Release lab lesson 2

e04/README.org

+* Exercise 04 - Generate and upload your SSH key
+  - Time :: 10 minutes
+    - Try by yourself and ask for support
+    - Give an hack when completed succesfully
+
+  - Description :: If you do not have already one, generate an ssh key and save it on your laptop. Then move the key on the lab virtual-machine in order to use public/private authentication. Check that you are able to login on the lab VM without typing your password.
+
+      
+* Solutions and Instructions
+** Generate an ssh key
+Generate an ssh key, for example using the following, self explaining command. Please replace the variables with:
+- your unitn email
+- your last name as in unitn platform
+- your name as in unitn platform
+  
+The passphrase to protect your key is optional, this course is not about real word security, my suggestion is to set up and use an ssh agent, but this is up to you.
+
+You must backup (and be able to restore) your private key.
+
+#+begin_src sh
+ssh-keygen \
+  -t rsa \
+  -b 4096 \
+  -C "${EMAIL:=a@example.com} ${SNAME:=P. Liddell}, ${FNAME:=Alice W.}" \
+  -f "${EMAIL}.key"
+#+end_src
+
+If this is your first and unique ssh key, you can use it as default (on UNIX system):
+
+#+begin_src sh
+mv -i "${EMAIL}.key" "${HOME}/.ssh/id_rsa"
+#+end_src
+
+In other systems (eg: Windows) the default path may be different, try with [[https://www.scammell.co.uk/2017/09/18/ssh-keygen-best-practice-for-cmder/][this]] or store the keys in a place in order to be confortable to use every time you login on the lab VM.
+
+If you do not have access to =ssh-keygen=, use any other tool that can generate an ssh key and then convert it into the openssh rsa format and add the appropriate comment manually.
+
+A quick and dirty check of the public key, if your name is not something like =Robert'); DROP TABLE students;–= follows:
+
+#+begin_src sh
+grep -q "ssh-rsa [a-zA-Z0-9/=+]\+ ${EMAIL} ${SNAME}, ${FNAME}" ${EMAIL}.key.pub \
+    && echo OK || echo KO
+#+end_src
+
+Study a bit the ssh command line =-i= option and the =IdentityFile= config option in order to be able to use the key, and optionally you may setup your ssh server to do some testing with the ssh key using your own resources.
+
+** Upload the key on the Lab VM
+After checking the correctness, upload the public part of the key into lab VM. There are multiple ways to do that.
+
+*** Manually
+Output the public part of the key into the clipboard
+#+begin_src sh
+cat a@example.com.key.pub
+#+end_src
+
+SSH into the Lab VM
+#+begin_src sh
+  ssh -p LAB_VM_PORT disi@LAB_VM_URL
+#+end_src
+
+Copy the public key and, using an editor, append it on a new line in the =~/.ssh/authorized_keys= file, then save and exit
+#+begin_src sh
+vim ~/.ssh/authorized_keys
+#+end_src
+
+*** Using an home-made trick
+Use a combination of =pipe=, =cat= and =bash output redirect= to append the content of a file on your local machine to another file on the remote machine
+#+begin_src sh
+cat a@example.com.key.pub | ssh -p LAB_VM_PORT  disi@LAB_VM_URL 'cat >> ~/.ssh/authorized_keys'
+#+end_src
+
+*** Using a proper SSH tool
+Use the ==ssh-copy-id= tool, which is smarted and does a check before adding the key which is better in respect to the previous proposed method
+#+begin_src sh
+ssh-copy-id -p LAB_VM_PORT -i ./a@example.com.key.pub disi@LAB_VM_URL
+#+end_src
+
+** Check that you can login wihtout password
+Simply use the login command, the lab VM should now ask you for a password
+#+begin_src sh
+ssh -p LAB_VM_PORT disi@LAB_VM_URL
+#+end_src
+
+or with a more sophisticated way
+
+#+begin_src sh
+ssh -p LAB_VM_PORT disi@LAB_VM_URL -n && echo OK || echo KO
+#+end_src
+
+If the ssh key is not in a default location, specify it using the =-i= flag and specifying the path of the private part
+#+begin_src sh
+ssh -i a@example.com.key -p LAB_VM_PORT disi@LAB_VM_URL
+#+end_src

