Merge pull request #6 from luther38/role-updates

Role updates

.gitignore

@@ -1,7 +1,16 @@
+# Ansible Files
 *.retry
-
 *.swp
 
+
+# OSX files
 .DS_Store
+
+
+# Ansible Inventory
 hosts
 win_hosts
+hosts.d
+
+# Vagrant 
+.vagrant

.vagrant/machines/default/virtualbox/action_set_name

@@ -1 +0,0 @@
-1556550033

.vagrant/machines/default/virtualbox/creator_uid

@@ -1 +0,0 @@
-1001

.vagrant/machines/default/virtualbox/id

@@ -1 +0,0 @@
-96b95408-ffc7-44c3-919f-402645785ccd

.vagrant/machines/default/virtualbox/index_uuid

@@ -1 +0,0 @@
-3d922cc5783b466ab28a7ae61cc46639

.vagrant/machines/default/virtualbox/vagrant_cwd

@@ -1 +0,0 @@
-/home/jamestombleson/Documents/github/ansible

.vagrant/rgloader/loader.rb

@@ -1,9 +0,0 @@
-# This file loads the proper rgloader/loader.rb file that comes packaged
-# with Vagrant so that encoded files can properly run with Vagrant.
-
-if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
-  require File.expand_path(
-    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
-else
-  raise "Encoded files can't be read outside of the Vagrant installer."
-end

README.md

@@ -25,11 +25,13 @@ powershell.exe -ExecutionPolicy ByPass -File $file
 
 ## Configuration
 
-I have a basic configuration file in place at the root of this folder for anisble to find.
+I have a basic configuration file in place at the root of this folder for anisble to find.  If you work out of this directory the configuration file will take effect that is loaded. 
 
 ## Inventory
 
-I have a template file in place that should only be used as a refrence.  Make a copy of that file and name it hosts then update that file.
+I have a template file in place that should only be used as a reference.  Make a copy of that file and name it hosts then update that file.
+
+The configuration file that is active is looking for a directory that contains all of the inventory files.  This way all files can be parted out rather then one big file.
 
 ### Testing Linux devices
 

ansible.cfg

@@ -11,7 +11,7 @@
 
 # some basic default values...
 
-inventory      = ~/.ansible/hosts
+inventory      = ./hosts.d/
 library        = /usr/share/my_modules/
 module_utils   = /usr/share/my_module_utils/
 remote_tmp     = ~/.ansible/tmp

jenkins/README.md

@@ -0,0 +1,4 @@
+# Jenkins
+
+This is a folder that contains playbooks that will executed with Jenkins when code is pushed to master.
+

jenkins/auto-securityupdates.yml

@@ -0,0 +1,17 @@
+
+---
+
+- name: enable 
+  hosts: linux
+
+  tasks:
+        # https://galaxy.ansible.com/jnv/unattended-upgrades
+        - name: unattended-upgrades
+          become: true
+          include_role:
+                  name: jnv.unattended-upgrades
+          vars:
+                  #unattended_package_blacklist: []
+                  unattended_automatic_reboot: true
+
+

playbook/linux/auto-securityupdates.yml

@@ -5,6 +5,7 @@
   hosts: linux
 
   tasks:
+        # https://galaxy.ansible.com/jnv/unattended-upgrades
         - name: unattended-upgrades
           become: true
           include_role:

playbook/linux/elastic/config-win-metricbeat.yml

@@ -1,56 +0,0 @@
----
-# This will install all the client parts needed for elastic to monitor client computers
-
-- name: download metricbeat
-  win_get_url:
-        url: '{{ url_metricbeat }}'
-        dest: 'C:\temp\metricbeat-{{ elastic_version }}.zip'
-        force: no
-
-- name: unzip heartbeat
-  win_unzip:
-        src: c:\temp\metricbeat-{{ elastic_version }}.zip
-        dest: C:\temp\metricbeat-{{ elastic_version }}\
-        creates: C:\temp\metricbeat-{{ elastic_version }}\
-
-- name: Copy metricbeat-{{ elastic_version }} folder
-  win_command: powershell.exe copy-item -Path 'c:\temp\metricbeat-{{ elastic_version }}\metricbeat-{{ elastic_version }}-windows-x86_64\' -Filter * -Recurse -Destination 'C:\Program Files\Metricbeat\'
-  args:
-        creates: C:\Program Files\Metricbeat\
-
-- name: Update template
-  win_template:
-        src: metricbeat.j2
-        dest: C:\Program Files\Metricbeat\metricbeat.yml
-
-- name: Check if metricbeat service is installed
-  register: service_metricbeat
-  win_service:
-          name: metricbeat
-
-#- debug: var=service_metricbeat
-
-- name: Install Metricbeat service
-  win_command: powershell.exe -ExecutionPolicy ByPass -File install-service-metricbeat.ps1
-  args:
-        chdir: C:\program files\metricbeat\
-  when: service_metricbeat.exists == false
-
-- name: check status of metricbeat service
-  register: service_metricbeat
-  win_service:
-          name: metricbeat
-
-#- debug: var=service_metricbeat
-
-- name: restart service
-  win_service:
-        name: metricbeat
-        state: restarted
-  when: service_metricbeat.state == 'started'
-                        
-- name: start service
-  win_service:
-        name: metricbeat
-        state: started
-  when: service_metricbeat.state == 'stopped'

