mikepell/dsfin-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

-numerous changes to work with Raspbian 10

Browse Source 
-redo of some roles, particularly GUI
-modifications to support working from a "Raspbian Lite" install
This commit is contained in:
mpelle426
2019-07-10 14:24:34 +01:00
parent f86279f3cc
commit ed7eabd399
61 changed files with 12386 additions and 12383 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
INSTALL
View File

@@ -1,4 +1,4 @@
Install ansible on Raspberry Pi
* sudo apt-get install python3-pip
* sudo python3 -m pip install ansible
Install ansible on Raspberry Pi
* sudo apt-get install python3-pip
* sudo python3 -m pip install ansible

260
README.md
View File

@@ -1,130 +1,130 @@
# Ansible for DS Financial demo network
Create and configure hosts (typically a Raspberry PI) for sites on demo network. Create and install tools to generate network traffic.
[DS Financial Demo Network](https://wiki.sys.comcast.net/pages/viewpage.action?spaceKey=ETHERNET&title=Demo+Network+Configuration) - Wiki
# Current State
Currently, this is just a loose collection of some repeatable tasks.
The Goal is to evenually be able to spin up a "real" network, generating real traffic:
* Configure host name based on inventory (less manual "pi" setup)
* Configure DNS resolution by updating hosts files on each PI from inventory. This is much simpler than bothering to set up DNS services
* SMB
* Currently working. Ansible to copy scripts and set up cron job
* Samba Server
* install samba
* configure share
* enable samba server
* generate server files in share
* FTP
* Currently working. Manual configuration
* TBD set up server
* TBD set up scripts and cron job on clients
* Web
* Currently working. Manual configuration
* TBD setup server
* EBD set up scripts and cron job on clients
* SIP/Voice
* Currently working for both client and server
* Download sipp source
* Configure sipp source
* Copy scripts and set up cron jobs
* Web application traffic. Note: Must currently be run on separate machines (ie. cannot have Facebook and Youtube on the same box)
* Youtube
* Currently working. Ansible install of scripts and cron configuration
* Facebook
* Currently working. Ansible install of scripts and cron configuration
* SalesForce
* Currently working. Ansible install of scripts and cron jobs
## Getting Started
TBD: On first PI:
* connect to Comcast network to access Github Enterprise
* install updates
* set password for *pi* account
* add *pi" to sudo group (for generic Ubuntu VM)
* usermod -a -G sudo pi
* remove password requirement for sudo group
* sudo visudo
* change line "%sudo ALL=(ALL:ALL) ALL" to "%sudo ALL=(ALL:ALL) NOPASSWD: ALL"
* git clone this repo
* edit hosts per example
### Prerequisites
What things you need to install the software and how to install them
```
Give examples
```
### Installing
A step by step series of examples that tell you how to get a development env running
Say what the step will be
```
Give the example
```
And repeat
```
until finished
```
End with an example of getting some data out of the system or using it for a little demo
## Running the tests
Explain how to run the automated tests for this system
### Break down into end to end tests
Explain what these tests test and why
```
Give an example
```
### And coding style tests
Explain what these tests test and why
```
Give an example
```
## Deployment
Add additional notes about how to deploy this on a live system
## Built With
* [Dropwizard](http://www.dropwizard.io/1.0.2/docs/) - The web framework used
* [Maven](https://maven.apache.org/) - Dependency Management
* [ROME](https://rometools.github.io/rome/) - Used to generate RSS Feeds
## Contributing
Please read [CONTRIBUTING.md](https://gist.github.com/PurpleBooth/b24679402957c63ec426) for details on our code of conduct, and the process for submitting pull requests to us.
## Versioning
We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/your/project/tags).
## Authors
* **Billie Thompson** - *Initial work* - [PurpleBooth](https://github.com/PurpleBooth)
See also the list of [contributors](https://github.com/your/project/contributors) who participated in this project.
## Acknowledgments
* Hat tip to anyone whose code was used
* Inspiration
* etc
# Ansible for DS Financial demo network
Create and configure hosts (typically a Raspberry PI) for sites on demo network. Create and install tools to generate network traffic.
[DS Financial Demo Network](https://wiki.sys.comcast.net/pages/viewpage.action?spaceKey=ETHERNET&title=Demo+Network+Configuration) - Wiki
# Current State
Currently, this is just a loose collection of some repeatable tasks.
The Goal is to evenually be able to spin up a "real" network, generating real traffic:
* Configure host name based on inventory (less manual "pi" setup)
* Configure DNS resolution by updating hosts files on each PI from inventory. This is much simpler than bothering to set up DNS services
* SMB
* Currently working. Ansible to copy scripts and set up cron job
* Samba Server
* install samba
* configure share
* enable samba server
* generate server files in share
* FTP
* Currently working. Manual configuration
* TBD set up server
* TBD set up scripts and cron job on clients
* Web
* Currently working. Manual configuration
* TBD setup server
* EBD set up scripts and cron job on clients
* SIP/Voice
* Currently working for both client and server
* Download sipp source
* Configure sipp source
* Copy scripts and set up cron jobs
* Web application traffic. Note: Must currently be run on separate machines (ie. cannot have Facebook and Youtube on the same box)
* Youtube
* Currently working. Ansible install of scripts and cron configuration
* Facebook
* Currently working. Ansible install of scripts and cron configuration
* SalesForce
* Currently working. Ansible install of scripts and cron jobs
## Getting Started
TBD: On first PI:
* connect to Comcast network to access Github Enterprise
* install updates
* set password for *pi* account
* add *pi" to sudo group (for generic Ubuntu VM)
* usermod -a -G sudo pi
* remove password requirement for sudo group
* sudo visudo
* change line "%sudo ALL=(ALL:ALL) ALL" to "%sudo ALL=(ALL:ALL) NOPASSWD: ALL"
* git clone this repo
* edit hosts per example
### Prerequisites
What things you need to install the software and how to install them
```
Give examples
```
### Installing
A step by step series of examples that tell you how to get a development env running
Say what the step will be
```
Give the example
```
And repeat
```
until finished
```
End with an example of getting some data out of the system or using it for a little demo
## Running the tests
Explain how to run the automated tests for this system
### Break down into end to end tests
Explain what these tests test and why
```
Give an example
```
### And coding style tests
Explain what these tests test and why
```
Give an example
```
## Deployment
Add additional notes about how to deploy this on a live system
## Built With
* [Dropwizard](http://www.dropwizard.io/1.0.2/docs/) - The web framework used
* [Maven](https://maven.apache.org/) - Dependency Management
* [ROME](https://rometools.github.io/rome/) - Used to generate RSS Feeds
## Contributing
Please read [CONTRIBUTING.md](https://gist.github.com/PurpleBooth/b24679402957c63ec426) for details on our code of conduct, and the process for submitting pull requests to us.
## Versioning
We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/your/project/tags).
## Authors
* **Billie Thompson** - *Initial work* - [PurpleBooth](https://github.com/PurpleBooth)
See also the list of [contributors](https://github.com/your/project/contributors) who participated in this project.
## Acknowledgments
* Hat tip to anyone whose code was used
* Inspiration
* etc

978
ansible.cfg Executable file → Normal file
View File

@@ -1,489 +1,489 @@
# config file for ansible -- https://ansible.com/
# ===============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
#gathering = implicit
# This only affects the gathering done by a play's gather_facts directive,
# by default gathering retrieves all facts subsets
# all - gather all subsets
# network - gather min and network facts
# hardware - gather hardware facts (longest facts to retrieve)
# virtual - gather min and virtual facts
# facter - import facts from facter
# ohai - import facts from ohai
# You can combine them using comma (ex: network,virtual)
# You can negate them using ! (ex: !hardware,!facter,!ohai)
# A minimal set of facts is always gathered.
#gather_subset = all
# some hardware related facts are collected
# with a maximum timeout of 10 seconds. This
# option lets you increase or decrease that
# timeout to something more suitable for the
# environment.
# gather_timeout = 10
# Ansible facts are available inside the ansible_facts.* dictionary
# namespace. This setting maintains the behaviour which was the default prior
# to 2.5, duplicating these variables into the main namespace, each with a
# prefix of 'ansible_'.
# This variable is set to True by default for backwards compatibility. It
# will be changed to a default of 'False' in a future release.
# ansible_facts.
# inject_facts_as_vars = True
# additional paths to search for roles in, colon separated
#roles_path = /etc/ansible/roles
# uncomment this to disable SSH key host checking
#host_key_checking = False
# change the default callback, you can only have one 'stdout' type enabled at a time.
#stdout_callback = skippy
## Ansible ships with some plugins that require whitelisting,
## this is done to avoid running all of a type by default.
## These setting lists those that you want enabled for your system.
## Custom plugins should not need this unless plugin author specifies it.
# enable callback plugins, they can output to stdout but cannot be 'stdout' type.
#callback_whitelist = timer, mail
# Determine whether includes in tasks and handlers are "static" by
# default. As of 2.0, includes are dynamic by default. Setting these
# values to True will make includes behave more like they did in the
# 1.x versions.
#task_includes_static = False
#handler_includes_static = False
# Controls if a missing handler for a notification event is an error or a warning
#error_on_missing_handler = True
# change this for alternative sudo implementations
#sudo_exe = sudo
# What flags to pass to sudo
# WARNING: leaving out the defaults might create unexpected behaviours
#sudo_flags = -H -S -n
# SSH timeout
#timeout = 10
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root
# logging is off by default unless this path is defined
# if so defined, consider logrotate
log_path = /var/log/ansible.log
# default module name for /usr/bin/ansible
#module_name = command
# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh
# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace
# by default, variables from roles will be visible in the global variable
# scope. To prevent this, the following option can be enabled, and only
# tasks and handlers within the role will see the variables there
#private_role_vars = yes
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file
# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
#vault_password_file = /path/to/vault_password_file
# format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
# in some situations so the default is a static string:
#ansible_managed = Ansible managed
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#display_skipped_hosts = True
# by default, if a task in a playbook does not include a name: field then
# ansible-playbook will construct a header that includes the task's action but
# not the task's args. This is a security feature because ansible cannot know
# if the *module* considers an argument to be no_log at the time that the
# header is printed. If your environment doesn't have a problem securing
# stdout from ansible-playbook (or you have manually specified no_log in your
# playbook on all of the tasks where you have secret information) then you can
# safely set this to True to get more informative messages.
#display_args_to_stdout = False
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
#system_warnings = True
# by default (as of 1.4), Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions.
# to disable these warnings, set the following value to False:
#deprecation_warnings = True
# (as of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a default Ansible module
# instead. These warnings can be silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line
# parameter string. This will for example suggest using the git module
# instead of shelling out to the git command.
# command_warnings = False
# set plugin path directories here, separate with colons
#action_plugins = /usr/share/ansible/plugins/action
#cache_plugins = /usr/share/ansible/plugins/cache
#callback_plugins = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins = /usr/share/ansible/plugins/lookup
#inventory_plugins = /usr/share/ansible/plugins/inventory
#vars_plugins = /usr/share/ansible/plugins/vars
#filter_plugins = /usr/share/ansible/plugins/filter
#test_plugins = /usr/share/ansible/plugins/test
#terminal_plugins = /usr/share/ansible/plugins/terminal
#strategy_plugins = /usr/share/ansible/plugins/strategy
# by default, ansible will use the 'linear' strategy but you may want to try
# another one
#strategy = free
# by default callbacks are not loaded for /bin/ansible, enable this if you
# want, for example, a notification or logging callback to also apply to
# /bin/ansible runs
#bin_ansible_callbacks = False
# don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
# set which cowsay stencil you'd like to use by default. When set to 'random',
# a random stencil will be selected for each task. The selection will be filtered
# against the `cow_whitelist` option below.
#cow_selection = default
#cow_selection = random
# when using the 'random' option for cowsay, stencils will be restricted to this list.
# it should be formatted as a comma-separated list with no spaces between names.
# NOTE: line continuations here are for formatting purposes only, as the INI parser
# in python does not support them.
#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
# don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
#fact_caching = memory
#This option tells Ansible where to cache facts. The value is plugin dependent.
#For the jsonfile plugin, it should be a path to a local directory.
#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
#fact_caching_connection=/tmp
# retry files
# When a playbook fails by default a .retry file will be created in ~/
# You can disable this feature by setting retry_files_enabled to False
# and you can change the location of the files by setting retry_files_save_path
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
# squash actions
# Ansible can optimise actions that call modules with list parameters
# when looping. Instead of calling the module once per with_ item, the
# module is called once with all items at once. Currently this only works
# under limited circumstances, and only with parameters named 'name'.
#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
# prevents logging of task data, off by default
#no_log = False
# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
#no_target_syslog = False
# controls whether Ansible will raise an error or warning if a task has no
# choice but to create world readable temporary files to execute a module on
# the remote machine. This option is False by default for security. Users may
# turn this on to have behaviour more like Ansible prior to 2.1.x. See
# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
# for more secure ways to fix this than enabling this option.
#allow_world_readable_tmpfiles = False
# controls the compression level of variables sent to
# worker processes. At the default of 0, no compression
# is used. This value must be an integer from 0 to 9.
#var_compression_level = 9
# controls what compression method is used for new-style ansible modules when
# they are sent to the remote system. The compression types depend on having
# support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory
# variable
#module_compression = 'ZIP_DEFLATED'
# This controls the cutoff point (in bytes) on --diff for files
# set to 0 for unlimited (RAM may suffer!).
#max_diff_size = 1048576
# This controls how ansible handles multiple --tags and --skip-tags arguments
# on the CLI. If this is True then multiple arguments are merged together. If
# it is False, then the last specified argument is used and the others are ignored.
# This option will be removed in 2.8.
#merge_multiple_cli_flags = True
# Controls showing custom stats at the end, off by default
#show_custom_stats = True
# Controls which files to ignore when using a directory as inventory with
# possibly multiple sources (both static and dynamic)
#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
# This family of modules use an alternative execution path optimized for network appliances
# only update this setting if you know how this works, otherwise it can break module execution
#network_group_modules=eos, nxos, ios, iosxr, junos, vyos
# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
# jinja2 templating language which will be run through the templating engine.
# ENABLING THIS COULD BE A SECURITY RISK
#allow_unsafe_lookups = False
# set default errors for all plays
#any_errors_fatal = False
[inventory]
# enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml'
#enable_plugins = host_list, virtualbox, yaml, constructed
# ignore these extensions when parsing a directory as inventory source
#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
# ignore files matching these patterns when parsing a directory as inventory source
#ignore_patterns=
# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
#unparsed_is_failed=False
[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
# paramiko will default to looking for SSH keys initially when trying to
# authenticate to remote devices. This is a problem for some network devices
# that close the connection after a key failure. Uncomment this line to
# disable the Paramiko look for keys function
#look_for_keys = False
# When using persistent connections with Paramiko, the connection runs in a
# background process. If the host doesn't already have a valid SSH key, by
# default Ansible will prompt to add the host key. This will cause connections
# running in background processes to fail. Uncomment this line to have
# Paramiko automatically add host keys.
#host_key_auto_add = True
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it, -C controls compression use
#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
# The base directory for the ControlPath sockets.
# This is the "%(directory)s" in the control_path option
#
# Example:
# control_path_dir = /tmp/.ansible/cp
#control_path_dir = ~/.ansible/cp
# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
# port and username (empty string in the config). The hash mitigates a common problem users
# found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
# In those cases, a "too long for Unix domain socket" ssh error would occur.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path =
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
#pipelining = False
# Control the mechanism for transferring files (old)
# * smart = try sftp and then try scp [default]
# * True = use scp only
# * False = use sftp only
#scp_if_ssh = smart
# Control the mechanism for transferring files (new)
# If set, this will override the scp_if_ssh option
# * sftp = use sftp to transfer files
# * scp = use scp to transfer files
# * piped = use 'dd' over SSH to transfer files
# * smart = try sftp, scp, and piped, in that order [default]
#transfer_method = smart
# if False, sftp will not use batch mode to transfer files. This may cause some
# types of file transfer failures impossible to catch however, and should
# only be disabled if your sftp version has problems with batch mode
#sftp_batch_mode = False
# The -tt argument is passed to ssh when pipelining is not enabled because sudo
# requires a tty by default.
#usetty = True
# Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
# For each retry attempt, there is an exponential backoff,
# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
#retries = 3
[persistent_connection]
# Configures the persistent connection timeout value in seconds. This value is
# how long the persistent connection will remain idle before it is destroyed.
# If the connection doesn't receive a request before the timeout value
# expires, the connection is shutdown. The default value is 30 seconds.
#connect_timeout = 30
# The command timeout value defines the amount of time to wait for a command
# or RPC call before timing out. The value for the command timeout must
# be less than the value of the persistent connection idle timeout (connect_timeout)
# The default value is 30 second.
#command_timeout = 30
[accelerate]
#accelerate_port = 5099
#accelerate_timeout = 30
#accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
#accelerate_multi_key = yes
[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context.
#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
# Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes
[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green
#diff_remove = red
#diff_lines = cyan
[diff]
# Always print diff when running ( same as always running with -D/--diff )
# always = no
# Set how many context lines to show in diff
# context = 3
# config file for ansible -- https://ansible.com/
# ===============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
#gathering = implicit
# This only affects the gathering done by a play's gather_facts directive,
# by default gathering retrieves all facts subsets
# all - gather all subsets
# network - gather min and network facts
# hardware - gather hardware facts (longest facts to retrieve)
# virtual - gather min and virtual facts
# facter - import facts from facter
# ohai - import facts from ohai
# You can combine them using comma (ex: network,virtual)
# You can negate them using ! (ex: !hardware,!facter,!ohai)
# A minimal set of facts is always gathered.
#gather_subset = all
# some hardware related facts are collected
# with a maximum timeout of 10 seconds. This
# option lets you increase or decrease that
# timeout to something more suitable for the
# environment.
# gather_timeout = 10
# Ansible facts are available inside the ansible_facts.* dictionary
# namespace. This setting maintains the behaviour which was the default prior
# to 2.5, duplicating these variables into the main namespace, each with a
# prefix of 'ansible_'.
# This variable is set to True by default for backwards compatibility. It
# will be changed to a default of 'False' in a future release.
# ansible_facts.
# inject_facts_as_vars = True
# additional paths to search for roles in, colon separated
#roles_path = /etc/ansible/roles
# uncomment this to disable SSH key host checking
host_key_checking = False
# change the default callback, you can only have one 'stdout' type enabled at a time.
#stdout_callback = skippy
## Ansible ships with some plugins that require whitelisting,
## this is done to avoid running all of a type by default.
## These setting lists those that you want enabled for your system.
## Custom plugins should not need this unless plugin author specifies it.
# enable callback plugins, they can output to stdout but cannot be 'stdout' type.
#callback_whitelist = timer, mail
# Determine whether includes in tasks and handlers are "static" by
# default. As of 2.0, includes are dynamic by default. Setting these
# values to True will make includes behave more like they did in the
# 1.x versions.
#task_includes_static = False
#handler_includes_static = False
# Controls if a missing handler for a notification event is an error or a warning
#error_on_missing_handler = True
# change this for alternative sudo implementations
#sudo_exe = sudo
# What flags to pass to sudo
# WARNING: leaving out the defaults might create unexpected behaviours
#sudo_flags = -H -S -n
# SSH timeout
#timeout = 10
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root
# logging is off by default unless this path is defined
# if so defined, consider logrotate
log_path = ~/ansible.log
# default module name for /usr/bin/ansible
#module_name = command
# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh
# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace
# by default, variables from roles will be visible in the global variable
# scope. To prevent this, the following option can be enabled, and only
# tasks and handlers within the role will see the variables there
#private_role_vars = yes
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file
# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
#vault_password_file = /path/to/vault_password_file
# format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
# in some situations so the default is a static string:
#ansible_managed = Ansible managed
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#display_skipped_hosts = True
# by default, if a task in a playbook does not include a name: field then
# ansible-playbook will construct a header that includes the task's action but
# not the task's args. This is a security feature because ansible cannot know
# if the *module* considers an argument to be no_log at the time that the
# header is printed. If your environment doesn't have a problem securing
# stdout from ansible-playbook (or you have manually specified no_log in your
# playbook on all of the tasks where you have secret information) then you can
# safely set this to True to get more informative messages.
#display_args_to_stdout = False
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
#system_warnings = True
# by default (as of 1.4), Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions.
# to disable these warnings, set the following value to False:
#deprecation_warnings = True
# (as of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a default Ansible module
# instead. These warnings can be silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line
# parameter string. This will for example suggest using the git module
# instead of shelling out to the git command.
# command_warnings = False
# set plugin path directories here, separate with colons
#action_plugins = /usr/share/ansible/plugins/action
#cache_plugins = /usr/share/ansible/plugins/cache
#callback_plugins = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins = /usr/share/ansible/plugins/lookup
#inventory_plugins = /usr/share/ansible/plugins/inventory
#vars_plugins = /usr/share/ansible/plugins/vars
#filter_plugins = /usr/share/ansible/plugins/filter
#test_plugins = /usr/share/ansible/plugins/test
#terminal_plugins = /usr/share/ansible/plugins/terminal
#strategy_plugins = /usr/share/ansible/plugins/strategy
# by default, ansible will use the 'linear' strategy but you may want to try
# another one
#strategy = free
# by default callbacks are not loaded for /bin/ansible, enable this if you
# want, for example, a notification or logging callback to also apply to
# /bin/ansible runs
#bin_ansible_callbacks = False
# don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
# set which cowsay stencil you'd like to use by default. When set to 'random',
# a random stencil will be selected for each task. The selection will be filtered
# against the `cow_whitelist` option below.
#cow_selection = default
#cow_selection = random
# when using the 'random' option for cowsay, stencils will be restricted to this list.
# it should be formatted as a comma-separated list with no spaces between names.
# NOTE: line continuations here are for formatting purposes only, as the INI parser
# in python does not support them.
#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
# don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
#fact_caching = memory
#This option tells Ansible where to cache facts. The value is plugin dependent.
#For the jsonfile plugin, it should be a path to a local directory.
#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
#fact_caching_connection=/tmp
# retry files
# When a playbook fails by default a .retry file will be created in ~/
# You can disable this feature by setting retry_files_enabled to False
# and you can change the location of the files by setting retry_files_save_path
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
# squash actions
# Ansible can optimise actions that call modules with list parameters
# when looping. Instead of calling the module once per with_ item, the
# module is called once with all items at once. Currently this only works
# under limited circumstances, and only with parameters named 'name'.
#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
# prevents logging of task data, off by default
#no_log = False
# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
#no_target_syslog = False
# controls whether Ansible will raise an error or warning if a task has no
# choice but to create world readable temporary files to execute a module on
# the remote machine. This option is False by default for security. Users may
# turn this on to have behaviour more like Ansible prior to 2.1.x. See
# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
# for more secure ways to fix this than enabling this option.
#allow_world_readable_tmpfiles = False
# controls the compression level of variables sent to
# worker processes. At the default of 0, no compression
# is used. This value must be an integer from 0 to 9.
#var_compression_level = 9
# controls what compression method is used for new-style ansible modules when
# they are sent to the remote system. The compression types depend on having
# support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory
# variable
#module_compression = 'ZIP_DEFLATED'
# This controls the cutoff point (in bytes) on --diff for files
# set to 0 for unlimited (RAM may suffer!).
#max_diff_size = 1048576
# This controls how ansible handles multiple --tags and --skip-tags arguments
# on the CLI. If this is True then multiple arguments are merged together. If
# it is False, then the last specified argument is used and the others are ignored.
# This option will be removed in 2.8.
#merge_multiple_cli_flags = True
# Controls showing custom stats at the end, off by default
#show_custom_stats = True
# Controls which files to ignore when using a directory as inventory with
# possibly multiple sources (both static and dynamic)
#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
# This family of modules use an alternative execution path optimized for network appliances
# only update this setting if you know how this works, otherwise it can break module execution
#network_group_modules=eos, nxos, ios, iosxr, junos, vyos
# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
# jinja2 templating language which will be run through the templating engine.
# ENABLING THIS COULD BE A SECURITY RISK
#allow_unsafe_lookups = False
# set default errors for all plays
#any_errors_fatal = False
[inventory]
# enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml'
#enable_plugins = host_list, virtualbox, yaml, constructed
# ignore these extensions when parsing a directory as inventory source
#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
# ignore files matching these patterns when parsing a directory as inventory source
#ignore_patterns=
# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
#unparsed_is_failed=False
[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
# paramiko will default to looking for SSH keys initially when trying to
# authenticate to remote devices. This is a problem for some network devices
# that close the connection after a key failure. Uncomment this line to
# disable the Paramiko look for keys function
#look_for_keys = False
# When using persistent connections with Paramiko, the connection runs in a
# background process. If the host doesn't already have a valid SSH key, by
# default Ansible will prompt to add the host key. This will cause connections
# running in background processes to fail. Uncomment this line to have
# Paramiko automatically add host keys.
#host_key_auto_add = True
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it, -C controls compression use
#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
# The base directory for the ControlPath sockets.
# This is the "%(directory)s" in the control_path option
#
# Example:
# control_path_dir = /tmp/.ansible/cp
#control_path_dir = ~/.ansible/cp
# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
# port and username (empty string in the config). The hash mitigates a common problem users
# found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
# In those cases, a "too long for Unix domain socket" ssh error would occur.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path =
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
#pipelining = False
# Control the mechanism for transferring files (old)
# * smart = try sftp and then try scp [default]
# * True = use scp only
# * False = use sftp only
#scp_if_ssh = smart
# Control the mechanism for transferring files (new)
# If set, this will override the scp_if_ssh option
# * sftp = use sftp to transfer files
# * scp = use scp to transfer files
# * piped = use 'dd' over SSH to transfer files
# * smart = try sftp, scp, and piped, in that order [default]
#transfer_method = smart
# if False, sftp will not use batch mode to transfer files. This may cause some
# types of file transfer failures impossible to catch however, and should
# only be disabled if your sftp version has problems with batch mode
#sftp_batch_mode = False
# The -tt argument is passed to ssh when pipelining is not enabled because sudo
# requires a tty by default.
#usetty = True
# Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
# For each retry attempt, there is an exponential backoff,
# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
#retries = 3
[persistent_connection]
# Configures the persistent connection timeout value in seconds. This value is
# how long the persistent connection will remain idle before it is destroyed.
# If the connection doesn't receive a request before the timeout value
# expires, the connection is shutdown. The default value is 30 seconds.
#connect_timeout = 30
# The command timeout value defines the amount of time to wait for a command
# or RPC call before timing out. The value for the command timeout must
# be less than the value of the persistent connection idle timeout (connect_timeout)
# The default value is 30 second.
#command_timeout = 30
[accelerate]
#accelerate_port = 5099
#accelerate_timeout = 30
#accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
#accelerate_multi_key = yes
[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context.
#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
# Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes
[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green
#diff_remove = red
#diff_lines = cyan
[diff]
# Always print diff when running ( same as always running with -D/--diff )
# always = no
# Set how many context lines to show in diff
# context = 3

