ptoal/product-demos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lint fixes

Browse Source
This commit is contained in:
willtome
2023-03-07 16:55:34 -05:00
parent 745b755296
commit 40c31d8e6e
64 changed files with 583 additions and 578 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
cloud/aws_key.yml
View File

@@ -6,20 +6,20 @@
aws_keypair_owner: undef
tasks:
- name: Fail if variables not defined
ansible.builtin.assert:
that:
- aws_key_name is defined
- aws_region is defined
- aws_public_key is defined
- aws_keypair_owner is defined
fail_msg: "Required variables not set"
- name: Fail if variables not defined
ansible.builtin.assert:
that:
- aws_key_name is defined
- aws_region is defined
- aws_public_key is defined
- aws_keypair_owner is defined
fail_msg: "Required variables not set"
- name: Create AWS keypair
amazon.aws.ec2_key:
name: "{{ aws_key_name }}"
region: "{{ aws_region }}"
key_material: "{{ aws_public_key }}"
state: present
tags:
owner: "{{ aws_keypair_owner }}"
- name: Create AWS keypair
amazon.aws.ec2_key:
name: "{{ aws_key_name }}"
region: "{{ aws_region }}"
key_material: "{{ aws_public_key }}"
state: present
tags:
owner: "{{ aws_keypair_owner }}"

2
cloud/blueprints/rhel7.yml
View File

@@ -4,4 +4,4 @@ vm_providers:
aws_image_owners: 309956199498
aws_instance_size: t2.medium
aws_image_architecture: x86_64
aws_image_filter: 'RHEL-7.9_HVM*'
aws_image_filter: 'RHEL-7.9_HVM*'

2
cloud/blueprints/rhel8.yml
View File

@@ -4,4 +4,4 @@ vm_providers:
aws_image_owners: 309956199498
aws_instance_size: t3.micro
aws_image_architecture: x86_64
aws_image_filter: 'RHEL-8*HVM-*Hourly*'
aws_image_filter: 'RHEL-8*HVM-*Hourly*'

2
cloud/blueprints/rhel9.yml
View File

@@ -4,4 +4,4 @@ vm_providers:
aws_image_owners: 309956199498
aws_instance_size: t3.micro
aws_image_architecture: x86_64
aws_image_filter: 'RHEL-9*HVM-*Hourly*'
aws_image_filter: 'RHEL-9*HVM-*Hourly*'

6
cloud/blueprints/windows.yml
View File

@@ -1,7 +1,7 @@
---
vm_blueprint_providers:
- aws
- azure
- aws
- azure
aws_image_filter: 'Windows_Server-2019-English-Core-Base*'
aws_instance_size: t3.medium
aws_userdata_template: aws_windows_userdata
@@ -11,4 +11,4 @@ az_vm_image:
offer: WindowsServer
publisher: MicrosoftWindowsServer
sku: 2022-Datacenter
version: latest
version: latest

2
cloud/blueprints/windows_core.yml
View File

@@ -3,4 +3,4 @@ vm_blueprint_providers:
- aws
aws_image_filter: 'Windows_Server-2019-English-Core-Base*'
aws_instance_size: t3.medium
aws_userdata_template: aws_windows_userdata
aws_userdata_template: aws_windows_userdata

2
cloud/blueprints/windows_full.yml
View File

@@ -3,4 +3,4 @@ vm_blueprint_providers:
- aws
aws_image_filter: 'Windows_Server-2019-English-Full-Base*'
aws_instance_size: t3.medium
aws_userdata_template: aws_windows_userdata
aws_userdata_template: aws_windows_userdata

9
cloud/create_infra.yml
View File

@@ -1,11 +1,12 @@
---
- name: Create Cloud Infra
hosts: localhost
gather_facts: no
gather_facts: false
vars:
infra_provider: undef
aws_public_key: undef
tasks:
- include_role:
name: "demo.cloud.{{ infra_provider }}"
tasks_from: create_infra
- name: Include provider role
ansible.builtin.include_role:
name: "demo.cloud.{{ infra_provider }}"
tasks_from: create_infra

26
cloud/create_vm.yml
View File

@@ -1,7 +1,7 @@
---
- name: Create Cloud Infra
hosts: localhost
gather_facts: no
gather_facts: false
vars:
vm_name: undef
vm_owner: undef
@@ -9,17 +9,17 @@
vm_blueprint: undef
tasks:
- name: "Importing {{ vm_blueprint | upper }} Blueprint"
include_vars:
file: "blueprints/{{ vm_blueprint }}.yml"
- name: "Importing {{ vm_blueprint | upper }}"
ansible.builtin.include_vars:
file: "blueprints/{{ vm_blueprint }}.yml"
- name: "Check Provider Compatibility"
assert:
that: "'{{ vm_provider }}' in {{ vm_blueprint_providers }}"
fail_msg: "{{ vm_blueprint | upper }} is not available for {{ vm_provider | upper }}"
when: "vm_blueprint_providers is defined"
- name: "Check Provider Compatibility"
ansible.builtin.assert:
that: "'{{ vm_provider }}' in {{ vm_blueprint_providers }}"
fail_msg: "{{ vm_blueprint | upper }} is not available for {{ vm_provider | upper }}"
when: "vm_blueprint_providers is defined"
- name: "Building {{ vm_blueprint | upper }} in {{ vm_provider | upper }}"
include_role:
name: "demo.cloud.{{ vm_provider }}"
tasks_from: create_vm
- name: "Building {{ vm_blueprint | upper }}"
ansible.builtin.include_role:
name: "demo.cloud.{{ vm_provider }}"
tasks_from: create_vm

