Merge branch 'master' of https://github.com/juanshotyou/ansible

2024-08-29 21:52:17 +01:00 · 2024-08-29 21:52:17 +01:00 · c03cd8d9d3
commit c03cd8d9d3
parent f4d22c4f04 2f092d625c
16 changed files with 426 additions and 58 deletions
--- a/dnaclab_linux/get_logs.yml
+++ b/dnaclab_linux/get_logs.yml
@ -1,6 +1,6 @@
 ---
 - name: Copy the contents of the "/var/log" folder to the Ansible controller
-  hosts: all_servers
+  hosts: all
  become: yes
  tasks:
@ -9,11 +9,11 @@
    ansible.builtin.shell: "cd /var/log; find . -maxdepth 1 -type f | cut -d'/' -f2"
    register: files_to_copy
-  - name: Copy the log files
+  # - name: Copy the log files
-    ansible.builtin.fetch:
+  #   ansible.builtin.fetch:
-      src: /var/log/{{ item }}
+  #     src: /var/log/{{ item }}
-      dest: /home/vlad/Desktop/ansible/dnaclab_linux/logs/
+  #     dest: /home/vlad/Desktop/ansible/dnaclab_linux/logs/
-    with_items: "{{ files_to_copy.stdout_lines }}"
+  #   with_items: "{{ files_to_copy.stdout_lines }}"
--- a/dnaclab_linux/inventory.yml
+++ b/dnaclab_linux/inventory.yml
@ -1,26 +1,25 @@
 ---
 all:
  children:
-    services:
+    services_hosts:
      hosts:
        ubuntu.dnaclab.net:
-    developer:
+        staging.dnaclab.net:
    developer_hosts:
      hosts:
        developer.dnaclab.net:
        developer2.dnaclab.net:
    gitlab:
      hosts:
        gitlab.dnaclab.net:
    backup_hosts:
      hosts:
        backups.dnaclab.net:
    kubernetes:
      hosts:
        10.221.0.130:
        10.221.0.131:
        10.221.0.132:
    staging:
      hosts:
        10.221.0.105:
    developer2:
      hosts:
        10.221.0.125:
    kubernetes_dev:
      hosts:
        172.16.1.130:
--- a/dnaclab_linux/prestage_backup.yml
+++ b/dnaclab_linux/prestage_backup.yml
@ -0,0 +1,8 @@
 ---
 - name: Prestage server(s) with the NCA Automation team users
  hosts: backup_hosts
  roles: 
    - ncafsa-backup
  become: yes
  vars_files:
    - global_vars/main.yml
--- a/dnaclab_linux/prestage_ncafsa_vm_template.yml
+++ b/dnaclab_linux/prestage_ncafsa_vm_template.yml
@ -0,0 +1,22 @@
 # 12/07/2023 - Sets up the target hosts with the basic necessary packages and Docker and 
 # adds the users to the Docker group.
 ---
 - name: Prestage server(s) with the following roles {{ ansible_play_role_names }}
  hosts: staging
  roles: 
    - common
    - ncafsa-vm-template
    - ncafsa-users
  become: yes
  vars_files:
    - global_vars/main.yml
  tasks:
    - name: Send Webex Teams message via BOT to confirm playbook completion
      community.general.cisco_webex:
        recipient_type: toPersonEmail
        recipient_id: "{{ webex_id }}"
        msg_type: markdown
        personal_token: "{{ webex_token }}"
        msg: "**Prestaging has been completed for host {{ inventory_hostname }}.**"
--- a/dnaclab_linux/prestage_users.yaml
+++ b/dnaclab_linux/prestage_users.yaml
@ -1,6 +1,6 @@
 ---
 - name: Prestage server(s) with the NCA Automation team users
-  hosts: kubernetes-dev
+  hosts: backup_hosts
  roles: 
    - ncafsa-users
  become: yes
@ -9,7 +9,23 @@
  tasks:
-    - name: Configure NCA Automation team users for server access
+    - name: Check if OS is RHEL or other
      ansible.builtin.stat:
        path: "/etc/redhat-release"
      register: outcome
    - name: Configure NCA Automation team users for server access (RHEL only)
      ansible.builtin.user:
        name: "{{ item.key }}"
        comment: "Added via Ansible"
        home: "/home/{{ item.key }}"
        shell: "/bin/bash"
        group: "wheel"
        password: "{{ item.value }}"
      loop: "{{ lookup('dict', users) }}"
      when: outcome.stat.exists
    - name: Configure NCA Automation team users for server access (non-RHEL)
      ansible.builtin.user:
        name: "{{ item.key }}"
        comment: "Added via Ansible"
@ -18,3 +34,4 @@
        group: "sudo"
        password: "{{ item.value }}"
      loop: "{{ lookup('dict', users) }}"
      when: not outcome.stat.exists
--- a/dnaclab_linux/roles/ncafsa-backup/tasks/main.yaml
+++ b/dnaclab_linux/roles/ncafsa-backup/tasks/main.yaml
@ -0,0 +1,45 @@
 ---
 - name: Create account for backup services
  ansible.builtin.user:
    name: "{{ item }}"
    password: "{{ password }}"
    shell: /bin/bash
  loop: "{{ services }}"
 - name: Create backup directory tree 
  ansible.builtin.file:
    path: "/backups/{{ item }}"
    state: directory
    owner: "{{ item }}"
    group: "{{ item }}"
  loop: "{{ services }}"
 - name: Install NFS, SFTP and TFTP services
  ansible.builtin.apt:
    name: "{{ item }}"
    state: present
  loop:
    - nfs-kernel-server
    - openssh-server 
    - tftpd-hpa
 - name: Configure SFTP for ISE backups
  ansible.builtin.template:
    src: sftp.conf.j2
    dest: /etc/ssh/sshd_config
  vars:
    user: "ise"
 - name: Fix permissions for SFTP folder
  ansible.builtin.file:
    path: "/backups/{{ user }}"
    state: directory
    owner: root
    group: root
  vars:
    user: "ise"
 - name: Restart SSH service (allows SFTP changes to work)
  ansible.builtin.service:
    name: ssh
    state: restarted
--- a/dnaclab_linux/roles/ncafsa-backup/templates/sftp.conf.j2
+++ b/dnaclab_linux/roles/ncafsa-backup/templates/sftp.conf.j2
@ -0,0 +1,131 @@
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
 # This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
 # possible, but leave them commented.  Uncommented options override the
 # default value.
 Include /etc/ssh/sshd_config.d/*.conf
 #Port 22
 #AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 #HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
 #HostKey /etc/ssh/ssh_host_ed25519_key
 # Ciphers and keying
 #RekeyLimit default none
 # Logging
 #SyslogFacility AUTH
 #LogLevel INFO
 # Authentication:
 #LoginGraceTime 2m
 #PermitRootLogin prohibit-password
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
 #PubkeyAuthentication yes
 # Expect .ssh/authorized_keys2 to be disregarded by default in future.
 #AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2
 #AuthorizedPrincipalsFile none
 #AuthorizedKeysCommand none
 #AuthorizedKeysCommandUser nobody
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 #HostbasedAuthentication no
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # HostbasedAuthentication
 #IgnoreUserKnownHosts no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
 # Change to yes to enable challenge-response passwords (beware issues with
 # some PAM modules and threads)
 KbdInteractiveAuthentication no
 # Kerberos options
 #KerberosAuthentication no
 #KerberosOrLocalPasswd yes
 #KerberosTicketCleanup yes
 #KerberosGetAFSToken no
 # GSSAPI options
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
 #GSSAPIStrictAcceptorCheck yes
 #GSSAPIKeyExchange no
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
 # be allowed through the KbdInteractiveAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via KbdInteractiveAuthentication may bypass
 # the setting of "PermitRootLogin without-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and KbdInteractiveAuthentication to 'no'.
