Merge branch 'master' of https://github.com/juanshotyou/ansible

2024-08-29 21:52:17 +01:00 · 2024-08-29 21:52:17 +01:00 · c03cd8d9d3
commit c03cd8d9d3
parent f4d22c4f04 2f092d625c
16 changed files with 426 additions and 58 deletions
--- a/dnaclab_linux/get_logs.yml
+++ b/dnaclab_linux/get_logs.yml
@ -1,6 +1,6 @@
 ---
 - name: Copy the contents of the "/var/log" folder to the Ansible controller
-  hosts: all_servers
+  hosts: all
  become: yes

  tasks:
@ -9,11 +9,11 @@
    ansible.builtin.shell: "cd /var/log; find . -maxdepth 1 -type f | cut -d'/' -f2"
    register: files_to_copy

-  - name: Copy the log files
-    ansible.builtin.fetch:
-      src: /var/log/{{ item }}
-      dest: /home/vlad/Desktop/ansible/dnaclab_linux/logs/
-    with_items: "{{ files_to_copy.stdout_lines }}"
+  # - name: Copy the log files
+  #   ansible.builtin.fetch:
+  #     src: /var/log/{{ item }}
+  #     dest: /home/vlad/Desktop/ansible/dnaclab_linux/logs/
+  #   with_items: "{{ files_to_copy.stdout_lines }}"



--- a/dnaclab_linux/inventory.yml
+++ b/dnaclab_linux/inventory.yml
@ -1,26 +1,25 @@
 ---
 all:
  children:
-    services:
+    services_hosts:
      hosts:
        ubuntu.dnaclab.net:
-    developer:
+        staging.dnaclab.net:
+    developer_hosts:
      hosts:
        developer.dnaclab.net:
+        developer2.dnaclab.net:
    gitlab:
      hosts:
        gitlab.dnaclab.net:
+    backup_hosts:
+      hosts:
+        backups.dnaclab.net:
    kubernetes:
      hosts:
        10.221.0.130:
        10.221.0.131:
        10.221.0.132:
-    staging:
-      hosts:
-        10.221.0.105:
-    developer2:
-      hosts:
-        10.221.0.125:
    kubernetes_dev:
      hosts:
        172.16.1.130:
--- a/dnaclab_linux/prestage_backup.yml
+++ b/dnaclab_linux/prestage_backup.yml
@ -0,0 +1,8 @@
+---
+- name: Prestage server(s) with the NCA Automation team users
+  hosts: backup_hosts
+  roles: 
+    - ncafsa-backup
+  become: yes
+  vars_files:
+    - global_vars/main.yml
--- a/dnaclab_linux/prestage_ncafsa_vm_template.yml
+++ b/dnaclab_linux/prestage_ncafsa_vm_template.yml
@ -0,0 +1,22 @@
+# 12/07/2023 - Sets up the target hosts with the basic necessary packages and Docker and 
+# adds the users to the Docker group.
+---
+- name: Prestage server(s) with the following roles {{ ansible_play_role_names }}
+  hosts: staging
+  roles: 
+    - common
+    - ncafsa-vm-template
+    - ncafsa-users
+  become: yes
+  vars_files:
+    - global_vars/main.yml
+
+  tasks:
+
+    - name: Send Webex Teams message via BOT to confirm playbook completion
+      community.general.cisco_webex:
+        recipient_type: toPersonEmail
+        recipient_id: "{{ webex_id }}"
+        msg_type: markdown
+        personal_token: "{{ webex_token }}"
+        msg: "**Prestaging has been completed for host {{ inventory_hostname }}.**"
--- a/dnaclab_linux/prestage_users.yaml
+++ b/dnaclab_linux/prestage_users.yaml
@ -1,6 +1,6 @@
 ---
 - name: Prestage server(s) with the NCA Automation team users
-  hosts: kubernetes-dev
+  hosts: backup_hosts
  roles: 
    - ncafsa-users
  become: yes
@ -9,7 +9,23 @@

  tasks:

-    - name: Configure NCA Automation team users for server access
+    - name: Check if OS is RHEL or other
+      ansible.builtin.stat:
+        path: "/etc/redhat-release"
+      register: outcome
+
+    - name: Configure NCA Automation team users for server access (RHEL only)
+      ansible.builtin.user:
+        name: "{{ item.key }}"
+        comment: "Added via Ansible"
+        home: "/home/{{ item.key }}"
+        shell: "/bin/bash"
+        group: "wheel"
+        password: "{{ item.value }}"
+      loop: "{{ lookup('dict', users) }}"
+      when: outcome.stat.exists
+
+    - name: Configure NCA Automation team users for server access (non-RHEL)
      ansible.builtin.user:
        name: "{{ item.key }}"
        comment: "Added via Ansible"
@ -18,3 +34,4 @@
        group: "sudo"
        password: "{{ item.value }}"
      loop: "{{ lookup('dict', users) }}"
+      when: not outcome.stat.exists
--- a/dnaclab_linux/roles/ncafsa-backup/tasks/main.yaml
+++ b/dnaclab_linux/roles/ncafsa-backup/tasks/main.yaml
@ -0,0 +1,45 @@
+---
+- name: Create account for backup services
+  ansible.builtin.user:
+    name: "{{ item }}"
+    password: "{{ password }}"
+    shell: /bin/bash
+  loop: "{{ services }}"
+
+- name: Create backup directory tree 
+  ansible.builtin.file:
+    path: "/backups/{{ item }}"
+    state: directory
+    owner: "{{ item }}"
+    group: "{{ item }}"
+  loop: "{{ services }}"
+
+- name: Install NFS, SFTP and TFTP services
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - nfs-kernel-server
+    - openssh-server 
+    - tftpd-hpa
+
+- name: Configure SFTP for ISE backups
+  ansible.builtin.template:
+    src: sftp.conf.j2
+    dest: /etc/ssh/sshd_config
+  vars:
+    user: "ise"
+
+- name: Fix permissions for SFTP folder
+  ansible.builtin.file:
+    path: "/backups/{{ user }}"
+    state: directory
+    owner: root
+    group: root
+  vars:
+    user: "ise"
+
+- name: Restart SSH service (allows SFTP changes to work)
+  ansible.builtin.service:
+    name: ssh
+    state: restarted
--- a/dnaclab_linux/roles/ncafsa-backup/templates/sftp.conf.j2
+++ b/dnaclab_linux/roles/ncafsa-backup/templates/sftp.conf.j2
@ -0,0 +1,131 @@
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+KbdInteractiveAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem       sftp    /usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#       X11Forwarding no
+#       AllowTcpForwarding no
+#       PermitTTY no
+#       ForceCommand cvs server
+
+Match User {{ user }}
+    ForceCommand internal-sftp
+    PasswordAuthentication yes
+    ChrootDirectory /backups/{{ user }}
+    PermitTunnel no
+    AllowAgentForwarding no
+    AllowTcpForwarding no
+    X11Forwarding no
--- a/dnaclab_linux/roles/ncafsa-backup/vars/main.yaml
+++ b/dnaclab_linux/roles/ncafsa-backup/vars/main.yaml
@ -0,0 +1,6 @@
+services:
+  - dnac
+  - ise
+  - tftp
+  - other
+password: $6$rounds=656000$mysecretsalt$VvhQ/hNVWpgVuv9MXN0zFAGMLloWYezEPvgG/oyFsaTJxmiZWintigtbssQ8zRdH4CjkB6obYcAOASlw2yutl/
--- a/dnaclab_linux/roles/ncafsa-users/vars/main.yaml
+++ b/dnaclab_linux/roles/ncafsa-users/vars/main.yaml
@ -1,26 +1,26 @@
 $ANSIBLE_VAULT;1.1;AES256
-38336538336630386430306665313035623039376166353938363662653765643037656338653730
-3166343061396430326336626332333635316438313536340a353134623836626638663465653631
-35636263393739623736326466616161333832323338653365303466636465383462326239333665
-3863323733646437370a333036613539626134316633633436393364393530613265636539376232
-62633338663131373330323337306664343665666336376534353830316131373339636337396134
-38663332313438303439313632363838353635393630316633623933353035363761366531613537
-32383938656133613961383231316632313231333634353566363430653934653138383465313737
-39396334396663336536666566616336623832316562653265643461396435613166346337616138
-62326639393665303866626332316334633963663636303964613632366162643933343163323133
-38663964613862306331383934333234303630653536323564366563356663666663333630343435
-35313639376164336661623933396664653036316634663831386433383030393232313063666632
-38363637363332646436313966383466656538336566326136343964353934653965336562643635
-30343631366563343739373462343434636338393564613736313539303933303035326539366235
-66313133336636653865376263326433353332303435336634356262316166613533663636643066
-33386432313639316233366134306263613665363632316664613134323633393464666330393233