92
cloud/setup.yml
View File

@@ -14,13 +14,13 @@ controller_execution_environments:
image: quay.io/scottharwell/cloud-ee:latest
controller_projects:
- name: Ansible Cloud Content Lab - AWS
organization: Default
scm_type: git
wait: yes
#scm_url: https://github.com/ansible-content-lab/aws.infrastructure_config_demos.git
scm_url: https://github.com/willtome/aws.infrastructure_config_demos.git
default_environment: Cloud Services Execution Environment
- name: Ansible Cloud Content Lab - AWS
organization: Default
scm_type: git
wait: true
# scm_url: https://github.com/ansible-content-lab/aws.infrastructure_config_demos.git
scm_url: https://github.com/willtome/aws.infrastructure_config_demos.git
default_environment: Cloud Services Execution Environment
controller_credentials:
- name: AWS
@@ -31,12 +31,12 @@ controller_credentials:
username: REPLACEME
password: REPLACEME
#- name: Azure
# credential_type: Microsoft Azure Resource Manager
# organization: Default
# update_secrets: false
# inputs:
# subscription: REPLACEME
# - name: Azure
# credential_type: Microsoft Azure Resource Manager
# organization: Default
# update_secrets: false
# inputs:
# subscription: REPLACEME
controller_inventory_sources:
- name: AWS Inventory
@@ -62,22 +62,22 @@ controller_inventory_sources:
- key: tags.owner
prefix: owner
#- name: Azure Inventory
# organization: Default
# source: azure_rm
# inventory: Workshop Inventory
# credential: Azure
# execution_environment: Ansible Engine 2.9 execution environment
# overwrite: true
# source_vars:
# hostnames:
# - tags.Name
# - default
# keyed_groups:
# - key: os_profile.system
# prefix: os
# conditional_groups:
# cloud_azure: true
# - name: Azure Inventory
# organization: Default
# source: azure_rm
# inventory: Workshop Inventory
# credential: Azure
# execution_environment: Ansible Engine 2.9 execution environment
# overwrite: true
# source_vars:
# hostnames:
# - tags.Name
# - default
# keyed_groups:
# - key: os_profile.system
# prefix: os
# conditional_groups:
# cloud_azure: true
controller_groups:
- name: cloud_aws
@@ -90,7 +90,7 @@ controller_templates:
job_type: run
organization: Default
credentials:
- AWS
- AWS
project: Ansible Cloud Content Lab - AWS
playbook: playbook_create_peer_network.yml
inventory: Workshop Inventory
@@ -106,7 +106,7 @@ controller_templates:
job_type: run
organization: Default
credentials:
- AWS
- AWS
project: Ansible Cloud Content Lab - AWS
playbook: playbook_delete_peer_network.yml
inventory: Workshop Inventory
@@ -120,7 +120,7 @@ controller_templates:
job_type: run
organization: Default
credentials:
- AWS
- AWS
project: Ansible Cloud Content Lab - AWS
playbook: playbook_create_transit_network.yml
inventory: Workshop Inventory
@@ -136,7 +136,7 @@ controller_templates:
job_type: run
organization: Default
credentials:
- AWS
- AWS
project: Ansible Cloud Content Lab - AWS
playbook: playbook_delete_transit_network.yml
inventory: Workshop Inventory
@@ -150,8 +150,8 @@ controller_templates:
job_type: run
organization: Default
credentials:
- AWS
#- Azure
- AWS
# - Azure
project: Ansible official demo project
playbook: cloud/create_infra.yml
inventory: Workshop Inventory
@@ -171,7 +171,7 @@ controller_templates:
required: true
choices:
- aws
#- azure
# - azure
- question_name: AWS Public Key (only required for aws provider)
type: textarea
required: false
@@ -180,9 +180,9 @@ controller_templates:
- name: Cloud / AWS / Create VM
job_type: run
organization: Default
credentials:
- AWS
- Workshop Credential
credentials:
- AWS
- Workshop Credential
project: Ansible Cloud Content Lab - AWS
playbook: playbook_create_vm.yml
inventory: Workshop Inventory
@@ -241,9 +241,9 @@ controller_templates:
- name: Cloud / AWS / Delete VM
job_type: run
organization: Default
credentials:
- AWS
- Workshop Credential
credentials:
- AWS
- Workshop Credential
project: Ansible Cloud Content Lab - AWS
playbook: playbook_delete_inventory_vm.yml
inventory: Workshop Inventory
@@ -266,7 +266,7 @@ controller_templates:
job_type: run
organization: Default
credentials:
- AWS
- AWS
project: Ansible Cloud Content Lab - AWS
playbook: playbook_create_reports.yml
inventory: Workshop Inventory
@@ -281,7 +281,7 @@ controller_templates:
job_type: run
organization: Default
credentials:
- AWS
- AWS
project: Ansible Cloud Content Lab - AWS
playbook: playbook_create_reports.yml
inventory: Workshop Inventory
@@ -295,8 +295,8 @@ controller_templates:
- name: Cloud / AWS / Create Keypair
job_type: run
organization: Default
credentials:
- AWS
credentials:
- AWS
project: Ansible official demo project
playbook: cloud/aws_key.yml
inventory: Workshop Inventory

9
collections/ansible_collections/demo/cloud/roles/aws/defaults/main.yml
View File

@@ -10,10 +10,10 @@ aws_region: us-east-1
aws_vm_name: "{{ vm_name }}"
aws_vm_owner: "{{ vm_owner }}"
aws_blueprint: "{{ vm_blueprint }}"
#aws_image_filter: "{{ omit }}"
#aws_instance_size: "{{ omit }}"
#aws_image_architecture: "{{ omit }}"
#aws_image_owners: "{{ omit }} "
# aws_image_filter: "{{ omit }}"
# aws_instance_size: "{{ omit }}"
# aws_image_architecture: "{{ omit }}"
# aws_image_owners: "{{ omit }} "
aws_userdata_template: default
aws_keypair_name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-demo-key"
aws_securitygroup_name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-sec-group"
@@ -21,4 +21,3 @@ aws_env_tag: prod
aws_purpose_tag: ansible_demo
aws_ansiblegroup_tag: cloud
aws_ec2_wait: true

44
collections/ansible_collections/demo/cloud/roles/aws/tasks/create_infra.yml
View File

@@ -17,19 +17,19 @@
vpc_id: "{{ aws_vpc.vpc.id }}"
region: "{{ aws_region }}"
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-vpc-igw"
Name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-vpc-igw"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_gateway
- name: Create security group internal
amazon.aws.ec2_group:
amazon.aws.ec2_security_group:
state: present
name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-sec-group"
name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-sec-group"
region: "{{ aws_region }}"
description: Inbound WinRM and RDP, http for demo servers and internal AD ports
description: Inbound WinRM and RDP, http for demo servers and internal AD ports
rules:
- proto: tcp
- proto: tcp
ports:
- 80 # HTTP
- 443 # HTTPS
@@ -42,7 +42,7 @@
from_port: -1
cidr_ip: 0.0.0.0/0
- proto: tcp
ports:
ports:
- 80 # HTTP
- 5986 # WinRM
- 3389 # RDP
@@ -55,27 +55,27 @@
- 464 # Kerberos Authentication
- 5432 # PostgreSQL
- 636 # LDAPS (LDAP over TLS)
- 873 # Rsync
- 3268-3269 # Global Catalog
- 873 # Rsync
- 3268-3269 # Global Catalog
- 1024-65535 # Ephemeral RPC ports
cidr_ip: 10.0.0.0/16
- proto: udp
ports:
- proto: udp
ports:
- 53 # DNS
- 88 # Kerberos Authentication
- 123 # NTP
- 137-138 # Netlogon
- 389 # LDAP
- 137-138 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 1024-65535 # Ephemeral RPC ports
cidr_ip: 10.0.0.0/16
rules_egress:
- proto: -1
- proto: -1
cidr_ip: 0.0.0.0/0
vpc_id: "{{ aws_vpc.vpc.id }}"
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-sec-group"
Name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-sec-group"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
@@ -85,31 +85,31 @@
vpc_id: "{{ aws_vpc.vpc.id }}"
cidr: "{{ aws_subnet_cidr }}"
region: "{{ aws_region }}"
map_public: yes
map_public: true
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-subnet"
Name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-subnet"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_subnet
- name: Create a subnet route table
- name: Create a subnet route table
amazon.aws.ec2_vpc_route_table:
state: present
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
region: "{{ aws_region }}"
subnets:
- "{{ aws_subnet.subnet.id }}"
routes:
- dest: 0.0.0.0/0
- dest: 0.0.0.0/0
gateway_id: "{{ aws_gateway.gateway_id }}"
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-vpc-rtbl"
tags:
Name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-vpc-rtbl"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
- name: Create AWS keypair
amazon.aws.ec2_key:
name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-demo-key"
name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-demo-key"
region: "{{ aws_region }}"
key_material: "{{ aws_public_key }}"
state: present

