From 1552906509329a508c23060ed2b153e9a8b43975 Mon Sep 17 00:00:00 2001 From: Fco Javier Lopez Perez Date: Fri, 14 Jun 2024 13:45:38 +0200 Subject: [PATCH 001/138] Refs 7415 - Added new Debian template --- host_vars/vn-debian12.yaml | 133 +++++++++++++++++++++++++++++++++++++ hosts | 1 + 2 files changed, 134 insertions(+) create mode 100644 host_vars/vn-debian12.yaml diff --git a/host_vars/vn-debian12.yaml b/host_vars/vn-debian12.yaml new file mode 100644 index 0000000..21e416e --- /dev/null +++ b/host_vars/vn-debian12.yaml @@ -0,0 +1,133 @@ +--- + +### ROOT-USER ############################################################### +root_user_enabled: True +#root_user_enabled: False +############################################################################# + +### HOSTNAME ################################################################ +hostname_enabled: True +#hostname_enabled: False +hostname: 'vn-debian12' +############################################################################# + +### HOSTS ################################################################### +#hosts_enabled: True +hosts_enabled: False +hosts: + - ip: 127.0.0.1 + name: localhost + - ip: 127.0.1.1 + name: vn-debian12.lab.verdnatura.es vn-debian12 +############################################################################# + +### RESOLV ################################################################## +resolv_enabled: True +#resolv_enabled: False +domain_name: lab.verdnatura.es +search_name: lab.verdnatura.es +resolvs: + - ip: 10.0.0.4 + - ip: 10.0.0.5 +############################################################################# + +### UPDATE ################################################################## +update_enabled: True +#update_enabled: False +############################################################################# + +### INSTALL PACKAGES ######################################################## +packages_enabled: True +#packages_enabled: False +############################################################################# + +### RELAY HOST SMTP ######################################################### +relay_host_enabled: True +#relay_host_enabled: False +############################################################################# + +### CENTRALIZED AUTH ######################################################## +centralized_auth_enabled: True +#centralized_auth_enabled: False +############################################################################# + +### SUDOERS ################################################################# +sudoers_enabled: True +#sudoers_enabled: False +############################################################################# + +### SECURE GRUB ############################################################# +#secure_grub_enabled: True +secure_grub_enabled: False +############################################################################# + +### VIM OPTIONS ############################################################# +vim_options_enabled: True +#vim_options_enabled: False +############################################################################# + +### MOTD #################################################################### +motd_enabled: True +#motd_enabled: False +############################################################################# + +### HOT PLUG ################################################################ +hot_plug_enabled: True +#hot_plug_enabled: False +############################################################################# + +### LOCALES ################################################################# +locales_enabled: True +#locales_enabled: False +############################################################################# + +### TZDATA ################################################################## +tzdata_enabled: True +#tzdata_enabled: False +############################################################################# + +### REPO VN ################################################################# +repo_vn_enabled: True +#repo_vn_enabled: False +############################################################################# + +### FAIL2BAN ################################################################ +#fail2ban_enabled: True +fail2ban_enabled: False +fail2ban_times: + - bantime: "604800" + maxretry: "4" + findtime: "604800" +fail2ban_jails: + - name: sshd + enabled: true + port: ['22'] + filter: sshd + logpath: "%(sshd_log)s" + backend: "%(sshd_backend)s" +############################################################################# + +### NAGIOS NRPE ############################################################# +nagios_nrpe_enabled: True +#nagios_nrpe_enabled: False +############################################################################# + +### SERVER TYPE ############################################################# +server_type_enabled: True +#server_type_enabled: False +############################################################################# + +### NTP ##################################################################### +ntp_enabled: True +#ntp_enabled: False +############################################################################# + +### AUTOFS HOMES ############################################################ +autofs_homes_enabled: True +#autofs_homes_enabled: False +############################################################################# + +### ZABBIX AGENT ############################################################ +#zabbix_agent_enabled: True +zabbix_agent_enabled: False +############################################################################# diff --git a/hosts b/hosts index 8b1f539..f433036 100644 --- a/hosts +++ b/hosts @@ -166,3 +166,4 @@ freeradius-playbook ansible_host=freeradius-playbook.lab.verdnatura.es debian-vn-test ansible_host=debian-vn-test.lab.verdnatura.es iventoy-test ansible_host=iventoy-test.lab.verdnatura.es kubelab-proxy1 ansible_host=kubelab-proxy1.lab.verdnatura.es +vn-debian12 ansible_host=vn-debian12.lab.verdnatura.es -- 2.40.1 From 323fabf4dbd54884c3ee60bee77c216c4d1da668 Mon Sep 17 00:00:00 2001 From: Fco Javier Lopez Perez Date: Mon, 17 Jun 2024 10:07:46 +0200 Subject: [PATCH 002/138] Update minimal packages to install --- roles/config-install-packages/tasks/main.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/config-install-packages/tasks/main.yaml b/roles/config-install-packages/tasks/main.yaml index a8fcfc4..17ab73c 100644 --- a/roles/config-install-packages/tasks/main.yaml +++ b/roles/config-install-packages/tasks/main.yaml @@ -23,4 +23,9 @@ - mlocate - bind9-dnsutils - task-spanish - - locales-all \ No newline at end of file + - locales-all + - tree + - ncdu + - cloud-guest-utils + - net-tools + - curl -- 2.40.1 From 406b5b633b8dd956bcd18469c6b09558b7e3ed04 Mon Sep 17 00:00:00 2001 From: Fco Javier Lopez Perez Date: Mon, 17 Jun 2024 11:32:46 +0200 Subject: [PATCH 003/138] Refs 7415 - Rename template name --- host_vars/{vn-debian12.yaml => vm-debian12.yaml} | 8 ++++---- hosts | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) rename host_vars/{vn-debian12.yaml => vm-debian12.yaml} (97%) diff --git a/host_vars/vn-debian12.yaml b/host_vars/vm-debian12.yaml similarity index 97% rename from host_vars/vn-debian12.yaml rename to host_vars/vm-debian12.yaml index 21e416e..0927886 100644 --- a/host_vars/vn-debian12.yaml +++ b/host_vars/vm-debian12.yaml @@ -8,17 +8,17 @@ root_user_enabled: True ### HOSTNAME ################################################################ hostname_enabled: True #hostname_enabled: False -hostname: 'vn-debian12' +hostname: 'vm-debian12' ############################################################################# ### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False +hosts_enabled: True +#hosts_enabled: False hosts: - ip: 127.0.0.1 name: localhost - ip: 127.0.1.1 - name: vn-debian12.lab.verdnatura.es vn-debian12 + name: vm-debian12.lab.verdnatura.es vm-debian12 ############################################################################# ### RESOLV ################################################################## diff --git a/hosts b/hosts index f433036..96004be 100644 --- a/hosts +++ b/hosts @@ -166,4 +166,4 @@ freeradius-playbook ansible_host=freeradius-playbook.lab.verdnatura.es debian-vn-test ansible_host=debian-vn-test.lab.verdnatura.es iventoy-test ansible_host=iventoy-test.lab.verdnatura.es kubelab-proxy1 ansible_host=kubelab-proxy1.lab.verdnatura.es -vn-debian12 ansible_host=vn-debian12.lab.verdnatura.es +vm-debian12 ansible_host=vm-debian12.lab.verdnatura.es -- 2.40.1 From 2c71068f501382dbbb3aab28e8a4525bd7538a65 Mon Sep 17 00:00:00 2001 From: rubenb Date: Tue, 18 Jun 2024 14:05:46 +0200 Subject: [PATCH 004/138] add host --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index 8b1f539..e7856fc 100644 --- a/hosts +++ b/hosts @@ -166,3 +166,4 @@ freeradius-playbook ansible_host=freeradius-playbook.lab.verdnatura.es debian-vn-test ansible_host=debian-vn-test.lab.verdnatura.es iventoy-test ansible_host=iventoy-test.lab.verdnatura.es kubelab-proxy1 ansible_host=kubelab-proxy1.lab.verdnatura.es +openvpn-freeradius ansible_host=openvpn-freeradius.lab.verdnatura.es \ No newline at end of file -- 2.40.1 From a9913cbd4356af17a0864a2583188f08c0192d1a Mon Sep 17 00:00:00 2001 From: rubenb Date: Tue, 18 Jun 2024 14:10:21 +0200 Subject: [PATCH 005/138] add host vars openvpn-freeradius --- host_vars/openvpn-freeradius.yaml | 133 ++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 host_vars/openvpn-freeradius.yaml diff --git a/host_vars/openvpn-freeradius.yaml b/host_vars/openvpn-freeradius.yaml new file mode 100644 index 0000000..5c04863 --- /dev/null +++ b/host_vars/openvpn-freeradius.yaml @@ -0,0 +1,133 @@ +--- + +### ROOT-USER ############################################################### +root_user_enabled: True +#root_user_enabled: False +############################################################################# + +### HOSTNAME ################################################################ +hostname_enabled: True +#hostname_enabled: False +hostname: 'openvpn-freeradius' +############################################################################# + +### HOSTS ################################################################### +hosts_enabled: True +#hosts_enabled: False +hosts: + - ip: 127.0.0.1 + name: localhost + - ip: 127.0.1.1 + name: openvpn-freeradius.lab.verdnatura.es openvpn-freeradius +############################################################################# + +### RESOLV ################################################################## +resolv_enabled: True +#resolv_enabled: False +domain_name: lab.verdnatura.es +search_name: lab.verdnatura.es +resolvs: + - ip: 10.0.0.4 + - ip: 10.0.0.5 +############################################################################# + +### UPDATE ################################################################## +update_enabled: True +#update_enabled: False +############################################################################# + +### INSTALL PACKAGES ######################################################## +packages_enabled: True +#packages_enabled: False +############################################################################# + +### RELAY HOST SMTP ######################################################### +relay_host_enabled: True +#relay_host_enabled: False +############################################################################# + +### CENTRALIZED AUTH ######################################################## +centralized_auth_enabled: True +#centralized_auth_enabled: False +############################################################################# + +### SUDOERS ################################################################# +sudoers_enabled: True +#sudoers_enabled: False +############################################################################# + +### SECURE GRUB ############################################################# +#secure_grub_enabled: True +secure_grub_enabled: False +############################################################################# + +### VIM OPTIONS ############################################################# +vim_options_enabled: True +#vim_options_enabled: False +############################################################################# + +### MOTD #################################################################### +motd_enabled: True +#motd_enabled: False +############################################################################# + +### HOT PLUG ################################################################ +hot_plug_enabled: True +#hot_plug_enabled: False +############################################################################# + +### LOCALES ################################################################# +locales_enabled: True +#locales_enabled: False +############################################################################# + +### TZDATA ################################################################## +tzdata_enabled: True +#tzdata_enabled: False +############################################################################# + +### REPO VN ################################################################# +repo_vn_enabled: True +#repo_vn_enabled: False +############################################################################# + +### FAIL2BAN ################################################################ +#fail2ban_enabled: True +fail2ban_enabled: False +fail2ban_times: + - bantime: "604800" + maxretry: "4" + findtime: "604800" +fail2ban_jails: + - name: sshd + enabled: true + port: ['22'] + filter: sshd + logpath: "%(sshd_log)s" + backend: "%(sshd_backend)s" +############################################################################# + +### NAGIOS NRPE ############################################################# +nagios_nrpe_enabled: True +#nagios_nrpe_enabled: False +############################################################################# + +### SERVER TYPE ############################################################# +server_type_enabled: True +#server_type_enabled: False +############################################################################# + +### NTP ##################################################################### +ntp_enabled: True +#ntp_enabled: False +############################################################################# + +### AUTOFS HOMES ############################################################ +autofs_homes_enabled: True +#autofs_homes_enabled: False +############################################################################# + +### ZABBIX AGENT ############################################################ +zabbix_agent_enabled: True +#zabbix_agent_enabled: False +############################################################################# \ No newline at end of file -- 2.40.1 From f2e3cf3f0a804ffedf9988f873975e3d03a1f0de Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 18 Jun 2024 18:59:28 +0200 Subject: [PATCH 006/138] refs #7538 Swarm nodes removed --- host_vars/swarm-mgr1.yaml | 133 ----------------------------------- host_vars/swarm-mgr2.yaml | 133 ----------------------------------- host_vars/swarm-mgr3.yaml | 133 ----------------------------------- host_vars/swarm-worker1.yaml | 133 ----------------------------------- host_vars/swarm-worker2.yaml | 133 ----------------------------------- host_vars/swarm-worker3.yaml | 133 ----------------------------------- host_vars/swarm-worker4.yaml | 133 ----------------------------------- hosts | 12 ---- 8 files changed, 943 deletions(-) delete mode 100644 host_vars/swarm-mgr1.yaml delete mode 100644 host_vars/swarm-mgr2.yaml delete mode 100644 host_vars/swarm-mgr3.yaml delete mode 100644 host_vars/swarm-worker1.yaml delete mode 100644 host_vars/swarm-worker2.yaml delete mode 100644 host_vars/swarm-worker3.yaml delete mode 100644 host_vars/swarm-worker4.yaml diff --git a/host_vars/swarm-mgr1.yaml b/host_vars/swarm-mgr1.yaml deleted file mode 100644 index c57e637..0000000 --- a/host_vars/swarm-mgr1.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'swarm-mgr1' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/swarm-mgr2.yaml b/host_vars/swarm-mgr2.yaml deleted file mode 100644 index 07bc2a8..0000000 --- a/host_vars/swarm-mgr2.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'swarm-mgr2' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/swarm-mgr3.yaml b/host_vars/swarm-mgr3.yaml deleted file mode 100644 index fc16e38..0000000 --- a/host_vars/swarm-mgr3.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'swarm-mgr3' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/swarm-worker1.yaml b/host_vars/swarm-worker1.yaml deleted file mode 100644 index 082f9a1..0000000 --- a/host_vars/swarm-worker1.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'swarm-worker1' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/swarm-worker2.yaml b/host_vars/swarm-worker2.yaml deleted file mode 100644 index b02c5d0..0000000 --- a/host_vars/swarm-worker2.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'swarm-worker2' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/swarm-worker3.yaml b/host_vars/swarm-worker3.yaml deleted file mode 100644 index b156484..0000000 --- a/host_vars/swarm-worker3.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'swarm-worker3' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/swarm-worker4.yaml b/host_vars/swarm-worker4.yaml deleted file mode 100644 index f44a75c..0000000 --- a/host_vars/swarm-worker4.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'swarm-worker4' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/hosts b/hosts index e7856fc..3fd3bf3 100644 --- a/hosts +++ b/hosts @@ -125,18 +125,6 @@ kube-helm ansible_host=kube-helm.servers.dc.verdnatura.es kube-proxy-vip1 ansible_host=kube-proxy-vip1.verdnatura.es kube-proxy-vip2 ansible_host=kube-proxy-vip2.verdnatura.es -[swarm] - -swarm-mgr1 ansible_host=swarm-mgr1.servers.dc.verdnatura.es -swarm-mgr2 ansible_host=swarm-mgr2.servers.dc.verdnatura.es -swarm-mgr3 ansible_host=swarm-mgr3.servers.dc.verdnatura.es -swarm-worker1 ansible_host=swarm-worker1.servers.dc.verdnatura.es -swarm-worker2 ansible_host=swarm-worker2.servers.dc.verdnatura.es -swarm-worker3 ansible_host=swarm-worker3.servers.dc.verdnatura.es -swarm-worker4 ansible_host=swarm-worker4.servers.dc.verdnatura.es -swarm-proxy1 ansible_host=swarm-proxy1.servers.dc.verdnatura.es -swarm-proxy2 ansible_host=swarm-proxy2.servers.dc.verdnatura.es - [vmware] ve3 ansible_host=ve3.verdnatura.es -- 2.40.1 From e4743e333c050068e29f742efd83f82078c68895 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 18 Jun 2024 19:55:30 +0200 Subject: [PATCH 007/138] refs #7482 Remove old hosts --- hosts | 113 +++++++++++++++++++++++++--------------------------------- 1 file changed, 49 insertions(+), 64 deletions(-) diff --git a/hosts b/hosts index e7856fc..4d6d4e9 100644 --- a/hosts +++ b/hosts @@ -2,29 +2,23 @@ dhcp1 ansible_host=dhcp1.servers.dc.verdnatura.es dhcp2 ansible_host=dhcp2.servers.dc.verdnatura.es -ns1 ansible_host=ns1.verdnatura.es -ns2 ansible_host=ns2.verdnatura.es -smtp ansible_host=smtp.verdnatura.es -mailgw1 ansible_host=mailgw1.verdnatura.es -mailgw2 ansible_host=mailgw2.verdnatura.es -mail2 ansible_host=mail2.verdnatura.es -postfixadmin ansible_host=postfixadmin.verdnatura.es +ns1 ansible_host=ns1.servers.dc.verdnatura.es +ns2 ansible_host=ns2.servers.dc.verdnatura.es +mailgw1 ansible_host=mailgw1.servers.dc.verdnatura.es +mailgw2 ansible_host=mailgw2.servers.dc.verdnatura.es postfix ansible_host=postfix.servers.dc.verdnatura.es -time1 ansible_host=time1.verdnatura.es -time2 ansible_host=time2.verdnatura.es +time1 ansible_host=time1.servers.dc.verdnatura.es +time2 ansible_host=time2.servers.dc.verdnatura.es pbx ansible_host=pbx.servers.dc.verdnatura.es homes ansible_host=homes.servers.dc.verdnatura.es server ansible_host=server.servers.dc.verdnatura.es -mail ansible_host=mail.static.verdnatura.es vpn ansible_host=vpn.servers.dc.verdnatura.es -cacti ansible_host=cacti.verdnatura.es +cacti ansible_host=cacti.servers.dc.verdnatura.es logger ansible_host=logger.servers.dc.verdnatura.es -nagios ansible_host=nagios.verdnatura.es -nagiosql-db ansible_host=nagiosql-db.verdnatura.es -doku ansible_host=doku.verdnatura.es -unifi ansible_host=unifi.verdnatura.es -ubd ansible_host=ubd.verdnatura.es -opera ansible_host=opera.verdnatura.es +nagios ansible_host=nagios.servers.dc.verdnatura.es +nagiosql-db ansible_host=nagiosql-db.servers.dc.verdnatura.es +doku ansible_host=doku.servers.dc.verdnatura.es +unifi ansible_host=unifi.servers.dc.verdnatura.es dc1 ansible_host=dc1.servers.dc.verdnatura.es dc2 ansible_host=dc2.servers.dc.verdnatura.es ldap-proxy1 ansible_host=ldap-proxy1.servers.dc.verdnatura.es @@ -32,25 +26,18 @@ ldap-proxy2 ansible_host=ldap-proxy2.servers.dc.verdnatura.es ldap1 ansible_host=ldap1.servers.dc.verdnatura.es ldap2 ansible_host=ldap2.servers.dc.verdnatura.es ldap3 ansible_host=ldap3.servers.dc.verdnatura.es -ldapweb ansible_host=ldapweb.verdnatura.es db1 ansible_host=db1.servers.dc.verdnatura.es db2 ansible_host=db2.servers.dc.verdnatura.es db-proxy1 ansible_host=db-proxy1.servers.dc.verdnatura.es db-proxy2 ansible_host=db-proxy2.servers.dc.verdnatura.es -db-proxy-vip1 ansible_host=db-proxy-vip1.verdnatura.es -db-proxy-vip2 ansible_host=db-proxy-vip2.verdnatura.es test-db1 ansible_host=test-db1.servers.dc.verdnatura.es test-db-proxy1 ansible_host=test-db-proxy1.servers.dc.verdnatura.es test-db-proxy2 ansible_host=test-db-proxy2.servers.dc.verdnatura.es monthly-db ansible_host=monthly-db.servers.dc.verdnatura.es dev-db ansible_host=dev-db.servers.dc.verdnatura.es -test-db-vip1 ansible_host=test-db-vip1.verdnatura.es -test-db-vip2 ansible_host=test-db-vip2.verdnatura.es -asterisk ansible_host=asterisk.verdnatura.es -train ansible_host=train.verdnatura.es tftp ansible_host=tftp.backup.dc.verdnatura.es -core-agent ansible_host=core-agent.static.verdnatura.es -core-proxy ansible_host=core-proxy.static.verdnatura.es +core-agent ansible_host=core-agent.core.dc.verdnatura.es +core-proxy ansible_host=core-proxy.core.dc.verdnatura.es spamd-db ansible_host=spamd-db.servers.dc.verdnatura.es spamd ansible_host=spamd.servers.dc.verdnatura.es dovecot ansible_host=dovecot.servers.dc.verdnatura.es @@ -64,22 +51,18 @@ nas2 ansible_host=nas2.servers.dc.verdnatura.es [windows] -a3 ansible_host=a3.static.verdnatura.es -adwindows ansible_host=adwindows.servers.dc.verdnatura.es -franceexpress ansible_host=franceexpress.servers.dc.verdnatura.es -contaplus ansible_host=contaplus.static.verdnatura.es -rdswebbbdd ansible_host=rdswebbbdd.servers.dc.verdnatura.es -dipole ansible_host=dipole.static.verdnatura.es +a3 ansible_host=a3.outsource.dc.verdnatura.es +rsat ansible_host=rsat.servers.dc.verdnatura.es +contaplus ansible_host=contaplus.outsource.dc.verdnatura.es +dipole ansible_host=dipole.outsource.dc.verdnatura.es printserver ansible_host=printserver.servers.dc.verdnatura.es -sage ansible_host=sage.static.verdnatura.es +sage ansible_host=sage.outsource.dc.verdnatura.es mrw ansible_host=mrw.servers.dc.verdnatura.es -bt1 ansible_host=bt1.servers.dc.verdnatura.es -bt2 ansible_host=bt2.servers.dc.verdnatura.es -rds-licenses ansible_host=rds-licenses.servers.dc.verdnatura.es +ts1 ansible_host=ts1.rds.dc.verdnatura.es +ts2 ansible_host=ts2.rds.dc.verdnatura.es +rds-licenses ansible_host=rds-licenses.rds.dc.verdnatura.es integra2 ansible_host=integra2.servers.dc.verdnatura.es -docuware ansible_host=docuware.static.verdnatura.es -logiflora ansible_host=logiflora.static.verdnatura.es -wac ansible_host=wac.servers.dc.verdnatura.es +docuware ansible_host=docuware.outsource.dc.verdnatura.es [backup] @@ -91,39 +74,48 @@ bacularis ansible_host=bacularis.backup.dc.verdnatura.es bacula-dir ansible_host=bacula-dir.backup.dc.verdnatura.es bacula-db ansible_host=bacula-db.backup.dc.verdnatura.es -[core] +[pve] -mox1 ansible_host=mox1.verdnatura.es -mox2 ansible_host=mox2.verdnatura.es -mox3 ansible_host=mox3.verdnatura.es -mox4 ansible_host=mox4.verdnatura.es -mox5 ansible_host=mox5.verdnatura.es +pve01 ansible_host=pve01.core.dc.verdnatura.es +pve02 ansible_host=pve02.core.dc.verdnatura.es +pve03 ansible_host=pve03.core.dc.verdnatura.es +pve04 ansible_host=pve04.core.dc.verdnatura.es -[ilo] +[pve-ilo] -mox1-ilo ansible_host=mox1-ilo.verdnatura.es -mox2-ilo ansible_host=mox2-ilo.verdnatura.es -mox3-ilo ansible_host=mox3-ilo.verdnatura.es -mox4-ilo ansible_host=mox4-ilo.verdnatura.es -mox5-ilo ansible_host=mox5-ilo.verdnatura.es -ve3-ilo ansible_host=ve3-ilo.verdnatura.es -ve4-ilo ansible_host=ve4-ilo.verdnatura.es -ve5-ilo ansible_host=ve5-ilo.verdnatura.es +pve01-ilo ansible_host=pve01-ilo.core.dc.verdnatura.es +pve02-ilo ansible_host=pve02-ilo.core.dc.verdnatura.es +pve03-ilo ansible_host=pve03-ilo.core.dc.verdnatura.es +pve04-ilo ansible_host=pve04-ilo.core.dc.verdnatura.es -[kubernetes] +[kube-master] kube-master1 ansible_host=kube-master1.servers.dc.verdnatura.es kube-master2 ansible_host=kube-master2.servers.dc.verdnatura.es kube-master3 ansible_host=kube-master3.servers.dc.verdnatura.es + +[kube-worker] + kube-worker1 ansible_host=kube-worker1.servers.dc.verdnatura.es kube-worker2 ansible_host=kube-worker2.servers.dc.verdnatura.es kube-worker3 ansible_host=kube-worker3.servers.dc.verdnatura.es kube-worker4 ansible_host=kube-worker4.servers.dc.verdnatura.es + +[kube-proxy] + kube-proxy1 ansible_host=kube-proxy1.servers.dc.verdnatura.es kube-proxy2 ansible_host=kube-proxy2.servers.dc.verdnatura.es + +[kube-backup] + kube-helm ansible_host=kube-helm.servers.dc.verdnatura.es -kube-proxy-vip1 ansible_host=kube-proxy-vip1.verdnatura.es -kube-proxy-vip2 ansible_host=kube-proxy-vip2.verdnatura.es + +[kube:children] + +kube-master +kube-worker +kube-proxy +kube-backup [swarm] @@ -137,13 +129,6 @@ swarm-worker4 ansible_host=swarm-worker4.servers.dc.verdnatura.es swarm-proxy1 ansible_host=swarm-proxy1.servers.dc.verdnatura.es swarm-proxy2 ansible_host=swarm-proxy2.servers.dc.verdnatura.es -[vmware] - -ve3 ansible_host=ve3.verdnatura.es -ve4 ansible_host=ve4.verdnatura.es -ve5 ansible_host=ve5.verdnatura.es -vcenter ansible_host=vcenter.verdnatura.es - [test] W2019 ansible_host=10.1.5.224 -- 2.40.1 From 8ab5a493398d000c1a29a946dafa418f186c53d6 Mon Sep 17 00:00:00 2001 From: rubenb Date: Mon, 15 Jul 2024 19:06:09 +0200 Subject: [PATCH 008/138] exim4 update patch package exim4 vulnerability cve-2024-39929 --- linux-patch-exim4.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 linux-patch-exim4.yaml diff --git a/linux-patch-exim4.yaml b/linux-patch-exim4.yaml new file mode 100644 index 0000000..1d240b9 --- /dev/null +++ b/linux-patch-exim4.yaml @@ -0,0 +1,27 @@ +--- + +- hosts: '{{ ip_addr }}' + become: yes + become_method: sudo + gather_facts: yes + + tasks: + +# step1 - run apt-get update + - name: update index of all packages + ansible.builtin.apt: + update_cache: true + force_apt_get: true + +# step2 - run apt-get update + - name: update all packages to their latest version + ansible.builtin.apt: + name: "exim4" + state: latest + force_apt_get: true + +# step3 - run apt autoremove + - name: autoremove packages unused dependency packages + ansible.builtin.apt: + autoremove: true + force_apt_get: true \ No newline at end of file -- 2.40.1 From 1393795a8da1ad4253d634d2765f68f3649023e5 Mon Sep 17 00:00:00 2001 From: rubenb Date: Wed, 24 Jul 2024 16:35:11 +0200 Subject: [PATCH 009/138] Baja host Backup-San --- hosts | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts b/hosts index 15345a7..c9feaf8 100644 --- a/hosts +++ b/hosts @@ -68,7 +68,6 @@ docuware ansible_host=docuware.outsource.dc.verdnatura.es vm-backup ansible_host=vm-backup.backup.dc.verdnatura.es kube-backup ansible_host=kube-backup.backup.dc.verdnatura.es -backup-san ansible_host=backup-san.backup.dc.verdnatura.es backup-nas ansible_host=backup-nas.backup.dc.verdnatura.es bacularis ansible_host=bacularis.backup.dc.verdnatura.es bacula-dir ansible_host=bacula-dir.backup.dc.verdnatura.es -- 2.40.1 From b27f23261ae1882fe7f019465d3a3a0f06b937f5 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Sat, 24 Aug 2024 09:46:35 +0000 Subject: [PATCH 010/138] Actualizar roles/config-install-packages/tasks/main.yaml --- roles/config-install-packages/tasks/main.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/config-install-packages/tasks/main.yaml b/roles/config-install-packages/tasks/main.yaml index 17ab73c..7bce21e 100644 --- a/roles/config-install-packages/tasks/main.yaml +++ b/roles/config-install-packages/tasks/main.yaml @@ -1,4 +1,3 @@ - - name: "[CONFIG INSTALL PACKAGES] Comprobando si es necesario instalar paqueteria" meta: end_host when: packages_enabled is not defined or not packages_enabled @@ -28,4 +27,5 @@ - ncdu - cloud-guest-utils - net-tools - - curl + - curl + - btop -- 2.40.1 From 9b7b6f6476eb098700c0c1ded8a4ef09015625dc Mon Sep 17 00:00:00 2001 From: David Lopez Date: Sat, 24 Aug 2024 10:45:05 +0000 Subject: [PATCH 011/138] Actualizar roles/config-ntp/tasks/main.yaml /etc/systemd/timesyncd.conf line: "FallbackNTP=ntp.roa.es" --- roles/config-ntp/tasks/main.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/config-ntp/tasks/main.yaml b/roles/config-ntp/tasks/main.yaml index 605a9d8..5dad8bb 100644 --- a/roles/config-ntp/tasks/main.yaml +++ b/roles/config-ntp/tasks/main.yaml @@ -34,6 +34,7 @@ path: /etc/systemd/timesyncd.conf regexp: '^#NTP' line: "NTP=time1.verdnatura.es time2.verdnatura.es" + line: "FallbackNTP=ntp.roa.es" owner: root group: root mode: '0644' -- 2.40.1 From f4c4266510fdf08eb515562daffa17b1fe5a9fbf Mon Sep 17 00:00:00 2001 From: David Lopez Date: Sat, 24 Aug 2024 10:49:49 +0000 Subject: [PATCH 012/138] Actualizar roles/config-ntp/tasks/main.yaml --- roles/config-ntp/tasks/main.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/config-ntp/tasks/main.yaml b/roles/config-ntp/tasks/main.yaml index 5dad8bb..123fa5c 100644 --- a/roles/config-ntp/tasks/main.yaml +++ b/roles/config-ntp/tasks/main.yaml @@ -38,7 +38,15 @@ owner: root group: root mode: '0644' - notify: restart systemd-timesyncd +- name: retocar fichero /etc/systemd/timesyncd.conf + lineinfile: + path: /etc/systemd/timesyncd.conf + regexp: '^#?FallbackNTP=' + line: "FallbackNTP=ntp.roa.es" + owner: root + group: root + mode: '0644' + notify: restart systemd-timesyncd # service should start on boot. - name: service should start on boot service: -- 2.40.1 From 679739ce0ac46c7a5433c264dcaee4077175d7f4 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Sat, 24 Aug 2024 10:52:20 +0000 Subject: [PATCH 013/138] Actualizar roles/config-ntp/tasks/main.yaml --- roles/config-ntp/tasks/main.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/config-ntp/tasks/main.yaml b/roles/config-ntp/tasks/main.yaml index 123fa5c..12a74d1 100644 --- a/roles/config-ntp/tasks/main.yaml +++ b/roles/config-ntp/tasks/main.yaml @@ -34,7 +34,6 @@ path: /etc/systemd/timesyncd.conf regexp: '^#NTP' line: "NTP=time1.verdnatura.es time2.verdnatura.es" - line: "FallbackNTP=ntp.roa.es" owner: root group: root mode: '0644' -- 2.40.1 From 163ad42636f8f9f90ed6644284e7ec74eb635b9f Mon Sep 17 00:00:00 2001 From: David Lopez Date: Sat, 24 Aug 2024 11:25:58 +0000 Subject: [PATCH 014/138] Actualizar hosts --- hosts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts b/hosts index c9feaf8..e9a5dd9 100644 --- a/hosts +++ b/hosts @@ -125,9 +125,9 @@ plantilladebian12 ansible_host=plantilladebian12.lab.verdnatura.es docker-test ansible_host=docker-test.lab.verdnatura.es nagios4-test ansible_host=nagios4-test.lab.verdnatura.es nagios4-test2 ansible_host=nagios4-test2.lab.verdnatura.es -cephtest01 ansible_host=cephtest01.lab.verdnatura.es -cephtest02 ansible_host=cephtest02.lab.verdnatura.es -cephtest03 ansible_host=cephtest03.lab.verdnatura.es +cephlab01 ansible_host=cephlab01.lab.verdnatura.es +cephlab02 ansible_host=cephlab02.lab.verdnatura.es +cephlab03 ansible_host=cephlab03.lab.verdnatura.es core-proxytest ansible_host=core-proxytest.lab.verdnatura.es openldap-test ansible_host=openldap-test.lab.verdnatura.es test-playbook ansible_host=test-playbook.lab.verdnatura.es -- 2.40.1 From d786c126283b6e8ef9e6444a8d11a432f3ca3d13 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 30 Aug 2024 18:08:09 +0000 Subject: [PATCH 015/138] Actualizar hosts --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index e9a5dd9..fed5a91 100644 --- a/hosts +++ b/hosts @@ -99,6 +99,7 @@ kube-worker1 ansible_host=kube-worker1.servers.dc.verdnatura.es kube-worker2 ansible_host=kube-worker2.servers.dc.verdnatura.es kube-worker3 ansible_host=kube-worker3.servers.dc.verdnatura.es kube-worker4 ansible_host=kube-worker4.servers.dc.verdnatura.es +kube-worker5 ansible_host=kube-worker5.servers.dc.verdnatura.es [kube-proxy] -- 2.40.1 From 75b08e8556e9c88f97baae3d7d50e7d9a9dbe1c7 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 30 Aug 2024 18:15:06 +0000 Subject: [PATCH 016/138] Actualizar roles/config-nagios-nrpe/tasks/main.yaml --- roles/config-nagios-nrpe/tasks/main.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/config-nagios-nrpe/tasks/main.yaml b/roles/config-nagios-nrpe/tasks/main.yaml index 9a8e9e5..8b9a0e2 100644 --- a/roles/config-nagios-nrpe/tasks/main.yaml +++ b/roles/config-nagios-nrpe/tasks/main.yaml @@ -2,9 +2,9 @@ # Install and configure NAGIOS-NRPE #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- name: "[CONFIG NAGIOS NRPE] Comprobando si es necesario configurar nagios nrpe service " - meta: end_host - when: nagios_nrpe_enabled is not defined or not nagios_nrpe_enabled +#- name: "[CONFIG NAGIOS NRPE] Comprobando si es necesario configurar nagios nrpe service " +# meta: end_host +# when: nagios_nrpe_enabled is not defined or not nagios_nrpe_enabled #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # paso1 -- 2.40.1 From e6137447f668190eeab81f616ae93f0d769219d6 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 30 Aug 2024 19:03:12 +0000 Subject: [PATCH 017/138] Actualizar linux-config-nagios-nrpe.yaml --- linux-config-nagios-nrpe.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/linux-config-nagios-nrpe.yaml b/linux-config-nagios-nrpe.yaml index 87c8ac6..3750862 100644 --- a/linux-config-nagios-nrpe.yaml +++ b/linux-config-nagios-nrpe.yaml @@ -7,10 +7,10 @@ tasks: - - name: "[CONFIG NAGIOS NRPE] Comprobando si es necesario configurar nagios nrpe service " - debug: - msg: "No es necesario configurar nagios nrpe service en la máquina" - when: nagios_nrpe_enabled is not defined or not nagios_nrpe_enabled + # - name: "[CONFIG NAGIOS NRPE] Comprobando si es necesario configurar nagios nrpe service " + # debug: + # msg: "No es necesario configurar nagios nrpe service en la máquina" + # when: nagios_nrpe_enabled is not defined or not nagios_nrpe_enabled - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" import_role: -- 2.40.1 From 001c7d00a362c1835ae0940b94539baed1ed0780 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Mon, 2 Sep 2024 16:43:43 +0000 Subject: [PATCH 018/138] Actualizar linux-config-nagios-nrpe.yaml --- linux-config-nagios-nrpe.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/linux-config-nagios-nrpe.yaml b/linux-config-nagios-nrpe.yaml index 3750862..87c8ac6 100644 --- a/linux-config-nagios-nrpe.yaml +++ b/linux-config-nagios-nrpe.yaml @@ -7,10 +7,10 @@ tasks: - # - name: "[CONFIG NAGIOS NRPE] Comprobando si es necesario configurar nagios nrpe service " - # debug: - # msg: "No es necesario configurar nagios nrpe service en la máquina" - # when: nagios_nrpe_enabled is not defined or not nagios_nrpe_enabled + - name: "[CONFIG NAGIOS NRPE] Comprobando si es necesario configurar nagios nrpe service " + debug: + msg: "No es necesario configurar nagios nrpe service en la máquina" + when: nagios_nrpe_enabled is not defined or not nagios_nrpe_enabled - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" import_role: -- 2.40.1 From 767a5d55958686f712050e5a72461281189d7a0b Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 6 Sep 2024 17:51:16 +0000 Subject: [PATCH 019/138] add vm-test --- hosts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts b/hosts index fed5a91..de80dc3 100644 --- a/hosts +++ b/hosts @@ -141,3 +141,5 @@ iventoy-test ansible_host=iventoy-test.lab.verdnatura.es kubelab-proxy1 ansible_host=kubelab-proxy1.lab.verdnatura.es openvpn-freeradius ansible_host=openvpn-freeradius.lab.verdnatura.es vm-debian12 ansible_host=vm-debian12.lab.verdnatura.es +vm-test ansible_host=v10.29.2.153 + -- 2.40.1 From 4029140e0c93851058ed24cee12a169a77fdae85 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 6 Sep 2024 18:01:21 +0000 Subject: [PATCH 020/138] Actualizar hosts --- hosts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts b/hosts index de80dc3..fcf25f7 100644 --- a/hosts +++ b/hosts @@ -80,12 +80,14 @@ pve02 ansible_host=pve02.core.dc.verdnatura.es pve03 ansible_host=pve03.core.dc.verdnatura.es pve04 ansible_host=pve04.core.dc.verdnatura.es + [pve-ilo] pve01-ilo ansible_host=pve01-ilo.core.dc.verdnatura.es pve02-ilo ansible_host=pve02-ilo.core.dc.verdnatura.es pve03-ilo ansible_host=pve03-ilo.core.dc.verdnatura.es pve04-ilo ansible_host=pve04-ilo.core.dc.verdnatura.es +pve05-ilo ansible_host=pve05-ilo.core.dc.verdnatura.es [kube-master] -- 2.40.1 From 864db55e11f18c448e0580fd33fef4a69aa9dc2f Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 6 Sep 2024 18:25:18 +0000 Subject: [PATCH 021/138] Actualizar hosts --- hosts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts b/hosts index fcf25f7..4e65ac8 100644 --- a/hosts +++ b/hosts @@ -143,5 +143,4 @@ iventoy-test ansible_host=iventoy-test.lab.verdnatura.es kubelab-proxy1 ansible_host=kubelab-proxy1.lab.verdnatura.es openvpn-freeradius ansible_host=openvpn-freeradius.lab.verdnatura.es vm-debian12 ansible_host=vm-debian12.lab.verdnatura.es -vm-test ansible_host=v10.29.2.153 - +docker-itlab ansible_host=10.29.2.153 -- 2.40.1 From 721014704f7d09fe8f922403b067c59f73996ff4 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 6 Sep 2024 18:33:18 +0000 Subject: [PATCH 022/138] Actualizar hosts --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index 4e65ac8..7c96e44 100644 --- a/hosts +++ b/hosts @@ -144,3 +144,4 @@ kubelab-proxy1 ansible_host=kubelab-proxy1.lab.verdnatura.es openvpn-freeradius ansible_host=openvpn-freeradius.lab.verdnatura.es vm-debian12 ansible_host=vm-debian12.lab.verdnatura.es docker-itlab ansible_host=10.29.2.153 +test ansible_host=10.29.2.254 -- 2.40.1 From 5486ed7f9aee81c39950158ff9de7649b572a8e6 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 6 Sep 2024 19:04:22 +0000 Subject: [PATCH 023/138] Actualizar hosts --- hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts b/hosts index 7c96e44..0db6381 100644 --- a/hosts +++ b/hosts @@ -144,4 +144,4 @@ kubelab-proxy1 ansible_host=kubelab-proxy1.lab.verdnatura.es openvpn-freeradius ansible_host=openvpn-freeradius.lab.verdnatura.es vm-debian12 ansible_host=vm-debian12.lab.verdnatura.es docker-itlab ansible_host=10.29.2.153 -test ansible_host=10.29.2.254 +test1 ansible_host=10.29.2.254 -- 2.40.1 From 1cfb9e1443a19aca26b37cb7ff32901af7032b9a Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 6 Sep 2024 19:55:47 +0000 Subject: [PATCH 024/138] Actualizar linux-config-nagios-nrpe.yaml --- linux-config-nagios-nrpe.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/linux-config-nagios-nrpe.yaml b/linux-config-nagios-nrpe.yaml index 87c8ac6..bec9569 100644 --- a/linux-config-nagios-nrpe.yaml +++ b/linux-config-nagios-nrpe.yaml @@ -6,12 +6,7 @@ gather_facts: no tasks: - - - name: "[CONFIG NAGIOS NRPE] Comprobando si es necesario configurar nagios nrpe service " - debug: - msg: "No es necesario configurar nagios nrpe service en la máquina" - when: nagios_nrpe_enabled is not defined or not nagios_nrpe_enabled - + - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" import_role: name: config-nagios-nrpe -- 2.40.1 From 3080f9f7b5d72d487a46ced1c0bbda1abac78328 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 6 Sep 2024 20:04:53 +0000 Subject: [PATCH 025/138] Actualizar linux-config-nagios-nrpe.yaml --- linux-config-nagios-nrpe.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/linux-config-nagios-nrpe.yaml b/linux-config-nagios-nrpe.yaml index bec9569..741f564 100644 --- a/linux-config-nagios-nrpe.yaml +++ b/linux-config-nagios-nrpe.yaml @@ -6,6 +6,10 @@ gather_facts: no tasks: + - name: "[CONFIG NAGIOS NRPE] Comprobando si es necesario configurar nagios nrpe service " + debug: + msg: "No es necesario configurar nagios nrpe service en la máquina" + when: nagios_nrpe_enabled is not defined or not nagios_nrpe_enabled - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" import_role: -- 2.40.1 From 022304c9f86d9507747a55f5a424d1816e1e641e Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 6 Sep 2024 20:09:44 +0000 Subject: [PATCH 026/138] Actualizar linux-config-nagios-nrpe.yaml --- linux-config-nagios-nrpe.yaml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/linux-config-nagios-nrpe.yaml b/linux-config-nagios-nrpe.yaml index 741f564..6233bee 100644 --- a/linux-config-nagios-nrpe.yaml +++ b/linux-config-nagios-nrpe.yaml @@ -6,12 +6,23 @@ gather_facts: no tasks: - - name: "[CONFIG NAGIOS NRPE] Comprobando si es necesario configurar nagios nrpe service " + - name: "[DEBUG] Comprobando si es necesario configurar nagios nrpe service" + debug: + var: nagios_nrpe_enabled + + - name: "[CONFIG NAGIOS NRPE] Definir valor predeterminado para nagios_nrpe_enabled si no está definido" + set_fact: + nagios_nrpe_enabled: false + when: nagios_nrpe_enabled is not defined + + - name: "[CONFIG NAGIOS NRPE] Comprobando si es necesario configurar nagios nrpe service" debug: msg: "No es necesario configurar nagios nrpe service en la máquina" - when: nagios_nrpe_enabled is not defined or not nagios_nrpe_enabled + when: nagios_nrpe_enabled | bool == false - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" import_role: name: config-nagios-nrpe + when: nagios_nrpe_enabled | bool + when: nagios_nrpe_enabled is defined and nagios_nrpe_enabled \ No newline at end of file -- 2.40.1 From ce7832446292315087bbe770058851b30cce7f4c Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 6 Sep 2024 20:11:11 +0000 Subject: [PATCH 027/138] Actualizar linux-config-nagios-nrpe.yaml --- linux-config-nagios-nrpe.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/linux-config-nagios-nrpe.yaml b/linux-config-nagios-nrpe.yaml index 6233bee..74fa915 100644 --- a/linux-config-nagios-nrpe.yaml +++ b/linux-config-nagios-nrpe.yaml @@ -23,6 +23,4 @@ - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" import_role: name: config-nagios-nrpe - when: nagios_nrpe_enabled | bool - - when: nagios_nrpe_enabled is defined and nagios_nrpe_enabled \ No newline at end of file + when: nagios_nrpe_enabled | bool \ No newline at end of file -- 2.40.1 From 05e294deece02f19d928bd959fa9d779ade7594a Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 6 Sep 2024 20:14:28 +0000 Subject: [PATCH 028/138] Actualizar linux-config-nagios-nrpe.yaml --- linux-config-nagios-nrpe.yaml | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/linux-config-nagios-nrpe.yaml b/linux-config-nagios-nrpe.yaml index 74fa915..ef52ee6 100644 --- a/linux-config-nagios-nrpe.yaml +++ b/linux-config-nagios-nrpe.yaml @@ -6,21 +6,12 @@ gather_facts: no tasks: - - name: "[DEBUG] Comprobando si es necesario configurar nagios nrpe service" - debug: - var: nagios_nrpe_enabled - - - name: "[CONFIG NAGIOS NRPE] Definir valor predeterminado para nagios_nrpe_enabled si no está definido" - set_fact: - nagios_nrpe_enabled: false - when: nagios_nrpe_enabled is not defined - - - name: "[CONFIG NAGIOS NRPE] Comprobando si es necesario configurar nagios nrpe service" - debug: - msg: "No es necesario configurar nagios nrpe service en la máquina" - when: nagios_nrpe_enabled | bool == false - - - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" - import_role: - name: config-nagios-nrpe - when: nagios_nrpe_enabled | bool \ No newline at end of file + # Paso 1: Instalar paquetes necesarios para Nagios NRPE + - name: "[CONFIG NAGIOS NRPE] Instalar paquetes nagios-nrpe-server y nagios-nrpe-plugin" + apt: + name: "{{ item }}" + state: present + update_cache: yes + loop: + - nagios-nrpe-server + - nagios-nrpe-plugin \ No newline at end of file -- 2.40.1 From ca6d0623c7bf474ac8315308f04b4d9d2828ff6a Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 6 Sep 2024 20:18:01 +0000 Subject: [PATCH 029/138] Actualizar linux-config-nagios-nrpe.yaml --- linux-config-nagios-nrpe.yaml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/linux-config-nagios-nrpe.yaml b/linux-config-nagios-nrpe.yaml index ef52ee6..6f699d1 100644 --- a/linux-config-nagios-nrpe.yaml +++ b/linux-config-nagios-nrpe.yaml @@ -6,12 +6,7 @@ gather_facts: no tasks: - # Paso 1: Instalar paquetes necesarios para Nagios NRPE - - name: "[CONFIG NAGIOS NRPE] Instalar paquetes nagios-nrpe-server y nagios-nrpe-plugin" - apt: - name: "{{ item }}" - state: present - update_cache: yes - loop: - - nagios-nrpe-server - - nagios-nrpe-plugin \ No newline at end of file + - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" + import_role: + name: config-nagios-nrpe + when: nagios_nrpe_enabled is defined and nagios_nrpe_enabled -- 2.40.1 From 721d9136ab2a620b9ef5036e97b8dec8e269f94a Mon Sep 17 00:00:00 2001 From: David Lopez Date: Fri, 6 Sep 2024 20:20:05 +0000 Subject: [PATCH 030/138] Actualizar roles/config-nagios-nrpe/tasks/main.yaml --- roles/config-nagios-nrpe/tasks/main.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/config-nagios-nrpe/tasks/main.yaml b/roles/config-nagios-nrpe/tasks/main.yaml index 8b9a0e2..38b71dd 100644 --- a/roles/config-nagios-nrpe/tasks/main.yaml +++ b/roles/config-nagios-nrpe/tasks/main.yaml @@ -9,11 +9,11 @@ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # paso1 # install packages for nagios-nrpe -- name: install packages for nagios-nrpe (nagios-nrpe-server nagios-nrpe-plugin) +- name: Install packages for nagios-nrpe (nagios-nrpe-server, nagios-nrpe-plugin) apt: name: "{{ item }}" state: present - with_items: + loop: - nagios-nrpe-server - nagios-nrpe-plugin #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- 2.40.1 From af1c0522f03d39ebb9eb4e10f44d3f264b69aa0e Mon Sep 17 00:00:00 2001 From: David Lopez Date: Sat, 7 Sep 2024 09:20:08 +0000 Subject: [PATCH 031/138] =?UTF-8?q?A=C3=B1adir=20roles/config-motd/files/9?= =?UTF-8?q?0-vn?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/config-motd/files/90-vn | 104 ++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 roles/config-motd/files/90-vn diff --git a/roles/config-motd/files/90-vn b/roles/config-motd/files/90-vn new file mode 100644 index 0000000..d2678b2 --- /dev/null +++ b/roles/config-motd/files/90-vn @@ -0,0 +1,104 @@ +#!/bin/sh +uname -snrvm +root@dhcp1:/etc/dhcp/subnets# cat /etc/update-motd.d/90-vn +#!/bin/bash + +LABEL="\033[0;32m" +SUBLB="\033[0;36m" +RESET="\033[0m" +BLINK="\033[5m" + +. /etc/os-release + +# Environment + +PRO="\033[1;5;31m" +LAB="\033[0;35m" +UNKNOWN="\033[0;33m" + +FQDN=$(hostname --fqdn) +case "$FQDN" in + *.dc.verdnatura.es) + ENVIRONMENT="${PRO}Production${RESET}" + ;; + *.lab.verdnatura.es) + ENVIRONMENT="${LAB}Laboratory${RESET}" + ;; + *.verdnatura.es) + ENVIRONMENT="-" + ;; + *) + ENVIRONMENT="${UNKNOWN}Unknown${RESET}" + ;; +esac + +# Last login + +LAST="$(last -n1 | head -1)" +if [ "$LAST" != "" ] ; then + LAST_LOGIN_USER="$(echo $LAST | cut -d' ' -f1)" + LAST_LOGIN_IP="$(echo $LAST | cut -d' ' -f3)" + LAST_LOGIN_TIME="$(echo $LAST | cut -d' ' -f4-)" + LAST_LOGIN="$LAST_LOGIN_USER ($LAST_LOGIN_IP) $LAST_LOGIN_TIME" +fi + +# Packages + +PACKAGES=$(dpkg-query -W -f='${binary:Package}\n' | wc -l) +SHOW_UPGRADEABLE=0 +USER_UID=$(id -u $USER) +USER_GROUPS=$(id -Gn $USER) + +if [ ${USER_UID} -eq 0 ] ; then + SHOW_UPGRADEABLE=1 +fi +if [[ "${USER_GROUPS}" == *"sysadmin"* ]] ; then + SHOW_UPGRADEABLE=1 +fi +if [ $SHOW_UPGRADEABLE -eq 1 ] ; then + UPGRADEABLE="$(apt list --upgradable 2>/dev/null | tail -n +2 | wc -l)" + + if [ "$UPGRADEABLE" -gt 0 ]; then + UPGRADEABLE_ALERT="${BLINK}($UPGRADEABLE upgradeable)${RESET}" + fi +fi + +# Network and users + +NET_IPS=$(ip -o -4 add sh | tail -n +2 | awk '{printf "\033[0;36m%16s >\033[0m %-15s\n",$2,$4}') +CONNECTED_USERS=$(w | tail -n +2 | awk '{printf "\t%15s %12s %8s %s\n",$1,$3,$4, substr( $0, index($0,$8), index($0,$NF)) }') + +# Logo + +FW="\033[1;37m" +FG="\033[1;32m" +GB="\e[48;5;112m" +GL="\e[48;5;70m" +RS="\e[0m" + +echo -e +echo -e " $GL $GB $RS" +echo -e " $GL $GB $GL $RS $GL $GB $RS" " ${FW}__ __ _ ${FG} _ _ _ ${RS}" +echo -e " $GB $GL $RS $GL $GB $GL $RS" " ${FW}\ \ / /__ _ __ __| |${FG}| \ | | __ _| |_ _ _ _ __ __ _ ${RS}" +echo -e " $GL $GB $RS $GB $GL $RS " " ${FW} \ \ / / _ \ '__/ _' |${FG}| \| |/ _' | __| | | | '__/ _' |${RS}" +echo -e " $GL $GB $RS $GB $GL $RS " " ${FW} \ V / __/ | | (_| |${FG}| |\ | (_| | |_| |_| | | | (_| |${RS}" +echo -e " " " ${FW} \_/ \___|_| \__,_|${FG}|_| \_|\__,_|\__|\__,_|_| \__,_|${RS}" +echo -e " $GL $GB $RS $GB $GL $RS" +echo -e " $GL $GB $GL $RS $GL $GB $RS" +echo -e " $GB $GL $RS" +echo -e + +# Information + +echo -e "${LABEL}Host :${RESET} $FQDN" +echo -e "${LABEL}OS :${RESET} $NAME $(cat /etc/debian_version) ($VERSION_CODENAME)" +echo -e "${LABEL}Kernel :${RESET} $(uname -r)" +echo -e "${LABEL}Shell :${RESET} $SHELL $(echo $BASH_VERSION | cut -d'(' -f1)" +echo -e "${LABEL}Uptime :${RESET} $(uptime -p | tr -d ',')" +echo -e "${LABEL}Packages :${RESET} $PACKAGES $UPGRADEABLE_ALERT" +echo -e "${LABEL}IP :${RESET}" +echo -e "$NET_IPS" +echo -e "${LABEL}Last Login :${RESET} $LAST_LOGIN" +echo -e "${LABEL}Environment :${RESET} $ENVIRONMENT" +echo -e "${LABEL}Connected users :${RESET}" +echo -e "$CONNECTED_USERS" -- 2.40.1 From 0d5998da18d35db7a4f59b0a8de4c496934faa45 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Sat, 7 Sep 2024 09:20:45 +0000 Subject: [PATCH 032/138] Actualizar roles/config-motd/vars/main.yaml --- roles/config-motd/vars/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/config-motd/vars/main.yaml b/roles/config-motd/vars/main.yaml index 4811022..8a01d16 100644 --- a/roles/config-motd/vars/main.yaml +++ b/roles/config-motd/vars/main.yaml @@ -1,2 +1,2 @@ --- -path_motd_script: /etc/profile.d/mymotd.sh \ No newline at end of file +path_motd_script: /etc/update-motd.d/ \ No newline at end of file -- 2.40.1 From 96260ba51addff9f2ee17bdb961b5362ad74214e Mon Sep 17 00:00:00 2001 From: David Lopez Date: Sat, 7 Sep 2024 09:21:45 +0000 Subject: [PATCH 033/138] Actualizar roles/config-motd/vars/main.yaml --- roles/config-motd/vars/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/config-motd/vars/main.yaml b/roles/config-motd/vars/main.yaml index 8a01d16..0adf9d1 100644 --- a/roles/config-motd/vars/main.yaml +++ b/roles/config-motd/vars/main.yaml @@ -1,2 +1,2 @@ --- -path_motd_script: /etc/update-motd.d/ \ No newline at end of file +path_motd_path: /etc/update-motd.d/ \ No newline at end of file -- 2.40.1 From ba2ac1562a645c4952cf277d642e45e5a6940890 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Sat, 7 Sep 2024 09:22:19 +0000 Subject: [PATCH 034/138] Actualizar roles/config-motd/tasks/main.yaml --- roles/config-motd/tasks/main.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/config-motd/tasks/main.yaml b/roles/config-motd/tasks/main.yaml index c34d0ce..3d6306a 100644 --- a/roles/config-motd/tasks/main.yaml +++ b/roles/config-motd/tasks/main.yaml @@ -1,4 +1,3 @@ - - name: "[CONFIG MOTD] Comprobando si es necesario configurar motd" meta: end_host when: motd_enabled is not defined or not motd_enabled @@ -8,7 +7,7 @@ - name: add motd message copy: src: mymotd.sh - dest: "{{ path_motd_script }}" + dest: "{{ path_motd_path }}" mode: '0644' owner: root group: root -- 2.40.1 From e589f73dcfbdbe5c0b97864721d192dcc0d29434 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Sat, 7 Sep 2024 09:22:41 +0000 Subject: [PATCH 035/138] Actualizar roles/config-motd/tasks/main.yaml --- roles/config-motd/tasks/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/config-motd/tasks/main.yaml b/roles/config-motd/tasks/main.yaml index 3d6306a..e7a114c 100644 --- a/roles/config-motd/tasks/main.yaml +++ b/roles/config-motd/tasks/main.yaml @@ -6,7 +6,7 @@ # Add message to MOTD - name: add motd message copy: - src: mymotd.sh + src: 90-vn dest: "{{ path_motd_path }}" mode: '0644' owner: root -- 2.40.1 From 9b1180816fe240ce83e5c4ac0965150cd536c5c3 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Sat, 7 Sep 2024 09:30:57 +0000 Subject: [PATCH 036/138] Actualizar roles/config-motd/tasks/main.yaml --- roles/config-motd/tasks/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/config-motd/tasks/main.yaml b/roles/config-motd/tasks/main.yaml index e7a114c..4bf61a4 100644 --- a/roles/config-motd/tasks/main.yaml +++ b/roles/config-motd/tasks/main.yaml @@ -8,7 +8,7 @@ copy: src: 90-vn dest: "{{ path_motd_path }}" - mode: '0644' + mode: '755' owner: root group: root #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- 2.40.1 From eb08a7f16496c527302031e68db377cf87121615 Mon Sep 17 00:00:00 2001 From: David Lopez Date: Sat, 7 Sep 2024 09:31:52 +0000 Subject: [PATCH 037/138] Actualizar roles/config-motd/tasks/main.yaml --- roles/config-motd/tasks/main.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/roles/config-motd/tasks/main.yaml b/roles/config-motd/tasks/main.yaml index 4bf61a4..2a0067b 100644 --- a/roles/config-motd/tasks/main.yaml +++ b/roles/config-motd/tasks/main.yaml @@ -1,8 +1,3 @@ -- name: "[CONFIG MOTD] Comprobando si es necesario configurar motd" - meta: end_host - when: motd_enabled is not defined or not motd_enabled - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Add message to MOTD - name: add motd message copy: -- 2.40.1 From b6d7ca15900317132cb816d14cbd573e41609578 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Sun, 8 Sep 2024 16:40:23 +0200 Subject: [PATCH 038/138] fix: refs #7735 MOTD updated and fixes --- roles/config-motd/files/90-vn | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/roles/config-motd/files/90-vn b/roles/config-motd/files/90-vn index d2678b2..a6fdeb7 100644 --- a/roles/config-motd/files/90-vn +++ b/roles/config-motd/files/90-vn @@ -1,6 +1,3 @@ -#!/bin/sh -uname -snrvm -root@dhcp1:/etc/dhcp/subnets# cat /etc/update-motd.d/90-vn #!/bin/bash LABEL="\033[0;32m" @@ -25,10 +22,10 @@ case "$FQDN" in ENVIRONMENT="${LAB}Laboratory${RESET}" ;; *.verdnatura.es) - ENVIRONMENT="-" + ENVIRONMENT="${UNKNOWN}Unknown${RESET}" ;; *) - ENVIRONMENT="${UNKNOWN}Unknown${RESET}" + ENVIRONMENT="-" ;; esac @@ -49,11 +46,11 @@ SHOW_UPGRADEABLE=0 USER_UID=$(id -u $USER) USER_GROUPS=$(id -Gn $USER) -if [ ${USER_UID} -eq 0 ] ; then - SHOW_UPGRADEABLE=1 +if [ ${USER_UID} -eq 0 ] ; then + SHOW_UPGRADEABLE=1 fi -if [[ "${USER_GROUPS}" == *"sysadmin"* ]] ; then - SHOW_UPGRADEABLE=1 +if [[ "${USER_GROUPS}" == *"sysadmin"* ]] ; then + SHOW_UPGRADEABLE=1 fi if [ $SHOW_UPGRADEABLE -eq 1 ] ; then UPGRADEABLE="$(apt list --upgradable 2>/dev/null | tail -n +2 | wc -l)" @@ -77,15 +74,15 @@ GL="\e[48;5;70m" RS="\e[0m" echo -e -echo -e " $GL $GB $RS" -echo -e " $GL $GB $GL $RS $GL $GB $RS" " ${FW}__ __ _ ${FG} _ _ _ ${RS}" -echo -e " $GB $GL $RS $GL $GB $GL $RS" " ${FW}\ \ / /__ _ __ __| |${FG}| \ | | __ _| |_ _ _ _ __ __ _ ${RS}" -echo -e " $GL $GB $RS $GB $GL $RS " " ${FW} \ \ / / _ \ '__/ _' |${FG}| \| |/ _' | __| | | | '__/ _' |${RS}" -echo -e " $GL $GB $RS $GB $GL $RS " " ${FW} \ V / __/ | | (_| |${FG}| |\ | (_| | |_| |_| | | | (_| |${RS}" -echo -e " " " ${FW} \_/ \___|_| \__,_|${FG}|_| \_|\__,_|\__|\__,_|_| \__,_|${RS}" -echo -e " $GL $GB $RS $GB $GL $RS" -echo -e " $GL $GB $GL $RS $GL $GB $RS" -echo -e " $GB $GL $RS" +echo -e " $GL $GB $RS" +echo -e " $GL $GB $GL $RS $GL $GB $RS" " ${FW}__ __ _ ${FG} _ _ _ ${RS}" +echo -e " $GB $GL $RS $GL $GB $GL $RS" " ${FW}\ \ / /__ _ __ __| |${FG}| \ | | __ _| |_ _ _ _ __ __ _ ${RS}" +echo -e " $GL $GB $RS $GB $GL $RS " " ${FW} \ \ / / _ \ '__/ _' |${FG}| \| |/ _' | __| | | | '__/ _' |${RS}" +echo -e " $GL $GB $RS $GB $GL $RS " " ${FW} \ V / __/ | | (_| |${FG}| |\ | (_| | |_| |_| | | | (_| |${RS}" +echo -e " " " ${FW} \_/ \___|_| \__,_|${FG}|_| \_|\__,_|\__|\__,_|_| \__,_|${RS}" +echo -e " $GL $GB $RS $GB $GL $RS" +echo -e " $GL $GB $GL $RS $GL $GB $RS" +echo -e " $GB $GL $RS" echo -e # Information -- 2.40.1 From 1fa424975ad8251e7cb9906f23bae9c4522f5614 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 9 Sep 2024 09:11:54 +0200 Subject: [PATCH 039/138] MOTD updated --- roles/config-motd/files/90-vn | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/config-motd/files/90-vn b/roles/config-motd/files/90-vn index a6fdeb7..1a11bc4 100644 --- a/roles/config-motd/files/90-vn +++ b/roles/config-motd/files/90-vn @@ -11,6 +11,7 @@ BLINK="\033[5m" PRO="\033[1;5;31m" LAB="\033[0;35m" +VN="\033[0;32m" UNKNOWN="\033[0;33m" FQDN=$(hostname --fqdn) @@ -22,10 +23,10 @@ case "$FQDN" in ENVIRONMENT="${LAB}Laboratory${RESET}" ;; *.verdnatura.es) - ENVIRONMENT="${UNKNOWN}Unknown${RESET}" + ENVIRONMENT="${VN}Verdnatura${RESET}" ;; *) - ENVIRONMENT="-" + ENVIRONMENT="${UNKNOWN}Unknown${RESET}" ;; esac -- 2.40.1 From ea6a8bed79fcc46ff427246f67026564ab536f4a Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 23 Sep 2024 14:30:38 +0200 Subject: [PATCH 040/138] refs #8025 Project structure & clean --- ansible.cfg | 10 ++ group_vars/all.yaml | 6 + group_vars/backup.yaml | 0 group_vars/core.yaml | 0 group_vars/devices.yaml | 0 group_vars/ilo.yaml | 0 group_vars/kubernetes.yaml | 0 group_vars/servers.yaml | 0 group_vars/swarm.yaml | 0 group_vars/test.yaml | 0 group_vars/vmware.yaml | 0 group_vars/windows.yaml | 0 host_vars/cephtest01.yaml | 133 -------------- host_vars/cephtest02.yaml | 133 -------------- host_vars/cephtest03.yaml | 133 -------------- host_vars/core-proxytest.yaml | 11 -- host_vars/debian-test-awx-ct.yaml | 11 -- host_vars/debian-test-awx-vm.yaml | 43 ----- host_vars/debian-vn-test.yaml | 133 -------------- host_vars/docker-test.yaml | 11 -- host_vars/ejemplo-hostvar.yaml | 133 -------------- host_vars/freeradius-playbook.yaml | 133 -------------- host_vars/freeradiustotp.yaml | 133 -------------- host_vars/homes.yaml | 11 -- host_vars/hot-plug-test.yaml | 11 -- host_vars/iventoy-test.yaml | 133 -------------- host_vars/iventoy.yaml | 133 -------------- host_vars/k3s128test.yaml | 13 -- host_vars/kube-master1.yaml | 133 -------------- host_vars/kube-master2.yaml | 133 -------------- host_vars/kube-master3.yaml | 133 -------------- host_vars/kube-worker1.yaml | 133 -------------- host_vars/kube-worker2.yaml | 133 -------------- host_vars/kube-worker3.yaml | 133 -------------- host_vars/kube-worker4.yaml | 133 -------------- host_vars/kubelab-proxy1.yaml | 133 -------------- host_vars/nagios4-test.yaml | 12 -- host_vars/nagiosql-db.yaml | 137 --------------- host_vars/openvpn-freeradius.yaml | 133 -------------- host_vars/pbx.yaml | 133 -------------- host_vars/test-playbook.yaml | 133 -------------- host_vars/time1.yaml | 133 -------------- host_vars/time2.yaml | 133 -------------- host_vars/vm-debian12.yaml | 133 -------------- host_vars/zabbix-frontend-web.yaml | 133 -------------- host_vars/zabbix-server-db.yaml | 133 -------------- hosts | 70 ++++---- hosts2 | 71 -------- linux-base-config-debian-ct.yaml | 162 ------------------ linux-base-config-debian-physical-server.yaml | 76 -------- linux-base-config-debian-vm.yaml | 156 ----------------- linux-base-config-debian.yaml | 72 -------- linux-config-autofs-homes.yaml | 18 -- linux-config-awx-user.yaml | 12 -- linux-config-base-debian-os.yaml | 20 --- linux-config-centralized-auth.yaml | 18 -- linux-config-fail2ban.yaml | 18 -- linux-config-freeradius-totp.yaml | 12 -- linux-config-hostname.yaml | 18 -- linux-config-hosts.yaml | 19 -- linux-config-hot-plug.yaml | 18 -- linux-config-install-packages.yaml | 18 -- linux-config-locales.yaml | 18 -- linux-config-motd.yaml | 18 -- linux-config-nagios-nrpe.yaml | 12 -- linux-config-nsupdate.yaml | 12 -- linux-config-ntp.yaml | 18 -- linux-config-relayhost-smtp.yaml | 18 -- linux-config-repo-vn.yaml | 18 -- linux-config-resolv.yaml | 18 -- linux-config-root-user.yaml | 18 -- linux-config-secure-grub.yaml | 18 -- linux-config-send-mail.yaml | 12 -- linux-config-server-type.yaml | 18 -- linux-config-sudoers.yaml | 18 -- linux-config-tzdata.yaml | 18 -- linux-config-update-and-upgrade-packages.yaml | 18 -- linux-config-vim-options.yaml | 18 -- linux-config-zabbix-agent.yaml | 18 -- linux-patch-exim4.yaml | 27 --- linux-ping.yml | 6 - playbooks/debian-base.yaml | 20 +++ playbooks/debian-ct.yaml | 27 +++ playbooks/debian-infra.yaml | 23 +++ playbooks/debian-upgrade.yaml | 5 + playbooks/debian-vm.yaml | 57 ++++++ playbooks/debian.yaml | 5 + playbooks/freeradius.yaml | 5 + playbooks/nsupdate.yaml | 5 + playbooks/ping.yml | 3 + playbooks/send-mail.yaml | 7 + playbooks/test.yaml | 5 + playbooks/windows-ping.yml | 5 + .../windows-update.yaml | 10 +- roles/awx/files/awx | 1 + roles/awx/tasks/main.yaml | 23 +++ roles/awx/vars/main.yaml | 1 + roles/config-autofs-homes/handlers/main.yaml | 13 -- roles/config-autofs-homes/tasks/main.yaml | 70 -------- roles/config-autofs-homes/vars/main.yaml | 7 - roles/config-awx-user/tasks/main.yaml | 46 ----- roles/config-awx-user/vars/main.yaml | 2 - .../handlers/main.yaml | 6 - roles/config-centralized-auth/tasks/main.yaml | 52 ------ roles/config-fail2ban/handlers/main.yaml | 10 -- roles/config-fail2ban/tasks/main.yaml | 49 ------ roles/config-fail2ban/templates/jail.j2 | 38 ---- roles/config-fail2ban/templates/jail2.j2 | 91 ---------- roles/config-fail2ban/vars/main.yaml | 5 - roles/config-hostname/tasks/main.yaml | 18 -- roles/config-hosts/tasks/main.yaml | 15 -- roles/config-hosts/vars/main.yaml | 3 - roles/config-hot-plug/tasks/main.yaml | 35 ---- roles/config-hot-plug/templates/grub.j2 | 1 - roles/config-hot-plug/templates/udev.j2 | 1 - roles/config-hot-plug/vars/main.yaml | 5 - roles/config-install-packages/tasks/main.yaml | 31 ---- roles/config-locales/files/set_locales.sh | 4 - roles/config-locales/tasks/main.yaml | 8 - roles/config-motd/files/mymotd.sh | 40 ----- roles/config-motd/tasks/main.yaml | 9 - roles/config-motd/vars/main.yaml | 2 - roles/config-nagios-nrpe/files/90-vn.cfg | 11 -- roles/config-nagios-nrpe/handlers/main.yaml | 5 - roles/config-nagios-nrpe/tasks/main.yaml | 45 ----- roles/config-nagios-nrpe/vars/main.yaml | 3 - roles/config-nsupdate/meta/main.yaml | 4 - roles/config-nsupdate/tasks/main.yaml | 19 -- roles/config-ntp/tasks/main.yaml | 53 ------ roles/config-ntp/vars/main.yaml | 4 - .../config-relayhost-smtp/handlers/main.yaml | 6 - roles/config-repo-vn/tasks/main.yaml | 45 ----- roles/config-resolv/tasks/main.yaml | 15 -- roles/config-resolv/templates/resolv.j2 | 7 - roles/config-resolv/vars/main.yaml | 3 - roles/config-root-user/handlers/main.yaml | 5 - roles/config-root-user/tasks/main.yaml | 103 ----------- roles/config-root-user/vars/main.yaml | 10 -- roles/config-secure-grub/handlers/main.yaml | 4 - roles/config-secure-grub/tasks/main.yaml | 18 -- roles/config-server-type/tasks/main.yaml | 26 --- roles/config-server-type/vars/main.yaml | 3 - roles/config-sudoers/tasks/main.yaml | 20 --- roles/config-tzdata/tasks/main.yaml | 21 --- .../tasks/main.yaml | 34 ---- roles/config-vim-options/tasks/main.yaml | 26 --- roles/config-vim-options/vars/main.yaml | 2 - .../zabbix-release_6.4-1+debian12_all.deb | Bin 3540 -> 0 bytes roles/config-zabbix-agent/handlers/main.yaml | 5 - roles/config-zabbix-agent/tasks/main.yaml | 59 ------- roles/config-zabbix-agent/vars/main.yaml | 5 - .../files/ldap | 0 .../handlers/main.yaml | 0 .../tasks/main.yaml | 0 .../templates/clients.j2 | 0 .../templates/default.j2 | 0 .../templates/dictionary.j2 | 0 .../templates/filter.j2 | 0 .../templates/freeradiusservice.j2 | 0 .../templates/radiusd.j2 | 0 .../templates/radiusdpam.j2 | 0 .../vars/main.yaml | 0 .../files/nslcd.conf | 0 roles/linux-auth/tasks/main.yaml | 39 +++++ .../vars/main.yaml | 1 - .../files/auto.homes | 0 .../files/homes.autofs | 0 roles/linux-autofs/handlers/main.yaml | 8 + roles/linux-autofs/tasks/main.yaml | 41 +++++ roles/linux-autofs/vars/main.yaml | 1 + roles/linux-bacula/files/bacula-fd.conf.jd2 | 24 +++ roles/linux-bacula/tasks/main.yaml | 20 +++ roles/linux-base/tasks/main.yaml | 10 ++ roles/linux-fail2ban/handlers/main.yaml | 4 + roles/linux-fail2ban/tasks/main.yaml | 15 ++ roles/linux-fail2ban/templates/jail.local.j2 | 20 +++ roles/linux-fail2ban/vars/main.yaml | 5 + roles/linux-hostname/tasks/main.yaml | 23 +++ .../templates/hosts.j2 | 2 +- roles/linux-hostname/templates/resolv.j2 | 7 + roles/linux-install-packages/tasks/main.yaml | 10 ++ roles/linux-locale/tasks/main.yaml | 15 ++ roles/{config-motd => linux-motd}/files/90-vn | 0 roles/linux-motd/tasks/main.yaml | 7 + roles/linux-nrpe/files/90-vn.cfg | 12 ++ roles/linux-nrpe/handlers/main.yaml | 4 + roles/linux-nrpe/tasks/main.yaml | 22 +++ .../{config-ntp => linux-ntp}/files/timesync | 3 - .../handlers/main.yaml | 1 - roles/linux-ntp/tasks/main.yaml | 24 +++ roles/linux-ntp/vars/main.yaml | 1 + roles/linux-profile/files/vn.sh | 39 +++++ roles/linux-profile/tasks/main.yaml | 7 + .../linux-qemu/files/80-hotplug-cpu-mem.rules | 1 + roles/linux-qemu/files/hotplug.cfg | 1 + roles/linux-qemu/tasks/main.yaml | 20 +++ .../defaults/main.yaml | 3 +- roles/linux-relayhost/handlers/main.yaml | 4 + .../tasks/main.yaml | 27 +-- .../vars/main.yaml | 1 - roles/linux-root/handlers/main.yaml | 4 + roles/linux-root/tasks/main.yaml | 26 +++ roles/linux-secure-grub/handlers/main.yaml | 2 + roles/linux-secure-grub/tasks/main.yaml | 9 + .../vars/main.yaml | 1 - roles/linux-sudoers/files/vn | 1 + roles/linux-sudoers/tasks/main.yaml | 7 + .../files/set_timezone.sh | 4 +- roles/linux-tzdata/tasks/main.yaml | 2 + roles/linux-upgrade/tasks/main.yaml | 20 +++ roles/linux-vim/files/vimrc.local | 5 + roles/linux-vim/tasks/main.yaml | 11 ++ roles/linux-vm/tasks/main.yaml | 10 ++ roles/linux-vn-repo/tasks/main.yaml | 12 ++ .../vars/main.yaml | 3 +- roles/nsupdate/meta/main.yaml | 2 + roles/nsupdate/tasks/main.yaml | 12 ++ .../vars/main.yaml | 2 - .../tasks/main.yaml | 5 - .../vars/main.yaml | 0 windows-install-package.yml | 14 -- windows-ping-test.yml | 6 - windows-restart_service.yml | 7 - 223 files changed, 771 insertions(+), 5840 deletions(-) create mode 100644 ansible.cfg create mode 100644 group_vars/all.yaml delete mode 100644 group_vars/backup.yaml delete mode 100644 group_vars/core.yaml delete mode 100644 group_vars/devices.yaml delete mode 100644 group_vars/ilo.yaml delete mode 100644 group_vars/kubernetes.yaml delete mode 100644 group_vars/servers.yaml delete mode 100644 group_vars/swarm.yaml delete mode 100644 group_vars/test.yaml delete mode 100644 group_vars/vmware.yaml delete mode 100644 group_vars/windows.yaml delete mode 100644 host_vars/cephtest01.yaml delete mode 100644 host_vars/cephtest02.yaml delete mode 100644 host_vars/cephtest03.yaml delete mode 100644 host_vars/core-proxytest.yaml delete mode 100644 host_vars/debian-test-awx-ct.yaml delete mode 100644 host_vars/debian-test-awx-vm.yaml delete mode 100644 host_vars/debian-vn-test.yaml delete mode 100644 host_vars/docker-test.yaml delete mode 100644 host_vars/ejemplo-hostvar.yaml delete mode 100644 host_vars/freeradius-playbook.yaml delete mode 100644 host_vars/freeradiustotp.yaml delete mode 100644 host_vars/homes.yaml delete mode 100644 host_vars/hot-plug-test.yaml delete mode 100644 host_vars/iventoy-test.yaml delete mode 100644 host_vars/iventoy.yaml delete mode 100644 host_vars/k3s128test.yaml delete mode 100644 host_vars/kube-master1.yaml delete mode 100644 host_vars/kube-master2.yaml delete mode 100644 host_vars/kube-master3.yaml delete mode 100644 host_vars/kube-worker1.yaml delete mode 100644 host_vars/kube-worker2.yaml delete mode 100644 host_vars/kube-worker3.yaml delete mode 100644 host_vars/kube-worker4.yaml delete mode 100644 host_vars/kubelab-proxy1.yaml delete mode 100644 host_vars/nagios4-test.yaml delete mode 100644 host_vars/nagiosql-db.yaml delete mode 100644 host_vars/openvpn-freeradius.yaml delete mode 100644 host_vars/pbx.yaml delete mode 100644 host_vars/test-playbook.yaml delete mode 100644 host_vars/time1.yaml delete mode 100644 host_vars/time2.yaml delete mode 100644 host_vars/vm-debian12.yaml delete mode 100644 host_vars/zabbix-frontend-web.yaml delete mode 100644 host_vars/zabbix-server-db.yaml delete mode 100644 hosts2 delete mode 100644 linux-base-config-debian-ct.yaml delete mode 100644 linux-base-config-debian-physical-server.yaml delete mode 100644 linux-base-config-debian-vm.yaml delete mode 100644 linux-base-config-debian.yaml delete mode 100644 linux-config-autofs-homes.yaml delete mode 100644 linux-config-awx-user.yaml delete mode 100644 linux-config-base-debian-os.yaml delete mode 100644 linux-config-centralized-auth.yaml delete mode 100644 linux-config-fail2ban.yaml delete mode 100644 linux-config-freeradius-totp.yaml delete mode 100644 linux-config-hostname.yaml delete mode 100644 linux-config-hosts.yaml delete mode 100644 linux-config-hot-plug.yaml delete mode 100644 linux-config-install-packages.yaml delete mode 100644 linux-config-locales.yaml delete mode 100644 linux-config-motd.yaml delete mode 100644 linux-config-nagios-nrpe.yaml delete mode 100644 linux-config-nsupdate.yaml delete mode 100644 linux-config-ntp.yaml delete mode 100644 linux-config-relayhost-smtp.yaml delete mode 100644 linux-config-repo-vn.yaml delete mode 100644 linux-config-resolv.yaml delete mode 100644 linux-config-root-user.yaml delete mode 100644 linux-config-secure-grub.yaml delete mode 100644 linux-config-send-mail.yaml delete mode 100644 linux-config-server-type.yaml delete mode 100644 linux-config-sudoers.yaml delete mode 100644 linux-config-tzdata.yaml delete mode 100644 linux-config-update-and-upgrade-packages.yaml delete mode 100644 linux-config-vim-options.yaml delete mode 100644 linux-config-zabbix-agent.yaml delete mode 100644 linux-patch-exim4.yaml delete mode 100644 linux-ping.yml create mode 100644 playbooks/debian-base.yaml create mode 100644 playbooks/debian-ct.yaml create mode 100644 playbooks/debian-infra.yaml create mode 100644 playbooks/debian-upgrade.yaml create mode 100644 playbooks/debian-vm.yaml create mode 100644 playbooks/debian.yaml create mode 100644 playbooks/freeradius.yaml create mode 100644 playbooks/nsupdate.yaml create mode 100644 playbooks/ping.yml create mode 100644 playbooks/send-mail.yaml create mode 100644 playbooks/test.yaml create mode 100644 playbooks/windows-ping.yml rename windows-update_windows.yaml => playbooks/windows-update.yaml (66%) create mode 100644 roles/awx/files/awx create mode 100644 roles/awx/tasks/main.yaml create mode 100644 roles/awx/vars/main.yaml delete mode 100644 roles/config-autofs-homes/handlers/main.yaml delete mode 100644 roles/config-autofs-homes/tasks/main.yaml delete mode 100644 roles/config-autofs-homes/vars/main.yaml delete mode 100644 roles/config-awx-user/tasks/main.yaml delete mode 100644 roles/config-awx-user/vars/main.yaml delete mode 100644 roles/config-centralized-auth/handlers/main.yaml delete mode 100644 roles/config-centralized-auth/tasks/main.yaml delete mode 100644 roles/config-fail2ban/handlers/main.yaml delete mode 100644 roles/config-fail2ban/tasks/main.yaml delete mode 100644 roles/config-fail2ban/templates/jail.j2 delete mode 100644 roles/config-fail2ban/templates/jail2.j2 delete mode 100644 roles/config-fail2ban/vars/main.yaml delete mode 100644 roles/config-hostname/tasks/main.yaml delete mode 100644 roles/config-hosts/tasks/main.yaml delete mode 100644 roles/config-hosts/vars/main.yaml delete mode 100644 roles/config-hot-plug/tasks/main.yaml delete mode 100644 roles/config-hot-plug/templates/grub.j2 delete mode 100644 roles/config-hot-plug/templates/udev.j2 delete mode 100644 roles/config-hot-plug/vars/main.yaml delete mode 100644 roles/config-install-packages/tasks/main.yaml delete mode 100644 roles/config-locales/files/set_locales.sh delete mode 100644 roles/config-locales/tasks/main.yaml delete mode 100644 roles/config-motd/files/mymotd.sh delete mode 100644 roles/config-motd/tasks/main.yaml delete mode 100644 roles/config-motd/vars/main.yaml delete mode 100644 roles/config-nagios-nrpe/files/90-vn.cfg delete mode 100644 roles/config-nagios-nrpe/handlers/main.yaml delete mode 100644 roles/config-nagios-nrpe/tasks/main.yaml delete mode 100644 roles/config-nagios-nrpe/vars/main.yaml delete mode 100644 roles/config-nsupdate/meta/main.yaml delete mode 100644 roles/config-nsupdate/tasks/main.yaml delete mode 100644 roles/config-ntp/tasks/main.yaml delete mode 100644 roles/config-ntp/vars/main.yaml delete mode 100644 roles/config-relayhost-smtp/handlers/main.yaml delete mode 100644 roles/config-repo-vn/tasks/main.yaml delete mode 100644 roles/config-resolv/tasks/main.yaml delete mode 100644 roles/config-resolv/templates/resolv.j2 delete mode 100644 roles/config-resolv/vars/main.yaml delete mode 100644 roles/config-root-user/handlers/main.yaml delete mode 100644 roles/config-root-user/tasks/main.yaml delete mode 100644 roles/config-root-user/vars/main.yaml delete mode 100644 roles/config-secure-grub/handlers/main.yaml delete mode 100644 roles/config-secure-grub/tasks/main.yaml delete mode 100644 roles/config-server-type/tasks/main.yaml delete mode 100644 roles/config-server-type/vars/main.yaml delete mode 100644 roles/config-sudoers/tasks/main.yaml delete mode 100644 roles/config-tzdata/tasks/main.yaml delete mode 100644 roles/config-update-and-upgrade-packages/tasks/main.yaml delete mode 100644 roles/config-vim-options/tasks/main.yaml delete mode 100644 roles/config-vim-options/vars/main.yaml delete mode 100644 roles/config-zabbix-agent/files/zabbix-release_6.4-1+debian12_all.deb delete mode 100644 roles/config-zabbix-agent/handlers/main.yaml delete mode 100644 roles/config-zabbix-agent/tasks/main.yaml delete mode 100644 roles/config-zabbix-agent/vars/main.yaml rename roles/{config-freeradius-totp => freeradius}/files/ldap (100%) rename roles/{config-freeradius-totp => freeradius}/handlers/main.yaml (100%) rename roles/{config-freeradius-totp => freeradius}/tasks/main.yaml (100%) rename roles/{config-freeradius-totp => freeradius}/templates/clients.j2 (100%) rename roles/{config-freeradius-totp => freeradius}/templates/default.j2 (100%) rename roles/{config-freeradius-totp => freeradius}/templates/dictionary.j2 (100%) rename roles/{config-freeradius-totp => freeradius}/templates/filter.j2 (100%) rename roles/{config-freeradius-totp => freeradius}/templates/freeradiusservice.j2 (100%) rename roles/{config-freeradius-totp => freeradius}/templates/radiusd.j2 (100%) rename roles/{config-freeradius-totp => freeradius}/templates/radiusdpam.j2 (100%) rename roles/{config-freeradius-totp => freeradius}/vars/main.yaml (100%) rename roles/{config-centralized-auth => linux-auth}/files/nslcd.conf (100%) create mode 100644 roles/linux-auth/tasks/main.yaml rename roles/{config-centralized-auth => linux-auth}/vars/main.yaml (96%) rename roles/{config-autofs-homes => linux-autofs}/files/auto.homes (100%) rename roles/{config-autofs-homes => linux-autofs}/files/homes.autofs (100%) create mode 100644 roles/linux-autofs/handlers/main.yaml create mode 100644 roles/linux-autofs/tasks/main.yaml create mode 100644 roles/linux-autofs/vars/main.yaml create mode 100644 roles/linux-bacula/files/bacula-fd.conf.jd2 create mode 100644 roles/linux-bacula/tasks/main.yaml create mode 100644 roles/linux-base/tasks/main.yaml create mode 100644 roles/linux-fail2ban/handlers/main.yaml create mode 100644 roles/linux-fail2ban/tasks/main.yaml create mode 100644 roles/linux-fail2ban/templates/jail.local.j2 create mode 100644 roles/linux-fail2ban/vars/main.yaml create mode 100644 roles/linux-hostname/tasks/main.yaml rename roles/{config-hosts => linux-hostname}/templates/hosts.j2 (63%) create mode 100644 roles/linux-hostname/templates/resolv.j2 create mode 100644 roles/linux-install-packages/tasks/main.yaml create mode 100644 roles/linux-locale/tasks/main.yaml rename roles/{config-motd => linux-motd}/files/90-vn (100%) create mode 100644 roles/linux-motd/tasks/main.yaml create mode 100644 roles/linux-nrpe/files/90-vn.cfg create mode 100644 roles/linux-nrpe/handlers/main.yaml create mode 100644 roles/linux-nrpe/tasks/main.yaml rename roles/{config-ntp => linux-ntp}/files/timesync (54%) rename roles/{config-ntp => linux-ntp}/handlers/main.yaml (55%) create mode 100644 roles/linux-ntp/tasks/main.yaml create mode 100644 roles/linux-ntp/vars/main.yaml create mode 100644 roles/linux-profile/files/vn.sh create mode 100644 roles/linux-profile/tasks/main.yaml create mode 100644 roles/linux-qemu/files/80-hotplug-cpu-mem.rules create mode 100644 roles/linux-qemu/files/hotplug.cfg create mode 100644 roles/linux-qemu/tasks/main.yaml rename roles/{config-relayhost-smtp => linux-relayhost}/defaults/main.yaml (91%) create mode 100644 roles/linux-relayhost/handlers/main.yaml rename roles/{config-relayhost-smtp => linux-relayhost}/tasks/main.yaml (65%) rename roles/{config-relayhost-smtp => linux-relayhost}/vars/main.yaml (95%) create mode 100644 roles/linux-root/handlers/main.yaml create mode 100644 roles/linux-root/tasks/main.yaml create mode 100644 roles/linux-secure-grub/handlers/main.yaml create mode 100644 roles/linux-secure-grub/tasks/main.yaml rename roles/{config-secure-grub => linux-secure-grub}/vars/main.yaml (98%) create mode 100644 roles/linux-sudoers/files/vn create mode 100644 roles/linux-sudoers/tasks/main.yaml rename roles/{config-tzdata => linux-tzdata}/files/set_timezone.sh (66%) create mode 100644 roles/linux-tzdata/tasks/main.yaml create mode 100644 roles/linux-upgrade/tasks/main.yaml create mode 100644 roles/linux-vim/files/vimrc.local create mode 100644 roles/linux-vim/tasks/main.yaml create mode 100644 roles/linux-vm/tasks/main.yaml create mode 100644 roles/linux-vn-repo/tasks/main.yaml rename roles/{config-repo-vn => linux-vn-repo}/vars/main.yaml (63%) create mode 100644 roles/nsupdate/meta/main.yaml create mode 100644 roles/nsupdate/tasks/main.yaml rename roles/{config-nsupdate => nsupdate}/vars/main.yaml (96%) rename roles/{config-send-mail => send-mail}/tasks/main.yaml (63%) rename roles/{config-send-mail => send-mail}/vars/main.yaml (100%) delete mode 100644 windows-install-package.yml delete mode 100644 windows-ping-test.yml delete mode 100644 windows-restart_service.yml diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..0752a5b --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,10 @@ +[defaults] +roles_path = ./roles +inventory = ./hosts +gathering = explicit +interpreter_python = auto_silent +remote_user = root +host_key_checking = False + +[privilege_escalation] +become = True diff --git a/group_vars/all.yaml b/group_vars/all.yaml new file mode 100644 index 0000000..0f02e94 --- /dev/null +++ b/group_vars/all.yaml @@ -0,0 +1,6 @@ +resolv: + domain: verdnatura.es + search: verdnatura.es +resolvers: + - '10.0.0.4' + - '10.0.0.5' diff --git a/group_vars/backup.yaml b/group_vars/backup.