8
clean_hosts.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: clean hosts file
become: true
blockinfile:
path: /etc/hosts
marker: "# {mark} ANSIBLE MANAGED BLOCK"
content: ""
tags: clean_hosts

15
deploy_authorized_keys.yml Normal file
View File

@@ -0,0 +1,15 @@
---
- hosts: all
tasks:
- name: make direcotry
file:
path: "/home/pi/.ssh"
state: directory
- name: create empty file
file:
path: "/home/pi/.ssh/authorized_keys"
state: touch
- name: put pubkey
lineinfile:
path: "/home/pi/.ssh/authorized_keys"
line: "{{ pubkey }}"

150
hosts Executable file → Normal file
View File

@@ -1,108 +1,42 @@
sdwcltm2 ansible_host=192.168.50.2 site_clli=CRHMNJAW
sdwcltm3 ansible_host=192.168.201.55 site_clli=MTLRNJIK
sdwcltm5 ansible_host=192.168.35.1 site_clli=PHLJPAMT
sdwsrvm ansible_host=192.168.60.2 site_clli=WLGRPABW
sdwcltm8 ansible_host=192.168.150.2 site_clli=FTCLCORN
ubuntu-server-2 ansible_host=192.168.198.2 site_clli=CMCYCOJL
sdwcltm7 ansible_host=192.168.199.2 site_clli=SRSPNYGN
sdwsrvl ansible_host=192.168.90.2 site_clli=LSBGFL59
sdwcltm4 ansible_host=192.168.100.2 site_clli=PROVUTZZ
sdwcltm6 ansible_host=192.168.200.34 site_clli=PHLJPAMT
ubuntu-server-1 ansible_host=192.168.201.2 site_clli=MTLRNJIK
sdwcltm9 ansible_host=192.168.200.163 site_clli=NRCRGAQN
#192.168.201.3
ipsectest1 ansible_host=192.168.201.90
[pi]
sdwcltm2
sdwcltm3
sdwcltm5
sdwsrvm
sdwcltm8
sdwcltm6
sdwcltm7
sdwsrvl
sdwcltm4
#192.168.201.3
[samba-server]
ipsectest1
[smbclient]
sdwcltm2
sdwcltm3
ubuntu-server-1
sdwcltm5
sdwsrvm
sdwcltm8
sdwcltm6
sdwcltm7
sdwsrvl
sdwcltm4
sdwcltm9
[public]
ubuntu-server-1
[snmpd]
#192.168.201.3
sdwcltm2
sdwcltm3
sdwcltm6
sdwcltm8
[netflows]
sdwcltm2
sdwcltm3
sdwcltm5
sdwcltm6
sdwcltm7
sdwcltm4
sdwcltm8
sdwcltm9
sdwsrvm
sdwsrvl
ubuntu-server-1
ubuntu-server-2
[facebook]
sdwcltm5
sdwsrvm
sdwcltm4
[salesforce]
sdwcltm3
sdwcltm6
sdwcltm7
sdwsrvl
sdwcltm8
[youtube]
sdwcltm2
sdwcltm3
[ftpclient]
sdwcltm2
sdwcltm3
sdwcltm4
sdwcltm5
sdwcltm6
sdwcltm7
sdwcltm8
sdwsrvm
ubuntu-server-1
[sipclient]
sdwcltm2
sdwcltm3
sdwcltm4
sdwcltm5
sdwcltm6
sdwcltm7
sdwcltm8
sdwcltm9
sdwsrvl
sdwsrvm
[sipserver]
ubuntu-server-2
ned-host1 ansible_host=192.168.88.248
ned-host2 ansible_host=192.168.88.217
ned-host3 ansible_host=192.168.88.230
[ansible-hosts]
ned-host1
[pi]
ned-host1
ned-host2
ned-host3
[samba-server]
ned-host1
[smbclient]
ned-host2
ned-host3
[public]
[snmpd]
[netflows]
[facebook]
ned-host1
[salesforce]
ned-host2
[youtube]
ned-host3
[ftpclient]
[sipclient]
ned-host2
ned-host3
[sipserver]
ned-host1

22
inventory.cfg Executable file → Normal file
View File

@@ -1,11 +1,11 @@
[all]
192.168.50.2
192.168.35.1
192.168.60.2
192.168.150.2
192.168.198.2
192.168.199.2
192.168.90.2
192.168.100.2
192.168.201.2
[all]
192.168.50.2
192.168.35.1
192.168.60.2
192.168.150.2
192.168.198.2
192.168.199.2
192.168.90.2
192.168.100.2
192.168.201.2

98
main.yaml
View File

@@ -1,50 +1,48 @@
---
- hosts: netflows
roles:
- netflows
- hosts: all
roles:
- common
- hosts: public
roles:
- public
- hosts: samba-server
roles:
- samba-server
- hosts: smbclient
roles:
- smbclient
- hosts: pi
roles:
- snmpd
- wifi
- vnc
- domainname
- pi
vars_prompt:
- name: rocommunity
prompt: "Enter SNMP RO community name"
default: "public"
- hosts: youtube
roles:
- youtube
- hosts: ftpclient
roles:
- ftpclient
- hosts: facebook
roles:
- facebook
- hosts: salesforce
roles:
- salesforce
- hosts: all
roles:
- nrpe
- hosts: sipclient
roles:
- sipp
- sipclient
- hosts: sipserver
roles:
- sipp
- sipserver
---
- hosts: netflows
roles:
- netflows
- hosts: all
roles:
- common
- hosts: public
roles:
- public
- hosts: samba-server
roles:
- samba-server
- hosts: smbclient
roles:
- smbclient
- hosts: pi
roles:
- vnc
- domainname
- pi
# vars_prompt:
# - name: rocommunity
# prompt: "Enter SNMP RO community name"
# default: "public"
- hosts: youtube
roles:
- youtube
- hosts: ftpclient
roles:
- ftpclient
- hosts: facebook
roles:
- facebook
- hosts: salesforce
roles:
- salesforce
- hosts: all
roles:
- nrpe
- hosts: sipclient
roles:
- sipp
- sipclient
- hosts: sipserver
roles:
- sipp
- sipserver

10
password.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
- hosts: all
tasks:
- name: pi
become: yes
user:
name: pi
state: present
update_password: always
password: "$6$Vmob4l5KBg11gcNV$fY.hrffHEc9gpcFhVdEmW7tepxJURBmkgQhC7kC25VsxcfHAtlqEP6Cvm6nK4jtqndkaQ/I29h/MkKk8KsdSV1"

104
playbook.yaml Executable file → Normal file
View File

@@ -1,52 +1,52 @@
---
- hosts: all
tasks:
- name: Upgrade all packages o the latest version
become: true
apt:
upgrade: yes
update_cache: yes
tags: apt_upgrade
- hosts: pi
tasks:
- name: Install snmpd Package
become: yes
apt:
name: ['snmpd']
state: present
update_cache: true
tags: install_snmpd
- lineinfile:
path: /etc/snmp/snmpd.conf
state: present
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: ' rocommunity public', line: ' rocommunity public' }
- { regexp: 'agentAddress udp:127.0.0.1:161', line: 'agentAddress udp:161' }
tags: configure_snmpd
become: true
- name: enable snmpd service and ensure it is not masked
systemd:
name: snmpd
enabled: yes
masked: no
state: restarted
tags: enablestart_snmpd
become: true
- name: set timezone
become: true
timezone:
name: America/New_York
tags: set_timezone
- hosts: smbclient
tasks:
- name: enable cron job for smb traffic
cron:
name: "smbtraff"
minute: "*/20"
hour: "7-18"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 1199' && /home/pi/scripts/smb-session.sh"
tags: smbtraff_cron
---
- hosts: all
tasks:
- name: Upgrade all packages o the latest version
become: true
apt:
upgrade: yes
update_cache: yes
tags: apt_upgrade
- hosts: pi
tasks:
- name: Install snmpd Package
become: yes
apt:
name: ['snmpd']
state: present
update_cache: true
tags: install_snmpd
- lineinfile:
path: /etc/snmp/snmpd.conf
state: present
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: ' rocommunity public', line: ' rocommunity public' }
- { regexp: 'agentAddress udp:127.0.0.1:161', line: 'agentAddress udp:161' }
tags: configure_snmpd
become: true
- name: enable snmpd service and ensure it is not masked
systemd:
name: snmpd
enabled: yes
masked: no
state: restarted
tags: enablestart_snmpd
become: true
- name: set timezone
become: true
timezone:
name: America/New_York
tags: set_timezone
- hosts: smbclient
tasks:
- name: enable cron job for smb traffic
cron:
name: "smbtraff"
minute: "*/20"
hour: "7-18"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 1199' && /home/pi/scripts/smb-session.sh"
tags: smbtraff_cron

