Initial Commit

.gitignore

@@ -0,0 +1,18 @@
+# Ignore Komodo Project Fluff
+.komodotools/
+*.komodoproject
+.vagrant/
+
+# Ignore any retry files from ansible
+*.retry
+
+# Ignore roles
+roles/*
+!roles/.gitkeep
+files/*
+!files/authorized_keys/
+files/authorized_keys/*
+!files/authorized_keys/.gitkeep
+
+# Do not commit Vault password
+.vault_password.txt

README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

defaults/main.yml

@@ -0,0 +1,4 @@
+---
+# defaults file for guisea.common
+domain: ad.ultrafast.co.nz
+vendors_hosts: []

handlers/main.yml

@@ -0,0 +1,14 @@
+---
+# handlers file for guisea.common
+- name: Restart Postfix
+  service: 
+    name: postfix
+    state: restarted
+- name: Restart SSH
+  service:
+    name: sshd
+    state: restarted
+- name: Restart NTPD
+  service:
+    name: ntpd
+    state: restarted

meta/main.yml

@@ -0,0 +1,152 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Solaris
+  #  versions:
+  #  - all
+  #  - 10
+  #  - 11.0
+  #  - 11.1
+  #  - 11.2
+  #  - 11.3
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #  - 21
+  #  - 22
+  #  - 23
+  #- name: Windows
+  #  versions:
+  #  - all
+  #  - 2012R2
+  #- name: SmartOS
+  #  versions:
+  #  - all
+  #  - any
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 10.0
+  #  - 10.1
+  #  - 10.2
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #  - 9.3
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #  - utopic
+  #  - vivid
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - jessie
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

tasks/main.yml

@@ -0,0 +1,126 @@
+---
+# tasks file for common role
+- name: Set Hostname
+  hostname: name="{{ inventory_hostname }}"
+  
+- name: Change root password
+  user: 
+    name: root 
+    password: "{{ root_pwd }}"
+  changed_when: false
+  
+- name: Create admin group
+  group: name={{ADMIN_GROUP}} state=present
+  
+- name: Ensure common packages
+  yum: 
+    name: "{{item}}"
+    state: present
+    enablerepo: epel
+  with_items: 
+    - libselinux-python
+    - ntp
+    - nano
+    - git
+    - htop
+    - atop
+    - bind-utils
+    - yum-utils
+    
+- name: Check SELinux status
+  command: /usr/sbin/getenforce
+  register: result
+  changed_when: False
+  
+- name: Disable SELinux now if enabled
+  shell: /usr/sbin/setenforce 0
+  when: result.stdout != "Disabled"
+  
+- name: Check/Set SELinux Disabled on boot
+  selinux: policy=targeted state=disabled
+  
+- name: Configure NTPD
+  template:
+    src: ntp.conf.j2
+    dest: /etc/ntp.conf
+    
+- name: Ensure NTPD enabled and started
+  service: 
+    name: ntpd
+    state: started
+    enabled: yes
+    
+- name: Ensure Hostname/DNS common config
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: etc.sysconfig.network.j2,
+        dest: /etc/sysconfig/network,
+        mode: u+rw
+      }
+    - { src: etc.hosts.j2,
+        dest: /etc/hosts,
+        mode: u=rw,g=r,o=r
+      }
+    - { src: etc.resolv.conf.j2,
+        dest: /etc/resolv.conf,
+        mode: u=rw,g=r,o=r
+      }
+    - { src: sshd_config.j2,
+        dest: /etc/ssh/sshd_config,
+        mode: u=rw
+      }
+  notify: 
+    - Restart NTPD
+    - Restart SSH
+- name: Ensure correct permissions (hosts/resolv.conf)
+  file:
+    path: "{{item}}"
+    state: touch
+    mode: u+rw,g+r,o+r
+  with_items: 
+    - /etc/resolv.conf
+    - /etc/hosts
+  changed_when: false
+  
+- name: Configure yum
+  lineinfile:
+    dest: /etc/yum.conf
+    regexp: "installonly_limit="
+    line: "installonly_limit=2"
+    
+- name: Apply postfix configuration
+  lineinfile: 
+    dest: "{{item.dest}}"
+    regexp: "{{item.regexp}}"
+    line: "{{item.line}}"
+    insertafter: EOF
+  notify: Restart Postfix
+  with_items:
+    - { dest: /etc/postfix/main.cf,
+        regexp: "inet_protocols =",
+        line: "inet_protocols = ipv4"
+      }
+    - { dest: /etc/postfix/main.cf,
+        regexp: "inet_interfaces =",
+        line: "inet_interfaces = all"
+      }
+    - { dest: /etc/postfix/main.cf,
+        regexp: "relayhost =",
+        line: "relayhost = {{ relayhost }}"
+      }
+      
+- name: Ensure Postfix is Started/Enabled
+  service:
+    name: postfix
+    state: started
+    enabled: yes
+
+- name: Ensure root forwarding address is set
+  lineinfile:
+    dest: ~/.forward
+    regexp: "{{ root_email }}"
+    line: "{{ root_email }}"
+    create: yes

templates/etc.hosts.j2

@@ -0,0 +1,13 @@
+#          This file is managed by Ansible              #
+## DO NOT edit manually as changes will be overwritten ##
+
+127.0.0.1   localhost {{ ansible_hostname }}
+::1         localhost {{ ansible_hostname }}
+
+{{ ansible_default_ipv4.address }}  {{ ansible_hostname }}.{{ domain }} {{ ansible_hostname }}
+
+{% if not vendors_hosts is none %}
+    {% for item in vendors_hosts %}
+{{ item.ip }}     {{ item.name }}
+    {% endfor %}
+{% endif %}

templates/etc.resolv.conf.j2

@@ -0,0 +1,10 @@
+#          This file is managed by Ansible              #
+## DO NOT edit manually as changes will be overwritten ##
+
+# Search Domain
+search {{ domain }}
+
+# Use servers configured via Ansible
+{% for server in dns_servers %}
+nameserver {{ server }}
+{% endfor %}

templates/etc.sysconfig.network.j2

@@ -0,0 +1,5 @@
+#          This file is managed by Ansible              #
+## DO NOT edit manually as changes will be overwritten ##
+
+NETWORKING=yes
+HOSTNAME={{ ansible_hostname }}

templates/ntp.conf.j2

@@ -0,0 +1,19 @@
+#          This file is managed by Ansible              #
+## DO NOT edit manually as changes will be overwritten ##
+
+driftfile /var/lib/ntp/drift
+restrict default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
+restrict 127.0.0.1
+restrict -6 ::1
+
+# Use servers configured via Ansible
+{% for server in ntp_servers %}
+server {{ server }}
+{% endfor %}
+
+# Fallback
+server nz.pool.ntp.org
+
+includefile /etc/ntp/crypto/pw
+keys /etc/ntp/keys

templates/sshd_config.j2

@@ -0,0 +1,14 @@
+Protocol 2
+SyslogFacility AUTHPRIV
+PasswordAuthentication yes
+ChallengeResponseAuthentication no
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
+UsePAM yes
+UseDNS no
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+X11Forwarding yes
+Subsystem       sftp    /usr/libexec/openssh/sftp-server