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/group_vars/core.yaml b/group_vars/core.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/group_vars/devices.yaml b/group_vars/devices.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/group_vars/ilo.yaml b/group_vars/ilo.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/group_vars/kubernetes.yaml b/group_vars/kubernetes.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/group_vars/servers.yaml b/group_vars/servers.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/group_vars/swarm.yaml b/group_vars/swarm.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/group_vars/test.yaml b/group_vars/test.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/group_vars/vmware.yaml b/group_vars/vmware.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/group_vars/windows.yaml b/group_vars/windows.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/host_vars/cephtest01.yaml b/host_vars/cephtest01.yaml deleted file mode 100644 index deac740..0000000 --- a/host_vars/cephtest01.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'cephtest01' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: cephtest01.lab.verdnatura.es cephtest01 -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.verdnatura.es -search_name: lab.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -nagios_nrpe_enabled: True -#nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -zabbix_agent_enabled: True -#zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/cephtest02.yaml b/host_vars/cephtest02.yaml deleted file mode 100644 index 8c03601..0000000 --- a/host_vars/cephtest02.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'cephtest02' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: cephtest02.lab.verdnatura.es cephtest02 -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.verdnatura.es -search_name: lab.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -nagios_nrpe_enabled: True -#nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -zabbix_agent_enabled: True -#zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/cephtest03.yaml b/host_vars/cephtest03.yaml deleted file mode 100644 index 7412038..0000000 --- a/host_vars/cephtest03.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'cephtest03' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: cephtest03.lab.verdnatura.es cephtest03 -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.verdnatura.es -search_name: lab.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -nagios_nrpe_enabled: True -#nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -zabbix_agent_enabled: True -#zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/core-proxytest.yaml b/host_vars/core-proxytest.yaml deleted file mode 100644 index 66242fd..0000000 --- a/host_vars/core-proxytest.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -bantime: "604800" -maxretry: "4" -findtime: "604800" -jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" \ No newline at end of file diff --git a/host_vars/debian-test-awx-ct.yaml b/host_vars/debian-test-awx-ct.yaml deleted file mode 100644 index 22c1e74..0000000 --- a/host_vars/debian-test-awx-ct.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -bantime: "604800" -maxretry: "4" -findtime: "604800" -jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" diff --git a/host_vars/debian-test-awx-vm.yaml b/host_vars/debian-test-awx-vm.yaml deleted file mode 100644 index 82f4a60..0000000 --- a/host_vars/debian-test-awx-vm.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -bantime: "604800" -maxretry: "4" -findtime: "604800" -jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# EXAMPLE -# bantime: "604800" -# maxretry: "4" -# findtime: "604800" -# jails: -#- name: NAME-FILTER(list -> /etc/fail2ban/filter.d/somefilenamefilter) - (first JAIL SSH) -# enabled: true -# filter: somefilenamefilter -# logpath: /var/log/logofserviceauths -# port: ['nameofservice', 'PORTNUMBEROFSERVICE'] -# maxretry: 4 # max retry to auth -# bantime: 604800 # 1week bantime in seconds -# findtime: 604800 # 1week time finding source-host auth -# action: "%(action_mwl)s" -#- name: NAME-FILTER(list -> /etc/fail2ban/filter.d/somefilenamefilter) - (second JAIL otherService) -# enabled: true -# filter: somefilenamefilter -# logpath: /var/log/logofserviceauths -# port: ['nameofservice', 'PORTNUMBEROFSERVICE'] -# maxretry: 4 # max retry to auth -# bantime: 604800 # 1week bantime in seconds -# findtime: 604800 # 1week time finding source-host auth -# banaction: NAME-ACTION(list -> /etc/fail2ban/action.d/somefilenameaction) -# action: "%(action_mwl)s" -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# 31536000 ; year -# 18144000 ; 30days -# 604800 ; 1 week -# 86400 ; 1 day -# 3600 ; 1 hour -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \ No newline at end of file diff --git a/host_vars/debian-vn-test.yaml b/host_vars/debian-vn-test.yaml deleted file mode 100644 index 3ae0933..0000000 --- a/host_vars/debian-vn-test.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'vn-debian-test' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: vn-debian-test.lab.verdnatura.es vn-debian-test -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.verdnatura.es -search_name: lab.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -hot_plug_enabled: True -#hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -nagios_nrpe_enabled: True -#nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -server_type_enabled: True -#server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -zabbix_agent_enabled: True -#zabbix_agent_enabled: False -############################################################################# diff --git a/host_vars/docker-test.yaml b/host_vars/docker-test.yaml deleted file mode 100644 index 66242fd..0000000 --- a/host_vars/docker-test.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -bantime: "604800" -maxretry: "4" -findtime: "604800" -jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" \ No newline at end of file diff --git a/host_vars/ejemplo-hostvar.yaml b/host_vars/ejemplo-hostvar.yaml deleted file mode 100644 index 1443a2c..0000000 --- a/host_vars/ejemplo-hostvar.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'ejemplo' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -#autofs_homes_enabled: True -autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/freeradius-playbook.yaml b/host_vars/freeradius-playbook.yaml deleted file mode 100644 index 600972b..0000000 --- a/host_vars/freeradius-playbook.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'freeradius-playbook' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: freeradius-playbook.lab.verdnatura.es freeradius-playbook -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.verdnatura.es -search_name: lab.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -hot_plug_enabled: True -#hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -nagios_nrpe_enabled: True -#nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -server_type_enabled: True -#server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -zabbix_agent_enabled: True -#zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/freeradiustotp.yaml b/host_vars/freeradiustotp.yaml deleted file mode 100644 index 355730f..0000000 --- a/host_vars/freeradiustotp.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'freeradiustotp' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: freeradiustotp.servers.dc.verdnatura.es freeradiustotp -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: verdnatura.es -search_name: verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -hot_plug_enabled: True -#hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -fail2ban_enabled: True -#fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -nagios_nrpe_enabled: True -#nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -server_type_enabled: True -#server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -#autofs_homes_enabled: True -autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -zabbix_agent_enabled: True -#zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/homes.yaml b/host_vars/homes.yaml deleted file mode 100644 index 66242fd..0000000 --- a/host_vars/homes.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -bantime: "604800" -maxretry: "4" -findtime: "604800" -jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" \ No newline at end of file diff --git a/host_vars/hot-plug-test.yaml b/host_vars/hot-plug-test.yaml deleted file mode 100644 index 66242fd..0000000 --- a/host_vars/hot-plug-test.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -bantime: "604800" -maxretry: "4" -findtime: "604800" -jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" \ No newline at end of file diff --git a/host_vars/iventoy-test.yaml b/host_vars/iventoy-test.yaml deleted file mode 100644 index 89da23c..0000000 --- a/host_vars/iventoy-test.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'iventoy-test' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: iventoy-test.lab.verdnatura.es iventoy-test -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.verdnatura.es -search_name: lab.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -hot_plug_enabled: True -#hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -nagios_nrpe_enabled: True -#nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -server_type_enabled: True -#server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -zabbix_agent_enabled: True -#zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/iventoy.yaml b/host_vars/iventoy.yaml deleted file mode 100644 index 5d76fbc..0000000 --- a/host_vars/iventoy.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'iventoy' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: iventoy.servers.dc.verdnatura.es iventoy -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: dc.verdnatura.es -search_name: dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -hot_plug_enabled: True -#hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -nagios_nrpe_enabled: True -#nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -server_type_enabled: True -#server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# diff --git a/host_vars/k3s128test.yaml b/host_vars/k3s128test.yaml deleted file mode 100644 index cf2be49..0000000 --- a/host_vars/k3s128test.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -bantime: "10m" -maxretry: "10" -findtime: "10m" -jails: -- name: sshd - enabled: true - filter: sshd - logpath: /var/log/auth.log - port: ['ssh', '22'] - maxretry: 10 - bantime: 10m - findtime: 10m \ No newline at end of file diff --git a/host_vars/kube-master1.yaml b/host_vars/kube-master1.yaml deleted file mode 100644 index d84b560..0000000 --- a/host_vars/kube-master1.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'kube-master1' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/kube-master2.yaml b/host_vars/kube-master2.yaml deleted file mode 100644 index b8e2aa3..0000000 --- a/host_vars/kube-master2.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'kube-master2' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/kube-master3.yaml b/host_vars/kube-master3.yaml deleted file mode 100644 index 575621b..0000000 --- a/host_vars/kube-master3.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'kube-master3' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/kube-worker1.yaml b/host_vars/kube-worker1.yaml deleted file mode 100644 index 0a9e451..0000000 --- a/host_vars/kube-worker1.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'kube-worker1' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/kube-worker2.yaml b/host_vars/kube-worker2.yaml deleted file mode 100644 index cab639f..0000000 --- a/host_vars/kube-worker2.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'kube-worker2' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/kube-worker3.yaml b/host_vars/kube-worker3.yaml deleted file mode 100644 index a7fe955..0000000 --- a/host_vars/kube-worker3.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'kube-worker3' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/kube-worker4.yaml b/host_vars/kube-worker4.yaml deleted file mode 100644 index 4bd1b5a..0000000 --- a/host_vars/kube-worker4.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'kube-worker4' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/kubelab-proxy1.yaml b/host_vars/kubelab-proxy1.yaml deleted file mode 100644 index 601577a..0000000 --- a/host_vars/kubelab-proxy1.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'kubelab-proxy1' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: kubelab-proxy1.lab.verdnatura.es kubelab-proxy1 -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.verdnatura.es -search_name: lab.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -hot_plug_enabled: True -#hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -nagios_nrpe_enabled: True -#nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -server_type_enabled: True -#server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# diff --git a/host_vars/nagios4-test.yaml b/host_vars/nagios4-test.yaml deleted file mode 100644 index 7fd6954..0000000 --- a/host_vars/nagios4-test.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -fail2ban_times: - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" \ No newline at end of file diff --git a/host_vars/nagiosql-db.yaml b/host_vars/nagiosql-db.yaml deleted file mode 100644 index b2bbc6e..0000000 --- a/host_vars/nagiosql-db.yaml +++ /dev/null @@ -1,137 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'nagiosql-db' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: nagiosql-db.verdnatura.es nagiosql-db -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -# ES UN CT , NO ES NECESARIO -#secure-grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -# ES UN CT , NO ES NECESARIO -#hot-plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -fail2ban_enabled: True -#fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -nagios_nrpe_enabled: True -#nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -# ES UN CT , NO ES NECESARIO -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -# NO ESTA TESTEADO -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -zabbix_agent_enabled: True -#zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/openvpn-freeradius.yaml b/host_vars/openvpn-freeradius.yaml deleted file mode 100644 index 5c04863..0000000 --- a/host_vars/openvpn-freeradius.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'openvpn-freeradius' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: openvpn-freeradius.lab.verdnatura.es openvpn-freeradius -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.verdnatura.es -search_name: lab.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -hot_plug_enabled: True -#hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -nagios_nrpe_enabled: True -#nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -server_type_enabled: True -#server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -zabbix_agent_enabled: True -#zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/pbx.yaml b/host_vars/pbx.yaml deleted file mode 100644 index abf8857..0000000 --- a/host_vars/pbx.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'pbx' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: pbx pbx.verdnatura.es pbx.static.verdnatura.es pbx.servers.dc.verdnatura.es -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: verdnatura.es -search_name: verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/test-playbook.yaml b/host_vars/test-playbook.yaml deleted file mode 100644 index 0a9d3a4..0000000 --- a/host_vars/test-playbook.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root-user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'test-playbook' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay-host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized-auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure-grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim-options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot-plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo-vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios-nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server-type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -#autofs-homes_enabled: True -autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -zabbix_agent_enabled: True -#zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/time1.yaml b/host_vars/time1.yaml deleted file mode 100644 index 3fdb187..0000000 --- a/host_vars/time1.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'time1' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 10.0.1.87 - name: time1.verdnatura.es time1 -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: verdnatura.es -search_name: verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/time2.yaml b/host_vars/time2.yaml deleted file mode 100644 index 0167743..0000000 --- a/host_vars/time2.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -#root_user_enabled: True -root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -#hostname_enabled: True -hostname_enabled: False -hostname: 'time2' -############################################################################# - -### HOSTS ################################################################### -#hosts_enabled: True -hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: test-playbook.lab.dc.verdnatura.es test-playbook -############################################################################# - -### RESOLV ################################################################## -#resolv_enabled: True -resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -#update_enabled: True -update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -#packages_enabled: True -packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -#relay_host_enabled: True -relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -#centralized_auth_enabled: True -centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -#sudoers_enabled: True -sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -#vim_options_enabled: True -vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -#motd_enabled: True -motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -#hot_plug_enabled: True -hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -#locales_enabled: True -locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -#tzdata_enabled: True -tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -#repo_vn_enabled: True -repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -#server_type_enabled: True -server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -#ntp_enabled: True -ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/vm-debian12.yaml b/host_vars/vm-debian12.yaml deleted file mode 100644 index 0927886..0000000 --- a/host_vars/vm-debian12.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'vm-debian12' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: vm-debian12.lab.verdnatura.es vm-debian12 -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.verdnatura.es -search_name: lab.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -hot_plug_enabled: True -#hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -#fail2ban_enabled: True -fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -nagios_nrpe_enabled: True -#nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -server_type_enabled: True -#server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# diff --git a/host_vars/zabbix-frontend-web.yaml b/host_vars/zabbix-frontend-web.yaml deleted file mode 100644 index 3d66cbe..0000000 --- a/host_vars/zabbix-frontend-web.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'zabbix-frontend-web' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: zabbix-frontend-web.lab.dc.verdnatura.es zabbix-frontend-web -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -hot_plug_enabled: True -#hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -fail2ban_enabled: True -#fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -server_type_enabled: True -#server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/host_vars/zabbix-server-db.yaml b/host_vars/zabbix-server-db.yaml deleted file mode 100644 index 017e1a9..0000000 --- a/host_vars/zabbix-server-db.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -### ROOT-USER ############################################################### -root_user_enabled: True -#root_user_enabled: False -############################################################################# - -### HOSTNAME ################################################################ -hostname_enabled: True -#hostname_enabled: False -hostname: 'zabbix-server-db' -############################################################################# - -### HOSTS ################################################################### -hosts_enabled: True -#hosts_enabled: False -hosts: - - ip: 127.0.0.1 - name: localhost - - ip: 127.0.1.1 - name: zabbix-server-db.lab.dc.verdnatura.es zabbix-server-db -############################################################################# - -### RESOLV ################################################################## -resolv_enabled: True -#resolv_enabled: False -domain_name: lab.dc.verdnatura.es -search_name: lab.dc.verdnatura.es -resolvs: - - ip: 10.0.0.4 - - ip: 10.0.0.5 -############################################################################# - -### UPDATE ################################################################## -update_enabled: True -#update_enabled: False -############################################################################# - -### INSTALL PACKAGES ######################################################## -packages_enabled: True -#packages_enabled: False -############################################################################# - -### RELAY HOST SMTP ######################################################### -relay_host_enabled: True -#relay_host_enabled: False -############################################################################# - -### CENTRALIZED AUTH ######################################################## -centralized_auth_enabled: True -#centralized_auth_enabled: False -############################################################################# - -### SUDOERS ################################################################# -sudoers_enabled: True -#sudoers_enabled: False -############################################################################# - -### SECURE GRUB ############################################################# -#secure_grub_enabled: True -secure_grub_enabled: False -############################################################################# - -### VIM OPTIONS ############################################################# -vim_options_enabled: True -#vim_options_enabled: False -############################################################################# - -### MOTD #################################################################### -motd_enabled: True -#motd_enabled: False -############################################################################# - -### HOT PLUG ################################################################ -hot_plug_enabled: True -#hot_plug_enabled: False -############################################################################# - -### LOCALES ################################################################# -locales_enabled: True -#locales_enabled: False -############################################################################# - -### TZDATA ################################################################## -tzdata_enabled: True -#tzdata_enabled: False -############################################################################# - -### REPO VN ################################################################# -repo_vn_enabled: True -#repo_vn_enabled: False -############################################################################# - -### FAIL2BAN ################################################################ -fail2ban_enabled: True -#fail2ban_enabled: False -fail2ban_times: - - bantime: "604800" - maxretry: "4" - findtime: "604800" -fail2ban_jails: - - name: sshd - enabled: true - port: ['22'] - filter: sshd - logpath: "%(sshd_log)s" - backend: "%(sshd_backend)s" -############################################################################# - -### NAGIOS NRPE ############################################################# -#nagios_nrpe_enabled: True -nagios_nrpe_enabled: False -############################################################################# - -### SERVER TYPE ############################################################# -server_type_enabled: True -#server_type_enabled: False -############################################################################# - -### NTP ##################################################################### -ntp_enabled: True -#ntp_enabled: False -############################################################################# - -### AUTOFS HOMES ############################################################ -autofs_homes_enabled: True -#autofs_homes_enabled: False -############################################################################# - -### ZABBIX AGENT ############################################################ -#zabbix_agent_enabled: True -zabbix_agent_enabled: False -############################################################################# \ No newline at end of file diff --git a/hosts b/hosts index 0db6381..1dff883 100644 --- a/hosts +++ b/hosts @@ -1,3 +1,34 @@ +[ceph] + +ceph1 ansible_host=ceph1.core.dc.verdnatura.es +ceph2 ansible_host=ceph2.core.dc.verdnatura.es +ceph3 ansible_host=ceph3.core.dc.verdnatura.es + +[cephGw] + +ceph-gw1 ansible_host=ceph-gw1.core.dc.verdnatura.es +ceph-gw2 ansible_host=ceph-gw2.core.dc.verdnatura.es + +[pve] + +pve01 ansible_host=pve01.core.dc.verdnatura.es +pve02 ansible_host=pve02.core.dc.verdnatura.es +pve03 ansible_host=pve03.core.dc.verdnatura.es +pve04 ansible_host=pve04.core.dc.verdnatura.es +pve05 ansible_host=pve04.core.dc.verdnatura.es + +[coreHelper] + +core-agent ansible_host=core-agent.core.dc.verdnatura.es +core-proxy ansible_host=core-proxy.core.dc.verdnatura.es + +[core:children] + +ceph +cephGw +pve +coreHelper + [servers] dhcp1 ansible_host=dhcp1.servers.dc.verdnatura.es @@ -45,10 +76,6 @@ debian12-vm ansible_host=debian12-vm.servers.dc.verdnatura.es freeradiustotp ansible_host=freeradiustotp.servers.dc.verdnatura.es iventoy ansible_host=iventoy.servers.dc.verdnatura.es -[devices] - -nas2 ansible_host=nas2.servers.dc.verdnatura.es - [windows] a3 ansible_host=a3.outsource.dc.verdnatura.es @@ -67,35 +94,20 @@ docuware ansible_host=docuware.outsource.dc.verdnatura.es [backup] vm-backup ansible_host=vm-backup.backup.dc.verdnatura.es -kube-backup ansible_host=kube-backup.backup.dc.verdnatura.es backup-nas ansible_host=backup-nas.backup.dc.verdnatura.es bacularis ansible_host=bacularis.backup.dc.verdnatura.es bacula-dir ansible_host=bacula-dir.backup.dc.verdnatura.es bacula-db ansible_host=bacula-db.backup.dc.verdnatura.es -[pve] - -pve01 ansible_host=pve01.core.dc.verdnatura.es -pve02 ansible_host=pve02.core.dc.verdnatura.es -pve03 ansible_host=pve03.core.dc.verdnatura.es -pve04 ansible_host=pve04.core.dc.verdnatura.es - - -[pve-ilo] - -pve01-ilo ansible_host=pve01-ilo.core.dc.verdnatura.es -pve02-ilo ansible_host=pve02-ilo.core.dc.verdnatura.es -pve03-ilo ansible_host=pve03-ilo.core.dc.verdnatura.es -pve04-ilo ansible_host=pve04-ilo.core.dc.verdnatura.es -pve05-ilo ansible_host=pve05-ilo.core.dc.verdnatura.es - -[kube-master] +[kubeMaster] kube-master1 ansible_host=kube-master1.servers.dc.verdnatura.es kube-master2 ansible_host=kube-master2.servers.dc.verdnatura.es kube-master3 ansible_host=kube-master3.servers.dc.verdnatura.es +kube-master4 ansible_host=kube-master4.servers.dc.verdnatura.es +kube-master5 ansible_host=kube-master5.servers.dc.verdnatura.es -[kube-worker] +[kubeWorker] kube-worker1 ansible_host=kube-worker1.servers.dc.verdnatura.es kube-worker2 ansible_host=kube-worker2.servers.dc.verdnatura.es @@ -103,21 +115,21 @@ kube-worker3 ansible_host=kube-worker3.servers.dc.verdnatura.es kube-worker4 ansible_host=kube-worker4.servers.dc.verdnatura.es kube-worker5 ansible_host=kube-worker5.servers.dc.verdnatura.es -[kube-proxy] +[kubeProxy] kube-proxy1 ansible_host=kube-proxy1.servers.dc.verdnatura.es kube-proxy2 ansible_host=kube-proxy2.servers.dc.verdnatura.es -[kube-backup] +[kubeBackup] kube-helm ansible_host=kube-helm.servers.dc.verdnatura.es [kube:children] -kube-master -kube-worker -kube-proxy -kube-backup +kubeMaster +kubeWorker +kubeProxy +kubeBackup [test] diff --git a/hosts2 b/hosts2 deleted file mode 100644 index 0b1312e..0000000 --- a/hosts2 +++ /dev/null @@ -1,71 +0,0 @@ -[pcscomerciales] - -pc120 ansible_host=pc120.algemesi.verdnatura.es -pc213 ansible_host=pc213.algemesi.verdnatura.es -pc227 ansible_host=pc227.algemesi.verdnatura.es -pc235 ansible_host=pc235.algemesi.verdnatura.es -pc237 ansible_host=pc237.algemesi.verdnatura.es -pc243 ansible_host=pc243.algemesi.verdnatura.es -pc278 ansible_host=pc278.algemesi.verdnatura.es -pc279 ansible_host=pc279.algemesi.verdnatura.es -pc281 ansible_host=pc281.algemesi.verdnatura.es -pc289 ansible_host=pc289.algemesi.verdnatura.es -pc290 ansible_host=pc290.algemesi.verdnatura.es -pc291 ansible_host=pc291.algemesi.verdnatura.es -pc300 ansible_host=pc300.algemesi.verdnatura.es -pc301 ansible_host=pc301.algemesi.verdnatura.es -pc302 ansible_host=pc302.algemesi.verdnatura.es -pc304 ansible_host=pc304.algemesi.verdnatura.es -pc305 ansible_host=pc305.algemesi.verdnatura.es -pc308 ansible_host=pc308.algemesi.verdnatura.es -pc311 ansible_host=pc311.algemesi.verdnatura.es -pc312 ansible_host=pc312.algemesi.verdnatura.es -pc313 ansible_host=pc313.algemesi.verdnatura.es -pc318 ansible_host=pc318.algemesi.verdnatura.es -pc328 ansible_host=pc328.algemesi.verdnatura.es -pc342 ansible_host=pc342.algemesi.verdnatura.es -pc344 ansible_host=pc344.algemesi.verdnatura.es -pc350 ansible_host=pc350.algemesi.verdnatura.es -pc356 ansible_host=pc356.algemesi.verdnatura.es -pc358 ansible_host=pc358.algemesi.verdnatura.es -pc367 ansible_host=pc367.algemesi.verdnatura.es -pc371 ansible_host=pc371.algemesi.verdnatura.es -pc372 ansible_host=pc372.algemesi.verdnatura.es -pc373 ansible_host=pc373.algemesi.verdnatura.es -pc377 ansible_host=pc377.algemesi.verdnatura.es -pc378 ansible_host=pc378.algemesi.verdnatura.es -pc381 ansible_host=pc381.algemesi.verdnatura.es -pc382 ansible_host=pc382.algemesi.verdnatura.es -pc383 ansible_host=pc383.algemesi.verdnatura.es -pc385 ansible_host=pc385.algemesi.verdnatura.es -pc386 ansible_host=pc386.algemesi.verdnatura.es -pc387 ansible_host=pc387.algemesi.verdnatura.es -pc388 ansible_host=pc388.algemesi.verdnatura.es -pc389 ansible_host=pc389.algemesi.verdnatura.es -pc390 ansible_host=pc390.algemesi.verdnatura.es -pc391 ansible_host=pc391.algemesi.verdnatura.es -pc392 ansible_host=pc392.algemesi.verdnatura.es -pc393 ansible_host=pc393.algemesi.verdnatura.es -pc396 ansible_host=pc396.algemesi.verdnatura.es -pc397 ansible_host=pc397.algemesi.verdnatura.es -pc409 ansible_host=pc409.algemesi.verdnatura.es -pc413 ansible_host=pc413.algemesi.verdnatura.es -pc415 ansible_host=pc415.algemesi.verdnatura.es -pc417 ansible_host=pc417.algemesi.verdnatura.es -pc426 ansible_host=pc426.algemesi.verdnatura.es -pc429 ansible_host=pc429.algemesi.verdnatura.es -pc431 ansible_host=pc431.algemesi.verdnatura.es -pc432 ansible_host=pc432.algemesi.verdnatura.es -pc440 ansible_host=pc440.algemesi.verdnatura.es -pc456 ansible_host=pc456.algemesi.verdnatura.es -pc457 ansible_host=pc457.algemesi.verdnatura.es -pc458 ansible_host=pc458.algemesi.verdnatura.es -pc459 ansible_host=pc459.algemesi.verdnatura.es -pc461 ansible_host=pc461.algemesi.verdnatura.es -pc463 ansible_host=pc463.algemesi.verdnatura.es -pc465 ansible_host=pc465.algemesi.verdnatura.es -pc466 ansible_host=pc466.algemesi.verdnatura.es -pc467 ansible_host=pc467.algemesi.verdnatura.es -pc468 ansible_host=pc468.algemesi.verdnatura.es -pc473 ansible_host=pc473.algemesi.verdnatura.es -pc476 ansible_host=pc476.algemesi.verdnatura.es diff --git a/linux-base-config-debian-ct.yaml b/linux-base-config-debian-ct.yaml deleted file mode 100644 index 4d9e0e9..0000000 --- a/linux-base-config-debian-ct.yaml +++ /dev/null @@ -1,162 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - -# - name: "[CONFIG AWX-USER] Create awx user and config ssh-key" -# import_role: -# name: config-awx-user -# tags: config-awx-user_config - - - name: "[CONFIG ROOT USER] Configure SSH root user" - import_role: - name: config-root-user - when: root_user_enabled is defined and root_user_enabled - tags: config-root-user_config - - - name: "[CONFIG HOSTNAME] Configure hostname" - import_role: - name: config-hostname - when: hostname_enabled is defined and hostname_enabled - tags: config-hostname_config - - - name: "[CONFIG HOSTS FILE] Configure hosts file" - import_role: - name: config-hosts - when: hosts_enabled is defined and hosts_enabled - tags: config-hosts_config_config - - - name: "[CONFIG RESOLV FILE] Configure resolv file" - import_role: - name: config-resolv - when: resolv_enabled is defined and resolv_enabled - tags: config-resolv_config - -# - name: "[CONFIG BASE DEBIAN OS] Configure debian os" -# import_role: -# name: config-base-debian-os -# tags: config-base-debian-os_config - - - name: "[CONFIG UPDATE] Config update" - import_role: - name: config-update-and-upgrade-packages - when: update_enabled is defined and update_enabled - tags: config-update-and-upgrade-packages_config - - - name: "[CONFIG INSTALL PACKAGES] Install packages" - import_role: - name: config-install-packages - when: packages_enabled is defined and packages_enabled - tags: config-install-packages_config - - - name: "[CONFIG RELAYHOST SMTP] Config relayhost smtp" - import_role: - name: config-relayhost-smtp - when: relay_host_enabled is defined and relay_host_enabled - tags: config-relayhost-smtp_config - - - name: "[CONFIG CENTRALIZED AUTH] Config centralized auth" - import_role: - name: config-centralized-auth - when: centralized_auth_enabled is defined and centralized_auth_enabled - tags: config-centralized-auth_config - - - name: "[CONFIG SUDOERS] Config sudoers" - import_role: - name: config-sudoers - when: sudoers_enabled is defined and sudoers_enabled - tags: config-sudoers_config - -# - name: "[CONFIG SECURE GRUB] configure secure grub" -# import_role: -# name: config-secure-grub -# when: secure_grub_enabled is defined and secure_grub_enabled -# tags: config-secure-grub_config - - - name: "[CONFIG VIM OPTIONS] Config vim options" - import_role: - name: config-vim-options - when: vim_options_enabled is defined and vim_options_enabled - tags: config-vim-options_config - - - name: "[CONFIG MOTD] Config motd" - import_role: - name: config-motd - when: motd_enabled is defined and motd_enabled - tags: config-motd_config - -# - name: "[CONFIG HOT PLUG] Install and configure hot plug" -# import_role: -# name: config-hot-plug -# when: hot_plug_enabled is defined and hot_plug_enabled -# tags: config-hot-plug_config - - - name: "[CONFIG LOCALES] Set locales" - import_role: - name: config-locales - when: locales_enabled is defined and locales_enabled - tags: config-locales_config - - - name: "[CONFIG TZDATA] Set timezone" - import_role: - name: config-tzdata - when: tzdata_enabled is defined and tzdata_enabled - tags: config-tzdata_config - - - name: "[CONFIG REPO VN] Add-repos-vn" - import_role: - name: config-repo-vn - when: repo_vn_enabled is defined and repo_vn_enabled - tags: config-repo-vn_config - - - name: "[CONFIG FAIL2BAN] Install and configure fail2ban service" - import_role: - name: config-fail2ban - when: fail2ban_enabled is defined and fail2ban_enabled - tags: config-fail2ban_config - - - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" - import_role: - name: config-nagios-nrpe - when: nagios_nrpe_enabled is defined and nagios_nrpe_enabled - tags: config-nagios-nrpe_config - -# - name: "[CONFIG SERVER TYPE] Install guest side" -# import_role: -# name: config-server-type -# when: server_type_enabled is defined and server_type_enabled -# tags: config-server-type_config - -# NO HACE FALTA , PROXMOX CT utiliza ntp client de proxmox -# - name: "[CONFIG NTP] Install and configure ntp" -# import_role: -# name: config-ntp -# when: ntp_enabled is defined and ntp_enabled -# tags: config-ntp_config - -# - name: "[CONFIG AUTOFS HOMES] Install and configure AUTOFS HOMES" -# import_role: -# name: config-autofs-homes -# when: autofs_homes_enabled is defined and autofs_homes_enabled -# tags: config-autofs-homes_config - - - name: "[CONFIG ZABBIX AGENT] Install and configure ZABBIX AGENT" - import_role: - name: config-zabbix-agent - when: zabbix_agent_enabled is defined and zabbix_agent_enabled - tags: config-zabbix-agent_config - -#handlers: -# - include_tasks: roles/{{ item }}/handlers/main.yaml -# with_items: -# - config-awx-user -# - config-root-user -# - config-base-debian-os -# - config-repo-vn -# - config-fail2ban # or hacer -# - config-nagios-nrpe # or hacer -# - config-server-type \ No newline at end of file diff --git a/linux-base-config-debian-physical-server.yaml b/linux-base-config-debian-physical-server.yaml deleted file mode 100644 index 00fb2d0..0000000 --- a/linux-base-config-debian-physical-server.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - -# - name: "[CONFIG AWX-USER] Create awx user and config ssh-key" -# import_role: -# name: config-awx-user -# tags: config-awx-user_config - -# - name: "[CONFIG ROOT USER] Configure SSH root user" -# import_role: -# name: config-root-user -# tags: config-root-user_config - - - name: "[CONFIG BASE DEBIAN OS] Configure debian os" - import_role: - name: config-base-debian-os -# tags: config-base-debian-os_config - - - name: "[CONFIG LOCALES] Set locales" - import_role: - name: config-locales - - - name: "[CONFIG TZDATA] Set timezone" - import_role: - name: config-tzdata - - - name: "[CONFIG REPO VN] Add-repos-vn" - import_role: - name: config-repo-vn -# tags: config-repo-vn_config - - - name: "[CONFIG FAIL2BAN] Install and configure fail2ban service" - import_role: - name: config-fail2ban -# tags: config-fail2ban_config - - - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" - import_role: - name: config-nagios-nrpe -# tags: config-nagios-nrpe_config - -# - name: "[CONFIG SERVER TYPE] Install guest side" -# import_role: -# name: config-server-type -# tags: config-server-type_config - - - name: "[CONFIG NTP] Install and configure ntp" - import_role: - name: config-ntp -# tags: config-ntp_config - - - name: "[CONFIG AUTOFS HOMES] Install and configure AUTOFS HOMES" - import_role: - name: config-autofs-homes - - - name: "[CONFIG ZABBIX AGENT] Install and configure ZABBIX AGENT" - import_role: - name: config-zabbix-agent -# tags: config-zabbix-agent_config - -#handlers: -# - include_tasks: roles/{{ item }}/handlers/main.yaml -# with_items: -# - config-awx-user -# - config-root-user -# - config-base-debian-os -# - config-repo-vn -# - config-fail2ban # or hacer -# - config-nagios-nrpe # or hacer -# - config-server-type \ No newline at end of file diff --git a/linux-base-config-debian-vm.yaml b/linux-base-config-debian-vm.yaml deleted file mode 100644 index cf5fa01..0000000 --- a/linux-base-config-debian-vm.yaml +++ /dev/null @@ -1,156 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - -# - name: "[CONFIG AWX-USER] Create awx user and config ssh-key" -# import_role: -# name: config-awx-user -# tags: config-awx-user_config - - - name: "[CONFIG ROOT USER] Configure SSH root user" - import_role: - name: config-root-user - when: root_user_enabled is defined and root_user_enabled - tags: config-root-user_config - - - name: "[CONFIG HOSTNAME] Configure hostname" - import_role: - name: config-hostname - when: hostname_enabled is defined and hostname_enabled - tags: config-hostname_config - - - name: "[CONFIG HOSTS FILE] Configure hosts file" - import_role: - name: config-hosts - when: hosts_enabled is defined and hosts_enabled - tags: config-hosts_config_config - - - name: "[CONFIG RESOLV FILE] Configure resolv file" - import_role: - name: config-resolv - when: resolv_enabled is defined and resolv_enabled - tags: config-resolv_config - - - name: "[CONFIG UPDATE] Config update" - import_role: - name: config-update-and-upgrade-packages - when: update_enabled is defined and update_enabled - tags: config-update-and-upgrade-packages_config - - - name: "[CONFIG INSTALL PACKAGES] Install packages" - import_role: - name: config-install-packages - when: packages_enabled is defined and packages_enabled - tags: config-install-packages_config - - - name: "[CONFIG RELAYHOST SMTP] Config relayhost smtp" - import_role: - name: config-relayhost-smtp - when: relay_host_enabled is defined and relay_host_enabled - tags: config-relayhost-smtp_config - - - name: "[CONFIG CENTRALIZED AUTH] Config centralized auth" - import_role: - name: config-centralized-auth - when: centralized_auth_enabled is defined and centralized_auth_enabled - tags: config-centralized-auth_config - - - name: "[CONFIG SUDOERS] Config sudoers" - import_role: - name: config-sudoers - when: sudoers_enabled is defined and sudoers_enabled - tags: config-sudoers_config - - - name: "[CONFIG SECURE GRUB] configure secure grub" - import_role: - name: config-secure-grub - when: secure_grub_enabled is defined and secure_grub_enabled - tags: config-secure-grub_config - - - name: "[CONFIG VIM OPTIONS] Config vim options" - import_role: - name: config-vim-options - when: vim_options_enabled is defined and vim_options_enabled - tags: config-vim-options_config - - - name: "[CONFIG MOTD] Config motd" - import_role: - name: config-motd - when: motd_enabled is defined and motd_enabled - tags: config-motd_config - - - name: "[CONFIG HOT PLUG] Install and configure hot plug" - import_role: - name: config-hot-plug - when: hot_plug_enabled is defined and hot_plug_enabled - tags: config-hot-plug_config - - - name: "[CONFIG LOCALES] Set locales" - import_role: - name: config-locales - when: locales_enabled is defined and locales_enabled - tags: config-locales_config - - - name: "[CONFIG TZDATA] Set timezone" - import_role: - name: config-tzdata - when: tzdata_enabled is defined and tzdata_enabled - tags: config-tzdata_config - - - name: "[CONFIG REPO VN] Add-repos-vn" - import_role: - name: config-repo-vn - when: repo_vn_enabled is defined and repo_vn_enabled - tags: config-repo-vn_config - - - name: "[CONFIG FAIL2BAN] Install and configure fail2ban service" - import_role: - name: config-fail2ban - when: fail2ban_enabled is defined and fail2ban_enabled - tags: config-fail2ban_config - - - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" - import_role: - name: config-nagios-nrpe - when: nagios_nrpe_enabled is defined and nagios_nrpe_enabled - tags: config-nagios-nrpe_config - - - name: "[CONFIG SERVER TYPE] Install guest side" - import_role: - name: config-server-type - when: server_type_enabled is defined and server_type_enabled - tags: config-server-type_config - - - name: "[CONFIG NTP] Install and configure ntp" - import_role: - name: config-ntp - when: ntp_enabled is defined and ntp_enabled - tags: config-ntp_config - - - name: "[CONFIG AUTOFS HOMES] Install and configure AUTOFS HOMES" - import_role: - name: config-autofs-homes - when: autofs_homes_enabled is defined and autofs_homes_enabled - tags: config-autofs-homes_config - - - name: "[CONFIG ZABBIX AGENT] Install and configure ZABBIX AGENT" - import_role: - name: config-zabbix-agent - when: zabbix_agent_enabled is defined and zabbix_agent_enabled - tags: config-zabbix-agent_config - -#handlers: -# - include_tasks: roles/{{ item }}/handlers/main.yaml -# with_items: -# - config-awx-user -# - config-root-user -# - config-base-debian-os -# - config-repo-vn -# - config-fail2ban # or hacer -# - config-nagios-nrpe # or hacer -# - config-server-type \ No newline at end of file diff --git a/linux-base-config-debian.yaml b/linux-base-config-debian.yaml deleted file mode 100644 index a18b450..0000000 --- a/linux-base-config-debian.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - -# - name: "[CONFIG AWX-USER] Create awx user and config ssh-key" -# import_role: -# name: config-awx-user -# tags: config-awx-user_config - - - name: "[CONFIG ROOT USER] Configure SSH root user" - import_role: - name: config-root-user - tags: config-root-user_config - - - name: "[CONFIG BASE DEBIAN OS] Configure debian os" - import_role: - name: config-base-debian-os - tags: config-base-debian-os_config - - - name: "[CONFIG LOCALES] Set locales" - import_role: - name: config-locales - - - name: "[CONFIG TZDATA] Set timezone" - import_role: - name: config-tzdata - - - name: "[CONFIG REPO VN] Add-repos-vn" - import_role: - name: config-repo-vn - tags: config-repo-vn_config - - - name: "[CONFIG FAIL2BAN] Install and configure fail2ban service" - import_role: - name: config-fail2ban - tags: config-fail2ban_config - - - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" - import_role: - name: config-nagios-nrpe - tags: config-nagios-nrpe_config - - - name: "[CONFIG SERVER TYPE] Install guest side" - import_role: - name: config-server-type - tags: config-server-type_config - - - name: "[CONFIG NTP] Install and configure ntp" - import_role: - name: config-ntp - tags: config-ntp_config - - - name: "[CONFIG ZABBIX AGENT] Install and configure ZABBIX AGENT" - import_role: - name: config-zabbix-agent - tags: config-zabbix-agent_config - -#handlers: -# - include_tasks: roles/{{ item }}/handlers/main.yaml -# with_items: -# - config-awx-user -# - config-root-user -# - config-base-debian-os -# - config-repo-vn -# - config-fail2ban # or hacer -# - config-nagios-nrpe # or hacer -# - config-server-type \ No newline at end of file diff --git a/linux-config-autofs-homes.yaml b/linux-config-autofs-homes.yaml deleted file mode 100644 index 94c5b06..0000000 --- a/linux-config-autofs-homes.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: no - - tasks: - - - name: "[CONFIG AUTOFS HOMES] Comprobando si es necesario configurar AUTOFS HOMES" - debug: - msg: "No es necesario configurar AUTOFS HOMES en la máquina" - when: autofs_homes_enabled is not defined or not autofs_homes_enabled - - - name: "[CONFIG AUTOFS HOMES] Install and configure AUTOFS HOMES" - import_role: - name: config-autofs-homes - when: autofs_homes_enabled is defined and autofs_homes_enabled \ No newline at end of file diff --git a/linux-config-awx-user.yaml b/linux-config-awx-user.yaml deleted file mode 100644 index 06e80b0..0000000 --- a/linux-config-awx-user.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: no - - tasks: - - - name: "[CREATE AWX-USER] Create awx user and config ssh-key" - import_role: - name: config-awx-user \ No newline at end of file diff --git a/linux-config-base-debian-os.yaml b/linux-config-base-debian-os.yaml deleted file mode 100644 index 2899cbe..0000000 --- a/linux-config-base-debian-os.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -#- hosts: '{{ ip_addr }}' -# become: yes -# become_method: sudo -# gather_facts: yes - -# tasks: - -# - name: "[CONFIG BASE DEBIAN OS] Configure debian os" -# import_role: -# name: config-base-debian-os - -# - name: "[CONFIG LOCALES] Set locales" -# import_role: -# name: config-locales - -# - name: "[CONFIG TZDATA] Set timezone" -# import_role: -# name: config-tzdata \ No newline at end of file diff --git a/linux-config-centralized-auth.yaml b/linux-config-centralized-auth.yaml deleted file mode 100644 index ca3600d..0000000 --- a/linux-config-centralized-auth.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG CENTRALIZED AUTH] Comprobando si es necesario configurar centralized auth" - debug: - msg: "No es necesario configurar centralized auth en la máquina" - when: centralized_auth_enabled is not defined or not centralized_auth_enabled - - - name: "[CONFIG CENTRALIZED AUTH] Config centralized auth" - import_role: - name: config-centralized-auth - when: centralized_auth_enabled is defined and centralized_auth_enabled \ No newline at end of file diff --git a/linux-config-fail2ban.yaml b/linux-config-fail2ban.yaml deleted file mode 100644 index 469d244..0000000 --- a/linux-config-fail2ban.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG FAIL2BAN] Comprobando si es necesario configurar fail2ban " - debug: - msg: "No es necesario configurar fail2ban en la máquina" - when: fail2ban_enabled is not defined or not fail2ban_enabled - - - name: "[CONFIG FAIL2BAN] Install and configure fail2ban service" - import_role: - name: config-fail2ban - when: fail2ban_enabled is defined and fail2ban_enabled diff --git a/linux-config-freeradius-totp.yaml b/linux-config-freeradius-totp.yaml deleted file mode 100644 index 05439d4..0000000 --- a/linux-config-freeradius-totp.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: no - - tasks: - - - name: "[CONFIG FREERADIUS TOTOP] Install and configure FREERADIUS TOTOP" - import_role: - name: config-freeradius-totp \ No newline at end of file diff --git a/linux-config-hostname.yaml b/linux-config-hostname.yaml deleted file mode 100644 index d2d8fc6..0000000 --- a/linux-config-hostname.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG HOSTNAME] Comprobando si es necesario configurar hostname " - debug: - msg: "No es necesario configurar hostname en la máquina" - when: hostname_enabled is not defined or not hostname_enabled - - - name: "[CONFIG HOSTNAME] Configure hostname" - import_role: - name: config-hostname - when: hostname_enabled is defined and hostname_enabled diff --git a/linux-config-hosts.yaml b/linux-config-hosts.yaml deleted file mode 100644 index 14ed116..0000000 --- a/linux-config-hosts.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG HOSTS FILE] Comprobando si es necesario configurar hosts file " - debug: - msg: "No es necesario configurar hosts file en la máquina" - when: hosts_enabled is not defined or not hosts_enabled - - - name: "[CONFIG HOSTS FILE] Configure hosts file" - import_role: - name: config-hosts - when: hosts_enabled is defined and hosts_enabled - diff --git a/linux-config-hot-plug.yaml b/linux-config-hot-plug.yaml deleted file mode 100644 index ccfd01f..0000000 --- a/linux-config-hot-plug.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG HOT PLUG] Comprobando si es necesario configurar hot plug" - debug: - msg: "No es necesario configurar hot plug en la máquina" - when: hot_plug_enabled is not defined or not hot_plug_enabled - - - name: "[CONFIG HOT PLUG] Install and configure hot plug" - import_role: - name: config-hot-plug - when: hot_plug_enabled is defined and hot_plug_enabled diff --git a/linux-config-install-packages.yaml b/linux-config-install-packages.yaml deleted file mode 100644 index 905d74c..0000000 --- a/linux-config-install-packages.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG INSTALL PACKAGES] Comprobando si es necesario instalar paqueteria" - debug: - msg: "No es necesario instalar paqueteria en la máquina" - when: packages_enabled is not defined or not packages_enabled - - - name: "[CONFIG INSTALL PACKAGES] Install packages" - import_role: - name: config-install-packages - when: packages_enabled is defined and packages_enabled \ No newline at end of file diff --git a/linux-config-locales.yaml b/linux-config-locales.yaml deleted file mode 100644 index a16f686..0000000 --- a/linux-config-locales.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG LOCALES] Comprobando si es necesario configurar locales" - debug: - msg: "No es necesario configurar locales en la máquina" - when: locales_enabled is not defined or not locales_enabled - - - name: "[CONFIG LOCALES] Set locales" - import_role: - name: config-locales - when: locales_enabled is defined and locales_enabled \ No newline at end of file diff --git a/linux-config-motd.yaml b/linux-config-motd.yaml deleted file mode 100644 index 12a37fe..0000000 --- a/linux-config-motd.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG MOTD] Comprobando si es necesario configurar motd" - debug: - msg: "No es necesario configurar motd en la máquina" - when: motd_enabled is not defined or not motd_enabled - - - name: "[CONFIG MOTD] Config motd" - import_role: - name: config-motd - when: motd_enabled is defined and motd_enabled \ No newline at end of file diff --git a/linux-config-nagios-nrpe.yaml b/linux-config-nagios-nrpe.yaml deleted file mode 100644 index 6f699d1..0000000 --- a/linux-config-nagios-nrpe.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: no - - tasks: - - name: "[CONFIG NAGIOS NRPE] Install and configure nagios nrpe service" - import_role: - name: config-nagios-nrpe - when: nagios_nrpe_enabled is defined and nagios_nrpe_enabled diff --git a/linux-config-nsupdate.yaml b/linux-config-nsupdate.yaml deleted file mode 100644 index bb224cc..0000000 --- a/linux-config-nsupdate.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- - -- hosts: ns1 - become: yes - become_method: sudo - gather_facts: no - - tasks: - - - name: "[CONFIG NSUPDATE] configure zone with NSUPDATE" - import_role: - name: config-nsupdate \ No newline at end of file diff --git a/linux-config-ntp.yaml b/linux-config-ntp.yaml deleted file mode 100644 index f8feaad..0000000 --- a/linux-config-ntp.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG NTP] Comprobando si es necesario configurar ntp" - debug: - msg: "No es necesario configurar ntp en la máquina" - when: ntp_enabled is not defined or not ntp_enabled - - - name: "[CONFIG NTP] Install and configure ntp" - import_role: - name: config-ntp - when: ntp_enabled is defined and ntp_enabled diff --git a/linux-config-relayhost-smtp.yaml b/linux-config-relayhost-smtp.yaml deleted file mode 100644 index 6fc7eaa..0000000 --- a/linux-config-relayhost-smtp.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG RELAYHOST SMTP] Comprobando si es necesario configurar relayhost smtp" - debug: - msg: "No es necesario configurar relayhost smtp en la máquina" - when: relay_host_enabled is not defined or not relay_host_enabled - - - name: "[CONFIG RELAYHOST SMTP] Config relayhost smtp" - import_role: - name: config-relayhost-smtp - when: relay_host_enabled is defined and relay_host_enabled \ No newline at end of file diff --git a/linux-config-repo-vn.yaml b/linux-config-repo-vn.yaml deleted file mode 100644 index 7038a22..0000000 --- a/linux-config-repo-vn.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: no - - tasks: - - - name: "[CONFIG REPO VN] Comprobando si es necesario configurar repositorios" - debug: - msg: "No es necesario configurar repositorios en la máquina" - when: repo_vn_enabled is not defined or not repo_vn_enabled - - - name: "[CONFIG REPO VN] Add-repos-vn" - import_role: - name: config-repo-vn - when: repo_vn_enabled is defined and repo_vn_enabled diff --git a/linux-config-resolv.yaml b/linux-config-resolv.yaml deleted file mode 100644 index c087f33..0000000 --- a/linux-config-resolv.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG RESOLV FILE] Comprobando si es necesario configurar resolv file " - debug: - msg: "No es necesario configurar resolv file en la máquina" - when: resolv_enabled is not defined or not resolv_enabled - - - name: "[CONFIG RESOLV FILE] Configure resolv file" - import_role: - name: config-resolv - when: resolv_enabled is defined and resolv_enabled diff --git a/linux-config-root-user.yaml b/linux-config-root-user.yaml deleted file mode 100644 index 41165b9..0000000 --- a/linux-config-root-user.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: no - - tasks: - - - name: "[CONFIG ROOT USER] Comprobando si es necesario configurar SSH root user" - debug: - msg: "No es necesario configurar SSH root user en la máquina" - when: root_user_enabled is not defined or not root_user_enabled - - - name: "[CONFIG ROOT USER] Configure SSH root user" - import_role: - name: config-root-user - when: root_user_enabled is defined and root_user_enabled diff --git a/linux-config-secure-grub.yaml b/linux-config-secure-grub.yaml deleted file mode 100644 index e422168..0000000 --- a/linux-config-secure-grub.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG SECURE GRUB] Comprobando si es necesario configurar secure grub" - debug: - msg: "No es necesario configurar secure grub en la máquina" - when: secure_grub_enabled is not defined or not secure_grub_enabled - - - name: "[CONFIG SECURE GRUB] configure secure grub" - import_role: - name: config-secure-grub - when: secure_grub_enabled is defined and secure_grub_enabled diff --git a/linux-config-send-mail.yaml b/linux-config-send-mail.yaml deleted file mode 100644 index 7080807..0000000 --- a/linux-config-send-mail.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- - -- hosts: localhost - become: no - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG SEND MAIL] Send Mail" - import_role: - name: config-send-mail \ No newline at end of file diff --git a/linux-config-server-type.yaml b/linux-config-server-type.yaml deleted file mode 100644 index 84609b0..0000000 --- a/linux-config-server-type.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: no - - tasks: - - - name: "[CONFIG SERVER TYPE] Comprobando si es necesario instalar guest side" - debug: - msg: "No es necesario instalar guest side en la máquina" - when: server_type_enabled is not defined or not server_type_enabled - - - name: "[CONFIG SERVER TYPE] Install guest side" - import_role: - name: config-server-type - when: server_type_enabled is defined and server_type_enabled diff --git a/linux-config-sudoers.yaml b/linux-config-sudoers.yaml deleted file mode 100644 index dbc1a7f..0000000 --- a/linux-config-sudoers.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG SUDOERS] Comprobando si es necesario configurar sudoers" - debug: - msg: "No es necesario configurar sudoers en la máquina" - when: sudoers_enabled is not defined or not sudoers_enabled - - - name: "[CONFIG SUDOERS] Config sudoers" - import_role: - name: config-sudoers - when: sudoers_enabled is defined and sudoers_enabled \ No newline at end of file diff --git a/linux-config-tzdata.yaml b/linux-config-tzdata.yaml deleted file mode 100644 index 2b5b49f..0000000 --- a/linux-config-tzdata.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG TZDATA] Comprobando si es necesario configurar timezone" - debug: - msg: "No es necesario configurar timezone en la máquina" - when: tzdata_enabled is not defined or not tzdata_enabled - - - name: "[CONFIG TZDATA] Set timezone" - import_role: - name: config-tzdata - when: tzdata_enabled is defined and tzdata_enabled \ No newline at end of file diff --git a/linux-config-update-and-upgrade-packages.yaml b/linux-config-update-and-upgrade-packages.yaml deleted file mode 100644 index 69adfce..0000000 --- a/linux-config-update-and-upgrade-packages.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG UPDATE] Comprobando si es necesario realizar update " - debug: - msg: "No es necesario realizar update en la máquina" - when: update_enabled is not defined or not update_enabled - - - name: "[CONFIG UPDATE] Config update" - import_role: - name: config-update-and-upgrade-packages - when: update_enabled is defined and update_enabled \ No newline at end of file diff --git a/linux-config-vim-options.yaml b/linux-config-vim-options.yaml deleted file mode 100644 index c77eb46..0000000 --- a/linux-config-vim-options.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - - - name: "[CONFIG VIM OPTIONS] Comprobando si es necesario configurar vim options" - debug: - msg: "No es necesario configurar vim options en la máquina" - when: vim_options_enabled is not defined or not vim_options_enabled - - - name: "[CONFIG VIM OPTIONS] Config vim options" - import_role: - name: config-vim-options - when: vim_options_enabled is defined and vim_options_enabled \ No newline at end of file diff --git a/linux-config-zabbix-agent.yaml b/linux-config-zabbix-agent.yaml deleted file mode 100644 index 4897a86..0000000 --- a/linux-config-zabbix-agent.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: no - - tasks: - - - name: "[CONFIG ZABBIX AGENT] Comprobando si es necesario configurar ZABBIX AGENT" - debug: - msg: "No es necesario configurar ZABBIX AGENT en la máquina" - when: zabbix_agent_enabled is not defined or not zabbix_agent_enabled - - - name: "[CONFIG ZABBIX AGENT] Install and configure ZABBIX AGENT" - import_role: - name: config-zabbix-agent - when: zabbix_agent_enabled is defined and zabbix_agent_enabled \ No newline at end of file diff --git a/linux-patch-exim4.yaml b/linux-patch-exim4.yaml deleted file mode 100644 index 1d240b9..0000000 --- a/linux-patch-exim4.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- hosts: '{{ ip_addr }}' - become: yes - become_method: sudo - gather_facts: yes - - tasks: - -# step1 - run apt-get update - - name: update index of all packages - ansible.builtin.apt: - update_cache: true - force_apt_get: true - -# step2 - run apt-get update - - name: update all packages to their latest version - ansible.builtin.apt: - name: "exim4" - state: latest - force_apt_get: true - -# step3 - run apt autoremove - - name: autoremove packages unused dependency packages - ansible.builtin.apt: - autoremove: true - force_apt_get: true \ No newline at end of file diff --git a/linux-ping.yml b/linux-ping.yml deleted file mode 100644 index 9b684d9..0000000 --- a/linux-ping.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -- hosts: '{{ hosts_servers }}' - gather_facts: true - tasks: - - ping: \ No newline at end of file diff --git a/playbooks/debian-base.yaml b/playbooks/debian-base.yaml new file mode 100644 index 0000000..2807e6d --- /dev/null +++ b/playbooks/debian-base.yaml @@ -0,0 +1,20 @@ +- hosts: all + tasks: + - name: Set locales + import_role: + name: config-locales + - name: Set timezone + import_role: + name: config-tzdata + - name: Install and configure fail2ban service + import_role: + name: config-fail2ban + tags: config-fail2ban_config + - name: Install guest side + import_role: + name: config-server-type + tags: config-server-type_config + - name: Install and configure ntp + import_role: + name: config-ntp + tags: config-ntp_config diff --git a/playbooks/debian-ct.yaml b/playbooks/debian-ct.yaml new file mode 100644 index 0000000..6b0c442 --- /dev/null +++ b/playbooks/debian-ct.yaml @@ -0,0 +1,27 @@ +- hosts: all + + - name: Config relayhost smtp + import_role: + name: config-relayhost-smtp + when: relay_host_enabled is defined and relay_host_enabled + tags: config-relayhost-smtp_config + - name: Config centralized auth + import_role: + name: config-centralized-auth + when: centralized_auth_enabled is defined and centralized_auth_enabled + tags: config-centralized-auth_config + - name: Set locales + import_role: + name: config-locales + when: locales_enabled is defined and locales_enabled + tags: config-locales_config + - name: Set timezone + import_role: + name: config-tzdata + when: tzdata_enabled is defined and tzdata_enabled + tags: config-tzdata_config + - name: Install and configure fail2ban service + import_role: + name: config-fail2ban + when: fail2ban_enabled is defined and fail2ban_enabled + tags: config-fail2ban_config diff --git a/playbooks/debian-infra.yaml b/playbooks/debian-infra.yaml new file mode 100644 index 0000000..40ebf56 --- /dev/null +++ b/playbooks/debian-infra.yaml @@ -0,0 +1,23 @@ +- hosts: all + tasks: + - name: Configure debian os + import_role: + name: config-base-debian-os + - name: Set locales + import_role: + name: config-locales + - name: Set timezone + import_role: + name: config-tzdata + - name: Add-repos-vn + import_role: + name: config-repo-vn + - name: Install and configure fail2ban service + import_role: + name: config-fail2ban + - name: Install and configure nagios nrpe service + import_role: + name: config-nagios-nrpe + - name: Install and configure ntp + import_role: + name: config-ntp diff --git a/playbooks/debian-upgrade.yaml b/playbooks/debian-upgrade.yaml new file mode 100644 index 0000000..de568cd --- /dev/null +++ b/playbooks/debian-upgrade.yaml @@ -0,0 +1,5 @@ +- hosts: all + tasks: + - name: Upgrade system + import_role: + name: linux-upgrade diff --git a/playbooks/debian-vm.yaml b/playbooks/debian-vm.yaml new file mode 100644 index 0000000..0e6ff3e --- /dev/null +++ b/playbooks/debian-vm.yaml @@ -0,0 +1,57 @@ +- hosts: all + tasks: + - name: Install packages + import_role: + name: config-install-packages + when: packages_enabled is defined and packages_enabled + tags: config-install-packages_config + - name: Config relayhost smtp + import_role: + name: config-relayhost-smtp + when: relay_host_enabled is defined and relay_host_enabled + tags: config-relayhost-smtp_config + - name: Config centralized auth + import_role: + name: config-centralized-auth + when: centralized_auth_enabled is defined and centralized_auth_enabled + tags: config-centralized-auth_config + - name: configure secure grub + import_role: + name: config-secure-grub + when: secure_grub_enabled is defined and secure_grub_enabled + tags: config-secure-grub_config + - name: Install and configure hot plug + import_role: + name: config-hot-plug + when: hot_plug_enabled is defined and hot_plug_enabled + tags: config-hot-plug_config + - name: Set locales + import_role: + name: config-locales + when: locales_enabled is defined and locales_enabled + tags: config-locales_config + - name: Set timezone + import_role: + name: config-tzdata + when: tzdata_enabled is defined and tzdata_enabled + tags: config-tzdata_config + - name: Install and configure fail2ban service + import_role: + name: config-fail2ban + when: fail2ban_enabled is defined and fail2ban_enabled + tags: config-fail2ban_config + - name: Install guest side + import_role: + name: config-server-type + when: server_type_enabled is defined and server_type_enabled + tags: config-server-type_config + - name: Install and configure ntp + import_role: + name: config-ntp + when: ntp_enabled is defined and ntp_enabled + tags: config-ntp_config + - name: Install and configure AUTOFS HOMES + import_role: + name: config-autofs-homes + when: autofs_homes_enabled is defined and autofs_homes_enabled + tags: config-autofs-homes_config diff --git a/playbooks/debian.yaml b/playbooks/debian.yaml new file mode 100644 index 0000000..0db3d8a --- /dev/null +++ b/playbooks/debian.yaml @@ -0,0 +1,5 @@ +- hosts: all + tasks: + - name: Configure base system + import_role: + name: linux-base diff --git a/playbooks/freeradius.yaml b/playbooks/freeradius.yaml new file mode 100644 index 0000000..2783ef1 --- /dev/null +++ b/playbooks/freeradius.yaml @@ -0,0 +1,5 @@ +- hosts: all + tasks: + - name: Install and configure Freeradius with TOTP + import_role: + name: freeradius \ No newline at end of file diff --git a/playbooks/nsupdate.yaml b/playbooks/nsupdate.yaml new file mode 100644 index 0000000..454bb43 --- /dev/null +++ b/playbooks/nsupdate.yaml @@ -0,0 +1,5 @@ +- hosts: ns1 + tasks: + - name: Configure zone with nsupdate + import_role: + name: nsupdate \ No newline at end of file diff --git a/playbooks/ping.yml b/playbooks/ping.yml new file mode 100644 index 0000000..55c6a68 --- /dev/null +++ b/playbooks/ping.yml @@ -0,0 +1,3 @@ +- hosts: all + tasks: + - ping: \ No newline at end of file diff --git a/playbooks/send-mail.yaml b/playbooks/send-mail.yaml new file mode 100644 index 0000000..64aad1e --- /dev/null +++ b/playbooks/send-mail.yaml @@ -0,0 +1,7 @@ +- hosts: localhost + become: no + become_method: sudo + tasks: + - name: Send mail + import_role: + name: config-send-mail diff --git a/playbooks/test.yaml b/playbooks/test.yaml new file mode 100644 index 0000000..99e65fd --- /dev/null +++ b/playbooks/test.yaml @@ -0,0 +1,5 @@ +- hosts: all + tasks: + - name: Test role + import_role: + name: linux-fail2ban diff --git a/playbooks/windows-ping.yml b/playbooks/windows-ping.yml new file mode 100644 index 0000000..2a141f4 --- /dev/null +++ b/playbooks/windows-ping.yml @@ -0,0 +1,5 @@ +- name: Ping Windows hosts + hosts: windows + tasks: + - name: Ping Windows hosts + ansible.windows.win_ping: \ No newline at end of file diff --git a/windows-update_windows.yaml b/playbooks/windows-update.yaml similarity index 66% rename from windows-update_windows.yaml rename to playbooks/windows-update.yaml index 3fe6c9b..301bf77 100644 --- a/windows-update_windows.yaml +++ b/playbooks/windows-update.yaml @@ -2,14 +2,12 @@ ignore_unreachable: yes serial: 1 tasks: - # Check if there are missing updates - block: - - name: Check for missing updates. + - name: Check if there are missing updates win_updates: state=searched register: update_count - #Install missing updates only if at least one is missing - block: - - name: Install missing updates. + - name: Install missing updates only if at least one is missing win_updates: category_names: '*' #- Application @@ -23,8 +21,8 @@ #- UpdateRollups #- CriticalUpdates #- SecurityUpdates - log_path: C:\Win_Template_Patch.log - register: update_result + log_path: C:\Win_Template_Patch.log + register: update_result - name: Reboot, if needed. win_reboot: when: update_result.reboot_required diff --git a/roles/awx/files/awx b/roles/awx/files/awx new file mode 100644 index 0000000..7070021 --- /dev/null +++ b/roles/awx/files/awx @@ -0,0 +1 @@ +awx-user ALL=(ALL) NOPASSWD:ALL diff --git a/roles/awx/tasks/main.yaml b/roles/awx/tasks/main.yaml new file mode 100644 index 0000000..9ccdbe0 --- /dev/null +++ b/roles/awx/tasks/main.yaml @@ -0,0 +1,23 @@ +- name: Create AWX user + user: + name: awx-user + password: '*' + shell: /bin/bash + groups: sudo + state: present + comment: ssh user +- name: Adding SSH public key + authorized_key: + user: awx-user + key: "{{ awx_pub_key }}" +- name: Install sudo package + apt: + name: sudo + state: present +- name: Add user to sudoers + copy: + src: awx + dest: /etc/sudoers.d/ + mode: u=rw,g=r + owner: root + group: root diff --git a/roles/awx/vars/main.yaml b/roles/awx/vars/main.yaml new file mode 100644 index 0000000..b8d6bad --- /dev/null +++ b/roles/awx/vars/main.yaml @@ -0,0 +1 @@ +awx_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHnD4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJsOoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2Vo05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGTSHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es diff --git a/roles/config-autofs-homes/handlers/main.yaml b/roles/config-autofs-homes/handlers/main.yaml deleted file mode 100644 index 14d5537..0000000 --- a/roles/config-autofs-homes/handlers/main.