From 36dddd6f03015f81b11fb308be2946ff242c23c7 Mon Sep 17 00:00:00 2001 From: Marc Ahlgrim Date: Thu, 1 Sep 2022 08:41:26 +0200 Subject: [PATCH] added examples Signed-off-by: Marc Ahlgrim --- examples/inventory/10-static.yaml | 42 ++++++++++++++ examples/inventory/20-nmap.yaml | 5 ++ examples/inventory/30-pve-proxmox.yaml | 9 +++ examples/inventory/50-zabbix_inventory.yaml | 21 +++++++ examples/inventory/99-construct.yaml | 14 +++++ examples/playbooks/deploy-ansible.yaml | 61 +++++++++++++++++++++ examples/playbooks/lockdownssh.yaml | 42 ++++++++++++++ examples/playbooks/show_ansible_facts.yaml | 33 +++++++++++ examples/playbooks/windows_samples.yaml | 31 +++++++++++ install_ansible_rundeck.sh | 2 +- 10 files changed, 259 insertions(+), 1 deletion(-) create mode 100644 examples/inventory/10-static.yaml create mode 100644 examples/inventory/20-nmap.yaml create mode 100644 examples/inventory/30-pve-proxmox.yaml create mode 100644 examples/inventory/50-zabbix_inventory.yaml create mode 100644 examples/inventory/99-construct.yaml create mode 100644 examples/playbooks/deploy-ansible.yaml create mode 100644 examples/playbooks/lockdownssh.yaml create mode 100644 examples/playbooks/show_ansible_facts.yaml create mode 100644 examples/playbooks/windows_samples.yaml diff --git a/examples/inventory/10-static.yaml b/examples/inventory/10-static.yaml new file mode 100644 index 0000000..7ce6ea2 --- /dev/null +++ b/examples/inventory/10-static.yaml @@ -0,0 +1,42 @@ +all: + vars: + ansible_python_interpreter: /usr/bin/python3 + ansible_connection: ssh + ansible_user: ansiblessh + hosts: + children: + Windows: + hosts: + sampleWindowsHost: + vars: + ansible_user: "ansibleWin" + ansible_password: {{ansibleWinPassword}} + ansible_connection: winrm + ansible_winrm_transport: credssp + ansible_winrm_server_cert_validation: ignore + Dropbear: + vars: + ansible_user: root + Routers: + hosts: + sampleOpenWrtRouter: + ansible_host: 192.168.1.1 + vars: + ansible_user: root + nopython: + vars: + ansible_python_interpreter: /usr/bin/false + cloud: + hosts: + sampleCloudHost: + ansible_host: sdsgfdaflhksh.online-server.cloud + sampleCloudHost2: + ansible_host: v6823468956489275648763.happysrv.de + vars: + ansible_user: ansiblessh + ansible_port: 4444 + rundeckhost: + hosts: + rundeck: + vars: + ansible_connection: local diff --git a/examples/inventory/20-nmap.yaml b/examples/inventory/20-nmap.yaml new file mode 100644 index 0000000..37874d0 --- /dev/null +++ b/examples/inventory/20-nmap.yaml @@ -0,0 +1,5 @@ +plugin: community.general.nmap +strict: False +address: 192.168.1.0/24 +sudo: yes +cache: yes diff --git a/examples/inventory/30-pve-proxmox.yaml b/examples/inventory/30-pve-proxmox.yaml new file mode 100644 index 0000000..cc70a60 --- /dev/null +++ b/examples/inventory/30-pve-proxmox.yaml @@ -0,0 +1,9 @@ +plugin: community.general.proxmox +url: https://yourproxmoxserver:8006 +user: api@pve +token_id: apitoken +token_secret: YOUR-API-TOKEN-SECRET-HERE +want_facts: true +want_proxmox_nodes_ansible_host: true +#compose: +# ansible_host: proxmox_ipconfig0.ip | default(proxmox_net0.ip) | ipaddr('address') diff --git a/examples/inventory/50-zabbix_inventory.yaml b/examples/inventory/50-zabbix_inventory.yaml new file mode 100644 index 0000000..c4f3cff --- /dev/null +++ b/examples/inventory/50-zabbix_inventory.yaml @@ -0,0 +1,21 @@ +plugin: community.zabbix.zabbix_inventory +server_url: http://yourzabbixserver/zabbix +login_user: api +login_password: YOUR-ZABBIX-API-PASSWORD-HERE +host_zapi_query: + selectApplications: ['name', 'applicationid'] + selectParentTemplates: ['name'] + selectGroups: ['name'] +validate_certs: false +groups: + zbx_enabled: zbx_status == "0" + zbx_disabled: zbx_status == "1" + Debian: "'ansible.Debian' in (zbx_groups | join)" + zbx_Ansible: "'ansible' in (zbx_groups | join)" + NoAnsible: "'ansible' not in (zbx_groups | join)" + Dropbear: "'ansible.Dropbear' in (zbx_groups | join)" + nopython: "'ansible.NoPython' in (zbx_groups | join)" + Routers: "'ansible.Routers' in (zbx_groups | join)" + MultiMedia: "'Multimedia' in (zbx_groups | join)" + kodi: "'Kodi' in (zbx_groups | join)" + diff --git a/examples/inventory/99-construct.yaml b/examples/inventory/99-construct.yaml new file mode 100644 index 0000000..9f52022 --- /dev/null +++ b/examples/inventory/99-construct.yaml @@ -0,0 +1,14 @@ +plugin: constructed +strict: False + +groups: + Routers: "'router' in inventory_hostname" + sandbox: "'sandbox' in inventory_hostname" + nmap: "ports is defined" + Dropbear: "'archerc7' in inventory_hostname" + nopython: "'archerc7' in inventory_hostname" + Servers: "'pve' in inventory_hostname" + kodi: "'kodi' in inventory_hostname" + Windows: "'win' in inventory_hostname" + + diff --git a/examples/playbooks/deploy-ansible.yaml b/examples/playbooks/deploy-ansible.yaml new file mode 100644 index 0000000..af3743b --- /dev/null +++ b/examples/playbooks/deploy-ansible.yaml @@ -0,0 +1,61 @@ +--- + +# ############################################## +# this is a playbook I use in order to deploy +# ansible to target nodes. +# ############################################## + + +# ############################################## +# first we use a raw ssh connection in order to +# install python3 +# so that we can use ansible modules for the +# next steps +# ############################################## + + - name: make sure python is installed + hosts: all + gather_facts: false + become: false + + tasks: + - name: Install python3 + raw: "apt update && apt install python3" + +# ############################################## +# Now we can - still as root or whatever user +# we use for the first connection - do the +# following tasks with ansible already. +# the variables for this are defined in rundeck. +# ############################################## + + + - name: set up user and ssh environment + hosts: all + gather_facts: false + become: true + + tasks: + + - name: Install sudo apt on debianish hosts + apt: + name: sudo + update_cache: yes +# when: "'debian' in group_names" + + - name: Add a new user named ansiblessh + user: + name=ansiblessh + password={{ ansiblessh_password }} + + - name: Add ansiblessh user to the sudoers + copy: + dest: "/etc/sudoers.d/ansiblessh" + content: "ansiblessh ALL=(ALL) NOPASSWD: ALL" + + - name: Deploy SSH Key + authorized_key: user=ansiblessh + key="{{ lookup('id_rsa', '/var/lib/rundeck/.ssh') }}" + state=present + + \ No newline at end of file diff --git a/examples/playbooks/lockdownssh.yaml b/examples/playbooks/lockdownssh.yaml new file mode 100644 index 0000000..7461c72 --- /dev/null +++ b/examples/playbooks/lockdownssh.yaml @@ -0,0 +1,42 @@ +--- + +# ############################################## +# this is a playbook I use in order to lock down +# ssh access, i.e. disable root login and +# force ssh key usage for everyone else +# ############################################## + + + - name: disable password auth + hosts: all + become: true + gather_facts: false + + tasks: + + - name: Disable Password Authentication + lineinfile: + dest=/etc/ssh/sshd_config + regexp='^PasswordAuthentication' + line="PasswordAuthentication no" + state=present + backup=yes + notify: + - restart ssh + + - name: Disable Root Login + lineinfile: + dest=/etc/ssh/sshd_config + regexp='^PermitRootLogin' + line="PermitRootLogin no" + state=present + backup=yes + notify: + - restart ssh + + handlers: + - name: restart ssh + service: + name=sshd + state=restarted + diff --git a/examples/playbooks/show_ansible_facts.yaml b/examples/playbooks/show_ansible_facts.yaml new file mode 100644 index 0000000..d7aceb9 --- /dev/null +++ b/examples/playbooks/show_ansible_facts.yaml @@ -0,0 +1,33 @@ +--- + +# ############################################## +# Show ansible facts +# ############################################## + + +# ########################## + - name: show facts + hosts: all:!Windows + gather_facts: true + become: true +# ########################## + + tasks: + + - name: Print all available facts + ansible.builtin.debug: +# var: ansible_facts + msg: "{{ ansible_facts | dict2items | selectattr('value.macaddress', 'defined') | map(attribute='value') | list }}" + +# ########################## + - name: show facts + hosts: Windows + gather_facts: true + become: false +# ########################## + + tasks: + + - name: Print all available facts + ansible.builtin.debug: + var: ansible_facts.interfaces diff --git a/examples/playbooks/windows_samples.yaml b/examples/playbooks/windows_samples.yaml new file mode 100644 index 0000000..e40a57f --- /dev/null +++ b/examples/playbooks/windows_samples.yaml @@ -0,0 +1,31 @@ +--- + +# ############################################## +# Some samples how to use ansible on Windows +# targets see here for documentation: +# https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html +# ############################################## + + - name: Some Windows Tests + hosts: all + become: false + gather_facts: true + tasks: + + - name: send message to users + win_msg: + msg: "hello from Ansible !" + update_cache: yes + + - name: Print all available facts + ansible.builtin.debug: + var: ansible_facts + + - name: Speech Test + win_say: + start_sound_path: C:\Windows\Media\Windows Balloon.wav + msg: "Nur ein Test für die Sprachausgabe" + end_sound_path: C:\Windows\Media\chimes.wav + + - name: Get whoami information + win_whoami: diff --git a/install_ansible_rundeck.sh b/install_ansible_rundeck.sh index 8804b4d..ff2221a 100644 --- a/install_ansible_rundeck.sh +++ b/install_ansible_rundeck.sh @@ -14,7 +14,7 @@ USERPASSWORD=onemarcfifty apt update apt -y upgrade -apt install -y python3 pip sudo wget curl +apt install -y python3 pip sudo wget curl git nmap # now let's add the rundeck user