ptoal/product-demos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lint fixes

Browse Source
This commit is contained in:
willtome
2023-03-07 16:55:34 -05:00
parent 745b755296
commit 40c31d8e6e
64 changed files with 583 additions and 578 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
collections/ansible_collections/demo/cloud/roles/aws/defaults/main.yml
View File

@@ -10,10 +10,10 @@ aws_region: us-east-1
aws_vm_name: "{{ vm_name }}"
aws_vm_owner: "{{ vm_owner }}"
aws_blueprint: "{{ vm_blueprint }}"
#aws_image_filter: "{{ omit }}"
#aws_instance_size: "{{ omit }}"
#aws_image_architecture: "{{ omit }}"
#aws_image_owners: "{{ omit }} "
# aws_image_filter: "{{ omit }}"
# aws_instance_size: "{{ omit }}"
# aws_image_architecture: "{{ omit }}"
# aws_image_owners: "{{ omit }} "
aws_userdata_template: default
aws_keypair_name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-demo-key"
aws_securitygroup_name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-sec-group"
@@ -21,4 +21,3 @@ aws_env_tag: prod
aws_purpose_tag: ansible_demo
aws_ansiblegroup_tag: cloud
aws_ec2_wait: true

44
collections/ansible_collections/demo/cloud/roles/aws/tasks/create_infra.yml
View File

@@ -17,19 +17,19 @@
vpc_id: "{{ aws_vpc.vpc.id }}"
region: "{{ aws_region }}"
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-vpc-igw"
Name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-vpc-igw"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_gateway
- name: Create security group internal
amazon.aws.ec2_group:
amazon.aws.ec2_security_group:
state: present
name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-sec-group"
name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-sec-group"
region: "{{ aws_region }}"
description: Inbound WinRM and RDP, http for demo servers and internal AD ports
description: Inbound WinRM and RDP, http for demo servers and internal AD ports
rules:
- proto: tcp
- proto: tcp
ports:
- 80 # HTTP
- 443 # HTTPS
@@ -42,7 +42,7 @@
from_port: -1
cidr_ip: 0.0.0.0/0
- proto: tcp
ports:
ports:
- 80 # HTTP
- 5986 # WinRM
- 3389 # RDP
@@ -55,27 +55,27 @@
- 464 # Kerberos Authentication
- 5432 # PostgreSQL
- 636 # LDAPS (LDAP over TLS)
- 873 # Rsync
- 3268-3269 # Global Catalog
- 873 # Rsync
- 3268-3269 # Global Catalog
- 1024-65535 # Ephemeral RPC ports
cidr_ip: 10.0.0.0/16
- proto: udp
ports:
- proto: udp
ports:
- 53 # DNS
- 88 # Kerberos Authentication
- 123 # NTP
- 137-138 # Netlogon
- 389 # LDAP
- 137-138 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 1024-65535 # Ephemeral RPC ports
cidr_ip: 10.0.0.0/16
rules_egress:
- proto: -1
- proto: -1
cidr_ip: 0.0.0.0/0
vpc_id: "{{ aws_vpc.vpc.id }}"
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-sec-group"
Name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-sec-group"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
@@ -85,31 +85,31 @@
vpc_id: "{{ aws_vpc.vpc.id }}"
cidr: "{{ aws_subnet_cidr }}"
region: "{{ aws_region }}"
map_public: yes
map_public: true
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-subnet"
Name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-subnet"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_subnet
- name: Create a subnet route table
- name: Create a subnet route table
amazon.aws.ec2_vpc_route_table:
state: present
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
region: "{{ aws_region }}"
subnets:
- "{{ aws_subnet.subnet.id }}"
routes:
- dest: 0.0.0.0/0
- dest: 0.0.0.0/0
gateway_id: "{{ aws_gateway.gateway_id }}"
tags:
Name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-vpc-rtbl"
tags:
Name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-vpc-rtbl"
owner: "{{ aws_vpc_name }}"
purpose: "{{ aws_purpose_tag }}"
- name: Create AWS keypair
amazon.aws.ec2_key:
name: "{{ aws_vpc_name }}-{{aws_vpc_prefix }}-demo-key"
name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-demo-key"
region: "{{ aws_region }}"
key_material: "{{ aws_public_key }}"
state: present

12
collections/ansible_collections/demo/cloud/roles/aws/tasks/create_vm.yml
View File

