mikepell/dsfin-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

-numerous changes to work with Raspbian 10

Browse Source 
-redo of some roles, particularly GUI
-modifications to support working from a "Raspbian Lite" install
This commit is contained in:
mpelle426
2019-07-10 14:24:34 +01:00
parent f86279f3cc
commit ed7eabd399
61 changed files with 12386 additions and 12383 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
INSTALL
View File

@@ -1,4 +1,4 @@
Install ansible on Raspberry Pi Install ansible on Raspberry Pi
* sudo apt-get install python3-pip * sudo apt-get install python3-pip
* sudo python3 -m pip install ansible * sudo python3 -m pip install ansible

260
README.md
View File

@@ -1,130 +1,130 @@
# Ansible for DS Financial demo network # Ansible for DS Financial demo network
Create and configure hosts (typically a Raspberry PI) for sites on demo network. Create and install tools to generate network traffic. Create and configure hosts (typically a Raspberry PI) for sites on demo network. Create and install tools to generate network traffic.
[DS Financial Demo Network](https://wiki.sys.comcast.net/pages/viewpage.action?spaceKey=ETHERNET&title=Demo+Network+Configuration) - Wiki [DS Financial Demo Network](https://wiki.sys.comcast.net/pages/viewpage.action?spaceKey=ETHERNET&title=Demo+Network+Configuration) - Wiki
# Current State # Current State
Currently, this is just a loose collection of some repeatable tasks. Currently, this is just a loose collection of some repeatable tasks.
The Goal is to evenually be able to spin up a "real" network, generating real traffic: The Goal is to evenually be able to spin up a "real" network, generating real traffic:
* Configure host name based on inventory (less manual "pi" setup) * Configure host name based on inventory (less manual "pi" setup)
* Configure DNS resolution by updating hosts files on each PI from inventory. This is much simpler than bothering to set up DNS services * Configure DNS resolution by updating hosts files on each PI from inventory. This is much simpler than bothering to set up DNS services
* SMB * SMB
* Currently working. Ansible to copy scripts and set up cron job * Currently working. Ansible to copy scripts and set up cron job
* Samba Server * Samba Server
* install samba * install samba
* configure share * configure share
* enable samba server * enable samba server
* generate server files in share * generate server files in share
* FTP * FTP
* Currently working. Manual configuration * Currently working. Manual configuration
* TBD set up server * TBD set up server
* TBD set up scripts and cron job on clients * TBD set up scripts and cron job on clients
* Web * Web
* Currently working. Manual configuration * Currently working. Manual configuration
* TBD setup server * TBD setup server
* EBD set up scripts and cron job on clients * EBD set up scripts and cron job on clients
* SIP/Voice * SIP/Voice
* Currently working for both client and server * Currently working for both client and server
* Download sipp source * Download sipp source
* Configure sipp source * Configure sipp source
* Copy scripts and set up cron jobs * Copy scripts and set up cron jobs
* Web application traffic. Note: Must currently be run on separate machines (ie. cannot have Facebook and Youtube on the same box) * Web application traffic. Note: Must currently be run on separate machines (ie. cannot have Facebook and Youtube on the same box)
* Youtube * Youtube
* Currently working. Ansible install of scripts and cron configuration * Currently working. Ansible install of scripts and cron configuration
* Facebook * Facebook
* Currently working. Ansible install of scripts and cron configuration * Currently working. Ansible install of scripts and cron configuration
* SalesForce * SalesForce
* Currently working. Ansible install of scripts and cron jobs * Currently working. Ansible install of scripts and cron jobs
## Getting Started ## Getting Started
TBD: On first PI: TBD: On first PI:
* connect to Comcast network to access Github Enterprise * connect to Comcast network to access Github Enterprise
* install updates * install updates
* set password for *pi* account * set password for *pi* account
* add *pi" to sudo group (for generic Ubuntu VM) * add *pi" to sudo group (for generic Ubuntu VM)
* usermod -a -G sudo pi * usermod -a -G sudo pi
* remove password requirement for sudo group * remove password requirement for sudo group
* sudo visudo * sudo visudo
* change line "%sudo ALL=(ALL:ALL) ALL" to "%sudo ALL=(ALL:ALL) NOPASSWD: ALL" * change line "%sudo ALL=(ALL:ALL) ALL" to "%sudo ALL=(ALL:ALL) NOPASSWD: ALL"
* git clone this repo * git clone this repo
* edit hosts per example * edit hosts per example
### Prerequisites ### Prerequisites
What things you need to install the software and how to install them What things you need to install the software and how to install them
``` ```
Give examples Give examples
``` ```
### Installing ### Installing
A step by step series of examples that tell you how to get a development env running A step by step series of examples that tell you how to get a development env running
Say what the step will be Say what the step will be
``` ```
Give the example Give the example
``` ```
And repeat And repeat
``` ```
until finished until finished
``` ```
End with an example of getting some data out of the system or using it for a little demo End with an example of getting some data out of the system or using it for a little demo
## Running the tests ## Running the tests
Explain how to run the automated tests for this system Explain how to run the automated tests for this system
### Break down into end to end tests ### Break down into end to end tests
Explain what these tests test and why Explain what these tests test and why
``` ```
Give an example Give an example
``` ```
### And coding style tests ### And coding style tests
Explain what these tests test and why Explain what these tests test and why
``` ```
Give an example Give an example
``` ```
## Deployment ## Deployment
Add additional notes about how to deploy this on a live system Add additional notes about how to deploy this on a live system
## Built With ## Built With
* [Dropwizard](http://www.dropwizard.io/1.0.2/docs/) - The web framework used * [Dropwizard](http://www.dropwizard.io/1.0.2/docs/) - The web framework used
* [Maven](https://maven.apache.org/) - Dependency Management * [Maven](https://maven.apache.org/) - Dependency Management
* [ROME](https://rometools.github.io/rome/) - Used to generate RSS Feeds * [ROME](https://rometools.github.io/rome/) - Used to generate RSS Feeds
## Contributing ## Contributing
Please read [CONTRIBUTING.md](https://gist.github.com/PurpleBooth/b24679402957c63ec426) for details on our code of conduct, and the process for submitting pull requests to us. Please read [CONTRIBUTING.md](https://gist.github.com/PurpleBooth/b24679402957c63ec426) for details on our code of conduct, and the process for submitting pull requests to us.
## Versioning ## Versioning
We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/your/project/tags). We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/your/project/tags).
## Authors ## Authors
* **Billie Thompson** - *Initial work* - [PurpleBooth](https://github.com/PurpleBooth) * **Billie Thompson** - *Initial work* - [PurpleBooth](https://github.com/PurpleBooth)
See also the list of [contributors](https://github.com/your/project/contributors) who participated in this project. See also the list of [contributors](https://github.com/your/project/contributors) who participated in this project.
## Acknowledgments ## Acknowledgments
* Hat tip to anyone whose code was used * Hat tip to anyone whose code was used
* Inspiration * Inspiration
* etc * etc

