commit
195f730c30
29
README.md
29
README.md
@ -1,8 +1,27 @@
|
|||||||
# Ansible
|
# Ansible
|
||||||
|
|
||||||
Review the installAnsible.sh for quick setup.
|
This repo contains my configuration and setup for my ansible use. Use at your own risk.
|
||||||
|
|
||||||
Make sure you run the commands out of this folder so things work as desired.
|
## Installers
|
||||||
|
|
||||||
|
### New hosts
|
||||||
|
|
||||||
|
#### Linux
|
||||||
|
|
||||||
|
```bash
|
||||||
|
wget https://github.com/luther38/Ansible/blob/master/scripts/installAnsible.sh
|
||||||
|
chmod 777 installAnsible.sh
|
||||||
|
./installOpenSSH.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Windows
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
|
||||||
|
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
|
||||||
|
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
|
||||||
|
powershell.exe -ExecutionPolicy ByPass -File $file
|
||||||
|
```
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
@ -12,10 +31,6 @@ I have a basic configuration file in place at the root of this folder for anisbl
|
|||||||
|
|
||||||
I have a template file in place that should only be used as a refrence. Make a copy of that file and name it hosts then update that file.
|
I have a template file in place that should only be used as a refrence. Make a copy of that file and name it hosts then update that file.
|
||||||
|
|
||||||
## Testing Inventory
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Testing Linux devices
|
### Testing Linux devices
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -28,5 +43,7 @@ ansible linux -i hosts -m ping
|
|||||||
ansible windows -i hosts -m win_ping
|
ansible windows -i hosts -m win_ping
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Unit Testing
|
||||||
|
|
||||||
|
Still in the works
|
||||||
|
|
||||||
|
@ -7,6 +7,7 @@ ansible_connection=ssh
|
|||||||
ansible_password=
|
ansible_password=
|
||||||
ansible_become_method=sudo
|
ansible_become_method=sudo
|
||||||
ansible_become_pass=
|
ansible_become_pass=
|
||||||
|
#ansible_python_interpreter=/usr/bin/python3
|
||||||
|
|
||||||
[windows]
|
[windows]
|
||||||
192.168.0.2
|
192.168.0.2
|
||||||
|
32
playbook/README.md
Normal file
32
playbook/README.md
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
# Playbook
|
||||||
|
|
||||||
|
This is the collection of playbooks that have been made. Each folder here ties back into the hosts file.
|
||||||
|
|
||||||
|
## Linux
|
||||||
|
|
||||||
|
This contains files that are designed to be ran against all linux based hosts. Some files are just general security updates and some will install packages that all servers need.
|
||||||
|
|
||||||
|
Installable services
|
||||||
|
|
||||||
|
* elastic-heartbeat
|
||||||
|
* elastic-metricbeat
|
||||||
|
|
||||||
|
### Docker
|
||||||
|
|
||||||
|
This contains files that will maintain and deploy docker servers.
|
||||||
|
|
||||||
|
Docker servers will be a sub under Linux for basic up keep on the servers.
|
||||||
|
|
||||||
|
|
||||||
|
### Elastic
|
||||||
|
|
||||||
|
This folder contains the files needed for a host that runs Elastic services as a server.
|
||||||
|
|
||||||
|
* ElasticSearch
|
||||||
|
* Kibana
|
||||||
|
|
||||||
|
## Windows
|
||||||
|
|
||||||
|
Just like its Linux counter part, this contains the information and playbooks that are designed to be ran against all windows servers. Keeping baseline firewall, users, groups and windows updates are some examples.
|
||||||
|
|
||||||
|
|
@ -35,7 +35,7 @@
|
|||||||
become: true
|
become: true
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ bionic stable"
|
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ {{ ansible_distribution_release }} stable"
