cybercinch/ansible-role-common
1
0
Fork 0
Code Issues Pull Requests Actions Releases 10 Activity

Compare commits

base: cybercinch:v1.1.4
Branches Tags
cybercinch:master cybercinch:2.0.0
cybercinch:v1.1.7 cybercinch:v1.1.6 cybercinch:v1.1.5 cybercinch:v1.1.4 cybercinch:v1.1.3 cybercinch:v1.1.2 cybercinch:v1.1.1 cybercinch:v1.1.0 cybercinch:v1.0.13 cybercinch:v1.0.12 cybercinch:v1.0.11 cybercinch:v1.0.10 cybercinch:v1.0.9 cybercinch:v1.0.8 cybercinch:some-rando-tag-8 cybercinch:some-rando-tag-7 cybercinch:some-rando-tag-6 cybercinch:some-rando-tag-5 cybercinch:some-rando-tag-4 cybercinch:some-rando-tag-3 cybercinch:some-test-tag-1 cybercinch:some-rando-tag cybercinch:v1.0.6-3 cybercinch:v1.0.6-2 cybercinch:v1.0.6-1 cybercinch:v1.0.6 cybercinch:v1.0.5 cybercinch:1.0.5 cybercinch:1.0.4
..
compare: cybercinch:2.0.0
Branches Tags
cybercinch:master cybercinch:2.0.0
cybercinch:v1.1.7 cybercinch:v1.1.6 cybercinch:v1.1.5 cybercinch:v1.1.4 cybercinch:v1.1.3 cybercinch:v1.1.2 cybercinch:v1.1.1 cybercinch:v1.1.0 cybercinch:v1.0.13 cybercinch:v1.0.12 cybercinch:v1.0.11 cybercinch:v1.0.10 cybercinch:v1.0.9 cybercinch:v1.0.8 cybercinch:some-rando-tag-8 cybercinch:some-rando-tag-7 cybercinch:some-rando-tag-6 cybercinch:some-rando-tag-5 cybercinch:some-rando-tag-4 cybercinch:some-rando-tag-3 cybercinch:some-test-tag-1 cybercinch:some-rando-tag cybercinch:v1.0.6-3 cybercinch:v1.0.6-2 cybercinch:v1.0.6-1 cybercinch:v1.0.6 cybercinch:v1.0.5 cybercinch:1.0.5 cybercinch:1.0.4

10 Commits
v1.1.4 ... 2.0.0

Author SHA1 Message Date
Aaron Guise
8ad513bac3 Added sda to expression 2021-10-01 10:33:46 +13:00
Aaron Guise
0c9984e00d Commented defaults, added boolean for set root pw 2021-10-01 10:32:01 +13:00
Aaron Guise
ac94545d69 prefixed admin_group 2021-10-01 10:11:51 +13:00
Aaron Guise
b0655ceae4 Reformat smaller terminal 2021-09-30 23:40:46 +13:00
Aaron Guise
67fe06e119 Another prefix bites the dust 2021-09-30 23:33:36 +13:00
Aaron Guise
d2158ba3fa Add prefix 2021-09-30 23:26:52 +13:00
Aaron Guise
1f3310fe96 Re-add timezone 2021-09-30 23:12:42 +13:00
Aaron Guise
dae99f3168 Add molecule scenario 2021-09-30 22:58:20 +13:00
Aaron Guise
b84bcaa7c7 Migrate to common_ prefixed vars 2021-09-30 22:57:47 +13:00
Aaron Guise
e42d3c8214 Updated defaults prefix with common_ 2021-09-30 22:55:46 +13:00
35 changed files with 259 additions and 738 deletions
Expand all files Collapse all files

8
.ansible-lint
View File

@@ -1,6 +1,2 @@
profile: basic
skip_list: # or 'skip_list' to silence them completely
- experimental # all rules tagged as experimental
- unnamed-task # All tasks should be named
- fqcn-builtins
skip_list:
- role-name

83
.github/workflows/ci.yml vendored
View File

@@ -1,83 +0,0 @@
name: CI
on:
push:
branches:
- "**"
tags:
- "!**"
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.10'
cache: 'pip' # caching pip dependencies
- name: Ensure requirements are installed
run: pip install -r requirements.txt
- name: Lint with ansible-lint
run: ansible-lint -c ".ansible-lint"
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
- name: Lint with yamllint
run: yamllint .
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
molecule:
name: Molecule Test
runs-on: ubuntu-latest
needs: lint
strategy:
fail-fast: true
matrix:
os: [almalinux8, almalinux9]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.10'
cache: 'pip' # caching pip dependencies
- name: Ensure requirements are installed
run: pip install -r requirements.txt
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.os }}
release:
runs-on: ubuntu-latest
needs:
- lint
- molecule
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.22'
- name: Install gitea provider for Go Semantic Release
run: |
mkdir -p .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/ && \
wget https://github.com/cybercinch/go-semantic-release-provider-gitea/releases/download/v${GITEA_PROVIDER_VER}/go-semantic-release-provider-gitea_v${GITEA_PROVIDER_VER}_linux_amd64 \
-O .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/gitea && \
chmod a+x .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/gitea
env:
GITEA_PROVIDER_VER: 1.0.11
- run: |
echo "github repo: ${GITHUB_REPOSITORY}"
echo "env vars: $(env)"
- uses: go-semantic-release/action@v1
with:
custom-arguments: --provider=gitea
env:
GITEA_TOKEN: ${{ secrets.G_TOKEN }}
GITEA_HOST: ${{ secrets.G_SERVER_URL}}

