diff --git a/ansible/.ansible.cfg b/ansible/.ansible.cfg index 4260fc8..01a2c3b 100644 --- a/ansible/.ansible.cfg +++ b/ansible/.ansible.cfg @@ -1,7 +1,7 @@ # config file for ansible -- http://ansible.com/ # ============================================== -# nearly all parameters can be overridden in ansible-playbook +# nearly all parameters can be overridden in ansible-playbook # or with command line flags. ansible will read ANSIBLE_CONFIG, # ansible.cfg in the current working directory, .ansible.cfg in # the home directory or /etc/ansible/ansible.cfg, whichever it @@ -12,7 +12,7 @@ # some basic default values... -inventory = $HOME/ansible/inventories/hosts +inventory = $HOME/ansible/hosts remote_tmp = $HOME/.ansible/tmp forks = 15 sudo_user = root @@ -34,7 +34,7 @@ host_key_checking = False # logging is off by default unless this path is defined # if so defined, consider logrotate -log_path = /var/log/ansible.log +log_path = ~/.secret/.ansible/log/ansible.log # default module name for /usr/bin/ansible module_name = shell @@ -48,11 +48,11 @@ vars_plugins = /usr/share/ansible_plugins/vars_plugins:$HOME/.ansible/plug filter_plugins = /usr/share/ansible_plugins/filter_plugins:$HOME/.ansible/plugins/filter_plugins # by default callbacks are not loaded for /bin/ansible, enable this if you -# want, for example, a notification or logging callback to also apply to +# want, for example, a notification or logging callback to also apply to # /bin/ansible runs #bin_ansible_callbacks = False -# the CA certificate path used for validating SSL certs. This path +# the CA certificate path used for validating SSL certs. This path # should exist on the controlling node, not the target nodes # common locations: # RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt @@ -82,32 +82,32 @@ retry_files_save_path = ~/.ansible/retry [ssh_connection] # ssh arguments to use -# Leaving off ControlPersist will result in poor performance, so use +# Leaving off ControlPersist will result in poor performance, so use. # paramiko on older platforms rather than removing it ssh_args = -o ControlMaster=auto -o ControlPersist=60s # The path to use for the ControlPath sockets. This defaults to # "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with -# very long hostnames or very long path names (caused by long user names or +# very long hostnames or very long path names (caused by long user names or. # deeply nested home directories) this can exceed the character limit on -# file socket names (108 characters for most platforms). In that case, you +# file socket names (108 characters for most platforms). In that case, you. # may wish to shorten the string below. -# -# Example: +#. +# Example:. # control_path = %(directory)s/%%h-%%r control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r -# Enabling pipelining reduces the number of SSH operations required to -# execute a module on the remote server. This can result in a significant -# performance improvement when enabled, however when using "sudo:" you must +# Enabling pipelining reduces the number of SSH operations required to. +# execute a module on the remote server. This can result in a significant. +# performance improvement when enabled, however when using "sudo:" you must. # first disable 'requiretty' in /etc/sudoers # # By default, this option is disabled to preserve compatibility with # sudoers configurations that have requiretty (the default on many distros). -# +#. pipelining = True -# if True, make ansible use scp if the connection type is ssh +# if True, make ansible use scp if the connection type is ssh. # (default is sftp) scp_if_ssh = True @@ -134,4 +134,7 @@ accelerate_daemon_timeout = 30 [inventory] # enable inventory plugins, default: 'host_list', 'script', 'yaml', 'ini', 'auto' +#enable_plugins = vmware_vm_inventory +#enable_plugins = community.vmware.vmware_vm_inventory, ini +#enable_plugins = vmware_vm_inventory, host_list, script, auto, yaml, ini, toml enable_plugins = host_list, script, auto, yaml, ini, toml, community.vmware.vmware_vm_inventory diff --git