6
reboot.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
- hosts: all,!ansible-hosts
tasks:
- name: reboot
become: yes
reboot:

2
requirements.yml Normal file
View File

@@ -0,0 +1,2 @@
- name: mikolak-net.raspi_config

46
roles/autossh/files/sdwan-versa.pem
View File

@@ -1,23 +1,23 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAjqnbFpamk/ko2FvgfHLvTsegVJGJ6sjNmG0E/MgWEPU+QwLBMRMSk0vLeasn
21P4EDHnwqBUdUmZYitOzPAmVG6G97Q3g8X/O75Ju08z+ijk09n0gDgKDx/4Z/KeSqMSDLb1V77u
SOWgjV6Snbnivs2Vfd3HF4Apu2i/BqjOXBPoQxtF1xFSg8JOKjWQzfY5WXRiYssNTmCPTI/dFERR
nqGws8GXeVbRv8+Yl7sP0VIVJ/FpVLZul20keta/8ISiu9Y4TkgjKLn9P5P5V0ySdmG7INIUDSzc
VGxEUuumdoul6r2gDMDUhxvduZGy0sfzPvt49NI23tq13AsSpzhV1wIDAQABAoIBABrJxjvdmfXb
KVJHHkYABvOSBIcctPsDLafbgL4+i/YvNru6frBKVoiWCOUVwGwsvj28QTqIhJNpeIW4gBl3Vpsw
DePhUTNLMHv1ZT7oxmfI2f71xDV3UFw6sphCNHrrV+5PRI5vaasCgz1IbttzFiKh09pIlKPTCwMH
zibf96/OPDps3Tdoi6NNm0GOiApt56M/p/Rjg8zaMUrpkMfEWw4v6RAHRtOTW2u1guXRBehJvQMW
Sm15cjJ0/NI7rlA7rmkZnioytGDzd7hFa/7VBnOObcHy+/E3cFeK1Yn361oIbvR9Wy9T+CrciRDE
zcLawr3VBsAfd5n5wTuoel1vLyECgYEA5G2S6TZTFRLvn22hESbsw+9UGoqBvpO0dVTNi0PnhmHj
H7CA4FlD4cBqKdv51WBoaeM6zgI14e+LjXdOdvEnaMn0g3RDRPRF9LVwxq4kPKBuOHaSY3UF/czt
HzKCDBMc/L4rYgrYKYKPk8nY1qL2w7iqJsT1UMYBOI0et4bMLo8CgYEAn+Iod9UWjBQkIory6Q+3
06tLm9iMCgfPNrHCqKiwR4s7+1EMZi828oNu8piO2XjzNhbrf2jjfqL9GzYdTjM0ex/wSKOUpTZU
JkBjbnwJJVpdKV8NRBUbT+JsG9TzdPxhHlENkX7znu9QgL7hNOW03E0ICo9CoWro0R1LLMeaiDkC
gYAayvtrXVLbavAuTAaTY3Rr+vtrbYmQV/TXuk2toxZZ/ctNIT/MkMvUg+Qv6rxgGcHFgcCY/0tg
p98/hZnve5O6x81lSdLGGLzH2ixTMYPQlKS4/Ldo8QX14f6CJUN5tRg2UPv3sPvvyn+avxcu/chh
5pwWlg2MHt1vy6Wpsybp4wKBgFHXR5XHmuoLaU/RRnRsmlGcbnCREWYVB0ndBmKlLs8Ag6yqmSk5
Y+wRwVonI4BIvF5krxmiDEmHjv493hRoe6XG/I2CRpWnUL3f2cX1cg0Py35g7H58O2XR5jr8775j
bidBoCtpC7XAlLnCe69DIiheug4FtTrBafmZACEk74JpAoGANstOzkZ3NYws0z0pnvsV8I0/p8WU
AVCA0i+hMC7u3KWSeGxsJIEN4GlFHruFSV5rF8NbTdESnb7lNNPqppmakmcLtydsAgCZYfHJNJGp
hhI+4O3vf38aqkEruwsR83dzrZZi/ab2DEvuVHbVWGfQNrSV4Hq7te4Pk+MajpYaNeU=
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAjqnbFpamk/ko2FvgfHLvTsegVJGJ6sjNmG0E/MgWEPU+QwLBMRMSk0vLeasn
21P4EDHnwqBUdUmZYitOzPAmVG6G97Q3g8X/O75Ju08z+ijk09n0gDgKDx/4Z/KeSqMSDLb1V77u
SOWgjV6Snbnivs2Vfd3HF4Apu2i/BqjOXBPoQxtF1xFSg8JOKjWQzfY5WXRiYssNTmCPTI/dFERR
nqGws8GXeVbRv8+Yl7sP0VIVJ/FpVLZul20keta/8ISiu9Y4TkgjKLn9P5P5V0ySdmG7INIUDSzc
VGxEUuumdoul6r2gDMDUhxvduZGy0sfzPvt49NI23tq13AsSpzhV1wIDAQABAoIBABrJxjvdmfXb
KVJHHkYABvOSBIcctPsDLafbgL4+i/YvNru6frBKVoiWCOUVwGwsvj28QTqIhJNpeIW4gBl3Vpsw
DePhUTNLMHv1ZT7oxmfI2f71xDV3UFw6sphCNHrrV+5PRI5vaasCgz1IbttzFiKh09pIlKPTCwMH
zibf96/OPDps3Tdoi6NNm0GOiApt56M/p/Rjg8zaMUrpkMfEWw4v6RAHRtOTW2u1guXRBehJvQMW
Sm15cjJ0/NI7rlA7rmkZnioytGDzd7hFa/7VBnOObcHy+/E3cFeK1Yn361oIbvR9Wy9T+CrciRDE
zcLawr3VBsAfd5n5wTuoel1vLyECgYEA5G2S6TZTFRLvn22hESbsw+9UGoqBvpO0dVTNi0PnhmHj
H7CA4FlD4cBqKdv51WBoaeM6zgI14e+LjXdOdvEnaMn0g3RDRPRF9LVwxq4kPKBuOHaSY3UF/czt
HzKCDBMc/L4rYgrYKYKPk8nY1qL2w7iqJsT1UMYBOI0et4bMLo8CgYEAn+Iod9UWjBQkIory6Q+3
06tLm9iMCgfPNrHCqKiwR4s7+1EMZi828oNu8piO2XjzNhbrf2jjfqL9GzYdTjM0ex/wSKOUpTZU
JkBjbnwJJVpdKV8NRBUbT+JsG9TzdPxhHlENkX7znu9QgL7hNOW03E0ICo9CoWro0R1LLMeaiDkC
gYAayvtrXVLbavAuTAaTY3Rr+vtrbYmQV/TXuk2toxZZ/ctNIT/MkMvUg+Qv6rxgGcHFgcCY/0tg
p98/hZnve5O6x81lSdLGGLzH2ixTMYPQlKS4/Ldo8QX14f6CJUN5tRg2UPv3sPvvyn+avxcu/chh
5pwWlg2MHt1vy6Wpsybp4wKBgFHXR5XHmuoLaU/RRnRsmlGcbnCREWYVB0ndBmKlLs8Ag6yqmSk5
Y+wRwVonI4BIvF5krxmiDEmHjv493hRoe6XG/I2CRpWnUL3f2cX1cg0Py35g7H58O2XR5jr8775j
bidBoCtpC7XAlLnCe69DIiheug4FtTrBafmZACEk74JpAoGANstOzkZ3NYws0z0pnvsV8I0/p8WU
AVCA0i+hMC7u3KWSeGxsJIEN4GlFHruFSV5rF8NbTdESnb7lNNPqppmakmcLtydsAgCZYfHJNJGp
hhI+4O3vf38aqkEruwsR83dzrZZi/ab2DEvuVHbVWGfQNrSV4Hq7te4Pk+MajpYaNeU=
-----END RSA PRIVATE KEY-----

16
roles/autossh/tasks/main.yaml
View File

@@ -1,8 +1,8 @@
---
- name: known_hosts
known_hosts:
path: /root/.ssh/known_hosts
name: ssh-jump.dsfinancial.comcast.net
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa ssh-jump.dsfinancial.comcast.net') }}"
become: true
---
- name: known_hosts
known_hosts:
path: /root/.ssh/known_hosts
name: ssh-jump.dsfinancial.comcast.net
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa ssh-jump.dsfinancial.comcast.net') }}"
become: true

147
roles/common/tasks/main.yaml Executable file → Normal file
View File

@@ -1,68 +1,79 @@
---
- name: Upgrade all packages to the latest version
become: true
apt:
upgrade: yes
update_cache: yes
tags: apt_upgrade
- name: Create directories
file:
path: "{{ item }}"
state: directory
owner: pi
group: pi
with_items:
- /home/pi/Documents/ftp
- /home/pi/Documents/smb
- /home/pi/scripts
tags: create_dirs
- name: update hosts file
become: true
blockinfile:
dest: /etc/hosts
content: "{{ lookup('template', '{{ role_path }}/templates/hosts.j2') }}"
state: present
tags: update_hosts
- name: clean hosts file
become: true
blockinfile:
path: /etc/hosts
marker: "# {mark} ANSIBLE MANAGED BLOCK"
content: ""
tags: clean_hosts
- name: install programs and libraries
become: true
apt:
name: [ 'expect', 'ftp', 'cadaver', 'iperf', 'iperf3', 'libpcap0.8', 'libsctp1', 'libsctp-dev', 'libncurses-dev', 'libssl-dev', 'libpcap-dev', 'vim', 'mc', 'smbclient', 'ncurses-dev', 'build-essential', 'openvpn' ]
update_cache: true
state: present
tags: install_packages
- name: set hostname
become: true
hostname:
name: '{{ inventory_hostname }}'
tags: set_hostname
- name: enable openvpn
become: true
service:
name: openvpn
enabled: yes
tags: enable_openvpn
register: openvpn_enabled
- name: enable openvpn config
become: true
lineinfile:
path: /etc/default/openvpn
state: present
regexp: '^#AUTOSTART="all"'
line: 'AUTOSTART="all"'
tags: enable_openvpn
- name: start openvpn
become: true
systemd:
daemon_reload: yes
name: openvpn
state: restarted
tags: enable_openvpn
when: openvpn_enabled
---
- name: Upgrade all packages to the latest version
become: true
apt:
upgrade: yes
update_cache: yes
tags: apt_upgrade
- name: Create directories
file:
path: "{{ item }}"
state: directory
owner: pi
group: pi
with_items:
- /home/pi/Documents/ftp
- /home/pi/Documents/smb
- /home/pi/scripts
tags: create_dirs
- name: update hosts file
become: true
blockinfile:
dest: /etc/hosts
content: "{{ lookup('template', '{{ role_path }}/templates/hosts.j2') }}"
state: present
tags: update_hosts
- name: install programs and libraries
become: true
apt:
name: [ 'expect', 'ftp', 'cadaver', 'iperf', 'iperf3', 'libpcap0.8', 'libsctp1', 'libsctp-dev', 'libncurses-dev', 'libssl-dev', 'libpcap-dev', 'vim', 'mc', 'smbclient', 'ncurses-dev', 'build-essential', 'openvpn', 'lightdm', 'lxde', 'realvnc-vnc-server', 'aptitude', 'chromium-browser', 'raspberrypi-ui-mods' ]
update_cache: true
state: present
tags: install_packages
- name: set hostname
become: true
hostname:
name: '{{ inventory_hostname }}'
tags: set_hostname
- name: enable openvpn
become: true
service:
name: openvpn
enabled: yes
tags: enable_openvpn
register: openvpn_enabled
- name: enable openvpn config
become: true
lineinfile:
path: /etc/default/openvpn
state: present
regexp: '^#AUTOSTART="all"'
line: 'AUTOSTART="all"'
tags: enable_openvpn
- name: start openvpn
become: true
systemd:
daemon_reload: yes
name: openvpn
state: restarted
tags: enable_openvpn
when: openvpn_enabled
- lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
become: true
tags: pi_sudo
- name: Ensure the locale exists
locale_gen:
name: en_US.UTF-8
state: present
become: yes
- name: set as default locale
command: raspi-config nonint do_change_locale en_US.UTF-8
become: yes
- name: set keyboard to us
command: raspi-config nonint do_configure_keyboard us

14
roles/common/templates/hosts.j2
View File

@@ -1,7 +1,7 @@
{% for item in ansible_play_batch %}
{{ hostvars[item].ansible_host }} {{ item }}.demo.dsfinancial.com
{% endfor %}
{% for item in ansible_play_batch %}
{{ hostvars[item].ansible_host }} {{ item }}
{% endfor %}
{% for item in ansible_play_batch %}
{{ hostvars[item].ansible_host }} {{ item }}.demo.dsfinancial.com
{% endfor %}
{% for item in ansible_play_batch %}
{{ hostvars[item].ansible_host }} {{ item }}
{% endfor %}

24
roles/domainname/tasks/main.yaml Executable file → Normal file
View File

@@ -1,12 +1,12 @@
---
- lineinfile:
path: /etc/dhcpcd.conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: '^static\ domain_name=', line: 'static domain_name=demo.dsfinancial.com' }
- { regexp: '^static\ domain_search=', line: 'static domain_search=demo.dsfinancial.com' }
become: true
tags: update_domainname
---
- lineinfile:
path: /etc/dhcpcd.conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: '^static\ domain_name=', line: 'static domain_name=demo.dsfinancial.com' }
- { regexp: '^static\ domain_search=', line: 'static domain_search=demo.dsfinancial.com' }
become: true
tags: update_domainname

0
roles/facebook/files/facebook.sh Executable file → Normal file
View File

1718
roles/facebook/files/facebook_url.list
View File

File diff suppressed because it is too large Load Diff

40
roles/facebook/tasks/main.yaml Executable file → Normal file
View File

@@ -1,20 +1,20 @@
---
- name: copy facebook script
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: pi
group: pi
mode: a+x
with_items:
- { src: "{{ role_path }}/files/facebook.sh", dest: "/home/pi/scripts/facebook.sh" }
- { src: "{{ role_path }}/files/facebook_url.list", dest: "/home/pi/Documents/facebook_url.list" }
tags: facebooktraff_script
- name: enable cron job for facebook traffic
cron:
name: "facebooktraff"
minute: "*/5"
hour: "7-18"
weekday: "1-5"
job: "/home/pi/scripts/facebook.sh"
tags: facebooktraff_cron
---
- name: copy facebook script
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: pi
group: pi
mode: a+x
with_items:
- { src: "{{ role_path }}/files/facebook.sh", dest: "/home/pi/scripts/facebook.sh" }
- { src: "{{ role_path }}/files/facebook_url.list", dest: "/home/pi/Documents/facebook_url.list" }
tags: facebooktraff_script
- name: enable cron job for facebook traffic
cron:
name: "facebooktraff"
minute: "*/5"
hour: "7-18"
weekday: "1-5"
job: "/home/pi/scripts/facebook.sh"
tags: facebooktraff_cron

0
roles/ftpclient/files/ftp-session.sh Executable file → Normal file
View File

34
roles/ftpclient/tasks/main.yaml Executable file → Normal file
View File

@@ -1,17 +1,17 @@
---
- name: enable cron job for ftp traffic
cron:
name: "ftptraff"
minute: "0"
hour: "7-18/2"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 7199' && /home/pi/scripts/ftp-session.sh"
tags: ftptraff_cron
- name: copy ftp-session.sh to scripts directory
copy:
src: "{{ role_path }}/files/ftp-session.sh"
dest: /home/pi/scripts/ftp-session.sh
owner: pi
group: pi
mode: a+x
tags: ftptraff_script
---
- name: enable cron job for ftp traffic
cron:
name: "ftptraff"
minute: "0"
hour: "7-18/2"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 7199' && /home/pi/scripts/ftp-session.sh"
tags: ftptraff_cron
- name: copy ftp-session.sh to scripts directory
copy:
src: "{{ role_path }}/files/ftp-session.sh"
dest: /home/pi/scripts/ftp-session.sh
owner: pi
group: pi
mode: a+x
tags: ftptraff_script

48
roles/netflows/tasks/main.yaml Executable file → Normal file
View File

@@ -1,24 +1,24 @@
---
- name: Install fprobe Package
become: yes
apt:
name: ['fprobe']
state: present
update_cache: true
tags: install_fprobe
- lineinfile:
path: /etc/default/fprobe
state: present
backrefs: yes
regexp: '^FLOW_COLLECTOR='
line: 'FLOW_COLLECTOR="192.168.201.11:2055"'
become: true
tags: configure_fprobe
- name: enable fprobe service and ensure it is not masked
systemd:
name: fprobe
enabled: yes
masked: no
state: restarted
tags: enable_fprobe
become: true
---
- name: Install fprobe Package
become: yes
apt:
name: ['fprobe']
state: present
update_cache: true
tags: install_fprobe
- lineinfile:
path: /etc/default/fprobe
state: present
backrefs: yes
regexp: '^FLOW_COLLECTOR='
line: 'FLOW_COLLECTOR="192.168.201.11:2055"'
become: true
tags: configure_fprobe
- name: enable fprobe service and ensure it is not masked
systemd:
name: fprobe
enabled: yes
masked: no
state: restarted
tags: enable_fprobe
become: true