3
.gitignore vendored
View File

@@ -5,14 +5,13 @@
*.idea
# Ignore any retry files from ansible
*.retry
*/.terraform
# Ignore roles
roles/*
!roles/.gitkeep
!files/authorized_keys/
files/authorized_keys/*
!files/authorized_keys/.gitkeep
env/
# Do not commit Vault password
.vault_password.txt

28
.woodpecker/cron.yml
View File

@@ -1,28 +0,0 @@
matrix:
include:
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: almalinux8
clone:
git:
image: woodpeckerci/plugin-git
settings:
recursive: true
submodule_update_remote: true
when:
event: [ cron ]
steps:
test:
name: Test on ${MOLECULE_DISTRO}
image: guisea/ansible-molecule
pull: true
environment:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
when:
event: [ cron ]

43
.woodpecker/lint.yml
View File

@@ -1,43 +0,0 @@
clone:
git:
image: woodpeckerci/plugin-git
settings:
recursive: true
submodule_update_remote: true
when:
event: [ push, manual ]
steps:
ansible-lint:
group: test
name: "Lint: Ansible-lint"
image: guisea/ansible-molecule
environment:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
commands:
- ansible-lint -c ".ansible-lint"
when:
event: [ push, manual ]
yamllint:
group: test
name: "Lint: Yamllint"
image: guisea/ansible-molecule
commands:
- yamllint -f colored .
when:
event: [ push, manual ]
ntfy:
image: codeberg.org/l-x/woodpecker-ntfy
settings:
url: https://ntfy.cybercinch.nz/ci-status
title: "Lint failed for ${CI_REPO_NAME}"
priority: urgent
icon: https://woodpecker-ci.org/img/logo.svg
tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
message: >
📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
${CI_COMMIT_MESSAGE}
when:
event: [ push, manual ]
status: [ failure ]

48
.woodpecker/release.yml
View File

@@ -1,48 +0,0 @@
matrix:
include:
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: almalinux8
- MOLECULE_DISTRO: almalinux9
clone:
git:
image: woodpeckerci/plugin-git
settings:
recursive: true
submodule_update_remote: true
when:
event: [ push ]
steps:
create-release:
name: Test on ${MOLECULE_DISTRO}
image: guisea/ansible-molecule
pull: true
environment:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
#secrets: [ auth_duo_host, auth_duo_ikey, auth_duo_skey, auth_duo_mirror_url ]
when:
event:
- push
- manual
ntfy:
image: codeberg.org/l-x/woodpecker-ntfy
settings:
url: https://ntfy.cybercinch.nz/ci-status
title: "Test failed for ${CI_REPO_NAME} - Distro: ${MOLECULE_DISTRO} Scenario: ${MOLECULE_SCENARIO:-default}"
priority: urgent
icon: https://woodpecker-ci.org/img/logo.svg
tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
message: >
📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
${CI_COMMIT_MESSAGE}
when:
event: [ push, manual ]
status: [ failure ]
depends_on:
- lint

48
.woodpecker/test.yml
View File

@@ -1,48 +0,0 @@
matrix:
include:
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: almalinux8
- MOLECULE_DISTRO: almalinux9
clone:
git:
image: woodpeckerci/plugin-git
settings:
recursive: true
submodule_update_remote: true
when:
event: [ push, manual ]
steps:
test:
name: Test on ${MOLECULE_DISTRO}
image: guisea/ansible-molecule
pull: true
environment:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
#secrets: [ auth_duo_host, auth_duo_ikey, auth_duo_skey, auth_duo_mirror_url ]
when:
event:
- push
- manual
ntfy:
image: codeberg.org/l-x/woodpecker-ntfy
settings:
url: https://ntfy.cybercinch.nz/ci-status
title: "Test failed for ${CI_REPO_NAME} - Distro: ${MOLECULE_DISTRO} Scenario: ${MOLECULE_SCENARIO:-default}"
priority: urgent
icon: https://woodpecker-ci.org/img/logo.svg
tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
message: >
📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
${CI_COMMIT_MESSAGE}
when:
event: [ push, manual ]
status: [ failure ]
depends_on:
- lint

16
.woodpecker/z.ntfy-cron.yml
View File

@@ -1,16 +0,0 @@
skip_clone: true
steps:
ntfy-success:
image: codeberg.org/l-x/woodpecker-ntfy
settings:
url: https://ntfy.cybercinch.nz/ci-status
title: Build succeeded on ${CI_REPO_NAME}
priority: urgent
icon: https://woodpecker-ci.org/img/logo.svg
tags: robot,white_check_mark,${CI_BUILD_EVENT},${CI_REPO_NAME}
message: >
Test success when run by cron for ${CI_REPO_NAME}.
depends_on:
- "cron"
runs_on: [ success ]

20
.woodpecker/z.ntfy.yml
View File

@@ -1,20 +0,0 @@
skip_clone: true
steps:
ntfy:
image: codeberg.org/l-x/woodpecker-ntfy
settings:
url: https://ntfy.cybercinch.nz/ci-status
title: "Build completed for ${CI_REPO_NAME}"
priority: urgent
icon: https://woodpecker-ci.org/img/logo.svg
tags: robot,tada,white_check_mark,${CI_BUILD_EVENT},${CI_REPO_NAME}
message: >
📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
${CI_COMMIT_MESSAGE}
when:
event: [ push, manual ]
status: [ success ]
depends_on:
- lint
- test

