diff --git a/playbooks/rugcms-frontend-uitrol/ansible.cfg b/playbooks/rugcms-frontend-uitrol/ansible.cfg new file mode 100644 index 0000000..b0e6dc3 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/ansible.cfg @@ -0,0 +1,5 @@ +[defaults] +hostfile = hosts +remote_user = root +private_key_file = /home/ger/.ssh/id_dsa +host_key_checking = false diff --git a/playbooks/rugcms-frontend-uitrol/hosts b/playbooks/rugcms-frontend-uitrol/hosts new file mode 100644 index 0000000..45a76ab --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/hosts @@ -0,0 +1,55 @@ +[rugcms] + +cms-ft11 ansible_host=cms-ft11.service.rug.nl ansible_port=22 +cms-ft12 ansible_host=cms-ft12.service.rug.nl ansible_port=22 + +cms-ft21 ansible_host=cms-ft21.service.rug.nl ansible_port=22 +cms-ft22 ansible_host=cms-ft22.service.rug.nl ansible_port=22 + + +cms-fa11 ansible_host=cms-fa11.service.rug.nl ansible_port=22 +cms-fa12 ansible_host=cms-fa12.service.rug.nl ansible_port=22 +cms-fa13 ansible_host=cms-fa13.service.rug.nl ansible_port=22 +cms-fa14 ansible_host=cms-fa14.service.rug.nl ansible_port=22 + +cms-fp11 ansible_host=cms-fp11.service.rug.nl ansible_port=22 +cms-fp12 ansible_host=cms-fp12.service.rug.nl ansible_port=22 +cms-fp13 ansible_host=cms-fp13.service.rug.nl ansible_port=22 +cms-fp14 ansible_host=cms-fp14.service.rug.nl ansible_port=22 +cms-fp15 ansible_host=cms-fp15.service.rug.nl ansible_port=22 +cms-fp16 ansible_host=cms-fp16.service.rug.nl ansible_port=22 + + +cms-fa21 ansible_host=cms-fa21.service.rug.nl ansible_port=22 +cms-fa22 ansible_host=cms-fa22.service.rug.nl ansible_port=22 +cms-fa23 ansible_host=cms-fa23.service.rug.nl ansible_port=22 +cms-fa24 ansible_host=cms-fa24.service.rug.nl ansible_port=22 + +cms-fp21 ansible_host=cms-fp21.service.rug.nl ansible_port=22 +cms-fp22 ansible_host=cms-fp22.service.rug.nl ansible_port=22 +cms-fp23 ansible_host=cms-fp23.service.rug.nl ansible_port=22 +cms-fp24 ansible_host=cms-fp24.service.rug.nl ansible_port=22 +cms-fp25 ansible_host=cms-fp25.service.rug.nl ansible_port=22 +cms-fp26 ansible_host=cms-fp26.service.rug.nl ansible_port=22 + +[acc-new] +cms-fa[21:24] + +[prod] +cms-fp[21:26] + +[test] +cms-ft[21:22] + +[old-test] +cms-ft[11:12] + +[old-acc] +cms-fa[11:14] + +[old-prod] +cms-fp[11:16] + +[new] +cms-fa[21:24] +cms-fp[21:26] diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/Lib_Utils-1.00-09.noarch.rpm b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/Lib_Utils-1.00-09.noarch.rpm new file mode 100644 index 0000000..552732a Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/Lib_Utils-1.00-09.noarch.rpm differ diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/MegaCli-8.04.07-1.noarch.rpm b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/MegaCli-8.04.07-1.noarch.rpm new file mode 100644 index 0000000..b714a85 Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/MegaCli-8.04.07-1.noarch.rpm differ diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/firewall.sh b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/firewall.sh new file mode 100644 index 0000000..0c4b596 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/firewall.sh @@ -0,0 +1,227 @@ +#!/bin/bash + +# prevent SYNC-floods: +echo 1 > /proc/sys/net/ipv4/tcp_syncookies + +# initialize: +iptables -F +iptables -X +iptables -Z + +# config default policy's: +iptables -P INPUT DROP +iptables -P OUTPUT DROP +iptables -P FORWARD DROP + +iptables -N LOGDROP +iptables -A LOGDROP -j LOG +iptables -A LOGDROP -j DROP + +# kernel tweaks: +/bin/echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts +/bin/echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route +/bin/echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses +/bin/echo 1 > /proc/sys/net/ipv4/conf/all/log_martians +/bin/echo 0 > /proc/sys/net/ipv4/ip_forward + +# allow loopback: +iptables -A INPUT -i lo -j ACCEPT +iptables -A OUTPUT -o lo -j ACCEPT + +# allow asds.id.rug.nl +iptables -A INPUT -i br0 -s 129.125.2.50 -j ACCEPT +iptables -A OUTPUT -o br0 -d 129.125.2.50 -j ACCEPT + +# allow vlan933: +iptables -A INPUT -i bond0.933 -j ACCEPT +iptables -A OUTPUT -o bond0.933 -j ACCEPT + +# allow vlan934: +iptables -A INPUT -i bond0.934 -j ACCEPT +iptables -A OUTPUT -o bond0.934 -j ACCEPT +#allow outbound to databases: + +iptables -A INPUT -p tcp -s 129.125.36.182 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.182 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.183 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.183 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.184 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.184 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.185 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.185 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.186 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.186 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.187 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.187 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.188 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.188 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.141 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.141 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.142 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.142 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.143 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.143 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.144 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.144 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.148 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.148 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.149 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.149 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.150 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.150 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.50.147 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.50.147 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.71 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.71 -j ACCEPT + +# allow munin-statieken-server: +iptables -A INPUT -p tcp -s 129.125.50.91 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.50.91 -j ACCEPT + +# allow agenda: +iptables -A INPUT -p tcp -s 129.125.2.116 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.2.116 -j ACCEPT + +# allow imap.google.com: +iptables -A INPUT -p tcp -s 74.125.136/24 -j ACCEPT +iptables -A OUTPUT -p tcp -d 74.125.136/24 -j ACCEPT + +# allow imap.rug.nl: + +iptables -A INPUT -p tcp -s 129.125.2.81/32 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.2.81/32 -j ACCEPT + +# allow more google: +iptables -A INPUT -p tcp -s 173.194.65.0/24 -j ACCEPT +iptables -A OUTPUT -p tcp -d 173.194.65.0/24 -j ACCEPT + +# new tcp packets sync packets: +iptables -A INPUT -i br0 -p tcp ! --syn -m state --state NEW -j DROP + +# refuse loopback pacts incoming eth0: +iptables -A INPUT -i br0 -d 127.0.0.0/8 -j DROP + +# allow dns outbound to/from DNS server: +iptables -A INPUT -i br0 -p udp --sport 53 -j ACCEPT +iptables -A OUTPUT -o br0 -p udp --dport 53 -j ACCEPT + +# allow www outbound to 80: +iptables -A INPUT -i br0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o br0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT + +# allow www outbound to 443: +iptables -A INPUT -i br0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o br0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT + +# allow smtp outbound: +iptables -A INPUT -i br0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o br0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT + +# allow ssh from BWP: +iptables -A INPUT -i br0 -p tcp -s 129.125.249.0/24 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o br0 -p tcp -d 129.125.249.0/24 -m state --state ESTABLISHED -j ACCEPT + +# log/drop the rest: +iptables -A INPUT -i br0 -s 129.125.0.0/16 -d 129.125.36.121/32 -j LOGDROP + +#zabbix monitorings +iptables -A INPUT -i br0 -s 129.125.50.238 -j ACCEPT +iptables -A OUTPUT -o br0 -d 129.125.50.238 -j ACCEPT + +# allow 9080 inbound: +iptables -A INPUT -i br0 -p tcp --dport 9080 -j ACCEPT +iptables -A OUTPUT -o br0 -p tcp --sport 9080 -j ACCEPT + +# allow 2222 inbound: +iptables -A INPUT -i br0 -p tcp -s 129.125.249.0/24 --dport 2222 -j ACCEPT +iptables -A OUTPUT -o br0 -p tcp -d 129.125.249.0/24 --sport 2222 -j ACCEPT + +# inbound gadgets: +iptables -A INPUT -i br0 -p tcp -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o br0 -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT + +# allow from operator: +iptables -A INPUT -i br0 -s 129.125.50.41/32 -j ACCEPT +iptables -A OUTPUT -o br0 -d 129.125.50.41/32 -j ACCEPT + +# allow from/to ldap: +iptables -A INPUT -i br0 -s 129.125.68.50/32 -j ACCEPT +iptables -A OUTPUT -o br0 -d 129.125.68.50/32 -j ACCEPT + +# ldaps outbound: +iptables -A INPUT -i br0 -p tcp --sport 636 -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o br0 -p tcp --dport 636 -m state --state NEW,ESTABLISHED -j ACCEPT + +# allow nfs: +iptables -A INPUT -i br0 -s 129.125.50.171/32 -j ACCEPT +iptables -A OUTPUT -o br0 -d 129.125.50.171/32 -j ACCEPT + + +# allow ntp +iptables -A INPUT -i br0 -p tcp --sport 123 -j ACCEPT +iptables -A OUTPUT -o br0 -p tcp --dport 123 -j ACCEPT +iptables -A INPUT -i br0 -p udp --sport 123 -j ACCEPT +iptables -A OUTPUT -o br0 -p udp --dport 123 -j ACCEPT + +# allow charanga: +iptables -A INPUT -i br0 -p tcp -s 129.125.60.94/32 --dport 22 -j ACCEPT +iptables -A OUTPUT -o br0 -p tcp -d 129.125.60.94/32 --sport 22 -j ACCEPT + +# charanga 129.125.60.94 port 2222: +iptables -A INPUT -i br0 -p tcp -s 129.125.60.94/32 --dport 2222 -j ACCEPT +iptables -A OUTPUT -o br0 -p tcp -d 129.125.60.94/32 --sport 2222 -j ACCEPT + + +# allow imaps: +iptables -A INPUT -p tcp --sport 993 -j ACCEPT +iptables -A OUTPUT -p tcp --dport 993 -j ACCEPT + +# Flush & default +ip6tables -F INPUT +ip6tables -F OUTPUT +ip6tables -F FORWARD + +# setup log-chain: +ip6tables -N LOGREJECT +ip6tables -A LOGREJECT -j LOG +ip6tables -A LOGREJECT -j REJECT + +# Set the default policy to drop +ip6tables -P INPUT DROP +ip6tables -P OUTPUT DROP +ip6tables -P FORWARD DROP + +# rules: +ip6tables -A INPUT -i lo -j ACCEPT +ip6tables -A INPUT -j REJECT +ip6tables -A OUTPUT -j REJECT + +# allow ganglia-statieken-server: +iptables -A INPUT -p tcp -s 129.125.60.89 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.60.89 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.191 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.191 -j ACCEPT + +# open up port 9100 prometues: +iptables -A INPUT -i br0 -p tcp -s 129.125.2.233/32 --dport 9100 -j ACCEPT +iptables -A OUTPUT -o br0 -p tcp -d 129.125.2.233/32 --sport 9100 -j ACCEPT + +# allow icmp: +iptables -A INPUT -p icmp -j ACCEPT +iptables -A OUTPUT -p icmp -j ACCEPT diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/megaclisas-status b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/megaclisas-status new file mode 100755 index 0000000..d295d37 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/megaclisas-status @@ -0,0 +1,209 @@ +#!/usr/bin/python + +import os +import re +import sys + +binarypath = "/usr/sbin/megacli" + +if len(sys.argv) > 2: + print 'Usage: megaclisas-status [--nagios]' + sys.exit(1) + +nagiosmode=False +nagiosoutput='' +nagiosgoodarray=0 +nagiosbadarray=0 +nagiosgooddisk=0 +nagiosbaddisk=0 + +# Check command line arguments to enable nagios or not +if len(sys.argv) > 1: + if sys.argv[1] == '--nagios': + nagiosmode=True + else: + print 'Usage: megaclisas-status [-nagios]' + sys.exit(1) + +# Check binary exists (and +x), if not print an error message +# or return UNKNOWN nagios error code +if os.path.exists(binarypath) and os.access(binarypath, os.X_OK): + pass +else: + if nagiosmode: + print 'UNKNOWN - Cannot find '+binarypath + else: + print 'Cannot find '+binarypath+'. Please install it.' + sys.exit(3) + +# Get command output +def getOutput(cmd): + output = os.popen(cmd) + lines = [] + for line in output: + if not re.match(r'^$',line.strip()): + lines.append(line.strip()) + return lines + +def returnControllerNumber(output): + for line in output: + if re.match(r'^Controller Count.*$',line.strip()): + return int(line.split(':')[1].strip().strip('.')) + +def returnControllerModel(output): + for line in output: + if re.match(r'^Product Name.*$',line.strip()): + return line.split(':')[1].strip() + +def returnArrayNumber(output): + i = 0 + for line in output: + if re.match(r'^Number of Virtual (Disk|Drive).*$',line.strip()): + i = line.strip().split(':')[1].strip() + return i + +def returnArrayInfo(output,controllerid,arrayid): + id = 'c'+str(controllerid)+'u'+str(arrayid) + operationlinennumber = False + linenumber = 0 + + for line in output: + if re.match(r'Number Of Drives\s*((per span))?:.*[0-9]+$',line.strip()): + ldpdcount = line.split(':')[1].strip() + if re.match(r'Span Depth *:.*[0-9]+$',line.strip()): + spandepth = line.split(':')[1].strip() + if re.match(r'^RAID Level\s*:.*$',line.strip()): + raidlevel = line.strip().split(':')[1].split(',')[0].split('-')[1].strip() + type = 'RAID' + raidlevel + if re.match(r'^Size\s*:.*$',line.strip()): + # Size reported in MB + if re.match(r'^.*MB$',line.strip().split(':')[1]): + size = line.strip().split(':')[1].strip('MB').strip() + size = str(int(round((float(size) / 1000))))+'G' + # Size reported in TB + elif re.match(r'^.*TB$',line.strip().split(':')[1]): + size = line.strip().split(':')[1].strip('TB').strip() + size = str(int(round((float(size) * 1000))))+'G' + # Size reported in GB (default) + else: + size = line.strip().split(':')[1].strip('GB').strip() + size = str(int(round((float(size)))))+'G' + if re.match(r'^State\s*:.*$',line.strip()): + state = line.strip().split(':')[1].strip() + if re.match(r'^Ongoing Progresses\s*:.*$',line.strip()): + operationlinennumber = linenumber + linenumber += 1 + if operationlinennumber: + inprogress = output[operationlinennumber+1] + else: + inprogress = 'None' + + if ldpdcount and (int(spandepth) > 1): + ldpdcount = int(ldpdcount) * int(spandepth) + if int(raidlevel) < 10: + type = type + "0" + + return [id,type,size,state,inprogress] + +def returnDiskInfo(output,controllerid): + arrayid = False + diskid = False + table = [] + state = 'undef' + model = 'undef' + for line in output: + if re.match(r'^Virtual (Disk|Drive): [0-9]+.*$',line.strip()): + arrayid = line.split('(')[0].split(':')[1].strip() + if re.match(r'Firmware state: .*$',line.strip()): + state = line.split(':')[1].strip() + if re.match(r'Inquiry Data: .*$',line.strip()): + model = line.split(':')[1].strip() + model = re.sub(' +', ' ', model) + if re.match(r'PD: [0-9]+ Information.