 UsePAM yes
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
 X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes
 PrintMotd no
 #PrintLastLog yes
 #TCPKeepAlive yes
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0
 #ClientAliveCountMax 3
 #UseDNS no
 #PidFile /run/sshd.pid
 #MaxStartups 10:30:100
 #PermitTunnel no
 #ChrootDirectory none
 #VersionAddendum none
 # no default banner path
 #Banner none
 # Allow client to pass locale environment variables
 AcceptEnv LANG LC_*
 # override default of no subsystems
 Subsystem       sftp    /usr/lib/openssh/sftp-server
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #       X11Forwarding no
 #       AllowTcpForwarding no
 #       PermitTTY no
 #       ForceCommand cvs server
 Match User {{ user }}
    ForceCommand internal-sftp
    PasswordAuthentication yes
    ChrootDirectory /backups/{{ user }}
    PermitTunnel no
    AllowAgentForwarding no
    AllowTcpForwarding no
    X11Forwarding no
--- a/dnaclab_linux/roles/ncafsa-backup/vars/main.yaml
+++ b/dnaclab_linux/roles/ncafsa-backup/vars/main.yaml
@ -0,0 +1,6 @@
 services:
  - dnac
  - ise
  - tftp
  - other
 password: $6$rounds=656000$mysecretsalt$VvhQ/hNVWpgVuv9MXN0zFAGMLloWYezEPvgG/oyFsaTJxmiZWintigtbssQ8zRdH4CjkB6obYcAOASlw2yutl/
--- a/dnaclab_linux/roles/ncafsa-users/vars/main.yaml
+++ b/dnaclab_linux/roles/ncafsa-users/vars/main.yaml
@ -1,26 +1,26 @@
 $ANSIBLE_VAULT;1.1;AES256
-38336538336630386430306665313035623039376166353938363662653765643037656338653730
+63616133626234653365316361623861623664336263343332373439326135383930613839663133
-3166343061396430326336626332333635316438313536340a353134623836626638663465653631
+6462633664616563316263663430366231396634363465650a656430616139313938373832333332
-35636263393739623736326466616161333832323338653365303466636465383462326239333665
+33623733393732376134636564356138303463333662326162393238326566343265373763646239
-3863323733646437370a333036613539626134316633633436393364393530613265636539376232
+3064326661643134360a313335613133396164353435336330643035393430303135646361386433
-62633338663131373330323337306664343665666336376534353830316131373339636337396134
+35366534383962326536343531613261626433613631623233383238646565396337366634343439
-38663332313438303439313632363838353635393630316633623933353035363761366531613537
+30633462653730613534386338653062383466326666633738303031363339646361656132303133
-32383938656133613961383231316632313231333634353566363430653934653138383465313737
+38333139663963616632363436353431326231343164313661613431386235633734666266643837
-39396334396663336536666566616336623832316562653265643461396435613166346337616138
+62623265326334613238356462633334613037643262626238333334666436393333393937633034
-62326639393665303866626332316334633963663636303964613632366162643933343163323133
+38666566636330303632636637383731336161313639386336633964323637373137343032333761
-38663964613862306331383934333234303630653536323564366563356663666663333630343435
+66613537396630373133646130316230363335653231633033376334633236613762336136346434
-35313639376164336661623933396664653036316634663831386433383030393232313063666632
+32346166376363336463633234326166653763393732646232626461376536346266346633633266
-38363637363332646436313966383466656538336566326136343964353934653965336562643635
+31366535366233663439306261383963666463633034643366346132396435303430636466656565
-30343631366563343739373462343434636338393564613736313539303933303035326539366235
+34326334383661393737363666326434643031373562396534313033313136666133343963356239
-66313133336636653865376263326433353332303435336634356262316166613533663636643066
+35333062636466643630653535666661653534353461633037326435626537393466353832366638
-33386432313639316233366134306263613665363632316664613134323633393464666330393233
+39383764643339653266323533623166303434613739393466333362653563366366393135373039
-30366538326237383036363836656535323636313934613239616136386538643139616665356664
+62393133333839663666646362663235666634303439653664316536386532363531376161396463
