diff --git a/playbooks/rugcms-frontend-uitrol/ansible.cfg b/playbooks/rugcms-frontend-uitrol/ansible.cfg
new file mode 100644
index 0000000..b0e6dc3
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/ansible.cfg
@@ -0,0 +1,5 @@
+[defaults]
+hostfile = hosts
+remote_user = root
+private_key_file = /home/ger/.ssh/id_dsa
+host_key_checking = false
diff --git a/playbooks/rugcms-frontend-uitrol/hosts b/playbooks/rugcms-frontend-uitrol/hosts
new file mode 100644
index 0000000..45a76ab
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/hosts
@@ -0,0 +1,55 @@
+[rugcms]
+
+cms-ft11 ansible_host=cms-ft11.service.rug.nl ansible_port=22
+cms-ft12 ansible_host=cms-ft12.service.rug.nl ansible_port=22
+
+cms-ft21 ansible_host=cms-ft21.service.rug.nl ansible_port=22
+cms-ft22 ansible_host=cms-ft22.service.rug.nl ansible_port=22
+
+
+cms-fa11 ansible_host=cms-fa11.service.rug.nl ansible_port=22
+cms-fa12 ansible_host=cms-fa12.service.rug.nl ansible_port=22
+cms-fa13 ansible_host=cms-fa13.service.rug.nl ansible_port=22
+cms-fa14 ansible_host=cms-fa14.service.rug.nl ansible_port=22
+
+cms-fp11 ansible_host=cms-fp11.service.rug.nl ansible_port=22
+cms-fp12 ansible_host=cms-fp12.service.rug.nl ansible_port=22
+cms-fp13 ansible_host=cms-fp13.service.rug.nl ansible_port=22
+cms-fp14 ansible_host=cms-fp14.service.rug.nl ansible_port=22
+cms-fp15 ansible_host=cms-fp15.service.rug.nl ansible_port=22
+cms-fp16 ansible_host=cms-fp16.service.rug.nl ansible_port=22
+
+
+cms-fa21 ansible_host=cms-fa21.service.rug.nl ansible_port=22
+cms-fa22 ansible_host=cms-fa22.service.rug.nl ansible_port=22
+cms-fa23 ansible_host=cms-fa23.service.rug.nl ansible_port=22
+cms-fa24 ansible_host=cms-fa24.service.rug.nl ansible_port=22
+
+cms-fp21 ansible_host=cms-fp21.service.rug.nl ansible_port=22
+cms-fp22 ansible_host=cms-fp22.service.rug.nl ansible_port=22
+cms-fp23 ansible_host=cms-fp23.service.rug.nl ansible_port=22
+cms-fp24 ansible_host=cms-fp24.service.rug.nl ansible_port=22
+cms-fp25 ansible_host=cms-fp25.service.rug.nl ansible_port=22
+cms-fp26 ansible_host=cms-fp26.service.rug.nl ansible_port=22
+
+[acc-new]
+cms-fa[21:24]
+
+[prod]
+cms-fp[21:26]
+
+[test]
+cms-ft[21:22]
+
+[old-test]
+cms-ft[11:12]
+
+[old-acc]
+cms-fa[11:14]
+
+[old-prod]
+cms-fp[11:16]
+
+[new]
+cms-fa[21:24]
+cms-fp[21:26]
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/Lib_Utils-1.00-09.noarch.rpm b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/Lib_Utils-1.00-09.noarch.rpm
new file mode 100644
index 0000000..552732a
Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/Lib_Utils-1.00-09.noarch.rpm differ
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/MegaCli-8.04.07-1.noarch.rpm b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/MegaCli-8.04.07-1.noarch.rpm
new file mode 100644
index 0000000..b714a85
Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/MegaCli-8.04.07-1.noarch.rpm differ
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/firewall.sh b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/firewall.sh
new file mode 100644
index 0000000..0c4b596
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/firewall.sh
@@ -0,0 +1,227 @@
+#!/bin/bash
+
+# prevent SYNC-floods:
+echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+
+# initialize:
+iptables -F
+iptables -X
+iptables -Z
+
+# config default policy's:
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+
+iptables -N LOGDROP
+iptables -A LOGDROP -j LOG
+iptables -A LOGDROP -j DROP
+
+# kernel tweaks:
+/bin/echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+/bin/echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
+/bin/echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+/bin/echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
+/bin/echo 0 > /proc/sys/net/ipv4/ip_forward
+
+# allow loopback:
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A OUTPUT -o lo -j ACCEPT
+
+# allow asds.id.rug.nl
+iptables -A INPUT -i br0 -s 129.125.2.50 -j ACCEPT
+iptables -A OUTPUT -o br0 -d 129.125.2.50 -j ACCEPT
+
+# allow vlan933:
+iptables -A INPUT -i bond0.933 -j ACCEPT
+iptables -A OUTPUT -o bond0.933 -j ACCEPT
+
+# allow vlan934:
+iptables -A INPUT -i bond0.934 -j ACCEPT
+iptables -A OUTPUT -o bond0.934 -j ACCEPT
+#allow outbound to databases:
+
+iptables -A INPUT -p tcp -s 129.125.36.182 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.182 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.183 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.183 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.184 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.184 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.185 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.185 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.186 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.186 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.187 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.187 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.188 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.188 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.141 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.141 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.142 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.142 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.143 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.143 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.144 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.144 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.148 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.148 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.149 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.149 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.150 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.150 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.50.147 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.50.147 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.71 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.71 -j ACCEPT
+
+# allow munin-statieken-server:
+iptables -A INPUT -p tcp -s 129.125.50.91 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.50.91 -j ACCEPT
+
+# allow agenda:
+iptables -A INPUT -p tcp -s 129.125.2.116 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.2.116 -j ACCEPT
+
+# allow imap.google.com:
+iptables -A INPUT -p tcp -s 74.125.136/24 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 74.125.136/24 -j ACCEPT
+
+# allow imap.rug.nl:
+
+iptables -A INPUT -p tcp -s 129.125.2.81/32 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.2.81/32 -j ACCEPT
+
+# allow more google:
+iptables -A INPUT -p tcp -s 173.194.65.0/24 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 173.194.65.0/24 -j ACCEPT
+
+# new tcp packets sync packets:
+iptables -A INPUT -i br0 -p tcp ! --syn -m state --state NEW -j DROP
+
+# refuse loopback pacts incoming eth0:
+iptables -A INPUT -i br0 -d 127.0.0.0/8 -j DROP
+
+# allow dns outbound to/from DNS server:
+iptables -A INPUT -i br0 -p udp --sport 53 -j ACCEPT
+iptables -A OUTPUT -o br0 -p udp --dport 53 -j ACCEPT
+
+# allow www outbound to 80:
+iptables -A INPUT -i br0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o br0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# allow www outbound to 443:
+iptables -A INPUT -i br0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o br0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# allow smtp outbound:
+iptables -A INPUT -i br0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o br0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# allow ssh from BWP:
+iptables -A INPUT -i br0 -p tcp -s 129.125.249.0/24 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o br0 -p tcp -d 129.125.249.0/24 -m state --state ESTABLISHED -j ACCEPT
+
+# log/drop the rest:
+iptables -A INPUT -i br0 -s 129.125.0.0/16 -d 129.125.36.121/32 -j LOGDROP
+
+#zabbix monitorings
+iptables -A INPUT -i br0 -s 129.125.50.238 -j ACCEPT
+iptables -A OUTPUT -o br0 -d 129.125.50.238 -j ACCEPT
+
+# allow 9080 inbound:
+iptables -A INPUT -i br0 -p tcp --dport 9080 -j ACCEPT
+iptables -A OUTPUT -o br0 -p tcp --sport 9080 -j ACCEPT
+
+# allow 2222 inbound:
+iptables -A INPUT -i br0 -p tcp -s 129.125.249.0/24 --dport 2222 -j ACCEPT
+iptables -A OUTPUT -o br0 -p tcp -d 129.125.249.0/24 --sport 2222 -j ACCEPT
+
+# inbound gadgets:
+iptables -A INPUT -i br0 -p tcp -m state --state ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o br0 -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# allow from operator:
+iptables -A INPUT -i br0 -s 129.125.50.41/32 -j ACCEPT
+iptables -A OUTPUT -o br0 -d 129.125.50.41/32 -j ACCEPT
+
+# allow from/to ldap:
+iptables -A INPUT -i br0 -s 129.125.68.50/32 -j ACCEPT
+iptables -A OUTPUT -o br0 -d 129.125.68.50/32 -j ACCEPT
+
+# ldaps outbound:
+iptables -A INPUT -i br0 -p tcp --sport 636 -m state --state ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o br0 -p tcp --dport 636 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# allow nfs:
+iptables -A INPUT -i br0 -s 129.125.50.171/32 -j ACCEPT
+iptables -A OUTPUT -o br0 -d 129.125.50.171/32 -j ACCEPT
+
+
+# allow ntp
+iptables -A INPUT -i br0 -p tcp --sport 123 -j ACCEPT
+iptables -A OUTPUT -o br0 -p tcp --dport 123 -j ACCEPT
+iptables -A INPUT -i br0 -p udp --sport 123 -j ACCEPT
+iptables -A OUTPUT -o br0 -p udp --dport 123 -j ACCEPT
+
+# allow charanga:
+iptables -A INPUT -i br0 -p tcp -s 129.125.60.94/32 --dport 22 -j ACCEPT
+iptables -A OUTPUT -o br0 -p tcp -d 129.125.60.94/32 --sport 22 -j ACCEPT
+
+# charanga 129.125.60.94 port 2222:
+iptables -A INPUT -i br0 -p tcp -s 129.125.60.94/32 --dport 2222 -j ACCEPT
+iptables -A OUTPUT -o br0 -p tcp -d 129.125.60.94/32 --sport 2222 -j ACCEPT
+
+
+# allow imaps:
+iptables -A INPUT -p tcp --sport 993 -j ACCEPT
+iptables -A OUTPUT -p tcp --dport 993 -j ACCEPT
+
+# Flush & default
+ip6tables -F INPUT
+ip6tables -F OUTPUT
+ip6tables -F FORWARD
+
+# setup log-chain:
+ip6tables -N LOGREJECT
+ip6tables -A LOGREJECT -j LOG
+ip6tables -A LOGREJECT -j REJECT
+
+# Set the default policy to drop
+ip6tables -P INPUT DROP
+ip6tables -P OUTPUT DROP
+ip6tables -P FORWARD DROP
+
+# rules:
+ip6tables -A INPUT -i lo -j ACCEPT
+ip6tables -A INPUT -j REJECT
+ip6tables -A OUTPUT -j REJECT
+
+# allow ganglia-statieken-server:
+iptables -A INPUT -p tcp -s 129.125.60.89 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.60.89 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.191 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.191 -j ACCEPT
+
+# open up port 9100 prometues:
+iptables -A INPUT -i br0 -p tcp -s 129.125.2.233/32 --dport 9100 -j ACCEPT
+iptables -A OUTPUT -o br0 -p tcp -d 129.125.2.233/32 --sport 9100 -j ACCEPT
+
+# allow icmp:
+iptables -A INPUT -p icmp -j ACCEPT
+iptables -A OUTPUT -p icmp -j ACCEPT
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/megaclisas-status b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/megaclisas-status
new file mode 100755
index 0000000..d295d37
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/megaclisas-status
@@ -0,0 +1,209 @@
+#!/usr/bin/python
+
+import os
+import re
+import sys
+
+binarypath = "/usr/sbin/megacli"
+
+if len(sys.argv) > 2:
+ print 'Usage: megaclisas-status [--nagios]'
+ sys.exit(1)
+
+nagiosmode=False
+nagiosoutput=''
+nagiosgoodarray=0
+nagiosbadarray=0
+nagiosgooddisk=0
+nagiosbaddisk=0
+
+# Check command line arguments to enable nagios or not
+if len(sys.argv) > 1:
+ if sys.argv[1] == '--nagios':
+ nagiosmode=True
+ else:
+ print 'Usage: megaclisas-status [-nagios]'
+ sys.exit(1)
+
+# Check binary exists (and +x), if not print an error message
+# or return UNKNOWN nagios error code
+if os.path.exists(binarypath) and os.access(binarypath, os.X_OK):
+ pass
+else:
+ if nagiosmode:
+ print 'UNKNOWN - Cannot find '+binarypath
+ else:
+ print 'Cannot find '+binarypath+'. Please install it.'