@@ -7,27 +7,27 @@
register: aws_subnet
- name: AWS | CREATE VM | save subnet id
set_fact:
aws_subnet_id: "{{ aws_subnet.subnets|map(attribute='id')| list | last }}"
ansible.builtin.set_fact:
aws_subnet_id: "{{ aws_subnet.subnets | map(attribute='id') | list | last }}"
- name: AWS| CREATE VM | find ami
amazon.aws.ec2_ami_info:
region: "{{ aws_region }}"
owners: "{{ aws_image_owners | default(omit)}}"
owners: "{{ aws_image_owners | default(omit) }}"
filters:
name: "{{ aws_image_filter }}"
architecture: "{{ aws_image_architecture | default(omit) }}"
register: amis
- name: AWS| CREATE VM | save ami
set_fact:
ansible.builtin.set_fact:
aws_instance_ami: >
{{ (amis.images | selectattr('name', 'defined') | sort(attribute='creation_date'))[-2] }}
- name: AWS| CREATE VM | create instance
amazon.aws.ec2_instance:
network:
assign_public_ip: yes
assign_public_ip: true
key_name: "{{ aws_keypair_name }}"
instance_type: "{{ aws_instance_size }}"
image_id: "{{ aws_instance_ami.image_id }}"
@@ -43,5 +43,5 @@
Name: "{{ aws_vm_name }}"
wait: "{{ aws_ec2_wait }}"
vpc_subnet_id: "{{ aws_subnet_id }}"
user_data: "{{ lookup('template', aws_userdata_template+'.j2', template_vars=dict(aws_vm_name=vm_name)) }}"
user_data: "{{ lookup('template', aws_userdata_template + '.j2', template_vars=dict(aws_vm_name=vm_name)) }}"
register: aws_vm_output

2
collections/ansible_collections/demo/cloud/roles/aws/tasks/destroy_vm.yml
View File

@@ -4,4 +4,4 @@
state: absent
instance_ids: "{{ instance_id }}"
region: "{{ placement.region }}"
delegate_to: localhost
delegate_to: localhost

14
collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml
View File

@@ -4,29 +4,29 @@
state: directory
mode: '0755'
- name: create HTML report
- name: Create HTML report
ansible.builtin.template:
src: report.j2
dest: "{{ file_path }}/network.html"
check_mode: no
check_mode: false
- name: copy CSS over
- name: Copy CSS over
ansible.builtin.copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: copy logos over
- name: Copy logos over
ansible.builtin.copy:
src: "{{ item }}"
src: "{{ item }}"
dest: "{{ file_path }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "router.png"
check_mode: no
check_mode: false
# - name: Display link to Linux patch report
# ansible.builtin.debug:

2
collections/ansible_collections/demo/patching/roles/build_report_network/vars/main.yml
View File

@@ -8,4 +8,4 @@ vendor:
transport:
cliconf: "Network_CLI"
netconf: "NETCONF"
nxapi: "NX-API"
nxapi: "NX-API"

2
collections/ansible_collections/demo/patching/roles/build_report_windows/defaults/main.yml
View File

@@ -1,2 +1,2 @@
---
detailedreport: True
detailedreport: true

12
collections/ansible_collections/demo/patching/roles/build_report_windows/tasks/main.yml
View File

@@ -1,17 +1,17 @@
- name: create HTML report
- name: Create HTML report
ansible.builtin.template:
src: report.j2
dest: "{{ file_path }}/windows.html"
- name: copy CSS over
- name: Copy CSS over
ansible.builtin.copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
- name: copy logos over
- name: Copy logos over
ansible.builtin.copy:
src: "{{ item }}"
src: "{{ item }}"
dest: "{{ file_path }}"
directory_mode: true
loop:
@@ -19,6 +19,6 @@
- "redhat-ansible-logo.svg"
- "server.png"
- name: display link to inventory report
- name: Display link to inventory report
ansible.builtin.debug:
msg: "Please go to http://{{ ansible_host }}/windows.html"
msg: "Please go to http://{{ ansible_host }}/windows.html"

2
collections/ansible_collections/demo/patching/roles/build_report_windows/vars/main.yml
View File

@@ -1 +1 @@
file_path: /var/www/html
file_path: /var/www/html

4
collections/ansible_collections/demo/patching/roles/build_report_windows_patch/defaults/main.yml
View File