16
.woodpecker/zz.ntfy-cron-failed.yml
View File

@@ -1,16 +0,0 @@
skip_clone: true
steps:
ntfy-failed:
image: codeberg.org/l-x/woodpecker-ntfy
settings:
url: https://ntfy.cybercinch.nz/ci-status
title: Build failed on ${CI_REPO_NAME}
priority: urgent
icon: https://woodpecker-ci.org/img/logo.svg
tags: robot,rotating_light,no_entry,${CI_BUILD_EVENT},${CI_REPO_NAME}
message: >
Test failed when run by cron for ${CI_REPO_NAME}.
depends_on:
- "cron"
runs_on: [ failure ]

6
.yamllint
View File

@@ -2,8 +2,6 @@
# Based on ansible-lint config
extends: default
ignore: |
.venv/
rules:
braces:
max-spaces-inside: 1
@@ -28,8 +26,8 @@ rules:
indentation: disable
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: enable
new-line-at-end-of-file: disable
new-lines:
type: unix
trailing-spaces: enable
trailing-spaces: disable
truthy: disable

36
Makefile
View File

@@ -1,36 +0,0 @@
.PHONY: clean virtualenv lint test docker dist dist-upload
clean:
find . -name '*.py[co]' -delete
virtualenv:
virtualenv --prompt '|> ansible-role-common <| ' .venv
.venv/bin/pip install --upgrade pip
.venv/bin/pip install -r requirements.txt
.venv/bin/ansible-galaxy collection install -r requirements.yml
@echo
@echo "VirtualENV Setup Complete. Now run: source .venv/bin/activate"
@echo
test:
for distro in almalinux9 ; do \
MOLECULE_DISTRO=$$distro molecule test --all ; \
done
lint:
@echo "Linting"
@act -j lint
@echo
docker: clean
docker buildx build --platform 'linux/amd64,linux/arm64' --push \
-t hub.cybercinch.nz/cybercinch/imap_retention_manager:latest \
-t docker.io/cybercinch/imap_retention_manager:latest .
dist: clean
rm -rf dist/*
python setup.py sdist
python setup.py bdist_wheel
dist-upload:
twine upload dist/*

73
README.md
View File

@@ -1,89 +1,38 @@
# Common [![status-badge](https://hub.cybercinch.nz/cybercinch/ansible-role-common/actions/workflows/ci.yml/badge.svg)](https://hub.cybercinch.nz/cybercinch/ansible-role-common/actions?workflow=ci.yml)
Role Name
=========
This role is a collection of functionality to ease common setup of Linux based VM's. Some functionality for windows servers is available.
A brief description of the role goes here.
Features:
* Dynamic motd - This displays information to administrators at login.
* Helper commands - These are commands to help with online resizing of Linux Partitions/Drives when running on VMWare.
* Set DNS resolvers for use on the host.
* Install common packages for the host (Win/Linux)
Requirements
Requirements
------------
Nil
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
Role variables can be found in defaults/main.yml
```yaml
domain: exampledomain.com
ad_domain_joined: no
win_timezone: New Zealand Standard Time
vendors_hosts: []
dns_servers:
- 1.0.0.1
- 1.1.1.1
admin_group: admins
common_grub_timeout: 5
postfix_configure: false
common_packages: # Packages we will/would like to install
- nano
- git
- htop
- atop
- wget
- bind-utils
- yum-utils
- unzip
win_packages:
- notepadplusplus.install
- firefoxesr
- baretail
- 7zip.install
apply_win_updates: false
common_show_ipv6: false|bool
common_root_pwd: $y0urp@$$ ## You should always use a vault encrypted string here.
common_root_email: admin@somplace.co.nz # Configures forwarding address for root.
```
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
Nil external dependencies. Requires only builtin functions
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
This is an example playbook. Executes the role overriding two variables.
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
You could alternately set these in host_vars or group_vars:
```yaml
- hosts: server
- hosts: servers
roles:
- { role: cybercinch.common,
common_show_ipv6: true,
common_root_email: iamroot@example.com }
```
- { role: username.rolename, x: 42 }
License
-------
MIT
BSD
Author Information
------------------
This role was created in 2017 by [Aaron Guise](https://guise.net.nz/)
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

57
defaults/main.yml
View File

@@ -1,19 +1,42 @@
---
domain: exampledomain.com
ad_domain_joined: no
win_timezone: New Zealand Standard Time
vendors_hosts: []
# defaults file for cybercinch.common
dns_servers:
# What is the domain name for this machine?
common_domain: exampledomain.com
# Timezone string for Windows nodes
common_win_tz: New Zealand Standard Time
# Timezone string for Linux nodes
common_tz: Pacific/Auckland
# Additional host entries to add to /etc/hosts if required
# e.g
# common_vendors_hosts:
# - ip: 192.168.1.3
# name: an.alias.hostname
# - ip: 192.168.1.4
# name: another.alias.hostname
common_vendors_hosts: []
# What DNS Servers should we use by default
common_dns_servers:
- 1.0.0.1
- 1.1.1.1
admin_group: admins
# The name of the security group for administrators
common_admin_group: admins
# Configuration of Grub boot timeout
common_grub_timeout: 5
postfix_configure: false
# Should we configure postfix?
common_postfix_configure: false
# This relayhost will be set if common_postfix_configure is true
common_postfix_relayhost: some.smtp.server
# Common packages to install in the case of Linux
common_packages:
- nano
- git
@@ -24,14 +47,22 @@ common_packages:
- yum-utils
- unzip
win_packages:
# Common packages to install in the case of Windows
common_win_packages:
- notepadplusplus.install
- firefoxesr
- baretail
- 7zip.install
common_apply_win_updates: false
apply_win_updates: false
# Does this node have ipv6? If so set to true to add ipv4 and ipv6 to Dynamic MOTD
common_show_ipv6: false
common_show_ipv6: false|bool
common_root_pwd: $y0urp@$$
common_root_email: admin@somplace.co.nz
# Want to change the root password?
common_change_root_pwd: false
# The crypted password you wish to set for root password
# Only fires if common_change_root_pwd is true default = false
common_root_pwd: $6$5GG7U/EyDL$L/UkIlhoVABnvjtJl0zGwryjgRF9wNZ5wIAIAVfViROiMUK0tUsuZmO.x87tpDYUJA0QR5pCo4yd.2sLgSlHU0
# This email address is set as the forwarding address for root. Used for notifications.
common_root_email: anemail@someco.com

