ptoal/product-demos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

syncing source to git

Browse Source
This commit is contained in:
ipvsean
2020-04-21 20:16:09 -04:00
parent cc30a3d5b0
commit 3239f2ee6a
34 changed files with 394 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
playbooks/01_deploy_application.yml
View File

@@ -1,8 +1,8 @@
---
- name: application deployment
hosts: webservers
hosts: web
gather_facts: false
become: yes
become: true
tasks:
- name: make sure application is not empty
assert:

8
playbooks/02_patching.yml
View File

@@ -1,8 +1,8 @@
---
- name: apply non-kernel updates
hosts: "{{ HOSTS | default('all') }}"
become: yes
gather_facts: no
hosts: "{{ HOSTS | default('web') }}"
become: true
gather_facts: false
tasks:
- name: upgrade all packages except kernel
@@ -16,6 +16,6 @@
yum:
name: '*'
state: latest
security: yes
security: true
exclude: kernel*
tags: security

46
playbooks/03_hardening.yml
View File

@@ -1,31 +1,31 @@
---
- name: harden linux systems
hosts: "{{ HOSTS | default('all') }}"
become: yes
hosts: "{{ HOSTS | default('web') }}"
become: true
vars:
- harden_firewall: False
- harden_time: False
- harden_ssh: False
- harden_pci: False
- harden_firewall: false
- harden_time: false
- harden_ssh: false
- harden_pci: false
tasks:
- name: Configure Firewall
when: harden_firewall | bool
include_role:
name: linux-system-roles.firewall
- name: Configure Firewall
when: harden_firewall | bool
include_role:
name: linux-system-roles.firewall
- name: Configure Timesync
when: harden_time | bool
include_role:
name: linux-system-roles.timesync
- name: Configure Timesync
when: harden_time | bool
include_role:
name: linux-system-roles.timesync
- name: SSH Hardening
when: harden_ssh | bool
include_role:
name: dev-sec.ssh-hardening
- name: SSH Hardening
when: harden_ssh | bool
include_role:
name: dev-sec.ssh-hardening
# run with --skip-tags accounts_passwords_pam_faillock_deny
- name: Apply PCI Baseline
when: harden_pci | bool
include_role:
name: redhatofficial.rhel7_pci_dss
# run with --skip-tags accounts_passwords_pam_faillock_deny
- name: Apply PCI Baseline
when: harden_pci | bool
include_role:
name: redhatofficial.rhel7_pci_dss

6
playbooks/05_grant_sudo.yml
View File

@@ -1,8 +1,8 @@
---
- name: grant sudo
hosts: "{{ HOSTS | default('all') }}"
become: yes
gather_facts: no
hosts: "{{ HOSTS | default('web') }}"
become: true
gather_facts: false
vars:
sudo_cleanup: true

6
playbooks/06_debug_info.yml
View File

@@ -1,8 +1,8 @@
---
- name: gather debug info
hosts: "{{ HOSTS | default('all') }}"
become: yes
gather_facts: no
hosts: "{{ HOSTS | default('web') }}"
become: true
gather_facts: false
tasks:
- name: Gather recent vmstat info

15
playbooks/10_openscap.yml
View File

@@ -1,6 +1,6 @@
---
- name: build openscap report for rhel7
hosts: all
hosts: web
gather_facts: false
vars:
@@ -19,28 +19,23 @@
stat:
path: "{{ssg_schema}}"
# - name: create HTML report
# command: "oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_standard --results report.xml --report index.html {{ssg_schema}}"
# register: command_result
# failed_when: "'Error' in command_result.stderr"
- name: create HTML report
command: "oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results report.xml --report index.html {{ssg_schema}}"
register: command_result
failed_when: "'Error' in command_result.stderr"
- name: Create directory if it does not exist
become: yes
- name: Create directory if it does falset exist
become: true
file:
path: "{{file_path}}"
state: directory
- name: move files into httpd
become: yes
become: true
copy:
src: ./{{item}}
dest: "{{file_path}}/{{item}}"
remote_src: yes
remote_src: true
loop:
- report.xml
- index.html