978
ansible.cfg Executable file → Normal file
View File

@@ -1,489 +1,489 @@
# config file for ansible -- https://ansible.com/ # config file for ansible -- https://ansible.com/
# =============================================== # ===============================================
# nearly all parameters can be overridden in ansible-playbook # nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG, # or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in # ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it # the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first # finds first
[defaults] [defaults]
# some basic default values... # some basic default values...
#inventory = /etc/ansible/hosts #inventory = /etc/ansible/hosts
#library = /usr/share/my_modules/ #library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/ #module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp #remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp #local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml #plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5 #forks = 5
#poll_interval = 15 #poll_interval = 15
#sudo_user = root #sudo_user = root
#ask_sudo_pass = True #ask_sudo_pass = True
#ask_pass = True #ask_pass = True
#transport = smart #transport = smart
#remote_port = 22 #remote_port = 22
#module_lang = C #module_lang = C
#module_set_locale = False #module_set_locale = False
# plays will gather facts by default, which contain information about # plays will gather facts by default, which contain information about
# the remote system. # the remote system.
# #
# smart - gather by default, but don't regather if already gathered # smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False # implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True # explicit - do not gather by default, must say gather_facts: True
#gathering = implicit #gathering = implicit
# This only affects the gathering done by a play's gather_facts directive, # This only affects the gathering done by a play's gather_facts directive,
# by default gathering retrieves all facts subsets # by default gathering retrieves all facts subsets
# all - gather all subsets # all - gather all subsets
# network - gather min and network facts # network - gather min and network facts
# hardware - gather hardware facts (longest facts to retrieve) # hardware - gather hardware facts (longest facts to retrieve)
# virtual - gather min and virtual facts # virtual - gather min and virtual facts
# facter - import facts from facter # facter - import facts from facter
# ohai - import facts from ohai # ohai - import facts from ohai
# You can combine them using comma (ex: network,virtual) # You can combine them using comma (ex: network,virtual)
# You can negate them using ! (ex: !hardware,!facter,!ohai) # You can negate them using ! (ex: !hardware,!facter,!ohai)
# A minimal set of facts is always gathered. # A minimal set of facts is always gathered.
#gather_subset = all #gather_subset = all
# some hardware related facts are collected # some hardware related facts are collected
# with a maximum timeout of 10 seconds. This # with a maximum timeout of 10 seconds. This
# option lets you increase or decrease that # option lets you increase or decrease that
# timeout to something more suitable for the # timeout to something more suitable for the
# environment. # environment.
# gather_timeout = 10 # gather_timeout = 10
# Ansible facts are available inside the ansible_facts.* dictionary # Ansible facts are available inside the ansible_facts.* dictionary
# namespace. This setting maintains the behaviour which was the default prior # namespace. This setting maintains the behaviour which was the default prior
# to 2.5, duplicating these variables into the main namespace, each with a # to 2.5, duplicating these variables into the main namespace, each with a
# prefix of 'ansible_'. # prefix of 'ansible_'.
# This variable is set to True by default for backwards compatibility. It # This variable is set to True by default for backwards compatibility. It
# will be changed to a default of 'False' in a future release. # will be changed to a default of 'False' in a future release.
# ansible_facts. # ansible_facts.
# inject_facts_as_vars = True # inject_facts_as_vars = True
# additional paths to search for roles in, colon separated # additional paths to search for roles in, colon separated
#roles_path = /etc/ansible/roles #roles_path = /etc/ansible/roles
# uncomment this to disable SSH key host checking # uncomment this to disable SSH key host checking
#host_key_checking = False host_key_checking = False
# change the default callback, you can only have one 'stdout' type enabled at a time. # change the default callback, you can only have one 'stdout' type enabled at a time.
#stdout_callback = skippy #stdout_callback = skippy
## Ansible ships with some plugins that require whitelisting, ## Ansible ships with some plugins that require whitelisting,
## this is done to avoid running all of a type by default. ## this is done to avoid running all of a type by default.
## These setting lists those that you want enabled for your system. ## These setting lists those that you want enabled for your system.
## Custom plugins should not need this unless plugin author specifies it. ## Custom plugins should not need this unless plugin author specifies it.
# enable callback plugins, they can output to stdout but cannot be 'stdout' type. # enable callback plugins, they can output to stdout but cannot be 'stdout' type.
#callback_whitelist = timer, mail #callback_whitelist = timer, mail
# Determine whether includes in tasks and handlers are "static" by # Determine whether includes in tasks and handlers are "static" by
# default. As of 2.0, includes are dynamic by default. Setting these # default. As of 2.0, includes are dynamic by default. Setting these
# values to True will make includes behave more like they did in the # values to True will make includes behave more like they did in the
# 1.x versions. # 1.x versions.
#task_includes_static = False #task_includes_static = False
#handler_includes_static = False #handler_includes_static = False
# Controls if a missing handler for a notification event is an error or a warning # Controls if a missing handler for a notification event is an error or a warning
#error_on_missing_handler = True #error_on_missing_handler = True
# change this for alternative sudo implementations # change this for alternative sudo implementations
#sudo_exe = sudo #sudo_exe = sudo
# What flags to pass to sudo # What flags to pass to sudo
# WARNING: leaving out the defaults might create unexpected behaviours # WARNING: leaving out the defaults might create unexpected behaviours
#sudo_flags = -H -S -n #sudo_flags = -H -S -n
# SSH timeout # SSH timeout
#timeout = 10 #timeout = 10
# default user to use for playbooks if user is not specified # default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default) # (/usr/bin/ansible will use current user as default)
#remote_user = root #remote_user = root
# logging is off by default unless this path is defined # logging is off by default unless this path is defined
# if so defined, consider logrotate # if so defined, consider logrotate
log_path = /var/log/ansible.log log_path = ~/ansible.log
# default module name for /usr/bin/ansible # default module name for /usr/bin/ansible
#module_name = command #module_name = command
# use this shell for commands executed under sudo # use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances # you may need to change this to bin/bash in rare instances
# if sudo is constrained # if sudo is constrained
#executable = /bin/sh #executable = /bin/sh
# if inventory variables overlap, does the higher precedence one win # if inventory variables overlap, does the higher precedence one win
# or are hash values merged together? The default is 'replace' but # or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'. # this can also be set to 'merge'.
#hash_behaviour = replace #hash_behaviour = replace
# by default, variables from roles will be visible in the global variable # by default, variables from roles will be visible in the global variable
# scope. To prevent this, the following option can be enabled, and only # scope. To prevent this, the following option can be enabled, and only
# tasks and handlers within the role will see the variables there # tasks and handlers within the role will see the variables there
#private_role_vars = yes #private_role_vars = yes
# list any Jinja2 extensions to enable here: # list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as # if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook # if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file #private_key_file = /path/to/file
# If set, configures the path to the Vault password file as an alternative to # If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line. # specifying --vault-password-file on the command line.
#vault_password_file = /path/to/vault_password_file #vault_password_file = /path/to/vault_password_file
# format of string {{ ansible_managed }} available within Jinja2 # format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced. # templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values. # replacing {file}, {host} and {uid} and strftime codes with proper values.
#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} #ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence # {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
# in some situations so the default is a static string: # in some situations so the default is a static string:
#ansible_managed = Ansible managed #ansible_managed = Ansible managed
# by default, ansible-playbook will display "Skipping [host]" if it determines a task # by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping" # should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the # messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped. # task is skipped.
#display_skipped_hosts = True #display_skipped_hosts = True
# by default, if a task in a playbook does not include a name: field then # by default, if a task in a playbook does not include a name: field then
# ansible-playbook will construct a header that includes the task's action but # ansible-playbook will construct a header that includes the task's action but
# not the task's args. This is a security feature because ansible cannot know # not the task's args. This is a security feature because ansible cannot know
# if the *module* considers an argument to be no_log at the time that the # if the *module* considers an argument to be no_log at the time that the
# header is printed. If your environment doesn't have a problem securing # header is printed. If your environment doesn't have a problem securing
# stdout from ansible-playbook (or you have manually specified no_log in your # stdout from ansible-playbook (or you have manually specified no_log in your
# playbook on all of the tasks where you have secret information) then you can # playbook on all of the tasks where you have secret information) then you can
# safely set this to True to get more informative messages. # safely set this to True to get more informative messages.
#display_args_to_stdout = False #display_args_to_stdout = False
# by default (as of 1.3), Ansible will raise errors when attempting to dereference # by default (as of 1.3), Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line # Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3. # to revert the behavior to pre-1.3.
#error_on_undefined_vars = False #error_on_undefined_vars = False
# by default (as of 1.6), Ansible may display warnings based on the configuration of the # by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or # system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible. # other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False: # to disable these warnings, set the following value to False:
#system_warnings = True #system_warnings = True
# by default (as of 1.4), Ansible may display deprecation warnings for language # by default (as of 1.4), Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions. # features that should no longer be used and will be removed in future versions.
# to disable these warnings, set the following value to False: # to disable these warnings, set the following value to False:
#deprecation_warnings = True #deprecation_warnings = True
# (as of 1.8), Ansible can optionally warn when usage of the shell and # (as of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a default Ansible module # command module appear to be simplified by using a default Ansible module
# instead. These warnings can be silenced by adjusting the following # instead. These warnings can be silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line # setting or adding warn=yes or warn=no to the end of the command line
# parameter string. This will for example suggest using the git module # parameter string. This will for example suggest using the git module
# instead of shelling out to the git command. # instead of shelling out to the git command.
# command_warnings = False # command_warnings = False
# set plugin path directories here, separate with colons # set plugin path directories here, separate with colons
#action_plugins = /usr/share/ansible/plugins/action #action_plugins = /usr/share/ansible/plugins/action
#cache_plugins = /usr/share/ansible/plugins/cache #cache_plugins = /usr/share/ansible/plugins/cache
#callback_plugins = /usr/share/ansible/plugins/callback #callback_plugins = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection #connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins = /usr/share/ansible/plugins/lookup #lookup_plugins = /usr/share/ansible/plugins/lookup
#inventory_plugins = /usr/share/ansible/plugins/inventory #inventory_plugins = /usr/share/ansible/plugins/inventory
#vars_plugins = /usr/share/ansible/plugins/vars #vars_plugins = /usr/share/ansible/plugins/vars
#filter_plugins = /usr/share/ansible/plugins/filter #filter_plugins = /usr/share/ansible/plugins/filter
#test_plugins = /usr/share/ansible/plugins/test #test_plugins = /usr/share/ansible/plugins/test
#terminal_plugins = /usr/share/ansible/plugins/terminal #terminal_plugins = /usr/share/ansible/plugins/terminal
#strategy_plugins = /usr/share/ansible/plugins/strategy #strategy_plugins = /usr/share/ansible/plugins/strategy
# by default, ansible will use the 'linear' strategy but you may want to try # by default, ansible will use the 'linear' strategy but you may want to try
# another one # another one
#strategy = free #strategy = free
# by default callbacks are not loaded for /bin/ansible, enable this if you # by default callbacks are not loaded for /bin/ansible, enable this if you
# want, for example, a notification or logging callback to also apply to # want, for example, a notification or logging callback to also apply to
# /bin/ansible runs # /bin/ansible runs
#bin_ansible_callbacks = False #bin_ansible_callbacks = False
# don't like cows? that's unfortunate. # don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1 #nocows = 1
# set which cowsay stencil you'd like to use by default. When set to 'random', # set which cowsay stencil you'd like to use by default. When set to 'random',
# a random stencil will be selected for each task. The selection will be filtered # a random stencil will be selected for each task. The selection will be filtered
# against the `cow_whitelist` option below. # against the `cow_whitelist` option below.
#cow_selection = default #cow_selection = default
#cow_selection = random #cow_selection = random
# when using the 'random' option for cowsay, stencils will be restricted to this list. # when using the 'random' option for cowsay, stencils will be restricted to this list.
# it should be formatted as a comma-separated list with no spaces between names. # it should be formatted as a comma-separated list with no spaces between names.
# NOTE: line continuations here are for formatting purposes only, as the INI parser # NOTE: line continuations here are for formatting purposes only, as the INI parser
# in python does not support them. # in python does not support them.
#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\ #cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\ # hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www # stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
# don't like colors either? # don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1 #nocolor = 1
# if set to a persistent type (not 'memory', for example 'redis') fact values # if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when # from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers # wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their # without having to talk to them in the same playbook run to get their
# current IP information. # current IP information.
#fact_caching = memory #fact_caching = memory
#This option tells Ansible where to cache facts. The value is plugin dependent. #This option tells Ansible where to cache facts. The value is plugin dependent.
#For the jsonfile plugin, it should be a path to a local directory. #For the jsonfile plugin, it should be a path to a local directory.
#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0 #For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
#fact_caching_connection=/tmp #fact_caching_connection=/tmp
# retry files # retry files
# When a playbook fails by default a .retry file will be created in ~/ # When a playbook fails by default a .retry file will be created in ~/
# You can disable this feature by setting retry_files_enabled to False # You can disable this feature by setting retry_files_enabled to False
# and you can change the location of the files by setting retry_files_save_path # and you can change the location of the files by setting retry_files_save_path
#retry_files_enabled = False #retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry #retry_files_save_path = ~/.ansible-retry
# squash actions # squash actions
# Ansible can optimise actions that call modules with list parameters # Ansible can optimise actions that call modules with list parameters
# when looping. Instead of calling the module once per with_ item, the # when looping. Instead of calling the module once per with_ item, the
# module is called once with all items at once. Currently this only works # module is called once with all items at once. Currently this only works
# under limited circumstances, and only with parameters named 'name'. # under limited circumstances, and only with parameters named 'name'.
#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper #squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
# prevents logging of task data, off by default # prevents logging of task data, off by default
#no_log = False #no_log = False
# prevents logging of tasks, but only on the targets, data is still logged on the master/controller # prevents logging of tasks, but only on the targets, data is still logged on the master/controller
#no_target_syslog = False #no_target_syslog = False
# controls whether Ansible will raise an error or warning if a task has no # controls whether Ansible will raise an error or warning if a task has no
# choice but to create world readable temporary files to execute a module on # choice but to create world readable temporary files to execute a module on
# the remote machine. This option is False by default for security. Users may # the remote machine. This option is False by default for security. Users may
# turn this on to have behaviour more like Ansible prior to 2.1.x. See # turn this on to have behaviour more like Ansible prior to 2.1.x. See
# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user # https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
# for more secure ways to fix this than enabling this option. # for more secure ways to fix this than enabling this option.
#allow_world_readable_tmpfiles = False #allow_world_readable_tmpfiles = False
# controls the compression level of variables sent to # controls the compression level of variables sent to
# worker processes. At the default of 0, no compression # worker processes. At the default of 0, no compression
# is used. This value must be an integer from 0 to 9. # is used. This value must be an integer from 0 to 9.
#var_compression_level = 9 #var_compression_level = 9
# controls what compression method is used for new-style ansible modules when # controls what compression method is used for new-style ansible modules when
# they are sent to the remote system. The compression types depend on having # they are sent to the remote system. The compression types depend on having
# support compiled into both the controller's python and the client's python. # support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types: # The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere) # * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default) # * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory # These values may be set per host via the ansible_module_compression inventory
# variable # variable
#module_compression = 'ZIP_DEFLATED' #module_compression = 'ZIP_DEFLATED'
# This controls the cutoff point (in bytes) on --diff for files # This controls the cutoff point (in bytes) on --diff for files
# set to 0 for unlimited (RAM may suffer!). # set to 0 for unlimited (RAM may suffer!).
#max_diff_size = 1048576 #max_diff_size = 1048576
# This controls how ansible handles multiple --tags and --skip-tags arguments # This controls how ansible handles multiple --tags and --skip-tags arguments
# on the CLI. If this is True then multiple arguments are merged together. If # on the CLI. If this is True then multiple arguments are merged together. If
# it is False, then the last specified argument is used and the others are ignored. # it is False, then the last specified argument is used and the others are ignored.
# This option will be removed in 2.8. # This option will be removed in 2.8.
#merge_multiple_cli_flags = True #merge_multiple_cli_flags = True
# Controls showing custom stats at the end, off by default # Controls showing custom stats at the end, off by default
#show_custom_stats = True #show_custom_stats = True
# Controls which files to ignore when using a directory as inventory with # Controls which files to ignore when using a directory as inventory with
# possibly multiple sources (both static and dynamic) # possibly multiple sources (both static and dynamic)
#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo #inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
# This family of modules use an alternative execution path optimized for network appliances # This family of modules use an alternative execution path optimized for network appliances
# only update this setting if you know how this works, otherwise it can break module execution # only update this setting if you know how this works, otherwise it can break module execution
#network_group_modules=eos, nxos, ios, iosxr, junos, vyos #network_group_modules=eos, nxos, ios, iosxr, junos, vyos
# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as # When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain # a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
# jinja2 templating language which will be run through the templating engine. # jinja2 templating language which will be run through the templating engine.
# ENABLING THIS COULD BE A SECURITY RISK # ENABLING THIS COULD BE A SECURITY RISK
#allow_unsafe_lookups = False #allow_unsafe_lookups = False
# set default errors for all plays # set default errors for all plays
#any_errors_fatal = False #any_errors_fatal = False
[inventory] [inventory]
# enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml' # enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml'
#enable_plugins = host_list, virtualbox, yaml, constructed #enable_plugins = host_list, virtualbox, yaml, constructed
# ignore these extensions when parsing a directory as inventory source # ignore these extensions when parsing a directory as inventory source
#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry #ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
# ignore files matching these patterns when parsing a directory as inventory source # ignore files matching these patterns when parsing a directory as inventory source
#ignore_patterns= #ignore_patterns=
# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise. # If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
#unparsed_is_failed=False #unparsed_is_failed=False
[privilege_escalation] [privilege_escalation]
#become=True #become=True
#become_method=sudo #become_method=sudo
#become_user=root #become_user=root
#become_ask_pass=False #become_ask_pass=False
[paramiko_connection] [paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host # uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the # keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above. # host key checking setting above.
#record_host_keys=False #record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this # by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour. # line to disable this behaviour.
#pty=False #pty=False
# paramiko will default to looking for SSH keys initially when trying to # paramiko will default to looking for SSH keys initially when trying to
# authenticate to remote devices. This is a problem for some network devices # authenticate to remote devices. This is a problem for some network devices
# that close the connection after a key failure. Uncomment this line to # that close the connection after a key failure. Uncomment this line to
# disable the Paramiko look for keys function # disable the Paramiko look for keys function
#look_for_keys = False #look_for_keys = False
# When using persistent connections with Paramiko, the connection runs in a # When using persistent connections with Paramiko, the connection runs in a
# background process. If the host doesn't already have a valid SSH key, by # background process. If the host doesn't already have a valid SSH key, by
# default Ansible will prompt to add the host key. This will cause connections # default Ansible will prompt to add the host key. This will cause connections
# running in background processes to fail. Uncomment this line to have # running in background processes to fail. Uncomment this line to have
# Paramiko automatically add host keys. # Paramiko automatically add host keys.
#host_key_auto_add = True #host_key_auto_add = True
[ssh_connection] [ssh_connection]
# ssh arguments to use # ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use # Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it, -C controls compression use # paramiko on older platforms rather than removing it, -C controls compression use
#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
# The base directory for the ControlPath sockets. # The base directory for the ControlPath sockets.
# This is the "%(directory)s" in the control_path option # This is the "%(directory)s" in the control_path option
# #
# Example: # Example:
# control_path_dir = /tmp/.ansible/cp # control_path_dir = /tmp/.ansible/cp
#control_path_dir = ~/.ansible/cp #control_path_dir = ~/.ansible/cp
# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname, # The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
# port and username (empty string in the config). The hash mitigates a common problem users # port and username (empty string in the config). The hash mitigates a common problem users
# found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format. # found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
# In those cases, a "too long for Unix domain socket" ssh error would occur. # In those cases, a "too long for Unix domain socket" ssh error would occur.
# #
# Example: # Example:
# control_path = %(directory)s/%%h-%%r # control_path = %(directory)s/%%h-%%r
#control_path = #control_path =
# Enabling pipelining reduces the number of SSH operations required to # Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant # execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must # performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers # first disable 'requiretty' in /etc/sudoers
# #
# By default, this option is disabled to preserve compatibility with # By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros). # sudoers configurations that have requiretty (the default on many distros).
# #
#pipelining = False #pipelining = False
# Control the mechanism for transferring files (old) # Control the mechanism for transferring files (old)
# * smart = try sftp and then try scp [default] # * smart = try sftp and then try scp [default]
# * True = use scp only # * True = use scp only
# * False = use sftp only # * False = use sftp only
#scp_if_ssh = smart #scp_if_ssh = smart
# Control the mechanism for transferring files (new) # Control the mechanism for transferring files (new)
# If set, this will override the scp_if_ssh option # If set, this will override the scp_if_ssh option
# * sftp = use sftp to transfer files # * sftp = use sftp to transfer files
# * scp = use scp to transfer files # * scp = use scp to transfer files
# * piped = use 'dd' over SSH to transfer files # * piped = use 'dd' over SSH to transfer files
# * smart = try sftp, scp, and piped, in that order [default] # * smart = try sftp, scp, and piped, in that order [default]
#transfer_method = smart #transfer_method = smart
# if False, sftp will not use batch mode to transfer files. This may cause some # if False, sftp will not use batch mode to transfer files. This may cause some
# types of file transfer failures impossible to catch however, and should # types of file transfer failures impossible to catch however, and should
# only be disabled if your sftp version has problems with batch mode # only be disabled if your sftp version has problems with batch mode
#sftp_batch_mode = False #sftp_batch_mode = False
# The -tt argument is passed to ssh when pipelining is not enabled because sudo # The -tt argument is passed to ssh when pipelining is not enabled because sudo
# requires a tty by default. # requires a tty by default.
#usetty = True #usetty = True
# Number of times to retry an SSH connection to a host, in case of UNREACHABLE. # Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
# For each retry attempt, there is an exponential backoff, # For each retry attempt, there is an exponential backoff,
# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max). # so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
#retries = 3 #retries = 3
[persistent_connection] [persistent_connection]
# Configures the persistent connection timeout value in seconds. This value is # Configures the persistent connection timeout value in seconds. This value is
# how long the persistent connection will remain idle before it is destroyed. # how long the persistent connection will remain idle before it is destroyed.
# If the connection doesn't receive a request before the timeout value # If the connection doesn't receive a request before the timeout value
# expires, the connection is shutdown. The default value is 30 seconds. # expires, the connection is shutdown. The default value is 30 seconds.
#connect_timeout = 30 #connect_timeout = 30
# The command timeout value defines the amount of time to wait for a command # The command timeout value defines the amount of time to wait for a command
# or RPC call before timing out. The value for the command timeout must # or RPC call before timing out. The value for the command timeout must
# be less than the value of the persistent connection idle timeout (connect_timeout) # be less than the value of the persistent connection idle timeout (connect_timeout)
# The default value is 30 second. # The default value is 30 second.
#command_timeout = 30 #command_timeout = 30
[accelerate] [accelerate]
#accelerate_port = 5099 #accelerate_port = 5099
#accelerate_timeout = 30 #accelerate_timeout = 30
#accelerate_connect_timeout = 5.0 #accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured # The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon. # from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30 #accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple # If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must # private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default # have access to the system via SSH to add a new key. The default
# is "no". # is "no".
#accelerate_multi_key = yes #accelerate_multi_key = yes
[selinux] [selinux]
# file systems that require special treatment when dealing with security context # file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default # the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context. # needs to be changed to use the file system dependent context.
#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p #special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
# Set this to yes to allow libvirt_lxc connections to work without SELinux. # Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes #libvirt_lxc_noseclabel = yes
[colors] [colors]
#highlight = white #highlight = white
#verbose = blue #verbose = blue
#warn = bright purple #warn = bright purple
#error = red #error = red
#debug = dark gray #debug = dark gray
#deprecate = purple #deprecate = purple
#skip = cyan #skip = cyan
#unreachable = red #unreachable = red
#ok = green #ok = green
#changed = yellow #changed = yellow
#diff_add = green #diff_add = green
#diff_remove = red #diff_remove = red
#diff_lines = cyan #diff_lines = cyan
[diff] [diff]
# Always print diff when running ( same as always running with -D/--diff ) # Always print diff when running ( same as always running with -D/--diff )
# always = no # always = no
# Set how many context lines to show in diff # Set how many context lines to show in diff
# context = 3 # context = 3

8
clean_hosts.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: clean hosts file
become: true
blockinfile:
path: /etc/hosts
marker: "# {mark} ANSIBLE MANAGED BLOCK"
content: ""
tags: clean_hosts

15
deploy_authorized_keys.yml Normal file
View File

@@ -0,0 +1,15 @@
---
- hosts: all
tasks:
- name: make direcotry
file:
path: "/home/pi/.ssh"
state: directory
- name: create empty file
file:
path: "/home/pi/.ssh/authorized_keys"
state: touch
- name: put pubkey
lineinfile:
path: "/home/pi/.ssh/authorized_keys"
line: "{{ pubkey }}"

150
hosts Executable file → Normal file
View File

@@ -1,108 +1,42 @@
sdwcltm2 ansible_host=192.168.50.2 site_clli=CRHMNJAW ned-host1 ansible_host=192.168.88.248
sdwcltm3 ansible_host=192.168.201.55 site_clli=MTLRNJIK ned-host2 ansible_host=192.168.88.217
sdwcltm5 ansible_host=192.168.35.1 site_clli=PHLJPAMT ned-host3 ansible_host=192.168.88.230
sdwsrvm ansible_host=192.168.60.2 site_clli=WLGRPABW
sdwcltm8 ansible_host=192.168.150.2 site_clli=FTCLCORN [ansible-hosts]
ubuntu-server-2 ansible_host=192.168.198.2 site_clli=CMCYCOJL ned-host1
sdwcltm7 ansible_host=192.168.199.2 site_clli=SRSPNYGN
sdwsrvl ansible_host=192.168.90.2 site_clli=LSBGFL59 [pi]
sdwcltm4 ansible_host=192.168.100.2 site_clli=PROVUTZZ ned-host1
sdwcltm6 ansible_host=192.168.200.34 site_clli=PHLJPAMT ned-host2
ubuntu-server-1 ansible_host=192.168.201.2 site_clli=MTLRNJIK ned-host3
sdwcltm9 ansible_host=192.168.200.163 site_clli=NRCRGAQN
#192.168.201.3 [samba-server]
ipsectest1 ansible_host=192.168.201.90 ned-host1
[pi] [smbclient]
sdwcltm2 ned-host2
sdwcltm3 ned-host3
sdwcltm5
sdwsrvm [public]
sdwcltm8
sdwcltm6 [snmpd]
sdwcltm7
sdwsrvl [netflows]
sdwcltm4
#192.168.201.3 [facebook]
ned-host1
[samba-server]
ipsectest1 [salesforce]
ned-host2
[smbclient]
sdwcltm2 [youtube]
sdwcltm3 ned-host3
ubuntu-server-1
sdwcltm5 [ftpclient]
sdwsrvm
sdwcltm8 [sipclient]
sdwcltm6 ned-host2
sdwcltm7 ned-host3
sdwsrvl
sdwcltm4 [sipserver]
sdwcltm9 ned-host1
[public]
ubuntu-server-1
[snmpd]
#192.168.201.3
sdwcltm2
sdwcltm3
sdwcltm6
sdwcltm8
[netflows]
sdwcltm2
sdwcltm3
sdwcltm5
sdwcltm6
sdwcltm7
sdwcltm4
sdwcltm8
sdwcltm9
sdwsrvm
sdwsrvl
ubuntu-server-1
ubuntu-server-2
[facebook]
sdwcltm5
sdwsrvm
sdwcltm4
[salesforce]
sdwcltm3
sdwcltm6
sdwcltm7
sdwsrvl
sdwcltm8
[youtube]
sdwcltm2
sdwcltm3
[ftpclient]
sdwcltm2
sdwcltm3
sdwcltm4
sdwcltm5
sdwcltm6
sdwcltm7
sdwcltm8
sdwsrvm
ubuntu-server-1
[sipclient]
sdwcltm2
sdwcltm3
sdwcltm4
sdwcltm5
sdwcltm6
sdwcltm7
sdwcltm8
sdwcltm9
sdwsrvl
sdwsrvm
[sipserver]
ubuntu-server-2

22
inventory.cfg Executable file → Normal file
View File

@@ -1,11 +1,11 @@
[all] [all]
192.168.50.2 192.168.50.2
192.168.35.1 192.168.35.1
192.168.60.2 192.168.60.2
192.168.150.2 192.168.150.2
192.168.198.2 192.168.198.2
192.168.199.2 192.168.199.2
192.168.90.2 192.168.90.2
192.168.100.2 192.168.100.2
192.168.201.2 192.168.201.2

98
main.yaml
View File

@@ -1,50 +1,48 @@
--- ---
- hosts: netflows - hosts: netflows
roles: roles:
- netflows - netflows
- hosts: all - hosts: all
roles: roles:
- common - common
- hosts: public - hosts: public
roles: roles:
- public - public
- hosts: samba-server - hosts: samba-server
roles: roles:
- samba-server - samba-server
- hosts: smbclient - hosts: smbclient
roles: roles:
- smbclient - smbclient
- hosts: pi - hosts: pi
roles: roles:
- snmpd - vnc
- wifi - domainname
- vnc - pi
- domainname # vars_prompt:
- pi # - name: rocommunity
vars_prompt: # prompt: "Enter SNMP RO community name"
- name: rocommunity # default: "public"
prompt: "Enter SNMP RO community name" - hosts: youtube
default: "public" roles:
- hosts: youtube - youtube
roles: - hosts: ftpclient
- youtube roles:
- hosts: ftpclient - ftpclient
roles: - hosts: facebook
- ftpclient roles:
- hosts: facebook - facebook
roles: - hosts: salesforce
- facebook roles:
- hosts: salesforce - salesforce
roles: - hosts: all
- salesforce roles:
- hosts: all - nrpe
roles: - hosts: sipclient
- nrpe roles:
- hosts: sipclient - sipp
roles: - sipclient
- sipp - hosts: sipserver
- sipclient roles:
- hosts: sipserver - sipp
roles: - sipserver
- sipp
- sipserver