-64376433353362346163623938653539613436383465333733663161383964623765653534666236
+38383363363163656663356336336331366439626634643466623463333030636238353961623234
-34656331393837306564623131363131383530386433326533633638363366366130393638643262
+64646230323235646136646262363634306135613637323533383038643764323432376139396631
-64626463626566653864323565323265306437636162353631666463316532346466326464636264
+32373837666335653530383530613137393637316532663534376164646131636138333162363339
-66383433646131393963346664353165666237306665616230646536616531353161666433353332
+34666631623838666337356133643964363966306239323561636237343662626361656434353034
-36646636663265633761636134613765346665353863333864333931316339353333356537663830
+31383238356137656465363866633631343435363936646264333263313964666437663734616462
-36343636303635353766626531313537303134306332326563376337353733336137636433666362
+34366539636234326264346261383262353739356530336138643161383463343836623435376364
-37326463333838343135393430393831383536646464353135636532373438656366303664323562
+61633932353863323336353963356363376337643930373131383935636332643832646330376363
-38343438626635326636346336383034376337353237393065386530643466663733626564303036
+36613130623634356232336637373565613635366137353637386662653137323166666565393665
-6537
+3637
--- a/dnaclab_linux/roles/ncafsa-vm-template/tasks/main.yaml
+++ b/dnaclab_linux/roles/ncafsa-vm-template/tasks/main.yaml
@ -0,0 +1,47 @@
 ---
 - name: Install aptitude
  ansible.builtin.apt:
    name: aptitude
    state: latest
    update_cache: true
 - name: Install required packages
  ansible.builtin.apt:
    pkg:
      - apt-transport-https
      - ca-certificates
      - curl
      - software-properties-common
      - python3-pip
      - virtualenv
      - python3-setuptools
    state: latest
    update_cache: true
 - name: Add Docker GPG apt Key
  ansible.builtin.apt_key:
    url: https://download.docker.com/linux/ubuntu/gpg
    state: present
 - name: Add Docker Repository
  ansible.builtin.apt_repository:
    repo: deb https://download.docker.com/linux/ubuntu focal stable
    state: present
 - name: Update apt and install docker-ce
  ansible.builtin.apt:
    name: docker-ce
    state: latest
    update_cache: true
 - name: Run default container to test Docker install
  community.docker.docker_container:
    name: test_container
    image: hello-world
    state: present
 - name: Add users to Docker group (allows running Docker commands without sudo)
  ansible.builtin.user:
    name: "{{ item.key }}"
    groups: "sudo, docker"
  loop: "{{ lookup('dict', users) }}"
--- a/dnaclab_linux/update.yml
+++ b/dnaclab_linux/update.yml
@ -1,6 +1,6 @@
 ---
 - name: Update and upgrade packages on Ubuntu VMs
-  hosts: kubernetes-dev
+  hosts: backup_hosts
  become: yes
  vars_files:
    - global_vars/main.yml
--- a/ios_devices/device_audit.yml
+++ b/ios_devices/device_audit.yml
@ -3,7 +3,7 @@
 ## for devices which feature VRFs or multi-instance capabilities.
 - name: Audit devices and print key information
-  hosts: baguleykit
+  hosts: evengkit
  gather_facts: false
  connection: network_cli
  roles:
--- a/ios_devices/inventory.yml
+++ b/ios_devices/inventory.yml
@ -7,4 +7,5 @@ homekit:
    192.168.1.60:
 evengkit:
  hosts:
-    172.16.1.239:
+    10.3.0.101:
    10.3.0.102:
--- a/ios_devices/roles/common/vars/main.yml
+++ b/ios_devices/roles/common/vars/main.yml
@ -1,14 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-36666363353431303563373132653732303830323865333734636561616465306661346338393766
+35393738393862623261626334653837633235366266636332383535623733343636613830303634
-3462656233353031396533363133386439363133363563310a336263303535363666653838393835
+3464643164383564393538643832656133373637306563660a323862313736353430623532306336
-39303964323662653463633933336434396234653738343636373566636365363265333062656532
+36363165646565643038663938633131343637613238646562323865633065653438656630626339
-3030383335306537320a616262613366303235643331616166643932306164636235393530636163
