in_bytes")) // 1048576,
+				}
+			res_stat['kmem'] = {
+				'usage': int(ct.get_cgroup_item("memory.kmem.usage_in_bytes")),
+				'max_usage': int(ct.get_cgroup_item("memory.kmem.max_usage_in_bytes")),
+				'usage_mb': int(ct.get_cgroup_item("memory.kmem.usage_in_bytes")) // 1048576,
+				'max_usage_mb': int(ct.get_cgroup_item("memory.kmem.max_usage_in_bytes")) // 1048576,
+				}
+		res_ct['stats'] = res_stat
+
+		result['containers'][ctname] = res_ct
+
+	module.exit_json(**result)
+
+
+def main():
+	run_module()
+
+
+if __name__ == '__main__':
+	main()
diff --git a/roles.extern/roles_timesync b/roles.extern/roles_timesync
new file mode 160000
index 0000000..bb38d9e
--- /dev/null
+++ b/roles.extern/roles_timesync
@@ -0,0 +1 @@
+Subproject commit bb38d9e89130b68dabf997059cf8f863d4625739