+ sys.exit(3)
+
+# Get command output
+def getOutput(cmd):
+ output = os.popen(cmd)
+ lines = []
+ for line in output:
+ if not re.match(r'^$',line.strip()):
+ lines.append(line.strip())
+ return lines
+
+def returnControllerNumber(output):
+ for line in output:
+ if re.match(r'^Controller Count.*$',line.strip()):
+ return int(line.split(':')[1].strip().strip('.'))
+
+def returnControllerModel(output):
+ for line in output:
+ if re.match(r'^Product Name.*$',line.strip()):
+ return line.split(':')[1].strip()
+
+def returnArrayNumber(output):
+ i = 0
+ for line in output:
+ if re.match(r'^Number of Virtual (Disk|Drive).*$',line.strip()):
+ i = line.strip().split(':')[1].strip()
+ return i
+
+def returnArrayInfo(output,controllerid,arrayid):
+ id = 'c'+str(controllerid)+'u'+str(arrayid)
+ operationlinennumber = False
+ linenumber = 0
+
+ for line in output:
+ if re.match(r'Number Of Drives\s*((per span))?:.*[0-9]+$',line.strip()):
+ ldpdcount = line.split(':')[1].strip()
+ if re.match(r'Span Depth *:.*[0-9]+$',line.strip()):
+ spandepth = line.split(':')[1].strip()
+ if re.match(r'^RAID Level\s*:.*$',line.strip()):
+ raidlevel = line.strip().split(':')[1].split(',')[0].split('-')[1].strip()
+ type = 'RAID' + raidlevel
+ if re.match(r'^Size\s*:.*$',line.strip()):
+ # Size reported in MB
+ if re.match(r'^.*MB$',line.strip().split(':')[1]):
+ size = line.strip().split(':')[1].strip('MB').strip()
+ size = str(int(round((float(size) / 1000))))+'G'
+ # Size reported in TB
+ elif re.match(r'^.*TB$',line.strip().split(':')[1]):
+ size = line.strip().split(':')[1].strip('TB').strip()
+ size = str(int(round((float(size) * 1000))))+'G'
+ # Size reported in GB (default)
+ else:
+ size = line.strip().split(':')[1].strip('GB').strip()
+ size = str(int(round((float(size)))))+'G'
+ if re.match(r'^State\s*:.*$',line.strip()):
+ state = line.strip().split(':')[1].strip()
+ if re.match(r'^Ongoing Progresses\s*:.*$',line.strip()):
+ operationlinennumber = linenumber
+ linenumber += 1
+ if operationlinennumber:
+ inprogress = output[operationlinennumber+1]
+ else:
+ inprogress = 'None'
+
+ if ldpdcount and (int(spandepth) > 1):
+ ldpdcount = int(ldpdcount) * int(spandepth)
+ if int(raidlevel) < 10:
+ type = type + "0"
+
+ return [id,type,size,state,inprogress]
+
+def returnDiskInfo(output,controllerid):
+ arrayid = False
+ diskid = False
+ table = []
+ state = 'undef'
+ model = 'undef'
+ for line in output:
+ if re.match(r'^Virtual (Disk|Drive): [0-9]+.*$',line.strip()):
+ arrayid = line.split('(')[0].split(':')[1].strip()
+ if re.match(r'Firmware state: .*$',line.strip()):
+ state = line.split(':')[1].strip()
+ if re.match(r'Inquiry Data: .*$',line.strip()):
+ model = line.split(':')[1].strip()
+ model = re.sub(' +', ' ', model)
+ if re.match(r'PD: [0-9]+ Information.*$',line.strip()):
+ diskid = line.split()[1].strip()
+
+ if arrayid != False and state != 'undef' and model != 'undef' and diskid != False:
+ table.append([str(arrayid), str(diskid), state, model])
+ state = 'undef'
+ model = 'undef'
+
+ return table
+
+cmd = binarypath+' -adpCount -NoLog'
+output = getOutput(cmd)
+controllernumber = returnControllerNumber(output)
+
+bad = False
+
+# List available controller
+if not nagiosmode:
+ print '-- Controller informations --'
+ print '-- ID | Model'
+ controllerid = 0
+ while controllerid < controllernumber:
+ cmd = binarypath+' -AdpAllInfo -a'+str(controllerid)+' -NoLog'
+ output = getOutput(cmd)
+ controllermodel = returnControllerModel(output)
+ print 'c'+str(controllerid)+' | '+controllermodel
+ controllerid += 1
+ print ''
+
+controllerid = 0
+if not nagiosmode:
+ print '-- Arrays informations --'
+ print '-- ID | Type | Size | Status | InProgress'
+
+while controllerid < controllernumber:
+ arrayid = 0
+ cmd = binarypath+' -LdGetNum -a'+str(controllerid)+' -NoLog'
+ output = getOutput(cmd)
+ arraynumber = returnArrayNumber(output)
+ while arrayid < int(arraynumber):
+ cmd = binarypath+' -LDInfo -l'+str(arrayid)+' -a'+str(controllerid)+' -NoLog'
+ output = getOutput(cmd)
+ arrayinfo = returnArrayInfo(output,controllerid,arrayid)
+ if not nagiosmode:
+ print arrayinfo[0]+' | '+arrayinfo[1]+' | '+arrayinfo[2]+' | '+arrayinfo[3]+' | '+arrayinfo[4]
+ if not arrayinfo[3] == 'Optimal':
+ bad = True
+ nagiosbadarray=nagiosbadarray+1
+ else:
+ nagiosgoodarray=nagiosgoodarray+1
+ arrayid += 1
+ controllerid += 1
+if not nagiosmode:
+ print ''
+
+if not nagiosmode:
+ print '-- Disks informations'
+ print '-- ID | Model | Status'
+
+controllerid = 0
+while controllerid < controllernumber:
+ arrayid = 0
+ cmd = binarypath+' -LDInfo -lall -a'+str(controllerid)+' -NoLog'
+ output = getOutput(cmd)
+ cmd = binarypath+' -LdPdInfo -a'+str(controllerid)+' -NoLog'
+ output = getOutput(cmd)
+ arraydisk = returnDiskInfo(output,controllerid)
+ for array in arraydisk:
+ if not array[2] == 'Online' and not array[2] == 'Online, Spun Up':
+ bad=True
+ nagiosbaddisk=nagiosbaddisk+1
+ else:
+ nagiosgooddisk=nagiosgooddisk+1
+ if not nagiosmode:
+ print 'c'+str(controllerid)+'u'+array[0]+'p'+array[1]+' | '+array[3]+' | '+array[2]
+ controllerid += 1
+
+if nagiosmode:
+ if bad:
+ print 'RAID ERROR - Arrays: OK:'+str(nagiosgoodarray)+' Bad:'+str(nagiosbadarray)+' - Disks: OK:'+str(nagiosgooddisk)+' Bad:'+str(nagiosbaddisk)
+ sys.exit(2)
+ else:
+ print 'RAID OK - Arrays: OK:'+str(nagiosgoodarray)+' Bad:'+str(nagiosbadarray)+' - Disks: OK:'+str(nagiosgooddisk)+' Bad:'+str(nagiosbaddisk)
+else:
+ if bad:
+ print '\nThere is at least one disk/array in a NOT OPTIMAL state.'
+ sys.exit(1)
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa21 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa21
new file mode 100644
index 0000000..13a07c0
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa21
@@ -0,0 +1,10 @@
+
+
+ _____ ________ ____
+ ____ _____ ______ _/ ____\____ \_____ \/_ |
+_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ | |
+\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \ | |
+ \___ >__|_| /____ > |__| (____ /\_______ \|___|
+ \/ \/ \/ \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa22 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa22
new file mode 100644
index 0000000..d2b9adf
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa22
@@ -0,0 +1,10 @@
+
+
+ _____ ________ ________
+ ____ _____ ______ _/ ____\____ \_____ \\_____ \
+_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ / ____/
+\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \/ \
+ \___ >__|_| /____ > |__| (____ /\_______ \_______ \
+ \/ \/ \/ \/ \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa23 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa23
new file mode 100644
index 0000000..a361343
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa23
@@ -0,0 +1,9 @@
+
+
+ _____ ________ ________
+ ____ _____ ______ _/ ____\____ \_____ \ \_____ \
+_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ _(__ <
+\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \ / \
+ \___ >__|_| /____ > |__| (____ /\_______ \/______ /
+ \/ \/ \/ \/ \/ \/
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa24 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa24
new file mode 100644
index 0000000..f65ba23
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fa24
@@ -0,0 +1,9 @@
+
+
+ _____ ________ _____
+ ____ _____ ______ _/ ____\____ \_____ \ / | |
+_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ / | |_
+\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \/ ^ /
+ \___ >__|_| /____ > |__| (____ /\_______ \____ |
+ \/ \/ \/ \/ \/ |__|
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp21 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp21
new file mode 100644
index 0000000..99e066e
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp21
@@ -0,0 +1,10 @@
+
+
+ _____ ________ ____
+ ____ _____ ______ _/ ____\_____ \_____ \/_ |
+_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ | |
+\ \___| Y Y \\___ \ /_____/ | | | |_> > \ | |
+ \___ >__|_| /____ > |__| | __/\_______ \|___|
+ \/ \/ \/ |__| \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp22 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp22
new file mode 100644
index 0000000..027440e
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp22
@@ -0,0 +1,10 @@
+
+
+ _____ ________ ________
+ ____ _____ ______ _/ ____\_____ \_____ \\_____ \
+_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ / ____/
+\ \___| Y Y \\___ \ /_____/ | | | |_> > \/ \
+ \___ >__|_| /____ > |__| | __/\_______ \_______ \
+ \/ \/ \/ |__| \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp23 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp23
new file mode 100644
index 0000000..ed7dbf0
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp23
@@ -0,0 +1,10 @@
+
+
+ _____ ________ ________
+ ____ _____ ______ _/ ____\_____ \_____ \ \_____ \
+_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ _(__ <
+\ \___| Y Y \\___ \ /_____/ | | | |_> > \ / \
+ \___ >__|_| /____ > |__| | __/\_______ \/______ /
+ \/ \/ \/ |__| \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp24 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp24
new file mode 100644
index 0000000..986a4e2
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp24
@@ -0,0 +1,11 @@
+
+
+ _____ ________ _____
+ ____ _____ ______ _/ ____\_____ \_____ \ / | |
+_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ / | |_
+\ \___| Y Y \\___ \ /_____/ | | | |_> > \/ ^ /
+ \___ >__|_| /____ > |__| | __/\_______ \____ |
+ \/ \/ \/ |__| \/ |__|
+
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp25 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp25
new file mode 100644
index 0000000..2481ecc
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp25
@@ -0,0 +1,10 @@
+
+
+ _____ ________ .________
+ ____ _____ ______ _/ ____\_____ \_____ \ | ____/
+_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ |____ \
+\ \___| Y Y \\___ \ /_____/ | | | |_> > \ / \
+ \___ >__|_| /____ > |__| | __/\_______ \/______ /
+ \/ \/ \/ |__| \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp26 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp26
new file mode 100644
index 0000000..67287c3
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-fp26
@@ -0,0 +1,10 @@
+
+
+ _____ ________ ________
+ ____ _____ ______ _/ ____\_____ \_____ \/ _____/
+_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ __ \
+\ \___| Y Y \\___ \ /_____/ | | | |_> > \ |__\ \
+ \___ >__|_| /____ > |__| | __/\_______ \_____ /
+ \/ \/ \/ |__| \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-ft21 b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-ft21
new file mode 100644
index 0000000..03c0e21
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/motd.cms-ft21
@@ -0,0 +1,10 @@
+
+
+ _____ __ ________ ____
+ ____ _____ ______ _/ ____\/ |_\_____ \/_ |
+_/ ___\ / \ / ___/ ______ \ __\\ __\/ ____/ | |
+\ \___| Y Y \\___ \ /_____/ | | | | / \ | |
+ \___ >__|_| /____ > |__| |__| \_______ \|___|
+ \/ \/ \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/nagios.tar.gz b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/nagios.tar.gz
new file mode 100644
index 0000000..50709da
Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/nagios.tar.gz differ
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/profile_rugcms b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/profile_rugcms
new file mode 100644
index 0000000..7449235
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/profile_rugcms
@@ -0,0 +1,47 @@
+umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+ # include .bashrc if it exists
+ if [ -f "$HOME/.bashrc" ]; then
+ . "$HOME/.bashrc"
+ fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+ PATH="$HOME/bin:$PATH"
+fi
+
+EDITOR=nano
+export EDITOR
+
+JAVA_HOME=$HOME/software/java
+export JAVA_HOME
+
+PATH=$JAVA_HOME/bin:/usr/local/bin:/usr/bin:/usr/ccs/bin:$PATH
+export PATH
+
+RUGCMS_CLASSPATH=\
+$HOME/software/tomcat/lib/*:\
+$HOME/servers/tomcat-common/lib/*:\
+$HOME/servers/ucms-common/lib/ucms/*:\
+$HOME/servers/ucms-common/lib/xml/*:\
+$HOME/servers/ucms-common/lib/jackrabbit/*:\
+$HOME/servers/ucms-common/lib/apache/*:\
+$HOME/servers/ucms-common/lib/google/*:\
+$HOME/servers/ucms-common/lib/*
+export RUGCMS_CLASSPATH
+
+source $HOME/scripts/setClusterAndNode.sh
+
+if [[ $CLUSTER == 'test' ]]; then
+ PS1=$'\\[\\e[32;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
+elif [[ $CLUSTER == 'acceptation' ]]; then
+ PS1=$'\\[\\e[33;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
+elif [[ $CLUSTER == 'production' ]]; then
+ PS1=$'\\[\\e[31m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
+else
+ PS1=$'\\[\\e[35;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
+fi
+export PS1
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/resolv.conf b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/resolv.conf
new file mode 100644
index 0000000..33aac01
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/resolv.conf
@@ -0,0 +1,3 @@
+search service.rug.nl
+nameserver 129.125.4.6
+nameserer 8.8.8.8
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/sshd_config b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/sshd_config
new file mode 100644
index 0000000..b7c6fea
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/sshd_config
@@ -0,0 +1,139 @@
+# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options override the
+# default value.
+
+# If you want to change the port on a SELinux system, you have to tell
+# SELinux about this change.
+# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
+#
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+SyslogFacility AUTHPRIV
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin without-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+PasswordAuthentication yes
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+#KerberosUseKuserok yes
+
+# GSSAPI options
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials no
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+#GSSAPIEnablek5users no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
+# problems.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation sandbox
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#ShowPatchLevel no
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+
+# override default of no subsystems
+Subsystem sftp /usr/libexec/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# PermitTTY no
+# ForceCommand cvs server
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/yum_debug_dump.txt.gz b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/yum_debug_dump.txt.gz
new file mode 100644
index 0000000..2784e17
Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/files/yum_debug_dump.txt.gz differ
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/.main.yml.swp b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/.main.yml.swp
new file mode 100644
index 0000000..6b0aa3e
Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/.main.yml.swp differ
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-files.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-files.yml
new file mode 100644
index 0000000..40ca57f
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-files.yml
@@ -0,0 +1,34 @@
+- copy:
+ src: files/motd.{{ ansible_hostname }}
+ dest: /etc/motd
+ owner: root
+ group: root
+ mode: 0644
+
+- copy:
+ src: files/hosts
+ dest: /etc/hosts
+ owner: root
+ group: root
+ mode: 0644
+
+- copy:
+ src: files/sshd_config
+ dest: /etc/ssh/sshd_config
+ owner: root
+ group: root
+ mode: 0600
+
+- copy:
+ src: files/resolv.conf
+ dest: /etc/resolv.conf
+ owner: root
+ group: root
+ mode: 0644
+
+- copy:
+ src: files/yum_debug_dump.txt.gz
+ dest: /root/yum_debug_dump.txt.gz
+ owner: root
+ group: root
+ mode: 0600
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-firewall.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-firewall.yml
new file mode 100644
index 0000000..3d11dae
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-firewall.yml
@@ -0,0 +1,6 @@
+- copy:
+ src: files/firewall.sh
+ dest: /root/firewall/firewall.sh
+ owner: root
+ group: root
+ mode: 0700
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/disable-selinux.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/disable-selinux.yml
new file mode 100644
index 0000000..1c185e7
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/disable-selinux.yml
@@ -0,0 +1 @@
+- selinux: state=disabled
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/docker-netdata.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/docker-netdata.yml
new file mode 100644
index 0000000..6df67b6
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/docker-netdata.yml
@@ -0,0 +1,9 @@
+- docker_container:
+ name: netdata
+ image: titpetric/netdata
+ network_mode: host
+ hostname: "{{ ansible_hostname }}"
+ capabilities: SYS_PTRACE
+ state: started
+ volumes:
+ - /sys:/host/sys:ro
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/ger-user.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/ger-user.yml
new file mode 100644
index 0000000..c6d41e1
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/ger-user.yml
@@ -0,0 +1,6 @@
+- user:
+ name: ger
+ comment: "ger user"
+ state: present
+ group: rugcms
+ home: /home/ger
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-docker-py.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-docker-py.yml
new file mode 100644
index 0000000..499f41e
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-docker-py.yml
@@ -0,0 +1 @@
+- yum: name=python-docker-py state=latest
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-epel.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-epel.yml
new file mode 100644
index 0000000..039802e
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-epel.yml
@@ -0,0 +1 @@
+- yum: name=epel-release state=latest
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-ntp.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-ntp.yml
new file mode 100644
index 0000000..d82087f
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-ntp.yml
@@ -0,0 +1 @@
+- yum: name=ntp state=latest
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-yum-utils.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-yum-utils.yml
new file mode 100644
index 0000000..906f8df
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-yum-utils.yml
@@ -0,0 +1 @@
+- yum: name=yum-utils state=latest
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/main.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/main.yml
new file mode 100644
index 0000000..58f4839
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/main.yml
@@ -0,0 +1,21 @@
+ - include: rugcms-group.yml
+ - include: rugcms-user.yml
+ - include: rugcms-keys.yml
+ - include: rugcms-profile.yml
+ - include: rugcms-password.yml
+ - include: stealth-client.yml
+ - include: install-epel.yml
+ - include: install-ntp.yml
+ - include: install-yum-utils.yml
+ - include: install-docker-py.yml
+ - include: disable-selinux.yml
+ - include: start-ntp.yml
+ - include: stop-firewalld.yml
+ - include: copy-firewall.yml
+ - include: run-firewall.yml
+ - include: nagios-client.yml
+ - include: mega-cli.yml
+ - include: copy-files.yml
+ - include: start-services.yml
+ - include: docker-netdata.yml
+ - include: upgrade.yml
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/mega-cli.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/mega-cli.yml
new file mode 100644
index 0000000..f10a8f9
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/mega-cli.yml
@@ -0,0 +1,27 @@
+- copy:
+ src: files/Lib_Utils-1.00-09.noarch.rpm
+ dest: /tmp/Lib_Utils-1.00-09.noarch.rpm
+
+- yum:
+ name: /tmp/Lib_Utils-1.00-09.noarch.rpm
+ state: present
+
+- copy:
+ src: files/MegaCli-8.04.07-1.noarch.rpm
+ dest: /tmp/MegaCli-8.04.07-1.noarch.rpm
+
+- yum:
+ name: /tmp/MegaCli-8.04.07-1.noarch.rpm
+ state: present
+
+- copy:
+ src: files/megaclisas-status
+ dest: /usr/sbin/megaclisas-status
+ owner: root
+ group: root
+ mode: 0700
+
+- file:
+ src: /opt/MegaRAID/MegaCli/MegaCli64
+ dest: /usr/sbin/megacli
+ state: link
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/nagios-client.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/nagios-client.yml
new file mode 100644
index 0000000..fc1b65a
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/nagios-client.yml
@@ -0,0 +1,42 @@
+
+ - file: path=/nagios state=directory
+
+ - unarchive:
+ src: files/nagios.tar.gz
+ dest: /nagios
+
+ - cron:
+ name: "check disk full"
+ minute: "00,10,20,30,40,50"
+ hour: "*"
+ job: "/nagios/cron/check_disk"
+
+ - cron:
+ name: "check disk ok"
+ minute: "00,10,20,30,40,50"
+ hour: "*"
+ job: "/nagios/cron/check_disks"
+
+ - cron:
+ name: "check firewall"
+ minute: "00,10,20,30,40,50"
+ hour: "*"
+ job: "/nagios/cron/check_iptables"
+
+ - replace:
+ path: /nagios/cron/check_iptables
+ regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
+ replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
+ backup: yes
+
+ - replace:
+ path: /nagios/cron/check_disk
+ regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
+ replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
+ backup: yes
+
+ - replace:
+ path: /nagios/cron/check_disks
+ regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
+ replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
+ backup: yes
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-group.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-group.yml
new file mode 100644
index 0000000..c7046ec
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-group.yml
@@ -0,0 +1,3 @@
+- group:
+ name: rugcms
+ state: present
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-keys.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-keys.yml
new file mode 100644
index 0000000..3cbdaa8
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-keys.yml
@@ -0,0 +1,7 @@
+- authorized_key:
+ user: rugcms
+ key: '{{ item }}'
+ state: present
+ with_items:
+ - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl'
+ - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga'
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-profile.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-profile.yml
new file mode 100644
index 0000000..c633a4a
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-profile.yml
@@ -0,0 +1,6 @@
+- copy:
+ src: files/profile_rugcms
+ dest: /local_disk/.profile
+ owner: rugcms
+ group: rugcms
+ mode: 0700
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-user.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-user.yml
new file mode 100644
index 0000000..a9cc9fa
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-user.yml
@@ -0,0 +1,6 @@
+- user:
+ name: rugcms
+ comment: "rugcms user"
+ state: present
+ group: rugcms
+ home: /local_disk
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/run-firewall.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/run-firewall.yml
new file mode 100644
index 0000000..3a8fed8
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/run-firewall.yml
@@ -0,0 +1 @@
+- script: chdir=/root/firewall firewall.sh
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-ntp.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-ntp.yml
new file mode 100644
index 0000000..68f70c3
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-ntp.yml
@@ -0,0 +1,4 @@
+- systemd:
+ name: ntpd.service
+ state: started
+ enabled: yes
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-services.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-services.yml
new file mode 100644
index 0000000..9728492
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-services.yml
@@ -0,0 +1,14 @@
+- systemd:
+ name: sshd.service
+ state: started
+ enabled: yes
+
+- systemd:
+ name: postfix.service
+ state: started
+ enabled: yes
+
+- systemd:
+ name: docker.service
+ state: started
+ enabled: yes
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stealth-client.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stealth-client.yml
new file mode 100644
index 0000000..71df994
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stealth-client.yml
@@ -0,0 +1,15 @@
+- group:
+ name: kees
+ state: present
+
+- user:
+ name: kees
+ comment: "stealth user"
+ state: present
+ group: kees
+ home: /home/kees
+
+- authorized_key:
+ user: kees
+ key: 'ssh-dss AAAAB3NzaC1kc3MAAACBALg7GbHKk2jYPNXUgW69AKKnCALjroTtwCA0bt4zde1mavYNoQK8JY/pe4BSOQtsyo3JECYzmAZwoNbq8nJCh8ORf5tKs8njEykZ0n7BVWtCT/jh9EFPTFhFK864TdFVCvwtIafAL4kEVNvJ0wrJYa1mN/ds03HWliv+3Shj6x0dAAAAFQDxlwgId3zlrXiCfk3ciAHN5b2ScwAAAIEArZ3/Hg7FECh5Fjf7lnBQZW7sjG5OLZRJIZlj2/jYnvIRUrsN2XmebwO4Q5q7g7FLWlfbg+x2Lmv1OWf/zGd3U6aAx8M+d+nTWDtWpQNvcE99HlfOs9Q4Rzxx6ZOyaZn57lCva/nCmLe0DTPVB8rvocMmqe1r3n7/KgxxKttbWRUAAACAfH2y4JPt2AcVdHnHiibpQBtxK/9m6AEjsB/g02tMXHZletMs9jF6kGynan7xJqRqvWxkGS1ClHIUdt2uK6A6pbqOf2BwcBIxAdljLRrZOyvmW9KTqduHMemYv6xQnpNGb8moWq5V5FKiATvd/LB46O1zwZejJErfj70LRE98Hv4= stealth@operator'
+ state: present
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stop-firewalld.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stop-firewalld.yml
new file mode 100644
index 0000000..8dc66c4
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stop-firewalld.yml
@@ -0,0 +1,3 @@
+- systemd:
+ name: firewalld.service
+ enabled: no
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/upgrade.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/upgrade.yml
new file mode 100644
index 0000000..df7655f
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/upgrade.yml
@@ -0,0 +1 @@
+- yum: name=* state=latest
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/Lib_Utils-1.00-09.noarch.rpm b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/Lib_Utils-1.00-09.noarch.rpm
new file mode 100644
index 0000000..552732a
Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/Lib_Utils-1.00-09.noarch.rpm differ
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/MegaCli-8.04.07-1.noarch.rpm b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/MegaCli-8.04.07-1.noarch.rpm
new file mode 100644
index 0000000..b714a85
Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/MegaCli-8.04.07-1.noarch.rpm differ
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/firewall.sh b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/firewall.sh
new file mode 100644
index 0000000..8b1f4ee
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/firewall.sh
@@ -0,0 +1,227 @@
+#!/bin/bash
+
+# prevent SYNC-floods:
+echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+
+# initialize:
+iptables -F
+iptables -X
+iptables -Z
+
+# config default policy's:
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+
+iptables -N LOGDROP
+iptables -A LOGDROP -j LOG
+iptables -A LOGDROP -j DROP
+
+# kernel tweaks:
+/bin/echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+/bin/echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
+/bin/echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+/bin/echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
+/bin/echo 0 > /proc/sys/net/ipv4/ip_forward
+
+# allow loopback:
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A OUTPUT -o lo -j ACCEPT
+
+# allow asds.id.rug.nl
+iptables -A INPUT -i eth0 -s 129.125.2.50 -j ACCEPT
+iptables -A OUTPUT -o eth0 -d 129.125.2.50 -j ACCEPT
+
+# allow vlan933:
+iptables -A INPUT -i bond0.933 -j ACCEPT
+iptables -A OUTPUT -o bond0.933 -j ACCEPT
+
+# allow vlan934:
+iptables -A INPUT -i bond0.934 -j ACCEPT
+iptables -A OUTPUT -o bond0.934 -j ACCEPT
+#allow outbound to databases:
+
+iptables -A INPUT -p tcp -s 129.125.36.182 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.182 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.183 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.183 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.184 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.184 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.185 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.185 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.186 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.186 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.187 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.187 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.188 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.188 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.141 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.141 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.142 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.142 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.143 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.143 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.144 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.144 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.148 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.148 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.149 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.149 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.150 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.150 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.50.147 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.50.147 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.71 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.71 -j ACCEPT
+
+# allow munin-statieken-server:
+iptables -A INPUT -p tcp -s 129.125.50.91 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.50.91 -j ACCEPT
+
+# allow agenda:
+iptables -A INPUT -p tcp -s 129.125.2.116 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.2.116 -j ACCEPT
+
+# allow imap.google.com:
+iptables -A INPUT -p tcp -s 74.125.136/24 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 74.125.136/24 -j ACCEPT
+
+# allow imap.rug.nl:
+
+iptables -A INPUT -p tcp -s 129.125.2.81/32 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.2.81/32 -j ACCEPT
+
+# allow more google:
+iptables -A INPUT -p tcp -s 173.194.65.0/24 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 173.194.65.0/24 -j ACCEPT
+
+# new tcp packets sync packets:
+iptables -A INPUT -i eth0 -p tcp ! --syn -m state --state NEW -j DROP
+
+# refuse loopback pacts incoming eth0:
+iptables -A INPUT -i eth0 -d 127.0.0.0/8 -j DROP
+
+# allow dns outbound to/from DNS server:
+iptables -A INPUT -i eth0 -p udp --sport 53 -j ACCEPT
+iptables -A OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
+
+# allow www outbound to 80:
+iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# allow www outbound to 443:
+iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# allow smtp outbound:
+iptables -A INPUT -i eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# allow ssh from BWP:
+iptables -A INPUT -i eth0 -p tcp -s 129.125.249.0/24 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp -d 129.125.249.0/24 -m state --state ESTABLISHED -j ACCEPT
+
+# log/drop the rest:
+iptables -A INPUT -i eth0 -s 129.125.0.0/16 -d 129.125.36.121/32 -j LOGDROP
+
+#zabbix monitorings
+iptables -A INPUT -i eth0 -s 129.125.50.238 -j ACCEPT
+iptables -A OUTPUT -o eth0 -d 129.125.50.238 -j ACCEPT
+
+# allow 9080 inbound:
+iptables -A INPUT -i eth0 -p tcp --dport 9080 -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --sport 9080 -j ACCEPT
+
+# allow 2222 inbound:
+iptables -A INPUT -i eth0 -p tcp -s 129.125.249.0/24 --dport 2222 -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp -d 129.125.249.0/24 --sport 2222 -j ACCEPT
+
+# inbound gadgets:
+iptables -A INPUT -i eth0 -p tcp -m state --state ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# allow from operator:
+iptables -A INPUT -i eth0 -s 129.125.50.41/32 -j ACCEPT
+iptables -A OUTPUT -o eth0 -d 129.125.50.41/32 -j ACCEPT
+
+# allow from/to ldap:
+iptables -A INPUT -i eth0 -s 129.125.68.50/32 -j ACCEPT
+iptables -A OUTPUT -o eth0 -d 129.125.68.50/32 -j ACCEPT
+
+# ldaps outbound:
+iptables -A INPUT -i eth0 -p tcp --sport 636 -m state --state ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --dport 636 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# allow nfs:
+iptables -A INPUT -i eth0 -s 129.125.50.171/32 -j ACCEPT
+iptables -A OUTPUT -o eth0 -d 129.125.50.171/32 -j ACCEPT
+
+
+# allow ntp
+iptables -A INPUT -i eth0 -p tcp --sport 123 -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --dport 123 -j ACCEPT
+iptables -A INPUT -i eth0 -p udp --sport 123 -j ACCEPT
+iptables -A OUTPUT -o eth0 -p udp --dport 123 -j ACCEPT
+
+# allow charanga:
+iptables -A INPUT -i eth0 -p tcp -s 129.125.60.94/32 --dport 22 -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp -d 129.125.60.94/32 --sport 22 -j ACCEPT
+
+# charanga 129.125.60.94 port 2222:
+iptables -A INPUT -i eth0 -p tcp -s 129.125.60.94/32 --dport 2222 -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp -d 129.125.60.94/32 --sport 2222 -j ACCEPT
+
+
+# allow imaps:
+iptables -A INPUT -p tcp --sport 993 -j ACCEPT
+iptables -A OUTPUT -p tcp --dport 993 -j ACCEPT
+
+# Flush & default
+ip6tables -F INPUT
+ip6tables -F OUTPUT
+ip6tables -F FORWARD
+
+# setup log-chain:
+ip6tables -N LOGREJECT
+ip6tables -A LOGREJECT -j LOG
+ip6tables -A LOGREJECT -j REJECT
+
+# Set the default policy to drop
+ip6tables -P INPUT DROP
+ip6tables -P OUTPUT DROP
+ip6tables -P FORWARD DROP
+
+# rules:
+ip6tables -A INPUT -i lo -j ACCEPT
+ip6tables -A INPUT -j REJECT
+ip6tables -A OUTPUT -j REJECT
+
+# allow ganglia-statieken-server:
+iptables -A INPUT -p tcp -s 129.125.60.89 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.60.89 -j ACCEPT
+
+iptables -A INPUT -p tcp -s 129.125.36.191 -j ACCEPT
+iptables -A OUTPUT -p tcp -d 129.125.36.191 -j ACCEPT
+
+# open up port 9100 prometues:
+iptables -A INPUT -i eth0 -p tcp -s 129.125.2.233/32 --dport 9100 -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp -d 129.125.2.233/32 --sport 9100 -j ACCEPT
+
+# allow icmp:
+iptables -A INPUT -p icmp -j ACCEPT
+iptables -A OUTPUT -p icmp -j ACCEPT
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/megaclisas-status b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/megaclisas-status
new file mode 100755
index 0000000..d295d37
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/megaclisas-status
@@ -0,0 +1,209 @@
+#!/usr/bin/python
+
+import os
+import re
+import sys
+
+binarypath = "/usr/sbin/megacli"
+
+if len(sys.argv) > 2:
+ print 'Usage: megaclisas-status [--nagios]'
+ sys.exit(1)
+
+nagiosmode=False
+nagiosoutput=''
+nagiosgoodarray=0
+nagiosbadarray=0
+nagiosgooddisk=0
+nagiosbaddisk=0
+
+# Check command line arguments to enable nagios or not
+if len(sys.argv) > 1:
+ if sys.argv[1] == '--nagios':
+ nagiosmode=True
+ else:
+ print 'Usage: megaclisas-status [-nagios]'
+ sys.exit(1)
+
+# Check binary exists (and +x), if not print an error message
+# or return UNKNOWN nagios error code
+if os.path.exists(binarypath) and os.access(binarypath, os.X_OK):
+ pass
+else:
+ if nagiosmode:
+ print 'UNKNOWN - Cannot find '+binarypath
+ else:
+ print 'Cannot find '+binarypath+'. Please install it.'
+ sys.exit(3)
+
+# Get command output
+def getOutput(cmd):
+ output = os.popen(cmd)
+ lines = []
+ for line in output:
+ if not re.match(r'^$',line.strip()):
+ lines.append(line.strip())
+ return lines
+
+def returnControllerNumber(output):
+ for line in output:
+ if re.match(r'^Controller Count.*$',line.strip()):
+ return int(line.split(':')[1].strip().strip('.'))
+
+def returnControllerModel(output):
+ for line in output:
+ if re.match(r'^Product Name.*$',line.strip()):
+ return line.split(':')[1].strip()
+
+def returnArrayNumber(output):
+ i = 0
+ for line in output:
+ if re.match(r'^Number of Virtual (Disk|Drive).*$',line.strip()):
+ i = line.strip().split(':')[1].strip()
+ return i
+
+def returnArrayInfo(output,controllerid,arrayid):
+ id = 'c'+str(controllerid)+'u'+str(arrayid)
+ operationlinennumber = False
+ linenumber = 0
+
+ for line in output:
+ if re.match(r'Number Of Drives\s*((per span))?:.*[0-9]+$',line.strip()):
+ ldpdcount = line.split(':')[1].strip()
+ if re.match(r'Span Depth *:.*[0-9]+$',line.strip()):
+ spandepth = line.split(':')[1].strip()
+ if re.match(r'^RAID Level\s*:.*$',line.strip()):
+ raidlevel = line.strip().split(':')[1].split(',')[0].split('-')[1].strip()
+ type = 'RAID' + raidlevel
+ if re.match(r'^Size\s*:.*$',line.strip()):
+ # Size reported in MB
+ if re.match(r'^.*MB$',line.strip().split(':')[1]):
+ size = line.strip().split(':')[1].strip('MB').strip()
+ size = str(int(round((float(size) / 1000))))+'G'
+ # Size reported in TB
+ elif re.match(r'^.*TB$',line.strip().split(':')[1]):
+ size = line.strip().split(':')[1].strip('TB').strip()
+ size = str(int(round((float(size) * 1000))))+'G'
+ # Size reported in GB (default)
+ else:
+ size = line.strip().split(':')[1].strip('GB').strip()
+ size = str(int(round((float(size)))))+'G'
+ if re.match(r'^State\s*:.*$',line.strip()):
+ state = line.strip().split(':')[1].strip()
+ if re.match(r'^Ongoing Progresses\s*:.*$',line.strip()):
+ operationlinennumber = linenumber
+ linenumber += 1
+ if operationlinennumber:
+ inprogress = output[operationlinennumber+1]
+ else:
+ inprogress = 'None'
+
+ if ldpdcount and (int(spandepth) > 1):
+ ldpdcount = int(ldpdcount) * int(spandepth)
+ if int(raidlevel) < 10:
+ type = type + "0"
+
+ return [id,type,size,state,inprogress]
+
+def returnDiskInfo(output,controllerid):
+ arrayid = False
+ diskid = False
+ table = []
+ state = 'undef'
+ model = 'undef'
+ for line in output:
+ if re.match(r'^Virtual (Disk|Drive): [0-9]+.*$',line.strip()):
+ arrayid = line.split('(')[0].split(':')[1].strip()
+ if re.match(r'Firmware state: .*$',line.strip()):
+ state = line.split(':')[1].strip()
+ if re.match(r'Inquiry Data: .*$',line.strip()):
+ model = line.split(':')[1].strip()
+ model = re.sub(' +', ' ', model)
+ if re.match(r'PD: [0-9]+ Information.*$',line.strip()):
+ diskid = line.split()[1].strip()
+
+ if arrayid != False and state != 'undef' and model != 'undef' and diskid != False:
+ table.append([str(arrayid), str(diskid), state, model])
+ state = 'undef'
+ model = 'undef'
+
+ return table
+
+cmd = binarypath+' -adpCount -NoLog'
+output = getOutput(cmd)
+controllernumber = returnControllerNumber(output)
+
+bad = False
+
+# List available controller
+if not nagiosmode:
+ print '-- Controller informations --'
+ print '-- ID | Model'
+ controllerid = 0
+ while controllerid < controllernumber:
+ cmd = binarypath+' -AdpAllInfo -a'+str(controllerid)+' -NoLog'
+ output = getOutput(cmd)
+ controllermodel = returnControllerModel(output)
+ print 'c'+str(controllerid)+' | '+controllermodel
+ controllerid += 1
+ print ''
+
+controllerid = 0
+if not nagiosmode:
+ print '-- Arrays informations --'
+ print '-- ID | Type | Size | Status | InProgress'
+
+while controllerid < controllernumber:
+ arrayid = 0
+ cmd = binarypath+' -LdGetNum -a'+str(controllerid)+' -NoLog'
+ output = getOutput(cmd)
+ arraynumber = returnArrayNumber(output)
+ while arrayid < int(arraynumber):
+ cmd = binarypath+' -LDInfo -l'+str(arrayid)+' -a'+str(controllerid)+' -NoLog'
+ output = getOutput(cmd)
+ arrayinfo = returnArrayInfo(output,controllerid,arrayid)
+ if not nagiosmode:
+ print arrayinfo[0]+' | '+arrayinfo[1]+' | '+arrayinfo[2]+' | '+arrayinfo[3]+' | '+arrayinfo[4]
+ if not arrayinfo[3] == 'Optimal':
+ bad = True
+ nagiosbadarray=nagiosbadarray+1
+ else:
+ nagiosgoodarray=nagiosgoodarray+1
+ arrayid += 1
+ controllerid += 1
+if not nagiosmode:
+ print ''
+
+if not nagiosmode:
+ print '-- Disks informations'
+ print '-- ID | Model | Status'
+
+controllerid = 0
+while controllerid < controllernumber:
+ arrayid = 0
+ cmd = binarypath+' -LDInfo -lall -a'+str(controllerid)+' -NoLog'
+ output = getOutput(cmd)
+ cmd = binarypath+' -LdPdInfo -a'+str(controllerid)+' -NoLog'
+ output = getOutput(cmd)
+ arraydisk = returnDiskInfo(output,controllerid)
+ for array in arraydisk:
+ if not array[2] == 'Online' and not array[2] == 'Online, Spun Up':
+ bad=True
+ nagiosbaddisk=nagiosbaddisk+1
+ else:
+ nagiosgooddisk=nagiosgooddisk+1
+ if not nagiosmode:
+ print 'c'+str(controllerid)+'u'+array[0]+'p'+array[1]+' | '+array[3]+' | '+array[2]
+ controllerid += 1
+
+if nagiosmode:
+ if bad:
+ print 'RAID ERROR - Arrays: OK:'+str(nagiosgoodarray)+' Bad:'+str(nagiosbadarray)+' - Disks: OK:'+str(nagiosgooddisk)+' Bad:'+str(nagiosbaddisk)
+ sys.exit(2)
+ else:
+ print 'RAID OK - Arrays: OK:'+str(nagiosgoodarray)+' Bad:'+str(nagiosbadarray)+' - Disks: OK:'+str(nagiosgooddisk)+' Bad:'+str(nagiosbaddisk)
+else:
+ if bad:
+ print '\nThere is at least one disk/array in a NOT OPTIMAL state.'
+ sys.exit(1)
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa21 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa21
new file mode 100644
index 0000000..13a07c0
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa21
@@ -0,0 +1,10 @@
+
+
+ _____ ________ ____
+ ____ _____ ______ _/ ____\____ \_____ \/_ |
+_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ | |
+\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \ | |
+ \___ >__|_| /____ > |__| (____ /\_______ \|___|
+ \/ \/ \/ \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa22 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa22
new file mode 100644
index 0000000..d2b9adf
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa22
@@ -0,0 +1,10 @@
+
+
+ _____ ________ ________
+ ____ _____ ______ _/ ____\____ \_____ \\_____ \
+_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ / ____/
+\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \/ \
+ \___ >__|_| /____ > |__| (____ /\_______ \_______ \
+ \/ \/ \/ \/ \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa23 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa23
new file mode 100644
index 0000000..a361343
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa23
@@ -0,0 +1,9 @@
+
+
+ _____ ________ ________
+ ____ _____ ______ _/ ____\____ \_____ \ \_____ \
+_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ _(__ <
+\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \ / \
+ \___ >__|_| /____ > |__| (____ /\_______ \/______ /
+ \/ \/ \/ \/ \/ \/
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa24 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa24
new file mode 100644
index 0000000..f65ba23
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fa24
@@ -0,0 +1,9 @@
+
+
+ _____ ________ _____
+ ____ _____ ______ _/ ____\____ \_____ \ / | |
+_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ / | |_
+\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \/ ^ /
+ \___ >__|_| /____ > |__| (____ /\_______ \____ |
+ \/ \/ \/ \/ \/ |__|
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp21 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp21
new file mode 100644
index 0000000..99e066e
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp21
@@ -0,0 +1,10 @@
+
+
+ _____ ________ ____
+ ____ _____ ______ _/ ____\_____ \_____ \/_ |
+_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ | |
+\ \___| Y Y \\___ \ /_____/ | | | |_> > \ | |
+ \___ >__|_| /____ > |__| | __/\_______ \|___|
+ \/ \/ \/ |__| \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp22 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp22
new file mode 100644
index 0000000..027440e
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp22
@@ -0,0 +1,10 @@
+
+
+ _____ ________ ________
+ ____ _____ ______ _/ ____\_____ \_____ \\_____ \
+_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ / ____/
+\ \___| Y Y \\___ \ /_____/ | | | |_> > \/ \
+ \___ >__|_| /____ > |__| | __/\_______ \_______ \
+ \/ \/ \/ |__| \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp23 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp23
new file mode 100644
index 0000000..ed7dbf0
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp23
@@ -0,0 +1,10 @@
+
+
+ _____ ________ ________
+ ____ _____ ______ _/ ____\_____ \_____ \ \_____ \
+_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ _(__ <
+\ \___| Y Y \\___ \ /_____/ | | | |_> > \ / \
+ \___ >__|_| /____ > |__| | __/\_______ \/______ /
+ \/ \/ \/ |__| \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp24 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp24
new file mode 100644
index 0000000..986a4e2
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp24
@@ -0,0 +1,11 @@
+
+
+ _____ ________ _____
+ ____ _____ ______ _/ ____\_____ \_____ \ / | |
+_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ / | |_
+\ \___| Y Y \\___ \ /_____/ | | | |_> > \/ ^ /
+ \___ >__|_| /____ > |__| | __/\_______ \____ |
+ \/ \/ \/ |__| \/ |__|
+
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp25 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp25
new file mode 100644
index 0000000..2481ecc
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp25
@@ -0,0 +1,10 @@
+
+
+ _____ ________ .________
+ ____ _____ ______ _/ ____\_____ \_____ \ | ____/
+_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ |____ \
+\ \___| Y Y \\___ \ /_____/ | | | |_> > \ / \
+ \___ >__|_| /____ > |__| | __/\_______ \/______ /
+ \/ \/ \/ |__| \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp26 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp26
new file mode 100644
index 0000000..67287c3
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-fp26
@@ -0,0 +1,10 @@
+
+
+ _____ ________ ________
+ ____ _____ ______ _/ ____\_____ \_____ \/ _____/
+_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ __ \
+\ \___| Y Y \\___ \ /_____/ | | | |_> > \ |__\ \
+ \___ >__|_| /____ > |__| | __/\_______ \_____ /
+ \/ \/ \/ |__| \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-ft21 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-ft21
new file mode 100644
index 0000000..03c0e21
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-ft21
@@ -0,0 +1,10 @@
+
+
+ _____ __ ________ ____
+ ____ _____ ______ _/ ____\/ |_\_____ \/_ |
+_/ ___\ / \ / ___/ ______ \ __\\ __\/ ____/ | |
+\ \___| Y Y \\___ \ /_____/ | | | | / \ | |
+ \___ >__|_| /____ > |__| |__| \_______ \|___|
+ \/ \/ \/ \/
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-ft22 b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-ft22
new file mode 100644
index 0000000..6e38e3f
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/motd.cms-ft22
@@ -0,0 +1,16 @@
+
+
+ _____ __ ________ ________
+ ____ _____ ______ _/ ____\/ |_\_____ \\_____ \
+_/ ___\ / \ / ___/ ______ \ __\\ __\/ ____/ / ____/
+\ \___| Y Y \\___ \ /_____/ | | | | / \/ \
+ \___ >__|_| /____ > |__| |__| \_______ \_______ \
+ \/ \/ \/ \/ \/
+
+
+
+
+
+
+
+
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/nagios.tar.gz b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/nagios.tar.gz
new file mode 100644
index 0000000..50709da
Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/nagios.tar.gz differ
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/profile_rugcms b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/profile_rugcms
new file mode 100644
index 0000000..7449235
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/profile_rugcms
@@ -0,0 +1,47 @@
+umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+ # include .bashrc if it exists
+ if [ -f "$HOME/.bashrc" ]; then
+ . "$HOME/.bashrc"
+ fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+ PATH="$HOME/bin:$PATH"
+fi
+
+EDITOR=nano
+export EDITOR
+
+JAVA_HOME=$HOME/software/java
+export JAVA_HOME
+
+PATH=$JAVA_HOME/bin:/usr/local/bin:/usr/bin:/usr/ccs/bin:$PATH
+export PATH
+
+RUGCMS_CLASSPATH=\
+$HOME/software/tomcat/lib/*:\
+$HOME/servers/tomcat-common/lib/*:\
+$HOME/servers/ucms-common/lib/ucms/*:\
+$HOME/servers/ucms-common/lib/xml/*:\
+$HOME/servers/ucms-common/lib/jackrabbit/*:\
+$HOME/servers/ucms-common/lib/apache/*:\
+$HOME/servers/ucms-common/lib/google/*:\
+$HOME/servers/ucms-common/lib/*
+export RUGCMS_CLASSPATH
+
+source $HOME/scripts/setClusterAndNode.sh
+
+if [[ $CLUSTER == 'test' ]]; then
+ PS1=$'\\[\\e[32;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
+elif [[ $CLUSTER == 'acceptation' ]]; then
+ PS1=$'\\[\\e[33;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
+elif [[ $CLUSTER == 'production' ]]; then
+ PS1=$'\\[\\e[31m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
+else
+ PS1=$'\\[\\e[35;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
+fi
+export PS1
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/resolv.conf b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/resolv.conf
new file mode 100644
index 0000000..33aac01
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/resolv.conf
@@ -0,0 +1,3 @@
+search service.rug.nl
+nameserver 129.125.4.6
+nameserer 8.8.8.8
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/sshd_config b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/sshd_config
new file mode 100644
index 0000000..b7c6fea
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/sshd_config
@@ -0,0 +1,139 @@
+# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options override the
+# default value.
+
+# If you want to change the port on a SELinux system, you have to tell
+# SELinux about this change.
+# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
+#
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+SyslogFacility AUTHPRIV
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin without-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+PasswordAuthentication yes
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+#KerberosUseKuserok yes
+
+# GSSAPI options
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials no
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+#GSSAPIEnablek5users no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
+# problems.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation sandbox
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#ShowPatchLevel no
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+
+# override default of no subsystems
+Subsystem sftp /usr/libexec/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# PermitTTY no
+# ForceCommand cvs server
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/yum_debug_dump.txt.gz b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/yum_debug_dump.txt.gz
new file mode 100644
index 0000000..2784e17
Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/files/yum_debug_dump.txt.gz differ
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/.main.yml.swp b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/.main.yml.swp
new file mode 100644
index 0000000..6b0aa3e
Binary files /dev/null and b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/.main.yml.swp differ
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/copy-files.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/copy-files.yml
new file mode 100644
index 0000000..40ca57f
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/copy-files.yml
@@ -0,0 +1,34 @@
+- copy:
+ src: files/motd.{{ ansible_hostname }}
+ dest: /etc/motd
+ owner: root
+ group: root
+ mode: 0644
+
+- copy:
+ src: files/hosts
+ dest: /etc/hosts
+ owner: root
+ group: root
+ mode: 0644
+
+- copy:
+ src: files/sshd_config
+ dest: /etc/ssh/sshd_config
+ owner: root
+ group: root
+ mode: 0600
+
+- copy:
+ src: files/resolv.conf
+ dest: /etc/resolv.conf
+ owner: root
+ group: root
+ mode: 0644
+
+- copy:
+ src: files/yum_debug_dump.txt.gz
+ dest: /root/yum_debug_dump.txt.gz
+ owner: root
+ group: root
+ mode: 0600
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/copy-firewall.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/copy-firewall.yml
new file mode 100644
index 0000000..3d11dae
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/copy-firewall.yml
@@ -0,0 +1,6 @@
+- copy:
+ src: files/firewall.sh
+ dest: /root/firewall/firewall.sh
+ owner: root
+ group: root
+ mode: 0700
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/disable-selinux.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/disable-selinux.yml
new file mode 100644
index 0000000..1c185e7
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/disable-selinux.yml
@@ -0,0 +1 @@
+- selinux: state=disabled
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/docker-netdata.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/docker-netdata.yml
new file mode 100644
index 0000000..6df67b6
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/docker-netdata.yml
@@ -0,0 +1,9 @@
+- docker_container:
+ name: netdata
+ image: titpetric/netdata
+ network_mode: host
+ hostname: "{{ ansible_hostname }}"
+ capabilities: SYS_PTRACE
+ state: started
+ volumes:
+ - /sys:/host/sys:ro
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/ger-user.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/ger-user.yml
new file mode 100644
index 0000000..c6d41e1
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/ger-user.yml
@@ -0,0 +1,6 @@
+- user:
+ name: ger
+ comment: "ger user"
+ state: present
+ group: rugcms
+ home: /home/ger
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-docker-py.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-docker-py.yml
new file mode 100644
index 0000000..499f41e
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-docker-py.yml
@@ -0,0 +1 @@
+- yum: name=python-docker-py state=latest
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-epel.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-epel.yml
new file mode 100644
index 0000000..039802e
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-epel.yml
@@ -0,0 +1 @@
+- yum: name=epel-release state=latest
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-ntp.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-ntp.yml
new file mode 100644
index 0000000..d82087f
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-ntp.yml
@@ -0,0 +1 @@
+- yum: name=ntp state=latest
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-yum-utils.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-yum-utils.yml
new file mode 100644
index 0000000..906f8df
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/install-yum-utils.yml
@@ -0,0 +1 @@
+- yum: name=yum-utils state=latest
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/main.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/main.yml
new file mode 100644
index 0000000..58f4839
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/main.yml
@@ -0,0 +1,21 @@
+ - include: rugcms-group.yml
+ - include: rugcms-user.yml
+ - include: rugcms-keys.yml
+ - include: rugcms-profile.yml
+ - include: rugcms-password.yml
+ - include: stealth-client.yml
+ - include: install-epel.yml
+ - include: install-ntp.yml
+ - include: install-yum-utils.yml
+ - include: install-docker-py.yml
+ - include: disable-selinux.yml
+ - include: start-ntp.yml
+ - include: stop-firewalld.yml
+ - include: copy-firewall.yml
+ - include: run-firewall.yml
+ - include: nagios-client.yml
+ - include: mega-cli.yml
+ - include: copy-files.yml
+ - include: start-services.yml
+ - include: docker-netdata.yml
+ - include: upgrade.yml
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/mega-cli.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/mega-cli.yml
new file mode 100644
index 0000000..f10a8f9
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/mega-cli.yml
@@ -0,0 +1,27 @@
+- copy:
+ src: files/Lib_Utils-1.00-09.noarch.rpm
+ dest: /tmp/Lib_Utils-1.00-09.noarch.rpm
+
+- yum:
+ name: /tmp/Lib_Utils-1.00-09.noarch.rpm
+ state: present
+
+- copy:
+ src: files/MegaCli-8.04.07-1.noarch.rpm
+ dest: /tmp/MegaCli-8.04.07-1.noarch.rpm
+
+- yum:
+ name: /tmp/MegaCli-8.04.07-1.noarch.rpm
+ state: present
+
+- copy:
+ src: files/megaclisas-status
+ dest: /usr/sbin/megaclisas-status
+ owner: root
+ group: root
+ mode: 0700
+
+- file:
+ src: /opt/MegaRAID/MegaCli/MegaCli64
+ dest: /usr/sbin/megacli
+ state: link
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/nagios-client.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/nagios-client.yml
new file mode 100644
index 0000000..fc1b65a
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/nagios-client.yml
@@ -0,0 +1,42 @@
+
+ - file: path=/nagios state=directory
+
+ - unarchive:
+ src: files/nagios.tar.gz
+ dest: /nagios
+
+ - cron:
+ name: "check disk full"
+ minute: "00,10,20,30,40,50"
+ hour: "*"
+ job: "/nagios/cron/check_disk"
+
+ - cron:
+ name: "check disk ok"
+ minute: "00,10,20,30,40,50"
+ hour: "*"
+ job: "/nagios/cron/check_disks"
+
+ - cron:
+ name: "check firewall"
+ minute: "00,10,20,30,40,50"
+ hour: "*"
+ job: "/nagios/cron/check_iptables"
+
+ - replace:
+ path: /nagios/cron/check_iptables
+ regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
+ replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
+ backup: yes
+
+ - replace:
+ path: /nagios/cron/check_disk
+ regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
+ replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
+ backup: yes
+
+ - replace:
+ path: /nagios/cron/check_disks
+ regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
+ replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
+ backup: yes
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-group.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-group.yml
new file mode 100644
index 0000000..c7046ec
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-group.yml
@@ -0,0 +1,3 @@
+- group:
+ name: rugcms
+ state: present
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-keys.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-keys.yml
new file mode 100644
index 0000000..3cbdaa8
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-keys.yml
@@ -0,0 +1,7 @@
+- authorized_key:
+ user: rugcms
+ key: '{{ item }}'
+ state: present
+ with_items:
+ - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl'
+ - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga'
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-profile.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-profile.yml
new file mode 100644
index 0000000..c633a4a
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-profile.yml
@@ -0,0 +1,6 @@
+- copy:
+ src: files/profile_rugcms
+ dest: /local_disk/.profile
+ owner: rugcms
+ group: rugcms
+ mode: 0700
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-user.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-user.yml
new file mode 100644
index 0000000..a9cc9fa
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/rugcms-user.yml
@@ -0,0 +1,6 @@
+- user:
+ name: rugcms
+ comment: "rugcms user"
+ state: present
+ group: rugcms
+ home: /local_disk
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/run-firewall.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/run-firewall.yml
new file mode 100644
index 0000000..3a8fed8
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/run-firewall.yml
@@ -0,0 +1 @@
+- script: chdir=/root/firewall firewall.sh
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/start-ntp.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/start-ntp.yml
new file mode 100644
index 0000000..68f70c3
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/start-ntp.yml
@@ -0,0 +1,4 @@
+- systemd:
+ name: ntpd.service
+ state: started
+ enabled: yes
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/start-services.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/start-services.yml
