-change hosts file - will maintain hosts file on multipe machines.

for the scope of this type of demo network, this is much simpler
than installing and managing dns.

hosts

@@ -16,6 +16,7 @@ sdwcltm2
 sdwcltm5
 sdwsrvm
 sdwcltm8
+sdwcltm6
 sdwcltm7
 sdwsrvl
 sdwcltm4
@@ -39,10 +40,18 @@ ubuntu-server-1
 [snmpd]
 #192.168.201.3
 sdwcltm2
+sdwcltm6
 sdwcltm8
 
 [netflows]
 sdwcltm2
+sdwcltm5
+sdwcltm6
+sdwcltm7
+sdwcltm4
+sdwcltm9
+sdwsrvm
+sdwsrvl
 
 [facebook]
 sdwcltm5

main.yaml

@@ -15,6 +15,8 @@
   roles:
           - snmpd
           - wifi
+          - vnc
+          - domainname
   vars_prompt:
     - name: rocommunity
       prompt: "Enter SNMP RO community name"

roles/common/tasks/main.yaml

@@ -16,3 +16,10 @@
           - /home/pi/Documents/smb
           - /home/pi/scripts
   tags: create_dirs
+- name: update hosts file
+  become: true
+  blockinfile:
+          dest: /etc/hosts
+          content: "{{ lookup('template', '{{ role_path }}/templates/hosts.j2') }}"
+          state: present
+  tags: update_hosts

roles/common/templates/hosts.j2

@@ -0,0 +1,7 @@
+{% for item in ansible_play_batch %}
+{{ hostvars[item].ansible_host }}	{{ item }}.demo.dsfinancial.com
+{% endfor %}
+
+{% for item in ansible_play_batch %}
+{{ hostvars[item].ansible_host }}	{{ item }}
+{% endfor %}

roles/domainname/tasks/main.yaml

@@ -0,0 +1,12 @@
+---
+- lineinfile:
+        path: /etc/dhcpcd.conf
+        regexp: "{{ item.regexp }}"
+        line: "{{ item.line }}"
+  with_items:
+          - { regexp: '^static\ domain_name=', line: 'static domain_name=demo.dsfinancial.com' }
+          - { regexp: '^static\ domain_search=', line: 'static domain_search=demo.dsfinancial.com' }
+  become: true
+  tags: update_domainname
+
+

roles/netflows/tasks/main.yaml

@@ -10,9 +10,10 @@
     path: /etc/default/fprobe
     state: present
     backrefs: yes
-    regexp: '^FLOW_COLLECTOR="localhost:555"'
+    regexp: '^FLOW_COLLECTOR='
-    line: 'FLOW_COLLECTOR="192.168.200.247:9995"'
+    line: 'FLOW_COLLECTOR="192.168.201.53:9996"'
   become: true
+  tags: configure_fprobe
 - name: enable fprobe service and ensure it is not masked
   systemd:
     name: fprobe

roles/nrpe/files/nrpe_local.cfg

@@ -3,8 +3,8 @@
 ######################################
 command[check_test_file_100M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 86400 -c 1570000 -W 50000000 -C 10 -f '/home/pi/Documents/smb/test_file_100M'
 command[check_test_file_200M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 86400 -c 1570000 -W 100000000 -C 10 -f '/home/pi/Documents/smb/test_file_200M'
-command[check_test_file_500M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 172800 -c 1570000 -W 250000000 -C 10 -f '/home/pi/Documents/smb/test_file_500M'
+command[check_test_file_500M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 432600 -c 1570000 -W 250000000 -C 10 -f '/home/pi/Documents/smb/test_file_500M'
-command[check_test_file_1G]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 172800 -c 1570000 -W 500000000 -C 10 -f '/home/pi/Documents/smb/test_file_1G'
+command[check_test_file_1G]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 432600 -c 1570000 -W 500000000 -C 10 -f '/home/pi/Documents/smb/test_file_1G'
 command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
 command[check_mem]=/usr/lib/nagios/plugins/check_mem.pl -u -C -w 85 -c 95
 command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 30% -c 10%

roles/snmpd/tasks/main.yaml

@@ -23,7 +23,7 @@
     enabled: yes
     masked: no
     state: restarted
-  tags: enablestart_snmpd
+  tags: enable_snmpd
   become: true
 - name: set timezone
   become: true

roles/vnc/tasks/main.yaml

@@ -6,7 +6,7 @@
           enabled: yes
           masked: no
           state: restarted
-  tags: enablestart_vnc
+  tags: enable_vnc
 - name: copy vnc configuration with password
   become: true
   copy:

roles/wifi/files/hostapd.conf

@@ -0,0 +1,15 @@
+interface=wlan0
+driver=nl80211
+hw_mode=g
+channel=6
+ieee80211n=1
+wmm_enabled=1
+ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
+macaddr_acl=0
+ignore_broadcast_ssid=0
+wpa=2
+auth_algs=1
+wpa_key_mgmt=WPA-PSK
+rsn_pairwise=CCMP
+ssid=PHLIPAMT
+wpa_passphrase=dsfinisdemo

roles/wifi/files/iptables.ipv4.nat

@@ -0,0 +1,18 @@
+# Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019
+*filter
+:INPUT ACCEPT [7056:1877085]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [6972:1880076]
+-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i wlan0 -o eth0 -j ACCEPT
+COMMIT
+# Completed on Thu Mar 14 09:59:15 2019
+# Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019
+*nat
+:PREROUTING ACCEPT [15:3832]
+:INPUT ACCEPT [15:3832]
+:OUTPUT ACCEPT [110:30472]
+:POSTROUTING ACCEPT [106:29680]
+-A POSTROUTING -o eth0 -j MASQUERADE
+COMMIT
+# Completed on Thu Mar 14 09:59:15 2019

roles/wifi/tasks/main.yaml

@@ -6,27 +6,14 @@
     state: absent
     purge: true
   tags: remove_wpasupplicant
-- lineinfile:
+# configure wlan0
-    path: /etc/snmp/snmpd.conf
+# install hostapd
-    state: present
+# configure hostapd
-    backrefs: yes
+# /etc/default/hostapd
-    regexp: "{{ item.regexp }}"
+# enable hostapd
-    line: "{{ item.line }}"
+# install dnsmasq
-  with_items:
+# configure dnsmasq
-    - { regexp: '^\s+rocommunity\s+public\s+default\s+-V\s+systemonly', line: ' rocommunity {{ rocommunity }}' }
+# enable dnsmasq
-    - { regexp: '^agentAddress\s+udp:127.0.0.1:161', line: 'agentAddress udp:161' }
+# enable ipv4.forwarding
-  tags: configure_snmpd
+# copy fw config
-  become: true
+# iptables-restore to rc.local
-- name: enable snmpd service and ensure it is not masked
-  systemd:
-    name: snmpd
-    enabled: yes
-    masked: no
-    state: restarted
-  tags: enablestart_snmpd
-  become: true
-- name: set timezone
-  become: true
-  timezone:
-    name: America/New_York
-  tags: set_timezone

set_sudoer.yml

@@ -7,3 +7,4 @@
         regexp: '^%sudo'
         line: '%sudo ALL=(ALL) NOPASSWD: ALL'
         validate: 'visudo -cf %s'
+      become: true