- separate out package update to its own role

- further refinements

host.git

@@ -10,6 +10,12 @@ wes-host3 ansible_host=192.168.88.218
 # that will act as the configuration server
 wes-host1
 
+[update]
+# machines for auto package update
+# this allows for excluding certain
+# machines from automatically updating
+# installed packages
+
 [pi]
 # include all Raspberry Pi devces here
 wes-host1

hosts

@@ -1,74 +1,121 @@
-# list all of the raspberry PI devices in the network
+sdwcltm2	ansible_host=192.168.50.2	site_clli=CRHMNJAW
-# the host name on each will be set to the first column
+sdwcltm3	ansible_host=192.168.201.55	site_clli=MTLRNJIK
-# it can be 1-20 characters, letters, digits, and hyphens
+sdwcltm5	ansible_host=10.8.0.8		site_clli=PHLJPAMT
-wes-host1 ansible_host=127.0.0.1
+sdwsrvm		ansible_host=192.168.60.2	site_clli=WLGRPABW
-#wes-host2 ansible_host=192.168.88.240
+sdwcltm8 	ansible_host=192.168.150.2	site_clli=FTCLCORN
-#wes-host3 ansible_host=192.168.88.218
+ubuntu-server-2	ansible_host=192.168.198.2	site_clli=CMCYCOJL
-
+sdwcltm7	ansible_host=192.168.199.2	site_clli=SRSPNYGN
-[ansible-hosts]
+sdwsrvl		ansible_host=192.168.90.2	site_clli=LSBGFL59
-# there must only be one ansible-host.  this is the device
+sdwcltm4	ansible_host=192.168.100.2	site_clli=PROVUTZZ
-# that will act as the configuration server
+sdwcltm6	ansible_host=192.168.200.34	site_clli=PHLJPAMT
-wes-host1
+ubuntu-server-1	ansible_host=192.168.201.2	site_clli=MTLRNJIK
-
+sdwcltm9	ansible_host=192.168.200.163 	site_clli=NRCRGAQN
-[pi]
+#192.168.201.3
-# include all Raspberry Pi devces here
+ipsectest1	ansible_host=192.168.201.90
-wes-host1
+ssh-jump	ansible_host=192.168.201.9
-
+
-#wes-host2
+[ansible-host]
-#wes-host3
+ubuntu-server-1
-
+
-# use variables for passwords
+[update]
-# currently not implemented
+# machines for auto package update
-[pi:vars]
+# this allows for excluding certain
-vncpassword=vncpass99
+# machines from automatically updating
-pipassword=pipassword99
+# installed packages
-
+sdwcltm2
-[samba-server]
+sdwcltm3
-# it is best to have only one samba-server host
+sdwcltm5
-wes-host1
+sdwsrvm
-
+sdwcltm8
-[smbclient]
+sdwcltm7
-# it would probably be best to limit this to 10 clients
+sdwsrvl
-#wes-host2
+sdwcltm4
-#wes-host3
+sdwcltm6
-
+sdwcltm9
-[public]
+ipsectest1
-# not currently used
+
-#
+[pi]
-[snmpd]
+sdwcltm2
-# installs SNMP daemon
+sdwcltm3
-#
+sdwcltm5
-wes-host1
+sdwsrvm
-
+sdwcltm8
-[netflows]
+sdwcltm6
-# installs flow client
+sdwcltm7
-#
+sdwsrvl
-[facebook]
+sdwcltm4
-# devices can be set up for facebook, salesforce or youtube
+#192.168.201.3
-# these are mutually exclusive and must be checked by you as there
+
-# is no automated process for that
+[samba-server]
-wes-host1
+ipsectest1
-
+
-[salesforce]
+[smbclient]
-# see comment for facebook
+sdwcltm2
-#wes-host2
+sdwcltm3
-
+ubuntu-server-1
-[youtube]
+sdwcltm5
-# see comment for facebook
+sdwsrvm
-#wes-host3
+sdwcltm8
-
+sdwcltm6
-[ftpclient]
+sdwcltm7
-
+sdwsrvl
-[sipclient]
+sdwcltm4
-# generates VoIP traffic, signaling and media
+sdwcltm9
-wes-host1
+
-#wes-host3
+[public]
-
+ubuntu-server-1
-[sipserver]
+
-# there must only be one sipserver
+[snmpd]
-#wes-host2
+#192.168.201.3
-wes-host1
+sdwcltm2
-
+sdwcltm3
-[ntopng]
+sdwcltm6
-# hosts running ntop
+sdwcltm8
-wes-host1
+
+[netflows]
+
+[facebook]
+sdwcltm5
+sdwsrvm
+sdwcltm4
+
+[salesforce]
+sdwcltm3
+sdwcltm6
+sdwcltm7
+sdwsrvl
+sdwcltm8
+
+[youtube]
+sdwcltm2
+sdwcltm3
+
+[ftpclient]
+sdwcltm2
+sdwcltm3
+sdwcltm4
+sdwcltm5
+sdwcltm6
+sdwcltm7
+sdwcltm8
+sdwsrvm
+ubuntu-server-1
+
+[sipclient]
+sdwcltm2
+sdwcltm3
+sdwcltm4
+sdwcltm5
+sdwcltm6
+sdwcltm7
+sdwcltm8
+sdwcltm9
+sdwsrvl
+sdwsrvm
+
+[sipserver]
+ubuntu-server-2
+
+[ntopng]
+sdwcltm5
+sdwcltm6