*$',line.strip()): + diskid = line.split()[1].strip() + + if arrayid != False and state != 'undef' and model != 'undef' and diskid != False: + table.append([str(arrayid), str(diskid), state, model]) + state = 'undef' + model = 'undef' + + return table + +cmd = binarypath+' -adpCount -NoLog' +output = getOutput(cmd) +controllernumber = returnControllerNumber(output) + +bad = False + +# List available controller +if not nagiosmode: + print '-- Controller informations --' + print '-- ID | Model' + controllerid = 0 + while controllerid < controllernumber: + cmd = binarypath+' -AdpAllInfo -a'+str(controllerid)+' -NoLog' + output = getOutput(cmd) + controllermodel = returnControllerModel(output) + print 'c'+str(controllerid)+' | '+controllermodel + controllerid += 1 + print '' + +controllerid = 0 +if not nagiosmode: + print '-- Arrays informations --' + print '-- ID | Type | Size | Status | InProgress' + +while controllerid < controllernumber: + arrayid = 0 + cmd = binarypath+' -LdGetNum -a'+str(controllerid)+' -NoLog' + output = getOutput(cmd) + arraynumber = returnArrayNumber(output) + while arrayid < int(arraynumber): + cmd = binarypath+' -LDInfo -l'+str(arrayid)+' -a'+str(controllerid)+' -NoLog' + output = getOutput(cmd) + arrayinfo = returnArrayInfo(output,controllerid,arrayid) + if not nagiosmode: + print arrayinfo[0]+' | '+arrayinfo[1]+' | '+arrayinfo[2]+' | '+arrayinfo[3]+' | '+arrayinfo[4] + if not arrayinfo[3] == 'Optimal': + bad = True + nagiosbadarray=nagiosbadarray+1 + else: + nagiosgoodarray=nagiosgoodarray+1 + arrayid += 1 + controllerid += 1 +if not nagiosmode: + print '' + +if not nagiosmode: + print '-- Disks informations' + print '-- ID | Model | Status' + +controllerid = 0 +while controllerid < controllernumber: + arrayid = 0 + cmd = binarypath+' -LDInfo -lall -a'+str(controllerid)+' -NoLog' + output = getOutput(cmd) + cmd = binarypath+' -LdPdInfo -a'+str(controllerid)+' -NoLog' + output = getOutput(cmd) + arraydisk = returnDiskInfo(output,controllerid) + for array in arraydisk: + if not array[2] == 'Online' and not array[2] == 'Online, Spun Up': + bad=True + nagiosbaddisk=nagiosbaddisk+1 + else: + nagiosgooddisk=nagiosgooddisk+1 + if not nagiosmode: + print 'c'+str(controllerid)+'u'+array[0]+'p'+array[1]+' | '+array[3]+' | '+array[2] + controllerid += 1 + +if nagiosmode: + if bad: + print 'RAID ERROR - Arrays: OK:'+str(nagiosgoodarray)+' Bad:'+str(nagiosbadarray)+' - Disks: OK:'+str(nagiosgooddisk)+' Bad:'+str(nagiosbaddisk) + sys.exit(2) + else: + print 'RAID OK - Arrays: OK:'+str(nagiosgoodarray)+' Bad:'+str(nagiosbadarray)+' - Disks: OK:'+str(nagiosgooddisk)+' Bad:'+str(nagiosbaddisk) +else: + if bad: + print '\nThere is at least one disk/array in a NOT OPTIMAL state.' + sys.exit(1) + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa21 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa21 new file mode 100644 index 0000000..13a07c0 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa21 @@ -0,0 +1,10 @@ + + + _____ ________ ____ + ____ _____ ______ _/ ____\____ \_____ \/_ | +_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ | | +\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \ | | + \___ >__|_| /____ > |__| (____ /\_______ \|___| + \/ \/ \/ \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa22 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa22 new file mode 100644 index 0000000..d2b9adf --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa22 @@ -0,0 +1,10 @@ + + + _____ ________ ________ + ____ _____ ______ _/ ____\____ \_____ \\_____ \ +_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ / ____/ +\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \/ \ + \___ >__|_| /____ > |__| (____ /\_______ \_______ \ + \/ \/ \/ \/ \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa23 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa23 new file mode 100644 index 0000000..a361343 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa23 @@ -0,0 +1,9 @@ + + + _____ ________ ________ + ____ _____ ______ _/ ____\____ \_____ \ \_____ \ +_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ _(__ < +\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \ / \ + \___ >__|_| /____ > |__| (____ /\_______ \/______ / + \/ \/ \/ \/ \/ \/ + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa24 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa24 new file mode 100644 index 0000000..f65ba23 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa24 @@ -0,0 +1,9 @@ + + + _____ ________ _____ + ____ _____ ______ _/ ____\____ \_____ \ / | | +_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ / | |_ +\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \/ ^ / + \___ >__|_| /____ > |__| (____ /\_______ \____ | + \/ \/ \/ \/ \/ |__| + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp21 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp21 new file mode 100644 index 0000000..99e066e --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp21 @@ -0,0 +1,10 @@ + + + _____ ________ ____ + ____ _____ ______ _/ ____\_____ \_____ \/_ | +_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ | | +\ \___| Y Y \\___ \ /_____/ | | | |_> > \ | | + \___ >__|_| /____ > |__| | __/\_______ \|___| + \/ \/ \/ |__| \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp22 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp22 new file mode 100644 index 0000000..027440e --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp22 @@ -0,0 +1,10 @@ + + + _____ ________ ________ + ____ _____ ______ _/ ____\_____ \_____ \\_____ \ +_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ / ____/ +\ \___| Y Y \\___ \ /_____/ | | | |_> > \/ \ + \___ >__|_| /____ > |__| | __/\_______ \_______ \ + \/ \/ \/ |__| \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp23 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp23 new file mode 100644 index 0000000..ed7dbf0 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp23 @@ -0,0 +1,10 @@ + + + _____ ________ ________ + ____ _____ ______ _/ ____\_____ \_____ \ \_____ \ +_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ _(__ < +\ \___| Y Y \\___ \ /_____/ | | | |_> > \ / \ + \___ >__|_| /____ > |__| | __/\_______ \/______ / + \/ \/ \/ |__| \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp24 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp24 new file mode 100644 index 0000000..986a4e2 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp24 @@ -0,0 +1,11 @@ + + + _____ ________ _____ + ____ _____ ______ _/ ____\_____ \_____ \ / | | +_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ / | |_ +\ \___| Y Y \\___ \ /_____/ | | | |_> > \/ ^ / + \___ >__|_| /____ > |__| | __/\_______ \____ | + \/ \/ \/ |__| \/ |__| + + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp25 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp25 new file mode 100644 index 0000000..2481ecc --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp25 @@ -0,0 +1,10 @@ + + + _____ ________ .________ + ____ _____ ______ _/ ____\_____ \_____ \ | ____/ +_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ |____ \ +\ \___| Y Y \\___ \ /_____/ | | | |_> > \ / \ + \___ >__|_| /____ > |__| | __/\_______ \/______ / + \/ \/ \/ |__| \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp26 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp26 new file mode 100644 index 0000000..67287c3 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp26 @@ -0,0 +1,10 @@ + + + _____ ________ ________ + ____ _____ ______ _/ ____\_____ \_____ \/ _____/ +_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ __ \ +\ \___| Y Y \\___ \ /_____/ | | | |_> > \ |__\ \ + \___ >__|_| /____ > |__| | __/\_______ \_____ / + \/ \/ \/ |__| \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-ft21 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-ft21 new file mode 100644 index 0000000..03c0e21 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-ft21 @@ -0,0 +1,10 @@ + + + _____ __ ________ ____ + ____ _____ ______ _/ ____\/ |_\_____ \/_ | +_/ ___\ / \ / ___/ ______ \ __\\ __\/ ____/ | | +\ \___| Y Y \\___ \ /_____/ | | | | / \ | | + \___ >__|_| /____ > |__| |__| \_______ \|___| + \/ \/ \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/nagios.tar.gz b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/nagios.tar.gz new file mode 100644 index 0000000..50709da Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/nagios.tar.gz differ diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/profile_rugcms b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/profile_rugcms new file mode 100644 index 0000000..7449235 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/profile_rugcms @@ -0,0 +1,47 @@ +umask 022 + +# if running bash +if [ -n "$BASH_VERSION" ]; then + # include .bashrc if it exists + if [ -f "$HOME/.bashrc" ]; then + . "$HOME/.bashrc" + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi + +EDITOR=nano +export EDITOR + +JAVA_HOME=$HOME/software/java +export JAVA_HOME + +PATH=$JAVA_HOME/bin:/usr/local/bin:/usr/bin:/usr/ccs/bin:$PATH +export PATH + +RUGCMS_CLASSPATH=\ +$HOME/software/tomcat/lib/*:\ +$HOME/servers/tomcat-common/lib/*:\ +$HOME/servers/ucms-common/lib/ucms/*:\ +$HOME/servers/ucms-common/lib/xml/*:\ +$HOME/servers/ucms-common/lib/jackrabbit/*:\ +$HOME/servers/ucms-common/lib/apache/*:\ +$HOME/servers/ucms-common/lib/google/*:\ +$HOME/servers/ucms-common/lib/* +export RUGCMS_CLASSPATH + +source $HOME/scripts/setClusterAndNode.sh + +if [[ $CLUSTER == 'test' ]]; then + PS1=$'\\[\\e[32;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]' +elif [[ $CLUSTER == 'acceptation' ]]; then + PS1=$'\\[\\e[33;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]' +elif [[ $CLUSTER == 'production' ]]; then + PS1=$'\\[\\e[31m\\]\\u@\\h (\\w) : \\[\\e[0m\\]' +else + PS1=$'\\[\\e[35;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]' +fi +export PS1 diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/resolv.conf b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/resolv.conf new file mode 100644 index 0000000..33aac01 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/resolv.conf @@ -0,0 +1,3 @@ +search service.rug.nl +nameserver 129.125.4.6 +nameserer 8.8.8.8 diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/sshd_config b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/sshd_config new file mode 100644 index 0000000..b7c6fea --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/sshd_config @@ -0,0 +1,139 @@ +# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +# If you want to change the port on a SELinux system, you have to tell +# SELinux about this change. +# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER +# +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +SyslogFacility AUTHPRIV +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin without-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no +PasswordAuthentication yes + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no +#KerberosUseKuserok yes + +# GSSAPI options +GSSAPIAuthentication yes +GSSAPICleanupCredentials no +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no +#GSSAPIEnablek5users no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several +# problems. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation sandbox +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#ShowPatchLevel no +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/yum_debug_dump.txt.gz b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/yum_debug_dump.txt.gz new file mode 100644 index 0000000..2784e17 Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/yum_debug_dump.txt.gz differ diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/.main.yml.swp b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/.main.yml.swp new file mode 100644 index 0000000..6b0aa3e Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/.main.yml.swp differ diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-files.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-files.yml new file mode 100644 index 0000000..40ca57f --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-files.yml @@ -0,0 +1,34 @@ +- copy: + src: files/motd.{{ ansible_hostname }} + dest: /etc/motd + owner: root + group: root + mode: 0644 + +- copy: + src: files/hosts + dest: /etc/hosts + owner: root + group: root + mode: 0644 + +- copy: + src: files/sshd_config + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: 0600 + +- copy: + src: files/resolv.conf + dest: /etc/resolv.conf + owner: root + group: root + mode: 0644 + +- copy: + src: files/yum_debug_dump.txt.gz + dest: /root/yum_debug_dump.txt.gz + owner: root + group: root + mode: 0600 diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-firewall.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-firewall.yml new file mode 100644 index 0000000..3d11dae --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-firewall.yml @@ -0,0 +1,6 @@ +- copy: + src: files/firewall.sh + dest: /root/firewall/firewall.sh + owner: root + group: root + mode: 0700 diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/disable-selinux.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/disable-selinux.yml new file mode 100644 index 0000000..1c185e7 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/disable-selinux.yml @@ -0,0 +1 @@ +- selinux: state=disabled diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/docker-netdata.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/docker-netdata.yml new file mode 100644 index 0000000..6df67b6 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/docker-netdata.yml @@ -0,0 +1,9 @@ +- docker_container: + name: netdata + image: titpetric/netdata + network_mode: host + hostname: "{{ ansible_hostname }}" + capabilities: SYS_PTRACE + state: started + volumes: + - /sys:/host/sys:ro diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/ger-user.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/ger-user.yml new file mode 100644 index 0000000..c6d41e1 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/ger-user.yml @@ -0,0 +1,6 @@ +- user: + name: ger + comment: "ger user" + state: present + group: rugcms + home: /home/ger diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-docker-py.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-docker-py.yml new file mode 100644 index 0000000..499f41e --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-docker-py.yml @@ -0,0 +1 @@ +- yum: name=python-docker-py state=latest diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-epel.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-epel.yml new file mode 100644 index 0000000..039802e --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-epel.yml @@ -0,0 +1 @@ +- yum: name=epel-release state=latest diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-ntp.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-ntp.yml new file mode 100644 index 0000000..d82087f --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-ntp.yml @@ -0,0 +1 @@ +- yum: name=ntp state=latest diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-yum-utils.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-yum-utils.yml new file mode 100644 index 0000000..906f8df --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-yum-utils.yml @@ -0,0 +1 @@ +- yum: name=yum-utils state=latest diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/main.