12
collections/ansible_collections/demo/cloud/roles/aws/tasks/create_vm.yml
View File

@@ -7,27 +7,27 @@
register: aws_subnet
- name: AWS | CREATE VM | save subnet id
set_fact:
aws_subnet_id: "{{ aws_subnet.subnets|map(attribute='id')| list | last }}"
ansible.builtin.set_fact:
aws_subnet_id: "{{ aws_subnet.subnets | map(attribute='id') | list | last }}"
- name: AWS| CREATE VM | find ami
amazon.aws.ec2_ami_info:
region: "{{ aws_region }}"
owners: "{{ aws_image_owners | default(omit)}}"
owners: "{{ aws_image_owners | default(omit) }}"
filters:
name: "{{ aws_image_filter }}"
architecture: "{{ aws_image_architecture | default(omit) }}"
register: amis
- name: AWS| CREATE VM | save ami
set_fact:
ansible.builtin.set_fact:
aws_instance_ami: >
{{ (amis.images | selectattr('name', 'defined') | sort(attribute='creation_date'))[-2] }}
- name: AWS| CREATE VM | create instance
amazon.aws.ec2_instance:
network:
assign_public_ip: yes
assign_public_ip: true
key_name: "{{ aws_keypair_name }}"
instance_type: "{{ aws_instance_size }}"
image_id: "{{ aws_instance_ami.image_id }}"
@@ -43,5 +43,5 @@
Name: "{{ aws_vm_name }}"
wait: "{{ aws_ec2_wait }}"
vpc_subnet_id: "{{ aws_subnet_id }}"
user_data: "{{ lookup('template', aws_userdata_template+'.j2', template_vars=dict(aws_vm_name=vm_name)) }}"
user_data: "{{ lookup('template', aws_userdata_template + '.j2', template_vars=dict(aws_vm_name=vm_name)) }}"
register: aws_vm_output

2
collections/ansible_collections/demo/cloud/roles/aws/tasks/destroy_vm.yml
View File

@@ -4,4 +4,4 @@
state: absent
instance_ids: "{{ instance_id }}"
region: "{{ placement.region }}"
delegate_to: localhost
delegate_to: localhost

14
collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml
View File

@@ -4,29 +4,29 @@
state: directory
mode: '0755'
- name: create HTML report
- name: Create HTML report
ansible.builtin.template:
src: report.j2
dest: "{{ file_path }}/network.html"
check_mode: no
check_mode: false
- name: copy CSS over
- name: Copy CSS over
ansible.builtin.copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: copy logos over
- name: Copy logos over
ansible.builtin.copy:
src: "{{ item }}"
src: "{{ item }}"
dest: "{{ file_path }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "router.png"
check_mode: no
check_mode: false
# - name: Display link to Linux patch report
# ansible.builtin.debug:

2
collections/ansible_collections/demo/patching/roles/build_report_network/vars/main.yml
View File

@@ -8,4 +8,4 @@ vendor:
transport:
cliconf: "Network_CLI"
netconf: "NETCONF"
nxapi: "NX-API"
nxapi: "NX-API"

2
collections/ansible_collections/demo/patching/roles/build_report_windows/defaults/main.yml
View File

@@ -1,2 +1,2 @@
---
detailedreport: True
detailedreport: true

12
collections/ansible_collections/demo/patching/roles/build_report_windows/tasks/main.yml
View File

@@ -1,17 +1,17 @@
- name: create HTML report
- name: Create HTML report
ansible.builtin.template:
src: report.j2
dest: "{{ file_path }}/windows.html"
- name: copy CSS over
- name: Copy CSS over
ansible.builtin.copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
- name: copy logos over
- name: Copy logos over
ansible.builtin.copy:
src: "{{ item }}"
src: "{{ item }}"
dest: "{{ file_path }}"
directory_mode: true
loop:
@@ -19,6 +19,6 @@
- "redhat-ansible-logo.svg"
- "server.png"
- name: display link to inventory report
- name: Display link to inventory report
ansible.builtin.debug:
msg: "Please go to http://{{ ansible_host }}/windows.html"
msg: "Please go to http://{{ ansible_host }}/windows.html"

2
collections/ansible_collections/demo/patching/roles/build_report_windows/vars/main.yml
View File

@@ -1 +1 @@
file_path: /var/www/html
file_path: /var/www/html

4
collections/ansible_collections/demo/patching/roles/build_report_windows_patch/defaults/main.yml
View File

@@ -1,3 +1,3 @@
EMAIL_FROM: tower@shadowman.dev
email_from: tower@shadowman.dev
to_emails: alex@shadowman.dev,tower@shadowman.dev
EMAIL_TO: "{{ to_emails.split(',') }}"
to_emails_list: "{{ to_emails.split(',') }}"

10
collections/ansible_collections/demo/patching/roles/build_report_windows_patch/tasks/main.yml
View File

@@ -2,21 +2,21 @@
ansible.builtin.template:
src: report.j2
dest: "{{ file_path }}/windowspatch.html"
check_mode: no
check_mode: false
- name: Copy CSS over
ansible.builtin.copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: Copy logo over
ansible.builtin.copy:
src: "webpage_logo.png"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: Display link to Patch report
ansible.builtin.debug:
@@ -33,6 +33,6 @@
from: "{{ EMAIL_FROM }}"
to: "{{ EMAIL_TO }}"
subtype: html
delegate_to: localhost
delegate_to: localhost
become: false
check_mode: no
check_mode: false

2
collections/ansible_collections/demo/patching/roles/build_report_windows_patch/vars/main.yml
View File

@@ -1 +1 @@
file_path: /var/www/html
file_path: /var/www/html

2
collections/ansible_collections/demo/patching/roles/patch_linux/defaults/main.yml
View File

@@ -1,3 +1,3 @@
---
exclude_packages: []
allow_reboot: true
allow_reboot: true

24
collections/ansible_collections/demo/patching/roles/patch_linux/tasks/main.yml
View File

@@ -1,24 +1,24 @@
---
- name: get packages
- name: Get packages
ansible.builtin.package_facts:
check_mode: no
check_mode: false
- name: get services
- name: Get services
ansible.builtin.service_facts:
check_mode: no
check_mode: false
- name: upgrade packages (yum)
yum:
- name: Upgrade packages (yum)
ansible.builtin.yum:
name: '*'
state: latest
state: latest # noqa: package-latest - Intended to update packages to latest
exclude: "{{ exclude_packages }}"
when: ansible_pkg_mgr == "yum"
register: patchingresult_yum
- name: upgrade packages (dnf)
- name: Upgrade packages (dnf)
ansible.builtin.dnf:
name: '*'
state: latest
state: latest # noqa: package-latest - Intended to update packages to latest
exclude: "{{ exclude_packages }}"
when: ansible_pkg_mgr == "dnf"
register: patchingresult_dnf
@@ -28,10 +28,10 @@
register: result
changed_when: result.rc == 1
failed_when: result.rc > 1
check_mode: no
check_mode: false
- name: Reboot Server if Necessary
ansible.builtin.reboot:
when:
- result.rc == 1
- allow_reboot == true
- result.rc == 1
- allow_reboot == true

2
collections/ansible_collections/demo/patching/roles/patch_windows/defaults/main.yml
View File