playbook/linux/elastic/install-role-winlogbeat.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Install WinLogBeat
-  hosts: elasticClients
+  hosts: windows
 
   tasks:
         - name: Install WinLogBeat

playbook/linux/install-jenkins.yml

@@ -8,14 +8,20 @@
         - name: Install Java
           become: yes
           import_role:
-                  name: geerlingguy.java
+                name: geerlingguy.java
 
-         # https://galaxy.ansible.com/geerlingguy/jenkins
-         - name: Install Jenkins
-           become: yes
-           import_role:
-                   name: geerlingguy.jenkins
-           vars:
-                   jenkins_package_state: latest
-                   jenkins_http_port: 8080
+        - name: Install Jenkins
+          become: yes
+          import_role:
+                  name: geerlingguy.jenkins
+          vars:
+                  jenkins_package_state: latest
+                  jenkins_http_port: 8080
+
+        - name: UFW Allow Jenkins
+          become: yes
+          ufw:
+                rule: allow
+                port: 8080
+                comment: Jenkins
 

playbook/pull.yml

@@ -0,0 +1,77 @@
+# ansible-pull setup
+#
+# on remote hosts, set up ansible to run periodically using the latest code
+# from a particular checkout, in pull based fashion, inverting Ansible's
+# usual push-based operating mode.
+#
+# This particular pull based mode is ideal for:
+#
+# (A) massive scale out
+# (B) continual system remediation
+#
+# DO NOT RUN THIS AGAINST YOUR HOSTS WITHOUT CHANGING THE repo_url
+# TO SOMETHING YOU HAVE PERSONALLY VERIFIED
+#
+#
+---
+
+- hosts: pull_mode_hosts
+  remote_user: root
+
+  vars:
+
+    # schedule is fed directly to cron
+    schedule: '*/15 * * * *'
+
+    # User to run ansible-pull as from cron
+    cron_user: root
+
+    # File that ansible will use for logs
+    logfile: /var/log/ansible-pull.log
+
+    # Directory to where repository will be cloned
+    workdir: /var/lib/ansible/local
+
+    # Repository to check out -- YOU MUST CHANGE THIS
+    # repo must contain a local.yml file at top level
+    #repo_url: git://github.com/sfromm/ansible-playbooks.git
+    repo_url: SUPPLY_YOUR_OWN_GIT_URL_HERE
+
+  tasks:
+
+    - name: Install ansible
+      apk: 
+        name: ansible 
+        state: installed
+
+    - name: Create local directory to work from
+      file: 
+        path: {{workdir}} 
+        state: directory 
+        owner: root 
+        group: root 
+        mode: 0751
+
+    - name: Copy ansible inventory file to client
+      copy: 
+        src: /etc/ansible/hosts 
+        dest: /etc/ansible/hosts 
+        owner: root 
+        group: root 
+        mode: 0644
+
+    - name: Create crontab entry to clone/pull git repository
+      template: 
+        src: templates/etc_cron.d_ansible-pull.j2 
+        dest: /etc/cron.d/ansible-pull 
+        owner: root 
+        group: root 
+        mode: 0644
+
+    - name: Create logrotate entry for ansible-pull.log
+      template: 
+        src: templates/etc_logrotate.d_ansible-pull.j2 
+        dest: /etc/logrotate.d/ansible-pull 
+        owner: root 
+        group: root 
+        mode: 0644

roles/luther38.heartbeat/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for luther38.heartbeat

roles/luther38.heartbeat/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for luther38.heartbeat

roles/luther38.heartbeat/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+# tasks file for luther38.heartbeat

roles/luther38.heartbeat/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - luther38.heartbeat

roles/luther38.heartbeat/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for luther38.heartbeat

roles/luther38.kibana/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/luther38.kibana/meta/main.yml

@@ -0,0 +1,60 @@
+galaxy_info:
+  author: your name
+  description: your description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+
+  min_ansible_version: 2.4
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  # Optionally specify the branch Galaxy will use when accessing the GitHub
+  # repo for this role. During role install, if no tags are available,
+  # Galaxy will use this branch. During import Galaxy will access files on
+  # this branch. If Travis integration is configured, only notifications for this
+  # branch will be accepted. Otherwise, in all cases, the repo's default branch
+  # (usually master) will be used.
+  #github_branch:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/luther38.kibana/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