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Update Repos
|
- name: Update Repos
|
||||||
|
44
playbook/linux/elastic/config-elasticsearch.yml
Normal file
44
playbook/linux/elastic/config-elasticsearch.yml
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
# This will work on a new install.
|
||||||
|
# If any changes are needed to the cluster name on an existing install add another function
|
||||||
|
- name: Config - cluster.name 'elastic-DMI01'
|
||||||
|
become: true
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/elasticsearch/elasticsearch.yml
|
||||||
|
regex: '^cluster.name'
|
||||||
|
insertafter: '#cluster.name: my-application'
|
||||||
|
line: 'cluster.name: elastic-DMI01'
|
||||||
|
backup: yes
|
||||||
|
|
||||||
|
# We define the name of the host we are working on
|
||||||
|
- name: Config - node.name
|
||||||
|
become: true
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/elasticsearch/elasticsearch.yml
|
||||||
|
regex: '^node.name'
|
||||||
|
insertafter: '#node.name: node-1'
|
||||||
|
line: "node.name: {{ ansible_eno1.ipv4.address }}"
|
||||||
|
|
||||||
|
# Allow 9200 so we can access it over the network
|
||||||
|
- name: Allow port 9200 though UFW
|
||||||
|
become: true
|
||||||
|
ufw:
|
||||||
|
rule: allow
|
||||||
|
port: 9200
|
||||||
|
#name: ElasticSearch
|
||||||
|
|
||||||
|
- name: Service reload daemon
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
|
||||||
|
- name: systemd - enable ElasticSearch on startup
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: elasticsearch
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: systemd - restart ElasticSearch service
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: elasticsearch
|
||||||
|
state: restarted
|
25
playbook/linux/elastic/config-heartbeat.yml
Normal file
25
playbook/linux/elastic/config-heartbeat.yml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
- name: define kibana host
|
||||||
|
become: true
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/heartbeat/heartbeat.yml
|
||||||
|
regex: '^host: "dm-nagios.local:5601"'
|
||||||
|
insertafter: '#host: "localhost:5601"'
|
||||||
|
line: 'host: "dm-nagios.local:5601"'
|
||||||
|
|
||||||
|
- name: systemd - daemon reload
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
|
||||||
|
- name: system - enable on startup
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: heartbeat-elastic
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: systemd - restart heartbeat
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: heartbeat-elastic
|
||||||
|
state: restarted
|
49
playbook/linux/elastic/config-kibana.yml
Normal file
49
playbook/linux/elastic/config-kibana.yml
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
|
||||||
|
- name: Config - Server.Port 5601
|
||||||
|
become: true
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/kibana/kibana.yml
|
||||||
|
regex: '^server.port'
|
||||||
|
insertafter: '#server.port: 5601'
|
||||||
|
line: 'server.port: 5601'
|
||||||
|
backup: yes
|
||||||
|
|
||||||
|
|
||||||
|
- name: Config - Server.host
|
||||||
|
become: true
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/kibana/kibana.yml
|
||||||
|
regex: '^server.host'
|
||||||
|
insertafter: '#server.host'
|
||||||
|
line: 'server.host: {{ ansible_eno1.ipv4.address }}'
|
||||||
|
|
||||||
|
- name: Config - elasticsearch.hosts
|
||||||
|
become: true
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/kibana/kibana.yml
|
||||||
|
regex: '^elasticsearch.hosts'
|
||||||
|
insertafter: '#elasticsearch.hosts:'
|
||||||
|
line: 'elasticsearch.hosts: ["http://localhost:9200"]'
|
||||||
|
|
||||||
|
- name: Allow port 5601
|
||||||
|
become: true
|
||||||
|
ufw:
|
||||||
|
rule: allow
|
||||||
|
port: 5601
|
||||||
|
|
||||||
|
- name: systemd - daemon reload
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
|
||||||
|
- name: systemd - enable Kibana on startup
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: kibana
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: systemd - restart Kibana
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: kibana
|
