Created roles to define tasks needed to provision 'services' VM
This commit is contained in:
Vlad Raducanu
parent
9335abc215
commit
cb9f425c9b
0
dnaclab_linux/configuration_files/ntp.conf
Normal file
0
dnaclab_linux/configuration_files/ntp.conf
Normal file
@ -1,8 +1,24 @@
|
|||||||
home:
|
---
|
||||||
hosts:
|
all:
|
||||||
ubuntu.dnaclab.net:
|
children:
|
||||||
telemetry.dnaclab.net:
|
services:
|
||||||
developer.dnaclab.net:
|
hosts:
|
||||||
gitlab.dnaclab.net:
|
ubuntu.dnaclab.net:
|
||||||
vars:
|
telemetry:
|
||||||
ansible_ssh_private_key_file = /home/vlad/.ssh/id_rsa
|
hosts:
|
||||||
|
telemetry.dnaclab.net:
|
||||||
|
developer:
|
||||||
|
hosts:
|
||||||
|
developer.dnaclab.net:
|
||||||
|
gitlab:
|
||||||
|
hosts:
|
||||||
|
gitlab.dnaclab.net:
|
||||||
|
test:
|
||||||
|
hosts:
|
||||||
|
test.dnaclab.net:
|
||||||
|
all_servers:
|
||||||
|
hosts:
|
||||||
|
ubuntu.dnaclab.net:
|
||||||
|
telemetry.dnaclab.net:
|
||||||
|
developer.dnaclab.net:
|
||||||
|
gitlab.dnaclab.net:
|
||||||
|
|||||||
@ -1,8 +1,9 @@
|
|||||||
---
|
---
|
||||||
- name: Prestage server and install services [SYSLOG, FTP, TFTP, NTP]
|
- name: Prestage server and install services [SYSLOG, FTP, TFTP, NTP]
|
||||||
hosts: all
|
hosts: services
|
||||||
roles:
|
roles:
|
||||||
- common
|
- common
|
||||||
|
- services
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
@ -12,19 +13,6 @@
|
|||||||
update_cache: yes
|
update_cache: yes
|
||||||
upgrade: yes
|
upgrade: yes
|
||||||
|
|
||||||
- name: Update apt cache and install required packages
|
|
||||||
apt:
|
|
||||||
name: "{{ item }}"
|
|
||||||
loop:
|
|
||||||
- curl
|
|
||||||
- tree
|
|
||||||
- syslog-ng
|
|
||||||
- vsftpd
|
|
||||||
- tftpd-hpa
|
|
||||||
- ntp
|
|
||||||
- ufw
|
|
||||||
- xrdp
|
|
||||||
|
|
||||||
- name: Create a new regular user with sudo privileges
|
- name: Create a new regular user with sudo privileges
|
||||||
user:
|
user:
|
||||||
name: "{{ create_user }}"
|
name: "{{ create_user }}"
|
||||||
@ -40,45 +28,6 @@
|
|||||||
state: present
|
state: present
|
||||||
key: "{{ copy_local_key }}"
|
key: "{{ copy_local_key }}"
|
||||||
|
|
||||||
- name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP connections
|
|
||||||
ufw:
|
|
||||||
rule: allow
|
|
||||||
direction: in
|
|
||||||
port: "{{ item.port }}"
|
|
||||||
proto: "{{ item.proto }}"
|
|
||||||
loop:
|
|
||||||
- port: '22'
|
|
||||||
proto: tcp
|
|
||||||
- port: '123'
|
|
||||||
proto: udp
|
|
||||||
- port: '514'
|
|
||||||
proto: udp
|
|
||||||
- port: '23'
|
|
||||||
proto: tcp
|
|
||||||
- port: '3389'
|
|
||||||
proto: tcp
|
|
||||||
- port: '69'
|
|
||||||
proto: udp
|
|
||||||
- port: '5140'
|
|
||||||
proto: tcp
|
|
||||||
- port: '5141'
|
|
||||||
proto: tcp
|
|
||||||
- port: '5142'
|
|
||||||
proto: tcp
|
|
||||||
|
|
||||||
|
|
||||||
- name: UFW - Deny all other incoming traffic by default
|
|
||||||
ufw:
|
|
||||||
state: enabled
|
|
||||||
policy: deny
|
|
||||||
direction: incoming
|
|
||||||
|
|
||||||
- name: Block all IPv6 incoming connections
|
|
||||||
ufw:
|
|
||||||
rule: deny
|
|
||||||
direction: in
|
|
||||||
proto: ipv6
|
|
||||||
|
|
||||||
- name: Send Webex Teams message via BOT to confirm playbook completion
|
- name: Send Webex Teams message via BOT to confirm playbook completion
|
||||||
community.general.cisco_webex:
|
community.general.cisco_webex:
|
||||||
recipient_type: toPersonEmail
|
recipient_type: toPersonEmail
|
||||||
|
|||||||
@ -1,10 +1,25 @@
|
|||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
34323466633533666237623830316138373237326134336236613536633664373564633163613230
|
37306465323037623364336366393036643966666232653964313436383333633133353232636166
|
||||||
3938393338663632613061646365613630373635613536360a613039306363616432633030306334
|
3232373132386263633466643139313732656537383239310a303935333732353632383736356235
|
||||||
33353839346339393965616234323561306338626533363238306662383938626364303061633332
|
61326134633862343632343035646637306135646532353264363533383233663034623162663263
|