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/main.yml new file mode 100644 index 0000000..58f4839 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/main.yml @@ -0,0 +1,21 @@ + - include: rugcms-group.yml + - include: rugcms-user.yml + - include: rugcms-keys.yml + - include: rugcms-profile.yml + - include: rugcms-password.yml + - include: stealth-client.yml + - include: install-epel.yml + - include: install-ntp.yml + - include: install-yum-utils.yml + - include: install-docker-py.yml + - include: disable-selinux.yml + - include: start-ntp.yml + - include: stop-firewalld.yml + - include: copy-firewall.yml + - include: run-firewall.yml + - include: nagios-client.yml + - include: mega-cli.yml + - include: copy-files.yml + - include: start-services.yml + - include: docker-netdata.yml + - include: upgrade.yml diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/mega-cli.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/mega-cli.yml new file mode 100644 index 0000000..f10a8f9 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/mega-cli.yml @@ -0,0 +1,27 @@ +- copy: + src: files/Lib_Utils-1.00-09.noarch.rpm + dest: /tmp/Lib_Utils-1.00-09.noarch.rpm + +- yum: + name: /tmp/Lib_Utils-1.00-09.noarch.rpm + state: present + +- copy: + src: files/MegaCli-8.04.07-1.noarch.rpm + dest: /tmp/MegaCli-8.04.07-1.noarch.rpm + +- yum: + name: /tmp/MegaCli-8.04.07-1.noarch.rpm + state: present + +- copy: + src: files/megaclisas-status + dest: /usr/sbin/megaclisas-status + owner: root + group: root + mode: 0700 + +- file: + src: /opt/MegaRAID/MegaCli/MegaCli64 + dest: /usr/sbin/megacli + state: link diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/nagios-client.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/nagios-client.yml new file mode 100644 index 0000000..fc1b65a --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/nagios-client.yml @@ -0,0 +1,42 @@ + + - file: path=/nagios state=directory + + - unarchive: + src: files/nagios.tar.gz + dest: /nagios + + - cron: + name: "check disk full" + minute: "00,10,20,30,40,50" + hour: "*" + job: "/nagios/cron/check_disk" + + - cron: + name: "check disk ok" + minute: "00,10,20,30,40,50" + hour: "*" + job: "/nagios/cron/check_disks" + + - cron: + name: "check firewall" + minute: "00,10,20,30,40,50" + hour: "*" + job: "/nagios/cron/check_iptables" + + - replace: + path: /nagios/cron/check_iptables + regexp: 'HOSTNAME="cms-fa11.service.rug.nl"' + replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"' + backup: yes + + - replace: + path: /nagios/cron/check_disk + regexp: 'HOSTNAME="cms-fa11.service.rug.nl"' + replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"' + backup: yes + + - replace: + path: /nagios/cron/check_disks + regexp: 'HOSTNAME="cms-fa11.service.rug.nl"' + replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"' + backup: yes diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-group.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-group.yml new file mode 100644 index 0000000..c7046ec --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-group.yml @@ -0,0 +1,3 @@ +- group: + name: rugcms + state: present diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-keys.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-keys.yml new file mode 100644 index 0000000..3cbdaa8 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-keys.yml @@ -0,0 +1,7 @@ +- authorized_key: + user: rugcms + key: '{{ item }}' + state: present + with_items: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga' diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-profile.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-profile.yml new file mode 100644 index 0000000..c633a4a --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-profile.yml @@ -0,0 +1,6 @@ +- copy: + src: files/profile_rugcms + dest: /local_disk/.profile + owner: rugcms + group: rugcms + mode: 0700 diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-user.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-user.yml new file mode 100644 index 0000000..a9cc9fa --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-user.yml @@ -0,0 +1,6 @@ +- user: + name: rugcms + comment: "rugcms user" + state: present + group: rugcms + home: /local_disk diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/run-firewall.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/run-firewall.yml new file mode 100644 index 0000000..3a8fed8 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/run-firewall.yml @@ -0,0 +1 @@ +- script: chdir=/root/firewall firewall.sh diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-ntp.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-ntp.yml new file mode 100644 index 0000000..68f70c3 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-ntp.yml @@ -0,0 +1,4 @@ +- systemd: + name: ntpd.service + state: started + enabled: yes diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-services.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-services.yml new file mode 100644 index 0000000..9728492 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-services.yml @@ -0,0 +1,14 @@ +- systemd: + name: sshd.service + state: started + enabled: yes + +- systemd: + name: postfix.service + state: started + enabled: yes + +- systemd: + name: docker.service + state: started + enabled: yes diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stealth-client.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stealth-client.yml new file mode 100644 index 0000000..71df994 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stealth-client.yml @@ -0,0 +1,15 @@ +- group: + name: kees + state: present + +- user: + name: kees + comment: "stealth user" + state: present + group: kees + home: /home/kees + +- authorized_key: + user: kees + key: 'ssh-dss AAAAB3NzaC1kc3MAAACBALg7GbHKk2jYPNXUgW69AKKnCALjroTtwCA0bt4zde1mavYNoQK8JY/pe4BSOQtsyo3JECYzmAZwoNbq8nJCh8ORf5tKs8njEykZ0n7BVWtCT/jh9EFPTFhFK864TdFVCvwtIafAL4kEVNvJ0wrJYa1mN/ds03HWliv+3Shj6x0dAAAAFQDxlwgId3zlrXiCfk3ciAHN5b2ScwAAAIEArZ3/Hg7FECh5Fjf7lnBQZW7sjG5OLZRJIZlj2/jYnvIRUrsN2XmebwO4Q5q7g7FLWlfbg+x2Lmv1OWf/zGd3U6aAx8M+d+nTWDtWpQNvcE99HlfOs9Q4Rzxx6ZOyaZn57lCva/nCmLe0DTPVB8rvocMmqe1r3n7/KgxxKttbWRUAAACAfH2y4JPt2AcVdHnHiibpQBtxK/9m6AEjsB/g02tMXHZletMs9jF6kGynan7xJqRqvWxkGS1ClHIUdt2uK6A6pbqOf2BwcBIxAdljLRrZOyvmW9KTqduHMemYv6xQnpNGb8moWq5V5FKiATvd/LB46O1zwZejJErfj70LRE98Hv4= stealth@operator' + state: present diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stop-firewalld.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stop-firewalld.yml new file mode 100644 index 0000000..8dc66c4 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stop-firewalld.yml @@ -0,0 +1,3 @@ +- systemd: + name: firewalld.service + enabled: no diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/upgrade.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/upgrade.yml new file mode 100644 index 0000000..df7655f --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/upgrade.yml @@ -0,0 +1 @@ +- yum: name=* state=latest diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/Lib_Utils-1.00-09.noarch.rpm b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/Lib_Utils-1.00-09.noarch.rpm new file mode 100644 index 0000000..552732a Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/Lib_Utils-1.00-09.noarch.rpm differ diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/MegaCli-8.04.07-1.noarch.rpm b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/MegaCli-8.04.07-1.noarch.rpm new file mode 100644 index 0000000..b714a85 Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/MegaCli-8.04.07-1.noarch.rpm differ diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/firewall.sh b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/firewall.sh new file mode 100644 index 0000000..8b1f4ee --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/firewall.sh @@ -0,0 +1,227 @@ +#!/bin/bash + +# prevent SYNC-floods: +echo 1 > /proc/sys/net/ipv4/tcp_syncookies + +# initialize: +iptables -F +iptables -X +iptables -Z + +# config default policy's: +iptables -P INPUT DROP +iptables -P OUTPUT DROP +iptables -P FORWARD DROP + +iptables -N LOGDROP +iptables -A LOGDROP -j LOG +iptables -A LOGDROP -j DROP + +# kernel tweaks: +/bin/echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts +/bin/echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route +/bin/echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses +/bin/echo 1 > /proc/sys/net/ipv4/conf/all/log_martians +/bin/echo 0 > /proc/sys/net/ipv4/ip_forward + +# allow loopback: +iptables -A INPUT -i lo -j ACCEPT +iptables -A OUTPUT -o lo -j ACCEPT + +# allow asds.id.rug.nl +iptables -A INPUT -i eth0 -s 129.125.2.50 -j ACCEPT +iptables -A OUTPUT -o eth0 -d 129.125.2.50 -j ACCEPT + +# allow vlan933: +iptables -A INPUT -i bond0.933 -j ACCEPT +iptables -A OUTPUT -o bond0.933 -j ACCEPT + +# allow vlan934: +iptables -A INPUT -i bond0.934 -j ACCEPT +iptables -A OUTPUT -o bond0.934 -j ACCEPT +#allow outbound to databases: + +iptables -A INPUT -p tcp -s 129.125.36.182 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.182 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.183 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.183 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.184 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.184 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.185 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.185 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.186 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.186 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.187 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.187 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.188 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.188 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.141 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.141 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.142 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.142 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.143 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.143 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.144 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.144 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.148 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.148 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.149 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.149 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.150 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.150 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.50.147 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.50.147 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.71 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.71 -j ACCEPT + +# allow munin-statieken-server: +iptables -A INPUT -p tcp -s 129.125.50.91 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.50.91 -j ACCEPT + +# allow agenda: +iptables -A INPUT -p tcp -s 129.125.2.116 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.2.116 -j ACCEPT + +# allow imap.google.com: +iptables -A INPUT -p tcp -s 74.125.136/24 -j ACCEPT +iptables -A OUTPUT -p tcp -d 74.125.136/24 -j ACCEPT + +# allow imap.rug.nl: + +iptables -A INPUT -p tcp -s 129.125.2.81/32 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.2.81/32 -j ACCEPT + +# allow more google: +iptables -A INPUT -p tcp -s 173.194.65.0/24 -j ACCEPT +iptables -A OUTPUT -p tcp -d 173.194.65.0/24 -j ACCEPT + +# new tcp packets sync packets: +iptables -A INPUT -i eth0 -p tcp ! --syn -m state --state NEW -j DROP + +# refuse loopback pacts incoming eth0: +iptables -A INPUT -i eth0 -d 127.0.0.0/8 -j DROP + +# allow dns outbound to/from DNS server: +iptables -A INPUT -i eth0 -p udp --sport 53 -j ACCEPT +iptables -A OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT + +# allow www outbound to 80: +iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT + +# allow www outbound to 443: +iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT + +# allow smtp outbound: +iptables -A INPUT -i eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT + +# allow ssh from BWP: +iptables -A INPUT -i eth0 -p tcp -s 129.125.249.0/24 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp -d 129.125.249.0/24 -m state --state ESTABLISHED -j ACCEPT + +# log/drop the rest: +iptables -A INPUT -i eth0 -s 129.125.0.0/16 -d 129.125.36.121/32 -j LOGDROP + +#zabbix monitorings +iptables -A INPUT -i eth0 -s 129.125.50.238 -j ACCEPT +iptables -A OUTPUT -o eth0 -d 129.125.50.238 -j ACCEPT + +# allow 9080 inbound: +iptables -A INPUT -i eth0 -p tcp --dport 9080 -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --sport 9080 -j ACCEPT + +# allow 2222 inbound: +iptables -A INPUT -i eth0 -p tcp -s 129.125.249.0/24 --dport 2222 -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp -d 129.125.249.0/24 --sport 2222 -j ACCEPT + +# inbound gadgets: +iptables -A INPUT -i eth0 -p tcp -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT + +# allow from operator: +iptables -A INPUT -i eth0 -s 129.125.50.41/32 -j ACCEPT +iptables -A OUTPUT -o eth0 -d 129.125.50.41/32 -j ACCEPT + +# allow from/to ldap: +iptables -A INPUT -i eth0 -s 129.125.68.50/32 -j ACCEPT +iptables -A OUTPUT -o eth0 -d 129.125.68.50/32 -j ACCEPT + +# ldaps outbound: +iptables -A INPUT -i eth0 -p tcp --sport 636 -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --dport 636 -m state --state NEW,ESTABLISHED -j ACCEPT + +# allow nfs: +iptables -A INPUT -i eth0 -s 129.125.50.171/32 -j ACCEPT +iptables -A OUTPUT -o eth0 -d 129.125.50.171/32 -j ACCEPT + + +# allow ntp +iptables -A INPUT -i eth0 -p tcp --sport 123 -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --dport 123 -j ACCEPT +iptables -A INPUT -i eth0 -p udp --sport 123 -j ACCEPT +iptables -A OUTPUT -o eth0 -p udp --dport 123 -j ACCEPT + +# allow charanga: +iptables -A INPUT -i eth0 -p tcp -s 129.125.60.94/32 --dport 22 -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp -d 129.125.60.94/32 --sport 22 -j ACCEPT + +# charanga 129.125.60.94 port 2222: +iptables -A INPUT -i eth0 -p tcp -s 129.125.60.94/32 --dport 2222 -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp -d 129.125.60.94/32 --sport 2222 -j ACCEPT + + +# allow imaps: +iptables -A INPUT -p tcp --sport 993 -j ACCEPT +iptables -A OUTPUT -p tcp --dport 993 -j ACCEPT + +# Flush & default +ip6tables -F INPUT +ip6tables -F OUTPUT +ip6tables -F FORWARD + +# setup log-chain: +ip6tables -N LOGREJECT +ip6tables -A LOGREJECT -j LOG +ip6tables -A LOGREJECT -j REJECT + +# Set the default policy to drop +ip6tables -P INPUT DROP +ip6tables -P OUTPUT DROP +ip6tables -P FORWARD DROP + +# rules: +ip6tables -A INPUT -i lo -j ACCEPT +ip6tables -A INPUT -j REJECT +ip6tables -A OUTPUT -j REJECT + +# allow ganglia-statieken-server: +iptables -A INPUT -p tcp -s 129.125.60.89 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.60.89 -j ACCEPT + +iptables -A INPUT -p tcp -s 129.125.36.191 -j ACCEPT +iptables -A OUTPUT -p tcp -d 129.125.36.191 -j ACCEPT + +# open up port 9100 prometues: +iptables -A INPUT -i eth0 -p tcp -s 129.125.2.233/32 --dport 9100 -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp -d 129.125.2.233/32 --sport 9100 -j ACCEPT + +# allow icmp: +iptables -A INPUT -p icmp -j ACCEPT +iptables -A OUTPUT -p icmp -j ACCEPT diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/megaclisas-status b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/megaclisas-status new file mode 100755 index 0000000..d295d37 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/megaclisas-status @@ -0,0 +1,209 @@ +#!/usr/bin/python + +import os +import re +import sys + +binarypath = "/usr/sbin/megacli" + +if len(sys.argv) > 2: + print 'Usage: megaclisas-status [--nagios]' + sys.exit(1) + +nagiosmode=False +nagiosoutput='' +nagiosgoodarray=0 +nagiosbadarray=0 +nagiosgooddisk=0 +nagiosbaddisk=0 + +# Check command line arguments to enable nagios or not +if len(sys.argv) > 1: + if sys.argv[1] == '--nagios': + nagiosmode=True + else: + print 'Usage: megaclisas-status [-nagios]' + sys.exit(1) + +# Check binary exists (and +x), if not print an error message +# or return UNKNOWN nagios error code +if os.path.exists(binarypath) and os.access(binarypath, os.X_OK): + pass +else: + if nagiosmode: + print 'UNKNOWN - Cannot find '+binarypath + else: + print 'Cannot find '+binarypath+'. Please install it.' + sys.exit(3) + +# Get command output +def getOutput(cmd): + output = os.popen(cmd) + lines = [] + for line in output: + if not re.match(r'^$',line.strip()): + lines.append(line.strip()) + return lines + +def returnControllerNumber(output): + for line in output: + if re.match(r'^Controller Count.*$',line.strip()): + return int(line.split(':')[1].strip().strip('.')) + +def returnControllerModel(output): + for line in output: + if re.match(r'^Product Name.*$',line.strip()): + return line.split(':')[1].strip() + +def returnArrayNumber(output): + i = 0 + for line in output: + if re.match(r'^Number of Virtual (Disk|Drive).*$',line.strip()): + i = line.strip().split(':')[1].strip() + return i + +def returnArrayInfo(output,controllerid,arrayid): + id = 'c'+str(controllerid)+'u'+str(arrayid) + operationlinennumber = False + linenumber = 0 + + for line in output: + if re.match(r'Number Of Drives\s*((per span))?:.*[0-9]+$',line.strip()): + ldpdcount = line.split(':')[1].strip() + if re.match(r'Span Depth *:.*[0-9]+$',line.strip()): + spandepth = line.split(':')[1].strip() + if re.match(r'^RAID Level\s*:.*$',line.strip()): + raidlevel = line.strip().split(':')[1].split(',')[0].split('-')[1].strip() + type = 'RAID' + raidlevel + if re.match(r'^Size\s*:.*$',line.strip()): + # Size reported in MB + if re.match(r'^.*MB$',line.strip().split(':')[1]): + size = line.strip().split(':')[1].strip('MB').strip() + size = str(int(round((float(size) / 1000))))+'G' + # Size reported in TB + elif re.match(r'^.*TB$',line.strip().split(':')[1]): + size = line.strip().split(':')[1].strip('TB').strip() + size = str(int(round((float(size) * 1000))))+'G' + # Size reported in GB (default) + else: + size = line.strip().split(':')[1].strip('GB').strip() + size = str(int(round((float(size)))))+'G' + if re.match(r'^State\s*:.*$',line.strip()): + state = line.strip().split(':')[1].strip() + if re.match(r'^Ongoing Progresses\s*:.*$',line.strip()): + operationlinennumber = linenumber + linenumber += 1 + if operationlinennumber: + inprogress = output[operationlinennumber+1] + else: + inprogress = 'None' + + if ldpdcount and (int(spandepth) > 1): + ldpdcount = int(ldpdcount) * int(spandepth) + if int(raidlevel) < 10: + type = type + "0" + + return [id,type,size,state,inprogress] + +def returnDiskInfo(output,controllerid): + arrayid = False + diskid = False + table = [] + state = 'undef' + model = 'undef' + for line in output: + if re.match(r'^Virtual (Disk|Drive): [0-9]+.*$',line.strip()): + arrayid = line.split('(')[0].split(':')[1].strip() + if re.match(r'Firmware state: .*$',line.strip()): + state = line.split(':')[1].strip() + if re.match(r'Inquiry Data: .*$',line.strip()): + model = line.split(':')[1].strip() + model = re.sub(' +', ' ', model) + if re.match(r'PD: [0-9]+ Information.*$',line.strip()): + diskid = line.split()[1].strip() + + if arrayid != False and state != 'undef' and model != 'undef' and diskid != False: + table.append([str(arrayid), str(diskid), state, model]) + state = 'undef' + model = 'undef' + + return table + +cmd = binarypath+' -adpCount -NoLog' +output = getOutput(cmd) +controllernumber = returnControllerNumber(output) + +bad = False + +# List available controller +if not nagiosmode: + print '-- Controller informations --' + print '-- ID | Model' + controllerid = 0 + while controllerid < controllernumber: + cmd = binarypath+' -AdpAllInfo -a'+str(controllerid)+' -NoLog' + output = getOutput(cmd) + controllermodel = returnControllerModel(output) + print 'c'+str(controllerid)+' | '+controllermodel + controllerid += 1 + print '' + +controllerid = 0 +if not nagiosmode: + print '-- Arrays informations --' + print '-- ID | Type | Size | Status | InProgress' + +while controllerid < controllernumber: + arrayid = 0 + cmd = binarypath+' -LdGetNum -a'+str(controllerid)+' -NoLog' + output = getOutput(cmd) + arraynumber = returnArrayNumber(output) + while arrayid < int(arraynumber): + cmd = binarypath+' -LDInfo -l'+str(arrayid)+' -a'+str(controllerid)+' -NoLog' + output = getOutput(cmd) + arrayinfo = returnArrayInfo(output,controllerid,arrayid) + if not nagiosmode: + print arrayinfo[0]+' | '+arrayinfo[1]+' | '+arrayinfo[2]+' | '+arrayinfo[3]+' | '+arrayinfo[4] + if not arrayinfo[3] == 'Optimal': + bad = True + nagiosbadarray=nagiosbadarray+1 + else: + nagiosgoodarray=nagiosgoodarray+1 + arrayid += 1 + controllerid += 1 +if not nagiosmode: + print '' + +if not nagiosmode: + print '-- Disks informations' + print '-- ID | Model | Status' + +controllerid = 0 +while controllerid < controllernumber: + arrayid = 0 + cmd = binarypath+' -LDInfo -lall -a'+str(controllerid)+' -NoLog' + output = getOutput(cmd) + cmd = binarypath+' -LdPdInfo -a'+str(controllerid)+' -NoLog' + output = getOutput(cmd) + arraydisk = returnDiskInfo(output,controllerid) + for array in arraydisk: + if not array[2] == 'Online' and not array[2] == 'Online, Spun Up': + bad=True + nagiosbaddisk=nagiosbaddisk+1 + else: + nagiosgooddisk=nagiosgooddisk+1 + if not nagiosmode: + print 'c'+str(controllerid)+'u'+array[0]+'p'+array[1]+' | '+array[3]+' | '+array[2] + controllerid += 1 + +if nagiosmode: + if bad: + print 'RAID ERROR - Arrays: OK:'+str(nagiosgoodarray)+' Bad:'+str(nagiosbadarray)+' - Disks: OK:'+str(nagiosgooddisk)+' Bad:'+str(nagiosbaddisk) + sys.exit(2) + else: + print 'RAID OK - Arrays: OK:'+str(nagiosgoodarray)+' Bad:'+str(nagiosbadarray)+' - Disks: OK:'+str(nagiosgooddisk)+' Bad:'+str(nagiosbaddisk) +else: + if bad: + print '\nThere is at least one disk/array in a NOT OPTIMAL state.' + sys.exit(1) + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa21 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa21 new file mode 100644 index 0000000..13a07c0 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa21 @@ -0,0 +1,10 @@ + + + _____ ________ ____ + ____ _____ ______ _/ ____\____ \_____ \/_ | +_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ | | +\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \ | | + \___ >__|_| /____ > |__| (____ /\_______ \|___| + \/ \/ \/ \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa22 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa22 new file mode 100644 index 0000000..d2b9adf --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa22 @@ -0,0 +1,10 @@ + + + _____ ________ ________ + ____ _____ ______ _/ ____\____ \_____ \\_____ \ +_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ / ____/ +\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \/ \ + \___ >__|_| /____ > |__| (____ /\_______ \_______ \ + \/ \/ \/ \/ \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa23 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa23 new file mode 100644 index 0000000..a361343 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa23 @@ -0,0 +1,9 @@ + + + _____ ________ ________ + ____ _____ ______ _/ ____\____ \_____ \ \_____ \ +_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ _(__ < +\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \ / \ + \___ >__|_| /____ > |__| (____ /\_______ \/______ / + \/ \/ \/ \/ \/ \/ + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa24 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa24 new file mode 100644 index 0000000..f65ba23 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa24 @@ -0,0 +1,9 @@ + + + _____ ________ _____ + ____ _____ ______ _/ ____\____ \_____ \ / | | +_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ / | |_ +\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \/ ^ / + \___ >__|_| /____ > |__| (____ /\_______ \____ | + \/ \/ \/ \/ \/ |__| + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp21 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp21 new file mode 100644 index 0000000..99e066e --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp21 @@ -0,0 +1,10 @@ + + + _____ ________ ____ + ____ _____ ______ _/ ____\_____ \_____ \/_ | +_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ | | +\ \___| Y Y \\___ \ /_____/ | | | |_> > \ | | + \___ >__|_| /____ > |__| | __/\_______ \|___| + \/ \/ \/ |__| \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp22 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp22 new file mode 100644 index 0000000..027440e --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp22 @@ -0,0 +1,10 @@ + + + _____ ________ ________ + ____ _____ ______ _/ ____\_____ \_____ \\_____ \ +_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ / ____/ +\ \___| Y Y \\___ \ /_____/ | | | |_> > \/ \ + \___ >__|_| /____ > |__| | __/\_______ \_______ \ + \/ \/ \/ |__| \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp23 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp23 new file mode 100644 index 0000000..ed7dbf0 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp23 @@ -0,0 +1,10 @@ + + + _____ ________ ________ + ____ _____ ______ _/ ____\_____ \_____ \ \_____ \ +_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ _(__ < +\ \___| Y Y \\___ \ /_____/ | | | |_> > \ / \ + \___ >__|_| /____ > |__| | __/\_______ \/______ / + \/ \/ \/ |__| \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp24 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp24 new file mode 100644 index 0000000..986a4e2 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp24 @@ -0,0 +1,11 @@ + + + _____ ________ _____ + ____ _____ ______ _/ ____\_____ \_____ \ / | | +_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ / | |_ +\ \___| Y Y \\___ \ /_____/ | | | |_> > \/ ^ / + \___ >__|_| /____ > |__| | __/\_______ \____ | + \/ \/ \/ |__| \/ |__| + + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp25 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp25 new file mode 100644 index 0000000..2481ecc --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp25 @@ -0,0 +1,10 @@ + + + _____ ________ .________ + ____ _____ ______ _/ ____\_____ \_____ \ | ____/ +_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ |____ \ +\ \___| Y Y \\___ \ /_____/ | | | |_> > \ / \ + \___ >__|_| /____ > |__| | __/\_______ \/______ / + \/ \/ \/ |__| \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp26 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp26 new file mode 100644 index 0000000..67287c3 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp26 @@ -0,0 +1,10 @@ + + + _____ ________ ________ + ____ _____ ______ _/ ____\_____ \_____ \/ _____/ +_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ __ \ +\ \___| Y Y \\___ \ /_____/ | | | |_> > \ |__\ \ + \___ >__|_| /____ > |__| | __/\_______ \_____ / + \/ \/ \/ |__| \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-ft21 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-ft21 new file mode 100644 index 0000000..03c0e21 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-ft21 @@ -0,0 +1,10 @@ + + + _____ __ ________ ____ + ____ _____ ______ _/ ____\/ |_\_____ \/_ | +_/ ___\ / \ / ___/ ______ \ __\\ __\/ ____/ | | +\ \___| Y Y \\___ \ /_____/ | | | | / \ | | + \___ >__|_| /____ > |__| |__| \_______ \|___| + \/ \/ \/ \/ + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-ft22 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-ft22 new file mode 100644 index 0000000..6e38e3f --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-ft22 @@ -0,0 +1,16 @@ + + + _____ __ ________ ________ + ____ _____ ______ _/ ____\/ |_\_____ \\_____ \ +_/ ___\ / \ / ___/ ______ \ __\\ __\/ ____/ / ____/ +\ \___| Y Y \\___ \ /_____/ | | | | / \/ \ + \___ >__|_| /____ > |__| |__| \_______ \_______ \ + \/ \/ \/ \/ \/ + + + + + + + + diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/nagios.tar.gz b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/nagios.tar.gz new file mode 100644 index 0000000..50709da Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/nagios.tar.gz differ diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/profile_rugcms b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/profile_rugcms new file mode 100644 index 0000000..7449235 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/profile_rugcms @@ -0,0 +1,47 @@ +umask 022 + +# if running bash +if [ -n "$BASH_VERSION" ]; then + # include .bashrc if it exists + if [ -f "$HOME/.bashrc" ]; then + . "$HOME/.bashrc" + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi + +EDITOR=nano +export EDITOR + +JAVA_HOME=$HOME/software/java +export JAVA_HOME + +PATH=$JAVA_HOME/bin:/usr/local/bin:/usr/bin:/usr/ccs/bin:$PATH +export PATH + +RUGCMS_CLASSPATH=\ +$HOME/software/tomcat/lib/*:\ +$HOME/servers/tomcat-common/lib/*:\ +$HOME/servers/ucms-common/lib/ucms/*:\ +$HOME/servers/ucms-common/lib/xml/*:\ +$HOME/servers/ucms-common/lib/jackrabbit/*:\ +$HOME/servers/ucms-common/lib/apache/*:\ +$HOME/servers/ucms-common/lib/google/*:\ +$HOME/servers/ucms-common/lib/* +export RUGCMS_CLASSPATH + +source $HOME/scripts/setClusterAndNode.sh + +if [[ $CLUSTER == 'test' ]]; then + PS1=$'\\[\\e[32;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]' +elif [[ $CLUSTER == 'acceptation' ]]; then + PS1=$'\\[\\e[33;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]' +elif [[ $CLUSTER == 'production' ]]; then + PS1=$'\\[\\e[31m\\]\\u@\\h (\\w) : \\[\\e[0m\\]' +else + PS1=$'\\[\\e[35;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]' +fi +export PS1 diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/resolv.conf b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/resolv.conf new file mode 100644 index 0000000..33aac01 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/resolv.conf @@ -0,0 +1,3 @@ +search service.rug.nl +nameserver 129.125.4.6 +nameserer 8.8.8.8 diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/sshd_config b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/sshd_config new file mode 100644 index 0000000..b7c6fea --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/sshd_config @@ -0,0 +1,139 @@ +# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +# If you want to change the port on a SELinux system, you have to tell +# SELinux about this change. +# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER +# +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +SyslogFacility AUTHPRIV +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin without-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no +PasswordAuthentication yes + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no +#KerberosUseKuserok yes + +# GSSAPI options +GSSAPIAuthentication yes +GSSAPICleanupCredentials no +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no +#GSSAPIEnablek5users no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several +# problems. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation sandbox +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#ShowPatchLevel no +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/yum_debug_dump.txt.gz b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/yum_debug_dump.txt.gz new file mode 100644 index 0000000..2784e17 Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/yum_debug_dump.txt.gz differ diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/.main.yml.swp b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/.main.yml.swp new file mode 100644 index 0000000..6b0aa3e Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/.main.yml.swp differ diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/copy-files.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/copy-files.yml new file mode 100644 index 0000000..40ca57f --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/copy-files.yml @@ -0,0 +1,34 @@ +- copy: + src: files/motd.{{ ansible_hostname }} + dest: /etc/motd + owner: root + group: root + mode: 0644 + +- copy: + src: files/hosts + dest: /etc/hosts + owner: root + group: root + mode: 0644 + +- copy: + src: files/sshd_config + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: 0600 + +- copy: + src: files/resolv.conf + dest: /etc/resolv.conf + owner: root + group: root + mode: 0644 + +- copy: + src: files/yum_debug_dump.txt.gz + dest: /root/yum_debug_dump.txt.gz + owner: root + group: root + mode: 0600 diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/copy-firewall.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/copy-firewall.yml new file mode 100644 index 0000000..3d11dae --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/copy-firewall.yml @@ -0,0 +1,6 @@ +- copy: + src: files/firewall.sh + dest: /root/firewall/firewall.sh + owner: root + group: root + mode: 0700 diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/disable-selinux.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/disable-selinux.yml new file mode 100644 index 0000000..1c185e7 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/disable-selinux.yml @@ -0,0 +1 @@ +- selinux: state=disabled diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/docker-netdata.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/docker-netdata.yml new file mode 100644 index 0000000..6df67b6 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/docker-netdata.yml @@ -0,0 +1,9 @@ +- docker_container: + name: netdata + image: titpetric/netdata + network_mode: host + hostname: "{{ ansible_hostname }}" + capabilities: SYS_PTRACE + state: started + volumes: + - /sys:/host/sys:ro diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/ger-user.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/ger-user.yml new file mode 100644 index 0000000..c6d41e1 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/ger-user.yml @@ -0,0 +1,6 @@ +- user: + name: ger + comment: "ger user" + state: present + group: rugcms + home: /home/ger diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-docker-py.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-docker-py.yml new file mode 100644 index 0000000..499f41e --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-docker-py.yml @@ -0,0 +1 @@ +- yum: name=python-docker-py state=latest diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-epel.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-epel.yml new file mode 100644 index 0000000..039802e --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-epel.yml @@ -0,0 +1 @@ +- yum: name=epel-release state=latest diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-ntp.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-ntp.yml new file mode 100644 index 0000000..d82087f --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-ntp.yml @@ -0,0 +1 @@ +- yum: name=ntp state=latest diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-yum-utils.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-yum-utils.yml new file mode 100644 index 0000000..906f8df --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-yum-utils.yml @@ -0,0 +1 @@ +- yum: name=yum-utils state=latest diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/main.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/main.yml new file mode 100644 index 0000000..58f4839 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/main.yml @@ -0,0 +1,21 @@ + - include: rugcms-group.yml + - include: rugcms-user.yml + - include: rugcms-keys.yml + - include: rugcms-profile.yml + - include: rugcms-password.yml + - include: stealth-client.yml + - include: install-epel.yml + - include: install-ntp.yml + - include: install-yum-utils.yml + - include: install-docker-py.yml + - include: disable-selinux.yml + - include: start-ntp.yml + - include: stop-firewalld.yml + - include: copy-firewall.yml + - include: run-firewall.yml + - include: nagios-client.yml + - include: mega-cli.yml + - include: copy-files.yml + - include: start-services.yml + - include: docker-netdata.yml + - include: upgrade.yml diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/mega-cli.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/mega-cli.yml new file mode 100644 index 0000000..f10a8f9 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/mega-cli.yml @@ -0,0 +1,27 @@ +- copy: + src: files/Lib_Utils-1.00-09.noarch.rpm + dest: /tmp/Lib_Utils-1.00-09.noarch.rpm + +- yum: + name: /tmp/Lib_Utils-1.00-09.noarch.rpm + state: present + +- copy: + src: files/MegaCli-8.04.07-1.noarch.rpm + dest: /tmp/MegaCli-8.04.07-1.noarch.rpm + +- yum: + name: /tmp/MegaCli-8.04.07-1.noarch.rpm + state: present + +- copy: + src: files/megaclisas-status + dest: /usr/sbin/megaclisas-status + owner: root + group: root + mode: 0700 + +- file: + src: /opt/MegaRAID/MegaCli/MegaCli64 + dest: /usr/sbin/megacli + state: link diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/nagios-client.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/nagios-client.yml new file mode 100644 index 0000000..fc1b65a --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/nagios-client.yml @@ -0,0 +1,42 @@ + + - file: path=/nagios state=directory + + - unarchive: + src: files/nagios.tar.gz + dest: /nagios + + - cron: + name: "check disk full" + minute: "00,10,20,30,40,50" + hour: "*" + job: "/nagios/cron/check_disk" + + - cron: + name: "check disk ok" + minute: "00,10,20,30,40,50" + hour: "*" + job: "/nagios/cron/check_disks" + + - cron: + name: "check firewall" + minute: "00,10,20,30,40,50" + hour: "*" + job: "/nagios/cron/check_iptables" + + - replace: + path: /nagios/cron/check_iptables + regexp: 'HOSTNAME="cms-fa11.service.rug.nl"' + replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"' + backup: yes + + - replace: + path: /nagios/cron/check_disk + regexp: 'HOSTNAME="cms-fa11.service.rug.nl"' + replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"' + backup: yes + + - replace: + path: /nagios/cron/check_disks + regexp: 'HOSTNAME="cms-fa11.service.rug.nl"' + replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"' + backup: yes diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-group.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-group.yml new file mode 100644 index 0000000..c7046ec --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-group.yml @@ -0,0 +1,3 @@ +- group: + name: rugcms + state: present diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-keys.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-keys.yml new file mode 100644 index 0000000..3cbdaa8 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-keys.yml @@ -0,0 +1,7 @@ +- authorized_key: + user: rugcms + key: '{{ item }}' + state: present + with_items: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga' diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-profile.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-profile.yml new file mode 100644 index 0000000..c633a4a --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-profile.yml @@ -0,0 +1,6 @@ +- copy: + src: files/profile_rugcms + dest: /local_disk/.profile + owner: rugcms + group: rugcms + mode: 0700 diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-user.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-user.yml new file mode 100644 index 0000000..a9cc9fa --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-user.yml @@ -0,0 +1,6 @@ +- user: + name: rugcms + comment: "rugcms user" + state: present + group: rugcms + home: /local_disk diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/run-firewall.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/run-firewall.yml new file mode 100644 index 0000000..3a8fed8 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/run-firewall.yml @@ -0,0 +1 @@ +- script: chdir=/root/firewall firewall.sh diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/start-ntp.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/start-ntp.yml new file mode 100644 index 0000000..68f70c3 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/start-ntp.yml @@ -0,0 +1,4 @@ +- systemd: + name: ntpd.service + state: started + enabled: yes diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/start-services.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/start-services.yml new file mode 100644 index 0000000..9728492 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/start-services.yml @@ -0,0 +1,14 @@ +- systemd: + name: sshd.service + state: started + enabled: yes + +- systemd: + name: postfix.service + state: started + enabled: yes + +- systemd: + name: docker.service + state: started + enabled: yes diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/stealth-client.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/stealth-client.yml new file mode 100644 index 0000000..71df994 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/stealth-client.yml @@ -0,0 +1,15 @@ +- group: + name: kees + state: present + +- user: + name: kees + comment: "stealth user" + state: present + group: kees + home: /home/kees + +- authorized_key: + user: kees + key: 'ssh-dss AAAAB3NzaC1kc3MAAACBALg7GbHKk2jYPNXUgW69AKKnCALjroTtwCA0bt4zde1mavYNoQK8JY/pe4BSOQtsyo3JECYzmAZwoNbq8nJCh8ORf5tKs8njEykZ0n7BVWtCT/jh9EFPTFhFK864TdFVCvwtIafAL4kEVNvJ0wrJYa1mN/ds03HWliv+3Shj6x0dAAAAFQDxlwgId3zlrXiCfk3ciAHN5b2ScwAAAIEArZ3/Hg7FECh5Fjf7lnBQZW7sjG5OLZRJIZlj2/jYnvIRUrsN2XmebwO4Q5q7g7FLWlfbg+x2Lmv1OWf/zGd3U6aAx8M+d+nTWDtWpQNvcE99HlfOs9Q4Rzxx6ZOyaZn57lCva/nCmLe0DTPVB8rvocMmqe1r3n7/KgxxKttbWRUAAACAfH2y4JPt2AcVdHnHiibpQBtxK/9m6AEjsB/g02tMXHZletMs9jF6kGynan7xJqRqvWxkGS1ClHIUdt2uK6A6pbqOf2BwcBIxAdljLRrZOyvmW9KTqduHMemYv6xQnpNGb8moWq5V5FKiATvd/LB46O1zwZejJErfj70LRE98Hv4= stealth@operator' + state: present diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/stop-firewalld.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/stop-firewalld.yml new file mode 100644 index 0000000..8dc66c4 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/stop-firewalld.yml @@ -0,0 +1,3 @@ +- systemd: + name: firewalld.service + enabled: no diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/upgrade.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/upgrade.yml new file mode 100644 index 0000000..df7655f --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/upgrade.yml @@ -0,0 +1 @@ +- yum: name=* state=latest diff --git a/playbooks/rugcms-frontend-uitrol/rugcms-frontend_acc_prod.yml b/playbooks/rugcms-frontend-uitrol/rugcms-frontend_acc_prod.yml new file mode 100644 index 0000000..30b0ab6 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/rugcms-frontend_acc_prod.yml @@ -0,0 +1,8 @@ +--- +- hosts: new + + tasks: + - name: uitrol frontend + include_role: + name: frontend_acc_prod + diff --git a/playbooks/rugcms-frontend-uitrol/rugcms-frontend_test.yml b/playbooks/rugcms-frontend-uitrol/rugcms-frontend_test.yml new file mode 100644 index 0000000..bc17275 --- /dev/null +++ b/playbooks/rugcms-frontend-uitrol/rugcms-frontend_test.yml @@ -0,0 +1,8 @@ +--- +- hosts: cms-ft22 + + tasks: + - name: uitrol frontend + include_role: + name: frontend_test + diff --git a/playbooks/tivoli-client/ansible.cfg b/playbooks/tivoli-client/ansible.cfg new file mode 100644 index 0000000..b0e6dc3 --- /dev/null +++ b/playbooks/tivoli-client/ansible.cfg @@ -0,0 +1,5 @@ +[defaults] +hostfile = hosts +remote_user = root +private_key_file = /home/ger/.ssh/id_dsa +host_key_checking = false diff --git a/playbooks/tivoli-client/backup-client.yml b/playbooks/tivoli-client/backup-client.yml new file mode 100644 index 0000000..4cc40a4 --- /dev/null +++ b/playbooks/tivoli-client/backup-client.yml @@ -0,0 +1,8 @@ +--- +- hosts: stimmen + + tasks: + - name: uitrol tivoli client + include_role: + name: tivo + diff --git a/playbooks/tivoli-client/hosts b/playbooks/tivoli-client/hosts new file mode 100644 index 0000000..616c899 --- /dev/null +++ b/playbooks/tivoli-client/hosts @@ -0,0 +1,4 @@ +[backup-clients] + +stimmen ansible_host=stimmen.housing.rug.nl ansible_port=22 +cms-fp11 ansible_host=cms-fp11.service.rug.nl ansible_port=22 diff --git a/playbooks/tivoli-client/tivo/README.md b/playbooks/tivoli-client/tivo/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/playbooks/tivoli-client/tivo/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/playbooks/tivoli-client/tivo/defaults/main.yml b/playbooks/tivoli-client/tivo/defaults/main.yml new file mode 100644 index 0000000..99a99b6 --- /dev/null +++ b/playbooks/tivoli-client/tivo/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for tivo \ No newline at end of file diff --git a/playbooks/tivoli-client/tivo/files/8.1.4.0-TIV-TSMBAC-LinuxX86.tar b/playbooks/tivoli-client/tivo/files/8.1.4.0-TIV-TSMBAC-LinuxX86.tar new file mode 100644 index 0000000..6de5ba9 Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/8.1.4.0-TIV-TSMBAC-LinuxX86.tar differ diff --git a/playbooks/tivoli-client/tivo/files/README.htm b/playbooks/tivoli-client/tivo/files/README.htm new file mode 100644 index 0000000..9f1fac5 --- /dev/null +++ b/playbooks/tivoli-client/tivo/files/README.htm @@ -0,0 +1,267 @@ + + + + + + + + + + + + + + + + + + + + +IBM Spectrum Protect Backup-Archive Client Version 8.1.4 + +
+

IBM Spectrum Protect Backup-Archive +Client Version 8.1.4

+

Licensed Materials - Property of IBM

+ +

5725-W98
+5725-W99
+5725-X15

+ +

Copyright International Business Machines Corp. 2017.

+ +

US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP +Schedule Contract with IBM Corp.

+
+

Installation instructions

+

For installation instructions, see Installing the IBM Spectrum Protect™ backup-archive clients.

+
+

Release notes

+

For access to the product announcement, known issues, system requirements, installation +instructions, and updates, see Release notes for IBM Spectrum Protect Backup-Archive Client Version 8.1.

+
+

Readme files

+

Readme files for the IBM Spectrum Protect +V8.1 backup-archive client fix packs are available in the Support knowledge base when there is a fix +pack update.

+ +

For the latest updates, system requirements, known limitations, and the fix history for a fix +pack, see the Support knowledge base:

+ +

View IBM Spectrum Protect +V8.1 backup-archive client fix pack readme files

+ +

To view additional information about IBM +Spectrum Protect, see the online product documentation.

+
+
+
+ +
+

安装指示信息

+

有关安装指示信息,请参阅安装 IBM Spectrum Protect™ 备份/归档客户机

+
+

发行说明

+

要访问产品声明、已知问题、系统需求、安装指示信息和更新,请参阅 IBM Spectrum Protect 备份/归档客户机 V8.1 发行说明

+
+

自述文件

+

当存在修订包更新时,IBM Spectrum Protect V8.1 备份/归档客户机修订包的自述文件可在“支持”知识库中获取。

+ +

有关修订包的最新更新、系统需求、已知限制和修订历史记录,请参阅“支持”知识库:

+ +

View IBM Spectrum Protect +V8.1 备份/归档客户机修订包自述文件

+ +

要查看有关 IBM Spectrum Protect 的其他信息,请参阅联机产品文档

+
+ +
+

安裝指示

+

如需安裝指示,請參閱安裝 IBM Spectrum Protect™ 備份保存用戶端

+
+

版本注意事項

+

若要存取產品公告、已知問題、系統需求、安裝指示及更新項目,請參閱 IBM Spectrum Protect Backup-Archive Client 8.1 版版本注意事項

+
+

Readme 檔

+

具有修正套件更新項目時,IBM Spectrum Protect 8.1 版備份保存用戶端修正套件的 Readme 檔位於支援中心知識庫內。

+ +

如需修正套件的最新更新項目、系統需求、已知限制及修正歷程,請參閱支援中心知識庫:

+ +

檢閱 IBM Spectrum Protect 8.1 版備份保存用戶端修正套件 Readme 檔

+ +

若要檢視 IBM Spectrum Protect 的其他相關資訊,請參閱線上產品說明文件

+
+ +
+

Instructions d'installation

+

Pour obtenir des instructions sur l'installation, voir +Installation des clients de sauvegarde-archivage IBM Spectrum Protect.

+
+

Notes sur l'édition

+

Pour accéder à l'annonce du produit, consulter les problèmes recensés, la configuration système requise, les instructions d'installation et les mises à jour, voir les Notes sur l'édition du client de sauvegarde-archivage IBM Spectrum Protect version 8.1.

+
+

Fichiers Readme

+

Les fichiers Readme des groupes de correctifs du client de sauvegarde-archivage IBM Spectrum Protect +version 8.1 sont disponibles dans la base de connaissances du support +lorsqu'une mise à jour d'un groupe de correctifs est publiée.

+ +

Pour en savoir plus sur les dernières mises à jour, la configuration système requise, les limitations connues et l'historique des correctifs pour un groupe de correctifs, voir la base de connaissances du support :

+ +

Afficher les fichiers Readme des groupes de correctifs du client de sauvegarde-archivage IBM Spectrum Protect version 8.1

+ +

Pour consulter des informations supplémentaires sur IBM +Spectrum Protect, voir la documentation du produit en ligne.

+
+ +
+

Installationsanweisungen

+

Installationsanweisungen finden Sie in +IBM Spectrum +Protect-Clients für Sichern/Archivieren installieren.

+
+

Releaseinformationen

+

Für den Zugriff auf die Produktankündigung sowie auf bekannte Probleme, Systemvoraussetzungen, Installationsanweisungen und Aktualisierungen +lesen Sie die Releaseinformationen +für den IBM Spectrum Protect-Client für Sichern/Archivieren Version 8.1.

+
+

Readme-Dateien

+

Readme-Dateien für die Fixpacks des IBM Spectrum Protect-Clients für Sichern/Archivieren +Version 8.1 sind in der Unterstützungswissensbasis verfügbar, wenn eine Fixpackaktualisierung vorhanden ist.

+ +

Die neuesten Aktualisierungen, Systemvoraussetzungen und bekannten Einschränkungen sowie das Fixprotokoll für ein Fixpack finden Sie in der +Unterstützungswissensbasis:

+ +

Readme-Dateien für Fixpacks des +IBM Spectrum Protect-Clients für Sichern/Archivieren Version 8.1 anzeigen

+ +

Zusätzliche Informationen zu IBM Spectrum Protect finden Sie in der +Onlineproduktdokumentation.

+
+ +
+

Telepítési útmutatás

+

A telepítésre vonatkozó útmutatásokat az +IBM Spectrum +Protect mentési-archiválási ügyfelek telepítése című dokumentum tartalmazza.

+
+

Kiadási megjegyzések

+

A termékbejelentésekkel, ismert problémákkal, rendszerkövetelményekkel, telepítési +útmutatásokkal és frissítésekkel kapcsolatos információkat az +IBM +Spectrum Protect mentési-archiválási ügyfél V8.1 kiadási megjegyzések +tartalmazzák.

+
+

Readme fájlok

+

Az IBM Spectrum Protect +V8.1 mentési-archiválási ügyfél javítócsomagok readme fájljai a támogatási tudásbázisban érhetők el a frissítések megjelenésekor.

+ +

A frissítésekkel, rendszerkövetelményekkel, ismert korlátozásokkal és a javítócsomagok +előzményeivel kapcsolatos legfrissebb információkat a támogatási tudásbázis tartalmazza:

+ +

IBM Spectrum Protect +V8.1 mentési-archiválási ügyfél javítócsomag readme fájljainak megtekintése

+ +

Ha további információkra van szüksége az IBM +Spectrum Protect termékről, látogassa meg az +online +termékdokumentációt.

