Add draft ansible playbooks for RD

ansible/.ansible.cfg

@@ -12,7 +12,7 @@
 
 # some basic default values...
 
-inventory      = $HOME/ansible/inventories/hosts
+inventory      = $HOME/ansible/hosts
 remote_tmp     = $HOME/.ansible/tmp
 forks          = 15
 sudo_user      = root
@@ -34,7 +34,7 @@ host_key_checking = False
 
 # logging is off by default unless this path is defined
 # if so defined, consider logrotate
-log_path = /var/log/ansible.log
+log_path = ~/.secret/.ansible/log/ansible.log
 
 # default module name for /usr/bin/ansible
 module_name = shell
@@ -82,32 +82,32 @@ retry_files_save_path = ~/.ansible/retry
 [ssh_connection]
 
 # ssh arguments to use
-# Leaving off ControlPersist will result in poor performance, so use 
+# Leaving off ControlPersist will result in poor performance, so use.
 # paramiko on older platforms rather than removing it
 ssh_args = -o ControlMaster=auto -o ControlPersist=60s
 
 # The path to use for the ControlPath sockets. This defaults to
 # "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
-# very long hostnames or very long path names (caused by long user names or 
+# very long hostnames or very long path names (caused by long user names or.
 # deeply nested home directories) this can exceed the character limit on
-# file socket names (108 characters for most platforms). In that case, you 
+# file socket names (108 characters for most platforms). In that case, you.
 # may wish to shorten the string below.
-#
+#.
-# Example:
+# Example:.
 # control_path = %(directory)s/%%h-%%r
 control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
 
-# Enabling pipelining reduces the number of SSH operations required to 
+# Enabling pipelining reduces the number of SSH operations required to.
-# execute a module on the remote server. This can result in a significant 
+# execute a module on the remote server. This can result in a significant.
-# performance improvement when enabled, however when using "sudo:" you must 
+# performance improvement when enabled, however when using "sudo:" you must.
 # first disable 'requiretty' in /etc/sudoers
 #
 # By default, this option is disabled to preserve compatibility with
 # sudoers configurations that have requiretty (the default on many distros).
-#
+#.
 pipelining = True
 
-# if True, make ansible use scp if the connection type is ssh 
+# if True, make ansible use scp if the connection type is ssh.
 # (default is sftp)
 scp_if_ssh = True
 
@@ -134,4 +134,7 @@ accelerate_daemon_timeout = 30
 
 [inventory]
 # enable inventory plugins, default: 'host_list', 'script', 'yaml', 'ini', 'auto'
+#enable_plugins = vmware_vm_inventory
+#enable_plugins = community.vmware.vmware_vm_inventory, ini
+#enable_plugins = vmware_vm_inventory, host_list, script, auto, yaml, ini, toml
 enable_plugins = host_list, script, auto, yaml, ini, toml, community.vmware.vmware_vm_inventory

ansible/playbooks/rd_os-linux-prep.yml

@@ -0,0 +1,9 @@
+---
+
+- hosts: "{{ hosts_target }}"
+  become: true
+  gather_facts: true
+  vars_files:
+    - ~/.secret/.ansible/vars_creds.yml
+  roles:
+    - rd_os-linux-prep

ansible/roles/rd_os-linux-prep/defaults/main.yml

@@ -0,0 +1 @@
+---

ansible/roles/rd_os-linux-prep/files/debian12/resolv_dmz.conf

@@ -0,0 +1 @@
+nameserver 10.11.254.254

ansible/roles/rd_os-linux-prep/files/debian12/resolv_inside.conf

@@ -0,0 +1,3 @@
+search rosdolg.loc
+nameserver 10.8.101.101
+nameserver 10.8.101.102

ansible/roles/rd_os-linux-prep/files/debian12/sources.list

@@ -0,0 +1,3 @@
+#
+deb http://repo.rosdolg.loc/debian bookworm main contrib non-free non-free-firmware
+deb http://repo.rosdolg.loc/debian-security bookworm-security main contrib non-free non-free-firmware

ansible/roles/rd_os-linux-prep/handlers/main.yml

@@ -0,0 +1 @@
+---

ansible/roles/rd_os-linux-prep/tasks/apt_conf.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Configure apt for using local REPO
+  block:
+  - name: Copy sources.list with local REPO
+    ansible.builtin.copy:
+      src: files/debian12/sources.list
+      dest: /etc/apt/sources.list
+      owner: root
+      group: root
+      mode: '0644'
+  - name: Run "apt-get clean"
+    ansible.builtin.apt:
+      clean: yes
+  - name: Run "apt update" and NOT "apt upgrade"
+    ansible.builtin.apt:
+      upgrade: no
+      update_cache: yes
+  when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12")

ansible/roles/rd_os-linux-prep/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+
+#- name: Ping
+#  import_tasks: ping.yml
+
+- name:
+  import_tasks: apt_conf.yml
+
+- name:
+  import_tasks: os_conf.yml
+
+
+
+
+

