diff --git a/README.md b/README.md index dd119f8..0b5b9ca 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,27 @@ # Ansible -Review the installAnsible.sh for quick setup. +This repo contains my configuration and setup for my ansible use. Use at your own risk. -Make sure you run the commands out of this folder so things work as desired. +## Installers + +### New hosts + +#### Linux + +```bash +wget https://github.com/luther38/Ansible/blob/master/scripts/installAnsible.sh +chmod 777 installAnsible.sh +./installOpenSSH.sh +``` + +#### Windows + +```powershell +$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" +$file = "$env:temp\ConfigureRemotingForAnsible.ps1" +(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) +powershell.exe -ExecutionPolicy ByPass -File $file +``` ## Configuration @@ -12,10 +31,6 @@ I have a basic configuration file in place at the root of this folder for anisbl I have a template file in place that should only be used as a refrence. Make a copy of that file and name it hosts then update that file. -## Testing Inventory - - - ### Testing Linux devices ```bash @@ -28,5 +43,7 @@ ansible linux -i hosts -m ping ansible windows -i hosts -m win_ping ``` +## Unit Testing +Still in the works diff --git a/hosts.template b/hosts.template index 567e261..a826df0 100644 --- a/hosts.template +++ b/hosts.template @@ -7,6 +7,7 @@ ansible_connection=ssh ansible_password= ansible_become_method=sudo ansible_become_pass= +#ansible_python_interpreter=/usr/bin/python3 [windows] 192.168.0.2 diff --git a/playbook/README.md b/playbook/README.md new file mode 100644 index 0000000..fdaae2b --- /dev/null +++ b/playbook/README.md @@ -0,0 +1,32 @@ +# Playbook + +This is the collection of playbooks that have been made. Each folder here ties back into the hosts file. + +## Linux + +This contains files that are designed to be ran against all linux based hosts. Some files are just general security updates and some will install packages that all servers need. + +Installable services + + * elastic-heartbeat + * elastic-metricbeat + +### Docker + +This contains files that will maintain and deploy docker servers. + +Docker servers will be a sub under Linux for basic up keep on the servers. + + +### Elastic + +This folder contains the files needed for a host that runs Elastic services as a server. + + * ElasticSearch + * Kibana + +## Windows + +Just like its Linux counter part, this contains the information and playbooks that are designed to be ran against all windows servers. Keeping baseline firewall, users, groups and windows updates are some examples. + + diff --git a/playbook/linux/docker/InstallDocker.yml b/playbook/linux/docker/InstallDocker.yml index 3ac542e..1264536 100644 --- a/playbook/linux/docker/InstallDocker.yml +++ b/playbook/linux/docker/InstallDocker.yml @@ -35,7 +35,7 @@ become: true become_method: sudo apt_repository: - repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ bionic stable" + repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ {{ ansible_distribution_release }} stable" state: present - name: Update Repos diff --git a/playbook/linux/elastic/config-elasticsearch.yml b/playbook/linux/elastic/config-elasticsearch.yml new file mode 100644 index 0000000..019b899 --- /dev/null +++ b/playbook/linux/elastic/config-elasticsearch.yml @@ -0,0 +1,44 @@ +# This will work on a new install. +# If any changes are needed to the cluster name on an existing install add another function +- name: Config - cluster.name 'elastic-DMI01' +become: true +lineinfile: + path: /etc/elasticsearch/elasticsearch.yml + regex: '^cluster.name' + insertafter: '#cluster.name: my-application' + line: 'cluster.name: elastic-DMI01' + backup: yes + +# We define the name of the host we are working on +- name: Config - node.name +become: true +lineinfile: + path: /etc/elasticsearch/elasticsearch.yml + regex: '^node.name' + insertafter: '#node.name: node-1' + line: "node.name: {{ ansible_eno1.ipv4.address }}" + +# Allow 9200 so we can access it over the network +- name: Allow port 9200 though UFW +become: true +ufw: + rule: allow + port: 9200 + #name: ElasticSearch + +- name: Service reload daemon +become: true +systemd: + daemon_reload: yes + +- name: systemd - enable ElasticSearch on startup +become: true +systemd: + name: elasticsearch + enabled: yes + +- name: systemd - restart ElasticSearch service +become: true +systemd: + name: elasticsearch + state: restarted diff --git a/playbook/linux/elastic/config-heartbeat.yml b/playbook/linux/elastic/config-heartbeat.yml new file mode 100644 index 0000000..ad2dacd --- /dev/null +++ b/playbook/linux/elastic/config-heartbeat.yml @@ -0,0 +1,25 @@ +--- +- name: define kibana host + become: true + lineinfile: + path: /etc/heartbeat/heartbeat.yml + regex: '^host: "dm-nagios.local:5601"' + insertafter: '#host: "localhost:5601"' + line: 'host: "dm-nagios.local:5601"' + +- name: systemd - daemon reload + become: true + systemd: + daemon_reload: yes + +- name: system - enable on startup + become: true + systemd: + name: heartbeat-elastic + enabled: yes + +- name: systemd - restart heartbeat + become: true + systemd: + name: heartbeat-elastic + state: restarted diff --git a/playbook/linux/elastic/config-kibana.yml b/playbook/linux/elastic/config-kibana.yml new file mode 100644 index 0000000..1152ec6 --- /dev/null +++ b/playbook/linux/elastic/config-kibana.yml @@ -0,0 +1,49 @@ + +- name: Config - Server.Port 5601 + become: true + lineinfile: + path: /etc/kibana/kibana.yml + regex: '^server.port' + insertafter: '#server.port: 5601' + line: 'server.port: 5601' + backup: yes + + +- name: Config - Server.host + become: true + lineinfile: + path: /etc/kibana/kibana.yml + regex: '^server.host' + insertafter: '#server.host' + line: 'server.host: {{ ansible_eno1.ipv4.address }}' + +- name: Config - elasticsearch.hosts + become: true + lineinfile: + path: /etc/kibana/kibana.yml + regex: '^elasticsearch.hosts' + insertafter: '#elasticsearch.hosts:' + line: 'elasticsearch.hosts: ["http://localhost:9200"]' + +- name: Allow port 5601 + become: true + ufw: + rule: allow + port: 5601 + +- name: systemd - daemon reload + become: true + systemd: + daemon_reload: yes + +- name: systemd - enable Kibana on startup + become: true + systemd: + name: kibana + enabled: yes + +- name: systemd - restart Kibana + become: true + systemd: + name: kibana + state: restarted diff --git a/playbook/linux/elastic/config-metricbeat.yml b/playbook/linux/elastic/config-metricbeat.yml new file mode 100644 index 0000000..90fed44 --- /dev/null +++ b/playbook/linux/elastic/config-metricbeat.yml @@ -0,0 +1,45 @@ + +# - name: enable modules + +- name: define kibana host + become: true + lineinfile: + path: /etc/metricbeat/metricbeat.yml + regex: '^host: "dm-nagios.local:5601"' + insertafter: '#host: "localhost:5601"' + line: 'host: "dm-nagios.local:5601"' + +#- name: config where to send information + + #- name: Remove builtin elasticsearch host config + # become: true + # replace: + #dest: /etc/metricbeat/metricbeat.yml + #regexp: '^hosts: ["localhost:9200"]' + #replace: '#hosts: ["localhost:9200"]' + +- name: define elasticsearch host + become: true + lineinfile: + path: /etc/metricbeat/metricbeat.yml + regex: '^hosts: ["localhost:9200"]' + insertafter: 'hosts: ["localhost:9200"]' + line: 'hosts: ["dm-nagios.local:9200"]' + + +- name: systemd - daemon reload + become: true + systemd: + daemon_reload: yes + +- name: Enable service on system startup + become: true + systemd: + name: metricbeat + enabled: yes + +- name: systemd - restart Metricbeat + become: true + systemd: + name: metricbeat + state: restarted diff --git a/playbook/linux/elastic/elastic-7.x.list b/playbook/linux/elastic/elastic-7.x.list new file mode 100644 index 0000000..7eef915 --- /dev/null +++ b/playbook/linux/elastic/elastic-7.x.list @@ -0,0 +1 @@ +deb https://artifacts.elastic.co/packages/7.x/apt stable main diff --git a/playbook/linux/elastic/install-client.yml b/playbook/linux/elastic/install-client.yml new file mode 100644 index 0000000..9573703 --- /dev/null +++ b/playbook/linux/elastic/install-client.yml @@ -0,0 +1,25 @@ +--- +# This will install all the client parts needed for elastic to monitor client computers + +- name: Install elastic client programs + hosts: linux + + tasks: + - name: Install elastic repo + include: install-repo.yml + + - name: Install elastic heartbeat + become: true + apt: + name: heartbeat-elastic + + - name: Configure elastic heartbeazt + include: config-heartbeat.yml + + - name: Install elastic metricbeat + become: true + apt: + name: metricbeat + + - name: Configure elastic metricbeat + include: config-metricbeat.yml diff --git a/playbook/linux/elastic/install-repo.yml b/playbook/linux/elastic/install-repo.yml new file mode 100644 index 0000000..c4504a6 --- /dev/null +++ b/playbook/linux/elastic/install-repo.yml @@ -0,0 +1,29 @@ +--- + +- name: Install Elastic GPG Key + become: true + apt_key: + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + state: present + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + +- name: Install apt-transport-https + become: true + apt: + name: apt-transport-https + +- name: Add Elastic Repo + become: true + copy: + dest: '/etc/apt/sources.list.d/elastic-7.x.list' + content: "deb https://artifacts.elastic.co/packages/7.x/apt stable main" + # copy: + #src: elastic-7.x.list + # dest: /etc/apt/sources.list.d/ + # backup: yes + +- name: Update Packages + become: true + apt: + update_cache: true + diff --git a/playbook/linux/elastic/install-server.yml b/playbook/linux/elastic/install-server.yml new file mode 100644 index 0000000..bc6854a --- /dev/null +++ b/playbook/linux/elastic/install-server.yml @@ -0,0 +1,27 @@ +--- +# This will install all elastic services for a elastic server +# ElasticSearch +# Kibana + +- name: Install Elastic server programs + hosts: elastic + + tasks: + - name: Install Requrements + include: install-repo.yml + + - name: Install ElasticSearch from apt + become: true + apt: + name: elasticsearch + + - name: Configure ElasticSearch + include: config-elasticsearch.yml + + - name: Install Kibana from apt + become: true + apt: + name: kibana + + - name: Configure Kibana + include: config-kibana.yml diff --git a/playbook/linux/deployPwsh.yml b/playbook/linux/install-powershell.yml similarity index 100% rename from playbook/linux/deployPwsh.yml rename to playbook/linux/install-powershell.yml diff --git a/playbook/linux/nagios/deployNagios.yml b/playbook/linux/nagios/deployNagios.yml deleted file mode 100644 index 99bfb7b..0000000 --- a/playbook/linux/nagios/deployNagios.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: Install Nagios Core - hosts: nagios - - tasks: - - name: Install requrements - apt: - name: {{ packages }} - vars: - packages: - - install - - build-essential - - libgd-dev - - openssl - - libssl-dev - - unzip - - apache2 - - - name: Make Group: Nagios - group: - name: nagios - - - - - - - name: Make User: Nagios - - diff --git a/playbook/linux/nagios/install-NagiosCore-ubuntu-dependancies.yml b/playbook/linux/nagios/install-NagiosCore-ubuntu-dependancies.yml new file mode 100644 index 0000000..8ee3767 --- /dev/null +++ b/playbook/linux/nagios/install-NagiosCore-ubuntu-dependancies.yml @@ -0,0 +1,11 @@ + + +- name: Install Nagios Core Dependancies + hosts: nagios + + tasks: + - name: Update apt + apt: + update_cache: yes + + diff --git a/playbook/linux/nagios/installNagiosCore.yml b/playbook/linux/nagios/installNagiosCore.yml new file mode 100644 index 0000000..29cd7ca --- /dev/null +++ b/playbook/linux/nagios/installNagiosCore.yml @@ -0,0 +1,12 @@ +- name: Install Nagios Core + hosts: nagios + + tasks: + - include_role: + name: oefenweb.nagios-server + # vars: + # nagios_version: 4.4.3 + # nagios_users: + #- user: nagiosadmin + #- pass: password + diff --git a/playbook/nagios/deployNagios.yml b/playbook/nagios/deployNagios.yml deleted file mode 100644 index 1429c8d..0000000 --- a/playbook/nagios/deployNagios.yml +++ /dev/null @@ -1,25 +0,0 @@ -- name: Install Nagios Core - hosts: nagios - - tasks: - - name: Install requrements - apt: - name: {{ packages }} - vars: - packages: - - install - - build-essential - - libgd-dev - - openssl - - libssl-dev - - unzip - - apache2 - - - name: Make Group: Nagios - - - - - - name: Make User: Nagios - - diff --git a/scripts/installAnsible.sh b/scripts/installAnsible.sh index 3111787..a4696fd 100644 --- a/scripts/installAnsible.sh +++ b/scripts/installAnsible.sh @@ -32,3 +32,8 @@ sudo pip install 'ansible[azure]' echo "[pip] Installing Docker module" sudo pip install docker + + +echo "Installing roles from galaxy.ansible.com" +echo "[galaxy] Nagios Core - Server Side " +ansible-galaxy install networklore.nagios diff --git a/scripts/installVagrant.sh b/scripts/installVagrant.sh new file mode 100755 index 0000000..9d7c550 --- /dev/null +++ b/scripts/installVagrant.sh @@ -0,0 +1,35 @@ + +# This will install Vagrant on the device + +#1.0 Started to add Vagrant to the project + +echo "OS: $OSTYPE" +if [[ "$OSTYPE" == "darin"* ]]; then + +# I use debian so sudo +elif [[ "$OSTYPE" == "linux-gnu" ]]; then + + # Download current release + wget https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2.2.4_linux_amd64.zip + + unzip vagrant_2.2.4_linux_amd64.zip + + # Remove the zip + rm vagrant_2.2.4_linux_amd64.zip + + # copy over to bin + sudo cp vagrant /usr/bin/vagrant + + rm vagrant + + echo "Installing VirtualBox 6" + wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add - + wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add - + sudo add-apt-repository "deb [arch=amd64] http://download.virtualbox.org/virtualbox/debian cosmic contrib" + sudo apt update + sudo apt install virtualbox-6.0 +else + echo "You are running on a OS that is not supported by this script at this time." + echo "No changes have been made." + exit +fi