||||||
|
state: restarted
|
45
playbook/linux/elastic/config-metricbeat.yml
Normal file
45
playbook/linux/elastic/config-metricbeat.yml
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
|
||||||
|
# - name: enable modules
|
||||||
|
|
||||||
|
- name: define kibana host
|
||||||
|
become: true
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/metricbeat/metricbeat.yml
|
||||||
|
regex: '^host: "dm-nagios.local:5601"'
|
||||||
|
insertafter: '#host: "localhost:5601"'
|
||||||
|
line: 'host: "dm-nagios.local:5601"'
|
||||||
|
|
||||||
|
#- name: config where to send information
|
||||||
|
|
||||||
|
#- name: Remove builtin elasticsearch host config
|
||||||
|
# become: true
|
||||||
|
# replace:
|
||||||
|
#dest: /etc/metricbeat/metricbeat.yml
|
||||||
|
#regexp: '^hosts: ["localhost:9200"]'
|
||||||
|
#replace: '#hosts: ["localhost:9200"]'
|
||||||
|
|
||||||
|
- name: define elasticsearch host
|
||||||
|
become: true
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/metricbeat/metricbeat.yml
|
||||||
|
regex: '^hosts: ["localhost:9200"]'
|
||||||
|
insertafter: 'hosts: ["localhost:9200"]'
|
||||||
|
line: 'hosts: ["dm-nagios.local:9200"]'
|
||||||
|
|
||||||
|
|
||||||
|
- name: systemd - daemon reload
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
|
||||||
|
- name: Enable service on system startup
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: metricbeat
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: systemd - restart Metricbeat
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: metricbeat
|
||||||
|
state: restarted
|
1
playbook/linux/elastic/elastic-7.x.list
Normal file
1
playbook/linux/elastic/elastic-7.x.list
Normal file
@ -0,0 +1 @@
|
|||||||
|
deb https://artifacts.elastic.co/packages/7.x/apt stable main
|
25
playbook/linux/elastic/install-client.yml
Normal file
25
playbook/linux/elastic/install-client.yml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
# This will install all the client parts needed for elastic to monitor client computers
|
||||||
|
|
||||||
|
- name: Install elastic client programs
|
||||||
|
hosts: linux
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Install elastic repo
|
||||||
|
include: install-repo.yml
|
||||||
|
|
||||||
|
- name: Install elastic heartbeat
|
||||||
|
become: true
|
||||||
|
apt:
|
||||||
|
name: heartbeat-elastic
|
||||||
|
|
||||||
|
- name: Configure elastic heartbeazt
|
||||||
|
include: config-heartbeat.yml
|
||||||
|
|
||||||
|
- name: Install elastic metricbeat
|
||||||
|
become: true
|
||||||
|
apt:
|
||||||
|
name: metricbeat
|
||||||
|
|
||||||
|
- name: Configure elastic metricbeat
|
||||||
|
include: config-metricbeat.yml
|
29
playbook/linux/elastic/install-repo.yml
Normal file
29
playbook/linux/elastic/install-repo.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install Elastic GPG Key
|
||||||
|
become: true
|
||||||
|
apt_key:
|
||||||
|
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
|
||||||
|
state: present
|
||||||
|
id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
|
||||||
|
|
||||||
|
- name: Install apt-transport-https
|
||||||
|
become: true
|
||||||
|
apt:
|
||||||
|
name: apt-transport-https
|
||||||
|
|
||||||
|
- name: Add Elastic Repo
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
dest: '/etc/apt/sources.list.d/elastic-7.x.list'
|
||||||
|
content: "deb https://artifacts.elastic.co/packages/7.x/apt stable main"
|
||||||
|
# copy:
|
||||||
|
#src: elastic-7.x.list
|
||||||
|
# dest: /etc/apt/sources.list.d/
|
||||||
|
# backup: yes
|
||||||
|
|
||||||
|
- name: Update Packages
|
||||||
|
become: true
|
||||||
|
apt:
|
||||||
|
update_cache: true
|
||||||
|
|
27
playbook/linux/elastic/install-server.yml
Normal file
27
playbook/linux/elastic/install-server.yml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
# This will install all elastic services for a elastic server
|
||||||
|
# ElasticSearch
|
||||||
|
# Kibana
|
||||||
|
|
||||||
|
- name: Install Elastic server programs
|
||||||
|
hosts: elastic
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Install Requrements
|
||||||
|
include: install-repo.yml
|
||||||