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -# restart nslcd service to apply changes -- name: restart nslcd - service: - name: "{{ nslcd_daemon }}" - state: restarted - -# restart autofs service to apply changes -- name: restart autofs - service: - name: "{{ autofs_daemon }}" - state: restarted \ No newline at end of file diff --git a/roles/config-autofs-homes/tasks/main.yaml b/roles/config-autofs-homes/tasks/main.yaml deleted file mode 100644 index f6a35f2..0000000 --- a/roles/config-autofs-homes/tasks/main.yaml +++ /dev/null @@ -1,70 +0,0 @@ ---- - -- name: "[CONFIG AUTOFS HOMES] Comprobando si es necesario configurar AUTOFS HOMES" - meta: end_host - when: autofs_homes_enabled is not defined or not autofs_homes_enabled - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# install packages nfs-common , autofs , libnfs-utils , autofs-ldap -- name: install packages for autofs - apt: - name: "{{ item }}" - state: present - with_items: - - nfs-common - - autofs - - libnfs-utils - - autofs-ldap -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# create directory /mnt/homes for mount -- name: create directory /mnt/homes - ansible.builtin.file: - path: "{{ path_mnt_homes }}" - state: directory - mode: '0755' -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# add line to /etc/nsswitch.conf -- name: add line to file /etc/nsswitch.conf - lineinfile: - path: "{{ path_nsswitch }}" - line: "automount: files" - notify: restart nslcd -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# add files configured to autofs -# paso 1 -- name: add file homes.autofs configured to autofs - copy: - src: homes.autofs - dest: "{{ path_home_autofs }}" - owner: root - group: root - mode: '0644' -# paso 2 -- name: add file /etc/auto.homes configured to the systemd - copy: - src: auto.homes - dest: "{{ path_auto_homes }}" - owner: root - group: root - mode: '0644' - notify: restart autofs -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# enabled autofs -- name: service should start on boot - service: - name: "{{ autofs_daemon }}" - enabled: yes -# enabled nslcd -- name: service should start on boot - service: - name: "{{ nslcd_daemon }}" - enabled: yes -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \ No newline at end of file diff --git a/roles/config-autofs-homes/vars/main.yaml b/roles/config-autofs-homes/vars/main.yaml deleted file mode 100644 index 26768e7..0000000 --- a/roles/config-autofs-homes/vars/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -nslcd_daemon: nslcd -autofs_daemon: autofs -path_auto_homes: /etc/auto.homes -path_home_autofs: /etc/auto.master.d/homes.autofs -path_nsswitch: /etc/nsswitch.conf -path_mnt_homes: /mnt/homes \ No newline at end of file diff --git a/roles/config-awx-user/tasks/main.yaml b/roles/config-awx-user/tasks/main.yaml deleted file mode 100644 index 5812a8f..0000000 --- a/roles/config-awx-user/tasks/main.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# create user awx-user on debian os -- name: Create a ssh user awx-user in the system - user: - name: awx-user - password: '*' - shell: /bin/bash - groups: sudo - state: present - comment: ssh user -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# add ssh-key pub to user awx-user -- name: Adding ssh-pub-key to user awx-user - authorized_key: - user: awx-user - key: "{{ key_to_add }}" -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# install sudo package -- name: Install sudo package - apt: - name: sudo - state: present -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# add awx-user to sudoers -- name: Add awx-user to sudoers - file: - path: /etc/sudoers.d/awx-user - state: touch - mode: u=rw,g=r,o=r -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# add a line to /etc/sudoers.d/awx-user file -- name: add a line to /etc/sudoers.d/awx-user file - lineinfile: - path: /etc/sudoers.d/awx-user - line: awx-user ALL=(ALL) NOPASSWD:ALL -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \ No newline at end of file diff --git a/roles/config-awx-user/vars/main.yaml b/roles/config-awx-user/vars/main.yaml deleted file mode 100644 index 89acff0..0000000 --- a/roles/config-awx-user/vars/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ -# variables -key_to_add: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHnD4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJsOoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2Vo05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGTSHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es \ No newline at end of file diff --git a/roles/config-centralized-auth/handlers/main.yaml b/roles/config-centralized-auth/handlers/main.yaml deleted file mode 100644 index 6a83f82..0000000 --- a/roles/config-centralized-auth/handlers/main.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# restart nslcd service to apply changes -- name: restart nslcd - service: - name: "{{ nslcd_daemon }}" - state: restarted \ No newline at end of file diff --git a/roles/config-centralized-auth/tasks/main.yaml b/roles/config-centralized-auth/tasks/main.yaml deleted file mode 100644 index a866766..0000000 --- a/roles/config-centralized-auth/tasks/main.yaml +++ /dev/null @@ -1,52 +0,0 @@ - -- name: "[CONFIG CENTRALIZED AUTH] Comprobando si es necesario configurar centralized auth" - meta: end_host - when: centralized_auth_enabled is not defined or not centralized_auth_enabled - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# configure centralized authentication [nslcd] -# paso1 - Copy -- name: copy file nslcd.conf - copy: - src: nslcd.conf - dest: /etc/nslcd.conf - owner: root - group: nslcd - mode: '0640' - backup: yes -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso2 - lineinfile password with vault -- name: add password with ansible vault to file nslcd.conf - lineinfile: - dest: /etc/nslcd.conf - regexp: "{{item.regexp}}" - line: "{{item.line}}" - state: present - with_items: - - regexp: "^bindpw" - line: "bindpw {{ bindpw_password }}" -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso3 - editar lineas fichero /etc/nsswitch.conf -- name: edit file /etc/nsswitch.conf - lineinfile: - dest: /etc/nsswitch.conf - regexp: "{{item.regexp}}" - line: "{{item.line}}" - state: present - with_items: - - regexp: "^passwd:" - line: "passwd: files systemd ldap" - - regexp: "^group:" - line: "group: files systemd ldap" -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso4 - reconfigure PAM to use LDAP -- name: reconfigure PAM to use LDAP - shell: pam-auth-update --enable ldap - notify: restart nslcd -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# service should start on boot. -- name: service should start on boot - service: - name: "{{ nslcd_daemon }}" - enabled: yes -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \ No newline at end of file diff --git a/roles/config-fail2ban/handlers/main.yaml b/roles/config-fail2ban/handlers/main.yaml deleted file mode 100644 index 171e080..0000000 --- a/roles/config-fail2ban/handlers/main.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# restart fail2ban service to apply changes -- name: restart fail2ban - service: - name: "{{ fail2ban_daemon }}" - state: restarted -# restart nftables service -- name: restart nftables - service: - name: "{{ nftables_daemon }}" - state: restarted \ No newline at end of file diff --git a/roles/config-fail2ban/tasks/main.yaml b/roles/config-fail2ban/tasks/main.yaml deleted file mode 100644 index d0a5b0c..0000000 --- a/roles/config-fail2ban/tasks/main.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Install and configure FAIL2BAN -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -- name: "[CONFIG FAIL2BAN] Comprobando si es necesario configurar fail2ban" - meta: end_host - when: fail2ban_enabled is not defined or not fail2ban_enabled - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# comprobe if fail2ban is installed if not then install fail2ban -# Gather the package facts -# - name: Gather the package facts -# package_facts: -# manager: auto -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# install packages if is not in the system -- name: install fail2ban package if is not in the system - apt: - name: fail2ban - state: present -# when: "'fail2ban' not in ansible_facts.packages" # ansible comprobes if is ok its installed -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# configure fail2ban -# template a file to /etc/fail2ban/jail.local -- name: template a file to /etc/fail2ban/jail.local - template: - src: jail2.j2 - dest: "{{ path_jail_local }}" - owner: root - group: root - mode: '0644' - backup: true - notify: restart fail2ban -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# service fail2ban should start on boot. -- name: service should start on boot - service: - name: "{{ fail2ban_daemon }}" - enabled: yes -# service nftables should start on boot. -- name: service nftables should start on boot - service: - name: "{{ nftables_daemon }}" - enabled: true - notify: restart nftables -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-fail2ban/templates/jail.j2 b/roles/config-fail2ban/templates/jail.j2 deleted file mode 100644 index 69a8295..0000000 --- a/roles/config-fail2ban/templates/jail.j2 +++ /dev/null @@ -1,38 +0,0 @@ - -#+++++++++++++++++++++++++++++++++++++ -# PLS , DONT EDIT THIS FILE , THIS FILE IS DEPLOYER WITH ANSIBLE TEMPLATES , IF U WANT SOME CHANGES OR ADD NEW POLICIES -# EDIT THE FILE config-fail2ban.yaml IN GITEA REPO vn-ansible > linux > base-config-debian , AND ADD MORE VARS -#+++++++++++++++++++++++++++++++++++++ - -#+++++++++++++++++++++++++++++++++++++ -[DEFAULT] -# Add any default configuration options here -bantime = {{ bantime }} -maxretry = {{ maxretry }} -findtime = {{ findtime }} -destemail = sysadmin@verdnatura.es -sender = root@{{ ansible_nodename }}.verdnatura.es -banaction = nftables-multiport -banaction_allports = nftables-allports -action = %(action_mwl)s -#+++++++++++++++++++++++++++++++++++++ - -# 31536000 ; year -# 18144000 ; 30days -# 604800 ; 1 week -# 86400 ; 1 day -# 3600 ; 1 hour - -{% for jail in jails %} -#+++++++++++++++++++++++++++++++++++++ -[{{ jail.name }}] -enabled = {{ jail.enabled }} -filter = {{ jail.filter }} -logpath = {{ jail.logpath }} -port = {{ jail.port | join(' ') }} -maxretry = {{ jail.maxretry }} -bantime = {{ jail.bantime }} -findtime = {{ jail.findtime }} -action = {{ jail.action }} -{% endfor %} -#+++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-fail2ban/templates/jail2.j2 b/roles/config-fail2ban/templates/jail2.j2 deleted file mode 100644 index 44aac55..0000000 --- a/roles/config-fail2ban/templates/jail2.j2 +++ /dev/null @@ -1,91 +0,0 @@ -#+++++++++++++++++++++++++++++++++++++ -# PLS , DONT EDIT THIS FILE , THIS FILE IS DEPLOYER WITH ANSIBLE TEMPLATES , IF U WANT SOME CHANGES OR ADD NEW POLICIES -# EDIT THE FILE config-fail2ban.yaml IN GITEA REPO vn-ansible > linux > base-config-debian , AND ADD MORE VARS -#+++++++++++++++++++++++++++++++++++++ - -# Custom fail2ban conf - -#+++++++++++++++++++++++++++++++++++++ - -# 31536000 ; year -# 18144000 ; 30days -# 604800 ; 1 week -# 86400 ; 1 day -# 3600 ; 1 hour - -#+++++++++++++++++++++++++++++++++++++ - -[INCLUDES] - -# -# INCLUDES -# - -before = paths-debian.conf - -#+++++++++++++++++++++++++++++++++++++ - -# The DEFAULT allows a global definition of the options. They can be overridden -# in each jail afterwards. - -[DEFAULT] - -# -# OPTIONS CONF DEFAULT -# - -# ignorecommand = -{% if fail2ban_times is defined %} -{% for time in fail2ban_times %} -bantime = {{ time.bantime | default('604800')}} -findtime = {{ time.findtime | default('604800')}} -maxretry = {{ time.maxretry | default('4')}} -{% endfor %} -{% endif %} -maxmatches = %(maxretry)s -backend = auto -usedns = warn -logencoding = auto -enabled = false -mode = normal -filter = %(__name__)s[mode=%(mode)s] -destemail = sysadmin@verdnatura.es -sender = root@ -mta = mail -protocol = tcp -chain = -port = 0:65535 -fail2ban_agent = Fail2Ban/%(fail2ban_version)s -banaction = nftables-multiport -banaction_allports = nftables-allports -action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] -action_mw = %(action_)s - %(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] -action_mwl = %(action_)s - %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] -action_xarf = %(action_)s - xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"] -action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] - %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] -action_blocklist_de = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] -action_abuseipdb = abuseipdb -action = %(action_mwl)s - -#+++++++++++++++++++++++++++++++++++++ - -# -# JAILS -# - -{% if fail2ban_jails is defined %} -{% for jail in fail2ban_jails %} -#+++++++++++++++++++++++++++++++++++++ -[{{ jail.name }}] -enabled = {{ jail.enabled }} -port = {{ jail.port | join(' ') }} -filter = {{ jail.filter }} -logpath = {{ jail.logpath }} -backend = {{ jail.backend }} -{% endfor %} -{% endif %} -#+++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-fail2ban/vars/main.yaml b/roles/config-fail2ban/vars/main.yaml deleted file mode 100644 index 4fae26c..0000000 --- a/roles/config-fail2ban/vars/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# vars file -path_jail_local: /etc/fail2ban/jail.local -fail2ban_daemon: fail2ban -nftables_daemon: nftables \ No newline at end of file diff --git a/roles/config-hostname/tasks/main.yaml b/roles/config-hostname/tasks/main.yaml deleted file mode 100644 index 5b9e277..0000000 --- a/roles/config-hostname/tasks/main.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Configure HOSTNAME and HOSTS with new HOSTNAME -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -- name: "[CONFIG HOSTNAME] Comprobando si es necesario configurar hostname " - meta: end_host - when: hostname_enabled is not defined or not hostname_enabled - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Configure HOSTNAME /etc/hostname -- name: Set a hostname specifying strategy in /etc/hostname - ansible.builtin.hostname: - name: "{{ hostname }}" - use: debian -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/hostname_module.html#ansible-collections-ansible-builtin-hostname-module -# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/replace_module.html#ansible-collections-ansible-builtin-replace-module -# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html#ansible-collections-ansible-builtin-lineinfile-module diff --git a/roles/config-hosts/tasks/main.yaml b/roles/config-hosts/tasks/main.yaml deleted file mode 100644 index be4c05b..0000000 --- a/roles/config-hosts/tasks/main.yaml +++ /dev/null @@ -1,15 +0,0 @@ - -- name: "[CONFIG HOSTS FILE] Comprobando si es necesario configurar hosts file " - meta: end_host - when: hosts_enabled is not defined or not hosts_enabled - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- name: Replace old /etc/hosts with new /etc/hosts - template: - src: hosts.j2 - dest: "{{ path_hosts }}" - owner: root - group: root - mode: '0644' - backup: true -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-hosts/vars/main.yaml b/roles/config-hosts/vars/main.yaml deleted file mode 100644 index cb9dd71..0000000 --- a/roles/config-hosts/vars/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# vars file -path_hosts: /etc/hosts \ No newline at end of file diff --git a/roles/config-hot-plug/tasks/main.yaml b/roles/config-hot-plug/tasks/main.yaml deleted file mode 100644 index 2a249d7..0000000 --- a/roles/config-hot-plug/tasks/main.yaml +++ /dev/null @@ -1,35 +0,0 @@ - -- name: "[CONFIG HOT PLUG] Comprobando si es necesario configurar hot plug" - meta: end_host - when: hot_plug_enabled is not defined or not hot_plug_enabled - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Install and configure HOT-PLUG -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# configure /usr/lib/udev/rules.d/80-hotplug-cpu-mem.rules -- name: configure /usr/lib/udev/rules.d/80-hotplug-cpu-mem.rules file - template: - src: udev.j2 - dest: "{{ path_hot_plug_udev }}" - owner: root - group: root - mode: '0644' -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# configure /etc/default/grub.d/hotplug.cfg -- name: configure /etc/default/grub.d/hotplug.cfg file - template: - src: grub.j2 - dest: "{{ path_hot_plug_grub }}" - owner: root - group: root - mode: '0644' -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- name: Execute the command update-grub in remote shell - ansible.builtin.shell: update-grub -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-hot-plug/templates/grub.j2 b/roles/config-hot-plug/templates/grub.j2 deleted file mode 100644 index 897c720..0000000 --- a/roles/config-hot-plug/templates/grub.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ line_hot_plug_grub }} diff --git a/roles/config-hot-plug/templates/udev.j2 b/roles/config-hot-plug/templates/udev.j2 deleted file mode 100644 index 71cd77d..0000000 --- a/roles/config-hot-plug/templates/udev.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ line_hot_plug_udev }} diff --git a/roles/config-hot-plug/vars/main.yaml b/roles/config-hot-plug/vars/main.yaml deleted file mode 100644 index 82e527d..0000000 --- a/roles/config-hot-plug/vars/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# vars file -path_hot_plug_udev: /usr/lib/udev/rules.d/80-hotplug-cpu-mem.rules -line_hot_plug_udev: 'SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"' -path_hot_plug_grub: /etc/default/grub.d/hotplug.cfg -line_hot_plug_grub: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet memhp_default_state=online security=none"' diff --git a/roles/config-install-packages/tasks/main.yaml b/roles/config-install-packages/tasks/main.yaml deleted file mode 100644 index 7bce21e..0000000 --- a/roles/config-install-packages/tasks/main.yaml +++ /dev/null @@ -1,31 +0,0 @@ -- name: "[CONFIG INSTALL PACKAGES] Comprobando si es necesario instalar paqueteria" - meta: end_host - when: packages_enabled is not defined or not packages_enabled - -# install packages -- name: install some packages - apt: - name: "{{ item }}" - state: present - with_items: - - vim - - htop - - psmisc - - aptitude - - ncat - - nslcd - - exim4 - - usrmerge - - figlet - - rsyslog -# - iptables - - mlocate - - bind9-dnsutils - - task-spanish - - locales-all - - tree - - ncdu - - cloud-guest-utils - - net-tools - - curl - - btop diff --git a/roles/config-locales/files/set_locales.sh b/roles/config-locales/files/set_locales.sh deleted file mode 100644 index ce3df38..0000000 --- a/roles/config-locales/files/set_locales.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -echo -e "es_ES.UTF-8 UTF-8\nen_US.UTF-8 UTF-8" > /etc/locale.gen -locale-gen -update-locale LANG=en_US.UTF-8 \ No newline at end of file diff --git a/roles/config-locales/tasks/main.yaml b/roles/config-locales/tasks/main.yaml deleted file mode 100644 index 1ac5675..0000000 --- a/roles/config-locales/tasks/main.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -- name: "[CONFIG LOCALES] Comprobando si es necesario configurar locales" - meta: end_host - when: locales_enabled is not defined or not locales_enabled - -- name: execute script set_locales.sh - script: set_locales.sh \ No newline at end of file diff --git a/roles/config-motd/files/mymotd.sh b/roles/config-motd/files/mymotd.sh deleted file mode 100644 index f2693f2..0000000 --- a/roles/config-motd/files/mymotd.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -GREEN="\033[0;32m" -WHITE="\033[0;37m" -RED='\033[0;31m' -RESET="\033[0m" -#LAST_LOGIN_USER=$(lastlog | tail -n 1 | awk '{print $1}') -LAST_LOGIN_USER=$(last |head -n +2 | tail -n 1 | awk '{ print $1 }') -#LAST_LOGIN_TIME_HOUR=$(lastlog | tail -n 1 | awk '{print $4" "$5" "$6" "$7}') -LAST_LOGIN_TIME_HOUR=$(last |head -n +2 | tail -n 1 | awk '{ print $4" "$5" "$6" "$7" "$8" "$9 }') -#LAST_LOGIN_IP_FROM_USER=$(lastlog | tail -n 1 | awk '{print $3}') -LAST_LOGIN_IP_FROM_USER=$(last |head -n +2 | tail -n 1 | awk '{ print $3 }') -UPTIME_SYSTEM=$(uptime -p | tr -d ',') -NUMBER_USERS_CONNECTED=$(uptime | awk '{print $5" "$6}' | tr -d ",") -LIST_USERS_CONNECTED=$(w | tail -n +2) -KERNEL=$(uname -r) -PACKAGES=$(dpkg -l | tail -n +6 | wc -l) -SHELL=$(dpkg -l | grep bash | head -n 1 | awk '{ print $2 }') -BASH_VERSION_NUMBER=$(echo $BASH_VERSION | cut -c -6) -IP_LIST=$(for i in $(ip a | grep inet | grep -v "::" | awk {'print $2'}); do echo -e "ip -> $i"; done) -source /etc/os-release -echo -e "****************************************************************************" -echo -e "${WHITE} _${RESET}" -echo -e "${WHITE} | |${RESET}${GREEN} _${RESET}" -echo -e "${WHITE} _ _ ____ ____ _ | |${RESET}${GREEN} ____ ____| |_ _ _ ____ ____${RESET}" -echo -e "${WHITE}| | | / _ )/ ___) || |${RESET}${GREEN}| _ \ / _ | _) | | |/ ___) _ |${RESET}" -echo -e "${WHITE} \ V ( (/ /| | ( (_| |${RESET}${GREEN}| | | ( ( | | |_| |_| | | ( ( | |${RESET}" -echo -e "${WHITE} \_/ \____)_| \____|${RESET}${GREEN}|_| |_|\_||_|\___)____|_| \_||_|${RESET}" -echo -e "" -echo -e "${RED}Host:${RESET} $HOSTNAME" -echo -e "${RED}OS:${RESET} $PRETTY_NAME" -echo -e "${RED}IP:${RESET}\n$IP_LIST" -echo -e "${RED}Kernel:${RESET} $KERNEL" -echo -e "${RED}Packages:${RESET} $PACKAGES" -echo -e "${RED}Shell:${RESET} $SHELL $BASH_VERSION_NUMBER" -echo -e "${RED}Last Login:${RESET}\nUser -> $LAST_LOGIN_USER\nTime -> $LAST_LOGIN_TIME_HOUR\nIP -> $LAST_LOGIN_IP_FROM_USER" -echo -e "${RED}Uptime system:${RESET}\n$UPTIME_SYSTEM" -#echo -e "${RED}Number of Users connected to the system:${RESET}\n$NUMBER_USERS_CONNECTED" -echo -e "${RED}Users connected to the system:${RESET}\n$LIST_USERS_CONNECTED" -echo -e "" -echo -e "****************************************************************************" diff --git a/roles/config-motd/tasks/main.yaml b/roles/config-motd/tasks/main.yaml deleted file mode 100644 index 2a0067b..0000000 --- a/roles/config-motd/tasks/main.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# Add message to MOTD -- name: add motd message - copy: - src: 90-vn - dest: "{{ path_motd_path }}" - mode: '755' - owner: root - group: root -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-motd/vars/main.yaml b/roles/config-motd/vars/main.yaml deleted file mode 100644 index 0adf9d1..0000000 --- a/roles/config-motd/vars/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -path_motd_path: /etc/update-motd.d/ \ No newline at end of file diff --git a/roles/config-nagios-nrpe/files/90-vn.cfg b/roles/config-nagios-nrpe/files/90-vn.cfg deleted file mode 100644 index 9ffab3e..0000000 --- a/roles/config-nagios-nrpe/files/90-vn.cfg +++ /dev/null @@ -1,11 +0,0 @@ -allowed_hosts=nagios.verdnatura.es - -command[check_disk_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p / -command[check_disk_var]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /var -command[check_disk_usr]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /usr -command[check_disk_home]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /home -command[check_disk_tmp]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /tmp -command[check_dummy]=/usr/lib/nagios/plugins/check_dummy 0 -command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 40% -c 20% -command[check_load]=/usr/lib/nagios/plugins/check_load -r -w 3.5,3.25,3 -c 4.5,4.25,4 -command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 400 -c 500 diff --git a/roles/config-nagios-nrpe/handlers/main.yaml b/roles/config-nagios-nrpe/handlers/main.yaml deleted file mode 100644 index 1547691..0000000 --- a/roles/config-nagios-nrpe/handlers/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# restart nagios-nrpe service to apply changes -- name: restart nagios-nrpe - service: - name: "{{ nagios_nrpe_daemon }}" - state: restarted \ No newline at end of file diff --git a/roles/config-nagios-nrpe/tasks/main.yaml b/roles/config-nagios-nrpe/tasks/main.yaml deleted file mode 100644 index 38b71dd..0000000 --- a/roles/config-nagios-nrpe/tasks/main.yaml +++ /dev/null @@ -1,45 +0,0 @@ -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Install and configure NAGIOS-NRPE -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#- name: "[CONFIG NAGIOS NRPE] Comprobando si es necesario configurar nagios nrpe service " -# meta: end_host -# when: nagios_nrpe_enabled is not defined or not nagios_nrpe_enabled - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso1 -# install packages for nagios-nrpe -- name: Install packages for nagios-nrpe (nagios-nrpe-server, nagios-nrpe-plugin) - apt: - name: "{{ item }}" - state: present - loop: - - nagios-nrpe-server - - nagios-nrpe-plugin -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso2 -# copy file 90-vn.cfg to /etc/nagios/nrpe.d/ -- name: copy file 90-vn.cfg to /etc/nagios/nrpe.d/ - copy: - src: 90-vn.cfg - dest: /etc/nagios/nrpe.d/90-vn.cfg - owner: root - group: root - mode: '0644' -# backup: yes # NO BACKUPS -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso3 -# create file 99-local.cfg to /etc/nagios/nrpe.d/ -- name: create 99-local.cfg to /etc/nagios/nrpe.d/ - file: - path: "{{ local_path }}" - state: touch - mode: '0644' - notify: restart nagios-nrpe -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# service should start on boot. -- name: service should start on boot - service: - name: "{{ nagios_nrpe_daemon }}" - enabled: yes -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \ No newline at end of file diff --git a/roles/config-nagios-nrpe/vars/main.yaml b/roles/config-nagios-nrpe/vars/main.yaml deleted file mode 100644 index e59530e..0000000 --- a/roles/config-nagios-nrpe/vars/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# vars file -local_path: /etc/nagios/nrpe.d/99-local.cfg -nagios_nrpe_daemon: nagios-nrpe-server \ No newline at end of file diff --git a/roles/config-nsupdate/meta/main.yaml b/roles/config-nsupdate/meta/main.yaml deleted file mode 100644 index feddb6a..0000000 --- a/roles/config-nsupdate/meta/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# myrole/meta/main.yml -collections: - - community.general \ No newline at end of file diff --git a/roles/config-nsupdate/tasks/main.yaml b/roles/config-nsupdate/tasks/main.yaml deleted file mode 100644 index 4dd3190..0000000 --- a/roles/config-nsupdate/tasks/main.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Configure zones on bind9 with NSUPDATE -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Add and update DNS records on bind9 with NSUPDATE -- name: Add or modify DNS records A to some IP - community.general.nsupdate: - key_name: "rndc-key" - key_secret: "{{ bind9secretkey_password }}" - key_algorithm: "hmac-md5" - server: "ns1.verdnatura.es" - zone: "{{ zone_record }}" - record: "{{ name_record }}" - ttl: "{{ ttl_record }}" - type: "{{ type_record }}" - value: "{{ value_record }}" - state: "{{ state_record }}" -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-ntp/tasks/main.yaml b/roles/config-ntp/tasks/main.yaml deleted file mode 100644 index 12a74d1..0000000 --- a/roles/config-ntp/tasks/main.yaml +++ /dev/null @@ -1,53 +0,0 @@ -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Install and configure NTP -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -- name: "[CONFIG NTP] Comprobando si es necesario configurar ntp" - meta: end_host - when: ntp_enabled is not defined or not ntp_enabled - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# SE OMITE , SE REALIZA CON systemd-timesyncd.service -# paso1 -# install package ntpdate -#- name: install package ntpdate -# apt: -# name: "{{ ntpdate_package }}" -# state: present -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso2 -# copy timesync file to crontab.hourly -#- name: copy file timesync to /etc/cron.hourly/timesync -# copy: -# src: timesync -# dest: "{{ timesync_path }}" -# owner: root -# group: root -# mode: '0644' -# backup: yes # NO backups -# notify: restart crontab hourly -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# retocar fichero /etc/systemd/timesyncd.conf -- name: retocar fichero /etc/systemd/timesyncd.conf - lineinfile: - path: /etc/systemd/timesyncd.conf - regexp: '^#NTP' - line: "NTP=time1.verdnatura.es time2.verdnatura.es" - owner: root - group: root - mode: '0644' -- name: retocar fichero /etc/systemd/timesyncd.conf - lineinfile: - path: /etc/systemd/timesyncd.conf - regexp: '^#?FallbackNTP=' - line: "FallbackNTP=ntp.roa.es" - owner: root - group: root - mode: '0644' - notify: restart systemd-timesyncd -# service should start on boot. -- name: service should start on boot - service: - name: "{{ timesyncd_daemon }}" - enabled: yes \ No newline at end of file diff --git a/roles/config-ntp/vars/main.yaml b/roles/config-ntp/vars/main.yaml deleted file mode 100644 index 5b626b1..0000000 --- a/roles/config-ntp/vars/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# vars file -ntpdate_package: ntpdate -timesync_path: /etc/cron.hourly/timesync -timesyncd_daemon: systemd-timesyncd \ No newline at end of file diff --git a/roles/config-relayhost-smtp/handlers/main.yaml b/roles/config-relayhost-smtp/handlers/main.yaml deleted file mode 100644 index c9f53d9..0000000 --- a/roles/config-relayhost-smtp/handlers/main.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# restart exim4 service to apply changes -- name: restart exim4 - service: - name: "{{ exim_daemon }}" - state: restarted \ No newline at end of file diff --git a/roles/config-repo-vn/tasks/main.yaml b/roles/config-repo-vn/tasks/main.yaml deleted file mode 100644 index e05543a..0000000 --- a/roles/config-repo-vn/tasks/main.yaml +++ /dev/null @@ -1,45 +0,0 @@ - -- name: "[CONFIG REPO VN] Comprobando si es necesario configurar repositorios" - meta: end_host - when: repo_vn_enabled is not defined or not repo_vn_enabled - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# SE OBVIA , ACTUALMENTE SE INSTALA PACKAGE DEB INSTALA gpg.key + REPOS -# descargar http://apt.verdnatura.es/pool/main/v/vn-host/vn-host_2.0.2_all.deb e instalar (manualmente wget + dpkg -i package) -# paso0 - añadir clave gpg -# paso1 - Add specified repository into sources list -#- name: Add specified repository into sources list -# apt_repository: -# repo: deb http://apt.verdnatura.es/ bookworm main -# state: present -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso2 - Add source repository into sources list -#- name: Add source repository into sources list -# apt_repository: -# repo: deb-src http://apt.verdnatura.es/ bookworm main -# state: present -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Download deb package -- name: Download vn-host_2.0.2_all.deb package - get_url: - url: "{{ repo_url }}" - dest: "{{ path_package }}" - mode: '0644' -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Install deb package -- name: Install a .deb package - apt: - deb: "{{ path_package }}" -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Delete deb package file from tmp -- name: Delete deb package file from tmp - file: - path: "{{ path_package }}" - state: absent -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \ No newline at end of file diff --git a/roles/config-resolv/tasks/main.yaml b/roles/config-resolv/tasks/main.yaml deleted file mode 100644 index ff5ad0e..0000000 --- a/roles/config-resolv/tasks/main.yaml +++ /dev/null @@ -1,15 +0,0 @@ - -- name: "[CONFIG RESOLV FILE] Comprobando si es necesario configurar resolv file " - meta: end_host - when: resolv_enabled is not defined or not resolv_enabled - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- name: Replace old /etc/resolv.conf with new /etc/resolv.conf - template: - src: resolv.j2 - dest: "{{ path_resolv }}" - owner: root - group: root - mode: '0644' - backup: true -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-resolv/templates/resolv.j2 b/roles/config-resolv/templates/resolv.j2 deleted file mode 100644 index 8eb2aee..0000000 --- a/roles/config-resolv/templates/resolv.j2 +++ /dev/null @@ -1,7 +0,0 @@ -domain {{ domain_name | default('verdnatura.es') }} -search {{ search_name | default('verdnatura.es') }} -{% if resolvs is defined %} -{% for resolv in resolvs %} -nameserver {{resolv.ip}} -{% endfor %} -{% endif %} \ No newline at end of file diff --git a/roles/config-resolv/vars/main.yaml b/roles/config-resolv/vars/main.yaml deleted file mode 100644 index 8e4edcf..0000000 --- a/roles/config-resolv/vars/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# vars file -path_resolv: /etc/resolv.conf \ No newline at end of file diff --git a/roles/config-root-user/handlers/main.yaml b/roles/config-root-user/handlers/main.yaml deleted file mode 100644 index c80b75b..0000000 --- a/roles/config-root-user/handlers/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# restart ssh service to apply changes -- name: Restart ssh service - service: - name: "{{ ssh_daemon }}" - state: restarted \ No newline at end of file diff --git a/roles/config-root-user/tasks/main.yaml b/roles/config-root-user/tasks/main.yaml deleted file mode 100644 index 6ad341d..0000000 --- a/roles/config-root-user/tasks/main.yaml +++ /dev/null @@ -1,103 +0,0 @@ ---- - -- name: "[CONFIG ROOT USER] Comprobando si es necesario configurar SSH root user" - meta: end_host - when: root_user_enabled is not defined or not root_user_enabled - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# delete default user , only on VM -- name: delete default user , only on VM - user: - name: "{{ name_user }}" - state: absent - remove: yes -# tags: -# - delete-user -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# change root password -- name: change root password - user: - name: root - password: "{{ ssh_password | password_hash('sha512') }}" -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# DISABLE to MAINTAIN AUTHORIZED KEYS FILE -# delete root ssh pub key in Authorized_keys -#- name: delete ssh pub key in /root/.ssh/authorized_keys -# file: -# path: "{{ root_authorized_keys }}" -# state: absent -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config sshd_config file , no root password -#- name: change sshd_config to no root password -# lineinfile: -# path: "{{ path_sshd_config_file }}" -# regexp: "PermitRootLogin yes" -# line: "#PermitRootLogin prohibit-password" -# state: present -# notify: Restart ssh service -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# service should start on boot. -- name: service should start on boot - service: - name: "{{ ssh_daemon }}" - enabled: yes -#- name: change sshd_config to no root password -# copy: -# src: "{{ source_path_ssh }}" -# dest: "{{ dest_path_ssh }}" -# remote_src: yes -# owner: root -# group: root -# mode: '0644' -# delete file sshd_config.orig -#- name: delete /etc/ssh/sshd_config.orig file -# file: -# path: "{{ source_path_ssh }}" -# state: absent -# notify: Restart ssh service -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# changes .BASHRC file of root user -# step1 - uncomment lines -- name: uncomment this lines - lineinfile: - dest: "{{ path_bashrc_root }}" - regexp: "{{item.regexp}}" - line: "{{item.line}}" - state: present - with_items: - - regexp: "^# export LS_OPTIONS" - line: "{{ export_LS_OPTIONS }}" - - regexp: "^# eval" - line: "{{ eval_dircolors }}" - - regexp: "^# alias ls='ls $LS_OPTIONS'" - line: "{{ alias_ls }}" - - regexp: "^# alias ll='ls $LS_OPTIONS -l'" - line: "{{ alias_ll }}" - - regexp: "# alias la='ls $LS_OPTIONS -la'" - line: "{{ alias_la }}" -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# step2 - add block lines -- name: add block lines - blockinfile: - path: "{{ path_bashrc_root }}" - block: | - ### 4Loooong memories - HISTSIZE=10000 - HISTFILESIZE=20000 - ### 4security - TMOUT=3600 - ### write auto label - # If this is an xterm set the title to user@host:dir - case "$TERM" in - xterm*|rxvt*) - PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" - ;; - *) - ;; - esac - source /etc/profile.d/bash_completion.sh -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \ No newline at end of file diff --git a/roles/config-root-user/vars/main.yaml b/roles/config-root-user/vars/main.yaml deleted file mode 100644 index a06d938..0000000 --- a/roles/config-root-user/vars/main.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -ssh_daemon: ssh -path_sshd_config_file: /etc/ssh/sshd_config -path_bashrc_root: /root/.bashrc -root_authorized_keys: /root/.ssh/authorized_keys -export_LS_OPTIONS: export LS_OPTIONS='--color=auto' -eval_dircolors: eval "$(dircolors)" -alias_ls: alias ls='ls $LS_OPTIONS' -alias_ll: alias ll='ls $LS_OPTIONS -l' -alias_la: alias la='ls $LS_OPTIONS -la' diff --git a/roles/config-secure-grub/handlers/main.yaml b/roles/config-secure-grub/handlers/main.yaml deleted file mode 100644 index 8a93e00..0000000 --- a/roles/config-secure-grub/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# update grub -- name: grub register - command: update-grub \ No newline at end of file diff --git a/roles/config-secure-grub/tasks/main.yaml b/roles/config-secure-grub/tasks/main.yaml deleted file mode 100644 index 3b832cd..0000000 --- a/roles/config-secure-grub/tasks/main.yaml +++ /dev/null @@ -1,18 +0,0 @@ - -- name: "[CONFIG SECURE GRUB] Comprobando si es necesario configurar secure grub" - meta: end_host - when: secure_grub_enabled is not defined or not secure_grub_enabled - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Secure GRUB edition with password -# paso1 - Proteger grub -- name: GRUB password boot protection - blockinfile: - path: /etc/grub.d/40_custom - block: | - set superusers="{{ user_grub }}" - password_pbkdf2 {{ user_grub }} {{ code_grub }} - notify: grub register -# tags: -# - grub-password -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-server-type/tasks/main.yaml b/roles/config-server-type/tasks/main.yaml deleted file mode 100644 index 30bb5f3..0000000 --- a/roles/config-server-type/tasks/main.yaml +++ /dev/null @@ -1,26 +0,0 @@ - -- name: "[CONFIG SERVER TYPE] Comprobando si es necesario instalar guest side" - meta: end_host - when: server_type_enabled is not defined or not server_type_enabled - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso1 - Install guest-side qemu-system agent -- name: Install guest-side qemu-system agent - apt: - name: "{{ qemu_guest_package }}" - state: present -# tags: -# - install-qemu-guest -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# or - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso1 - Install open-vm-tools for VMware -#- name: Install open-vm-tools -# apt: -# name: "{{ vm_tools_package }}" -# state: present -# tags: -# - install-vmware-tools -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \ No newline at end of file diff --git a/roles/config-server-type/vars/main.yaml b/roles/config-server-type/vars/main.yaml deleted file mode 100644 index c082595..0000000 --- a/roles/config-server-type/vars/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# vars -qemu_guest_package: qemu-guest-agent -vm_tools_package: open-vm-tools \ No newline at end of file diff --git a/roles/config-sudoers/tasks/main.yaml b/roles/config-sudoers/tasks/main.yaml deleted file mode 100644 index 8714cc5..0000000 --- a/roles/config-sudoers/tasks/main.yaml +++ /dev/null @@ -1,20 +0,0 @@ - -- name: "[CONFIG SUDOERS] Comprobando si es necesario configurar sudoers" - meta: end_host - when: sudoers_enabled is not defined or not sudoers_enabled - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# configure sudo for sysadmin group -# paso1 - add sysadmin group to sudoers -- name: Add sysadmin group to sudoers - file: - path: /etc/sudoers.d/vn - state: touch - mode: u=rw,g=r,o=r -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso2 - add a line to /etc/sudoers.d/vn file -- name: add a line to /etc/sudoers.d/vn file - lineinfile: - path: "/etc/sudoers.d/vn" - line: "%sysadmin ALL=(ALL) NOPASSWD: ALL" -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-tzdata/tasks/main.yaml b/roles/config-tzdata/tasks/main.yaml deleted file mode 100644 index b74162e..0000000 --- a/roles/config-tzdata/tasks/main.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- - -- name: "[CONFIG TZDATA] Comprobando si es necesario configurar timezone" - meta: end_host - when: tzdata_enabled is not defined or not tzdata_enabled - -#- name: copy script set_timezone.sh to tmp -# copy: -# src: set_timezone.sh -# dest: /tmp/set_timezone.sh -# owner: root -# group: root -# mode: '0744' - -- name: execute script set_timezone.sh - script: set_timezone.sh - -#- name: delete script set_timezone.sh on tmp directory -# file: -# path: /tmp/set_timezone.sh -# state: absent \ No newline at end of file diff --git a/roles/config-update-and-upgrade-packages/tasks/main.yaml b/roles/config-update-and-upgrade-packages/tasks/main.yaml deleted file mode 100644 index 60e4e67..0000000 --- a/roles/config-update-and-upgrade-packages/tasks/main.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- - -- name: "[CONFIG UPDATE] Comprobando si es necesario realizar update " - meta: end_host - when: update_enabled is not defined or not update_enabled - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# step1 - run apt-get update -- name: update index of all packages - ansible.builtin.apt: - update_cache: true - force_apt_get: true -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# step2 - run apt-get update -- name: update all packages to their latest version - ansible.builtin.apt: - name: "*" - state: latest - force_apt_get: true -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# step3 - run apt-get full-upgrade -- name: upgrade the OS (apt-get full-upgrade) - ansible.builtin.apt: - upgrade: full - force_apt_get: true -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# step4 - run apt autoremove -- name: autoremove packages unused dependency packages - ansible.builtin.apt: - autoremove: true - force_apt_get: true -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-vim-options/tasks/main.yaml b/roles/config-vim-options/tasks/main.yaml deleted file mode 100644 index 1da32f2..0000000 --- a/roles/config-vim-options/tasks/main.yaml +++ /dev/null @@ -1,26 +0,0 @@ - -- name: "[CONFIG VIM OPTIONS] Comprobando si es necesario configurar vim options" - meta: end_host - when: vim_options_enabled is not defined or not vim_options_enabled - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Enable VIM options -# step1 - create file vimrc.local -- name: create file vimrc.local - file: - path: "{{ path_vimrclocal }}" - state: touch - mode: '0644' -# step2 - add some options to the file -- name: add some options to vimrc.local - lineinfile: - path: "{{ path_vimrclocal }}" - line: "{{item.line}}" - state: present - with_items: - - line: syntax on - - line: set showcmd - - line: set showmatch - - line: set ignorecase - - line: set smartcase -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-vim-options/vars/main.yaml b/roles/config-vim-options/vars/main.yaml deleted file mode 100644 index 62496d7..0000000 --- a/roles/config-vim-options/vars/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -path_vimrclocal: /etc/vim/vimrc.local \ No newline at end of file diff --git a/roles/config-zabbix-agent/files/zabbix-release_6.4-1+debian12_all.deb b/roles/config-zabbix-agent/files/zabbix-release_6.4-1+debian12_all.deb deleted file mode 100644 index 2db90199fbc6750391a54c9ea7f5759c0049a426..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3540 zcmbu?XE+;q6kv6 zW)-ESRjO3}z4v#Y|8t-F=Ktb;pYxn|=e+v7I0tmg5$Ws>1-ihUJRE(bojiOTks-pu z!tzSWD)K7wN^)|-!hh>;{^{~^a!NOD2n+wM|A_-oK}HVf?CXO@`g+Nr9g#A@q5pYa zN#UP;!om)~KgyvNRsaCaCb{u0O-~gK#t=kx1@KSOI>g;qL@Cr@TL2eB2Y)yfu1DYj zG=#H{C{k?4_4>qCV~`IxBFN<+>PJDB@6MnZVyT}=T}Y1-3AYKZwygl|e3QyC(Tm+) z7s@Z%V?tDoU&x=H0++Af=uC9B&kog$#Fc(+Lx_k*odyw?B!XmPh&c4?h2=LYT zQV4hayUfGGq;`nu_hM8v0Bc{>GrHObbKi;0tmvvWI!myt9UT+1Oz>+{7=34fi)~4U z6~B+l&9$@*c|R^aJ3gER``{q4KOaV0G07;NLP}IbU*?i{E(E8LWD*bP20$Een=?=` zkIVLE+=k7pVlqFfrhH*nd4k~H$<-Y9Cj=qM#E>!FhL2*)dWmZidZI`jYWGV|jG*=U zJci>_I&OaKYVEs*M+-w{h9V)SwuQ|+3@UCcUv*K~lAaC?oAuM7w!&`RYtiemxd5H($uOz$ z6P=xw3z_`1ghs{}XS=feVwS-yKgebahw&*{D!B`_RBu@md^n(=P{AgXZj2H2Ki>Y- zJ&xB~riGX2Z)da8haReN{3R1wbl$m1&~*Y(;r}`U0P+Tw+Up10PO1Nk6OE;nizC|c z-$?%o{!h*oloeF|f&PD;e&WCsQvDn1+BmzziU9>^`~Psd1J<3tV~L1N&(uca_32x=I24E8f}IVuTG-T|}H=m+9+741DC7sUXwoRb?x}J4tK- zYP8B;E6+jdsJo!ueO1j8In>{kzx+33c1MC4uF_fQ`6$l{%TDhpGVi6u z05~r)3}X#CmDMcNnk+I-rR_Z8wF_mY02~QHuVYBQRiw#jnjv0}EU3}ay@FZg;NG3o zTAR+34NWhpk0M5Qne?iX@n+#w7AEVj$`q77NWzStfAp92XoVtAV033WMnAJ*>~elR zpL)GOBdopq(BIOOSo;>g8wr)VSSyd-h!8Ybk~OGXsF z@;caYk9F2AqkT+88}fA^H2&T~uz+V&*od9_BU@#Q#bR%}qRaY%&dnFOSc9&=-OXVW zc1quYetDC^wfL3Uc*sR<7HjYZFi|CqdiR*Uy#sc{I=*q^GHvUy{hOIPsWbz8w`m_iQrV z90c2_m7n%tt~of?(h$Va2lV8Xd@vx3xa0xPA(dS9@NSaGwCIkB4+XOwj8gS4|H3x; z@y+hzg41mH}Opx#lzaOg`2mQ}@f_7M9!xS`C&tZmt*zxBpQ< z1L8xlyom+-GF?V`GlGG^K(&fHd1MJ+eoxO;2)JjIm^ zW8AVk<|nGUdc_?Gn;wzDoU9>CnA*=OLV_8`D?A17nv<%kT{rk=$1#(68rErG`ys@} z4jImE72}0h5FgrmqRvieKZoUJB`yJmz~_WfYnSG%_hGe{X!;*WA`Q+ zW(smFr^fexMy$o*+26^JPCi!(jR&#Qn05|Z#9Fl`OmxWeSCb3oyvY-CEtpvCX%&YVzH*+^A#s$jK9MR&b3&@kfYDY?aRfvX~z^lPd$w@ z(x39%x}5xYn3yT@ax;qRsm@Inzf)mcJe7o;&`SO)R%2}-HBw{p4Ig!-P-34)&4sK( z&~pBBU94G#R;jn9Ou+AwY$C`w|t1vKNSpMeeo_I$?ad<= zhBVbWS9Fvt{cmtmzPBWQFXJd?S!9JktR~omi71|xL*CVAp(5MGV6A20)d@NG`9p7o zZVkuP3(OZ~sQac|lKRT~fK;2LyYZ;kJK@EngoC>|-?L4})-S4J2Z{J(++Z6wxVt2U ze~$rbJ#S33-f#VsrcCaD+XvSucqQOd_t6S-9`0^l5BT}oLkA-cd1fwc>kMdRtht@2 znmDq!_Glt6W7md#T0Dy0-y)PE0y1@nb8yr)(n1<=vlG2n;H`mX7wx$*&g$5w2I8e^ zPcjUPV#sNBQ3~cP%25x-3Zlt^B9d(bt?V?PA8rKDw*APK2>Z$aJWFPFuXNpo#tnHt zUUAzP^|`aj^RmLLt;@{tS`a&uS#oLb^VKcg%40mP^5_gm9S zpgU+QK5R{c(o&Wm?&JOlqLf$|>ss5V%ECdVuG=+RcC)g{N08@geO!5Av0&k=T2y<9 zGJ^BYp!-J*WP2w_tOLLZ$wEF?X!r^+NYFLY0y>wIugv2q_oJjOdV&Z(& zi{t!CY)Gpo78TD$Z|6bA()y$BU~nY)#xYIPnRFOyz#yOgH~5D0056I0L#4zv@%*5A zda=lZ=9#$gyPzG#%ET%DjYiYwTqy&%2M=d(iA?Q;jZm|e8c#x`)fV6P;&tE4g~tBf zWNVL<@)a9Hy(&F$ +banaction = nftables-multiport +action = %(action_)s + +#+++++++++++++++ Jails + +[sshd] +enabled = true +port = 0:65535 +filter = sshd +logpath = %(sshd_log)s diff --git a/roles/linux-fail2ban/vars/main.yaml b/roles/linux-fail2ban/vars/main.yaml new file mode 100644 index 0000000..dc675b0 --- /dev/null +++ b/roles/linux-fail2ban/vars/main.yaml @@ -0,0 +1,5 @@ +fail2ban: + email: sysamdmin@verdnatura.es + bantime: 600 + maxretry: 4 + ignore: 127.0.0.0/8 10.0.0.0/16 diff --git a/roles/linux-hostname/tasks/main.yaml b/roles/linux-hostname/tasks/main.yaml new file mode 100644 index 0000000..773e7d6 --- /dev/null +++ b/roles/linux-hostname/tasks/main.yaml @@ -0,0 +1,23 @@ +# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/hostname_module.html#ansible-collections-ansible-builtin-hostname-module + +- name: Set the hostname in /etc/hostname + ansible.builtin.hostname: + name: "{{ hostname }}" + use: debian +- name: Replace /etc/hosts + template: + src: hosts.j2 + dest: "/etc/hosts" + owner: root + group: root + mode: '0644' + backup: true +- name: Replace /etc/resolv.conf + template: + src: resolv.j2 + dest: "/etc/resolv.conf" + owner: root + group: root + mode: '0644' + backup: true + when: resolv_enabled diff --git a/roles/config-hosts/templates/hosts.j2 b/roles/linux-hostname/templates/hosts.j2 similarity index 63% rename from roles/config-hosts/templates/hosts.j2 rename to roles/linux-hostname/templates/hosts.j2 index 9b828be..d071be4 100644 --- a/roles/config-hosts/templates/hosts.j2 +++ b/roles/linux-hostname/templates/hosts.j2 @@ -1,5 +1,5 @@ {% if hosts is defined %} {% for host in hosts %} -{{host.ip}} {{host.name}} +{{host.ip}} {{hostname}} {% endfor %} {% endif %} \ No newline at end of file diff --git a/roles/linux-hostname/templates/resolv.j2 b/roles/linux-hostname/templates/resolv.j2 new file mode 100644 index 0000000..b137dc2 --- /dev/null +++ b/roles/linux-hostname/templates/resolv.j2 @@ -0,0 +1,7 @@ +domain {{ resolv.domain }} +search {{ resolv.search }} +{% if resolvers is defined %} +{% for resolver in resolvers %} +nameserver {{resolver}} +{% endfor %} +{% endif %} \ No newline at end of file diff --git a/roles/linux-install-packages/tasks/main.yaml b/roles/linux-install-packages/tasks/main.yaml new file mode 100644 index 0000000..3784a65 --- /dev/null +++ b/roles/linux-install-packages/tasks/main.yaml @@ -0,0 +1,10 @@ +- name: Install base packages + apt: + name: "{{ item }}" + state: present + with_items: + - htop + - psmisc + - bash-completion + - screen + - aptitude diff --git a/roles/linux-locale/tasks/main.yaml b/roles/linux-locale/tasks/main.yaml new file mode 100644 index 0000000..593a7cc --- /dev/null +++ b/roles/linux-locale/tasks/main.yaml @@ -0,0 +1,15 @@ +- name: Enable locale languages + lineinfile: + dest: "/etc/locale.gen" + regexp: "{{item.regexp}}" + line: "{{item.line}}" + state: present + with_items: + - regexp: "^# es_ES.UTF-8 UTF-8" + line: "es_ES.UTF-8 UTF-8" + - regexp: "^# en_US.UTF-8 UTF-8" + line: "en_US.UTF-8 UTF-8" +- name: Generate locale + command: locale-gen +- name: Update locale + command: update-locale LANG=en_US.UTF-8 \ No newline at end of file diff --git a/roles/config-motd/files/90-vn b/roles/linux-motd/files/90-vn similarity index 100% rename from roles/config-motd/files/90-vn rename to roles/linux-motd/files/90-vn diff --git a/roles/linux-motd/tasks/main.yaml b/roles/linux-motd/tasks/main.yaml new file mode 100644 index 0000000..7a7ec8f --- /dev/null +++ b/roles/linux-motd/tasks/main.yaml @@ -0,0 +1,7 @@ +- name: Copy MOTD configuration file + copy: + src: 90-vn + dest: "/etc/update-motd.d/" + mode: '755' + owner: root + group: root diff --git a/roles/linux-nrpe/files/90-vn.cfg b/roles/linux-nrpe/files/90-vn.cfg new file mode 100644 index 0000000..ba31809 --- /dev/null +++ b/roles/linux-nrpe/files/90-vn.cfg @@ -0,0 +1,12 @@ +allowed_hosts=nagios.verdnatura.es + +command[check_disk_root]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p / +command[check_disk_var]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p /var +command[check_disk_usr]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p /usr +command[check_disk_home]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p /home +command[check_disk_tmp]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p /tmp +command[check_dummy]=/usr/lib/nagios/plugins/check_dummy 0 +command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 40% -c 20% -n OK +command[check_load]=/usr/lib/nagios/plugins/check_load -r -w 3.5,3.25,3 -c 4.5,4.25,4 +command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 400 -c 500 +command[check_memory]=/usr/lib/nagios/plugins/check_memory --available -m -w 20%: -c 10%: diff --git a/roles/linux-nrpe/handlers/main.yaml b/roles/linux-nrpe/handlers/main.yaml new file mode 100644 index 0000000..0399734 --- /dev/null +++ b/roles/linux-nrpe/handlers/main.yaml @@ -0,0 +1,4 @@ +- name: restart-nrpe + service: + name: nagios-nrpe-server + state: restarted diff --git a/roles/linux-nrpe/tasks/main.yaml b/roles/linux-nrpe/tasks/main.yaml new file mode 100644 index 0000000..25b4c1d --- /dev/null +++ b/roles/linux-nrpe/tasks/main.yaml @@ -0,0 +1,22 @@ +- name: Install packages + apt: + name: "{{ item }}" + state: present + loop: + - nagios-nrpe-server + - nagios-plugins-contrib +- name: Set generic configuration + copy: + src: 90-vn.cfg + dest: /etc/nagios/nrpe.d/90-vn.cfg + owner: root + group: root + mode: '0644' + notify: restart-nrpe +- name: Create local configuration file + file: + path: /etc/nagios/nrpe.d/99-local.cfg + state: touch + owner: nagios + group: nagios + mode: '0640' diff --git a/roles/config-ntp/files/timesync b/roles/linux-ntp/files/timesync similarity index 54% rename from roles/config-ntp/files/timesync rename to roles/linux-ntp/files/timesync index af2e3d1..3c79241 100644 --- a/roles/config-ntp/files/timesync +++ b/roles/linux-ntp/files/timesync @@ -1,7 +1,4 @@ #!/bin/sh -# PLS do NOT delete timesyncing from VM virtuals -# it is necessary for critical cluster services -# nada test -x /usr/sbin/ntpdate || exit 0 /usr/sbin/ntpdate time1.verdnatura.es diff --git a/roles/config-ntp/handlers/main.yaml b/roles/linux-ntp/handlers/main.yaml similarity index 55% rename from roles/config-ntp/handlers/main.yaml rename to roles/linux-ntp/handlers/main.yaml index a089d46..52a882c 100644 --- a/roles/config-ntp/handlers/main.yaml +++ b/roles/linux-ntp/handlers/main.yaml @@ -1,4 +1,3 @@ -# restart crontab service to apply changes - name: restart systemd-timesyncd service: name: "{{ timesyncd_daemon }}" diff --git a/roles/linux-ntp/tasks/main.yaml b/roles/linux-ntp/tasks/main.yaml new file mode 100644 index 0000000..082e776 --- /dev/null +++ b/roles/linux-ntp/tasks/main.yaml @@ -0,0 +1,24 @@ +- name: Checking if configuration is needed + meta: end_host + when: ntp_enabled is not defined or not ntp_enabled +- name: Configure /etc/systemd/timesyncd.conf + lineinfile: + path: /etc/systemd/timesyncd.conf + regexp: '^#NTP' + line: "NTP=time1.verdnatura.es time2.verdnatura.es" + owner: root + group: root + mode: '0644' +- name: Configure /etc/systemd/timesyncd.conf + lineinfile: + path: /etc/systemd/timesyncd.conf + regexp: '^#?FallbackNTP=' + line: "FallbackNTP=ntp.roa.es" + owner: root + group: root + mode: '0644' + notify: restart systemd-timesyncd +- name: Service should start on boot + service: + name: "{{ timesyncd_daemon }}" + enabled: yes diff --git a/roles/linux-ntp/vars/main.yaml b/roles/linux-ntp/vars/main.yaml new file mode 100644 index 0000000..5dd02ed --- /dev/null +++ b/roles/linux-ntp/vars/main.yaml @@ -0,0 +1 @@ +timesyncd_daemon: systemd-timesyncd diff --git a/roles/linux-profile/files/vn.sh b/roles/linux-profile/files/vn.sh new file mode 100644 index 0000000..d8f3cf6 --- /dev/null +++ b/roles/linux-profile/files/vn.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +# Prompt + +FQDN=$(hostname --fqdn) + +if [[ $FQDN == *.verdnatura.es ]]; then + SHORT_HOST=${FQDN%.verdnatura.es} + + case "$SHORT_HOST" in + *.dc) + ENVIRONMENT="\[\033[01;31m\]PRO\[\033[00m\]" + ;; + *.lab) + ENVIRONMENT="\[\033[01;35m\]LAB\[\033[00m\]" + ;; + *) + ENVIRONMENT="\[\033[01;32m\]VN\[\033[00m\]" + ;; + esac + + PS1="\u@$SHORT_HOST[$ENVIRONMENT]:\w" + + if [ "$(id -u)" -eq 0 ]; then + PS1="$PS1# " + else + PS1="$PS1\$ " + fi +fi + +# History + +HISTSIZE=10000 +HISTFILESIZE=50000 +HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S " + +# Security + +TMOUT=3600 diff --git a/roles/linux-profile/tasks/main.yaml b/roles/linux-profile/tasks/main.yaml new file mode 100644 index 0000000..d6ca52e --- /dev/null +++ b/roles/linux-profile/tasks/main.yaml @@ -0,0 +1,7 @@ +- name: Copy profile configuration file + copy: + src: vn.sh + dest: "/etc/profile.d/" + mode: '644' + owner: root + group: root diff --git a/roles/linux-qemu/files/80-hotplug-cpu-mem.rules b/roles/linux-qemu/files/80-hotplug-cpu-mem.rules new file mode 100644 index 0000000..38c16f9 --- /dev/null +++ b/roles/linux-qemu/files/80-hotplug-cpu-mem.rules @@ -0,0 +1 @@ +SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1" diff --git a/roles/linux-qemu/files/hotplug.cfg b/roles/linux-qemu/files/hotplug.cfg new file mode 100644 index 0000000..85e1612 --- /dev/null +++ b/roles/linux-qemu/files/hotplug.cfg @@ -0,0 +1 @@ +GRUB_CMDLINE_LINUX_DEFAULT="quiet memhp_default_state=online security=none" diff --git a/roles/linux-qemu/tasks/main.yaml b/roles/linux-qemu/tasks/main.yaml new file mode 100644 index 0000000..1d295d3 --- /dev/null +++ b/roles/linux-qemu/tasks/main.yaml @@ -0,0 +1,20 @@ +- name: Install QEMU guest agent + apt: + name: qemu-guest-agent + state: present +- name: Configure udev hotplug rules + copy: + src: 80-hotplug-cpu-mem.rules + dest: /usr/lib/udev/rules.d/ + mode: u=rw,g=r,o=r + owner: root + group: root +- name: Configure GRUB for hotplug + copy: + src: hotplug.cfg + dest: /etc/default/grub.d/ + mode: u=rw,g=r,o=r + owner: root + group: root +- name: Generate GRUB configuration + command: update-grub diff --git a/roles/config-relayhost-smtp/defaults/main.yaml b/roles/linux-relayhost/defaults/main.yaml similarity index 91% rename from roles/config-relayhost-smtp/defaults/main.yaml rename to roles/linux-relayhost/defaults/main.yaml index 1df9485..ed9eef3 100644 --- a/roles/config-relayhost-smtp/defaults/main.yaml +++ b/roles/linux-relayhost/defaults/main.yaml @@ -1,4 +1,3 @@ ---- exim_dc_eximconfig_configtype: satellite dc_other_hostnames: "{{ ansible_nodename }}" dc_local_interfaces: 127.0.0.1 @@ -11,4 +10,4 @@ CFILEMODE: 644 dc_use_split_config: false dc_hide_mailname: true dc_mailname_in_oh: true -dc_localdelivery: mail_spool \ No newline at end of file +dc_localdelivery: mail_spool diff --git a/roles/linux-relayhost/handlers/main.yaml b/roles/linux-relayhost/handlers/main.yaml new file mode 100644 index 0000000..21e507a --- /dev/null +++ b/roles/linux-relayhost/handlers/main.yaml @@ -0,0 +1,4 @@ +- name: restart-exim + service: + name: exim4 + state: restarted \ No newline at end of file diff --git a/roles/config-relayhost-smtp/tasks/main.yaml b/roles/linux-relayhost/tasks/main.yaml similarity index 65% rename from roles/config-relayhost-smtp/tasks/main.yaml rename to roles/linux-relayhost/tasks/main.yaml index 1afb8b9..13d0ed9 100644 --- a/roles/config-relayhost-smtp/tasks/main.yaml +++ b/roles/linux-relayhost/tasks/main.yaml @@ -1,11 +1,8 @@ - -- name: "[CONFIG RELAYHOST SMTP] Comprobando si es necesario configurar relayhost smtp" - meta: end_host - when: relay_host_enabled is not defined or not relay_host_enabled - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Reconfigure relayhost smtp to smtp.verdnatura.es -- name: reconfigure relayhost to smtp.verdnatura.es +- name: Install packages + apt: + name: exim4 + state: present +- name: Reconfigure relayhost lineinfile: dest: "{{ exim_configuration_file }}" regexp: "{{ item.regexp }}" @@ -39,18 +36,8 @@ line: "dc_mailname_in_oh='{{ dc_mailname_in_oh }}'" - regexp: '^dc_localdelivery' line: "dc_localdelivery='{{ dc_localdelivery }}'" - notify: restart exim4 + notify: restart-exim register: exim4_config -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# service should start on boot. -- name: service should start on boot - service: - name: "{{ exim_daemon }}" - enabled: yes -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Send mail to verify relay-host -- name: sending mail to verify exim4 config works +- name: Sending mail to verify exim4 config works shell: echo "Verify send email from host {{ ansible_nodename }}.verdnatura.es with mailx , bye." | mailx -s "test mail verify exim4 for the host {{ ansible_nodename }}.verdnatura.es" -c rubenb@verdnatura.es,nada@verdnatura.es,juan@verdnatura.es,davidl@verdnatura.es sysadmin@verdnatura.es when: exim4_config.changed -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-relayhost-smtp/vars/main.yaml b/roles/linux-relayhost/vars/main.yaml similarity index 95% rename from roles/config-relayhost-smtp/vars/main.yaml rename to roles/linux-relayhost/vars/main.yaml index 82108ac..1764954 100644 --- a/roles/config-relayhost-smtp/vars/main.yaml +++ b/roles/linux-relayhost/vars/main.yaml @@ -1,3 +1,2 @@ ---- exim_configuration_file: /etc/exim4/update-exim4.conf.conf exim_daemon: exim4 diff --git a/roles/linux-root/handlers/main.yaml b/roles/linux-root/handlers/main.yaml new file mode 100644 index 0000000..4ca2b3a --- /dev/null +++ b/roles/linux-root/handlers/main.yaml @@ -0,0 +1,4 @@ +- name: Restart SSH service + service: + name: ssh + state: restarted \ No newline at end of file diff --git a/roles/linux-root/tasks/main.yaml b/roles/linux-root/tasks/main.yaml new file mode 100644 index 0000000..ad4407d --- /dev/null +++ b/roles/linux-root/tasks/main.yaml @@ -0,0 +1,26 @@ +- name: Delete default user + user: + name: "{{ name_user }}" + state: absent + remove: yes +- name: Change root password + user: + name: root + password: "{{ ssh_password | password_hash('sha512') }}" +- name: Configure bashrc + lineinfile: + dest: "/root/.bashrc" + regexp: "{{item.regexp}}" + line: "{{item.line}}" + state: present + with_items: + - regexp: "^# export LS_OPTIONS" + line: "export LS_OPTIONS='--color=auto" + - regexp: "^# eval" + line: 'eval "$(dircolors)"' + - regexp: "^# alias ls='ls $LS_OPTIONS'" + line: "alias ls='ls $LS_OPTIONS'" + - regexp: "^# alias ll='ls $LS_OPTIONS -l'" + line: "alias ll='ls $LS_OPTIONS -l'" + - regexp: "# alias la='ls $LS_OPTIONS -la'" + line: "alias la='ls $LS_OPTIONS -la'" diff --git a/roles/linux-secure-grub/handlers/main.yaml b/roles/linux-secure-grub/handlers/main.yaml new file mode 100644 index 0000000..9f3d6e6 --- /dev/null +++ b/roles/linux-secure-grub/handlers/main.yaml @@ -0,0 +1,2 @@ +- name: grub-register + command: update-grub \ No newline at end of file diff --git a/roles/linux-secure-grub/tasks/main.yaml b/roles/linux-secure-grub/tasks/main.yaml new file mode 100644 index 0000000..d2876e3 --- /dev/null +++ b/roles/linux-secure-grub/tasks/main.yaml @@ -0,0 +1,9 @@ +- name: GRUB password boot protection + blockinfile: + path: /etc/grub.d/40_custom + block: | + set superusers="{{ user_grub }}" + password_pbkdf2 {{ user_grub }} {{ code_grub }} + notify: grub-register + when: secure_grub_enabled + diff --git a/roles/config-secure-grub/vars/main.yaml b/roles/linux-secure-grub/vars/main.yaml similarity index 98% rename from roles/config-secure-grub/vars/main.yaml rename to roles/linux-secure-grub/vars/main.yaml index 52c9b80..d61c32d 100644 --- a/roles/config-secure-grub/vars/main.yaml +++ b/roles/linux-secure-grub/vars/main.yaml @@ -1,3 +1,2 @@ ---- user_grub: admin code_grub: grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE2229139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA3857B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7 diff --git a/roles/linux-sudoers/files/vn b/roles/linux-sudoers/files/vn new file mode 100644 index 0000000..d9faa7f --- /dev/null +++ b/roles/linux-sudoers/files/vn @@ -0,0 +1 @@ +%sysadmin ALL=(ALL) NOPASSWD: ALL diff --git a/roles/linux-sudoers/tasks/main.yaml b/roles/linux-sudoers/tasks/main.yaml new file mode 100644 index 0000000..54ec054 --- /dev/null +++ b/roles/linux-sudoers/tasks/main.yaml @@ -0,0 +1,7 @@ +- name: Copy sudoers configuration file + copy: + src: vn + dest: "/etc/sudoers.d/" + mode: u=rw,g=r + owner: root + group: root diff --git a/roles/config-tzdata/files/set_timezone.sh b/roles/linux-tzdata/files/set_timezone.sh similarity index 66% rename from roles/config-tzdata/files/set_timezone.sh rename to roles/linux-tzdata/files/set_timezone.sh index 7333a40..9e17f1c 100644 --- a/roles/config-tzdata/files/set_timezone.sh +++ b/roles/linux-tzdata/files/set_timezone.sh @@ -1,10 +1,8 @@ #!/bin/bash -#echo "Europe" > /etc/timezone -#ln -sf /usr/share/zoneinfo/Europe/Madrid /etc/localtime echo 'tzdata tzdata/Areas select Europe' | debconf-set-selections echo 'tzdata tzdata/Zones/Europe select Madrid' | debconf-set-selections echo 'tzdata tzdata/Zones/Etc select UTC' | debconf-set-selections rm /etc/timezone rm /etc/localtime -dpkg-reconfigure -f noninteractive tzdata \ No newline at end of file +dpkg-reconfigure -f noninteractive tzdata diff --git a/roles/linux-tzdata/tasks/main.yaml b/roles/linux-tzdata/tasks/main.yaml new file mode 100644 index 0000000..60872cf --- /dev/null +++ b/roles/linux-tzdata/tasks/main.yaml @@ -0,0 +1,2 @@ +- name: Configure the time zone + script: set_timezone.sh diff --git a/roles/linux-upgrade/tasks/main.yaml b/roles/linux-upgrade/tasks/main.yaml new file mode 100644 index 0000000..0674f4b --- /dev/null +++ b/roles/linux-upgrade/tasks/main.yaml @@ -0,0 +1,20 @@ +- name: Checking if it's necessary to update + meta: end_host + when: update_enabled is not defined or not update_enabled +- name: update index of all packages + ansible.builtin.apt: + update_cache: true + force_apt_get: true +- name: update all packages to their latest version + ansible.builtin.apt: + name: "*" + state: latest + force_apt_get: true +- name: upgrade the OS (apt-get full-upgrade) + ansible.builtin.apt: + upgrade: full + force_apt_get: true +- name: autoremove packages unused dependency packages + ansible.builtin.apt: + autoremove: true + force_apt_get: true diff --git a/roles/linux-vim/files/vimrc.local b/roles/linux-vim/files/vimrc.local new file mode 100644 index 0000000..005d05c --- /dev/null +++ b/roles/linux-vim/files/vimrc.local @@ -0,0 +1,5 @@ +syntax on +set showcmd +set showmatch +set ignorecase +set smartcase diff --git a/roles/linux-vim/tasks/main.yaml b/roles/linux-vim/tasks/main.yaml new file mode 100644 index 0000000..aa5ed3c --- /dev/null +++ b/roles/linux-vim/tasks/main.yaml @@ -0,0 +1,11 @@ +- name: Install packages + apt: + name: vim + state: present +- name: Copy vim configuration file + copy: + src: vimrc.local + dest: "/etc/vim/" + mode: '644' + owner: root + group: root \ No newline at end of file diff --git a/roles/linux-vm/tasks/main.yaml b/roles/linux-vm/tasks/main.yaml new file mode 100644 index 0000000..54ed27f --- /dev/null +++ b/roles/linux-vm/tasks/main.yaml @@ -0,0 +1,10 @@ +- include_role: + name: linux-motd +- include_role: + name: linux-profile +- include_role: + name: linux-sudoers +- include_role: + name: linux-vim +- include_role: + name: linux-locale \ No newline at end of file diff --git a/roles/linux-vn-repo/tasks/main.yaml b/roles/linux-vn-repo/tasks/main.yaml new file mode 100644 index 0000000..d515adf --- /dev/null +++ b/roles/linux-vn-repo/tasks/main.yaml @@ -0,0 +1,12 @@ +- name: Download vn-host Debian package + get_url: + url: "{{ repo_url }}" + dest: "{{ package_path }}" + mode: '0644' +- name: Install package + apt: + deb: "{{ package_path }}" +- name: Delete package + file: + path: "{{ package_path }}" + state: absent diff --git a/roles/config-repo-vn/vars/main.yaml b/roles/linux-vn-repo/vars/main.yaml similarity index 63% rename from roles/config-repo-vn/vars/main.yaml rename to roles/linux-vn-repo/vars/main.yaml index 2e5bad2..a66fb2a 100644 --- a/roles/config-repo-vn/vars/main.yaml +++ b/roles/linux-vn-repo/vars/main.yaml @@ -1,3 +1,2 @@ ---- repo_url: http://apt.verdnatura.es/pool/main/v/vn-host/vn-host_2.0.2_all.deb -path_package: /tmp/vn-host_2.0.2_all.deb \ No newline at end of file +package_path: /tmp/vn-host_2.0.2_all.deb diff --git a/roles/nsupdate/meta/main.yaml b/roles/nsupdate/meta/main.yaml new file mode 100644 index 0000000..70b7565 --- /dev/null +++ b/roles/nsupdate/meta/main.yaml @@ -0,0 +1,2 @@ +collections: + - community.general \ No newline at end of file diff --git a/roles/nsupdate/tasks/main.yaml b/roles/nsupdate/tasks/main.yaml new file mode 100644 index 0000000..f4e541c --- /dev/null +++ b/roles/nsupdate/tasks/main.yaml @@ -0,0 +1,12 @@ +- name: Add or modify DNS records A to some IP + community.general.nsupdate: + key_name: "rndc-key" + key_secret: "{{ bind9secretkey_password }}" + key_algorithm: "hmac-md5" + server: "ns1.verdnatura.es" + zone: "{{ zone_record }}" + record: "{{ name_record }}" + ttl: "{{ ttl_record }}" + type: "{{ type_record }}" + value: "{{ value_record }}" + state: "{{ state_record }}" diff --git a/roles/config-nsupdate/vars/main.yaml b/roles/nsupdate/vars/main.yaml similarity index 96% rename from roles/config-nsupdate/vars/main.yaml rename to roles/nsupdate/vars/main.yaml index a11cf20..1960e50 100644 --- a/roles/config-nsupdate/vars/main.yaml +++ b/roles/nsupdate/vars/main.yaml @@ -1,5 +1,3 @@ ---- -# vars file bind9secretkey_password: !vault | $ANSIBLE_VAULT;1.1;AES256 36386562613235363931396632656535383336313537636431643338353438313231623839313031 diff --git a/roles/config-send-mail/tasks/main.yaml b/roles/send-mail/tasks/main.yaml similarity index 63% rename from roles/config-send-mail/tasks/main.yaml rename to roles/send-mail/tasks/main.yaml index cef3c10..a7e7d0c 100644 --- a/roles/config-send-mail/tasks/main.yaml +++ b/roles/send-mail/tasks/main.yaml @@ -1,7 +1,3 @@ ---- -# roles/config-send-mail/tasks/main.yaml - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - name: Sending an e-mail using Verdnatura SMTP servers community.general.mail: host: smtp.verdnatura.es @@ -12,4 +8,3 @@ subject: Ansible-test body: System {{ ansible_hostname }} has been send successfully mail. delegate_to: localhost -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-send-mail/vars/main.yaml b/roles/send-mail/vars/main.yaml similarity index 100% rename from roles/config-send-mail/vars/main.yaml rename to roles/send-mail/vars/main.yaml diff --git a/windows-install-package.yml b/windows-install-package.yml deleted file mode 100644 index c9e0d28..0000000 --- a/windows-install-package.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Installing Apache MSI - hosts: W2019 - - tasks: - - name: Download the Apache installer - win_get_url: - url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi - dest: C:\ansible_examples\httpd-2.2.25-win32-x86-no_ssl.msi - - - name: Install MSI - win_package: - path: C:\ansible_examples\httpd-2.2.25-win32-x86-no_ssl.msi - state: present \ No newline at end of file diff --git a/windows-ping-test.yml b/windows-ping-test.yml deleted file mode 100644 index 544b237..0000000 --- a/windows-ping-test.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Ping Windows hosts - hosts: W2019 - tasks: - - name: Ping Windows hosts using win_ping module - ansible.windows.win_ping: \ No newline at end of file diff --git a/windows-restart_service.yml b/windows-restart_service.yml deleted file mode 100644 index 4ea40c3..0000000 --- a/windows-restart_service.