new file mode 100644
index 0000000..9728492
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/start-services.yml
@@ -0,0 +1,14 @@
+- systemd:
+ name: sshd.service
+ state: started
+ enabled: yes
+
+- systemd:
+ name: postfix.service
+ state: started
+ enabled: yes
+
+- systemd:
+ name: docker.service
+ state: started
+ enabled: yes
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/stealth-client.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/stealth-client.yml
new file mode 100644
index 0000000..71df994
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/stealth-client.yml
@@ -0,0 +1,15 @@
+- group:
+ name: kees
+ state: present
+
+- user:
+ name: kees
+ comment: "stealth user"
+ state: present
+ group: kees
+ home: /home/kees
+
+- authorized_key:
+ user: kees
+ key: 'ssh-dss AAAAB3NzaC1kc3MAAACBALg7GbHKk2jYPNXUgW69AKKnCALjroTtwCA0bt4zde1mavYNoQK8JY/pe4BSOQtsyo3JECYzmAZwoNbq8nJCh8ORf5tKs8njEykZ0n7BVWtCT/jh9EFPTFhFK864TdFVCvwtIafAL4kEVNvJ0wrJYa1mN/ds03HWliv+3Shj6x0dAAAAFQDxlwgId3zlrXiCfk3ciAHN5b2ScwAAAIEArZ3/Hg7FECh5Fjf7lnBQZW7sjG5OLZRJIZlj2/jYnvIRUrsN2XmebwO4Q5q7g7FLWlfbg+x2Lmv1OWf/zGd3U6aAx8M+d+nTWDtWpQNvcE99HlfOs9Q4Rzxx6ZOyaZn57lCva/nCmLe0DTPVB8rvocMmqe1r3n7/KgxxKttbWRUAAACAfH2y4JPt2AcVdHnHiibpQBtxK/9m6AEjsB/g02tMXHZletMs9jF6kGynan7xJqRqvWxkGS1ClHIUdt2uK6A6pbqOf2BwcBIxAdljLRrZOyvmW9KTqduHMemYv6xQnpNGb8moWq5V5FKiATvd/LB46O1zwZejJErfj70LRE98Hv4= stealth@operator'
+ state: present
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/stop-firewalld.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/stop-firewalld.yml
new file mode 100644
index 0000000..8dc66c4
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/stop-firewalld.yml
@@ -0,0 +1,3 @@
+- systemd:
+ name: firewalld.service
+ enabled: no
diff --git a/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/upgrade.yml b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/upgrade.yml
new file mode 100644
index 0000000..df7655f
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_test/tasks/upgrade.yml
@@ -0,0 +1 @@
+- yum: name=* state=latest
diff --git a/playbooks/rugcms-frontend-uitrol/rugcms-frontend_acc_prod.yml b/playbooks/rugcms-frontend-uitrol/rugcms-frontend_acc_prod.yml
new file mode 100644
index 0000000..30b0ab6
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/rugcms-frontend_acc_prod.yml
@@ -0,0 +1,8 @@
+---
+- hosts: new
+
+ tasks:
+ - name: uitrol frontend
+ include_role:
+ name: frontend_acc_prod
+
diff --git a/playbooks/rugcms-frontend-uitrol/rugcms-frontend_test.yml b/playbooks/rugcms-frontend-uitrol/rugcms-frontend_test.yml
new file mode 100644
index 0000000..bc17275
--- /dev/null
+++ b/playbooks/rugcms-frontend-uitrol/rugcms-frontend_test.yml
@@ -0,0 +1,8 @@
+---
+- hosts: cms-ft22
+
+ tasks:
+ - name: uitrol frontend
+ include_role:
+ name: frontend_test
+
diff --git a/playbooks/tivoli-client/ansible.cfg b/playbooks/tivoli-client/ansible.cfg
new file mode 100644
index 0000000..b0e6dc3
--- /dev/null
+++ b/playbooks/tivoli-client/ansible.cfg
@@ -0,0 +1,5 @@
+[defaults]
+hostfile = hosts
+remote_user = root
+private_key_file = /home/ger/.ssh/id_dsa
+host_key_checking = false
diff --git a/playbooks/tivoli-client/backup-client.yml b/playbooks/tivoli-client/backup-client.yml
new file mode 100644
index 0000000..4cc40a4
--- /dev/null
+++ b/playbooks/tivoli-client/backup-client.yml
@@ -0,0 +1,8 @@
+---
+- hosts: stimmen
+
+ tasks:
+ - name: uitrol tivoli client
+ include_role:
+ name: tivo
+
diff --git a/playbooks/tivoli-client/hosts b/playbooks/tivoli-client/hosts
new file mode 100644
index 0000000..616c899
--- /dev/null
+++ b/playbooks/tivoli-client/hosts
@@ -0,0 +1,4 @@
+[backup-clients]
+
+stimmen ansible_host=stimmen.housing.rug.nl ansible_port=22
+cms-fp11 ansible_host=cms-fp11.service.rug.nl ansible_port=22
diff --git a/playbooks/tivoli-client/tivo/README.md b/playbooks/tivoli-client/tivo/README.md
new file mode 100644
index 0000000..225dd44
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+ - hosts: servers
+ roles:
+ - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/playbooks/tivoli-client/tivo/defaults/main.yml b/playbooks/tivoli-client/tivo/defaults/main.yml
new file mode 100644
index 0000000..99a99b6
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for tivo
\ No newline at end of file
diff --git a/playbooks/tivoli-client/tivo/files/8.1.4.0-TIV-TSMBAC-LinuxX86.tar b/playbooks/tivoli-client/tivo/files/8.1.4.0-TIV-TSMBAC-LinuxX86.tar
new file mode 100644
index 0000000..6de5ba9
Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/8.1.4.0-TIV-TSMBAC-LinuxX86.tar differ
diff --git a/playbooks/tivoli-client/tivo/files/README.htm b/playbooks/tivoli-client/tivo/files/README.htm
new file mode 100644
index 0000000..9f1fac5
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/files/README.htm
@@ -0,0 +1,267 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+IBM Spectrum Protect Backup-Archive Client Version 8.1.4
+
+
+
IBM Spectrum Protect Backup-Archive
+Client Version 8.1.4
+
Licensed Materials - Property of IBM
+
+
5725-W98
+5725-W99
+5725-X15
+
+
Copyright International Business Machines Corp. 2017.
+
+
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP
+Schedule Contract with IBM Corp.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Arquivos leia-me
+
Os arquivos leia-me dos fix packs do cliente de backup-archive do IBM Spectrum Protect
+V8.1 estão disponíveis na base de conhecimento de suporte quando há uma atualização de fix pack.
+
+
Para ter acesso às atualizações mais recentes, aos requisitos do sistema, às limitações conhecidas e ao histórico de correções para um fix pack, consulte a base de conhecimento de suporte:
+
+
Visualizar
+os arquivos leia-me do cliente de backup-archive do IBM Spectrum Protect V8.1
+
+
Para visualizar informações adicionais sobre o IBM
+Spectrum Protect, consulte a documentação do produto on-line.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/playbooks/tivoli-client/tivo/files/README_api.htm b/playbooks/tivoli-client/tivo/files/README_api.htm
new file mode 100644
index 0000000..d2c02d1
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/files/README_api.htm
@@ -0,0 +1,267 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+IBM Spectrum Protect Application Programming Interface Version 8.1.4
+
+
+
IBM Spectrum Protect Application
+Programming Interface Version 8.1.4
+
Licensed Materials - Property of IBM
+
+
5725-W98
+5725-W99
+5725-X15
+
+
Copyright International Business Machines Corp. 2017.
+
+
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP
+Schedule Contract with IBM Corp.
+
+
+
+
Readme files
+
Readme files for the IBM Spectrum Protect
+V8.1 API fix packs are available in the Support knowledge base when there is a fix pack update.
+
+
For the latest updates, system requirements, known limitations, and the fix history for a fix
+pack, see the Support knowledge base:
+
+
View IBM Spectrum Protect
+V8.1 API fix pack readme files
+
+
To view additional information about IBM
+Spectrum Protect, see the online product documentation.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Instructions d'installation
+
Pour obtenir des instructions sur l'installation, voir
+Installation de l'API.
+
+
+Fichiers Readme
+
Les fichiers Readme des groupes de correctifs de l'API IBM Spectrum Protect
+version 8.1 sont disponibles dans la base de connaissances du support
+lorsqu'une mise à jour d'un groupe de correctifs est publiée.
+
+
Pour en savoir plus sur les dernières mises à jour, la configuration système requise, les limitations connues et l'historique des correctifs pour un groupe de correctifs, voir la base de connaissances du support :
+
+
Afficher les fichiers Readme des groupes de correctifs de l'API IBM Spectrum Protect version 8.1
+
+
Pour consulter des informations supplémentaires sur IBM
+Spectrum Protect, voir la documentation du produit en ligne.
+
+
+
+Installationsanweisungen
+
Installationsanweisungen finden Sie in
+API installieren.
+
+
+
+
+
+Telepítési útmutatás
+
A telepítésre vonatkozó útmutatásokat az
+API
+telepítése című dokumentum tartalmazza.
+
+
+Readme fájlok
+
Az IBM Spectrum Protect
+V8.1 API javítócsomagok readme fájljai a támogatási tudásbázisban érhetők el a frissítések megjelenésekor.
+
+
A frissítésekkel, rendszerkövetelményekkel, ismert korlátozásokkal és a javítócsomagok
+előzményeivel kapcsolatos legfrissebb információkat a támogatási tudásbázis tartalmazza:
+
+
IBM Spectrum Protect
+V8.1 API javítócsomag readme fájljainak megtekintése
+
+
Ha további információkra van szüksége az IBM
+Spectrum Protect termékről, látogassa meg az
+online
+termékdokumentációt.
+
+
+
+
+
+
+
+
+Instruções de instalação
+
Para obter instruções de instalação, consulte Instalando a API.
+
+
+Arquivos leia-me
+
Os arquivos leia-me dos fix packs da API do IBM Spectrum Protect
+V8.1 estão disponíveis na base de conhecimento de suporte quando há uma atualização de fix pack.
+
+
Para ter acesso às atualizações mais recentes, aos requisitos do sistema, às limitações conhecidas e ao histórico de correções para um fix pack, consulte a base de conhecimento de suporte:
+
+
Visualizar os arquivos leia-me da API do
+IBM Spectrum Protect V8.1
+
+
Para visualizar informações adicionais sobre o IBM
+Spectrum Protect, consulte a documentação
+do produto on-line.
+
+
+
+Инструкции по установке
+
Инструкции по установке смотрите в документе
+Установка API.
+
+
+Ознакомительные файлы Readme
+
Файлы Readme для пакетов исправлений API IBM Spectrum Protect
+V8.1 становятся доступны в информационной базе службы поддержки, когда появляется обновление пакета исправлений.
+
+
Чтобы узнать о последних обновлениях, требованиях к системе, известных ограничениях и хронологии исправлений для пакета исправлений, смотрите
+информационную базу службы поддержки:
+
+
Прочитать файлы Readme для пакета исправлений
+API IBM Spectrum Protect V8.1
+
+
Чтобы ознакомиться с дополнительной информацией по IBM Spectrum Protect, смотрите
+электронную документацию
+по продукту.
+
+
+
+Instrucciones de instalación
+
Para obtener las instrucciones de instalación, consulte Instalación de la API.
