From b85b32620403e0e3079a71964bd696a3a3e88337 Mon Sep 17 00:00:00 2001 From: Pi Date: Mon, 29 Jul 2019 11:54:52 -0400 Subject: [PATCH] - more updates to os-specific setups --- hosts | 197 +++++++++++------------------ roles/common/tasks/main.yaml | 23 ++-- roles/common/vars/os_Ubuntu_18.yml | 7 + 3 files changed, 95 insertions(+), 132 deletions(-) create mode 100644 roles/common/vars/os_Ubuntu_18.yml diff --git a/hosts b/hosts index 851a3ec..35a8e74 100644 --- a/hosts +++ b/hosts @@ -1,121 +1,76 @@ -sdwcltm2 ansible_host=192.168.50.2 site_clli=CRHMNJAW -sdwcltm3 ansible_host=192.168.201.55 site_clli=MTLRNJIK -sdwcltm5 ansible_host=10.8.0.8 site_clli=PHLJPAMT -sdwsrvm ansible_host=192.168.60.2 site_clli=WLGRPABW -sdwcltm8 ansible_host=192.168.150.2 site_clli=FTCLCORN -ubuntu-server-2 ansible_host=192.168.198.2 site_clli=CMCYCOJL -sdwcltm7 ansible_host=192.168.199.2 site_clli=SRSPNYGN -sdwsrvl ansible_host=192.168.90.2 site_clli=LSBGFL59 -sdwcltm4 ansible_host=192.168.100.2 site_clli=PROVUTZZ -sdwcltm6 ansible_host=192.168.200.34 site_clli=PHLJPAMT -ubuntu-server-1 ansible_host=192.168.201.2 site_clli=MTLRNJIK -sdwcltm9 ansible_host=192.168.200.163 site_clli=NRCRGAQN -#192.168.201.3 -ipsectest1 ansible_host=192.168.201.90 -ssh-jump ansible_host=192.168.201.9 - -[ansible-host] -ubuntu-server-1 - -[update] -# machines for auto package update -# this allows for excluding certain -# machines from automatically updating -# installed packages -sdwcltm2 -sdwcltm3 -sdwcltm5 -sdwsrvm -sdwcltm8 -sdwcltm7 -sdwsrvl -sdwcltm4 -sdwcltm6 -sdwcltm9 -ipsectest1 - -[pi] -sdwcltm2 -sdwcltm3 -sdwcltm5 -sdwsrvm -sdwcltm8 -sdwcltm6 -sdwcltm7 -sdwsrvl -sdwcltm4 -#192.168.201.3 - -[samba-server] -ipsectest1 - -[smbclient] -sdwcltm2 -sdwcltm3 -ubuntu-server-1 -sdwcltm5 -sdwsrvm -sdwcltm8 -sdwcltm6 -sdwcltm7 -sdwsrvl -sdwcltm4 -sdwcltm9 - -[public] -ubuntu-server-1 - -[snmpd] -#192.168.201.3 -sdwcltm2 -sdwcltm3 -sdwcltm6 -sdwcltm8 - -[netflows] - -[facebook] -sdwcltm5 -sdwsrvm -sdwcltm4 - -[salesforce] -sdwcltm3 -sdwcltm6 -sdwcltm7 -sdwsrvl -sdwcltm8 - -[youtube] -sdwcltm2 -sdwcltm3 - -[ftpclient] -sdwcltm2 -sdwcltm3 -sdwcltm4 -sdwcltm5 -sdwcltm6 -sdwcltm7 -sdwcltm8 -sdwsrvm -ubuntu-server-1 - -[sipclient] -sdwcltm2 -sdwcltm3 -sdwcltm4 -sdwcltm5 -sdwcltm6 -sdwcltm7 -sdwcltm8 -sdwcltm9 -sdwsrvl -sdwsrvm - -[sipserver] -ubuntu-server-2 - -[ntopng] -sdwcltm5 -sdwcltm6 +# list all of the raspberry PI devices in the network +# the host name on each will be set to the first column +# it can be 1-20 characters, letters, digits, and hyphens +wes-host1 ansible_host=192.168.88.217 +wes-host2 ansible_host=192.168.88.240 +wes-host3 ansible_host=192.168.88.218 + +[ansible-hosts] +# there must only be one ansible-host. this is the device +# that will act as the configuration server +wes-host1 + +[update] +# machines for auto package update +# this allows for excluding certain +# machines from automatically updating +# installed packages + +[pi] +# include all Raspberry Pi devces here +wes-host1 +wes-host2 +wes-host3 + +# use variables for passwords +# currently not implemented +[pi:vars] +vncpassword=vncpass99 +pipassword=pipassword99 + +[samba-server] +# it is best to have only one samba-server host +wes-host1 + +[smbclient] +# it would probably be best to limit this to 10 clients +wes-host2 +wes-host3 + +[public] +# not currently used +# +[snmpd] +# installs SNMP daemon +# +[netflows] +# installs flow client +# +[facebook] +# devices can be set up for facebook, salesforce or youtube +# these are mutually exclusive and must be checked by you as there +# is no automated process for that +wes-host1 + +[salesforce] +# see comment for facebook +wes-host2 + +[youtube] +# see comment for facebook +wes-host3 + +[ftpclient] + +[sipclient] +# generates VoIP traffic, signaling and media +wes-host1 +wes-host3 + +[sipserver] +# there must only be one sipserver +wes-host2 + +[ntopng] +# hosts running ntop + diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 381959e..a0d0a62 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -53,7 +53,8 @@ state: restarted tags: enable_openvpn when: openvpn_enabled -- lineinfile: +- name: allow pi to sudo without pw + lineinfile: path: /etc/sudoers state: present regexp: '^%sudo' @@ -61,16 +62,16 @@ validate: 'visudo -cf %s' become: true tags: pi_sudo -- name: Ensure the locale exists - locale_gen: - name: en_US.UTF-8 - state: present - become: yes -- name: set as default locale - command: raspi-config nonint do_change_locale en_US.UTF-8 - become: yes -- name: set keyboard to us - command: raspi-config nonint do_configure_keyboard us + #- name: Ensure the locale exists + # locale_gen: + # name: en_US.UTF-8 + # state: present + # become: yes + #- name: set as default locale + # command: raspi-config nonint do_change_locale en_US.UTF-8 + # become: yes + #- name: set keyboard to us + # command: raspi-config nonint do_configure_keyboard us - name: pi become: yes user: diff --git a/roles/common/vars/os_Ubuntu_18.yml b/roles/common/vars/os_Ubuntu_18.yml new file mode 100644 index 0000000..83537d2 --- /dev/null +++ b/roles/common/vars/os_Ubuntu_18.yml @@ -0,0 +1,7 @@ +--- +dependency_packages: + - vim + - mc + - build-essential + - openvpn + - aptitude