@@ -1,3 +1,3 @@
EMAIL_FROM: tower@shadowman.dev
email_from: tower@shadowman.dev
to_emails: alex@shadowman.dev,tower@shadowman.dev
EMAIL_TO: "{{ to_emails.split(',') }}"
to_emails_list: "{{ to_emails.split(',') }}"

10
collections/ansible_collections/demo/patching/roles/build_report_windows_patch/tasks/main.yml
View File

@@ -2,21 +2,21 @@
ansible.builtin.template:
src: report.j2
dest: "{{ file_path }}/windowspatch.html"
check_mode: no
check_mode: false
- name: Copy CSS over
ansible.builtin.copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: Copy logo over
ansible.builtin.copy:
src: "webpage_logo.png"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: Display link to Patch report
ansible.builtin.debug:
@@ -33,6 +33,6 @@
from: "{{ EMAIL_FROM }}"
to: "{{ EMAIL_TO }}"
subtype: html
delegate_to: localhost
delegate_to: localhost
become: false
check_mode: no
check_mode: false

2
collections/ansible_collections/demo/patching/roles/build_report_windows_patch/vars/main.yml
View File

@@ -1 +1 @@
file_path: /var/www/html
file_path: /var/www/html

2
collections/ansible_collections/demo/patching/roles/patch_linux/defaults/main.yml
View File

@@ -1,3 +1,3 @@
---
exclude_packages: []
allow_reboot: true
allow_reboot: true

24
collections/ansible_collections/demo/patching/roles/patch_linux/tasks/main.yml
View File

@@ -1,24 +1,24 @@
---
- name: get packages
- name: Get packages
ansible.builtin.package_facts:
check_mode: no
check_mode: false
- name: get services
- name: Get services
ansible.builtin.service_facts:
check_mode: no
check_mode: false
- name: upgrade packages (yum)
yum:
- name: Upgrade packages (yum)
ansible.builtin.yum:
name: '*'
state: latest
state: latest # noqa: package-latest - Intended to update packages to latest
exclude: "{{ exclude_packages }}"
when: ansible_pkg_mgr == "yum"
register: patchingresult_yum
- name: upgrade packages (dnf)
- name: Upgrade packages (dnf)
ansible.builtin.dnf:
name: '*'
state: latest
state: latest # noqa: package-latest - Intended to update packages to latest
exclude: "{{ exclude_packages }}"
when: ansible_pkg_mgr == "dnf"
register: patchingresult_dnf
@@ -28,10 +28,10 @@
register: result
changed_when: result.rc == 1
failed_when: result.rc > 1
check_mode: no
check_mode: false
- name: Reboot Server if Necessary
ansible.builtin.reboot:
when:
- result.rc == 1
- allow_reboot == true
- result.rc == 1
- allow_reboot == true

2
collections/ansible_collections/demo/patching/roles/patch_windows/defaults/main.yml
View File

@@ -11,4 +11,4 @@ win_update_categories:
- Tools
- UpdateRollups
- Updates
allow_reboot: true
allow_reboot: true

4
collections/ansible_collections/demo/patching/roles/patch_windows/tasks/main.yml
View File

@@ -1,11 +1,11 @@
---
- name: Scan packages
demo.patching.win_scan_packages:
check_mode: no
check_mode: false
- name: Scan Services
demo.patching.win_scan_services:
check_mode: no
check_mode: false
- name: Install Windows Updates
ansible.windows.win_updates:

2
collections/ansible_collections/demo/patching/roles/report_linux/defaults/main.yml
View File

@@ -1,2 +1,2 @@
---
detailedreport: True
detailedreport: true

16
collections/ansible_collections/demo/patching/roles/report_linux/tasks/main.yml
View File

@@ -1,27 +1,27 @@
- name: create HTML report
- name: Create HTML report
ansible.builtin.template:
src: report.j2
dest: "{{ file_path }}/linux.html"
check_mode: no
check_mode: false
- name: copy CSS over
- name: Copy CSS over
ansible.builtin.copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: copy logos over
- name: Copy logos over
ansible.builtin.copy:
src: "{{ item }}"
src: "{{ item }}"
dest: "{{ file_path }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "server.png"
check_mode: no
check_mode: false
- name: display link to inventory report
- name: Display link to inventory report
ansible.builtin.debug:
msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/linux.html"

2
collections/ansible_collections/demo/patching/roles/report_linux/vars/main.yml
View File