@@ -11,4 +11,4 @@ win_update_categories:
- Tools
- UpdateRollups
- Updates
allow_reboot: true
allow_reboot: true

4
collections/ansible_collections/demo/patching/roles/patch_windows/tasks/main.yml
View File

@@ -1,11 +1,11 @@
---
- name: Scan packages
demo.patching.win_scan_packages:
check_mode: no
check_mode: false
- name: Scan Services
demo.patching.win_scan_services:
check_mode: no
check_mode: false
- name: Install Windows Updates
ansible.windows.win_updates:

2
collections/ansible_collections/demo/patching/roles/report_linux/defaults/main.yml
View File

@@ -1,2 +1,2 @@
---
detailedreport: True
detailedreport: true

16
collections/ansible_collections/demo/patching/roles/report_linux/tasks/main.yml
View File

@@ -1,27 +1,27 @@
- name: create HTML report
- name: Create HTML report
ansible.builtin.template:
src: report.j2
dest: "{{ file_path }}/linux.html"
check_mode: no
check_mode: false
- name: copy CSS over
- name: Copy CSS over
ansible.builtin.copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: copy logos over
- name: Copy logos over
ansible.builtin.copy:
src: "{{ item }}"
src: "{{ item }}"
dest: "{{ file_path }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "server.png"
check_mode: no
check_mode: false
- name: display link to inventory report
- name: Display link to inventory report
ansible.builtin.debug:
msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/linux.html"

2
collections/ansible_collections/demo/patching/roles/report_linux/vars/main.yml
View File

@@ -1 +1 @@
file_path: /var/www/html/reports
file_path: /var/www/html/reports

4
collections/ansible_collections/demo/patching/roles/report_linux_patching/defaults/main.yml
View File

@@ -1,3 +1,3 @@
EMAIL_FROM: tower@shadowman.dev
email_from: tower@shadowman.dev
to_emails: alex@shadowman.dev,tower@shadowman.dev
EMAIL_TO: "{{ to_emails.split(',') }}"
to_emails_list: "{{ to_emails.split(',') }}"

34
collections/ansible_collections/demo/patching/roles/report_linux_patching/tasks/main.yml
View File

@@ -2,38 +2,38 @@
ansible.builtin.template:
src: report.j2
dest: "{{ file_path }}/linuxpatch.html"
check_mode: no
check_mode: false
- name: Copy CSS over
ansible.builtin.copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: Copy logo over
ansible.builtin.copy:
src: "webpage_logo.png"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: Display link to Linux patch report
ansible.builtin.debug:
msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/linuxpatch.html"
#- name: Send Report via E-mail
# community.general.mail:
# host: "{{ EMAIL_HOST }}"
# username: "{{ EMAIL_USERNAME }}"
# password: "{{ EMAIL_PASSWORD }}"
# port: "{{ EMAIL_PORT }}"
# subject: "Linux Patching Report"
# body: "{{ lookup('template', 'report.j2') }}"
# from: "{{ EMAIL_FROM }}"
# to: "{{ EMAIL_TO }}"
# subtype: html
# delegate_to: localhost
# become: false
# check_mode: no
# - name: Send Report via E-mail
# community.general.mail:
# host: "{{ EMAIL_HOST }}"
# username: "{{ EMAIL_USERNAME }}"
# password: "{{ EMAIL_PASSWORD }}"
# port: "{{ EMAIL_PORT }}"
# subject: "Linux Patching Report"
# body: "{{ lookup('template', 'report.j2') }}"
# from: "{{ EMAIL_FROM }}"
# to: "{{ EMAIL_TO }}"
# subtype: html
# delegate_to: localhost
# become: false
# check_mode: no

2
collections/ansible_collections/demo/patching/roles/report_linux_patching/vars/main.yml
View File

@@ -1 +1 @@
file_path: /var/www/html/reports
file_path: /var/www/html/reports

25
collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml
View File

@@ -1,22 +1,27 @@
---
- include_vars: "{{ ansible_system }}.yml"
- name: Inlcude system variables
ansible.builtin.include_vars: "{{ ansible_system }}.yml"
- yum:
- name: Install httpd package
ansible.builtin.yum:
name: httpd
state: latest
check_mode: no
state: installed
check_mode: false
- file:
- name: Create reports directory
ansible.builtin.file:
path: "{{ doc_root }}/{{ reports_dir }}"
state: directory
check_mode: no
check_mode: false
- copy:
- name: Copy .htaccess
ansible.builtin.copy:
dest: "{{ doc_root }}/{{ reports_dir }}/.htaccess"
content: Options +Indexes
check_mode: no
check_mode: false
- service:
- name: Install httpd service
ansible.builtin.service:
name: httpd
state: started
check_mode: no
check_mode: false

9
collections/ansible_collections/demo/patching/roles/report_server/tasks/iis.yml
View File

@@ -1,23 +1,24 @@
---
- include_vars: "{{ ansible_system }}.yml"
- name: Include system vars
ansible.builtin.include_vars: "{{ ansible_system }}.yml"
- name: Install IIS
ansible.windows.win_feature:
name: Web-Server
state: present
check_mode: no
check_mode: false
- name: Start IIS service
ansible.windows.win_service:
name: W3Svc
state: started
check_mode: no
check_mode: false
- name: Create Directory
ansible.windows.win_file:
path: "{{ doc_root }}\\{{ reports_dir }}"
state: directory
check_mode: no
check_mode: false
- name: Enable Directory Browsing
ansible.windows.win_powershell:

22
collections/ansible_collections/demo/patching/roles/report_server/tasks/linux_landing_page.yml
View File

@@ -1,34 +1,34 @@
---
- include_vars: "{{ ansible_system }}.yml"
- name: Include system vars
ansible.builtin.include_vars: "{{ ansible_system }}.yml"
- name: get reports
- name: Get reports
ansible.builtin.find:
paths: "{{ doc_root }}/{{ reports_dir }}"
patterns: '*.html'
register: reports
check_mode: no
check_mode: false
- name: publish landing page
- name: Publish landing page
ansible.builtin.template:
src: linux_report.j2
dest: "{{ doc_root }}/index.html"
check_mode: no
check_mode: false
- name: copy CSS over
- name: Copy CSS
ansible.builtin.copy:
src: "css"
dest: "{{ doc_root }}"
directory_mode: true
check_mode: no
check_mode: false
- name: copy logos over
- name: Copy logos
ansible.builtin.copy:
src: "{{ item }}"
src: "{{ item }}"
dest: "{{ doc_root }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "report.png"
check_mode: no
check_mode: false

6
collections/ansible_collections/demo/patching/roles/report_server/tasks/main.yml
View File

@@ -1,6 +1,8 @@
---
- include_tasks: apache.yml
- name: Include Linux tasks
ansible.builtin.include_tasks: apache.yml
when: ansible_system == 'Linux'
- include_tasks: iis.yml
- name: Include Windows tasks
ansible.builtin.include_tasks: iis.yml
when: ansible_system == 'Win32NT'

28
collections/ansible_collections/demo/patching/roles/report_server/tasks/windows_landing_page.yml
View File