roles/luther38.metricbeat/archive/install-metricbeat.yml

@@ -0,0 +1,16 @@
+---
+
+- name: Install Metricbeat
+  hosts: elasticClients
+
+  tasks:
+          - name: Install Metricbeat
+            become: true
+            include_role:
+                    name: luther38.metricbeat
+            vars:
+                    kibana_host: 172.20.0.142
+                    elasticsearch_hosts: '["172.20.0.142:9200"]' 
+                    systemd_enable_service: true
+                    systemd_restart_service: true
+

scripts/installAnsible.sh

@@ -1,39 +0,0 @@
-
-# Shell script to install ansible and other requirements.
-# Currently only supports darwin for now.
-# Ubuntu installer will be soon
-
-# 1.1: Added sudo command and justed the layout
-
-
-echo "OS: $OSTYPE"
-if [[ "$OSTYPE" == "darwin"* ]]; then
-
-	echo "[brew] Intalling Ansible"
-	brew install ansible
-
-elif [[ "$OSTYPE" == "linux-gnu" ]]; then
-	echo "[sudo] Install Ansible"
-	sudo apt update
-	sudo apt install software-properties-common
-	sudo apt-add-repository --yes --update ppa:ansible/ansible
-	sudo apt install ansible
-else
-	echo "Running on a unsupported OS"
-	echo "No changes where made"
-	exit
-fi
-
-echo "[pip] Installing WinRM module"
-sudo pip install pywinrm
-
-echo "[pip] Installing Azure module"
-sudo pip install 'ansible[azure]'
-
-echo "[pip] Installing Docker module"
-sudo pip install docker
-
-
-echo "Installing roles from galaxy.ansible.com"
-echo "[galaxy] Nagios Core - Server Side "
-ansible-galaxy install networklore.nagios

scripts/installOpenSSH.sh

@@ -1,38 +0,0 @@
-# This script will do the following
-# 1. Install OpenSSH
-# 2. Make a user named Ansible
-# 3. Give account sudo
-# 4. Confirm SSH is active and running
-# If you want to change how SSH is configured you will need to update the config by hand.  Currently not supported by this script.
-
-# Use of this script is without warranty.  Use at your own risk.
-
-echo "Installing OpenSSH Server"
-sudo apt-get update
-sudo apt-get install openssh-server  -y
-
-echo "Going to create user: ansible"
-sudo adduser ansible
-
-echo "Giving ansible sudo permissions"
-sudo usermod -aG sudo ansible
-
-sudo systemctl status ssh
-
-echo "Install is complete.  Test ansible!"
-echo "If you want to change the port, check this scripts config on how to"
-echo "With the ansible device you will want to connect to this host to get the SSH key from it before testing."
-
-# Edit /etc/ssh/sshd_config
-# Uncomment #Port 22
-# Change the port number
-# Save and Close
-
-
-# Change the port from commented to uncommented
-# If it is already uncommented, this will do nothing.
-#sed -i "/#PORT =.*/PORT = $port" ~/cfg
-
-# Change the port to what we want
-#sed -i "s/PORT/= .*/= $port" ~/cfg
-

scripts/installTerraform.sh

@@ -1,29 +0,0 @@
-
-# This will install Terraform on the device
-
-#1.0 Started to add Terraform to the project
-
-echo "OS: $OSTYPE"
-if [[ "$OSTYPE" == "darin"* ]]; then
-
-# I use debian so sudo
-elif [[ "$OSTYPE" == "linux-gnu"  ]]; then
-
-	# Download current release 
-	wget https://releases.hashicorp.com/terraform/0.11.13/terraform_0.11.13_linux_amd64.zip
-
-	unzip terraform_0.11.13_linux_amd64.zip
-
-	# Remove the zip
-	rm terraform_0.11.13_linux_amd64.zip
-
-	# copy over to bin
-        sudo cp terraform /bin/terraform
-
-	rm terraform	
-
-else
-	echo "You are running on a OS that is not supported by this script at this time."
-	echo "No changes have been made."
-	exit
-fi

scripts/installVagrant.sh

@@ -1,35 +0,0 @@
-
-# This will install Vagrant on the device
-
-#1.0 Started to add Vagrant to the project
-
-echo "OS: $OSTYPE"
-if [[ "$OSTYPE" == "darin"* ]]; then
-
-# I use debian so sudo
-elif [[ "$OSTYPE" == "linux-gnu" ]]; then
-
-	# Download current release 
-	wget https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2.2.4_linux_amd64.zip
-
-	unzip vagrant_2.2.4_linux_amd64.zip
-
-	# Remove the zip
-	rm vagrant_2.2.4_linux_amd64.zip
-
-	# copy over to bin
-        sudo cp vagrant /usr/bin/vagrant
-
-	rm vagrant	
-
-	echo "Installing VirtualBox 6"
-	wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
-	wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
-	sudo add-apt-repository "deb [arch=amd64] http://download.virtualbox.org/virtualbox/debian cosmic contrib"
-	sudo apt update
-	sudo apt install virtualbox-6.0
-else
-	echo "You are running on a OS that is not supported by this script at this time."
-	echo "No changes have been made."
-	exit
-fi