8
files/helpers/set_dhcp_ip.sh
View File

@@ -1,8 +0,0 @@
#!/bin/bash
# This script will reset the IP Address back to default of DHCP
# helpful for a pending restore
/bin/nmcli c m "System eth0" ipv4.method auto
/bin/nmcli c m "System eth0" ipv4.address "" ipv4.gateway ""
/bin/nmcli connection up "System eth0"

48
files/helpers/set_static_ip.sh
View File

@@ -1,48 +0,0 @@
#!/bin/bash
# get subnet
subnet=$(ip a | grep "inet " | tail -1 | awk '{print $2}')
# get router/gateway
router=$(ip route show | head -1 | awk '{print $3}')
# get size of network portion of address in bytes
sz=$(echo $subnet | awk -F / '{print $2}')
bytes=$(("$sz" / 8))
prefix=$(echo "$subnet" | cut -d. -f1-$bytes) # e.g., 192.168.0
# get IP address to be set
IP=$(hostname -I | awk '{print $1}') # current IP
echo -n "Keep IP address?—$IP [yn]> "
read -r ans
if [ "$ans" == "n" ]; then
echo -n "Enter new IP address: "
read -r IP
# check if specified IP is properly formatted
if [[ ! $IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
echo Invalid IP
fi
# check if specified IP works for local network
if [[ ! $IP =~ ^$prefix ]]; then
echo "ERROR: Specified IP not usable for local network"
exit
fi
fi
# check if specified IP is properly formatted
if [[ ! $IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
echo Invalid IP
fi
# fetch the UUID
UUID=$(nmcli connection show | tail -1 | awk '{print $4}')
if [[ "$UUID" == "ethernet" ]]; then
# This is the other format of nmcli connection show
UUID=$(nmcli connection show | head -2 | tail -1 | awk '{print $3}')
fi
# run commands to set up the permanent IP address
nmcli connection modify "$UUID" IPv4.address "$IP"/"$sz"
nmcli connection modify "$UUID" IPv4.gateway "$router"
nmcli connection modify "$UUID" IPv4.method manual
nmcli connection up "$UUID"

20
handlers/main.yml
View File

@@ -1,33 +1,27 @@
---
# handlers file for guisea.common
- name: Restart Postfix
service:
service:
name: postfix
state: reloaded
- name: Restart SSH
service:
name: sshd
state: restarted
- name: Restart NTPD
service:
name: ntpd
state: restarted
- name: Reboot Windows
- name: reboot windows
win_reboot:
- name: Restart NetworkManager
- name: restart NetworkManager
service:
name: NetworkManager
state: restarted
- name: Check if grub.cfg exists
stat:
path: /boot/grub2/grub.cfg
register: grub_cfg
- name: Update GRUB
command: /usr/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg
when: grub_cfg.stat.exists

46
meta/main.yml
View File

@@ -1,17 +1,45 @@
---
galaxy_info:
author: guisea <aaron@guise.net.nz>
role_name: common # if absent directory name hosting role is used instead
namespace: cybercinch # if absent, author is used instead
description: Commonplace system setup
company: CyberCinch
author: Aaron Guise
namespace: cybercinch
role_name: ansible_role_common
description:
license: MIT
min_ansible_version: "2.9"
min_ansible_version: 2.9
platforms:
- name: EL
versions:
- all
galaxy_tags: []
dependencies: []
- name: Windows
versions:
- all
- name: Amazon
versions:
- all
- name: Ubuntu
versions:
- all
- name: Debian
versions:
- all
#
# Below are all categories currently available. Just as with
# the platforms above, uncomment those that apply to your role.
#
#categories:
#- cloud
#- cloud:ec2
#- cloud:gce
#- cloud:rax
#- clustering
#- database
#- database:nosql
#- database:sql
#- development
#- monitoring
#- networking
#- packaging
#- system
#- web
dependencies: []

4
molecule/default/converge.yml
View File

@@ -2,6 +2,6 @@
- name: Converge
hosts: all
tasks:
- name: "Include common"
- name: "Include ansi-ansible-role-common"
include_role:
name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
name: "ansi-ansible-role-common"

20
molecule/default/molecule.yml
View File

@@ -4,21 +4,11 @@ dependency:
driver:
name: docker
platforms:
- name: molecule-${MOLECULE_DISTRO:-almalinux8}
image: "cybercinch/docker-${MOLECULE_DISTRO:-almalinux8}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: true
- name: instance
image: docker.io/pycontribs/centos:8
pre_build_image: true
privileged: true
provisioner:
name: ansible
env:
MOLECULE_NO_LOG: true
# verifier:
# name: ansible
# lint: |
# set -e
# yamllint .
# ansible-lint
verifier:
name: ansible