@@ -1,34 +1,34 @@
---
- include_vars: "{{ ansible_system }}.yml"
- name: Include system variables
ansible.builtin.include_vars: "{{ ansible_system }}.yml"
- name: get reports
- name: Get reports
ansible.windows.win_find:
paths: "{{ doc_root }}/{{ reports_dir }}"
patterns: '*.html'
register: reports
check_mode: no
check_mode: false
- name: publish landing page
ansible.builtin.win_template:
- name: Publish landing page
ansible.windows.win_template:
src: windows_report.j2
dest: "{{ doc_root }}/index.html"
check_mode: no
check_mode: false
- name: copy CSS over
ansible.builtin.win_copy:
- name: Copy CSS
ansible.windows.win_copy:
src: "css"
dest: "{{ doc_root }}"
directory_mode: true
check_mode: no
check_mode: false
- name: copy logos over
ansible.builtin.win_copy:
src: "{{ item }}"
- name: Copy logos
ansible.windows.win_copy:
src: "{{ item }}"
dest: "{{ doc_root }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "report.png"
check_mode: no
check_mode: false

2
collections/ansible_collections/demo/patching/roles/report_windows/defaults/main.yml
View File

@@ -1,2 +1,2 @@
---
detailedreport: True
detailedreport: true

20
collections/ansible_collections/demo/patching/roles/report_windows/tasks/main.yml
View File

@@ -1,28 +1,28 @@
---
- name: create HTML report
- name: Create HTML report
ansible.windows.win_template:
src: report.j2
dest: "{{ file_path }}/windows.html"
check_mode: no
check_mode: false
- name: copy CSS over
- name: Copy CSS over
ansible.windows.win_copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: copy logos over
- name: Copy logos over
ansible.windows.win_copy:
src: "{{ item }}"
src: "{{ item }}"
dest: "{{ file_path }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "server.png"
check_mode: no
check_mode: false
#- name: display link to inventory report
# ansible.builtin.debug:
# msg: "Please go to http://{{ host_vars[report_server]['ansible_host'] }}/reports/windows.html"
# - name: display link to inventory report
# ansible.builtin.debug:
# msg: "Please go to http://{{ host_vars[report_server]['ansible_host'] }}/reports/windows.html"

3
collections/ansible_collections/demo/patching/roles/report_windows/vars/main.yml
View File

@@ -1 +1,2 @@
file_path: C:\Inetpub\wwwroot\reports
---
file_path: C:\Inetpub\wwwroot\reports

5
collections/ansible_collections/demo/patching/roles/report_windows_patching/defaults/main.yml
View File

@@ -1,3 +1,4 @@
EMAIL_FROM: tower@shadowman.dev
---
email_from: tower@shadowman.dev
to_emails: alex@shadowman.dev,tower@shadowman.dev
EMAIL_TO: "{{ to_emails.split(',') }}"
to_emails_list: "{{ to_emails.split(',') }}"

8
collections/ansible_collections/demo/patching/roles/report_windows_patching/tasks/main.yml
View File

@@ -2,22 +2,22 @@
ansible.windows.win_template:
src: report.j2
dest: "{{ file_path }}/windowspatch.html"
check_mode: no
check_mode: false
- name: Copy CSS over
ansible.windows.win_copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: Copy logo over
ansible.windows.win_copy:
src: "webpage_logo.png"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: Display link to Patch report
ansible.builtin.debug:
msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/windowspatch.html"
msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/windowspatch.html"

3
collections/ansible_collections/demo/patching/roles/report_windows_patching/vars/main.yml
View File

@@ -1 +1,2 @@
file_path: C:\Inetpub\wwwroot\reports
---
file_path: C:\Inetpub\wwwroot\reports

2
collections/ansible_collections/demo/satellite/roles/register_host/defaults/main.yml
View File

@@ -1,4 +1,4 @@
---
instance_name: "{{ inventory_hostname | regex_replace('_','-') }}"
instance_name: "{{ inventory_hostname | regex_replace('_', '-') }}"
activation_key: "{{ 'RHEL' + ansible_distribution_major_version + '_' + env }}"
rex_user: root # "{{ ansible_user }}"

67
collections/ansible_collections/demo/satellite/roles/register_host/tasks/main.yml
View File

@@ -1,67 +1,66 @@
---
- name: verify operating system
assert:
- name: Verify operating system
ansible.builtin.assert:
that:
- ansible_os_family == 'RedHat'
- (ansible_distribution_major_version == '7') or (ansible_distribution_major_version == '8')
- name: set hostname
hostname:
- name: Set hostname
ansible.builtin.hostname:
name: "{{ instance_name }}"
- name: remove rhui client packages
yum:
name:
- google-rhui-client*
- rh-amazon-rhui-client*
state: removed
- name: get current repos
command:
- name: Remove rhui client packages
ansible.builtin.yum:
name:
- google-rhui-client*
- rh-amazon-rhui-client*
state: removed
- name: Get current repos
ansible.builtin.command:
cmd: ls /etc/yum.repos.d/
register: repos
changed_when: False
changed_when: false
- name: remove existing rhui repos
file:
- name: Remove existing rhui repos
ansible.builtin.file:
path: "/etc/yum.repos.d/{{ item }}"
state: absent
loop: "{{ repos.stdout_lines }}"
- name: install satellite certificate
yum:
- name: Install satellite certificate
ansible.builtin.yum:
name: "{{ satellite_url }}/pub/katello-ca-consumer-latest.noarch.rpm"
state: present
validate_certs: no
validate_certs: false
disable_gpg_check: true
- name: register system via subscription-mangler
redhat_subscription:
- name: Register system via subscription-mangler
community.general.redhat_subscription:
state: present
activationkey: "{{ activation_key }}"
consumer_name: "{{ instance_name }}"
org_id: "{{ org_id | default('Default_Organization')}}"
org_id: "{{ org_id | default('Default_Organization') }}"
throttle: 1
- name: include repos
include_vars: "vars/{{ ansible_distribution + ansible_distribution_major_version }}.yml"
- name: Include repos
ansible.builtin.include_vars: "vars/{{ ansible_distribution + ansible_distribution_major_version }}.yml"
- name: enable repos
rhsm_repository:
- name: Enable repos
community.general.rhsm_repository:
name: "{{ rhsm_enabled_repos }}"
state: enabled
- name: install satellite client
yum:
- name: Install satellite client
ansible.builtin.yum:
name:
- katello-host-tools
- katello-host-tools-tracer
state: latest
- name: enable remote execution
authorized_key:
state: installed
- name: Enable remote execution
ansible.posix.authorized_key:
user: "{{ rex_user }}"
state: present
key: "{{ satellite_url }}:9090/ssh/pubkey"
validate_certs: no
validate_certs: false

2
collections/ansible_collections/demo/satellite/roles/register_host/vars/RedHat7.yml
View File

@@ -1,4 +1,4 @@
---
rhsm_enabled_repos:
- rhel-7-server-rpms
#- rhel-7-server-satellite-maintenance-6.11-rpms
# - rhel-7-server-satellite-maintenance-6.11-rpms

3
collections/ansible_collections/demo/satellite/roles/scap_client/meta/main.yml
View File

@@ -1,3 +0,0 @@
galaxy_info:
author: morenod
description: Role created to configure a client to execute openscap policies based on the information obtained from a Red Hat Satellite/Foreman Host.

