From f16d598797a608019a32bff7f33f7aea72545719 Mon Sep 17 00:00:00 2001 From: Pi Date: Thu, 25 Jul 2019 08:54:41 -0400 Subject: [PATCH] - separate out package update to its own role - further refinements --- host.git | 6 + hosts | 195 +++++++++++++++++----------- main.yaml | 3 + roles/common/tasks/main.yaml | 6 - roles/ntopng/tasks/main.yaml | 26 ++++ roles/ntopng/vars/os_Raspbian_9.yml | 1 + roles/update/tasks/main.yaml | 7 + 7 files changed, 164 insertions(+), 80 deletions(-) create mode 100644 roles/update/tasks/main.yaml diff --git a/host.git b/host.git index fd05947..35a8e74 100644 --- a/host.git +++ b/host.git @@ -10,6 +10,12 @@ wes-host3 ansible_host=192.168.88.218 # that will act as the configuration server wes-host1 +[update] +# machines for auto package update +# this allows for excluding certain +# machines from automatically updating +# installed packages + [pi] # include all Raspberry Pi devces here wes-host1 diff --git a/hosts b/hosts index 4dce322..851a3ec 100644 --- a/hosts +++ b/hosts @@ -1,74 +1,121 @@ -# list all of the raspberry PI devices in the network -# the host name on each will be set to the first column -# it can be 1-20 characters, letters, digits, and hyphens -wes-host1 ansible_host=127.0.0.1 -#wes-host2 ansible_host=192.168.88.240 -#wes-host3 ansible_host=192.168.88.218 - -[ansible-hosts] -# there must only be one ansible-host. this is the device -# that will act as the configuration server -wes-host1 - -[pi] -# include all Raspberry Pi devces here -wes-host1 - -#wes-host2 -#wes-host3 - -# use variables for passwords -# currently not implemented -[pi:vars] -vncpassword=vncpass99 -pipassword=pipassword99 - -[samba-server] -# it is best to have only one samba-server host -wes-host1 - -[smbclient] -# it would probably be best to limit this to 10 clients -#wes-host2 -#wes-host3 - -[public] -# not currently used -# -[snmpd] -# installs SNMP daemon -# -wes-host1 - -[netflows] -# installs flow client -# -[facebook] -# devices can be set up for facebook, salesforce or youtube -# these are mutually exclusive and must be checked by you as there -# is no automated process for that -wes-host1 - -[salesforce] -# see comment for facebook -#wes-host2 - -[youtube] -# see comment for facebook -#wes-host3 - -[ftpclient] - -[sipclient] -# generates VoIP traffic, signaling and media -wes-host1 -#wes-host3 - -[sipserver] -# there must only be one sipserver -#wes-host2 -wes-host1 - -[ntopng] -# hosts running ntop -wes-host1 +sdwcltm2 ansible_host=192.168.50.2 site_clli=CRHMNJAW +sdwcltm3 ansible_host=192.168.201.55 site_clli=MTLRNJIK +sdwcltm5 ansible_host=10.8.0.8 site_clli=PHLJPAMT +sdwsrvm ansible_host=192.168.60.2 site_clli=WLGRPABW +sdwcltm8 ansible_host=192.168.150.2 site_clli=FTCLCORN +ubuntu-server-2 ansible_host=192.168.198.2 site_clli=CMCYCOJL +sdwcltm7 ansible_host=192.168.199.2 site_clli=SRSPNYGN +sdwsrvl ansible_host=192.168.90.2 site_clli=LSBGFL59 +sdwcltm4 ansible_host=192.168.100.2 site_clli=PROVUTZZ +sdwcltm6 ansible_host=192.168.200.34 site_clli=PHLJPAMT +ubuntu-server-1 ansible_host=192.168.201.2 site_clli=MTLRNJIK +sdwcltm9 ansible_host=192.168.200.163 site_clli=NRCRGAQN +#192.168.201.3 +ipsectest1 ansible_host=192.168.201.90 +ssh-jump ansible_host=192.168.201.9 + +[ansible-host] +ubuntu-server-1 + +[update] +# machines for auto package update +# this allows for excluding certain +# machines from automatically updating +# installed packages +sdwcltm2 +sdwcltm3 +sdwcltm5 +sdwsrvm +sdwcltm8 +sdwcltm7 +sdwsrvl +sdwcltm4 +sdwcltm6 +sdwcltm9 +ipsectest1 + +[pi] +sdwcltm2 +sdwcltm3 +sdwcltm5 +sdwsrvm +sdwcltm8 +sdwcltm6 +sdwcltm7 +sdwsrvl +sdwcltm4 +#192.168.201.3 + +[samba-server] +ipsectest1 + +[smbclient] +sdwcltm2 +sdwcltm3 +ubuntu-server-1 +sdwcltm5 +sdwsrvm +sdwcltm8 +sdwcltm6 +sdwcltm7 +sdwsrvl +sdwcltm4 +sdwcltm9 + +[public] +ubuntu-server-1 + +[snmpd] +#192.168.201.3 +sdwcltm2 +sdwcltm3 +sdwcltm6 +sdwcltm8 + +[netflows] + +[facebook] +sdwcltm5 +sdwsrvm +sdwcltm4 + +[salesforce] +sdwcltm3 +sdwcltm6 +sdwcltm7 +sdwsrvl +sdwcltm8 + +[youtube] +sdwcltm2 +sdwcltm3 + +[ftpclient] +sdwcltm2 +sdwcltm3 +sdwcltm4 +sdwcltm5 +sdwcltm6 +sdwcltm7 +sdwcltm8 +sdwsrvm +ubuntu-server-1 + +[sipclient] +sdwcltm2 +sdwcltm3 +sdwcltm4 +sdwcltm5 +sdwcltm6 +sdwcltm7 +sdwcltm8 +sdwcltm9 +sdwsrvl +sdwsrvm + +[sipserver] +ubuntu-server-2 + +[ntopng] +sdwcltm5 +sdwcltm6 diff --git a/main.yaml b/main.yaml index dd71929..a78d628 100644 --- a/main.yaml +++ b/main.yaml @@ -1,4 +1,7 @@ --- +- hosts: update + roles: + - update - hosts: netflows roles: - netflows diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 3e3eaaa..381959e 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -2,12 +2,6 @@ - name: Include OS-specific variables include_vars: "os_{{ ansible_lsb.id }}_{{ ansible_lsb.major_release }}.yml" -- name: Upgrade all packages to the latest version - become: true - apt: - upgrade: yes - update_cache: yes - tags: apt_upgrade - name: Create directories file: path: "{{ item }}" diff --git a/roles/ntopng/tasks/main.yaml b/roles/ntopng/tasks/main.yaml index 1047106..7752f7c 100644 --- a/roles/ntopng/tasks/main.yaml +++ b/roles/ntopng/tasks/main.yaml @@ -1,4 +1,16 @@ --- +- name: check if nDPI exists + stat: + path: "{{ ansible_user_dir }}/nDPI/src/lib/libndpi.so.2.9.0" + register: nDPI_installed +- name: check if ntopng built + stat: + path: "{{ ansible_user_dir }}/ntopng/ntopng" + register: ntopng_built +- name: check if ntopng installed + stat: + path: "/usr/local/bin/ntopng" + register: ntopng_installed - name: Include OS-specific variables include_vars: "os_{{ ansible_lsb.id }}_{{ ansible_lsb.major_release }}.yml" - name: install package dependencies @@ -10,49 +22,61 @@ git: repo: https://github.com/ntop/nDPI.git dest: "{{ ansible_user_dir }}/nDPI" + when: nDPI_installed.stat.exists == false - name: clone ntopng git: repo: https://github.com/ntop/ntopng.git dest: "{{ ansible_user_dir }}/ntopng" + when: ntopng_built.stat.exists == false - name: run nDPI autogen.sh command: "./autogen.sh" args: chdir: "{{ ansible_user_dir }}/nDPI" + when: nDPI_installed.stat.exists == false - name: configure nDPI command: "./configure --with-pic" args: chdir: "{{ ansible_user_dir }}/nDPI" + when: nDPI_installed.stat.exists == false - name: build nDPI command: "make -j 3" args: chdir: "{{ ansible_user_dir }}/nDPI" + when: nDPI_installed.stat.exists == false - name: run ntopng autogen.sh command: "./autogen.sh" args: chdir: "{{ ansible_user_dir }}/ntopng" + when: ntopng_built.stat.exists == false - name: run ntopng configure command: "./configure" args: chdir: "{{ ansible_user_dir }}/ntopng" + when: ntopng_built.stat.exists == false - name: build ntopng command: "make -j 3" args: chdir: "{{ ansible_user_dir }}/ntopng" + when: ntopng_built.stat.exists == false - name: install become: yes command: "make install" args: chdir: "{{ ansible_user_dir }}/ntopng" + when: ntopng_installed.stat.exists == false + tags: test - name: create ntopng group become: yes group: name: ntopng state: present + tags: test - name: creaate ntopng user become: yes user: name: ntopng group: ntopng + tags: test - name: create directories become: yes file: @@ -64,6 +88,7 @@ - /var/nst/ntopng - /usr/share/ntopng - /etc/ntopng + tags: test - name: copy files become: yes copy: @@ -75,6 +100,7 @@ - { src: "{{ role_path }}/files/ntopng", dest: "/etc/default/ntopng" } - { src: "{{ role_path }}/files/ntopng.conf", dest: "/etc/ntopng/ntopng.conf" } - { src: "{{ role_path }}/files/ntopng.service", dest: "/etc/systemd/system/ntopng.service" } + tags: test - name: reload systemd become: true systemd: diff --git a/roles/ntopng/vars/os_Raspbian_9.yml b/roles/ntopng/vars/os_Raspbian_9.yml index f43d4a3..cc6bdf1 100644 --- a/roles/ntopng/vars/os_Raspbian_9.yml +++ b/roles/ntopng/vars/os_Raspbian_9.yml @@ -11,3 +11,4 @@ ntopng_dependency_packages: - libglib2.0-dev - redis-server - libmaxminddb-dev + - libjson-c-dev diff --git a/roles/update/tasks/main.yaml b/roles/update/tasks/main.yaml new file mode 100644 index 0000000..392548a --- /dev/null +++ b/roles/update/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +- name: Update all packages to the latest version + become: true + apt: + upgrade: yes + update_cache: yes + tags: apt_upgrade