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: W2019 - tasks: - - name: Stop service WSearch - win_service: - name: wuauserv - state: stopped \ No newline at end of file -- 2.40.1 From cdeb3098dcf70e6daa10168e96620adb5458c1db Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 23 Sep 2024 16:32:28 +0200 Subject: [PATCH 041/138] refs #8025 Merge roles --- ansible.cfg | 2 +- collections/README.md | 21 ++++---- collections/requirements.yml | 1 - group_vars/all.yaml | 1 + playbooks/debian-base.yaml | 20 ------- playbooks/debian-ct.yaml | 27 ---------- playbooks/debian-infra.yaml | 23 -------- playbooks/debian-vm.yaml | 57 -------------------- playbooks/debian.yaml | 15 ++++-- playbooks/{ping.yml => ping.yaml} | 0 playbooks/print-facts.yaml | 11 ++++ roles/awx/vars/main.yaml | 1 - roles/linux-autofs/tasks/main.yaml | 3 -- roles/linux-base/tasks/main.yaml | 18 +++++-- roles/linux-guest/tasks/main.yaml | 5 ++ roles/linux-install-packages/tasks/main.yaml | 10 ---- roles/linux-ntp/handlers/main.yaml | 2 +- roles/linux-ntp/tasks/main.yaml | 5 +- roles/linux-ntp/vars/main.yaml | 1 - roles/linux-qemu/tasks/main.yaml | 5 ++ roles/linux-relayhost/tasks/main.yaml | 2 +- roles/linux-relayhost/vars/main.yaml | 2 - roles/linux-sudoers/tasks/main.yaml | 4 ++ roles/linux-vm/tasks/main.yaml | 10 ---- 24 files changed, 68 insertions(+), 178 deletions(-) delete mode 100644 playbooks/debian-base.yaml delete mode 100644 playbooks/debian-ct.yaml delete mode 100644 playbooks/debian-infra.yaml delete mode 100644 playbooks/debian-vm.yaml rename playbooks/{ping.yml => ping.yaml} (100%) create mode 100644 playbooks/print-facts.yaml delete mode 100644 roles/awx/vars/main.yaml create mode 100644 roles/linux-guest/tasks/main.yaml delete mode 100644 roles/linux-install-packages/tasks/main.yaml delete mode 100644 roles/linux-ntp/vars/main.yaml delete mode 100644 roles/linux-relayhost/vars/main.yaml delete mode 100644 roles/linux-vm/tasks/main.yaml diff --git a/ansible.cfg b/ansible.cfg index 0752a5b..f917a56 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,7 +1,7 @@ [defaults] roles_path = ./roles inventory = ./hosts -gathering = explicit +gathering = smart interpreter_python = auto_silent remote_user = root host_key_checking = False diff --git a/collections/README.md b/collections/README.md index 5f0beeb..d3ea311 100644 --- a/collections/README.md +++ b/collections/README.md @@ -1,31 +1,32 @@ # Collections -The porpouse of collections is get more modules and plugins to use in ansible. +The purpose of collections is get more modules and plugins to use in ansible. Collections are supported by Ansible community. # Install collections -In AWX-operator container , execute: +In *awx-operator* container, execute: ``` ansible-galaxy collection install -r requirements.yml ``` Where `requirements.yml` we need to specify the list of collections that we want to install: - ``` collections: - name: community.general - ``` -# Collection index: -[Index-Ansible-collections](https://docs.ansible.com/ansible/latest/collections/index.html) +# Collection index + +* https://docs.ansible.com/ansible/latest/collections/index.html # List collections -[Listing-collections](https://docs.ansible.com/ansible/latest/collections_guide/collections_listing.html) To list installed collections, run `ansible-galaxy collection list` (inside awx operator container) - -# Install multiple collections with a requirements file -[Install-multiple](https://docs.ansible.com/ansible/devel/collections_guide/collections_installing.html#install-multiple-collections-with-a-requirements-file) + +* https://docs.ansible.com/ansible/latest/collections_guide/collections_listing.html + +# Install multiple collections + +* https://docs.ansible.com/ansible/devel/collections_guide/collections_installing.html#install-multiple-collections-with-a-requirements-file diff --git a/collections/requirements.yml b/collections/requirements.yml index 1c297cd..a745157 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -1,4 +1,3 @@ ---- collections: - name: community.general version: '>=9.0.0' diff --git a/group_vars/all.yaml b/group_vars/all.yaml index 0f02e94..9414cf6 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -1,3 +1,4 @@ +awx_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHnD4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJsOoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2Vo05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGTSHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es resolv: domain: verdnatura.es search: verdnatura.es diff --git a/playbooks/debian-base.yaml b/playbooks/debian-base.yaml deleted file mode 100644 index 2807e6d..0000000 --- a/playbooks/debian-base.yaml +++ /dev/null @@ -1,20 +0,0 @@ -- hosts: all - tasks: - - name: Set locales - import_role: - name: config-locales - - name: Set timezone - import_role: - name: config-tzdata - - name: Install and configure fail2ban service - import_role: - name: config-fail2ban - tags: config-fail2ban_config - - name: Install guest side - import_role: - name: config-server-type - tags: config-server-type_config - - name: Install and configure ntp - import_role: - name: config-ntp - tags: config-ntp_config diff --git a/playbooks/debian-ct.yaml b/playbooks/debian-ct.yaml deleted file mode 100644 index 6b0c442..0000000 --- a/playbooks/debian-ct.yaml +++ /dev/null @@ -1,27 +0,0 @@ -- hosts: all - - - name: Config relayhost smtp - import_role: - name: config-relayhost-smtp - when: relay_host_enabled is defined and relay_host_enabled - tags: config-relayhost-smtp_config - - name: Config centralized auth - import_role: - name: config-centralized-auth - when: centralized_auth_enabled is defined and centralized_auth_enabled - tags: config-centralized-auth_config - - name: Set locales - import_role: - name: config-locales - when: locales_enabled is defined and locales_enabled - tags: config-locales_config - - name: Set timezone - import_role: - name: config-tzdata - when: tzdata_enabled is defined and tzdata_enabled - tags: config-tzdata_config - - name: Install and configure fail2ban service - import_role: - name: config-fail2ban - when: fail2ban_enabled is defined and fail2ban_enabled - tags: config-fail2ban_config diff --git a/playbooks/debian-infra.yaml b/playbooks/debian-infra.yaml deleted file mode 100644 index 40ebf56..0000000 --- a/playbooks/debian-infra.yaml +++ /dev/null @@ -1,23 +0,0 @@ -- hosts: all - tasks: - - name: Configure debian os - import_role: - name: config-base-debian-os - - name: Set locales - import_role: - name: config-locales - - name: Set timezone - import_role: - name: config-tzdata - - name: Add-repos-vn - import_role: - name: config-repo-vn - - name: Install and configure fail2ban service - import_role: - name: config-fail2ban - - name: Install and configure nagios nrpe service - import_role: - name: config-nagios-nrpe - - name: Install and configure ntp - import_role: - name: config-ntp diff --git a/playbooks/debian-vm.yaml b/playbooks/debian-vm.yaml deleted file mode 100644 index 0e6ff3e..0000000 --- a/playbooks/debian-vm.yaml +++ /dev/null @@ -1,57 +0,0 @@ -- hosts: all - tasks: - - name: Install packages - import_role: - name: config-install-packages - when: packages_enabled is defined and packages_enabled - tags: config-install-packages_config - - name: Config relayhost smtp - import_role: - name: config-relayhost-smtp - when: relay_host_enabled is defined and relay_host_enabled - tags: config-relayhost-smtp_config - - name: Config centralized auth - import_role: - name: config-centralized-auth - when: centralized_auth_enabled is defined and centralized_auth_enabled - tags: config-centralized-auth_config - - name: configure secure grub - import_role: - name: config-secure-grub - when: secure_grub_enabled is defined and secure_grub_enabled - tags: config-secure-grub_config - - name: Install and configure hot plug - import_role: - name: config-hot-plug - when: hot_plug_enabled is defined and hot_plug_enabled - tags: config-hot-plug_config - - name: Set locales - import_role: - name: config-locales - when: locales_enabled is defined and locales_enabled - tags: config-locales_config - - name: Set timezone - import_role: - name: config-tzdata - when: tzdata_enabled is defined and tzdata_enabled - tags: config-tzdata_config - - name: Install and configure fail2ban service - import_role: - name: config-fail2ban - when: fail2ban_enabled is defined and fail2ban_enabled - tags: config-fail2ban_config - - name: Install guest side - import_role: - name: config-server-type - when: server_type_enabled is defined and server_type_enabled - tags: config-server-type_config - - name: Install and configure ntp - import_role: - name: config-ntp - when: ntp_enabled is defined and ntp_enabled - tags: config-ntp_config - - name: Install and configure AUTOFS HOMES - import_role: - name: config-autofs-homes - when: autofs_homes_enabled is defined and autofs_homes_enabled - tags: config-autofs-homes_config diff --git a/playbooks/debian.yaml b/playbooks/debian.yaml index 0db3d8a..85a6d8a 100644 --- a/playbooks/debian.yaml +++ b/playbooks/debian.yaml @@ -1,5 +1,14 @@ - hosts: all tasks: - - name: Configure base system - import_role: - name: linux-base + - name: Configure AWX user + import_role: + name: awx + - name: Configure base system + import_role: + name: linux-base + - name: Configure guest + import_role: + name: linux-guest + - name: Configure virtual machine + import_role: + name: linux-qemu diff --git a/playbooks/ping.yml b/playbooks/ping.yaml similarity index 100% rename from playbooks/ping.yml rename to playbooks/ping.yaml diff --git a/playbooks/print-facts.yaml b/playbooks/print-facts.yaml new file mode 100644 index 0000000..91e79a3 --- /dev/null +++ b/playbooks/print-facts.yaml @@ -0,0 +1,11 @@ +# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html + +- hosts: all + gather_facts: yes + tasks: + - name: Print all available facts + ansible.builtin.debug: + var: ansible_facts + - name: Print variable value + debug: + msg: "Variable: {{ ansible_virtualization_type }}" diff --git a/roles/awx/vars/main.yaml b/roles/awx/vars/main.yaml deleted file mode 100644 index b8d6bad..0000000 --- a/roles/awx/vars/main.yaml +++ /dev/null @@ -1 +0,0 @@ -awx_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHnD4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJsOoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2Vo05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGTSHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es diff --git a/roles/linux-autofs/tasks/main.yaml b/roles/linux-autofs/tasks/main.yaml index 644c69f..bfdb347 100644 --- a/roles/linux-autofs/tasks/main.yaml +++ b/roles/linux-autofs/tasks/main.yaml @@ -1,6 +1,3 @@ -- name: Checking if configuration is needed - meta: end_host - when: autofs_homes_enabled is not defined or not autofs_homes_enabled - name: Install packages for autofs apt: name: "{{ item }}" diff --git a/roles/linux-base/tasks/main.yaml b/roles/linux-base/tasks/main.yaml index 54ed27f..ee0a9c0 100644 --- a/roles/linux-base/tasks/main.yaml +++ b/roles/linux-base/tasks/main.yaml @@ -1,10 +1,22 @@ +- name: Install base packages + apt: + name: "{{ item }}" + state: present + with_items: + - htop + - psmisc + - bash-completion + - screen + - aptitude +- include_role: + name: linux-sudoers - include_role: name: linux-motd - include_role: name: linux-profile -- include_role: - name: linux-sudoers - include_role: name: linux-vim - include_role: - name: linux-locale \ No newline at end of file + name: linux-locale +- include_role: + name: linux-nrpe \ No newline at end of file diff --git a/roles/linux-guest/tasks/main.yaml b/roles/linux-guest/tasks/main.yaml new file mode 100644 index 0000000..1a5dd2a --- /dev/null +++ b/roles/linux-guest/tasks/main.yaml @@ -0,0 +1,5 @@ +- name: Skip if not a guest + meta: end_host + when: ansible_virtualization_role != 'guest' +- include_role: + name: linux-auth diff --git a/roles/linux-install-packages/tasks/main.yaml b/roles/linux-install-packages/tasks/main.yaml deleted file mode 100644 index 3784a65..0000000 --- a/roles/linux-install-packages/tasks/main.yaml +++ /dev/null @@ -1,10 +0,0 @@ -- name: Install base packages - apt: - name: "{{ item }}" - state: present - with_items: - - htop - - psmisc - - bash-completion - - screen - - aptitude diff --git a/roles/linux-ntp/handlers/main.yaml b/roles/linux-ntp/handlers/main.yaml index 52a882c..530fefe 100644 --- a/roles/linux-ntp/handlers/main.yaml +++ b/roles/linux-ntp/handlers/main.yaml @@ -1,4 +1,4 @@ - name: restart systemd-timesyncd service: - name: "{{ timesyncd_daemon }}" + name: systemd-timesyncd state: restarted \ No newline at end of file diff --git a/roles/linux-ntp/tasks/main.yaml b/roles/linux-ntp/tasks/main.yaml index 082e776..89fbe1e 100644 --- a/roles/linux-ntp/tasks/main.yaml +++ b/roles/linux-ntp/tasks/main.yaml @@ -1,6 +1,3 @@ -- name: Checking if configuration is needed - meta: end_host - when: ntp_enabled is not defined or not ntp_enabled - name: Configure /etc/systemd/timesyncd.conf lineinfile: path: /etc/systemd/timesyncd.conf @@ -20,5 +17,5 @@ notify: restart systemd-timesyncd - name: Service should start on boot service: - name: "{{ timesyncd_daemon }}" + name: systemd-timesyncd enabled: yes diff --git a/roles/linux-ntp/vars/main.yaml b/roles/linux-ntp/vars/main.yaml deleted file mode 100644 index 5dd02ed..0000000 --- a/roles/linux-ntp/vars/main.yaml +++ /dev/null @@ -1 +0,0 @@ -timesyncd_daemon: systemd-timesyncd diff --git a/roles/linux-qemu/tasks/main.yaml b/roles/linux-qemu/tasks/main.yaml index 1d295d3..80e5fac 100644 --- a/roles/linux-qemu/tasks/main.yaml +++ b/roles/linux-qemu/tasks/main.yaml @@ -1,3 +1,6 @@ +- name: Skip if not a QEMU guest + meta: end_host + when: not (ansible_virtualization_type == 'kvm' and ansible_virtualization_role == 'guest') - name: Install QEMU guest agent apt: name: qemu-guest-agent @@ -18,3 +21,5 @@ group: root - name: Generate GRUB configuration command: update-grub +- include_role: + name: linux-autofs diff --git a/roles/linux-relayhost/tasks/main.yaml b/roles/linux-relayhost/tasks/main.yaml index 13d0ed9..db2c7f2 100644 --- a/roles/linux-relayhost/tasks/main.yaml +++ b/roles/linux-relayhost/tasks/main.yaml @@ -4,7 +4,7 @@ state: present - name: Reconfigure relayhost lineinfile: - dest: "{{ exim_configuration_file }}" + dest: /etc/exim4/update-exim4.conf.conf regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present diff --git a/roles/linux-relayhost/vars/main.yaml b/roles/linux-relayhost/vars/main.yaml deleted file mode 100644 index 1764954..0000000 --- a/roles/linux-relayhost/vars/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ -exim_configuration_file: /etc/exim4/update-exim4.conf.conf -exim_daemon: exim4 diff --git a/roles/linux-sudoers/tasks/main.yaml b/roles/linux-sudoers/tasks/main.yaml index 54ec054..f512867 100644 --- a/roles/linux-sudoers/tasks/main.yaml +++ b/roles/linux-sudoers/tasks/main.yaml @@ -1,3 +1,7 @@ +- name: Install sudo package + apt: + name: sudo + state: present - name: Copy sudoers configuration file copy: src: vn diff --git a/roles/linux-vm/tasks/main.yaml b/roles/linux-vm/tasks/main.yaml deleted file mode 100644 index 54ed27f..0000000 --- a/roles/linux-vm/tasks/main.yaml +++ /dev/null @@ -1,10 +0,0 @@ -- include_role: - name: linux-motd -- include_role: - name: linux-profile -- include_role: - name: linux-sudoers -- include_role: - name: linux-vim -- include_role: - name: linux-locale \ No newline at end of file -- 2.40.1 From 0b7ab9a8342801e377eb766fc8b9521b9cf02fd6 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 23 Sep 2024 16:34:09 +0200 Subject: [PATCH 042/138] refs #8025 send-mail refactor --- roles/send-mail/tasks/main.yaml | 2 +- roles/send-mail/vars/main.yaml | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/roles/send-mail/tasks/main.yaml b/roles/send-mail/tasks/main.yaml index a7e7d0c..1b06a29 100644 --- a/roles/send-mail/tasks/main.yaml +++ b/roles/send-mail/tasks/main.yaml @@ -1,4 +1,4 @@ -- name: Sending an e-mail using Verdnatura SMTP servers +- name: Send mail using Verdnatura SMTP servers community.general.mail: host: smtp.verdnatura.es port: 465 diff --git a/roles/send-mail/vars/main.yaml b/roles/send-mail/vars/main.yaml index ae7603d..3286258 100644 --- a/roles/send-mail/vars/main.yaml +++ b/roles/send-mail/vars/main.yaml @@ -1,6 +1,3 @@ ---- -# roles/config-send-mail/vars/main.yaml - bindsecretawx_password: !vault | $ANSIBLE_VAULT;1.1;AES256 62393936623766653737356136353765336265636136616330306537393638646663326663346138 -- 2.40.1 From 9b358d0262c41598aedb6bf4f60aac3985a37d1b Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 23 Sep 2024 16:35:42 +0200 Subject: [PATCH 043/138] refs #8025 Remove non-production hosts from inventory --- hosts | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/hosts b/hosts index 1dff883..a824dc6 100644 --- a/hosts +++ b/hosts @@ -130,30 +130,3 @@ kubeMaster kubeWorker kubeProxy kubeBackup - -[test] - -W2019 ansible_host=10.1.5.224 -graphite ansible_host=graphite.lab.verdnatura.es -metric1 ansible_host=metric1.lab.verdnatura.es -plantilladebian12 ansible_host=plantilladebian12.lab.verdnatura.es -docker-test ansible_host=docker-test.lab.verdnatura.es -nagios4-test ansible_host=nagios4-test.lab.verdnatura.es -nagios4-test2 ansible_host=nagios4-test2.lab.verdnatura.es -cephlab01 ansible_host=cephlab01.lab.verdnatura.es -cephlab02 ansible_host=cephlab02.lab.verdnatura.es -cephlab03 ansible_host=cephlab03.lab.verdnatura.es -core-proxytest ansible_host=core-proxytest.lab.verdnatura.es -openldap-test ansible_host=openldap-test.lab.verdnatura.es -test-playbook ansible_host=test-playbook.lab.verdnatura.es -zabbix-frontend-web ansible_host=zabbix-frontend-web.lab.verdnatura.es -zabbix-server-db ansible_host=zabbix-server-db.lab.verdnatura.es -testansible ansible_host=10.29.6.79 -freeradius-playbook ansible_host=freeradius-playbook.lab.verdnatura.es -debian-vn-test ansible_host=debian-vn-test.lab.verdnatura.es -iventoy-test ansible_host=iventoy-test.lab.verdnatura.es -kubelab-proxy1 ansible_host=kubelab-proxy1.lab.verdnatura.es -openvpn-freeradius ansible_host=openvpn-freeradius.lab.verdnatura.es -vm-debian12 ansible_host=vm-debian12.lab.verdnatura.es -docker-itlab ansible_host=10.29.2.153 -test1 ansible_host=10.29.2.254 -- 2.40.1 From c7299d8499c5c6f4044bb702eda9fe33c7cb9a1a Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 23 Sep 2024 16:58:52 +0200 Subject: [PATCH 044/138] refs #8025 Hosts reorganized, clearer names for roles --- hosts | 102 +++++++++--------- playbooks/debian.yaml | 8 +- playbooks/test.yaml | 2 +- playbooks/windows-ping.yml | 2 +- playbooks/windows-update.yaml | 3 +- .../tasks/main.yaml | 0 roles/debian-guest/tasks/main.yaml | 3 + .../files/80-hotplug-cpu-mem.rules | 0 .../files/hotplug.cfg | 0 .../tasks/main.yaml | 3 - roles/linux-guest/tasks/main.yaml | 5 - 11 files changed, 60 insertions(+), 68 deletions(-) rename roles/{linux-base => debian-base}/tasks/main.yaml (100%) create mode 100644 roles/debian-guest/tasks/main.yaml rename roles/{linux-qemu => debian-qemu}/files/80-hotplug-cpu-mem.rules (100%) rename roles/{linux-qemu => debian-qemu}/files/hotplug.cfg (100%) rename roles/{linux-qemu => debian-qemu}/tasks/main.yaml (77%) delete mode 100644 roles/linux-guest/tasks/main.yaml diff --git a/hosts b/hosts index a824dc6..f22db36 100644 --- a/hosts +++ b/hosts @@ -1,36 +1,56 @@ [ceph] - ceph1 ansible_host=ceph1.core.dc.verdnatura.es ceph2 ansible_host=ceph2.core.dc.verdnatura.es ceph3 ansible_host=ceph3.core.dc.verdnatura.es -[cephGw] - +[ceph_gw] ceph-gw1 ansible_host=ceph-gw1.core.dc.verdnatura.es ceph-gw2 ansible_host=ceph-gw2.core.dc.verdnatura.es [pve] - pve01 ansible_host=pve01.core.dc.verdnatura.es pve02 ansible_host=pve02.core.dc.verdnatura.es pve03 ansible_host=pve03.core.dc.verdnatura.es pve04 ansible_host=pve04.core.dc.verdnatura.es pve05 ansible_host=pve04.core.dc.verdnatura.es -[coreHelper] +[infra:children] +ceph +ceph_gw +pve +[kube_master] +kube-master1 ansible_host=kube-master1.servers.dc.verdnatura.es +kube-master2 ansible_host=kube-master2.servers.dc.verdnatura.es +kube-master3 ansible_host=kube-master3.servers.dc.verdnatura.es +kube-master4 ansible_host=kube-master4.servers.dc.verdnatura.es +kube-master5 ansible_host=kube-master5.servers.dc.verdnatura.es + +[kube_worker] +kube-worker1 ansible_host=kube-worker1.servers.dc.verdnatura.es +kube-worker2 ansible_host=kube-worker2.servers.dc.verdnatura.es +kube-worker3 ansible_host=kube-worker3.servers.dc.verdnatura.es +kube-worker4 ansible_host=kube-worker4.servers.dc.verdnatura.es +kube-worker5 ansible_host=kube-worker5.servers.dc.verdnatura.es + +[kube_proxy] +kube-proxy1 ansible_host=kube-proxy1.servers.dc.verdnatura.es +kube-proxy2 ansible_host=kube-proxy2.servers.dc.verdnatura.es + +[kube_helper] +kube-helm ansible_host=kube-helm.servers.dc.verdnatura.es + +[kube:children] +kube_master +kube_worker +kube_proxy +kube_helper + +[core_helper] core-agent ansible_host=core-agent.core.dc.verdnatura.es core-proxy ansible_host=core-proxy.core.dc.verdnatura.es -[core:children] - -ceph -cephGw -pve -coreHelper - [servers] - dhcp1 ansible_host=dhcp1.servers.dc.verdnatura.es dhcp2 ansible_host=dhcp2.servers.dc.verdnatura.es ns1 ansible_host=ns1.servers.dc.verdnatura.es @@ -77,56 +97,32 @@ freeradiustotp ansible_host=freeradiustotp.servers.dc.verdnatura.es iventoy ansible_host=iventoy.servers.dc.verdnatura.es [windows] - -a3 ansible_host=a3.outsource.dc.verdnatura.es rsat ansible_host=rsat.servers.dc.verdnatura.es -contaplus ansible_host=contaplus.outsource.dc.verdnatura.es -dipole ansible_host=dipole.outsource.dc.verdnatura.es printserver ansible_host=printserver.servers.dc.verdnatura.es -sage ansible_host=sage.outsource.dc.verdnatura.es mrw ansible_host=mrw.servers.dc.verdnatura.es ts1 ansible_host=ts1.rds.dc.verdnatura.es ts2 ansible_host=ts2.rds.dc.verdnatura.es rds-licenses ansible_host=rds-licenses.rds.dc.verdnatura.es integra2 ansible_host=integra2.servers.dc.verdnatura.es + +[outsource] +a3 ansible_host=a3.outsource.dc.verdnatura.es +contaplus ansible_host=contaplus.outsource.dc.verdnatura.es +dipole ansible_host=dipole.outsource.dc.verdnatura.es +sage ansible_host=sage.outsource.dc.verdnatura.es docuware ansible_host=docuware.outsource.dc.verdnatura.es [backup] - -vm-backup ansible_host=vm-backup.backup.dc.verdnatura.es -backup-nas ansible_host=backup-nas.backup.dc.verdnatura.es -bacularis ansible_host=bacularis.backup.dc.verdnatura.es bacula-dir ansible_host=bacula-dir.backup.dc.verdnatura.es bacula-db ansible_host=bacula-db.backup.dc.verdnatura.es +bacularis ansible_host=bacularis.backup.dc.verdnatura.es +backup-nas ansible_host=backup-nas.backup.dc.verdnatura.es +tftp ansible_host=tftp.backup.dc.verdnatura.es +kube-backup ansible_host=kube-backup.backup.dc.verdnatura.es -[kubeMaster] - -kube-master1 ansible_host=kube-master1.servers.dc.verdnatura.es -kube-master2 ansible_host=kube-master2.servers.dc.verdnatura.es -kube-master3 ansible_host=kube-master3.servers.dc.verdnatura.es -kube-master4 ansible_host=kube-master4.servers.dc.verdnatura.es -kube-master5 ansible_host=kube-master5.servers.dc.verdnatura.es - -[kubeWorker] - -kube-worker1 ansible_host=kube-worker1.servers.dc.verdnatura.es -kube-worker2 ansible_host=kube-worker2.servers.dc.verdnatura.es -kube-worker3 ansible_host=kube-worker3.servers.dc.verdnatura.es -kube-worker4 ansible_host=kube-worker4.servers.dc.verdnatura.es -kube-worker5 ansible_host=kube-worker5.servers.dc.verdnatura.es - -[kubeProxy] - -kube-proxy1 ansible_host=kube-proxy1.servers.dc.verdnatura.es -kube-proxy2 ansible_host=kube-proxy2.servers.dc.verdnatura.es - -[kubeBackup] - -kube-helm ansible_host=kube-helm.servers.dc.verdnatura.es - -[kube:children] - -kubeMaster -kubeWorker -kubeProxy -kubeBackup +[guest:children] +core_helper +servers +windows +outsource +backup diff --git a/playbooks/debian.yaml b/playbooks/debian.yaml index 85a6d8a..f131f8c 100644 --- a/playbooks/debian.yaml +++ b/playbooks/debian.yaml @@ -5,10 +5,12 @@ name: awx - name: Configure base system import_role: - name: linux-base + name: debian-base - name: Configure guest import_role: - name: linux-guest + name: debian-guest + when: ansible_virtualization_role == 'guest' - name: Configure virtual machine import_role: - name: linux-qemu + name: debian-qemu + when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm' diff --git a/playbooks/test.yaml b/playbooks/test.yaml index 99e65fd..8032bff 100644 --- a/playbooks/test.yaml +++ b/playbooks/test.yaml @@ -2,4 +2,4 @@ tasks: - name: Test role import_role: - name: linux-fail2ban + name: linux-base diff --git a/playbooks/windows-ping.yml b/playbooks/windows-ping.yml index 2a141f4..4fef2f5 100644 --- a/playbooks/windows-ping.yml +++ b/playbooks/windows-ping.yml @@ -1,5 +1,5 @@ - name: Ping Windows hosts - hosts: windows + hosts: all tasks: - name: Ping Windows hosts ansible.windows.win_ping: \ No newline at end of file diff --git a/playbooks/windows-update.yaml b/playbooks/windows-update.yaml index 301bf77..b3181a1 100644 --- a/playbooks/windows-update.yaml +++ b/playbooks/windows-update.yaml @@ -1,5 +1,4 @@ -- hosts: windows - ignore_unreachable: yes +- hosts: all serial: 1 tasks: - block: diff --git a/roles/linux-base/tasks/main.yaml b/roles/debian-base/tasks/main.yaml similarity index 100% rename from roles/linux-base/tasks/main.yaml rename to roles/debian-base/tasks/main.yaml diff --git a/roles/debian-guest/tasks/main.yaml b/roles/debian-guest/tasks/main.yaml new file mode 100644 index 0000000..e1125c9 --- /dev/null +++ b/roles/debian-guest/tasks/main.yaml @@ -0,0 +1,3 @@ +- include_role: + name: linux-auth + when: false diff --git a/roles/linux-qemu/files/80-hotplug-cpu-mem.rules b/roles/debian-qemu/files/80-hotplug-cpu-mem.rules similarity index 100% rename from roles/linux-qemu/files/80-hotplug-cpu-mem.rules rename to roles/debian-qemu/files/80-hotplug-cpu-mem.rules diff --git a/roles/linux-qemu/files/hotplug.cfg b/roles/debian-qemu/files/hotplug.cfg similarity index 100% rename from roles/linux-qemu/files/hotplug.cfg rename to roles/debian-qemu/files/hotplug.cfg diff --git a/roles/linux-qemu/tasks/main.yaml b/roles/debian-qemu/tasks/main.yaml similarity index 77% rename from roles/linux-qemu/tasks/main.yaml rename to roles/debian-qemu/tasks/main.yaml index 80e5fac..cab7e7f 100644 --- a/roles/linux-qemu/tasks/main.yaml +++ b/roles/debian-qemu/tasks/main.yaml @@ -1,6 +1,3 @@ -- name: Skip if not a QEMU guest - meta: end_host - when: not (ansible_virtualization_type == 'kvm' and ansible_virtualization_role == 'guest') - name: Install QEMU guest agent apt: name: qemu-guest-agent diff --git a/roles/linux-guest/tasks/main.yaml b/roles/linux-guest/tasks/main.yaml deleted file mode 100644 index 1a5dd2a..0000000 --- a/roles/linux-guest/tasks/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- name: Skip if not a guest - meta: end_host - when: ansible_virtualization_role != 'guest' -- include_role: - name: linux-auth -- 2.40.1 From 98684397503c3a9cee14760442fd6965b502fb51 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 09:38:05 +0200 Subject: [PATCH 045/138] refs #8025 Roles merged, passwords moved to global vars, rename .yaml to .yml --- ansible.cfg | 2 +- group_vars/all.yaml | 7 - group_vars/all.yml | 42 +++++ ...debian-upgrade.yaml => debian-upgrade.yml} | 2 +- playbooks/{debian.yaml => debian.yml} | 0 playbooks/{freeradius.yaml => freeradius.yml} | 0 playbooks/{nsupdate.yaml => nsupdate.yml} | 0 playbooks/{ping.yaml => ping.yml} | 0 .../{print-facts.yaml => print-facts.yml} | 0 playbooks/{send-mail.yaml => send-mail.yml} | 0 playbooks/{test.yaml => test.yml} | 0 ...windows-update.yaml => windows-update.yml} | 0 .../defaults/main.yaml | 0 .../files/90-vn => debian-base/files/motd} | 0 .../90-vn.cfg => debian-base/files/nrpe.cfg} | 0 .../vn.sh => debian-base/files/profile.sh} | 0 .../files/set-timezone.sh} | 0 .../files/vn => debian-base/files/sudoers} | 0 .../{linux-ntp => debian-base}/files/timesync | 0 .../files/vimrc.local | 0 roles/debian-base/handlers/main.yml | 21 +++ .../tasks/bacula.yml} | 4 +- .../tasks/fail2ban.yml} | 4 +- roles/debian-base/tasks/install.yml | 10 ++ .../tasks/locale.yml} | 0 roles/debian-base/tasks/main.yaml | 22 --- roles/debian-base/tasks/main.yml | 8 + .../main.yaml => debian-base/tasks/motd.yml} | 4 +- .../main.yaml => debian-base/tasks/nrpe.yml} | 8 +- .../tasks/profile.yml} | 4 +- .../tasks/relayhost.yml} | 2 +- .../main.yaml => debian-base/tasks/root.yaml} | 0 .../tasks/sudoers.yml} | 4 +- .../tasks/tymesyncd.yml} | 0 .../tasks/tzdata.yml} | 2 +- .../main.yaml => debian-base/tasks/vim.yml} | 0 roles/debian-base/tasks/vn-repo.yml | 12 ++ .../templates/bacula-fd.conf.j2} | 4 +- .../templates/jail.local.j2 | 0 .../main.yaml => debian-base/vars/main.yml} | 3 + .../files/nslcd.conf | 2 +- .../main.yaml => debian-guest/tasks/auth.yml} | 2 +- roles/debian-guest/tasks/main.yaml | 3 - roles/debian-guest/tasks/main.yml | 2 + .../files/auto.homes | 0 .../files/homes.autofs | 0 roles/debian-qemu/tasks/agent.yml | 4 + .../tasks/autofs.yml} | 0 .../tasks/{main.yaml => hotplug.yml} | 4 - roles/debian-qemu/tasks/main.yml | 3 + roles/debian-qemu/vars/main.yml | 1 + .../tasks/main.yaml | 0 roles/freeradius/tasks/main.yaml | 156 ------------------ roles/freeradius/tasks/main.yml | 97 +++++++++++ roles/freeradius/templates/clients.j2 | 2 +- roles/freeradius/vars/main.yaml | 16 -- roles/linux-auth/vars/main.yaml | 7 - roles/linux-autofs/tasks/main.yaml | 38 ----- roles/linux-autofs/vars/main.yaml | 1 - roles/linux-fail2ban/handlers/main.yaml | 4 - .../tasks/{main.yaml => main.yml} | 0 roles/linux-nrpe/handlers/main.yaml | 4 - roles/linux-ntp/handlers/main.yaml | 4 - roles/linux-relayhost/handlers/main.yaml | 4 - roles/linux-root/handlers/main.yaml | 4 - .../handlers/{main.yaml => main.yml} | 0 .../tasks/{main.yaml => main.yml} | 0 roles/linux-vn-repo/tasks/main.yaml | 12 -- roles/linux-vn-repo/vars/main.yaml | 2 - roles/nsupdate/meta/{main.yaml => main.yml} | 0 roles/nsupdate/tasks/{main.yaml => main.yml} | 2 +- roles/nsupdate/vars/main.yaml | 7 - roles/send-mail/tasks/{main.yaml => main.yml} | 2 +- roles/send-mail/vars/main.yaml | 7 - 74 files changed, 228 insertions(+), 327 deletions(-) delete mode 100644 group_vars/all.yaml create mode 100644 group_vars/all.yml rename playbooks/{debian-upgrade.yaml => debian-upgrade.yml} (70%) rename playbooks/{debian.yaml => debian.yml} (100%) rename playbooks/{freeradius.yaml => freeradius.yml} (100%) rename playbooks/{nsupdate.yaml => nsupdate.yml} (100%) rename playbooks/{ping.yaml => ping.yml} (100%) rename playbooks/{print-facts.yaml => print-facts.yml} (100%) rename playbooks/{send-mail.yaml => send-mail.yml} (100%) rename playbooks/{test.yaml => test.yml} (100%) rename playbooks/{windows-update.yaml => windows-update.yml} (100%) rename roles/{linux-relayhost => debian-base}/defaults/main.yaml (100%) rename roles/{linux-motd/files/90-vn => debian-base/files/motd} (100%) rename roles/{linux-nrpe/files/90-vn.cfg => debian-base/files/nrpe.cfg} (100%) rename roles/{linux-profile/files/vn.sh => debian-base/files/profile.sh} (100%) rename roles/{linux-tzdata/files/set_timezone.sh => debian-base/files/set-timezone.sh} (100%) rename roles/{linux-sudoers/files/vn => debian-base/files/sudoers} (100%) rename roles/{linux-ntp => debian-base}/files/timesync (100%) rename roles/{linux-vim => debian-base}/files/vimrc.local (100%) create mode 100644 roles/debian-base/handlers/main.yml rename roles/{linux-bacula/tasks/main.yaml => debian-base/tasks/bacula.yml} (85%) rename roles/{linux-fail2ban/tasks/main.yaml => debian-base/tasks/fail2ban.yml} (76%) create mode 100644 roles/debian-base/tasks/install.yml rename roles/{linux-locale/tasks/main.yaml => debian-base/tasks/locale.yml} (100%) delete mode 100644 roles/debian-base/tasks/main.yaml create mode 100644 roles/debian-base/tasks/main.yml rename roles/{linux-motd/tasks/main.yaml => debian-base/tasks/motd.yml} (65%) rename roles/{linux-nrpe/tasks/main.yaml => debian-base/tasks/nrpe.yml} (72%) rename roles/{linux-profile/tasks/main.yaml => debian-base/tasks/profile.yml} (64%) rename roles/{linux-relayhost/tasks/main.yaml => debian-base/tasks/relayhost.yml} (98%) rename roles/{linux-root/tasks/main.yaml => debian-base/tasks/root.yaml} (100%) rename roles/{linux-sudoers/tasks/main.yaml => debian-base/tasks/sudoers.yml} (78%) rename roles/{linux-ntp/tasks/main.yaml => debian-base/tasks/tymesyncd.yml} (100%) rename roles/{linux-tzdata/tasks/main.yaml => debian-base/tasks/tzdata.yml} (55%) rename roles/{linux-vim/tasks/main.yaml => debian-base/tasks/vim.yml} (100%) create mode 100644 roles/debian-base/tasks/vn-repo.yml rename roles/{linux-bacula/files/bacula-fd.conf.jd2 => debian-base/templates/bacula-fd.conf.j2} (88%) rename roles/{linux-fail2ban => debian-base}/templates/jail.local.j2 (100%) rename roles/{linux-fail2ban/vars/main.yaml => debian-base/vars/main.yml} (53%) rename roles/{linux-auth => debian-guest}/files/nslcd.conf (94%) rename roles/{linux-auth/tasks/main.yaml => debian-guest/tasks/auth.yml} (93%) delete mode 100644 roles/debian-guest/tasks/main.yaml create mode 100644 roles/debian-guest/tasks/main.yml rename roles/{linux-autofs => debian-qemu}/files/auto.homes (100%) rename roles/{linux-autofs => debian-qemu}/files/homes.autofs (100%) create mode 100644 roles/debian-qemu/tasks/agent.yml rename roles/{linux-autofs/handlers/main.yaml => debian-qemu/tasks/autofs.yml} (100%) rename roles/debian-qemu/tasks/{main.yaml => hotplug.yml} (82%) create mode 100644 roles/debian-qemu/tasks/main.yml create mode 100644 roles/debian-qemu/vars/main.yml rename roles/{linux-upgrade => debian-upgrade}/tasks/main.yaml (100%) delete mode 100644 roles/freeradius/tasks/main.yaml create mode 100644 roles/freeradius/tasks/main.yml delete mode 100644 roles/linux-auth/vars/main.yaml delete mode 100644 roles/linux-autofs/tasks/main.yaml delete mode 100644 roles/linux-autofs/vars/main.yaml delete mode 100644 roles/linux-fail2ban/handlers/main.yaml rename roles/linux-hostname/tasks/{main.yaml => main.yml} (100%) delete mode 100644 roles/linux-nrpe/handlers/main.yaml delete mode 100644 roles/linux-ntp/handlers/main.yaml delete mode 100644 roles/linux-relayhost/handlers/main.yaml delete mode 100644 roles/linux-root/handlers/main.yaml rename roles/linux-secure-grub/handlers/{main.yaml => main.yml} (100%) rename roles/linux-secure-grub/tasks/{main.yaml => main.yml} (100%) delete mode 100644 roles/linux-vn-repo/tasks/main.yaml delete mode 100644 roles/linux-vn-repo/vars/main.yaml rename roles/nsupdate/meta/{main.yaml => main.yml} (100%) rename roles/nsupdate/tasks/{main.yaml => main.yml} (87%) delete mode 100644 roles/nsupdate/vars/main.yaml rename roles/send-mail/tasks/{main.yaml => main.yml} (87%) delete mode 100644 roles/send-mail/vars/main.yaml diff --git a/ansible.cfg b/ansible.cfg index f917a56..e5b1de3 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -3,7 +3,7 @@ roles_path = ./roles inventory = ./hosts gathering = smart interpreter_python = auto_silent -remote_user = root +remote_user = awx-user host_key_checking = False [privilege_escalation] diff --git a/group_vars/all.yaml b/group_vars/all.yaml deleted file mode 100644 index 9414cf6..0000000 --- a/group_vars/all.yaml +++ /dev/null @@ -1,7 +0,0 @@ -awx_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHnD4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJsOoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2Vo05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGTSHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es -resolv: - domain: verdnatura.es - search: verdnatura.es -resolvers: - - '10.0.0.4' - - '10.0.0.5' diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..9625d61 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,42 @@ +awx_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHnD4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJsOoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2Vo05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGTSHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es +resolv: + domain: verdnatura.es + search: verdnatura.es +resolvers: + - '10.0.0.4' + - '10.0.0.5' +nslcd_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30343461633538323832316231383362626636653864353535346461353937313131336135396162 + 3866623238353638323961363239373236393339333134380a313561363030306165393965396234 + 65316535626434333331633438613639633163643765633064363833303461363834653864646464 + 3133313233353730620a343536316266393637623563313563613332646630643632366439343764 + 30383935303161646339393361393130613266663337373364626635646430326465 +rndc_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 36386562613235363931396632656535383336313537636431643338353438313231623839313031 + 3830616135393732353265666664353963393366343461630a633365396165653761353762383739 + 66303862376465626435633964313237643230653463353662343831646464633639383336323863 + 6139333234386565620a653438613165626131653834633931343766343162653932373161653362 + 38303139333536656263656163623333313234393666353766363565633732366165 +radius_ldap_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31643037313539376337363739616361363339616235623433656131306539373030373731643934 + 3432656465343430366366646237326137656134346562360a306538303762313261616632643135 + 39316439653932396134646432633262326631363765643564306565636363356335653539656531 + 6234636463376364620a636133346337306437643939376531633564633737333133363065633031 + 61643731646163323636343837373761303930323961653663343135303731623133 +radius_client_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62313333666335316231396365653635356639626563613738363137383434343437393833393934 + 6439646632303536393438306234323862363532393733630a356136393539363161346631623161 + 37636365653331333735353166646164613732303035613231353237343139623137396364643637 + 3261656465336435630a666466643734373830633933613266663631343730386530633839386239 + 62623434663130363637303035363434313566376661356362663238666166343534 +awx_smtp_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62393936623766653737356136353765336265636136616330306537393638646663326663346138 + 3631616362363163393036613564623864383365633634660a366563363836363061623566393361 + 37633364633631333130346332613235303762316435313535613664323830656363353237373561 + 3866653365636431630a303262666662376662623862663461633361333037643863353135343836 + 61383730366664353730616331666139376234313562383163613736353231666533 \ No newline at end of file diff --git a/playbooks/debian-upgrade.yaml b/playbooks/debian-upgrade.yml similarity index 70% rename from playbooks/debian-upgrade.yaml rename to playbooks/debian-upgrade.yml index de568cd..8215cb2 100644 --- a/playbooks/debian-upgrade.yaml +++ b/playbooks/debian-upgrade.yml @@ -2,4 +2,4 @@ tasks: - name: Upgrade system import_role: - name: linux-upgrade + name: debian-upgrade diff --git a/playbooks/debian.yaml b/playbooks/debian.yml similarity index 100% rename from playbooks/debian.yaml rename to playbooks/debian.yml diff --git a/playbooks/freeradius.yaml b/playbooks/freeradius.yml similarity index 100% rename from playbooks/freeradius.yaml rename to playbooks/freeradius.yml diff --git a/playbooks/nsupdate.yaml b/playbooks/nsupdate.yml similarity index 100% rename from playbooks/nsupdate.yaml rename to playbooks/nsupdate.yml diff --git a/playbooks/ping.yaml b/playbooks/ping.yml similarity index 100% rename from playbooks/ping.yaml rename to playbooks/ping.yml diff --git a/playbooks/print-facts.yaml b/playbooks/print-facts.yml similarity index 100% rename from playbooks/print-facts.yaml rename to playbooks/print-facts.yml diff --git a/playbooks/send-mail.yaml b/playbooks/send-mail.yml similarity index 100% rename from playbooks/send-mail.yaml rename to playbooks/send-mail.yml diff --git a/playbooks/test.yaml b/playbooks/test.yml similarity index 100% rename from playbooks/test.yaml rename to playbooks/test.yml diff --git a/playbooks/windows-update.yaml b/playbooks/windows-update.yml similarity index 100% rename from playbooks/windows-update.yaml rename to playbooks/windows-update.yml diff --git a/roles/linux-relayhost/defaults/main.yaml b/roles/debian-base/defaults/main.yaml similarity index 100% rename from roles/linux-relayhost/defaults/main.yaml rename to roles/debian-base/defaults/main.yaml diff --git a/roles/linux-motd/files/90-vn b/roles/debian-base/files/motd similarity index 100% rename from roles/linux-motd/files/90-vn rename to roles/debian-base/files/motd diff --git a/roles/linux-nrpe/files/90-vn.cfg b/roles/debian-base/files/nrpe.cfg similarity index 100% rename from roles/linux-nrpe/files/90-vn.cfg rename to roles/debian-base/files/nrpe.cfg diff --git a/roles/linux-profile/files/vn.sh b/roles/debian-base/files/profile.sh similarity index 100% rename from roles/linux-profile/files/vn.sh rename to roles/debian-base/files/profile.sh diff --git a/roles/linux-tzdata/files/set_timezone.sh b/roles/debian-base/files/set-timezone.sh similarity index 100% rename from roles/linux-tzdata/files/set_timezone.sh rename to roles/debian-base/files/set-timezone.sh diff --git a/roles/linux-sudoers/files/vn b/roles/debian-base/files/sudoers similarity index 100% rename from roles/linux-sudoers/files/vn rename to roles/debian-base/files/sudoers diff --git a/roles/linux-ntp/files/timesync b/roles/debian-base/files/timesync similarity index 100% rename from roles/linux-ntp/files/timesync rename to roles/debian-base/files/timesync diff --git a/roles/linux-vim/files/vimrc.local b/roles/debian-base/files/vimrc.local similarity index 100% rename from roles/linux-vim/files/vimrc.local rename to roles/debian-base/files/vimrc.local diff --git a/roles/debian-base/handlers/main.yml b/roles/debian-base/handlers/main.yml new file mode 100644 index 0000000..524348c --- /dev/null +++ b/roles/debian-base/handlers/main.yml @@ -0,0 +1,21 @@ +- name: restart-timesyncd + service: + name: systemd-timesyncd + state: restarted +- name: restart-exim + service: + name: exim4 + state: restarted +- name: restart-ssh + service: + name: ssh + state: restarted +- name: restart-fail2ban + service: + name: fail2ban + state: restarted +- name: restart-nrpe + service: + name: nagios-nrpe-server + state: restarted + diff --git a/roles/linux-bacula/tasks/main.yaml b/roles/debian-base/tasks/bacula.yml similarity index 85% rename from roles/linux-bacula/tasks/main.yaml rename to roles/debian-base/tasks/bacula.yml index 88f96de..a786645 100644 --- a/roles/linux-bacula/tasks/main.yaml +++ b/roles/debian-base/tasks/bacula.yml @@ -1,4 +1,4 @@ -- name: Install packages +- name: Install Bacula FD packages apt: name: bacula-fd state: present @@ -14,7 +14,7 @@ group: bacula mode: '0640' backup: true -- name: Restart service +- name: Restart Bacula FD service service: name: bacula-fd state: restarted diff --git a/roles/linux-fail2ban/tasks/main.yaml b/roles/debian-base/tasks/fail2ban.yml similarity index 76% rename from roles/linux-fail2ban/tasks/main.yaml rename to roles/debian-base/tasks/fail2ban.yml index 8b2aacc..f1a7042 100644 --- a/roles/linux-fail2ban/tasks/main.yaml +++ b/roles/debian-base/tasks/fail2ban.yml @@ -1,11 +1,11 @@ -- name: Install packages +- name: Install fail2ban packages apt: name: fail2ban state: present loop: - fail2ban - rsyslog -- name: Configure service +- name: Configure fail2ban service template: src: jail.local.j2 dest: /etc/fail2ban/jail.local diff --git a/roles/debian-base/tasks/install.yml b/roles/debian-base/tasks/install.yml new file mode 100644 index 0000000..e02d485 --- /dev/null +++ b/roles/debian-base/tasks/install.yml @@ -0,0 +1,10 @@ +- name: Install base packages + apt: + name: "{{ item }}" + state: present + with_items: + - htop + - psmisc + - bash-completion + - screen + - aptitude \ No newline at end of file diff --git a/roles/linux-locale/tasks/main.yaml b/roles/debian-base/tasks/locale.yml similarity index 100% rename from roles/linux-locale/tasks/main.yaml rename to roles/debian-base/tasks/locale.yml diff --git a/roles/debian-base/tasks/main.yaml b/roles/debian-base/tasks/main.yaml deleted file mode 100644 index ee0a9c0..0000000 --- a/roles/debian-base/tasks/main.yaml +++ /dev/null @@ -1,22 +0,0 @@ -- name: Install base packages - apt: - name: "{{ item }}" - state: present - with_items: - - htop - - psmisc - - bash-completion - - screen - - aptitude -- include_role: - name: linux-sudoers -- include_role: - name: linux-motd -- include_role: - name: linux-profile -- include_role: - name: linux-vim -- include_role: - name: linux-locale -- include_role: - name: linux-nrpe \ No newline at end of file diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml new file mode 100644 index 0000000..ed03574 --- /dev/null +++ b/roles/debian-base/tasks/main.yml @@ -0,0 +1,8 @@ +- import_tasks: install.yml +- import_tasks: sudoers.yml +- import_tasks: motd.yml +- import_tasks: profile.yml +- import_tasks: vim.yml +- import_tasks: locale.yml +- import_tasks: tzdata.yml +- import_tasks: nrpe.yml diff --git a/roles/linux-motd/tasks/main.yaml b/roles/debian-base/tasks/motd.yml similarity index 65% rename from roles/linux-motd/tasks/main.yaml rename to roles/debian-base/tasks/motd.yml index 7a7ec8f..a51f73b 100644 --- a/roles/linux-motd/tasks/main.yaml +++ b/roles/debian-base/tasks/motd.yml @@ -1,7 +1,7 @@ - name: Copy MOTD configuration file copy: - src: 90-vn - dest: "/etc/update-motd.d/" + src: motd + dest: /etc/update-motd.d/90-vn mode: '755' owner: root group: root diff --git a/roles/linux-nrpe/tasks/main.yaml b/roles/debian-base/tasks/nrpe.yml similarity index 72% rename from roles/linux-nrpe/tasks/main.yaml rename to roles/debian-base/tasks/nrpe.yml index 25b4c1d..b76f672 100644 --- a/roles/linux-nrpe/tasks/main.yaml +++ b/roles/debian-base/tasks/nrpe.yml @@ -1,19 +1,19 @@ -- name: Install packages +- name: Install NRPE packages apt: name: "{{ item }}" state: present loop: - nagios-nrpe-server - nagios-plugins-contrib -- name: Set generic configuration +- name: Set NRPE generic configuration copy: - src: 90-vn.cfg + src: nrpe.cfg dest: /etc/nagios/nrpe.d/90-vn.cfg owner: root group: root mode: '0644' notify: restart-nrpe -- name: Create local configuration file +- name: Create NRPE local configuration file file: path: /etc/nagios/nrpe.d/99-local.cfg state: touch diff --git a/roles/linux-profile/tasks/main.yaml b/roles/debian-base/tasks/profile.yml similarity index 64% rename from roles/linux-profile/tasks/main.yaml rename to roles/debian-base/tasks/profile.yml index d6ca52e..65a7b53 100644 --- a/roles/linux-profile/tasks/main.yaml +++ b/roles/debian-base/tasks/profile.yml @@ -1,7 +1,7 @@ - name: Copy profile configuration file copy: - src: vn.sh - dest: "/etc/profile.d/" + src: profile.sh + dest: "/etc/profile.d/vn.sh" mode: '644' owner: root group: root diff --git a/roles/linux-relayhost/tasks/main.yaml b/roles/debian-base/tasks/relayhost.yml similarity index 98% rename from roles/linux-relayhost/tasks/main.yaml rename to roles/debian-base/tasks/relayhost.yml index db2c7f2..1af0549 100644 --- a/roles/linux-relayhost/tasks/main.yaml +++ b/roles/debian-base/tasks/relayhost.yml @@ -1,4 +1,4 @@ -- name: Install packages +- name: Install exim packages apt: name: exim4 state: present diff --git a/roles/linux-root/tasks/main.yaml b/roles/debian-base/tasks/root.yaml similarity index 100% rename from roles/linux-root/tasks/main.yaml rename to roles/debian-base/tasks/root.yaml diff --git a/roles/linux-sudoers/tasks/main.yaml b/roles/debian-base/tasks/sudoers.yml similarity index 78% rename from roles/linux-sudoers/tasks/main.yaml rename to roles/debian-base/tasks/sudoers.yml index f512867..83bee94 100644 --- a/roles/linux-sudoers/tasks/main.yaml +++ b/roles/debian-base/tasks/sudoers.yml @@ -4,8 +4,8 @@ state: present - name: Copy sudoers configuration file copy: - src: vn - dest: "/etc/sudoers.d/" + src: sudoers + dest: "/etc/sudoers.d/vn" mode: u=rw,g=r owner: root group: root diff --git a/roles/linux-ntp/tasks/main.yaml b/roles/debian-base/tasks/tymesyncd.yml similarity index 100% rename from roles/linux-ntp/tasks/main.yaml rename to roles/debian-base/tasks/tymesyncd.yml diff --git a/roles/linux-tzdata/tasks/main.yaml b/roles/debian-base/tasks/tzdata.yml similarity index 55% rename from roles/linux-tzdata/tasks/main.yaml rename to roles/debian-base/tasks/tzdata.yml index 60872cf..f5e34a8 100644 --- a/roles/linux-tzdata/tasks/main.yaml +++ b/roles/debian-base/tasks/tzdata.yml @@ -1,2 +1,2 @@ - name: Configure the time zone - script: set_timezone.sh + script: set-timezone.sh diff --git a/roles/linux-vim/tasks/main.yaml b/roles/debian-base/tasks/vim.yml similarity index 100% rename from roles/linux-vim/tasks/main.yaml rename to roles/debian-base/tasks/vim.yml diff --git a/roles/debian-base/tasks/vn-repo.yml b/roles/debian-base/tasks/vn-repo.yml new file mode 100644 index 0000000..c0fdfff --- /dev/null +++ b/roles/debian-base/tasks/vn-repo.yml @@ -0,0 +1,12 @@ +- name: Download vn-host Debian package + get_url: + url: "{{ vn_host.url }}/{{ vn_host.package }}" + dest: "/tmp/{{ vn_host.package }}" + mode: '0644' +- name: Install package + apt: + deb: "/tmp/{{ vn_host.package }}" +- name: Delete package + file: + path: "/tmp/{{ vn_host.package }}" + state: absent diff --git a/roles/linux-bacula/files/bacula-fd.conf.jd2 b/roles/debian-base/templates/bacula-fd.conf.j2 similarity index 88% rename from roles/linux-bacula/files/bacula-fd.conf.jd2 rename to roles/debian-base/templates/bacula-fd.conf.j2 index 5f02660..e205166 100644 --- a/roles/linux-bacula/files/bacula-fd.conf.jd2 +++ b/roles/debian-base/templates/bacula-fd.conf.j2 @@ -1,10 +1,10 @@ Director { Name = bacula-dir - Password = "$FDPASSWD" + Password = "{{ FDPASSWD }}" } Director { Name = bacula-mon - Password = "$FDMPASSWD" + Password = "{{ FDMPASSWD }}" Monitor = yes } FileDaemon { diff --git a/roles/linux-fail2ban/templates/jail.local.j2 b/roles/debian-base/templates/jail.local.j2 similarity index 100% rename from roles/linux-fail2ban/templates/jail.local.j2 rename to roles/debian-base/templates/jail.local.j2 diff --git a/roles/linux-fail2ban/vars/main.yaml b/roles/debian-base/vars/main.yml similarity index 53% rename from roles/linux-fail2ban/vars/main.yaml rename to roles/debian-base/vars/main.yml index dc675b0..a0b2eab 100644 --- a/roles/linux-fail2ban/vars/main.yaml +++ b/roles/debian-base/vars/main.yml @@ -3,3 +3,6 @@ fail2ban: bantime: 600 maxretry: 4 ignore: 127.0.0.0/8 10.0.0.0/16 +vn_host: + url: http://apt.verdnatura.es/pool/main/v/vn-host + package: vn-host_2.0.2_all.deb diff --git a/roles/linux-auth/files/nslcd.conf b/roles/debian-guest/files/nslcd.conf similarity index 94% rename from roles/linux-auth/files/nslcd.conf rename to roles/debian-guest/files/nslcd.conf index 0a12872..858edce 100644 --- a/roles/linux-auth/files/nslcd.conf +++ b/roles/debian-guest/files/nslcd.conf @@ -8,7 +8,7 @@ idle_timelimit 60 base dc=verdnatura,dc=es binddn cn=nss,ou=admins,dc=verdnatura,dc=es -bindpw passwordblablabla +bindpw password pagesize 500 filter group (&(objectClass=posixGroup)(cn=sysadmin)) diff --git a/roles/linux-auth/tasks/main.yaml b/roles/debian-guest/tasks/auth.yml similarity index 93% rename from roles/linux-auth/tasks/main.yaml rename to roles/debian-guest/tasks/auth.yml index da30777..d576a73 100644 --- a/roles/linux-auth/tasks/main.yaml +++ b/roles/debian-guest/tasks/auth.yml @@ -19,7 +19,7 @@ state: present with_items: - regexp: "^bindpw" - line: "bindpw {{ bindpw_password }}" + line: "bindpw {{ nslcd_password }}" - name: Configure nsswitch to use NSLCD lineinfile: dest: /etc/nsswitch.conf diff --git a/roles/debian-guest/tasks/main.yaml b/roles/debian-guest/tasks/main.yaml deleted file mode 100644 index e1125c9..0000000 --- a/roles/debian-guest/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ -- include_role: - name: linux-auth - when: false diff --git a/roles/debian-guest/tasks/main.yml b/roles/debian-guest/tasks/main.yml new file mode 100644 index 0000000..3245538 --- /dev/null +++ b/roles/debian-guest/tasks/main.yml @@ -0,0 +1,2 @@ +- include_tasks: auth.yml + when: false diff --git a/roles/linux-autofs/files/auto.homes b/roles/debian-qemu/files/auto.homes similarity index 100% rename from roles/linux-autofs/files/auto.homes rename to roles/debian-qemu/files/auto.homes diff --git a/roles/linux-autofs/files/homes.autofs b/roles/debian-qemu/files/homes.autofs similarity index 100% rename from roles/linux-autofs/files/homes.autofs rename to roles/debian-qemu/files/homes.autofs diff --git a/roles/debian-qemu/tasks/agent.yml b/roles/debian-qemu/tasks/agent.yml new file mode 100644 index 0000000..db2b4ee --- /dev/null +++ b/roles/debian-qemu/tasks/agent.yml @@ -0,0 +1,4 @@ +- name: Install QEMU guest agent + apt: + name: qemu-guest-agent + state: present diff --git a/roles/linux-autofs/handlers/main.yaml b/roles/debian-qemu/tasks/autofs.yml similarity index 100% rename from roles/linux-autofs/handlers/main.yaml rename to roles/debian-qemu/tasks/autofs.yml diff --git a/roles/debian-qemu/tasks/main.yaml b/roles/debian-qemu/tasks/hotplug.yml similarity index 82% rename from roles/debian-qemu/tasks/main.yaml rename to roles/debian-qemu/tasks/hotplug.yml index cab7e7f..4dc9a34 100644 --- a/roles/debian-qemu/tasks/main.yaml +++ b/roles/debian-qemu/tasks/hotplug.yml @@ -1,7 +1,3 @@ -- name: Install QEMU guest agent - apt: - name: qemu-guest-agent - state: present - name: Configure udev hotplug rules copy: src: 80-hotplug-cpu-mem.rules diff --git a/roles/debian-qemu/tasks/main.yml b/roles/debian-qemu/tasks/main.yml new file mode 100644 index 0000000..3820ce9 --- /dev/null +++ b/roles/debian-qemu/tasks/main.yml @@ -0,0 +1,3 @@ +- import_tasks: agent.yml +- import_tasks: hotplug.yml +- import_tasks: autofs.yml diff --git a/roles/debian-qemu/vars/main.yml b/roles/debian-qemu/vars/main.yml new file mode 100644 index 0000000..05ae960 --- /dev/null +++ b/roles/debian-qemu/vars/main.yml @@ -0,0 +1 @@ +homes_path: /mnt/homes diff --git a/roles/linux-upgrade/tasks/main.yaml b/roles/debian-upgrade/tasks/main.yaml similarity index 100% rename from roles/linux-upgrade/tasks/main.yaml rename to roles/debian-upgrade/tasks/main.yaml diff --git a/roles/freeradius/tasks/main.yaml b/roles/freeradius/tasks/main.yaml deleted file mode 100644 index c3c8dc0..0000000 --- a/roles/freeradius/tasks/main.yaml +++ /dev/null @@ -1,156 +0,0 @@ -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Install and configure FREERADIUS TOTP -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# install packages if there are not present in the system -- name: install packagesfor freeradiusotp if is not in the system - apt: - name: "{{ item }}" - state: present - with_items: - - freeradius - - freeradius-ldap - - libpam-google-authenticator - - python3-qrcode - - zip - - mutt -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config symbolic files to enable modules -- name: create a symbolic link - ansible.builtin.file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: freerad - group: freerad - state: link - force: yes - loop: -# - { src: '"{{ freeradius_mods_enabled_folder }}"ldap', dest: '"{{ freeradius_mods_available_folder }}"ldap' } -# - { src: '"{{ freeradius_mods_enabled_folder }}"pam', dest: '"{{ freeradius_mods_available_folder }}"pam' } - - { src: '{{ freeradius_mods_available_folder }}ldap', dest: '{{ freeradius_mods_enabled_folder }}ldap' } - - { src: '{{ freeradius_mods_available_folder }}pam', dest: '{{ freeradius_mods_enabled_folder }}pam' } -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/freeradius/3.0/sites-enabled/default -- name: config default file - ansible.builtin.template: - src: default.j2 - dest: "{{ freeradius_default_config }}" - owner: freerad - group: freerad - mode: '0640' - backup: yes -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/freeradius/3.0/mods-available/ldap -#- name: config ldap file -# ansible.builtin.template: -# src: ldap.j2 -# dest: "{{ freeradius_mod_ldap }}" -# owner: freerad -# group: freerad -# mode: '0640' -# backup: yes -# paso1 - copy -- name: copy file ldap - copy: - src: ldap - dest: "{{ freeradius_mod_ldap }}" - owner: freerad - group: freerad - mode: '0640' - backup: yes -# paso2 - lineinfile password with vault -- name: add password with ansible vault to file ldap - lineinfile: - dest: "{{ freeradius_mod_ldap }}" - regexp: "{{item.regexp}}" - line: "{{item.line}}" - state: present - with_items: - - regexp: "^ password =" - line: " password = {{ bindradiusldap_password }}" -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/freeradius/3.0/dictionary -- name: config dictionary file - ansible.builtin.template: - src: dictionary.j2 - dest: "{{ freeradius_dictionary_config }}" - owner: freerad - group: freerad - mode: '0640' - backup: yes -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/freeradius/3.0/clients.conf -- name: config clients.conf file - ansible.builtin.template: - src: clients.j2 - dest: "{{ freeradius_clients_config }}" - owner: freerad - group: freerad - mode: '0640' - backup: yes -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/freeradius/3.0/policy.d/filter -- name: config filter file - ansible.builtin.template: - src: filter.j2 - dest: "{{ freeradius_filter_config }}" - owner: freerad - group: freerad - mode: '0640' - backup: yes -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/freeradius/3.0/radiusd.conf -- name: config radius.conf file - ansible.builtin.template: - src: radiusd.j2 - dest: "{{ freeradius_base_config }}" - owner: freerad - group: freerad - mode: '0640' - backup: yes - notify: restart freeradius -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/pam.d/radiusd -- name: config pam radiusd file - ansible.builtin.template: - src: radiusdpam.j2 - dest: "{{ freeradius_pam_config }}" - owner: root - group: root - mode: '0644' -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /lib/systemd/system/freeradius.service -- name: config freeradius systemd service file - ansible.builtin.template: - src: freeradiusservice.j2 - dest: "{{ freeradius_service_config }}" - owner: root - group: root - mode: '0644' -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# force systemd to reread configs -- name: Just force systemd to reread configs (2.4 and above) - ansible.builtin.systemd_service: - daemon_reload: true -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \ No newline at end of file diff --git a/roles/freeradius/tasks/main.yml b/roles/freeradius/tasks/main.yml new file mode 100644 index 0000000..78a9f2a --- /dev/null +++ b/roles/freeradius/tasks/main.yml @@ -0,0 +1,97 @@ +- name: Install packagesfor freeradiusotp + apt: + name: "{{ item }}" + state: present + with_items: + - freeradius + - freeradius-ldap + - libpam-google-authenticator + - python3-qrcode + - zip + - mutt +- name: Create a symbolic link + ansible.builtin.file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: freerad + group: freerad + state: link + force: yes + loop: + - { src: '{{ freeradius_mods_available_folder }}ldap', dest: '{{ freeradius_mods_enabled_folder }}ldap' } + - { src: '{{ freeradius_mods_available_folder }}pam', dest: '{{ freeradius_mods_enabled_folder }}pam' } +- name: config default file + ansible.builtin.template: + src: default.j2 + dest: "{{ freeradius_default_config }}" + owner: freerad + group: freerad + mode: '0640' + backup: yes +- name: Copy LDAP file + copy: + src: ldap + dest: "{{ freeradius_mod_ldap }}" + owner: freerad + group: freerad + mode: '0640' + backup: yes +- name: Add password to LDAP file + lineinfile: + dest: "{{ freeradius_mod_ldap }}" + regexp: "{{item.regexp}}" + line: "{{item.line}}" + state: present + with_items: + - regexp: "^ password =" + line: " password = {{ radius_ldap_password }}" +- name: Config dictionary file + ansible.builtin.template: + src: dictionary.j2 + dest: "{{ freeradius_dictionary_config }}" + owner: freerad + group: freerad + mode: '0640' + backup: yes +- name: Config clients.conf file + ansible.builtin.template: + src: clients.j2 + dest: "{{ freeradius_clients_config }}" + owner: freerad + group: freerad + mode: '0640' + backup: yes +- name: Config filter file + ansible.builtin.template: + src: filter.j2 + dest: "{{ freeradius_filter_config }}" + owner: freerad + group: freerad + mode: '0640' + backup: yes +- name: Config radius.conf file + ansible.builtin.template: + src: radiusd.j2 + dest: "{{ freeradius_base_config }}" + owner: freerad + group: freerad + mode: '0640' + backup: yes + notify: restart freeradius +- name: Config pam radiusd file + ansible.builtin.template: + src: radiusdpam.j2 + dest: "{{ freeradius_pam_config }}" + owner: root + group: root + mode: '0644' +- name: Config freeradius systemd service file + ansible.builtin.template: + src: freeradiusservice.j2 + dest: "{{ freeradius_service_config }}" + owner: root + group: root + mode: '0644' +- name: Just force systemd to reread configs (2.4 and above) + ansible.builtin.systemd_service: + daemon_reload: true diff --git a/roles/freeradius/templates/clients.j2 b/roles/freeradius/templates/clients.j2 index 0e865ae..fc6b9b3 100644 --- a/roles/freeradius/templates/clients.j2 +++ b/roles/freeradius/templates/clients.j2 @@ -1,4 +1,4 @@ client opnsense { ipaddr = 0.0.0.0/0 - secret = {{ bindradiusclient_password }} + secret = {{ radius_client_password }} } \ No newline at end of file diff --git a/roles/freeradius/vars/main.yaml b/roles/freeradius/vars/main.yaml index 53ea0da..5d83bfc 100644 --- a/roles/freeradius/vars/main.yaml +++ b/roles/freeradius/vars/main.yaml @@ -1,5 +1,3 @@ ---- -# vars file freeradius_base_folder: /etc/freeradius/3.0/ freeradius_mods_available_folder: "{{ freeradius_base_folder }}mods-available/" freeradius_mods_enabled_folder: "{{ freeradius_base_folder }}mods-enabled/" @@ -11,19 +9,5 @@ freeradius_clients_config: "{{ freeradius_base_folder }}clients.conf" freeradius_mod_ldap: "{{ freeradius_mods_available_folder }}ldap" freeradius_filter_config: "{{ freeradius_base_folder }}policy.d/filter" freeradius_daemon: freeradius -bindradiusldap_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31643037313539376337363739616361363339616235623433656131306539373030373731643934 - 3432656465343430366366646237326137656134346562360a306538303762313261616632643135 - 39316439653932396134646432633262326631363765643564306565636363356335653539656531 - 6234636463376364620a636133346337306437643939376531633564633737333133363065633031 - 61643731646163323636343837373761303930323961653663343135303731623133 -bindradiusclient_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62313333666335316231396365653635356639626563613738363137383434343437393833393934 - 6439646632303536393438306234323862363532393733630a356136393539363161346631623161 - 37636365653331333735353166646164613732303035613231353237343139623137396364643637 - 3261656465336435630a666466643734373830633933613266663631343730386530633839386239 - 62623434663130363637303035363434313566376661356362663238666166343534 freeradius_pam_config: /etc/pam.d/radiusd freeradius_service_config: /lib/systemd/system/freeradius.service diff --git a/roles/linux-auth/vars/main.yaml b/roles/linux-auth/vars/main.yaml deleted file mode 100644 index 1bc5a44..0000000 --- a/roles/linux-auth/vars/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ -bindpw_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30343461633538323832316231383362626636653864353535346461353937313131336135396162 - 3866623238353638323961363239373236393339333134380a313561363030306165393965396234 - 65316535626434333331633438613639633163643765633064363833303461363834653864646464 - 3133313233353730620a343536316266393637623563313563613332646630643632366439343764 - 30383935303161646339393361393130613266663337373364626635646430326465 diff --git a/roles/linux-autofs/tasks/main.yaml b/roles/linux-autofs/tasks/main.yaml deleted file mode 100644 index bfdb347..0000000 --- a/roles/linux-autofs/tasks/main.yaml +++ /dev/null @@ -1,38 +0,0 @@ -- name: Install packages for autofs - apt: - name: "{{ item }}" - state: present - with_items: - - nfs-common - - autofs - - libnfs-utils - - autofs-ldap -- name: Create homes directory - ansible.builtin.file: - path: "{{ path_mnt_homes }}" - state: directory - mode: '0755' -- name: Configure nsswitch - lineinfile: - path: /etc/nsswitch.conf - line: "automount: files" - notify: restart nslcd -- name: Add file homes.autofs configured to autofs - copy: - src: homes.autofs - dest: /etc/auto.master.d/homes.autofs - owner: root - group: root - mode: '0644' -- name: Add file /etc/auto.homes configured to the systemd - copy: - src: auto.homes - dest: /etc/auto.homes - owner: root - group: root - mode: '0644' - notify: restart autofs -- name: Service autofs service - service: - name: autofs - enabled: yes diff --git a/roles/linux-autofs/vars/main.yaml b/roles/linux-autofs/vars/main.yaml deleted file mode 100644 index 71f712c..0000000 --- a/roles/linux-autofs/vars/main.yaml +++ /dev/null @@ -1 +0,0 @@ -path_mnt_homes: /mnt/homes diff --git a/roles/linux-fail2ban/handlers/main.yaml b/roles/linux-fail2ban/handlers/main.yaml deleted file mode 100644 index d5fc7c4..0000000 --- a/roles/linux-fail2ban/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart-fail2ban - service: - name: fail2ban - state: restarted diff --git a/roles/linux-hostname/tasks/main.yaml b/roles/linux-hostname/tasks/main.yml similarity index 100% rename from roles/linux-hostname/tasks/main.yaml rename to roles/linux-hostname/tasks/main.yml diff --git a/roles/linux-nrpe/handlers/main.yaml b/roles/linux-nrpe/handlers/main.yaml deleted file mode 100644 index 0399734..0000000 --- a/roles/linux-nrpe/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart-nrpe - service: - name: nagios-nrpe-server - state: restarted diff --git a/roles/linux-ntp/handlers/main.yaml b/roles/linux-ntp/handlers/main.yaml deleted file mode 100644 index 530fefe..0000000 --- a/roles/linux-ntp/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart systemd-timesyncd - service: - name: systemd-timesyncd - state: restarted \ No newline at end of file diff --git a/roles/linux-relayhost/handlers/main.yaml b/roles/linux-relayhost/handlers/main.yaml deleted file mode 100644 index 21e507a..0000000 --- a/roles/linux-relayhost/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart-exim - service: - name: exim4 - state: restarted \ No newline at end of file diff --git a/roles/linux-root/handlers/main.yaml b/roles/linux-root/handlers/main.yaml deleted file mode 100644 index 4ca2b3a..0000000 --- a/roles/linux-root/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: Restart SSH service - service: - name: ssh - state: restarted \ No newline at end of file diff --git a/roles/linux-secure-grub/handlers/main.yaml b/roles/linux-secure-grub/handlers/main.yml similarity index 100% rename from roles/linux-secure-grub/handlers/main.yaml rename to roles/linux-secure-grub/handlers/main.yml diff --git a/roles/linux-secure-grub/tasks/main.yaml b/roles/linux-secure-grub/tasks/main.yml similarity index 100% rename from roles/linux-secure-grub/tasks/main.yaml rename to roles/linux-secure-grub/tasks/main.yml diff --git a/roles/linux-vn-repo/tasks/main.yaml b/roles/linux-vn-repo/tasks/main.yaml deleted file mode 100644 index d515adf..0000000 --- a/roles/linux-vn-repo/tasks/main.yaml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Download vn-host Debian package - get_url: - url: "{{ repo_url }}" - dest: "{{ package_path }}" - mode: '0644' -- name: Install package - apt: - deb: "{{ package_path }}" -- name: Delete package - file: - path: "{{ package_path }}" - state: absent diff --git a/roles/linux-vn-repo/vars/main.yaml b/roles/linux-vn-repo/vars/main.yaml deleted file mode 100644 index a66fb2a..0000000 --- a/roles/linux-vn-repo/vars/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ -repo_url: http://apt.verdnatura.es/pool/main/v/vn-host/vn-host_2.0.2_all.deb -package_path: /tmp/vn-host_2.0.2_all.deb diff --git a/roles/nsupdate/meta/main.yaml b/roles/nsupdate/meta/main.yml similarity index 100% rename from roles/nsupdate/meta/main.yaml rename to roles/nsupdate/meta/main.yml diff --git a/roles/nsupdate/tasks/main.yaml b/roles/nsupdate/tasks/main.yml similarity index 87% rename from roles/nsupdate/tasks/main.yaml rename to roles/nsupdate/tasks/main.yml index f4e541c..797156d 100644 --- a/roles/nsupdate/tasks/main.yaml +++ b/roles/nsupdate/tasks/main.yml @@ -1,7 +1,7 @@ - name: Add or modify DNS records A to some IP community.general.nsupdate: key_name: "rndc-key" - key_secret: "{{ bind9secretkey_password }}" + key_secret: "{{ rndc_key }}" key_algorithm: "hmac-md5" server: "ns1.verdnatura.es" zone: "{{ zone_record }}" diff --git a/roles/nsupdate/vars/main.yaml b/roles/nsupdate/vars/main.yaml deleted file mode 100644 index 1960e50..0000000 --- a/roles/nsupdate/vars/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ -bind9secretkey_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 36386562613235363931396632656535383336313537636431643338353438313231623839313031 - 3830616135393732353265666664353963393366343461630a633365396165653761353762383739 - 66303862376465626435633964313237643230653463353662343831646464633639383336323863 - 6139333234386565620a653438613165626131653834633931343766343162653932373161653362 - 38303139333536656263656163623333313234393666353766363565633732366165 diff --git a/roles/send-mail/tasks/main.yaml b/roles/send-mail/tasks/main.yml similarity index 87% rename from roles/send-mail/tasks/main.yaml rename to roles/send-mail/tasks/main.yml index 1b06a29..02b8597 100644 --- a/roles/send-mail/tasks/main.yaml +++ b/roles/send-mail/tasks/main.yml @@ -3,7 +3,7 @@ host: smtp.verdnatura.es port: 465 username: awx@verdnatura.es - password: "{{ bindsecretawx_password }}" + password: "{{ awx_smtp_password }}" to: sysadmin@verdnatura.es subject: Ansible-test body: System {{ ansible_hostname }} has been send successfully mail. diff --git a/roles/send-mail/vars/main.yaml b/roles/send-mail/vars/main.yaml deleted file mode 100644 index 3286258..0000000 --- a/roles/send-mail/vars/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ -bindsecretawx_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62393936623766653737356136353765336265636136616330306537393638646663326663346138 - 3631616362363163393036613564623864383365633634660a366563363836363061623566393361 - 37633364633631333130346332613235303762316435313535613664323830656363353237373561 - 3866653365636431630a303262666662376662623862663461633361333037643863353135343836 - 61383730366664353730616331666139376234313562383163613736353231666533 -- 2.40.1 From 46b9c9d6be40b264acedd04f1bfc26a014938f3d Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 09:38:32 +0200 Subject: [PATCH 046/138] refs #8025 awx role sudoers file renamed --- roles/awx/files/{awx => sudoers} | 0 roles/awx/tasks/main.yaml | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) rename roles/awx/files/{awx => sudoers} (100%) diff --git a/roles/awx/files/awx b/roles/awx/files/sudoers similarity index 100% rename from roles/awx/files/awx rename to roles/awx/files/sudoers diff --git a/roles/awx/tasks/main.yaml b/roles/awx/tasks/main.yaml index 9ccdbe0..de3aa70 100644 --- a/roles/awx/tasks/main.yaml +++ b/roles/awx/tasks/main.yaml @@ -16,8 +16,8 @@ state: present - name: Add user to sudoers copy: - src: awx - dest: /etc/sudoers.d/ + src: sudoers + dest: /etc/sudoers.d/awx mode: u=rw,g=r owner: root group: root -- 2.40.1 From fffa2796504d347e3497c48b752b7b96fb39e512 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 09:45:24 +0200 Subject: [PATCH 047/138] refs #8025 autofs task restored --- roles/debian-qemu/handlers/main.yml | 8 ++++++ roles/debian-qemu/tasks/autofs.yml | 42 ++++++++++++++++++++++++----- 2 files changed, 44 insertions(+), 6 deletions(-) create mode 100644 roles/debian-qemu/handlers/main.yml diff --git a/roles/debian-qemu/handlers/main.yml b/roles/debian-qemu/handlers/main.yml new file mode 100644 index 0000000..0079561 --- /dev/null +++ b/roles/debian-qemu/handlers/main.yml @@ -0,0 +1,8 @@ +- name: restart-nslcd + service: + name: nslcd + state: restarted +- name: restart-autofs + service: + name: autofs + state: restarted \ No newline at end of file diff --git a/roles/debian-qemu/tasks/autofs.yml b/roles/debian-qemu/tasks/autofs.yml index b368265..049e21d 100644 --- a/roles/debian-qemu/tasks/autofs.yml +++ b/roles/debian-qemu/tasks/autofs.yml @@ -1,8 +1,38 @@ -- name: Restart nslcd - service: - name: nslcd - state: restarted -- name: Restart autofs +- name: Install autofs packages + apt: + name: "{{ item }}" + state: present + with_items: + - nfs-common + - autofs + - libnfs-utils + - autofs-ldap +- name: Create homes directory + ansible.builtin.file: + path: "{{ homes_path }}" + state: directory + mode: '0755' +- name: Configure nsswitch for autofs + lineinfile: + path: /etc/nsswitch.conf + line: "automount: files" + notify: restart-nslcd +- name: Add file homes.autofs configured to autofs + copy: + src: homes.autofs + dest: /etc/auto.master.d/homes.autofs + owner: root + group: root + mode: '0644' +- name: Add file /etc/auto.homes configured to the systemd + copy: + src: auto.homes + dest: /etc/auto.homes + owner: root + group: root + mode: '0644' + notify: restart-autofs +- name: Service autofs service service: name: autofs - state: restarted \ No newline at end of file + enabled: yes \ No newline at end of file -- 2.40.1 From 29bfaf6b3385d8a1146ab67b6ba2a188173110fe Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 10:25:40 +0200 Subject: [PATCH 048/138] refs #8025 relayhost fixes, self vars moved to global --- group_vars/all.yml | 13 ++++++++++++- playbooks/{print-facts.yml => facts.yml} | 2 +- roles/debian-base/defaults/main.yaml | 6 +++--- roles/debian-base/tasks/main.yml | 7 ++++--- roles/debian-base/tasks/relayhost.yml | 19 ++++++++++++------- roles/debian-base/vars/main.yml | 4 ++-- roles/send-mail/tasks/main.yml | 2 +- 7 files changed, 35 insertions(+), 18 deletions(-) rename playbooks/{print-facts.yml => facts.yml} (81%) diff --git a/group_vars/all.yml b/group_vars/all.yml index 9625d61..09b751b 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,10 +1,21 @@ -awx_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHnD4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJsOoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2Vo05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGTSHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es +sysadmin_mail: sysadmin@verdnatura.es +smtp_server: smtp.verdnatura.es +dc_net: "10.0.0.0/16" resolv: domain: verdnatura.es search: verdnatura.es resolvers: - '10.0.0.4' - '10.0.0.5' +awx_pub_key: > + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHn + D4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJs + OoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2 + MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2V + o05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB + 9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGT + SHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= + awx@awx.verdnatura.es nslcd_password: !vault | $ANSIBLE_VAULT;1.1;AES256 30343461633538323832316231383362626636653864353535346461353937313131336135396162 diff --git a/playbooks/print-facts.yml b/playbooks/facts.yml similarity index 81% rename from playbooks/print-facts.yml rename to playbooks/facts.yml index 91e79a3..aeb0d4f 100644 --- a/playbooks/print-facts.yml +++ b/playbooks/facts.yml @@ -8,4 +8,4 @@ var: ansible_facts - name: Print variable value debug: - msg: "Variable: {{ ansible_virtualization_type }}" + msg: "Variable: {{ awx_pub_key }}" diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index ed9eef3..7f95631 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -1,11 +1,11 @@ exim_dc_eximconfig_configtype: satellite -dc_other_hostnames: "{{ ansible_nodename }}" +dc_other_hostnames: "{{ ansible_fqdn }}" dc_local_interfaces: 127.0.0.1 -dc_readhost: "{{ ansible_nodename }}" +dc_readhost: "{{ ansible_fqdn }}" dc_relay_domains: "" dc_minimaldns: false dc_relay_nets: "" -dc_smarthost: smtp.verdnatura.es +dc_smarthost: "{{ smtp_server }}" CFILEMODE: 644 dc_use_split_config: false dc_hide_mailname: true diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml index ed03574..88a86ad 100644 --- a/roles/debian-base/tasks/main.yml +++ b/roles/debian-base/tasks/main.yml @@ -1,8 +1,9 @@ - import_tasks: install.yml -- import_tasks: sudoers.yml +- import_tasks: locale.yml +- import_tasks: tzdata.yml - import_tasks: motd.yml - import_tasks: profile.yml - import_tasks: vim.yml -- import_tasks: locale.yml -- import_tasks: tzdata.yml +- import_tasks: sudoers.yml - import_tasks: nrpe.yml +- import_tasks: relayhost.yml diff --git a/roles/debian-base/tasks/relayhost.yml b/roles/debian-base/tasks/relayhost.yml index 1af0549..eab5dc9 100644 --- a/roles/debian-base/tasks/relayhost.yml +++ b/roles/debian-base/tasks/relayhost.yml @@ -2,7 +2,7 @@ apt: name: exim4 state: present -- name: Reconfigure relayhost +- name: Prepare exim configuration lineinfile: dest: /etc/exim4/update-exim4.conf.conf regexp: "{{ item.regexp }}" @@ -13,11 +13,11 @@ - regexp: '^dc_eximconfig_configtype' line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'" - regexp: '^dc_other_hostnames' - line: "dc_other_hostnames='{{ dc_other_hostnames }}'.verdnatura.es" + line: "dc_other_hostnames='{{ dc_other_hostnames }}'" - regexp: '^dc_local_interfaces' line: "dc_local_interfaces='{{ dc_local_interfaces }}'" - regexp: '^dc_readhost' - line: "dc_readhost='{{ dc_readhost }}'.verdnatura.es" + line: "dc_readhost='{{ dc_readhost }}'" - regexp: '^dc_relay_domains' line: "dc_relay_domains='{{ dc_relay_domains }}'" - regexp: '^dc_minimaldns' @@ -37,7 +37,12 @@ - regexp: '^dc_localdelivery' line: "dc_localdelivery='{{ dc_localdelivery }}'" notify: restart-exim - register: exim4_config -- name: Sending mail to verify exim4 config works - shell: echo "Verify send email from host {{ ansible_nodename }}.verdnatura.es with mailx , bye." | mailx -s "test mail verify exim4 for the host {{ ansible_nodename }}.verdnatura.es" -c rubenb@verdnatura.es,nada@verdnatura.es,juan@verdnatura.es,davidl@verdnatura.es sysadmin@verdnatura.es - when: exim4_config.changed + register: exim_config +- name: Update exim configuration + command: update-exim4.conf + when: exim_config.changed +- name: Sending mail to verify relay host configuration works + shell: > + echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \ + | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}" + when: exim_config.changed diff --git a/roles/debian-base/vars/main.yml b/roles/debian-base/vars/main.yml index a0b2eab..4fd5f1c 100644 --- a/roles/debian-base/vars/main.yml +++ b/roles/debian-base/vars/main.yml @@ -1,8 +1,8 @@ fail2ban: - email: sysamdmin@verdnatura.es + email: "{{ sysadmin_mail }}" bantime: 600 maxretry: 4 - ignore: 127.0.0.0/8 10.0.0.0/16 + ignore: "127.0.0.0/8 {{ dc_net }}" vn_host: url: http://apt.verdnatura.es/pool/main/v/vn-host package: vn-host_2.0.2_all.deb diff --git a/roles/send-mail/tasks/main.yml b/roles/send-mail/tasks/main.yml index 02b8597..f7dbc94 100644 --- a/roles/send-mail/tasks/main.yml +++ b/roles/send-mail/tasks/main.yml @@ -4,7 +4,7 @@ port: 465 username: awx@verdnatura.es password: "{{ awx_smtp_password }}" - to: sysadmin@verdnatura.es + to: "{{ sysadmin_mail }}" subject: Ansible-test body: System {{ ansible_hostname }} has been send successfully mail. delegate_to: localhost -- 2.40.1 From f033c92278bf303d3c4808c2d3f4a5d1cc79a724 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 10:37:09 +0200 Subject: [PATCH 049/138] refs #8025 Code reorganization --- group_vars/all.yml | 7 ++++++- roles/debian-base/tasks/root.yaml | 4 ++-- roles/debian-base/tasks/sudoers.yml | 2 +- roles/debian-base/tasks/vim.yml | 2 +- roles/debian-base/templates/jail.local.j2 | 2 +- roles/debian-upgrade/tasks/main.yaml | 11 ++++------- roles/linux-hostname/tasks/main.yml | 4 ++-- roles/linux-secure-grub/handlers/main.yml | 2 +- roles/linux-secure-grub/tasks/main.yml | 8 +++----- roles/linux-secure-grub/vars/main.yaml | 3 +-- 10 files changed, 22 insertions(+), 23 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 09b751b..796f56d 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -50,4 +50,9 @@ awx_smtp_password: !vault | 3631616362363163393036613564623864383365633634660a366563363836363061623566393361 37633364633631333130346332613235303762316435313535613664323830656363353237373561 3866653365636431630a303262666662376662623862663461633361333037643863353135343836 - 61383730366664353730616331666139376234313562383163613736353231666533 \ No newline at end of file + 61383730366664353730616331666139376234313562383163613736353231666533 +grub_code: > + grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE22 + 29139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA385 + 7B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE + 0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7 diff --git a/roles/debian-base/tasks/root.yaml b/roles/debian-base/tasks/root.yaml index ad4407d..6e42647 100644 --- a/roles/debian-base/tasks/root.yaml +++ b/roles/debian-base/tasks/root.yaml @@ -1,6 +1,6 @@ - name: Delete default user user: - name: "{{ name_user }}" + name: "{{ default_user }}" state: absent remove: yes - name: Change root password @@ -9,7 +9,7 @@ password: "{{ ssh_password | password_hash('sha512') }}" - name: Configure bashrc lineinfile: - dest: "/root/.bashrc" + dest: /root/.bashrc regexp: "{{item.regexp}}" line: "{{item.line}}" state: present diff --git a/roles/debian-base/tasks/sudoers.yml b/roles/debian-base/tasks/sudoers.yml index 83bee94..e31f0eb 100644 --- a/roles/debian-base/tasks/sudoers.yml +++ b/roles/debian-base/tasks/sudoers.yml @@ -5,7 +5,7 @@ - name: Copy sudoers configuration file copy: src: sudoers - dest: "/etc/sudoers.d/vn" + dest: /etc/sudoers.d/vn mode: u=rw,g=r owner: root group: root diff --git a/roles/debian-base/tasks/vim.yml b/roles/debian-base/tasks/vim.yml index aa5ed3c..3b4a32a 100644 --- a/roles/debian-base/tasks/vim.yml +++ b/roles/debian-base/tasks/vim.yml @@ -5,7 +5,7 @@ - name: Copy vim configuration file copy: src: vimrc.local - dest: "/etc/vim/" + dest: /etc/vim/ mode: '644' owner: root group: root \ No newline at end of file diff --git a/roles/debian-base/templates/jail.local.j2 b/roles/debian-base/templates/jail.local.j2 index 74a65ce..838b4ed 100644 --- a/roles/debian-base/templates/jail.local.j2 +++ b/roles/debian-base/templates/jail.local.j2 @@ -7,7 +7,7 @@ bantime = {{ fail2ban.bantime }} findtime = {{ fail2ban.bantime }} maxretry = {{ fail2ban.maxretry }} destemail = {{ fail2ban.email }} -sender = root@ +sender = root@{{ ansible_fqdn }} banaction = nftables-multiport action = %(action_)s diff --git a/roles/debian-upgrade/tasks/main.yaml b/roles/debian-upgrade/tasks/main.yaml index 0674f4b..1949907 100644 --- a/roles/debian-upgrade/tasks/main.yaml +++ b/roles/debian-upgrade/tasks/main.yaml @@ -1,20 +1,17 @@ -- name: Checking if it's necessary to update - meta: end_host - when: update_enabled is not defined or not update_enabled -- name: update index of all packages +- name: Update APT package index ansible.builtin.apt: update_cache: true force_apt_get: true -- name: update all packages to their latest version +- name: Update all packages to their latest version ansible.builtin.apt: name: "*" state: latest force_apt_get: true -- name: upgrade the OS (apt-get full-upgrade) +- name: Upgrade the OS (apt-get full-upgrade) ansible.builtin.apt: upgrade: full force_apt_get: true -- name: autoremove packages unused dependency packages +- name: Autoremove unused packages ansible.builtin.apt: autoremove: true force_apt_get: true diff --git a/roles/linux-hostname/tasks/main.yml b/roles/linux-hostname/tasks/main.yml index 773e7d6..e052922 100644 --- a/roles/linux-hostname/tasks/main.yml +++ b/roles/linux-hostname/tasks/main.yml @@ -7,7 +7,7 @@ - name: Replace /etc/hosts template: src: hosts.j2 - dest: "/etc/hosts" + dest: /etc/hosts owner: root group: root mode: '0644' @@ -15,7 +15,7 @@ - name: Replace /etc/resolv.conf template: src: resolv.j2 - dest: "/etc/resolv.conf" + dest: /etc/resolv.conf owner: root group: root mode: '0644' diff --git a/roles/linux-secure-grub/handlers/main.yml b/roles/linux-secure-grub/handlers/main.yml index 9f3d6e6..5b3125c 100644 --- a/roles/linux-secure-grub/handlers/main.yml +++ b/roles/linux-secure-grub/handlers/main.yml @@ -1,2 +1,2 @@ - name: grub-register - command: update-grub \ No newline at end of file + command: update-grub diff --git a/roles/linux-secure-grub/tasks/main.yml b/roles/linux-secure-grub/tasks/main.yml index d2876e3..dd4acb3 100644 --- a/roles/linux-secure-grub/tasks/main.yml +++ b/roles/linux-secure-grub/tasks/main.yml @@ -1,9 +1,7 @@ -- name: GRUB password boot protection +- name: GRUB boot password protection blockinfile: path: /etc/grub.d/40_custom block: | - set superusers="{{ user_grub }}" - password_pbkdf2 {{ user_grub }} {{ code_grub }} + set superusers="{{ grub_user }}" + password_pbkdf2 {{ grub_user }} {{ grub_code }} notify: grub-register - when: secure_grub_enabled - diff --git a/roles/linux-secure-grub/vars/main.yaml b/roles/linux-secure-grub/vars/main.yaml index d61c32d..875fc0c 100644 --- a/roles/linux-secure-grub/vars/main.yaml +++ b/roles/linux-secure-grub/vars/main.yaml @@ -1,2 +1 @@ -user_grub: admin -code_grub: grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE2229139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA3857B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7 +grub_user: admin -- 2.40.1 From 876dc606068a9077ea5ae5d4058de7a693941560 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 10:38:19 +0200 Subject: [PATCH 050/138] refs #8025 Duplicated hosts removed --- hosts | 3 --- 1 file changed, 3 deletions(-) diff --git a/hosts b/hosts index f22db36..c150cfa 100644 --- a/hosts +++ b/hosts @@ -86,9 +86,6 @@ test-db-proxy1 ansible_host=test-db-proxy1.servers.dc.verdnatura.es test-db-proxy2 ansible_host=test-db-proxy2.servers.dc.verdnatura.es monthly-db ansible_host=monthly-db.servers.dc.verdnatura.es dev-db ansible_host=dev-db.servers.dc.verdnatura.es -tftp ansible_host=tftp.backup.dc.verdnatura.es -core-agent ansible_host=core-agent.core.dc.verdnatura.es -core-proxy ansible_host=core-proxy.core.dc.verdnatura.es spamd-db ansible_host=spamd-db.servers.dc.verdnatura.es spamd ansible_host=spamd.servers.dc.verdnatura.es dovecot ansible_host=dovecot.servers.dc.verdnatura.es -- 2.40.1 From e43c32fdf0bc8c17531d3e45f6cd491f1a38fa44 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 12:20:42 +0200 Subject: [PATCH 051/138] refs #8025 README added, intentories dir, lab inventory added --- README.md | 36 ++++++++++++++++ ansible.cfg | 2 +- .../group_vars}/all.yml | 0 inventories/laboratory | 42 +++++++++++++++++++ hosts => inventories/production | 0 playbooks/facts.yml | 4 +- playbooks/test.yml | 2 +- 7 files changed, 81 insertions(+), 5 deletions(-) create mode 100644 README.md rename {group_vars => inventories/group_vars}/all.yml (100%) create mode 100644 inventories/laboratory rename hosts => inventories/production (100%) diff --git a/README.md b/README.md new file mode 100644 index 0000000..87fe507 --- /dev/null +++ b/README.md @@ -0,0 +1,36 @@ +# Verdnatura Ansible playbooks + +Collection of Ansible playbooks used in the Verdnatura server farm. + +## Install Ansible + +Instal Ansible on Debian. +``` +apt install ansible +``` + +## Run playbook + +Before merging changes into protected branches, playbooks should be tested +locally to ensure they work properly. + +To runan Ansible playbook locally on a temporary host without registering it in +the inventory (on the fly) run the following command. +``` +ansible-playbook playbooks/test.yml -u root -i , +``` + +*Note the comma at the end of the hostname or IP.