66
collections/ansible_collections/demo/satellite/roles/scap_client/tasks/main.yaml
View File

@@ -1,85 +1,85 @@
---
- name: Install openscap client packages
yum:
ansible.builtin.yum:
name:
- openscap-scanner
- rubygem-foreman_scap_client
- openscap-scanner
- rubygem-foreman_scap_client
state: present
- name: Get Policy parameters
uri:
ansible.builtin.uri:
url: "{{ foreman_server_url }}/api/v2/compliance/policies"
method: GET
user: "{{ foreman_username }}"
password: "{{ foreman_password }}"
force_basic_auth: yes
password: "{{ foreman_password }}"
force_basic_auth: true
body_format: json
validate_certs: False
validate_certs: false
register: policies
no_log: "{{ foreman_operations_scap_client_secure_logging }}"
- name: Build policy {{ policy_name }} parameters
set_fact:
- name: Build policy {{ policy_name }}
ansible.builtin.set_fact:
policy: "{{ policy | default([]) }} + {{ [item] }}"
loop: "{{policies.json.results}}"
loop: "{{ policies.json.results }}"
when: item.name in policy_name or policy_name == 'all'
- name: Fail if no policy found with required name
fail:
ansible.builtin.fail:
when: policy is not defined
- name: Get scap content information
uri:
url: "{{ foreman_server_url }}/api/v2/compliance/scap_contents/{{item.scap_content_id}}"
ansible.builtin.uri:
url: "{{ foreman_server_url }}/api/v2/compliance/scap_contents/{{ item.scap_content_id }}"
method: GET
user: "{{ foreman_username }}"
password: "{{ foreman_password }}"
force_basic_auth: yes
force_basic_auth: false
body_format: json
validate_certs: False
validate_certs: false
register: scapcontents
loop: "{{ policy }}"
no_log: "{{ foreman_operations_scap_client_secure_logging }}"
- name: Get tailoring content information
uri:
url: "{{ foreman_server_url }}/api/v2/compliance/tailoring_files/{{item.tailoring_file_id}}"
ansible.builtin.uri:
url: "{{ foreman_server_url }}/api/v2/compliance/tailoring_files/{{ item.tailoring_file_id }}"
method: GET
user: "{{ foreman_username }}"
password: "{{ foreman_password }}"
force_basic_auth: yes
force_basic_auth: false
body_format: json
validate_certs: False
validate_certs: false
register: tailoringfiles
when: item.tailoring_file_id | int > 0 | d(False)
loop: "{{ policy }}"
no_log: "{{ foreman_operations_scap_client_secure_logging }}"
- name: Build scap content parameters
set_fact:
scap_content: "{{ scap_content | default({}) | combine({item.json.id: item.json }) }}"
ansible.builtin.set_fact:
scap_content: "{{ scap_content | default({}) | combine({item.json.id: item.json}) }}"
loop: "{{ scapcontents.results }}"
- name: Build tailoring content parameters
set_fact:
tailoring_files: "{{ tailoring_files | default({}) | combine({item.json.id: item.json }) }}"
ansible.builtin.set_fact:
tailoring_files: "{{ tailoring_files | default({}) | combine({item.json.id: item.json}) }}"
when: item.json is defined
loop: "{{ tailoringfiles.results }}"
- name: Apply openscap client configuration template
template:
ansible.builtin.template:
src: openscap_client_config.yaml.j2
dest: /etc/foreman_scap_client/config.yaml
mode: "0644"
owner: root
group: root
#- name: Configure execution crontab
# cron:
# name: "Openscap Execution"
# cron_file: 'foreman_openscap_client'
# job: '/usr/bin/foreman_scap_client {{policy.id}} > /dev/null'
# weekday: "{{crontab_weekdays}}"
# hour: "{{crontab_hour}}"
# minute: "{{crontab_minute}}"
# user: root
# - name: Configure execution crontab
# cron:
# name: "Openscap Execution"
# cron_file: 'foreman_openscap_client'
# job: '/usr/bin/foreman_scap_client {{policy.id}} > /dev/null'
# weekday: "{{crontab_weekdays}}"
# hour: "{{crontab_hour}}"
# minute: "{{crontab_minute}}"
# user: root

2
collections/requirements.yml
View File

@@ -26,7 +26,7 @@ collections:
# satellite
- name: redhat.satellite
version: 3.8.0
#network
# network
- name: cisco.ios
version: 3.1.0
- name: cisco.nxos

9
feedback.yml
View File

@@ -1,13 +1,14 @@
---
- hosts: localhost
gather_facts: no
- name: Submit feedback
hosts: localhost
gather_facts: false
tasks:
- name: Submit Feedback
ansible.builtin.uri:
url: https://docs.google.com/forms/d/e/1FAIpQLSfTq7Dm0hw0sOthHTH2F6wbwwJc-fsJPbn72IZX4CY7p4uGBg/formResponse
method: POST
body: "ifq&entry.1139138403={{ email }} &entry.735882959={{ feedback }}&sumbit=Submit"
- name: Thank you
debug:
ansible.builtin.debug:
msg: Thank you for your feedback!

8
linux/hardening.yml
View File

@@ -3,10 +3,10 @@
hosts: "{{ _hosts | default('web') }}"
become: true
vars:
- harden_firewall: false
- harden_time: false
- harden_ssh: false
- harden_pci: false
harden_firewall: false
harden_time: false
harden_ssh: false
harden_pci: false
tasks:
- name: Configure Firewall

2
linux/insights_compliance_scan.yml
View File

@@ -3,7 +3,7 @@
hosts: "{{ _hosts | default(omit) }}"
become: true
vars:
# compliance_profile: undef
compliance_profile_configured: undef
tasks:
- name: Check OS Type

5
linux/patching.yml
View File

@@ -2,7 +2,6 @@
- name: Linux server patching
hosts: "{{ _hosts | default(omit) }}"
become: true
strategy: linear
vars:
report_server: node1
@@ -23,7 +22,7 @@
when:
- ansible_local.insights.system_id is not defined
- name: Run the Insights Client Scan
- name: Run the Insights Client Scan # noqa: no-changed-when
ansible.builtin.command: insights-client
when:
- not ansible_check_mode
@@ -31,7 +30,7 @@
- name: Deploy report server
delegate_to: "{{ report_server }}"
run_once: true
run_once: true # noqa: run-once[task]
block:
- name: Build report server
ansible.builtin.include_role:

6
linux/tshoot.yml
View File

@@ -4,15 +4,15 @@
become: true
tasks:
- name: Gather recent vmstat info
- name: Gather recent vmstat info # noqa: no-changed-when
ansible.builtin.command: /bin/vmstat 1 5
register: vmstat
- name: Gather top CPU hogs
- name: Gather top CPU hogs # noqa: no-changed-when
ansible.builtin.command: ps -eo user,pid,size,pcpu,cmd --sort=-pcpu
register: pscpu
- name: Gather top memory hogs
- name: Gather top memory hogs # noqa: no-changed-when
ansible.builtin.command: ps -eo user,pid,size,pcpu,cmd --sort=-size
register: pssize

