vlad/ansible_cache
vlad/ansible_cache
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Created roles to define tasks needed to provision 'services' VM

Browse Source
This commit is contained in:
Vlad Raducanu 2022-06-28 10:49:23 +01:00
parent 9335abc215
commit cb9f425c9b
5 changed files with 109 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
dnaclab_linux/configuration_files/ntp.conf Normal file
View File

32
dnaclab_linux/inventory.yml
View File

@ -1,8 +1,24 @@
home:
hosts:
ubuntu.dnaclab.net:
telemetry.dnaclab.net:
developer.dnaclab.net:
gitlab.dnaclab.net:
vars:
ansible_ssh_private_key_file = /home/vlad/.ssh/id_rsa
---
all:
children:
services:
hosts:
ubuntu.dnaclab.net:
telemetry:
hosts:
telemetry.dnaclab.net:
developer:
hosts:
developer.dnaclab.net:
gitlab:
hosts:
gitlab.dnaclab.net:
test:
hosts:
test.dnaclab.net:
all_servers:
hosts:
ubuntu.dnaclab.net:
telemetry.dnaclab.net:
developer.dnaclab.net:
gitlab.dnaclab.net:

55
dnaclab_linux/prestage.yml
View File

@ -1,8 +1,9 @@
---
- name: Prestage server and install services [SYSLOG, FTP, TFTP, NTP]
hosts: all
hosts: services
roles:
- common
- services
become: yes
tasks:
@ -12,19 +13,6 @@
update_cache: yes
upgrade: yes
- name: Update apt cache and install required packages
apt:
name: "{{ item }}"
loop:
- curl
- tree
- syslog-ng
- vsftpd
- tftpd-hpa
- ntp
- ufw
- xrdp
- name: Create a new regular user with sudo privileges
user:
name: "{{ create_user }}"
@ -40,45 +28,6 @@
state: present
key: "{{ copy_local_key }}"
- name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP connections
ufw:
rule: allow
direction: in
port: "{{ item.port }}"
proto: "{{ item.proto }}"
loop:
- port: '22'
proto: tcp
- port: '123'
proto: udp
- port: '514'
proto: udp
- port: '23'
proto: tcp
- port: '3389'
proto: tcp
- port: '69'
proto: udp
- port: '5140'
proto: tcp
- port: '5141'
proto: tcp
- port: '5142'
proto: tcp
- name: UFW - Deny all other incoming traffic by default
ufw:
state: enabled
policy: deny
direction: incoming
- name: Block all IPv6 incoming connections
ufw:
rule: deny
direction: in
proto: ipv6
- name: Send Webex Teams message via BOT to confirm playbook completion
community.general.cisco_webex:
recipient_type: toPersonEmail

33
dnaclab_linux/roles/common/vars/main.yml
View File

@ -1,10 +1,25 @@
$ANSIBLE_VAULT;1.1;AES256
34323466633533666237623830316138373237326134336236613536633664373564633163613230
3938393338663632613061646365613630373635613536360a613039306363616432633030306334
33353839346339393965616234323561306338626533363238306662383938626364303061633332
6230623361393438610a383230376431373034306331376536313831633366373665393866373338
65313334623131323931353436623265623033396266623364313934383865386532623630336164
32653432613065303363303730353864353739633530376637333662303134613339353062303932
33646466383561373264333734626364663763393766666664653365386230393562626563376265
63303939363932636266303566363062643166343064343762313339353839326361383062653036
6232
37306465323037623364336366393036643966666232653964313436383333633133353232636166
3232373132386263633466643139313732656537383239310a303935333732353632383736356235
61326134633862343632343035646637306135646532353264363533383233663034623162663263
6235616361396435310a313862636162316238336237383938613139366534616537343638306237
63616535313636303666616137336366626561393162336134656166313837633933326631363430
39656335303261656637626663383065633265306438323839373239663634316439623730303532
65383231393738633436356139633665316533383734316434313430393163396636613366373435
30613839633164363032333434643738353335363666326430396461633331623532346465323361
37356136306466663132383133653435666666383831646262356166633737656266376135653530
31363531663366623539363963363766633264356363636133343938323738376630333664666535
32386230633461623164373338373032313635393137366131336633366137396135343665633330
33633336386633373437393939343430623164626534633264333031323633613666363738653764
35373565636233336639393463306534326536383438656334343733333036346463613962643066
36396634336366396533353038356361326437646538313464653438353231653636366334336437
34313334326539326338343036633732666465653662373961653566663361396231666566343064
37633133343463633833643735333637333531326161356263643261653462643362386336623961
35623864346665633130306233356133346633646238353839393136353439383266343732666535
63613634663962636436653639396266343166363362663161633562623136343363373037633437
65386432333634343437313139323466666635313330323831313034616230636465353236383635
35393138363462333839616261306361386466386662323835376436323462326238363161623339
64636661623431336266356531373736636337316462333266623266643031613533343632643731
65653337393562636635326262663639353037336231323332313364616438366362623238393262
39633134313262616639633637386339353761343339646632356436303061613662643738323736
36656337333134306363

59
dnaclab_linux/roles/services/tasks/main.yml Normal file
View File

@ -0,0 +1,59 @@
---
- name: Install required packages
apt:
name: "{{ item }}"
loop:
- curl
- tree
- syslog-ng
- vsftpd
- tftpd-hpa
- ntp
- ufw
- name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP connections
community.general.ufw:
rule: allow
direction: in
port: "{{ item.port }}"
proto: "{{ item.proto }}"
loop:
- port: '22'
proto: tcp
- port: '123'
proto: udp
- port: '514'
proto: udp
- port: '23'
proto: tcp
- port: '3389'
proto: tcp
- port: '69'
proto: udp
- port: '5140'
proto: tcp
- port: '5141'
proto: tcp
- port: '5142'
proto: tcp
- name: UFW - Deny all other incoming traffic by default
community.general.ufw:
state: enabled
policy: deny
direction: incoming
- name: Block all IPv6 incoming connections
community.general.ufw:
rule: deny
direction: in
proto: ipv6
- name: Apply NTP configuration file
ansible.builtin.copy:
src: ./configuration_files/ntp.conf
dest: /etc/ntp.conf
owner: root
group: root
mode: '0644'
backup: yes