-30366538326237383036363836656535323636313934613239616136386538643139616665356664
-64376433353362346163623938653539613436383465333733663161383964623765653534666236
-34656331393837306564623131363131383530386433326533633638363366366130393638643262
-64626463626566653864323565323265306437636162353631666463316532346466326464636264
-66383433646131393963346664353165666237306665616230646536616531353161666433353332
-36646636663265633761636134613765346665353863333864333931316339353333356537663830
-36343636303635353766626531313537303134306332326563376337353733336137636433666362
-37326463333838343135393430393831383536646464353135636532373438656366303664323562
-38343438626635326636346336383034376337353237393065386530643466663733626564303036
-6537
+63616133626234653365316361623861623664336263343332373439326135383930613839663133
+6462633664616563316263663430366231396634363465650a656430616139313938373832333332
+33623733393732376134636564356138303463333662326162393238326566343265373763646239
+3064326661643134360a313335613133396164353435336330643035393430303135646361386433
+35366534383962326536343531613261626433613631623233383238646565396337366634343439
+30633462653730613534386338653062383466326666633738303031363339646361656132303133
+38333139663963616632363436353431326231343164313661613431386235633734666266643837
+62623265326334613238356462633334613037643262626238333334666436393333393937633034
+38666566636330303632636637383731336161313639386336633964323637373137343032333761
+66613537396630373133646130316230363335653231633033376334633236613762336136346434
+32346166376363336463633234326166653763393732646232626461376536346266346633633266
+31366535366233663439306261383963666463633034643366346132396435303430636466656565
+34326334383661393737363666326434643031373562396534313033313136666133343963356239
+35333062636466643630653535666661653534353461633037326435626537393466353832366638
+39383764643339653266323533623166303434613739393466333362653563366366393135373039
+62393133333839663666646362663235666634303439653664316536386532363531376161396463
+38383363363163656663356336336331366439626634643466623463333030636238353961623234
+64646230323235646136646262363634306135613637323533383038643764323432376139396631
+32373837666335653530383530613137393637316532663534376164646131636138333162363339
+34666631623838666337356133643964363966306239323561636237343662626361656434353034
+31383238356137656465363866633631343435363936646264333263313964666437663734616462
+34366539636234326264346261383262353739356530336138643161383463343836623435376364
+61633932353863323336353963356363376337643930373131383935636332643832646330376363
+36613130623634356232336637373565613635366137353637386662653137323166666565393665
+3637
--- a/dnaclab_linux/roles/ncafsa-vm-template/tasks/main.yaml
+++ b/dnaclab_linux/roles/ncafsa-vm-template/tasks/main.yaml
@ -0,0 +1,47 @@
+---
+- name: Install aptitude
+  ansible.builtin.apt:
+    name: aptitude
+    state: latest
+    update_cache: true
+
+- name: Install required packages
+  ansible.builtin.apt:
+    pkg:
+      - apt-transport-https
+      - ca-certificates
+      - curl
+      - software-properties-common
+      - python3-pip
+      - virtualenv
+      - python3-setuptools
+    state: latest
+    update_cache: true
+
+- name: Add Docker GPG apt Key
+  ansible.builtin.apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    state: present
+
+- name: Add Docker Repository
+  ansible.builtin.apt_repository:
+    repo: deb https://download.docker.com/linux/ubuntu focal stable
+    state: present
+
+- name: Update apt and install docker-ce
+  ansible.builtin.apt:
+    name: docker-ce
+    state: latest
+    update_cache: true
+
+- name: Run default container to test Docker install
+  community.docker.docker_container:
+    name: test_container
+    image: hello-world
+    state: present
+
+- name: Add users to Docker group (allows running Docker commands without sudo)
+  ansible.builtin.user:
+    name: "{{ item.key }}"
+    groups: "sudo, docker"
+  loop: "{{ lookup('dict', users) }}"
--- a/dnaclab_linux/update.yml
+++ b/dnaclab_linux/update.yml
@ -1,6 +1,6 @@
 ---
 - name: Update and upgrade packages on Ubuntu VMs
-  hosts: kubernetes-dev
+  hosts: backup_hosts
  become: yes
  vars_files:
    - global_vars/main.yml
--- a/ios_devices/device_audit.yml
+++ b/ios_devices/device_audit.yml
@ -3,7 +3,7 @@
 ## for devices which feature VRFs or multi-instance capabilities.