@@ -1 +1 @@
file_path: /var/www/html/reports
file_path: /var/www/html/reports

4
collections/ansible_collections/demo/patching/roles/report_linux_patching/defaults/main.yml
View File

@@ -1,3 +1,3 @@
EMAIL_FROM: tower@shadowman.dev
email_from: tower@shadowman.dev
to_emails: alex@shadowman.dev,tower@shadowman.dev
EMAIL_TO: "{{ to_emails.split(',') }}"
to_emails_list: "{{ to_emails.split(',') }}"

34
collections/ansible_collections/demo/patching/roles/report_linux_patching/tasks/main.yml
View File

@@ -2,38 +2,38 @@
ansible.builtin.template:
src: report.j2
dest: "{{ file_path }}/linuxpatch.html"
check_mode: no
check_mode: false
- name: Copy CSS over
ansible.builtin.copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: Copy logo over
ansible.builtin.copy:
src: "webpage_logo.png"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: Display link to Linux patch report
ansible.builtin.debug:
msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/linuxpatch.html"
#- name: Send Report via E-mail
# community.general.mail:
# host: "{{ EMAIL_HOST }}"
# username: "{{ EMAIL_USERNAME }}"
# password: "{{ EMAIL_PASSWORD }}"
# port: "{{ EMAIL_PORT }}"
# subject: "Linux Patching Report"
# body: "{{ lookup('template', 'report.j2') }}"
# from: "{{ EMAIL_FROM }}"
# to: "{{ EMAIL_TO }}"
# subtype: html
# delegate_to: localhost
# become: false
# check_mode: no
# - name: Send Report via E-mail
# community.general.mail:
# host: "{{ EMAIL_HOST }}"
# username: "{{ EMAIL_USERNAME }}"
# password: "{{ EMAIL_PASSWORD }}"
# port: "{{ EMAIL_PORT }}"
# subject: "Linux Patching Report"
# body: "{{ lookup('template', 'report.j2') }}"
# from: "{{ EMAIL_FROM }}"
# to: "{{ EMAIL_TO }}"
# subtype: html
# delegate_to: localhost
# become: false
# check_mode: no

2
collections/ansible_collections/demo/patching/roles/report_linux_patching/vars/main.yml
View File

@@ -1 +1 @@
file_path: /var/www/html/reports
file_path: /var/www/html/reports

25
collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml
View File

@@ -1,22 +1,27 @@
---
- include_vars: "{{ ansible_system }}.yml"
- name: Inlcude system variables
ansible.builtin.include_vars: "{{ ansible_system }}.yml"
- yum:
- name: Install httpd package
ansible.builtin.yum:
name: httpd
state: latest
check_mode: no
state: installed
check_mode: false
- file:
- name: Create reports directory
ansible.builtin.file:
path: "{{ doc_root }}/{{ reports_dir }}"
state: directory
check_mode: no
check_mode: false
- copy:
- name: Copy .htaccess
ansible.builtin.copy:
dest: "{{ doc_root }}/{{ reports_dir }}/.htaccess"
content: Options +Indexes
check_mode: no
check_mode: false
- service:
- name: Install httpd service
ansible.builtin.service:
name: httpd
state: started
check_mode: no
check_mode: false

9
collections/ansible_collections/demo/patching/roles/report_server/tasks/iis.yml
View File

@@ -1,23 +1,24 @@
---
- include_vars: "{{ ansible_system }}.yml"
- name: Include system vars
ansible.builtin.include_vars: "{{ ansible_system }}.yml"
- name: Install IIS
ansible.windows.win_feature:
name: Web-Server
state: present
check_mode: no
check_mode: false
- name: Start IIS service
ansible.windows.win_service:
name: W3Svc
state: started
check_mode: no
check_mode: false
- name: Create Directory
ansible.windows.win_file:
path: "{{ doc_root }}\\{{ reports_dir }}"
state: directory
check_mode: no
check_mode: false
- name: Enable Directory Browsing
ansible.windows.win_powershell:

22
collections/ansible_collections/demo/patching/roles/report_server/tasks/linux_landing_page.yml
View File