8
molecule/default/verify.yml
View File

@@ -5,6 +5,14 @@
hosts: all
gather_facts: false
tasks:
- name: Capture output of dynamic motd
command: /usr/local/bin/dynmotd
register: motd
changed_when: false
- debug:
msg: "{{ motd.stdout.split('\n') }}"
- name: Example assertion
assert:
that: true

6
requirements.txt
View File

@@ -1,6 +0,0 @@
ansible-core<2.17
ansible-compat >= 4
molecule[docker]== 24.2.1
ansible-lint==24.2.2
yamllint==1.35.1
passlib==1.7.4

3
requirements.yml
View File

@@ -1,3 +0,0 @@
collections:
- ansible.windows
- community.general

64
tasks/RedHat.yml
View File

@@ -1,46 +1,31 @@
---
# tasks file for common role
- include_tasks: networking.yml
- include: networking.yml
- name: Ensure common packages (RHEL)
yum:
- name: Ensure common packages
yum:
name: "{{ common_packages }}"
state: present
enablerepo: epel
when: ansible_distribution != 'OracleLinux'
tags: packages
- name: Ensure common packages (OracleLinux)
- name: Ensure common packages
yum:
name: "{{ common_packages }}"
state: present
enablerepo: ol7_developer_EPEL
when: ansible_distribution == 'OracleLinux'
tags: packages
- name: Check if SELinux is installed
stat:
path: /etc/selinux/config
register: se
tags: security
# - name: SELinux Management
# block:
# - name: selinux | Ensure SELinux status
# selinux:
# state: disabled
# register: sestate
# - name: selinux | Message Output
# debug:
# msg: "SELinux {{ sestate.msg }}"
# when: sestate.changed
# when: se.stat.exists
# tags: security
- name: Create admin group
group:
name: "{{ admin_group }}"
state: present
group: name={{ common_admin_group }} state=present
- name: Configure yum limit
lineinfile:
@@ -51,22 +36,33 @@
- name: Ensure Helpers are present
copy:
src: helpers/
dest: /usr/local/bin/
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: u+rwx,g+rx,o+rx
with_items:
- src: helpers/reload_scsi_devices
dest: /usr/local/bin/reload_scsi_devices
- src: helpers/reload_scsi_hosts
dest: /usr/local/bin/reload_scsi_hosts
- name: Ensure Hostname is set
hostname:
name: "{{ inventory_hostname }}.{{ domain }}"
when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
hostname:
name: "{{ inventory_hostname }}.{{ common_domain }}"
when:
- ansible_virtualization_type != "docker"
- name: Change root password
user:
name: root
password: "{{ common_root_pwd | password_hash('sha512') }}"
user:
name: root
password: "{{ common_root_pwd }}"
changed_when: false
when: common_change_root_pwd
tags: rootpw
- include_tasks: grub.yml
- include_tasks: communication.yml
- include_tasks: motd.yml
- name: Set timezone
timezone:
name: "{{ common_tz }}"
- include: grub.yml
- include: communication.yml
- include: motd.yml

11
tasks/Windows.yml
View File

@@ -11,14 +11,14 @@
state: present
update_password: always
changed_when: false
- name: Ensure System Culture Set
win_region:
location: 183
format: en-NZ
unicode_language: en-NZ
copy_settings: true
- name: Ensure DNS is set
win_dns_client:
adapter_names: "*"
@@ -30,7 +30,7 @@
admin_password: "{{ vault_ad_password }}"
domain_name: "{{ authconfig_domain }}"
when: ad_domain_joined
notify: Reboot Windows
notify: reboot windows
- meta: flush_handlers
- name: Ensure Important dirs exist
@@ -40,7 +40,7 @@
with_items:
- 'C:\Temp'
- 'C:\Tools'
#- name: Ensure Profile Tool Present
# win_copy:
# src: Defprof.exe
@@ -53,7 +53,7 @@
- name: Apply Windows Updates
win_updates:
when: apply_windows_updates
notify: Reboot Windows
notify: reboot windows
- meta: flush_handlers
- name: Ensure default applications installed
@@ -61,3 +61,4 @@
name: "{{ item }}"
state: present
with_items: "{{ win_packages }}"

5
tasks/common.yml
View File

@@ -1,5 +0,0 @@
---
- include_tasks: networking.yml
- include_tasks: communication.yml
- include_tasks: grub.yml
- include_tasks: motd.yml

31
tasks/communication.yml
View File

@@ -1,44 +1,39 @@
---
- name: Postfix Configuration
when: postfix_configure
block:
- name: Postfix | Apply postfix configuration
- name: postfix | Apply postfix configuration
lineinfile:
dest: "{{ configurations.dest }}"
regexp: "{{ configurations.regexp }}"
line: "{{ configurations.line }}"
dest: "{{item.dest}}"
regexp: "{{item.regexp}}"
line: "{{item.line}}"
insertafter: EOF
notify: Restart Postfix
when: "'SMTP0' not in inventory_hostname"
with_items:
- {
dest: /etc/postfix/main.cf,
- { dest: /etc/postfix/main.cf,
regexp: "^.?inet_protocols =",
line: "inet_protocols = ipv4",
line: "inet_protocols = ipv4"
}
- {
dest: /etc/postfix/main.cf,
- { dest: /etc/postfix/main.cf,
regexp: "^.?inet_interfaces =",
line: "inet_interfaces = all",
line: "inet_interfaces = all"
}
- {
dest: /etc/postfix/main.cf,
- { dest: /etc/postfix/main.cf,
regexp: "^.?relayhost =",
line: "relayhost = {{ relayhost }}",
line: "relayhost = {{ common_postfix_relayhost }}"
}
- {
dest: /etc/postfix/main.cf,
regexp: "^.?smtp_randomize_addresses =",
line: "smtp_randomize_addresses = no",
line: "smtp_randomize_addresses = no"
}
loop_control:
loop_var: configurations
- name: Postfix | Ensure Postfix is Started/Enabled
- name: postfix | Ensure Postfix is Started/Enabled
service:
name: postfix
state: started
enabled: yes
when: common_postfix_configure
- name: Ensure root forwarding address is set
lineinfile:

8
tasks/grub.yml
View File

@@ -18,9 +18,7 @@
option: GRUB_TIMEOUT
value: "{{ common_grub_timeout }}"
no_extra_spaces: yes
when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version > '6'"
notify:
- Check if grub.cfg exists
- Update GRUB
when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'"
notify: Update GRUB
tags:
- grub
- grub

9
tasks/main.yml
View File

@@ -1,9 +1,2 @@
---
- name: Include tasks only if one of the files exist, otherwise skip the task
include_tasks: "{{ item }}"
vars:
params:
files:
- "{{ ansible_os_family }}.yml"
- "common.yml"
loop: "{{ q('first_found', params, errors='ignore') }}"
- include: "{{ ansible_os_family }}.yml"

2
tasks/motd.yml
View File

@@ -16,4 +16,4 @@
dest: /etc/profile.d/motd.sh
regexp: "^/usr/local/bin/dynmotd"
line: "/usr/local/bin/dynmotd"
create: yes
create: yes

93
tasks/networking.yml
View File

@@ -1,79 +1,54 @@
---
- name: What is virtualization type?
debug:
msg: "Virtualization is: {{ ansible_virtualization_type }}"
- name: Ensure Network Setup (RedHat only)
- name: Ensure resolvers set
template:
src: "{{ network_config.src }}"
dest: "{{ network_config.dest }}"
mode: "{{ network_config.mode }}"
backup: yes
with_items:
- {
src: etc.sysconfig.network.j2,
dest: /etc/sysconfig/network,
mode: u+rw,
a+r,
}
when: >
ansible_virtualization_type != "docker"
and ansible_virtualization_type != "container"
and ansible_os_family == "RedHat"
loop_control:
loop_var: network_config
src: etc.resolv.conf.j2
dest: /etc/resolv.conf
mode: u+rw,a+r
tags: dns
when:
- ansible_virtualization_type != "docker"
- name: Ensure Resolvers Configured
- name: Ensure DNS and SSH common config
template:
src: "{{ network_config.src }}"
dest: "{{ network_config.dest }}"
mode: "{{ network_config.mode }}"
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
backup: yes
with_items:
- { src: etc.resolv.conf.j2, dest: /etc/resolv.conf, mode: u+rw, a+r }
when: >
ansible_virtualization_type != "docker"
and ansible_virtualization_type != "container"
loop_control:
loop_var: network_config
- { src: etc.sysconfig.network.j2,
dest: /etc/sysconfig/network,
mode: u+rw,a+r
}
tags: dns
- name: Ensure hosts file correct
lineinfile:
dest: /etc/hosts
regexp: "{{ hosts_config.regexp }}"
line: "{{ hosts_config.line }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
backrefs: yes
backup: yes
with_items:
- {
regexp: "^127.0.0.1.+localdomain4$",
line: "127.0.0.1 localhost {{ inventory_hostname }}",
- {regexp: "^127.0.0.1.+localdomain4$",
line: "127.0.0.1 localhost {{ inventory_hostname }}"
}
- {
regexp: "^::1.+localdomain6$",
line: "::1 localhost {{ inventory_hostname }}",
- {regexp: "^::1.+localdomain6$",
line: "::1 localhost {{ inventory_hostname }}"
}
- {
regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}",
- {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }}.{{ common_domain }} {{ inventory_hostname }}"
}
- {
regexp: "^127.0.0.1.+{{ ansible_nodename.split('.')[0] }}$",
line: "127.0.0.1 localhost {{ inventory_hostname }}",
- {regexp: "^127.0.0.1.+{{ ansible_nodename.split('.')[0] }}$",
line: "127.0.0.1 localhost {{ inventory_hostname }}"
}
- {
regexp: "^::1.+{{ ansible_nodename.split('.')[0] }}$",
line: "::1 localhost {{ inventory_hostname }}",
- {regexp: "^::1.+{{ ansible_nodename.split('.')[0] }}$",
line: "::1 localhost {{ inventory_hostname }}"
}
- {
regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_nodename.split('.')[0] }}$",
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}",
- {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_nodename.split('.')[0] }}$",
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }}.{{ common_domain }} {{ inventory_hostname }}"
}
loop_control:
loop_var: hosts_config
when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
when:
- ansible_virtualization_type != "docker"
- name: Ensure NetworkManager does not fiddle DNS
ini_file:
@@ -84,18 +59,16 @@
backup: yes
when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == "7")
notify:
- Restart NetworkManager
- restart NetworkManager
changed_when: false
- name: Ensure correct permissions (hosts/resolv.conf)
file:
path: "{{ perm_config }}"
path: "{{item}}"
state: touch
mode: u+rw,g+r,a+r
with_items:
- /etc/resolv.conf
- /etc/hosts
loop_control:
loop_var: perm_config
changed_when: false
tags: dns
tags: dns