 - name: Audit devices and print key information
-  hosts: baguleykit
+  hosts: evengkit
  gather_facts: false
  connection: network_cli
  roles:
@ -47,4 +47,4 @@

    - name: Print device information
      debug:
-        var: runtime_information.stdout_lines[4]
+        var: runtime_information.stdout_lines[4]
--- a/ios_devices/inventory.yml
+++ b/ios_devices/inventory.yml
@ -7,4 +7,5 @@ homekit:
    192.168.1.60:
 evengkit:
  hosts:
-    172.16.1.239:
+    10.3.0.101:
+    10.3.0.102:
--- a/ios_devices/roles/common/vars/main.yml
+++ b/ios_devices/roles/common/vars/main.yml
@ -1,14 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-36666363353431303563373132653732303830323865333734636561616465306661346338393766
-3462656233353031396533363133386439363133363563310a336263303535363666653838393835
-39303964323662653463633933336434396234653738343636373566636365363265333062656532
-3030383335306537320a616262613366303235643331616166643932306164636235393530636163
-33666163663931636363353831316564333931663763613130363766666363313534623166313631
-32636162646334343439623566353063373633306537313864613637373730393561626635323536
-64393730386432356337373637343834313634386430643137343463306135653939303931333666
-61653266663230323437343433626330303433656335363963356339356134653933646264383439
-61613730353761316332633961343939653863326639343164623261303939396561333262326337
-35333437653136653434393265333165666365353765666662396434303933623564346232653331
-32386339646266343764646462653336356261376235626263653430636436306235623035396366
-32363130613536353835613430643865346630366434353032366565353535313536653463313134
-3532
+35393738393862623261626334653837633235366266636332383535623733343636613830303634
+3464643164383564393538643832656133373637306563660a323862313736353430623532306336
+36363165646565643038663938633131343637613238646562323865633065653438656630626339
+3332633937373237380a623238623137396637623137373765333936376535313731326139633266
+61303937626264383735383361653532396338626332383362306634616136303030353963653232
+39313837346634663431323139666632393733643663313131306535656161383334383233373031
+39386533636163666531633733303564393937323664633232626565623931326332386436366239
+63353164363864613366663161326434366638633535643565346462346136343039633531363766
+61323131626361386363613338656362353436313530383562373439663034333933323330386638
+36303434366238373335633165343737373632643838663264376536653837633331643738323039
+66376636666462616137633762376230333639346631336231313336373330393439356539373762
+38613038636366613634396263303238666535386138626363373065353136323163393534663830
+3063
--- a/testing/inner.yml
+++ b/testing/inner.yml
@ -0,0 +1,7 @@
+- name: Print outer and inner items
+  ansible.builtin.debug:
+    msg: "outer item={{ outer_item }} inner item={{ item }}"
+  loop:
+    - a
+    - b
+    - c
--- a/testing/variable-test.yml
+++ b/testing/variable-test.yml
@ -0,0 +1,85 @@
+- name: Testing how to access variables
+  hosts: localhost
+  gather_facts: false
+  vars:
+    test_1: 
+    - name: vlan 20
+      id: 20
+      svi_ip_peer_1: 192.168.77.1/24
+      svi_ip_peer_2: 192.168.77.2/24
+      portchannel_id: 20
+      portchannel_interfaces_peer_1:
+        name: port-channel20
+        members: 
+        - Eth1/5
+        - Eth1/6
+        mode: on
+        switchport_mode: access
+      portchannel_interfaces_peer_2:
+        name: port-channel20
+        members: 
+        - Eth1/5
+        - Eth1/6
+        mode: on
+        switchport_mode: access
+      hsrp_group: 20
+      hsrp_vip: 192.168.77.254
+      hsrp_preempt: enabled
+      hsrp_priority_peer_1: 105
+      hsrp_priority_peer_2: 100
+    - name: vlan 30
+      id: 20
+      svi_ip_peer_1: 192.168.77.1/24
+      svi_ip_peer_2: 192.168.77.2/24
+      portchannel_id: 20
+      portchannel_interfaces_peer_1:
+        name: port-channel20
+        members: 
+        - Eth1/7
+        - Eth1/8
+        mode: on
+        switchport_mode: access
+      portchannel_interfaces_peer_2:
+        name: port-channel20
+        members: 
+        - Eth1/7
+        - Eth1/8
+        mode: on
+        switchport_mode: access
+      hsrp_group: 20
+      hsrp_vip: 192.168.77.254
+      hsrp_preempt: enabled
+      hsrp_priority_peer_1: 105
+      hsrp_priority_peer_2: 100
+    test_2: "{{ test_1 | map(attribute='portchannel_interfaces_peer_1') | map(attribute='members') }}"
+
+  tasks:
+  
+  - name: Print var
+    ansible.builtin.debug:
+      var: test_2
+  
+  - name: Print "portchannel_interfaces_peer_1"
+    ansible.builtin.debug:
+      msg: "{{ item  }}"
+    loop:
+      "{{ test_1 | map(attribute='portchannel_interfaces_peer_1')}}"
+  
+  - name: Print "members"
+    ansible.builtin.debug:
+      msg: "{{ item  }}"
+    loop:
+      "{{ test_1 | map(attribute='portchannel_interfaces_peer_1') | map(attribute='members')}}"
+  
+  # - name: Set members peer 1
+  #   ansible.builtin.set_fact:
+  #     peer_1_vpc_interfaces: "{{ item }}"
+  #     cacheable: yes
+  #   loop:
+  #     "{{ test_1 | map(attribute='portchannel_interfaces_peer_1') | map(attribute='members') }}"
+
+  - name: Print member interfaces
+    ansible.builtin.debug:
+      msg: "{{ item[1] }}"
+    loop:
+      "{{ test_1 | map(attribute='portchannel_interfaces_peer_1') | subelements('members') }}"