Merge pull request #4 from luther38/readme-update

Readme update
This commit is contained in:
James Tombleson 2019-04-22 17:48:22 -07:00 committed by GitHub
commit 195f730c30
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 365 additions and 60 deletions

View File

@ -1,8 +1,27 @@
# Ansible # Ansible
Review the installAnsible.sh for quick setup. This repo contains my configuration and setup for my ansible use. Use at your own risk.
Make sure you run the commands out of this folder so things work as desired. ## Installers
### New hosts
#### Linux
```bash
wget https://github.com/luther38/Ansible/blob/master/scripts/installAnsible.sh
chmod 777 installAnsible.sh
./installOpenSSH.sh
```
#### Windows
```powershell
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file
```
## Configuration ## Configuration
@ -12,10 +31,6 @@ I have a basic configuration file in place at the root of this folder for anisbl
I have a template file in place that should only be used as a refrence. Make a copy of that file and name it hosts then update that file. I have a template file in place that should only be used as a refrence. Make a copy of that file and name it hosts then update that file.
## Testing Inventory
### Testing Linux devices ### Testing Linux devices
```bash ```bash
@ -28,5 +43,7 @@ ansible linux -i hosts -m ping
ansible windows -i hosts -m win_ping ansible windows -i hosts -m win_ping
``` ```
## Unit Testing
Still in the works

View File

@ -7,6 +7,7 @@ ansible_connection=ssh
ansible_password= ansible_password=
ansible_become_method=sudo ansible_become_method=sudo
ansible_become_pass= ansible_become_pass=
#ansible_python_interpreter=/usr/bin/python3
[windows] [windows]
192.168.0.2 192.168.0.2

32
playbook/README.md Normal file
View File

@ -0,0 +1,32 @@
# Playbook
This is the collection of playbooks that have been made. Each folder here ties back into the hosts file.
## Linux
This contains files that are designed to be ran against all linux based hosts. Some files are just general security updates and some will install packages that all servers need.
Installable services
* elastic-heartbeat
* elastic-metricbeat
### Docker
This contains files that will maintain and deploy docker servers.
Docker servers will be a sub under Linux for basic up keep on the servers.
### Elastic
This folder contains the files needed for a host that runs Elastic services as a server.
* ElasticSearch
* Kibana
## Windows
Just like its Linux counter part, this contains the information and playbooks that are designed to be ran against all windows servers. Keeping baseline firewall, users, groups and windows updates are some examples.

View File

@ -35,7 +35,7 @@
become: true become: true
become_method: sudo become_method: sudo
apt_repository: apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ bionic stable" repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ {{ ansible_distribution_release }} stable"
state: present state: present
- name: Update Repos - name: Update Repos

View File

@ -0,0 +1,44 @@
# This will work on a new install.
# If any changes are needed to the cluster name on an existing install add another function
- name: Config - cluster.name 'elastic-DMI01'
become: true
lineinfile:
path: /etc/elasticsearch/elasticsearch.yml
regex: '^cluster.name'
insertafter: '#cluster.name: my-application'
line: 'cluster.name: elastic-DMI01'
backup: yes
# We define the name of the host we are working on
- name: Config - node.name
become: true
lineinfile:
path: /etc/elasticsearch/elasticsearch.yml
regex: '^node.name'
insertafter: '#node.name: node-1'
line: "node.name: {{ ansible_eno1.ipv4.address }}"
# Allow 9200 so we can access it over the network
- name: Allow port 9200 though UFW
become: true
ufw:
rule: allow
port: 9200
#name: ElasticSearch
- name: Service reload daemon
become: true
systemd:
daemon_reload: yes
- name: systemd - enable ElasticSearch on startup
become: true
systemd:
name: elasticsearch
enabled: yes
- name: systemd - restart ElasticSearch service
become: true
systemd:
name: elasticsearch
state: restarted

View File

@ -0,0 +1,25 @@
---
- name: define kibana host
become: true
lineinfile:
path: /etc/heartbeat/heartbeat.yml
regex: '^host: "dm-nagios.local:5601"'
insertafter: '#host: "localhost:5601"'
line: 'host: "dm-nagios.local:5601"'
- name: systemd - daemon reload
become: true
systemd:
daemon_reload: yes
- name: system - enable on startup
become: true
systemd:
name: heartbeat-elastic
enabled: yes
- name: systemd - restart heartbeat
become: true
systemd:
name: heartbeat-elastic
state: restarted

View File

@ -0,0 +1,49 @@
- name: Config - Server.Port 5601
become: true
lineinfile:
path: /etc/kibana/kibana.yml
regex: '^server.port'
insertafter: '#server.port: 5601'
line: 'server.port: 5601'
backup: yes
- name: Config - Server.host
become: true
lineinfile:
path: /etc/kibana/kibana.yml
regex: '^server.host'
insertafter: '#server.host'
line: 'server.host: {{ ansible_eno1.ipv4.address }}'
- name: Config - elasticsearch.hosts
become: true
lineinfile:
path: /etc/kibana/kibana.yml
regex: '^elasticsearch.hosts'
insertafter: '#elasticsearch.hosts:'
line: 'elasticsearch.hosts: ["http://localhost:9200"]'
- name: Allow port 5601
become: true
ufw:
rule: allow
port: 5601
- name: systemd - daemon reload
become: true
systemd:
daemon_reload: yes
- name: systemd - enable Kibana on startup
become: true
systemd:
name: kibana
enabled: yes
- name: systemd - restart Kibana
become: true
systemd:
name: kibana
state: restarted