+3332633937373237380a623238623137396637623137373765333936376535313731326139633266
-33666163663931636363353831316564333931663763613130363766666363313534623166313631
+61303937626264383735383361653532396338626332383362306634616136303030353963653232
-32636162646334343439623566353063373633306537313864613637373730393561626635323536
+39313837346634663431323139666632393733643663313131306535656161383334383233373031
-64393730386432356337373637343834313634386430643137343463306135653939303931333666
+39386533636163666531633733303564393937323664633232626565623931326332386436366239
-61653266663230323437343433626330303433656335363963356339356134653933646264383439
+63353164363864613366663161326434366638633535643565346462346136343039633531363766
-61613730353761316332633961343939653863326639343164623261303939396561333262326337
+61323131626361386363613338656362353436313530383562373439663034333933323330386638
-35333437653136653434393265333165666365353765666662396434303933623564346232653331
+36303434366238373335633165343737373632643838663264376536653837633331643738323039
-32386339646266343764646462653336356261376235626263653430636436306235623035396366
+66376636666462616137633762376230333639346631336231313336373330393439356539373762
-32363130613536353835613430643865346630366434353032366565353535313536653463313134
+38613038636366613634396263303238666535386138626363373065353136323163393534663830
-3532
+3063
--- a/testing/inner.yml
+++ b/testing/inner.yml
@ -0,0 +1,7 @@
 - name: Print outer and inner items
  ansible.builtin.debug:
    msg: "outer item={{ outer_item }} inner item={{ item }}"
  loop:
    - a
    - b
    - c
--- a/testing/variable-test.yml
+++ b/testing/variable-test.yml
@ -0,0 +1,85 @@
 - name: Testing how to access variables
  hosts: localhost
  gather_facts: false
  vars:
    test_1: 
    - name: vlan 20
      id: 20
      svi_ip_peer_1: 192.168.77.1/24
      svi_ip_peer_2: 192.168.77.2/24
      portchannel_id: 20
      portchannel_interfaces_peer_1:
        name: port-channel20
        members: 
        - Eth1/5
        - Eth1/6
        mode: on
        switchport_mode: access
      portchannel_interfaces_peer_2:
        name: port-channel20
        members: 
        - Eth1/5
        - Eth1/6
        mode: on
        switchport_mode: access
      hsrp_group: 20
      hsrp_vip: 192.168.77.254
      hsrp_preempt: enabled
      hsrp_priority_peer_1: 105
      hsrp_priority_peer_2: 100
    - name: vlan 30
      id: 20
      svi_ip_peer_1: 192.168.77.1/24
      svi_ip_peer_2: 192.168.77.2/24
      portchannel_id: 20
      portchannel_interfaces_peer_1:
        name: port-channel20
        members: 
        - Eth1/7
        - Eth1/8
        mode: on
        switchport_mode: access
      portchannel_interfaces_peer_2:
        name: port-channel20
        members: 
        - Eth1/7
        - Eth1/8
        mode: on
        switchport_mode: access
      hsrp_group: 20
      hsrp_vip: 192.168.77.254
      hsrp_preempt: enabled
      hsrp_priority_peer_1: 105
      hsrp_priority_peer_2: 100
    test_2: "{{ test_1 | map(attribute='portchannel_interfaces_peer_1') | map(attribute='members') }}"
  tasks:
  - name: Print var
    ansible.builtin.debug:
      var: test_2
  - name: Print "portchannel_interfaces_peer_1"
    ansible.builtin.debug:
      msg: "{{ item  }}"
    loop:
      "{{ test_1 | map(attribute='portchannel_interfaces_peer_1')}}"
  - name: Print "members"
    ansible.builtin.debug:
      msg: "{{ item  }}"
    loop:
      "{{ test_1 | map(attribute='portchannel_interfaces_peer_1') | map(attribute='members')}}"
  # - name: Set members peer 1
  #   ansible.builtin.set_fact:
  #     peer_1_vpc_interfaces: "{{ item }}"
  #     cacheable: yes
  #   loop:
  #     "{{ test_1 | map(attribute='portchannel_interfaces_peer_1') | map(attribute='members') }}"
  - name: Print member interfaces
    ansible.builtin.debug:
      msg: "{{ item[1] }}"
    loop:
      "{{ test_1 | map(attribute='portchannel_interfaces_peer_1') | subelements('members') }}"