Add draft ansible playbooks for RD

ansible/roles/rd_os-linux-prep/defaults/main.yml

@@ -0,0 +1 @@
+---

ansible/roles/rd_os-linux-prep/files/debian12/resolv_dmz.conf

@@ -0,0 +1 @@
+nameserver 10.11.254.254

ansible/roles/rd_os-linux-prep/files/debian12/resolv_inside.conf

@@ -0,0 +1,3 @@
+search rosdolg.loc
+nameserver 10.8.101.101
+nameserver 10.8.101.102

ansible/roles/rd_os-linux-prep/files/debian12/sources.list

@@ -0,0 +1,3 @@
+#
+deb http://repo.rosdolg.loc/debian bookworm main contrib non-free non-free-firmware
+deb http://repo.rosdolg.loc/debian-security bookworm-security main contrib non-free non-free-firmware

ansible/roles/rd_os-linux-prep/handlers/main.yml

@@ -0,0 +1 @@
+---

ansible/roles/rd_os-linux-prep/tasks/apt_conf.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Configure apt for using local REPO
+  block:
+  - name: Copy sources.list with local REPO
+    ansible.builtin.copy:
+      src: files/debian12/sources.list
+      dest: /etc/apt/sources.list
+      owner: root
+      group: root
+      mode: '0644'
+  - name: Run "apt-get clean"
+    ansible.builtin.apt:
+      clean: yes
+  - name: Run "apt update" and NOT "apt upgrade"
+    ansible.builtin.apt:
+      upgrade: no
+      update_cache: yes
+  when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12")

ansible/roles/rd_os-linux-prep/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+
+#- name: Ping
+#  import_tasks: ping.yml
+
+- name:
+  import_tasks: apt_conf.yml
+
+- name:
+  import_tasks: os_conf.yml
+
+
+
+
+

ansible/roles/rd_os-linux-prep/tasks/os_conf.yml

@@ -0,0 +1,39 @@
+---
+- include_vars: vars/os-creds.yml
+
+- name: OS configure
+  block:
+  - name: Add SSH keys for root
+    authorized_key:
+      user:  "{{ item.username }}"
+      state: present
+#      exclusive: true
+      key: "{{ item.ssh_key }}"
+    loop: "{{ os_user_root_sshkeys }}"
+    no_log: true
+  - name: Set root password = '*'
+    ansible.builtin.user:
+      name: root
+      password: '*'
+  when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12")
+
+- name: OS configure
+  block:
+  - name: Change DNS setting /etc/resolv.conf INSIDE
+    ansible.builtin.copy:
+      src: files/debian12/resolv_inside.conf
+      dest: /etc/resolv.conf
+      owner: root
+      group: root
+      mode: '0644'
+  when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12") and ansible_default_ipv4.broadcast.split('.')[1] != "11"
+- name: OS configure
+  block:
+  - name: Change DNS setting /etc/resolv.conf DMZ
+    ansible.builtin.copy:
+      src: files/debian12/resolv_dmz.conf
+      dest: /etc/resolv.conf
+      owner: root
+      group: root
+      mode: '0644'
+  when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12") and ansible_default_ipv4.broadcast.split('.')[1] == "11"

ansible/roles/rd_os-linux-prep/tasks/ping.yml

@@ -0,0 +1,12 @@
+---
+
+#- name: ping
+#  ping:
+
+- name: OS configure
+  block:
+  - name: ping
+    debug:
+      msg: "{{ ansible_default_ipv4.broadcast.split('.')[1] }}"
+  when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12") and ansible_default_ipv4.broadcast.split('.')[1] != "11"
+

ansible/roles/rd_os-linux-prep/vars/main.yml

@@ -0,0 +1,4 @@
+---
+
+
+

ansible/roles/rd_os-linux-prep/vars/os-creds.yml

@@ -0,0 +1,5 @@
+---
+
+os_user_root_sshkeys:
+  - { username: "root", ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbMsQ4dsv2gV5uzhn3W3nX5sAr6Ve7u0Uh1aKaZDTAQqLWuT6gA8Q8qXzWTEaa87MaIi2/3BBeQ97ia30qmT4Wb4KuHNOgvh06Qjryz+y0kCLoweGEXAJ7IF4UyE3yst6fTpVuABSCWGf3nryWpgxhoL1QOyNOS96by141n3Bpn97Rk0qBrrRtIh5OK1tEowlC5td3fnyPTiTBgIOGth3dyTO1y9JtFKgxa3nvbjOXImgieflXH/ODQ7lTpEKseihh39dVAWn5RUHb5kehfiReGO9GVlq9vZQW6tic1LC2O9zrTv0FeXmZsiqCAbCfZwT/QFPTXF1t+T9aj2PXvVG/STtm8PX7vFsALME6mzS0IBabK5LqaouEGxtXmaggWO1BjSyNFexgVaMtmNybqk1ctWuakNUV9FYIcMORS1WBYS4GS+JIffME8P7bSgP+VuhlGy9kr6ehLI8dkDGh+tXDZljywsBisc+3F5Mb173TEaStZuZkF8zdw3+PKTa6F0SYa+PlFvgxlSGkbC4gkaoEpO6Iqq/D8RylW0nA5TqDLtrxJkl3RDeF/kKU7Klf1TIWSoUnn25WJ9UqFueaCqOX1flsB5NcarAFG6MfPNJoYfryH90P5jeF+5N1FtpPlf28QCBKQyYSg6bbE3DuD6qHnrPiK7InpyRDk3AimrkF+w== ansb-it@rosdolg.loc" }
+  - { username: "root", ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDU7y3BUzNwUtIDvWCvHJrRqL1jIG1WV9HFxQAPQfPTktGpWI9T/W2+4RtCdcHp59pN1nW0Xp3zgjmj12AF/LIn7I08GMYAPIMRRBMiUwvUyRQao2XV2DWuBoRC7FQxRwknlnMkITrfy+E2iXb7aXCi+rCFEtcBqtr8BTQ9eWEOXYyGRAA1OrW2BQq4h7lCnsXfi1HlyMg8GmVsar0Q3bM9eJ+HLI1uZ/WgyfPb0qB5KT27WcBA25abrZ+WzsWZtvsUf+BF9x9KzRLSnckmJbrNljcFja4qcozWHos8SzZbDulIKv1UiVNITVOVNsUMkPb7l/qOHqhSknWP7JyKdSFT8QfX7tbzhFiIH/Qv2yAZo7GTCkv+M1N0k0xVdLzF7nDBymIy3xBJDzVYJZxK6+rBm+kAQ/jOI5stgyfOzsbW+1iqw9nHjB9zXdpVNAOrSjoXcYX7OU0IgpIRrTOgOLR8OzF94Y3neS2S1YSNLkBFtrE2lnlcy4PY5ZgiQh7BC9jJaTxrqU6EISdY487OPGQVI3S5HFrtrNcVTfC+dP/ISh+iQE6EjO+1/Zctl9fHJy31sWyDxgujciijRpBWnbAUCkReTrCiWdUIaF8wTVkR6BCZCYI32A3w/kPKo+k+ZpzU06M7MjP25Vxox8XYPTB805cBK0vs1roGMQG+3pG3iQ== root@bobkov.ssh.local" }