View File

@ -0,0 +1,45 @@
# - name: enable modules
- name: define kibana host
become: true
lineinfile:
path: /etc/metricbeat/metricbeat.yml
regex: '^host: "dm-nagios.local:5601"'
insertafter: '#host: "localhost:5601"'
line: 'host: "dm-nagios.local:5601"'
#- name: config where to send information
#- name: Remove builtin elasticsearch host config
# become: true
# replace:
#dest: /etc/metricbeat/metricbeat.yml
#regexp: '^hosts: ["localhost:9200"]'
#replace: '#hosts: ["localhost:9200"]'
- name: define elasticsearch host
become: true
lineinfile:
path: /etc/metricbeat/metricbeat.yml
regex: '^hosts: ["localhost:9200"]'
insertafter: 'hosts: ["localhost:9200"]'
line: 'hosts: ["dm-nagios.local:9200"]'
- name: systemd - daemon reload
become: true
systemd:
daemon_reload: yes
- name: Enable service on system startup
become: true
systemd:
name: metricbeat
enabled: yes
- name: systemd - restart Metricbeat
become: true
systemd:
name: metricbeat
state: restarted

View File

@ -0,0 +1 @@
deb https://artifacts.elastic.co/packages/7.x/apt stable main

View File

@ -0,0 +1,25 @@
---
# This will install all the client parts needed for elastic to monitor client computers
- name: Install elastic client programs
hosts: linux
tasks:
- name: Install elastic repo
include: install-repo.yml
- name: Install elastic heartbeat
become: true
apt:
name: heartbeat-elastic
- name: Configure elastic heartbeazt
include: config-heartbeat.yml
- name: Install elastic metricbeat
become: true
apt:
name: metricbeat
- name: Configure elastic metricbeat
include: config-metricbeat.yml

View File

@ -0,0 +1,29 @@
---
- name: Install Elastic GPG Key
become: true
apt_key:
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
state: present
id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
- name: Install apt-transport-https
become: true
apt:
name: apt-transport-https
- name: Add Elastic Repo
become: true
copy:
dest: '/etc/apt/sources.list.d/elastic-7.x.list'
content: "deb https://artifacts.elastic.co/packages/7.x/apt stable main"
# copy:
#src: elastic-7.x.list
# dest: /etc/apt/sources.list.d/
# backup: yes
- name: Update Packages
become: true
apt:
update_cache: true

View File

@ -0,0 +1,27 @@
---
# This will install all elastic services for a elastic server
# ElasticSearch
# Kibana
- name: Install Elastic server programs
hosts: elastic
tasks:
- name: Install Requrements
include: install-repo.yml
- name: Install ElasticSearch from apt
become: true
apt:
name: elasticsearch
- name: Configure ElasticSearch
include: config-elasticsearch.yml
- name: Install Kibana from apt
become: true
apt:
name: kibana
- name: Configure Kibana
include: config-kibana.yml

View File

@ -1,28 +0,0 @@
- name: Install Nagios Core
hosts: nagios
tasks:
- name: Install requrements
apt:
name: {{ packages }}
vars:
packages:
- install
- build-essential
- libgd-dev
- openssl
- libssl-dev
- unzip
- apache2
- name: Make Group: Nagios
group:
name: nagios
- name: Make User: Nagios

View File

@ -0,0 +1,11 @@
- name: Install Nagios Core Dependancies
hosts: nagios
tasks:
- name: Update apt
apt:
update_cache: yes

View File

@ -0,0 +1,12 @@
- name: Install Nagios Core
hosts: nagios
tasks:
- include_role:
name: oefenweb.nagios-server
# vars:
# nagios_version: 4.4.3
# nagios_users:
#- user: nagiosadmin
#- pass: password

View File

@ -1,25 +0,0 @@
- name: Install Nagios Core
hosts: nagios
tasks:
- name: Install requrements
apt:
name: {{ packages }}
vars:
packages:
- install
- build-essential
- libgd-dev
- openssl
- libssl-dev
- unzip
- apache2
- name: Make Group: Nagios
- name: Make User: Nagios

View File

@ -32,3 +32,8 @@ sudo pip install 'ansible[azure]'
echo "[pip] Installing Docker module" echo "[pip] Installing Docker module"
sudo pip install docker sudo pip install docker
echo "Installing roles from galaxy.ansible.com"
echo "[galaxy] Nagios Core - Server Side "
ansible-galaxy install networklore.nagios

35
scripts/installVagrant.sh Executable file
View File

@ -0,0 +1,35 @@
# This will install Vagrant on the device
#1.0 Started to add Vagrant to the project
echo "OS: $OSTYPE"
if [[ "$OSTYPE" == "darin"* ]]; then
# I use debian so sudo
elif [[ "$OSTYPE" == "linux-gnu" ]]; then
# Download current release
wget https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2.2.4_linux_amd64.zip
unzip vagrant_2.2.4_linux_amd64.zip
# Remove the zip
rm vagrant_2.2.4_linux_amd64.zip
# copy over to bin
sudo cp vagrant /usr/bin/vagrant
rm vagrant
echo "Installing VirtualBox 6"
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] http://download.virtualbox.org/virtualbox/debian cosmic contrib"
sudo apt update
sudo apt install virtualbox-6.0
else
echo "You are running on a OS that is not supported by this script at this time."
echo "No changes have been made."
exit
fi