28
network/report.yml
View File

@@ -1,5 +1,5 @@
---
# Re-write of:
# Re-write of:
# https://github.com/network-automation/toolkit/blob/master/playbooks/network_report.yml
# https://github.com/network-automation/toolkit/blob/master/roles/build_report/tasks/main.yml
@@ -26,33 +26,27 @@
gather_network_resources: all
when: ansible_network_os == 'cisco.iosxr.iosxr'
# The dig lookup requires the python 'dnspython' library
# The dig lookup requires the python 'dnspython' library
# - name: Resolve IP address
# ansible.builtin.set_fact:
# ansible_host: "{{ lookup('community.general.dig', inventory_hostname)}}"
- hosts: node1
- name: Create network reports
hosts: "{{ report_server }}"
become: true
vars:
report_server: node1
web_path: /var/www/html/reports/
tasks:
- ansible.builtin.include_role:
- name: Build report server
ansible.builtin.include_role:
name: "{{ item }}"
loop:
- demo.patching.report_server
- demo.patching.build_report_network
- block:
- ansible.builtin.include_role:
name: "{{ item }}"
loop:
- demo.patching.report_server
- demo.patching.build_report_network
- ansible.builtin.include_role:
name: demo.patching.report_server
tasks_from: linux_landing_page
delegate_to: "{{ report_server }}"
run_once: yes
- name: Update landing page
ansible.builtin.include_role:
name: demo.patching.report_server
tasks_from: linux_landing_page

2
network/setup.yml
View File

@@ -81,7 +81,7 @@ controller_templates:
use_fact_cache: true
ask_job_type_on_launch: true
credentials:
- "Workshop Credential"
- "Workshop Credential"
survey_enabled: true
survey:
name: ''

36
satellite/host_vars/satellite.example.com/content_views.yml
View File

@@ -4,26 +4,26 @@ satellite_content_views:
- name: RHEL7
content_view: RHEL7
repositories:
- name: Red Hat Enterprise Linux 7 Server (RPMs)
basearch: x86_64
releasever: 7Server
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Enterprise Linux 7 Server - Extras (RPMs)
basearch: x86_64
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Satellite Tools 6.8 (for RHEL 7 Server) (RPMs)
basearch: x86_64
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Enterprise Linux 7 Server (RPMs)
basearch: x86_64
releasever: 7Server
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Enterprise Linux 7 Server - Extras (RPMs)
basearch: x86_64
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Satellite Tools 6.8 (for RHEL 7 Server) (RPMs)
basearch: x86_64
product: 'Red Hat Enterprise Linux Server'
# Red Hat Enterprise Linux 8
- name: RHEL8
content_view: RHEL8
content_view_update: true
repositories:
- name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
releasever: 8
product: Red Hat Enterprise Linux for x86_64
- name: Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
releasever: 8
product: Red Hat Enterprise Linux for x86_64
- name: Red Hat Satellite Tools 6.8 for RHEL 8 x86_64 (RPMs)
product: Red Hat Enterprise Linux for x86_64
- name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
releasever: 8
product: Red Hat Enterprise Linux for x86_64
- name: Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
releasever: 8
product: Red Hat Enterprise Linux for x86_64
- name: Red Hat Satellite Tools 6.8 for RHEL 8 x86_64 (RPMs)
product: Red Hat Enterprise Linux for x86_64

17
satellite/satellite_promote.yml
View File

@@ -1,7 +1,8 @@
---
- hosts: localhost
- name: Promote content view version
hosts: localhost
connection: local
gather_facts: no
gather_facts: false
vars:
organization: Default Organization
lifecycle_environment: undef
@@ -9,9 +10,9 @@
content_view: undef
tasks:
- name: Promote Content View
redhat.satellite.content_view_version:
content_view: "{{ content_view }}"
organization: "{{ organization }}"
lifecycle_environments: "{{ lifecycle_environment }}"
current_lifecycle_environment: "{{ current_lifecycle_environment }}"
- name: Promote Content View # noqa: args[module] - required parameters provided with environment vars
redhat.satellite.content_view_version:
content_view: "{{ content_view }}"
organization: "{{ organization }}"
lifecycle_environments: "{{ lifecycle_environment }}"
current_lifecycle_environment: "{{ current_lifecycle_environment }}"

15
satellite/satellite_publish.yml
View File

@@ -1,7 +1,8 @@
---
- hosts: localhost
- name: Publish content view version
hosts: localhost
connection: local
gather_facts: no
gather_facts: false
vars:
content_view: undef
env: undef
@@ -11,11 +12,11 @@
publish_retry_interval: 15
tasks:
- name: publish content view
redhat.satellite.content_view_version:
content_view: "{{ content_view }}"
organization: "{{ organization }}"
lifecycle_environments: "{{ lifecycle_environment }}"
- name: Publish content view # noqa: args[module] - required parameters provided with environment vars
redhat.satellite.content_view_version:
content_view: "{{ content_view }}"
organization: "{{ organization }}"
lifecycle_environments: "{{ lifecycle_environment }}"
# async: "{{ publish_timeout }}"
# poll: 0
# register: publish_async

4
satellite/server_openscap.yml
View File

@@ -12,6 +12,8 @@
ansible.builtin.pause: seconds="{{ 5 | random }}"
- name: Run SCAP Scan
ansible.builtin.shell: "/usr/bin/foreman_scap_client {{ item.id }}"
ansible.builtin.command: "/usr/bin/foreman_scap_client {{ item.id }}"
loop: "{{ policy }}"
when: policy_scan == 'all' or item.name in policy_scan
register: scap_cmd_output
failed_when: "'Error' in command_result.stderr"