@@ -1,34 +1,34 @@
---
- include_vars: "{{ ansible_system }}.yml"
- name: Include system vars
ansible.builtin.include_vars: "{{ ansible_system }}.yml"
- name: get reports
- name: Get reports
ansible.builtin.find:
paths: "{{ doc_root }}/{{ reports_dir }}"
patterns: '*.html'
register: reports
check_mode: no
check_mode: false
- name: publish landing page
- name: Publish landing page
ansible.builtin.template:
src: linux_report.j2
dest: "{{ doc_root }}/index.html"
check_mode: no
check_mode: false
- name: copy CSS over
- name: Copy CSS
ansible.builtin.copy:
src: "css"
dest: "{{ doc_root }}"
directory_mode: true
check_mode: no
check_mode: false
- name: copy logos over
- name: Copy logos
ansible.builtin.copy:
src: "{{ item }}"
src: "{{ item }}"
dest: "{{ doc_root }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "report.png"
check_mode: no
check_mode: false

6
collections/ansible_collections/demo/patching/roles/report_server/tasks/main.yml
View File

@@ -1,6 +1,8 @@
---
- include_tasks: apache.yml
- name: Include Linux tasks
ansible.builtin.include_tasks: apache.yml
when: ansible_system == 'Linux'
- include_tasks: iis.yml
- name: Include Windows tasks
ansible.builtin.include_tasks: iis.yml
when: ansible_system == 'Win32NT'

28
collections/ansible_collections/demo/patching/roles/report_server/tasks/windows_landing_page.yml
View File

@@ -1,34 +1,34 @@
---
- include_vars: "{{ ansible_system }}.yml"
- name: Include system variables
ansible.builtin.include_vars: "{{ ansible_system }}.yml"
- name: get reports
- name: Get reports
ansible.windows.win_find:
paths: "{{ doc_root }}/{{ reports_dir }}"
patterns: '*.html'
register: reports
check_mode: no
check_mode: false
- name: publish landing page
ansible.builtin.win_template:
- name: Publish landing page
ansible.windows.win_template:
src: windows_report.j2
dest: "{{ doc_root }}/index.html"
check_mode: no
check_mode: false
- name: copy CSS over
ansible.builtin.win_copy:
- name: Copy CSS
ansible.windows.win_copy:
src: "css"
dest: "{{ doc_root }}"
directory_mode: true
check_mode: no
check_mode: false
- name: copy logos over
ansible.builtin.win_copy:
src: "{{ item }}"
- name: Copy logos
ansible.windows.win_copy:
src: "{{ item }}"
dest: "{{ doc_root }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "report.png"
check_mode: no
check_mode: false

2
collections/ansible_collections/demo/patching/roles/report_windows/defaults/main.yml
View File

@@ -1,2 +1,2 @@
---
detailedreport: True
detailedreport: true

20
collections/ansible_collections/demo/patching/roles/report_windows/tasks/main.yml
View File

@@ -1,28 +1,28 @@
---
- name: create HTML report
- name: Create HTML report
ansible.windows.win_template:
src: report.j2
dest: "{{ file_path }}/windows.html"
check_mode: no
check_mode: false
- name: copy CSS over
- name: Copy CSS over
ansible.windows.win_copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: copy logos over
- name: Copy logos over
ansible.windows.win_copy:
src: "{{ item }}"
src: "{{ item }}"
dest: "{{ file_path }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "server.png"
check_mode: no
check_mode: false
#- name: display link to inventory report
# ansible.builtin.debug:
# msg: "Please go to http://{{ host_vars[report_server]['ansible_host'] }}/reports/windows.html"
# - name: display link to inventory report
# ansible.builtin.debug:
# msg: "Please go to http://{{ host_vars[report_server]['ansible_host'] }}/reports/windows.html"

3
collections/ansible_collections/demo/patching/roles/report_windows/vars/main.yml
View File

@@ -1 +1,2 @@
file_path: C:\Inetpub\wwwroot\reports
---
file_path: C:\Inetpub\wwwroot\reports

5
collections/ansible_collections/demo/patching/roles/report_windows_patching/defaults/main.yml
View File

@@ -1,3 +1,4 @@
EMAIL_FROM: tower@shadowman.dev
---
email_from: tower@shadowman.dev
to_emails: alex@shadowman.dev,tower@shadowman.dev
EMAIL_TO: "{{ to_emails.split(',') }}"
to_emails_list: "{{ to_emails.split(',') }}"

8
collections/ansible_collections/demo/patching/roles/report_windows_patching/tasks/main.yml
View File