e05/README.org

+* Exercise 05 - Setup an SSH tunnel and use it as a socks proxy in a web Browser
+  - Time :: 15 minutes
+    - 10 minutes: /Try by yourself and ask for support/
+      - Give an hack when completed succesfully
+    - 5 mintues: /Cross check and Verify/
+
+  - Description :: Setup a browser to use SSH based Socks Proxy tunnel. Create a tunnel from your laptop to the Lan VM. Finally verify that you, and only you, are able to reach your VM behind the firewall using this setup.
+
+
+* Solutions and Instructions
+** Configure a browser to use a socks proxy
+This section depends heavily on your browser and even on your browser version, alternatively you can use an extensions, see below.
+
+*** Using a browser
+The examples are for a modern version of firefox.
+
+We need another variable, is up to you to select a value in the high unprivileged port range, eg: =4444= or =8888=.
+#+begin_src sh
+${SOCKS_PORT:=8888}
+#+end_src
+
+Optionally, you can create a profile in your preferred browser, for firefox starts with:
+#+begin_src sh
+firefox --no-remote --ProfileManager
+#+end_src
+
+In Firefox under the network setting add a socks proxy with the address =${SOCKS_ADDR:=localhost}= and port =${SOCKS_PORT}=
+
+[[file:ff-socks.png]]
+
+In very recent version of firefox you will also need to set =network.proxy.allow_hijacking_localhost= to =true= in =about:config=, see [[https://bugzilla.mozilla.org/show_bug.cgi?id=1535581][https://bugzilla.mozilla.org/show_bug.cgi?id=1535581]]
+
+[[file:ff-settings.png]]
+
+*** Using an extension
+Jump [[https://addons.mozilla.org/en-US/firefox/addon/switchyomega/][here]], install the extension and confgiure a new entry similarly as explained for Firefox above.
+
+** Launch the tunnel
+Launch an ssh connection with the socks support
+#+begin_src sh
+ssh -D ${SOCKS_ADDR}:${SOCKS_PORT} -p LAB_VM_PORT disi@LAB_VM_URL
+#+end_src
+
+** Create a dummy service on the Lab VM
+This simple command will expose a web server that shows the content of the file=system path where it has ben executed
+#+begin_src sh
+python3 -m http.server
+#+end_src
+
+Identify the exposed port and open on your modified browser the following URL: http://localhost:8000.
+
+What do you see?

e06/README.org

+* Exercise 06 - Advanced deployment: Provision with Vagrant and Configure with Ansible
+  - Time :: 20 minutes
+    - 10 minutes: /Try by yourself and ask for support/
+      - Give an hack when completed succesfully
+    - 10 mintues: /Cross check and Verify/
+
+  
+  - Description :: Provision a Virtual Machine using Vagrant as you did in [[file:../e02][e02]]. This time the provisioner in not of type =shell= but of type =Ansible=, so first look at the =Vagrantfile= and then at the =provision.yml= file and try to understand what is going on this time.
+
+    Provision the VM using this new system multiple times, check the VM and inspect virtualbox VMs using CLI.
+
+* Solutions and Instructions
+Of course update the repository on your lab VM, if not already done
+#+begin_src sh
+  cd FCC_REPO_FOLDER
+  git pull
+#+end_src
+** Provision
+As asual provision with Vagrant and look at the output
+#+begin_src sh
+  cd e06
+  vargant up
+#+end_src
+
+When finished provision again and look at the output
+#+begin_src sh
+vagrant provision
+#+end_src
+
+** Check the new virtual-machine
+#+begin_src sh
+vagrant ssh
+#+end_src
+
+** View virtualbox VMs usign CLI
+List all VMs
+#+begin_src sh
+vboxmanage list vms
+#+end_src
+
+List only running VMs
+#+begin_src sh
+vboxmanage list runningvms
+#+end_src
+
+Check other CLI commands
+#+begin_src sh
+vboxmanage --help | less
+#+end_src

e06/Vagrantfile

+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+ANSIBLE_LOGLEVEL = ENV['ANSIBLE_LOGLEVEL'] || "v"
+ANSIBLE_PLAYBOOK = ENV['ANSIBLE_PLAYBOOK'] || "provision.yml"
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "ubuntu/focal64"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+    # Customize the amount of memory on the VM:
+    vb.memory = "2048"
+  end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+    # Shared configuration
+    config.vm.provision :ansible do |ansible|
+      ansible.verbose = ANSIBLE_LOGLEVEL
+      ansible.playbook = ANSIBLE_PLAYBOOK
+    end
+end

e06/provision.yml

+---
+# File: provision.yml - Example fcc e06 provision with vagrant and deploy with ansible
+
+- hosts: all
+  become: true
+
+  tasks:
+  - name: Upgrade the OS (apt-get dist-upgrade)
+    apt:
+      upgrade: dist
+
+  - name: Run the equivalent of "apt-get update" as a separate step
+    apt:
+      update_cache: yes
+
+  - name: Install required packages
+    apt:
+      pkg:
+      - htop
+      - snapd
+      - figlet
+
+  - name: Install yq via snap
+    snap:
+      name:
+      - yq
+
+  - name: Add a figlet customisation to our login
+    ansible.builtin.lineinfile:
+      path: /home/vagrant/.bashrc
+      line: figlet FCC Course, by Ansible
+      create: yes
\ No newline at end of file

e07/README.org

+* Exercise 07 - Deploy a webserver and access the main page via a browser
+  - Time :: 20 minutes
+    - 10 minutes: /Try by yourself and ask for support/
+      - Give an hack when completed succesfully
+    - 10 mintues: /Cross check and Verify/
+
+  - Description :: Provision a Virtual Machine using Vagrant as you did in [[file:../e06][e06]]. This time you should install an =Apache2 Web Server= on the VM. Moreover, once the new service is installed you must check it is working: first via CLI inside the VM and then using a browser from your laptop. Is the laptop allopwed to reach the VM using the SSH Socks Proxy configured so far?
+