a/ansible/playbooks/rd_os-linux-prep.yml b/ansible/playbooks/rd_os-linux-prep.yml new file mode 100644 index 0000000..f795db1 --- /dev/null +++ b/ansible/playbooks/rd_os-linux-prep.yml @@ -0,0 +1,9 @@ +--- + +- hosts: "{{ hosts_target }}" + become: true + gather_facts: true + vars_files: + - ~/.secret/.ansible/vars_creds.yml + roles: + - rd_os-linux-prep diff --git a/ansible/roles/clean-templ-pole/defaults/main.yml b/ansible/roles/clean-templ-role/defaults/main.yml similarity index 100% rename from ansible/roles/clean-templ-pole/defaults/main.yml rename to ansible/roles/clean-templ-role/defaults/main.yml diff --git a/ansible/roles/clean-templ-pole/handlers/main.yml b/ansible/roles/clean-templ-role/handlers/main.yml similarity index 100% rename from ansible/roles/clean-templ-pole/handlers/main.yml rename to ansible/roles/clean-templ-role/handlers/main.yml diff --git a/ansible/roles/clean-templ-pole/tasks/main.yml b/ansible/roles/clean-templ-role/tasks/main.yml similarity index 100% rename from ansible/roles/clean-templ-pole/tasks/main.yml rename to ansible/roles/clean-templ-role/tasks/main.yml diff --git a/ansible/roles/clean-templ-pole/tasks/ping.yml b/ansible/roles/clean-templ-role/tasks/ping.yml similarity index 100% rename from ansible/roles/clean-templ-pole/tasks/ping.yml rename to ansible/roles/clean-templ-role/tasks/ping.yml diff --git a/ansible/roles/clean-templ-pole/vars/main.yml b/ansible/roles/clean-templ-role/vars/main.yml similarity index 100% rename from ansible/roles/clean-templ-pole/vars/main.yml rename to ansible/roles/clean-templ-role/vars/main.yml diff --git a/ansible/roles/rd_os-linux-prep/defaults/main.yml b/ansible/roles/rd_os-linux-prep/defaults/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/ansible/roles/rd_os-linux-prep/defaults/main.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/rd_os-linux-prep/files/debian12/resolv_dmz.conf b/ansible/roles/rd_os-linux-prep/files/debian12/resolv_dmz.conf new file mode 100644 index 0000000..c4bb243 --- /dev/null +++ b/ansible/roles/rd_os-linux-prep/files/debian12/resolv_dmz.conf @@ -0,0 +1 @@ +nameserver 10.11.254.254 diff --git a/ansible/roles/rd_os-linux-prep/files/debian12/resolv_inside.conf b/ansible/roles/rd_os-linux-prep/files/debian12/resolv_inside.conf new file mode 100644 index 0000000..7b5e075 --- /dev/null +++ b/ansible/roles/rd_os-linux-prep/files/debian12/resolv_inside.conf @@ -0,0 +1,3 @@ +search rosdolg.loc +nameserver 10.8.101.101 +nameserver 10.8.101.102 diff --git a/ansible/roles/rd_os-linux-prep/files/debian12/sources.list b/ansible/roles/rd_os-linux-prep/files/debian12/sources.list new file mode 100644 index 0000000..932ff58 --- /dev/null +++ b/ansible/roles/rd_os-linux-prep/files/debian12/sources.list @@ -0,0 +1,3 @@ +# +deb http://repo.rosdolg.loc/debian bookworm main contrib non-free non-free-firmware +deb http://repo.rosdolg.loc/debian-security bookworm-security main contrib non-free non-free-firmware diff --git a/ansible/roles/rd_os-linux-prep/handlers/main.yml b/ansible/roles/rd_os-linux-prep/handlers/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/ansible/roles/rd_os-linux-prep/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/rd_os-linux-prep/tasks/apt_conf.yml b/ansible/roles/rd_os-linux-prep/tasks/apt_conf.yml new file mode 100644 index 0000000..19ff84f --- /dev/null +++ b/ansible/roles/rd_os-linux-prep/tasks/apt_conf.yml @@ -0,0 +1,19 @@ +--- + +- name: Configure apt for using local REPO + block: + - name: Copy sources.list with local REPO + ansible.builtin.copy: + src: files/debian12/sources.list + dest: /etc/apt/sources.list + owner: root + group: root + mode: '0644' + - name: Run "apt-get clean" + ansible.builtin.apt: + clean: yes + - name: Run "apt update" and NOT "apt upgrade" + ansible.builtin.apt: + upgrade: no + update_cache: yes + when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12") diff --git a/ansible/roles/rd_os-linux-prep/tasks/main.yml b/ansible/roles/rd_os-linux-prep/tasks/main.yml new file mode 100644 index 0000000..7d290dd --- /dev/null +++ b/ansible/roles/rd_os-linux-prep/tasks/main.yml @@ -0,0 +1,15 @@ +--- + +#- name: Ping +# import_tasks: ping.yml + +- name: + import_tasks: apt_conf.yml + +- name: + import_tasks: os_conf.yml + + + + + diff --git a/ansible/roles/rd_os-linux-prep/tasks/os_conf.yml b/ansible/roles/rd_os-linux-prep/tasks/os_conf.yml new file mode 100644 index 0000000..4ac366a --- /dev/null +++ b/ansible/roles/rd_os-linux-prep/tasks/os_conf.yml @@ -0,0 +1,39 @@ +--- +- include_vars: vars/os-creds.yml + +- name: OS configure + block: + - name: Add SSH keys for root + authorized_key: + user: "{{ item.username }}" + state: present +# exclusive: true + key: "{{ item.ssh_key }}" + loop: "{{ os_user_root_sshkeys }}" + no_log: true + - name: Set root password = '*' + ansible.builtin.user: + name: root + password: '*' + when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12") + +- name: OS configure + block: + - name: Change DNS setting /etc/resolv.conf INSIDE + ansible.builtin.copy: + src: files/debian12/resolv_inside.conf + dest: /etc/resolv.conf + owner: root + group: root + mode: '0644' + when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12") and ansible_default_ipv4.broadcast.split('.')[1] != "11" +- name: OS configure + block: + - name: Change DNS setting /etc/resolv.conf DMZ + ansible.builtin.copy: + src: files/debian12/resolv_dmz.conf + dest: /etc/resolv.conf + owner: root + group: root + mode: '0644' + when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12") and ansible_default_ipv4.broadcast.split('.')[1] == "11" diff --git a/ansible/roles/rd_os-linux-prep/tasks/ping.yml b/ansible/roles/rd_os-linux-prep/tasks/ping.yml new file mode 100644 index 0000000..46eda36 --- /dev/null +++ b/ansible/roles/rd_os-linux-prep/tasks/ping.yml @@ -0,0 +1,12 @@ +--- + +#- name: ping +# ping: + +- name: OS configure + block: + - name: ping + debug: + msg: "{{ ansible_default_ipv4.broadcast.split('.')[1] }}" + when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12") and ansible_default_ipv4.broadcast.split('.')[1] != "11" + diff --git a/ansible/roles/rd_os-linux-prep/vars/main.yml b/ansible/roles/rd_os-linux-prep/vars/main.yml new file mode 100644 index 0000000..c3b635b --- /dev/null +++ b/ansible/roles/rd_os-linux-prep/vars/main.yml @@ -0,0 +1,4 @@ +--- + + + diff --git a/ansible/roles/rd_os-linux-prep/vars/os-creds.yml b/ansible/roles/rd_os-linux-prep/vars/os-creds.yml new file mode 100644 index 0000000..d37ed20 --- /dev/null +++ b/ansible/roles/rd_os-linux-prep/vars/os-creds.yml @@ -0,0 +1,5 @@ +--- + +os_user_root_sshkeys: + - { username: "root", ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbMsQ4dsv2gV5uzhn3W3nX5sAr6Ve7u0Uh1aKaZDTAQqLWuT6gA8Q8qXzWTEaa87MaIi2/3BBeQ97ia30qmT4Wb4KuHNOgvh06Qjryz+y0kCLoweGEXAJ7IF4UyE3yst6fTpVuABSCWGf3nryWpgxhoL1QOyNOS96by141n3Bpn97Rk0qBrrRtIh5OK1tEowlC5td3fnyPTiTBgIOGth3dyTO1y9JtFKgxa3nvbjOXImgieflXH/ODQ7lTpEKseihh39dVAWn5RUHb5kehfiReGO9GVlq9vZQW6tic1LC2O9zrTv0FeXmZsiqCAbCfZwT/QFPTXF1t+T9aj2PXvVG/STtm8PX7vFsALME6mzS0IBabK5LqaouEGxtXmaggWO1BjSyNFexgVaMtmNybqk1ctWuakNUV9FYIcMORS1WBYS4GS+JIffME8P7bSgP+VuhlGy9kr6ehLI8dkDGh+tXDZljywsBisc+3F5Mb173TEaStZuZkF8zdw3+PKTa6F0SYa+PlFvgxlSGkbC4gkaoEpO6Iqq/D8RylW0nA5TqDLtrxJkl3RDeF/kKU7Klf1TIWSoUnn25WJ9UqFueaCqOX1flsB5NcarAFG6MfPNJoYfryH90P5jeF+5N1FtpPlf28QCBKQyYSg6bbE3DuD6qHnrPiK7InpyRDk3AimrkF+w== ansb-it@rosdolg.loc" } + - { username: "root", ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDU7y3BUzNwUtIDvWCvHJrRqL1jIG1WV9HFxQAPQfPTktGpWI9T/W2+4RtCdcHp59pN1nW0Xp3zgjmj12AF/LIn7I08GMYAPIMRRBMiUwvUyRQao2XV2DWuBoRC7FQxRwknlnMkITrfy+E2iXb7aXCi+rCFEtcBqtr8BTQ9eWEOXYyGRAA1OrW2BQq4h7lCnsXfi1HlyMg8GmVsar0Q3bM9eJ+HLI1uZ/WgyfPb0qB5KT27WcBA25abrZ+WzsWZtvsUf+BF9x9KzRLSnckmJbrNljcFja4qcozWHos8SzZbDulIKv1UiVNITVOVNsUMkPb7l/qOHqhSknWP7JyKdSFT8QfX7tbzhFiIH/Qv2yAZo7GTCkv+M1N0k0xVdLzF7nDBymIy3xBJDzVYJZxK6+rBm+kAQ/jOI5stgyfOzsbW+1iqw9nHjB9zXdpVNAOrSjoXcYX7OU0IgpIRrTOgOLR8OzF94Y3neS2S1YSNLkBFtrE2lnlcy4PY5ZgiQh7BC9jJaTxrqU6EISdY487OPGQVI3S5HFrtrNcVTfC+dP/ISh+iQE6EjO+1/Zctl9fHJy31sWyDxgujciijRpBWnbAUCkReTrCiWdUIaF8wTVkR6BCZCYI32A3w/kPKo+k+ZpzU06M7MjP25Vxox8XYPTB805cBK0vs1roGMQG+3pG3iQ== root@bobkov.ssh.local" }