2
playbooks/11_developer_report.yml
View File

@@ -1,6 +1,6 @@
---
- name: grab linux facts
hosts: all
hosts: web
gather_facts: true
- name: build developer report

5
playbooks/generate_readme.yml
View File

@@ -4,11 +4,6 @@
connection: local
tasks:
# - name: install demo
# debug:
# msg: "{{item}}"
# loop: "{{dict(hostvars[inventory_hostname]|dictsort|rejectattr('0', 'match', 'ansible_')|selectattr('1.name', 'defined'))|dict2items}}"
- name: install demo
include_role:
name: "../roles/generate_readme"

36
playbooks/group_vars/all/01_deploy_application.yml
View File

@@ -1,36 +0,0 @@
---
deploy_application:
author: "Sean Cavanaugh"
category: infrastructure
name: "Deploy Application (survey)"
description: "install yum applications on Linux with a survey"
job_type: "run"
inventory: "Workshop Inventory"
playbook: "playbooks/01_deploy_application.yml"
credential: "Workshop Credential"
survey_enabled: yes
survey_spec:
name: Deploy application survey
description: Which application do you want to install?
spec:
- type: multiplechoice
question_name: Select a command you would like to execute
question_description: select the application
variable: application
required: true
default: httpd
choices:
- httpd
- nginx
- htop
- gdb
video: "https://www.youtube.com/watch?v=pU8ZgSBuEJw&list=PLdu06OJoEf2bp-PNtxPP_2n7Avkax8TED"
project:
name: "Ansible official demo project"
description: "prescriptive demos from Red Hat Management Buisness Unit"
organization: "Default"
scm_type: git
scm_url: "https://github.com/ansible/product-demos"
workshop_type:
- f5
- rhel

28
playbooks/group_vars/all/02_patching.yml
View File

@@ -1,28 +0,0 @@
---
patching:
author: "Will Tome"
category: infrastructure
name: "SERVER / Patching"
description: "patching for Linux servers"
job_type: "run"
inventory: "Workshop Inventory"
playbook: "playbooks/02_patching.yml"
credential: "Workshop Credential"
survey_enabled: yes
survey_spec:
name: ''
description: ''
spec:
- question_name: 'Enter host to configure'
type: text
variable: HOSTS
required: false
project:
name: "Ansible official demo project"
description: "prescriptive demos from Red Hat Management Buisness Unit"
organization: "Default"
scm_type: git
scm_url: "https://github.com/ansible/product-demos"
workshop_type:
- f5
- rhel

56
playbooks/group_vars/all/03_hardening.yml
View File

@@ -1,56 +0,0 @@
---
hardening:
author: "Will Tome"
category: security
name: "SERVER / Hardening"
description: "hardening for Linux servers"
job_type: "run"
inventory: "Workshop Inventory"
playbook: "playbooks/03_hardening.yml"
credential: "Workshop Credential"
survey_enabled: yes
survey_spec:
name: ''
description: ''
spec:
- question_name: 'Enter host to configure'
type: text
variable: HOSTS
required: false
- question_name: Configure Firewall?
type: multiplechoice
variable: harden_firewall
required: false
choices:
- 'Yes'
- 'No'
- question_name: Configure Time?
type: multiplechoice
variable: harden_time
required: false
choices:
- 'Yes'
- 'No'
- question_name: Harden SSH?
type: multiplechoice
variable: harden_ssh
required: false
choices:
- 'Yes'
- 'No'
- question_name: PCI Baseline?
type: multiplechoice
variable: harden_pci
required: false
choices:
- 'Yes'
- 'No'
project:
name: "Ansible official demo project"
description: "prescriptive demos from Red Hat Management Buisness Unit"
organization: "Default"
scm_type: git
scm_url: "https://github.com/ansible/product-demos"
workshop_type:
- f5
- rhel