+
+ +
+

Instrukcje instalowania

+

Szczegółowe instrukcje instalowania zawiera sekcja Instalowanie +klientów kopii zapasowych i archiwalnych produktu IBM Spectrum Protect.

+
+

Uwagi do wydania

+

Aby uzyskać dostęp do ogłoszeń dostępności produktu, znanych problemów, wymagań systemowych, instrukcji instalowania oraz aktualizowania, zapoznaj się z dokumentem +Klient kopii zapasowych i archiwalnych produktu +IBM Spectrum Protect, wersja 8.1 - uwagi do wydania.

+
+

Pliki readme

+

Pliki readme dla pakietów poprawek klienta kopii zapasowych i archiwalnych produktu IBM Spectrum Protect 8.1 są umieszczane w bazie +wiedzy działu wsparcia po opublikowaniu pakietu.

+ +

Najnowsze aktualizacje, opis wymagań systemowych, znane ograniczenia oraz historia poprawek zostały umieszczone w bazie wiedzy działu wsparcia:

+ +

Wyświetl pliki readme pakietu poprawek klienta kopii zapasowych i archiwalnych produktu +IBM Spectrum Protect 8.1

+ +

Aby wyświetlić dodatkowe informacje na temat produktu IBM Spectrum Protect, przejdź do serwisu z +dokumentacją produktu.

+
+ +
+

Instruções de instalação

+

Para obter instruções de instalação, consulte Instalando +os clientes de backup-archive do IBM Spectrum Protect.

+
+

Notas sobre o Release

+

Para acessar o anúncio do produto, os problemas conhecidos, os requisitos do sistema, as instruções de instalação e as atualizações, consulte as +Notas +sobre a liberação do IBM Spectrum Protect Backup-Archive Client Versão 8.1.

+
+

Arquivos leia-me

+

Os arquivos leia-me dos fix packs do cliente de backup-archive do IBM Spectrum Protect +V8.1 estão disponíveis na base de conhecimento de suporte quando há uma atualização de fix pack.

+ +

Para ter acesso às atualizações mais recentes, aos requisitos do sistema, às limitações conhecidas e ao histórico de correções para um fix pack, consulte a base de conhecimento de suporte:

+ +

Visualizar +os arquivos leia-me do cliente de backup-archive do IBM Spectrum Protect V8.1

+ +

Para visualizar informações adicionais sobre o IBM +Spectrum Protect, consulte a documentação do produto on-line.

+
+ +
+

Инструкции по установке

+

Инструкции по установке смотрите в документе +Установка клиента резервного копирования и архивирования +IBM Spectrum Protect.

+
+

Замечания по выпуску

+

Чтобы получить доступ к объявлениям о продукте, информации об известных проблемах, требованиях к системе, инструкциям по установке и обновлениям, +смотрите документ +Замечания по выпуску +для клиента резервного копирования и архивирования IBM Spectrum Protect версии 8.1.

+
+

Ознакомительные файлы Readme

+

Файлы Readme для пакетов исправлений клиента резервного копирования и архивирования IBM Spectrum Protect V8.1 становятся +доступны в информационной базе службы поддержки, когда появляется обновление пакета исправлений.

+ +

Чтобы узнать о последних обновлениях, требованиях к системе, известных ограничениях и хронологии исправлений для пакета исправлений, смотрите +информационную базу службы поддержки:

+ +

Прочитать файлы Readme для пакета исправлений +клиента резервного копирования и архивирования IBM Spectrum Protect V8.1

+ +

Чтобы ознакомиться с дополнительной информацией по IBM Spectrum Protect, смотрите +электронную документацию по +продукту.

+
+ +
+

Instrucciones de instalación

+

Para obtener instrucciones de instalación, consulte Instalación de clientes de archivado y copia de seguridad de IBM Spectrum +Protect.

+
+

Notas del release

+

Para acceder al anuncio del producto, a los requisitos del sistema, a las instrucciones de instalación y actualizaciones, consulte las Notas del release para IBM Spectrum Protect Backup-Archive Client Versión 8.1.

+
+

Archivos léame

+

Los archivos léame para los fixpacks del cliente de archivado y copia de seguridad de IBM Spectrum Protect +V8.1 se encuentran disponibles en la base de conocimiento de soporte cuando hay una actualización de un fixpack.

+ +

Para conocer las actualizaciones, los requisitos de sistema, las limitaciones conocidas y el historial de arreglos para un fixpack, consulte la base de conocimiento de soporte:

+ +

Vista de los archivos léame del fixpack de cliente de archivado y copia de seguridad de IBM Spectrum Protect +V8.1

+ +

Para ver información adicional sobre IBM +Spectrum Protect, consulte la documentación de producto en línea.

+
+ + + \ No newline at end of file diff --git a/playbooks/tivoli-client/tivo/files/README_api.htm b/playbooks/tivoli-client/tivo/files/README_api.htm new file mode 100644 index 0000000..d2c02d1 --- /dev/null +++ b/playbooks/tivoli-client/tivo/files/README_api.htm @@ -0,0 +1,267 @@ + + + + + + + + + + + + + + + + + + + + +IBM Spectrum Protect Application Programming Interface Version 8.1.4 + +
+

IBM Spectrum Protect Application +Programming Interface Version 8.1.4

+

Licensed Materials - Property of IBM

+ +

5725-W98
+5725-W99
+5725-X15

+ +

Copyright International Business Machines Corp. 2017.

+ +

US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP +Schedule Contract with IBM Corp.

+
+

Installation instructions

+

For installation instructions, see Installing the API.

+
+

Release notes

+

For access to the product announcement, known issues, system requirements, installation +instructions, and updates, see Release notes for IBM Spectrum Protect™ Application Programming Interface Version 8.1.

+
+

Readme files

+

Readme files for the IBM Spectrum Protect +V8.1 API fix packs are available in the Support knowledge base when there is a fix pack update.

+ +

For the latest updates, system requirements, known limitations, and the fix history for a fix +pack, see the Support knowledge base:

+ +

View IBM Spectrum Protect +V8.1 API fix pack readme files

+ +

To view additional information about IBM +Spectrum Protect, see the online product documentation.

+
+
+
+ +
+

安装指示信息

+

有关安装指示信息,请参阅安装 API

+
+

发行说明

+

有关产品声明、已知问题、系统需求、安装指示信息和更新的访问权,请参阅 IBM Spectrum Protect™ 应用程序编程接口 V8.1 的发行说明

+
+

自述文件

+

当存在修订包更新时,“支持”知识库中提供了 IBM Spectrum Protect V8.1 API 修订包的自述文件。

+ +

有关修订包的最新更新、系统需求、已知限制和修订历史记录,请参阅“支持”知识库:

+ +

查看 IBM Spectrum Protect V8.1 API 修订包自述文件

+ +

要查看有关 IBM +Spectrum Protect 的其他信息,请参阅在线产品文档

+
+ +
+

安裝指示

+

如需安裝指示,請參閱安裝 API

+
+

版本注意事項

+

如需存取產品公告、已知問題、系統需求、安裝指示以及更新項目,請參閱 IBM Spectrum Protect™ 應用程式設計介面 8.1 版的版本注意事項

+
+

Readme 檔

+

當有修正套件更新時,會在支援中心知識庫中提供 IBM Spectrum Protect +8.1 版 API 修正套件的 Readme 檔。

+ +

如需修正套件的最新更新項目、系統需求、已知限制以及修正歷程,請參閱支援中心知識庫:

+ +

檢視 IBM Spectrum Protect +8.1 版 API 修正套件 Readme 檔

+ +

若要檢視 IBM +Spectrum Protect 的其他相關資訊,請參閱線上產品說明文件

+
+ +
+

Instructions d'installation

+

Pour obtenir des instructions sur l'installation, voir +Installation de l'API.

+
+

Notes sur l'édition

+

Pour accéder à l'annonce du produit, consulter les problèmes recensés, la configuration système requise, les instructions d'installation et les mises à jour, voir les Notes sur l'édition de l'API IBM Spectrum Protect version 8.1.

+
+

Fichiers Readme

+

Les fichiers Readme des groupes de correctifs de l'API IBM Spectrum Protect +version 8.1 sont disponibles dans la base de connaissances du support +lorsqu'une mise à jour d'un groupe de correctifs est publiée.

+ +

Pour en savoir plus sur les dernières mises à jour, la configuration système requise, les limitations connues et l'historique des correctifs pour un groupe de correctifs, voir la base de connaissances du support :

+ +

Afficher les fichiers Readme des groupes de correctifs de l'API IBM Spectrum Protect version 8.1

+ +

Pour consulter des informations supplémentaires sur IBM +Spectrum Protect, voir la documentation du produit en ligne.

+
+ +
+

Installationsanweisungen

+

Installationsanweisungen finden Sie in +API installieren.

+
+

Releaseinformationen

+

Für den Zugriff auf die Produktankündigung sowie auf bekannte Probleme, Systemvoraussetzungen, Installationsanweisungen und Aktualisierungen +lesen Sie die Releaseinformationen +für die IBM Spectrum Protect-Anwendungsprogrammierschnittstelle Version 8.1.

+
+

Readme-Dateien

+

Readme-Dateien für die Fixpacks der IBM Spectrum Protect-Anwendungsprogrammierschnittstelle +Version 8.1 sind in der Unterstützungswissensbasis verfügbar, wenn eine Fixpackaktualisierung vorhanden ist.

+ +

Die neuesten Aktualisierungen, Systemvoraussetzungen und bekannten Einschränkungen sowie das Fixprotokoll für ein Fixpack finden Sie in der +Unterstützungswissensbasis:

+ +

Readme-Dateien für Fixpacks der +IBM Spectrum Protect-Anwendungsprogrammierschnittstelle Version 8.1 anzeigen

+ +

Zusätzliche Informationen zu IBM Spectrum Protect finden Sie in der +Onlineproduktdokumentation.

+
+ +
+

Telepítési útmutatás

+

A telepítésre vonatkozó útmutatásokat az +API +telepítése című dokumentum tartalmazza.

+
+

Kiadási megjegyzések

+

A termékbejelentésekkel, ismert problémákkal, rendszerkövetelményekkel, telepítési +útmutatásokkal és frissítésekkel kapcsolatos információkat az +IBM +Spectrum Protect API V8.1 kiadási megjegyzések +tartalmazzák.

+
+

Readme fájlok

+

Az IBM Spectrum Protect +V8.1 API javítócsomagok readme fájljai a támogatási tudásbázisban érhetők el a frissítések megjelenésekor.

+ +

A frissítésekkel, rendszerkövetelményekkel, ismert korlátozásokkal és a javítócsomagok +előzményeivel kapcsolatos legfrissebb információkat a támogatási tudásbázis tartalmazza:

+ +

IBM Spectrum Protect +V8.1 API javítócsomag readme fájljainak megtekintése

+ +

Ha további információkra van szüksége az IBM +Spectrum Protect termékről, látogassa meg az +online +termékdokumentációt.

+
+ +
+

Instrukcje instalowania

+

Szczegółowe instrukcje instalowania zawiera sekcja +Instalowanie interfejsu API.

+
+

Uwagi do wydania

+

Aby uzyskać dostęp do ogłoszeń dostępności produktu, znanych problemów, wymagań systemowych, instrukcji instalowania oraz aktualizowania, zapoznaj się z dokumentem +Interfejs API produktu +IBM Spectrum Protect, wersja 8.1 - uwagi do wydania.

+
+

Pliki readme

+

Pliki readme dla pakietów poprawek interfejsu API produktu IBM Spectrum Protect 8.1 są umieszczane w bazie wiedzy działu wsparcia po +opublikowaniu pakietu.

+ +

Najnowsze aktualizacje, opis wymagań systemowych, znane ograniczenia oraz historia poprawek zostały umieszczone w bazie wiedzy działu wsparcia:

+ +

Wyświetl pliki readme pakietu poprawek interfejsu API produktu +IBM Spectrum Protect 8.1

+ +

Aby wyświetlić dodatkowe informacje na temat produktu IBM Spectrum Protect, przejdź do serwisu z +dokumentacją produktu.

+
+ +
+

Instruções de instalação

+

Para obter instruções de instalação, consulte Instalando a API.

+
+

Notas sobre o Release

+

Para acessar o anúncio do produto, os problemas conhecidos, os requisitos do sistema, as instruções de instalação e as atualizações, consulte as +Notas sobre a liberação do +IBM Spectrum Protect Application Programming Interface Versão 8.1.

+
+

Arquivos leia-me

+

Os arquivos leia-me dos fix packs da API do IBM Spectrum Protect +V8.1 estão disponíveis na base de conhecimento de suporte quando há uma atualização de fix pack.

+ +

Para ter acesso às atualizações mais recentes, aos requisitos do sistema, às limitações conhecidas e ao histórico de correções para um fix pack, consulte a base de conhecimento de suporte:

+ +

Visualizar os arquivos leia-me da API do +IBM Spectrum Protect V8.1

+ +

Para visualizar informações adicionais sobre o IBM +Spectrum Protect, consulte a documentação +do produto on-line.