818
roles/nrpe/files/check_mem.pl Executable file → Normal file
View File

@@ -1,409 +1,409 @@
#!/usr/bin/perl -w
# Heavily based on the script from:
# check_mem.pl Copyright (C) 2000 Dan Larsson <dl@tyfon.net>
# heavily modified by
# Justin Ellison <justin@techadvise.com>
#
# The MIT License (MIT)
# Copyright (c) 2011 justin@techadvise.com
# Permission is hereby granted, free of charge, to any person obtaining a copy of this
# software and associated documentation files (the "Software"), to deal in the Software
# without restriction, including without limitation the rights to use, copy, modify,
# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in all copies
# or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
# FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
# OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
# Tell Perl what we need to use
use strict;
use Getopt::Std;
#TODO - Convert to Nagios::Plugin
#TODO - Use an alarm
# Predefined exit codes for Nagios
use vars qw($opt_c $opt_f $opt_u $opt_w $opt_C $opt_v $opt_h %exit_codes);
%exit_codes = ('UNKNOWN' , 3,
'OK' , 0,
'WARNING' , 1,
'CRITICAL', 2,
);
# Get our variables, do our checking:
init();
# Get the numbers:
my ($free_memory_kb,$used_memory_kb,$caches_kb,$hugepages_kb) = get_memory_info();
print "$free_memory_kb Free\n$used_memory_kb Used\n$caches_kb Cache\n" if ($opt_v);
print "$hugepages_kb Hugepages\n" if ($opt_v and $opt_h);
if ($opt_C) { #Do we count caches as free?
$used_memory_kb -= $caches_kb;
$free_memory_kb += $caches_kb;
}
if ($opt_h) {
$used_memory_kb -= $hugepages_kb;
}
print "$used_memory_kb Used (after Hugepages)\n" if ($opt_v);
# Round to the nearest KB
$free_memory_kb = sprintf('%d',$free_memory_kb);
$used_memory_kb = sprintf('%d',$used_memory_kb);
$caches_kb = sprintf('%d',$caches_kb);
# Tell Nagios what we came up with
tell_nagios($used_memory_kb,$free_memory_kb,$caches_kb,$hugepages_kb);
sub tell_nagios {
my ($used,$free,$caches,$hugepages) = @_;
# Calculate Total Memory
my $total = $free + $used;
print "$total Total\n" if ($opt_v);
my $perf_warn;
my $perf_crit;
if ( $opt_u ) {
$perf_warn = int(${total} * $opt_w / 100);
$perf_crit = int(${total} * $opt_c / 100);
} else {
$perf_warn = int(${total} * ( 100 - $opt_w ) / 100);
$perf_crit = int(${total} * ( 100 - $opt_c ) / 100);
}
my $perfdata = "|TOTAL=${total}KB;;;; USED=${used}KB;${perf_warn};${perf_crit};; FREE=${free}KB;;;; CACHES=${caches}KB;;;;";
$perfdata .= " HUGEPAGES=${hugepages}KB;;;;" if ($opt_h);
if ($opt_f) {
my $percent = sprintf "%.1f", ($free / $total * 100);
if ($percent <= $opt_c) {
finish("CRITICAL - $percent% ($free kB) free!$perfdata",$exit_codes{'CRITICAL'});
}
elsif ($percent <= $opt_w) {
finish("WARNING - $percent% ($free kB) free!$perfdata",$exit_codes{'WARNING'});
}
else {
finish("OK - $percent% ($free kB) free.$perfdata",$exit_codes{'OK'});
}
}
elsif ($opt_u) {
my $percent = sprintf "%.1f", ($used / $total * 100);
if ($percent >= $opt_c) {
finish("CRITICAL - $percent% ($used kB) used!$perfdata",$exit_codes{'CRITICAL'});
}
elsif ($percent >= $opt_w) {
finish("WARNING - $percent% ($used kB) used!$perfdata",$exit_codes{'WARNING'});
}
else {
finish("OK - $percent% ($used kB) used.$perfdata",$exit_codes{'OK'});
}
}
}
# Show usage
sub usage() {
print "\ncheck_mem.pl v1.0 - Nagios Plugin\n\n";
print "usage:\n";
print " check_mem.pl -<f|u> -w <warnlevel> -c <critlevel>\n\n";
print "options:\n";
print " -f Check FREE memory\n";
print " -u Check USED memory\n";
print " -C Count OS caches as FREE memory\n";
print " -h Remove hugepages from the total memory count\n";
print " -w PERCENT Percent free/used when to warn\n";
print " -c PERCENT Percent free/used when critical\n";
print "\nCopyright (C) 2000 Dan Larsson <dl\@tyfon.net>\n";
print "check_mem.pl comes with absolutely NO WARRANTY either implied or explicit\n";
print "This program is licensed under the terms of the\n";
print "MIT License (check source code for details)\n";
exit $exit_codes{'UNKNOWN'};
}
sub get_memory_info {
my $used_memory_kb = 0;
my $free_memory_kb = 0;
my $total_memory_kb = 0;
my $caches_kb = 0;
my $hugepages_nr = 0;
my $hugepages_size = 0;
my $hugepages_kb = 0;
my $uname;
if ( -e '/usr/bin/uname') {
$uname = `/usr/bin/uname -a`;
}
elsif ( -e '/bin/uname') {
$uname = `/bin/uname -a`;
}
else {
die "Unable to find uname in /usr/bin or /bin!\n";
}
print "uname returns $uname" if ($opt_v);
if ( $uname =~ /Linux/ ) {
my @meminfo = `/bin/cat /proc/meminfo`;
foreach (@meminfo) {
chomp;
if (/^Mem(Total|Free):\s+(\d+) kB/) {
my $counter_name = $1;
if ($counter_name eq 'Free') {
$free_memory_kb = $2;
}
elsif ($counter_name eq 'Total') {
$total_memory_kb = $2;
}
}
elsif (/^(Buffers|Cached|SReclaimable):\s+(\d+) kB/) {
$caches_kb += $2;
}
elsif (/^Shmem:\s+(\d+) kB/) {
$caches_kb -= $1;
}
# These variables will most likely be overwritten once we look into
# /sys/kernel/mm/hugepages, unless we are running on linux <2.6.27
# and have to rely on them
elsif (/^HugePages_Total:\s+(\d+)/) {
$hugepages_nr = $1;
}
elsif (/^Hugepagesize:\s+(\d+) kB/) {
$hugepages_size = $1;
}
}
$hugepages_kb = $hugepages_nr * $hugepages_size;
$used_memory_kb = $total_memory_kb - $free_memory_kb;
# Read hugepages info from the newer sysfs interface if available
my $hugepages_sysfs_dir = '/sys/kernel/mm/hugepages';
if ( -d $hugepages_sysfs_dir ) {
# Reset what we read from /proc/meminfo
$hugepages_kb = 0;
opendir(my $dh, $hugepages_sysfs_dir)
|| die "Can't open $hugepages_sysfs_dir: $!";
while (my $entry = readdir $dh) {
if ($entry =~ /^hugepages-(\d+)kB/) {
$hugepages_size = $1;
my $hugepages_nr_file = "$hugepages_sysfs_dir/$entry/nr_hugepages";
open(my $fh, '<', $hugepages_nr_file)
|| die "Can't open $hugepages_nr_file for reading: $!";
$hugepages_nr = <$fh>;
close($fh);
$hugepages_kb += $hugepages_nr * $hugepages_size;
}
}
closedir($dh);
}
}
elsif ( $uname =~ /HP-UX/ ) {
# HP-UX, thanks to Christoph Fürstaller
my @meminfo = `/usr/bin/sudo /usr/local/bin/kmeminfo`;
foreach (@meminfo) {
chomp;
if (/^Physical memory\s\s+=\s+(\d+)\s+(\d+.\d)g/) {
$total_memory_kb = ($2 * 1024 * 1024);
}
elsif (/^Free memory\s\s+=\s+(\d+)\s+(\d+.\d)g/) {
$free_memory_kb = ($2 * 1024 * 1024);
}
}
$used_memory_kb = $total_memory_kb - $free_memory_kb;
}
elsif ( $uname =~ /FreeBSD/ ) {
# The FreeBSD case. 2013-03-19 www.claudiokuenzler.com
# free mem = Inactive*Page Size + Cache*Page Size + Free*Page Size
my $pagesize = `sysctl vm.stats.vm.v_page_size`;
$pagesize =~ s/[^0-9]//g;
my $mem_inactive = 0;
my $mem_cache = 0;
my $mem_free = 0;
my $mem_total = 0;
my $free_memory = 0;
my @meminfo = `/sbin/sysctl vm.stats.vm`;
foreach (@meminfo) {
chomp;
if (/^vm.stats.vm.v_inactive_count:\s+(\d+)/) {
$mem_inactive = ($1 * $pagesize);
}
elsif (/^vm.stats.vm.v_cache_count:\s+(\d+)/) {
$mem_cache = ($1 * $pagesize);
}
elsif (/^vm.stats.vm.v_free_count:\s+(\d+)/) {
$mem_free = ($1 * $pagesize);
}
elsif (/^vm.stats.vm.v_page_count:\s+(\d+)/) {
$mem_total = ($1 * $pagesize);
}
}
$free_memory = $mem_inactive + $mem_cache + $mem_free;
$free_memory_kb = ( $free_memory / 1024);
$total_memory_kb = ( $mem_total / 1024);
$used_memory_kb = $total_memory_kb - $free_memory_kb;
$caches_kb = ($mem_cache / 1024);
}
elsif ( $uname =~ /joyent/ ) {
# The SmartOS case. 2014-01-10 www.claudiokuenzler.com
# free mem = pagesfree * pagesize
my $pagesize = `pagesize`;
my $phys_pages = `kstat -p unix:0:system_pages:pagestotal | awk '{print \$NF}'`;
my $free_pages = `kstat -p unix:0:system_pages:pagesfree | awk '{print \$NF}'`;
my $arc_size = `kstat -p zfs:0:arcstats:size | awk '{print \$NF}'`;
my $arc_size_kb = $arc_size / 1024;
print "Pagesize is $pagesize" if ($opt_v);
print "Total pages is $phys_pages" if ($opt_v);
print "Free pages is $free_pages" if ($opt_v);
print "Arc size is $arc_size" if ($opt_v);
$caches_kb += $arc_size_kb;
$total_memory_kb = $phys_pages * $pagesize / 1024;
$free_memory_kb = $free_pages * $pagesize / 1024;
$used_memory_kb = $total_memory_kb - $free_memory_kb;
}
elsif ( $uname =~ /SunOS/ ) {
eval "use Sun::Solaris::Kstat";
if ($@) { #Kstat not available
if ($opt_C) {
print "You can't report on Solaris caches without Sun::Solaris::Kstat available!\n";
exit $exit_codes{UNKNOWN};
}
my @vmstat = `/usr/bin/vmstat 1 2`;
my $line;
foreach (@vmstat) {
chomp;
$line = $_;
}
$free_memory_kb = (split(/ /,$line))[5] / 1024;
my @prtconf = `/usr/sbin/prtconf`;
foreach (@prtconf) {
if (/^Memory size: (\d+) Megabytes/) {
$total_memory_kb = $1 * 1024;
}
}
$used_memory_kb = $total_memory_kb - $free_memory_kb;
}
else { # We have kstat
my $kstat = Sun::Solaris::Kstat->new();
my $phys_pages = ${kstat}->{unix}->{0}->{system_pages}->{physmem};
my $free_pages = ${kstat}->{unix}->{0}->{system_pages}->{freemem};
# We probably should account for UFS caching here, but it's unclear
# to me how to determine UFS's cache size. There's inode_cache,
# and maybe the physmem variable in the system_pages module??
# In the real world, it looks to be so small as not to really matter,
# so we don't grab it. If someone can give me code that does this,
# I'd be glad to put it in.
my $arc_size = (exists ${kstat}->{zfs} && ${kstat}->{zfs}->{0}->{arcstats}->{size}) ?
${kstat}->{zfs}->{0}->{arcstats}->{size} / 1024
: 0;
$caches_kb += $arc_size;
my $pagesize = `pagesize`;
$total_memory_kb = $phys_pages * $pagesize / 1024;
$free_memory_kb = $free_pages * $pagesize / 1024;
$used_memory_kb = $total_memory_kb - $free_memory_kb;
}
}
elsif ( $uname =~ /Darwin/ ) {
$total_memory_kb = (split(/ /,`/usr/sbin/sysctl hw.memsize`))[1]/1024;
my $pagesize = (split(/ /,`/usr/sbin/sysctl hw.pagesize`))[1];
$caches_kb = 0;
my @vm_stat = `/usr/bin/vm_stat`;
foreach (@vm_stat) {
chomp;
if (/^(Pages free):\s+(\d+)\.$/) {
$free_memory_kb = $2*$pagesize/1024;
}
# 'caching' concept works different on MACH
# this should be a reasonable approximation
elsif (/^Pages (inactive|purgable):\s+(\d+).$/) {
$caches_kb += $2*$pagesize/1024;
}
}
$used_memory_kb = $total_memory_kb - $free_memory_kb;
}
elsif ( $uname =~ /AIX/ ) {
my @meminfo = `/usr/bin/vmstat -vh`;
foreach (@meminfo) {
chomp;
if (/^\s*([0-9.]+)\s+(.*)/) {
my $counter_name = $2;
if ($counter_name eq 'memory pages') {
$total_memory_kb = $1*4;
}
if ($counter_name eq 'free pages') {
$free_memory_kb = $1*4;
}
if ($counter_name eq 'file pages') {
$caches_kb = $1*4;
}
if ($counter_name eq 'Number of 4k page frames loaned') {
$free_memory_kb += $1*4;
}
}
}
$used_memory_kb = $total_memory_kb - $free_memory_kb;
}
else {
if ($opt_C) {
print "You can't report on $uname caches!\n";
exit $exit_codes{UNKNOWN};
}
my $command_line = `vmstat | tail -1 | awk '{print \$4,\$5}'`;
chomp $command_line;
my @memlist = split(/ /, $command_line);
# Define the calculating scalars
$used_memory_kb = $memlist[0]/1024;
$free_memory_kb = $memlist[1]/1024;
$total_memory_kb = $used_memory_kb + $free_memory_kb;
}
return ($free_memory_kb,$used_memory_kb,$caches_kb,$hugepages_kb);
}
sub init {
# Get the options
if ($#ARGV le 0) {
&usage;
}
else {
getopts('c:fuChvw:');
}
# Shortcircuit the switches
if (!$opt_w or $opt_w == 0 or !$opt_c or $opt_c == 0) {
print "*** You must define WARN and CRITICAL levels!\n";
&usage;
}
elsif (!$opt_f and !$opt_u) {
print "*** You must select to monitor either USED or FREE memory!\n";
&usage;
}
# Check if levels are sane
if ($opt_w <= $opt_c and $opt_f) {
print "*** WARN level must not be less than CRITICAL when checking FREE memory!\n";
&usage;
}
elsif ($opt_w >= $opt_c and $opt_u) {
print "*** WARN level must not be greater than CRITICAL when checking USED memory!\n";
&usage;
}
}
sub finish {
my ($msg,$state) = @_;
print "$msg\n";
exit $state;
}
#!/usr/bin/perl -w
# Heavily based on the script from:
# check_mem.pl Copyright (C) 2000 Dan Larsson <dl@tyfon.net>
# heavily modified by
# Justin Ellison <justin@techadvise.com>
#
# The MIT License (MIT)
# Copyright (c) 2011 justin@techadvise.com
# Permission is hereby granted, free of charge, to any person obtaining a copy of this
# software and associated documentation files (the "Software"), to deal in the Software
# without restriction, including without limitation the rights to use, copy, modify,
# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in all copies
# or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
# FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
# OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
# Tell Perl what we need to use
use strict;
use Getopt::Std;
#TODO - Convert to Nagios::Plugin
#TODO - Use an alarm
# Predefined exit codes for Nagios
use vars qw($opt_c $opt_f $opt_u $opt_w $opt_C $opt_v $opt_h %exit_codes);
%exit_codes = ('UNKNOWN' , 3,
'OK' , 0,
'WARNING' , 1,
'CRITICAL', 2,
);
# Get our variables, do our checking:
init();
# Get the numbers:
my ($free_memory_kb,$used_memory_kb,$caches_kb,$hugepages_kb) = get_memory_info();
print "$free_memory_kb Free\n$used_memory_kb Used\n$caches_kb Cache\n" if ($opt_v);
print "$hugepages_kb Hugepages\n" if ($opt_v and $opt_h);
if ($opt_C) { #Do we count caches as free?
$used_memory_kb -= $caches_kb;
$free_memory_kb += $caches_kb;
}
if ($opt_h) {
$used_memory_kb -= $hugepages_kb;
}
print "$used_memory_kb Used (after Hugepages)\n" if ($opt_v);
# Round to the nearest KB
$free_memory_kb = sprintf('%d',$free_memory_kb);
$used_memory_kb = sprintf('%d',$used_memory_kb);
$caches_kb = sprintf('%d',$caches_kb);
# Tell Nagios what we came up with
tell_nagios($used_memory_kb,$free_memory_kb,$caches_kb,$hugepages_kb);
sub tell_nagios {
my ($used,$free,$caches,$hugepages) = @_;
# Calculate Total Memory
my $total = $free + $used;
print "$total Total\n" if ($opt_v);
my $perf_warn;
my $perf_crit;
if ( $opt_u ) {
$perf_warn = int(${total} * $opt_w / 100);
$perf_crit = int(${total} * $opt_c / 100);
} else {
$perf_warn = int(${total} * ( 100 - $opt_w ) / 100);
$perf_crit = int(${total} * ( 100 - $opt_c ) / 100);
}
my $perfdata = "|TOTAL=${total}KB;;;; USED=${used}KB;${perf_warn};${perf_crit};; FREE=${free}KB;;;; CACHES=${caches}KB;;;;";
$perfdata .= " HUGEPAGES=${hugepages}KB;;;;" if ($opt_h);
if ($opt_f) {
my $percent = sprintf "%.1f", ($free / $total * 100);
if ($percent <= $opt_c) {
finish("CRITICAL - $percent% ($free kB) free!$perfdata",$exit_codes{'CRITICAL'});
}
elsif ($percent <= $opt_w) {
finish("WARNING - $percent% ($free kB) free!$perfdata",$exit_codes{'WARNING'});
}
else {
finish("OK - $percent% ($free kB) free.$perfdata",$exit_codes{'OK'});
}
}
elsif ($opt_u) {
my $percent = sprintf "%.1f", ($used / $total * 100);
if ($percent >= $opt_c) {
finish("CRITICAL - $percent% ($used kB) used!$perfdata",$exit_codes{'CRITICAL'});
}
elsif ($percent >= $opt_w) {
finish("WARNING - $percent% ($used kB) used!$perfdata",$exit_codes{'WARNING'});
}
else {
finish("OK - $percent% ($used kB) used.$perfdata",$exit_codes{'OK'});
}
}
}
# Show usage
sub usage() {
print "\ncheck_mem.pl v1.0 - Nagios Plugin\n\n";
print "usage:\n";
print " check_mem.pl -<f|u> -w <warnlevel> -c <critlevel>\n\n";
print "options:\n";
print " -f Check FREE memory\n";
print " -u Check USED memory\n";
print " -C Count OS caches as FREE memory\n";
print " -h Remove hugepages from the total memory count\n";
print " -w PERCENT Percent free/used when to warn\n";
print " -c PERCENT Percent free/used when critical\n";
print "\nCopyright (C) 2000 Dan Larsson <dl\@tyfon.net>\n";
print "check_mem.pl comes with absolutely NO WARRANTY either implied or explicit\n";
print "This program is licensed under the terms of the\n";
print "MIT License (check source code for details)\n";
exit $exit_codes{'UNKNOWN'};
}
sub get_memory_info {
my $used_memory_kb = 0;
my $free_memory_kb = 0;
my $total_memory_kb = 0;
my $caches_kb = 0;
my $hugepages_nr = 0;
my $hugepages_size = 0;
my $hugepages_kb = 0;
my $uname;
if ( -e '/usr/bin/uname') {
$uname = `/usr/bin/uname -a`;
}
elsif ( -e '/bin/uname') {
$uname = `/bin/uname -a`;
}
else {
die "Unable to find uname in /usr/bin or /bin!\n";
}
print "uname returns $uname" if ($opt_v);
if ( $uname =~ /Linux/ ) {
my @meminfo = `/bin/cat /proc/meminfo`;
foreach (@meminfo) {
chomp;
if (/^Mem(Total|Free):\s+(\d+) kB/) {
my $counter_name = $1;
if ($counter_name eq 'Free') {
$free_memory_kb = $2;
}
elsif ($counter_name eq 'Total') {
$total_memory_kb = $2;
}
}
elsif (/^(Buffers|Cached|SReclaimable):\s+(\d+) kB/) {
$caches_kb += $2;
}
elsif (/^Shmem:\s+(\d+) kB/) {
$caches_kb -= $1;
}
# These variables will most likely be overwritten once we look into
# /sys/kernel/mm/hugepages, unless we are running on linux <2.6.27
# and have to rely on them
elsif (/^HugePages_Total:\s+(\d+)/) {
$hugepages_nr = $1;
}
elsif (/^Hugepagesize:\s+(\d+) kB/) {
$hugepages_size = $1;
}
}
$hugepages_kb = $hugepages_nr * $hugepages_size;
$used_memory_kb = $total_memory_kb - $free_memory_kb;
# Read hugepages info from the newer sysfs interface if available
my $hugepages_sysfs_dir = '/sys/kernel/mm/hugepages';
if ( -d $hugepages_sysfs_dir ) {
# Reset what we read from /proc/meminfo
$hugepages_kb = 0;
opendir(my $dh, $hugepages_sysfs_dir)
|| die "Can't open $hugepages_sysfs_dir: $!";
while (my $entry = readdir $dh) {
if ($entry =~ /^hugepages-(\d+)kB/) {
$hugepages_size = $1;
my $hugepages_nr_file = "$hugepages_sysfs_dir/$entry/nr_hugepages";
open(my $fh, '<', $hugepages_nr_file)
|| die "Can't open $hugepages_nr_file for reading: $!";
$hugepages_nr = <$fh>;
close($fh);
$hugepages_kb += $hugepages_nr * $hugepages_size;
}
}
closedir($dh);
}
}
elsif ( $uname =~ /HP-UX/ ) {
# HP-UX, thanks to Christoph Fürstaller
my @meminfo = `/usr/bin/sudo /usr/local/bin/kmeminfo`;
foreach (@meminfo) {
chomp;
if (/^Physical memory\s\s+=\s+(\d+)\s+(\d+.\d)g/) {
$total_memory_kb = ($2 * 1024 * 1024);
}
elsif (/^Free memory\s\s+=\s+(\d+)\s+(\d+.\d)g/) {
$free_memory_kb = ($2 * 1024 * 1024);
}
}
$used_memory_kb = $total_memory_kb - $free_memory_kb;
}
elsif ( $uname =~ /FreeBSD/ ) {
# The FreeBSD case. 2013-03-19 www.claudiokuenzler.com
# free mem = Inactive*Page Size + Cache*Page Size + Free*Page Size
my $pagesize = `sysctl vm.stats.vm.v_page_size`;
$pagesize =~ s/[^0-9]//g;
my $mem_inactive = 0;
my $mem_cache = 0;
my $mem_free = 0;
my $mem_total = 0;
my $free_memory = 0;
my @meminfo = `/sbin/sysctl vm.stats.vm`;
foreach (@meminfo) {
chomp;
if (/^vm.stats.vm.v_inactive_count:\s+(\d+)/) {
$mem_inactive = ($1 * $pagesize);
}
elsif (/^vm.stats.vm.v_cache_count:\s+(\d+)/) {
$mem_cache = ($1 * $pagesize);
}
elsif (/^vm.stats.vm.v_free_count:\s+(\d+)/) {
$mem_free = ($1 * $pagesize);
}
elsif (/^vm.stats.vm.v_page_count:\s+(\d+)/) {
$mem_total = ($1 * $pagesize);
}
}
$free_memory = $mem_inactive + $mem_cache + $mem_free;
$free_memory_kb = ( $free_memory / 1024);
$total_memory_kb = ( $mem_total / 1024);
$used_memory_kb = $total_memory_kb - $free_memory_kb;
$caches_kb = ($mem_cache / 1024);
}
elsif ( $uname =~ /joyent/ ) {
# The SmartOS case. 2014-01-10 www.claudiokuenzler.com
# free mem = pagesfree * pagesize
my $pagesize = `pagesize`;
my $phys_pages = `kstat -p unix:0:system_pages:pagestotal | awk '{print \$NF}'`;
my $free_pages = `kstat -p unix:0:system_pages:pagesfree | awk '{print \$NF}'`;
my $arc_size = `kstat -p zfs:0:arcstats:size | awk '{print \$NF}'`;
my $arc_size_kb = $arc_size / 1024;
print "Pagesize is $pagesize" if ($opt_v);
print "Total pages is $phys_pages" if ($opt_v);
print "Free pages is $free_pages" if ($opt_v);
print "Arc size is $arc_size" if ($opt_v);
$caches_kb += $arc_size_kb;
$total_memory_kb = $phys_pages * $pagesize / 1024;
$free_memory_kb = $free_pages * $pagesize / 1024;
$used_memory_kb = $total_memory_kb - $free_memory_kb;
}
elsif ( $uname =~ /SunOS/ ) {
eval "use Sun::Solaris::Kstat";
if ($@) { #Kstat not available
if ($opt_C) {
print "You can't report on Solaris caches without Sun::Solaris::Kstat available!\n";
exit $exit_codes{UNKNOWN};
}
my @vmstat = `/usr/bin/vmstat 1 2`;
my $line;
foreach (@vmstat) {
chomp;
$line = $_;
}
$free_memory_kb = (split(/ /,$line))[5] / 1024;
my @prtconf = `/usr/sbin/prtconf`;
foreach (@prtconf) {
if (/^Memory size: (\d+) Megabytes/) {
$total_memory_kb = $1 * 1024;
}
}
$used_memory_kb = $total_memory_kb - $free_memory_kb;
}
else { # We have kstat
my $kstat = Sun::Solaris::Kstat->new();
my $phys_pages = ${kstat}->{unix}->{0}->{system_pages}->{physmem};
my $free_pages = ${kstat}->{unix}->{0}->{system_pages}->{freemem};
# We probably should account for UFS caching here, but it's unclear
# to me how to determine UFS's cache size. There's inode_cache,
# and maybe the physmem variable in the system_pages module??
# In the real world, it looks to be so small as not to really matter,
# so we don't grab it. If someone can give me code that does this,
# I'd be glad to put it in.
my $arc_size = (exists ${kstat}->{zfs} && ${kstat}->{zfs}->{0}->{arcstats}->{size}) ?
${kstat}->{zfs}->{0}->{arcstats}->{size} / 1024
: 0;
$caches_kb += $arc_size;
my $pagesize = `pagesize`;
$total_memory_kb = $phys_pages * $pagesize / 1024;
$free_memory_kb = $free_pages * $pagesize / 1024;
$used_memory_kb = $total_memory_kb - $free_memory_kb;
}
}
elsif ( $uname =~ /Darwin/ ) {
$total_memory_kb = (split(/ /,`/usr/sbin/sysctl hw.memsize`))[1]/1024;
my $pagesize = (split(/ /,`/usr/sbin/sysctl hw.pagesize`))[1];
$caches_kb = 0;
my @vm_stat = `/usr/bin/vm_stat`;
foreach (@vm_stat) {
chomp;
if (/^(Pages free):\s+(\d+)\.$/) {
$free_memory_kb = $2*$pagesize/1024;
}
# 'caching' concept works different on MACH
# this should be a reasonable approximation
elsif (/^Pages (inactive|purgable):\s+(\d+).$/) {
$caches_kb += $2*$pagesize/1024;
}
}
$used_memory_kb = $total_memory_kb - $free_memory_kb;
}
elsif ( $uname =~ /AIX/ ) {
my @meminfo = `/usr/bin/vmstat -vh`;
foreach (@meminfo) {
chomp;
if (/^\s*([0-9.]+)\s+(.*)/) {
my $counter_name = $2;
if ($counter_name eq 'memory pages') {
$total_memory_kb = $1*4;
}
if ($counter_name eq 'free pages') {
$free_memory_kb = $1*4;
}
if ($counter_name eq 'file pages') {
$caches_kb = $1*4;
}
if ($counter_name eq 'Number of 4k page frames loaned') {
$free_memory_kb += $1*4;
}
}
}
$used_memory_kb = $total_memory_kb - $free_memory_kb;
}
else {
if ($opt_C) {
print "You can't report on $uname caches!\n";
exit $exit_codes{UNKNOWN};
}
my $command_line = `vmstat | tail -1 | awk '{print \$4,\$5}'`;
chomp $command_line;
my @memlist = split(/ /, $command_line);
# Define the calculating scalars
$used_memory_kb = $memlist[0]/1024;
$free_memory_kb = $memlist[1]/1024;
$total_memory_kb = $used_memory_kb + $free_memory_kb;
}
return ($free_memory_kb,$used_memory_kb,$caches_kb,$hugepages_kb);
}
sub init {
# Get the options
if ($#ARGV le 0) {
&usage;
}
else {
getopts('c:fuChvw:');
}
# Shortcircuit the switches
if (!$opt_w or $opt_w == 0 or !$opt_c or $opt_c == 0) {
print "*** You must define WARN and CRITICAL levels!\n";
&usage;
}
elsif (!$opt_f and !$opt_u) {
print "*** You must select to monitor either USED or FREE memory!\n";
&usage;
}
# Check if levels are sane
if ($opt_w <= $opt_c and $opt_f) {
print "*** WARN level must not be less than CRITICAL when checking FREE memory!\n";
&usage;
}
elsif ($opt_w >= $opt_c and $opt_u) {
print "*** WARN level must not be greater than CRITICAL when checking USED memory!\n";
&usage;
}
}
sub finish {
my ($msg,$state) = @_;
print "$msg\n";
exit $state;
}