284
satellite/setup.yml
View File

@@ -51,148 +51,148 @@ controller_credentials:
password: ansible123!
controller_inventory_sources:
- name: Satellite Inventory
inventory: Workshop Inventory
credential: Satellite Inventory
source: satellite6
update_on_launch: false
execution_environment: Control Plane Execution Environment
overwrite: true
source_vars:
hostnames:
- name.split('.')[0]
groups:
patch_bugs: foreman_content_facet_attributes.errata_counts.bugfix
patch_enhancements: foreman_content_facet_attributes.errata_counts.enhancement
patch_security: foreman_content_facet_attributes.errata_counts.security
keyed_groups:
- prefix: env
key: foreman_content_facet_attributes.lifecycle_environment_name
- prefix: cv
key: foreman_content_facet_attributes.content_view_name
- prefix: os
key: foreman_operatingsystem_name
- prefix: scap
key: foreman_compliance_status_label
validate_certs: no
- name: Satellite Inventory
inventory: Workshop Inventory
credential: Satellite Inventory
source: satellite6
update_on_launch: false
execution_environment: Control Plane Execution Environment
overwrite: true
source_vars:
hostnames:
- name.split('.')[0]
groups:
patch_bugs: foreman_content_facet_attributes.errata_counts.bugfix
patch_enhancements: foreman_content_facet_attributes.errata_counts.enhancement
patch_security: foreman_content_facet_attributes.errata_counts.security
keyed_groups:
- prefix: env
key: foreman_content_facet_attributes.lifecycle_environment_name
- prefix: cv
key: foreman_content_facet_attributes.content_view_name
- prefix: os
key: foreman_operatingsystem_name
- prefix: scap
key: foreman_compliance_status_label
validate_certs: false
controller_templates:
- name: LINUX / Register with Satellite
project: Ansible official demo project
playbook: satellite/server_register.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Workshop Credential
- Satellite Credential
extra_vars:
org_id: "Default_Organization"
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
required: false
- question_name: Choose Environment
type: multiplechoice
variable: env
choices:
- Dev
- QA
- Prod
required: true
- name: LINUX / Register with Satellite
project: Ansible official demo project
playbook: satellite/server_register.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Workshop Credential
- Satellite Credential
extra_vars:
org_id: "Default_Organization"
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
required: false
- question_name: Choose Environment
type: multiplechoice
variable: env
choices:
- Dev
- QA
- Prod
required: true
- name: LINUX / Compliance Scan with Satellite
project: Ansible official demo project
playbook: satellite/server_openscap.yml
inventory: Workshop Inventory
execution_environment: Ansible Engine 2.9 execution environment
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
- Workshop Credential
extra_vars:
policy_scan: all
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
required: false
- name: LINUX / Compliance Scan with Satellite
project: Ansible official demo project
playbook: satellite/server_openscap.yml
inventory: Workshop Inventory
execution_environment: Ansible Engine 2.9 execution environment
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
- Workshop Credential
extra_vars:
policy_scan: all
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
required: false
- name: SATELLITE / Publish Content View Version
project: Ansible official demo project
playbook: satellite/satellite_publish.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
extra_vars:
env: Dev
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Select Content View
variable: content_view
type: multiplechoice
choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true
- name: SATELLITE / Publish Content View Version
project: Ansible official demo project
playbook: satellite/satellite_publish.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
extra_vars:
env: Dev
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Select Content View
variable: content_view
type: multiplechoice
choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true
- name: SATELLITE / Promote Content View Version
project: Ansible official demo project
playbook: satellite/satellite_promote.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Select Content View
variable: content_view
type: multiplechoice
choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true
- question_name: Current Lifecycle Environment
variable: current_lifecycle_environment
type: multiplechoice
choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true
- question_name: Next Lifecycle Environment
variable: lifecycle_environment
type: multiplechoice
choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true
- name: SATELLITE / Promote Content View Version
project: Ansible official demo project
playbook: satellite/satellite_promote.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Select Content View
variable: content_view
type: multiplechoice
choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true
- question_name: Current Lifecycle Environment
variable: current_lifecycle_environment
type: multiplechoice
choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true
- question_name: Next Lifecycle Environment
variable: lifecycle_environment
type: multiplechoice
choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true
- name: SETUP / Satellite
project: Ansible official demo project
playbook: satellite/setup_satellite.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
- name: SETUP / Satellite
project: Ansible official demo project
playbook: satellite/setup_satellite.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
controller_launch_jobs:
- name: SETUP
wait: false
@@ -207,7 +207,7 @@ controller_launch_jobs:
######################
satellite_components:
- content_views
#- content_view_publish
# - content_view_publish
- lifecycle_environments
- activation_keys
@@ -219,12 +219,12 @@ satellite_content_views:
- name: RHEL7
content_view: RHEL7
repositories:
- name: Red Hat Enterprise Linux 7 Server RPMs x86_64 7Server
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Enterprise Linux 7 Server - Extras RPMs x86_64
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Satellite Client 6 for RHEL 7 Server RPMs x86_64
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Enterprise Linux 7 Server RPMs x86_64 7Server
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Enterprise Linux 7 Server - Extras RPMs x86_64
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Satellite Client 6 for RHEL 7 Server RPMs x86_64
product: 'Red Hat Enterprise Linux Server'
# Red Hat Enterprise Linux 8
- name: RHEL8
content_view: RHEL8

85
satellite/setup_satellite.yml
View File

@@ -1,54 +1,55 @@
---
- hosts: localhost
gather_facts: no
- name: Setup satellite configuration
hosts: localhost
gather_facts: false
vars_files: setup.yml
vars:
refresh_satellite_manifest: true
tasks:
- name: refresh manifest
redhat.satellite.subscription_manifest:
organization: "Default Organization"
state: refreshed
when: refresh_satellite_manifest
- name: Refresh manifest # noqa: args[module] - required parameters provided with environment vars
redhat.satellite.subscription_manifest:
organization: "Default Organization"
state: refreshed
when: refresh_satellite_manifest
- name: Setup CV
include_role:
name: redhat.satellite.content_views
- name: Setup CV
ansible.builtin.include_role:
name: redhat.satellite.content_views
- name: Publish CV
include_role:
name: redhat.satellite.content_view_publish
vars:
satellite_content_views:
- RHEL7
- RHEL8
- name: Publish CV
ansible.builtin.include_role:
name: redhat.satellite.content_view_publish
vars:
satellite_content_views:
- RHEL7
- RHEL8
- name: Setup Lifecycle Environment
include_role:
name: redhat.satellite.lifecycle_environments
- name: Setup Lifecycle Environment
ansible.builtin.include_role:
name: redhat.satellite.lifecycle_environments
- name: redhat.satellite.content_view_publish CV
redhat.satellite.content_view_version:
organization: "{{ satellite_organization }}"
content_view: "{{ item }}"
lifecycle_environments:
- "{{ item }}_Dev"
- "{{ item }}_QA"
- "{{ item }}_Prod"
loop:
- RHEL7
- RHEL8
- name: Content view publish # noqa: args[module] - required parameters provided with environment vars
redhat.satellite.content_view_version:
organization: "{{ satellite_organization }}"
content_view: "{{ item }}"
lifecycle_environments:
- "{{ item }}_Dev"
- "{{ item }}_QA"
- "{{ item }}_Prod"
loop:
- RHEL7
- RHEL8
- name: Setup activation_keys
include_role:
name: redhat.satellite.activation_keys
- name: Setup activation_keys
ansible.builtin.include_role:
name: redhat.satellite.activation_keys
- name: Add SCAP Tailoring File
redhat.satellite.scap_tailoring_file:
name: RHEL7_STIG
organizations: "{{ satellite_organization }}"
scap_file: "{{ item }}"
loop:
- files/ssg-rhel7-ds-tailoring.xml
- files/ssg-rhel8-ds-tailoring-stig-gui.xml
- name: Add SCAP Tailoring File # noqa: args[module] - required parameters provided with environment vars
redhat.satellite.scap_tailoring_file:
name: RHEL7_STIG
organizations: "{{ satellite_organization }}"
scap_file: "{{ item }}"
loop:
- files/ssg-rhel7-ds-tailoring.xml
- files/ssg-rhel8-ds-tailoring-stig-gui.xml

2
setup_demo.yml
View File

@@ -69,7 +69,7 @@
url: https://docs.google.com/forms/d/e/1FAIpQLSdIZ77YpETjEfGOoYlXtMnQiU-6M7QFlb2hJA4ujo25QYb2jw/formResponse
method: POST
body: "ifq&entry.1569353616={{ demo }} &entry.498055740={{ lookup('ansible.builtin.env', 'AWX_HOST') }}&sumbit=Submit"
ignore_errors: true
ignore_errors: true # noqa: ignore-errors - connectivity should not fail play
- name: Print Message
ansible.builtin.debug:

3
windows/patching.yml
View File

@@ -1,7 +1,6 @@
---
- name: Windows updates
hosts: "{{ _hosts | default('os_windows') }}"
strategy: linear
vars:
report_server: win1
@@ -12,7 +11,7 @@
- name: Build report server
delegate_to: "{{ report_server }}"
run_once: true
run_once: true # noqa: run-once[task]
block:
- name: Install report server
ansible.builtin.include_role: