playbooks voor tivoli client en rugcms uitrol toegevoegd

2018-04-25 15:05:51 +02:00
parent 2191d58669
commit e2f5caa305
122 changed files with 2720 additions and 123 deletions
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/.main.yml.swp
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/.main.yml.swp
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-files.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-files.yml
@ -0,0 +1,34 @@
+- copy:
+    src: files/motd.{{ ansible_hostname }}
+    dest: /etc/motd
+    owner: root
+    group: root
+    mode: 0644
+
+- copy:
+    src: files/hosts
+    dest: /etc/hosts
+    owner: root
+    group: root
+    mode: 0644
+
+- copy:
+    src: files/sshd_config
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: 0600
+
+- copy:
+    src: files/resolv.conf
+    dest: /etc/resolv.conf
+    owner: root
+    group: root
+    mode: 0644
+
+- copy:
+    src: files/yum_debug_dump.txt.gz
+    dest: /root/yum_debug_dump.txt.gz
+    owner: root
+    group: root
+    mode: 0600
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-firewall.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/copy-firewall.yml
@ -0,0 +1,6 @@
+- copy: 
+   src: files/firewall.sh 
+   dest: /root/firewall/firewall.sh
+   owner: root
+   group: root
+   mode: 0700
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/disable-selinux.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/disable-selinux.yml
@ -0,0 +1 @@
+- selinux: state=disabled
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/docker-netdata.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/docker-netdata.yml
@ -0,0 +1,9 @@
+- docker_container:
+          name: netdata
+          image: titpetric/netdata
+          network_mode: host
+          hostname: "{{ ansible_hostname }}"
+          capabilities: SYS_PTRACE
+          state: started 
+          volumes:
+          - /sys:/host/sys:ro
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/ger-user.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/ger-user.yml
@ -0,0 +1,6 @@
+- user: 
+    name: ger
+    comment: "ger user"                                                                                                  
+    state: present                                                                                                                         
+    group: rugcms                                                                                                                           
+    home: /home/ger
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-docker-py.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-docker-py.yml
@ -0,0 +1 @@
+- yum: name=python-docker-py state=latest
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-epel.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-epel.yml
@ -0,0 +1 @@
+- yum: name=epel-release state=latest
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-ntp.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-ntp.yml
@ -0,0 +1 @@
+- yum: name=ntp state=latest
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-yum-utils.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/install-yum-utils.yml
@ -0,0 +1 @@
+- yum: name=yum-utils state=latest
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/main.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/main.yml
@ -0,0 +1,21 @@
+   - include: rugcms-group.yml
+   - include: rugcms-user.yml
+   - include: rugcms-keys.yml
+   - include: rugcms-profile.yml
+   - include: rugcms-password.yml
+   - include: stealth-client.yml
+   - include: install-epel.yml
+   - include: install-ntp.yml
+   - include: install-yum-utils.yml
+   - include: install-docker-py.yml
+   - include: disable-selinux.yml 
+   - include: start-ntp.yml
+   - include: stop-firewalld.yml
+   - include: copy-firewall.yml
+   - include: run-firewall.yml
+   - include: nagios-client.yml
+   - include: mega-cli.yml
+   - include: copy-files.yml
+   - include: start-services.yml
+   - include: docker-netdata.yml
+   - include: upgrade.yml
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/mega-cli.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/mega-cli.yml
@ -0,0 +1,27 @@
+- copy:
+    src: files/Lib_Utils-1.00-09.noarch.rpm
+    dest: /tmp/Lib_Utils-1.00-09.noarch.rpm
+
+- yum:
+    name: /tmp/Lib_Utils-1.00-09.noarch.rpm
+    state: present
+
+- copy:
+     src: files/MegaCli-8.04.07-1.noarch.rpm
+     dest: /tmp/MegaCli-8.04.07-1.noarch.rpm
+
+- yum:
+   name: /tmp/MegaCli-8.04.07-1.noarch.rpm
+   state: present
+
+- copy:
+     src: files/megaclisas-status
+     dest: /usr/sbin/megaclisas-status
+     owner: root
+     group: root
+     mode: 0700
+
+- file:
+    src: /opt/MegaRAID/MegaCli/MegaCli64
+    dest: /usr/sbin/megacli
+    state: link
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/nagios-client.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/nagios-client.yml
@ -0,0 +1,42 @@
+    
+    - file: path=/nagios state=directory
+
+    -  unarchive:
+          src: files/nagios.tar.gz
+          dest: /nagios
+
+    - cron:
+         name: "check disk full"
+         minute: "00,10,20,30,40,50"
+         hour: "*"
+         job: "/nagios/cron/check_disk"
+    
+    - cron:
+         name: "check disk ok"
+         minute: "00,10,20,30,40,50"
+         hour: "*"
+         job: "/nagios/cron/check_disks"