628
roles/nrpe/files/nrpe.cfg
View File

@@ -1,314 +1,314 @@
#############################################################################
# Sample NRPE Config File
# Written by: Ethan Galstad (nagios@nagios.org)
#
# Last Modified: 2016-05-10
#
# NOTES:
# This is a sample configuration file for the NRPE daemon. It needs to be
# located on the remote host that is running the NRPE daemon, not the host
# from which the check_nrpe client is being executed.
#############################################################################
# LOG FACILITY
# The syslog facility that should be used for logging purposes.
log_facility=daemon
# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on
debug=0
# PID FILE
# The name of the file in which the NRPE daemon should write it's process ID
# number. The file is only written if the NRPE daemon is started by the root
# user and is running in standalone mode.
pid_file=/var/run/nagios/nrpe.pid
# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-priviledged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
server_port=5666
# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
#server_address=127.0.0.1
# LISTEN QUEUE SIZE
# Listen queue size (backlog) for serving incoming connections.
# You may want to increase this value under high load.
#listen_queue_size=5
# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_user=nagios
# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_group=nagios
# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=192.168.201.2
# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed. This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments
dont_blame_nrpe=1
# BASH COMMAND SUBTITUTION
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments that contain bash command substitutions of the form
# $(...). This option only works if the daemon was configured with both
# the --enable-command-args and --enable-bash-command-substitution configure
# script options.
#
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow bash command substitutions,
# 1=allow bash command substitutions
allow_bash_command_substitution=0
# COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the
# command line from the command definition.
#
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario:
# Execute restricted commmands using sudo. For this to work, you need to add
# the nagios user to your /etc/sudoers. An example entry for alllowing
# execution of the plugins from might be:
#
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
#
# This lets the nagios user run all commands in that directory (and only them)
# without asking for a password. If you do this, make sure you don't give
# random users write access to that directory or its contents!
# command_prefix=/usr/bin/sudo
# COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off.
command_timeout=60
# CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low.
connection_timeout=300
# WEAK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued.
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
allow_weak_random_seed=1
# SSL/TLS OPTIONS
# These directives allow you to specify how to use SSL/TLS.
# SSL VERSION
# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
# TLSv1.2+ (use TLSv1.2 or above)
# If an "or above" version is used, the best will be negotiated. So if both
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
#ssl_version=SSLv2+
# SSL USE ADH
# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
# ADH or 2 to require ADH. 1 is currently the default but will be changed
# in a later version.
#ssl_use_adh=1
# SSL CIPHER LIST
# This lists which ciphers can be used. For backward compatibility, this
# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but
# will be changed to something like the example below in a later version of NRPE.
#ssl_cipher_list=ALL:!MD5:@STRENGTH
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
# SSL Certificate and Private Key Files
#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
# SSL USE CLIENT CERTS
# This options determines client certificate usage.
# Values: 0 = Don't ask for or require client certificates (default)
# 1 = Ask for client certificates
# 2 = Require client certificates
#ssl_client_certs=0
# SSL LOGGING
# This option determines which SSL messages are send to syslog. OR values
# together to specify multiple options.
# Values: 0x00 (0) = No additional logging (default)
# 0x01 (1) = Log startup SSL/TLS parameters
# 0x02 (2) = Log remote IP address
# 0x04 (4) = Log SSL/TLS version of connections
# 0x08 (8) = Log which cipher is being used for the connection
# 0x10 (16) = Log if client has a certificate
# 0x20 (32) = Log details of client's certificate if it has one
# -1 or 0xff or 0x2f = All of the above
#ssl_logging=0x00
# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.
#include=<somefile.cfg>
# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).
#include_dir=<somedirectory>
#include_dir=<someotherdirectory>
# COMMAND DEFINITIONS
# Command definitions that this daemon will run. Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on! The examples below
# assume that you have plugins installed in a /usr/local/nagios/libexec
# directory. Also note that you will have to modify the definitions below
# to match the argument format the plugins expect. Remember, these are
# examples only!
# The following examples use hardcoded command arguments...
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
# The following examples allow user-supplied arguments and can
# only be used if the NRPE daemon was compiled with support for
# command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'. This poses a potential security risk, so
# make sure you read the SECURITY file before doing this.
#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
# local configuration:
# if you'd prefer, you can instead place directives here
include=/etc/nagios/nrpe_local.cfg
# you can place your config snipplets into nrpe.d/
# only snipplets ending in .cfg will get included
include_dir=/etc/nagios/nrpe.d/
#############################################################################
# Sample NRPE Config File
# Written by: Ethan Galstad (nagios@nagios.org)
#
# Last Modified: 2016-05-10
#
# NOTES:
# This is a sample configuration file for the NRPE daemon. It needs to be
# located on the remote host that is running the NRPE daemon, not the host
# from which the check_nrpe client is being executed.
#############################################################################
# LOG FACILITY
# The syslog facility that should be used for logging purposes.
log_facility=daemon
# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on
debug=0
# PID FILE
# The name of the file in which the NRPE daemon should write it's process ID
# number. The file is only written if the NRPE daemon is started by the root
# user and is running in standalone mode.
pid_file=/var/run/nagios/nrpe.pid
# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-priviledged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
server_port=5666
# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
#server_address=127.0.0.1
# LISTEN QUEUE SIZE
# Listen queue size (backlog) for serving incoming connections.
# You may want to increase this value under high load.
#listen_queue_size=5
# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_user=nagios
# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_group=nagios
# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=192.168.201.2
# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed. This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments
dont_blame_nrpe=1
# BASH COMMAND SUBTITUTION
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments that contain bash command substitutions of the form
# $(...). This option only works if the daemon was configured with both
# the --enable-command-args and --enable-bash-command-substitution configure
# script options.
#
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow bash command substitutions,
# 1=allow bash command substitutions
allow_bash_command_substitution=0
# COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the
# command line from the command definition.
#
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario:
# Execute restricted commmands using sudo. For this to work, you need to add
# the nagios user to your /etc/sudoers. An example entry for alllowing
# execution of the plugins from might be:
#
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
#
# This lets the nagios user run all commands in that directory (and only them)
# without asking for a password. If you do this, make sure you don't give
# random users write access to that directory or its contents!
# command_prefix=/usr/bin/sudo
# COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off.
command_timeout=60
# CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low.
connection_timeout=300
# WEAK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued.
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
allow_weak_random_seed=1
# SSL/TLS OPTIONS
# These directives allow you to specify how to use SSL/TLS.
# SSL VERSION
# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
# TLSv1.2+ (use TLSv1.2 or above)
# If an "or above" version is used, the best will be negotiated. So if both
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
#ssl_version=SSLv2+
# SSL USE ADH
# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
# ADH or 2 to require ADH. 1 is currently the default but will be changed
# in a later version.
#ssl_use_adh=1
# SSL CIPHER LIST
# This lists which ciphers can be used. For backward compatibility, this
# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but
# will be changed to something like the example below in a later version of NRPE.
#ssl_cipher_list=ALL:!MD5:@STRENGTH
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
# SSL Certificate and Private Key Files
#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
# SSL USE CLIENT CERTS
# This options determines client certificate usage.
# Values: 0 = Don't ask for or require client certificates (default)
# 1 = Ask for client certificates
# 2 = Require client certificates
#ssl_client_certs=0
# SSL LOGGING
# This option determines which SSL messages are send to syslog. OR values
# together to specify multiple options.
# Values: 0x00 (0) = No additional logging (default)
# 0x01 (1) = Log startup SSL/TLS parameters
# 0x02 (2) = Log remote IP address
# 0x04 (4) = Log SSL/TLS version of connections
# 0x08 (8) = Log which cipher is being used for the connection
# 0x10 (16) = Log if client has a certificate
# 0x20 (32) = Log details of client's certificate if it has one
# -1 or 0xff or 0x2f = All of the above
#ssl_logging=0x00
# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.
#include=<somefile.cfg>
# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).
#include_dir=<somedirectory>
#include_dir=<someotherdirectory>
# COMMAND DEFINITIONS
# Command definitions that this daemon will run. Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on! The examples below
# assume that you have plugins installed in a /usr/local/nagios/libexec
# directory. Also note that you will have to modify the definitions below
# to match the argument format the plugins expect. Remember, these are
# examples only!
# The following examples use hardcoded command arguments...
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
# The following examples allow user-supplied arguments and can
# only be used if the NRPE daemon was compiled with support for
# command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'. This poses a potential security risk, so
# make sure you read the SECURITY file before doing this.
#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
# local configuration:
# if you'd prefer, you can instead place directives here
include=/etc/nagios/nrpe_local.cfg
# you can place your config snipplets into nrpe.d/
# only snipplets ending in .cfg will get included
include_dir=/etc/nagios/nrpe.d/

24
roles/nrpe/files/nrpe_local.cfg
View File

@@ -1,12 +1,12 @@
######################################
# Do any local nrpe configuration here
######################################
command[check_test_file_100M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 86400 -c 1570000 -W 50000000 -C 10 -f '/home/pi/Documents/smb/test_file_100M'
command[check_test_file_200M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 432600 -c 1570000 -W 100000000 -C 10 -f '/home/pi/Documents/smb/test_file_200M'
command[check_test_file_500M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 432600 -c 1570000 -W 250000000 -C 10 -f '/home/pi/Documents/smb/test_file_500M'
command[check_test_file_50M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 86400 -c 1570000 -W 40000000 -C 10 -f '/home/pi/Documents/smb/test_file_50M'
command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
command[check_mem]=/usr/lib/nagios/plugins/check_mem.pl -u -C -w 85 -c 95
command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 30% -c 10%
command[check_sipp]=/usr/lib/nagios/plugins/check_procs -C sipp -w 1:1 -c 1:1
command[check_fprobe]=/usr/lib/nagios/plugins/check_procs -C fprobe -w 1:1 -c 1:1
######################################
# Do any local nrpe configuration here
######################################
command[check_test_file_100M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 86400 -c 1570000 -W 50000000 -C 10 -f '/home/pi/Documents/smb/test_file_100M'
command[check_test_file_200M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 432600 -c 1570000 -W 100000000 -C 10 -f '/home/pi/Documents/smb/test_file_200M'
command[check_test_file_500M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 432600 -c 1570000 -W 250000000 -C 10 -f '/home/pi/Documents/smb/test_file_500M'
command[check_test_file_50M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 86400 -c 1570000 -W 40000000 -C 10 -f '/home/pi/Documents/smb/test_file_50M'
command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
command[check_mem]=/usr/lib/nagios/plugins/check_mem.pl -u -C -w 85 -c 95
command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 30% -c 10%
command[check_sipp]=/usr/lib/nagios/plugins/check_procs -C sipp -w 1:1 -c 1:1
command[check_fprobe]=/usr/lib/nagios/plugins/check_procs -C fprobe -w 1:1 -c 1:1

76
roles/nrpe/tasks/main.yaml Executable file → Normal file
View File

@@ -1,38 +1,38 @@
---
- name: Install nrpe and plugins
become: true
apt:
name: "{{ packages }}"
vars:
packages:
- nagios-nrpe-server
- monitoring-plugins
tags: install_nrpe
- name: Copy configuration files
become: true
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: a+x
with_items:
- { src: "{{ role_path }}/files/nrpe.cfg", dest: "/etc/nagios" }
- { src: "{{ role_path }}/files/nrpe_local.cfg", dest: "/etc/nagios" }
- { src: "{{ role_path }}/files/check_mem.pl", dest: "/usr/lib/nagios/plugins" }
tags: configure_nrpe
- name: enable nrpe
become: true
systemd:
name: nagios-nrpe-server
enabled: yes
masked: no
state: restarted
tags: enable_nrpe
- lineinfile:
path: "/etc/sudoers"
state: present
line: "nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/"
validate: "/usr/sbin/visudo -cf %s"
become: true
tags: nagios_sudo
---
- name: Install nrpe and plugins
become: true
apt:
name: "{{ packages }}"
vars:
packages:
- nagios-nrpe-server
- monitoring-plugins
tags: install_nrpe
- name: Copy configuration files
become: true
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: a+x
with_items:
- { src: "{{ role_path }}/files/nrpe.cfg", dest: "/etc/nagios" }
- { src: "{{ role_path }}/files/nrpe_local.cfg", dest: "/etc/nagios" }
- { src: "{{ role_path }}/files/check_mem.pl", dest: "/usr/lib/nagios/plugins" }
tags: configure_nrpe
- name: enable nrpe
become: true
systemd:
name: nagios-nrpe-server
enabled: yes
masked: no
state: restarted
tags: enable_nrpe
- lineinfile:
path: "/etc/sudoers"
state: present
line: "nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/"
validate: "/usr/sbin/visudo -cf %s"
become: true
tags: nagios_sudo

44
roles/pi/tasks/main.yaml Executable file → Normal file
View File

@@ -1,17 +1,27 @@
---
- name: set swapfile
become: true
lineinfile:
path: /etc/dphys-swapfile
state: present
regexp: '^CONF_SWAPSIZE'
line: 'CONF_SWAPSIZE=1024'
owner: root
group: root
mode: 0600
tags: set_swapfile
- name: restart swapfile
become: true
command: '/etc/init.d/dphys-swapfile restart'
tags: set_swapfile
---
- name: set swapfile
become: true
lineinfile:
path: /etc/dphys-swapfile
state: present
regexp: '^CONF_SWAPSIZE'
line: 'CONF_SWAPSIZE=1024'
owner: root
group: root
mode: 0600
tags: set_swapfile
- name: restart swapfile
become: true
command: '/etc/init.d/dphys-swapfile restart'
tags: set_swapfile
- lineinfile:
path: /boot/config.txt
state: present
backrefs: yes
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: '#framebuffer_width=1280', line: 'framebuffer_width=1280' }
- { regexp: '#framebuffer_height=720', line: 'framebuffer_height=1024' }
become: true

380
roles/public/tasks/main.yaml Executable file → Normal file
View File

@@ -1,190 +1,190 @@
---
- name: Install ufw packages
package:
name: ufw
state: present
become: true
- name: Allow all access from RFC1918 networks to this hosts
ufw:
rule: allow
src: '{{ item }}'
with_items:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
become: true
- name: Allow all access from any Comcast IP Space
become: true
ufw:
rule: allow
src: '{{ item }} '
with_items:
- 72.94.169.223/32
- 100.96.0.0/11
- 103.72.193.0/24
- 107.0.0.0/14
- 107.4.0.0/15
- 108.171.224.0/20
- 147.191.0.0/16
- 162.148.0.0/14
- 162.17.0.0/16
- 165.137.0.0/16
- 169.152.0.0/16
- 169.152.0.0/16
- 173.160.0.0/13
- 173.8.0.0/13
- 174.160.0.0/11
- 174.48.0.0/12
- 184.108.0.0/14
- 184.112.0.0/12
- 193.57.148.0/22
- 198.0.0.0/16
- 198.137.252.0/23
- 198.178.8.0/21
- 207.223.0.0/20
- 208.110.192.0/19
- 208.39.128.0/18
- 209.23.192.0/18
- 216.45.128.0/17
- 23.24.0.0/15
- 23.30.0.0/15
- 23.68.0.0/14
- 232.128.0.0/13
- 232.232.0.0/14
- 232.36.0.0/14
- 232.40.0.0/14
- 232.44.0.0/14
- 232.48.0.0/14
- 232.52.0.0/14
- 232.56.0.0/14
- 232.64.0.0/14
- 232.80.0.0/14
- 232.96.0.0/14
- 239.12.0.0/14
- 239.16.0.0/14
- 239.20.0.0/14
- 239.24.0.0/14
- 239.28.0.0/14
- 239.32.0.0/14
- 24.0.0.0/12
- 24.104.0.0/17
- 24.104.128.0/19
- 24.118.0.0/16
- 24.124.128.0/17
- 24.125.0.0/16
- 24.126.0.0/15
- 24.128.0.0/16
- 24.129.0.0/17
- 24.130.0.0/15
- 24.147.0.0/16
- 24.149.128.0/17
- 24.153.64.0/19
- 24.153.72.0/21
- 24.16.0.0/13
- 24.218.0.0/16
- 24.245.0.0/18
- 24.30.0.0/17
- 24.34.0.0/16
- 24.40.0.0/18
- 24.40.64.0/20
- 24.60.0.0/14
- 24.91.0.0/16
- 24.98.0.0/15
- 3.81.241.149
- 50.128.0.0/9
- 50.73.0.0/16
- 50.76.0.0/14
- 64.139.64.0/19
- 64.235.160.0/19
- 64.56.32.0/19
- 64.78.64.0/18
- 65.34.128.0/17
- 65.96.0.0/16
- 66.176.0.0/15
- 66.208.192.0/18
- 66.229.0.0/16
- 66.240.0.0/18
- 66.30.0.0/15
- 66.41.0.0/16
- 66.56.0.0/18
- 67.160.0.0/11
- 67.178.0.0/17
- 67.178.128.0/17
- 67.179.0.0/16
- 68.32.0.0/11
- 68.80.0.0/13
- 68.85.0.0/20
- 68.85.128.0/17
- 68.85.16.0/20
- 68.85.32.0/19
- 68.85.64.0/18
- 68.86.0.0/18
- 68.86.128.0/17
- 68.86.64.0/18
- 68.87.0.0/20
- 68.87.128.0/18
- 68.87.16.0/20
- 68.87.192.0/19
- 68.87.224.0/20
- 68.87.240.0/20
- 68.87.32.0/19
- 68.87.64.0/18
- 69.136.0.0/13
- 69.139.128.0/20
- 69.139.144.0/20
- 69.139.160.0/19
- 69.139.192.0/18
- 69.180.0.0/15
- 69.240.0.0/12
- 70.88.0.0/14
- 71.192.0.0/12
- 71.224.0.0/12
- 71.24.0.0/14
- 71.56.0.0/13
- 72.55.0.0/17
- 73.0.0.0/8
- 74.144.0.0/12
- 74.16.0.0/12
- 74.81.128.0/19
- 74.92.0.0/14
- 75.144.0.0/13
- 75.64.0.0/13
- 75.72.0.0/15
- 75.74.0.0/16
- 75.75.0.0/17
- 75.75.128.0/18
- 75.75.72.0/21
- 76.128.0.0/11
- 76.16.0.0/12
- 76.96.0.0/11
- 96.100.0.0/14
- 96.106.0.0/15
- 96.108.0.0/17
- 96.108.128.0/18
- 96.108.192.0/19
- 96.108.224.0/19
- 96.109.0.0/16
- 96.110.0.0/16
- 96.111.0.0/16
- 96.112.0.0/13
- 96.120.0.0/14
- 96.124.0.0/16
- 96.128.0.0/10
- 96.192.0.0/11
- 96.64.0.0/11
- 96.96.0.0/12
- 98.192.0.0/10
- 98.205.0.0/16
- 98.241.0.0/16
- 98.32.0.0/11
- name: Allow DHCP
ufw:
rule: allow
to_port: 67
become: true
tags: ufw_dhcp
- name: Enable UFW
ufw:
state: enabled
policy: deny
become: true
---
- name: Install ufw packages
package:
name: ufw
state: present
become: true
- name: Allow all access from RFC1918 networks to this hosts
ufw:
rule: allow
src: '{{ item }}'
with_items:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
become: true
- name: Allow all access from any Comcast IP Space
become: true
ufw:
rule: allow
src: '{{ item }} '
with_items:
- 72.94.169.223/32
- 100.96.0.0/11
- 103.72.193.0/24
- 107.0.0.0/14
- 107.4.0.0/15
- 108.171.224.0/20
- 147.191.0.0/16
- 162.148.0.0/14
- 162.17.0.0/16
- 165.137.0.0/16
- 169.152.0.0/16
- 169.152.0.0/16
- 173.160.0.0/13
- 173.8.0.0/13
- 174.160.0.0/11
- 174.48.0.0/12
- 184.108.0.0/14
- 184.112.0.0/12
- 193.57.148.0/22
- 198.0.0.0/16
- 198.137.252.0/23
- 198.178.8.0/21
- 207.223.0.0/20
- 208.110.192.0/19
- 208.39.128.0/18
- 209.23.192.0/18
- 216.45.128.0/17
- 23.24.0.0/15
- 23.30.0.0/15
- 23.68.0.0/14
- 232.128.0.0/13
- 232.232.0.0/14
- 232.36.0.0/14
- 232.40.0.0/14
- 232.44.0.0/14
- 232.48.0.0/14
- 232.52.0.0/14
- 232.56.0.0/14
- 232.64.0.0/14
- 232.80.0.0/14
- 232.96.0.0/14
- 239.12.0.0/14
- 239.16.0.0/14
- 239.20.0.0/14
- 239.24.0.0/14
- 239.28.0.0/14
- 239.32.0.0/14
- 24.0.0.0/12
- 24.104.0.0/17
- 24.104.128.0/19
- 24.118.0.0/16
- 24.124.128.0/17
- 24.125.0.0/16
- 24.126.0.0/15
- 24.128.0.0/16
- 24.129.0.0/17
- 24.130.0.0/15
- 24.147.0.0/16
- 24.149.128.0/17
- 24.153.64.0/19
- 24.153.72.0/21
- 24.16.0.0/13
- 24.218.0.0/16
- 24.245.0.0/18
- 24.30.0.0/17
- 24.34.0.0/16
- 24.40.0.0/18
- 24.40.64.0/20
- 24.60.0.0/14
- 24.91.0.0/16
- 24.98.0.0/15
- 3.81.241.149
- 50.128.0.0/9
- 50.73.0.0/16
- 50.76.0.0/14
- 64.139.64.0/19
- 64.235.160.0/19
- 64.56.32.0/19
- 64.78.64.0/18
- 65.34.128.0/17
- 65.96.0.0/16
- 66.176.0.0/15
- 66.208.192.0/18
- 66.229.0.0/16
- 66.240.0.0/18
- 66.30.0.0/15
- 66.41.0.0/16
- 66.56.0.0/18
- 67.160.0.0/11
- 67.178.0.0/17
- 67.178.128.0/17
- 67.179.0.0/16
- 68.32.0.0/11
- 68.80.0.0/13
- 68.85.0.0/20
- 68.85.128.0/17
- 68.85.16.0/20
- 68.85.32.0/19
- 68.85.64.0/18
- 68.86.0.0/18
- 68.86.128.0/17
- 68.86.64.0/18
- 68.87.0.0/20
- 68.87.128.0/18
- 68.87.16.0/20
- 68.87.192.0/19
- 68.87.224.0/20
- 68.87.240.0/20
- 68.87.32.0/19
- 68.87.64.0/18
- 69.136.0.0/13
- 69.139.128.0/20
- 69.139.144.0/20
- 69.139.160.0/19
- 69.139.192.0/18
- 69.180.0.0/15
- 69.240.0.0/12
- 70.88.0.0/14
- 71.192.0.0/12
- 71.224.0.0/12
- 71.24.0.0/14
- 71.56.0.0/13
- 72.55.0.0/17
- 73.0.0.0/8
- 74.144.0.0/12
- 74.16.0.0/12
- 74.81.128.0/19
- 74.92.0.0/14
- 75.144.0.0/13
- 75.64.0.0/13
- 75.72.0.0/15
- 75.74.0.0/16
- 75.75.0.0/17
- 75.75.128.0/18
- 75.75.72.0/21
- 76.128.0.0/11
- 76.16.0.0/12
- 76.96.0.0/11
- 96.100.0.0/14
- 96.106.0.0/15
- 96.108.0.0/17
- 96.108.128.0/18
- 96.108.192.0/19
- 96.108.224.0/19
- 96.109.0.0/16
- 96.110.0.0/16
- 96.111.0.0/16
- 96.112.0.0/13
- 96.120.0.0/14
- 96.124.0.0/16
- 96.128.0.0/10
- 96.192.0.0/11
- 96.64.0.0/11
- 96.96.0.0/12
- 98.192.0.0/10
- 98.205.0.0/16
- 98.241.0.0/16
- 98.32.0.0/11
- name: Allow DHCP
ufw:
rule: allow
to_port: 67
become: true
tags: ufw_dhcp
- name: Enable UFW
ufw:
state: enabled
policy: deny
become: true