@@ -2,22 +2,22 @@
ansible.windows.win_template:
src: report.j2
dest: "{{ file_path }}/windowspatch.html"
check_mode: no
check_mode: false
- name: Copy CSS over
ansible.windows.win_copy:
src: "css"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: Copy logo over
ansible.windows.win_copy:
src: "webpage_logo.png"
dest: "{{ file_path }}"
directory_mode: true
check_mode: no
check_mode: false
- name: Display link to Patch report
ansible.builtin.debug:
msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/windowspatch.html"
msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/windowspatch.html"

3
collections/ansible_collections/demo/patching/roles/report_windows_patching/vars/main.yml
View File

@@ -1 +1,2 @@
file_path: C:\Inetpub\wwwroot\reports
---
file_path: C:\Inetpub\wwwroot\reports

2
collections/ansible_collections/demo/satellite/roles/register_host/defaults/main.yml
View File

@@ -1,4 +1,4 @@
---
instance_name: "{{ inventory_hostname | regex_replace('_','-') }}"
instance_name: "{{ inventory_hostname | regex_replace('_', '-') }}"
activation_key: "{{ 'RHEL' + ansible_distribution_major_version + '_' + env }}"
rex_user: root # "{{ ansible_user }}"

67
collections/ansible_collections/demo/satellite/roles/register_host/tasks/main.yml
View File

@@ -1,67 +1,66 @@
---
- name: verify operating system
assert:
- name: Verify operating system
ansible.builtin.assert:
that:
- ansible_os_family == 'RedHat'
- (ansible_distribution_major_version == '7') or (ansible_distribution_major_version == '8')
- name: set hostname
hostname:
- name: Set hostname
ansible.builtin.hostname:
name: "{{ instance_name }}"
- name: remove rhui client packages
yum:
name:
- google-rhui-client*
- rh-amazon-rhui-client*
state: removed
- name: get current repos
command:
- name: Remove rhui client packages
ansible.builtin.yum:
name:
- google-rhui-client*
- rh-amazon-rhui-client*
state: removed
- name: Get current repos
ansible.builtin.command:
cmd: ls /etc/yum.repos.d/
register: repos
changed_when: False
changed_when: false
- name: remove existing rhui repos
file:
- name: Remove existing rhui repos
ansible.builtin.file:
path: "/etc/yum.repos.d/{{ item }}"
state: absent
loop: "{{ repos.stdout_lines }}"
- name: install satellite certificate
yum:
- name: Install satellite certificate
ansible.builtin.yum:
name: "{{ satellite_url }}/pub/katello-ca-consumer-latest.noarch.rpm"
state: present
validate_certs: no
validate_certs: false
disable_gpg_check: true
- name: register system via subscription-mangler
redhat_subscription:
- name: Register system via subscription-mangler
community.general.redhat_subscription:
state: present
activationkey: "{{ activation_key }}"
consumer_name: "{{ instance_name }}"
org_id: "{{ org_id | default('Default_Organization')}}"
org_id: "{{ org_id | default('Default_Organization') }}"
throttle: 1
- name: include repos
include_vars: "vars/{{ ansible_distribution + ansible_distribution_major_version }}.yml"
- name: Include repos
ansible.builtin.include_vars: "vars/{{ ansible_distribution + ansible_distribution_major_version }}.yml"
- name: enable repos
rhsm_repository:
- name: Enable repos
community.general.rhsm_repository:
name: "{{ rhsm_enabled_repos }}"
state: enabled
- name: install satellite client
yum:
- name: Install satellite client
ansible.builtin.yum:
name:
- katello-host-tools
- katello-host-tools-tracer
state: latest
- name: enable remote execution
authorized_key:
state: installed
- name: Enable remote execution
ansible.posix.authorized_key:
user: "{{ rex_user }}"
state: present
key: "{{ satellite_url }}:9090/ssh/pubkey"
validate_certs: no
validate_certs: false

2
collections/ansible_collections/demo/satellite/roles/register_host/vars/RedHat7.yml
View File

@@ -1,4 +1,4 @@
---
rhsm_enabled_repos:
- rhel-7-server-rpms
#- rhel-7-server-satellite-maintenance-6.11-rpms
# - rhel-7-server-satellite-maintenance-6.11-rpms

3
collections/ansible_collections/demo/satellite/roles/scap_client/meta/main.yml
View File

@@ -1,3 +0,0 @@
galaxy_info:
author: morenod
description: Role created to configure a client to execute openscap policies based on the information obtained from a Red Hat Satellite/Foreman Host.