|
|
||||||
|
- name: Install ElasticSearch from apt
|
||||||
|
become: true
|
||||||
|
apt:
|
||||||
|
name: elasticsearch
|
||||||
|
|
||||||
|
- name: Configure ElasticSearch
|
||||||
|
include: config-elasticsearch.yml
|
||||||
|
|
||||||
|
- name: Install Kibana from apt
|
||||||
|
become: true
|
||||||
|
apt:
|
||||||
|
name: kibana
|
||||||
|
|
||||||
|
- name: Configure Kibana
|
||||||
|
include: config-kibana.yml
|
@ -1,28 +0,0 @@
|
|||||||
- name: Install Nagios Core
|
|
||||||
hosts: nagios
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- name: Install requrements
|
|
||||||
apt:
|
|
||||||
name: {{ packages }}
|
|
||||||
vars:
|
|
||||||
packages:
|
|
||||||
- install
|
|
||||||
- build-essential
|
|
||||||
- libgd-dev
|
|
||||||
- openssl
|
|
||||||
- libssl-dev
|
|
||||||
- unzip
|
|
||||||
- apache2
|
|
||||||
|
|
||||||
- name: Make Group: Nagios
|
|
||||||
group:
|
|
||||||
name: nagios
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- name: Make User: Nagios
|
|
||||||
|
|
||||||
|
|
@ -0,0 +1,11 @@
|
|||||||
|
|
||||||
|
|
||||||
|
- name: Install Nagios Core Dependancies
|
||||||
|
hosts: nagios
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Update apt
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
|
12
playbook/linux/nagios/installNagiosCore.yml
Normal file
12
playbook/linux/nagios/installNagiosCore.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
- name: Install Nagios Core
|
||||||
|
hosts: nagios
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- include_role:
|
||||||
|
name: oefenweb.nagios-server
|
||||||
|
# vars:
|
||||||
|
# nagios_version: 4.4.3
|
||||||
|
# nagios_users:
|
||||||
|
#- user: nagiosadmin
|
||||||
|
#- pass: password
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
- name: Install Nagios Core
|
|
||||||
hosts: nagios
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- name: Install requrements
|
|
||||||
apt:
|
|
||||||
name: {{ packages }}
|
|
||||||
vars:
|
|
||||||
packages:
|
|
||||||
- install
|
|
||||||
- build-essential
|
|
||||||
- libgd-dev
|
|
||||||
- openssl
|
|
||||||
- libssl-dev
|
|
||||||
- unzip
|
|
||||||
- apache2
|
|
||||||
|
|
||||||
- name: Make Group: Nagios
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- name: Make User: Nagios
|
|
||||||
|
|
||||||
|
|
@ -32,3 +32,8 @@ sudo pip install 'ansible[azure]'
|
|||||||
|
|
||||||
echo "[pip] Installing Docker module"
|
echo "[pip] Installing Docker module"
|
||||||
sudo pip install docker
|
sudo pip install docker
|
||||||
|
|
||||||
|
|
||||||
|
echo "Installing roles from galaxy.ansible.com"
|
||||||
|
echo "[galaxy] Nagios Core - Server Side "
|
||||||
|
ansible-galaxy install networklore.nagios
|
||||||
|
35
scripts/installVagrant.sh
Executable file
35
scripts/installVagrant.sh
Executable file
@ -0,0 +1,35 @@
|
|||||||
|
|
||||||
|
# This will install Vagrant on the device
|
||||||
|
|
||||||
|
#1.0 Started to add Vagrant to the project
|
||||||
|
|
||||||
|
echo "OS: $OSTYPE"
|
||||||
|
if [[ "$OSTYPE" == "darin"* ]]; then
|
||||||
|
|
||||||
|
# I use debian so sudo
|
||||||
|
elif [[ "$OSTYPE" == "linux-gnu" ]]; then
|
||||||
|
|
||||||
|
# Download current release
|
||||||
|
wget https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2.2.4_linux_amd64.zip
|
||||||
|
|
||||||
|
unzip vagrant_2.2.4_linux_amd64.zip
|
||||||
|
|
||||||
|
# Remove the zip
|
||||||
|
rm vagrant_2.2.4_linux_amd64.zip
|
||||||
|
|
||||||
|
# copy over to bin
|
||||||
|
sudo cp vagrant /usr/bin/vagrant
|
||||||
|
|
||||||
|
rm vagrant
|
||||||
|
|
||||||
|
echo "Installing VirtualBox 6"
|
||||||
|
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
|
||||||
|
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
|
||||||
|
sudo add-apt-repository "deb [arch=amd64] http://download.virtualbox.org/virtualbox/debian cosmic contrib"
|
||||||
|
sudo apt update
|
||||||
|
sudo apt install virtualbox-6.0
|
||||||
|
else
|
||||||
|
echo "You are running on a OS that is not supported by this script at this time."
|
||||||
|
echo "No changes have been made."
|
||||||
|
exit
|
||||||
|
fi
|
Loading…
Reference in New Issue
Block a user