+
+ +
+

Инструкции по установке

+

Инструкции по установке смотрите в документе +Установка API.

+
+

Замечания по выпуску

+

Чтобы получить доступ к объявлениям о продукте, информации об известных проблемах, требованиях к системе, инструкциям по установке и +обновлениям, смотрите документ +Замечания по +выпуску для интерфейса прикладного программирования (API) IBM Spectrum Protect версии +8.1.

+
+

Ознакомительные файлы Readme

+

Файлы Readme для пакетов исправлений API IBM Spectrum Protect +V8.1 становятся доступны в информационной базе службы поддержки, когда появляется обновление пакета исправлений.

+ +

Чтобы узнать о последних обновлениях, требованиях к системе, известных ограничениях и хронологии исправлений для пакета исправлений, смотрите +информационную базу службы поддержки:

+ +

Прочитать файлы Readme для пакета исправлений +API IBM Spectrum Protect V8.1

+ +

Чтобы ознакомиться с дополнительной информацией по IBM Spectrum Protect, смотрите +электронную документацию +по продукту.

+
+ +
+

Instrucciones de instalación

+

Para obtener las instrucciones de instalación, consulte Instalación de la API.

+
+

Notas del release

+

Para acceder al anuncio del producto, a los problemas conocidos, a los requisitos del sistema, a las instrucciones de instalación y actualizaciones, consulte las Notas del release de IBM Spectrum Protect Application Programming Interface Versión 8.1.

+
+

Archivos léame

+

Los archivos léame de los fixpacks de la API de IBM Spectrum Protect +V8.1 se encuentran disponibles en la base de conocimiento cuando haya una actualización de un fixpack.

+ +

Para conocer las actualizaciones, los requisitos de sistema, las limitaciones conocidas y el historial de fixpack más recientes, consulte la base de conocimiento de soporte:

+ +

Vista de los archivos de léame del fixpack de la API de IBM Spectrum Protect +V8.1

+ +

Para obtener información adicional sobre IBM +Spectrum Protect, consulte la documentación de producto en línea.

+
+ + + \ No newline at end of file diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-API64.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-API64.x86_64.rpm new file mode 100644 index 0000000..9151697 Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-API64.x86_64.rpm differ diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-APIcit.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-APIcit.x86_64.rpm new file mode 100644 index 0000000..50d0e6d Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-APIcit.x86_64.rpm differ diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-BA.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-BA.x86_64.rpm new file mode 100644 index 0000000..909cd79 Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-BA.x86_64.rpm differ diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-BAcit.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-BAcit.x86_64.rpm new file mode 100644 index 0000000..efbd31b Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-BAcit.x86_64.rpm differ diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-BAhdw.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-BAhdw.x86_64.rpm new file mode 100644 index 0000000..55c7020 Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-BAhdw.x86_64.rpm differ diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-JBB.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-JBB.x86_64.rpm new file mode 100644 index 0000000..c6ee0d9 Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-JBB.x86_64.rpm differ diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-filepath-8.1.4-0.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-filepath-8.1.4-0.x86_64.rpm new file mode 100644 index 0000000..afec4d3 Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-filepath-8.1.4-0.x86_64.rpm differ diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-filepath-source.tar.gz b/playbooks/tivoli-client/tivo/files/TIVsm-filepath-source.tar.gz new file mode 100644 index 0000000..524d734 Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-filepath-source.tar.gz differ diff --git a/playbooks/tivoli-client/tivo/files/dsm.opt b/playbooks/tivoli-client/tivo/files/dsm.opt new file mode 100644 index 0000000..96d6888 --- /dev/null +++ b/playbooks/tivoli-client/tivo/files/dsm.opt @@ -0,0 +1,2 @@ +SErvername RCBACKUP01 +Quiet diff --git a/playbooks/tivoli-client/tivo/files/dsm.sys b/playbooks/tivoli-client/tivo/files/dsm.sys new file mode 100644 index 0000000..0502cb1 --- /dev/null +++ b/playbooks/tivoli-client/tivo/files/dsm.sys @@ -0,0 +1,31 @@ +*** The following replication server connection information is automatically updated +*** These options should not be changed manually +REPLSERVERNAME RCBACKUP02 + REPLTCPSERVERADDRESS rcbackup02.service.rug.nl + REPLTCPPORT 1500 + REPLSERVERGUID 1e.d6.aa.86.46.2c.e8.11.ac.9a.50.9a.4c.ab.2d.e4 + REPLSSLPORT 1505 + +*** end of automatically updated options +SErvername RCBACKUP01 + *** The MYREPLICATIONServer and MYPRIMARYServername options are automatically updated and should not be changed manually + MYREPLICATIONServer RCBACKUP02 + MYPRIMARYServername RCBACKUP01 +COMMmethod TCPip +TCPPort 1500 +HTTPPORT 1581 +TCPServeraddress rcbackup01.service.rug.nl +SCHEDMODE PROMPTED +TCPBUFFSIZE 512 +TCPWINDOWSIZE 2048 +COMPRESSION NO +nodename peregrine +passwordaccess generate +users root backup +inclexcl /opt/tivoli/tsm/client/ba/bin/dsm.exclude +errorlogname /var/log/adsm/dsmerror.log +schedlogname /var/log/adsm/dsmsched.log +resourceutilization 10 +errorlogretention 14 +schedlogretention 14 +VIRTUALMOUNTPOINT /home diff --git a/playbooks/tivoli-client/tivo/files/gskcrypt64-8.0.50.78.linux.x86_64.rpm b/playbooks/tivoli-client/tivo/files/gskcrypt64-8.0.50.78.linux.x86_64.rpm new file mode 100644 index 0000000..4508854 Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/gskcrypt64-8.0.50.78.linux.x86_64.rpm differ diff --git a/playbooks/tivoli-client/tivo/files/gskssl64-8.0.50.78.linux.x86_64.rpm b/playbooks/tivoli-client/tivo/files/gskssl64-8.0.50.78.linux.x86_64.rpm new file mode 100644 index 0000000..b89272d Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/gskssl64-8.0.50.78.linux.x86_64.rpm differ diff --git a/playbooks/tivoli-client/tivo/handlers/main.yml b/playbooks/tivoli-client/tivo/handlers/main.yml new file mode 100644 index 0000000..41becaa --- /dev/null +++ b/playbooks/tivoli-client/tivo/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for tivo \ No newline at end of file diff --git a/playbooks/tivoli-client/tivo/meta/main.yml b/playbooks/tivoli-client/tivo/meta/main.yml new file mode 100644 index 0000000..7223799 --- /dev/null +++ b/playbooks/tivoli-client/tivo/meta/main.yml @@ -0,0 +1,57 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 1.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # platforms is a list of platforms, and each platform has a name and a list of versions. + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. \ No newline at end of file diff --git a/playbooks/tivoli-client/tivo/tasks/change-node-name.yml b/playbooks/tivoli-client/tivo/tasks/change-node-name.yml new file mode 100644 index 0000000..1e4de7d --- /dev/null +++ b/playbooks/tivoli-client/tivo/tasks/change-node-name.yml @@ -0,0 +1,5 @@ +- replace: + path: /opt/tivoli/tsm/client/ba/bin/dsm.sys + regexp: 'nodename' + replace: 'nodename="{{ ansible_hostname }}' + backup: yes diff --git a/playbooks/tivoli-client/tivo/tasks/copy-config.yml b/playbooks/tivoli-client/tivo/tasks/copy-config.yml new file mode 100644 index 0000000..6168343 --- /dev/null +++ b/playbooks/tivoli-client/tivo/tasks/copy-config.yml @@ -0,0 +1,13 @@ +- copy: + src: files/dsm.sys + dest: /opt/tivoli/tsm/client/ba/bin/dsm.sys_new + owner: root + mode: 0600 + force: no + +- copy: + src: files/dsm.opt + dest: /opt/tivoli/tsm/client/ba/bin/dsm.opt_new + owner: root + mode: 0600 + force: no diff --git a/playbooks/tivoli-client/tivo/tasks/copy-files.yml b/playbooks/tivoli-client/tivo/tasks/copy-files.yml new file mode 100644 index 0000000..a100b51 --- /dev/null +++ b/playbooks/tivoli-client/tivo/tasks/copy-files.yml @@ -0,0 +1,11 @@ +- file: path=/root/tivo state=directory + +- copy: + src: "{{ item }}" + dest: /root/tivo/ + owner: root + mode: 0600 + force: no + with_fileglob: + - files/* + diff --git a/playbooks/tivoli-client/tivo/tasks/install-rpms.yml b/playbooks/tivoli-client/tivo/tasks/install-rpms.yml new file mode 100644 index 0000000..42509c5 --- /dev/null +++ b/playbooks/tivoli-client/tivo/tasks/install-rpms.yml @@ -0,0 +1,13 @@ + - name: Find all rpm files in /tmp folder + find: + paths: "/root/tivo" + pattern: "*.rpm" + register: rpm_files + + - set_fact: + rpm_list: "{{ rpm_files.files | map(attribute='path') | list}}" + + - name: installing the rpm files + yum: + name: "{{rpm_list}}" + state: present diff --git a/playbooks/tivoli-client/tivo/tasks/main.yml b/playbooks/tivoli-client/tivo/tasks/main.yml new file mode 100644 index 0000000..53f22eb --- /dev/null +++ b/playbooks/tivoli-client/tivo/tasks/main.yml @@ -0,0 +1,6 @@ +--- +# tasks file for tivo + - include: copy-files.yml + - include: install-rpms.yml + - include: copy-config.yml + - include: change-node-name.yml diff --git a/playbooks/tivoli-client/tivo/tests/inventory b/playbooks/tivoli-client/tivo/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/playbooks/tivoli-client/tivo/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/playbooks/tivoli-client/tivo/tests/test.yml b/playbooks/tivoli-client/tivo/tests/test.yml new file mode 100644 index 0000000..2c50c21 --- /dev/null +++ b/playbooks/tivoli-client/tivo/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - tivo \ No newline at end of file diff --git a/playbooks/tivoli-client/tivo/vars/main.yml b/playbooks/tivoli-client/tivo/vars/main.yml new file mode 100644 index 0000000..56829a0 --- /dev/null +++ b/playbooks/tivoli-client/tivo/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for tivo \ No newline at end of file diff --git a/rugcms.yml b/rugcms.yml deleted file mode 100644 index 382fdf0..0000000 --- a/rugcms.yml +++ /dev/null @@ -1,123 +0,0 @@ -# catchall rugcms ansible uitrol script: -# -# - create rugcms group -# - create rugmcs user, lid van rugcms en homedir /local_disk -# - push ssh-keys rugcms user -# - copy .profile rugcms user -# - install packages -# - upgrade all rpms -# - disable selinux -# - disable firewalld -# - copy firewall.sh script -# - run firewall script -# - copy yum_debug_file for input on all installed packages -# - copy resolv.conf -# - copy sshd_conf -# -# Usage: $ ansible-playbook rugcms.yml ---- -- name: rugcms ansible - hosts: "{{ myhosts | default('acc')}}" - - tasks: - - group: - name: rugcms - state: present - - - user: - name: rugcms - comment: "rugcms user" - state: present - group: rugcms - home: /local_disk - - - authorized_key: - user: rugcms - key: '{{ item }}' - state: present - with_items: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga' - - - name: copy profile rugcms-user - copy: - src: files/profile_rugcms - dest: /local_disk/.profile - owner: rugcms - group: rugcms - mode: 0700 - - - - name: Install epel-repo - yum: name=epel-release state=latest - - - name: Install ntp package - yum: name=ntp state=latest - - - name: Install yum-utils - yum: name=yum-utils state=latest - - - name: disable selinux - selinux: state=disabled - - - name: start ntp service - systemd: - name: ntpd.service - state: started - enabled: yes - - - name: disable firewalld - systemd: - name: firewalld.service - enabled: no - - - name: copy firewall - copy: - src: files/firewall_acc.sh - dest: /root/firewall/firewall.sh - owner: root - group: root - mode: 0700 - - - script: chdir=/root/firewall firewall.sh - - - name: copy yum_debug_dump - copy: - src: files/yum_debug_dump.txt.gz - dest: /root/yum_debug_dump.txt.gz - owner: root - group: root - mode: 0600 - - - command: yum-debug-restore /root/yum_debug_dump.txt.gz - - - name: upgrade all packages - yum: name=* state=latest - - - name: copy /etc/resolv.conf - copy: - src: files/resolv.conf - dest: /etc/resolv.conf - owner: root - group: root - mode: 0644 - - - name: copy /etc/ssh/sshd_config - copy: - src: files/sshd_config - dest: /etc/ssh/sshd_config - owner: root - group: root - mode: 0600 - - - name: start sshd service - systemd: - name: sshd.service - state: started - enabled: yes - - - name: start postfix service - systemd: - name: postfix.service - state: started - enabled: yes