66
collections/ansible_collections/demo/satellite/roles/scap_client/tasks/main.yaml
View File

@@ -1,85 +1,85 @@
---
- name: Install openscap client packages
yum:
ansible.builtin.yum:
name:
- openscap-scanner
- rubygem-foreman_scap_client
- openscap-scanner
- rubygem-foreman_scap_client
state: present
- name: Get Policy parameters
uri:
ansible.builtin.uri:
url: "{{ foreman_server_url }}/api/v2/compliance/policies"
method: GET
user: "{{ foreman_username }}"
password: "{{ foreman_password }}"
force_basic_auth: yes
password: "{{ foreman_password }}"
force_basic_auth: true
body_format: json
validate_certs: False
validate_certs: false
register: policies
no_log: "{{ foreman_operations_scap_client_secure_logging }}"
- name: Build policy {{ policy_name }} parameters
set_fact:
- name: Build policy {{ policy_name }}
ansible.builtin.set_fact:
policy: "{{ policy | default([]) }} + {{ [item] }}"
loop: "{{policies.json.results}}"
loop: "{{ policies.json.results }}"
when: item.name in policy_name or policy_name == 'all'
- name: Fail if no policy found with required name
fail:
ansible.builtin.fail:
when: policy is not defined
- name: Get scap content information
uri:
url: "{{ foreman_server_url }}/api/v2/compliance/scap_contents/{{item.scap_content_id}}"
ansible.builtin.uri:
url: "{{ foreman_server_url }}/api/v2/compliance/scap_contents/{{ item.scap_content_id }}"
method: GET
user: "{{ foreman_username }}"
password: "{{ foreman_password }}"
force_basic_auth: yes
force_basic_auth: false
body_format: json
validate_certs: False
validate_certs: false
register: scapcontents
loop: "{{ policy }}"
no_log: "{{ foreman_operations_scap_client_secure_logging }}"
- name: Get tailoring content information
uri:
url: "{{ foreman_server_url }}/api/v2/compliance/tailoring_files/{{item.tailoring_file_id}}"
ansible.builtin.uri:
url: "{{ foreman_server_url }}/api/v2/compliance/tailoring_files/{{ item.tailoring_file_id }}"
method: GET
user: "{{ foreman_username }}"
password: "{{ foreman_password }}"
force_basic_auth: yes
force_basic_auth: false
body_format: json
validate_certs: False
validate_certs: false
register: tailoringfiles
when: item.tailoring_file_id | int > 0 | d(False)
loop: "{{ policy }}"
no_log: "{{ foreman_operations_scap_client_secure_logging }}"
- name: Build scap content parameters
set_fact:
scap_content: "{{ scap_content | default({}) | combine({item.json.id: item.json }) }}"
ansible.builtin.set_fact:
scap_content: "{{ scap_content | default({}) | combine({item.json.id: item.json}) }}"
loop: "{{ scapcontents.results }}"
- name: Build tailoring content parameters
set_fact:
tailoring_files: "{{ tailoring_files | default({}) | combine({item.json.id: item.json }) }}"
ansible.builtin.set_fact:
tailoring_files: "{{ tailoring_files | default({}) | combine({item.json.id: item.json}) }}"
when: item.json is defined
loop: "{{ tailoringfiles.results }}"
- name: Apply openscap client configuration template
template:
ansible.builtin.template:
src: openscap_client_config.yaml.j2
dest: /etc/foreman_scap_client/config.yaml
mode: "0644"
owner: root
group: root
#- name: Configure execution crontab
# cron:
# name: "Openscap Execution"
# cron_file: 'foreman_openscap_client'
# job: '/usr/bin/foreman_scap_client {{policy.id}} > /dev/null'
# weekday: "{{crontab_weekdays}}"
# hour: "{{crontab_hour}}"
# minute: "{{crontab_minute}}"
# user: root
# - name: Configure execution crontab
# cron:
# name: "Openscap Execution"
# cron_file: 'foreman_openscap_client'
# job: '/usr/bin/foreman_scap_client {{policy.id}} > /dev/null'
# weekday: "{{crontab_weekdays}}"
# hour: "{{crontab_hour}}"
# minute: "{{crontab_minute}}"
# user: root