22
playbooks/group_vars/all/04_scan_facts.yml
View File

@@ -1,22 +0,0 @@
---
fact_scan:
author: "Will Tome"
category: infrastructure
name: "SERVER / Fact Scan"
description: "scan facts for Linux and Windows systems"
job_type: "run"
inventory: "Workshop Inventory"
playbook: scan_facts.yml
credential: "Workshop Credential"
survey_enabled: no
fact_caching_enabled: yes
project:
name: "Ansible official awx-facts-playbooks project"
description: "Repository containing playbooks to support fact scanning in Ansible Tower and AWX"
organization: "Default"
scm_type: git
scm_url: "https://github.com/ansible/awx-facts-playbooks.git"
workshop_type:
- f5
- rhel
- windows

46
playbooks/group_vars/all/05_grant_sudo.yml
View File

@@ -1,46 +0,0 @@
---
grant_sudo:
author: "Will Tome"
category: infrastructure
name: "SERVER / Grant Sudo"
description: "grant sudo privledges for specified time via survey"
job_type: "run"
inventory: "Workshop Inventory"
playbook: playbooks/05_grant_sudo.yml
credential: "Workshop Credential"
survey_enabled: yes
survey_spec:
name: ''
description: ''
spec:
- question_name: 'Enter host to configure'
type: text
variable: HOSTS
required: false
- question_name: Username
type: text
variable: sudo_user
required: true
- question_name: Time
type: integer
variable: sudo_count
required: true
default: 10
- question_name: Units
type: multiplechoice
variable: harden_ssh
required: true
choices:
- 'minutes'
- 'hours'
- 'days'
default: minutes
project:
name: "Ansible official demo project"
description: "prescriptive demos from Red Hat Management Buisness Unit"
organization: "Default"
scm_type: git
scm_url: "https://github.com/ansible/product-demos"
workshop_type:
- f5
- rhel

28
playbooks/group_vars/all/06_debug_info.yml
View File

@@ -1,28 +0,0 @@
---
debug_info:
author: "Will Tome"
category: infrastructure
name: "SERVER / Gather Debug Info"
description: "provide info for memory and CPU usage for specified systems"
job_type: "run"
inventory: "Workshop Inventory"
playbook: playbooks/06_debug_info.yml
credential: "Workshop Credential"
survey_enabled: yes
survey_spec:
name: ''
description: ''
spec:
- question_name: 'Enter host to configure'
type: text
variable: HOSTS
required: false
project:
name: "Ansible official demo project"
description: "prescriptive demos from Red Hat Management Buisness Unit"
organization: "Default"
scm_type: git
scm_url: "https://github.com/ansible/product-demos"
workshop_type:
- f5
- rhel

28
playbooks/group_vars/all/07_security_patching.yml
View File

@@ -1,28 +0,0 @@
---
security_patching:
author: "Will Tome"
category: infrastructure
name: "SERVER / Security Patching"
description: "upgrade all yum packages for security related except kernel"
job_type: "run"
inventory: "Workshop Inventory"
playbook: playbooks/02_patching.yml
credential: "Workshop Credential"
survey_enabled: yes
survey_spec:
name: ''
description: ''
spec:
- question_name: 'Enter host to configure'
type: text
variable: HOSTS
required: false
project:
name: "Ansible official demo project"
description: "prescriptive demos from Red Hat Management Buisness Unit"
organization: "Default"
scm_type: git
scm_url: "https://github.com/ansible/product-demos"
workshop_type:
- f5
- rhel

20
playbooks/group_vars/all/10_openscap.yml
View File

@@ -1,20 +0,0 @@
---
openscap:
author: "Sean Cavanaugh"
category: security
name: "Create Openscap Report"
description: "Create HTML report using SCAP Security Guide (SSG)"
job_type: "run"
inventory: "Workshop Inventory"
playbook: "playbooks/10_openscap.yml"
credential: "Workshop Credential"
survey_enabled: no
project:
name: "Ansible official demo project"
description: "prescriptive demos from Red Hat Management Buisness Unit"
organization: "Default"
scm_type: git
scm_url: "https://github.com/ansible/product-demos"
workshop_type:
- f5
- rhel