main.yaml

@@ -1,4 +1,7 @@
 ---
+- hosts: update
+  roles:
+          - update
 - hosts: netflows
   roles:
           - netflows

roles/common/tasks/main.yaml

@@ -2,12 +2,6 @@
 - name: Include OS-specific variables
   include_vars: "os_{{ ansible_lsb.id }}_{{ ansible_lsb.major_release }}.yml"
 
-- name: Upgrade all packages to the latest version
-  become: true
-  apt:
-          upgrade: yes
-          update_cache: yes
-  tags: apt_upgrade
 - name: Create directories
   file:
           path: "{{ item }}"

roles/ntopng/tasks/main.yaml

@@ -1,4 +1,16 @@
 ---
+- name: check if nDPI exists
+  stat:
+          path: "{{ ansible_user_dir }}/nDPI/src/lib/libndpi.so.2.9.0"
+  register: nDPI_installed
+- name: check if ntopng built
+  stat:
+          path: "{{ ansible_user_dir }}/ntopng/ntopng"
+  register: ntopng_built
+- name: check if ntopng installed
+  stat:
+          path: "/usr/local/bin/ntopng"
+  register: ntopng_installed
 - name: Include OS-specific variables
   include_vars: "os_{{ ansible_lsb.id }}_{{ ansible_lsb.major_release }}.yml"
 - name: install package dependencies
@@ -10,49 +22,61 @@
   git:
           repo: https://github.com/ntop/nDPI.git
           dest: "{{ ansible_user_dir }}/nDPI"
+  when: nDPI_installed.stat.exists == false
 - name: clone ntopng
   git:
           repo: https://github.com/ntop/ntopng.git
           dest: "{{ ansible_user_dir }}/ntopng"
+  when: ntopng_built.stat.exists == false
 - name: run nDPI autogen.sh
   command: "./autogen.sh"
   args:
           chdir: "{{ ansible_user_dir }}/nDPI"
+  when: nDPI_installed.stat.exists == false
 - name: configure nDPI
   command: "./configure --with-pic"
   args:
           chdir: "{{ ansible_user_dir }}/nDPI"
+  when: nDPI_installed.stat.exists == false
 - name: build nDPI
   command: "make -j 3"
   args:
           chdir: "{{ ansible_user_dir }}/nDPI"
+  when: nDPI_installed.stat.exists == false
 - name: run ntopng autogen.sh
   command: "./autogen.sh"
   args:
           chdir: "{{ ansible_user_dir }}/ntopng"
+  when: ntopng_built.stat.exists == false
 - name: run ntopng configure
   command: "./configure"
   args:
           chdir: "{{ ansible_user_dir }}/ntopng"
+  when: ntopng_built.stat.exists == false
 - name: build ntopng
   command: "make -j 3"
   args:
           chdir: "{{ ansible_user_dir }}/ntopng"
+  when: ntopng_built.stat.exists == false
 - name: install
   become: yes
   command: "make install"
   args:
           chdir: "{{ ansible_user_dir }}/ntopng"
+  when: ntopng_installed.stat.exists == false
+  tags: test
 - name: create ntopng group
   become: yes
   group:
           name: ntopng
           state: present
+  tags: test
 - name: creaate ntopng user
   become: yes
   user:
           name: ntopng
           group: ntopng
+  tags: test
 - name: create directories
   become: yes
   file:
@@ -64,6 +88,7 @@
           - /var/nst/ntopng
           - /usr/share/ntopng
           - /etc/ntopng
+  tags: test
 - name: copy files
   become: yes
   copy:
@@ -75,6 +100,7 @@
           - { src: "{{ role_path }}/files/ntopng", dest: "/etc/default/ntopng" }
           - { src: "{{ role_path }}/files/ntopng.conf", dest: "/etc/ntopng/ntopng.conf" }
           - { src: "{{ role_path }}/files/ntopng.service", dest: "/etc/systemd/system/ntopng.service" }
+  tags: test
 - name: reload systemd
   become: true
   systemd:

roles/ntopng/vars/os_Raspbian_9.yml

@@ -11,3 +11,4 @@ ntopng_dependency_packages:
   - libglib2.0-dev
   - redis-server
   - libmaxminddb-dev
+  - libjson-c-dev

roles/update/tasks/main.yaml

@@ -0,0 +1,7 @@
+---
+- name: Update all packages to the latest version
+  become: true
+  apt:
+          upgrade: yes
+          update_cache: yes
+  tags: apt_upgrade