diff --git a/playbook/README.md b/playbook/README.md new file mode 100644 index 0000000..fdaae2b --- /dev/null +++ b/playbook/README.md @@ -0,0 +1,32 @@ +# Playbook + +This is the collection of playbooks that have been made. Each folder here ties back into the hosts file. + +## Linux + +This contains files that are designed to be ran against all linux based hosts. Some files are just general security updates and some will install packages that all servers need. + +Installable services + + * elastic-heartbeat + * elastic-metricbeat + +### Docker + +This contains files that will maintain and deploy docker servers. + +Docker servers will be a sub under Linux for basic up keep on the servers. + + +### Elastic + +This folder contains the files needed for a host that runs Elastic services as a server. + + * ElasticSearch + * Kibana + +## Windows + +Just like its Linux counter part, this contains the information and playbooks that are designed to be ran against all windows servers. Keeping baseline firewall, users, groups and windows updates are some examples. + + diff --git a/playbook/linux/elastic/config-elasticsearch.yml b/playbook/linux/elastic/config-elasticsearch.yml new file mode 100644 index 0000000..019b899 --- /dev/null +++ b/playbook/linux/elastic/config-elasticsearch.yml @@ -0,0 +1,44 @@ +# This will work on a new install. +# If any changes are needed to the cluster name on an existing install add another function +- name: Config - cluster.name 'elastic-DMI01' +become: true +lineinfile: + path: /etc/elasticsearch/elasticsearch.yml + regex: '^cluster.name' + insertafter: '#cluster.name: my-application' + line: 'cluster.name: elastic-DMI01' + backup: yes + +# We define the name of the host we are working on +- name: Config - node.name +become: true +lineinfile: + path: /etc/elasticsearch/elasticsearch.yml + regex: '^node.name' + insertafter: '#node.name: node-1' + line: "node.name: {{ ansible_eno1.ipv4.address }}" + +# Allow 9200 so we can access it over the network +- name: Allow port 9200 though UFW +become: true +ufw: + rule: allow + port: 9200 + #name: ElasticSearch + +- name: Service reload daemon +become: true +systemd: + daemon_reload: yes + +- name: systemd - enable ElasticSearch on startup +become: true +systemd: + name: elasticsearch + enabled: yes + +- name: systemd - restart ElasticSearch service +become: true +systemd: + name: elasticsearch + state: restarted diff --git a/playbook/linux/elastic/config-heartbeat.yml b/playbook/linux/elastic/config-heartbeat.yml new file mode 100644 index 0000000..ad2dacd --- /dev/null +++ b/playbook/linux/elastic/config-heartbeat.yml @@ -0,0 +1,25 @@ +--- +- name: define kibana host + become: true + lineinfile: + path: /etc/heartbeat/heartbeat.yml + regex: '^host: "dm-nagios.local:5601"' + insertafter: '#host: "localhost:5601"' + line: 'host: "dm-nagios.local:5601"' + +- name: systemd - daemon reload + become: true + systemd: + daemon_reload: yes + +- name: system - enable on startup + become: true + systemd: + name: heartbeat-elastic + enabled: yes + +- name: systemd - restart heartbeat + become: true + systemd: + name: heartbeat-elastic + state: restarted diff --git a/playbook/linux/elastic/config-kibana.yml b/playbook/linux/elastic/config-kibana.yml new file mode 100644 index 0000000..1152ec6 --- /dev/null +++ b/playbook/linux/elastic/config-kibana.yml @@ -0,0 +1,49 @@ + +- name: Config - Server.Port 5601 + become: true + lineinfile: + path: /etc/kibana/kibana.yml + regex: '^server.port' + insertafter: '#server.port: 5601' + line: 'server.port: 5601' + backup: yes + + +- name: Config - Server.host + become: true + lineinfile: + path: /etc/kibana/kibana.yml + regex: '^server.host' + insertafter: '#server.host' + line: 'server.host: {{ ansible_eno1.ipv4.address }}' + +- name: Config - elasticsearch.hosts + become: true + lineinfile: + path: /etc/kibana/kibana.yml + regex: '^elasticsearch.hosts' + insertafter: '#elasticsearch.hosts:' + line: 'elasticsearch.hosts: ["http://localhost:9200"]' + +- name: Allow port 5601 + become: true + ufw: + rule: allow + port: 5601 + +- name: systemd - daemon reload + become: true + systemd: + daemon_reload: yes + +- name: systemd - enable Kibana on startup + become: true + systemd: + name: kibana + enabled: yes + +- name: systemd - restart Kibana + become: true + systemd: + name: kibana + state: restarted diff --git a/playbook/linux/elastic/config-metricbeat.yml b/playbook/linux/elastic/config-metricbeat.yml new file mode 100644 index 0000000..d4e0400 --- /dev/null +++ b/playbook/linux/elastic/config-metricbeat.yml @@ -0,0 +1,29 @@ + +# - name: enable modules + +- name: define kibana host + become: true + lineinfile: + path: /etc/metricbeat/metricbeat.yml + regex: '^host: "dm-nagios.local:5601"' + insertafter: '#host: "localhost:5601"' + line: 'host: "dm-nagios.local:5601"' + +#- name: config where to send information + +- name: systemd - daemon reload + become: true + systemd: + daemon_reload: yes + +- name: Enable service on system startup + become: true + systemd: + name: metricbeat + enabled: yes + +- name: systemd - restart Metricbeat + become: true + systemd: + name: metricbeat + state: restarted diff --git a/playbook/linux/elastic/install-client.yml b/playbook/linux/elastic/install-client.yml new file mode 100644 index 0000000..9573703 --- /dev/null +++ b/playbook/linux/elastic/install-client.yml @@ -0,0 +1,25 @@ +--- +# This will install all the client parts needed for elastic to monitor client computers + +- name: Install elastic client programs + hosts: linux + + tasks: + - name: Install elastic repo + include: install-repo.yml + + - name: Install elastic heartbeat + become: true + apt: + name: heartbeat-elastic + + - name: Configure elastic heartbeazt + include: config-heartbeat.yml + + - name: Install elastic metricbeat + become: true + apt: + name: metricbeat + + - name: Configure elastic metricbeat + include: config-metricbeat.yml diff --git a/playbook/linux/elastic/install-elasticsearch.yml b/playbook/linux/elastic/install-elasticsearch.yml deleted file mode 100644 index acaf766..0000000 --- a/playbook/linux/elastic/install-elasticsearch.yml +++ /dev/null @@ -1,80 +0,0 @@ - - -- name: Install Elasticsearch - hosts: elastic - - tasks: - - name: Install Elastic GPG Key - become: true - apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - state: present - id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - - - name: Install apt-transport-https - apt: - name: apt-transport-https - - - name: Add Elastic Repo - become: true - copy: - src: elastic-7.x.list - dest: /etc/apt/sources.list.d/ - backup: yes - - - name: Update Packages - become: true - apt: - update_cache: true - - - name: Install ElasticSearch - become: true - apt: - name: elasticsearch - - - # This will work on a new install. - # If any changes are needed to the cluster name on an existing install add another function - - name: Config - cluster.name 'elastic-DMI01' - become: true - lineinfile: - path: /etc/elasticsearch/elasticsearch.yml - regex: '^cluster.name' - insertafter: '#cluster.name: my-application' - line: 'cluster.name: elastic-DMI01' - backup: yes - - # We define the name of the host we are working on - - name: Config - node.name - become: true - lineinfile: - path: /etc/elasticsearch/elasticsearch.yml - regex: '^node.name' - insertafter: '#node.name: node-1' - line: "node.name: {{ ansible_eno1.ipv4.address }}" - - # Allow 9200 so we can access it over the network - - name: Allow port 9200 though UFW - become: true - ufw: - rule: allow - port: 9200 - #name: ElasticSearch - - - name: Service reload daemon - become: true - systemd: - daemon_reload: yes - - - name: systemd - enable ElasticSearch on startup - become: true - systemd: - name: elasticsearch - enabled: yes - - - name: systemd - restart ElasticSearch service - become: true - systemd: - name: elasticsearch - state: restarted - diff --git a/playbook/linux/elastic/install-kibana.yml b/playbook/linux/elastic/install-kibana.yml deleted file mode 100644 index 2323363..0000000 --- a/playbook/linux/elastic/install-kibana.yml +++ /dev/null @@ -1,83 +0,0 @@ - -- name: Install Kibana - hosts: elastic - - tasks: - - name: Install Elastic GPG Key - become: true - apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - state: present - id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - - - name: Install apt-transport-https - apt: - name: apt-transport-https - - - name: Add Elastic Repo - become: true - copy: - src: elastic-7.x.list - dest: /etc/apt/sources.list.d/ - backup: yes - - - name: Update Packages - become: true - apt: - update_cache: true - - - name: Install kibana - become: true - apt: - name: kibana - - - - name: Config - Server.Port 5601 - become: true - lineinfile: - path: /etc/kibana/kibana.yml - regex: '^server.port' - insertafter: '#server.port: 5601' - line: 'server.port: 5601' - backup: yes - - - - name: Config - Server.host - become: true - lineinfile: - path: /etc/kibana/kibana.yml - regex: '^server.host' - insertafter: '#server.host' - line: 'server.host: {{ ansible_eno1.ipv4.address }}' - - - name: Config - elasticsearch.hosts - become: true - lineinfile: - path: /etc/kibana/kibana.yml - regex: '^elasticsearch.hosts' - insertafter: '#elasticsearch.hosts:' - line: 'elasticsearch.hosts: ["http://localhost:9200"]' - - - name: Allow port 5601 - become: true - ufw: - rule: allow - port: 5601 - - - name: systemd - daemon reload - become: true - systemd: - daemon_reload: yes - - - name: systemd - enable Kibana on startup - become: true - systemd: - name: kibana - enabled: yes - - - name: systemd - restart Kibana - become: true - systemd: - name: kibana - state: restarted - diff --git a/playbook/linux/elastic/install-metricbeat.yml b/playbook/linux/elastic/install-metricbeat.yml deleted file mode 100644 index 31c4050..0000000 --- a/playbook/linux/elastic/install-metricbeat.yml +++ /dev/null @@ -1,44 +0,0 @@ - -- name: Install Metricbeat - hosts: elastic - - tasks: - - name: Download metricbeat deb - get_url: - url: 'https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.0.0-amd64.deb' - dest: /tmp/metricbeat.deb - - - name: Install metricbeat - become: true - apt: - deb: /tmp/metricbeat.deb - - # - name: enable modules - - - name: define kibana host: - become: true - lineinfile: - path: /etc/metricbeat/metricbeat.yml - regex: '^host: "localhost:5601"' - insertafter: '#host: "localhost:5601"' - line: 'host: ' - - - - name: config where to send information - - - name: systemd - daemon reload - become: true - systemd: - daemon_reload: yes - - - name: Enable service on system startup - become: true - systemd: - name: metricbeat - enabed: yes - - - name: systemd - restart Metricbeat - become: true - systemd: - name: metricbeat - state: restarted diff --git a/playbook/linux/elastic/install-repo.yml b/playbook/linux/elastic/install-repo.yml new file mode 100644 index 0000000..c4504a6 --- /dev/null +++ b/playbook/linux/elastic/install-repo.yml @@ -0,0 +1,29 @@ +--- + +- name: Install Elastic GPG Key + become: true + apt_key: + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + state: present + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + +- name: Install apt-transport-https + become: true + apt: + name: apt-transport-https + +- name: Add Elastic Repo + become: true + copy: + dest: '/etc/apt/sources.list.d/elastic-7.x.list' + content: "deb https://artifacts.elastic.co/packages/7.x/apt stable main" + # copy: + #src: elastic-7.x.list + # dest: /etc/apt/sources.list.d/ + # backup: yes + +- name: Update Packages + become: true + apt: + update_cache: true + diff --git a/playbook/linux/elastic/install-server.yml b/playbook/linux/elastic/install-server.yml new file mode 100644 index 0000000..bc6854a --- /dev/null +++ b/playbook/linux/elastic/install-server.yml @@ -0,0 +1,27 @@ +--- +# This will install all elastic services for a elastic server +# ElasticSearch +# Kibana + +- name: Install Elastic server programs + hosts: elastic + + tasks: + - name: Install Requrements + include: install-repo.yml + + - name: Install ElasticSearch from apt + become: true + apt: + name: elasticsearch + + - name: Configure ElasticSearch + include: config-elasticsearch.yml + + - name: Install Kibana from apt + become: true + apt: + name: kibana + + - name: Configure Kibana + include: config-kibana.yml diff --git a/playbook/linux/deployPwsh.yml b/playbook/linux/install-powershell.yml similarity index 100% rename from playbook/linux/deployPwsh.yml rename to playbook/linux/install-powershell.yml diff --git a/playbook/nagios/deployNagios.yml b/playbook/nagios/deployNagios.yml deleted file mode 100644 index 1429c8d..0000000 --- a/playbook/nagios/deployNagios.yml +++ /dev/null @@ -1,25 +0,0 @@ -- name: Install Nagios Core - hosts: nagios - - tasks: - - name: Install requrements - apt: - name: {{ packages }} - vars: - packages: - - install - - build-essential - - libgd-dev - - openssl - - libssl-dev - - unzip - - apache2 - - - name: Make Group: Nagios - - - - - - name: Make User: Nagios - -