0
roles/salesforce/files/salesforce.sh Executable file → Normal file
View File

17820
roles/salesforce/files/salesforce_url.list
View File

File diff suppressed because it is too large Load Diff

40
roles/salesforce/tasks/main.yaml Executable file → Normal file
View File

@@ -1,20 +1,20 @@
---
- name: copy salesforce script
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: pi
group: pi
mode: a+x
with_items:
- { src: "{{ role_path }}/files/salesforce.sh", dest: "/home/pi/scripts/salesforce.sh" }
- { src: "{{ role_path }}/files/salesforce_url.list", dest: "/home/pi/Documents/salesforce_url.list" }
tags: salesforcetraff_script
- name: enable cron job for salesforce traffic
cron:
name: "salesforcetraff"
minute: "*/5"
hour: "7-18"
weekday: "1-5"
job: "/home/pi/scripts/salesforce.sh"
tags: salesforcetraff_cron
---
- name: copy salesforce script
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: pi
group: pi
mode: a+x
with_items:
- { src: "{{ role_path }}/files/salesforce.sh", dest: "/home/pi/scripts/salesforce.sh" }
- { src: "{{ role_path }}/files/salesforce_url.list", dest: "/home/pi/Documents/salesforce_url.list" }
tags: salesforcetraff_script
- name: enable cron job for salesforce traffic
cron:
name: "salesforcetraff"
minute: "*/5"
hour: "7-18"
weekday: "1-5"
job: "/home/pi/scripts/salesforce.sh"
tags: salesforcetraff_cron

108
roles/samba-server/README.md
View File

@@ -1,54 +1,54 @@
SAMBA Server Installation on Ubuntu Server using Ansible
--------
There's a blog post that I wrote to go along with this. [Check it out!]
This role is helpful to install SAMBA server on Ubuntu server 14.04 LTS.
[SAMBA Installation Tutorial] - This step by step tutorial explains the installation and configuration of a SAMBA server on Ubuntu server.
### To use this Role:
Edit the `site.yml` file, mentioned this role:
```yaml
---
- hosts: server
become: yes
gather_facts: yes
roles:
- samba
```
After that edit the `defaults/main.yml` file:
> Change the username(s) and their smbpassword, but these user(s) must exist on the target system.
> Also change the other values as per your requirement. These are self explanatory.
```yaml
---
ubuntu_samba_packages:
- samba
- samba-common
- python-glade2
- system-config-samba
workgroup: WORKGROUP
public_share_name: public
public_share_path: /samba/public
private_share_name: private
private_share_path: /samba/private
samba_group_name: smbgrp
samba_users:
- name: 'arbab'
smbpasswd: 'pass123'
- name: 'hussain'
smbpasswd: 'password'
```
Then run this command:
```
ansible-playbook -i hosts -u arbab site.yml
```
**Note:** Please don't forget to change `arbab` with your username
[SAMBA Installation Tutorial]:https://rbgeek.wordpress.com/2012/04/25/how-to-install-samba-server-on-ubuntu-12-04/
[Check it out!]:https://rbgeek.wordpress.com/2015/02/23/installing-the-samba-server-on-ubuntu-using-ansible/
SAMBA Server Installation on Ubuntu Server using Ansible
--------
There's a blog post that I wrote to go along with this. [Check it out!]
This role is helpful to install SAMBA server on Ubuntu server 14.04 LTS.
[SAMBA Installation Tutorial] - This step by step tutorial explains the installation and configuration of a SAMBA server on Ubuntu server.
### To use this Role:
Edit the `site.yml` file, mentioned this role:
```yaml
---
- hosts: server
become: yes
gather_facts: yes
roles:
- samba
```
After that edit the `defaults/main.yml` file:
> Change the username(s) and their smbpassword, but these user(s) must exist on the target system.
> Also change the other values as per your requirement. These are self explanatory.
```yaml
---
ubuntu_samba_packages:
- samba
- samba-common
- python-glade2
- system-config-samba
workgroup: WORKGROUP
public_share_name: public
public_share_path: /samba/public
private_share_name: private
private_share_path: /samba/private
samba_group_name: smbgrp
samba_users:
- name: 'arbab'
smbpasswd: 'pass123'
- name: 'hussain'
smbpasswd: 'password'
```
Then run this command:
```
ansible-playbook -i hosts -u arbab site.yml
```
**Note:** Please don't forget to change `arbab` with your username
[SAMBA Installation Tutorial]:https://rbgeek.wordpress.com/2012/04/25/how-to-install-samba-server-on-ubuntu-12-04/
[Check it out!]:https://rbgeek.wordpress.com/2015/02/23/installing-the-samba-server-on-ubuntu-using-ansible/

34
roles/samba-server/defaults/main.yml
View File

@@ -1,17 +1,17 @@
---
ubuntu_samba_packages:
- samba
- samba-common
- python-glade2
- system-config-samba
workgroup: DEMO
public_share_name: share
public_share_path: /media/share
private_share_name: private
private_share_path: /media/private
samba_group_name: smbgrp
samba_users:
- name: 'demo'
smbpasswd: 'Demo123'
- name: 'pi'
smbpasswd: 'pipasswd'
---
ubuntu_samba_packages:
- samba
- samba-common
- python-glade2
# - system-config-samba
workgroup: DEMO
public_share_name: share
public_share_path: /media/share
private_share_name: private
private_share_path: /media/private
samba_group_name: smbgrp
samba_users:
- name: 'demo'
smbpasswd: 'Demo123'
- name: 'pi'
smbpasswd: 'pipasswd'

17
roles/samba-server/handlers/main.yml
View File

@@ -1,8 +1,9 @@
---
- name: Restart Samba
service:
name: smbd.service
state: restarted
- name: Generate Samba Files
become: yes
shell: /home/pi/scripts/genfiles.sh
---
- name: Restart Samba
systemd:
name: smbd.service
state: restarted
enabled: yes
- name: Generate Samba Files
become: yes
shell: /home/pi/scripts/genfiles.sh

146
roles/samba-server/tasks/main.yml
View File

@@ -1,74 +1,72 @@
---
- name: Install the Samba and additional packages
apt:
name: "{{ ubuntu_samba_packages }}"
state: present
update_cache: yes
become: yes
- name: Copy the Customize smb.conf file
become: yes
template:
src: etc_samba_smb.conf.j2
dest: /etc/samba/smb.conf
backup: yes
notify:
- Restart Samba
- name: Create Samba users restricted group
group:
name: "{{ samba_group_name }}"
state: present
become: yes
- name: Add the User(s) to Samba group
user:
name: "{{ item.name }}"
groups: "{{ samba_group_name }}"
append: yes
become: yes
with_items: "{{ samba_users }}"
- name: Create Samba Password for User(s)
shell: "(echo {{ item.smbpasswd }}; echo {{ item.smbpasswd }}) | smbpasswd -s -a {{ item.name }}"
with_items: "{{ samba_users }}"
become: yes
- name: "Check that {{ public_share_path }} exist"
stat:
path: "{{ public_share_path }}"
register: public_dir_exists
- name: "Create {{ public_share_path }} directory"
become: yes
file:
state: directory
path: "{{ public_share_path }}"
owner: nobody
group: nogroup
mode: 0755
recurse: yes
when: public_dir_exists.stat.exists == False
- name: "Check that {{ private_share_path }} exist"
stat:
path: "{{ private_share_path }}"
register: private_dir_exists
- name: "Create {{ private_share_path }} directory"
become: yes
file:
state: directory
path: "{{ private_share_path }}"
owner: root
group: "{{ samba_group_name }}"
mode: 1770
when: private_dir_exists.stat.exists == False
- name: copy genfiles script
copy:
src: "{{ role_path }}/files/genfiles.sh"
dest: /home/pi/scripts/genfiles.sh
owner: pi
group: pi
mode: a+x
tags: samba_genfiles
notify:
- Generate Samba Files
---
- name: Install the Samba and additional packages
apt:
name: "{{ ubuntu_samba_packages }}"
state: present
update_cache: yes
become: yes
- name: Copy the Customize smb.conf file
become: yes
template:
src: etc_samba_smb.conf.j2
dest: /etc/samba/smb.conf
backup: yes
# notify: Restart Samba
- name: Create Samba users restricted group
group:
name: "{{ samba_group_name }}"
state: present
become: yes
- name: Add the User(s) to Samba group
user:
name: "{{ item.name }}"
groups: "{{ samba_group_name }}"
append: yes
become: yes
with_items: "{{ samba_users }}"
- name: Create Samba Password for User(s)
shell: "(echo {{ item.smbpasswd }}; echo {{ item.smbpasswd }}) | smbpasswd -s -a {{ item.name }}"
with_items: "{{ samba_users }}"
become: yes
- name: "Check that {{ public_share_path }} exist"
stat:
path: "{{ public_share_path }}"
register: public_dir_exists
- name: "Create {{ public_share_path }} directory"
become: yes
file:
state: directory
path: "{{ public_share_path }}"
owner: nobody
group: nogroup
mode: 0755
recurse: yes
when: public_dir_exists.stat.exists == False
- name: "Check that {{ private_share_path }} exist"
stat:
path: "{{ private_share_path }}"
register: private_dir_exists
- name: "Create {{ private_share_path }} directory"
become: yes
file:
state: directory
path: "{{ private_share_path }}"
owner: root
group: "{{ samba_group_name }}"
mode: 1770
when: private_dir_exists.stat.exists == False
- name: copy genfiles script
copy:
src: "{{ role_path }}/files/genfiles.sh"
dest: /home/pi/scripts/genfiles.sh
owner: pi
group: pi
mode: a+x
tags: samba_genfiles
notify: Generate Samba Files

56
roles/samba-server/templates/etc_samba_smb.conf.j2
View File

@@ -1,28 +1,28 @@
#======================= Global Settings =====================================
#{{ ansible_managed }}
[global]
workgroup = {{ workgroup }}
server string = Samba Server %v
netbios name = ubuntu
security = user
map to guest = bad user
dns proxy = no
#============================ Share Definitions ==============================
#### Public Share ####
[{{ public_share_name }}]
path = {{ public_share_path }}
browsable =yes
writable = yes
guest ok = yes
read only = no
#### Private Share ####
[{{ private_share_name }}]
path = {{ private_share_path }}
valid users = @{{ samba_group_name }}
guest ok = no
writable = yes
browsable = yes
create mask = 0700
directory mask = 0700
#======================= Global Settings =====================================
#{{ ansible_managed }}
[global]
workgroup = {{ workgroup }}
server string = Samba Server %v
netbios name = ubuntu
security = user
map to guest = bad user
dns proxy = no
#============================ Share Definitions ==============================
#### Public Share ####
[{{ public_share_name }}]
path = {{ public_share_path }}
browsable =yes
writable = yes
guest ok = yes
read only = no
#### Private Share ####
[{{ private_share_name }}]
path = {{ private_share_path }}
valid users = @{{ samba_group_name }}
guest ok = no
writable = yes
browsable = yes
create mask = 0700
directory mask = 0700

40
roles/sipclient/tasks/main.yaml Executable file → Normal file
View File

@@ -1,20 +1,20 @@
---
- name: enable sip client
become: true
cron:
name: "sip client"
minute: "*/30"
hour: "8-18"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 1800' && /home/pi/sipp/startclient.sh"
user: root
tags: sipclient_cron
- name: stop sip calling after hours
become: true
cron:
name: "stop sip client"
hour: "17"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 1800' && /home/pi/sipp/stopclient.sh"
user: root
tags: sipclient_stop
---
- name: enable sip client
become: true
cron:
name: "sip client"
minute: "*/30"
hour: "8-18"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 1800' && /home/pi/sipp/startclient.sh"
user: root
tags: sipclient_cron
- name: stop sip calling after hours
become: true
cron:
name: "stop sip client"
hour: "17"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 1800' && /home/pi/sipp/stopclient.sh"
user: root
tags: sipclient_stop

0
roles/sipp/files/startclient.sh Executable file → Normal file
View File

0
roles/sipp/files/startserver.sh Executable file → Normal file
View File

118
roles/sipp/tasks/main.yaml Executable file → Normal file
View File

@@ -1,59 +1,59 @@
---
- name: download sipp source
get_url:
url: "https://github.com/SIPp/sipp/releases/download/v3.5.2/sipp-3.5.2.tar.gz"
dest: "/home/pi/sipp-3.5.2.tar.gz"
register: sipp_source
tags: sipp
- name: Unpacking SIPP
unarchive:
copy: no
dest: /home/pi/
src: "/home/pi/sipp-3.5.2.tar.gz"
when: sipp_source.changed
register: sipp_source_unpack
tags: sipp
- name: move sipp directory
command: 'mv sipp-3.5.2 sipp'
when: sipp_source_unpack is changed
register: sipp_move_directory
tags: sipp
- name: configure sipp
command: "./configure --with-openssl --with-pcap --with-sctp"
args:
chdir: "/home/pi/sipp"
when: sipp_move_directory is changed
tags: sipp
register: sipp_configure
- name: build sipp
shell: make
when: sipp_configure is changed
args:
chdir: "/home/pi/sipp"
tags: sipp
- name: copy scripts
when: sipp_move_directory is changed
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: pi
group: pi
mode: a+x
with_items:
- { src: "{{ role_path }}/files/startserver.sh", dest: "/home/pi/sipp/startserver.sh" }
- { src: "{{ role_path }}/files/startclient.sh", dest: "/home/pi/sipp/startclient.sh" }
- { src: "{{ role_path }}/files/stopclient.sh", dest: "/home/pi/sipp/stopclient.sh" }
tags: sipp
- name: copy scripts2
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: pi
group: pi
mode: a+x
with_items:
- { src: "{{ role_path }}/files/startserver.sh", dest: "/home/pi/sipp/startserver.sh" }
- { src: "{{ role_path }}/files/startclient.sh", dest: "/home/pi/sipp/startclient.sh" }
- { src: "{{ role_path }}/files/stopclient.sh", dest: "/home/pi/sipp/stopclient.sh" }
tags: sipp_scripts
---
- name: download sipp source
get_url:
url: "https://github.com/SIPp/sipp/releases/download/v3.5.2/sipp-3.5.2.tar.gz"
dest: "/home/pi/sipp-3.5.2.tar.gz"
register: sipp_source
tags: sipp
- name: Unpacking SIPP
unarchive:
copy: no
dest: /home/pi/
src: "/home/pi/sipp-3.5.2.tar.gz"
when: sipp_source.changed
register: sipp_source_unpack
tags: sipp
- name: move sipp directory
command: 'mv sipp-3.5.2 sipp'
when: sipp_source_unpack is changed
register: sipp_move_directory
tags: sipp
- name: configure sipp
command: "./configure --with-openssl --with-pcap --with-sctp"
args:
chdir: "/home/pi/sipp"
when: sipp_move_directory is changed
tags: sipp
register: sipp_configure
- name: build sipp
shell: make
when: sipp_configure is changed
args:
chdir: "/home/pi/sipp"
tags: sipp
- name: copy scripts
when: sipp_move_directory is changed
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: pi
group: pi
mode: a+x
with_items:
- { src: "{{ role_path }}/files/startserver.sh", dest: "/home/pi/sipp/startserver.sh" }
- { src: "{{ role_path }}/files/startclient.sh", dest: "/home/pi/sipp/startclient.sh" }
- { src: "{{ role_path }}/files/stopclient.sh", dest: "/home/pi/sipp/stopclient.sh" }
tags: sipp
- name: copy scripts2
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: pi
group: pi
mode: a+x
with_items:
- { src: "{{ role_path }}/files/startserver.sh", dest: "/home/pi/sipp/startserver.sh" }
- { src: "{{ role_path }}/files/startclient.sh", dest: "/home/pi/sipp/startclient.sh" }
- { src: "{{ role_path }}/files/stopclient.sh", dest: "/home/pi/sipp/stopclient.sh" }
tags: sipp_scripts