+
+    - cron:
+         name: "check firewall"
+         minute: "00,10,20,30,40,50"
+         hour: "*"
+         job: "/nagios/cron/check_iptables"
+
+    - replace:
+         path: /nagios/cron/check_iptables
+         regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
+         replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
+         backup: yes
+
+    - replace:
+         path: /nagios/cron/check_disk
+         regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
+         replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
+         backup: yes
+
+    - replace:
+         path: /nagios/cron/check_disks
+         regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
+         replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
+         backup: yes
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-group.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-group.yml
@ -0,0 +1,3 @@
+- group:
+        name:  rugcms
+        state: present
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-keys.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-keys.yml
@ -0,0 +1,7 @@
+- authorized_key:                                                                                                                                   
+        user: rugcms                                                                                                                                    
+        key: '{{ item }}'                                                                                                                               
+        state: present                                                                                                                                  
+  with_items:                                                                                                                         
+             - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl'                                     
+             - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga'
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-profile.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-profile.yml
@ -0,0 +1,6 @@
+- copy:
+   src: files/profile_rugcms
+   dest: /local_disk/.profile
+   owner: rugcms 
+   group: rugcms 
+   mode: 0700
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-user.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/rugcms-user.yml
@ -0,0 +1,6 @@
+- user:                                                                                           
+    name: rugcms                                                                                                                           
+    comment: "rugcms user"                                                                                                     
+    state: present                                                                                                                         
+    group: rugcms                                                                                                                         
+    home: /local_disk
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/run-firewall.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/run-firewall.yml
@ -0,0 +1 @@
+- script: chdir=/root/firewall firewall.sh 
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-ntp.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-ntp.yml
@ -0,0 +1,4 @@
+- systemd:
+   name: ntpd.service
+   state: started
+   enabled: yes
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-services.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/start-services.yml
@ -0,0 +1,14 @@
+- systemd:
+    name: sshd.service
+    state: started
+    enabled: yes
+
+- systemd:
+    name: postfix.service
+    state: started
+    enabled: yes
+
+- systemd:
+    name: docker.service
+    state: started
+    enabled: yes
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stealth-client.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stealth-client.yml
@ -0,0 +1,15 @@
+- group:
+        name:  kees
+        state: present
+
+- user:
+        name: kees
+        comment: "stealth user"
+        state: present
+        group: kees
+        home: /home/kees
+
+- authorized_key:
+        user: kees
+        key: 'ssh-dss AAAAB3NzaC1kc3MAAACBALg7GbHKk2jYPNXUgW69AKKnCALjroTtwCA0bt4zde1mavYNoQK8JY/pe4BSOQtsyo3JECYzmAZwoNbq8nJCh8ORf5tKs8njEykZ0n7BVWtCT/jh9EFPTFhFK864TdFVCvwtIafAL4kEVNvJ0wrJYa1mN/ds03HWliv+3Shj6x0dAAAAFQDxlwgId3zlrXiCfk3ciAHN5b2ScwAAAIEArZ3/Hg7FECh5Fjf7lnBQZW7sjG5OLZRJIZlj2/jYnvIRUrsN2XmebwO4Q5q7g7FLWlfbg+x2Lmv1OWf/zGd3U6aAx8M+d+nTWDtWpQNvcE99HlfOs9Q4Rzxx6ZOyaZn57lCva/nCmLe0DTPVB8rvocMmqe1r3n7/KgxxKttbWRUAAACAfH2y4JPt2AcVdHnHiibpQBtxK/9m6AEjsB/g02tMXHZletMs9jF6kGynan7xJqRqvWxkGS1ClHIUdt2uK6A6pbqOf2BwcBIxAdljLRrZOyvmW9KTqduHMemYv6xQnpNGb8moWq5V5FKiATvd/LB46O1zwZejJErfj70LRE98Hv4= stealth@operator'
+        state: present
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stop-firewalld.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/stop-firewalld.yml
@ -0,0 +1,3 @@
+- systemd:
+    name: firewalld.service
+    enabled: no
--- a/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/upgrade.yml
+++ b/playbooks/rugcms-frontend-uitrol/roles/frontend_acc_prod/tasks/upgrade.yml
@ -0,0 +1 @@
+- yum: name=* state=latest