10
password.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
- hosts: all
tasks:
- name: pi
become: yes
user:
name: pi
state: present
update_password: always
password: "$6$Vmob4l5KBg11gcNV$fY.hrffHEc9gpcFhVdEmW7tepxJURBmkgQhC7kC25VsxcfHAtlqEP6Cvm6nK4jtqndkaQ/I29h/MkKk8KsdSV1"

104
playbook.yaml Executable file → Normal file
View File

@@ -1,52 +1,52 @@
--- ---
- hosts: all - hosts: all
tasks: tasks:
- name: Upgrade all packages o the latest version - name: Upgrade all packages o the latest version
become: true become: true
apt: apt:
upgrade: yes upgrade: yes
update_cache: yes update_cache: yes
tags: apt_upgrade tags: apt_upgrade
- hosts: pi - hosts: pi
tasks: tasks:
- name: Install snmpd Package - name: Install snmpd Package
become: yes become: yes
apt: apt:
name: ['snmpd'] name: ['snmpd']
state: present state: present
update_cache: true update_cache: true
tags: install_snmpd tags: install_snmpd
- lineinfile: - lineinfile:
path: /etc/snmp/snmpd.conf path: /etc/snmp/snmpd.conf
state: present state: present
regexp: "{{ item.regexp }}" regexp: "{{ item.regexp }}"
line: "{{ item.line }}" line: "{{ item.line }}"
with_items: with_items:
- { regexp: ' rocommunity public', line: ' rocommunity public' } - { regexp: ' rocommunity public', line: ' rocommunity public' }
- { regexp: 'agentAddress udp:127.0.0.1:161', line: 'agentAddress udp:161' } - { regexp: 'agentAddress udp:127.0.0.1:161', line: 'agentAddress udp:161' }
tags: configure_snmpd tags: configure_snmpd
become: true become: true
- name: enable snmpd service and ensure it is not masked - name: enable snmpd service and ensure it is not masked
systemd: systemd:
name: snmpd name: snmpd
enabled: yes enabled: yes
masked: no masked: no
state: restarted state: restarted
tags: enablestart_snmpd tags: enablestart_snmpd
become: true become: true
- name: set timezone - name: set timezone
become: true become: true
timezone: timezone:
name: America/New_York name: America/New_York
tags: set_timezone tags: set_timezone
- hosts: smbclient - hosts: smbclient
tasks: tasks:
- name: enable cron job for smb traffic - name: enable cron job for smb traffic
cron: cron:
name: "smbtraff" name: "smbtraff"
minute: "*/20" minute: "*/20"
hour: "7-18" hour: "7-18"
weekday: "1-5" weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 1199' && /home/pi/scripts/smb-session.sh" job: "/usr/bin/perl -e 'sleep int rand 1199' && /home/pi/scripts/smb-session.sh"
tags: smbtraff_cron tags: smbtraff_cron

6
reboot.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
- hosts: all,!ansible-hosts
tasks:
- name: reboot
become: yes
reboot:

2
requirements.yml Normal file
View File

@@ -0,0 +1,2 @@
- name: mikolak-net.raspi_config

46
roles/autossh/files/sdwan-versa.pem
View File

@@ -1,23 +1,23 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAjqnbFpamk/ko2FvgfHLvTsegVJGJ6sjNmG0E/MgWEPU+QwLBMRMSk0vLeasn MIIEogIBAAKCAQEAjqnbFpamk/ko2FvgfHLvTsegVJGJ6sjNmG0E/MgWEPU+QwLBMRMSk0vLeasn
21P4EDHnwqBUdUmZYitOzPAmVG6G97Q3g8X/O75Ju08z+ijk09n0gDgKDx/4Z/KeSqMSDLb1V77u 21P4EDHnwqBUdUmZYitOzPAmVG6G97Q3g8X/O75Ju08z+ijk09n0gDgKDx/4Z/KeSqMSDLb1V77u
SOWgjV6Snbnivs2Vfd3HF4Apu2i/BqjOXBPoQxtF1xFSg8JOKjWQzfY5WXRiYssNTmCPTI/dFERR SOWgjV6Snbnivs2Vfd3HF4Apu2i/BqjOXBPoQxtF1xFSg8JOKjWQzfY5WXRiYssNTmCPTI/dFERR
nqGws8GXeVbRv8+Yl7sP0VIVJ/FpVLZul20keta/8ISiu9Y4TkgjKLn9P5P5V0ySdmG7INIUDSzc nqGws8GXeVbRv8+Yl7sP0VIVJ/FpVLZul20keta/8ISiu9Y4TkgjKLn9P5P5V0ySdmG7INIUDSzc
VGxEUuumdoul6r2gDMDUhxvduZGy0sfzPvt49NI23tq13AsSpzhV1wIDAQABAoIBABrJxjvdmfXb VGxEUuumdoul6r2gDMDUhxvduZGy0sfzPvt49NI23tq13AsSpzhV1wIDAQABAoIBABrJxjvdmfXb
KVJHHkYABvOSBIcctPsDLafbgL4+i/YvNru6frBKVoiWCOUVwGwsvj28QTqIhJNpeIW4gBl3Vpsw KVJHHkYABvOSBIcctPsDLafbgL4+i/YvNru6frBKVoiWCOUVwGwsvj28QTqIhJNpeIW4gBl3Vpsw
DePhUTNLMHv1ZT7oxmfI2f71xDV3UFw6sphCNHrrV+5PRI5vaasCgz1IbttzFiKh09pIlKPTCwMH DePhUTNLMHv1ZT7oxmfI2f71xDV3UFw6sphCNHrrV+5PRI5vaasCgz1IbttzFiKh09pIlKPTCwMH
zibf96/OPDps3Tdoi6NNm0GOiApt56M/p/Rjg8zaMUrpkMfEWw4v6RAHRtOTW2u1guXRBehJvQMW zibf96/OPDps3Tdoi6NNm0GOiApt56M/p/Rjg8zaMUrpkMfEWw4v6RAHRtOTW2u1guXRBehJvQMW
Sm15cjJ0/NI7rlA7rmkZnioytGDzd7hFa/7VBnOObcHy+/E3cFeK1Yn361oIbvR9Wy9T+CrciRDE Sm15cjJ0/NI7rlA7rmkZnioytGDzd7hFa/7VBnOObcHy+/E3cFeK1Yn361oIbvR9Wy9T+CrciRDE
zcLawr3VBsAfd5n5wTuoel1vLyECgYEA5G2S6TZTFRLvn22hESbsw+9UGoqBvpO0dVTNi0PnhmHj zcLawr3VBsAfd5n5wTuoel1vLyECgYEA5G2S6TZTFRLvn22hESbsw+9UGoqBvpO0dVTNi0PnhmHj
H7CA4FlD4cBqKdv51WBoaeM6zgI14e+LjXdOdvEnaMn0g3RDRPRF9LVwxq4kPKBuOHaSY3UF/czt H7CA4FlD4cBqKdv51WBoaeM6zgI14e+LjXdOdvEnaMn0g3RDRPRF9LVwxq4kPKBuOHaSY3UF/czt
HzKCDBMc/L4rYgrYKYKPk8nY1qL2w7iqJsT1UMYBOI0et4bMLo8CgYEAn+Iod9UWjBQkIory6Q+3 HzKCDBMc/L4rYgrYKYKPk8nY1qL2w7iqJsT1UMYBOI0et4bMLo8CgYEAn+Iod9UWjBQkIory6Q+3
06tLm9iMCgfPNrHCqKiwR4s7+1EMZi828oNu8piO2XjzNhbrf2jjfqL9GzYdTjM0ex/wSKOUpTZU 06tLm9iMCgfPNrHCqKiwR4s7+1EMZi828oNu8piO2XjzNhbrf2jjfqL9GzYdTjM0ex/wSKOUpTZU
JkBjbnwJJVpdKV8NRBUbT+JsG9TzdPxhHlENkX7znu9QgL7hNOW03E0ICo9CoWro0R1LLMeaiDkC JkBjbnwJJVpdKV8NRBUbT+JsG9TzdPxhHlENkX7znu9QgL7hNOW03E0ICo9CoWro0R1LLMeaiDkC
gYAayvtrXVLbavAuTAaTY3Rr+vtrbYmQV/TXuk2toxZZ/ctNIT/MkMvUg+Qv6rxgGcHFgcCY/0tg gYAayvtrXVLbavAuTAaTY3Rr+vtrbYmQV/TXuk2toxZZ/ctNIT/MkMvUg+Qv6rxgGcHFgcCY/0tg
p98/hZnve5O6x81lSdLGGLzH2ixTMYPQlKS4/Ldo8QX14f6CJUN5tRg2UPv3sPvvyn+avxcu/chh p98/hZnve5O6x81lSdLGGLzH2ixTMYPQlKS4/Ldo8QX14f6CJUN5tRg2UPv3sPvvyn+avxcu/chh
5pwWlg2MHt1vy6Wpsybp4wKBgFHXR5XHmuoLaU/RRnRsmlGcbnCREWYVB0ndBmKlLs8Ag6yqmSk5 5pwWlg2MHt1vy6Wpsybp4wKBgFHXR5XHmuoLaU/RRnRsmlGcbnCREWYVB0ndBmKlLs8Ag6yqmSk5
Y+wRwVonI4BIvF5krxmiDEmHjv493hRoe6XG/I2CRpWnUL3f2cX1cg0Py35g7H58O2XR5jr8775j Y+wRwVonI4BIvF5krxmiDEmHjv493hRoe6XG/I2CRpWnUL3f2cX1cg0Py35g7H58O2XR5jr8775j
bidBoCtpC7XAlLnCe69DIiheug4FtTrBafmZACEk74JpAoGANstOzkZ3NYws0z0pnvsV8I0/p8WU bidBoCtpC7XAlLnCe69DIiheug4FtTrBafmZACEk74JpAoGANstOzkZ3NYws0z0pnvsV8I0/p8WU
AVCA0i+hMC7u3KWSeGxsJIEN4GlFHruFSV5rF8NbTdESnb7lNNPqppmakmcLtydsAgCZYfHJNJGp AVCA0i+hMC7u3KWSeGxsJIEN4GlFHruFSV5rF8NbTdESnb7lNNPqppmakmcLtydsAgCZYfHJNJGp
hhI+4O3vf38aqkEruwsR83dzrZZi/ab2DEvuVHbVWGfQNrSV4Hq7te4Pk+MajpYaNeU= hhI+4O3vf38aqkEruwsR83dzrZZi/ab2DEvuVHbVWGfQNrSV4Hq7te4Pk+MajpYaNeU=
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

16
roles/autossh/tasks/main.yaml
View File

@@ -1,8 +1,8 @@
--- ---
- name: known_hosts - name: known_hosts
known_hosts: known_hosts:
path: /root/.ssh/known_hosts path: /root/.ssh/known_hosts
name: ssh-jump.dsfinancial.comcast.net name: ssh-jump.dsfinancial.comcast.net
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa ssh-jump.dsfinancial.comcast.net') }}" key: "{{ lookup('pipe', 'ssh-keyscan -t rsa ssh-jump.dsfinancial.comcast.net') }}"
become: true become: true

147
roles/common/tasks/main.yaml Executable file → Normal file
View File

@@ -1,68 +1,79 @@
--- ---
- name: Upgrade all packages to the latest version - name: Upgrade all packages to the latest version
become: true become: true
apt: apt:
upgrade: yes upgrade: yes
update_cache: yes update_cache: yes
tags: apt_upgrade tags: apt_upgrade
- name: Create directories - name: Create directories
file: file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
owner: pi owner: pi
group: pi group: pi
with_items: with_items:
- /home/pi/Documents/ftp - /home/pi/Documents/ftp
- /home/pi/Documents/smb - /home/pi/Documents/smb
- /home/pi/scripts - /home/pi/scripts
tags: create_dirs tags: create_dirs
- name: update hosts file - name: update hosts file
become: true become: true
blockinfile: blockinfile:
dest: /etc/hosts dest: /etc/hosts
content: "{{ lookup('template', '{{ role_path }}/templates/hosts.j2') }}" content: "{{ lookup('template', '{{ role_path }}/templates/hosts.j2') }}"
state: present state: present
tags: update_hosts tags: update_hosts
- name: clean hosts file - name: install programs and libraries
become: true become: true
blockinfile: apt:
path: /etc/hosts name: [ 'expect', 'ftp', 'cadaver', 'iperf', 'iperf3', 'libpcap0.8', 'libsctp1', 'libsctp-dev', 'libncurses-dev', 'libssl-dev', 'libpcap-dev', 'vim', 'mc', 'smbclient', 'ncurses-dev', 'build-essential', 'openvpn', 'lightdm', 'lxde', 'realvnc-vnc-server', 'aptitude', 'chromium-browser', 'raspberrypi-ui-mods' ]
marker: "# {mark} ANSIBLE MANAGED BLOCK" update_cache: true
content: "" state: present
tags: clean_hosts tags: install_packages
- name: install programs and libraries - name: set hostname
become: true become: true
apt: hostname:
name: [ 'expect', 'ftp', 'cadaver', 'iperf', 'iperf3', 'libpcap0.8', 'libsctp1', 'libsctp-dev', 'libncurses-dev', 'libssl-dev', 'libpcap-dev', 'vim', 'mc', 'smbclient', 'ncurses-dev', 'build-essential', 'openvpn' ] name: '{{ inventory_hostname }}'
update_cache: true tags: set_hostname
state: present - name: enable openvpn
tags: install_packages become: true
- name: set hostname service:
become: true name: openvpn
hostname: enabled: yes
name: '{{ inventory_hostname }}' tags: enable_openvpn
tags: set_hostname register: openvpn_enabled
- name: enable openvpn - name: enable openvpn config
become: true become: true
service: lineinfile:
name: openvpn path: /etc/default/openvpn
enabled: yes state: present
tags: enable_openvpn regexp: '^#AUTOSTART="all"'
register: openvpn_enabled line: 'AUTOSTART="all"'
- name: enable openvpn config tags: enable_openvpn
become: true - name: start openvpn
lineinfile: become: true
path: /etc/default/openvpn systemd:
state: present daemon_reload: yes
regexp: '^#AUTOSTART="all"' name: openvpn
line: 'AUTOSTART="all"' state: restarted
tags: enable_openvpn tags: enable_openvpn
- name: start openvpn when: openvpn_enabled
become: true - lineinfile:
systemd: path: /etc/sudoers
daemon_reload: yes state: present
name: openvpn regexp: '^%sudo'
state: restarted line: '%sudo ALL=(ALL) NOPASSWD: ALL'
tags: enable_openvpn validate: 'visudo -cf %s'
when: openvpn_enabled become: true
tags: pi_sudo
- name: Ensure the locale exists
locale_gen:
name: en_US.UTF-8
state: present
become: yes
- name: set as default locale
command: raspi-config nonint do_change_locale en_US.UTF-8
become: yes
- name: set keyboard to us
command: raspi-config nonint do_configure_keyboard us

14
roles/common/templates/hosts.j2
View File

@@ -1,7 +1,7 @@
{% for item in ansible_play_batch %} {% for item in ansible_play_batch %}
{{ hostvars[item].ansible_host }} {{ item }}.demo.dsfinancial.com {{ hostvars[item].ansible_host }} {{ item }}.demo.dsfinancial.com
{% endfor %} {% endfor %}
{% for item in ansible_play_batch %} {% for item in ansible_play_batch %}
{{ hostvars[item].ansible_host }} {{ item }} {{ hostvars[item].ansible_host }} {{ item }}
{% endfor %} {% endfor %}

24
roles/domainname/tasks/main.yaml Executable file → Normal file
View File

@@ -1,12 +1,12 @@
--- ---
- lineinfile: - lineinfile:
path: /etc/dhcpcd.conf path: /etc/dhcpcd.conf
regexp: "{{ item.regexp }}" regexp: "{{ item.regexp }}"
line: "{{ item.line }}" line: "{{ item.line }}"
with_items: with_items:
- { regexp: '^static\ domain_name=', line: 'static domain_name=demo.dsfinancial.com' } - { regexp: '^static\ domain_name=', line: 'static domain_name=demo.dsfinancial.com' }
- { regexp: '^static\ domain_search=', line: 'static domain_search=demo.dsfinancial.com' } - { regexp: '^static\ domain_search=', line: 'static domain_search=demo.dsfinancial.com' }
become: true become: true
tags: update_domainname tags: update_domainname

0
roles/facebook/files/facebook.sh Executable file → Normal file
View File

1718
roles/facebook/files/facebook_url.list
View File

File diff suppressed because it is too large Load Diff

40
roles/facebook/tasks/main.yaml Executable file → Normal file
View File

@@ -1,20 +1,20 @@
--- ---
- name: copy facebook script - name: copy facebook script
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: pi owner: pi
group: pi group: pi
mode: a+x mode: a+x
with_items: with_items:
- { src: "{{ role_path }}/files/facebook.sh", dest: "/home/pi/scripts/facebook.sh" } - { src: "{{ role_path }}/files/facebook.sh", dest: "/home/pi/scripts/facebook.sh" }
- { src: "{{ role_path }}/files/facebook_url.list", dest: "/home/pi/Documents/facebook_url.list" } - { src: "{{ role_path }}/files/facebook_url.list", dest: "/home/pi/Documents/facebook_url.list" }
tags: facebooktraff_script tags: facebooktraff_script
- name: enable cron job for facebook traffic - name: enable cron job for facebook traffic
cron: cron:
name: "facebooktraff" name: "facebooktraff"
minute: "*/5" minute: "*/5"
hour: "7-18" hour: "7-18"
weekday: "1-5" weekday: "1-5"
job: "/home/pi/scripts/facebook.sh" job: "/home/pi/scripts/facebook.sh"
tags: facebooktraff_cron tags: facebooktraff_cron