18
roles/sipserver/tasks/main.yaml Executable file → Normal file
View File

@@ -1,9 +1,9 @@
---
- name: enable cron job for sip server
become: true
cron:
name: "sipserver"
minute: "*/30"
user: root
job: "/home/pi/sipp/startserver.sh"
tags: sipserver_cron
---
- name: enable cron job for sip server
become: true
cron:
name: "sipserver"
minute: "*/30"
user: root
job: "/home/pi/sipp/startserver.sh"
tags: sipserver_cron

8
roles/smbclient/files/.credentials
View File

@@ -1,4 +1,4 @@
username=demo
password=Demo123
domain=DEMO
username=demo
password=Demo123
domain=DEMO

2
roles/smbclient/files/smb-session.sh Executable file → Normal file
View File

@@ -13,6 +13,6 @@ if pgrep -f test_file >/dev/null
then
exit 0
else
smbclient //192.168.198.2/share -c "get $file" -A ~/.credentials
smbclient //192.168.88.230/share -c "get $file" -A ~/.credentials
fi

48
roles/smbclient/tasks/main.yaml Executable file → Normal file
View File

@@ -1,24 +1,24 @@
---
- name: enable cron job for smb traffic
cron:
name: "smbtraff"
minute: "*/60"
hour: "7-18"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 3500' && /home/pi/scripts/smb-session.sh"
tags: smbtraff_cron
- name: copy smb-session.sh to scripts directory
copy:
src: "{{ role_path }}/files/smb-session.sh"
dest: /home/pi/scripts/smb-session.sh
owner: pi
group: pi
mode: a+x
tags: smbtraff_script
- name: copy credentials to user directory
copy:
src: "{{ role_path }}/files/.credentials"
dest: /home/pi
owner: pi
group: pi
tags: smbtraff_credentials
---
- name: enable cron job for smb traffic
cron:
name: "smbtraff"
minute: "*/60"
hour: "7-18"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 3500' && /home/pi/scripts/smb-session.sh"
tags: smbtraff_cron
- name: copy smb-session.sh to scripts directory
copy:
src: "{{ role_path }}/files/smb-session.sh"
dest: /home/pi/scripts/smb-session.sh
owner: pi
group: pi
mode: a+x
tags: smbtraff_script
- name: copy credentials to user directory
copy:
src: "{{ role_path }}/files/.credentials"
dest: /home/pi
owner: pi
group: pi
tags: smbtraff_credentials

64
roles/snmpd/tasks/main.yaml Executable file → Normal file
View File

@@ -1,32 +1,32 @@
---
- name: Install snmpd Package
become: yes
apt:
name: ['snmpd']
state: present
update_cache: true
tags: install_snmpd
- lineinfile:
path: /etc/snmp/snmpd.conf
state: present
backrefs: yes
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: '^\s+rocommunity\s+public\s+default\s+-V\s+systemonly', line: ' rocommunity {{ rocommunity }}' }
- { regexp: '^agentAddress\s+udp:127.0.0.1:161', line: 'agentAddress udp:161' }
tags: configure_snmpd
become: true
- name: enable snmpd service and ensure it is not masked
systemd:
name: snmpd
enabled: yes
masked: no
state: restarted
tags: enable_snmpd
become: true
- name: set timezone
become: true
timezone:
name: America/New_York
tags: set_timezone
---
- name: Install snmpd Package
become: yes
apt:
name: ['snmpd']
state: present
update_cache: true
tags: install_snmpd
- lineinfile:
path: /etc/snmp/snmpd.conf
state: present
backrefs: yes
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: '^\s+rocommunity\s+public\s+default\s+-V\s+systemonly', line: ' rocommunity {{ rocommunity }}' }
- { regexp: '^agentAddress\s+udp:127.0.0.1:161', line: 'agentAddress udp:161' }
tags: configure_snmpd
become: true
- name: enable snmpd service and ensure it is not masked
systemd:
name: snmpd
enabled: yes
masked: no
state: restarted
tags: enable_snmpd
become: true
- name: set timezone
become: true
timezone:
name: America/New_York
tags: set_timezone

8
roles/vnc/files/vncserver-x11
View File

@@ -1,4 +1,4 @@
Authentication=VncAuth
Encryption=PreferOn
Password=12d2f5a0e446b80ad72a2ec6a3688ee308f543f59d7bf06f
Authentication=VncAuth
Encryption=PreferOn
Password=12d2f5a0e446b80ad72a2ec6a3688ee308f543f59d7bf06f

40
roles/vnc/tasks/main.yaml Executable file → Normal file
View File

@@ -1,17 +1,23 @@
---
- name: enable vnc service and ensure it is not masked
become: true
systemd:
name: vncserver-x11-serviced.service
enabled: yes
masked: no
state: restarted
tags: enable_vnc
- name: copy vnc configuration with password
become: true
copy:
src: "{{ role_path }}/files/vncserver-x11"
dest: /root/.vnc/config.d/vncserver-x11
owner: root
group: root
tags: vnc_config
---
- name: enable vnc service and ensure it is not masked
become: true
systemd:
name: vncserver-x11-serviced.service
enabled: yes
masked: no
state: restarted
tags: enable_vnc
- name: copy vnc configuration with password
become: true
copy:
src: "{{ role_path }}/files/vncserver-x11"
dest: /root/.vnc/config.d/vncserver-x11
owner: root
group: root
tags: vnc_config
- name: set lxde in .xsession
lineinfile:
path: /home/pi/.xsession
line: lxsession -s Lubuntu -e LXDE
create: yes

0
roles/webclient/files/cadaver-webdav-clean.sh Executable file → Normal file
View File

0
roles/webclient/files/cadaver-webdav.sh Executable file → Normal file
View File

0
roles/webclient/files/webdav-session.sh Executable file → Normal file
View File

12
roles/wifi/files/dnsmasq.conf
View File

@@ -1,7 +1,7 @@
interface=wlan0
dhcp-range=10.250.250.2,10.250.250.6,255.255.255.248,24h
listen-address=10.250.250.1
bind-interfaces
server=8.8.8.8
bogus-priv
interface=wlan0
dhcp-range=10.250.250.2,10.250.250.6,255.255.255.248,24h
listen-address=10.250.250.1
bind-interfaces
server=8.8.8.8
bogus-priv
domain=demo.dsfinancial.com

30
roles/wifi/files/hostapd.conf
View File

@@ -1,15 +1,15 @@
interface=wlan0
driver=nl80211
hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
ignore_broadcast_ssid=0
wpa=2
auth_algs=1
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
ssid=PHLIPAMT
wpa_passphrase=dsfinisdemo
interface=wlan0
driver=nl80211
hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
ignore_broadcast_ssid=0
wpa=2
auth_algs=1
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
ssid=PHLIPAMT
wpa_passphrase=dsfinisdemo

36
roles/wifi/files/iptables.ipv4.nat
View File

@@ -1,18 +1,18 @@
# Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019
*filter
:INPUT ACCEPT [7056:1877085]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6972:1880076]
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
COMMIT
# Completed on Thu Mar 14 09:59:15 2019
# Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019
*nat
:PREROUTING ACCEPT [15:3832]
:INPUT ACCEPT [15:3832]
:OUTPUT ACCEPT [110:30472]
:POSTROUTING ACCEPT [106:29680]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Mar 14 09:59:15 2019
# Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019
*filter
:INPUT ACCEPT [7056:1877085]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6972:1880076]
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
COMMIT
# Completed on Thu Mar 14 09:59:15 2019
# Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019
*nat
:PREROUTING ACCEPT [15:3832]
:INPUT ACCEPT [15:3832]
:OUTPUT ACCEPT [110:30472]
:POSTROUTING ACCEPT [106:29680]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Mar 14 09:59:15 2019

216
roles/wifi/tasks/main.yaml Executable file → Normal file
View File

@@ -1,108 +1,108 @@
---
- name: Remove wpasupplicant package
become: yes
apt:
name: ['wpasupplicant']
state: absent
purge: true
tags: wireless_ap
- name: configure wlan0
become: true
blockinfile:
path: /etc/dhcpcd.conf
block: |
interface wlan0
static ip_address=10.250.250.1/29
nohook wpa_supplicant
tags: wireless_ap
- name: install hostapd
become: true
apt:
name: ['hostapd']
state: present
tags: wireless_ap
- name: configure hostapd
become: true
template:
src: "{{ role_path }}/templates/hostapd.conf.j2"
dest: "/etc/hostapd/hostapd.conf"
owner: root
group: root
backup: yes
tags: wireless_ap
- name: configure hostapd startup
become: true
tags: wireless_ap
lineinfile:
state: present
path: "{{ item.path }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { path: "/etc/init.d/hostapd", regexp: "^DAEMON_CONF=", line: "DAEMON_CONF=/etc/hostapd/hostapd.conf" }
- { path: "/etc/default/hostapd", regexp: "^#DAEMON_CONF=", line: "DAEMON_CONF=\"/etc/hostapd/hostapd.conf\"" }
- name: enable hostapd
become: true
systemd:
name: hostapd
enabled: yes
masked: no
state: restarted
tags: wireless_ap
- name: install dnsmasq
become: true
apt:
name: ['dnsmasq']
state: present
tags: wireless_ap
- name: configure dnsmasq
become: true
copy:
src: "{{ role_path }}/files/dnsmasq.conf"
dest: "/etc/dnsmasq.conf"
backup: yes
owner: root
group: root
tags: wireless_ap
- name: enable dnsmasq
become: true
systemd:
name: dnsmasq
enabled: yes
masked: no
state: restarted
tags: wireless_ap
- name: enable ipv4.forwarding
become: true
sysctl:
name: net.ipv4.ip_forward
value: 1
sysctl_set: yes
state: present
reload: yes
tags: wireless_ap
- name: copy fw config
become: true
copy:
src: "{{ role_path }}/files/iptables.ipv4.nat"
dest: "/etc/iptables.ipv4.nat"
backup: yes
owner: root
group: root
tags: wireless_ap
- name: iptables-restore to rc.local
lineinfile:
path: "/etc/rc.local"
state: present
insertbefore: "exit 0"
line: "iptables-restore < /etc/iptables.ipv4.nat"
become: true
tags: wireless_ap
- name: restart dhcpcd
become: true
systemd:
name: dhcpcd
enabled: yes
masked: no
state: restarted
tags: wireless_ap
---
- name: Remove wpasupplicant package
become: yes
apt:
name: ['wpasupplicant']
state: absent
purge: true
tags: wireless_ap
- name: configure wlan0
become: true
blockinfile:
path: /etc/dhcpcd.conf
block: |
interface wlan0
static ip_address=10.250.250.1/29
nohook wpa_supplicant
tags: wireless_ap
- name: install hostapd
become: true
apt:
name: ['hostapd']
state: present
tags: wireless_ap
- name: configure hostapd
become: true
template:
src: "{{ role_path }}/templates/hostapd.conf.j2"
dest: "/etc/hostapd/hostapd.conf"
owner: root
group: root
backup: yes
tags: wireless_ap
- name: configure hostapd startup
become: true
tags: wireless_ap
lineinfile:
state: present
path: "{{ item.path }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { path: "/etc/init.d/hostapd", regexp: "^DAEMON_CONF=", line: "DAEMON_CONF=/etc/hostapd/hostapd.conf" }
- { path: "/etc/default/hostapd", regexp: "^#DAEMON_CONF=", line: "DAEMON_CONF=\"/etc/hostapd/hostapd.conf\"" }
- name: enable hostapd
become: true
systemd:
name: hostapd
enabled: yes
masked: no
state: restarted
tags: wireless_ap
- name: install dnsmasq
become: true
apt:
name: ['dnsmasq']
state: present
tags: wireless_ap
- name: configure dnsmasq
become: true
copy:
src: "{{ role_path }}/files/dnsmasq.conf"
dest: "/etc/dnsmasq.conf"
backup: yes
owner: root
group: root
tags: wireless_ap
- name: enable dnsmasq
become: true
systemd:
name: dnsmasq
enabled: yes
masked: no
state: restarted
tags: wireless_ap
- name: enable ipv4.forwarding
become: true
sysctl:
name: net.ipv4.ip_forward
value: 1
sysctl_set: yes
state: present
reload: yes
tags: wireless_ap
- name: copy fw config
become: true
copy:
src: "{{ role_path }}/files/iptables.ipv4.nat"
dest: "/etc/iptables.ipv4.nat"
backup: yes
owner: root
group: root
tags: wireless_ap
- name: iptables-restore to rc.local
lineinfile:
path: "/etc/rc.local"
state: present
insertbefore: "exit 0"
line: "iptables-restore < /etc/iptables.ipv4.nat"
become: true
tags: wireless_ap
- name: restart dhcpcd
become: true
systemd:
name: dhcpcd
enabled: yes
masked: no
state: restarted
tags: wireless_ap

30
roles/wifi/templates/hostapd.conf.j2
View File

@@ -1,15 +1,15 @@
interface=wlan0
driver=nl80211
hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
ignore_broadcast_ssid=0
wpa=2
auth_algs=1
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
ssid={{ site_clli }}
wpa_passphrase=dsfinisdemo
interface=wlan0
driver=nl80211
hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
ignore_broadcast_ssid=0
wpa=2
auth_algs=1
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
ssid={{ site_clli }}
wpa_passphrase=dsfinisdemo

0
roles/youtube/files/youtube.sh Executable file → Normal file
View File

38
roles/youtube/tasks/main.yaml Executable file → Normal file
View File

@@ -1,19 +1,19 @@
---
- name: copy youtube script
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: pi
group: pi
mode: a+x
with_items:
- { src: "{{ role_path }}/files/youtube.sh", dest: "/home/pi/scripts/youtube.sh" }
tags: youtubetraff_script
- name: enable cron job for youtube traffic
cron:
name: "youtubetraff"
minute: "*/30"
hour: "7-18"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 900' && /home/pi/scripts/youtube.sh"
tags: youtubetraff_cron
---
- name: copy youtube script
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: pi
group: pi
mode: a+x
with_items:
- { src: "{{ role_path }}/files/youtube.sh", dest: "/home/pi/scripts/youtube.sh" }
tags: youtubetraff_script
- name: enable cron job for youtube traffic
cron:
name: "youtubetraff"
minute: "*/30"
hour: "7-18"
weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 900' && /home/pi/scripts/youtube.sh"
tags: youtubetraff_cron

98
samba.yml Executable file → Normal file
View File

@@ -1,49 +1,49 @@
---
- hosts: samba
tasks:
- name: Install Samba Packages
become: yes
apt:
name: ['samba', 'smbclient','winbind','krb5-user','krb5-config','krb5-locales','winbind','libpam-winbind','libnss-winbind','dnsutils']
state: present
update_cache: true
- name: stop samba services
become: yes
command: systemctl stop "{{ item }}"
ignore_errors: true
with_items:
- samba-ad-dc.service
- smbd.service
- nmbd.service
- winbind.service
- name: disable samba services
become: yes
command: systemctl disable "{{ item }}"
ignore_errors: true
with_items:
- samba-ad-dc.service
- smbd.service
- nmbd.service
- winbind.service
- name: set nsswitch service to use DNS resolution
become: yes
lineinfile:
path: /etc/nsswitch.conf
state: present
regexp: '^hosts:'
line: 'hosts: files dns mdns4_minimal [NOTFOUND=return]'
- name: check if smb.conf exists
stat:
path: /etc/samba/smb.conf
register: stat_result
- name: rename default smb.conf
become: yes
shell: mv /etc/samba/smb.conf /etc/samba/smb.conf.backup
ignore_errors: true
tags: remove_default_samba_config
- name: delete default kerberos configuration if it exists
become: yes
file:
state: absent
path: "/etc/krb5.conf"
tags: remove_default_samba_config
---
- hosts: samba
tasks:
- name: Install Samba Packages
become: yes
apt:
name: ['samba', 'smbclient','winbind','krb5-user','krb5-config','krb5-locales','winbind','libpam-winbind','libnss-winbind','dnsutils']
state: present
update_cache: true
- name: stop samba services
become: yes
command: systemctl stop "{{ item }}"
ignore_errors: true
with_items:
- samba-ad-dc.service
- smbd.service
- nmbd.service
- winbind.service
- name: disable samba services
become: yes
command: systemctl disable "{{ item }}"
ignore_errors: true
with_items:
- samba-ad-dc.service
- smbd.service
- nmbd.service
- winbind.service
- name: set nsswitch service to use DNS resolution
become: yes
lineinfile:
path: /etc/nsswitch.conf
state: present
regexp: '^hosts:'
line: 'hosts: files dns mdns4_minimal [NOTFOUND=return]'
- name: check if smb.conf exists
stat:
path: /etc/samba/smb.conf
register: stat_result
- name: rename default smb.conf
become: yes
shell: mv /etc/samba/smb.conf /etc/samba/smb.conf.backup
ignore_errors: true
tags: remove_default_samba_config
- name: delete default kerberos configuration if it exists
become: yes
file:
state: absent
path: "/etc/krb5.conf"
tags: remove_default_samba_config

20
set_sudoer.yml Executable file → Normal file
View File

@@ -1,10 +1,10 @@
---
- hosts: all
tasks:
- lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
become: true
---
- hosts: all
tasks:
- lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
become: true

4
temp.yaml Normal file
View File

@@ -0,0 +1,4 @@
---
- hosts: pi
roles:
- pi