From 99a6ff6dbfb5c61383d4cf09c06584f440bc6649 Mon Sep 17 00:00:00 2001 From: willtome Date: Fri, 11 Feb 2022 08:26:04 -0600 Subject: [PATCH] add playbooks --- linux/ec2_register.yml | 3 +- linux/inventory.insights.yml | 13 ++++ linux/patching.yml | 20 +++++ linux/run_script.yml | 14 ++++ linux/service_start.yml | 14 ++++ linux/service_stop.yml | 14 ++++ linux/setup.yml | 144 ++++++++++++++++++++++++++++++++++- linux/temp_sudo.yml | 41 ++++++++++ linux/tshoot.yml | 29 +++++++ setup_demo.yml | 11 ++- 10 files changed, 299 insertions(+), 4 deletions(-) create mode 100644 linux/inventory.insights.yml create mode 100644 linux/patching.yml create mode 100644 linux/run_script.yml create mode 100644 linux/service_start.yml create mode 100644 linux/service_stop.yml create mode 100644 linux/temp_sudo.yml create mode 100644 linux/tshoot.yml diff --git a/linux/ec2_register.yml b/linux/ec2_register.yml index e8fa1f7..d858659 100644 --- a/linux/ec2_register.yml +++ b/linux/ec2_register.yml @@ -49,4 +49,5 @@ name: redhat.insights.insights_client vars: insights_tags: - env: "{{ env }}" \ No newline at end of file + env: "{{ env }}" + purpose: demo \ No newline at end of file diff --git a/linux/inventory.insights.yml b/linux/inventory.insights.yml new file mode 100644 index 0000000..7d65487 --- /dev/null +++ b/linux/inventory.insights.yml @@ -0,0 +1,13 @@ +--- +plugin: redhat.insights.insights +get_patches: yes +groups: + patch_bugs: insights_patching.rhba_count > 0 + patch_enhancements: insights_patching.rhea_count > 0 + patch_security: insights_patching.rhsa_count > 0 +get_tags: False +filter_tags: + - insights-client/purpose=demo +keyed_groups: + - key: insights_tags['insights-client'] + prefix: insights diff --git a/linux/patching.yml b/linux/patching.yml new file mode 100644 index 0000000..3f5f4a0 --- /dev/null +++ b/linux/patching.yml @@ -0,0 +1,20 @@ +--- +- name: Apply Non-kernel Updates + hosts: "{{ HOSTS }}" + become: true + + tasks: + - name: upgrade all packages except kernel + yum: + name: '*' + state: latest + exclude: kernel* + tags: all + + - name: upgrade all packages security related except kernel + yum: + name: '*' + state: latest + security: true + exclude: kernel* + tags: security diff --git a/linux/run_script.yml b/linux/run_script.yml new file mode 100644 index 0000000..a90228b --- /dev/null +++ b/linux/run_script.yml @@ -0,0 +1,14 @@ +--- +- name: Run Shell Script + hosts: "{{ HOSTS }}" + become: yes + gather_facts: no + vars: + shell_script: undef + + tasks: + - name: Run Shell Script + shell: "{{ shell_script }}" + + - debug: + msg: You should really consider converting this script to a playbook! \ No newline at end of file diff --git a/linux/service_start.yml b/linux/service_start.yml new file mode 100644 index 0000000..81979ea --- /dev/null +++ b/linux/service_start.yml @@ -0,0 +1,14 @@ +--- +- hosts: "{{ HOSTS }}" + vars: + service_name: undef + + tasks: + - name: Check Service + service_facts: + + - name: Start Service + service: + name: "{{ service_name }}" + state: started + when: service_name + '.service' in services diff --git a/linux/service_stop.yml b/linux/service_stop.yml new file mode 100644 index 0000000..4ab01b1 --- /dev/null +++ b/linux/service_stop.yml @@ -0,0 +1,14 @@ +--- +- hosts: "{{ HOSTS }}" + vars: + service_name: undef + + tasks: + - name: Check Service + service_facts: + + - name: Stop Service + service: + name: "{{ service_name }}" + state: stopped + when: service_name + '.service' in services \ No newline at end of file diff --git a/linux/setup.yml b/linux/setup.yml index 5b4b022..d25df92 100644 --- a/linux/setup.yml +++ b/linux/setup.yml @@ -1,8 +1,16 @@ --- -controller_validate_certs: false +user_message: | + Be sure to update the activation_key and org_id extra variables for LINUX /Register controller_components: + - projects - job_templates +controller_projects: + - name: Fact Scan + organization: Default + scm_type: git + scm_url: 'https://github.com/ansible/awx-facts-playbooks.git' + controller_templates: - name: "LINUX / Register" job_type: run @@ -32,3 +40,137 @@ controller_templates: - QA - Prod required: true + - name: "LINUX / Troubleshoot" + job_type: run + inventory: "Workshop Inventory" + project: "Ansible official demo project" + playbook: "linux/tshoot.yml" + execution_environment: Default execution environment + use_fact_cache: true + credentials: + - "Workshop Credential" + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Server Name or Pattern + type: text + variable: HOSTS + required: true + - name: "LINUX / Temporary Sudo" + job_type: run + inventory: "Workshop Inventory" + project: "Ansible official demo project" + playbook: "linux/temp_sudo.yml" + execution_environment: Default execution environment + credentials: + - "Workshop Credential" + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Server Name or Pattern + type: text + variable: HOSTS + required: true + - question_name: User Name + type: text + variable: sudo_user + required: true + - question_name: How long to grant access in minutes + type: text + variable: sudo_time + - name: "LINUX / Patching" + job_type: run + inventory: "Workshop Inventory" + project: "Ansible official demo project" + playbook: "linux/patching.yml" + execution_environment: Default execution environment + use_fact_cache: true + credentials: + - "Workshop Credential" + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Server Name or Pattern + type: text + variable: HOSTS + required: true + - name: "LINUX / Start Service" + job_type: run + inventory: "Workshop Inventory" + project: "Ansible official demo project" + playbook: "linux/start_service.yml" + execution_environment: Default execution environment + use_fact_cache: true + credentials: + - "Workshop Credential" + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Server Name or Pattern + type: text + variable: HOSTS + required: true + - question_name: Service Name + type: text + variable: service_name + required: true + - name: "LINUX / Stop Service" + job_type: run + inventory: "Workshop Inventory" + project: "Ansible official demo project" + playbook: "linux/stop_service.yml" + execution_environment: Default execution environment + use_fact_cache: true + credentials: + - "Workshop Credential" + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Server Name or Pattern + type: text + variable: HOSTS + required: true + - question_name: Service Name + type: text + variable: service_name + required: true + - name: "LINUX / Run Shell Script" + job_type: run + inventory: "Workshop Inventory" + project: "Ansible official demo project" + playbook: "linux/run_script.yml" + execution_environment: Default execution environment + credentials: + - "Workshop Credential" + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Server Name or Pattern + type: text + variable: HOSTS + required: true + - question_name: Service Name + type: block + variable: shell_script + required: true + - name: "LINUX / Fact Scan" + project: Fact Scan + playbook: scan_facts.yml + inventory: Workshop Inventory + execution_environment: Default execution environment + ask_limit_on_launch: true + use_fact_cache: true + credentials: + - Workshop Credential diff --git a/linux/temp_sudo.yml b/linux/temp_sudo.yml new file mode 100644 index 0000000..cec7ced --- /dev/null +++ b/linux/temp_sudo.yml @@ -0,0 +1,41 @@ +--- +- name: Temporary Sudo + hosts: "{{ HOSTS }}" + become: yes + gather_facts: no + vars: + sudo_cleanup: true + sudo_user: undef + sudo_time: 10 + sudo_units: minutes + + tasks: + - name: Check if sudo user exists on system + getent: + database: passwd + key: "{{ sudo_user }}" + + - name: Check Cleanup package + yum: + name: at + state: latest + + - name: Check Cleanup Service + service: + name: atd + state: started + + - name: Create Sudo Rule + copy: + dest: "/etc/sudoers.d/{{ sudo_user }}" + owner: root + group: root + mode: 0640 + content: "{{ sudo_user }} ALL=(ALL) NOPASSWD:ALL" + + - name: Set Permission Cleanup + at: + command: "rm /etc/sudoers.d/{{ sudo_user }}" + count: "{{ sudo_time }}" + units: "{{ sudo_units }}" + when: sudo_cleanup|bool diff --git a/linux/tshoot.yml b/linux/tshoot.yml new file mode 100644 index 0000000..51c3499 --- /dev/null +++ b/linux/tshoot.yml @@ -0,0 +1,29 @@ +--- +- name: gather debug info + hosts: "{{ HOSTS }}" + become: yes + + tasks: + - name: Gather recent vmstat info + command: /bin/vmstat 1 5 + register: vmstat + + - name: Gather top CPU hogs + command: ps -eo user,pid,size,pcpu,cmd --sort=-pcpu + register: pscpu + + - name: Gather top memory hogs + command: ps -eo user,pid,size,pcpu,cmd --sort=-size + register: pssize + + - name: Swap + wait states + debug: + var: vmstat.stdout_lines + + - name: Top 3 CPU hogs + debug: + var: pscpu.stdout_lines[:4] + + - name: Top 3 memory hogs + debug: + var: pssize.stdout_lines[:4] \ No newline at end of file diff --git a/setup_demo.yml b/setup_demo.yml index 7593796..25accf5 100644 --- a/setup_demo.yml +++ b/setup_demo.yml @@ -3,11 +3,18 @@ gather_facts: no vars_files: - "{{demo}}/setup.yml" + vars: + controller_validate_certs: false tasks: - - name: setup components + - name: Setup Components include_role: name: "redhat_cop.controller_configuration.{{ item }}" loop: "{{ controller_components }}" when: - - controller_components | d("") | length > 0 \ No newline at end of file + - controller_components | d("") | length > 0 + + - name: Print Message + debug: + msg: "{{ user_message }}" + when: user_message is defined \ No newline at end of file