mikepell/dsfin-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- more updates to os-specific setups

Browse Source
This commit is contained in:
Pi
2019-07-29 11:54:52 -04:00
parent f16d598797
commit b85b326204
3 changed files with 95 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
hosts
View File

@@ -1,121 +1,76 @@
sdwcltm2 ansible_host=192.168.50.2 site_clli=CRHMNJAW # list all of the raspberry PI devices in the network
sdwcltm3 ansible_host=192.168.201.55 site_clli=MTLRNJIK # the host name on each will be set to the first column
sdwcltm5 ansible_host=10.8.0.8 site_clli=PHLJPAMT # it can be 1-20 characters, letters, digits, and hyphens
sdwsrvm ansible_host=192.168.60.2 site_clli=WLGRPABW wes-host1 ansible_host=192.168.88.217
sdwcltm8 ansible_host=192.168.150.2 site_clli=FTCLCORN wes-host2 ansible_host=192.168.88.240
ubuntu-server-2 ansible_host=192.168.198.2 site_clli=CMCYCOJL wes-host3 ansible_host=192.168.88.218
sdwcltm7 ansible_host=192.168.199.2 site_clli=SRSPNYGN
sdwsrvl ansible_host=192.168.90.2 site_clli=LSBGFL59 [ansible-hosts]
sdwcltm4 ansible_host=192.168.100.2 site_clli=PROVUTZZ # there must only be one ansible-host. this is the device
sdwcltm6 ansible_host=192.168.200.34 site_clli=PHLJPAMT # that will act as the configuration server
ubuntu-server-1 ansible_host=192.168.201.2 site_clli=MTLRNJIK wes-host1
sdwcltm9 ansible_host=192.168.200.163 site_clli=NRCRGAQN
#192.168.201.3 [update]
ipsectest1 ansible_host=192.168.201.90 # machines for auto package update
ssh-jump ansible_host=192.168.201.9 # this allows for excluding certain
# machines from automatically updating
[ansible-host] # installed packages
ubuntu-server-1
[pi]
[update] # include all Raspberry Pi devces here
# machines for auto package update wes-host1
# this allows for excluding certain wes-host2
# machines from automatically updating wes-host3
# installed packages
sdwcltm2 # use variables for passwords
sdwcltm3 # currently not implemented
sdwcltm5 [pi:vars]
sdwsrvm vncpassword=vncpass99
sdwcltm8 pipassword=pipassword99
sdwcltm7
sdwsrvl [samba-server]
sdwcltm4 # it is best to have only one samba-server host
sdwcltm6 wes-host1
sdwcltm9
ipsectest1 [smbclient]
# it would probably be best to limit this to 10 clients
[pi] wes-host2
sdwcltm2 wes-host3
sdwcltm3
sdwcltm5 [public]
sdwsrvm # not currently used
sdwcltm8 #
sdwcltm6 [snmpd]
sdwcltm7 # installs SNMP daemon
sdwsrvl #
sdwcltm4 [netflows]
#192.168.201.3 # installs flow client
#
[samba-server] [facebook]
ipsectest1 # devices can be set up for facebook, salesforce or youtube
# these are mutually exclusive and must be checked by you as there
[smbclient] # is no automated process for that
sdwcltm2 wes-host1
sdwcltm3
ubuntu-server-1 [salesforce]
sdwcltm5 # see comment for facebook
sdwsrvm wes-host2
sdwcltm8
sdwcltm6 [youtube]
sdwcltm7 # see comment for facebook
sdwsrvl wes-host3
sdwcltm4
sdwcltm9 [ftpclient]
[public] [sipclient]
ubuntu-server-1 # generates VoIP traffic, signaling and media
wes-host1
[snmpd] wes-host3
#192.168.201.3
sdwcltm2 [sipserver]
sdwcltm3 # there must only be one sipserver
sdwcltm6 wes-host2
sdwcltm8
[ntopng]
[netflows] # hosts running ntop
[facebook]
sdwcltm5
sdwsrvm
sdwcltm4
[salesforce]
sdwcltm3
sdwcltm6
sdwcltm7
sdwsrvl
sdwcltm8
[youtube]
sdwcltm2
sdwcltm3
[ftpclient]
sdwcltm2
sdwcltm3
sdwcltm4
sdwcltm5
sdwcltm6
sdwcltm7
sdwcltm8
sdwsrvm
ubuntu-server-1
[sipclient]
sdwcltm2
sdwcltm3
sdwcltm4
sdwcltm5
sdwcltm6
sdwcltm7
sdwcltm8
sdwcltm9
sdwsrvl
sdwsrvm
[sipserver]
ubuntu-server-2
[ntopng]
sdwcltm5
sdwcltm6

23
roles/common/tasks/main.yaml
View File

@@ -53,7 +53,8 @@
state: restarted state: restarted
tags: enable_openvpn tags: enable_openvpn
when: openvpn_enabled when: openvpn_enabled
- lineinfile: - name: allow pi to sudo without pw
lineinfile:
path: /etc/sudoers path: /etc/sudoers
state: present state: present
regexp: '^%sudo' regexp: '^%sudo'
@@ -61,16 +62,16 @@
validate: 'visudo -cf %s' validate: 'visudo -cf %s'
become: true become: true
tags: pi_sudo tags: pi_sudo
- name: Ensure the locale exists #- name: Ensure the locale exists
locale_gen: # locale_gen:
name: en_US.UTF-8 # name: en_US.UTF-8
state: present # state: present
become: yes # become: yes
- name: set as default locale #- name: set as default locale
command: raspi-config nonint do_change_locale en_US.UTF-8 # command: raspi-config nonint do_change_locale en_US.UTF-8
become: yes # become: yes
- name: set keyboard to us #- name: set keyboard to us
command: raspi-config nonint do_configure_keyboard us # command: raspi-config nonint do_configure_keyboard us
- name: pi - name: pi
become: yes become: yes
user: user:

7
roles/common/vars/os_Ubuntu_18.yml Normal file
View File

@@ -0,0 +1,7 @@
---
dependency_packages:
- vim
- mc
- build-essential
- openvpn
- aptitude