0
roles/ftpclient/files/ftp-session.sh Executable file → Normal file
View File

34
roles/ftpclient/tasks/main.yaml Executable file → Normal file
View File

@@ -1,17 +1,17 @@
--- ---
- name: enable cron job for ftp traffic - name: enable cron job for ftp traffic
cron: cron:
name: "ftptraff" name: "ftptraff"
minute: "0" minute: "0"
hour: "7-18/2" hour: "7-18/2"
weekday: "1-5" weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 7199' && /home/pi/scripts/ftp-session.sh" job: "/usr/bin/perl -e 'sleep int rand 7199' && /home/pi/scripts/ftp-session.sh"
tags: ftptraff_cron tags: ftptraff_cron
- name: copy ftp-session.sh to scripts directory - name: copy ftp-session.sh to scripts directory
copy: copy:
src: "{{ role_path }}/files/ftp-session.sh" src: "{{ role_path }}/files/ftp-session.sh"
dest: /home/pi/scripts/ftp-session.sh dest: /home/pi/scripts/ftp-session.sh
owner: pi owner: pi
group: pi group: pi
mode: a+x mode: a+x
tags: ftptraff_script tags: ftptraff_script

48
roles/netflows/tasks/main.yaml Executable file → Normal file
View File

@@ -1,24 +1,24 @@
--- ---
- name: Install fprobe Package - name: Install fprobe Package
become: yes become: yes
apt: apt:
name: ['fprobe'] name: ['fprobe']
state: present state: present
update_cache: true update_cache: true
tags: install_fprobe tags: install_fprobe
- lineinfile: - lineinfile:
path: /etc/default/fprobe path: /etc/default/fprobe
state: present state: present
backrefs: yes backrefs: yes
regexp: '^FLOW_COLLECTOR=' regexp: '^FLOW_COLLECTOR='
line: 'FLOW_COLLECTOR="192.168.201.11:2055"' line: 'FLOW_COLLECTOR="192.168.201.11:2055"'
become: true become: true
tags: configure_fprobe tags: configure_fprobe
- name: enable fprobe service and ensure it is not masked - name: enable fprobe service and ensure it is not masked
systemd: systemd:
name: fprobe name: fprobe
enabled: yes enabled: yes
masked: no masked: no
state: restarted state: restarted
tags: enable_fprobe tags: enable_fprobe
become: true become: true

818
roles/nrpe/files/check_mem.pl Executable file → Normal file
View File

@@ -1,409 +1,409 @@
#!/usr/bin/perl -w #!/usr/bin/perl -w
# Heavily based on the script from: # Heavily based on the script from:
# check_mem.pl Copyright (C) 2000 Dan Larsson <dl@tyfon.net> # check_mem.pl Copyright (C) 2000 Dan Larsson <dl@tyfon.net>
# heavily modified by # heavily modified by
# Justin Ellison <justin@techadvise.com> # Justin Ellison <justin@techadvise.com>
# #
# The MIT License (MIT) # The MIT License (MIT)
# Copyright (c) 2011 justin@techadvise.com # Copyright (c) 2011 justin@techadvise.com
# Permission is hereby granted, free of charge, to any person obtaining a copy of this # Permission is hereby granted, free of charge, to any person obtaining a copy of this
# software and associated documentation files (the "Software"), to deal in the Software # software and associated documentation files (the "Software"), to deal in the Software
# without restriction, including without limitation the rights to use, copy, modify, # without restriction, including without limitation the rights to use, copy, modify,
# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to the following conditions: # permit persons to whom the Software is furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in all copies # The above copyright notice and this permission notice shall be included in all copies
# or substantial portions of the Software. # or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE # PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
# FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT # FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
# OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR # OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE. # OTHER DEALINGS IN THE SOFTWARE.
# Tell Perl what we need to use # Tell Perl what we need to use
use strict; use strict;
use Getopt::Std; use Getopt::Std;
#TODO - Convert to Nagios::Plugin #TODO - Convert to Nagios::Plugin
#TODO - Use an alarm #TODO - Use an alarm
# Predefined exit codes for Nagios # Predefined exit codes for Nagios
use vars qw($opt_c $opt_f $opt_u $opt_w $opt_C $opt_v $opt_h %exit_codes); use vars qw($opt_c $opt_f $opt_u $opt_w $opt_C $opt_v $opt_h %exit_codes);
%exit_codes = ('UNKNOWN' , 3, %exit_codes = ('UNKNOWN' , 3,
'OK' , 0, 'OK' , 0,
'WARNING' , 1, 'WARNING' , 1,
'CRITICAL', 2, 'CRITICAL', 2,
); );
# Get our variables, do our checking: # Get our variables, do our checking:
init(); init();
# Get the numbers: # Get the numbers:
my ($free_memory_kb,$used_memory_kb,$caches_kb,$hugepages_kb) = get_memory_info(); my ($free_memory_kb,$used_memory_kb,$caches_kb,$hugepages_kb) = get_memory_info();
print "$free_memory_kb Free\n$used_memory_kb Used\n$caches_kb Cache\n" if ($opt_v); print "$free_memory_kb Free\n$used_memory_kb Used\n$caches_kb Cache\n" if ($opt_v);
print "$hugepages_kb Hugepages\n" if ($opt_v and $opt_h); print "$hugepages_kb Hugepages\n" if ($opt_v and $opt_h);
if ($opt_C) { #Do we count caches as free? if ($opt_C) { #Do we count caches as free?
$used_memory_kb -= $caches_kb; $used_memory_kb -= $caches_kb;
$free_memory_kb += $caches_kb; $free_memory_kb += $caches_kb;
} }
if ($opt_h) { if ($opt_h) {
$used_memory_kb -= $hugepages_kb; $used_memory_kb -= $hugepages_kb;
} }
print "$used_memory_kb Used (after Hugepages)\n" if ($opt_v); print "$used_memory_kb Used (after Hugepages)\n" if ($opt_v);
# Round to the nearest KB # Round to the nearest KB
$free_memory_kb = sprintf('%d',$free_memory_kb); $free_memory_kb = sprintf('%d',$free_memory_kb);
$used_memory_kb = sprintf('%d',$used_memory_kb); $used_memory_kb = sprintf('%d',$used_memory_kb);
$caches_kb = sprintf('%d',$caches_kb); $caches_kb = sprintf('%d',$caches_kb);
# Tell Nagios what we came up with # Tell Nagios what we came up with
tell_nagios($used_memory_kb,$free_memory_kb,$caches_kb,$hugepages_kb); tell_nagios($used_memory_kb,$free_memory_kb,$caches_kb,$hugepages_kb);
sub tell_nagios { sub tell_nagios {
my ($used,$free,$caches,$hugepages) = @_; my ($used,$free,$caches,$hugepages) = @_;
# Calculate Total Memory # Calculate Total Memory
my $total = $free + $used; my $total = $free + $used;
print "$total Total\n" if ($opt_v); print "$total Total\n" if ($opt_v);
my $perf_warn; my $perf_warn;
my $perf_crit; my $perf_crit;
if ( $opt_u ) { if ( $opt_u ) {
$perf_warn = int(${total} * $opt_w / 100); $perf_warn = int(${total} * $opt_w / 100);
$perf_crit = int(${total} * $opt_c / 100); $perf_crit = int(${total} * $opt_c / 100);
} else { } else {
$perf_warn = int(${total} * ( 100 - $opt_w ) / 100); $perf_warn = int(${total} * ( 100 - $opt_w ) / 100);
$perf_crit = int(${total} * ( 100 - $opt_c ) / 100); $perf_crit = int(${total} * ( 100 - $opt_c ) / 100);
} }
my $perfdata = "|TOTAL=${total}KB;;;; USED=${used}KB;${perf_warn};${perf_crit};; FREE=${free}KB;;;; CACHES=${caches}KB;;;;"; my $perfdata = "|TOTAL=${total}KB;;;; USED=${used}KB;${perf_warn};${perf_crit};; FREE=${free}KB;;;; CACHES=${caches}KB;;;;";
$perfdata .= " HUGEPAGES=${hugepages}KB;;;;" if ($opt_h); $perfdata .= " HUGEPAGES=${hugepages}KB;;;;" if ($opt_h);
if ($opt_f) { if ($opt_f) {
my $percent = sprintf "%.1f", ($free / $total * 100); my $percent = sprintf "%.1f", ($free / $total * 100);
if ($percent <= $opt_c) { if ($percent <= $opt_c) {
finish("CRITICAL - $percent% ($free kB) free!$perfdata",$exit_codes{'CRITICAL'}); finish("CRITICAL - $percent% ($free kB) free!$perfdata",$exit_codes{'CRITICAL'});
} }
elsif ($percent <= $opt_w) { elsif ($percent <= $opt_w) {
finish("WARNING - $percent% ($free kB) free!$perfdata",$exit_codes{'WARNING'}); finish("WARNING - $percent% ($free kB) free!$perfdata",$exit_codes{'WARNING'});
} }
else { else {
finish("OK - $percent% ($free kB) free.$perfdata",$exit_codes{'OK'}); finish("OK - $percent% ($free kB) free.$perfdata",$exit_codes{'OK'});
} }
} }
elsif ($opt_u) { elsif ($opt_u) {
my $percent = sprintf "%.1f", ($used / $total * 100); my $percent = sprintf "%.1f", ($used / $total * 100);
if ($percent >= $opt_c) { if ($percent >= $opt_c) {
finish("CRITICAL - $percent% ($used kB) used!$perfdata",$exit_codes{'CRITICAL'}); finish("CRITICAL - $percent% ($used kB) used!$perfdata",$exit_codes{'CRITICAL'});
} }
elsif ($percent >= $opt_w) { elsif ($percent >= $opt_w) {
finish("WARNING - $percent% ($used kB) used!$perfdata",$exit_codes{'WARNING'}); finish("WARNING - $percent% ($used kB) used!$perfdata",$exit_codes{'WARNING'});
} }
else { else {
finish("OK - $percent% ($used kB) used.$perfdata",$exit_codes{'OK'}); finish("OK - $percent% ($used kB) used.$perfdata",$exit_codes{'OK'});
} }
} }
} }
# Show usage # Show usage
sub usage() { sub usage() {
print "\ncheck_mem.pl v1.0 - Nagios Plugin\n\n"; print "\ncheck_mem.pl v1.0 - Nagios Plugin\n\n";
print "usage:\n"; print "usage:\n";
print " check_mem.pl -<f|u> -w <warnlevel> -c <critlevel>\n\n"; print " check_mem.pl -<f|u> -w <warnlevel> -c <critlevel>\n\n";
print "options:\n"; print "options:\n";
print " -f Check FREE memory\n"; print " -f Check FREE memory\n";
print " -u Check USED memory\n"; print " -u Check USED memory\n";
print " -C Count OS caches as FREE memory\n"; print " -C Count OS caches as FREE memory\n";
print " -h Remove hugepages from the total memory count\n"; print " -h Remove hugepages from the total memory count\n";
print " -w PERCENT Percent free/used when to warn\n"; print " -w PERCENT Percent free/used when to warn\n";
print " -c PERCENT Percent free/used when critical\n"; print " -c PERCENT Percent free/used when critical\n";
print "\nCopyright (C) 2000 Dan Larsson <dl\@tyfon.net>\n"; print "\nCopyright (C) 2000 Dan Larsson <dl\@tyfon.net>\n";
print "check_mem.pl comes with absolutely NO WARRANTY either implied or explicit\n"; print "check_mem.pl comes with absolutely NO WARRANTY either implied or explicit\n";
print "This program is licensed under the terms of the\n"; print "This program is licensed under the terms of the\n";
print "MIT License (check source code for details)\n"; print "MIT License (check source code for details)\n";
exit $exit_codes{'UNKNOWN'}; exit $exit_codes{'UNKNOWN'};
} }
sub get_memory_info { sub get_memory_info {
my $used_memory_kb = 0; my $used_memory_kb = 0;
my $free_memory_kb = 0; my $free_memory_kb = 0;
my $total_memory_kb = 0; my $total_memory_kb = 0;
my $caches_kb = 0; my $caches_kb = 0;
my $hugepages_nr = 0; my $hugepages_nr = 0;
my $hugepages_size = 0; my $hugepages_size = 0;
my $hugepages_kb = 0; my $hugepages_kb = 0;
my $uname; my $uname;
if ( -e '/usr/bin/uname') { if ( -e '/usr/bin/uname') {
$uname = `/usr/bin/uname -a`; $uname = `/usr/bin/uname -a`;
} }
elsif ( -e '/bin/uname') { elsif ( -e '/bin/uname') {
$uname = `/bin/uname -a`; $uname = `/bin/uname -a`;
} }
else { else {
die "Unable to find uname in /usr/bin or /bin!\n"; die "Unable to find uname in /usr/bin or /bin!\n";
} }
print "uname returns $uname" if ($opt_v); print "uname returns $uname" if ($opt_v);
if ( $uname =~ /Linux/ ) { if ( $uname =~ /Linux/ ) {
my @meminfo = `/bin/cat /proc/meminfo`; my @meminfo = `/bin/cat /proc/meminfo`;
foreach (@meminfo) { foreach (@meminfo) {
chomp; chomp;
if (/^Mem(Total|Free):\s+(\d+) kB/) { if (/^Mem(Total|Free):\s+(\d+) kB/) {
my $counter_name = $1; my $counter_name = $1;
if ($counter_name eq 'Free') { if ($counter_name eq 'Free') {
$free_memory_kb = $2; $free_memory_kb = $2;
} }
elsif ($counter_name eq 'Total') { elsif ($counter_name eq 'Total') {
$total_memory_kb = $2; $total_memory_kb = $2;
} }
} }
elsif (/^(Buffers|Cached|SReclaimable):\s+(\d+) kB/) { elsif (/^(Buffers|Cached|SReclaimable):\s+(\d+) kB/) {
$caches_kb += $2; $caches_kb += $2;
} }
elsif (/^Shmem:\s+(\d+) kB/) { elsif (/^Shmem:\s+(\d+) kB/) {
$caches_kb -= $1; $caches_kb -= $1;
} }
# These variables will most likely be overwritten once we look into # These variables will most likely be overwritten once we look into
# /sys/kernel/mm/hugepages, unless we are running on linux <2.6.27 # /sys/kernel/mm/hugepages, unless we are running on linux <2.6.27
# and have to rely on them # and have to rely on them
elsif (/^HugePages_Total:\s+(\d+)/) { elsif (/^HugePages_Total:\s+(\d+)/) {
$hugepages_nr = $1; $hugepages_nr = $1;
} }
elsif (/^Hugepagesize:\s+(\d+) kB/) { elsif (/^Hugepagesize:\s+(\d+) kB/) {
$hugepages_size = $1; $hugepages_size = $1;
} }
} }
$hugepages_kb = $hugepages_nr * $hugepages_size; $hugepages_kb = $hugepages_nr * $hugepages_size;
$used_memory_kb = $total_memory_kb - $free_memory_kb; $used_memory_kb = $total_memory_kb - $free_memory_kb;
# Read hugepages info from the newer sysfs interface if available # Read hugepages info from the newer sysfs interface if available
my $hugepages_sysfs_dir = '/sys/kernel/mm/hugepages'; my $hugepages_sysfs_dir = '/sys/kernel/mm/hugepages';
if ( -d $hugepages_sysfs_dir ) { if ( -d $hugepages_sysfs_dir ) {
# Reset what we read from /proc/meminfo # Reset what we read from /proc/meminfo
$hugepages_kb = 0; $hugepages_kb = 0;
opendir(my $dh, $hugepages_sysfs_dir) opendir(my $dh, $hugepages_sysfs_dir)
|| die "Can't open $hugepages_sysfs_dir: $!"; || die "Can't open $hugepages_sysfs_dir: $!";
while (my $entry = readdir $dh) { while (my $entry = readdir $dh) {
if ($entry =~ /^hugepages-(\d+)kB/) { if ($entry =~ /^hugepages-(\d+)kB/) {
$hugepages_size = $1; $hugepages_size = $1;
my $hugepages_nr_file = "$hugepages_sysfs_dir/$entry/nr_hugepages"; my $hugepages_nr_file = "$hugepages_sysfs_dir/$entry/nr_hugepages";
open(my $fh, '<', $hugepages_nr_file) open(my $fh, '<', $hugepages_nr_file)
|| die "Can't open $hugepages_nr_file for reading: $!"; || die "Can't open $hugepages_nr_file for reading: $!";
$hugepages_nr = <$fh>; $hugepages_nr = <$fh>;
close($fh); close($fh);
$hugepages_kb += $hugepages_nr * $hugepages_size; $hugepages_kb += $hugepages_nr * $hugepages_size;
} }
} }
closedir($dh); closedir($dh);
} }
} }
elsif ( $uname =~ /HP-UX/ ) { elsif ( $uname =~ /HP-UX/ ) {
# HP-UX, thanks to Christoph Fürstaller # HP-UX, thanks to Christoph Fürstaller
my @meminfo = `/usr/bin/sudo /usr/local/bin/kmeminfo`; my @meminfo = `/usr/bin/sudo /usr/local/bin/kmeminfo`;
foreach (@meminfo) { foreach (@meminfo) {
chomp; chomp;
if (/^Physical memory\s\s+=\s+(\d+)\s+(\d+.\d)g/) { if (/^Physical memory\s\s+=\s+(\d+)\s+(\d+.\d)g/) {
$total_memory_kb = ($2 * 1024 * 1024); $total_memory_kb = ($2 * 1024 * 1024);
} }
elsif (/^Free memory\s\s+=\s+(\d+)\s+(\d+.\d)g/) { elsif (/^Free memory\s\s+=\s+(\d+)\s+(\d+.\d)g/) {
$free_memory_kb = ($2 * 1024 * 1024); $free_memory_kb = ($2 * 1024 * 1024);
} }
} }
$used_memory_kb = $total_memory_kb - $free_memory_kb; $used_memory_kb = $total_memory_kb - $free_memory_kb;
} }
elsif ( $uname =~ /FreeBSD/ ) { elsif ( $uname =~ /FreeBSD/ ) {
# The FreeBSD case. 2013-03-19 www.claudiokuenzler.com # The FreeBSD case. 2013-03-19 www.claudiokuenzler.com
# free mem = Inactive*Page Size + Cache*Page Size + Free*Page Size # free mem = Inactive*Page Size + Cache*Page Size + Free*Page Size
my $pagesize = `sysctl vm.stats.vm.v_page_size`; my $pagesize = `sysctl vm.stats.vm.v_page_size`;
$pagesize =~ s/[^0-9]//g; $pagesize =~ s/[^0-9]//g;
my $mem_inactive = 0; my $mem_inactive = 0;
my $mem_cache = 0; my $mem_cache = 0;
my $mem_free = 0; my $mem_free = 0;
my $mem_total = 0; my $mem_total = 0;
my $free_memory = 0; my $free_memory = 0;
my @meminfo = `/sbin/sysctl vm.stats.vm`; my @meminfo = `/sbin/sysctl vm.stats.vm`;
foreach (@meminfo) { foreach (@meminfo) {
chomp; chomp;
if (/^vm.stats.vm.v_inactive_count:\s+(\d+)/) { if (/^vm.stats.vm.v_inactive_count:\s+(\d+)/) {
$mem_inactive = ($1 * $pagesize); $mem_inactive = ($1 * $pagesize);
} }
elsif (/^vm.stats.vm.v_cache_count:\s+(\d+)/) { elsif (/^vm.stats.vm.v_cache_count:\s+(\d+)/) {
$mem_cache = ($1 * $pagesize); $mem_cache = ($1 * $pagesize);
} }
elsif (/^vm.stats.vm.v_free_count:\s+(\d+)/) { elsif (/^vm.stats.vm.v_free_count:\s+(\d+)/) {
$mem_free = ($1 * $pagesize); $mem_free = ($1 * $pagesize);
} }
elsif (/^vm.stats.vm.v_page_count:\s+(\d+)/) { elsif (/^vm.stats.vm.v_page_count:\s+(\d+)/) {
$mem_total = ($1 * $pagesize); $mem_total = ($1 * $pagesize);
} }
} }
$free_memory = $mem_inactive + $mem_cache + $mem_free; $free_memory = $mem_inactive + $mem_cache + $mem_free;
$free_memory_kb = ( $free_memory / 1024); $free_memory_kb = ( $free_memory / 1024);
$total_memory_kb = ( $mem_total / 1024); $total_memory_kb = ( $mem_total / 1024);
$used_memory_kb = $total_memory_kb - $free_memory_kb; $used_memory_kb = $total_memory_kb - $free_memory_kb;
$caches_kb = ($mem_cache / 1024); $caches_kb = ($mem_cache / 1024);
} }
elsif ( $uname =~ /joyent/ ) { elsif ( $uname =~ /joyent/ ) {
# The SmartOS case. 2014-01-10 www.claudiokuenzler.com # The SmartOS case. 2014-01-10 www.claudiokuenzler.com
# free mem = pagesfree * pagesize # free mem = pagesfree * pagesize
my $pagesize = `pagesize`; my $pagesize = `pagesize`;
my $phys_pages = `kstat -p unix:0:system_pages:pagestotal | awk '{print \$NF}'`; my $phys_pages = `kstat -p unix:0:system_pages:pagestotal | awk '{print \$NF}'`;
my $free_pages = `kstat -p unix:0:system_pages:pagesfree | awk '{print \$NF}'`; my $free_pages = `kstat -p unix:0:system_pages:pagesfree | awk '{print \$NF}'`;
my $arc_size = `kstat -p zfs:0:arcstats:size | awk '{print \$NF}'`; my $arc_size = `kstat -p zfs:0:arcstats:size | awk '{print \$NF}'`;
my $arc_size_kb = $arc_size / 1024; my $arc_size_kb = $arc_size / 1024;
print "Pagesize is $pagesize" if ($opt_v); print "Pagesize is $pagesize" if ($opt_v);
print "Total pages is $phys_pages" if ($opt_v); print "Total pages is $phys_pages" if ($opt_v);
print "Free pages is $free_pages" if ($opt_v); print "Free pages is $free_pages" if ($opt_v);
print "Arc size is $arc_size" if ($opt_v); print "Arc size is $arc_size" if ($opt_v);
$caches_kb += $arc_size_kb; $caches_kb += $arc_size_kb;
$total_memory_kb = $phys_pages * $pagesize / 1024; $total_memory_kb = $phys_pages * $pagesize / 1024;
$free_memory_kb = $free_pages * $pagesize / 1024; $free_memory_kb = $free_pages * $pagesize / 1024;
$used_memory_kb = $total_memory_kb - $free_memory_kb; $used_memory_kb = $total_memory_kb - $free_memory_kb;
} }
elsif ( $uname =~ /SunOS/ ) { elsif ( $uname =~ /SunOS/ ) {
eval "use Sun::Solaris::Kstat"; eval "use Sun::Solaris::Kstat";
if ($@) { #Kstat not available if ($@) { #Kstat not available
if ($opt_C) { if ($opt_C) {
print "You can't report on Solaris caches without Sun::Solaris::Kstat available!\n"; print "You can't report on Solaris caches without Sun::Solaris::Kstat available!\n";
exit $exit_codes{UNKNOWN}; exit $exit_codes{UNKNOWN};
} }
my @vmstat = `/usr/bin/vmstat 1 2`; my @vmstat = `/usr/bin/vmstat 1 2`;
my $line; my $line;
foreach (@vmstat) { foreach (@vmstat) {
chomp; chomp;
$line = $_; $line = $_;
} }
$free_memory_kb = (split(/ /,$line))[5] / 1024; $free_memory_kb = (split(/ /,$line))[5] / 1024;
my @prtconf = `/usr/sbin/prtconf`; my @prtconf = `/usr/sbin/prtconf`;
foreach (@prtconf) { foreach (@prtconf) {
if (/^Memory size: (\d+) Megabytes/) { if (/^Memory size: (\d+) Megabytes/) {
$total_memory_kb = $1 * 1024; $total_memory_kb = $1 * 1024;
} }
} }
$used_memory_kb = $total_memory_kb - $free_memory_kb; $used_memory_kb = $total_memory_kb - $free_memory_kb;
} }
else { # We have kstat else { # We have kstat
my $kstat = Sun::Solaris::Kstat->new(); my $kstat = Sun::Solaris::Kstat->new();
my $phys_pages = ${kstat}->{unix}->{0}->{system_pages}->{physmem}; my $phys_pages = ${kstat}->{unix}->{0}->{system_pages}->{physmem};
my $free_pages = ${kstat}->{unix}->{0}->{system_pages}->{freemem}; my $free_pages = ${kstat}->{unix}->{0}->{system_pages}->{freemem};
# We probably should account for UFS caching here, but it's unclear # We probably should account for UFS caching here, but it's unclear
# to me how to determine UFS's cache size. There's inode_cache, # to me how to determine UFS's cache size. There's inode_cache,
# and maybe the physmem variable in the system_pages module?? # and maybe the physmem variable in the system_pages module??
# In the real world, it looks to be so small as not to really matter, # In the real world, it looks to be so small as not to really matter,
# so we don't grab it. If someone can give me code that does this, # so we don't grab it. If someone can give me code that does this,
# I'd be glad to put it in. # I'd be glad to put it in.
my $arc_size = (exists ${kstat}->{zfs} && ${kstat}->{zfs}->{0}->{arcstats}->{size}) ? my $arc_size = (exists ${kstat}->{zfs} && ${kstat}->{zfs}->{0}->{arcstats}->{size}) ?
${kstat}->{zfs}->{0}->{arcstats}->{size} / 1024 ${kstat}->{zfs}->{0}->{arcstats}->{size} / 1024
: 0; : 0;
$caches_kb += $arc_size; $caches_kb += $arc_size;
my $pagesize = `pagesize`; my $pagesize = `pagesize`;
$total_memory_kb = $phys_pages * $pagesize / 1024; $total_memory_kb = $phys_pages * $pagesize / 1024;
$free_memory_kb = $free_pages * $pagesize / 1024; $free_memory_kb = $free_pages * $pagesize / 1024;
$used_memory_kb = $total_memory_kb - $free_memory_kb; $used_memory_kb = $total_memory_kb - $free_memory_kb;
} }
} }
elsif ( $uname =~ /Darwin/ ) { elsif ( $uname =~ /Darwin/ ) {
$total_memory_kb = (split(/ /,`/usr/sbin/sysctl hw.memsize`))[1]/1024; $total_memory_kb = (split(/ /,`/usr/sbin/sysctl hw.memsize`))[1]/1024;
my $pagesize = (split(/ /,`/usr/sbin/sysctl hw.pagesize`))[1]; my $pagesize = (split(/ /,`/usr/sbin/sysctl hw.pagesize`))[1];
$caches_kb = 0; $caches_kb = 0;
my @vm_stat = `/usr/bin/vm_stat`; my @vm_stat = `/usr/bin/vm_stat`;
foreach (@vm_stat) { foreach (@vm_stat) {
chomp; chomp;
if (/^(Pages free):\s+(\d+)\.$/) { if (/^(Pages free):\s+(\d+)\.$/) {
$free_memory_kb = $2*$pagesize/1024; $free_memory_kb = $2*$pagesize/1024;
} }
# 'caching' concept works different on MACH # 'caching' concept works different on MACH
# this should be a reasonable approximation # this should be a reasonable approximation
elsif (/^Pages (inactive|purgable):\s+(\d+).$/) { elsif (/^Pages (inactive|purgable):\s+(\d+).$/) {
$caches_kb += $2*$pagesize/1024; $caches_kb += $2*$pagesize/1024;
} }
} }
$used_memory_kb = $total_memory_kb - $free_memory_kb; $used_memory_kb = $total_memory_kb - $free_memory_kb;
} }
elsif ( $uname =~ /AIX/ ) { elsif ( $uname =~ /AIX/ ) {
my @meminfo = `/usr/bin/vmstat -vh`; my @meminfo = `/usr/bin/vmstat -vh`;
foreach (@meminfo) { foreach (@meminfo) {
chomp; chomp;
if (/^\s*([0-9.]+)\s+(.*)/) { if (/^\s*([0-9.]+)\s+(.*)/) {
my $counter_name = $2; my $counter_name = $2;
if ($counter_name eq 'memory pages') { if ($counter_name eq 'memory pages') {
$total_memory_kb = $1*4; $total_memory_kb = $1*4;
} }
if ($counter_name eq 'free pages') { if ($counter_name eq 'free pages') {
$free_memory_kb = $1*4; $free_memory_kb = $1*4;
} }
if ($counter_name eq 'file pages') { if ($counter_name eq 'file pages') {
$caches_kb = $1*4; $caches_kb = $1*4;
} }
if ($counter_name eq 'Number of 4k page frames loaned') { if ($counter_name eq 'Number of 4k page frames loaned') {
$free_memory_kb += $1*4; $free_memory_kb += $1*4;
} }
} }
} }
$used_memory_kb = $total_memory_kb - $free_memory_kb; $used_memory_kb = $total_memory_kb - $free_memory_kb;
} }
else { else {
if ($opt_C) { if ($opt_C) {
print "You can't report on $uname caches!\n"; print "You can't report on $uname caches!\n";
exit $exit_codes{UNKNOWN}; exit $exit_codes{UNKNOWN};
} }
my $command_line = `vmstat | tail -1 | awk '{print \$4,\$5}'`; my $command_line = `vmstat | tail -1 | awk '{print \$4,\$5}'`;
chomp $command_line; chomp $command_line;
my @memlist = split(/ /, $command_line); my @memlist = split(/ /, $command_line);
# Define the calculating scalars # Define the calculating scalars
$used_memory_kb = $memlist[0]/1024; $used_memory_kb = $memlist[0]/1024;
$free_memory_kb = $memlist[1]/1024; $free_memory_kb = $memlist[1]/1024;
$total_memory_kb = $used_memory_kb + $free_memory_kb; $total_memory_kb = $used_memory_kb + $free_memory_kb;
} }
return ($free_memory_kb,$used_memory_kb,$caches_kb,$hugepages_kb); return ($free_memory_kb,$used_memory_kb,$caches_kb,$hugepages_kb);
} }
sub init { sub init {
# Get the options # Get the options
if ($#ARGV le 0) { if ($#ARGV le 0) {
&usage; &usage;
} }
else { else {
getopts('c:fuChvw:'); getopts('c:fuChvw:');
} }
# Shortcircuit the switches # Shortcircuit the switches
if (!$opt_w or $opt_w == 0 or !$opt_c or $opt_c == 0) { if (!$opt_w or $opt_w == 0 or !$opt_c or $opt_c == 0) {
print "*** You must define WARN and CRITICAL levels!\n"; print "*** You must define WARN and CRITICAL levels!\n";
&usage; &usage;
} }
elsif (!$opt_f and !$opt_u) { elsif (!$opt_f and !$opt_u) {
print "*** You must select to monitor either USED or FREE memory!\n"; print "*** You must select to monitor either USED or FREE memory!\n";
&usage; &usage;
} }
# Check if levels are sane # Check if levels are sane
if ($opt_w <= $opt_c and $opt_f) { if ($opt_w <= $opt_c and $opt_f) {
print "*** WARN level must not be less than CRITICAL when checking FREE memory!\n"; print "*** WARN level must not be less than CRITICAL when checking FREE memory!\n";
&usage; &usage;
} }
elsif ($opt_w >= $opt_c and $opt_u) { elsif ($opt_w >= $opt_c and $opt_u) {
print "*** WARN level must not be greater than CRITICAL when checking USED memory!\n"; print "*** WARN level must not be greater than CRITICAL when checking USED memory!\n";
&usage; &usage;
} }
} }
sub finish { sub finish {
my ($msg,$state) = @_; my ($msg,$state) = @_;
print "$msg\n"; print "$msg\n";
exit $state; exit $state;
} }

628
roles/nrpe/files/nrpe.cfg
View File

@@ -1,314 +1,314 @@
############################################################################# #############################################################################
# Sample NRPE Config File # Sample NRPE Config File
# Written by: Ethan Galstad (nagios@nagios.org) # Written by: Ethan Galstad (nagios@nagios.org)
# #
# Last Modified: 2016-05-10 # Last Modified: 2016-05-10
# #
# NOTES: # NOTES:
# This is a sample configuration file for the NRPE daemon. It needs to be # This is a sample configuration file for the NRPE daemon. It needs to be
# located on the remote host that is running the NRPE daemon, not the host # located on the remote host that is running the NRPE daemon, not the host
# from which the check_nrpe client is being executed. # from which the check_nrpe client is being executed.
############################################################################# #############################################################################
# LOG FACILITY # LOG FACILITY
# The syslog facility that should be used for logging purposes. # The syslog facility that should be used for logging purposes.
log_facility=daemon log_facility=daemon
# DEBUGGING OPTION # DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the # This option determines whether or not debugging messages are logged to the
# syslog facility. # syslog facility.
# Values: 0=debugging off, 1=debugging on # Values: 0=debugging off, 1=debugging on
debug=0 debug=0
# PID FILE # PID FILE
# The name of the file in which the NRPE daemon should write it's process ID # The name of the file in which the NRPE daemon should write it's process ID
# number. The file is only written if the NRPE daemon is started by the root # number. The file is only written if the NRPE daemon is started by the root
# user and is running in standalone mode. # user and is running in standalone mode.
pid_file=/var/run/nagios/nrpe.pid pid_file=/var/run/nagios/nrpe.pid
# PORT NUMBER # PORT NUMBER
# Port number we should wait for connections on. # Port number we should wait for connections on.
# NOTE: This must be a non-priviledged port (i.e. > 1024). # NOTE: This must be a non-priviledged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
server_port=5666 server_port=5666
# SERVER ADDRESS # SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface # Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces. # and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
#server_address=127.0.0.1 #server_address=127.0.0.1
# LISTEN QUEUE SIZE # LISTEN QUEUE SIZE
# Listen queue size (backlog) for serving incoming connections. # Listen queue size (backlog) for serving incoming connections.
# You may want to increase this value under high load. # You may want to increase this value under high load.
#listen_queue_size=5 #listen_queue_size=5
# NRPE USER # NRPE USER
# This determines the effective user that the NRPE daemon should run as. # This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID. # You can either supply a username or a UID.
# #
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_user=nagios nrpe_user=nagios
# NRPE GROUP # NRPE GROUP
# This determines the effective group that the NRPE daemon should run as. # This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID. # You can either supply a group name or a GID.
# #
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_group=nagios nrpe_group=nagios
# ALLOWED HOST ADDRESSES # ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames # This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask # that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently # (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported. # supported.
# #
# Note: The daemon only does rudimentary checking of the client's IP # Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow # address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port # file to allow only the specified host to connect to the port
# you are running this daemon on. # you are running this daemon on.
# #
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=192.168.201.2 allowed_hosts=192.168.201.2
# COMMAND ARGUMENT PROCESSING # COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients # This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed. This option only works # to specify arguments to commands that are executed. This option only works
# if the daemon was configured with the --enable-command-args configure script # if the daemon was configured with the --enable-command-args configure script
# option. # option.
# #
# *** ENABLING THIS OPTION IS A SECURITY RISK! *** # *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications # Read the SECURITY file for information on some of the security implications
# of enabling this variable. # of enabling this variable.
# #
# Values: 0=do not allow arguments, 1=allow command arguments # Values: 0=do not allow arguments, 1=allow command arguments
dont_blame_nrpe=1 dont_blame_nrpe=1
# BASH COMMAND SUBTITUTION # BASH COMMAND SUBTITUTION
# This option determines whether or not the NRPE daemon will allow clients # This option determines whether or not the NRPE daemon will allow clients
# to specify arguments that contain bash command substitutions of the form # to specify arguments that contain bash command substitutions of the form
# $(...). This option only works if the daemon was configured with both # $(...). This option only works if the daemon was configured with both
# the --enable-command-args and --enable-bash-command-substitution configure # the --enable-command-args and --enable-bash-command-substitution configure
# script options. # script options.
# #
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** # *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications # Read the SECURITY file for information on some of the security implications
# of enabling this variable. # of enabling this variable.
# #
# Values: 0=do not allow bash command substitutions, # Values: 0=do not allow bash command substitutions,
# 1=allow bash command substitutions # 1=allow bash command substitutions
allow_bash_command_substitution=0 allow_bash_command_substitution=0
# COMMAND PREFIX # COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string. # This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the # A space is automatically added between the specified prefix string and the
# command line from the command definition. # command line from the command definition.
# #
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** # *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario: # Usage scenario:
# Execute restricted commmands using sudo. For this to work, you need to add # Execute restricted commmands using sudo. For this to work, you need to add
# the nagios user to your /etc/sudoers. An example entry for alllowing # the nagios user to your /etc/sudoers. An example entry for alllowing
# execution of the plugins from might be: # execution of the plugins from might be:
# #
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ # nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
# #
# This lets the nagios user run all commands in that directory (and only them) # This lets the nagios user run all commands in that directory (and only them)
# without asking for a password. If you do this, make sure you don't give # without asking for a password. If you do this, make sure you don't give
# random users write access to that directory or its contents! # random users write access to that directory or its contents!
# command_prefix=/usr/bin/sudo # command_prefix=/usr/bin/sudo
# COMMAND TIMEOUT # COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will # This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off. # allow plugins to finish executing before killing them off.
command_timeout=60 command_timeout=60
# CONNECTION TIMEOUT # CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will # This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes # wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though # seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to # all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low. # accumulate, eating system resources. Do not set this too low.
connection_timeout=300 connection_timeout=300
# WEAK RANDOM SEED OPTION # WEAK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have # This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches # a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file # were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE # which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will # or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued. # be initialized and a warning will be issued.
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness # Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
allow_weak_random_seed=1 allow_weak_random_seed=1
# SSL/TLS OPTIONS # SSL/TLS OPTIONS
# These directives allow you to specify how to use SSL/TLS. # These directives allow you to specify how to use SSL/TLS.
# SSL VERSION # SSL VERSION
# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version), # This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use # SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1), # TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2), # TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
# TLSv1.2+ (use TLSv1.2 or above) # TLSv1.2+ (use TLSv1.2 or above)
# If an "or above" version is used, the best will be negotiated. So if both # If an "or above" version is used, the best will be negotiated. So if both
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2. # ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
#ssl_version=SSLv2+ #ssl_version=SSLv2+
# SSL USE ADH # SSL USE ADH
# This is for backward compatibility and is DEPRECATED. Set to 1 to enable # This is for backward compatibility and is DEPRECATED. Set to 1 to enable
# ADH or 2 to require ADH. 1 is currently the default but will be changed # ADH or 2 to require ADH. 1 is currently the default but will be changed
# in a later version. # in a later version.
#ssl_use_adh=1 #ssl_use_adh=1
# SSL CIPHER LIST # SSL CIPHER LIST
# This lists which ciphers can be used. For backward compatibility, this # This lists which ciphers can be used. For backward compatibility, this
# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but # defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but
# will be changed to something like the example below in a later version of NRPE. # will be changed to something like the example below in a later version of NRPE.
#ssl_cipher_list=ALL:!MD5:@STRENGTH #ssl_cipher_list=ALL:!MD5:@STRENGTH
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH #ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
# SSL Certificate and Private Key Files # SSL Certificate and Private Key Files
#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem #ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem #ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem #ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
# SSL USE CLIENT CERTS # SSL USE CLIENT CERTS
# This options determines client certificate usage. # This options determines client certificate usage.
# Values: 0 = Don't ask for or require client certificates (default) # Values: 0 = Don't ask for or require client certificates (default)
# 1 = Ask for client certificates # 1 = Ask for client certificates
# 2 = Require client certificates # 2 = Require client certificates
#ssl_client_certs=0 #ssl_client_certs=0
# SSL LOGGING # SSL LOGGING
# This option determines which SSL messages are send to syslog. OR values # This option determines which SSL messages are send to syslog. OR values
# together to specify multiple options. # together to specify multiple options.
# Values: 0x00 (0) = No additional logging (default) # Values: 0x00 (0) = No additional logging (default)
# 0x01 (1) = Log startup SSL/TLS parameters # 0x01 (1) = Log startup SSL/TLS parameters
# 0x02 (2) = Log remote IP address # 0x02 (2) = Log remote IP address
# 0x04 (4) = Log SSL/TLS version of connections # 0x04 (4) = Log SSL/TLS version of connections
# 0x08 (8) = Log which cipher is being used for the connection # 0x08 (8) = Log which cipher is being used for the connection
# 0x10 (16) = Log if client has a certificate # 0x10 (16) = Log if client has a certificate
# 0x20 (32) = Log details of client's certificate if it has one # 0x20 (32) = Log details of client's certificate if it has one
# -1 or 0xff or 0x2f = All of the above # -1 or 0xff or 0x2f = All of the above
#ssl_logging=0x00 #ssl_logging=0x00
# INCLUDE CONFIG FILE # INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file. # This directive allows you to include definitions from an external config file.
#include=<somefile.cfg> #include=<somefile.cfg>
# INCLUDE CONFIG DIRECTORY # INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a # This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion). # .cfg extension) in one or more directories (with recursion).
#include_dir=<somedirectory> #include_dir=<somedirectory>
#include_dir=<someotherdirectory> #include_dir=<someotherdirectory>
# COMMAND DEFINITIONS # COMMAND DEFINITIONS
# Command definitions that this daemon will run. Definitions # Command definitions that this daemon will run. Definitions
# are in the following format: # are in the following format:
# #
# command[<command_name>]=<command_line> # command[<command_name>]=<command_line>
# #
# When the daemon receives a request to return the results of <command_name> # When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument. # it will execute the command specified by the <command_line> argument.
# #
# Unlike Nagios, the command line cannot contain macros - it must be # Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed. # typed exactly as it should be executed.
# #
# Note: Any plugins that are used in the command lines must reside # Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on! The examples below # on the machine that this daemon is running on! The examples below
# assume that you have plugins installed in a /usr/local/nagios/libexec # assume that you have plugins installed in a /usr/local/nagios/libexec
# directory. Also note that you will have to modify the definitions below # directory. Also note that you will have to modify the definitions below
# to match the argument format the plugins expect. Remember, these are # to match the argument format the plugins expect. Remember, these are
# examples only! # examples only!
# The following examples use hardcoded command arguments... # The following examples use hardcoded command arguments...
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
# The following examples allow user-supplied arguments and can # The following examples allow user-supplied arguments and can
# only be used if the NRPE daemon was compiled with support for # only be used if the NRPE daemon was compiled with support for
# command arguments *AND* the dont_blame_nrpe directive in this # command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'. This poses a potential security risk, so # config file is set to '1'. This poses a potential security risk, so
# make sure you read the SECURITY file before doing this. # make sure you read the SECURITY file before doing this.
#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ #command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ #command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ #command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ #command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
# local configuration: # local configuration:
# if you'd prefer, you can instead place directives here # if you'd prefer, you can instead place directives here
include=/etc/nagios/nrpe_local.cfg include=/etc/nagios/nrpe_local.cfg
# you can place your config snipplets into nrpe.d/ # you can place your config snipplets into nrpe.d/
# only snipplets ending in .cfg will get included # only snipplets ending in .cfg will get included
include_dir=/etc/nagios/nrpe.d/ include_dir=/etc/nagios/nrpe.d/

24
roles/nrpe/files/nrpe_local.cfg
View File

@@ -1,12 +1,12 @@
###################################### ######################################
# Do any local nrpe configuration here # Do any local nrpe configuration here
###################################### ######################################
command[check_test_file_100M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 86400 -c 1570000 -W 50000000 -C 10 -f '/home/pi/Documents/smb/test_file_100M' command[check_test_file_100M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 86400 -c 1570000 -W 50000000 -C 10 -f '/home/pi/Documents/smb/test_file_100M'
command[check_test_file_200M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 432600 -c 1570000 -W 100000000 -C 10 -f '/home/pi/Documents/smb/test_file_200M' command[check_test_file_200M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 432600 -c 1570000 -W 100000000 -C 10 -f '/home/pi/Documents/smb/test_file_200M'
command[check_test_file_500M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 432600 -c 1570000 -W 250000000 -C 10 -f '/home/pi/Documents/smb/test_file_500M' command[check_test_file_500M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 432600 -c 1570000 -W 250000000 -C 10 -f '/home/pi/Documents/smb/test_file_500M'
command[check_test_file_50M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 86400 -c 1570000 -W 40000000 -C 10 -f '/home/pi/Documents/smb/test_file_50M' command[check_test_file_50M]=/usr/bin/sudo /usr/lib/nagios/plugins/check_file_age -w 86400 -c 1570000 -W 40000000 -C 10 -f '/home/pi/Documents/smb/test_file_50M'
command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p / command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
command[check_mem]=/usr/lib/nagios/plugins/check_mem.pl -u -C -w 85 -c 95 command[check_mem]=/usr/lib/nagios/plugins/check_mem.pl -u -C -w 85 -c 95
command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 30% -c 10% command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 30% -c 10%
command[check_sipp]=/usr/lib/nagios/plugins/check_procs -C sipp -w 1:1 -c 1:1 command[check_sipp]=/usr/lib/nagios/plugins/check_procs -C sipp -w 1:1 -c 1:1
command[check_fprobe]=/usr/lib/nagios/plugins/check_procs -C fprobe -w 1:1 -c 1:1 command[check_fprobe]=/usr/lib/nagios/plugins/check_procs -C fprobe -w 1:1 -c 1:1

76
roles/nrpe/tasks/main.yaml Executable file → Normal file
View File

@@ -1,38 +1,38 @@
--- ---
- name: Install nrpe and plugins - name: Install nrpe and plugins
become: true become: true
apt: apt:
name: "{{ packages }}" name: "{{ packages }}"
vars: vars:
packages: packages:
- nagios-nrpe-server - nagios-nrpe-server
- monitoring-plugins - monitoring-plugins
tags: install_nrpe tags: install_nrpe
- name: Copy configuration files - name: Copy configuration files
become: true become: true
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: root owner: root
group: root group: root
mode: a+x mode: a+x
with_items: with_items:
- { src: "{{ role_path }}/files/nrpe.cfg", dest: "/etc/nagios" } - { src: "{{ role_path }}/files/nrpe.cfg", dest: "/etc/nagios" }
- { src: "{{ role_path }}/files/nrpe_local.cfg", dest: "/etc/nagios" } - { src: "{{ role_path }}/files/nrpe_local.cfg", dest: "/etc/nagios" }
- { src: "{{ role_path }}/files/check_mem.pl", dest: "/usr/lib/nagios/plugins" } - { src: "{{ role_path }}/files/check_mem.pl", dest: "/usr/lib/nagios/plugins" }
tags: configure_nrpe tags: configure_nrpe
- name: enable nrpe - name: enable nrpe
become: true become: true
systemd: systemd:
name: nagios-nrpe-server name: nagios-nrpe-server
enabled: yes enabled: yes
masked: no masked: no
state: restarted state: restarted
tags: enable_nrpe tags: enable_nrpe
- lineinfile: - lineinfile:
path: "/etc/sudoers" path: "/etc/sudoers"
state: present state: present
line: "nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/" line: "nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/"
validate: "/usr/sbin/visudo -cf %s" validate: "/usr/sbin/visudo -cf %s"
become: true become: true
tags: nagios_sudo tags: nagios_sudo

44
roles/pi/tasks/main.yaml Executable file → Normal file
View File

@@ -1,17 +1,27 @@
--- ---
- name: set swapfile - name: set swapfile
become: true become: true
lineinfile: lineinfile:
path: /etc/dphys-swapfile path: /etc/dphys-swapfile
state: present state: present
regexp: '^CONF_SWAPSIZE' regexp: '^CONF_SWAPSIZE'
line: 'CONF_SWAPSIZE=1024' line: 'CONF_SWAPSIZE=1024'
owner: root owner: root
group: root group: root
mode: 0600 mode: 0600
tags: set_swapfile tags: set_swapfile
- name: restart swapfile - name: restart swapfile
become: true become: true
command: '/etc/init.d/dphys-swapfile restart' command: '/etc/init.d/dphys-swapfile restart'
tags: set_swapfile tags: set_swapfile
- lineinfile:
path: /boot/config.txt
state: present
backrefs: yes
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: '#framebuffer_width=1280', line: 'framebuffer_width=1280' }
- { regexp: '#framebuffer_height=720', line: 'framebuffer_height=1024' }
become: true

380
roles/public/tasks/main.yaml Executable file → Normal file
View File

@@ -1,190 +1,190 @@
--- ---
- name: Install ufw packages - name: Install ufw packages
package: package:
name: ufw name: ufw
state: present state: present
become: true become: true
- name: Allow all access from RFC1918 networks to this hosts - name: Allow all access from RFC1918 networks to this hosts
ufw: ufw:
rule: allow rule: allow
src: '{{ item }}' src: '{{ item }}'
with_items: with_items:
- 10.0.0.0/8 - 10.0.0.0/8
- 172.16.0.0/12 - 172.16.0.0/12
- 192.168.0.0/16 - 192.168.0.0/16
become: true become: true
- name: Allow all access from any Comcast IP Space - name: Allow all access from any Comcast IP Space
become: true become: true
ufw: ufw:
rule: allow rule: allow
src: '{{ item }} ' src: '{{ item }} '
with_items: with_items:
- 72.94.169.223/32 - 72.94.169.223/32
- 100.96.0.0/11 - 100.96.0.0/11
- 103.72.193.0/24 - 103.72.193.0/24
- 107.0.0.0/14 - 107.0.0.0/14
- 107.4.0.0/15 - 107.4.0.0/15
- 108.171.224.0/20 - 108.171.224.0/20
- 147.191.0.0/16 - 147.191.0.0/16
- 162.148.0.0/14 - 162.148.0.0/14
- 162.17.0.0/16 - 162.17.0.0/16
- 165.137.0.0/16 - 165.137.0.0/16
- 169.152.0.0/16 - 169.152.0.0/16
- 169.152.0.0/16 - 169.152.0.0/16
- 173.160.0.0/13 - 173.160.0.0/13
- 173.8.0.0/13 - 173.8.0.0/13
- 174.160.0.0/11 - 174.160.0.0/11
- 174.48.0.0/12 - 174.48.0.0/12
- 184.108.0.0/14 - 184.108.0.0/14
- 184.112.0.0/12 - 184.112.0.0/12
- 193.57.148.0/22 - 193.57.148.0/22
- 198.0.0.0/16 - 198.0.0.0/16
- 198.137.252.0/23 - 198.137.252.0/23
- 198.178.8.0/21 - 198.178.8.0/21
- 207.223.0.0/20 - 207.223.0.0/20
- 208.110.192.0/19 - 208.110.192.0/19
- 208.39.128.0/18 - 208.39.128.0/18
- 209.23.192.0/18 - 209.23.192.0/18
- 216.45.128.0/17 - 216.45.128.0/17
- 23.24.0.0/15 - 23.24.0.0/15
- 23.30.0.0/15 - 23.30.0.0/15
- 23.68.0.0/14 - 23.68.0.0/14
- 232.128.0.0/13 - 232.128.0.0/13
- 232.232.0.0/14 - 232.232.0.0/14
- 232.36.0.0/14 - 232.36.0.0/14
- 232.40.0.0/14 - 232.40.0.0/14
- 232.44.0.0/14 - 232.44.0.0/14
- 232.48.0.0/14 - 232.48.0.0/14
- 232.52.0.0/14 - 232.52.0.0/14
- 232.56.0.0/14 - 232.56.0.0/14
- 232.64.0.0/14 - 232.64.0.0/14
- 232.80.0.0/14 - 232.80.0.0/14
- 232.96.0.0/14 - 232.96.0.0/14
- 239.12.0.0/14 - 239.12.0.0/14
- 239.16.0.0/14 - 239.16.0.0/14
- 239.20.0.0/14 - 239.20.0.0/14
- 239.24.0.0/14 - 239.24.0.0/14
- 239.28.0.0/14 - 239.28.0.0/14
- 239.32.0.0/14 - 239.32.0.0/14
- 24.0.0.0/12 - 24.0.0.0/12
- 24.104.0.0/17 - 24.104.0.0/17
- 24.104.128.0/19 - 24.104.128.0/19
- 24.118.0.0/16 - 24.118.0.0/16
- 24.124.128.0/17 - 24.124.128.0/17
- 24.125.0.0/16 - 24.125.0.0/16
- 24.126.0.0/15 - 24.126.0.0/15
- 24.128.0.0/16 - 24.128.0.0/16
- 24.129.0.0/17 - 24.129.0.0/17
- 24.130.0.0/15 - 24.130.0.0/15
- 24.147.0.0/16 - 24.147.0.0/16
- 24.149.128.0/17 - 24.149.128.0/17
- 24.153.64.0/19 - 24.153.64.0/19
- 24.153.72.0/21 - 24.153.72.0/21
- 24.16.0.0/13 - 24.16.0.0/13
- 24.218.0.0/16 - 24.218.0.0/16
- 24.245.0.0/18 - 24.245.0.0/18
- 24.30.0.0/17 - 24.30.0.0/17
- 24.34.0.0/16 - 24.34.0.0/16
- 24.40.0.0/18 - 24.40.0.0/18
- 24.40.64.0/20 - 24.40.64.0/20
- 24.60.0.0/14 - 24.60.0.0/14
- 24.91.0.0/16 - 24.91.0.0/16
- 24.98.0.0/15 - 24.98.0.0/15
- 3.81.241.149 - 3.81.241.149
- 50.128.0.0/9 - 50.128.0.0/9
- 50.73.0.0/16 - 50.73.0.0/16
- 50.76.0.0/14 - 50.76.0.0/14
- 64.139.64.0/19 - 64.139.64.0/19
- 64.235.160.0/19 - 64.235.160.0/19
- 64.56.32.0/19 - 64.56.32.0/19
- 64.78.64.0/18 - 64.78.64.0/18
- 65.34.128.0/17 - 65.34.128.0/17
- 65.96.0.0/16 - 65.96.0.0/16
- 66.176.0.0/15 - 66.176.0.0/15
- 66.208.192.0/18 - 66.208.192.0/18
- 66.229.0.0/16 - 66.229.0.0/16
- 66.240.0.0/18 - 66.240.0.0/18
- 66.30.0.0/15 - 66.30.0.0/15
- 66.41.0.0/16 - 66.41.0.0/16
- 66.56.0.0/18 - 66.56.0.0/18
- 67.160.0.0/11 - 67.160.0.0/11
- 67.178.0.0/17 - 67.178.0.0/17
- 67.178.128.0/17 - 67.178.128.0/17
- 67.179.0.0/16 - 67.179.0.0/16
- 68.32.0.0/11 - 68.32.0.0/11
- 68.80.0.0/13 - 68.80.0.0/13
- 68.85.0.0/20 - 68.85.0.0/20
- 68.85.128.0/17 - 68.85.128.0/17
- 68.85.16.0/20 - 68.85.16.0/20
- 68.85.32.0/19 - 68.85.32.0/19
- 68.85.64.0/18 - 68.85.64.0/18
- 68.86.0.0/18 - 68.86.0.0/18
- 68.86.128.0/17 - 68.86.128.0/17
- 68.86.64.0/18 - 68.86.64.0/18
- 68.87.0.0/20 - 68.87.0.0/20
- 68.87.128.0/18 - 68.87.128.0/18
- 68.87.16.0/20 - 68.87.16.0/20
- 68.87.192.0/19 - 68.87.192.0/19
- 68.87.224.0/20 - 68.87.224.0/20
- 68.87.240.0/20 - 68.87.240.0/20
- 68.87.32.0/19 - 68.87.32.0/19
- 68.87.64.0/18 - 68.87.64.0/18
- 69.136.0.0/13 - 69.136.0.0/13
- 69.139.128.0/20 - 69.139.128.0/20
- 69.139.144.0/20 - 69.139.144.0/20
- 69.139.160.0/19 - 69.139.160.0/19
- 69.139.192.0/18 - 69.139.192.0/18
- 69.180.0.0/15 - 69.180.0.0/15
- 69.240.0.0/12 - 69.240.0.0/12
- 70.88.0.0/14 - 70.88.0.0/14
- 71.192.0.0/12 - 71.192.0.0/12
- 71.224.0.0/12 - 71.224.0.0/12
- 71.24.0.0/14 - 71.24.0.0/14
- 71.56.0.0/13 - 71.56.0.0/13
- 72.55.0.0/17 - 72.55.0.0/17
- 73.0.0.0/8 - 73.0.0.0/8
- 74.144.0.0/12 - 74.144.0.0/12
- 74.16.0.0/12 - 74.16.0.0/12
- 74.81.128.0/19 - 74.81.128.0/19
- 74.92.0.0/14 - 74.92.0.0/14
- 75.144.0.0/13 - 75.144.0.0/13
- 75.64.0.0/13 - 75.64.0.0/13
- 75.72.0.0/15 - 75.72.0.0/15
- 75.74.0.0/16 - 75.74.0.0/16
- 75.75.0.0/17 - 75.75.0.0/17
- 75.75.128.0/18 - 75.75.128.0/18
- 75.75.72.0/21 - 75.75.72.0/21
- 76.128.0.0/11 - 76.128.0.0/11
- 76.16.0.0/12 - 76.16.0.0/12
- 76.96.0.0/11 - 76.96.0.0/11
- 96.100.0.0/14 - 96.100.0.0/14
- 96.106.0.0/15 - 96.106.0.0/15
- 96.108.0.0/17 - 96.108.0.0/17
- 96.108.128.0/18 - 96.108.128.0/18
- 96.108.192.0/19 - 96.108.192.0/19
- 96.108.224.0/19 - 96.108.224.0/19
- 96.109.0.0/16 - 96.109.0.0/16
- 96.110.0.0/16 - 96.110.0.0/16
- 96.111.0.0/16 - 96.111.0.0/16
- 96.112.0.0/13 - 96.112.0.0/13
- 96.120.0.0/14 - 96.120.0.0/14
- 96.124.0.0/16 - 96.124.0.0/16
- 96.128.0.0/10 - 96.128.0.0/10
- 96.192.0.0/11 - 96.192.0.0/11
- 96.64.0.0/11 - 96.64.0.0/11
- 96.96.0.0/12 - 96.96.0.0/12
- 98.192.0.0/10 - 98.192.0.0/10
- 98.205.0.0/16 - 98.205.0.0/16
- 98.241.0.0/16 - 98.241.0.0/16
- 98.32.0.0/11 - 98.32.0.0/11
- name: Allow DHCP - name: Allow DHCP
ufw: ufw:
rule: allow rule: allow
to_port: 67 to_port: 67
become: true become: true
tags: ufw_dhcp tags: ufw_dhcp
- name: Enable UFW - name: Enable UFW
ufw: ufw:
state: enabled state: enabled
policy: deny policy: deny
become: true become: true

0
roles/salesforce/files/salesforce.sh Executable file → Normal file
View File

17820
roles/salesforce/files/salesforce_url.list
View File

File diff suppressed because it is too large Load Diff

40
roles/salesforce/tasks/main.yaml Executable file → Normal file
View File

@@ -1,20 +1,20 @@
--- ---
- name: copy salesforce script - name: copy salesforce script
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: pi owner: pi
group: pi group: pi
mode: a+x mode: a+x
with_items: with_items:
- { src: "{{ role_path }}/files/salesforce.sh", dest: "/home/pi/scripts/salesforce.sh" } - { src: "{{ role_path }}/files/salesforce.sh", dest: "/home/pi/scripts/salesforce.sh" }
- { src: "{{ role_path }}/files/salesforce_url.list", dest: "/home/pi/Documents/salesforce_url.list" } - { src: "{{ role_path }}/files/salesforce_url.list", dest: "/home/pi/Documents/salesforce_url.list" }
tags: salesforcetraff_script tags: salesforcetraff_script
- name: enable cron job for salesforce traffic - name: enable cron job for salesforce traffic
cron: cron:
name: "salesforcetraff" name: "salesforcetraff"
minute: "*/5" minute: "*/5"
hour: "7-18" hour: "7-18"
weekday: "1-5" weekday: "1-5"
job: "/home/pi/scripts/salesforce.sh" job: "/home/pi/scripts/salesforce.sh"
tags: salesforcetraff_cron tags: salesforcetraff_cron

108
roles/samba-server/README.md
View File

@@ -1,54 +1,54 @@
SAMBA Server Installation on Ubuntu Server using Ansible SAMBA Server Installation on Ubuntu Server using Ansible
-------- --------
There's a blog post that I wrote to go along with this. [Check it out!] There's a blog post that I wrote to go along with this. [Check it out!]
This role is helpful to install SAMBA server on Ubuntu server 14.04 LTS. This role is helpful to install SAMBA server on Ubuntu server 14.04 LTS.
[SAMBA Installation Tutorial] - This step by step tutorial explains the installation and configuration of a SAMBA server on Ubuntu server. [SAMBA Installation Tutorial] - This step by step tutorial explains the installation and configuration of a SAMBA server on Ubuntu server.
### To use this Role: ### To use this Role:
Edit the `site.yml` file, mentioned this role: Edit the `site.yml` file, mentioned this role:
```yaml ```yaml
--- ---
- hosts: server - hosts: server
become: yes become: yes
gather_facts: yes gather_facts: yes
roles: roles:
- samba - samba
``` ```
After that edit the `defaults/main.yml` file: After that edit the `defaults/main.yml` file:
> Change the username(s) and their smbpassword, but these user(s) must exist on the target system. > Change the username(s) and their smbpassword, but these user(s) must exist on the target system.
> Also change the other values as per your requirement. These are self explanatory. > Also change the other values as per your requirement. These are self explanatory.
```yaml ```yaml
--- ---
ubuntu_samba_packages: ubuntu_samba_packages:
- samba - samba
- samba-common - samba-common
- python-glade2 - python-glade2
- system-config-samba - system-config-samba
workgroup: WORKGROUP workgroup: WORKGROUP
public_share_name: public public_share_name: public
public_share_path: /samba/public public_share_path: /samba/public
private_share_name: private private_share_name: private
private_share_path: /samba/private private_share_path: /samba/private
samba_group_name: smbgrp samba_group_name: smbgrp
samba_users: samba_users:
- name: 'arbab' - name: 'arbab'
smbpasswd: 'pass123' smbpasswd: 'pass123'
- name: 'hussain' - name: 'hussain'
smbpasswd: 'password' smbpasswd: 'password'
``` ```
Then run this command: Then run this command:
``` ```
ansible-playbook -i hosts -u arbab site.yml ansible-playbook -i hosts -u arbab site.yml
``` ```
**Note:** Please don't forget to change `arbab` with your username **Note:** Please don't forget to change `arbab` with your username
[SAMBA Installation Tutorial]:https://rbgeek.wordpress.com/2012/04/25/how-to-install-samba-server-on-ubuntu-12-04/ [SAMBA Installation Tutorial]:https://rbgeek.wordpress.com/2012/04/25/how-to-install-samba-server-on-ubuntu-12-04/
[Check it out!]:https://rbgeek.wordpress.com/2015/02/23/installing-the-samba-server-on-ubuntu-using-ansible/ [Check it out!]:https://rbgeek.wordpress.com/2015/02/23/installing-the-samba-server-on-ubuntu-using-ansible/

34
roles/samba-server/defaults/main.yml
View File

@@ -1,17 +1,17 @@
--- ---
ubuntu_samba_packages: ubuntu_samba_packages:
- samba - samba
- samba-common - samba-common
- python-glade2 - python-glade2
- system-config-samba # - system-config-samba
workgroup: DEMO workgroup: DEMO
public_share_name: share public_share_name: share
public_share_path: /media/share public_share_path: /media/share
private_share_name: private private_share_name: private
private_share_path: /media/private private_share_path: /media/private
samba_group_name: smbgrp samba_group_name: smbgrp
samba_users: samba_users:
- name: 'demo' - name: 'demo'
smbpasswd: 'Demo123' smbpasswd: 'Demo123'
- name: 'pi' - name: 'pi'
smbpasswd: 'pipasswd' smbpasswd: 'pipasswd'

17
roles/samba-server/handlers/main.yml
View File

@@ -1,8 +1,9 @@
--- ---
- name: Restart Samba - name: Restart Samba
service: systemd:
name: smbd.service name: smbd.service
state: restarted state: restarted
- name: Generate Samba Files enabled: yes
become: yes - name: Generate Samba Files
shell: /home/pi/scripts/genfiles.sh become: yes
shell: /home/pi/scripts/genfiles.sh

146
roles/samba-server/tasks/main.yml
View File

@@ -1,74 +1,72 @@
--- ---
- name: Install the Samba and additional packages - name: Install the Samba and additional packages
apt: apt:
name: "{{ ubuntu_samba_packages }}" name: "{{ ubuntu_samba_packages }}"
state: present state: present
update_cache: yes update_cache: yes
become: yes become: yes
- name: Copy the Customize smb.conf file - name: Copy the Customize smb.conf file
become: yes become: yes
template: template:
src: etc_samba_smb.conf.j2 src: etc_samba_smb.conf.j2
dest: /etc/samba/smb.conf dest: /etc/samba/smb.conf
backup: yes backup: yes
notify: # notify: Restart Samba
- Restart Samba
- name: Create Samba users restricted group
- name: Create Samba users restricted group group:
group: name: "{{ samba_group_name }}"
name: "{{ samba_group_name }}" state: present
state: present become: yes
become: yes - name: Add the User(s) to Samba group
- name: Add the User(s) to Samba group user:
user: name: "{{ item.name }}"
name: "{{ item.name }}" groups: "{{ samba_group_name }}"
groups: "{{ samba_group_name }}" append: yes
append: yes become: yes
become: yes with_items: "{{ samba_users }}"
with_items: "{{ samba_users }}"
- name: Create Samba Password for User(s)
- name: Create Samba Password for User(s) shell: "(echo {{ item.smbpasswd }}; echo {{ item.smbpasswd }}) | smbpasswd -s -a {{ item.name }}"
shell: "(echo {{ item.smbpasswd }}; echo {{ item.smbpasswd }}) | smbpasswd -s -a {{ item.name }}" with_items: "{{ samba_users }}"
with_items: "{{ samba_users }}" become: yes
become: yes
- name: "Check that {{ public_share_path }} exist"
- name: "Check that {{ public_share_path }} exist" stat:
stat: path: "{{ public_share_path }}"
path: "{{ public_share_path }}" register: public_dir_exists
register: public_dir_exists
- name: "Create {{ public_share_path }} directory"
- name: "Create {{ public_share_path }} directory" become: yes
become: yes file:
file: state: directory
state: directory path: "{{ public_share_path }}"
path: "{{ public_share_path }}" owner: nobody
owner: nobody group: nogroup
group: nogroup mode: 0755
mode: 0755 recurse: yes
recurse: yes when: public_dir_exists.stat.exists == False
when: public_dir_exists.stat.exists == False
- name: "Check that {{ private_share_path }} exist"
- name: "Check that {{ private_share_path }} exist" stat:
stat: path: "{{ private_share_path }}"
path: "{{ private_share_path }}" register: private_dir_exists
register: private_dir_exists
- name: "Create {{ private_share_path }} directory"
- name: "Create {{ private_share_path }} directory" become: yes
become: yes file:
file: state: directory
state: directory path: "{{ private_share_path }}"
path: "{{ private_share_path }}" owner: root
owner: root group: "{{ samba_group_name }}"
group: "{{ samba_group_name }}" mode: 1770
mode: 1770 when: private_dir_exists.stat.exists == False
when: private_dir_exists.stat.exists == False - name: copy genfiles script
- name: copy genfiles script copy:
copy: src: "{{ role_path }}/files/genfiles.sh"
src: "{{ role_path }}/files/genfiles.sh" dest: /home/pi/scripts/genfiles.sh
dest: /home/pi/scripts/genfiles.sh owner: pi
owner: pi group: pi
group: pi mode: a+x
mode: a+x tags: samba_genfiles
tags: samba_genfiles notify: Generate Samba Files
notify:
- Generate Samba Files

56
roles/samba-server/templates/etc_samba_smb.conf.j2
View File

@@ -1,28 +1,28 @@
#======================= Global Settings ===================================== #======================= Global Settings =====================================
#{{ ansible_managed }} #{{ ansible_managed }}
[global] [global]
workgroup = {{ workgroup }} workgroup = {{ workgroup }}
server string = Samba Server %v server string = Samba Server %v
netbios name = ubuntu netbios name = ubuntu
security = user security = user
map to guest = bad user map to guest = bad user
dns proxy = no dns proxy = no
#============================ Share Definitions ============================== #============================ Share Definitions ==============================
#### Public Share #### #### Public Share ####
[{{ public_share_name }}] [{{ public_share_name }}]
path = {{ public_share_path }} path = {{ public_share_path }}
browsable =yes browsable =yes
writable = yes writable = yes
guest ok = yes guest ok = yes
read only = no read only = no
#### Private Share #### #### Private Share ####
[{{ private_share_name }}] [{{ private_share_name }}]
path = {{ private_share_path }} path = {{ private_share_path }}
valid users = @{{ samba_group_name }} valid users = @{{ samba_group_name }}
guest ok = no guest ok = no
writable = yes writable = yes
browsable = yes browsable = yes
create mask = 0700 create mask = 0700
directory mask = 0700 directory mask = 0700

40
roles/sipclient/tasks/main.yaml Executable file → Normal file
View File

@@ -1,20 +1,20 @@
--- ---
- name: enable sip client - name: enable sip client
become: true become: true
cron: cron:
name: "sip client" name: "sip client"
minute: "*/30" minute: "*/30"
hour: "8-18" hour: "8-18"
weekday: "1-5" weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 1800' && /home/pi/sipp/startclient.sh" job: "/usr/bin/perl -e 'sleep int rand 1800' && /home/pi/sipp/startclient.sh"
user: root user: root
tags: sipclient_cron tags: sipclient_cron
- name: stop sip calling after hours - name: stop sip calling after hours
become: true become: true
cron: cron:
name: "stop sip client" name: "stop sip client"
hour: "17" hour: "17"
weekday: "1-5" weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 1800' && /home/pi/sipp/stopclient.sh" job: "/usr/bin/perl -e 'sleep int rand 1800' && /home/pi/sipp/stopclient.sh"
user: root user: root
tags: sipclient_stop tags: sipclient_stop

0
roles/sipp/files/startclient.sh Executable file → Normal file
View File

0
roles/sipp/files/startserver.sh Executable file → Normal file
View File

118
roles/sipp/tasks/main.yaml Executable file → Normal file
View File

@@ -1,59 +1,59 @@
--- ---
- name: download sipp source - name: download sipp source
get_url: get_url:
url: "https://github.com/SIPp/sipp/releases/download/v3.5.2/sipp-3.5.2.tar.gz" url: "https://github.com/SIPp/sipp/releases/download/v3.5.2/sipp-3.5.2.tar.gz"
dest: "/home/pi/sipp-3.5.2.tar.gz" dest: "/home/pi/sipp-3.5.2.tar.gz"
register: sipp_source register: sipp_source
tags: sipp tags: sipp
- name: Unpacking SIPP - name: Unpacking SIPP
unarchive: unarchive:
copy: no copy: no
dest: /home/pi/ dest: /home/pi/
src: "/home/pi/sipp-3.5.2.tar.gz" src: "/home/pi/sipp-3.5.2.tar.gz"
when: sipp_source.changed when: sipp_source.changed
register: sipp_source_unpack register: sipp_source_unpack
tags: sipp tags: sipp
- name: move sipp directory - name: move sipp directory
command: 'mv sipp-3.5.2 sipp' command: 'mv sipp-3.5.2 sipp'
when: sipp_source_unpack is changed when: sipp_source_unpack is changed
register: sipp_move_directory register: sipp_move_directory
tags: sipp tags: sipp
- name: configure sipp - name: configure sipp
command: "./configure --with-openssl --with-pcap --with-sctp" command: "./configure --with-openssl --with-pcap --with-sctp"
args: args:
chdir: "/home/pi/sipp" chdir: "/home/pi/sipp"
when: sipp_move_directory is changed when: sipp_move_directory is changed
tags: sipp tags: sipp
register: sipp_configure register: sipp_configure
- name: build sipp - name: build sipp
shell: make shell: make
when: sipp_configure is changed when: sipp_configure is changed
args: args:
chdir: "/home/pi/sipp" chdir: "/home/pi/sipp"
tags: sipp tags: sipp
- name: copy scripts - name: copy scripts
when: sipp_move_directory is changed when: sipp_move_directory is changed
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: pi owner: pi
group: pi group: pi
mode: a+x mode: a+x
with_items: with_items:
- { src: "{{ role_path }}/files/startserver.sh", dest: "/home/pi/sipp/startserver.sh" } - { src: "{{ role_path }}/files/startserver.sh", dest: "/home/pi/sipp/startserver.sh" }
- { src: "{{ role_path }}/files/startclient.sh", dest: "/home/pi/sipp/startclient.sh" } - { src: "{{ role_path }}/files/startclient.sh", dest: "/home/pi/sipp/startclient.sh" }
- { src: "{{ role_path }}/files/stopclient.sh", dest: "/home/pi/sipp/stopclient.sh" } - { src: "{{ role_path }}/files/stopclient.sh", dest: "/home/pi/sipp/stopclient.sh" }
tags: sipp tags: sipp
- name: copy scripts2 - name: copy scripts2
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: pi owner: pi
group: pi group: pi
mode: a+x mode: a+x
with_items: with_items:
- { src: "{{ role_path }}/files/startserver.sh", dest: "/home/pi/sipp/startserver.sh" } - { src: "{{ role_path }}/files/startserver.sh", dest: "/home/pi/sipp/startserver.sh" }
- { src: "{{ role_path }}/files/startclient.sh", dest: "/home/pi/sipp/startclient.sh" } - { src: "{{ role_path }}/files/startclient.sh", dest: "/home/pi/sipp/startclient.sh" }
- { src: "{{ role_path }}/files/stopclient.sh", dest: "/home/pi/sipp/stopclient.sh" } - { src: "{{ role_path }}/files/stopclient.sh", dest: "/home/pi/sipp/stopclient.sh" }
tags: sipp_scripts tags: sipp_scripts

18
roles/sipserver/tasks/main.yaml Executable file → Normal file
View File

@@ -1,9 +1,9 @@
--- ---
- name: enable cron job for sip server - name: enable cron job for sip server
become: true become: true
cron: cron:
name: "sipserver" name: "sipserver"
minute: "*/30" minute: "*/30"
user: root user: root
job: "/home/pi/sipp/startserver.sh" job: "/home/pi/sipp/startserver.sh"
tags: sipserver_cron tags: sipserver_cron

8
roles/smbclient/files/.credentials
View File

@@ -1,4 +1,4 @@
username=demo username=demo
password=Demo123 password=Demo123
domain=DEMO domain=DEMO

2
roles/smbclient/files/smb-session.sh Executable file → Normal file
View File

@@ -13,6 +13,6 @@ if pgrep -f test_file >/dev/null
then then
exit 0 exit 0
else else
smbclient //192.168.198.2/share -c "get $file" -A ~/.credentials smbclient //192.168.88.230/share -c "get $file" -A ~/.credentials
fi fi

48
roles/smbclient/tasks/main.yaml Executable file → Normal file
View File

@@ -1,24 +1,24 @@
--- ---
- name: enable cron job for smb traffic - name: enable cron job for smb traffic
cron: cron:
name: "smbtraff" name: "smbtraff"
minute: "*/60" minute: "*/60"
hour: "7-18" hour: "7-18"
weekday: "1-5" weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 3500' && /home/pi/scripts/smb-session.sh" job: "/usr/bin/perl -e 'sleep int rand 3500' && /home/pi/scripts/smb-session.sh"
tags: smbtraff_cron tags: smbtraff_cron
- name: copy smb-session.sh to scripts directory - name: copy smb-session.sh to scripts directory
copy: copy:
src: "{{ role_path }}/files/smb-session.sh" src: "{{ role_path }}/files/smb-session.sh"
dest: /home/pi/scripts/smb-session.sh dest: /home/pi/scripts/smb-session.sh
owner: pi owner: pi
group: pi group: pi
mode: a+x mode: a+x
tags: smbtraff_script tags: smbtraff_script
- name: copy credentials to user directory - name: copy credentials to user directory
copy: copy:
src: "{{ role_path }}/files/.credentials" src: "{{ role_path }}/files/.credentials"
dest: /home/pi dest: /home/pi
owner: pi owner: pi
group: pi group: pi
tags: smbtraff_credentials tags: smbtraff_credentials

64
roles/snmpd/tasks/main.yaml Executable file → Normal file
View File

@@ -1,32 +1,32 @@
--- ---
- name: Install snmpd Package - name: Install snmpd Package
become: yes become: yes
apt: apt:
name: ['snmpd'] name: ['snmpd']
state: present state: present
update_cache: true update_cache: true
tags: install_snmpd tags: install_snmpd
- lineinfile: - lineinfile:
path: /etc/snmp/snmpd.conf path: /etc/snmp/snmpd.conf
state: present state: present
backrefs: yes backrefs: yes
regexp: "{{ item.regexp }}" regexp: "{{ item.regexp }}"
line: "{{ item.line }}" line: "{{ item.line }}"
with_items: with_items:
- { regexp: '^\s+rocommunity\s+public\s+default\s+-V\s+systemonly', line: ' rocommunity {{ rocommunity }}' } - { regexp: '^\s+rocommunity\s+public\s+default\s+-V\s+systemonly', line: ' rocommunity {{ rocommunity }}' }
- { regexp: '^agentAddress\s+udp:127.0.0.1:161', line: 'agentAddress udp:161' } - { regexp: '^agentAddress\s+udp:127.0.0.1:161', line: 'agentAddress udp:161' }
tags: configure_snmpd tags: configure_snmpd
become: true become: true
- name: enable snmpd service and ensure it is not masked - name: enable snmpd service and ensure it is not masked
systemd: systemd:
name: snmpd name: snmpd
enabled: yes enabled: yes
masked: no masked: no
state: restarted state: restarted
tags: enable_snmpd tags: enable_snmpd
become: true become: true
- name: set timezone - name: set timezone
become: true become: true
timezone: timezone:
name: America/New_York name: America/New_York
tags: set_timezone tags: set_timezone

8
roles/vnc/files/vncserver-x11
View File

@@ -1,4 +1,4 @@
Authentication=VncAuth Authentication=VncAuth
Encryption=PreferOn Encryption=PreferOn
Password=12d2f5a0e446b80ad72a2ec6a3688ee308f543f59d7bf06f Password=12d2f5a0e446b80ad72a2ec6a3688ee308f543f59d7bf06f

40
roles/vnc/tasks/main.yaml Executable file → Normal file
View File

@@ -1,17 +1,23 @@
--- ---
- name: enable vnc service and ensure it is not masked - name: enable vnc service and ensure it is not masked
become: true become: true
systemd: systemd:
name: vncserver-x11-serviced.service name: vncserver-x11-serviced.service
enabled: yes enabled: yes
masked: no masked: no
state: restarted state: restarted
tags: enable_vnc tags: enable_vnc
- name: copy vnc configuration with password - name: copy vnc configuration with password
become: true become: true
copy: copy:
src: "{{ role_path }}/files/vncserver-x11" src: "{{ role_path }}/files/vncserver-x11"
dest: /root/.vnc/config.d/vncserver-x11 dest: /root/.vnc/config.d/vncserver-x11
owner: root owner: root
group: root group: root
tags: vnc_config tags: vnc_config
- name: set lxde in .xsession
lineinfile:
path: /home/pi/.xsession
line: lxsession -s Lubuntu -e LXDE
create: yes

0
roles/webclient/files/cadaver-webdav-clean.sh Executable file → Normal file
View File

0
roles/webclient/files/cadaver-webdav.sh Executable file → Normal file
View File

0
roles/webclient/files/webdav-session.sh Executable file → Normal file
View File

12
roles/wifi/files/dnsmasq.conf
View File

@@ -1,7 +1,7 @@
interface=wlan0 interface=wlan0
dhcp-range=10.250.250.2,10.250.250.6,255.255.255.248,24h dhcp-range=10.250.250.2,10.250.250.6,255.255.255.248,24h
listen-address=10.250.250.1 listen-address=10.250.250.1
bind-interfaces bind-interfaces
server=8.8.8.8 server=8.8.8.8
bogus-priv bogus-priv
domain=demo.dsfinancial.com domain=demo.dsfinancial.com

30
roles/wifi/files/hostapd.conf
View File

@@ -1,15 +1,15 @@
interface=wlan0 interface=wlan0
driver=nl80211 driver=nl80211
hw_mode=g hw_mode=g
channel=6 channel=6
ieee80211n=1 ieee80211n=1
wmm_enabled=1 wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0 macaddr_acl=0
ignore_broadcast_ssid=0 ignore_broadcast_ssid=0
wpa=2 wpa=2
auth_algs=1 auth_algs=1
wpa_key_mgmt=WPA-PSK wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP rsn_pairwise=CCMP
ssid=PHLIPAMT ssid=PHLIPAMT
wpa_passphrase=dsfinisdemo wpa_passphrase=dsfinisdemo

36
roles/wifi/files/iptables.ipv4.nat
View File

@@ -1,18 +1,18 @@
# Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019 # Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019
*filter *filter
:INPUT ACCEPT [7056:1877085] :INPUT ACCEPT [7056:1877085]
:FORWARD ACCEPT [0:0] :FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6972:1880076] :OUTPUT ACCEPT [6972:1880076]
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT -A FORWARD -i wlan0 -o eth0 -j ACCEPT
COMMIT COMMIT
# Completed on Thu Mar 14 09:59:15 2019 # Completed on Thu Mar 14 09:59:15 2019
# Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019 # Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019
*nat *nat
:PREROUTING ACCEPT [15:3832] :PREROUTING ACCEPT [15:3832]
:INPUT ACCEPT [15:3832] :INPUT ACCEPT [15:3832]
:OUTPUT ACCEPT [110:30472] :OUTPUT ACCEPT [110:30472]
:POSTROUTING ACCEPT [106:29680] :POSTROUTING ACCEPT [106:29680]
-A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE
COMMIT COMMIT
# Completed on Thu Mar 14 09:59:15 2019 # Completed on Thu Mar 14 09:59:15 2019

216
roles/wifi/tasks/main.yaml Executable file → Normal file
View File

@@ -1,108 +1,108 @@
--- ---
- name: Remove wpasupplicant package - name: Remove wpasupplicant package
become: yes become: yes
apt: apt:
name: ['wpasupplicant'] name: ['wpasupplicant']
state: absent state: absent
purge: true purge: true
tags: wireless_ap tags: wireless_ap
- name: configure wlan0 - name: configure wlan0
become: true become: true
blockinfile: blockinfile:
path: /etc/dhcpcd.conf path: /etc/dhcpcd.conf
block: | block: |
interface wlan0 interface wlan0
static ip_address=10.250.250.1/29 static ip_address=10.250.250.1/29
nohook wpa_supplicant nohook wpa_supplicant
tags: wireless_ap tags: wireless_ap
- name: install hostapd - name: install hostapd
become: true become: true
apt: apt:
name: ['hostapd'] name: ['hostapd']
state: present state: present
tags: wireless_ap tags: wireless_ap
- name: configure hostapd - name: configure hostapd
become: true become: true
template: template:
src: "{{ role_path }}/templates/hostapd.conf.j2" src: "{{ role_path }}/templates/hostapd.conf.j2"
dest: "/etc/hostapd/hostapd.conf" dest: "/etc/hostapd/hostapd.conf"
owner: root owner: root
group: root group: root
backup: yes backup: yes
tags: wireless_ap tags: wireless_ap
- name: configure hostapd startup - name: configure hostapd startup
become: true become: true
tags: wireless_ap tags: wireless_ap
lineinfile: lineinfile:
state: present state: present
path: "{{ item.path }}" path: "{{ item.path }}"
regexp: "{{ item.regexp }}" regexp: "{{ item.regexp }}"
line: "{{ item.line }}" line: "{{ item.line }}"
with_items: with_items:
- { path: "/etc/init.d/hostapd", regexp: "^DAEMON_CONF=", line: "DAEMON_CONF=/etc/hostapd/hostapd.conf" } - { path: "/etc/init.d/hostapd", regexp: "^DAEMON_CONF=", line: "DAEMON_CONF=/etc/hostapd/hostapd.conf" }
- { path: "/etc/default/hostapd", regexp: "^#DAEMON_CONF=", line: "DAEMON_CONF=\"/etc/hostapd/hostapd.conf\"" } - { path: "/etc/default/hostapd", regexp: "^#DAEMON_CONF=", line: "DAEMON_CONF=\"/etc/hostapd/hostapd.conf\"" }
- name: enable hostapd - name: enable hostapd
become: true become: true
systemd: systemd:
name: hostapd name: hostapd
enabled: yes enabled: yes
masked: no masked: no
state: restarted state: restarted
tags: wireless_ap tags: wireless_ap
- name: install dnsmasq - name: install dnsmasq
become: true become: true
apt: apt:
name: ['dnsmasq'] name: ['dnsmasq']
state: present state: present
tags: wireless_ap tags: wireless_ap
- name: configure dnsmasq - name: configure dnsmasq
become: true become: true
copy: copy:
src: "{{ role_path }}/files/dnsmasq.conf" src: "{{ role_path }}/files/dnsmasq.conf"
dest: "/etc/dnsmasq.conf" dest: "/etc/dnsmasq.conf"
backup: yes backup: yes
owner: root owner: root
group: root group: root
tags: wireless_ap tags: wireless_ap
- name: enable dnsmasq - name: enable dnsmasq
become: true become: true
systemd: systemd:
name: dnsmasq name: dnsmasq
enabled: yes enabled: yes
masked: no masked: no
state: restarted state: restarted
tags: wireless_ap tags: wireless_ap
- name: enable ipv4.forwarding - name: enable ipv4.forwarding
become: true become: true
sysctl: sysctl:
name: net.ipv4.ip_forward name: net.ipv4.ip_forward
value: 1 value: 1
sysctl_set: yes sysctl_set: yes
state: present state: present
reload: yes reload: yes
tags: wireless_ap tags: wireless_ap
- name: copy fw config - name: copy fw config
become: true become: true
copy: copy:
src: "{{ role_path }}/files/iptables.ipv4.nat" src: "{{ role_path }}/files/iptables.ipv4.nat"
dest: "/etc/iptables.ipv4.nat" dest: "/etc/iptables.ipv4.nat"
backup: yes backup: yes
owner: root owner: root
group: root group: root
tags: wireless_ap tags: wireless_ap
- name: iptables-restore to rc.local - name: iptables-restore to rc.local
lineinfile: lineinfile:
path: "/etc/rc.local" path: "/etc/rc.local"
state: present state: present
insertbefore: "exit 0" insertbefore: "exit 0"
line: "iptables-restore < /etc/iptables.ipv4.nat" line: "iptables-restore < /etc/iptables.ipv4.nat"
become: true become: true
tags: wireless_ap tags: wireless_ap
- name: restart dhcpcd - name: restart dhcpcd
become: true become: true
systemd: systemd:
name: dhcpcd name: dhcpcd
enabled: yes enabled: yes
masked: no masked: no
state: restarted state: restarted
tags: wireless_ap tags: wireless_ap

30
roles/wifi/templates/hostapd.conf.j2
View File

@@ -1,15 +1,15 @@
interface=wlan0 interface=wlan0
driver=nl80211 driver=nl80211
hw_mode=g hw_mode=g
channel=6 channel=6
ieee80211n=1 ieee80211n=1
wmm_enabled=1 wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0 macaddr_acl=0
ignore_broadcast_ssid=0 ignore_broadcast_ssid=0
wpa=2 wpa=2
auth_algs=1 auth_algs=1
wpa_key_mgmt=WPA-PSK wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP rsn_pairwise=CCMP
ssid={{ site_clli }} ssid={{ site_clli }}
wpa_passphrase=dsfinisdemo wpa_passphrase=dsfinisdemo

0
roles/youtube/files/youtube.sh Executable file → Normal file
View File

38
roles/youtube/tasks/main.yaml Executable file → Normal file
View File

@@ -1,19 +1,19 @@
--- ---
- name: copy youtube script - name: copy youtube script
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: pi owner: pi
group: pi group: pi
mode: a+x mode: a+x
with_items: with_items:
- { src: "{{ role_path }}/files/youtube.sh", dest: "/home/pi/scripts/youtube.sh" } - { src: "{{ role_path }}/files/youtube.sh", dest: "/home/pi/scripts/youtube.sh" }
tags: youtubetraff_script tags: youtubetraff_script
- name: enable cron job for youtube traffic - name: enable cron job for youtube traffic
cron: cron:
name: "youtubetraff" name: "youtubetraff"
minute: "*/30" minute: "*/30"
hour: "7-18" hour: "7-18"
weekday: "1-5" weekday: "1-5"
job: "/usr/bin/perl -e 'sleep int rand 900' && /home/pi/scripts/youtube.sh" job: "/usr/bin/perl -e 'sleep int rand 900' && /home/pi/scripts/youtube.sh"
tags: youtubetraff_cron tags: youtubetraff_cron

98
samba.yml Executable file → Normal file
View File

@@ -1,49 +1,49 @@
--- ---
- hosts: samba - hosts: samba
tasks: tasks:
- name: Install Samba Packages - name: Install Samba Packages
become: yes become: yes
apt: apt:
name: ['samba', 'smbclient','winbind','krb5-user','krb5-config','krb5-locales','winbind','libpam-winbind','libnss-winbind','dnsutils'] name: ['samba', 'smbclient','winbind','krb5-user','krb5-config','krb5-locales','winbind','libpam-winbind','libnss-winbind','dnsutils']
state: present state: present
update_cache: true update_cache: true
- name: stop samba services - name: stop samba services
become: yes become: yes
command: systemctl stop "{{ item }}" command: systemctl stop "{{ item }}"
ignore_errors: true ignore_errors: true
with_items: with_items:
- samba-ad-dc.service - samba-ad-dc.service
- smbd.service - smbd.service
- nmbd.service - nmbd.service
- winbind.service - winbind.service
- name: disable samba services - name: disable samba services
become: yes become: yes
command: systemctl disable "{{ item }}" command: systemctl disable "{{ item }}"
ignore_errors: true ignore_errors: true
with_items: with_items:
- samba-ad-dc.service - samba-ad-dc.service
- smbd.service - smbd.service
- nmbd.service - nmbd.service
- winbind.service - winbind.service
- name: set nsswitch service to use DNS resolution - name: set nsswitch service to use DNS resolution
become: yes become: yes
lineinfile: lineinfile:
path: /etc/nsswitch.conf path: /etc/nsswitch.conf
state: present state: present
regexp: '^hosts:' regexp: '^hosts:'
line: 'hosts: files dns mdns4_minimal [NOTFOUND=return]' line: 'hosts: files dns mdns4_minimal [NOTFOUND=return]'
- name: check if smb.conf exists - name: check if smb.conf exists
stat: stat:
path: /etc/samba/smb.conf path: /etc/samba/smb.conf
register: stat_result register: stat_result
- name: rename default smb.conf - name: rename default smb.conf
become: yes become: yes
shell: mv /etc/samba/smb.conf /etc/samba/smb.conf.backup shell: mv /etc/samba/smb.conf /etc/samba/smb.conf.backup
ignore_errors: true ignore_errors: true
tags: remove_default_samba_config tags: remove_default_samba_config
- name: delete default kerberos configuration if it exists - name: delete default kerberos configuration if it exists
become: yes become: yes
file: file:
state: absent state: absent
path: "/etc/krb5.conf" path: "/etc/krb5.conf"
tags: remove_default_samba_config tags: remove_default_samba_config

20
set_sudoer.yml Executable file → Normal file
View File

@@ -1,10 +1,10 @@
--- ---
- hosts: all - hosts: all
tasks: tasks:
- lineinfile: - lineinfile:
path: /etc/sudoers path: /etc/sudoers
state: present state: present
regexp: '^%sudo' regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL' line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s' validate: 'visudo -cf %s'
become: true become: true

4
temp.yaml Normal file
View File

@@ -0,0 +1,4 @@
---
- hosts: pi
roles:
- pi