* + +## Basic playbooks + +* **facts.yml**: Collect and display facts from a host. +* **ping.yml**: Checking that a host is alive and reachable by Ansible. +* **test.yml**: Test an specific role. Don't forget to undo changes before pushing! +* **debian.yml**: Setup base Debian server + +## Documentation + +* https://docs.ansible.com/ansible/latest/reference_appendices/config.html +* https://docs.ansible.com/ansible/latest/collections/ansible/builtin/gather_facts_module.html +* https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html diff --git a/ansible.cfg b/ansible.cfg index e5b1de3..c46bb72 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,6 +1,6 @@ [defaults] roles_path = ./roles -inventory = ./hosts +inventory = ./inventories/production gathering = smart interpreter_python = auto_silent remote_user = awx-user diff --git a/group_vars/all.yml b/inventories/group_vars/all.yml similarity index 100% rename from group_vars/all.yml rename to inventories/group_vars/all.yml diff --git a/inventories/laboratory b/inventories/laboratory new file mode 100644 index 0000000..08668e3 --- /dev/null +++ b/inventories/laboratory @@ -0,0 +1,42 @@ +[laboratory] +corelab-proxy1 ansible_host=corelab-proxy1.lab.verdnatura.es +docker-itlab ansible_host=docker-itlab.lab.verdnatura.es +zammad ansible_host=zammad.lab.verdnatura.es +matrix ansible_host=matrix.lab.verdnatura.es +ansible-test ansible_host=ansible-test.lab.verdnatura.es + +[network] +opnsense1-test ansible_host=opnsense1-test.lab.verdnatura.es +opnsense2-test ansible_host=opnsense2-test.lab.verdnatura.es + +[cephlab] +cephlab01 ansible_host=cephlab01.lab.verdnatura.es +cephlab02 ansible_host=cephlab02.lab.verdnatura.es +cephlab03 ansible_host=cephlab03.lab.verdnatura.es + +[cephtest] +cephtest01 ansible_host=cephtest01.lab.verdnatura.es +cephtest02 ansible_host=cephtest02.lab.verdnatura.es +cephtest03 ansible_host=cephtest03.lab.verdnatura.es + +[kubepre] +kubepre-helm ansible_host=kubepre-helm.lab.verdnatura.es +kubepre-proxy1 ansible_host=kubepre-proxy1.lab.verdnatura.es +kubepre-proxy2 ansible_host=kubepre-proxy2.lab.verdnatura.es +kubepre-master1 ansible_host=kubepre-master1.lab.verdnatura.es +kubepre-master2 ansible_host=kubepre-master2.lab.verdnatura.es +kubepre-master3 ansible_host=kubepre-master3.lab.verdnatura.es +kubepre-worker1 ansible_host=kubepre-worker1.lab.verdnatura.es +kubepre-worker2 ansible_host=kubepre-worker2.lab.verdnatura.es +kubepre-worker3 ansible_host=kubepre-worker3.lab.verdnatura.es +kubepre-worker4 ansible_host=kubepre-worker4.lab.verdnatura.es + +[kubetest] +kubetest-helm ansible_host=kubetest-helm.lab.verdnatura.es +kubetest-master01 ansible_host=kubetest-master01.lab.verdnatura.es +kubetest-master02 ansible_host=kubetest-master02.lab.verdnatura.es +kubetest-master03 ansible_host=kubetest-master03.lab.verdnatura.es +kubetest-worker01 ansible_host=kubetest-worker01.lab.verdnatura.es +kubetest-worker02 ansible_host=kubetest-worker02.lab.verdnatura.es +kubetest-worker03 ansible_host=kubetest-worker03.lab.verdnatura.es +kubetest-worker04 ansible_host=kubetest-worker04.lab.verdnatura.es diff --git a/hosts b/inventories/production similarity index 100% rename from hosts rename to inventories/production diff --git a/playbooks/facts.yml b/playbooks/facts.yml index aeb0d4f..04ad610 100644 --- a/playbooks/facts.yml +++ b/playbooks/facts.yml @@ -1,5 +1,3 @@ -# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html - - hosts: all gather_facts: yes tasks: @@ -8,4 +6,4 @@ var: ansible_facts - name: Print variable value debug: - msg: "Variable: {{ awx_pub_key }}" + msg: "Variable: {{ ansible_fqdn }}" diff --git a/playbooks/test.yml b/playbooks/test.yml index 8032bff..65fd033 100644 --- a/playbooks/test.yml +++ b/playbooks/test.yml @@ -2,4 +2,4 @@ tasks: - name: Test role import_role: - name: linux-base + name: debian-base -- 2.40.1 From 4f20789f61dbb65d11383e89f9c3c81894023db4 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 12:21:50 +0200 Subject: [PATCH 052/138] refs #8025 Collections README line break fixes --- collections/README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/collections/README.md b/collections/README.md index d3ea311..9566a14 100644 --- a/collections/README.md +++ b/collections/README.md @@ -1,4 +1,4 @@ -# Collections +## Collections The purpose of collections is get more modules and plugins to use in ansible. @@ -11,7 +11,8 @@ In *awx-operator* container, execute: ansible-galaxy collection install -r requirements.yml ``` -Where `requirements.yml` we need to specify the list of collections that we want to install: +Where `requirements.yml` we need to specify the list of collections that we +want to install: ``` collections: - name: community.general @@ -23,7 +24,8 @@ collections: # List collections -To list installed collections, run `ansible-galaxy collection list` (inside awx operator container) +To list installed collections, run `ansible-galaxy collection list` (inside awx +operator container) * https://docs.ansible.com/ansible/latest/collections_guide/collections_listing.html -- 2.40.1 From c8b0d9fb1cfe7253eed2e629462d7f07b248f4aa Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 12:27:24 +0200 Subject: [PATCH 053/138] refs #8025 send-mail made generic --- inventories/group_vars/all.yml | 1 + playbooks/debian-upgrade.yml | 6 ++-- playbooks/freeradius.yml | 6 ++-- playbooks/nsupdate.yml | 6 ++-- playbooks/ping.yml | 2 +- playbooks/send-mail.yml | 7 ++--- playbooks/test.yml | 6 ++-- playbooks/windows-ping.yml | 4 +-- playbooks/windows-update.yml | 50 +++++++++++++++++----------------- roles/send-mail/tasks/main.yml | 10 +++---- 10 files changed, 49 insertions(+), 49 deletions(-) diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index 796f56d..9578df8 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -7,6 +7,7 @@ resolv: resolvers: - '10.0.0.4' - '10.0.0.5' +awx_email: awx@verdnatura.es awx_pub_key: > ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHn D4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJs diff --git a/playbooks/debian-upgrade.yml b/playbooks/debian-upgrade.yml index 8215cb2..76ef424 100644 --- a/playbooks/debian-upgrade.yml +++ b/playbooks/debian-upgrade.yml @@ -1,5 +1,5 @@ - hosts: all tasks: - - name: Upgrade system - import_role: - name: debian-upgrade + - name: Upgrade system + import_role: + name: debian-upgrade diff --git a/playbooks/freeradius.yml b/playbooks/freeradius.yml index 2783ef1..086923b 100644 --- a/playbooks/freeradius.yml +++ b/playbooks/freeradius.yml @@ -1,5 +1,5 @@ - hosts: all tasks: - - name: Install and configure Freeradius with TOTP - import_role: - name: freeradius \ No newline at end of file + - name: Install and configure Freeradius with TOTP + import_role: + name: freeradius \ No newline at end of file diff --git a/playbooks/nsupdate.yml b/playbooks/nsupdate.yml index 454bb43..0b575f7 100644 --- a/playbooks/nsupdate.yml +++ b/playbooks/nsupdate.yml @@ -1,5 +1,5 @@ - hosts: ns1 tasks: - - name: Configure zone with nsupdate - import_role: - name: nsupdate \ No newline at end of file + - name: Configure zone with nsupdate + import_role: + name: nsupdate \ No newline at end of file diff --git a/playbooks/ping.yml b/playbooks/ping.yml index 55c6a68..8661c51 100644 --- a/playbooks/ping.yml +++ b/playbooks/ping.yml @@ -1,3 +1,3 @@ - hosts: all tasks: - - ping: \ No newline at end of file + - ping: \ No newline at end of file diff --git a/playbooks/send-mail.yml b/playbooks/send-mail.yml index 64aad1e..201fece 100644 --- a/playbooks/send-mail.yml +++ b/playbooks/send-mail.yml @@ -1,7 +1,6 @@ - hosts: localhost become: no - become_method: sudo tasks: - - name: Send mail - import_role: - name: config-send-mail + - name: Send mail + import_role: + name: send-mail diff --git a/playbooks/test.yml b/playbooks/test.yml index 65fd033..a056033 100644 --- a/playbooks/test.yml +++ b/playbooks/test.yml @@ -1,5 +1,5 @@ - hosts: all tasks: - - name: Test role - import_role: - name: debian-base + - name: Test role + import_role: + name: debian-base diff --git a/playbooks/windows-ping.yml b/playbooks/windows-ping.yml index 4fef2f5..0dd8dea 100644 --- a/playbooks/windows-ping.yml +++ b/playbooks/windows-ping.yml @@ -1,5 +1,5 @@ - name: Ping Windows hosts hosts: all tasks: - - name: Ping Windows hosts - ansible.windows.win_ping: \ No newline at end of file + - name: Ping Windows hosts + ansible.windows.win_ping: \ No newline at end of file diff --git a/playbooks/windows-update.yml b/playbooks/windows-update.yml index b3181a1..4a6cc78 100644 --- a/playbooks/windows-update.yml +++ b/playbooks/windows-update.yml @@ -1,28 +1,28 @@ - hosts: all serial: 1 tasks: - - block: - - name: Check if there are missing updates - win_updates: state=searched - register: update_count - - block: - - name: Install missing updates only if at least one is missing - win_updates: - category_names: '*' - #- Application - #- Connectors - #- DefinitionUpdates - #- DeveloperKits - #- FeaturePacks - #- Guidance - #- ServicePacks - #- Tools - #- UpdateRollups - #- CriticalUpdates - #- SecurityUpdates - log_path: C:\Win_Template_Patch.log - register: update_result - - name: Reboot, if needed. - win_reboot: - when: update_result.reboot_required - when: update_count.found_update_count|int >= 1 \ No newline at end of file + - block: + - name: Check if there are missing updates + win_updates: state=searched + register: update_count + - block: + - name: Install missing updates only if at least one is missing + win_updates: + category_names: '*' + #- Application + #- Connectors + #- DefinitionUpdates + #- DeveloperKits + #- FeaturePacks + #- Guidance + #- ServicePacks + #- Tools + #- UpdateRollups + #- CriticalUpdates + #- SecurityUpdates + log_path: C:\Win_Template_Patch.log + register: update_result + - name: Reboot, if needed. + win_reboot: + when: update_result.reboot_required + when: update_count.found_update_count|int >= 1 \ No newline at end of file diff --git a/roles/send-mail/tasks/main.yml b/roles/send-mail/tasks/main.yml index f7dbc94..071e12f 100644 --- a/roles/send-mail/tasks/main.yml +++ b/roles/send-mail/tasks/main.yml @@ -1,10 +1,10 @@ -- name: Send mail using Verdnatura SMTP servers +- name: Send mail using own SMTP server community.general.mail: - host: smtp.verdnatura.es + host: "{{ smtp_server }}" port: 465 - username: awx@verdnatura.es + username: "{{ awx_email }}" password: "{{ awx_smtp_password }}" to: "{{ sysadmin_mail }}" - subject: Ansible-test - body: System {{ ansible_hostname }} has been send successfully mail. + subject: Ansible test + body: System {{ ansible_fqdn }} has sent the email successfully. delegate_to: localhost -- 2.40.1 From f8a765e47ca54f2cdaf047c9280d4b7980f24e13 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 12:28:10 +0200 Subject: [PATCH 054/138] refs #8025 README fix --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 87fe507..0439c18 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ apt install ansible Before merging changes into protected branches, playbooks should be tested locally to ensure they work properly. -To runan Ansible playbook locally on a temporary host without registering it in -the inventory (on the fly) run the following command. +To run an Ansible playbook locally on a temporary host without registering it +in the inventory (on the fly) run the following command. ``` ansible-playbook playbooks/test.yml -u root -i , ``` -- 2.40.1 From 74c03400eb7297ed979a9af490a860c0f0fb573c Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 12:28:52 +0200 Subject: [PATCH 055/138] refs #8025 README fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0439c18..946fe7a 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ ansible-playbook playbooks/test.yml -u root -i , *Note the comma at the end of the hostname or IP.* -## Basic playbooks +## Common playbooks * **facts.yml**: Collect and display facts from a host. * **ping.yml**: Checking that a host is alive and reachable by Ansible. -- 2.40.1 From 06986ae2bdcb3a347d66b2a05a3fc8d7a07bfb07 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 13:01:01 +0200 Subject: [PATCH 056/138] refs #8025 windows playbooks abreviated to win --- playbooks/{windows-ping.yml => win-ping.yml} | 0 playbooks/{windows-update.yml => win-update.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename playbooks/{windows-ping.yml => win-ping.yml} (100%) rename playbooks/{windows-update.yml => win-update.yml} (100%) diff --git a/playbooks/windows-ping.yml b/playbooks/win-ping.yml similarity index 100% rename from playbooks/windows-ping.yml rename to playbooks/win-ping.yml diff --git a/playbooks/windows-update.yml b/playbooks/win-update.yml similarity index 100% rename from playbooks/windows-update.yml rename to playbooks/win-update.yml -- 2.40.1 From 4845d08548892c82937bfa2e3b3351fd300cb1a9 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 13:04:59 +0200 Subject: [PATCH 057/138] refs #8025 remove path quotes --- roles/debian-base/tasks/locale.yml | 2 +- roles/debian-base/tasks/profile.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/debian-base/tasks/locale.yml b/roles/debian-base/tasks/locale.yml index 593a7cc..33efdf0 100644 --- a/roles/debian-base/tasks/locale.yml +++ b/roles/debian-base/tasks/locale.yml @@ -1,6 +1,6 @@ - name: Enable locale languages lineinfile: - dest: "/etc/locale.gen" + dest: /etc/locale.gen regexp: "{{item.regexp}}" line: "{{item.line}}" state: present diff --git a/roles/debian-base/tasks/profile.yml b/roles/debian-base/tasks/profile.yml index 65a7b53..7b02471 100644 --- a/roles/debian-base/tasks/profile.yml +++ b/roles/debian-base/tasks/profile.yml @@ -1,7 +1,7 @@ - name: Copy profile configuration file copy: src: profile.sh - dest: "/etc/profile.d/vn.sh" + dest: /etc/profile.d/vn.sh mode: '644' owner: root group: root -- 2.40.1 From e3344b7ef2651f576c07bead85730958ef6e7d8e Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 13:10:26 +0200 Subject: [PATCH 058/138] refs #8025 README run playbook clarified --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 946fe7a..56c9c28 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,7 @@ apt install ansible Before merging changes into protected branches, playbooks should be tested locally to ensure they work properly. -To run an Ansible playbook locally on a temporary host without registering it -in the inventory (on the fly) run the following command. +Launch playbook on the fly on a host not declared in the inventory. ``` ansible-playbook playbooks/test.yml -u root -i , ``` -- 2.40.1 From 0307c105b29cb64eafcc45dfcd2344ee0c5d4df3 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 24 Sep 2024 14:26:55 +0200 Subject: [PATCH 059/138] refs #8025 vault keys fixes --- inventories/group_vars/all.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index 9578df8..eb4e821 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -17,35 +17,35 @@ awx_pub_key: > 9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGT SHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es -nslcd_password: !vault | +nslcd_password: !vault > $ANSIBLE_VAULT;1.1;AES256 30343461633538323832316231383362626636653864353535346461353937313131336135396162 3866623238353638323961363239373236393339333134380a313561363030306165393965396234 65316535626434333331633438613639633163643765633064363833303461363834653864646464 3133313233353730620a343536316266393637623563313563613332646630643632366439343764 30383935303161646339393361393130613266663337373364626635646430326465 -rndc_key: !vault | +rndc_key: !vault > $ANSIBLE_VAULT;1.1;AES256 36386562613235363931396632656535383336313537636431643338353438313231623839313031 3830616135393732353265666664353963393366343461630a633365396165653761353762383739 66303862376465626435633964313237643230653463353662343831646464633639383336323863 6139333234386565620a653438613165626131653834633931343766343162653932373161653362 38303139333536656263656163623333313234393666353766363565633732366165 -radius_ldap_password: !vault | +radius_ldap_password: !vault > $ANSIBLE_VAULT;1.1;AES256 31643037313539376337363739616361363339616235623433656131306539373030373731643934 3432656465343430366366646237326137656134346562360a306538303762313261616632643135 39316439653932396134646432633262326631363765643564306565636363356335653539656531 6234636463376364620a636133346337306437643939376531633564633737333133363065633031 61643731646163323636343837373761303930323961653663343135303731623133 -radius_client_password: !vault | +radius_client_password: !vault > $ANSIBLE_VAULT;1.1;AES256 62313333666335316231396365653635356639626563613738363137383434343437393833393934 6439646632303536393438306234323862363532393733630a356136393539363161346631623161 37636365653331333735353166646164613732303035613231353237343139623137396364643637 3261656465336435630a666466643734373830633933613266663631343730386530633839386239 62623434663130363637303035363434313566376661356362663238666166343534 -awx_smtp_password: !vault | +awx_smtp_password: !vault > $ANSIBLE_VAULT;1.1;AES256 62393936623766653737356136353765336265636136616330306537393638646663326663346138 3631616362363163393036613564623864383365633634660a366563363836363061623566393361 -- 2.40.1 From fc7a5e6d7decc3b10862d09a45b216c650cacfa4 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 25 Sep 2024 23:21:02 +0200 Subject: [PATCH 060/138] refs #8025 Create awx user --- ansible.cfg | 2 +- inventories/group_vars/all.yml | 11 +++-------- playbooks/debian.yml | 3 --- roles/awx/files/sudoers | 2 +- roles/awx/tasks/main.yaml | 4 ++-- 5 files changed, 7 insertions(+), 15 deletions(-) diff --git a/ansible.cfg b/ansible.cfg index c46bb72..02b7ba8 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -3,7 +3,7 @@ roles_path = ./roles inventory = ./inventories/production gathering = smart interpreter_python = auto_silent -remote_user = awx-user +remote_user = awx host_key_checking = False [privilege_escalation] diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index eb4e821..d307c50 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -9,14 +9,9 @@ resolvers: - '10.0.0.5' awx_email: awx@verdnatura.es awx_pub_key: > - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHn - D4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJs - OoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2 - MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2V - o05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB - 9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGT - SHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= - awx@awx.verdnatura.es + ssh-ed25519 + AAAAC3NzaC1lZDI1NTE5AAAAIKzAwWm+IsqZCgMzjdZ7Do3xWtVtoUCpWJpH7KSi2a/H + awx@verdnatura.es nslcd_password: !vault > $ANSIBLE_VAULT;1.1;AES256 30343461633538323832316231383362626636653864353535346461353937313131336135396162 diff --git a/playbooks/debian.yml b/playbooks/debian.yml index f131f8c..0119d08 100644 --- a/playbooks/debian.yml +++ b/playbooks/debian.yml @@ -1,8 +1,5 @@ - hosts: all tasks: - - name: Configure AWX user - import_role: - name: awx - name: Configure base system import_role: name: debian-base diff --git a/roles/awx/files/sudoers b/roles/awx/files/sudoers index 7070021..a517895 100644 --- a/roles/awx/files/sudoers +++ b/roles/awx/files/sudoers @@ -1 +1 @@ -awx-user ALL=(ALL) NOPASSWD:ALL +awx ALL=(ALL) NOPASSWD:ALL diff --git a/roles/awx/tasks/main.yaml b/roles/awx/tasks/main.yaml index de3aa70..7cc7552 100644 --- a/roles/awx/tasks/main.yaml +++ b/roles/awx/tasks/main.yaml @@ -1,6 +1,6 @@ - name: Create AWX user user: - name: awx-user + name: awx password: '*' shell: /bin/bash groups: sudo @@ -8,7 +8,7 @@ comment: ssh user - name: Adding SSH public key authorized_key: - user: awx-user + user: awx key: "{{ awx_pub_key }}" - name: Install sudo package apt: -- 2.40.1 From dff36cc46f63c543c7adff602b1388afcc6406ea Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 25 Sep 2024 23:27:55 +0200 Subject: [PATCH 061/138] refs #8025 awx playbook, sudoers permission fix --- playbooks/awx.yml | 6 ++++++ roles/debian-base/tasks/sudoers.yml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 playbooks/awx.yml diff --git a/playbooks/awx.yml b/playbooks/awx.yml new file mode 100644 index 0000000..a4c9198 --- /dev/null +++ b/playbooks/awx.yml @@ -0,0 +1,6 @@ +- hosts: all + gather_facts: no + tasks: + - name: Configure AWX user + import_role: + name: awx diff --git a/roles/debian-base/tasks/sudoers.yml b/roles/debian-base/tasks/sudoers.yml index e31f0eb..3c7f69e 100644 --- a/roles/debian-base/tasks/sudoers.yml +++ b/roles/debian-base/tasks/sudoers.yml @@ -6,6 +6,6 @@ copy: src: sudoers dest: /etc/sudoers.d/vn - mode: u=rw,g=r + mode: u=rw,g=r,o= owner: root group: root -- 2.40.1 From 77da5cd5253f7b5004709582dfe0d43ebab87996 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 25 Sep 2024 23:31:56 +0200 Subject: [PATCH 062/138] refs #8025 awx playbook doc --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 56c9c28..e51dbeb 100644 --- a/README.md +++ b/README.md @@ -23,8 +23,9 @@ ansible-playbook playbooks/test.yml -u root -i , ## Common playbooks -* **facts.yml**: Collect and display facts from a host. -* **ping.yml**: Checking that a host is alive and reachable by Ansible. +* **facts.yml**: Collect and display facts from a host +* **ping.yml**: Check that a host is alive and reachable by Ansible +* **awx.yml**: Create and configure AWX user * **test.yml**: Test an specific role. Don't forget to undo changes before pushing! * **debian.yml**: Setup base Debian server -- 2.40.1 From ae8ff99fc9415378da6bd746781d4c2209f374f4 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 26 Sep 2024 10:55:54 +0200 Subject: [PATCH 063/138] refs #8025 lab inventory: added pvelab infra and guest --- inventories/laboratory | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/inventories/laboratory b/inventories/laboratory index 08668e3..460d577 100644 --- a/inventories/laboratory +++ b/inventories/laboratory @@ -1,19 +1,17 @@ -[laboratory] -corelab-proxy1 ansible_host=corelab-proxy1.lab.verdnatura.es -docker-itlab ansible_host=docker-itlab.lab.verdnatura.es -zammad ansible_host=zammad.lab.verdnatura.es -matrix ansible_host=matrix.lab.verdnatura.es -ansible-test ansible_host=ansible-test.lab.verdnatura.es - -[network] -opnsense1-test ansible_host=opnsense1-test.lab.verdnatura.es -opnsense2-test ansible_host=opnsense2-test.lab.verdnatura.es - [cephlab] cephlab01 ansible_host=cephlab01.lab.verdnatura.es cephlab02 ansible_host=cephlab02.lab.verdnatura.es cephlab03 ansible_host=cephlab03.lab.verdnatura.es +[pvelab] +pvelab01 ansible_host=pvelab01.lab.verdnatura.es +pvelab02 ansible_host=pvelab02.lab.verdnatura.es +pvelab03 ansible_host=pvelab03.lab.verdnatura.es + +[infra:children] +cephlab +pvelab + [cephtest] cephtest01 ansible_host=cephtest01.lab.verdnatura.es cephtest02 ansible_host=cephtest02.lab.verdnatura.es @@ -40,3 +38,21 @@ kubetest-worker01 ansible_host=kubetest-worker01.lab.verdnatura.es kubetest-worker02 ansible_host=kubetest-worker02.lab.verdnatura.es kubetest-worker03 ansible_host=kubetest-worker03.lab.verdnatura.es kubetest-worker04 ansible_host=kubetest-worker04.lab.verdnatura.es + +[laboratory] +corelab-proxy1 ansible_host=corelab-proxy1.lab.verdnatura.es +docker-itlab ansible_host=docker-itlab.lab.verdnatura.es +zammad ansible_host=zammad.lab.verdnatura.es +matrix ansible_host=matrix.lab.verdnatura.es +ansible-test ansible_host=ansible-test.lab.verdnatura.es + +[network] +opnsense1-test ansible_host=opnsense1-test.lab.verdnatura.es +opnsense2-test ansible_host=opnsense2-test.lab.verdnatura.es + +[guest:children] +cephtest +kubepre +kubetest +laboratory +network -- 2.40.1 From 77616531ab4a4d847c6e6ac641d0a96262e08ed1 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 26 Sep 2024 12:16:03 +0200 Subject: [PATCH 064/138] refs #8025 Tags added, added clean playbook, sudoers moved to guest --- README.md | 2 +- playbooks/awx.yml | 7 ++++--- playbooks/clean.yml | 13 +++++++++++++ playbooks/debian-upgrade.yml | 6 +++--- playbooks/debian.yml | 3 ++- playbooks/facts.yml | 3 ++- playbooks/freeradius.yml | 6 +++--- playbooks/nsupdate.yml | 8 ++++---- playbooks/ping.yml | 3 ++- playbooks/send-mail.yml | 6 +++--- playbooks/test.yml | 6 +++--- playbooks/win-ping.yml | 5 ++--- playbooks/win-update.yml | 3 ++- roles/awx/tasks/main.yaml | 6 +++--- roles/debian-base/tasks/main.yml | 13 ++++++++----- roles/{debian-base => debian-guest}/files/sudoers | 0 roles/debian-guest/tasks/auth.yml | 3 +-- roles/debian-guest/tasks/main.yml | 1 + .../{debian-base => debian-guest}/tasks/sudoers.yml | 2 +- 19 files changed, 58 insertions(+), 38 deletions(-) create mode 100644 playbooks/clean.yml rename roles/{debian-base => debian-guest}/files/sudoers (100%) rename roles/{debian-base => debian-guest}/tasks/sudoers.yml (81%) diff --git a/README.md b/README.md index e51dbeb..85f8f91 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ locally to ensure they work properly. Launch playbook on the fly on a host not declared in the inventory. ``` -ansible-playbook playbooks/test.yml -u root -i , +ansible-playbook -u root -i , playbooks/test.yml ``` *Note the comma at the end of the hostname or IP.* diff --git a/playbooks/awx.yml b/playbooks/awx.yml index a4c9198..e368ebb 100644 --- a/playbooks/awx.yml +++ b/playbooks/awx.yml @@ -1,6 +1,7 @@ -- hosts: all +- name: Configure AWX user + hosts: all gather_facts: no + become: no tasks: - - name: Configure AWX user - import_role: + - import_role: name: awx diff --git a/playbooks/clean.yml b/playbooks/clean.yml new file mode 100644 index 0000000..1e2b2bc --- /dev/null +++ b/playbooks/clean.yml @@ -0,0 +1,13 @@ +- name: Clean deprecated configuration + hosts: all + gather_facts: no + tasks: + - name: Delete awx-user + ansible.builtin.user: + name: awx-user + state: absent + remove: yes + - name: Delete awx-user sudoers file + file: + path: /etc/sudoers.d/awx-user + state: absent diff --git a/playbooks/debian-upgrade.yml b/playbooks/debian-upgrade.yml index 76ef424..2a54a48 100644 --- a/playbooks/debian-upgrade.yml +++ b/playbooks/debian-upgrade.yml @@ -1,5 +1,5 @@ -- hosts: all +- name: Upgrade Debian host + hosts: all tasks: - - name: Upgrade system - import_role: + - import_role: name: debian-upgrade diff --git a/playbooks/debian.yml b/playbooks/debian.yml index 0119d08..6de614b 100644 --- a/playbooks/debian.yml +++ b/playbooks/debian.yml @@ -1,4 +1,5 @@ -- hosts: all +- name: Configure base Debian host + hosts: all tasks: - name: Configure base system import_role: diff --git a/playbooks/facts.yml b/playbooks/facts.yml index 04ad610..9ad84e5 100644 --- a/playbooks/facts.yml +++ b/playbooks/facts.yml @@ -1,4 +1,5 @@ -- hosts: all +- name: Gather facts from host + hosts: all gather_facts: yes tasks: - name: Print all available facts diff --git a/playbooks/freeradius.yml b/playbooks/freeradius.yml index 086923b..0638321 100644 --- a/playbooks/freeradius.yml +++ b/playbooks/freeradius.yml @@ -1,5 +1,5 @@ -- hosts: all +- name: Install and configure Freeradius with TOTP + hosts: all tasks: - - name: Install and configure Freeradius with TOTP - import_role: + - import_role: name: freeradius \ No newline at end of file diff --git a/playbooks/nsupdate.yml b/playbooks/nsupdate.yml index 0b575f7..9c15773 100644 --- a/playbooks/nsupdate.yml +++ b/playbooks/nsupdate.yml @@ -1,5 +1,5 @@ -- hosts: ns1 +- name: Configure zone with nsupdate + hosts: ns1 tasks: - - name: Configure zone with nsupdate - import_role: - name: nsupdate \ No newline at end of file + - import_role: + name: nsupdate diff --git a/playbooks/ping.yml b/playbooks/ping.yml index 8661c51..5a889e8 100644 --- a/playbooks/ping.yml +++ b/playbooks/ping.yml @@ -1,3 +1,4 @@ -- hosts: all +- name: Check that a host is alive and reachable + hosts: all tasks: - ping: \ No newline at end of file diff --git a/playbooks/send-mail.yml b/playbooks/send-mail.yml index 201fece..1bae7af 100644 --- a/playbooks/send-mail.yml +++ b/playbooks/send-mail.yml @@ -1,6 +1,6 @@ -- hosts: localhost +- name: Send mail + hosts: localhost become: no tasks: - - name: Send mail - import_role: + - import_role: name: send-mail diff --git a/playbooks/test.yml b/playbooks/test.yml index a056033..358ac5d 100644 --- a/playbooks/test.yml +++ b/playbooks/test.yml @@ -1,5 +1,5 @@ -- hosts: all +- name: Test role + hosts: all tasks: - - name: Test role - import_role: + - import_role: name: debian-base diff --git a/playbooks/win-ping.yml b/playbooks/win-ping.yml index 0dd8dea..458c32a 100644 --- a/playbooks/win-ping.yml +++ b/playbooks/win-ping.yml @@ -1,5 +1,4 @@ -- name: Ping Windows hosts +- name: Ping Windows host hosts: all tasks: - - name: Ping Windows hosts - ansible.windows.win_ping: \ No newline at end of file + - ansible.windows.win_ping: diff --git a/playbooks/win-update.yml b/playbooks/win-update.yml index 4a6cc78..c91b5bd 100644 --- a/playbooks/win-update.yml +++ b/playbooks/win-update.yml @@ -1,4 +1,5 @@ -- hosts: all +- name: Update windows host + hosts: all serial: 1 tasks: - block: diff --git a/roles/awx/tasks/main.yaml b/roles/awx/tasks/main.yaml index 7cc7552..a67b94e 100644 --- a/roles/awx/tasks/main.yaml +++ b/roles/awx/tasks/main.yaml @@ -1,4 +1,4 @@ -- name: Create AWX user +- name: Create awx user user: name: awx password: '*' @@ -6,7 +6,7 @@ groups: sudo state: present comment: ssh user -- name: Adding SSH public key +- name: Add awx SSH public key authorized_key: user: awx key: "{{ awx_pub_key }}" @@ -14,7 +14,7 @@ apt: name: sudo state: present -- name: Add user to sudoers +- name: Add awx user to sudoers copy: src: sudoers dest: /etc/sudoers.d/awx diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml index 88a86ad..3933958 100644 --- a/roles/debian-base/tasks/main.yml +++ b/roles/debian-base/tasks/main.yml @@ -1,9 +1,12 @@ - import_tasks: install.yml - import_tasks: locale.yml - import_tasks: tzdata.yml -- import_tasks: motd.yml -- import_tasks: profile.yml -- import_tasks: vim.yml -- import_tasks: sudoers.yml -- import_tasks: nrpe.yml - import_tasks: relayhost.yml +- import_tasks: motd.yml + tags: [motd] +- import_tasks: profile.yml + tags: [profile] +- import_tasks: vim.yml + tags: [vim] +- import_tasks: nrpe.yml + tags: [nrpe] diff --git a/roles/debian-base/files/sudoers b/roles/debian-guest/files/sudoers similarity index 100% rename from roles/debian-base/files/sudoers rename to roles/debian-guest/files/sudoers diff --git a/roles/debian-guest/tasks/auth.yml b/roles/debian-guest/tasks/auth.yml index d576a73..e355630 100644 --- a/roles/debian-guest/tasks/auth.yml +++ b/roles/debian-guest/tasks/auth.yml @@ -1,4 +1,3 @@ - - name: Install packages apt: name: nslcd @@ -36,4 +35,4 @@ - name: Restart NSLCD service service: name: nslcd - state: restarted \ No newline at end of file + state: restarted diff --git a/roles/debian-guest/tasks/main.yml b/roles/debian-guest/tasks/main.yml index 3245538..6eb005d 100644 --- a/roles/debian-guest/tasks/main.yml +++ b/roles/debian-guest/tasks/main.yml @@ -1,2 +1,3 @@ - include_tasks: auth.yml when: false +- import_tasks: sudoers.yml diff --git a/roles/debian-base/tasks/sudoers.yml b/roles/debian-guest/tasks/sudoers.yml similarity index 81% rename from roles/debian-base/tasks/sudoers.yml rename to roles/debian-guest/tasks/sudoers.yml index 3c7f69e..0671ddd 100644 --- a/roles/debian-base/tasks/sudoers.yml +++ b/roles/debian-guest/tasks/sudoers.yml @@ -2,7 +2,7 @@ apt: name: sudo state: present -- name: Copy sudoers configuration file +- name: Add sysadmin to sudoers copy: src: sudoers dest: /etc/sudoers.d/vn -- 2.40.1 From 3f647cfd5cf3a60fd34bbc143a66882fbbf3c478 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 26 Sep 2024 12:50:51 +0200 Subject: [PATCH 065/138] refs #8025 clean: tags added, added task to remove old bashrc config --- playbooks/clean.yml | 25 ++++++++++++++++++++++++- roles/debian-base/tasks/vim.yml | 2 +- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/playbooks/clean.yml b/playbooks/clean.yml index 1e2b2bc..f5c8d90 100644 --- a/playbooks/clean.yml +++ b/playbooks/clean.yml @@ -3,11 +3,34 @@ gather_facts: no tasks: - name: Delete awx-user - ansible.builtin.user: + user: name: awx-user state: absent remove: yes + tags: [awx] - name: Delete awx-user sudoers file file: path: /etc/sudoers.d/awx-user state: absent + tags: [awx] + - name: Delete old MOTD configuration + file: + path: /etc/profile.d/mymotd.sh + state: absent + tags: [motd] + - name: Delete old Ansible bashrc configuration + blockinfile: + path: /root/.bashrc + marker_begin: 'BEGIN ANSIBLE MANAGED BLOCK' + marker_end: 'END ANSIBLE MANAGED BLOCK' + marker: "# {mark}" + state: absent + tags: [bashrc] + - name: Delete old custom bashrc configuration + replace: + path: /root/.bashrc + regexp: '{{ start_delimiter }}[\\s\\S]*?{{ end_delimiter }}' + replace: '' + vars: + start_delimiter: '### 4Loo' + end_delimiter: 'esac' diff --git a/roles/debian-base/tasks/vim.yml b/roles/debian-base/tasks/vim.yml index 3b4a32a..d89ef6f 100644 --- a/roles/debian-base/tasks/vim.yml +++ b/roles/debian-base/tasks/vim.yml @@ -1,4 +1,4 @@ -- name: Install packages +- name: Install vim packages apt: name: vim state: present -- 2.40.1 From 4f264468a258afea2ab6b97c55b95a94e36033ef Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 26 Sep 2024 13:01:03 +0200 Subject: [PATCH 066/138] refs #8025 Remove lab unreachable hosts --- inventories/laboratory | 7 ------- 1 file changed, 7 deletions(-) diff --git a/inventories/laboratory b/inventories/laboratory index 460d577..fe38c24 100644 --- a/inventories/laboratory +++ b/inventories/laboratory @@ -20,7 +20,6 @@ cephtest03 ansible_host=cephtest03.lab.verdnatura.es [kubepre] kubepre-helm ansible_host=kubepre-helm.lab.verdnatura.es kubepre-proxy1 ansible_host=kubepre-proxy1.lab.verdnatura.es -kubepre-proxy2 ansible_host=kubepre-proxy2.lab.verdnatura.es kubepre-master1 ansible_host=kubepre-master1.lab.verdnatura.es kubepre-master2 ansible_host=kubepre-master2.lab.verdnatura.es kubepre-master3 ansible_host=kubepre-master3.lab.verdnatura.es @@ -41,14 +40,8 @@ kubetest-worker04 ansible_host=kubetest-worker04.lab.verdnatura.es [laboratory] corelab-proxy1 ansible_host=corelab-proxy1.lab.verdnatura.es -docker-itlab ansible_host=docker-itlab.lab.verdnatura.es zammad ansible_host=zammad.lab.verdnatura.es matrix ansible_host=matrix.lab.verdnatura.es -ansible-test ansible_host=ansible-test.lab.verdnatura.es - -[network] -opnsense1-test ansible_host=opnsense1-test.lab.verdnatura.es -opnsense2-test ansible_host=opnsense2-test.lab.verdnatura.es [guest:children] cephtest -- 2.40.1 From ae9dbd78ac52582c04df20d5477a5ec4600b29ea Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 26 Sep 2024 13:02:40 +0200 Subject: [PATCH 067/138] refs #8025 Remove lab network reference --- inventories/laboratory | 1 - 1 file changed, 1 deletion(-) diff --git a/inventories/laboratory b/inventories/laboratory index fe38c24..15d14ef 100644 --- a/inventories/laboratory +++ b/inventories/laboratory @@ -48,4 +48,3 @@ cephtest kubepre kubetest laboratory -network -- 2.40.1 From bd9059f3c50679c093f5c0ae21f5751da096e99a Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 26 Sep 2024 13:49:23 +0200 Subject: [PATCH 068/138] refs #8025 Production hosts updated, tags without brackets --- inventories/production | 139 ++++++++++++++++--------------- playbooks/clean.yml | 10 +-- roles/debian-base/tasks/main.yml | 12 ++- 3 files changed, 87 insertions(+), 74 deletions(-) diff --git a/inventories/production b/inventories/production index c150cfa..60314ed 100644 --- a/inventories/production +++ b/inventories/production @@ -40,74 +40,16 @@ kube-proxy2 ansible_host=kube-proxy2.servers.dc.verdnatura.es [kube_helper] kube-helm ansible_host=kube-helm.servers.dc.verdnatura.es -[kube:children] +[kubernetes:children] kube_master kube_worker kube_proxy kube_helper -[core_helper] -core-agent ansible_host=core-agent.core.dc.verdnatura.es -core-proxy ansible_host=core-proxy.core.dc.verdnatura.es - -[servers] -dhcp1 ansible_host=dhcp1.servers.dc.verdnatura.es -dhcp2 ansible_host=dhcp2.servers.dc.verdnatura.es -ns1 ansible_host=ns1.servers.dc.verdnatura.es -ns2 ansible_host=ns2.servers.dc.verdnatura.es -mailgw1 ansible_host=mailgw1.servers.dc.verdnatura.es -mailgw2 ansible_host=mailgw2.servers.dc.verdnatura.es -postfix ansible_host=postfix.servers.dc.verdnatura.es -time1 ansible_host=time1.servers.dc.verdnatura.es -time2 ansible_host=time2.servers.dc.verdnatura.es -pbx ansible_host=pbx.servers.dc.verdnatura.es -homes ansible_host=homes.servers.dc.verdnatura.es -server ansible_host=server.servers.dc.verdnatura.es -vpn ansible_host=vpn.servers.dc.verdnatura.es -cacti ansible_host=cacti.servers.dc.verdnatura.es -logger ansible_host=logger.servers.dc.verdnatura.es -nagios ansible_host=nagios.servers.dc.verdnatura.es -nagiosql-db ansible_host=nagiosql-db.servers.dc.verdnatura.es -doku ansible_host=doku.servers.dc.verdnatura.es -unifi ansible_host=unifi.servers.dc.verdnatura.es +[ad] dc1 ansible_host=dc1.servers.dc.verdnatura.es dc2 ansible_host=dc2.servers.dc.verdnatura.es -ldap-proxy1 ansible_host=ldap-proxy1.servers.dc.verdnatura.es -ldap-proxy2 ansible_host=ldap-proxy2.servers.dc.verdnatura.es -ldap1 ansible_host=ldap1.servers.dc.verdnatura.es -ldap2 ansible_host=ldap2.servers.dc.verdnatura.es -ldap3 ansible_host=ldap3.servers.dc.verdnatura.es -db1 ansible_host=db1.servers.dc.verdnatura.es -db2 ansible_host=db2.servers.dc.verdnatura.es -db-proxy1 ansible_host=db-proxy1.servers.dc.verdnatura.es -db-proxy2 ansible_host=db-proxy2.servers.dc.verdnatura.es -test-db1 ansible_host=test-db1.servers.dc.verdnatura.es -test-db-proxy1 ansible_host=test-db-proxy1.servers.dc.verdnatura.es -test-db-proxy2 ansible_host=test-db-proxy2.servers.dc.verdnatura.es -monthly-db ansible_host=monthly-db.servers.dc.verdnatura.es -dev-db ansible_host=dev-db.servers.dc.verdnatura.es -spamd-db ansible_host=spamd-db.servers.dc.verdnatura.es -spamd ansible_host=spamd.servers.dc.verdnatura.es -dovecot ansible_host=dovecot.servers.dc.verdnatura.es -debian12-vm ansible_host=debian12-vm.servers.dc.verdnatura.es -freeradiustotp ansible_host=freeradiustotp.servers.dc.verdnatura.es -iventoy ansible_host=iventoy.servers.dc.verdnatura.es - -[windows] -rsat ansible_host=rsat.servers.dc.verdnatura.es -printserver ansible_host=printserver.servers.dc.verdnatura.es -mrw ansible_host=mrw.servers.dc.verdnatura.es -ts1 ansible_host=ts1.rds.dc.verdnatura.es -ts2 ansible_host=ts2.rds.dc.verdnatura.es -rds-licenses ansible_host=rds-licenses.rds.dc.verdnatura.es -integra2 ansible_host=integra2.servers.dc.verdnatura.es - -[outsource] -a3 ansible_host=a3.outsource.dc.verdnatura.es -contaplus ansible_host=contaplus.outsource.dc.verdnatura.es -dipole ansible_host=dipole.outsource.dc.verdnatura.es -sage ansible_host=sage.outsource.dc.verdnatura.es -docuware ansible_host=docuware.outsource.dc.verdnatura.es +server ansible_host=server.servers.dc.verdnatura.es [backup] bacula-dir ansible_host=bacula-dir.backup.dc.verdnatura.es @@ -117,9 +59,76 @@ backup-nas ansible_host=backup-nas.backup.dc.verdnatura.es tftp ansible_host=tftp.backup.dc.verdnatura.es kube-backup ansible_host=kube-backup.backup.dc.verdnatura.es +[core] +core-agent ansible_host=core-agent.core.dc.verdnatura.es +core-proxy ansible_host=core-proxy.core.dc.verdnatura.es + +[db] +db-proxy1 ansible_host=db-proxy1.servers.dc.verdnatura.es +db-proxy2 ansible_host=db-proxy2.servers.dc.verdnatura.es +db1 ansible_host=db1.servers.dc.verdnatura.es +db2 ansible_host=db2.servers.dc.verdnatura.es + +[ldap] +ldap-proxy1 ansible_host=ldap-proxy1.servers.dc.verdnatura.es +ldap-proxy2 ansible_host=ldap-proxy2.servers.dc.verdnatura.es +ldap1 ansible_host=ldap1.servers.dc.verdnatura.es +ldap2 ansible_host=ldap2.servers.dc.verdnatura.es +ldap3 ansible_host=ldap3.servers.dc.verdnatura.es + +[mail] +dovecot ansible_host=dovecot.servers.dc.verdnatura.es +mailgw1 ansible_host=mailgw1.servers.dc.verdnatura.es +mailgw2 ansible_host=mailgw2.servers.dc.verdnatura.es +postfix ansible_host=postfix.servers.dc.verdnatura.es +spamd ansible_host=spamd.servers.dc.verdnatura.es +spamd-db ansible_host=spamd-db.servers.dc.verdnatura.es + +[monitoring] +cacti ansible_host=cacti.servers.dc.verdnatura.es +logger ansible_host=logger.servers.dc.verdnatura.es +nagios ansible_host=nagios.servers.dc.verdnatura.es +nagiosql-db ansible_host=nagiosql-db.servers.dc.verdnatura.es +librenms ansible_host=librenms.servers.dc.verdnatura.es + +[network] +dhcp1 ansible_host=dhcp1.servers.dc.verdnatura.es +dhcp2 ansible_host=dhcp2.servers.dc.verdnatura.es +ns1 ansible_host=ns1.servers.dc.verdnatura.es +ns2 ansible_host=ns2.servers.dc.verdnatura.es +unifi ansible_host=unifi.servers.dc.verdnatura.es +vpn ansible_host=vpn.servers.dc.verdnatura.es +time1 ansible_host=time1.servers.dc.verdnatura.es +time2 ansible_host=time2.servers.dc.verdnatura.es + +[princ] +pbx ansible_host=pbx.servers.dc.verdnatura.es +homes ansible_host=homes.servers.dc.verdnatura.es +doku ansible_host=doku.servers.dc.verdnatura.es +iventoy ansible_host=iventoy.servers.dc.verdnatura.es + +[rds] +ts-proxy1 ansible_host=ts-proxy1.servers.dc.verdnatura.es +ts-proxy2 ansible_host=ts-proxy2.servers.dc.verdnatura.es +profiles ansible_host=profiles.servers.dc.verdnatura.es + +[test] +test-db1 ansible_host=test-db1.servers.dc.verdnatura.es +test-db-proxy1 ansible_host=test-db-proxy1.servers.dc.verdnatura.es +test-db-proxy2 ansible_host=test-db-proxy2.servers.dc.verdnatura.es +monthly-db ansible_host=monthly-db.servers.dc.verdnatura.es +dev-db ansible_host=dev-db.servers.dc.verdnatura.es + [guest:children] -core_helper -servers -windows -outsource +ad backup +core +db +kubernetes +ldap +mail +monitoring +network +princ +rds +test diff --git a/playbooks/clean.yml b/playbooks/clean.yml index f5c8d90..c19a4c5 100644 --- a/playbooks/clean.yml +++ b/playbooks/clean.yml @@ -7,17 +7,17 @@ name: awx-user state: absent remove: yes - tags: [awx] + tags: awx - name: Delete awx-user sudoers file file: path: /etc/sudoers.d/awx-user state: absent - tags: [awx] + tags: awx - name: Delete old MOTD configuration file: path: /etc/profile.d/mymotd.sh state: absent - tags: [motd] + tags: motd - name: Delete old Ansible bashrc configuration blockinfile: path: /root/.bashrc @@ -25,11 +25,11 @@ marker_end: 'END ANSIBLE MANAGED BLOCK' marker: "# {mark}" state: absent - tags: [bashrc] + tags: bashrc - name: Delete old custom bashrc configuration replace: path: /root/.bashrc - regexp: '{{ start_delimiter }}[\\s\\S]*?{{ end_delimiter }}' + regexp: '{{ start_delimiter }}\\s\\S*?{{ end_delimiter }}' replace: '' vars: start_delimiter: '### 4Loo' diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml index 3933958..0e3ba90 100644 --- a/roles/debian-base/tasks/main.yml +++ b/roles/debian-base/tasks/main.yml @@ -1,12 +1,16 @@ - import_tasks: install.yml + tags: install - import_tasks: locale.yml + tags: locale - import_tasks: tzdata.yml + tags: tzdata - import_tasks: relayhost.yml + tags: relayhost - import_tasks: motd.yml - tags: [motd] + tags: motd - import_tasks: profile.yml - tags: [profile] + tags: profile - import_tasks: vim.yml - tags: [vim] + tags: vim - import_tasks: nrpe.yml - tags: [nrpe] + tags: nrpe -- 2.40.1 From 39144527bb5f63280435059773013a1f5e0b61b7 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 26 Sep 2024 14:16:04 +0200 Subject: [PATCH 069/138] refs #8025 Disable gather and become for ping --- playbooks/ping.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/playbooks/ping.yml b/playbooks/ping.yml index 5a889e8..2f48123 100644 --- a/playbooks/ping.yml +++ b/playbooks/ping.yml @@ -1,4 +1,6 @@ - name: Check that a host is alive and reachable hosts: all + gather_facts: no + become: no tasks: - ping: \ No newline at end of file -- 2.40.1 From 5480687b33f3a4de98a1702150954e3a7325f280 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 26 Sep 2024 14:55:41 +0200 Subject: [PATCH 070/138] refs #8025 Tags doc added --- README.md | 2 +- playbooks/ping.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 85f8f91..3a4b5eb 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ locally to ensure they work properly. Launch playbook on the fly on a host not declared in the inventory. ``` -ansible-playbook -u root -i , playbooks/test.yml +ansible-playbook -u root -i , [--tags tag1,tag2] playbooks/test.yml ``` *Note the comma at the end of the hostname or IP.* diff --git a/playbooks/ping.yml b/playbooks/ping.yml index 2f48123..b7061eb 100644 --- a/playbooks/ping.yml +++ b/playbooks/ping.yml @@ -1,4 +1,4 @@ -- name: Check that a host is alive and reachable +- name: Check whether host is alive and reachable hosts: all gather_facts: no become: no -- 2.40.1 From ca9b87b8f87de4549bd589561370c0935be00132 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 26 Sep 2024 14:57:01 +0200 Subject: [PATCH 071/138] refs #8025 README ping description --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3a4b5eb..a8505d8 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ ansible-playbook -u root -i , [--tags tag1,tag2] playbooks/test. ## Common playbooks * **facts.yml**: Collect and display facts from a host -* **ping.yml**: Check that a host is alive and reachable by Ansible +* **ping.yml**: Check that a host is alive and reachable * **awx.yml**: Create and configure AWX user * **test.yml**: Test an specific role. Don't forget to undo changes before pushing! * **debian.yml**: Setup base Debian server -- 2.40.1 From 1e565544fe9af1d5fae68b61ad0a571c924a1af2 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Fri, 27 Sep 2024 13:26:47 +0200 Subject: [PATCH 072/138] refs #8025 Vault added, core hosts splitted, tasks parametized, auth enabled --- .gitignore | 1 + README.md | 10 +++- ansible.cfg | 5 +- inventories/core | 32 +++++++++++++ inventories/group_vars/all.yml | 47 +++---------------- inventories/production | 35 -------------- playbooks/debian.yml | 1 + playbooks/facts.yml | 2 +- playbooks/test.yml | 5 -- roles/debian-base/defaults/main.yaml | 7 +++ roles/debian-base/files/profile.sh | 8 ++++ roles/debian-base/files/timesync | 5 -- roles/debian-base/tasks/bacula.yml | 2 +- roles/debian-base/tasks/fail2ban.yml | 2 +- roles/debian-base/tasks/locale.yml | 2 +- roles/debian-base/tasks/nrpe.yml | 8 ++-- roles/debian-base/tasks/root.yaml | 19 +------- .../tasks/{tymesyncd.yml => timesync.yml} | 4 +- .../{bacula-fd.conf.j2 => bacula-fd.conf} | 0 .../templates/{jail.local.j2 => jail.local} | 0 .../debian-base/{files => templates}/nrpe.cfg | 2 +- roles/debian-base/vars/main.yml | 5 -- roles/debian-guest/files/nslcd.conf | 16 ------- roles/debian-guest/files/sudoers | 1 - roles/debian-guest/handlers/main.yml | 6 +++ roles/debian-guest/tasks/auth.yml | 21 ++------- roles/debian-guest/tasks/main.yml | 5 +- roles/debian-guest/tasks/sudoers.yml | 2 +- roles/debian-guest/templates/nslcd.conf | 16 +++++++ roles/debian-guest/templates/sudoers | 1 + roles/debian-qemu/{vars => defaults}/main.yml | 0 roles/debian-qemu/files/auto.homes | 1 - roles/debian-qemu/files/homes.autofs | 1 - roles/debian-qemu/tasks/autofs.yml | 6 +-- roles/debian-qemu/tasks/main.yml | 3 ++ roles/debian-qemu/templates/auto.homes | 1 + roles/debian-qemu/templates/homes.autofs | 1 + roles/freeradius/handlers/main.yaml | 5 +- roles/freeradius/vars/main.yaml | 1 - roles/nsupdate/tasks/main.yml | 2 +- vault.yml | 26 ++++++++++ 41 files changed, 149 insertions(+), 168 deletions(-) create mode 100644 inventories/core delete mode 100644 playbooks/test.yml delete mode 100644 roles/debian-base/files/timesync rename roles/debian-base/tasks/{tymesyncd.yml => timesync.yml} (83%) rename roles/debian-base/templates/{bacula-fd.conf.j2 => bacula-fd.conf} (100%) rename roles/debian-base/templates/{jail.local.j2 => jail.local} (100%) rename roles/debian-base/{files => templates}/nrpe.cfg (95%) delete mode 100644 roles/debian-guest/files/nslcd.conf delete mode 100644 roles/debian-guest/files/sudoers create mode 100644 roles/debian-guest/handlers/main.yml create mode 100644 roles/debian-guest/templates/nslcd.conf create mode 100644 roles/debian-guest/templates/sudoers rename roles/debian-qemu/{vars => defaults}/main.yml (100%) delete mode 100644 roles/debian-qemu/files/auto.homes delete mode 100644 roles/debian-qemu/files/homes.autofs create mode 100644 roles/debian-qemu/templates/auto.homes create mode 100644 roles/debian-qemu/templates/homes.autofs create mode 100644 vault.yml diff --git a/.gitignore b/.gitignore index 1d74e21..973bdc4 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .vscode/ +.vaultpass diff --git a/README.md b/README.md index a8505d8..6f9efbb 100644 --- a/README.md +++ b/README.md @@ -21,12 +21,20 @@ ansible-playbook -u root -i , [--tags tag1,tag2] playbooks/test. *Note the comma at the end of the hostname or IP.* +## Manage vault + +Place vault password into *.vaultpass* file. + +Edit vault file. +``` +ansible-vault edit vault.yml +``` + ## Common playbooks * **facts.yml**: Collect and display facts from a host * **ping.yml**: Check that a host is alive and reachable * **awx.yml**: Create and configure AWX user -* **test.yml**: Test an specific role. Don't forget to undo changes before pushing! * **debian.yml**: Setup base Debian server ## Documentation diff --git a/ansible.cfg b/ansible.cfg index 02b7ba8..a6fd83b 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,10 +1,11 @@ [defaults] +remote_user = root +host_key_checking = False roles_path = ./roles inventory = ./inventories/production gathering = smart interpreter_python = auto_silent -remote_user = awx -host_key_checking = False +vault_password_file = .vaultpass [privilege_escalation] become = True diff --git a/inventories/core b/inventories/core new file mode 100644 index 0000000..27037d1 --- /dev/null +++ b/inventories/core @@ -0,0 +1,32 @@ +[ceph] +ceph1 ansible_host=ceph1.core.dc.verdnatura.es +ceph2 ansible_host=ceph2.core.dc.verdnatura.es +ceph3 ansible_host=ceph3.core.dc.verdnatura.es + +[ceph_gw] +ceph-gw1 ansible_host=ceph-gw1.core.dc.verdnatura.es +ceph-gw2 ansible_host=ceph-gw2.core.dc.verdnatura.es + +[pve] +pve01 ansible_host=pve01.core.dc.verdnatura.es +pve02 ansible_host=pve02.core.dc.verdnatura.es +pve03 ansible_host=pve03.core.dc.verdnatura.es +pve04 ansible_host=pve04.core.dc.verdnatura.es +pve05 ansible_host=pve04.core.dc.verdnatura.es + +[infra:children] +ceph +ceph_gw +pve + +[core] +core-agent ansible_host=core-agent.core.dc.verdnatura.es +core-proxy ansible_host=core-proxy.core.dc.verdnatura.es + +[backup] +bacula-dir ansible_host=bacula-dir.backup.dc.verdnatura.es +bacula-db ansible_host=bacula-db.backup.dc.verdnatura.es +bacularis ansible_host=bacularis.backup.dc.verdnatura.es +backup-nas ansible_host=backup-nas.backup.dc.verdnatura.es +tftp ansible_host=tftp.backup.dc.verdnatura.es +kube-backup ansible_host=kube-backup.backup.dc.verdnatura.es diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index d307c50..5dd7be7 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -1,5 +1,12 @@ sysadmin_mail: sysadmin@verdnatura.es +sysadmin_group: sysadmin smtp_server: smtp.verdnatura.es +homes_server: homes.servers.dc.verdnatura.es +nagios_server: nagios.verdnatura.es +time_server: time1.verdnatura.es time2.verdnatura.es +main_dns_server: ns1.verdnatura.es +ldap_uri: ldap://ldap.verdnatura.es +ldap_base: dc=verdnatura,dc=es dc_net: "10.0.0.0/16" resolv: domain: verdnatura.es @@ -12,43 +19,3 @@ awx_pub_key: > ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzAwWm+IsqZCgMzjdZ7Do3xWtVtoUCpWJpH7KSi2a/H awx@verdnatura.es -nslcd_password: !vault > - $ANSIBLE_VAULT;1.1;AES256 - 30343461633538323832316231383362626636653864353535346461353937313131336135396162 - 3866623238353638323961363239373236393339333134380a313561363030306165393965396234 - 65316535626434333331633438613639633163643765633064363833303461363834653864646464 - 3133313233353730620a343536316266393637623563313563613332646630643632366439343764 - 30383935303161646339393361393130613266663337373364626635646430326465 -rndc_key: !vault > - $ANSIBLE_VAULT;1.1;AES256 - 36386562613235363931396632656535383336313537636431643338353438313231623839313031 - 3830616135393732353265666664353963393366343461630a633365396165653761353762383739 - 66303862376465626435633964313237643230653463353662343831646464633639383336323863 - 6139333234386565620a653438613165626131653834633931343766343162653932373161653362 - 38303139333536656263656163623333313234393666353766363565633732366165 -radius_ldap_password: !vault > - $ANSIBLE_VAULT;1.1;AES256 - 31643037313539376337363739616361363339616235623433656131306539373030373731643934 - 3432656465343430366366646237326137656134346562360a306538303762313261616632643135 - 39316439653932396134646432633262326631363765643564306565636363356335653539656531 - 6234636463376364620a636133346337306437643939376531633564633737333133363065633031 - 61643731646163323636343837373761303930323961653663343135303731623133 -radius_client_password: !vault > - $ANSIBLE_VAULT;1.1;AES256 - 62313333666335316231396365653635356639626563613738363137383434343437393833393934 - 6439646632303536393438306234323862363532393733630a356136393539363161346631623161 - 37636365653331333735353166646164613732303035613231353237343139623137396364643637 - 3261656465336435630a666466643734373830633933613266663631343730386530633839386239 - 62623434663130363637303035363434313566376661356362663238666166343534 -awx_smtp_password: !vault > - $ANSIBLE_VAULT;1.1;AES256 - 62393936623766653737356136353765336265636136616330306537393638646663326663346138 - 3631616362363163393036613564623864383365633634660a366563363836363061623566393361 - 37633364633631333130346332613235303762316435313535613664323830656363353237373561 - 3866653365636431630a303262666662376662623862663461633361333037643863353135343836 - 61383730366664353730616331666139376234313562383163613736353231666533 -grub_code: > - grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE22 - 29139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA385 - 7B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE - 0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7 diff --git a/inventories/production b/inventories/production index 60314ed..1e38715 100644 --- a/inventories/production +++ b/inventories/production @@ -1,24 +1,3 @@ -[ceph] -ceph1 ansible_host=ceph1.core.dc.verdnatura.es -ceph2 ansible_host=ceph2.core.dc.verdnatura.es -ceph3 ansible_host=ceph3.core.dc.verdnatura.es - -[ceph_gw] -ceph-gw1 ansible_host=ceph-gw1.core.dc.verdnatura.es -ceph-gw2 ansible_host=ceph-gw2.core.dc.verdnatura.es - -[pve] -pve01 ansible_host=pve01.core.dc.verdnatura.es -pve02 ansible_host=pve02.core.dc.verdnatura.es -pve03 ansible_host=pve03.core.dc.verdnatura.es -pve04 ansible_host=pve04.core.dc.verdnatura.es -pve05 ansible_host=pve04.core.dc.verdnatura.es - -[infra:children] -ceph -ceph_gw -pve - [kube_master] kube-master1 ansible_host=kube-master1.servers.dc.verdnatura.es kube-master2 ansible_host=kube-master2.servers.dc.verdnatura.es @@ -51,18 +30,6 @@ dc1 ansible_host=dc1.servers.dc.verdnatura.es dc2 ansible_host=dc2.servers.dc.verdnatura.es server ansible_host=server.servers.dc.verdnatura.es -[backup] -bacula-dir ansible_host=bacula-dir.backup.dc.verdnatura.es -bacula-db ansible_host=bacula-db.backup.dc.verdnatura.es -bacularis ansible_host=bacularis.backup.dc.verdnatura.es -backup-nas ansible_host=backup-nas.backup.dc.verdnatura.es -tftp ansible_host=tftp.backup.dc.verdnatura.es -kube-backup ansible_host=kube-backup.backup.dc.verdnatura.es - -[core] -core-agent ansible_host=core-agent.core.dc.verdnatura.es -core-proxy ansible_host=core-proxy.core.dc.verdnatura.es - [db] db-proxy1 ansible_host=db-proxy1.servers.dc.verdnatura.es db-proxy2 ansible_host=db-proxy2.servers.dc.verdnatura.es @@ -121,8 +88,6 @@ dev-db ansible_host=dev-db.servers.dc.verdnatura.es [guest:children] ad -backup -core db kubernetes ldap diff --git a/playbooks/debian.yml b/playbooks/debian.yml index 6de614b..4888a35 100644 --- a/playbooks/debian.yml +++ b/playbooks/debian.yml @@ -1,5 +1,6 @@ - name: Configure base Debian host hosts: all + vars_files: ../vault.yml tasks: - name: Configure base system import_role: diff --git a/playbooks/facts.yml b/playbooks/facts.yml index 9ad84e5..0ccd652 100644 --- a/playbooks/facts.yml +++ b/playbooks/facts.yml @@ -3,7 +3,7 @@ gather_facts: yes tasks: - name: Print all available facts - ansible.builtin.debug: + debug: var: ansible_facts - name: Print variable value debug: diff --git a/playbooks/test.yml b/playbooks/test.yml deleted file mode 100644 index 358ac5d..0000000 --- a/playbooks/test.