118
templates/dynmotd
View File

@@ -15,42 +15,41 @@
# /usr/local/bin/dynmotd
#
if getent group "{{ admin_group }}" | grep -qw "$(whoami)"; then
USER=`/usr/bin/env whoami`
HOSTNAME=`/usr/bin/env uname -n | /usr/bin/env cut -d. -f1`
IP=`/usr/bin/env ip route get 1 | /usr/bin/env grep -Po '(?<=src.)[\w\d.]+'`
IP6=`/usr/bin/env ip -6 addr | /usr/bin/env awk -F '[ \t]+|/' '$3 == "::1" { next;} $3 ~ /^fe80::/ { next ; } /inet6/ {print $3} '`
NUM_CPU=`cat /proc/cpuinfo | grep processor | wc -l`
#ROOT=`/usr/bin/df / -x fuse.gvfs-fuse-daemon -Ph | /usr/bin/egrep -i 'root|logvol|vda' | awk '{print $4}' | tr -d '\n'`
#HOME=`/usr/bin/df /home -x fuse.gvfs-fuse-daemon -Ph | grep home | awk '{print $4}' | tr -d '\n'`
#BACKUP=`/usr/bin/df -x fuse.gvfs-fuse-daemon -Ph | grep backup | awk '{print $4}' | tr -d '\n'`
FILESYSTEMS=`cat /etc/fstab | grep -v '#' | grep -v 'swap' | grep -v 'proc' | awk '{if(NF>0) {print $2}}'`
MEMORY=`/usr/bin/env free -m | /usr/bin/env grep "Mem" | /usr/bin/env awk '{print $2,"-",$3,"-",$4}'`
SWAP=`/usr/bin/env free -m | /usr/bin/env grep "Swap" | /usr/bin/env awk '{print $2,"-",$3,"-",$4}'`
PSA=`/usr/bin/env ps -Afl | /usr/bin/env wc -l`
USER=`/usr/bin/whoami`
HOSTNAME=`/usr/bin/uname -n | /usr/bin/cut -d. -f1`
IP=`/usr/sbin/ip route get 1 | grep -Po '(?<=src.)[\w\d.]+'`
IP6=`/sbin/ip -6 addr | awk -F '[ \t]+|/' '$3 == "::1" { next;} $3 ~ /^fe80::/ { next ; } /inet6/ {print $3} '`
NUM_CPU=`/usr/bin/lscpu | /usr/bin/grep "CPU(s):" | /usr/bin/head -n 1 | /usr/bin/awk '{print $2}'`
ROOT=`/usr/bin/df / -x fuse.gvfs-fuse-daemon -Ph | /usr/bin/egrep -i 'root|logvol|vda|sda' | awk '{print $4}' | tr -d '\n'`
HOME=`/usr/bin/df /home -x fuse.gvfs-fuse-daemon -Ph | grep home | awk '{print $4}' | tr -d '\n'`
BACKUP=`/usr/bin/df -x fuse.gvfs-fuse-daemon -Ph | grep backup | awk '{print $4}' | tr -d '\n'`
# time of day
HOUR=$(/usr/bin/env date +"%H")
if [ $HOUR -lt 12 -a $HOUR -ge 0 ]
then TIME="morning"
elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
then TIME="afternoon"
else
MEMORY=`/usr/bin/free -m | /usr/bin/grep "Mem" | /usr/bin/awk '{print $2,"-",$3,"-",$4}'`
SWAP=`/usr/bin/free -m | /usr/bin/grep "Swap" | /usr/bin/awk '{print $2,"-",$3,"-",$4}'`
PSA=`/usr/bin/ps -Afl | wc -l`
# time of day
HOUR=$(/usr/bin/date +"%H")
if [ $HOUR -lt 12 -a $HOUR -ge 0 ]
then TIME="morning"
elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
then TIME="afternoon"
else
TIME="evening"
fi
fi
#System uptime
uptime=`/usr/bin/env cat /proc/uptime | cut -f1 -d.`
upDays=$((uptime/60/60/24))
upHours=$((uptime/60/60%24))
upMins=$((uptime/60%60))
upSecs=$((uptime%60))
#System uptime
uptime=`/usr/bin/cat /proc/uptime | cut -f1 -d.`
upDays=$((uptime/60/60/24))
upHours=$((uptime/60/60%24))
upMins=$((uptime/60%60))
upSecs=$((uptime%60))
#System load
LOADAVG=`/usr/bin/env cat /proc/loadavg`
LOAD1=`echo $LOADAVG | /usr/bin/env awk {'print $1'}`
LOAD5=`echo $LOADAVG | /usr/bin/env awk {'print $2'}`
LOAD15=`echo $LOADAVG | /usr/bin/env awk {'print $3'}`
#System load
LOADAVG=`/usr/bin/cat /proc/loadavg`
LOAD1=`echo $LOADAVG | /usr/bin/awk {'print $1'}`
LOAD5=`echo $LOADAVG | /usr/bin/awk {'print $2'}`
LOAD15=`echo $LOADAVG | /usr/bin/awk {'print $3'}`
echo ""
echo -e "\e[7m--- GOOD $TIME $USER ----\e[0m"
@@ -62,43 +61,24 @@ COLOR_COLUMN="\e[1m-"
COLOR_VALUE="\e[31m"
RESET_COLORS="\e[0m"
echo -e "
===========================================================================
$COLOR_COLUMN- Hostname$RESET_COLORS............: $COLOR_VALUE $HOSTNAME $RESET_COLORS
==========================================================================
$COLOR_COLUMN- Hostname$RESET_COLORS............: $COLOR_VALUE $HOSTNAME $RESET_COLORS
{% if common_show_ipv6 == true %}
$COLOR_COLUMN- IP Address (Main v4)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
$COLOR_COLUMN- IP Address (Main v6)$RESET_COLORS: $COLOR_VALUE $IP6 $RESET_COLORS
{% else %}
$COLOR_COLUMN- IP Address (Default)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
$COLOR_COLUMN- IP Address (Main v4)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
$COLOR_COLUMN- IP Address (Main v6)$RESET_COLORS: $COLOR_VALUE $IP6 $RESET_COLORS
