From 23915d05494821a12175b2dbd63402c47f858d31 Mon Sep 17 00:00:00 2001 From: Pi Date: Thu, 14 Mar 2019 12:55:33 -0400 Subject: [PATCH] -change hosts file - will maintain hosts file on multipe machines. for the scope of this type of demo network, this is much simpler than installing and managing dns. --- hosts | 9 ++++++++ main.yaml | 2 ++ roles/common/tasks/main.yaml | 7 ++++++ roles/common/templates/hosts.j2 | 7 ++++++ roles/domainname/tasks/main.yaml | 12 ++++++++++ roles/netflows/tasks/main.yaml | 5 +++-- roles/nrpe/files/nrpe_local.cfg | 4 ++-- roles/snmpd/tasks/main.yaml | 2 +- roles/vnc/tasks/main.yaml | 2 +- roles/wifi/files/hostapd.conf | 15 +++++++++++++ roles/wifi/files/iptables.ipv4.nat | 18 +++++++++++++++ roles/wifi/tasks/main.yaml | 35 ++++++++++-------------------- set_sudoer.yml | 1 + 13 files changed, 89 insertions(+), 30 deletions(-) create mode 100644 roles/common/templates/hosts.j2 create mode 100755 roles/domainname/tasks/main.yaml create mode 100644 roles/wifi/files/hostapd.conf create mode 100644 roles/wifi/files/iptables.ipv4.nat diff --git a/hosts b/hosts index 116e316..ce37b25 100755 --- a/hosts +++ b/hosts @@ -16,6 +16,7 @@ sdwcltm2 sdwcltm5 sdwsrvm sdwcltm8 +sdwcltm6 sdwcltm7 sdwsrvl sdwcltm4 @@ -39,10 +40,18 @@ ubuntu-server-1 [snmpd] #192.168.201.3 sdwcltm2 +sdwcltm6 sdwcltm8 [netflows] sdwcltm2 +sdwcltm5 +sdwcltm6 +sdwcltm7 +sdwcltm4 +sdwcltm9 +sdwsrvm +sdwsrvl [facebook] sdwcltm5 diff --git a/main.yaml b/main.yaml index d4d6a21..a23d82a 100644 --- a/main.yaml +++ b/main.yaml @@ -15,6 +15,8 @@ roles: - snmpd - wifi + - vnc + - domainname vars_prompt: - name: rocommunity prompt: "Enter SNMP RO community name" diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 481a20a..64fb998 100755 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -16,3 +16,10 @@ - /home/pi/Documents/smb - /home/pi/scripts tags: create_dirs +- name: update hosts file + become: true + blockinfile: + dest: /etc/hosts + content: "{{ lookup('template', '{{ role_path }}/templates/hosts.j2') }}" + state: present + tags: update_hosts diff --git a/roles/common/templates/hosts.j2 b/roles/common/templates/hosts.j2 new file mode 100644 index 0000000..4d6398a --- /dev/null +++ b/roles/common/templates/hosts.j2 @@ -0,0 +1,7 @@ +{% for item in ansible_play_batch %} +{{ hostvars[item].ansible_host }} {{ item }}.demo.dsfinancial.com +{% endfor %} + +{% for item in ansible_play_batch %} +{{ hostvars[item].ansible_host }} {{ item }} +{% endfor %} diff --git a/roles/domainname/tasks/main.yaml b/roles/domainname/tasks/main.yaml new file mode 100755 index 0000000..cbf1ab6 --- /dev/null +++ b/roles/domainname/tasks/main.yaml @@ -0,0 +1,12 @@ +--- +- lineinfile: + path: /etc/dhcpcd.conf + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^static\ domain_name=', line: 'static domain_name=demo.dsfinancial.com' } + - { regexp: '^static\ domain_search=', line: 'static domain_search=demo.dsfinancial.com' } + become: true + tags: update_domainname + + diff --git a/roles/netflows/tasks/main.yaml b/roles/netflows/tasks/main.yaml index 929e5fd..169b45a 100755 --- a/roles/netflows/tasks/main.yaml +++ b/roles/netflows/tasks/main.yaml @@ -10,9 +10,10 @@ path: /etc/default/fprobe state: present backrefs: yes - regexp: '^FLOW_COLLECTOR="localhost:555"' - line: 'FLOW_COLLECTOR="192.168.200.247:9995"' + regexp: '^FLOW_COLLECTOR=' + line: 'FLOW_COLLECTOR="192.168.201.53:9996"' become: true + tags: configure_fprobe - name: enable fprobe service and ensure it is not masked systemd: name: fprobe diff --git a/roles/nrpe/files/nrpe_local.cfg b/roles/nrpe/files/nrpe_local.cfg index eb67903..a425103 100644 --- a/roles/nrpe/files/nrpe_local.cfg +++ b/roles/nrpe/files/nrpe_local.cfg @@ -3,8 +3,8 @@ ###################################### command[check_test_file_100M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 86400 -c 1570000 -W 50000000 -C 10 -f '/home/pi/Documents/smb/test_file_100M' command[check_test_file_200M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 86400 -c 1570000 -W 100000000 -C 10 -f '/home/pi/Documents/smb/test_file_200M' -command[check_test_file_500M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 172800 -c 1570000 -W 250000000 -C 10 -f '/home/pi/Documents/smb/test_file_500M' -command[check_test_file_1G]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 172800 -c 1570000 -W 500000000 -C 10 -f '/home/pi/Documents/smb/test_file_1G' +command[check_test_file_500M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 432600 -c 1570000 -W 250000000 -C 10 -f '/home/pi/Documents/smb/test_file_500M' +command[check_test_file_1G]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 432600 -c 1570000 -W 500000000 -C 10 -f '/home/pi/Documents/smb/test_file_1G' command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p / command[check_mem]=/usr/lib/nagios/plugins/check_mem.pl -u -C -w 85 -c 95 command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 30% -c 10% diff --git a/roles/snmpd/tasks/main.yaml b/roles/snmpd/tasks/main.yaml index 3b04f82..be81442 100755 --- a/roles/snmpd/tasks/main.yaml +++ b/roles/snmpd/tasks/main.yaml @@ -23,7 +23,7 @@ enabled: yes masked: no state: restarted - tags: enablestart_snmpd + tags: enable_snmpd become: true - name: set timezone become: true diff --git a/roles/vnc/tasks/main.yaml b/roles/vnc/tasks/main.yaml index 9574c1f..6f5c819 100755 --- a/roles/vnc/tasks/main.yaml +++ b/roles/vnc/tasks/main.yaml @@ -6,7 +6,7 @@ enabled: yes masked: no state: restarted - tags: enablestart_vnc + tags: enable_vnc - name: copy vnc configuration with password become: true copy: diff --git a/roles/wifi/files/hostapd.conf b/roles/wifi/files/hostapd.conf new file mode 100644 index 0000000..2b84e51 --- /dev/null +++ b/roles/wifi/files/hostapd.conf @@ -0,0 +1,15 @@ +interface=wlan0 +driver=nl80211 +hw_mode=g +channel=6 +ieee80211n=1 +wmm_enabled=1 +ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] +macaddr_acl=0 +ignore_broadcast_ssid=0 +wpa=2 +auth_algs=1 +wpa_key_mgmt=WPA-PSK +rsn_pairwise=CCMP +ssid=PHLIPAMT +wpa_passphrase=dsfinisdemo diff --git a/roles/wifi/files/iptables.ipv4.nat b/roles/wifi/files/iptables.ipv4.nat new file mode 100644 index 0000000..4f3a39c --- /dev/null +++ b/roles/wifi/files/iptables.ipv4.nat @@ -0,0 +1,18 @@ +# Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019 +*filter +:INPUT ACCEPT [7056:1877085] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [6972:1880076] +-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -i wlan0 -o eth0 -j ACCEPT +COMMIT +# Completed on Thu Mar 14 09:59:15 2019 +# Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019 +*nat +:PREROUTING ACCEPT [15:3832] +:INPUT ACCEPT [15:3832] +:OUTPUT ACCEPT [110:30472] +:POSTROUTING ACCEPT [106:29680] +-A POSTROUTING -o eth0 -j MASQUERADE +COMMIT +# Completed on Thu Mar 14 09:59:15 2019 diff --git a/roles/wifi/tasks/main.yaml b/roles/wifi/tasks/main.yaml index 640fd76..fcec05a 100755 --- a/roles/wifi/tasks/main.yaml +++ b/roles/wifi/tasks/main.yaml @@ -6,27 +6,14 @@ state: absent purge: true tags: remove_wpasupplicant -- lineinfile: - path: /etc/snmp/snmpd.conf - state: present - backrefs: yes - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^\s+rocommunity\s+public\s+default\s+-V\s+systemonly', line: ' rocommunity {{ rocommunity }}' } - - { regexp: '^agentAddress\s+udp:127.0.0.1:161', line: 'agentAddress udp:161' } - tags: configure_snmpd - become: true -- name: enable snmpd service and ensure it is not masked - systemd: - name: snmpd - enabled: yes - masked: no - state: restarted - tags: enablestart_snmpd - become: true -- name: set timezone - become: true - timezone: - name: America/New_York - tags: set_timezone +# configure wlan0 +# install hostapd +# configure hostapd +# /etc/default/hostapd +# enable hostapd +# install dnsmasq +# configure dnsmasq +# enable dnsmasq +# enable ipv4.forwarding +# copy fw config +# iptables-restore to rc.local diff --git a/set_sudoer.yml b/set_sudoer.yml index 5a67803..df79a29 100755 --- a/set_sudoer.yml +++ b/set_sudoer.yml @@ -7,3 +7,4 @@ regexp: '^%sudo' line: '%sudo ALL=(ALL) NOPASSWD: ALL' validate: 'visudo -cf %s' + become: true