ansible/roles/rd_os-linux-prep/tasks/os_conf.yml

@@ -0,0 +1,39 @@
+---
+- include_vars: vars/os-creds.yml
+
+- name: OS configure
+  block:
+  - name: Add SSH keys for root
+    authorized_key:
+      user:  "{{ item.username }}"
+      state: present
+#      exclusive: true
+      key: "{{ item.ssh_key }}"
+    loop: "{{ os_user_root_sshkeys }}"
+    no_log: true
+  - name: Set root password = '*'
+    ansible.builtin.user:
+      name: root
+      password: '*'
+  when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12")
+
+- name: OS configure
+  block:
+  - name: Change DNS setting /etc/resolv.conf INSIDE
+    ansible.builtin.copy:
+      src: files/debian12/resolv_inside.conf
+      dest: /etc/resolv.conf
+      owner: root
+      group: root
+      mode: '0644'
+  when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12") and ansible_default_ipv4.broadcast.split('.')[1] != "11"
+- name: OS configure
+  block:
+  - name: Change DNS setting /etc/resolv.conf DMZ
+    ansible.builtin.copy:
+      src: files/debian12/resolv_dmz.conf
+      dest: /etc/resolv.conf
+      owner: root
+      group: root
+      mode: '0644'
+  when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12") and ansible_default_ipv4.broadcast.split('.')[1] == "11"

ansible/roles/rd_os-linux-prep/tasks/ping.yml

@@ -0,0 +1,12 @@
+---
+
+#- name: ping
+#  ping:
+
+- name: OS configure
+  block:
+  - name: ping
+    debug:
+      msg: "{{ ansible_default_ipv4.broadcast.split('.')[1] }}"
+  when: (ansible_os_family == "Debian" and ansible_distribution_major_version == "12") and ansible_default_ipv4.broadcast.split('.')[1] != "11"
+

ansible/roles/rd_os-linux-prep/vars/main.yml

@@ -0,0 +1,4 @@
+---
+
+
+

ansible/roles/rd_os-linux-prep/vars/os-creds.yml

@@ -0,0 +1,5 @@
+---
+
+os_user_root_sshkeys:
+  - { username: "root", ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbMsQ4dsv2gV5uzhn3W3nX5sAr6Ve7u0Uh1aKaZDTAQqLWuT6gA8Q8qXzWTEaa87MaIi2/3BBeQ97ia30qmT4Wb4KuHNOgvh06Qjryz+y0kCLoweGEXAJ7IF4UyE3yst6fTpVuABSCWGf3nryWpgxhoL1QOyNOS96by141n3Bpn97Rk0qBrrRtIh5OK1tEowlC5td3fnyPTiTBgIOGth3dyTO1y9JtFKgxa3nvbjOXImgieflXH/ODQ7lTpEKseihh39dVAWn5RUHb5kehfiReGO9GVlq9vZQW6tic1LC2O9zrTv0FeXmZsiqCAbCfZwT/QFPTXF1t+T9aj2PXvVG/STtm8PX7vFsALME6mzS0IBabK5LqaouEGxtXmaggWO1BjSyNFexgVaMtmNybqk1ctWuakNUV9FYIcMORS1WBYS4GS+JIffME8P7bSgP+VuhlGy9kr6ehLI8dkDGh+tXDZljywsBisc+3F5Mb173TEaStZuZkF8zdw3+PKTa6F0SYa+PlFvgxlSGkbC4gkaoEpO6Iqq/D8RylW0nA5TqDLtrxJkl3RDeF/kKU7Klf1TIWSoUnn25WJ9UqFueaCqOX1flsB5NcarAFG6MfPNJoYfryH90P5jeF+5N1FtpPlf28QCBKQyYSg6bbE3DuD6qHnrPiK7InpyRDk3AimrkF+w== ansb-it@rosdolg.loc" }
+  - { username: "root", ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDU7y3BUzNwUtIDvWCvHJrRqL1jIG1WV9HFxQAPQfPTktGpWI9T/W2+4RtCdcHp59pN1nW0Xp3zgjmj12AF/LIn7I08GMYAPIMRRBMiUwvUyRQao2XV2DWuBoRC7FQxRwknlnMkITrfy+E2iXb7aXCi+rCFEtcBqtr8BTQ9eWEOXYyGRAA1OrW2BQq4h7lCnsXfi1HlyMg8GmVsar0Q3bM9eJ+HLI1uZ/WgyfPb0qB5KT27WcBA25abrZ+WzsWZtvsUf+BF9x9KzRLSnckmJbrNljcFja4qcozWHos8SzZbDulIKv1UiVNITVOVNsUMkPb7l/qOHqhSknWP7JyKdSFT8QfX7tbzhFiIH/Qv2yAZo7GTCkv+M1N0k0xVdLzF7nDBymIy3xBJDzVYJZxK6+rBm+kAQ/jOI5stgyfOzsbW+1iqw9nHjB9zXdpVNAOrSjoXcYX7OU0IgpIRrTOgOLR8OzF94Y3neS2S1YSNLkBFtrE2lnlcy4PY5ZgiQh7BC9jJaTxrqU6EISdY487OPGQVI3S5HFrtrNcVTfC+dP/ISh+iQE6EjO+1/Zctl9fHJy31sWyDxgujciijRpBWnbAUCkReTrCiWdUIaF8wTVkR6BCZCYI32A3w/kPKo+k+ZpzU06M7MjP25Vxox8XYPTB805cBK0vs1roGMQG+3pG3iQ== root@bobkov.ssh.local" }