From 736e64aed063da39fe7b6b0c631ba5f82f5c892e Mon Sep 17 00:00:00 2001 From: David Rotermund Date: Tue, 16 Apr 2024 20:06:17 +0200 Subject: [PATCH] Add files via upload --- README.md | 13 +-- backup_cups.yaml | 38 +++++++++ backup_dns.yaml | 38 +++++++++ install_checkmk_client_phase_b.yaml | 3 + install_cups.yaml | 89 ++++++++++++++++++++ install_semaphore.yaml | 122 ++++++++++++++++++++++++++-- update_cups.yaml | 19 +++++ 7 files changed, 302 insertions(+), 20 deletions(-) create mode 100644 backup_cups.yaml create mode 100644 backup_dns.yaml create mode 100644 install_cups.yaml create mode 100644 update_cups.yaml diff --git a/README.md b/README.md index fb376b4..80e729a 100644 --- a/README.md +++ b/README.md @@ -15,15 +15,6 @@ echo ansibleuser:$passwd_value | chpasswd echo "ansibleuser ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible ``` -## Beware of SELinux - -``` -cat /etc/selinux/config | sed s/"$SELINUX=enforcing"/"SELINUX=disabled"/g > /etc/selinux/config_xxx -\cp /etc/selinux/config_xxx /etc/selinux/config -\rm /etc/selinux/config_xxx -reboot -``` - # How to make the server ready Once: @@ -36,9 +27,7 @@ ssh-keygen And then for every computer: ``` -ip="computername" passwd_value="PUT_A_PASSWORD_HERE" -sshpass -p "$passwd_value" ssh-copy-id -o "StrictHostKeyChecking accept-new" ansibleuser@$ip -scp ~/.ssh/id* ansibleuser@$ip:~/.ssh +sshpass -p "$passwd_value" ssh-copy-id -o "StrictHostKeyChecking accept-new" ansibleuser@COMPUTERNAME ``` diff --git a/backup_cups.yaml b/backup_cups.yaml new file mode 100644 index 0000000..aee1586 --- /dev/null +++ b/backup_cups.yaml @@ -0,0 +1,38 @@ +--- +- name: backup cups + hosts: all + become: true + gather_facts: true + + tasks: + + - name: make backup folder + ansible.builtin.file: + path: "/cups_backup/" + owner: "ansibleuser" + group: "ansibleuser" + mode: '0700' + state: "directory" + + - name: delete old file + ansible.builtin.file: + path: "/cups_backup/cups_{{ ansible_hostname }}.tgz" + state: "absent" + + - name: create archive + community.general.archive: + dest: "/cups_backup/cups_{{ ansible_hostname }}.tgz" + path: "/etc/cups" + owner: "ansibleuser" + + - name: create sudo permision + lineinfile: + path: "/etc/sudoers.d/root" + create: true + state: present + line: "root ALL=(ansibleuser) NOPASSWD: ALL" + + - name: scp file into safety + ansible.builtin.shell: 'scp -o "StrictHostKeyChecking accept-new" /cups_backup/cups_{{ ansible_hostname }}.tgz ansibleuser@10.10.0.2:/home/backup_ansible/' + become: false + diff --git a/backup_dns.yaml b/backup_dns.yaml new file mode 100644 index 0000000..ad30023 --- /dev/null +++ b/backup_dns.yaml @@ -0,0 +1,38 @@ +--- +- name: backup docker volume + hosts: all + become: true + gather_facts: true + + tasks: + + - name: make backup folder + ansible.builtin.file: + path: "/docker_backup/" + owner: "ansibleuser" + group: "ansibleuser" + mode: '0700' + state: "directory" + + - name: delete old file + ansible.builtin.file: + path: "/docker_backup/docker_volume_{{ ansible_hostname }}.tgz" + state: "absent" + + - name: create archive + community.general.archive: + dest: "/docker_backup/docker_volume_{{ ansible_hostname }}.tgz" + path: "/var/lib/docker/volumes" + owner: "ansibleuser" + + - name: create sudo permision + lineinfile: + path: "/etc/sudoers.d/root" + create: true + state: present + line: "root ALL=(ansibleuser) NOPASSWD: ALL" + + - name: scp file into safety + ansible.builtin.shell: 'scp -o "StrictHostKeyChecking accept-new" /docker_backup/docker_volume_{{ ansible_hostname }}.tgz ansibleuser@10.10.0.2:/home/backup_ansible/' + become: false + diff --git a/install_checkmk_client_phase_b.yaml b/install_checkmk_client_phase_b.yaml index b1af752..175c171 100644 --- a/install_checkmk_client_phase_b.yaml +++ b/install_checkmk_client_phase_b.yaml @@ -7,3 +7,6 @@ - name: register check client shell: "myhostname=`hostname` ; cmk-agent-ctl register --server 10.10.0.3:8000 --site cmk --user automation --trust-cert --password '{{ password }}' --hostname $myhostname" + +# firewall-cmd --zone=public --add-port=6556/tcp --permanent +# firewall-cmd --zone=public --add-port=6556/tcp diff --git a/install_cups.yaml b/install_cups.yaml new file mode 100644 index 0000000..1db110f --- /dev/null +++ b/install_cups.yaml @@ -0,0 +1,89 @@ +--- +- name: install cups + hosts: all + become: true + + tasks: + + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: install client + ansible.builtin.dnf: + name: "http://10.10.0.3/cmk/check_mk/agents/check-mk-agent-2.2.0p24-1.noarch.rpm" + state: present + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + disable_gpg_check: true + + - name: ldap + include_tasks: yaml_sub/ldap.yaml + + - name: sssd + include_tasks: yaml_sub/sssd.yaml + + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: install nfs tools + dnf: + name: nfs-utils,nfs-utils-coreos,nfsv4-client-utils,rpcbind + state: present + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + + - name: Make sure rpcbind service unit is started + systemd_service: + enabled: true + state: started + name: rpcbind + + - name: mount_info + include_tasks: yaml_sub/mount_info.yaml + + - name: install cups + ansible.builtin.dnf: + name: cups,cups-client,cups-libs,cups-lpd,hplip,gutenprint,gutenprint-cups + state: present + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + disablerepo: + - oneAPI + + - name: Set Cups (2) + lineinfile: + path: /etc/cups/cupsd.conf + state: absent + line: "Listen localhost:631" + create: true + + - name: Set Cups (2) + lineinfile: + path: /etc/cups/cupsd.conf + state: present + line: "Listen *:631" + create: true + + - name: Make sure cups is started + systemd_service: + name: cups + enabled: true + state: started + + - name: Make sure cups-browsed is started + systemd_service: + name: cups-browsed + enabled: true + state: started + diff --git a/install_semaphore.yaml b/install_semaphore.yaml index 2c69900..38986a0 100644 --- a/install_semaphore.yaml +++ b/install_semaphore.yaml @@ -4,10 +4,92 @@ become: true tasks: + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: install client + ansible.builtin.dnf: + name: "http://10.10.0.3/cmk/check_mk/agents/check-mk-agent-2.2.0p24-1.noarch.rpm" + state: present + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + disable_gpg_check: true + + - name: ldap + include_tasks: yaml_sub/ldap.yaml + + - name: sssd + include_tasks: yaml_sub/sssd.yaml + + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: install nfs tools + dnf: + name: nfs-utils,nfs-utils-coreos,nfsv4-client-utils,rpcbind + state: present + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + + - name: Make sure rpcbind service unit is started + systemd_service: + enabled: true + state: started + name: rpcbind + + - name: mount_info + include_tasks: yaml_sub/mount_info.yaml - name: remove other files include_tasks: yaml_sub/install_docker.yaml + - name: install python3-request + dnf: + name: python3-requests+security + state: present + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + + - name: Create network semaphoreNet + community.docker.docker_network: + name: semaphoreNet + + - name: Create volume semaphore_maria_db + community.docker.docker_volume: + name: semaphore_maria_db + state: present + + - name: Create mariab container + community.docker.docker_container: + name: semaphoremariadb + image: mariadb + state: started + recreate: no + restart_policy: always + env: + MARIADB_DATABASE: "semaphore" + MARIADB_USER: "semaphore" + MARIADB_PASSWORD: "{{ sqlpwd }}" + MARIADB_ROOT_PASSWORD : "{{ sqlrootpwd }}" + MYSQL_ROOT_HOST: '%' + networks: + - name: semaphoreNet + comparisons: + networks: strict + volumes: + - "semaphore_maria_db:/var/lib/mysql" + - name: Create volume semaphore_etc community.docker.docker_volume: name: semaphore_etc @@ -18,6 +100,11 @@ name: semaphore_lib state: present + - name: Create volume semaphore_tmp + community.docker.docker_volume: + name: semaphore_tmp + state: present + - name: Create semaphore container community.docker.docker_container: name: semaphore @@ -28,14 +115,33 @@ published_ports: - "3000:3000/tcp" volumes: - - semaphore_etc:/etc/semaphore - - semaphore_lib:/var/lib/semaphore + - "semaphore_etc:/etc/semaphore" + - "semaphore_lib:/var/lib/semaphore" + - "semaphore_tmp:/tmp/semaphore/" env: - SEMAPHORE_DB_DIALECT: bolt - SEMAPHORE_ADMIN_PASSWORD: changeme - SEMAPHORE_ADMIN_NAME: admin - SEMAPHORE_ADMIN_EMAIL: davrot@uni-bremen.de - SEMAPHORE_ADMIN: admin - TZ: Europe/Berlin + SEMAPHORE_DB_USER: "semaphore" + SEMAPHORE_DB_PASS: "{{ sqlpwd }}" + SEMAPHORE_DB_HOST: "semaphoremariadb" + SEMAPHORE_DB_PORT: "3306" + SEMAPHORE_DB_DIALECT: "mysql" + SEMAPHORE_DB: "semaphore" + SEMAPHORE_PLAYBOOK_PATH: "/tmp/semaphore/" + + SEMAPHORE_ADMIN_PASSWORD: "{{ semapwd }}" + SEMAPHORE_ADMIN_NAME: "admin" + SEMAPHORE_ADMIN_EMAIL: "davrot@uni-bremen.de" + SEMAPHORE_ADMIN: "admin" + + SEMAPHORE_ACCESS_KEY_ENCRYPTION: "{{ semakey }}" + + SEMAPHORE_LDAP_ACTIVATED: 'no' + + TZ: "Europe/Berlin" + + networks: + - name: semaphoreNet + - name: bridge + comparisons: + networks: strict diff --git a/update_cups.yaml b/update_cups.yaml new file mode 100644 index 0000000..6b43567 --- /dev/null +++ b/update_cups.yaml @@ -0,0 +1,19 @@ +--- +- name: update cups setting + hosts: all + become: true + + tasks: + - name: Unset Cups + lineinfile: + path: /etc/cups/client.conf + state: absent + line: "ServerName 10.10.10.16" + create: true + + - name: Set Cups + lineinfile: + path: /etc/cups/client.conf + state: present + line: "ServerName 10.10.0.8" + create: true