+
+
+
+
+
+
\ No newline at end of file
diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-API64.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-API64.x86_64.rpm
new file mode 100644
index 0000000..9151697
Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-API64.x86_64.rpm differ
diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-APIcit.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-APIcit.x86_64.rpm
new file mode 100644
index 0000000..50d0e6d
Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-APIcit.x86_64.rpm differ
diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-BA.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-BA.x86_64.rpm
new file mode 100644
index 0000000..909cd79
Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-BA.x86_64.rpm differ
diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-BAcit.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-BAcit.x86_64.rpm
new file mode 100644
index 0000000..efbd31b
Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-BAcit.x86_64.rpm differ
diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-BAhdw.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-BAhdw.x86_64.rpm
new file mode 100644
index 0000000..55c7020
Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-BAhdw.x86_64.rpm differ
diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-JBB.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-JBB.x86_64.rpm
new file mode 100644
index 0000000..c6ee0d9
Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-JBB.x86_64.rpm differ
diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-filepath-8.1.4-0.x86_64.rpm b/playbooks/tivoli-client/tivo/files/TIVsm-filepath-8.1.4-0.x86_64.rpm
new file mode 100644
index 0000000..afec4d3
Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-filepath-8.1.4-0.x86_64.rpm differ
diff --git a/playbooks/tivoli-client/tivo/files/TIVsm-filepath-source.tar.gz b/playbooks/tivoli-client/tivo/files/TIVsm-filepath-source.tar.gz
new file mode 100644
index 0000000..524d734
Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/TIVsm-filepath-source.tar.gz differ
diff --git a/playbooks/tivoli-client/tivo/files/dsm.opt b/playbooks/tivoli-client/tivo/files/dsm.opt
new file mode 100644
index 0000000..96d6888
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/files/dsm.opt
@@ -0,0 +1,2 @@
+SErvername RCBACKUP01
+Quiet
diff --git a/playbooks/tivoli-client/tivo/files/dsm.sys b/playbooks/tivoli-client/tivo/files/dsm.sys
new file mode 100644
index 0000000..0502cb1
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/files/dsm.sys
@@ -0,0 +1,31 @@
+*** The following replication server connection information is automatically updated
+*** These options should not be changed manually
+REPLSERVERNAME RCBACKUP02
+ REPLTCPSERVERADDRESS rcbackup02.service.rug.nl
+ REPLTCPPORT 1500
+ REPLSERVERGUID 1e.d6.aa.86.46.2c.e8.11.ac.9a.50.9a.4c.ab.2d.e4
+ REPLSSLPORT 1505
+
+*** end of automatically updated options
+SErvername RCBACKUP01
+ *** The MYREPLICATIONServer and MYPRIMARYServername options are automatically updated and should not be changed manually
+ MYREPLICATIONServer RCBACKUP02
+ MYPRIMARYServername RCBACKUP01
+COMMmethod TCPip
+TCPPort 1500
+HTTPPORT 1581
+TCPServeraddress rcbackup01.service.rug.nl
+SCHEDMODE PROMPTED
+TCPBUFFSIZE 512
+TCPWINDOWSIZE 2048
+COMPRESSION NO
+nodename peregrine
+passwordaccess generate
+users root backup
+inclexcl /opt/tivoli/tsm/client/ba/bin/dsm.exclude
+errorlogname /var/log/adsm/dsmerror.log
+schedlogname /var/log/adsm/dsmsched.log
+resourceutilization 10
+errorlogretention 14
+schedlogretention 14
+VIRTUALMOUNTPOINT /home
diff --git a/playbooks/tivoli-client/tivo/files/gskcrypt64-8.0.50.78.linux.x86_64.rpm b/playbooks/tivoli-client/tivo/files/gskcrypt64-8.0.50.78.linux.x86_64.rpm
new file mode 100644
index 0000000..4508854
Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/gskcrypt64-8.0.50.78.linux.x86_64.rpm differ
diff --git a/playbooks/tivoli-client/tivo/files/gskssl64-8.0.50.78.linux.x86_64.rpm b/playbooks/tivoli-client/tivo/files/gskssl64-8.0.50.78.linux.x86_64.rpm
new file mode 100644
index 0000000..b89272d
Binary files /dev/null and b/playbooks/tivoli-client/tivo/files/gskssl64-8.0.50.78.linux.x86_64.rpm differ
diff --git a/playbooks/tivoli-client/tivo/handlers/main.yml b/playbooks/tivoli-client/tivo/handlers/main.yml
new file mode 100644
index 0000000..41becaa
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for tivo
\ No newline at end of file
diff --git a/playbooks/tivoli-client/tivo/meta/main.yml b/playbooks/tivoli-client/tivo/meta/main.yml
new file mode 100644
index 0000000..7223799
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/meta/main.yml
@@ -0,0 +1,57 @@
+galaxy_info:
+ author: your name
+ description: your description
+ company: your company (optional)
+
+ # If the issue tracker for your role is not on github, uncomment the
+ # next line and provide a value
+ # issue_tracker_url: http://example.com/issue/tracker
+
+ # Some suggested licenses:
+ # - BSD (default)
+ # - MIT
+ # - GPLv2
+ # - GPLv3
+ # - Apache
+ # - CC-BY
+ license: license (GPLv2, CC-BY, etc)
+
+ min_ansible_version: 1.2
+
+ # If this a Container Enabled role, provide the minimum Ansible Container version.
+ # min_ansible_container_version:
+
+ # Optionally specify the branch Galaxy will use when accessing the GitHub
+ # repo for this role. During role install, if no tags are available,
+ # Galaxy will use this branch. During import Galaxy will access files on
+ # this branch. If Travis integration is configured, only notifications for this
+ # branch will be accepted. Otherwise, in all cases, the repo's default branch
+ # (usually master) will be used.
+ #github_branch:
+
+ #
+ # platforms is a list of platforms, and each platform has a name and a list of versions.
+ #
+ # platforms:
+ # - name: Fedora
+ # versions:
+ # - all
+ # - 25
+ # - name: SomePlatform
+ # versions:
+ # - all
+ # - 1.0
+ # - 7
+ # - 99.99
+
+ galaxy_tags: []
+ # List tags for your role here, one per line. A tag is a keyword that describes
+ # and categorizes the role. Users find roles by searching for tags. Be sure to
+ # remove the '[]' above, if you add tags to this list.
+ #
+ # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+ # Maximum 20 tags per role.
+
+dependencies: []
+ # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+ # if you add dependencies to this list.
\ No newline at end of file
diff --git a/playbooks/tivoli-client/tivo/tasks/change-node-name.yml b/playbooks/tivoli-client/tivo/tasks/change-node-name.yml
new file mode 100644
index 0000000..1e4de7d
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/tasks/change-node-name.yml
@@ -0,0 +1,5 @@
+- replace:
+ path: /opt/tivoli/tsm/client/ba/bin/dsm.sys
+ regexp: 'nodename'
+ replace: 'nodename="{{ ansible_hostname }}'
+ backup: yes
diff --git a/playbooks/tivoli-client/tivo/tasks/copy-config.yml b/playbooks/tivoli-client/tivo/tasks/copy-config.yml
new file mode 100644
index 0000000..6168343
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/tasks/copy-config.yml
@@ -0,0 +1,13 @@
+- copy:
+ src: files/dsm.sys
+ dest: /opt/tivoli/tsm/client/ba/bin/dsm.sys_new
+ owner: root
+ mode: 0600
+ force: no
+
+- copy:
+ src: files/dsm.opt
+ dest: /opt/tivoli/tsm/client/ba/bin/dsm.opt_new
+ owner: root
+ mode: 0600
+ force: no
diff --git a/playbooks/tivoli-client/tivo/tasks/copy-files.yml b/playbooks/tivoli-client/tivo/tasks/copy-files.yml
new file mode 100644
index 0000000..a100b51
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/tasks/copy-files.yml
@@ -0,0 +1,11 @@
+- file: path=/root/tivo state=directory
+
+- copy:
+ src: "{{ item }}"
+ dest: /root/tivo/
+ owner: root
+ mode: 0600
+ force: no
+ with_fileglob:
+ - files/*
+
diff --git a/playbooks/tivoli-client/tivo/tasks/install-rpms.yml b/playbooks/tivoli-client/tivo/tasks/install-rpms.yml
new file mode 100644
index 0000000..42509c5
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/tasks/install-rpms.yml
@@ -0,0 +1,13 @@
+ - name: Find all rpm files in /tmp folder
+ find:
+ paths: "/root/tivo"
+ pattern: "*.rpm"
+ register: rpm_files
+
+ - set_fact:
+ rpm_list: "{{ rpm_files.files | map(attribute='path') | list}}"
+
+ - name: installing the rpm files
+ yum:
+ name: "{{rpm_list}}"
+ state: present
diff --git a/playbooks/tivoli-client/tivo/tasks/main.yml b/playbooks/tivoli-client/tivo/tasks/main.yml
new file mode 100644
index 0000000..53f22eb
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+# tasks file for tivo
+ - include: copy-files.yml
+ - include: install-rpms.yml
+ - include: copy-config.yml
+ - include: change-node-name.yml
diff --git a/playbooks/tivoli-client/tivo/tests/inventory b/playbooks/tivoli-client/tivo/tests/inventory
new file mode 100644
index 0000000..878877b
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/playbooks/tivoli-client/tivo/tests/test.yml b/playbooks/tivoli-client/tivo/tests/test.yml
new file mode 100644
index 0000000..2c50c21
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+ remote_user: root
+ roles:
+ - tivo
\ No newline at end of file
diff --git a/playbooks/tivoli-client/tivo/vars/main.yml b/playbooks/tivoli-client/tivo/vars/main.yml
new file mode 100644
index 0000000..56829a0
--- /dev/null
+++ b/playbooks/tivoli-client/tivo/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for tivo
\ No newline at end of file
diff --git a/rugcms.yml b/rugcms.yml
deleted file mode 100644
index 382fdf0..0000000
--- a/rugcms.yml
+++ /dev/null
@@ -1,123 +0,0 @@
-# catchall rugcms ansible uitrol script:
-#
-# - create rugcms group
-# - create rugmcs user, lid van rugcms en homedir /local_disk
-# - push ssh-keys rugcms user
-# - copy .profile rugcms user
-# - install packages
-# - upgrade all rpms
-# - disable selinux
-# - disable firewalld
-# - copy firewall.sh script
-# - run firewall script
-# - copy yum_debug_file for input on all installed packages
-# - copy resolv.conf
-# - copy sshd_conf
-#
-# Usage: $ ansible-playbook rugcms.yml
----
-- name: rugcms ansible
- hosts: "{{ myhosts | default('acc')}}"
-
- tasks:
- - group:
- name: rugcms
- state: present
-
- - user:
- name: rugcms
- comment: "rugcms user"
- state: present
- group: rugcms
- home: /local_disk
-
- - authorized_key:
- user: rugcms
- key: '{{ item }}'
- state: present
- with_items:
- - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl'
- - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga'
-
- - name: copy profile rugcms-user
- copy:
- src: files/profile_rugcms
- dest: /local_disk/.profile
- owner: rugcms
- group: rugcms
- mode: 0700
-
-
- - name: Install epel-repo
- yum: name=epel-release state=latest
-
- - name: Install ntp package
- yum: name=ntp state=latest
-
- - name: Install yum-utils
- yum: name=yum-utils state=latest
-
- - name: disable selinux
- selinux: state=disabled
-
- - name: start ntp service
- systemd:
- name: ntpd.service
- state: started
- enabled: yes
-
- - name: disable firewalld
- systemd:
- name: firewalld.service
- enabled: no
-
- - name: copy firewall
- copy:
- src: files/firewall_acc.sh
- dest: /root/firewall/firewall.sh
- owner: root
- group: root
- mode: 0700
-
- - script: chdir=/root/firewall firewall.sh
-
- - name: copy yum_debug_dump
- copy:
- src: files/yum_debug_dump.txt.gz
- dest: /root/yum_debug_dump.txt.gz
- owner: root
- group: root
- mode: 0600
-
- - command: yum-debug-restore /root/yum_debug_dump.txt.gz
-
- - name: upgrade all packages
- yum: name=* state=latest
-
- - name: copy /etc/resolv.conf
- copy:
- src: files/resolv.conf
- dest: /etc/resolv.conf
- owner: root
- group: root
- mode: 0644
-
- - name: copy /etc/ssh/sshd_config
- copy:
- src: files/sshd_config
- dest: /etc/ssh/sshd_config
- owner: root
- group: root
- mode: 0600
-
- - name: start sshd service
- systemd:
- name: sshd.service
- state: started
- enabled: yes
-
- - name: start postfix service
- systemd:
- name: postfix.service
- state: started
- enabled: yes