||||||
6230623361393438610a383230376431373034306331376536313831633366373665393866373338
|
6235616361396435310a313862636162316238336237383938613139366534616537343638306237
|
||||||
65313334623131323931353436623265623033396266623364313934383865386532623630336164
|
63616535313636303666616137336366626561393162336134656166313837633933326631363430
|
||||||
32653432613065303363303730353864353739633530376637333662303134613339353062303932
|
39656335303261656637626663383065633265306438323839373239663634316439623730303532
|
||||||
33646466383561373264333734626364663763393766666664653365386230393562626563376265
|
65383231393738633436356139633665316533383734316434313430393163396636613366373435
|
||||||
63303939363932636266303566363062643166343064343762313339353839326361383062653036
|
30613839633164363032333434643738353335363666326430396461633331623532346465323361
|
||||||
6232
|
37356136306466663132383133653435666666383831646262356166633737656266376135653530
|
||||||
|
31363531663366623539363963363766633264356363636133343938323738376630333664666535
|
||||||
|
32386230633461623164373338373032313635393137366131336633366137396135343665633330
|
||||||
|
33633336386633373437393939343430623164626534633264333031323633613666363738653764
|
||||||
|
35373565636233336639393463306534326536383438656334343733333036346463613962643066
|
||||||
|
36396634336366396533353038356361326437646538313464653438353231653636366334336437
|
||||||
|
34313334326539326338343036633732666465653662373961653566663361396231666566343064
|
||||||
|
37633133343463633833643735333637333531326161356263643261653462643362386336623961
|
||||||
|
35623864346665633130306233356133346633646238353839393136353439383266343732666535
|
||||||
|
63613634663962636436653639396266343166363362663161633562623136343363373037633437
|
||||||
|
65386432333634343437313139323466666635313330323831313034616230636465353236383635
|
||||||
|
35393138363462333839616261306361386466386662323835376436323462326238363161623339
|
||||||
|
64636661623431336266356531373736636337316462333266623266643031613533343632643731
|
||||||
|
65653337393562636635326262663639353037336231323332313364616438366362623238393262
|
||||||
|
39633134313262616639633637386339353761343339646632356436303061613662643738323736
|
||||||
|
36656337333134306363
|
||||||
|
|||||||
59
dnaclab_linux/roles/services/tasks/main.yml
Normal file
59
dnaclab_linux/roles/services/tasks/main.yml
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
---
|
||||||
|
- name: Install required packages
|
||||||
|
apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
loop:
|
||||||
|
- curl
|
||||||
|
- tree
|
||||||
|
- syslog-ng
|
||||||
|
- vsftpd
|
||||||
|
- tftpd-hpa
|
||||||
|
- ntp
|
||||||
|
- ufw
|
||||||
|
|
||||||
|
- name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP connections
|
||||||
|
community.general.ufw:
|
||||||
|
rule: allow
|
||||||
|
direction: in
|
||||||
|
port: "{{ item.port }}"
|
||||||
|
proto: "{{ item.proto }}"
|
||||||
|
loop:
|
||||||
|
- port: '22'
|
||||||
|
proto: tcp
|
||||||
|
- port: '123'
|
||||||
|
proto: udp
|
||||||
|
- port: '514'
|
||||||
|
proto: udp
|
||||||
|
- port: '23'
|
||||||
|
proto: tcp
|
||||||
|
- port: '3389'
|
||||||
|
proto: tcp
|
||||||
|
- port: '69'
|
||||||
|
proto: udp
|
||||||
|
- port: '5140'
|
||||||
|
proto: tcp
|
||||||
|
- port: '5141'
|
||||||
|
proto: tcp
|
||||||
|
- port: '5142'
|
||||||
|
proto: tcp
|
||||||
|
|
||||||
|
- name: UFW - Deny all other incoming traffic by default
|
||||||
|
community.general.ufw:
|
||||||
|
state: enabled
|
||||||
|
policy: deny
|
||||||
|
direction: incoming
|
||||||
|
|
||||||
|
- name: Block all IPv6 incoming connections
|
||||||
|
community.general.ufw:
|
||||||
|
rule: deny
|
||||||
|
direction: in
|
||||||
|
proto: ipv6
|
||||||
|
|
||||||
|
- name: Apply NTP configuration file
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: ./configuration_files/ntp.conf
|
||||||
|
dest: /etc/ntp.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
backup: yes
|
||||||
Loading…
Reference in New Issue
Block a user