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: Test role - hosts: all - tasks: - - import_role: - name: debian-base diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index 7f95631..3eb8039 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -1,3 +1,10 @@ +default_user: user +root_password: Pa$$w0rd +fail2ban: + email: "{{ sysadmin_mail }}" + bantime: 600 + maxretry: 4 + ignore: "127.0.0.0/8 {{ dc_net }}" exim_dc_eximconfig_configtype: satellite dc_other_hostnames: "{{ ansible_fqdn }}" dc_local_interfaces: 127.0.0.1 diff --git a/roles/debian-base/files/profile.sh b/roles/debian-base/files/profile.sh index d8f3cf6..ab1ac12 100644 --- a/roles/debian-base/files/profile.sh +++ b/roles/debian-base/files/profile.sh @@ -37,3 +37,11 @@ HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S " # Security TMOUT=3600 + +# Aliases + +#export LS_OPTIONS='--color=auto' +#eval "$(dircolors)" +#alias ls='ls $LS_OPTIONS' +#alias ll='ls $LS_OPTIONS -l' +#alias la='ls $LS_OPTIONS -la' diff --git a/roles/debian-base/files/timesync b/roles/debian-base/files/timesync deleted file mode 100644 index 3c79241..0000000 --- a/roles/debian-base/files/timesync +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -test -x /usr/sbin/ntpdate || exit 0 -/usr/sbin/ntpdate time1.verdnatura.es -/usr/sbin/ntpdate time2.verdnatura.es diff --git a/roles/debian-base/tasks/bacula.yml b/roles/debian-base/tasks/bacula.yml index a786645..ef04a37 100644 --- a/roles/debian-base/tasks/bacula.yml +++ b/roles/debian-base/tasks/bacula.yml @@ -8,7 +8,7 @@ register: bacula_passwords - name: Configure Bacula FD template: - src: bacula-fd.conf.j2 + src: bacula-fd.conf dest: /etc/bacula/bacula-fd.conf owner: root group: bacula diff --git a/roles/debian-base/tasks/fail2ban.yml b/roles/debian-base/tasks/fail2ban.yml index f1a7042..709bafe 100644 --- a/roles/debian-base/tasks/fail2ban.yml +++ b/roles/debian-base/tasks/fail2ban.yml @@ -7,7 +7,7 @@ - rsyslog - name: Configure fail2ban service template: - src: jail.local.j2 + src: jail.local dest: /etc/fail2ban/jail.local owner: root group: root diff --git a/roles/debian-base/tasks/locale.yml b/roles/debian-base/tasks/locale.yml index 33efdf0..218c067 100644 --- a/roles/debian-base/tasks/locale.yml +++ b/roles/debian-base/tasks/locale.yml @@ -12,4 +12,4 @@ - name: Generate locale command: locale-gen - name: Update locale - command: update-locale LANG=en_US.UTF-8 \ No newline at end of file + command: update-locale LANG=en_US.UTF-8 diff --git a/roles/debian-base/tasks/nrpe.yml b/roles/debian-base/tasks/nrpe.yml index b76f672..57ab588 100644 --- a/roles/debian-base/tasks/nrpe.yml +++ b/roles/debian-base/tasks/nrpe.yml @@ -6,12 +6,12 @@ - nagios-nrpe-server - nagios-plugins-contrib - name: Set NRPE generic configuration - copy: + template: src: nrpe.cfg dest: /etc/nagios/nrpe.d/90-vn.cfg owner: root group: root - mode: '0644' + mode: u=rw,g=r,o=r notify: restart-nrpe - name: Create NRPE local configuration file file: @@ -19,4 +19,6 @@ state: touch owner: nagios group: nagios - mode: '0640' + mode: u=rw,g=r,o= + modification_time: preserve + access_time: preserve diff --git a/roles/debian-base/tasks/root.yaml b/roles/debian-base/tasks/root.yaml index 6e42647..0bb8a91 100644 --- a/roles/debian-base/tasks/root.yaml +++ b/roles/debian-base/tasks/root.yaml @@ -6,21 +6,4 @@ - name: Change root password user: name: root - password: "{{ ssh_password | password_hash('sha512') }}" -- name: Configure bashrc - lineinfile: - dest: /root/.bashrc - regexp: "{{item.regexp}}" - line: "{{item.line}}" - state: present - with_items: - - regexp: "^# export LS_OPTIONS" - line: "export LS_OPTIONS='--color=auto" - - regexp: "^# eval" - line: 'eval "$(dircolors)"' - - regexp: "^# alias ls='ls $LS_OPTIONS'" - line: "alias ls='ls $LS_OPTIONS'" - - regexp: "^# alias ll='ls $LS_OPTIONS -l'" - line: "alias ll='ls $LS_OPTIONS -l'" - - regexp: "# alias la='ls $LS_OPTIONS -la'" - line: "alias la='ls $LS_OPTIONS -la'" + password: "{{ root_password | password_hash('sha512') }}" diff --git a/roles/debian-base/tasks/tymesyncd.yml b/roles/debian-base/tasks/timesync.yml similarity index 83% rename from roles/debian-base/tasks/tymesyncd.yml rename to roles/debian-base/tasks/timesync.yml index 89fbe1e..708a409 100644 --- a/roles/debian-base/tasks/tymesyncd.yml +++ b/roles/debian-base/tasks/timesync.yml @@ -2,7 +2,7 @@ lineinfile: path: /etc/systemd/timesyncd.conf regexp: '^#NTP' - line: "NTP=time1.verdnatura.es time2.verdnatura.es" + line: "NTP={{ time_server }}" owner: root group: root mode: '0644' @@ -14,7 +14,7 @@ owner: root group: root mode: '0644' - notify: restart systemd-timesyncd + notify: restart systemd-timesyncd - name: Service should start on boot service: name: systemd-timesyncd diff --git a/roles/debian-base/templates/bacula-fd.conf.j2 b/roles/debian-base/templates/bacula-fd.conf similarity index 100% rename from roles/debian-base/templates/bacula-fd.conf.j2 rename to roles/debian-base/templates/bacula-fd.conf diff --git a/roles/debian-base/templates/jail.local.j2 b/roles/debian-base/templates/jail.local similarity index 100% rename from roles/debian-base/templates/jail.local.j2 rename to roles/debian-base/templates/jail.local diff --git a/roles/debian-base/files/nrpe.cfg b/roles/debian-base/templates/nrpe.cfg similarity index 95% rename from roles/debian-base/files/nrpe.cfg rename to roles/debian-base/templates/nrpe.cfg index ba31809..7efab1f 100644 --- a/roles/debian-base/files/nrpe.cfg +++ b/roles/debian-base/templates/nrpe.cfg @@ -1,4 +1,4 @@ -allowed_hosts=nagios.verdnatura.es +allowed_hosts={{ nagios_server }} command[check_disk_root]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p / command[check_disk_var]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p /var diff --git a/roles/debian-base/vars/main.yml b/roles/debian-base/vars/main.yml index 4fd5f1c..17fe0d6 100644 --- a/roles/debian-base/vars/main.yml +++ b/roles/debian-base/vars/main.yml @@ -1,8 +1,3 @@ -fail2ban: - email: "{{ sysadmin_mail }}" - bantime: 600 - maxretry: 4 - ignore: "127.0.0.0/8 {{ dc_net }}" vn_host: url: http://apt.verdnatura.es/pool/main/v/vn-host package: vn-host_2.0.2_all.deb diff --git a/roles/debian-guest/files/nslcd.conf b/roles/debian-guest/files/nslcd.conf deleted file mode 100644 index 858edce..0000000 --- a/roles/debian-guest/files/nslcd.conf +++ /dev/null @@ -1,16 +0,0 @@ -# See nslcd.conf(5) for details. - -uid nslcd -gid nslcd - -uri ldap://ldap.verdnatura.es -idle_timelimit 60 - -base dc=verdnatura,dc=es -binddn cn=nss,ou=admins,dc=verdnatura,dc=es -bindpw password -pagesize 500 - -filter group (&(objectClass=posixGroup)(cn=sysadmin)) -filter passwd (&(objectClass=posixAccount)(memberOf=cn=sysadmin,ou=dnGroups,dc=verdnatura,dc=es)) -pam_authz_search (&(objectClass=posixGroup)(cn=sysadmin)(memberuid=$username)) diff --git a/roles/debian-guest/files/sudoers b/roles/debian-guest/files/sudoers deleted file mode 100644 index d9faa7f..0000000 --- a/roles/debian-guest/files/sudoers +++ /dev/null @@ -1 +0,0 @@ -%sysadmin ALL=(ALL) NOPASSWD: ALL diff --git a/roles/debian-guest/handlers/main.yml b/roles/debian-guest/handlers/main.yml new file mode 100644 index 0000000..1764d05 --- /dev/null +++ b/roles/debian-guest/handlers/main.yml @@ -0,0 +1,6 @@ +- name: restart-nslcd + service: + name: nslcd + state: restarted +- name: pam-update-ldap + shell: pam-auth-update --enable ldap diff --git a/roles/debian-guest/tasks/auth.yml b/roles/debian-guest/tasks/auth.yml index e355630..7930b91 100644 --- a/roles/debian-guest/tasks/auth.yml +++ b/roles/debian-guest/tasks/auth.yml @@ -3,22 +3,15 @@ name: nslcd state: present - name: Configure NSLCD - copy: + template: src: nslcd.conf dest: /etc/nslcd.conf owner: root group: nslcd mode: '0640' - backup: yes -- name: Add LDAP password to NSLCD configuration - lineinfile: - dest: /etc/nslcd.conf - regexp: "{{item.regexp}}" - line: "{{item.line}}" - state: present - with_items: - - regexp: "^bindpw" - line: "bindpw {{ nslcd_password }}" + notify: + - restart-nslcd + - pam-update-ldap - name: Configure nsswitch to use NSLCD lineinfile: dest: /etc/nsswitch.conf @@ -30,9 +23,3 @@ line: "passwd: files systemd ldap" - regexp: "^group:" line: "group: files systemd ldap" -- name: Reconfigure PAM to use LDAP - shell: pam-auth-update --enable ldap -- name: Restart NSLCD service - service: - name: nslcd - state: restarted diff --git a/roles/debian-guest/tasks/main.yml b/roles/debian-guest/tasks/main.yml index 6eb005d..44edaef 100644 --- a/roles/debian-guest/tasks/main.yml +++ b/roles/debian-guest/tasks/main.yml @@ -1,3 +1,4 @@ -- include_tasks: auth.yml - when: false +- import_tasks: auth.yml + tags: auth - import_tasks: sudoers.yml + tags: sudoers diff --git a/roles/debian-guest/tasks/sudoers.yml b/roles/debian-guest/tasks/sudoers.yml index 0671ddd..45e1d8c 100644 --- a/roles/debian-guest/tasks/sudoers.yml +++ b/roles/debian-guest/tasks/sudoers.yml @@ -3,7 +3,7 @@ name: sudo state: present - name: Add sysadmin to sudoers - copy: + template: src: sudoers dest: /etc/sudoers.d/vn mode: u=rw,g=r,o= diff --git a/roles/debian-guest/templates/nslcd.conf b/roles/debian-guest/templates/nslcd.conf new file mode 100644 index 0000000..ba36843 --- /dev/null +++ b/roles/debian-guest/templates/nslcd.conf @@ -0,0 +1,16 @@ +# See nslcd.conf(5) for details. + +uid nslcd +gid nslcd + +uri {{ ldap_uri }} +idle_timelimit 60 + +base {{ ldap_base }} +binddn cn=nss,ou=admins,{{ ldap_base }} +bindpw {{ nslcd_password }} +pagesize 500 + +filter group (&(objectClass=posixGroup)(cn={{ sysadmin_group }})) +filter passwd (&(objectClass=posixAccount)(memberOf=cn={{ sysadmin_group }},ou=dnGroups,{{ ldap_base }})) +pam_authz_search (&(objectClass=posixGroup)(cn={{ sysadmin_group }})(memberuid=$username)) diff --git a/roles/debian-guest/templates/sudoers b/roles/debian-guest/templates/sudoers new file mode 100644 index 0000000..0479f3a --- /dev/null +++ b/roles/debian-guest/templates/sudoers @@ -0,0 +1 @@ +%{{ sysadmin_group }} ALL=(ALL) NOPASSWD: ALL diff --git a/roles/debian-qemu/vars/main.yml b/roles/debian-qemu/defaults/main.yml similarity index 100% rename from roles/debian-qemu/vars/main.yml rename to roles/debian-qemu/defaults/main.yml diff --git a/roles/debian-qemu/files/auto.homes b/roles/debian-qemu/files/auto.homes deleted file mode 100644 index a8cfec3..0000000 --- a/roles/debian-qemu/files/auto.homes +++ /dev/null @@ -1 +0,0 @@ -* -fstype=nfs4,rw homes.servers.dc.verdnatura.es:/mnt/homes/& diff --git a/roles/debian-qemu/files/homes.autofs b/roles/debian-qemu/files/homes.autofs deleted file mode 100644 index f28eff2..0000000 --- a/roles/debian-qemu/files/homes.autofs +++ /dev/null @@ -1 +0,0 @@ -/mnt/homes /etc/auto.homes --timeout=30 diff --git a/roles/debian-qemu/tasks/autofs.yml b/roles/debian-qemu/tasks/autofs.yml index 049e21d..8701228 100644 --- a/roles/debian-qemu/tasks/autofs.yml +++ b/roles/debian-qemu/tasks/autofs.yml @@ -8,7 +8,7 @@ - libnfs-utils - autofs-ldap - name: Create homes directory - ansible.builtin.file: + file: path: "{{ homes_path }}" state: directory mode: '0755' @@ -18,14 +18,14 @@ line: "automount: files" notify: restart-nslcd - name: Add file homes.autofs configured to autofs - copy: + template: src: homes.autofs dest: /etc/auto.master.d/homes.autofs owner: root group: root mode: '0644' - name: Add file /etc/auto.homes configured to the systemd - copy: + template: src: auto.homes dest: /etc/auto.homes owner: root diff --git a/roles/debian-qemu/tasks/main.yml b/roles/debian-qemu/tasks/main.yml index 3820ce9..ec83e1e 100644 --- a/roles/debian-qemu/tasks/main.yml +++ b/roles/debian-qemu/tasks/main.yml @@ -1,3 +1,6 @@ - import_tasks: agent.yml + tags: agent - import_tasks: hotplug.yml + tags: hotplug - import_tasks: autofs.yml + tags: autofs diff --git a/roles/debian-qemu/templates/auto.homes b/roles/debian-qemu/templates/auto.homes new file mode 100644 index 0000000..8b16230 --- /dev/null +++ b/roles/debian-qemu/templates/auto.homes @@ -0,0 +1 @@ +* -fstype=nfs4,rw {{ homes_server }}:{{ homes_path }}/& diff --git a/roles/debian-qemu/templates/homes.autofs b/roles/debian-qemu/templates/homes.autofs new file mode 100644 index 0000000..c18bad3 --- /dev/null +++ b/roles/debian-qemu/templates/homes.autofs @@ -0,0 +1 @@ +{{ homes_path }} /etc/auto.homes --timeout=30 diff --git a/roles/freeradius/handlers/main.yaml b/roles/freeradius/handlers/main.yaml index b46b437..74c7416 100644 --- a/roles/freeradius/handlers/main.yaml +++ b/roles/freeradius/handlers/main.yaml @@ -1,6 +1,5 @@ -# restart freeradius service to apply changes -- name: restart freeradius +- name: restart-freeradius service: - name: "{{ freeradius_daemon }}" + name: freeradius state: restarted enabled: yes \ No newline at end of file diff --git a/roles/freeradius/vars/main.yaml b/roles/freeradius/vars/main.yaml index 5d83bfc..baa3263 100644 --- a/roles/freeradius/vars/main.yaml +++ b/roles/freeradius/vars/main.yaml @@ -8,6 +8,5 @@ freeradius_dictionary_config: "{{ freeradius_base_folder }}dictionary" freeradius_clients_config: "{{ freeradius_base_folder }}clients.conf" freeradius_mod_ldap: "{{ freeradius_mods_available_folder }}ldap" freeradius_filter_config: "{{ freeradius_base_folder }}policy.d/filter" -freeradius_daemon: freeradius freeradius_pam_config: /etc/pam.d/radiusd freeradius_service_config: /lib/systemd/system/freeradius.service diff --git a/roles/nsupdate/tasks/main.yml b/roles/nsupdate/tasks/main.yml index 797156d..fa918d9 100644 --- a/roles/nsupdate/tasks/main.yml +++ b/roles/nsupdate/tasks/main.yml @@ -3,7 +3,7 @@ key_name: "rndc-key" key_secret: "{{ rndc_key }}" key_algorithm: "hmac-md5" - server: "ns1.verdnatura.es" + server: "{{ main_dns_server }}" zone: "{{ zone_record }}" record: "{{ name_record }}" ttl: "{{ ttl_record }}" diff --git a/vault.yml b/vault.yml new file mode 100644 index 0000000..25a562e --- /dev/null +++ b/vault.yml @@ -0,0 +1,26 @@ +$ANSIBLE_VAULT;1.1;AES256 +37396535616365346266643936343463336564303066356131363064633436353763343735666563 +3234623639383039393735346632636163623435313965660a363363386637666261626661336333 +39643436663965383239323435613339323766623630633430343465313038643235636666343938 +3531636532613661650a336631666138306166346363333534613436396565343161623838363132 +30643532636332356630306563336165663266663237326262336533363665653230393332623134 +63626333303134346435666231386361643137636132383236373937636235326132666230306362 +36363136653963366235626239656339663736393636663136656164393031323663623463393438 +63646635343462363332636531323634623930643737333430613666366335303362323764363533 +39336533366466633132383438633063616564623862366263376638323138623363656164343635 +64346437646435383137313162656237303436343839366261633935613735316166376466616635 +61616132626539656633353032663932653730633365633331313330323932653465656634383334 +64633634326462316164316130373334666365643936646634333032326465373131656161646234 +30376135613534303533326133383661353235343034356466333961396237373937353137373735 +32373633396438313133663839373663656139346163386336373265356265613038646633386334 +37353331373332373636346166333639343936633464663335653762386431376632613430363666 +66636139663662633861643733306238646335353664636265623464393163343462326239613662 +63633236326161643838353931646566323236326636376331663463333664636566666462303063 +31303436356164623234346362386633633633623230366366393839376239636533636564666663 +39663034373664663063656561306132383734646263656464626432633963396638363362396664 +37303038373038346536613235333237613435663632656334643334326232396336653035326162 +63663637306531373030643962386339393263653262363037626538386132353363663761363138 +62663532313862396339653364306533326639333139336636343762373038333838313762393431 +34386239303765653930306334393339383234303137346461633231353637326137353964613832 +61353035353539633334333337346665383937346566396438306465336337366661323435616133 +37643932306265633465643430636662653865313661663331316662303861356466 -- 2.40.1 From 18ac55d1c87904b4298eb5f4c68290f772f94658 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Fri, 27 Sep 2024 14:07:07 +0200 Subject: [PATCH 073/138] refs #8025 vault_password_file commented --- README.md | 5 ++++- ansible.cfg | 1 - vault-playbook.sh | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) create mode 100755 vault-playbook.sh diff --git a/README.md b/README.md index 6f9efbb..065d635 100644 --- a/README.md +++ b/README.md @@ -16,11 +16,14 @@ locally to ensure they work properly. Launch playbook on the fly on a host not declared in the inventory. ``` -ansible-playbook -u root -i , [--tags tag1,tag2] playbooks/test.yml +./run-playbook.sh -i , [--tags tag1,tag2] playbooks/test.yml ``` *Note the comma at the end of the hostname or IP.* +When running playbooks that use the vault, the *vault-playbook.sh* script can +be used, it is ovelay over the original *ansible-playbook* command. + ## Manage vault Place vault password into *.vaultpass* file. diff --git a/ansible.cfg b/ansible.cfg index a6fd83b..2d15a49 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -5,7 +5,6 @@ roles_path = ./roles inventory = ./inventories/production gathering = smart interpreter_python = auto_silent -vault_password_file = .vaultpass [privilege_escalation] become = True diff --git a/vault-playbook.sh b/vault-playbook.sh new file mode 100755 index 0000000..0a1398a --- /dev/null +++ b/vault-playbook.sh @@ -0,0 +1,2 @@ +#!/bin/bash +ansible-playbook --vault-password-file .vaultpass $@ -- 2.40.1 From 1553e2728106aa0528576c5b50bc042d781ddf4f Mon Sep 17 00:00:00 2001 From: Juan Ferrer Date: Fri, 27 Sep 2024 18:34:39 +0000 Subject: [PATCH 074/138] Update README.md --- README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 065d635..7901323 100644 --- a/README.md +++ b/README.md @@ -16,17 +16,18 @@ locally to ensure they work properly. Launch playbook on the fly on a host not declared in the inventory. ``` -./run-playbook.sh -i , [--tags tag1,tag2] playbooks/test.yml +ansible-playbook.sh -i , [--tags tag1,tag2] playbooks/test.yml ``` *Note the comma at the end of the hostname or IP.* -When running playbooks that use the vault, the *vault-playbook.sh* script can -be used, it is ovelay over the original *ansible-playbook* command. - ## Manage vault -Place vault password into *.vaultpass* file. + + +When running playbooks that use the vault, the *vault-playbook.sh* script can +be used, it is ovelay over the original *ansible-playbook* command. Note that +password must be saved into *.vaultpass* file. Edit vault file. ``` -- 2.40.1 From a6bb9da5c4b6b71c3c60d77c9088ee873dbf10e8 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Date: Fri, 27 Sep 2024 18:40:10 +0000 Subject: [PATCH 075/138] Update README.md --- README.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 7901323..a1de63d 100644 --- a/README.md +++ b/README.md @@ -23,17 +23,16 @@ ansible-playbook.sh -i , [--tags tag1,tag2] playbooks/test.yml ## Manage vault - - -When running playbooks that use the vault, the *vault-playbook.sh* script can -be used, it is ovelay over the original *ansible-playbook* command. Note that -password must be saved into *.vaultpass* file. +To manage Ansible vault place the password into *.vaultpass* file. Edit vault file. ``` -ansible-vault edit vault.yml +ansible-vault {view,edit} --vault-pass-file .vaultpass vault.yml ``` +When running playbooks that use the vault the *vault-playbook.sh* script can +be used, it is ovelay over the original *ansible-playbook* command. + ## Common playbooks * **facts.yml**: Collect and display facts from a host -- 2.40.1 From 7b90daa25364bd93c444026075e4ae286fd48fe2 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Date: Fri, 27 Sep 2024 18:40:43 +0000 Subject: [PATCH 076/138] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a1de63d..71ab1f5 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ ansible-playbook.sh -i , [--tags tag1,tag2] playbooks/test.yml To manage Ansible vault place the password into *.vaultpass* file. -Edit vault file. +View or edit the vault file. ``` ansible-vault {view,edit} --vault-pass-file .vaultpass vault.yml ``` -- 2.40.1 From 5bf05ebb29c78017a692dcc06e40807d41a73294 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 30 Sep 2024 08:07:30 +0200 Subject: [PATCH 077/138] refs #8025 inventory dns suffix and patterns, added ceph pve and kube playboks, small refactor --- README.md | 2 +- inventories/core | 35 +++++----- inventories/group_vars/all.yml | 1 + inventories/lab | 37 ++++++++++ inventories/laboratory | 50 -------------- inventories/production | 99 --------------------------- inventories/servers | 81 ++++++++++++++++++++++ playbooks/ceph.yml | 5 ++ playbooks/kube.yml | 5 ++ playbooks/pve.yml | 5 ++ roles/ceph/files/nrpe.cfg | 5 ++ roles/ceph/handlers/main.yml | 4 ++ roles/ceph/tasks/main.yml | 8 +++ roles/debian-base/defaults/main.yaml | 13 ---- roles/debian-base/tasks/relayhost.yml | 26 +++---- roles/kube/files/nrpe.cfg | 5 ++ roles/kube/handlers/main.yml | 4 ++ roles/kube/tasks/main.yml | 8 +++ roles/pve/files/nrpe.cfg | 3 + roles/pve/files/sudoers | 1 + roles/pve/files/vhost.conf | 1 + roles/pve/handlers/main.yml | 4 ++ roles/pve/tasks/main.yml | 22 ++++++ 23 files changed, 230 insertions(+), 194 deletions(-) create mode 100644 inventories/lab delete mode 100644 inventories/laboratory delete mode 100644 inventories/production create mode 100644 inventories/servers create mode 100644 playbooks/ceph.yml create mode 100644 playbooks/kube.yml create mode 100644 playbooks/pve.yml create mode 100644 roles/ceph/files/nrpe.cfg create mode 100644 roles/ceph/handlers/main.yml create mode 100644 roles/ceph/tasks/main.yml create mode 100644 roles/kube/files/nrpe.cfg create mode 100644 roles/kube/handlers/main.yml create mode 100644 roles/kube/tasks/main.yml create mode 100644 roles/pve/files/nrpe.cfg create mode 100644 roles/pve/files/sudoers create mode 100644 roles/pve/files/vhost.conf create mode 100644 roles/pve/handlers/main.yml create mode 100644 roles/pve/tasks/main.yml diff --git a/README.md b/README.md index 71ab1f5..ed715b1 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ locally to ensure they work properly. Launch playbook on the fly on a host not declared in the inventory. ``` -ansible-playbook.sh -i , [--tags tag1,tag2] playbooks/test.yml +ansible-playbook -i , [-t tag1,tag2] playbooks/test.yml ``` *Note the comma at the end of the hostname or IP.* diff --git a/inventories/core b/inventories/core index 27037d1..070b7f6 100644 --- a/inventories/core +++ b/inventories/core @@ -1,18 +1,17 @@ +[all:vars] +host_domain=core.dc.verdnatura.es + +[backup:vars] +host_domain=backup.dc.verdnatura.es + [ceph] -ceph1 ansible_host=ceph1.core.dc.verdnatura.es -ceph2 ansible_host=ceph2.core.dc.verdnatura.es -ceph3 ansible_host=ceph3.core.dc.verdnatura.es +ceph[1:3] [ceph_gw] -ceph-gw1 ansible_host=ceph-gw1.core.dc.verdnatura.es -ceph-gw2 ansible_host=ceph-gw2.core.dc.verdnatura.es +ceph-gw[1:2] [pve] -pve01 ansible_host=pve01.core.dc.verdnatura.es -pve02 ansible_host=pve02.core.dc.verdnatura.es -pve03 ansible_host=pve03.core.dc.verdnatura.es -pve04 ansible_host=pve04.core.dc.verdnatura.es -pve05 ansible_host=pve04.core.dc.verdnatura.es +pve[01:05] [infra:children] ceph @@ -20,13 +19,13 @@ ceph_gw pve [core] -core-agent ansible_host=core-agent.core.dc.verdnatura.es -core-proxy ansible_host=core-proxy.core.dc.verdnatura.es +core-agent +core-proxy [backup] -bacula-dir ansible_host=bacula-dir.backup.dc.verdnatura.es -bacula-db ansible_host=bacula-db.backup.dc.verdnatura.es -bacularis ansible_host=bacularis.backup.dc.verdnatura.es -backup-nas ansible_host=backup-nas.backup.dc.verdnatura.es -tftp ansible_host=tftp.backup.dc.verdnatura.es -kube-backup ansible_host=kube-backup.backup.dc.verdnatura.es +bacula-dir +bacula-db +bacularis +backup-nas +tftp +kube-backup diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index 5dd7be7..22824da 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -1,3 +1,4 @@ +ansible_host: "{{inventory_hostname_short}}.{{host_domain}}" sysadmin_mail: sysadmin@verdnatura.es sysadmin_group: sysadmin smtp_server: smtp.verdnatura.es diff --git a/inventories/lab b/inventories/lab new file mode 100644 index 0000000..809234a --- /dev/null +++ b/inventories/lab @@ -0,0 +1,37 @@ +[all:vars] +host_domain=lab.verdnatura.es + +[cephlab] +cephlab[01:03] + +[pvelab] +pvelab[01:03] + +[infra:children] +cephlab +pvelab + +[cephtest] +cephtest[01:03] + +[kubepre] +kubepre-helm +kubepre-proxy1 +kubepre-master[1:3] +kubepre-worker[1:4] + +[kubetest] +kubetest-helm +kubetest-master[01:03] +kubetest-worker[01:04] + +[laboratory] +corelab-proxy1 +zammad +matrix + +[guest:children] +cephtest +kubepre +kubetest +laboratory diff --git a/inventories/laboratory b/inventories/laboratory deleted file mode 100644 index 15d14ef..0000000 --- a/inventories/laboratory +++ /dev/null @@ -1,50 +0,0 @@ -[cephlab] -cephlab01 ansible_host=cephlab01.lab.verdnatura.es -cephlab02 ansible_host=cephlab02.lab.verdnatura.es -cephlab03 ansible_host=cephlab03.lab.verdnatura.es - -[pvelab] -pvelab01 ansible_host=pvelab01.lab.verdnatura.es -pvelab02 ansible_host=pvelab02.lab.verdnatura.es -pvelab03 ansible_host=pvelab03.lab.verdnatura.es - -[infra:children] -cephlab -pvelab - -[cephtest] -cephtest01 ansible_host=cephtest01.lab.verdnatura.es -cephtest02 ansible_host=cephtest02.lab.verdnatura.es -cephtest03 ansible_host=cephtest03.lab.verdnatura.es - -[kubepre] -kubepre-helm ansible_host=kubepre-helm.lab.verdnatura.es -kubepre-proxy1 ansible_host=kubepre-proxy1.lab.verdnatura.es -kubepre-master1 ansible_host=kubepre-master1.lab.verdnatura.es -kubepre-master2 ansible_host=kubepre-master2.lab.verdnatura.es -kubepre-master3 ansible_host=kubepre-master3.lab.verdnatura.es -kubepre-worker1 ansible_host=kubepre-worker1.lab.verdnatura.es -kubepre-worker2 ansible_host=kubepre-worker2.lab.verdnatura.es -kubepre-worker3 ansible_host=kubepre-worker3.lab.verdnatura.es -kubepre-worker4 ansible_host=kubepre-worker4.lab.verdnatura.es - -[kubetest] -kubetest-helm ansible_host=kubetest-helm.lab.verdnatura.es -kubetest-master01 ansible_host=kubetest-master01.lab.verdnatura.es -kubetest-master02 ansible_host=kubetest-master02.lab.verdnatura.es -kubetest-master03 ansible_host=kubetest-master03.lab.verdnatura.es -kubetest-worker01 ansible_host=kubetest-worker01.lab.verdnatura.es -kubetest-worker02 ansible_host=kubetest-worker02.lab.verdnatura.es -kubetest-worker03 ansible_host=kubetest-worker03.lab.verdnatura.es -kubetest-worker04 ansible_host=kubetest-worker04.lab.verdnatura.es - -[laboratory] -corelab-proxy1 ansible_host=corelab-proxy1.lab.verdnatura.es -zammad ansible_host=zammad.lab.verdnatura.es -matrix ansible_host=matrix.lab.verdnatura.es - -[guest:children] -cephtest -kubepre -kubetest -laboratory diff --git a/inventories/production b/inventories/production deleted file mode 100644 index 1e38715..0000000 --- a/inventories/production +++ /dev/null @@ -1,99 +0,0 @@ -[kube_master] -kube-master1 ansible_host=kube-master1.servers.dc.verdnatura.es -kube-master2 ansible_host=kube-master2.servers.dc.verdnatura.es -kube-master3 ansible_host=kube-master3.servers.dc.verdnatura.es -kube-master4 ansible_host=kube-master4.servers.dc.verdnatura.es -kube-master5 ansible_host=kube-master5.servers.dc.verdnatura.es - -[kube_worker] -kube-worker1 ansible_host=kube-worker1.servers.dc.verdnatura.es -kube-worker2 ansible_host=kube-worker2.servers.dc.verdnatura.es -kube-worker3 ansible_host=kube-worker3.servers.dc.verdnatura.es -kube-worker4 ansible_host=kube-worker4.servers.dc.verdnatura.es -kube-worker5 ansible_host=kube-worker5.servers.dc.verdnatura.es - -[kube_proxy] -kube-proxy1 ansible_host=kube-proxy1.servers.dc.verdnatura.es -kube-proxy2 ansible_host=kube-proxy2.servers.dc.verdnatura.es - -[kube_helper] -kube-helm ansible_host=kube-helm.servers.dc.verdnatura.es - -[kubernetes:children] -kube_master -kube_worker -kube_proxy -kube_helper - -[ad] -dc1 ansible_host=dc1.servers.dc.verdnatura.es -dc2 ansible_host=dc2.servers.dc.verdnatura.es -server ansible_host=server.servers.dc.verdnatura.es - -[db] -db-proxy1 ansible_host=db-proxy1.servers.dc.verdnatura.es -db-proxy2 ansible_host=db-proxy2.servers.dc.verdnatura.es -db1 ansible_host=db1.servers.dc.verdnatura.es -db2 ansible_host=db2.servers.dc.verdnatura.es - -[ldap] -ldap-proxy1 ansible_host=ldap-proxy1.servers.dc.verdnatura.es -ldap-proxy2 ansible_host=ldap-proxy2.servers.dc.verdnatura.es -ldap1 ansible_host=ldap1.servers.dc.verdnatura.es -ldap2 ansible_host=ldap2.servers.dc.verdnatura.es -ldap3 ansible_host=ldap3.servers.dc.verdnatura.es - -[mail] -dovecot ansible_host=dovecot.servers.dc.verdnatura.es -mailgw1 ansible_host=mailgw1.servers.dc.verdnatura.es -mailgw2 ansible_host=mailgw2.servers.dc.verdnatura.es -postfix ansible_host=postfix.servers.dc.verdnatura.es -spamd ansible_host=spamd.servers.dc.verdnatura.es -spamd-db ansible_host=spamd-db.servers.dc.verdnatura.es - -[monitoring] -cacti ansible_host=cacti.servers.dc.verdnatura.es -logger ansible_host=logger.servers.dc.verdnatura.es -nagios ansible_host=nagios.servers.dc.verdnatura.es -nagiosql-db ansible_host=nagiosql-db.servers.dc.verdnatura.es -librenms ansible_host=librenms.servers.dc.verdnatura.es - -[network] -dhcp1 ansible_host=dhcp1.servers.dc.verdnatura.es -dhcp2 ansible_host=dhcp2.servers.dc.verdnatura.es -ns1 ansible_host=ns1.servers.dc.verdnatura.es -ns2 ansible_host=ns2.servers.dc.verdnatura.es -unifi ansible_host=unifi.servers.dc.verdnatura.es -vpn ansible_host=vpn.servers.dc.verdnatura.es -time1 ansible_host=time1.servers.dc.verdnatura.es -time2 ansible_host=time2.servers.dc.verdnatura.es - -[princ] -pbx ansible_host=pbx.servers.dc.verdnatura.es -homes ansible_host=homes.servers.dc.verdnatura.es -doku ansible_host=doku.servers.dc.verdnatura.es -iventoy ansible_host=iventoy.servers.dc.verdnatura.es - -[rds] -ts-proxy1 ansible_host=ts-proxy1.servers.dc.verdnatura.es -ts-proxy2 ansible_host=ts-proxy2.servers.dc.verdnatura.es -profiles ansible_host=profiles.servers.dc.verdnatura.es - -[test] -test-db1 ansible_host=test-db1.servers.dc.verdnatura.es -test-db-proxy1 ansible_host=test-db-proxy1.servers.dc.verdnatura.es -test-db-proxy2 ansible_host=test-db-proxy2.servers.dc.verdnatura.es -monthly-db ansible_host=monthly-db.servers.dc.verdnatura.es -dev-db ansible_host=dev-db.servers.dc.verdnatura.es - -[guest:children] -ad -db -kubernetes -ldap -mail -monitoring -network -princ -rds -test diff --git a/inventories/servers b/inventories/servers new file mode 100644 index 0000000..c8fe2ad --- /dev/null +++ b/inventories/servers @@ -0,0 +1,81 @@ +[all:vars] +host_domain=servers.dc.verdnatura.es + +[kube_master] +kube-master[1:5] + +[kube_worker] +kube-worker[1:5] + +[kube_proxy] +kube-proxy[1:2] + +[kube_helper] +kube-helm + +[kubernetes:children] +kube_master +kube_worker +kube_proxy +kube_helper + +[ad] +dc[1:2] +server + +[db] +db-proxy[1:2] +db[1:2] + +[ldap] +ldap-proxy[1:2] +ldap[1:3] + +[mail] +dovecot +mailgw[1:2] +postfix +spamd +spamd-db + +[monitoring] +cacti +logger +nagios +nagiosql-db +librenms + +[network] +dhcp[1:2] +ns[1:2] +unifi +vpn +time[1:2] + +[princ] +pbx +homes +doku +iventoy + +[rds] +ts-proxy[1:2] +profiles + +[test] +test-db1 +test-db-proxy[1:2] +monthly-db +dev-db + +[guest:children] +ad +db +kubernetes +ldap +mail +monitoring +network +princ +rds +test diff --git a/playbooks/ceph.yml b/playbooks/ceph.yml new file mode 100644 index 0000000..f8189a7 --- /dev/null +++ b/playbooks/ceph.yml @@ -0,0 +1,5 @@ +- name: Configure Ceph + hosts: all + tasks: + - import_role: + name: ceph diff --git a/playbooks/kube.yml b/playbooks/kube.yml new file mode 100644 index 0000000..0b7d9bf --- /dev/null +++ b/playbooks/kube.yml @@ -0,0 +1,5 @@ +- name: Configure Kubernetes + hosts: all + tasks: + - import_role: + name: kube diff --git a/playbooks/pve.yml b/playbooks/pve.yml new file mode 100644 index 0000000..ab7c817 --- /dev/null +++ b/playbooks/pve.yml @@ -0,0 +1,5 @@ +- name: Configure PVE + hosts: all + tasks: + - import_role: + name: pve diff --git a/roles/ceph/files/nrpe.cfg b/roles/ceph/files/nrpe.cfg new file mode 100644 index 0000000..76d252f --- /dev/null +++ b/roles/ceph/files/nrpe.cfg @@ -0,0 +1,5 @@ +command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 700 -c 1000 +command[check_chrony]=/usr/lib/nagios/plugins/check_chrony 1 2 +command[check_smartdisk]=/etc/nagios/plugins/check_smartdisk.sh /dev/sda /dev/sdb +command[check_raid]=/usr/lib/nagios/plugins/check_raid +command[check_mon]=/etc/nagios/plugins/check_ceph_mon --id nagios --monid "`hostname`" diff --git a/roles/ceph/handlers/main.yml b/roles/ceph/handlers/main.yml new file mode 100644 index 0000000..0399734 --- /dev/null +++ b/roles/ceph/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart-nrpe + service: + name: nagios-nrpe-server + state: restarted diff --git a/roles/ceph/tasks/main.yml b/roles/ceph/tasks/main.yml new file mode 100644 index 0000000..c1af77e --- /dev/null +++ b/roles/ceph/tasks/main.yml @@ -0,0 +1,8 @@ +- name: Set NRPE Ceph configuration + copy: + src: nrpe.cfg + dest: /etc/nagios/nrpe.d/95-ceph.cfg + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart-nrpe diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index 3eb8039..6bd18b1 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -5,16 +5,3 @@ fail2ban: bantime: 600 maxretry: 4 ignore: "127.0.0.0/8 {{ dc_net }}" -exim_dc_eximconfig_configtype: satellite -dc_other_hostnames: "{{ ansible_fqdn }}" -dc_local_interfaces: 127.0.0.1 -dc_readhost: "{{ ansible_fqdn }}" -dc_relay_domains: "" -dc_minimaldns: false -dc_relay_nets: "" -dc_smarthost: "{{ smtp_server }}" -CFILEMODE: 644 -dc_use_split_config: false -dc_hide_mailname: true -dc_mailname_in_oh: true -dc_localdelivery: mail_spool diff --git a/roles/debian-base/tasks/relayhost.yml b/roles/debian-base/tasks/relayhost.yml index eab5dc9..88ee3e2 100644 --- a/roles/debian-base/tasks/relayhost.yml +++ b/roles/debian-base/tasks/relayhost.yml @@ -11,31 +11,31 @@ mode: 0644 with_items: - regexp: '^dc_eximconfig_configtype' - line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'" + line: "dc_eximconfig_configtype='satellite'" - regexp: '^dc_other_hostnames' - line: "dc_other_hostnames='{{ dc_other_hostnames }}'" + line: "dc_other_hostnames='{{ ansible_fqdn }}'" - regexp: '^dc_local_interfaces' - line: "dc_local_interfaces='{{ dc_local_interfaces }}'" + line: "dc_local_interfaces='127.0.0.1'" - regexp: '^dc_readhost' - line: "dc_readhost='{{ dc_readhost }}'" + line: "dc_readhost='{{ ansible_fqdn }}'" - regexp: '^dc_relay_domains' - line: "dc_relay_domains='{{ dc_relay_domains }}'" + line: "dc_relay_domains=''" - regexp: '^dc_minimaldns' - line: "dc_minimaldns='{{ dc_minimaldns }}'" + line: "dc_minimaldns='false'" - regexp: '^dc_relay_nets' - line: "dc_relay_nets='{{ dc_relay_nets }}'" + line: "dc_relay_nets=''" - regexp: '^dc_smarthost' - line: "dc_smarthost='{{ dc_smarthost }}'" + line: "dc_smarthost='{{ smtp_server }}'" - regexp: '^CFILEMODE' - line: "CFILEMODE='{{ CFILEMODE }}'" + line: "CFILEMODE='644'" - regexp: '^dc_use_split_config' - line: "dc_use_split_config='{{ dc_use_split_config }}'" + line: "dc_use_split_config='false'" - regexp: '^dc_hide_mailname' - line: "dc_hide_mailname='{{ dc_hide_mailname }}'" + line: "dc_hide_mailname='true'" - regexp: '^dc_mailname_in_oh' - line: "dc_mailname_in_oh='{{ dc_mailname_in_oh }}'" + line: "dc_mailname_in_oh='true'" - regexp: '^dc_localdelivery' - line: "dc_localdelivery='{{ dc_localdelivery }}'" + line: "dc_localdelivery='mail_spool'" notify: restart-exim register: exim_config - name: Update exim configuration diff --git a/roles/kube/files/nrpe.cfg b/roles/kube/files/nrpe.cfg new file mode 100644 index 0000000..b05af2f --- /dev/null +++ b/roles/kube/files/nrpe.cfg @@ -0,0 +1,5 @@ +command[check_mountpoints]=/etc/nagios/plugins/check_mountpoints /var/lib/containerd +command[check_disk_containerd]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /var/lib/containerd +command[check_readonly]=/etc/nagios/plugins/check_fs_readable.pl +command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 1000 -c 1500 +command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 25 -c 50 -s Z diff --git a/roles/kube/handlers/main.yml b/roles/kube/handlers/main.yml new file mode 100644 index 0000000..0399734 --- /dev/null +++ b/roles/kube/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart-nrpe + service: + name: nagios-nrpe-server + state: restarted diff --git a/roles/kube/tasks/main.yml b/roles/kube/tasks/main.yml new file mode 100644 index 0000000..713d932 --- /dev/null +++ b/roles/kube/tasks/main.yml @@ -0,0 +1,8 @@ +- name: Set NRPE Kubernetes configuration + copy: + src: nrpe.cfg + dest: /etc/nagios/nrpe.d/95-kube.cfg + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart-nrpe diff --git a/roles/pve/files/nrpe.cfg b/roles/pve/files/nrpe.cfg new file mode 100644 index 0000000..27587cd --- /dev/null +++ b/roles/pve/files/nrpe.cfg @@ -0,0 +1,3 @@ +command[check_zfs]=/etc/nagios/plugins/check_zfs.pl +command[check_chrony]=/etc/nagios/plugins/check_chrony -w 1 -c 2 +command[check_smartdisk]=/etc/nagios/plugins/check_smartdisk.sh /dev/sda /dev/sdb /dev/sdc /dev/sdd diff --git a/roles/pve/files/sudoers b/roles/pve/files/sudoers new file mode 100644 index 0000000..448fcd8 --- /dev/null +++ b/roles/pve/files/sudoers @@ -0,0 +1 @@ +nagios ALL=(root) NOPASSWD: /usr/bin/zpool,/usr/sbin/smartctl,/usr/lib/nagios/plugins/check_zfs.pl diff --git a/roles/pve/files/vhost.conf b/roles/pve/files/vhost.conf new file mode 100644 index 0000000..f536dc0 --- /dev/null +++ b/roles/pve/files/vhost.conf @@ -0,0 +1 @@ +options vhost max_mem_regions=512 diff --git a/roles/pve/handlers/main.yml b/roles/pve/handlers/main.yml new file mode 100644 index 0000000..0399734 --- /dev/null +++ b/roles/pve/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart-nrpe + service: + name: nagios-nrpe-server + state: restarted diff --git a/roles/pve/tasks/main.yml b/roles/pve/tasks/main.yml new file mode 100644 index 0000000..101abcf --- /dev/null +++ b/roles/pve/tasks/main.yml @@ -0,0 +1,22 @@ +- name: Set NRPE PVE configuration + copy: + src: nrpe.cfg + dest: /etc/nagios/nrpe.d/95-pve.cfg + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart-nrpe +- name: Add nagios to sudoers + copy: + src: sudoers + dest: /etc/sudoers.d/nagios + mode: u=rw,g=r,o= + owner: root + group: root +- name: Configure memory regions + copy: + src: vhost.conf + dest: /etc/modprobe.d/ + mode: u=rw,g=r,o=r + owner: root + group: root -- 2.40.1 From 210edd5b799acc153686bc4e02f8664710c530d5 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 30 Sep 2024 14:25:35 +0200 Subject: [PATCH 078/138] refs #8025 passbolt test --- .gitignore | 1 + README.md | 14 ++++++++++++++ ansible.cfg | 2 +- collections/README.md | 6 +++--- collections/requirements.yml | 3 +++ playbooks/passbolt.yml | 10 ++++++++++ requirements.txt | 1 + 7 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 playbooks/passbolt.yml create mode 100644 requirements.txt diff --git a/.gitignore b/.gitignore index 973bdc4..644b295 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .vscode/ .vaultpass +.pyenv diff --git a/README.md b/README.md index ed715b1..5040b75 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,18 @@ Instal Ansible on Debian. apt install ansible ``` +Install dependencies. +``` +ansible-galaxy collection install -r collections/requirements.yml +``` + +Create Python virtual environment. +``` +python3 -m venv .pyenv +source .pyenv/bin/activate +pip install -r requirements.txt +``` + ## Run playbook Before merging changes into protected branches, playbooks should be tested @@ -45,3 +57,5 @@ be used, it is ovelay over the original *ansible-playbook* command. * https://docs.ansible.com/ansible/latest/reference_appendices/config.html * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/gather_facts_module.html * https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html +* https://www.passbolt.com/blog/managing-secrets-in-ansible-using-passbolt +* https://galaxy.ansible.com/ui/repo/published/anatomicjc/passbolt/ diff --git a/ansible.cfg b/ansible.cfg index 2d15a49..8dd7b9f 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,7 +2,7 @@ remote_user = root host_key_checking = False roles_path = ./roles -inventory = ./inventories/production +inventory = ./inventories/servers gathering = smart interpreter_python = auto_silent diff --git a/collections/README.md b/collections/README.md index 9566a14..5868f6a 100644 --- a/collections/README.md +++ b/collections/README.md @@ -1,8 +1,8 @@ ## Collections -The purpose of collections is get more modules and plugins to use in ansible. - -Collections are supported by Ansible community. +The purpose of collections is get more modules and plugins to use in ansible. +Place your collection dependencies here in *requirements.yml* and AWX will +install them automtatically. # Install collections diff --git a/collections/requirements.yml b/collections/requirements.yml index a745157..ec5156f 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -11,3 +11,6 @@ collections: - name: ansible.windows version: '>=2.3.0' type: galaxy +- name: anatomicjc.passbolt + version: '>=0.0.14' + type: galaxy diff --git a/playbooks/passbolt.yml b/playbooks/passbolt.yml new file mode 100644 index 0000000..20ec1cc --- /dev/null +++ b/playbooks/passbolt.yml @@ -0,0 +1,10 @@ +- name: Fetch passbolt password + hosts: all + gather_facts: no + tasks: + - name: Print password + debug: + msg: "Variable: {{ lookup(passbolt, 'test') }}" + vars: + passbolt: 'anatomicjc.passbolt.passbolt' + passbolt_inventory: 'anatomicjc.passbolt.passbolt_inventory' diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..8adf616 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +py-passbolt==0.0.18 -- 2.40.1 From 71dfa53a8cd1d6ffead755c353a375d53dccb1d9 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 1 Oct 2024 06:49:36 +0200 Subject: [PATCH 079/138] refs #8025 python depts fix --- requirements.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/requirements.txt b/requirements.txt index 8adf616..7915399 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,3 @@ py-passbolt==0.0.18 +cryptography==3.3.2 +ansible==2.1.0 -- 2.40.1 From e50986db6465e9215169855f126160de4f788b1b Mon Sep 17 00:00:00 2001 From: David Lopez Date: Tue, 1 Oct 2024 09:18:56 +0000 Subject: [PATCH 080/138] Actualizar roles/debian-qemu/tasks/hotplug.yml --- roles/debian-qemu/tasks/hotplug.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/debian-qemu/tasks/hotplug.yml b/roles/debian-qemu/tasks/hotplug.yml index 4dc9a34..fda87d5 100644 --- a/roles/debian-qemu/tasks/hotplug.yml +++ b/roles/debian-qemu/tasks/hotplug.yml @@ -14,5 +14,3 @@ group: root - name: Generate GRUB configuration command: update-grub -- include_role: - name: linux-autofs -- 2.40.1 From 0a73bc63b394545e8c372fd334aeb555e14f9ad6 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 1 Oct 2024 14:14:51 +0200 Subject: [PATCH 081/138] refs #8025 #7892 roles debian-once & debian-host, sysctl, README, environment --- .gitignore | 3 +- README.md | 13 +- ansible.cfg | 2 +- collections/requirements.yml | 6 - context/Dockerfile | 83 ++++++++++++ execution-environment.yml | 4 + inventories/group_vars/all.yml | 4 +- playbooks/debian-once.yml | 5 + playbooks/debian.yml | 4 + playbooks/passbolt.yml | 6 +- requirements.txt | 1 - roles/debian-base/tasks/defuser.yaml | 5 + roles/debian-base/tasks/main.yml | 2 + roles/debian-base/tasks/root.yaml | 9 -- roles/debian-host/files/sysctl/30-basic.conf | 4 + .../debian-host/files/sysctl/40-network.conf | 7 + roles/debian-host/files/sysctl/42-noipv6.conf | 3 + roles/debian-host/handlers/main.yml | 4 + roles/debian-host/tasks/hostname.yml | 12 ++ roles/debian-host/tasks/main.yml | 4 + roles/debian-host/tasks/resolv.yml | 9 ++ roles/debian-host/tasks/sysctl.yml | 8 ++ .../templates/resolv.conf} | 4 +- roles/debian-once/defaults/main.yaml | 1 + roles/debian-once/tasks/main.yml | 4 + roles/debian-once/tasks/root.yml | 14 ++ roles/debian-once/tasks/ssh.yml | 10 ++ roles/linux-hostname/tasks/main.yml | 23 ---- roles/linux-hostname/templates/hosts.j2 | 5 - roles/pve/files/nrpe/check_chrony | 127 ++++++++++++++++++ roles/pve/files/nrpe/check_smartdisk.sh | 22 +++ roles/pve/files/nrpe/check_zfs.pl | 120 +++++++++++++++++ roles/pve/tasks/main.yml | 9 ++ .../handlers/main.yml | 0 .../tasks/main.yml | 0 .../vars/main.yaml | 0 vault-playbook.sh | 1 + 37 files changed, 482 insertions(+), 56 deletions(-) create mode 100644 context/Dockerfile create mode 100644 execution-environment.yml create mode 100644 playbooks/debian-once.yml create mode 100644 roles/debian-base/tasks/defuser.yaml delete mode 100644 roles/debian-base/tasks/root.yaml create mode 100644 roles/debian-host/files/sysctl/30-basic.conf create mode 100644 roles/debian-host/files/sysctl/40-network.conf create mode 100644 roles/debian-host/files/sysctl/42-noipv6.conf create mode 100644 roles/debian-host/handlers/main.yml create mode 100644 roles/debian-host/tasks/hostname.yml create mode 100644 roles/debian-host/tasks/main.yml create mode 100644 roles/debian-host/tasks/resolv.yml create mode 100644 roles/debian-host/tasks/sysctl.yml rename roles/{linux-hostname/templates/resolv.j2 => debian-host/templates/resolv.conf} (60%) create mode 100644 roles/debian-once/defaults/main.yaml create mode 100644 roles/debian-once/tasks/main.yml create mode 100644 roles/debian-once/tasks/root.yml create mode 100644 roles/debian-once/tasks/ssh.yml delete mode 100644 roles/linux-hostname/tasks/main.yml delete mode 100644 roles/linux-hostname/templates/hosts.j2 create mode 100755 roles/pve/files/nrpe/check_chrony create mode 100755 roles/pve/files/nrpe/check_smartdisk.sh create mode 100755 roles/pve/files/nrpe/check_zfs.pl rename roles/{linux-secure-grub => secure-grub}/handlers/main.yml (100%) rename roles/{linux-secure-grub => secure-grub}/tasks/main.yml (100%) rename roles/{linux-secure-grub => secure-grub}/vars/main.yaml (100%) diff --git a/.gitignore b/.gitignore index 644b295..6bea6c1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ .vscode/ .vaultpass -.pyenv +venv +context/_build diff --git a/README.md b/README.md index 5040b75..86bb730 100644 --- a/README.md +++ b/README.md @@ -16,8 +16,9 @@ ansible-galaxy collection install -r collections/requirements.yml Create Python virtual environment. ``` -python3 -m venv .pyenv -source .pyenv/bin/activate +python3 -m venv venv +source venv/bin/activate +pip install --upgrade pip ansible==10.1.0 ansible-builder==3.1.0 pip install -r requirements.txt ``` @@ -45,6 +46,13 @@ ansible-vault {view,edit} --vault-pass-file .vaultpass vault.yml When running playbooks that use the vault the *vault-playbook.sh* script can be used, it is ovelay over the original *ansible-playbook* command. +## Create execution environment + +Create an image with *ansible-builder* and upload it to registry. +``` +ansible-builder build --tag ansible-runner:vn1 +``` + ## Common playbooks * **facts.yml**: Collect and display facts from a host @@ -59,3 +67,4 @@ be used, it is ovelay over the original *ansible-playbook* command. * https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html * https://www.passbolt.com/blog/managing-secrets-in-ansible-using-passbolt * https://galaxy.ansible.com/ui/repo/published/anatomicjc/passbolt/ +* https://www.ansible.com/blog/introduction-to-ansible-builder/ diff --git a/ansible.cfg b/ansible.cfg index 8dd7b9f..c4aa65a 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,7 +2,7 @@ remote_user = root host_key_checking = False roles_path = ./roles -inventory = ./inventories/servers +inventory = ./inventories/lab gathering = smart interpreter_python = auto_silent diff --git a/collections/requirements.yml b/collections/requirements.yml index ec5156f..a97df8d 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -1,10 +1,4 @@ collections: -- name: community.general - version: '>=9.0.0' - type: galaxy -- name: ansible.posix - version: '>=1.5.4' - type: galaxy - name: ansible.utils version: '>=4.1.0' type: galaxy diff --git a/context/Dockerfile b/context/Dockerfile new file mode 100644 index 0000000..c94e222 --- /dev/null +++ b/context/Dockerfile @@ -0,0 +1,83 @@ +ARG EE_BASE_IMAGE="quay.io/ansible/ansible-runner:latest" +ARG PYCMD="/usr/bin/python3" +ARG PKGMGR_PRESERVE_CACHE="" +ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS="" +ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS="" +ARG PKGMGR="/usr/bin/dnf" + +# Base build stage +FROM $EE_BASE_IMAGE as base +USER root +ENV PIP_BREAK_SYSTEM_PACKAGES=1 +ARG EE_BASE_IMAGE +ARG PYCMD +ARG PKGMGR_PRESERVE_CACHE +ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS +ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS +ARG PKGMGR + +COPY _build/scripts/ /output/scripts/ +COPY _build/scripts/entrypoint /opt/builder/bin/entrypoint +RUN /output/scripts/pip_install $PYCMD + +# Galaxy build stage +FROM base as galaxy +ARG EE_BASE_IMAGE +ARG PYCMD +ARG PKGMGR_PRESERVE_CACHE +ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS +ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS +ARG PKGMGR + +RUN /output/scripts/check_galaxy +COPY _build /build +WORKDIR /build + +RUN mkdir -p /usr/share/ansible +RUN ansible-galaxy role install $ANSIBLE_GALAXY_CLI_ROLE_OPTS -r requirements.yml --roles-path "/usr/share/ansible/roles" +RUN ANSIBLE_GALAXY_DISABLE_GPG_VERIFY=1 ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path "/usr/share/ansible/collections" + +# Builder build stage +FROM base as builder +ENV PIP_BREAK_SYSTEM_PACKAGES=1 +WORKDIR /build +ARG EE_BASE_IMAGE +ARG PYCMD +ARG PKGMGR_PRESERVE_CACHE +ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS +ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS +ARG PKGMGR + +RUN $PYCMD -m pip install --no-cache-dir bindep pyyaml packaging + +COPY --from=galaxy /usr/share/ansible /usr/share/ansible + +COPY _build/requirements.txt requirements.txt +RUN $PYCMD /output/scripts/introspect.py introspect --user-pip=requirements.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt +RUN /output/scripts/assemble + +# Final build stage +FROM base as final +ENV PIP_BREAK_SYSTEM_PACKAGES=1 +ARG EE_BASE_IMAGE +ARG PYCMD +ARG PKGMGR_PRESERVE_CACHE +ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS +ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS +ARG PKGMGR + +RUN /output/scripts/check_ansible $PYCMD + +COPY --from=galaxy /usr/share/ansible /usr/share/ansible + +COPY --from=builder /output/ /output/ +RUN /output/scripts/install-from-bindep && rm -rf /output/wheels +RUN chmod ug+rw /etc/passwd +RUN mkdir -p /runner && chgrp 0 /runner && chmod -R ug+rwx /runner +WORKDIR /runner +RUN $PYCMD -m pip install --no-cache-dir 'dumb-init==1.2.5' +RUN rm -rf /output +LABEL ansible-execution-environment=true +USER 1000 +ENTRYPOINT ["/opt/builder/bin/entrypoint", "dumb-init"] +CMD ["bash"] diff --git a/execution-environment.yml b/execution-environment.yml new file mode 100644 index 0000000..f6977c8 --- /dev/null +++ b/execution-environment.yml @@ -0,0 +1,4 @@ +version: 3 +dependencies: + galaxy: collections/requirements.yml + python: requirements.txt diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index 22824da..c53863f 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -9,9 +9,7 @@ main_dns_server: ns1.verdnatura.es ldap_uri: ldap://ldap.verdnatura.es ldap_base: dc=verdnatura,dc=es dc_net: "10.0.0.0/16" -resolv: - domain: verdnatura.es - search: verdnatura.es +resolv_domain: verdnatura.es resolvers: - '10.0.0.4' - '10.0.0.5' diff --git a/playbooks/debian-once.yml b/playbooks/debian-once.yml new file mode 100644 index 0000000..1a59ea0 --- /dev/null +++ b/playbooks/debian-once.yml @@ -0,0 +1,5 @@ +- name: First time host configuration + hosts: all + tasks: + - import_role: + name: debian-once diff --git a/playbooks/debian.yml b/playbooks/debian.yml index 4888a35..3531330 100644 --- a/playbooks/debian.yml +++ b/playbooks/debian.yml @@ -13,3 +13,7 @@ import_role: name: debian-qemu when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm' + - name: Configure virtual machine or host + import_role: + name: debian-host + when: ansible_virtualization_role == 'host' or ansible_virtualization_type == 'kvm' diff --git a/playbooks/passbolt.yml b/playbooks/passbolt.yml index 20ec1cc..792e858 100644 --- a/playbooks/passbolt.yml +++ b/playbooks/passbolt.yml @@ -1,10 +1,10 @@ - name: Fetch passbolt password hosts: all gather_facts: no + vars: + passbolt: 'anatomicjc.passbolt.passbolt' + passbolt_inventory: 'anatomicjc.passbolt.passbolt_inventory' tasks: - name: Print password debug: msg: "Variable: {{ lookup(passbolt, 'test') }}" - vars: - passbolt: 'anatomicjc.passbolt.passbolt' - passbolt_inventory: 'anatomicjc.passbolt.passbolt_inventory' diff --git a/requirements.txt b/requirements.txt index 7915399..c0ee91b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,2 @@ py-passbolt==0.0.18 cryptography==3.3.2 -ansible==2.1.0 diff --git a/roles/debian-base/tasks/defuser.yaml b/roles/debian-base/tasks/defuser.yaml new file mode 100644 index 0000000..b41897b --- /dev/null +++ b/roles/debian-base/tasks/defuser.yaml @@ -0,0 +1,5 @@ +- name: Delete default user + user: + name: "{{ default_user }}" + state: absent + remove: yes diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml index 0e3ba90..405ee97 100644 --- a/roles/debian-base/tasks/main.yml +++ b/roles/debian-base/tasks/main.yml @@ -1,3 +1,5 @@ +- import_tasks: defuser.yml + tags: defuser - import_tasks: install.yml tags: install - import_tasks: locale.yml diff --git a/roles/debian-base/tasks/root.yaml b/roles/debian-base/tasks/root.yaml deleted file mode 100644 index 0bb8a91..0000000 --- a/roles/debian-base/tasks/root.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- name: Delete default user - user: - name: "{{ default_user }}" - state: absent - remove: yes -- name: Change root password - user: - name: root - password: "{{ root_password | password_hash('sha512') }}" diff --git a/roles/debian-host/files/sysctl/30-basic.conf b/roles/debian-host/files/sysctl/30-basic.conf new file mode 100644 index 0000000..3c6f393 --- /dev/null +++ b/roles/debian-host/files/sysctl/30-basic.conf @@ -0,0 +1,4 @@ +vm.swappiness=10 +vm.dirty_ratio=30 +vm.dirty_background_ratio=5 +net.core.somaxconn=65536 diff --git a/roles/debian-host/files/sysctl/40-network.conf b/roles/debian-host/files/sysctl/40-network.conf new file mode 100644 index 0000000..46a4e09 --- /dev/null +++ b/roles/debian-host/files/sysctl/40-network.conf @@ -0,0 +1,7 @@ +net.core.rmem_max=134217728 +net.core.wmem_max=134217728 +net.core.netdev_max_backlog=250000 +net.ipv4.tcp_rmem=4096 87380 67108864 +net.ipv4.tcp_wmem=4096 65536 67108864 +net.ipv4.tcp_congestion_control=htcp +net.ipv4.tcp_mtu_probing=1 diff --git a/roles/debian-host/files/sysctl/42-noipv6.conf b/roles/debian-host/files/sysctl/42-noipv6.conf new file mode 100644 index 0000000..81073be --- /dev/null +++ b/roles/debian-host/files/sysctl/42-noipv6.conf @@ -0,0 +1,3 @@ +net.ipv6.conf.all.disable_ipv6=1 +net.ipv6.conf.default.disable_ipv6=1 +net.ipv6.conf.lo.disable_ipv6=1 \ No newline at end of file diff --git a/roles/debian-host/handlers/main.yml b/roles/debian-host/handlers/main.yml new file mode 100644 index 0000000..35f2de4 --- /dev/null +++ b/roles/debian-host/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart-sysctl + service: + name: systemd-sysctl + state: restarted diff --git a/roles/debian-host/tasks/hostname.yml b/roles/debian-host/tasks/hostname.yml new file mode 100644 index 0000000..71c9e4a --- /dev/null +++ b/roles/debian-host/tasks/hostname.yml @@ -0,0 +1,12 @@ +- name: Set the hostname in /etc/hostname + hostname: + name: "{{ inventory_hostname_short }}" + use: debian +- name: Configure hostname in hosts + blockinfile: + path: /etc/hosts + marker_begin: '--- BEGIN VN ---' + marker_end: '--- END VN ---' + marker: "# {mark}" + block: | + {{ ansible_default_ipv4.address }} {{ ansible_host }} {{ inventory_hostname_short }} diff --git a/roles/debian-host/tasks/main.yml b/roles/debian-host/tasks/main.yml new file mode 100644 index 0000000..7f49737 --- /dev/null +++ b/roles/debian-host/tasks/main.yml @@ -0,0 +1,4 @@ +- import_tasks: hostname.yml + tags: hostname +- import_tasks: sysctl.yml + tags: sysctl diff --git a/roles/debian-host/tasks/resolv.yml b/roles/debian-host/tasks/resolv.yml new file mode 100644 index 0000000..9aeb5a4 --- /dev/null +++ b/roles/debian-host/tasks/resolv.yml @@ -0,0 +1,9 @@ +- name: Replace /etc/resolv.conf + template: + src: resolv.conf + dest: /etc/ + owner: root + group: root + mode: '0644' + backup: true + when: resolv_enabled diff --git a/roles/debian-host/tasks/sysctl.yml b/roles/debian-host/tasks/sysctl.yml new file mode 100644 index 0000000..be8eaf7 --- /dev/null +++ b/roles/debian-host/tasks/sysctl.yml @@ -0,0 +1,8 @@ +- name: Set systctl configuration + copy: + src: sysctl/ + dest: /etc/sysctl.d/ + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart-sysctl diff --git a/roles/linux-hostname/templates/resolv.j2 b/roles/debian-host/templates/resolv.conf similarity index 60% rename from roles/linux-hostname/templates/resolv.j2 rename to roles/debian-host/templates/resolv.conf index b137dc2..cce81b4 100644 --- a/roles/linux-hostname/templates/resolv.j2 +++ b/roles/debian-host/templates/resolv.conf @@ -1,5 +1,5 @@ -domain {{ resolv.domain }} -search {{ resolv.search }} +domain {{ resolv_domain }} +search {{ resolv_domain }} {% if resolvers is defined %} {% for resolver in resolvers %} nameserver {{resolver}} diff --git a/roles/debian-once/defaults/main.yaml b/roles/debian-once/defaults/main.yaml new file mode 100644 index 0000000..a0671ab --- /dev/null +++ b/roles/debian-once/defaults/main.yaml @@ -0,0 +1 @@ +root_password: Pa$$w0rd diff --git a/roles/debian-once/tasks/main.yml b/roles/debian-once/tasks/main.yml new file mode 100644 index 0000000..b77c6fc --- /dev/null +++ b/roles/debian-once/tasks/main.yml @@ -0,0 +1,4 @@ +- import_tasks: ssh.yml + tags: ssh +- import_tasks: root.yml + tags: root diff --git a/roles/debian-once/tasks/root.yml b/roles/debian-once/tasks/root.yml new file mode 100644 index 0000000..654b2b4 --- /dev/null +++ b/roles/debian-once/tasks/root.yml @@ -0,0 +1,14 @@ +- name: Generate a random root password + set_fact: + root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}" +- name: Save the root password to a file + copy: + content: "{{ root_password }}\n" + dest: /root/root_password.txt + owner: root + group: root + mode: '0600' +- name: Change root password + user: + name: root + password: "{{ root_password | password_hash('sha512') }}" diff --git a/roles/debian-once/tasks/ssh.yml b/roles/debian-once/tasks/ssh.yml new file mode 100644 index 0000000..84877cc --- /dev/null +++ b/roles/debian-once/tasks/ssh.yml @@ -0,0 +1,10 @@ +- name: Delete old host SSH keys + file: + path: "{{ item }}" + state: absent + with_items: + - /etc/ssh/ssh_host_ecdsa_key + - /etc/ssh/ssh_host_ed25519_key + - /etc/ssh/ssh_host_rsa_key +- name: Regenerate host SSH keys + command: dpkg-reconfigure openssh-server diff --git a/roles/linux-hostname/tasks/main.yml b/roles/linux-hostname/tasks/main.yml deleted file mode 100644 index e052922..0000000 --- a/roles/linux-hostname/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/hostname_module.html#ansible-collections-ansible-builtin-hostname-module - -- name: Set the hostname in /etc/hostname - ansible.builtin.hostname: - name: "{{ hostname }}" - use: debian -- name: Replace /etc/hosts - template: - src: hosts.j2 - dest: /etc/hosts - owner: root - group: root - mode: '0644' - backup: true -- name: Replace /etc/resolv.conf - template: - src: resolv.j2 - dest: /etc/resolv.conf - owner: root - group: root - mode: '0644' - backup: true - when: resolv_enabled diff --git a/roles/linux-hostname/templates/hosts.j2 b/roles/linux-hostname/templates/hosts.j2 deleted file mode 100644 index d071be4..0000000 --- a/roles/linux-hostname/templates/hosts.j2 +++ /dev/null @@ -1,5 +0,0 @@ -{% if hosts is defined %} -{% for host in hosts %} -{{host.ip}} {{hostname}} -{% endfor %} -{% endif %} \ No newline at end of file diff --git a/roles/pve/files/nrpe/check_chrony b/roles/pve/files/nrpe/check_chrony new file mode 100755 index 0000000..bd8cd5d --- /dev/null +++ b/roles/pve/files/nrpe/check_chrony @@ -0,0 +1,127 @@ +#!/usr/bin/env perl +#=============================================================================== +# DESCRIPTION: Icinga2 / Nagios Check for chrony time sync status and offset +# +# OPTIONS: -h : Help +# -w [warning threshold in seconds] +# -c [critical threshold in seconds] +# +# REQUIREMENTS: Chrony, perl version 5.10.1+ +# +# AUTHOR: Dennis Ullrich (request@decstasy.de) +# +# BUGS ETC: https://github.com/Decstasy/check_chrony +# +# LICENSE: GPL v3 (GNU General Public License, Version 3) +# see https://www.gnu.org/licenses/gpl-3.0.txt +#=============================================================================== + +use 5.10.1; +use strict; +use warnings; +use utf8; +use Getopt::Std; + +# +# Variables +# +my $chronyDaemonName = "chronyd"; +my $leapOk = "Normal"; + +my $rc = 3; +my $msg= ""; +my $perfdata = ""; + +# +# Subroutines +# + +sub help { + print "check_chrony [options] + -w [warning threshold in seconds] + -c [critical threshold in seconds] + e.g.: check_chrony -w 0.6 -c 2\n"; + exit(3); +} + +# Script exit with Nagios / Icinga typical output +sub _exit { + my ( $return, $line ) = @_; + my @state = ( "OK", "WARNING", "CRITICAL", "UNKNOWN" ); + print "$state[$return]: $line\n"; + exit( $return ); +} + +# Checks if a process with $_[0] as name exists +sub proc_exists { + my $PID = `ps -C $_[0] -o pid=`; + if ( ${^CHILD_ERROR_NATIVE} == 0 ){ + return 1; + } + return 0; +} + +# +# Options +# + +my %options=(); +getopts( "hw:c:", \%options ); + +# Check input +if ( keys %options == 0 || defined $options{h} ){ + &help; +} + +for my $key ( keys %options ){ + if ( $options{$key} !~ /^[\d\.]+$/ ){ + &_exit( 3, "Value of option -$key is not a valid number!" ); + } +} + +# +# Check chrony process +# + +&_exit( 2, "$chronyDaemonName is not running!" ) if not &proc_exists( $chronyDaemonName ); + +# +# Get tracking data +# + +my $chronyOutput = `chronyc tracking`; +&_exit( 3, "Chronyc tracking command failed!" ) if ${^CHILD_ERROR_NATIVE} != 0; + +my ( $offset, $dir ) = $chronyOutput =~ /(?:System\stime)[^\d]+([\d\.]+)(?:.*?)(fast|slow)/; +my ( $leap ) = $chronyOutput =~ /(?:Leap)[^\:]+(?::\s+)([\w\h]+)/; + +# +# Check stuff +# + +# Check offset +if ( $offset >= $options{"c"} ){ + $rc = 2; # Critical +} +elsif ( $offset >= $options{"w"} ){ + $rc = 1; # Warning +} +else { + $rc = 0; # Ok +} + +# Prepare offset performace data +$offset = $dir =~ "slow" ? "-$offset" : "+$offset"; +$msg = sprintf( "Time offset of %+.9f seconds to reference.", $offset); +$perfdata = sprintf( "|offset=%.9fs;%.9f;%.9f", ${offset}, $options{'w'}, $options{'c'}); + +# Check leap +if( $leap !~ $leapOk ){ + &_exit( 2, "Chrony leap status \"$leap\" is not equal to \"$leapOk\"! $msg $perfdata" ); +} + +# +# Return stuff +# + +&_exit($rc, "$msg $perfdata"); diff --git a/roles/pve/files/nrpe/check_smartdisk.sh b/roles/pve/files/nrpe/check_smartdisk.sh new file mode 100755 index 0000000..605ea12 --- /dev/null +++ b/roles/pve/files/nrpe/check_smartdisk.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Checks status of disks SMART + +STATUS_LABEL="SMART Health Status:" +STATUS_OK="$STATUS_LABEL OK" + +if [[ "$#" == "0" ]]; then + echo "Usage: $0 [ ... ]" + exit +fi + +for DISK in "$@" +do + STATUS=$(sudo /usr/sbin/smartctl -H -d scsi "$DISK" | grep "$STATUS_LABEL") + + if [ "$STATUS" != "$STATUS_OK" ]; then + echo "CRITICAL: $DISK: $STATUS" + exit 2 + fi +done + +echo "OK: $STATUS_OK" diff --git a/roles/pve/files/nrpe/check_zfs.pl b/roles/pve/files/nrpe/check_zfs.pl new file mode 100755 index 0000000..88dc1d9 --- /dev/null +++ b/roles/pve/files/nrpe/check_zfs.pl @@ -0,0 +1,120 @@ +#!/usr/bin/perl + +use strict; +use warnings; +use English; + +$ENV{'PATH'} = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"; + +use constant N_OK => 0; +use constant N_WARNING => 1; +use constant N_CRITICAL => 2; +use constant N_MSG => [ "OK", "WARNING", "CRITICAL" ]; + +my @zpool = (); + +sub get_pools() { + local *P; + my $zpool_cmd = $EUID == 0 ? "zpool" : "sudo zpool"; + open(P, $zpool_cmd . " list -H 2>&1 |") or &nagios_response("Could not find zpool command", N_CRITICAL); + while (

) { + chomp; + my @ret = split(/\s+/, $_); + push(@zpool, { + 'name' => $ret[0], + 'health' => $ret[-2], + 'size' => $ret[1], + 'alloc' => $ret[2], + 'free' => $ret[3] + }); + } + close(P); + my $rc = $?; + if ($rc != 0) { + &nagios_response("zpool list command failed (rc=$rc)", N_CRITICAL); + } +} + +sub get_status() +{ + my $storage = shift || "unknown"; + my $cat = 0; + my $res = {}; + local *P; + my $zpool_cmd = $EUID == 0 ? "zpool" : "sudo zpool"; + open(P, $zpool_cmd . " status $storage 2>&1 |") or &nagios_response("Could not find zpool command", N_CRITICAL); + while (

) { + chomp; + if ($_ =~ /^\s*([^\s]+):\s*(.*)$/) { + $cat = $1; + $res->{"$cat"} = (); + if ($2) { + push(@{$res->{"$cat"}}, $2); + } + } elsif ($cat && $_ =~ /^\s+(.+)$/) { + push(@{$res->{"$cat"}}, $1); + } + } + close(P); + my $rc = $?; + if ($rc != 0) { + &nagios_response("zpool status command failed (rc=$rc)", N_CRITICAL); + } + return $res; +} + +sub nagios_response() +{ + my $msg = shift || "Unknown"; + my $exit_status = shift; + if (!defined($exit_status)) { + $exit_status = N_CRITICAL; + } + printf("%s %s\n", N_MSG->[$exit_status], $msg); + exit($exit_status); +} + +sub main() { + + &get_pools(); + my $exit_status = N_OK; + my @out = (); + foreach my $pool (@zpool) { + if ($pool->{'health'} eq 'DEGRADED') { + $exit_status = N_WARNING; + my $extinfo = &get_status($pool->{'name'}); + my $scanned = 0; + my $total = 0; + my $speed = 0; + my $left = 0; + my $percent = 0; + my $resilvered = 0; + if (defined($extinfo->{'scan'})) { + foreach my $line (@{$extinfo->{'scan'}}) { + if ($line =~ /^\s*([^\s]+)\s+scanned out of\s+([^\s]+)\s+at\s+([^\s]+),\s*([^\s]+)\s+to go/) { + $scanned = $1; + $total = $2; + $speed = $3; + $left = $4; + } elsif ($line =~ /^\s*([^\s]+)\s+resilvered,\s*([^\s]+)\s+done/) { + $resilvered = $1; + $percent = $2; + } + } + } + if ($scanned && length($scanned) > 2) { + push(@out, sprintf("%s(RESILVER %s,%s,%s)", $pool->{'name'}, $percent, $speed, $left)); + } else { + push(@out, sprintf("%s(%s %s/%s)", $pool->{'name'}, $pool->{'health'}, $pool->{'alloc'}, $pool->{'size'})); + } + } elsif ($pool->{'health'} ne 'ONLINE') { + $exit_status = N_WARNING; + push(@out, sprintf("%s(%s %s/%s)", $pool->{'name'}, $pool->{'health'}, $pool->{'alloc'}, $pool->{'size'})); + } else { + push(@out, sprintf("%s(%s %s/%s)", $pool->{'name'}, $pool->{'health'}, $pool->{'alloc'}, $pool->{'size'})); + } + } + &nagios_response(join(",", @out), $exit_status); +} + +&main(); diff --git a/roles/pve/tasks/main.yml b/roles/pve/tasks/main.yml index 101abcf..67fbc3a 100644 --- a/roles/pve/tasks/main.yml +++ b/roles/pve/tasks/main.yml @@ -6,6 +6,14 @@ group: root mode: u=rw,g=r,o=r notify: restart-nrpe +- name: Copy PVE NRPE plugins + copy: + src: nrpe/ + dest: /etc/nagios/plugins/ + owner: root + group: root + mode: u=rwx,g=rx,o=rx + notify: restart-nrpe - name: Add nagios to sudoers copy: src: sudoers @@ -13,6 +21,7 @@ mode: u=rw,g=r,o= owner: root group: root + notify: restart-nrpe - name: Configure memory regions copy: src: vhost.conf diff --git a/roles/linux-secure-grub/handlers/main.yml b/roles/secure-grub/handlers/main.yml similarity index 100% rename from roles/linux-secure-grub/handlers/main.yml rename to roles/secure-grub/handlers/main.yml diff --git a/roles/linux-secure-grub/tasks/main.yml b/roles/secure-grub/tasks/main.yml similarity index 100% rename from roles/linux-secure-grub/tasks/main.yml rename to roles/secure-grub/tasks/main.yml diff --git a/roles/linux-secure-grub/vars/main.yaml b/roles/secure-grub/vars/main.yaml similarity index 100% rename from roles/linux-secure-grub/vars/main.yaml rename to roles/secure-grub/vars/main.yaml diff --git a/vault-playbook.sh b/vault-playbook.sh index 0a1398a..d7e1c89 100755 --- a/vault-playbook.sh +++ b/vault-playbook.sh @@ -1,2 +1,3 @@ #!/bin/bash +export PYTHONPATH=./venv/lib/python3.12/site-packages/ ansible-playbook --vault-password-file .vaultpass $@ -- 2.40.1 From 8184838a8d3b7fece9eeade257d50ebcc4e0e758 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 1 Oct 2024 16:01:16 +0200 Subject: [PATCH 082/138] refs #8025 #7892 defuser bug fix, disable apparmor --- playbooks/debian.yml | 8 ++++---- roles/debian-base/tasks/{defuser.yaml => defuser.yml} | 0 roles/debian-host/tasks/apparmor.yml | 5 +++++ roles/debian-host/tasks/hostname.yml | 4 ++-- roles/debian-host/tasks/main.yml | 2 ++ 5 files changed, 13 insertions(+), 6 deletions(-) rename roles/debian-base/tasks/{defuser.yaml => defuser.yml} (100%) create mode 100644 roles/debian-host/tasks/apparmor.yml diff --git a/playbooks/debian.yml b/playbooks/debian.yml index 3531330..f1ef67f 100644 --- a/playbooks/debian.yml +++ b/playbooks/debian.yml @@ -2,6 +2,10 @@ hosts: all vars_files: ../vault.yml tasks: + - name: Configure virtual machine or host + import_role: + name: debian-host + when: ansible_virtualization_role == 'host' or ansible_virtualization_type == 'kvm' - name: Configure base system import_role: name: debian-base @@ -13,7 +17,3 @@ import_role: name: debian-qemu when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm' - - name: Configure virtual machine or host - import_role: - name: debian-host - when: ansible_virtualization_role == 'host' or ansible_virtualization_type == 'kvm' diff --git a/roles/debian-base/tasks/defuser.yaml b/roles/debian-base/tasks/defuser.yml similarity index 100% rename from roles/debian-base/tasks/defuser.yaml rename to roles/debian-base/tasks/defuser.yml diff --git a/roles/debian-host/tasks/apparmor.yml b/roles/debian-host/tasks/apparmor.yml new file mode 100644 index 0000000..38a2e8f --- /dev/null +++ b/roles/debian-host/tasks/apparmor.yml @@ -0,0 +1,5 @@ +- name: Disable AppArmor + service: + name: apparmor + state: stopped + enabled: no diff --git a/roles/debian-host/tasks/hostname.yml b/roles/debian-host/tasks/hostname.yml index 71c9e4a..799a81f 100644 --- a/roles/debian-host/tasks/hostname.yml +++ b/roles/debian-host/tasks/hostname.yml @@ -1,8 +1,8 @@ -- name: Set the hostname in /etc/hostname +- name: Set the hostname hostname: name: "{{ inventory_hostname_short }}" use: debian -- name: Configure hostname in hosts +- name: Configure hosts file blockinfile: path: /etc/hosts marker_begin: '--- BEGIN VN ---' diff --git a/roles/debian-host/tasks/main.yml b/roles/debian-host/tasks/main.yml index 7f49737..e4f179a 100644 --- a/roles/debian-host/tasks/main.yml +++ b/roles/debian-host/tasks/main.yml @@ -2,3 +2,5 @@ tags: hostname - import_tasks: sysctl.yml tags: sysctl +- import_tasks: apparmor.yml + tags: apparmor -- 2.40.1 From 896ba27da57d7fa0233021c2e4c85ced7fa6eee4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Wed, 2 Oct 2024 12:15:01 +0200 Subject: [PATCH 083/138] =?UTF-8?q?refs=20#8025=20Configure=20base=20Debia?= =?UTF-8?q?n=20host=20-=20Detalles=20en=20los=20nombres=20de=20las=20tarea?= =?UTF-8?q?s=20y=20la=20condici=C3=B3n=20when=20de=20Configure=20virtual?= =?UTF-8?q?=20machine?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- playbooks/debian.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/playbooks/debian.yml b/playbooks/debian.yml index f1ef67f..266cd85 100644 --- a/playbooks/debian.yml +++ b/playbooks/debian.yml @@ -2,13 +2,13 @@ hosts: all vars_files: ../vault.yml tasks: - - name: Configure virtual machine or host + - name: Configure virtual machine or host (not LXC) import_role: name: debian-host when: ansible_virtualization_role == 'host' or ansible_virtualization_type == 'kvm' - - name: Configure base system + - name: Configure base system (all) import_role: - name: debian-base + name: debian-base - name: Configure guest import_role: name: debian-guest @@ -16,4 +16,4 @@ - name: Configure virtual machine import_role: name: debian-qemu - when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm' + when: ansible_virtualization_type == 'kvm' -- 2.40.1 From 5f7041dfbffaedbe2995a4a2bc8f8dbc607644b7 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 2 Oct 2024 13:20:37 +0200 Subject: [PATCH 084/138] refs #8025 Passbolt integration, README improved, ansible vault deleted, EE fixes --- .gitignore | 4 ++- README.md | 67 ++++++++++++++++++++++++++++----------- context/Dockerfile | 19 +++++++++-- execution-environment.yml | 31 +++++++++++++++++- playbooks/debian.yml | 1 - playbooks/passbolt.yml | 5 ++- run-playbook.sh | 13 ++++++++ vault-playbook.sh | 3 -- vault.yml | 26 --------------- 9 files changed, 112 insertions(+), 57 deletions(-) create mode 100755 run-playbook.sh delete mode 100755 vault-playbook.sh delete mode 100644 vault.yml diff --git a/.gitignore b/.gitignore index 6bea6c1..18cb88c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,6 @@ .vscode/ -.vaultpass +.vault-pass +.vault.yml +.passbolt.yml venv context/_build diff --git a/README.md b/README.md index 86bb730..daf9d4d 100644 --- a/README.md +++ b/README.md @@ -2,24 +2,30 @@ Collection of Ansible playbooks used in the Verdnatura server farm. -## Install Ansible +## Setup Ansible -Instal Ansible on Debian. +Install Ansible on Debian. ``` apt install ansible ``` -Install dependencies. -``` -ansible-galaxy collection install -r collections/requirements.yml -``` - Create Python virtual environment. ``` python3 -m venv venv source venv/bin/activate pip install --upgrade pip ansible==10.1.0 ansible-builder==3.1.0 pip install -r requirements.txt +deactivate +``` + +Install dependencies. +``` +ansible-galaxy collection install -r collections/requirements.yml +``` + +Before running any Ansible command, activate the Python virtual environment. +``` +source venv/bin/activate ``` ## Run playbook @@ -27,30 +33,52 @@ pip install -r requirements.txt Before merging changes into protected branches, playbooks should be tested locally to ensure they work properly. -Launch playbook on the fly on a host not declared in the inventory. +Run playbook on inventory host. ``` -ansible-playbook -i , [-t tag1,tag2] playbooks/test.yml +ansible-playbook -i inventories/lab -l [-t tag1,tag2...] playbooks/ping.yml +``` + +Run playbook on the fly on a host not declared in the inventory. +``` +ansible-playbook -i , playbooks/ping.yml ``` *Note the comma at the end of the hostname or IP.* -## Manage vault +## Manage secrets -To manage Ansible vault place the password into *.vaultpass* file. +Secrets can be managed by using Ansible vault or an external keystore, Passbolt +is used in this case. It is recommended to use an external keystore to avoid +publicly exposing the secrets, even if they are encrypted. -View or edit the vault file. +When running playbooks that use any of the keystores mentioned above, the +*run-playbook.sh* script can be used, it is an ovelay over the original +*ansible-playbook* command which injects the necessary parameters. + +### Ansible vault + +To manage Ansible vault place the encryption password into *.vault-pass* file. + +Manage the vault. ``` -ansible-vault {view,edit} --vault-pass-file .vaultpass vault.yml +ansible-vault {view,edit,create} --vault-pass-file .vault-pass .vault.yml ``` -When running playbooks that use the vault the *vault-playbook.sh* script can -be used, it is ovelay over the original *ansible-playbook* command. +> [!CAUTION] +> The files used for the vault must only be used locally and +> under **no** circumstances can they be uploaded to the repository. -## Create execution environment +### Passbolt + +Add the necessary environment variables to the *.passbolt.yml* file: + +* https://galaxy.ansible.com/ui/repo/published/anatomicjc/passbolt/docs/ + +## Build execution environment for AWX Create an image with *ansible-builder* and upload it to registry. ``` -ansible-builder build --tag ansible-runner:vn1 +ansible-builder build --tag awx-ee:vn1 ``` ## Common playbooks @@ -65,6 +93,7 @@ ansible-builder build --tag ansible-runner:vn1 * https://docs.ansible.com/ansible/latest/reference_appendices/config.html * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/gather_facts_module.html * https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html -* https://www.passbolt.com/blog/managing-secrets-in-ansible-using-passbolt -* https://galaxy.ansible.com/ui/repo/published/anatomicjc/passbolt/ +* https://ansible.readthedocs.io/projects/builder/en/latest/ * https://www.ansible.com/blog/introduction-to-ansible-builder/ +* https://github.com/ansible/awx-ee/tree/devel +* https://www.passbolt.com/blog/managing-secrets-in-ansible-using-passbolt diff --git a/context/Dockerfile b/context/Dockerfile index c94e222..e21f388 100644 --- a/context/Dockerfile +++ b/context/Dockerfile @@ -1,8 +1,10 @@ -ARG EE_BASE_IMAGE="quay.io/ansible/ansible-runner:latest" -ARG PYCMD="/usr/bin/python3" +ARG EE_BASE_IMAGE="quay.io/centos/centos:stream9" +ARG PYCMD="/usr/bin/python3.12" +ARG PYPKG="python3.12" ARG PKGMGR_PRESERVE_CACHE="" ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS="" ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS="" +ARG ANSIBLE_INSTALL_REFS="ansible-core>=2.17.0 ansible-runner==2.4.0" ARG PKGMGR="/usr/bin/dnf" # Base build stage @@ -11,22 +13,28 @@ USER root ENV PIP_BREAK_SYSTEM_PACKAGES=1 ARG EE_BASE_IMAGE ARG PYCMD +ARG PYPKG ARG PKGMGR_PRESERVE_CACHE ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS +ARG ANSIBLE_INSTALL_REFS ARG PKGMGR COPY _build/scripts/ /output/scripts/ COPY _build/scripts/entrypoint /opt/builder/bin/entrypoint +RUN $PKGMGR install $PYPKG -y ; if [ -z $PKGMGR_PRESERVE_CACHE ]; then $PKGMGR clean all; fi RUN /output/scripts/pip_install $PYCMD +RUN $PYCMD -m pip install --no-cache-dir $ANSIBLE_INSTALL_REFS # Galaxy build stage FROM base as galaxy ARG EE_BASE_IMAGE ARG PYCMD +ARG PYPKG ARG PKGMGR_PRESERVE_CACHE ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS +ARG ANSIBLE_INSTALL_REFS ARG PKGMGR RUN /output/scripts/check_galaxy @@ -43,9 +51,11 @@ ENV PIP_BREAK_SYSTEM_PACKAGES=1 WORKDIR /build ARG EE_BASE_IMAGE ARG PYCMD +ARG PYPKG ARG PKGMGR_PRESERVE_CACHE ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS +ARG ANSIBLE_INSTALL_REFS ARG PKGMGR RUN $PYCMD -m pip install --no-cache-dir bindep pyyaml packaging @@ -53,7 +63,8 @@ RUN $PYCMD -m pip install --no-cache-dir bindep pyyaml packaging COPY --from=galaxy /usr/share/ansible /usr/share/ansible COPY _build/requirements.txt requirements.txt -RUN $PYCMD /output/scripts/introspect.py introspect --user-pip=requirements.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt +COPY _build/bindep.txt bindep.txt +RUN $PYCMD /output/scripts/introspect.py introspect --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt RUN /output/scripts/assemble # Final build stage @@ -61,9 +72,11 @@ FROM base as final ENV PIP_BREAK_SYSTEM_PACKAGES=1 ARG EE_BASE_IMAGE ARG PYCMD +ARG PYPKG ARG PKGMGR_PRESERVE_CACHE ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS +ARG ANSIBLE_INSTALL_REFS ARG PKGMGR RUN /output/scripts/check_ansible $PYCMD diff --git a/execution-environment.yml b/execution-environment.yml index f6977c8..92b260c 100644 --- a/execution-environment.yml +++ b/execution-environment.yml @@ -1,4 +1,33 @@ version: 3 +images: + base_image: + name: quay.io/centos/centos:stream9 dependencies: - galaxy: collections/requirements.yml python: requirements.txt + galaxy: collections/requirements.yml + python_interpreter: + package_system: python3.12 + python_path: /usr/bin/python3.12 + ansible_core: + package_pip: ansible-core>=2.17.0 + ansible_runner: + package_pip: ansible-runner==2.4.0 + system: | + git-core [platform:rpm] + python3.11-devel [platform:rpm compile] + libcurl-devel [platform:rpm compile] + krb5-devel [platform:rpm compile] + krb5-workstation [platform:rpm] + subversion [platform:rpm] + subversion [platform:dpkg] + git-lfs [platform:rpm] + sshpass [platform:rpm] + rsync [platform:rpm] + epel-release [platform:rpm] + unzip [platform:rpm] + podman-remote [platform:rpm] + cmake [platform:rpm compile] + gcc [platform:rpm compile] + gcc-c++ [platform:rpm compile] + make [platform:rpm compile] + openssl-devel [platform:rpm compile] diff --git a/playbooks/debian.yml b/playbooks/debian.yml index f1ef67f..ac68e94 100644 --- a/playbooks/debian.yml +++ b/playbooks/debian.yml @@ -1,6 +1,5 @@ - name: Configure base Debian host hosts: all - vars_files: ../vault.yml tasks: - name: Configure virtual machine or host import_role: diff --git a/playbooks/passbolt.yml b/playbooks/passbolt.yml index 792e858..4412a1c 100644 --- a/playbooks/passbolt.yml +++ b/playbooks/passbolt.yml @@ -5,6 +5,5 @@ passbolt: 'anatomicjc.passbolt.passbolt' passbolt_inventory: 'anatomicjc.passbolt.passbolt_inventory' tasks: - - name: Print password - debug: - msg: "Variable: {{ lookup(passbolt, 'test') }}" + - debug: + msg: "Password: {{ lookup(passbolt, 'test').password }}" diff --git a/run-playbook.sh b/run-playbook.sh new file mode 100755 index 0000000..825cac0 --- /dev/null +++ b/run-playbook.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +EXTRA_ARGS=() + +if [ -f .passbolt.yml ]; then + EXTRA_ARGS+=("--extra-vars" "@.passbolt.yml") +fi +if [ -f .vaultpass ]; then + EXTRA_ARGS+=("--vault-password-file" ".vaultpass") +fi + +export PYTHONPATH=./venv/lib/python3.12/site-packages/ +ansible-playbook ${EXTRA_ARGS[@]} $@ diff --git a/vault-playbook.sh b/vault-playbook.sh deleted file mode 100755 index d7e1c89..0000000 --- a/vault-playbook.