vlad/ansible_cache
vlad/ansible_cache
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added playbooks for provisioning a backup server with SFTP, TFTP, SCP, OMG, WTF

Browse Source
This commit is contained in:
Vlad R 2023-11-13 15:18:28 +00:00
parent 5d8d76fa5c
commit 2f092d625c
10 changed files with 215 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
dnaclab_linux/inventory.yml
View File

@ -1,29 +1,25 @@
--- ---
all: all:
children: children:
services: services_hosts:
hosts: hosts:
ubuntu.dnaclab.net: ubuntu.dnaclab.net:
developer: staging.dnaclab.net:
developer_hosts:
hosts: hosts:
developer.dnaclab.net: developer.dnaclab.net:
developer2.dnaclab.net:
gitlab: gitlab:
hosts: hosts:
gitlab.dnaclab.net: gitlab.dnaclab.net:
ansibletower: backup_hosts:
hosts: hosts:
ansibletower.dnaclab.net: backups.dnaclab.net:
kubernetes: kubernetes:
hosts: hosts:
10.221.0.130: 10.221.0.130:
10.221.0.131: 10.221.0.131:
10.221.0.132: 10.221.0.132:
staging:
hosts:
10.221.0.105:
developer2:
hosts:
developer2.dnaclab.net:
kubernetes_dev: kubernetes_dev:
hosts: hosts:
172.16.1.130: 172.16.1.130:

8
dnaclab_linux/prestage_backup.yml Normal file
View File

@ -0,0 +1,8 @@
---
- name: Prestage server(s) with the NCA Automation team users
hosts: backup_hosts
roles:
- ncafsa-backup
become: yes
vars_files:
- global_vars/main.yml

2
dnaclab_linux/prestage_users.yaml
View File

@ -1,6 +1,6 @@
--- ---
- name: Prestage server(s) with the NCA Automation team users - name: Prestage server(s) with the NCA Automation team users
hosts: ansibletower hosts: backup_hosts
roles: roles:
- ncafsa-users - ncafsa-users
become: yes become: yes

45
dnaclab_linux/roles/ncafsa-backup/tasks/main.yaml Normal file
View File

@ -0,0 +1,45 @@
---
- name: Create account for backup services
ansible.builtin.user:
name: "{{ item }}"
password: "{{ password }}"
shell: /bin/bash
loop: "{{ services }}"
- name: Create backup directory tree
ansible.builtin.file:
path: "/backups/{{ item }}"
state: directory
owner: "{{ item }}"
group: "{{ item }}"
loop: "{{ services }}"
- name: Install NFS, SFTP and TFTP services
ansible.builtin.apt:
name: "{{ item }}"
state: present
loop:
- nfs-kernel-server
- openssh-server
- tftpd-hpa
- name: Configure SFTP for ISE backups
ansible.builtin.template:
src: sftp.conf.j2
dest: /etc/ssh/sshd_config
vars:
user: "ise"
- name: Fix permissions for SFTP folder
ansible.builtin.file:
path: "/backups/{{ user }}"
state: directory
owner: root
group: root
vars:
user: "ise"
- name: Restart SSH service (allows SFTP changes to work)
ansible.builtin.service:
name: ssh
state: restarted

131
dnaclab_linux/roles/ncafsa-backup/templates/sftp.conf.j2 Normal file
View File

@ -0,0 +1,131 @@
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Match User {{ user }}
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /backups/{{ user }}
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

6
dnaclab_linux/roles/ncafsa-backup/vars/main.yaml Normal file
View File

@ -0,0 +1,6 @@
services:
- dnac
- ise
- tftp
- other
password: $6$rounds=656000$mysecretsalt$VvhQ/hNVWpgVuv9MXN0zFAGMLloWYezEPvgG/oyFsaTJxmiZWintigtbssQ8zRdH4CjkB6obYcAOASlw2yutl/

2
dnaclab_linux/update.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Update and upgrade packages on Ubuntu VMs - name: Update and upgrade packages on Ubuntu VMs
hosts: kubernetes-dev hosts: backup_hosts
become: yes become: yes
vars_files: vars_files:
- global_vars/main.yml - global_vars/main.yml

4
ios_devices/device_audit.yml
View File

@ -3,7 +3,7 @@
## for devices which feature VRFs or multi-instance capabilities. ## for devices which feature VRFs or multi-instance capabilities.
- name: Audit devices and print key information - name: Audit devices and print key information
hosts: baguleykit hosts: evengkit
gather_facts: false gather_facts: false
connection: network_cli connection: network_cli
roles: roles:
@ -47,4 +47,4 @@
- name: Print device information - name: Print device information
debug: debug:
var: runtime_information.stdout_lines[4] var: runtime_information.stdout_lines[4]

3
ios_devices/inventory.yml
View File

@ -7,4 +7,5 @@ homekit:
192.168.1.60: 192.168.1.60:
evengkit: evengkit:
hosts: hosts:
172.16.1.239: 10.3.0.101:
10.3.0.102:

26
ios_devices/roles/common/vars/main.yml
View File

@ -1,14 +1,14 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
36666363353431303563373132653732303830323865333734636561616465306661346338393766 35393738393862623261626334653837633235366266636332383535623733343636613830303634
3462656233353031396533363133386439363133363563310a336263303535363666653838393835 3464643164383564393538643832656133373637306563660a323862313736353430623532306336
39303964323662653463633933336434396234653738343636373566636365363265333062656532 36363165646565643038663938633131343637613238646562323865633065653438656630626339
3030383335306537320a616262613366303235643331616166643932306164636235393530636163 3332633937373237380a623238623137396637623137373765333936376535313731326139633266
33666163663931636363353831316564333931663763613130363766666363313534623166313631 61303937626264383735383361653532396338626332383362306634616136303030353963653232
32636162646334343439623566353063373633306537313864613637373730393561626635323536 39313837346634663431323139666632393733643663313131306535656161383334383233373031
64393730386432356337373637343834313634386430643137343463306135653939303931333666 39386533636163666531633733303564393937323664633232626565623931326332386436366239
61653266663230323437343433626330303433656335363963356339356134653933646264383439 63353164363864613366663161326434366638633535643565346462346136343039633531363766
61613730353761316332633961343939653863326639343164623261303939396561333262326337 61323131626361386363613338656362353436313530383562373439663034333933323330386638
35333437653136653434393265333165666365353765666662396434303933623564346232653331 36303434366238373335633165343737373632643838663264376536653837633331643738323039
32386339646266343764646462653336356261376235626263653430636436306235623035396366 66376636666462616137633762376230333639346631336231313336373330393439356539373762
32363130613536353835613430643865346630366434353032366565353535313536653463313134 38613038636366613634396263303238666535386138626363373065353136323163393534663830
3532 3063