20
playbooks/group_vars/all/11_developer_report.yml
View File

@@ -1,20 +0,0 @@
---
developer_report:
author: "Sean Cavanaugh"
category: developer
name: "Create Developer Report"
description: 'Create HTML report using <a href="https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variables-discovered-from-systems-facts">Ansible facts</a>'
job_type: "run"
inventory: "Workshop Inventory"
playbook: "playbooks/11_developer_report.yml"
credential: "Workshop Credential"
survey_enabled: no
project:
name: "Ansible official demo project"
description: "prescriptive demos from Red Hat Management Buisness Unit"
organization: "Default"
scm_type: git
scm_url: "https://github.com/ansible/product-demos"
workshop_type:
- f5
- rhel

83
playbooks/group_vars/all/20_f5_bigip_workflow.yml
View File

@@ -1,83 +0,0 @@
---
f5_bigip_workflow:
workflow: true
author: 'Sean Cavanaugh'
category: network
name: 'WORKFLOW - F5 BIG-IP'
description: 'Workflow for F5 BIG-IP to setup a VIP (Virtual IP) load balancer between two RHEL webservers'
organization: 'Default'
workshop_type:
- f5
schema:
- job_template: 'F5 - add nodes'
success:
- job_template: 'F5 - add pool'
success:
- job_template: 'F5 - add pool members'
success:
- job_template: 'F5 - add virtual server'
job_templates:
f5_add_nodes:
name: 'F5 - add nodes'
description: 'add webserver nodes into F5 BIG-IP'
job_type: 'run'
inventory: 'Workshop Inventory'
playbook: 'exercises/ansible_f5/1.2-add-node/bigip-node.yml'
credential: 'Workshop Credential'
survey_enabled: no
project:
name: 'Ansible Workshops Project'
description: 'official workshops from Ansible'
organization: 'Default'
scm_type: git
scm_url: 'https://github.com/ansible/workshops'
workshop_type:
- f5
f5_add_pool:
name: 'F5 - add pool'
description: 'add webserver nodes into F5 BIG-IP'
job_type: 'run'
inventory: 'Workshop Inventory'
playbook: 'exercises/ansible_f5/1.3-add-pool/bigip-pool.yml'
credential: 'Workshop Credential'
survey_enabled: no
project:
name: 'Ansible Workshops Project'
description: 'official workshops from Ansible'
organization: 'Default'
scm_type: git
scm_url: 'https://github.com/ansible/workshops'
workshop_type:
- f5
f5_add_pool_members:
name: 'F5 - add pool members'
description: 'add webserver nodes into pool'
job_type: 'run'
inventory: 'Workshop Inventory'
playbook: 'exercises/ansible_f5/1.4-add-pool-members/bigip-pool-members.yml'
credential: 'Workshop Credential'
survey_enabled: no
project:
name: 'Ansible Workshops Project'
description: 'official workshops from Ansible'
organization: 'Default'
scm_type: git
scm_url: 'https://github.com/ansible/workshops'
workshop_type:
- f5
f5_add_vip:
name: 'F5 - add virtual server'
description: 'create VIP and add pool to virtual server'
job_type: 'run'
inventory: 'Workshop Inventory'
playbook: 'exercises/ansible_f5/1.5-add-virtual-server/bigip-virtual-server.yml'
credential: 'Workshop Credential'
survey_enabled: no
project:
name: 'Ansible Workshops Project'
description: 'official workshops from Ansible'
organization: 'Default'
scm_type: git
scm_url: 'https://github.com/ansible/workshops'
workshop_type:
- f5

19
playbooks/group_vars/all/30_windows_iss.yml
View File

@@ -1,19 +0,0 @@
---
windows_iis:
author: "Colin McNaughton"
category: infrastructure
name: "Windows IIS Server"
description: "install webserver on Windows Server with a survey"
job_type: "run"
inventory: "Workshop Inventory"
playbook: "playbooks/30_windows_iis.yml"
credential: "Demo Credential"
survey_enabled: no
project:
name: "Ansible official demo project"
description: "prescriptive demos from Red Hat Management Buisness Unit"
organization: "Default"
scm_type: git
scm_url: "https://github.com/ansible/product-demos"
workshop_type:
- windows