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash -export PYTHONPATH=./venv/lib/python3.12/site-packages/ -ansible-playbook --vault-password-file .vaultpass $@ diff --git a/vault.yml b/vault.yml deleted file mode 100644 index 25a562e..0000000 --- a/vault.yml +++ /dev/null @@ -1,26 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -37396535616365346266643936343463336564303066356131363064633436353763343735666563 -3234623639383039393735346632636163623435313965660a363363386637666261626661336333 -39643436663965383239323435613339323766623630633430343465313038643235636666343938 -3531636532613661650a336631666138306166346363333534613436396565343161623838363132 -30643532636332356630306563336165663266663237326262336533363665653230393332623134 -63626333303134346435666231386361643137636132383236373937636235326132666230306362 -36363136653963366235626239656339663736393636663136656164393031323663623463393438 -63646635343462363332636531323634623930643737333430613666366335303362323764363533 -39336533366466633132383438633063616564623862366263376638323138623363656164343635 -64346437646435383137313162656237303436343839366261633935613735316166376466616635 -61616132626539656633353032663932653730633365633331313330323932653465656634383334 -64633634326462316164316130373334666365643936646634333032326465373131656161646234 -30376135613534303533326133383661353235343034356466333961396237373937353137373735 -32373633396438313133663839373663656139346163386336373265356265613038646633386334 -37353331373332373636346166333639343936633464663335653762386431376632613430363666 -66636139663662633861643733306238646335353664636265623464393163343462326239613662 -63633236326161643838353931646566323236326636376331663463333664636566666462303063 -31303436356164623234346362386633633633623230366366393839376239636533636564666663 -39663034373664663063656561306132383734646263656464626432633963396638363362396664 -37303038373038346536613235333237613435663632656334643334326232396336653035326162 -63663637306531373030643962386339393263653262363037626538386132353363663761363138 -62663532313862396339653364306533326639333139336636343762373038333838313762393431 -34386239303765653930306334393339383234303137346461633231353637326137353964613832 -61353035353539633334333337346665383937346566396438306465336337366661323435616133 -37643932306265633465643430636662653865313661663331316662303861356466 -- 2.40.1 From 6bce31ab19da86bc43fa3c8b7c1ca65a8aa691f2 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 2 Oct 2024 13:34:54 +0200 Subject: [PATCH 085/138] refs #8025 Fix: Get NSLCD password from Passbolt --- inventories/group_vars/all.yml | 2 ++ playbooks/passbolt.yml | 3 --- roles/debian-guest/templates/nslcd.conf | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index c53863f..d14f1d3 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -1,4 +1,6 @@ ansible_host: "{{inventory_hostname_short}}.{{host_domain}}" +passbolt: 'anatomicjc.passbolt.passbolt' +passbolt_inventory: 'anatomicjc.passbolt.passbolt_inventory' sysadmin_mail: sysadmin@verdnatura.es sysadmin_group: sysadmin smtp_server: smtp.verdnatura.es diff --git a/playbooks/passbolt.yml b/playbooks/passbolt.yml index 4412a1c..698704a 100644 --- a/playbooks/passbolt.yml +++ b/playbooks/passbolt.yml @@ -1,9 +1,6 @@ - name: Fetch passbolt password hosts: all gather_facts: no - vars: - passbolt: 'anatomicjc.passbolt.passbolt' - passbolt_inventory: 'anatomicjc.passbolt.passbolt_inventory' tasks: - debug: msg: "Password: {{ lookup(passbolt, 'test').password }}" diff --git a/roles/debian-guest/templates/nslcd.conf b/roles/debian-guest/templates/nslcd.conf index ba36843..a204607 100644 --- a/roles/debian-guest/templates/nslcd.conf +++ b/roles/debian-guest/templates/nslcd.conf @@ -8,7 +8,7 @@ idle_timelimit 60 base {{ ldap_base }} binddn cn=nss,ou=admins,{{ ldap_base }} -bindpw {{ nslcd_password }} +bindpw {{ lookup(passbolt, 'nslcd').password }} pagesize 500 filter group (&(objectClass=posixGroup)(cn={{ sysadmin_group }})) -- 2.40.1 From 1b7506d6479fdc924575deec1059e0e264cb1227 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 2 Oct 2024 20:14:27 +0200 Subject: [PATCH 086/138] refs #8025 Added Passbolt env config template --- .passbolt.tpl.yml | 8 ++++++++ README.md | 14 +++++++------- 2 files changed, 15 insertions(+), 7 deletions(-) create mode 100644 .passbolt.tpl.yml diff --git a/.passbolt.tpl.yml b/.passbolt.tpl.yml new file mode 100644 index 0000000..6ea56b3 --- /dev/null +++ b/.passbolt.tpl.yml @@ -0,0 +1,8 @@ +PASSBOLT_BASE_URL: https://passbolt.domain.local/ +PASSBOLT_PASSPHRASE: "S3cr3tP4$$w0rd" +PASSBOLT_PRIVATE_KEY: | + -----BEGIN PGP PRIVATE KEY BLOCK----- + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + -----END PGP PRIVATE KEY BLOCK----- diff --git a/README.md b/README.md index daf9d4d..a5c08be 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,13 @@ When running playbooks that use any of the keystores mentioned above, the *run-playbook.sh* script can be used, it is an ovelay over the original *ansible-playbook* command which injects the necessary parameters. +### Passbolt + +Add the necessary environment variables to the *.passbolt.yml* file, the +template file *.passbolt.tpl.yml* is included as a reference: + +* https://galaxy.ansible.com/ui/repo/published/anatomicjc/passbolt/docs/ + ### Ansible vault To manage Ansible vault place the encryption password into *.vault-pass* file. @@ -64,16 +71,9 @@ Manage the vault. ansible-vault {view,edit,create} --vault-pass-file .vault-pass .vault.yml ``` -> [!CAUTION] > The files used for the vault must only be used locally and > under **no** circumstances can they be uploaded to the repository. -### Passbolt - -Add the necessary environment variables to the *.passbolt.yml* file: - -* https://galaxy.ansible.com/ui/repo/published/anatomicjc/passbolt/docs/ - ## Build execution environment for AWX Create an image with *ansible-builder* and upload it to registry. -- 2.40.1 From ba4e5fd6356c0c2070134d5c07deb78dd7257416 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 2 Oct 2024 20:17:47 +0200 Subject: [PATCH 087/138] refs #8025 run-playbook.sh: PYTHONPATH commented --- run-playbook.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-playbook.sh b/run-playbook.sh index 825cac0..b6bdeb2 100755 --- a/run-playbook.sh +++ b/run-playbook.sh @@ -9,5 +9,5 @@ if [ -f .vaultpass ]; then EXTRA_ARGS+=("--vault-password-file" ".vaultpass") fi -export PYTHONPATH=./venv/lib/python3.12/site-packages/ +#export PYTHONPATH=./venv/lib/python3.12/site-packages/ ansible-playbook ${EXTRA_ARGS[@]} $@ -- 2.40.1 From 069d0726433a58ae43ef7af47beae2d421d25964 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 2 Oct 2024 20:33:47 +0200 Subject: [PATCH 088/138] refs #8025 README: venv doc improved --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a5c08be..570101b 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,6 @@ python3 -m venv venv source venv/bin/activate pip install --upgrade pip ansible==10.1.0 ansible-builder==3.1.0 pip install -r requirements.txt -deactivate ``` Install dependencies. @@ -28,6 +27,11 @@ Before running any Ansible command, activate the Python virtual environment. source venv/bin/activate ``` +Once you're done, deactivate the virtual environment. +``` +deactivate +``` + ## Run playbook Before merging changes into protected branches, playbooks should be tested -- 2.40.1 From ed9e69b96ba87d7675b9280ae0f4cf7f4ec0f3aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Thu, 3 Oct 2024 09:42:08 +0200 Subject: [PATCH 089/138] Refs #8025 Sincro --- 1 | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 1 diff --git a/1 b/1 new file mode 100644 index 0000000..4a19164 --- /dev/null +++ b/1 @@ -0,0 +1,92 @@ +env: + PASSBOLT_BASE_URL: https://passbolt.verdnatura.es + PASSBOLT_PASSPHRASE: Carrerdelalloma10_ + PASSBOLT_PRIVATE_KEY: | + -----BEGIN PGP PRIVATE KEY BLOCK----- + +xcTGBGbe58QBDAC9MOLpqjHYOYCRfOMHFlR3//A9PLfp1NPpxndKhgzBePvy +wA7C2MjFiyHt7NN4DITjKH60Lmv6Lce+j9y0QPDG42rKCsjTIOHl/pYR4QQT +NCqCnrguATuPqs4gnHKXzhrHqu7dViiD9epyNmTVUhB2PoCZvwb/0NCbKW1Q +stNn7Q1x/01qGj92nrus8rgdsLmWxAbeER/PW2/gIFrKqOXMUl8Ra1jOoCqd +6EcFvZ28mv0AtyeNNYjBc8hKqoCj3uPmL4JPKH/+XgaKBGlI/SaIHeT6hUal +LGKg1I/+GEqnvWwd/c6CEyHYPWD1O5SA9GOfHQUYIB506CTsm4HCbvsvM9y8 +aySB1dq8iI+yZhGufRHWJofuF/ix8AT7+SdALlW43q8ZSv+WC0XBdKn0CEFx +nzCyqY1MXz/AbdNFrMT4ItczYw1LOUud8O7M2mqdkHSDYb9w1l5eas3U186x +tdbG2jhloXhMOfJmYv1BHJc/0LRumSkblAEvpMA0GjuMgLEAEQEAAf4JAwiF +26xTqzLoceDAyEYx9jLvIZ44yGgl5F7IHN77W4BDdwOXbqOQBft8iGxmR7RD +bXlKdqJVaaHd267aAPOzYct8OLJx2RxyCky8vtU68mbSkrmySVuDWBD5ZNlk +1suhrTyeCjUa6tcAPqDVvM+n1ZzIjmonyFTJ0XVkZUoUj5JStZbt/3FMLzlF +ylA/tISRQGUMJd4zMe3nWaa65Px7UsX2IGknuuVnxLTdVWe/gXH6mnm2lCFI +awhaJwSoQALX4SRODbSzGArkcUz2kwleQssIwR5GTrKkrZepWpJeBzg/8EDY +XGxQRAI5RBCkhWIObLOYfxhHJVQSEWMYbgrOKjTqUllXI3okdqWGJtYcs6Cn +jn4p6qvCEYEj4UHRos1ue5anwUd0suzjZ2OP955GwrWSBClIBG5fqAF1bfIZ +Zw4+aiGCBuxi0zsqEq93HdZtqKgx4JOmcH+RrRAJjssG1llAcGwBVWXnqKfP +9XtfGI6e08QZD+KT5fUzOGiRBSXUPaEKx7YsnZ3auR8z1yHFfpW4sRlB/cOj +YuIs/r1jf2uypxLDOkKajtOXljsPIjjd2G9LCN19yts0rArrCTiA2ktFClWk +iXEEVg/w9XY1oEb4Z9BOLPfSCyRwbp5SpaAzPoSMZL05UZlWTCF9zs5tC2d4 +nQjeyiuXcbfrUk9Ri3OPfOZAa5MpQgNTrEM8d24Da7GMhbVK8sw84sVQhXql +vlGzoQD6e9P8JVf7gtYlWGcH+wYGbkDpyWoFHcObr+AVeWbtD0ySTszyRfcR +DdGW4EmNG0R4yS0FqfFHUOhiq5xvfH6kKNPkp+czQsvLpPy9gyT8S1xOn2cr +y3vcaCu1vMD7+zIW05JMEbpitaIrC0qG0K8X4GO0OSqKFyRZ6VnCbEG50tPg +s9hWgcRg53csRF34HFc+LWVJdzVTkt8jcXyzdnlKxcG89/E2AfXx4i4p3XBK +WdfUpDROH5xCjNcInBo/ZXR8GmOogb4Z6PAKvcUX/scHpQAZ4mB717pqAM3j +/YBpih/FoiEaEhKqPVZnWMU78pCbUUIwEKO6CwxghhDfgHzyE0u0efpNJnb3 +b5n3PMEbGeUpWisiQidOW/9d2x4mvItRZ06VYY3I1G5aM2OVYyw2wz7iCoiz +JRosWw25+ThcF3FKyguBVYoN7n/zcOmaAii5OMAoS5D0ohyBcfeq+2PnIYsr +1yrMyw0gcT1KhO2K0ah/THd91bkI3dcD52hhHXbC0fuz00n9dhAaSoXrGbAj +dV4CGmK6XQSzO/qaatVnOKQI7XAkm3PF0GSJsEj5zMA5M57LuF5uvAhIgIzj +qj4TF5ApOfDoXmgt3Eve16SIqLJva80eWGF2aSBMbGVvIDx4YXZpQHZlcmRu +YXR1cmEuZXM+wsEKBBABCAA+BYJm3ufEBAsJBwgJkGX8BIy7HvicAxUICgQW +AAIBAhkBApsDAh4BFiEEiUE63GI6sVeiwcC4ZfwEjLse+JwAALPbDACT8Sc7 +h3sqxFac2bSs4nYCqXM9UQZosM6VmQk8EyG4dLwquOJh009ipaDrI2bKZrX7 +I+Qn9L+y7Gv8vAhHutOUdrqE+Pk0A4xk0q563KlyO1i9XzMEvKYOGX4BT9Aa +kLcWDstpdEKJYeV+iNexcxKBoZedls4NkZaD/ZBD4RRnI3pYzJcmmVX88oAT +TdJ5jRng4gX0ecKa2BAmhBzYJpDAJbTT1j4x0gsOgA/YrHfghqxXaIY0TNe8 +RzEdaTq2FGsWRsh1Wasc4F0yfou2hkv7WZmYKXYgh9MfZVa9gwTn9/gtyRpr +nqwL+2clIJMqmqueLGaTNEO4Ktd5xiLrZM5nvg60hJ8UxhK6hrfFjuATeQp1 +S8r9OQyPiqh/mXZ15tAjO3AF+gDEE/df0K/n7fUcqcL/JLhU5RHe9T446KHq +rabT2URpZuWrzEEGIV7tlz43l2e3o18BsxezkXMSnF/hbQ2riY9ZIWuYKDeZ +ANRU2dHmg4jXWOyylsiu86XjxNnHxMYEZt7nxAEMANZERNcxpQfpu2YwOepi +gLN5HVnSFf6pmRxr5UKvMjBHctw2rK3oYtWUdrEXUR6k3z/bE+0jC3sZmoyQ +UlCy6wCsL8KTIKpMj4Op3Hwnf89mPsJVr3mlIXKKgr4moTNvDJjhTYCE9XXV ++GSFHX5aZ+icgElnZKXwY3z0VhL8baDcQDPt7SC0f0LR+bBO4XgqZFijdXIB +5zarv4kXBYRXnfzJWZ9JnZef6HEU2Ks/gtHKd+5bCsTm6GQPrWzmoLHMDCUf +jyGKaG8IF8TcWKjoZGxC+S8HP9dj1qr9zcX+DZ+3TlWzCn0ZiGlVnbX1yJ+S +JFRpopxkmpYPjIYVk6gIsMTZh3D3Kn6VoTaMPxlM9iAvfIjwhKeAFX9H38p0 +6zMbTJYTYVMTCxUom3IwrPTtfI6B1ryE8kUA4c3UBpbnWHBb9O8MPDj+Wp43 +m7EuwiSXf9JxBBLzh/Zs3BBoiVlSClNPXjx2uPFi3zgkpxFmEis3fim5itPb +L+UDFPZN9kmNEwARAQAB/gkDCHSfGEgjaci74E0PwpFU1u7aLRSNykJ5REC4 +I9H8Ma0yAK3Mv0Grl9Az/9Th+Jr5u3K0UKEwhgl6Wwr6JpBkPyxg2m9ZMOej +p2VM8KsbrmVmEt5qwrWuG2Iy+iXXIMd+DFrvrNmk8blSqbGaWLExK4iI/VaH +swDL3A2QUp7EKCSu8rHBFbI5Z1deh5wXHOZXn2ofs/8oWDkt1DmVLflVlTfr +eIUg2+v+d8OGbe0wLlb2aBirsGYPLxVBK6uVg5RH6N4vaE4++85KGFvsY0d3 ++tsHFXRc3SUS9ezBJMEsfmklnzMyWToopMbilIMZPN6AMD0COWAThE235yny +QtOW00FQraFxippFlWQ00OuqwSIOj5RqZir0Wsv+Cf5pqcpjAENr8ssfmMXZ +H3t6ZAKQdEBAY8CQYbJK5s8bpXg5FP0GMZLX/z8sY2UrBDbsKR06iGkAY+oM +4nqVQwy2qIJ0ixYLSVoEKX6zGUwVokJcEgwsFn5ZBBbSYRw9hZbDS0Cudsv+ +2aVawiX7/7m1HLwytNoUTfsptsPqXljEdj467jyzvMrVVp2hTmKlLb0DfILV +kIBc4tbOoo02OXpPUQnp5ZLdCKsa0u0qkciHwgMmUXIAUjSiUq5o89Ks84rU +zomrtNSpZBXjf5fIY235sUk2itlQFQUsskgDd4HgDNoJwH9XEGA6chf7K9Xj +oI5lODG3xmbbh1cQ9P/wCVEz1sJ22amYhubVUihbxDi6cPnRyryxhK6BC2DY +FOmWs/jH7IEL/T02JN/a8lgvZVdKOiNj7TsBHbascidDzpDXPJq4y9Q0moAp +HCuW5j/3/YfvItZAwrkb1mElnLkvf5oGLQACtonT8VdrjImUFJF4Q0Ne1+Ke +GCHnlB7iI+Nxwj82oRAkCld9opC2K5tZePOkH45tUFBIy/y+cGhr5zwhpuRa +dqZdItpVg60klpbP4rATCEeJFspOc8jtp++Wj4AIm7zhqRJNKc/RfzYm/ltR +L744MbeFzZ1idvDEWJFNfd0gQ6ByR9H3JbY/Pe+E5gpCUVd0tfc4dJSnzq0u +iK2YwBoLc+cvJbsMXFXzvS6PN4Tj78YwEwOjV+LvlNAJJgxucjlt8Fib1hRF +pj4gguwgPtnHnk2f6mZE3SkIR8CI/pWZFNzI3j/FybMm2vp8ev4ckPGvGSN9 +R0gswiXtVh0uzgP8d95fyb+3m9x1qq2ICR9XJTPRENgJP5++Y7D05JudaYh+ +EOcInt8iWWo3PaNfp12bbJ3vde1utyoCZkLkH1Fg60b4HSjaUlE+hT3v2W0/ +AXy/Ai32NdaTqIhbsbsqs5ZsQbN/W4+8U1uNLC2cCGBZmLSeiRIozlkIwsD2 +BBgBCAAqBYJm3ufECZBl/ASMux74nAKbDBYhBIlBOtxiOrFXosHAuGX8BIy7 +HvicAACbJwwAlBQyDfgJskHaUoZYhN3S1qn9EwhEZM13bU6pch9AwUBGBqnL +8kgjTOHP3Ccv7fQDRAWGtZUbNOozPqmmREwbYNA+SD8S7+R//coYYfQ84iRS +2B0qqKKXKAFa+FH+WinJk5ADa5lJn0laL3Ql9HORcDQYl+Q1Pv8XDVVEQNDW +rHzWcSer8jf8Qj7CFbZRj1ltZOyHDDQ+PFBS0rrydD70gNzRVkAzR2jkcR/P +Y8hQ8hgWhBwHhU6kaVDcHhOXGWt5P1mZftEmN/krRlfj++yXxRJUR1Akjwd7 +05KSUR+7NtZudKiVmIiY3V0VSYHzsDl65UM9E/8NBGCxx3ly6WPqCNO4UM11 +0q0iJ6M24bGiba1YcYefpHuGZ3TCwukcLARERtlA7jzimKOSY1lRGW4eZeUQ +VIWZIAxD0GeKtVrZFwD/a2SeQcPwdRpGlW6YIaIouiRQ00N51NDUIUWKTWur +HPqCJoa+Tfr5FMmCOrPnQKQPcQcu/lwtbGSt+5tRk/+R +=D0UM +-----END PGP PRIVATE KEY BLOCK----- -- 2.40.1 From 9464d6d8a35ee5e0986f51ce4b1683fddea65a29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Thu, 3 Oct 2024 10:45:21 +0200 Subject: [PATCH 090/138] Refs #8025 Crazy git --- 1 | 92 --------------------------------------------------------------- 1 file changed, 92 deletions(-) delete mode 100644 1 diff --git a/1 b/1 deleted file mode 100644 index 4a19164..0000000 --- a/1 +++ /dev/null @@ -1,92 +0,0 @@ -env: - PASSBOLT_BASE_URL: https://passbolt.verdnatura.es - PASSBOLT_PASSPHRASE: Carrerdelalloma10_ - PASSBOLT_PRIVATE_KEY: | - -----BEGIN PGP PRIVATE KEY BLOCK----- - -xcTGBGbe58QBDAC9MOLpqjHYOYCRfOMHFlR3//A9PLfp1NPpxndKhgzBePvy -wA7C2MjFiyHt7NN4DITjKH60Lmv6Lce+j9y0QPDG42rKCsjTIOHl/pYR4QQT -NCqCnrguATuPqs4gnHKXzhrHqu7dViiD9epyNmTVUhB2PoCZvwb/0NCbKW1Q -stNn7Q1x/01qGj92nrus8rgdsLmWxAbeER/PW2/gIFrKqOXMUl8Ra1jOoCqd -6EcFvZ28mv0AtyeNNYjBc8hKqoCj3uPmL4JPKH/+XgaKBGlI/SaIHeT6hUal -LGKg1I/+GEqnvWwd/c6CEyHYPWD1O5SA9GOfHQUYIB506CTsm4HCbvsvM9y8 -aySB1dq8iI+yZhGufRHWJofuF/ix8AT7+SdALlW43q8ZSv+WC0XBdKn0CEFx -nzCyqY1MXz/AbdNFrMT4ItczYw1LOUud8O7M2mqdkHSDYb9w1l5eas3U186x -tdbG2jhloXhMOfJmYv1BHJc/0LRumSkblAEvpMA0GjuMgLEAEQEAAf4JAwiF -26xTqzLoceDAyEYx9jLvIZ44yGgl5F7IHN77W4BDdwOXbqOQBft8iGxmR7RD -bXlKdqJVaaHd267aAPOzYct8OLJx2RxyCky8vtU68mbSkrmySVuDWBD5ZNlk -1suhrTyeCjUa6tcAPqDVvM+n1ZzIjmonyFTJ0XVkZUoUj5JStZbt/3FMLzlF -ylA/tISRQGUMJd4zMe3nWaa65Px7UsX2IGknuuVnxLTdVWe/gXH6mnm2lCFI -awhaJwSoQALX4SRODbSzGArkcUz2kwleQssIwR5GTrKkrZepWpJeBzg/8EDY -XGxQRAI5RBCkhWIObLOYfxhHJVQSEWMYbgrOKjTqUllXI3okdqWGJtYcs6Cn -jn4p6qvCEYEj4UHRos1ue5anwUd0suzjZ2OP955GwrWSBClIBG5fqAF1bfIZ -Zw4+aiGCBuxi0zsqEq93HdZtqKgx4JOmcH+RrRAJjssG1llAcGwBVWXnqKfP -9XtfGI6e08QZD+KT5fUzOGiRBSXUPaEKx7YsnZ3auR8z1yHFfpW4sRlB/cOj -YuIs/r1jf2uypxLDOkKajtOXljsPIjjd2G9LCN19yts0rArrCTiA2ktFClWk -iXEEVg/w9XY1oEb4Z9BOLPfSCyRwbp5SpaAzPoSMZL05UZlWTCF9zs5tC2d4 -nQjeyiuXcbfrUk9Ri3OPfOZAa5MpQgNTrEM8d24Da7GMhbVK8sw84sVQhXql -vlGzoQD6e9P8JVf7gtYlWGcH+wYGbkDpyWoFHcObr+AVeWbtD0ySTszyRfcR -DdGW4EmNG0R4yS0FqfFHUOhiq5xvfH6kKNPkp+czQsvLpPy9gyT8S1xOn2cr -y3vcaCu1vMD7+zIW05JMEbpitaIrC0qG0K8X4GO0OSqKFyRZ6VnCbEG50tPg -s9hWgcRg53csRF34HFc+LWVJdzVTkt8jcXyzdnlKxcG89/E2AfXx4i4p3XBK -WdfUpDROH5xCjNcInBo/ZXR8GmOogb4Z6PAKvcUX/scHpQAZ4mB717pqAM3j -/YBpih/FoiEaEhKqPVZnWMU78pCbUUIwEKO6CwxghhDfgHzyE0u0efpNJnb3 -b5n3PMEbGeUpWisiQidOW/9d2x4mvItRZ06VYY3I1G5aM2OVYyw2wz7iCoiz -JRosWw25+ThcF3FKyguBVYoN7n/zcOmaAii5OMAoS5D0ohyBcfeq+2PnIYsr -1yrMyw0gcT1KhO2K0ah/THd91bkI3dcD52hhHXbC0fuz00n9dhAaSoXrGbAj -dV4CGmK6XQSzO/qaatVnOKQI7XAkm3PF0GSJsEj5zMA5M57LuF5uvAhIgIzj -qj4TF5ApOfDoXmgt3Eve16SIqLJva80eWGF2aSBMbGVvIDx4YXZpQHZlcmRu -YXR1cmEuZXM+wsEKBBABCAA+BYJm3ufEBAsJBwgJkGX8BIy7HvicAxUICgQW -AAIBAhkBApsDAh4BFiEEiUE63GI6sVeiwcC4ZfwEjLse+JwAALPbDACT8Sc7 -h3sqxFac2bSs4nYCqXM9UQZosM6VmQk8EyG4dLwquOJh009ipaDrI2bKZrX7 -I+Qn9L+y7Gv8vAhHutOUdrqE+Pk0A4xk0q563KlyO1i9XzMEvKYOGX4BT9Aa -kLcWDstpdEKJYeV+iNexcxKBoZedls4NkZaD/ZBD4RRnI3pYzJcmmVX88oAT -TdJ5jRng4gX0ecKa2BAmhBzYJpDAJbTT1j4x0gsOgA/YrHfghqxXaIY0TNe8 -RzEdaTq2FGsWRsh1Wasc4F0yfou2hkv7WZmYKXYgh9MfZVa9gwTn9/gtyRpr -nqwL+2clIJMqmqueLGaTNEO4Ktd5xiLrZM5nvg60hJ8UxhK6hrfFjuATeQp1 -S8r9OQyPiqh/mXZ15tAjO3AF+gDEE/df0K/n7fUcqcL/JLhU5RHe9T446KHq -rabT2URpZuWrzEEGIV7tlz43l2e3o18BsxezkXMSnF/hbQ2riY9ZIWuYKDeZ -ANRU2dHmg4jXWOyylsiu86XjxNnHxMYEZt7nxAEMANZERNcxpQfpu2YwOepi -gLN5HVnSFf6pmRxr5UKvMjBHctw2rK3oYtWUdrEXUR6k3z/bE+0jC3sZmoyQ -UlCy6wCsL8KTIKpMj4Op3Hwnf89mPsJVr3mlIXKKgr4moTNvDJjhTYCE9XXV -+GSFHX5aZ+icgElnZKXwY3z0VhL8baDcQDPt7SC0f0LR+bBO4XgqZFijdXIB -5zarv4kXBYRXnfzJWZ9JnZef6HEU2Ks/gtHKd+5bCsTm6GQPrWzmoLHMDCUf -jyGKaG8IF8TcWKjoZGxC+S8HP9dj1qr9zcX+DZ+3TlWzCn0ZiGlVnbX1yJ+S -JFRpopxkmpYPjIYVk6gIsMTZh3D3Kn6VoTaMPxlM9iAvfIjwhKeAFX9H38p0 -6zMbTJYTYVMTCxUom3IwrPTtfI6B1ryE8kUA4c3UBpbnWHBb9O8MPDj+Wp43 -m7EuwiSXf9JxBBLzh/Zs3BBoiVlSClNPXjx2uPFi3zgkpxFmEis3fim5itPb -L+UDFPZN9kmNEwARAQAB/gkDCHSfGEgjaci74E0PwpFU1u7aLRSNykJ5REC4 -I9H8Ma0yAK3Mv0Grl9Az/9Th+Jr5u3K0UKEwhgl6Wwr6JpBkPyxg2m9ZMOej -p2VM8KsbrmVmEt5qwrWuG2Iy+iXXIMd+DFrvrNmk8blSqbGaWLExK4iI/VaH -swDL3A2QUp7EKCSu8rHBFbI5Z1deh5wXHOZXn2ofs/8oWDkt1DmVLflVlTfr -eIUg2+v+d8OGbe0wLlb2aBirsGYPLxVBK6uVg5RH6N4vaE4++85KGFvsY0d3 -+tsHFXRc3SUS9ezBJMEsfmklnzMyWToopMbilIMZPN6AMD0COWAThE235yny -QtOW00FQraFxippFlWQ00OuqwSIOj5RqZir0Wsv+Cf5pqcpjAENr8ssfmMXZ -H3t6ZAKQdEBAY8CQYbJK5s8bpXg5FP0GMZLX/z8sY2UrBDbsKR06iGkAY+oM -4nqVQwy2qIJ0ixYLSVoEKX6zGUwVokJcEgwsFn5ZBBbSYRw9hZbDS0Cudsv+ -2aVawiX7/7m1HLwytNoUTfsptsPqXljEdj467jyzvMrVVp2hTmKlLb0DfILV -kIBc4tbOoo02OXpPUQnp5ZLdCKsa0u0qkciHwgMmUXIAUjSiUq5o89Ks84rU -zomrtNSpZBXjf5fIY235sUk2itlQFQUsskgDd4HgDNoJwH9XEGA6chf7K9Xj -oI5lODG3xmbbh1cQ9P/wCVEz1sJ22amYhubVUihbxDi6cPnRyryxhK6BC2DY -FOmWs/jH7IEL/T02JN/a8lgvZVdKOiNj7TsBHbascidDzpDXPJq4y9Q0moAp -HCuW5j/3/YfvItZAwrkb1mElnLkvf5oGLQACtonT8VdrjImUFJF4Q0Ne1+Ke -GCHnlB7iI+Nxwj82oRAkCld9opC2K5tZePOkH45tUFBIy/y+cGhr5zwhpuRa -dqZdItpVg60klpbP4rATCEeJFspOc8jtp++Wj4AIm7zhqRJNKc/RfzYm/ltR -L744MbeFzZ1idvDEWJFNfd0gQ6ByR9H3JbY/Pe+E5gpCUVd0tfc4dJSnzq0u -iK2YwBoLc+cvJbsMXFXzvS6PN4Tj78YwEwOjV+LvlNAJJgxucjlt8Fib1hRF -pj4gguwgPtnHnk2f6mZE3SkIR8CI/pWZFNzI3j/FybMm2vp8ev4ckPGvGSN9 -R0gswiXtVh0uzgP8d95fyb+3m9x1qq2ICR9XJTPRENgJP5++Y7D05JudaYh+ -EOcInt8iWWo3PaNfp12bbJ3vde1utyoCZkLkH1Fg60b4HSjaUlE+hT3v2W0/ -AXy/Ai32NdaTqIhbsbsqs5ZsQbN/W4+8U1uNLC2cCGBZmLSeiRIozlkIwsD2 -BBgBCAAqBYJm3ufECZBl/ASMux74nAKbDBYhBIlBOtxiOrFXosHAuGX8BIy7 -HvicAACbJwwAlBQyDfgJskHaUoZYhN3S1qn9EwhEZM13bU6pch9AwUBGBqnL -8kgjTOHP3Ccv7fQDRAWGtZUbNOozPqmmREwbYNA+SD8S7+R//coYYfQ84iRS -2B0qqKKXKAFa+FH+WinJk5ADa5lJn0laL3Ql9HORcDQYl+Q1Pv8XDVVEQNDW -rHzWcSer8jf8Qj7CFbZRj1ltZOyHDDQ+PFBS0rrydD70gNzRVkAzR2jkcR/P -Y8hQ8hgWhBwHhU6kaVDcHhOXGWt5P1mZftEmN/krRlfj++yXxRJUR1Akjwd7 -05KSUR+7NtZudKiVmIiY3V0VSYHzsDl65UM9E/8NBGCxx3ly6WPqCNO4UM11 -0q0iJ6M24bGiba1YcYefpHuGZ3TCwukcLARERtlA7jzimKOSY1lRGW4eZeUQ -VIWZIAxD0GeKtVrZFwD/a2SeQcPwdRpGlW6YIaIouiRQ00N51NDUIUWKTWur -HPqCJoa+Tfr5FMmCOrPnQKQPcQcu/lwtbGSt+5tRk/+R -=D0UM ------END PGP PRIVATE KEY BLOCK----- -- 2.40.1 From 67ae879edf30cd6b00c72f81ebc4073960e92bb3 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 3 Oct 2024 14:48:39 +0200 Subject: [PATCH 091/138] refs #8025 README awx link fix, host ansible-test added --- README.md | 2 +- inventories/lab | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 570101b..0731644 100644 --- a/README.md +++ b/README.md @@ -99,5 +99,5 @@ ansible-builder build --tag awx-ee:vn1 * https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html * https://ansible.readthedocs.io/projects/builder/en/latest/ * https://www.ansible.com/blog/introduction-to-ansible-builder/ -* https://github.com/ansible/awx-ee/tree/devel +* https://github.com/ansible/awx-ee/ * https://www.passbolt.com/blog/managing-secrets-in-ansible-using-passbolt diff --git a/inventories/lab b/inventories/lab index 809234a..1bcf480 100644 --- a/inventories/lab +++ b/inventories/lab @@ -26,6 +26,7 @@ kubetest-master[01:03] kubetest-worker[01:04] [laboratory] +ansible-test corelab-proxy1 zammad matrix -- 2.40.1 From 6d68f7643440ac7ed5e0d39dfd36614ca72a5164 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Thu, 3 Oct 2024 15:05:48 +0200 Subject: [PATCH 092/138] refs #8025 Include all EE context files --- .gitignore | 1 - context/_build/bindep.txt | 18 + context/_build/requirements.txt | 3 + context/_build/requirements.yml | 10 + context/_build/scripts/assemble | 169 +++++++ context/_build/scripts/check_ansible | 110 +++++ context/_build/scripts/check_galaxy | 46 ++ context/_build/scripts/entrypoint | 152 ++++++ context/_build/scripts/install-from-bindep | 105 +++++ context/_build/scripts/introspect.py | 507 +++++++++++++++++++++ context/_build/scripts/pip_install | 56 +++ 11 files changed, 1176 insertions(+), 1 deletion(-) create mode 100644 context/_build/bindep.txt create mode 100644 context/_build/requirements.txt create mode 100644 context/_build/requirements.yml create mode 100755 context/_build/scripts/assemble create mode 100755 context/_build/scripts/check_ansible create mode 100755 context/_build/scripts/check_galaxy create mode 100755 context/_build/scripts/entrypoint create mode 100755 context/_build/scripts/install-from-bindep create mode 100644 context/_build/scripts/introspect.py create mode 100755 context/_build/scripts/pip_install diff --git a/.gitignore b/.gitignore index 18cb88c..242f284 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,3 @@ .vault.yml .passbolt.yml venv -context/_build diff --git a/context/_build/bindep.txt b/context/_build/bindep.txt new file mode 100644 index 0000000..625c810 --- /dev/null +++ b/context/_build/bindep.txt @@ -0,0 +1,18 @@ +git-core [platform:rpm] +python3.11-devel [platform:rpm compile] +libcurl-devel [platform:rpm compile] +krb5-devel [platform:rpm compile] +krb5-workstation [platform:rpm] +subversion [platform:rpm] +subversion [platform:dpkg] +git-lfs [platform:rpm] +sshpass [platform:rpm] +rsync [platform:rpm] +epel-release [platform:rpm] +unzip [platform:rpm] +podman-remote [platform:rpm] +cmake [platform:rpm compile] +gcc [platform:rpm compile] +gcc-c++ [platform:rpm compile] +make [platform:rpm compile] +openssl-devel [platform:rpm compile] diff --git a/context/_build/requirements.txt b/context/_build/requirements.txt new file mode 100644 index 0000000..6e1059a --- /dev/null +++ b/context/_build/requirements.txt @@ -0,0 +1,3 @@ +py-passbolt==0.0.18 +cryptography==3.3.2 +PGPy==0.6.0 \ No newline at end of file diff --git a/context/_build/requirements.yml b/context/_build/requirements.yml new file mode 100644 index 0000000..a97df8d --- /dev/null +++ b/context/_build/requirements.yml @@ -0,0 +1,10 @@ +collections: +- name: ansible.utils + version: '>=4.1.0' + type: galaxy +- name: ansible.windows + version: '>=2.3.0' + type: galaxy +- name: anatomicjc.passbolt + version: '>=0.0.14' + type: galaxy diff --git a/context/_build/scripts/assemble b/context/_build/scripts/assemble new file mode 100755 index 0000000..c04c5f1 --- /dev/null +++ b/context/_build/scripts/assemble @@ -0,0 +1,169 @@ +#!/bin/bash +# Copyright (c) 2019 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Make a list of bindep dependencies and a collection of built binary +# wheels for the repo in question as well as its python dependencies. +# Install javascript tools as well to support python that needs javascript +# at build time. +set -ex + +RELEASE=$(source /etc/os-release; echo $ID) + +# NOTE(pabelanger): Allow users to force either microdnf or dnf as a package +# manager. +PKGMGR="${PKGMGR:-}" +PKGMGR_OPTS="${PKGMGR_OPTS:-}" +PKGMGR_PRESERVE_CACHE="${PKGMGR_PRESERVE_CACHE:-}" + +PYCMD="${PYCMD:=/usr/bin/python3}" +PIPCMD="${PIPCMD:=$PYCMD -m pip}" + +if [ -z $PKGMGR ]; then + # Expect dnf to be installed, however if we find microdnf default to it. + PKGMGR=/usr/bin/dnf + if [ -f "/usr/bin/microdnf" ]; then + PKGMGR=/usr/bin/microdnf + fi +fi + +if [ "$PKGMGR" = "/usr/bin/microdnf" ] +then + if [ -z "${PKGMGR_OPTS}" ]; then + # NOTE(pabelanger): skip install docs and weak dependencies to + # make smaller images. Sadly, setting these in dnf.conf don't + # appear to work. + PKGMGR_OPTS="--nodocs --setopt install_weak_deps=0" + fi +fi + +# NOTE(pabelanger): Ensure all the directory we use exists regardless +# of the user first creating them or not. +mkdir -p /output/bindep +mkdir -p /output/wheels +mkdir -p /tmp/src + +cd /tmp/src + +function install_bindep { + # Protect from the bindep builder image use of the assemble script + # to produce a wheel. Note we append because we want all + # sibling packages in here too + if [ -f bindep.txt ] ; then + bindep -l newline | sort >> /output/bindep/run.txt || true + if [ "$RELEASE" == "centos" ] ; then + bindep -l newline -b epel | sort >> /output/bindep/stage.txt || true + grep -Fxvf /output/bindep/run.txt /output/bindep/stage.txt >> /output/bindep/epel.txt || true + rm -rf /output/bindep/stage.txt + fi + compile_packages=$(bindep -b compile || true) + if [ ! -z "$compile_packages" ] ; then + $PKGMGR install -y $PKGMGR_OPTS ${compile_packages} + fi + fi +} + +function install_wheels { + # NOTE(pabelanger): If there are build requirements to install, do so. + # However do not cache them as we do not want them in the final image. + if [ -f /tmp/src/build-requirements.txt ] && [ ! -f /tmp/src/.build-requirements.txt ] ; then + $PIPCMD install $CONSTRAINTS $PIP_OPTS --no-cache -r /tmp/src/build-requirements.txt + touch /tmp/src/.build-requirements.txt + fi + # Build a wheel so that we have an install target. + # pip install . in the container context with the mounted + # source dir gets ... exciting, if setup.py exists. + # We run sdist first to trigger code generation steps such + # as are found in zuul, since the sequencing otherwise + # happens in a way that makes wheel content copying unhappy. + # pip wheel isn't used here because it puts all of the output + # in the output dir and not the wheel cache, so it's not + # possible to tell what is the wheel for the project and + # what is the wheel cache. + if [ -f setup.py ] ; then + $PYCMD setup.py sdist bdist_wheel -d /output/wheels + fi + + # Install everything so that the wheel cache is populated with + # transitive depends. If a requirements.txt file exists, install + # it directly so that people can use git url syntax to do things + # like pick up patched but unreleased versions of dependencies. + # Only do this for the main package (i.e. only write requirements + # once). + if [ -f /tmp/src/requirements.txt ] && [ ! -f /output/requirements.txt ] ; then + $PIPCMD install $CONSTRAINTS $PIP_OPTS --cache-dir=/output/wheels -r /tmp/src/requirements.txt + cp /tmp/src/requirements.txt /output/requirements.txt + fi + # If we didn't build wheels, we can skip trying to install it. + if [ $(ls -1 /output/wheels/*whl 2>/dev/null | wc -l) -gt 0 ]; then + $PIPCMD uninstall -y /output/wheels/*.whl + $PIPCMD install $CONSTRAINTS $PIP_OPTS --cache-dir=/output/wheels /output/wheels/*whl + fi +} + +PACKAGES=$* +PIP_OPTS="${PIP_OPTS-}" + +# bindep the main package +install_bindep + +# go through ZUUL_SIBLINGS, if any, and build those wheels too +for sibling in ${ZUUL_SIBLINGS:-}; do + pushd .zuul-siblings/${sibling} + install_bindep + popd +done + +# Use a clean virtualenv for install steps to prevent things from the +# current environment making us not build a wheel. +# NOTE(pabelanger): We allow users to install distro python packages of +# libraries. This is important for projects that eventually want to produce +# an RPM or offline install. +$PYCMD -m venv /tmp/venv --system-site-packages --without-pip +source /tmp/venv/bin/activate + +# If there is an upper-constraints.txt file in the source tree, +# use it in the pip commands. +if [ -f /tmp/src/upper-constraints.txt ] ; then + cp /tmp/src/upper-constraints.txt /output/upper-constraints.txt + CONSTRAINTS="-c /tmp/src/upper-constraints.txt" +fi + +# If we got a list of packages, install them, otherwise install the +# main package. +if [[ $PACKAGES ]] ; then + $PIPCMD install $CONSTRAINTS $PIP_OPTS --cache-dir=/output/wheels $PACKAGES + for package in $PACKAGES ; do + echo "$package" >> /output/packages.txt + done +else + install_wheels +fi + +# go through ZUUL_SIBLINGS, if any, and build those wheels too +for sibling in ${ZUUL_SIBLINGS:-}; do + pushd .zuul-siblings/${sibling} + install_wheels + popd +done + +if [ -z $PKGMGR_PRESERVE_CACHE ]; then + $PKGMGR clean all + rm -rf /var/cache/{dnf,yum} +fi + +rm -rf /var/lib/dnf/history.* +rm -rf /var/log/{dnf.*,hawkey.log} +rm -rf /tmp/venv diff --git a/context/_build/scripts/check_ansible b/context/_build/scripts/check_ansible new file mode 100755 index 0000000..029be1f --- /dev/null +++ b/context/_build/scripts/check_ansible @@ -0,0 +1,110 @@ +#!/bin/bash +# Copyright (c) 2023 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +##################################################################### +# Script to validate that Ansible and Ansible Runner are installed. +# +# Usage: check_ansible +# +# Options: +# PYCMD - The path to the python executable to use. +##################################################################### + +set -x + +PYCMD=$1 + +if [ -z "$PYCMD" ] +then + echo "Usage: check_ansible " + exit 1 +fi + +if [ ! -x "$PYCMD" ] +then + echo "$PYCMD is not an executable" + exit 1 +fi + +ansible --version + +if [ $? -ne 0 ] +then + cat< /dev/null || true) # whoami-free way to get current username, falls back to current uid + +DEFAULT_HOME="/runner" +DEFAULT_SHELL="/bin/bash" + +if (( "$EP_DEBUG_TRACE" == 1 )); then + function log_debug() { echo "EP_DEBUG: $1" 1>&2; } +else + function log_debug() { :; } +fi + +log_debug "entrypoint.sh started" + +case "$EP_ON_ERROR" in + "fail") + function maybe_fail() { echo "EP_FAIL: $1" 1>&2; exit 1; } + ;; + "warn") + function maybe_fail() { echo "EP_WARN: $1" 1>&2; } + ;; + *) + function maybe_fail() { log_debug "EP_FAIL (ignored): $1"; } + ;; +esac + +function is_dir_writable() { + [ -d "$1" ] && [ -w "$1" ] && [ -x "$1" ] +} + +function ensure_current_uid_in_passwd() { + log_debug "is current uid ${CUR_UID} in /etc/passwd?" + + if ! getent passwd "${CUR_USERNAME}" &> /dev/null ; then + if [ -w "/etc/passwd" ]; then + log_debug "appending missing uid ${CUR_UID} into /etc/passwd" + # use the default homedir; we may have to rewrite it to another value later if it's inaccessible + echo "${CUR_UID}:x:${CUR_UID}:0:container user ${CUR_UID}:${DEFAULT_HOME}:${DEFAULT_SHELL}" >> /etc/passwd + else + maybe_fail "uid ${CUR_UID} is missing from /etc/passwd, which is not writable; this error is likely fatal" + fi + else + log_debug "current uid is already in /etc/passwd" + fi +} + +function ensure_writeable_homedir() { + if (is_dir_writable "${CANDIDATE_HOME}") ; then + log_debug "candidate homedir ${CANDIDATE_HOME} is valid and writeable" + else + if [ "${CANDIDATE_HOME}" == "/" ]; then + log_debug "skipping attempt to fix permissions on / as homedir" + return 1 + fi + + log_debug "candidate homedir ${CANDIDATE_HOME} is missing or not writeable; attempt to fix" + if ! (mkdir -p "${CANDIDATE_HOME}" >& /dev/null && chmod -R ug+rwx "${CANDIDATE_HOME}" >& /dev/null) ; then + log_debug "candidate homedir ${CANDIDATE_HOME} cannot be made writeable" + return 1 + else + log_debug "candidate homedir ${CANDIDATE_HOME} was successfully made writeable" + fi + fi + + # this might work; export it even if we end up not being able to update /etc/passwd + # this ensures the envvar matches current reality for this session; future sessions should set automatically if /etc/passwd is accurate + export HOME=${CANDIDATE_HOME} + + if [ "${CANDIDATE_HOME}" == "${PASSWD_HOME}" ] ; then + log_debug "candidate homedir ${CANDIDATE_HOME} matches /etc/passwd" + return 0 + fi + + if ! [ -w /etc/passwd ]; then + log_debug "candidate homedir ${CANDIDATE_HOME} is valid for ${CUR_USERNAME}, but /etc/passwd is not writable to update it" + return 1 + fi + + log_debug "resetting homedir for user ${CUR_USERNAME} to ${CANDIDATE_HOME} in /etc/passwd" + + # sed -i wants to create a tempfile next to the original, which won't work with /etc permissions in many cases, + # so just do it in memory and overwrite the existing file if we succeeded + NEWPW=$(sed -r "s;(^${CUR_USERNAME}:(.*:){4})(.*:);\1${CANDIDATE_HOME}:;g" /etc/passwd) + echo "${NEWPW}" > /etc/passwd +} + +ensure_current_uid_in_passwd + +log_debug "current value of HOME is ${HOME}" + +PASSWD_HOME=$(getent passwd "${CUR_USERNAME}" | cut -d: -f6) +log_debug "user ${CUR_USERNAME} homedir from /etc/passwd is ${PASSWD_HOME}" + +CANDIDATE_HOMES=("${PASSWD_HOME}" "${HOME}" "${DEFAULT_HOME}" "/tmp") + +# we'll set this in the loop as soon as we find a writeable dir +unset HOME + +for CANDIDATE_HOME in "${CANDIDATE_HOMES[@]}"; do + if ensure_writeable_homedir ; then + break + fi +done + +if ! [ -v HOME ] ; then + maybe_fail "a valid homedir could not be set for ${CUR_USERNAME}; this is likely fatal" +fi + +# chain exec whatever we were asked to run (ideally an init system) to keep any envvar state we've set +log_debug "chain exec-ing requested command $*" +exec "${@}" diff --git a/context/_build/scripts/install-from-bindep b/context/_build/scripts/install-from-bindep new file mode 100755 index 0000000..cee2068 --- /dev/null +++ b/context/_build/scripts/install-from-bindep @@ -0,0 +1,105 @@ +#!/bin/bash +# Copyright (c) 2019 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex +# NOTE(pabelanger): Allow users to force either microdnf or dnf as a package +# manager. +PKGMGR="${PKGMGR:-}" +PKGMGR_OPTS="${PKGMGR_OPTS:-}" +PKGMGR_PRESERVE_CACHE="${PKGMGR_PRESERVE_CACHE:-}" + +PYCMD="${PYCMD:=/usr/bin/python3}" +PIPCMD="${PIPCMD:=$PYCMD -m pip}" +PIP_OPTS="${PIP_OPTS-}" + +if [ -z $PKGMGR ]; then + # Expect dnf to be installed, however if we find microdnf default to it. + PKGMGR=/usr/bin/dnf + if [ -f "/usr/bin/microdnf" ]; then + PKGMGR=/usr/bin/microdnf + fi +fi + +if [ "$PKGMGR" = "/usr/bin/microdnf" ] +then + if [ -z "${PKGMGR_OPTS}" ]; then + # NOTE(pabelanger): skip install docs and weak dependencies to + # make smaller images. Sadly, setting these in dnf.conf don't + # appear to work. + PKGMGR_OPTS="--nodocs --setopt install_weak_deps=0" + fi +fi + +if [ -f /output/bindep/run.txt ] ; then + PACKAGES=$(cat /output/bindep/run.txt) + if [ ! -z "$PACKAGES" ]; then + $PKGMGR install -y $PKGMGR_OPTS $PACKAGES + fi +fi + +if [ -f /output/bindep/epel.txt ] ; then + EPEL_PACKAGES=$(cat /output/bindep/epel.txt) + if [ ! -z "$EPEL_PACKAGES" ]; then + $PKGMGR install -y $PKGMGR_OPTS --enablerepo epel $EPEL_PACKAGES + fi +fi + +# If there's a constraints file, use it. +if [ -f /output/upper-constraints.txt ] ; then + CONSTRAINTS="-c /output/upper-constraints.txt" +fi + +# If a requirements.txt file exists, +# install it directly so that people can use git url syntax +# to do things like pick up patched but unreleased versions +# of dependencies. +if [ -f /output/requirements.txt ] ; then + $PIPCMD install $CONSTRAINTS $PIP_OPTS --cache-dir=/output/wheels -r /output/requirements.txt +fi + +# Add any requested extras to the list of things to install +EXTRAS="" +for extra in $* ; do + EXTRAS="${EXTRAS} -r /output/$extra/requirements.txt" +done + +if [ -f /output/packages.txt ] ; then + # If a package list was passed to assemble, install that in the final + # image. + $PIPCMD install $CONSTRAINTS $PIP_OPTS --cache-dir=/output/wheels -r /output/packages.txt $EXTRAS +else + # Install the wheels. Uninstall any existing version as siblings maybe + # be built with the same version number as the latest release, but we + # really want the speculatively built wheels installed over any + # automatic dependencies. + # NOTE(pabelanger): It is possible a project may not have a wheel, but does have requirements.txt + if [ $(ls -1 /output/wheels/*whl 2>/dev/null | wc -l) -gt 0 ]; then + $PIPCMD uninstall -y /output/wheels/*.whl + $PIPCMD install $CONSTRAINTS $PIP_OPTS --cache-dir=/output/wheels /output/wheels/*.whl $EXTRAS + elif [ ! -z "$EXTRAS" ] ; then + $PIPCMD uninstall -y $EXTRAS + $PIPCMD install $CONSTRAINTS $PIP_OPTS --cache-dir=/output/wheels $EXTRAS + fi +fi + +# clean up after ourselves, unless requested to keep the cache +if [[ "$PKGMGR_PRESERVE_CACHE" != always ]]; then + $PKGMGR clean all + rm -rf /var/cache/{dnf,yum} +fi + +rm -rf /var/lib/dnf/history.* +rm -rf /var/log/{dnf.*,hawkey.log} diff --git a/context/_build/scripts/introspect.py b/context/_build/scripts/introspect.py new file mode 100644 index 0000000..43c9782 --- /dev/null +++ b/context/_build/scripts/introspect.py @@ -0,0 +1,507 @@ +from __future__ import annotations + +import argparse +import logging +import os +import re +import sys +import yaml + +from packaging.requirements import InvalidRequirement, Requirement + + +BASE_COLLECTIONS_PATH = '/usr/share/ansible/collections' + + +# regex for a comment at the start of a line, or embedded with leading space(s) +COMMENT_RE = re.compile(r'(?:^|\s+)#.*$') + + +EXCLUDE_REQUIREMENTS = frozenset(( + # obviously already satisfied or unwanted + 'ansible', 'ansible-base', 'python', 'ansible-core', + # general python test requirements + 'tox', 'pycodestyle', 'yamllint', 'pylint', + 'flake8', 'pytest', 'pytest-xdist', 'coverage', 'mock', 'testinfra', + # test requirements highly specific to Ansible testing + 'ansible-lint', 'molecule', 'galaxy-importer', 'voluptuous', + # already present in image for py3 environments + 'yaml', 'pyyaml', 'json', +)) + + +logger = logging.getLogger(__name__) + + +class CollectionDefinition: + """ + This class represents the dependency metadata for a collection + should be replaced by logic to hit the Galaxy API if made available + """ + + def __init__(self, collection_path): + self.reference_path = collection_path + + # NOTE: Filenames should match constants.DEAFULT_EE_BASENAME and constants.YAML_FILENAME_EXTENSIONS. + meta_file_base = os.path.join(collection_path, 'meta', 'execution-environment') + ee_exists = False + for ext in ('yml', 'yaml'): + meta_file = f"{meta_file_base}.{ext}" + if os.path.exists(meta_file): + with open(meta_file, 'r') as f: + self.raw = yaml.safe_load(f) + ee_exists = True + break + + if not ee_exists: + self.raw = {'version': 1, 'dependencies': {}} + # Automatically infer requirements for collection + for entry, filename in [('python', 'requirements.txt'), ('system', 'bindep.txt')]: + candidate_file = os.path.join(collection_path, filename) + if has_content(candidate_file): + self.raw['dependencies'][entry] = filename + + def target_dir(self): + namespace, name = self.namespace_name() + return os.path.join( + BASE_COLLECTIONS_PATH, 'ansible_collections', + namespace, name + ) + + def namespace_name(self): + "Returns 2-tuple of namespace and name" + path_parts = [p for p in self.reference_path.split(os.path.sep) if p] + return tuple(path_parts[-2:]) + + def get_dependency(self, entry): + """A collection is only allowed to reference a file by a relative path + which is relative to the collection root + """ + req_file = self.raw.get('dependencies', {}).get(entry) + if req_file is None: + return None + if os.path.isabs(req_file): + raise RuntimeError( + 'Collections must specify relative paths for requirements files. ' + f'The file {req_file} specified by {self.reference_path} violates this.' + ) + + return req_file + + +def line_is_empty(line): + return bool((not line.strip()) or line.startswith('#')) + + +def read_req_file(path): + """Provide some minimal error and display handling for file reading""" + if not os.path.exists(path): + print(f'Expected requirements file not present at: {os.path.abspath(path)}') + with open(path, 'r') as f: + return f.read() + + +def pip_file_data(path): + pip_content = read_req_file(path) + + pip_lines = [] + for line in pip_content.split('\n'): + if line_is_empty(line): + continue + if line.startswith('-r') or line.startswith('--requirement'): + _, new_filename = line.split(None, 1) + new_path = os.path.join(os.path.dirname(path or '.'), new_filename) + pip_lines.extend(pip_file_data(new_path)) + else: + pip_lines.append(line) + + return pip_lines + + +def bindep_file_data(path): + sys_content = read_req_file(path) + + sys_lines = [] + for line in sys_content.split('\n'): + if line_is_empty(line): + continue + sys_lines.append(line) + + return sys_lines + + +def process_collection(path): + """Return a tuple of (python_dependencies, system_dependencies) for the + collection install path given. + Both items returned are a list of dependencies. + + :param str path: root directory of collection (this would contain galaxy.yml file) + """ + col_def = CollectionDefinition(path) + + py_file = col_def.get_dependency('python') + pip_lines = [] + if py_file: + pip_lines = pip_file_data(os.path.join(path, py_file)) + + sys_file = col_def.get_dependency('system') + bindep_lines = [] + if sys_file: + bindep_lines = bindep_file_data(os.path.join(path, sys_file)) + + return (pip_lines, bindep_lines) + + +def process(data_dir=BASE_COLLECTIONS_PATH, + user_pip=None, + user_bindep=None, + exclude_pip=None, + exclude_bindep=None, + exclude_collections=None): + """ + Build a dictionary of Python and system requirements from any collections + installed in data_dir, and any user specified requirements. + + Excluded requirements, if any, will be inserted into the return dict. + + Example return dict: + { + 'python': { + 'collection.a': ['abc', 'def'], + 'collection.b': ['ghi'], + 'user': ['jkl'], + 'exclude: ['abc'], + }, + 'system': { + 'collection.a': ['ZYX'], + 'user': ['WVU'], + 'exclude': ['ZYX'], + }, + 'excluded_collections': [ + 'a.b', + ] + } + """ + paths = [] + path_root = os.path.join(data_dir, 'ansible_collections') + + # build a list of all the valid collection paths + if os.path.exists(path_root): + for namespace in sorted(os.listdir(path_root)): + if not os.path.isdir(os.path.join(path_root, namespace)): + continue + for name in sorted(os.listdir(os.path.join(path_root, namespace))): + collection_dir = os.path.join(path_root, namespace, name) + if not os.path.isdir(collection_dir): + continue + files_list = os.listdir(collection_dir) + if 'galaxy.yml' in files_list or 'MANIFEST.json' in files_list: + paths.append(collection_dir) + + # populate the requirements content + py_req = {} + sys_req = {} + for path in paths: + col_pip_lines, col_sys_lines = process_collection(path) + col_def = CollectionDefinition(path) + namespace, name = col_def.namespace_name() + key = f'{namespace}.{name}' + + if col_pip_lines: + py_req[key] = col_pip_lines + + if col_sys_lines: + sys_req[key] = col_sys_lines + + # add on entries from user files, if they are given + if user_pip: + col_pip_lines = pip_file_data(user_pip) + if col_pip_lines: + py_req['user'] = col_pip_lines + if exclude_pip: + col_pip_exclude_lines = pip_file_data(exclude_pip) + if col_pip_exclude_lines: + py_req['exclude'] = col_pip_exclude_lines + if user_bindep: + col_sys_lines = bindep_file_data(user_bindep) + if col_sys_lines: + sys_req['user'] = col_sys_lines + if exclude_bindep: + col_sys_exclude_lines = bindep_file_data(exclude_bindep) + if col_sys_exclude_lines: + sys_req['exclude'] = col_sys_exclude_lines + + retval = { + 'python': py_req, + 'system': sys_req, + } + + if exclude_collections: + # This file should just be a newline separated list of collection names, + # so reusing bindep_file_data() to read it should work fine. + excluded_collection_list = bindep_file_data(exclude_collections) + if excluded_collection_list: + retval['excluded_collections'] = excluded_collection_list + + return retval + + +def has_content(candidate_file): + """Beyond checking that the candidate exists, this also assures + that the file has something other than whitespace, + which can cause errors when given to pip. + """ + if not os.path.exists(candidate_file): + return False + with open(candidate_file, 'r') as f: + content = f.read() + return bool(content.strip().strip('\n')) + + +def strip_comments(reqs: dict[str, list]) -> dict[str, list]: + """ + Filter any comments out of the Python collection requirements input. + + :param dict reqs: A dict of Python requirements, keyed by collection name. + + :return: Same as the input parameter, except with no comment lines. + """ + result: dict[str, list] = {} + for collection, lines in reqs.items(): + for line in lines: + # strip comments + if (base_line := COMMENT_RE.sub('', line.strip())): + result.setdefault(collection, []).append(base_line) + + return result + + +def should_be_excluded(value: str, exclusion_list: list[str]) -> bool: + """ + Test if `value` matches against any value in `exclusion_list`. + + The exclusion_list values are either strings to be compared in a case-insensitive + manner against value, OR, they are regular expressions to be tested against the + value. A regular expression will contain '~' as the first character. + + :return: True if the value should be excluded, False otherwise. + """ + for exclude_value in exclusion_list: + if exclude_value[0] == "~": + pattern = exclude_value[1:] + if re.fullmatch(pattern.lower(), value.lower()): + return True + elif exclude_value.lower() == value.lower(): + return True + return False + + +def filter_requirements(reqs: dict[str, list], + exclude: list[str] | None = None, + exclude_collections: list[str] | None = None, + is_python: bool = True) -> list[str]: + """ + Given a dictionary of Python requirement lines keyed off collections, + return a list of cleaned up (no source comments) requirements + annotated with comments indicating the sources based off the collection keys. + + Currently, non-pep508 compliant Python entries are passed through. We also no + longer attempt to normalize names (replace '_' with '-', etc), other than + lowercasing it for exclusion matching, since we no longer are attempting + to combine similar entries. + + :param dict reqs: A dict of either Python or system requirements, keyed by collection name. + :param list exclude: A list of requirements to be excluded from the output. + :param list exclude_collections: A list of collection names from which to exclude all requirements. + :param bool is_python: This should be set to True for Python requirements, as each + will be tested for PEP508 compliance. This should be set to False for system requirements. + + :return: A list of filtered and annotated requirements. + """ + exclusions: list[str] = [] + collection_ignore_list: list[str] = [] + + if exclude: + exclusions = exclude.copy() + if exclude_collections: + collection_ignore_list = exclude_collections.copy() + + annotated_lines: list[str] = [] + uncommented_reqs = strip_comments(reqs) + + for collection, lines in uncommented_reqs.items(): + # Bypass this collection if we've been told to ignore all requirements from it. + if should_be_excluded(collection, collection_ignore_list): + logger.debug("# Excluding all requirements from collection '%s'", collection) + continue + + for line in lines: + # Determine the simple name based on type of requirement + if is_python: + try: + parsed_req = Requirement(line) + name = parsed_req.name + except InvalidRequirement: + logger.warning( + "Passing through non-PEP508 compliant line '%s' from collection '%s'", + line, collection + ) + annotated_lines.append(line) # We intentionally won't annotate these lines (multi-line?) + continue + else: + # bindep system requirements have the package name as the first "word" on the line + name = line.split(maxsplit=1)[0] + + if collection.lower() not in {'user', 'exclude'}: + lower_name = name.lower() + + if lower_name in EXCLUDE_REQUIREMENTS: + logger.debug("# Excluding requirement '%s' from '%s'", name, collection) + continue + + if should_be_excluded(lower_name, exclusions): + logger.debug("# Explicitly excluding requirement '%s' from '%s'", name, collection) + continue + + annotated_lines.append(f'{line} # from collection {collection}') + + return annotated_lines + + +def parse_args(args=None): + + parser = argparse.ArgumentParser( + prog='introspect', + description=( + 'ansible-builder introspection; injected and used during execution environment build' + ) + ) + + subparsers = parser.add_subparsers( + help='The command to invoke.', + dest='action', + required=True, + ) + + create_introspect_parser(subparsers) + + return parser.parse_args(args) + + +def run_introspect(args, log): + data = process(args.folder, + user_pip=args.user_pip, + user_bindep=args.user_bindep, + exclude_pip=args.exclude_pip, + exclude_bindep=args.exclude_bindep, + exclude_collections=args.exclude_collections) + log.info('# Dependency data for %s', args.folder) + + excluded_collections = data.pop('excluded_collections', None) + + data['python'] = filter_requirements( + data['python'], + exclude=data['python'].pop('exclude', []), + exclude_collections=excluded_collections, + ) + + data['system'] = filter_requirements( + data['system'], + exclude=data['system'].pop('exclude', []), + exclude_collections=excluded_collections, + is_python=False + ) + + print('---') + print(yaml.dump(data, default_flow_style=False)) + + if args.write_pip and data.get('python'): + write_file(args.write_pip, data.get('python') + ['']) + if args.write_bindep and data.get('system'): + write_file(args.write_bindep, data.get('system') + ['']) + + sys.exit(0) + + +def create_introspect_parser(parser): + introspect_parser = parser.add_parser( + 'introspect', + help='Introspects collections in folder.', + description=( + 'Loops over collections in folder and returns data about dependencies. ' + 'This is used internally and exposed here for verification. ' + 'This is targeted toward collection authors and maintainers.' + ) + ) + introspect_parser.add_argument('--sanitize', action='store_true', + help=argparse.SUPPRESS) + + introspect_parser.add_argument( + 'folder', default=BASE_COLLECTIONS_PATH, nargs='?', + help=( + 'Ansible collections path(s) to introspect. ' + 'This should have a folder named ansible_collections inside of it.' + ) + ) + + introspect_parser.add_argument( + '--user-pip', dest='user_pip', + help='An additional file to combine with collection pip requirements.' + ) + introspect_parser.add_argument( + '--user-bindep', dest='user_bindep', + help='An additional file to combine with collection bindep requirements.' + ) + introspect_parser.add_argument( + '--exclude-bindep-reqs', dest='exclude_bindep', + help='An additional file to exclude specific bindep requirements from collections.' + ) + introspect_parser.add_argument( + '--exclude-pip-reqs', dest='exclude_pip', + help='An additional file to exclude specific pip requirements from collections.' + ) + introspect_parser.add_argument( + '--exclude-collection-reqs', dest='exclude_collections', + help='An additional file to exclude all requirements from the listed collections.' + ) + introspect_parser.add_argument( + '--write-pip', dest='write_pip', + help='Write the combined pip requirements file to this location.' + ) + introspect_parser.add_argument( + '--write-bindep', dest='write_bindep', + help='Write the combined bindep requirements file to this location.' + ) + + return introspect_parser + + +def write_file(filename: str, lines: list) -> bool: + parent_dir = os.path.dirname(filename) + if parent_dir and not os.path.exists(parent_dir): + logger.warning('Creating parent directory for %s', filename) + os.makedirs(parent_dir) + new_text = '\n'.join(lines) + if os.path.exists(filename): + with open(filename, 'r') as f: + if f.read() == new_text: + logger.debug("File %s is already up-to-date.", filename) + return False + logger.warning('File %s had modifications and will be rewritten', filename) + with open(filename, 'w') as f: + f.write(new_text) + return True + + +def main(): + args = parse_args() + + if args.action == 'introspect': + run_introspect(args, logger) + + logger.error("An error has occurred.") + sys.exit(1) + + +if __name__ == '__main__': + main() diff --git a/context/_build/scripts/pip_install b/context/_build/scripts/pip_install new file mode 100755 index 0000000..46fcdde --- /dev/null +++ b/context/_build/scripts/pip_install @@ -0,0 +1,56 @@ +#!/bin/bash +# Copyright (c) 2024 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +##################################################################### +# Script to encapsulate pip installation. +# +# Usage: pip_install +# +# Options: +# PYCMD - The path to the python executable to use. +##################################################################### + +set -x + +PYCMD=$1 + +if [ -z "$PYCMD" ] +then + echo "Usage: pip_install " + exit 1 +fi + +if [ ! -x "$PYCMD" ] +then + echo "$PYCMD is not an executable" + exit 1 +fi + +# This is going to be our default functionality for now. This will likely +# need to change if we add support for non-RHEL distros. +$PYCMD -m ensurepip --root / + +if [ $? -ne 0 ] +then + cat< Date: Thu, 3 Oct 2024 16:08:45 +0200 Subject: [PATCH 093/138] =?UTF-8?q?Refs=20#8025=20A=C3=B1adido=20host=20an?= =?UTF-8?q?sible-client=20al=20inventario=20de=20lab?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- inventories/lab | 1 + 1 file changed, 1 insertion(+) diff --git a/inventories/lab b/inventories/lab index 809234a..3e5f260 100644 --- a/inventories/lab +++ b/inventories/lab @@ -29,6 +29,7 @@ kubetest-worker[01:04] corelab-proxy1 zammad matrix +ansible-client [guest:children] cephtest -- 2.40.1 From c30bfd3ee5b74c26f79071bb520b551e04e668fe Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Fri, 4 Oct 2024 08:35:07 +0200 Subject: [PATCH 094/138] refs #8025 README install improved, added local inventory --- .gitignore | 1 + README.md | 25 ++++++++++++++++--------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index 242f284..86413b8 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ .vault.yml .passbolt.yml venv +inventories/local diff --git a/README.md b/README.md index 0731644..70d4e54 100644 --- a/README.md +++ b/README.md @@ -4,12 +4,16 @@ Collection of Ansible playbooks used in the Verdnatura server farm. ## Setup Ansible -Install Ansible on Debian. +### Debian + +Install Ansible package. ``` apt install ansible ``` -Create Python virtual environment. +### Python + +Create a Python virtual environment. ``` python3 -m venv venv source venv/bin/activate @@ -17,11 +21,6 @@ pip install --upgrade pip ansible==10.1.0 ansible-builder==3.1.0 pip install -r requirements.txt ``` -Install dependencies. -``` -ansible-galaxy collection install -r collections/requirements.yml -``` - Before running any Ansible command, activate the Python virtual environment. ``` source venv/bin/activate @@ -32,14 +31,22 @@ Once you're done, deactivate the virtual environment. deactivate ``` +### All platforms + +Install dependencies. +``` +ansible-galaxy collection install -r collections/requirements.yml +``` + ## Run playbook Before merging changes into protected branches, playbooks should be tested -locally to ensure they work properly. +locally to ensure they work properly. The *local* inventory can also be used, +wich is not uploaded to the repository. Run playbook on inventory host. ``` -ansible-playbook -i inventories/lab -l [-t tag1,tag2...] playbooks/ping.yml +ansible-playbook -i inventories/local -l [-t tag1,tag2...] playbooks/ping.yml ``` Run playbook on the fly on a host not declared in the inventory. -- 2.40.1 From 757d3dfe29014ea33e70ecd2fc62488a95c931f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Fri, 4 Oct 2024 13:15:55 +0200 Subject: [PATCH 095/138] refs #8025 Little modifications - Using module systemd insted service. Other approach to hosts file. More strict disable apparmor. --- .gitignore | 1 + inventories/group_vars/all.yml | 1 - roles/debian-host/handlers/main.yml | 4 ++-- roles/debian-host/tasks/apparmor.yml | 11 +++++++++-- roles/debian-host/tasks/hostname.yml | 11 ++++------- roles/debian-host/tasks/sysctl.yml | 2 +- roles/debian-host/templates/resolv.conf | 4 ++-- 7 files changed, 19 insertions(+), 15 deletions(-) diff --git a/.gitignore b/.gitignore index 18cb88c..e274a3d 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,6 @@ .vault-pass .vault.yml .passbolt.yml +inventories/local venv context/_build diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index d14f1d3..4615399 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -11,7 +11,6 @@ main_dns_server: ns1.verdnatura.es ldap_uri: ldap://ldap.verdnatura.es ldap_base: dc=verdnatura,dc=es dc_net: "10.0.0.0/16" -resolv_domain: verdnatura.es resolvers: - '10.0.0.4' - '10.0.0.5' diff --git a/roles/debian-host/handlers/main.yml b/roles/debian-host/handlers/main.yml index 35f2de4..45b25b1 100644 --- a/roles/debian-host/handlers/main.yml +++ b/roles/debian-host/handlers/main.yml @@ -1,4 +1,4 @@ - name: restart-sysctl - service: + systemd: name: systemd-sysctl - state: restarted + state: restarted \ No newline at end of file diff --git a/roles/debian-host/tasks/apparmor.yml b/roles/debian-host/tasks/apparmor.yml index 38a2e8f..a239254 100644 --- a/roles/debian-host/tasks/apparmor.yml +++ b/roles/debian-host/tasks/apparmor.yml @@ -1,5 +1,12 @@ -- name: Disable AppArmor - service: +- name: Stop AppArmor + systemd: name: apparmor state: stopped +- name: Disable AppArmor service + systemd: + name: apparmor enabled: no +- name: Mask AppArmor service + systemd: + name: apparmor + masked: yes \ No newline at end of file diff --git a/roles/debian-host/tasks/hostname.yml b/roles/debian-host/tasks/hostname.yml index 799a81f..b17bd1f 100644 --- a/roles/debian-host/tasks/hostname.yml +++ b/roles/debian-host/tasks/hostname.yml @@ -2,11 +2,8 @@ hostname: name: "{{ inventory_hostname_short }}" use: debian -- name: Configure hosts file - blockinfile: +- name: Populating hosts file with hostname + lineinfile: path: /etc/hosts - marker_begin: '--- BEGIN VN ---' - marker_end: '--- END VN ---' - marker: "# {mark}" - block: | - {{ ansible_default_ipv4.address }} {{ ansible_host }} {{ inventory_hostname_short }} + regexp: '^127.0.1.1' + line: '127.0.1.1 {{ ansible_host }} {{ inventory_hostname_short }}' \ No newline at end of file diff --git a/roles/debian-host/tasks/sysctl.yml b/roles/debian-host/tasks/sysctl.yml index be8eaf7..aab1e57 100644 --- a/roles/debian-host/tasks/sysctl.yml +++ b/roles/debian-host/tasks/sysctl.yml @@ -1,4 +1,4 @@ -- name: Set systctl configuration +- name: Set systctl custom vn configuration copy: src: sysctl/ dest: /etc/sysctl.d/ diff --git a/roles/debian-host/templates/resolv.conf b/roles/debian-host/templates/resolv.conf index cce81b4..52a1891 100644 --- a/roles/debian-host/templates/resolv.conf +++ b/roles/debian-host/templates/resolv.conf @@ -1,5 +1,5 @@ -domain {{ resolv_domain }} -search {{ resolv_domain }} +domain {{ host_domain }} +search {{ host_domain }} {% if resolvers is defined %} {% for resolver in resolvers %} nameserver {{resolver}} -- 2.40.1 From 0936c97025eb56bb20fcc3278eb27b58d1bb02b8 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Fri, 4 Oct 2024 17:16:51 +0200 Subject: [PATCH 096/138] refs #8025 PVE fixes --- roles/pve/handlers/main.yml | 4 ++++ roles/pve/tasks/main.yml | 35 ++++------------------------------- roles/pve/tasks/nrpe.yml | 24 ++++++++++++++++++++++++ roles/pve/tasks/vhost.yml | 8 ++++++++ 4 files changed, 40 insertions(+), 31 deletions(-) create mode 100644 roles/pve/tasks/nrpe.yml create mode 100644 roles/pve/tasks/vhost.yml diff --git a/roles/pve/handlers/main.yml b/roles/pve/handlers/main.yml index 0399734..c096c8e 100644 --- a/roles/pve/handlers/main.yml +++ b/roles/pve/handlers/main.yml @@ -2,3 +2,7 @@ service: name: nagios-nrpe-server state: restarted +- name: restart-sysctl + service: + name: systemd-sysctl + state: restarted diff --git a/roles/pve/tasks/main.yml b/roles/pve/tasks/main.yml index 67fbc3a..af048f9 100644 --- a/roles/pve/tasks/main.yml +++ b/roles/pve/tasks/main.yml @@ -1,31 +1,4 @@ -- name: Set NRPE PVE configuration - copy: - src: nrpe.cfg - dest: /etc/nagios/nrpe.d/95-pve.cfg - owner: root - group: root - mode: u=rw,g=r,o=r - notify: restart-nrpe -- name: Copy PVE NRPE plugins - copy: - src: nrpe/ - dest: /etc/nagios/plugins/ - owner: root - group: root - mode: u=rwx,g=rx,o=rx - notify: restart-nrpe -- name: Add nagios to sudoers - copy: - src: sudoers - dest: /etc/sudoers.d/nagios - mode: u=rw,g=r,o= - owner: root - group: root - notify: restart-nrpe -- name: Configure memory regions - copy: - src: vhost.conf - dest: /etc/modprobe.d/ - mode: u=rw,g=r,o=r - owner: root - group: root +- import_tasks: nrpe.yml + tags: nrpe +- import_tasks: vhost.yml + tags: vhost diff --git a/roles/pve/tasks/nrpe.yml b/roles/pve/tasks/nrpe.yml new file mode 100644 index 0000000..e280c13 --- /dev/null +++ b/roles/pve/tasks/nrpe.yml @@ -0,0 +1,24 @@ +- name: Set NRPE PVE configuration + copy: + src: nrpe.cfg + dest: /etc/nagios/nrpe.d/95-pve.cfg + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart-nrpe +- name: Copy PVE NRPE plugins + copy: + src: nrpe/ + dest: /etc/nagios/plugins/ + owner: root + group: root + mode: u=rwx,g=rx,o=rx + notify: restart-nrpe +- name: Add nagios to sudoers + copy: + src: sudoers + dest: /etc/sudoers.d/nagios + mode: u=rw,g=r,o= + owner: root + group: root + notify: restart-nrpe diff --git a/roles/pve/tasks/vhost.yml b/roles/pve/tasks/vhost.yml new file mode 100644 index 0000000..81bc001 --- /dev/null +++ b/roles/pve/tasks/vhost.yml @@ -0,0 +1,8 @@ +- name: Configure memory regions + copy: + src: vhost.conf + dest: /etc/modprobe.d/ + mode: u=rw,g=r,o=r + owner: root + group: root + notify: restart-sysctl -- 2.40.1 From d6c51141bf81e2faa8d7b0798d48e41b64d0dc39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Mon, 7 Oct 2024 09:43:51 +0200 Subject: [PATCH 097/138] Refs #8025 Solution to approach resolv.conf only on case no dhcp-client is used --- roles/debian-host/tasks/main.yml | 2 ++ roles/debian-host/tasks/resolv.yml | 21 +++++++++++++++++---- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/roles/debian-host/tasks/main.yml b/roles/debian-host/tasks/main.yml index e4f179a..11d6c3f 100644 --- a/roles/debian-host/tasks/main.yml +++ b/roles/debian-host/tasks/main.yml @@ -4,3 +4,5 @@ tags: sysctl - import_tasks: apparmor.yml tags: apparmor +- import_tasks: resolv.yml + tags: resolv diff --git a/roles/debian-host/tasks/resolv.yml b/roles/debian-host/tasks/resolv.yml index 9aeb5a4..60455c0 100644 --- a/roles/debian-host/tasks/resolv.yml +++ b/roles/debian-host/tasks/resolv.yml @@ -1,9 +1,22 @@ -- name: Replace /etc/resolv.conf +- name: Check if DNS is already configured + stat: + path: /etc/resolv.conf + register: resolv_conf +- name: Read /etc/resolv.conf + slurp: + path: /etc/resolv.conf + register: resolv_conf_content + when: resolv_conf.stat.exists +- name: Check if DNS servers are already present + set_fact: + dns_configured: "{{ resolv_conf_content['content'] | b64decode | regex_search('^nameserver') is not none }}" + when: resolv_conf.stat.exists +- name: Apply resolv.conf template only if DNS is not configured template: - src: resolv.conf - dest: /etc/ + src: templates/resolv.conf + dest: /etc/resolv.conf owner: root group: root mode: '0644' backup: true - when: resolv_enabled + when: not resolv_conf.stat.exists or not dns_configured -- 2.40.1 From 606548db7efbeacc4c7790d1090ae58888419714 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Mon, 7 Oct 2024 12:06:19 +0200 Subject: [PATCH 098/138] Refs #8025 Resolv task moved to debian-base role - Review & refactor tasks from debian-base role defuser, install and locate --- roles/debian-base/handlers/main.yml | 1 - roles/debian-base/tasks/install.yml | 8 ++++++- roles/debian-base/tasks/locale.yml | 21 ++++++------------- roles/debian-base/tasks/main.yml | 2 ++ .../tasks/resolv.yml | 0 .../templates/resolv.conf | 0 roles/debian-host/tasks/main.yml | 2 -- 7 files changed, 15 insertions(+), 19 deletions(-) rename roles/{debian-host => debian-base}/tasks/resolv.yml (100%) rename roles/{debian-host => debian-base}/templates/resolv.conf (100%) diff --git a/roles/debian-base/handlers/main.yml b/roles/debian-base/handlers/main.yml index 524348c..76239c2 100644 --- a/roles/debian-base/handlers/main.yml +++ b/roles/debian-base/handlers/main.yml @@ -18,4 +18,3 @@ service: name: nagios-nrpe-server state: restarted - diff --git a/roles/debian-base/tasks/install.yml b/roles/debian-base/tasks/install.yml index e02d485..635d024 100644 --- a/roles/debian-base/tasks/install.yml +++ b/roles/debian-base/tasks/install.yml @@ -7,4 +7,10 @@ - psmisc - bash-completion - screen - - aptitude \ No newline at end of file + - aptitude + - vim + - aptitude + - tree + - btop + - ncdu + - debconf-utils diff --git a/roles/debian-base/tasks/locale.yml b/roles/debian-base/tasks/locale.yml index 218c067..faf125b 100644 --- a/roles/debian-base/tasks/locale.yml +++ b/roles/debian-base/tasks/locale.yml @@ -1,15 +1,6 @@ -- name: Enable locale languages - lineinfile: - dest: /etc/locale.gen - regexp: "{{item.regexp}}" - line: "{{item.line}}" - state: present - with_items: - - regexp: "^# es_ES.UTF-8 UTF-8" - line: "es_ES.UTF-8 UTF-8" - - regexp: "^# en_US.UTF-8 UTF-8" - line: "en_US.UTF-8 UTF-8" -- name: Generate locale - command: locale-gen -- name: Update locale - command: update-locale LANG=en_US.UTF-8 +- name: Set to generate locales + debconf: + name: locales + question: locales/locales_to_be_generated + value: en_US.UTF-8 UTF-8, es_ES.UTF-8 UTF-8 + vtype: multiselect diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml index 405ee97..ab9c185 100644 --- a/roles/debian-base/tasks/main.yml +++ b/roles/debian-base/tasks/main.yml @@ -1,3 +1,5 @@ +- import_tasks: resolv.yml + tags: resolv - import_tasks: defuser.yml tags: defuser - import_tasks: install.yml diff --git a/roles/debian-host/tasks/resolv.yml b/roles/debian-base/tasks/resolv.yml similarity index 100% rename from roles/debian-host/tasks/resolv.yml rename to roles/debian-base/tasks/resolv.yml diff --git a/roles/debian-host/templates/resolv.conf b/roles/debian-base/templates/resolv.conf similarity index 100% rename from roles/debian-host/templates/resolv.conf rename to roles/debian-base/templates/resolv.conf diff --git a/roles/debian-host/tasks/main.yml b/roles/debian-host/tasks/main.yml index 11d6c3f..e4f179a 100644 --- a/roles/debian-host/tasks/main.yml +++ b/roles/debian-host/tasks/main.yml @@ -4,5 +4,3 @@ tags: sysctl - import_tasks: apparmor.yml tags: apparmor -- import_tasks: resolv.yml - tags: resolv -- 2.40.1 From 24864f694fb5f6804705ae3a18c3007ebbc6157d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Mon, 7 Oct 2024 12:35:23 +0200 Subject: [PATCH 099/138] Refs #8025 tasks from debian-base role tzdata refactor --- roles/debian-base/files/set-timezone.sh | 8 -------- roles/debian-base/tasks/tzdata.yml | 12 ++++++++++-- 2 files changed, 10 insertions(+), 10 deletions(-) delete mode 100644 roles/debian-base/files/set-timezone.sh diff --git a/roles/debian-base/files/set-timezone.sh b/roles/debian-base/files/set-timezone.sh deleted file mode 100644 index 9e17f1c..0000000 --- a/roles/debian-base/files/set-timezone.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -echo 'tzdata tzdata/Areas select Europe' | debconf-set-selections -echo 'tzdata tzdata/Zones/Europe select Madrid' | debconf-set-selections -echo 'tzdata tzdata/Zones/Etc select UTC' | debconf-set-selections -rm /etc/timezone -rm /etc/localtime -dpkg-reconfigure -f noninteractive tzdata diff --git a/roles/debian-base/tasks/tzdata.yml b/roles/debian-base/tasks/tzdata.yml index f5e34a8..9560354 100644 --- a/roles/debian-base/tasks/tzdata.yml +++ b/roles/debian-base/tasks/tzdata.yml @@ -1,2 +1,10 @@ -- name: Configure the time zone - script: set-timezone.sh +- name: Configure debconf for tzdata + debconf: + name: tzdata + question: "{{ item.question }}" + value: "{{ item.value }}" + vtype: "string" + loop: + - { question: "tzdata/Areas", value: "Europe" } + - { question: "tzdata/Zones/Europe", value: "Madrid" } + - { question: "tzdata/Zones/Etc", value: "UTC" } -- 2.40.1 From 4139e78a9d1363d21fbfd9052aff9374b86ff6ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Mon, 7 Oct 2024 13:10:30 +0200 Subject: [PATCH 100/138] Refs #8025 Update notify triggers in the debconf Ansible module for locales and tzdata to reconfigure packages. --- roles/debian-base/handlers/main.yml | 4 ++++ roles/debian-base/tasks/locale.yml | 12 ++++++++---- roles/debian-base/tasks/tzdata.yml | 1 + 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/roles/debian-base/handlers/main.yml b/roles/debian-base/handlers/main.yml index 76239c2..8071c56 100644 --- a/roles/debian-base/handlers/main.yml +++ b/roles/debian-base/handlers/main.yml @@ -18,3 +18,7 @@ service: name: nagios-nrpe-server state: restarted +- name: Generate locales + command: /usr/sbin/locale-gen +- name: Reconfigure tzdata + command: dpkg-reconfigure -f noninteractive tzdata diff --git a/roles/debian-base/tasks/locale.yml b/roles/debian-base/tasks/locale.yml index faf125b..3ee9e6d 100644 --- a/roles/debian-base/tasks/locale.yml +++ b/roles/debian-base/tasks/locale.yml @@ -1,6 +1,10 @@ -- name: Set to generate locales +- name: Configure debconf for locales debconf: name: locales - question: locales/locales_to_be_generated - value: en_US.UTF-8 UTF-8, es_ES.UTF-8 UTF-8 - vtype: multiselect + question: "{{ item.question }}" + value: "{{ item.value }}" + vtype: "{{ item.vtype }}" + loop: + - { question: "locales/locales_to_be_generated", value: "en_US.UTF-8 UTF-8, es_ES.UTF-8 UTF-8", vtype: "multiselect" } + - { question: "locales/default_environment_locales", value: "en_US.UTF-8", vtype: "string" } + notify: Generate locales diff --git a/roles/debian-base/tasks/tzdata.yml b/roles/debian-base/tasks/tzdata.yml index 9560354..8683519 100644 --- a/roles/debian-base/tasks/tzdata.yml +++ b/roles/debian-base/tasks/tzdata.yml @@ -8,3 +8,4 @@ - { question: "tzdata/Areas", value: "Europe" } - { question: "tzdata/Zones/Europe", value: "Madrid" } - { question: "tzdata/Zones/Etc", value: "UTC" } + notify: Reconfigure tzdata -- 2.40.1 From 7ec58a2f89a62db93dfb336177dac2b5087b8e6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Mon, 7 Oct 2024 15:42:12 +0200 Subject: [PATCH 101/138] Refs #8025 debian base rol - approche install packages, triggers-notify in main --- inventories/group_vars/all.yml | 11 ++++++ roles/debian-base/handlers/main.yml | 10 ++--- roles/debian-base/tasks/install.yml | 13 +------ roles/debian-base/tasks/locale.yml | 2 +- roles/debian-base/tasks/relayhost.yml | 53 ++++++++------------------- roles/debian-base/tasks/tzdata.yml | 2 +- 6 files changed, 34 insertions(+), 57 deletions(-) diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index 4615399..6eaa81a 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -19,3 +19,14 @@ awx_pub_key: > ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzAwWm+IsqZCgMzjdZ7Do3xWtVtoUCpWJpH7KSi2a/H awx@verdnatura.es +base_packages: + - htop + - psmisc + - bash-completion + - screen + - aptitude + - vim + - tree + - btop + - ncdu + - debconf-utils diff --git a/roles/debian-base/handlers/main.yml b/roles/debian-base/handlers/main.yml index 8071c56..169347f 100644 --- a/roles/debian-base/handlers/main.yml +++ b/roles/debian-base/handlers/main.yml @@ -2,10 +2,6 @@ service: name: systemd-timesyncd state: restarted -- name: restart-exim - service: - name: exim4 - state: restarted - name: restart-ssh service: name: ssh @@ -18,7 +14,9 @@ service: name: nagios-nrpe-server state: restarted -- name: Generate locales +- name: generate locales command: /usr/sbin/locale-gen -- name: Reconfigure tzdata +- name: reconfigure tzdata command: dpkg-reconfigure -f noninteractive tzdata +- name: update exim configuration + command: update-exim4.conf diff --git a/roles/debian-base/tasks/install.yml b/roles/debian-base/tasks/install.yml index 635d024..a43a71e 100644 --- a/roles/debian-base/tasks/install.yml +++ b/roles/debian-base/tasks/install.yml @@ -2,15 +2,4 @@ apt: name: "{{ item }}" state: present - with_items: - - htop - - psmisc - - bash-completion - - screen - - aptitude - - vim - - aptitude - - tree - - btop - - ncdu - - debconf-utils + loop: "{{ base_packages }}" diff --git a/roles/debian-base/tasks/locale.yml b/roles/debian-base/tasks/locale.yml index 3ee9e6d..788b79d 100644 --- a/roles/debian-base/tasks/locale.yml +++ b/roles/debian-base/tasks/locale.yml @@ -7,4 +7,4 @@ loop: - { question: "locales/locales_to_be_generated", value: "en_US.UTF-8 UTF-8, es_ES.UTF-8 UTF-8", vtype: "multiselect" } - { question: "locales/default_environment_locales", value: "en_US.UTF-8", vtype: "string" } - notify: Generate locales + notify: generate locales diff --git a/roles/debian-base/tasks/relayhost.yml b/roles/debian-base/tasks/relayhost.yml index 88ee3e2..c66b162 100644 --- a/roles/debian-base/tasks/relayhost.yml +++ b/roles/debian-base/tasks/relayhost.yml @@ -3,46 +3,25 @@ name: exim4 state: present - name: Prepare exim configuration - lineinfile: - dest: /etc/exim4/update-exim4.conf.conf - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" + blockinfile: + path: /etc/exim4/update-exim4.conf.conf + marker_begin: '--- BEGIN VN ---' + marker_end: '--- END VN ---' + marker: "# {mark}" + block: | + dc_eximconfig_configtype='satellite' + dc_other_hostnames='{{ ansible_fqdn }}' + dc_local_interfaces='127.0.0.1' + dc_readhost='{{ ansible_fqdn }}' + dc_smarthost='{{ smtp_server }}' + dc_hide_mailname='true' state: present - mode: 0644 - with_items: - - regexp: '^dc_eximconfig_configtype' - line: "dc_eximconfig_configtype='satellite'" - - regexp: '^dc_other_hostnames' - line: "dc_other_hostnames='{{ ansible_fqdn }}'" - - regexp: '^dc_local_interfaces' - line: "dc_local_interfaces='127.0.0.1'" - - regexp: '^dc_readhost' - line: "dc_readhost='{{ ansible_fqdn }}'" - - regexp: '^dc_relay_domains' - line: "dc_relay_domains=''" - - regexp: '^dc_minimaldns' - line: "dc_minimaldns='false'" - - regexp: '^dc_relay_nets' - line: "dc_relay_nets=''" - - regexp: '^dc_smarthost' - line: "dc_smarthost='{{ smtp_server }}'" - - regexp: '^CFILEMODE' - line: "CFILEMODE='644'" - - regexp: '^dc_use_split_config' - line: "dc_use_split_config='false'" - - regexp: '^dc_hide_mailname' - line: "dc_hide_mailname='true'" - - regexp: '^dc_mailname_in_oh' - line: "dc_mailname_in_oh='true'" - - regexp: '^dc_localdelivery' - line: "dc_localdelivery='mail_spool'" - notify: restart-exim + create: yes + mode: '0644' + notify: update exim configuration register: exim_config -- name: Update exim configuration - command: update-exim4.conf - when: exim_config.changed - name: Sending mail to verify relay host configuration works shell: > echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \ | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}" - when: exim_config.changed + when: exim_config.changed diff --git a/roles/debian-base/tasks/tzdata.yml b/roles/debian-base/tasks/tzdata.yml index 8683519..3f9bf17 100644 --- a/roles/debian-base/tasks/tzdata.yml +++ b/roles/debian-base/tasks/tzdata.yml @@ -8,4 +8,4 @@ - { question: "tzdata/Areas", value: "Europe" } - { question: "tzdata/Zones/Europe", value: "Madrid" } - { question: "tzdata/Zones/Etc", value: "UTC" } - notify: Reconfigure tzdata + notify: reconfigure tzdata -- 2.40.1 From 32fa5102ce9657625e22fe09b8c405ca1c0ea74a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Mon, 7 Oct 2024 16:41:41 +0200 Subject: [PATCH 102/138] Refs #8025 debian base rol - more locales and group vars --- inventories/group_vars/all.yml | 3 +++ roles/debian-base/tasks/locale.yml | 14 +++++--------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index 6eaa81a..615b73f 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -30,3 +30,6 @@ base_packages: - btop - ncdu - debconf-utils +locales_present: + - en_US.UTF-8 + - es_ES.UTF-8 diff --git a/roles/debian-base/tasks/locale.yml b/roles/debian-base/tasks/locale.yml index 788b79d..9063486 100644 --- a/roles/debian-base/tasks/locale.yml +++ b/roles/debian-base/tasks/locale.yml @@ -1,10 +1,6 @@ -- name: Configure debconf for locales - debconf: - name: locales - question: "{{ item.question }}" - value: "{{ item.value }}" - vtype: "{{ item.vtype }}" - loop: - - { question: "locales/locales_to_be_generated", value: "en_US.UTF-8 UTF-8, es_ES.UTF-8 UTF-8", vtype: "multiselect" } - - { question: "locales/default_environment_locales", value: "en_US.UTF-8", vtype: "string" } +- name: make sure locales in variable are generated + locale_gen: + name: "{{ item }}" + state: present + with_items: "{{ locales_present }}" notify: generate locales -- 2.40.1 From bd310a73dfc106173f6f1f8ddc34fe14ef3cec37 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 7 Oct 2024 18:39:47 +0200 Subject: [PATCH 103/138] refs #8025 Create passbolt password, FQDN fix --- inventories/group_vars/all.yml | 4 +++- inventories/lab | 1 + inventories/servers | 1 + playbooks/passbolt.yml | 17 +++++++++++++++-- requirements.txt | 1 + roles/debian-guest/templates/nslcd.conf | 2 +- roles/debian-host/tasks/hostname.yml | 2 +- roles/debian-once/tasks/root.yml | 20 ++++++++++++++++++-- 8 files changed, 41 insertions(+), 7 deletions(-) diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index d14f1d3..c3a7d52 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -1,4 +1,5 @@ -ansible_host: "{{inventory_hostname_short}}.{{host_domain}}" +hostname_fqdn: "{{inventory_hostname_short}}.{{host_domain}}" +ansible_host: "{{hostname_fqdn}}" passbolt: 'anatomicjc.passbolt.passbolt' passbolt_inventory: 'anatomicjc.passbolt.passbolt_inventory' sysadmin_mail: sysadmin@verdnatura.es @@ -20,3 +21,4 @@ awx_pub_key: > ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzAwWm+IsqZCgMzjdZ7Do3xWtVtoUCpWJpH7KSi2a/H awx@verdnatura.es +pb_folder: e0d517be-6783-4b97-9742-acaa9b09742f diff --git a/inventories/lab b/inventories/lab index 1bcf480..df9bc90 100644 --- a/inventories/lab +++ b/inventories/lab @@ -1,5 +1,6 @@ [all:vars] host_domain=lab.verdnatura.es +pb_servers_folder=7007ba58-99a5-44f9-8808-8160137ce232 [cephlab] cephlab[01:03] diff --git a/inventories/servers b/inventories/servers index c8fe2ad..83642c0 100644 --- a/inventories/servers +++ b/inventories/servers @@ -1,5 +1,6 @@ [all:vars] host_domain=servers.dc.verdnatura.es +pb_servers_folder=fe08b909-ee3c-4257-b0b4-e088b16ca379 [kube_master] kube-master[1:5] diff --git a/playbooks/passbolt.yml b/playbooks/passbolt.yml index 698704a..0c5e72b 100644 --- a/playbooks/passbolt.yml +++ b/playbooks/passbolt.yml @@ -1,6 +1,19 @@ -- name: Fetch passbolt password +- name: Fetch or create passbolt password hosts: all gather_facts: no tasks: - debug: - msg: "Password: {{ lookup(passbolt, 'test').password }}" + msg: > + {{ + lookup(passbolt, 'test', + username='root', + password=pb_password, + folder_parent_id=pb_folder + ) + }} + vars: + pb_password: 'S3cR3tP4$$w0rd' + environment: + PASSBOLT_CREATE_NEW_RESOURCE: true + PASSBOLT_NEW_RESOURCE_PASSWORD_LENGTH: 18 + PASSBOLT_NEW_RESOURCE_PASSWORD_SPECIAL_CHARS: false diff --git a/requirements.txt b/requirements.txt index c0ee91b..a0e207b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ py-passbolt==0.0.18 cryptography==3.3.2 +passlib==1.7.4 diff --git a/roles/debian-guest/templates/nslcd.conf b/roles/debian-guest/templates/nslcd.conf index a204607..3f635fe 100644 --- a/roles/debian-guest/templates/nslcd.conf +++ b/roles/debian-guest/templates/nslcd.conf @@ -8,7 +8,7 @@ idle_timelimit 60 base {{ ldap_base }} binddn cn=nss,ou=admins,{{ ldap_base }} -bindpw {{ lookup(passbolt, 'nslcd').password }} +bindpw {{ lookup(passbolt, 'nslcd', folder_parent_id=pb_folder).password }} pagesize 500 filter group (&(objectClass=posixGroup)(cn={{ sysadmin_group }})) diff --git a/roles/debian-host/tasks/hostname.yml b/roles/debian-host/tasks/hostname.yml index 799a81f..56522d6 100644 --- a/roles/debian-host/tasks/hostname.yml +++ b/roles/debian-host/tasks/hostname.yml @@ -9,4 +9,4 @@ marker_end: '--- END VN ---' marker: "# {mark}" block: | - {{ ansible_default_ipv4.address }} {{ ansible_host }} {{ inventory_hostname_short }} + {{ ansible_default_ipv4.address }} {{hostname_fqdn}} {{ inventory_hostname_short }} diff --git a/roles/debian-once/tasks/root.yml b/roles/debian-once/tasks/root.yml index 654b2b4..373ea64 100644 --- a/roles/debian-once/tasks/root.yml +++ b/roles/debian-once/tasks/root.yml @@ -1,13 +1,29 @@ - name: Generate a random root password set_fact: - root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}" -- name: Save the root password to a file + root_password: > + {{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }} +- name: Save root password into Passbolt + debug: + msg: > + {{ + lookup(passbolt, inventory_hostname_short, + username='root', + password=root_password, + uri='ssh://'+hostname_fqdn, + folder_parent_id=pb_servers_folder + ) + }} + environment: + PASSBOLT_CREATE_NEW_RESOURCE: true + when: pb_folder is defined +- name: Save the root password to file copy: content: "{{ root_password }}\n" dest: /root/root_password.txt owner: root group: root mode: '0600' + when: pb_folder is not defined - name: Change root password user: name: root -- 2.40.1 From a0c48b9aad0e727f51e65316e412205ba16ff708 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 7 Oct 2024 18:41:33 +0200 Subject: [PATCH 104/138] refs #8025 hostname sintax fix --- roles/debian-host/tasks/hostname.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/debian-host/tasks/hostname.yml b/roles/debian-host/tasks/hostname.yml index 56522d6..ee8fceb 100644 --- a/roles/debian-host/tasks/hostname.yml +++ b/roles/debian-host/tasks/hostname.yml @@ -9,4 +9,4 @@ marker_end: '--- END VN ---' marker: "# {mark}" block: | - {{ ansible_default_ipv4.address }} {{hostname_fqdn}} {{ inventory_hostname_short }} + {{ ansible_default_ipv4.address }} {{ hostname_fqdn }} {{ inventory_hostname_short }} -- 2.40.1 From 153493a875d09c168ed54b23a0eb4f0ad8052c7e Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 7 Oct 2024 18:42:54 +0200 Subject: [PATCH 105/138] refs #8025 root task debug fix --- roles/debian-once/tasks/root.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/debian-once/tasks/root.yml b/roles/debian-once/tasks/root.yml index 373ea64..469d112 100644 --- a/roles/debian-once/tasks/root.yml +++ b/roles/debian-once/tasks/root.yml @@ -3,7 +3,7 @@ root_password: > {{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }} - name: Save root password into Passbolt - debug: + set_fact: msg: > {{ lookup(passbolt, inventory_hostname_short, -- 2.40.1 From fed934b5dbff4eeb7c904cc6e4c3ee6cfbbc891d Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 7 Oct 2024 19:26:29 +0200 Subject: [PATCH 106/138] refs #8025 passbolt create fixes --- inventories/group_vars/all.yml | 2 +- inventories/lab | 1 - inventories/servers | 1 - playbooks/passbolt.yml | 11 ++--------- roles/debian-guest/templates/nslcd.conf | 2 +- roles/debian-once/tasks/root.yml | 5 +---- 6 files changed, 5 insertions(+), 17 deletions(-) diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index c3a7d52..f98b825 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -21,4 +21,4 @@ awx_pub_key: > ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzAwWm+IsqZCgMzjdZ7Do3xWtVtoUCpWJpH7KSi2a/H awx@verdnatura.es -pb_folder: e0d517be-6783-4b97-9742-acaa9b09742f +passbolt_folder: e0d517be-6783-4b97-9742-acaa9b09742f diff --git a/inventories/lab b/inventories/lab index df9bc90..1bcf480 100644 --- a/inventories/lab +++ b/inventories/lab @@ -1,6 +1,5 @@ [all:vars] host_domain=lab.verdnatura.es -pb_servers_folder=7007ba58-99a5-44f9-8808-8160137ce232 [cephlab] cephlab[01:03] diff --git a/inventories/servers b/inventories/servers index 83642c0..c8fe2ad 100644 --- a/inventories/servers +++ b/inventories/servers @@ -1,6 +1,5 @@ [all:vars] host_domain=servers.dc.verdnatura.es -pb_servers_folder=fe08b909-ee3c-4257-b0b4-e088b16ca379 [kube_master] kube-master[1:5] diff --git a/playbooks/passbolt.yml b/playbooks/passbolt.yml index 0c5e72b..146a2b5 100644 --- a/playbooks/passbolt.yml +++ b/playbooks/passbolt.yml @@ -3,16 +3,9 @@ gather_facts: no tasks: - debug: - msg: > - {{ - lookup(passbolt, 'test', - username='root', - password=pb_password, - folder_parent_id=pb_folder - ) - }} + msg: "{{ lookup(passbolt, 'test', password=passbolt_password) }}" vars: - pb_password: 'S3cR3tP4$$w0rd' + passbolt_password: 'S3cR3tP4$$w0rd' environment: PASSBOLT_CREATE_NEW_RESOURCE: true PASSBOLT_NEW_RESOURCE_PASSWORD_LENGTH: 18 diff --git a/roles/debian-guest/templates/nslcd.conf b/roles/debian-guest/templates/nslcd.conf index 3f635fe..aeb7aa4 100644 --- a/roles/debian-guest/templates/nslcd.conf +++ b/roles/debian-guest/templates/nslcd.conf @@ -8,7 +8,7 @@ idle_timelimit 60 base {{ ldap_base }} binddn cn=nss,ou=admins,{{ ldap_base }} -bindpw {{ lookup(passbolt, 'nslcd', folder_parent_id=pb_folder).password }} +bindpw {{ lookup(passbolt, 'nslcd', folder_parent_id=passbolt_folder).password }} pagesize 500 filter group (&(objectClass=posixGroup)(cn={{ sysadmin_group }})) diff --git a/roles/debian-once/tasks/root.yml b/roles/debian-once/tasks/root.yml index 469d112..0d93b92 100644 --- a/roles/debian-once/tasks/root.yml +++ b/roles/debian-once/tasks/root.yml @@ -9,13 +9,11 @@ lookup(passbolt, inventory_hostname_short, username='root', password=root_password, - uri='ssh://'+hostname_fqdn, - folder_parent_id=pb_servers_folder + uri='ssh://'+hostname_fqdn ) }} environment: PASSBOLT_CREATE_NEW_RESOURCE: true - when: pb_folder is defined - name: Save the root password to file copy: content: "{{ root_password }}\n" @@ -23,7 +21,6 @@ owner: root group: root mode: '0600' - when: pb_folder is not defined - name: Change root password user: name: root -- 2.40.1 From d4c21376cd90e013f533029e9101139326c145f4 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 7 Oct 2024 19:29:20 +0200 Subject: [PATCH 107/138] refs #8025 passbolt create fixes --- roles/debian-once/tasks/root.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/debian-once/tasks/root.yml b/roles/debian-once/tasks/root.yml index 0d93b92..ad021ca 100644 --- a/roles/debian-once/tasks/root.yml +++ b/roles/debian-once/tasks/root.yml @@ -1,7 +1,6 @@ - name: Generate a random root password set_fact: - root_password: > - {{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }} + root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}" - name: Save root password into Passbolt set_fact: msg: > -- 2.40.1 From 0260125e6638c1264fd1bdad4df1e54d076866aa Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 8 Oct 2024 11:53:46 +0200 Subject: [PATCH 108/138] refs #8025 README run playbook fix --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 70d4e54..580a348 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ ansible-galaxy collection install -r collections/requirements.yml ## Run playbook Before merging changes into protected branches, playbooks should be tested -locally to ensure they work properly. The *local* inventory can also be used, -wich is not uploaded to the repository. +locally to ensure they work properly. The *inventories/local* inventory can +also be used, wich is not uploaded to the repository. Run playbook on inventory host. ``` -- 2.40.1 From 69d8ff371ab361745955fbbb9be54a4bb2be36b5 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 8 Oct 2024 11:55:12 +0200 Subject: [PATCH 109/138] refs #8025 run-playbook.sh vault-pass fix --- run-playbook.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run-playbook.sh b/run-playbook.sh index b6bdeb2..23f5d6a 100755 --- a/run-playbook.sh +++ b/run-playbook.sh @@ -5,8 +5,8 @@ EXTRA_ARGS=() if [ -f .passbolt.yml ]; then EXTRA_ARGS+=("--extra-vars" "@.passbolt.yml") fi -if [ -f .vaultpass ]; then - EXTRA_ARGS+=("--vault-password-file" ".vaultpass") +if [ -f .vault-pass ]; then + EXTRA_ARGS+=("--vault-password-file" ".vault-pass") fi #export PYTHONPATH=./venv/lib/python3.12/site-packages/ -- 2.40.1 From 557a4a090595775621a52582d83b5b7ce93c868b Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 8 Oct 2024 12:00:30 +0200 Subject: [PATCH 110/138] refs #8025 README setup fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 580a348..c36f8c3 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,6 @@ Create a Python virtual environment. python3 -m venv venv source venv/bin/activate pip install --upgrade pip ansible==10.1.0 ansible-builder==3.1.0 -pip install -r requirements.txt ``` Before running any Ansible command, activate the Python virtual environment. @@ -35,6 +34,7 @@ deactivate Install dependencies. ``` +pip install -r requirements.txt ansible-galaxy collection install -r collections/requirements.yml ``` -- 2.40.1 From 7235b8ab3784c2926f9f37a240dff5df20f79512 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 8 Oct 2024 12:01:39 +0200 Subject: [PATCH 111/138] refs #8025 README setup fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c36f8c3..1bd3332 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ source venv/bin/activate pip install --upgrade pip ansible==10.1.0 ansible-builder==3.1.0 ``` -Before running any Ansible command, activate the Python virtual environment. +Before running any Python dependent command, activate the virtual environment. ``` source venv/bin/activate ``` -- 2.40.1 From 09ed8be828867d2dbe1cbbccc82256cc9d06668a Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 8 Oct 2024 12:07:51 +0200 Subject: [PATCH 112/138] refs #8025 README run fix --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1bd3332..821cd29 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Before running any Python dependent command, activate the virtual environment. source venv/bin/activate ``` -Once you're done, deactivate the virtual environment. +Once you are done, deactivate the virtual environment. ``` deactivate ``` @@ -41,8 +41,8 @@ ansible-galaxy collection install -r collections/requirements.yml ## Run playbook Before merging changes into protected branches, playbooks should be tested -locally to ensure they work properly. The *inventories/local* inventory can -also be used, wich is not uploaded to the repository. +locally to ensure they work properly. The *inventories/local* inventory is not +uploaded to the repository and can be used for local testing. Run playbook on inventory host. ``` -- 2.40.1 From 88c47d3c3af51faef3a7230756e9b7b67eea17ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Tue, 8 Oct 2024 12:34:52 +0200 Subject: [PATCH 113/138] Refs #8025 Rol debian-base. Task relayhost fix and handler exim update config. --- roles/debian-base/handlers/main.yml | 2 +- roles/debian-base/tasks/relayhost.yml | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/debian-base/handlers/main.yml b/roles/debian-base/handlers/main.yml index 169347f..379bf91 100644 --- a/roles/debian-base/handlers/main.yml +++ b/roles/debian-base/handlers/main.yml @@ -19,4 +19,4 @@ - name: reconfigure tzdata command: dpkg-reconfigure -f noninteractive tzdata - name: update exim configuration - command: update-exim4.conf + command: /usr/sbin/update-exim4.conf diff --git a/roles/debian-base/tasks/relayhost.yml b/roles/debian-base/tasks/relayhost.yml index c66b162..13c46f5 100644 --- a/roles/debian-base/tasks/relayhost.yml +++ b/roles/debian-base/tasks/relayhost.yml @@ -20,8 +20,10 @@ mode: '0644' notify: update exim configuration register: exim_config +- name: Force execution of handlers immediately + meta: flush_handlers - name: Sending mail to verify relay host configuration works shell: > - echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \ + sleep 2; echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \ | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}" - when: exim_config.changed + when: exim_config.changed -- 2.40.1 From 3ad39e03a8bc7777a30c9381007320106f918d5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Tue, 8 Oct 2024 16:12:56 +0200 Subject: [PATCH 114/138] Refs #8025 Rol debian-base. Task nrpe fix, vars remove and move to group_vars and defaults. --- inventories/group_vars/all.yml | 1 + roles/debian-base/defaults/main.yaml | 3 +++ roles/debian-base/handlers/main.yml | 2 +- roles/debian-base/tasks/nrpe.yml | 2 ++ roles/debian-base/vars/main.yml | 3 --- 5 files changed, 7 insertions(+), 4 deletions(-) delete mode 100644 roles/debian-base/vars/main.yml diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index 2e8d5ad..fdadcd2 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -31,6 +31,7 @@ base_packages: - btop - ncdu - debconf-utils + - net-tools locales_present: - en_US.UTF-8 - es_ES.UTF-8 diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index 6bd18b1..fa8f6da 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -5,3 +5,6 @@ fail2ban: bantime: 600 maxretry: 4 ignore: "127.0.0.0/8 {{ dc_net }}" +vn_host: + url: http://apt.verdnatura.es/pool/main/v/vn-host + package: vn-host_2.0.2_all.deb diff --git a/roles/debian-base/handlers/main.yml b/roles/debian-base/handlers/main.yml index 379bf91..2626302 100644 --- a/roles/debian-base/handlers/main.yml +++ b/roles/debian-base/handlers/main.yml @@ -19,4 +19,4 @@ - name: reconfigure tzdata command: dpkg-reconfigure -f noninteractive tzdata - name: update exim configuration - command: /usr/sbin/update-exim4.conf + command: /usr/sbin/update-exim4.conf \ No newline at end of file diff --git a/roles/debian-base/tasks/nrpe.yml b/roles/debian-base/tasks/nrpe.yml index 57ab588..31e5f64 100644 --- a/roles/debian-base/tasks/nrpe.yml +++ b/roles/debian-base/tasks/nrpe.yml @@ -2,9 +2,11 @@ apt: name: "{{ item }}" state: present + install_recommends: no loop: - nagios-nrpe-server - nagios-plugins-contrib + - monitoring-plugins-basic - name: Set NRPE generic configuration template: src: nrpe.cfg diff --git a/roles/debian-base/vars/main.yml b/roles/debian-base/vars/main.yml deleted file mode 100644 index 17fe0d6..0000000 --- a/roles/debian-base/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -vn_host: - url: http://apt.verdnatura.es/pool/main/v/vn-host - package: vn-host_2.0.2_all.deb -- 2.40.1 From 616beda4b7d74c5903970fe11db387a2c8cabe93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Tue, 8 Oct 2024 16:35:53 +0200 Subject: [PATCH 115/138] Refs #8025 Debian-base - minor fix nrpe to bind ipv4 --- roles/debian-base/tasks/nrpe.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/debian-base/tasks/nrpe.yml b/roles/debian-base/tasks/nrpe.yml index 31e5f64..bf6aff3 100644 --- a/roles/debian-base/tasks/nrpe.yml +++ b/roles/debian-base/tasks/nrpe.yml @@ -14,7 +14,6 @@ owner: root group: root mode: u=rw,g=r,o=r - notify: restart-nrpe - name: Create NRPE local configuration file file: path: /etc/nagios/nrpe.d/99-local.cfg @@ -24,3 +23,9 @@ mode: u=rw,g=r,o= modification_time: preserve access_time: preserve +- name: Configure nrpe.cfg to bind ipv4 + lineinfile: + path: /etc/nagios/nrpe.cfg + regexp: '^#server_address=127.0.0.1' + line: 'server_address={{ ansible_default_ipv4.address }}' + notify: restart-nrpe \ No newline at end of file -- 2.40.1 From d14b123219b9c9b0f22adaf1ecf9935a53141ae0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Thu, 10 Oct 2024 11:49:42 +0200 Subject: [PATCH 116/138] Refs #8025 Rol debian-base. Task timesync systemd fix, vars add to defaults, refactor handlers --- roles/debian-base/defaults/main.yaml | 1 + roles/debian-base/handlers/main.yml | 12 ++++++------ roles/debian-base/tasks/main.yml | 2 ++ roles/debian-base/tasks/timesync.yml | 26 ++++++++++++++------------ 4 files changed, 23 insertions(+), 18 deletions(-) diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index fa8f6da..5b2dc17 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -8,3 +8,4 @@ fail2ban: vn_host: url: http://apt.verdnatura.es/pool/main/v/vn-host package: vn-host_2.0.2_all.deb +time_server_spain: ntp.roa.es diff --git a/roles/debian-base/handlers/main.yml b/roles/debian-base/handlers/main.yml index 2626302..8ffbd80 100644 --- a/roles/debian-base/handlers/main.yml +++ b/roles/debian-base/handlers/main.yml @@ -1,17 +1,17 @@ -- name: restart-timesyncd - service: +- name: restart systemd-timesyncd + systemd: name: systemd-timesyncd state: restarted - name: restart-ssh - service: + systemd: name: ssh state: restarted - name: restart-fail2ban - service: + systemd: name: fail2ban state: restarted - name: restart-nrpe - service: + systemd: name: nagios-nrpe-server state: restarted - name: generate locales @@ -19,4 +19,4 @@ - name: reconfigure tzdata command: dpkg-reconfigure -f noninteractive tzdata - name: update exim configuration - command: /usr/sbin/update-exim4.conf \ No newline at end of file + command: /usr/sbin/update-exim4.conf diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml index ab9c185..665c208 100644 --- a/roles/debian-base/tasks/main.yml +++ b/roles/debian-base/tasks/main.yml @@ -1,5 +1,7 @@ - import_tasks: resolv.yml tags: resolv +- import_tasks: timesync.yml + tags: timesync - import_tasks: defuser.yml tags: defuser - import_tasks: install.yml diff --git a/roles/debian-base/tasks/timesync.yml b/roles/debian-base/tasks/timesync.yml index 708a409..103234f 100644 --- a/roles/debian-base/tasks/timesync.yml +++ b/roles/debian-base/tasks/timesync.yml @@ -1,21 +1,23 @@ -- name: Configure /etc/systemd/timesyncd.conf - lineinfile: - path: /etc/systemd/timesyncd.conf - regexp: '^#NTP' - line: "NTP={{ time_server }}" +- name: Ensure directory for timesyncd custom configuration exists + file: + path: /etc/systemd/timesyncd.conf.d/ + state: directory owner: root group: root - mode: '0644' -- name: Configure /etc/systemd/timesyncd.conf - lineinfile: - path: /etc/systemd/timesyncd.conf - regexp: '^#?FallbackNTP=' - line: "FallbackNTP=ntp.roa.es" + mode: '0755' +- name: Configure NTP settings in /etc/systemd/timesyncd.conf.d/vn-ntp.conf + copy: + dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf + content: | + [Time] + NTP={{ time_server }} + FallbackNTP={{ time_server_spain }} owner: root group: root mode: '0644' notify: restart systemd-timesyncd -- name: Service should start on boot +- name: Ensure systemd-timesyncd service is enabled and started service: name: systemd-timesyncd enabled: yes + state: started -- 2.40.1 From 33586c7f961d0d600d9504d0f8bd122ef9ea431e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Thu, 10 Oct 2024 13:21:32 +0200 Subject: [PATCH 117/138] Refs #8025 Rol debian-base. Task install, nrpe, fail2ban fix, refactor handlers --- inventories/group_vars/all.yml | 1 - roles/debian-base/defaults/main.yaml | 3 +++ roles/debian-base/tasks/fail2ban.yml | 7 ++----- roles/debian-base/tasks/install.yml | 3 +-- roles/debian-base/tasks/main.yml | 2 ++ roles/debian-base/tasks/nrpe.yml | 6 +----- roles/debian-once/handlers/main.yml | 4 ++++ roles/debian-once/tasks/ssh.yml | 20 +++++++++++++++++--- 8 files changed, 30 insertions(+), 16 deletions(-) create mode 100644 roles/debian-once/handlers/main.yml diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index fdadcd2..28f9649 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -26,7 +26,6 @@ base_packages: - bash-completion - screen - aptitude - - vim - tree - btop - ncdu diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index 5b2dc17..92d106e 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -5,6 +5,9 @@ fail2ban: bantime: 600 maxretry: 4 ignore: "127.0.0.0/8 {{ dc_net }}" +fail2ban_base_packages: + - fail2ban + - rsyslog vn_host: url: http://apt.verdnatura.es/pool/main/v/vn-host package: vn-host_2.0.2_all.deb diff --git a/roles/debian-base/tasks/fail2ban.yml b/roles/debian-base/tasks/fail2ban.yml index 709bafe..838e89e 100644 --- a/roles/debian-base/tasks/fail2ban.yml +++ b/roles/debian-base/tasks/fail2ban.yml @@ -1,10 +1,7 @@ -- name: Install fail2ban packages +- name: Install fail2ban and rsyslog packages apt: - name: fail2ban + name: "{{ fail2ban_base_packages }}" state: present - loop: - - fail2ban - - rsyslog - name: Configure fail2ban service template: src: jail.local diff --git a/roles/debian-base/tasks/install.yml b/roles/debian-base/tasks/install.yml index a43a71e..396832c 100644 --- a/roles/debian-base/tasks/install.yml +++ b/roles/debian-base/tasks/install.yml @@ -1,5 +1,4 @@ - name: Install base packages apt: - name: "{{ item }}" + name: "{{ base_packages }}" state: present - loop: "{{ base_packages }}" diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml index 665c208..74471b2 100644 --- a/roles/debian-base/tasks/main.yml +++ b/roles/debian-base/tasks/main.yml @@ -20,3 +20,5 @@ tags: vim - import_tasks: nrpe.yml tags: nrpe +- import_tasks: fail2ban.yml + tags: fail2ban diff --git a/roles/debian-base/tasks/nrpe.yml b/roles/debian-base/tasks/nrpe.yml index bf6aff3..d5e98a1 100644 --- a/roles/debian-base/tasks/nrpe.yml +++ b/roles/debian-base/tasks/nrpe.yml @@ -1,12 +1,8 @@ - name: Install NRPE packages apt: - name: "{{ item }}" + name: "{{ nagios_packages }}" state: present install_recommends: no - loop: - - nagios-nrpe-server - - nagios-plugins-contrib - - monitoring-plugins-basic - name: Set NRPE generic configuration template: src: nrpe.cfg diff --git a/roles/debian-once/handlers/main.yml b/roles/debian-once/handlers/main.yml new file mode 100644 index 0000000..18c505e --- /dev/null +++ b/roles/debian-once/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart sshd + systemd: + name: sshd + state: restarted diff --git a/roles/debian-once/tasks/ssh.yml b/roles/debian-once/tasks/ssh.yml index 84877cc..26f7a8b 100644 --- a/roles/debian-once/tasks/ssh.yml +++ b/roles/debian-once/tasks/ssh.yml @@ -1,10 +1,24 @@ +- name: Generate a new SSH key pair + openssh_keypair: + path: /etc/ssh/ssh_host_rsa_key + type: rsa + size: 4096 + register: new_pair +- name: Configure sshd_config settings + lineinfile: + path: /etc/ssh/sshd_config + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + loop: + - { regexp: '^#ListenAddress 0.0.0.0', line: 'ListenAddress 0.0.0.0' } + - { regexp: '^#SyslogFacility AUTH', line: 'SyslogFacility AUTH' } - name: Delete old host SSH keys file: path: "{{ item }}" state: absent with_items: - /etc/ssh/ssh_host_ecdsa_key + - /etc/ssh/ssh_host_ecdsa_key.pub - /etc/ssh/ssh_host_ed25519_key - - /etc/ssh/ssh_host_rsa_key -- name: Regenerate host SSH keys - command: dpkg-reconfigure openssh-server + - /etc/ssh/ssh_host_ed25519_key.pub + when: new_pair is succeeded -- 2.40.1 From 06cc6fa26bf20f0baf20f75dde74fd3d5f176de6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Thu, 10 Oct 2024 13:36:16 +0200 Subject: [PATCH 118/138] Refs #8025 Rol debian-base. Task ssh move from debian-once to ., refactor handlers --- roles/debian-base/defaults/main.yaml | 4 ++++ roles/debian-base/handlers/main.yml | 4 ++++ roles/debian-base/tasks/main.yml | 2 ++ roles/{debian-once => debian-base}/tasks/ssh.yml | 3 ++- roles/debian-once/handlers/main.yml | 4 ---- roles/debian-once/tasks/main.yml | 2 -- 6 files changed, 12 insertions(+), 7 deletions(-) rename roles/{debian-once => debian-base}/tasks/ssh.yml (92%) delete mode 100644 roles/debian-once/handlers/main.yml diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index 92d106e..138dcdc 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -12,3 +12,7 @@ vn_host: url: http://apt.verdnatura.es/pool/main/v/vn-host package: vn-host_2.0.2_all.deb time_server_spain: ntp.roa.es +nagios_packages: + - nagios-nrpe-server + - nagios-plugins-contrib + - monitoring-plugins-basic diff --git a/roles/debian-base/handlers/main.yml b/roles/debian-base/handlers/main.yml index 8ffbd80..6d3fab4 100644 --- a/roles/debian-base/handlers/main.yml +++ b/roles/debian-base/handlers/main.yml @@ -14,6 +14,10 @@ systemd: name: nagios-nrpe-server state: restarted +- name: restart sshd + systemd: + name: sshd + state: restarted - name: generate locales command: /usr/sbin/locale-gen - name: reconfigure tzdata diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml index 74471b2..0228231 100644 --- a/roles/debian-base/tasks/main.yml +++ b/roles/debian-base/tasks/main.yml @@ -2,6 +2,8 @@ tags: resolv - import_tasks: timesync.yml tags: timesync +- import_tasks: ssh.yml + tags: ssh - import_tasks: defuser.yml tags: defuser - import_tasks: install.yml diff --git a/roles/debian-once/tasks/ssh.yml b/roles/debian-base/tasks/ssh.yml similarity index 92% rename from roles/debian-once/tasks/ssh.yml rename to roles/debian-base/tasks/ssh.yml index 26f7a8b..0fb844b 100644 --- a/roles/debian-once/tasks/ssh.yml +++ b/roles/debian-base/tasks/ssh.yml @@ -3,7 +3,7 @@ path: /etc/ssh/ssh_host_rsa_key type: rsa size: 4096 - register: new_pair + register: new_pair - name: Configure sshd_config settings lineinfile: path: /etc/ssh/sshd_config @@ -22,3 +22,4 @@ - /etc/ssh/ssh_host_ed25519_key - /etc/ssh/ssh_host_ed25519_key.pub when: new_pair is succeeded + notify: restart sshd diff --git a/roles/debian-once/handlers/main.yml b/roles/debian-once/handlers/main.yml deleted file mode 100644 index 18c505e..0000000 --- a/roles/debian-once/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart sshd - systemd: - name: sshd - state: restarted diff --git a/roles/debian-once/tasks/main.yml b/roles/debian-once/tasks/main.yml index b77c6fc..e5da03c 100644 --- a/roles/debian-once/tasks/main.yml +++ b/roles/debian-once/tasks/main.yml @@ -1,4 +1,2 @@ -- import_tasks: ssh.yml - tags: ssh - import_tasks: root.yml tags: root -- 2.40.1 From e195130241853b83a22a6408cdd556d75f626fcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Thu, 10 Oct 2024 14:47:43 +0200 Subject: [PATCH 119/138] Refs #8025 Rol debian-base. Task fail2ban jinga template. --- roles/debian-base/defaults/main.yaml | 1 + roles/debian-base/templates/jail.local | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index 138dcdc..f7f697f 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -5,6 +5,7 @@ fail2ban: bantime: 600 maxretry: 4 ignore: "127.0.0.0/8 {{ dc_net }}" + logpath: "/var/log/auth.log" fail2ban_base_packages: - fail2ban - rsyslog diff --git a/roles/debian-base/templates/jail.local b/roles/debian-base/templates/jail.local index 838b4ed..0e4ef17 100644 --- a/roles/debian-base/templates/jail.local +++ b/roles/debian-base/templates/jail.local @@ -17,4 +17,4 @@ action = %(action_)s enabled = true port = 0:65535 filter = sshd -logpath = %(sshd_log)s +logpath = {{ fail2ban.logpath }} -- 2.40.1 From 94ca22734d1f299e568e20ba3cd08a154e7da312 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Thu, 10 Oct 2024 15:48:34 +0200 Subject: [PATCH 120/138] Refs #8025 Rol debian-base. Task ssh to conf.d directory --- roles/debian-base/tasks/ssh.yml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/roles/debian-base/tasks/ssh.yml b/roles/debian-base/tasks/ssh.yml index 0fb844b..1ff39a2 100644 --- a/roles/debian-base/tasks/ssh.yml +++ b/roles/debian-base/tasks/ssh.yml @@ -5,13 +5,17 @@ size: 4096 register: new_pair - name: Configure sshd_config settings - lineinfile: - path: /etc/ssh/sshd_config - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - loop: - - { regexp: '^#ListenAddress 0.0.0.0', line: 'ListenAddress 0.0.0.0' } - - { regexp: '^#SyslogFacility AUTH', line: 'SyslogFacility AUTH' } + copy: + dest: /etc/ssh/sshd_config.d/custom.conf + content: | + # Do not edit this file! Ansible will overwrite it. + + ListenAddress 0.0.0.0 + SyslogFacility AUTH + permitRootLogin yes + owner: root + group: root + mode: '0644' - name: Delete old host SSH keys file: path: "{{ item }}" -- 2.40.1 From 3e7771ba4c945b162d15047dd8719cdf1433a797 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Thu, 10 Oct 2024 16:06:01 +0200 Subject: [PATCH 121/138] Refs #8025 Rol debian-base. Task ssh refactor --- roles/debian-base/tasks/ssh.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/debian-base/tasks/ssh.yml b/roles/debian-base/tasks/ssh.yml index 1ff39a2..2179974 100644 --- a/roles/debian-base/tasks/ssh.yml +++ b/roles/debian-base/tasks/ssh.yml @@ -13,9 +13,9 @@ ListenAddress 0.0.0.0 SyslogFacility AUTH permitRootLogin yes - owner: root - group: root - mode: '0644' + owner: root + group: root + mode: '0644' - name: Delete old host SSH keys file: path: "{{ item }}" -- 2.40.1 From 588db894a1cf1e4bc9c179d21f1ea768f91002ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Thu, 10 Oct 2024 16:12:29 +0200 Subject: [PATCH 122/138] Refs #8025 Rol debian-base. All task - Refactor from octal permissions to plain text --- roles/debian-base/tasks/bacula.yml | 2 +- roles/debian-base/tasks/fail2ban.yml | 2 +- roles/debian-base/tasks/motd.yml | 2 +- roles/debian-base/tasks/profile.yml | 2 +- roles/debian-base/tasks/relayhost.yml | 2 +- roles/debian-base/tasks/resolv.yml | 2 +- roles/debian-base/tasks/ssh.yml | 5 ++--- roles/debian-base/tasks/timesync.yml | 4 ++-- roles/debian-base/tasks/vim.yml | 2 +- roles/debian-base/tasks/vn-repo.yml | 2 +- 10 files changed, 12 insertions(+), 13 deletions(-) diff --git a/roles/debian-base/tasks/bacula.yml b/roles/debian-base/tasks/bacula.yml index ef04a37..2cfcb6d 100644 --- a/roles/debian-base/tasks/bacula.yml +++ b/roles/debian-base/tasks/bacula.yml @@ -12,7 +12,7 @@ dest: /etc/bacula/bacula-fd.conf owner: root group: bacula - mode: '0640' + mode: u=rw,g=r,o= backup: true - name: Restart Bacula FD service service: diff --git a/roles/debian-base/tasks/fail2ban.yml b/roles/debian-base/tasks/fail2ban.yml index 838e89e..a3ed3f1 100644 --- a/roles/debian-base/tasks/fail2ban.yml +++ b/roles/debian-base/tasks/fail2ban.yml @@ -8,5 +8,5 @@ dest: /etc/fail2ban/jail.local owner: root group: root - mode: '0644' + mode: u=rw,g=r,o=r notify: restart-fail2ban diff --git a/roles/debian-base/tasks/motd.yml b/roles/debian-base/tasks/motd.yml index a51f73b..486e705 100644 --- a/roles/debian-base/tasks/motd.yml +++ b/roles/debian-base/tasks/motd.yml @@ -2,6 +2,6 @@ copy: src: motd dest: /etc/update-motd.d/90-vn - mode: '755' + mode: u=rwx,g=rx,o=rx owner: root group: root diff --git a/roles/debian-base/tasks/profile.yml b/roles/debian-base/tasks/profile.yml index 7b02471..e8df993 100644 --- a/roles/debian-base/tasks/profile.yml +++ b/roles/debian-base/tasks/profile.yml @@ -2,6 +2,6 @@ copy: src: profile.sh dest: /etc/profile.d/vn.sh - mode: '644' + mode: u=rw,g=r,o=r owner: root group: root diff --git a/roles/debian-base/tasks/relayhost.yml b/roles/debian-base/tasks/relayhost.yml index 13c46f5..dc04fe1 100644 --- a/roles/debian-base/tasks/relayhost.yml +++ b/roles/debian-base/tasks/relayhost.yml @@ -17,7 +17,7 @@ dc_hide_mailname='true' state: present create: yes - mode: '0644' + mode: u=rw,g=r,o=r notify: update exim configuration register: exim_config - name: Force execution of handlers immediately diff --git a/roles/debian-base/tasks/resolv.yml b/roles/debian-base/tasks/resolv.yml index 60455c0..1ee5af7 100644 --- a/roles/debian-base/tasks/resolv.yml +++ b/roles/debian-base/tasks/resolv.yml @@ -17,6 +17,6 @@ dest: /etc/resolv.conf owner: root group: root - mode: '0644' + mode: u=rw,g=r,o=r backup: true when: not resolv_conf.stat.exists or not dns_configured diff --git a/roles/debian-base/tasks/ssh.yml b/roles/debian-base/tasks/ssh.yml index 2179974..0eb418d 100644 --- a/roles/debian-base/tasks/ssh.yml +++ b/roles/debian-base/tasks/ssh.yml @@ -6,16 +6,15 @@ register: new_pair - name: Configure sshd_config settings copy: - dest: /etc/ssh/sshd_config.d/custom.conf + dest: /etc/ssh/sshd_config.d/vn-custom.conf content: | # Do not edit this file! Ansible will overwrite it. ListenAddress 0.0.0.0 SyslogFacility AUTH - permitRootLogin yes owner: root group: root - mode: '0644' + mode: u=rw,g=r,o=r - name: Delete old host SSH keys file: path: "{{ item }}" diff --git a/roles/debian-base/tasks/timesync.yml b/roles/debian-base/tasks/timesync.yml index 103234f..57974cf 100644 --- a/roles/debian-base/tasks/timesync.yml +++ b/roles/debian-base/tasks/timesync.yml @@ -4,7 +4,7 @@ state: directory owner: root group: root - mode: '0755' + mode: u=rwx,g=rx,o=rx - name: Configure NTP settings in /etc/systemd/timesyncd.conf.d/vn-ntp.conf copy: dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf @@ -14,7 +14,7 @@ FallbackNTP={{ time_server_spain }} owner: root group: root - mode: '0644' + mode: u=rw,g=r,o=r notify: restart systemd-timesyncd - name: Ensure systemd-timesyncd service is enabled and started service: diff --git a/roles/debian-base/tasks/vim.yml b/roles/debian-base/tasks/vim.yml index d89ef6f..2d40113 100644 --- a/roles/debian-base/tasks/vim.yml +++ b/roles/debian-base/tasks/vim.yml @@ -6,6 +6,6 @@ copy: src: vimrc.local dest: /etc/vim/ - mode: '644' + mode: u=rw,g=r,o=r owner: root group: root \ No newline at end of file diff --git a/roles/debian-base/tasks/vn-repo.yml b/roles/debian-base/tasks/vn-repo.yml index c0fdfff..b8dc6b0 100644 --- a/roles/debian-base/tasks/vn-repo.yml +++ b/roles/debian-base/tasks/vn-repo.yml @@ -2,7 +2,7 @@ get_url: url: "{{ vn_host.url }}/{{ vn_host.package }}" dest: "/tmp/{{ vn_host.package }}" - mode: '0644' + mode: u=rw,g=r,o=r - name: Install package apt: deb: "/tmp/{{ vn_host.package }}" -- 2.40.1 From 43019754c4724e589fafac193be7a93fe3d400a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Mon, 14 Oct 2024 09:36:10 +0200 Subject: [PATCH 123/138] Refs #8025 Rol debian-base. ssh task - add notify to restart sshd when changes came. --- roles/debian-base/tasks/ssh.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/debian-base/tasks/ssh.yml b/roles/debian-base/tasks/ssh.yml index 0eb418d..d776420 100644 --- a/roles/debian-base/tasks/ssh.yml +++ b/roles/debian-base/tasks/ssh.yml @@ -15,6 +15,7 @@ owner: root group: root mode: u=rw,g=r,o=r + notify: restart sshd - name: Delete old host SSH keys file: path: "{{ item }}" -- 2.40.1 From 49c42b412793d9df01e3a0310d7b947684af0856 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Mon, 14 Oct 2024 12:10:28 +0200 Subject: [PATCH 124/138] Refs #8025 Rol debian-base. fail2ban task - Add email notification and whois report action for sshd in local jail. --- roles/debian-base/templates/jail.local | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/debian-base/templates/jail.local b/roles/debian-base/templates/jail.local index 0e4ef17..9c0cd5b 100644 --- a/roles/debian-base/templates/jail.local +++ b/roles/debian-base/templates/jail.local @@ -18,3 +18,4 @@ enabled = true port = 0:65535 filter = sshd logpath = {{ fail2ban.logpath }} +action = %(action_mwl)s \ No newline at end of file -- 2.40.1 From 684a298e03d32f2eae470b74142e7cbf752c2150 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Mon, 14 Oct 2024 13:53:36 +0200 Subject: [PATCH 125/138] Refs #8025 Rol debian-base. fail2ban task - ensure /var/log/auth exists before restarting Fail2ban for systemd exit code 0 --- roles/debian-base/handlers/main.yml | 2 +- roles/debian-base/tasks/fail2ban.yml | 9 ++++++++- roles/debian-base/templates/jail.local | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/roles/debian-base/handlers/main.yml b/roles/debian-base/handlers/main.yml index 6d3fab4..e2ee81e 100644 --- a/roles/debian-base/handlers/main.yml +++ b/roles/debian-base/handlers/main.yml @@ -6,7 +6,7 @@ systemd: name: ssh state: restarted -- name: restart-fail2ban +- name: restart fail2ban systemd: name: fail2ban state: restarted diff --git a/roles/debian-base/tasks/fail2ban.yml b/roles/debian-base/tasks/fail2ban.yml index a3ed3f1..33a8d67 100644 --- a/roles/debian-base/tasks/fail2ban.yml +++ b/roles/debian-base/tasks/fail2ban.yml @@ -9,4 +9,11 @@ owner: root group: root mode: u=rw,g=r,o=r - notify: restart-fail2ban + notify: restart fail2ban +- name: Ensure file for auth sshd custom log exists + file: + path: /var/log/auth.log + state: touch + owner: root + group: adm + mode: u=rw,g=r,o= diff --git a/roles/debian-base/templates/jail.local b/roles/debian-base/templates/jail.local index 9c0cd5b..69847a7 100644 --- a/roles/debian-base/templates/jail.local +++ b/roles/debian-base/templates/jail.local @@ -18,4 +18,4 @@ enabled = true port = 0:65535 filter = sshd logpath = {{ fail2ban.logpath }} -action = %(action_mwl)s \ No newline at end of file +action = %(action_mwl)s -- 2.40.1 From d141bc8a7565a5c472939ee1b79b7d5137d778e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Tue, 15 Oct 2024 12:24:26 +0200 Subject: [PATCH 126/138] Refs #8025 Role debian-base: Refactor vn-repo to ensure idempotency and enhance major Bacula task. --- inventories/group_vars/all.yml | 14 -------------- roles/debian-base/defaults/main.yaml | 16 ++++++++++++++++ roles/debian-base/tasks/bacula.yml | 22 ++++++++++++++++++---- roles/debian-base/tasks/main.yml | 4 ++++ roles/debian-base/tasks/vn-repo.yml | 11 +---------- roles/debian-base/templates/bacula-fd.conf | 4 ++-- roles/debian-base/templates/jail.local | 1 + 7 files changed, 42 insertions(+), 30 deletions(-) diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index 28f9649..d1b6a61 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -20,18 +20,4 @@ awx_pub_key: > ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzAwWm+IsqZCgMzjdZ7Do3xWtVtoUCpWJpH7KSi2a/H awx@verdnatura.es -base_packages: - - htop - - psmisc - - bash-completion - - screen - - aptitude - - tree - - btop - - ncdu - - debconf-utils - - net-tools -locales_present: - - en_US.UTF-8 - - es_ES.UTF-8 passbolt_folder: e0d517be-6783-4b97-9742-acaa9b09742f diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index f7f697f..ff6a7c7 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -12,8 +12,24 @@ fail2ban_base_packages: vn_host: url: http://apt.verdnatura.es/pool/main/v/vn-host package: vn-host_2.0.2_all.deb + name: vn-host time_server_spain: ntp.roa.es nagios_packages: - nagios-nrpe-server - nagios-plugins-contrib - monitoring-plugins-basic +base_packages: + - htop + - psmisc + - bash-completion + - screen + - aptitude + - tree + - btop + - ncdu + - debconf-utils + - net-tools +locales_present: + - en_US.UTF-8 + - es_ES.UTF-8 + diff --git a/roles/debian-base/tasks/bacula.yml b/roles/debian-base/tasks/bacula.yml index 2cfcb6d..2482ad4 100644 --- a/roles/debian-base/tasks/bacula.yml +++ b/roles/debian-base/tasks/bacula.yml @@ -2,19 +2,33 @@ apt: name: bacula-fd state: present -- name: Load Bacula default passwords +- name: Read content file in base64 slurp: src: /etc/bacula/common_default_passwords - register: bacula_passwords + register: file_content +- name: Going to text plane + set_fact: + file_content_decoded: "{{ file_content.content | b64decode }}" +- name: Extracting passwords + set_fact: + passwords: "{{ file_content_decoded.splitlines() | select('match', '^[^#]') | map('regex_replace', '^([^=]+)=(.+)$', '\\1:\\2') | list }}" +- name: Initialize password dictionary + set_fact: + bacula_passwords: {} +- name: Convert lines to individual variables generating a new dict + set_fact: + bacula_passwords: "{{ bacula_passwords | combine({item.split(':')[0].lower(): item.split(':')[1] | regex_replace('\\n$', '') }) }}" + loop: "{{ passwords }}" + when: "'FDPASSWD' in item or 'FDMPASSWD' in item" - name: Configure Bacula FD template: src: bacula-fd.conf dest: /etc/bacula/bacula-fd.conf owner: root group: bacula - mode: u=rw,g=r,o= + mode: '0640' backup: true - name: Restart Bacula FD service service: name: bacula-fd - state: restarted + state: restarted \ No newline at end of file diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml index 0228231..ca79ad2 100644 --- a/roles/debian-base/tasks/main.yml +++ b/roles/debian-base/tasks/main.yml @@ -24,3 +24,7 @@ tags: nrpe - import_tasks: fail2ban.yml tags: fail2ban +- import_tasks: bacula.yml + tags: bacula +- import_tasks: vn-repo.yml + tags: vn-repo diff --git a/roles/debian-base/tasks/vn-repo.yml b/roles/debian-base/tasks/vn-repo.yml index b8dc6b0..2c63da7 100644 --- a/roles/debian-base/tasks/vn-repo.yml +++ b/roles/debian-base/tasks/vn-repo.yml @@ -1,12 +1,3 @@ -- name: Download vn-host Debian package - get_url: - url: "{{ vn_host.url }}/{{ vn_host.package }}" - dest: "/tmp/{{ vn_host.package }}" - mode: u=rw,g=r,o=r - name: Install package apt: - deb: "/tmp/{{ vn_host.package }}" -- name: Delete package - file: - path: "/tmp/{{ vn_host.package }}" - state: absent + deb: "{{ vn_host.url }}/{{ vn_host.package }}" diff --git a/roles/debian-base/templates/bacula-fd.conf b/roles/debian-base/templates/bacula-fd.conf index e205166..0e2d00a 100644 --- a/roles/debian-base/templates/bacula-fd.conf +++ b/roles/debian-base/templates/bacula-fd.conf @@ -1,10 +1,10 @@ Director { Name = bacula-dir - Password = "{{ FDPASSWD }}" + Password = "{{ bacula_passwords.fdpasswd }}" } Director { Name = bacula-mon - Password = "{{ FDMPASSWD }}" + Password = "{{ bacula_passwords.fdmpasswd }}" Monitor = yes } FileDaemon { diff --git a/roles/debian-base/templates/jail.local b/roles/debian-base/templates/jail.local index 69847a7..d3840df 100644 --- a/roles/debian-base/templates/jail.local +++ b/roles/debian-base/templates/jail.local @@ -14,6 +14,7 @@ action = %(action_)s #+++++++++++++++ Jails [sshd] +ignoreip = 127.0.0.1/8 enabled = true port = 0:65535 filter = sshd -- 2.40.1 From 6e0d940cc0c152853934dade45750c1e17ee6899 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Tue, 15 Oct 2024 12:28:15 +0200 Subject: [PATCH 127/138] Refs #8025 Role debian-base: Fail2ban task add register to do last step when jail.local changes --- roles/debian-base/tasks/fail2ban.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/debian-base/tasks/fail2ban.yml b/roles/debian-base/tasks/fail2ban.yml index 33a8d67..2b84b89 100644 --- a/roles/debian-base/tasks/fail2ban.yml +++ b/roles/debian-base/tasks/fail2ban.yml @@ -10,6 +10,7 @@ group: root mode: u=rw,g=r,o=r notify: restart fail2ban + register: jail - name: Ensure file for auth sshd custom log exists file: path: /var/log/auth.log @@ -17,3 +18,4 @@ owner: root group: adm mode: u=rw,g=r,o= + when: jail.changed -- 2.40.1 From 944e91071a6c595886764cbb649e026ae3908d2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Tue, 15 Oct 2024 13:40:10 +0200 Subject: [PATCH 128/138] Refs #8025 Role debian-base: task bacula. Copy pub cert. --- roles/debian-base/files/master-cert.pem | 23 +++++++++++++++++++++++ roles/debian-base/tasks/bacula.yml | 9 ++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 roles/debian-base/files/master-cert.pem diff --git a/roles/debian-base/files/master-cert.pem b/roles/debian-base/files/master-cert.pem new file mode 100644 index 0000000..570b2bd --- /dev/null +++ b/roles/debian-base/files/master-cert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID6zCCAtOgAwIBAgIUDwR1QkWYb73hAeNnphytR1tGE0swDQYJKoZIhvcNAQEL +BQAwgYQxCzAJBgNVBAYTAkVTMQ4wDAYDVQQIDAVTcGFpbjERMA8GA1UEBwwIVmFs +ZW5jaWExHjAcBgNVBAoMFVZlcmRuYXR1cmEgTGV2YW50ZSBTTDETMBEGA1UECwwK +TWFzdGVyIEtleTEdMBsGA1UEAwwUYmFjdWxhLnZlcmRuYXR1cmEuZXMwHhcNMjMx +MDAxMTc1MzQyWhcNMzMwOTI4MTc1MzQyWjCBhDELMAkGA1UEBhMCRVMxDjAMBgNV +BAgMBVNwYWluMREwDwYDVQQHDAhWYWxlbmNpYTEeMBwGA1UECgwVVmVyZG5hdHVy +YSBMZXZhbnRlIFNMMRMwEQYDVQQLDApNYXN0ZXIgS2V5MR0wGwYDVQQDDBRiYWN1 +bGEudmVyZG5hdHVyYS5lczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AJr2D9thvNVxmMyNO8wvFYZJeWLyc8RcNfjiKaY53RadMgXgsiAl4BlSNxc9ngqA +2z7ef4SK50pU9Pl6w1Ljua4lFnZqW9Ow6J9nT6wbdkkuilVoao+0wZBQCX19ToJg +LtgJ00KU2SH7KCi+mYdEY1oW/BsZy+QTJ6HYbOOjb/yISUp4crGE5h+vph1tyhC1 +Vfj17wACmFjtZ52cQMWyQRT3kSrxTp4Y+xAsFUE9lTQaoBQ5XcRO5tmDnxEVKZIR +B5ZNatpY8em4CFUQ2B+9XPoXYY3KAzAh8U7fEqcZQ8x44LTVZjHvjXOlHwrcgYoh +P0Rbtv7uRbGBn9EviFW6lrUCAwEAAaNTMFEwHQYDVR0OBBYEFM1UYUBPXj82hm+W +UCXVSisi4bv6MB8GA1UdIwQYMBaAFM1UYUBPXj82hm+WUCXVSisi4bv6MA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC2gpGcsT2v2OfdxMaL9oI+B +EqHPrNM4UblRCyLF21JCEhYg3Ow9lseO3ObMz/cOJGsMgrvipUgxUNDuS+DpyG5E +tKO6895t30TIjICm9udVTyNzC3SyyP/kojNqA9mU8QU+fRdale+ruAJ/A0nbmP/v +uETeqHg49PfH98ce2pMpIiIm+UyvLDjH6KMcnt7KlxtSMxAD9ihK19M7m0CKL3PL +iNu7ZG2Ke7ai4wkIKiUpugWK/f2bXNY36/HJeoN9cKrfVQzh6jsoplj5qc7GtzQK +vbLOVOOXArPis1naT1aW5s/At2NaNpA3a9HjauzZgfIiU+ekIWEccU0OyRGxCGA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/roles/debian-base/tasks/bacula.yml b/roles/debian-base/tasks/bacula.yml index 2482ad4..b4a5a65 100644 --- a/roles/debian-base/tasks/bacula.yml +++ b/roles/debian-base/tasks/bacula.yml @@ -26,8 +26,15 @@ dest: /etc/bacula/bacula-fd.conf owner: root group: bacula - mode: '0640' + mode: u=rw,g=r,o= backup: true +- name: Configure master cert + copy: + src: master-cert.pem + dest: /etc/bacula/master-cert.pem + owner: root + group: root + mode: u=rw,g=r,o=r - name: Restart Bacula FD service service: name: bacula-fd -- 2.40.1 From 070c526ce2548db4f0ede40bf42c8d956187b6a4 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 15 Oct 2024 14:50:12 +0200 Subject: [PATCH 129/138] refs #8025 Inventories removed, license added --- LICENSE | 17 +++++++ README.md | 3 +- inventories/core | 31 ------------- inventories/group_vars/all.yml | 30 ++++++------- inventories/lab | 38 ---------------- inventories/servers | 81 ---------------------------------- inventories/template | 20 +++++++++ 7 files changed, 54 insertions(+), 166 deletions(-) create mode 100644 LICENSE delete mode 100644 inventories/core delete mode 100644 inventories/lab delete mode 100644 inventories/servers create mode 100644 inventories/template diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..5e558e2 --- /dev/null +++ b/LICENSE @@ -0,0 +1,17 @@ +Copyright (C) 2020 - Verdnatura Levante S.L. + +This package is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . + +On Debian systems, the complete text of the GNU General Public +License can be found in "/usr/share/common-licenses/GPL-3". diff --git a/README.md b/README.md index 821cd29..e90fcfa 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,8 @@ ansible-galaxy collection install -r collections/requirements.yml Before merging changes into protected branches, playbooks should be tested locally to ensure they work properly. The *inventories/local* inventory is not -uploaded to the repository and can be used for local testing. +uploaded to the repository and can be used for local testing. In any case, it +is advisable to use a different repository to store inventories. Run playbook on inventory host. ``` diff --git a/inventories/core b/inventories/core deleted file mode 100644 index 070b7f6..0000000 --- a/inventories/core +++ /dev/null @@ -1,31 +0,0 @@ -[all:vars] -host_domain=core.dc.verdnatura.es - -[backup:vars] -host_domain=backup.dc.verdnatura.es - -[ceph] -ceph[1:3] - -[ceph_gw] -ceph-gw[1:2] - -[pve] -pve[01:05] - -[infra:children] -ceph -ceph_gw -pve - -[core] -core-agent -core-proxy - -[backup] -bacula-dir -bacula-db -bacularis -backup-nas -tftp -kube-backup diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index f98b825..5a3dad5 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -2,23 +2,23 @@ hostname_fqdn: "{{inventory_hostname_short}}.{{host_domain}}" ansible_host: "{{hostname_fqdn}}" passbolt: 'anatomicjc.passbolt.passbolt' passbolt_inventory: 'anatomicjc.passbolt.passbolt_inventory' -sysadmin_mail: sysadmin@verdnatura.es +sysadmin_mail: sysadmin@domain.local sysadmin_group: sysadmin -smtp_server: smtp.verdnatura.es -homes_server: homes.servers.dc.verdnatura.es -nagios_server: nagios.verdnatura.es -time_server: time1.verdnatura.es time2.verdnatura.es -main_dns_server: ns1.verdnatura.es -ldap_uri: ldap://ldap.verdnatura.es -ldap_base: dc=verdnatura,dc=es +smtp_server: smtp.domain.local +homes_server: homes.domain.local +nagios_server: nagios.domain.local +time_server: time1.domain.local time2.domain.local +main_dns_server: ns1.domain.local +ldap_uri: ldap://ldap.domain.local +ldap_base: dc=domain,dc=local dc_net: "10.0.0.0/16" -resolv_domain: verdnatura.es +resolv_domain: domain.local resolvers: - - '10.0.0.4' - - '10.0.0.5' -awx_email: awx@verdnatura.es + - '8.8.8.8' + - '8.8.4.4' +awx_email: awx@domain.local awx_pub_key: > ssh-ed25519 - AAAAC3NzaC1lZDI1NTE5AAAAIKzAwWm+IsqZCgMzjdZ7Do3xWtVtoUCpWJpH7KSi2a/H - awx@verdnatura.es -passbolt_folder: e0d517be-6783-4b97-9742-acaa9b09742f + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + awx@domain.local +passbolt_folder: 00000000-0000-0000-0000-000000000000 diff --git a/inventories/lab b/inventories/lab deleted file mode 100644 index 1bcf480..0000000 --- a/inventories/lab +++ /dev/null @@ -1,38 +0,0 @@ -[all:vars] -host_domain=lab.verdnatura.es - -[cephlab] -cephlab[01:03] - -[pvelab] -pvelab[01:03] - -[infra:children] -cephlab -pvelab - -[cephtest] -cephtest[01:03] - -[kubepre] -kubepre-helm -kubepre-proxy1 -kubepre-master[1:3] -kubepre-worker[1:4] - -[kubetest] -kubetest-helm -kubetest-master[01:03] -kubetest-worker[01:04] - -[laboratory] -ansible-test -corelab-proxy1 -zammad -matrix - -[guest:children] -cephtest -kubepre -kubetest -laboratory diff --git a/inventories/servers b/inventories/servers deleted file mode 100644 index c8fe2ad..0000000 --- a/inventories/servers +++ /dev/null @@ -1,81 +0,0 @@ -[all:vars] -host_domain=servers.dc.verdnatura.es - -[kube_master] -kube-master[1:5] - -[kube_worker] -kube-worker[1:5] - -[kube_proxy] -kube-proxy[1:2] - -[kube_helper] -kube-helm - -[kubernetes:children] -kube_master -kube_worker -kube_proxy -kube_helper - -[ad] -dc[1:2] -server - -[db] -db-proxy[1:2] -db[1:2] - -[ldap] -ldap-proxy[1:2] -ldap[1:3] - -[mail] -dovecot -mailgw[1:2] -postfix -spamd -spamd-db - -[monitoring] -cacti -logger -nagios -nagiosql-db -librenms - -[network] -dhcp[1:2] -ns[1:2] -unifi -vpn -time[1:2] - -[princ] -pbx -homes -doku -iventoy - -[rds] -ts-proxy[1:2] -profiles - -[test] -test-db1 -test-db-proxy[1:2] -monthly-db -dev-db - -[guest:children] -ad -db -kubernetes -ldap -mail -monitoring -network -princ -rds -test diff --git a/inventories/template b/inventories/template new file mode 100644 index 0000000..a1680ce --- /dev/null +++ b/inventories/template @@ -0,0 +1,20 @@ +[all:vars] +host_domain=domain.local + +[pve:vars] +host_domain=core.domain.local + +[ceph] +ceph[1:3] + +[pve] +pve[1:5] + +[infra:children] +ceph +pve + +[servers] +server1 ansible_host=10.0.0.1 +server1 ansible_host=10.0.0.2 +server3 ansible_host=10.0.0.3 -- 2.40.1 From ce7f8503f15b7cb3148cfeef2e254e5126758c79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Tue, 15 Oct 2024 15:28:06 +0200 Subject: [PATCH 130/138] Refs #8025 - Rol debian-base: Refactor Bacula task to manage certs from a variable - your live in a variable way. --- roles/debian-base/defaults/main.yaml | 26 ++++++++++++++++++++++++- roles/debian-base/files/master-cert.pem | 23 ---------------------- roles/debian-base/tasks/bacula.yml | 9 ++++++++- 3 files changed, 33 insertions(+), 25 deletions(-) delete mode 100644 roles/debian-base/files/master-cert.pem diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index ff6a7c7..85f86af 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -32,4 +32,28 @@ base_packages: locales_present: - en_US.UTF-8 - es_ES.UTF-8 - +master_cert_content: | + -----BEGIN CERTIFICATE----- + MIID6zCCAtOgAwIBAgIUDwR1QkWYb73hAeNnphytR1tGE0swDQYJKoZIhvcNAQEL + BQAwgYQxCzAJBgNVBAYTAkVTMQ4wDAYDVQQIDAVTcGFpbjERMA8GA1UEBwwIVmFs + ZW5jaWExHjAcBgNVBAoMFVZlcmRuYXR1cmEgTGV2YW50ZSBTTDETMBEGA1UECwwK + TWFzdGVyIEtleTEdMBsGA1UEAwwUYmFjdWxhLnZlcmRuYXR1cmEuZXMwHhcNMjMx + MDAxMTc1MzQyWhcNMzMwOTI4MTc1MzQyWjCBhDELMAkGA1UEBhMCRVMxDjAMBgNV + BAgMBVNwYWluMREwDwYDVQQHDAhWYWxlbmNpYTEeMBwGA1UECgwVVmVyZG5hdHVy + YSBMZXZhbnRlIFNMMRMwEQYDVQQLDApNYXN0ZXIgS2V5MR0wGwYDVQQDDBRiYWN1 + bGEudmVyZG5hdHVyYS5lczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB + AJr2D9thvNVxmMyNO8wvFYZJeWLyc8RcNfjiKaY53RadMgXgsiAl4BlSNxc9ngqA + 2z7ef4SK50pU9Pl6w1Ljua4lFnZqW9Ow6J9nT6wbdkkuilVoao+0wZBQCX19ToJg + LtgJ00KU2SH7KCi+mYdEY1oW/BsZy+QTJ6HYbOOjb/yISUp4crGE5h+vph1tyhC1 + Vfj17wACmFjtZ52cQMWyQRT3kSrxTp4Y+xAsFUE9lTQaoBQ5XcRO5tmDnxEVKZIR + B5ZNatpY8em4CFUQ2B+9XPoXYY3KAzAh8U7fEqcZQ8x44LTVZjHvjXOlHwrcgYoh + P0Rbtv7uRbGBn9EviFW6lrUCAwEAAaNTMFEwHQYDVR0OBBYEFM1UYUBPXj82hm+W + UCXVSisi4bv6MB8GA1UdIwQYMBaAFM1UYUBPXj82hm+WUCXVSisi4bv6MA8GA1Ud + EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC2gpGcsT2v2OfdxMaL9oI+B + EqHPrNM4UblRCyLF21JCEhYg3Ow9lseO3ObMz/cOJGsMgrvipUgxUNDuS+DpyG5E + tKO6895t30TIjICm9udVTyNzC3SyyP/kojNqA9mU8QU+fRdale+ruAJ/A0nbmP/v + uETeqHg49PfH98ce2pMpIiIm+UyvLDjH6KMcnt7KlxtSMxAD9ihK19M7m0CKL3PL + iNu7ZG2Ke7ai4wkIKiUpugWK/f2bXNY36/HJeoN9cKrfVQzh6jsoplj5qc7GtzQK + vbLOVOOXArPis1naT1aW5s/At2NaNpA3a9HjauzZgfIiU+ekIWEccU0OyRGxCGA= + -----END CERTIFICATE----- +private_key_content: "{{ lookup(passbolt, 'fd-cert.pem', folder_parent_id=passbolt_folder).description }}" diff --git a/roles/debian-base/files/master-cert.pem b/roles/debian-base/files/master-cert.pem deleted file mode 100644 index 570b2bd..0000000 --- a/roles/debian-base/files/master-cert.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID6zCCAtOgAwIBAgIUDwR1QkWYb73hAeNnphytR1tGE0swDQYJKoZIhvcNAQEL -BQAwgYQxCzAJBgNVBAYTAkVTMQ4wDAYDVQQIDAVTcGFpbjERMA8GA1UEBwwIVmFs -ZW5jaWExHjAcBgNVBAoMFVZlcmRuYXR1cmEgTGV2YW50ZSBTTDETMBEGA1UECwwK -TWFzdGVyIEtleTEdMBsGA1UEAwwUYmFjdWxhLnZlcmRuYXR1cmEuZXMwHhcNMjMx -MDAxMTc1MzQyWhcNMzMwOTI4MTc1MzQyWjCBhDELMAkGA1UEBhMCRVMxDjAMBgNV -BAgMBVNwYWluMREwDwYDVQQHDAhWYWxlbmNpYTEeMBwGA1UECgwVVmVyZG5hdHVy -YSBMZXZhbnRlIFNMMRMwEQYDVQQLDApNYXN0ZXIgS2V5MR0wGwYDVQQDDBRiYWN1 -bGEudmVyZG5hdHVyYS5lczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AJr2D9thvNVxmMyNO8wvFYZJeWLyc8RcNfjiKaY53RadMgXgsiAl4BlSNxc9ngqA -2z7ef4SK50pU9Pl6w1Ljua4lFnZqW9Ow6J9nT6wbdkkuilVoao+0wZBQCX19ToJg -LtgJ00KU2SH7KCi+mYdEY1oW/BsZy+QTJ6HYbOOjb/yISUp4crGE5h+vph1tyhC1 -Vfj17wACmFjtZ52cQMWyQRT3kSrxTp4Y+xAsFUE9lTQaoBQ5XcRO5tmDnxEVKZIR -B5ZNatpY8em4CFUQ2B+9XPoXYY3KAzAh8U7fEqcZQ8x44LTVZjHvjXOlHwrcgYoh -P0Rbtv7uRbGBn9EviFW6lrUCAwEAAaNTMFEwHQYDVR0OBBYEFM1UYUBPXj82hm+W -UCXVSisi4bv6MB8GA1UdIwQYMBaAFM1UYUBPXj82hm+WUCXVSisi4bv6MA8GA1Ud -EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC2gpGcsT2v2OfdxMaL9oI+B -EqHPrNM4UblRCyLF21JCEhYg3Ow9lseO3ObMz/cOJGsMgrvipUgxUNDuS+DpyG5E -tKO6895t30TIjICm9udVTyNzC3SyyP/kojNqA9mU8QU+fRdale+ruAJ/A0nbmP/v -uETeqHg49PfH98ce2pMpIiIm+UyvLDjH6KMcnt7KlxtSMxAD9ihK19M7m0CKL3PL -iNu7ZG2Ke7ai4wkIKiUpugWK/f2bXNY36/HJeoN9cKrfVQzh6jsoplj5qc7GtzQK -vbLOVOOXArPis1naT1aW5s/At2NaNpA3a9HjauzZgfIiU+ekIWEccU0OyRGxCGA= ------END CERTIFICATE----- \ No newline at end of file diff --git a/roles/debian-base/tasks/bacula.yml b/roles/debian-base/tasks/bacula.yml index b4a5a65..542da9f 100644 --- a/roles/debian-base/tasks/bacula.yml +++ b/roles/debian-base/tasks/bacula.yml @@ -30,11 +30,18 @@ backup: true - name: Configure master cert copy: - src: master-cert.pem + content: "{{ master_cert_content }}" dest: /etc/bacula/master-cert.pem owner: root group: root mode: u=rw,g=r,o=r +- name: Configure master cert + copy: + content: "{{ private_key_content }}" + dest: /etc/bacula/fd-cert.pem + owner: root + group: bacula + mode: u=rw,g=r,o= - name: Restart Bacula FD service service: name: bacula-fd -- 2.40.1 From 72e30fa6061e1a82d73aa8cc0b0fc52956a3b1db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Tue, 15 Oct 2024 15:58:24 +0200 Subject: [PATCH 131/138] =?UTF-8?q?Refs=20#8025=20Rol=20debian-base.=20bac?= =?UTF-8?q?ula=20task=20-=20don=C2=B4t=20restart=20if=20no=20changes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/debian-base/tasks/bacula.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/debian-base/tasks/bacula.yml b/roles/debian-base/tasks/bacula.yml index 542da9f..64ddc9d 100644 --- a/roles/debian-base/tasks/bacula.yml +++ b/roles/debian-base/tasks/bacula.yml @@ -28,6 +28,7 @@ group: bacula mode: u=rw,g=r,o= backup: true + register: bacula_config - name: Configure master cert copy: content: "{{ master_cert_content }}" @@ -45,4 +46,5 @@ - name: Restart Bacula FD service service: name: bacula-fd - state: restarted \ No newline at end of file + state: restarted + when: bacula_config.changed \ No newline at end of file -- 2.40.1 From 4ac86abe43a7426d088428454db7263ff106bcc1 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 16 Oct 2024 09:21:54 +0200 Subject: [PATCH 132/138] refs #8025 License date fix --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 5e558e2..7002558 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (C) 2020 - Verdnatura Levante S.L. +Copyright (C) 2024 - Verdnatura Levante S.L. This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- 2.40.1 From 921e3538cd61388339f9ae9bdd6b39b8a8885570 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Wed, 16 Oct 2024 14:04:55 +0200 Subject: [PATCH 133/138] Refs #8025 Rol debian-base&guest. ssh task - unify generate SSH key pairs. Add witness task to control initial setup. Separate conf ssh files for failban & ssh task. Remove handler that uses shell, no need it for pam update. --- roles/debian-base/defaults/main.yaml | 1 + roles/debian-base/tasks/fail2ban.yml | 11 +++++++++ roles/debian-base/tasks/main.yml | 2 ++ roles/debian-base/tasks/ssh.yml | 34 ++++++++++++---------------- roles/debian-base/tasks/witness.yml | 12 ++++++++++ roles/debian-guest/handlers/main.yml | 2 -- roles/debian-guest/tasks/auth.yml | 2 +- 7 files changed, 41 insertions(+), 23 deletions(-) create mode 100644 roles/debian-base/tasks/witness.yml diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index 85f86af..b31ba85 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -57,3 +57,4 @@ master_cert_content: | vbLOVOOXArPis1naT1aW5s/At2NaNpA3a9HjauzZgfIiU+ekIWEccU0OyRGxCGA= -----END CERTIFICATE----- private_key_content: "{{ lookup(passbolt, 'fd-cert.pem', folder_parent_id=passbolt_folder).description }}" +vn_witness: false diff --git a/roles/debian-base/tasks/fail2ban.yml b/roles/debian-base/tasks/fail2ban.yml index 2b84b89..b0123d3 100644 --- a/roles/debian-base/tasks/fail2ban.yml +++ b/roles/debian-base/tasks/fail2ban.yml @@ -2,6 +2,17 @@ apt: name: "{{ fail2ban_base_packages }}" state: present +- name: Configure sshd_config settings + copy: + dest: /etc/ssh/sshd_config.d/vn-fail2ban.conf + content: | + # Do not edit this file! Ansible will overwrite it. + + SyslogFacility AUTH + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart sshd - name: Configure fail2ban service template: src: jail.local diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml index ca79ad2..4db5680 100644 --- a/roles/debian-base/tasks/main.yml +++ b/roles/debian-base/tasks/main.yml @@ -1,3 +1,5 @@ +- import_tasks: witness.yml + tags: witness - import_tasks: resolv.yml tags: resolv - import_tasks: timesync.yml diff --git a/roles/debian-base/tasks/ssh.yml b/roles/debian-base/tasks/ssh.yml index d776420..442fc15 100644 --- a/roles/debian-base/tasks/ssh.yml +++ b/roles/debian-base/tasks/ssh.yml @@ -1,29 +1,23 @@ -- name: Generate a new SSH key pair +- name: Generate SSH key pairs openssh_keypair: - path: /etc/ssh/ssh_host_rsa_key - type: rsa - size: 4096 - register: new_pair + path: "/etc/ssh/ssh_host_{{ item.type }}_key" + type: "{{ item.type }}" + force: yes + when: vn_witness + loop: + - { type: 'rsa' } + - { type: 'ecdsa' } + - { type: 'ed25519' } + register: new_pairs + notify: restart sshd - name: Configure sshd_config settings copy: - dest: /etc/ssh/sshd_config.d/vn-custom.conf + dest: /etc/ssh/sshd_config.d/vn-listenipv4.conf content: | # Do not edit this file! Ansible will overwrite it. - + ListenAddress 0.0.0.0 - SyslogFacility AUTH owner: root group: root mode: u=rw,g=r,o=r - notify: restart sshd -- name: Delete old host SSH keys - file: - path: "{{ item }}" - state: absent - with_items: - - /etc/ssh/ssh_host_ecdsa_key - - /etc/ssh/ssh_host_ecdsa_key.pub - - /etc/ssh/ssh_host_ed25519_key - - /etc/ssh/ssh_host_ed25519_key.pub - when: new_pair is succeeded - notify: restart sshd + notify: restart sshd \ No newline at end of file diff --git a/roles/debian-base/tasks/witness.yml b/roles/debian-base/tasks/witness.yml new file mode 100644 index 0000000..26129d8 --- /dev/null +++ b/roles/debian-base/tasks/witness.yml @@ -0,0 +1,12 @@ +- name: Check if witness have been generated + stat: + path: /etc/vn.witness + register: keys_generated_marker +- name: Generate variable if not exists + set_fact: + vn_witness: "{{ not keys_generated_marker.stat.exists }}" +- name: Create marker file to indicate vn happends + file: + path: /etc/vn.witness + state: touch + when: vn_witness \ No newline at end of file diff --git a/roles/debian-guest/handlers/main.yml b/roles/debian-guest/handlers/main.yml index 1764d05..2da7a1c 100644 --- a/roles/debian-guest/handlers/main.yml +++ b/roles/debian-guest/handlers/main.yml @@ -2,5 +2,3 @@ service: name: nslcd state: restarted -- name: pam-update-ldap - shell: pam-auth-update --enable ldap diff --git a/roles/debian-guest/tasks/auth.yml b/roles/debian-guest/tasks/auth.yml index 7930b91..62506be 100644 --- a/roles/debian-guest/tasks/auth.yml +++ b/roles/debian-guest/tasks/auth.yml @@ -11,7 +11,7 @@ mode: '0640' notify: - restart-nslcd - - pam-update-ldap + register: nslcd - name: Configure nsswitch to use NSLCD lineinfile: dest: /etc/nsswitch.conf -- 2.40.1 From ddfa6cdef95f0a9e17e5f298dbb413fd593f9bc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Wed, 16 Oct 2024 14:12:48 +0200 Subject: [PATCH 134/138] Refs #8025 Rol debian-bas. ssh task - remove no necessary register --- roles/debian-base/tasks/ssh.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/debian-base/tasks/ssh.yml b/roles/debian-base/tasks/ssh.yml index 442fc15..da7bca2 100644 --- a/roles/debian-base/tasks/ssh.yml +++ b/roles/debian-base/tasks/ssh.yml @@ -8,7 +8,6 @@ - { type: 'rsa' } - { type: 'ecdsa' } - { type: 'ed25519' } - register: new_pairs notify: restart sshd - name: Configure sshd_config settings copy: -- 2.40.1 From 93b51f522e2575d43b19eb2ba8b6a7514ff3ab49 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 16 Oct 2024 16:02:37 +0200 Subject: [PATCH 135/138] refs #8025 Disable deprecation warnings --- ansible.cfg | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible.cfg b/ansible.cfg index c4aa65a..71a9166 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -5,6 +5,7 @@ roles_path = ./roles inventory = ./inventories/lab gathering = smart interpreter_python = auto_silent +deprecation_warnings = False [privilege_escalation] become = True -- 2.40.1 From 39c493c306efd683bf1cbf1d36751324328671e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Wed, 16 Oct 2024 16:18:22 +0200 Subject: [PATCH 136/138] Refs #8025 Rol debian-bas. bacula task - Configure master cert directly to passbolt without global variable --- roles/debian-base/defaults/main.yaml | 1 - roles/debian-base/tasks/bacula.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index b31ba85..c9428f9 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -56,5 +56,4 @@ master_cert_content: | iNu7ZG2Ke7ai4wkIKiUpugWK/f2bXNY36/HJeoN9cKrfVQzh6jsoplj5qc7GtzQK vbLOVOOXArPis1naT1aW5s/At2NaNpA3a9HjauzZgfIiU+ekIWEccU0OyRGxCGA= -----END CERTIFICATE----- -private_key_content: "{{ lookup(passbolt, 'fd-cert.pem', folder_parent_id=passbolt_folder).description }}" vn_witness: false diff --git a/roles/debian-base/tasks/bacula.yml b/roles/debian-base/tasks/bacula.yml index 64ddc9d..c42026c 100644 --- a/roles/debian-base/tasks/bacula.yml +++ b/roles/debian-base/tasks/bacula.yml @@ -38,7 +38,7 @@ mode: u=rw,g=r,o=r - name: Configure master cert copy: - content: "{{ private_key_content }}" + content: "{{ lookup(passbolt, 'fd-cert.pem', folder_parent_id=passbolt_folder).description }}" dest: /etc/bacula/fd-cert.pem owner: root group: bacula -- 2.40.1 From 0864b8a2f52e841f0e9898f8be41c192a5a5784e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Wed, 16 Oct 2024 16:29:41 +0200 Subject: [PATCH 137/138] Refs #8025 Rol debian-bas. nrpe task - add server_address={{ ansible_default_ipv4.address }} to 90-vn.cfg --- roles/debian-base/tasks/nrpe.yml | 7 +------ roles/debian-base/templates/nrpe.cfg | 1 + 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/roles/debian-base/tasks/nrpe.yml b/roles/debian-base/tasks/nrpe.yml index d5e98a1..b0aaf5e 100644 --- a/roles/debian-base/tasks/nrpe.yml +++ b/roles/debian-base/tasks/nrpe.yml @@ -10,6 +10,7 @@ owner: root group: root mode: u=rw,g=r,o=r + notify: restart-nrpe - name: Create NRPE local configuration file file: path: /etc/nagios/nrpe.d/99-local.cfg @@ -19,9 +20,3 @@ mode: u=rw,g=r,o= modification_time: preserve access_time: preserve -- name: Configure nrpe.cfg to bind ipv4 - lineinfile: - path: /etc/nagios/nrpe.cfg - regexp: '^#server_address=127.0.0.1' - line: 'server_address={{ ansible_default_ipv4.address }}' - notify: restart-nrpe \ No newline at end of file diff --git a/roles/debian-base/templates/nrpe.cfg b/roles/debian-base/templates/nrpe.cfg index 7efab1f..99329fd 100644 --- a/roles/debian-base/templates/nrpe.cfg +++ b/roles/debian-base/templates/nrpe.cfg @@ -1,4 +1,5 @@ allowed_hosts={{ nagios_server }} +server_address={{ ansible_default_ipv4.address }} command[check_disk_root]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p / command[check_disk_var]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p /var -- 2.40.1 From 2fa6db793cf1439356eff94c858a7b25f0a879b2 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 16 Oct 2024 16:59:30 +0200 Subject: [PATCH 138/138] refs #8025 gitignore duplication removed, vars moved to inventory --- .gitignore | 1 - roles/debian-base/defaults/main.yaml | 30 +--------------------------- roles/debian-base/tasks/bacula.yml | 2 +- roles/debian-base/tasks/ssh.yml | 2 +- roles/debian-base/tasks/vim.yml | 2 +- roles/debian-base/tasks/vn-repo.yml | 2 +- roles/debian-base/tasks/witness.yml | 2 +- 7 files changed, 6 insertions(+), 35 deletions(-) diff --git a/.gitignore b/.gitignore index bf83407..f71c7f0 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,3 @@ .passbolt.yml inventories/local venv -inventories/local diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index c9428f9..ca32537 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -1,3 +1,4 @@ +vn_witness: false default_user: user root_password: Pa$$w0rd fail2ban: @@ -9,10 +10,6 @@ fail2ban: fail2ban_base_packages: - fail2ban - rsyslog -vn_host: - url: http://apt.verdnatura.es/pool/main/v/vn-host - package: vn-host_2.0.2_all.deb - name: vn-host time_server_spain: ntp.roa.es nagios_packages: - nagios-nrpe-server @@ -32,28 +29,3 @@ base_packages: locales_present: - en_US.UTF-8 - es_ES.UTF-8 -master_cert_content: | - -----BEGIN CERTIFICATE----- - MIID6zCCAtOgAwIBAgIUDwR1QkWYb73hAeNnphytR1tGE0swDQYJKoZIhvcNAQEL - BQAwgYQxCzAJBgNVBAYTAkVTMQ4wDAYDVQQIDAVTcGFpbjERMA8GA1UEBwwIVmFs - ZW5jaWExHjAcBgNVBAoMFVZlcmRuYXR1cmEgTGV2YW50ZSBTTDETMBEGA1UECwwK - TWFzdGVyIEtleTEdMBsGA1UEAwwUYmFjdWxhLnZlcmRuYXR1cmEuZXMwHhcNMjMx - MDAxMTc1MzQyWhcNMzMwOTI4MTc1MzQyWjCBhDELMAkGA1UEBhMCRVMxDjAMBgNV - BAgMBVNwYWluMREwDwYDVQQHDAhWYWxlbmNpYTEeMBwGA1UECgwVVmVyZG5hdHVy - YSBMZXZhbnRlIFNMMRMwEQYDVQQLDApNYXN0ZXIgS2V5MR0wGwYDVQQDDBRiYWN1 - bGEudmVyZG5hdHVyYS5lczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB - AJr2D9thvNVxmMyNO8wvFYZJeWLyc8RcNfjiKaY53RadMgXgsiAl4BlSNxc9ngqA - 2z7ef4SK50pU9Pl6w1Ljua4lFnZqW9Ow6J9nT6wbdkkuilVoao+0wZBQCX19ToJg - LtgJ00KU2SH7KCi+mYdEY1oW/BsZy+QTJ6HYbOOjb/yISUp4crGE5h+vph1tyhC1 - Vfj17wACmFjtZ52cQMWyQRT3kSrxTp4Y+xAsFUE9lTQaoBQ5XcRO5tmDnxEVKZIR - B5ZNatpY8em4CFUQ2B+9XPoXYY3KAzAh8U7fEqcZQ8x44LTVZjHvjXOlHwrcgYoh - P0Rbtv7uRbGBn9EviFW6lrUCAwEAAaNTMFEwHQYDVR0OBBYEFM1UYUBPXj82hm+W - UCXVSisi4bv6MB8GA1UdIwQYMBaAFM1UYUBPXj82hm+WUCXVSisi4bv6MA8GA1Ud - EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC2gpGcsT2v2OfdxMaL9oI+B - EqHPrNM4UblRCyLF21JCEhYg3Ow9lseO3ObMz/cOJGsMgrvipUgxUNDuS+DpyG5E - tKO6895t30TIjICm9udVTyNzC3SyyP/kojNqA9mU8QU+fRdale+ruAJ/A0nbmP/v - uETeqHg49PfH98ce2pMpIiIm+UyvLDjH6KMcnt7KlxtSMxAD9ihK19M7m0CKL3PL - iNu7ZG2Ke7ai4wkIKiUpugWK/f2bXNY36/HJeoN9cKrfVQzh6jsoplj5qc7GtzQK - vbLOVOOXArPis1naT1aW5s/At2NaNpA3a9HjauzZgfIiU+ekIWEccU0OyRGxCGA= - -----END CERTIFICATE----- -vn_witness: false diff --git a/roles/debian-base/tasks/bacula.yml b/roles/debian-base/tasks/bacula.yml index c42026c..de9a3b4 100644 --- a/roles/debian-base/tasks/bacula.yml +++ b/roles/debian-base/tasks/bacula.yml @@ -47,4 +47,4 @@ service: name: bacula-fd state: restarted - when: bacula_config.changed \ No newline at end of file + when: bacula_config.changed diff --git a/roles/debian-base/tasks/ssh.yml b/roles/debian-base/tasks/ssh.yml index da7bca2..7afa54a 100644 --- a/roles/debian-base/tasks/ssh.yml +++ b/roles/debian-base/tasks/ssh.yml @@ -19,4 +19,4 @@ owner: root group: root mode: u=rw,g=r,o=r - notify: restart sshd \ No newline at end of file + notify: restart sshd diff --git a/roles/debian-base/tasks/vim.yml b/roles/debian-base/tasks/vim.yml index 2d40113..798a20d 100644 --- a/roles/debian-base/tasks/vim.yml +++ b/roles/debian-base/tasks/vim.yml @@ -8,4 +8,4 @@ dest: /etc/vim/ mode: u=rw,g=r,o=r owner: root - group: root \ No newline at end of file + group: root diff --git a/roles/debian-base/tasks/vn-repo.yml b/roles/debian-base/tasks/vn-repo.yml index 2c63da7..bd85ca4 100644 --- a/roles/debian-base/tasks/vn-repo.yml +++ b/roles/debian-base/tasks/vn-repo.yml @@ -1,3 +1,3 @@ - name: Install package apt: - deb: "{{ vn_host.url }}/{{ vn_host.package }}" + deb: "{{ vn_host_url }}" diff --git a/roles/debian-base/tasks/witness.yml b/roles/debian-base/tasks/witness.yml index 26129d8..75e7179 100644 --- a/roles/debian-base/tasks/witness.yml +++ b/roles/debian-base/tasks/witness.yml @@ -9,4 +9,4 @@ file: path: /etc/vn.witness state: touch - when: vn_witness \ No newline at end of file + when: vn_witness -- 2.40.1