{% else %} $COLOR_COLUMN- IP Address (Default)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
{% endif %}
{% if ansible_distribution == "Alpine" %}
$COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE Alpine `/usr/bin/env cat /etc/os-release` $RESET_COLORS
{% else %}
$COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE `/usr/bin/env cat /etc/os-release | /usr/bin/env grep PRETTY_NAME | /usr/bin/env cut -d '"' -f 2` $RESET_COLORS
{% endif %}
{% if ansible_distribution != "Alpine" %}
$COLOR_COLUMN- Users$RESET_COLORS...............: $COLOR_VALUE Currently `users | wc -w` user(s) logged on $RESET_COLORS
{% endif %}
=========================================================================== $RESET_COLORS
$COLOR_COLUMN- Current user$RESET_COLORS........: $COLOR_VALUE $USER $RESET_COLORS
$COLOR_COLUMN- Number of CPU$RESET_COLORS.......: $COLOR_VALUE $NUM_CPU $RESET_COLORS
$COLOR_COLUMN- CPU usage$RESET_COLORS...........: $COLOR_VALUE $LOAD1 - $LOAD5 - $LOAD15 (1-5-15 min) $RESET_COLORS
$COLOR_COLUMN- Memory used$RESET_COLORS.........: $COLOR_VALUE $MEMORY (total-used-free) $RESET_COLORS
$COLOR_COLUMN- Swap in use$RESET_COLORS.........: $COLOR_VALUE $SWAP (total-used-free) MB $RESET_COLORS
$COLOR_COLUMN- Processes$RESET_COLORS...........: $COLOR_VALUE $PSA running $RESET_COLORS
$COLOR_COLUMN- System uptime$RESET_COLORS.......: $COLOR_VALUE $upDays days $upHours hours $upMins minutes $upSecs seconds $RESET_COLORS
{% if ansible_virtualization_type != "lxc" %}
$COLOR_COLUMN- Disk space$RESET_COLORS..........: "
for FS in ${FILESYSTEMS}; do
echo -e "$COLOR_COLUMN- ..........$RESET_COLORS..........: $COLOR_VALUE `df -H ${FS} | grep -v 'Filesystem' | grep -v '^[[:space:]]*$' | awk '{print $6 \" \" $4}'` remaining $RESET_COLORS"
done
{% endif %}
echo -e "
===========================================================================
$COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE `cat {{ ansible_distribution_file_path }}` $RESET_COLORS
$COLOR_COLUMN- Users$RESET_COLORS...............: $COLOR_VALUE Currently `users | wc -w` user(s) logged on $RESET_COLORS
========================================================================== $RESET_COLORS
$COLOR_COLUMN- Current user$RESET_COLORS........: $COLOR_VALUE $USER $RESET_COLORS
$COLOR_COLUMN- Number of CPU$RESET_COLORS.......: $COLOR_VALUE $NUM_CPU $RESET_COLORS
$COLOR_COLUMN- CPU usage$RESET_COLORS...........: $COLOR_VALUE $LOAD1 - $LOAD5 - $LOAD15 (1-5-15 min) $RESET_COLORS
$COLOR_COLUMN- Memory used$RESET_COLORS.........: $COLOR_VALUE $MEMORY (total-used-free) $RESET_COLORS
$COLOR_COLUMN- Swap in use$RESET_COLORS.........: $COLOR_VALUE $SWAP (total-used-free) MB $RESET_COLORS
$COLOR_COLUMN- Processes$RESET_COLORS...........: $COLOR_VALUE $PSA running $RESET_COLORS
$COLOR_COLUMN- System uptime$RESET_COLORS.......: $COLOR_VALUE $upDays days $upHours hours $upMins minutes $upSecs seconds $RESET_COLORS
$COLOR_COLUMN- Disk space$RESET_COLORS..........: $COLOR_VALUE $ROOT remaining $RESET_COLORS
==========================================================================
`/usr/bin/cat /etc/motd`
"
if [ -f /etc/motd ]; then
/usr/bin/env cat /etc/motd
fi
else
# Just exit :)
exit 0
fi;

2
templates/etc.hosts.j2
View File

@@ -4,7 +4,7 @@
127.0.0.1 localhost {{ ansible_hostname }}
::1 localhost {{ ansible_hostname }}
{{ ansible_default_ipv4.address }} {{ ansible_hostname }}.{{ domain }} {{ ansible_hostname }}
{{ ansible_default_ipv4.address }} {{ ansible_hostname }}.{{ common_domain }} {{ ansible_hostname }}
{# note: below block takes a list of ip -> name mappings
applying them to the hosts file should the variable be

4
templates/etc.resolv.conf.j2
View File

@@ -2,9 +2,9 @@
## DO NOT edit manually as changes will be overwritten ##
# Search Domain
search {{ domain }}
search {{ common_domain }}
# Use servers configured via Ansible
{% for server in dns_servers %}
{% for server in common_dns_servers %}
nameserver {{ server }}
{% endfor %}

2
templates/etc.sysconfig.network.j2
View File

@@ -2,4 +2,4 @@
## DO NOT edit manually as changes will be overwritten ##
NETWORKING=yes
HOSTNAME={{ inventory_hostname }}.{{ domain }}
HOSTNAME={{ inventory_hostname }}.{{ common_domain }}