mikepell/dsfin-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

more role organization.

Browse Source 
tbd - make use of variables in root/main.yaml
This commit is contained in:
Pi
2019-02-21 12:21:11 -05:00
parent c712efa8db
commit aabd89fae8
6 changed files with 242 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
main.yaml
View File

@@ -1,5 +1,17 @@
--- ---
- hosts: netflows - hosts: netflows
become: true
roles: roles:
- netflows - netflows
- hosts: all
roles:
- common
- hosts: public
roles:
- public
- hosts: smbclient
roles:
- smbclient
- hosts: pi
roles:
- snmpd

4
roles/common/tasks/main.yaml
View File

@@ -1,7 +1,5 @@
--- ---
- hosts: all - name: Upgrade all packages o the latest version
tasks:
- name: Upgrade all packages o the latest version
become: true become: true
apt: apt:
upgrade: yes upgrade: yes

10
roles/public/tasks/main.yaml
View File

@@ -1,12 +1,10 @@
--- ---
- hosts: public - name: Install ufw packages
tasks:
- name: Install ufw packages
package: package:
name: ufw name: ufw
state: present state: present
become: true become: true
- name: Allow all access from RFC1918 networks to this hosts - name: Allow all access from RFC1918 networks to this hosts
ufw: ufw:
rule: allow rule: allow
src: '{{ item }}' src: '{{ item }}'
@@ -15,7 +13,7 @@
- 172.16.0.0/12 - 172.16.0.0/12
- 192.168.0.0/16 - 192.168.0.0/16
become: true become: true
- name: Allow all access from any Comcast IP Space - name: Allow all access from any Comcast IP Space
become: true become: true
ufw: ufw:
rule: allow rule: allow
@@ -180,7 +178,7 @@
- 98.241.0.0/16 - 98.241.0.0/16
- 98.32.0.0/11 - 98.32.0.0/11
- name: Enable UFW - name: Enable UFW
ufw: ufw:
state: enabled state: enabled
policy: deny policy: deny

9
roles/smbclient/tasks/main.yaml Executable file
View File

@@ -0,0 +1,9 @@
---
- name: enable cron job for smb traffic
cron:
name: "smbtraff"
minute: "*/20"
hour: "7-18"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 1199' && /home/pi/scripts/smb-session.sh"
tags: smbtraff_cron

11
roles/smbclient/tasks/playbook.yaml
View File

@@ -1,11 +0,0 @@
---
- hosts: smbclient
tasks:
- name: enable cron job for smb traffic
cron:
name: "smbtraff"
minute: "*/20"
hour: "7-18"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 1199' && /home/pi/scripts/smb-session.sh"
tags: smbtraff_cron

10
roles/snmpd/tasks/main.yaml
View File

@@ -1,14 +1,12 @@
--- ---
- hosts: pi - name: Install snmpd Package
tasks:
- name: Install snmpd Package
become: yes become: yes
apt: apt:
name: ['snmpd'] name: ['snmpd']
state: present state: present
update_cache: true update_cache: true
tags: install_snmpd tags: install_snmpd
- lineinfile: - lineinfile:
path: /etc/snmp/snmpd.conf path: /etc/snmp/snmpd.conf
state: present state: present
backrefs: yes backrefs: yes
@@ -19,7 +17,7 @@
- { regexp: '^agentAddress\s+udp:127.0.0.1:161', line: 'agentAddress udp:161' } - { regexp: '^agentAddress\s+udp:127.0.0.1:161', line: 'agentAddress udp:161' }
tags: configure_snmpd tags: configure_snmpd
become: true become: true
- name: enable snmpd service and ensure it is not masked - name: enable snmpd service and ensure it is not masked
systemd: systemd:
name: snmpd name: snmpd
enabled: yes enabled: yes
@@ -27,7 +25,7 @@
state: restarted state: restarted
tags: enablestart_snmpd tags: enablestart_snmpd
become: true become: true
- name: set timezone - name: set timezone
become: true become: true
timezone: timezone:
name: America/New_York name: America/New_York