bram/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
root
2024-07-12 12:58:40 +02:00
commit 30fdad3be5
557 changed files with 11142 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,5 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/ansible-community/schemas/main/f/ansible.json#/$defs/tasks": "file:///Users/bramvandendaele/Documents/aperam/ansible/automation/roles/windows_install_files/tasks/main.yml"
}
}

46
OnboardingArc.yml Normal file
View File

@@ -0,0 +1,46 @@
---
- name: "Onboard Windows Servers to Azure Arc-enabled servers with Public endpoint connectivity"
hosts: all
vars:
azure:
service_principal_id: 'ced53ad3-2832-4e85-8034-14d0e30896a3'
service_principal_secret: '{{ secret_arc }}'
resource_group: 'ape-platform-management-arc-prd-rg'
tenant_id: '26845d4f-0cf4-4d08-b717-06b6b7824ec4'
subscription_id: '831ece7a-8318-4861-9a74-789d4d221dd9'
location: 'westeurope'
tasks:
- name: flushdns
ansible.windows.win_command:
cmd: ipconfig /flushdns
- name: Download the Connected Machine Agent on Windows servers
win_get_url:
url: https://aka.ms/AzureConnectedMachineAgent
dest: C:\AzureConnectedMachineAgent.msi
# proxy_url: 10.245.143.7:3128
# when: (ansible_os_family == 'Windows') and (not azcmagent_win_downloaded.stat.exists)
- name: Install the Connected Machine Agent on Windows servers
win_package:
path: C:\AzureConnectedMachineAgent.msi
# when: (ansible_os_family == 'Windows') and (not azcmagent_win_downloaded.stat.exists)
- name: Check if the Connected Machine Agent has already been connected on Windows
win_command: azcmagent check
register: azcmagent_win_connected
# when: ansible_os_family == 'Windows'
ignore_errors: yes
failed_when: (azcmagent_win_connected.rc not in [ 0, 16 ])
changed_when: False
- name: Connect the Connected Machine Agent on Windows servers to Azure Arc
win_shell: azcmagent.exe connect --service-principal-id "{{ azure.service_principal_id }}" --service-principal-secret "{{ azure.service_principal_secret }}" --resource-group "{{ azure.resource_group }}" --tenant-id "{{ azure.tenant_id }}" --location "{{ azure.location }}" --subscription-id "{{ azure.subscription_id }}"
args:
chdir: 'C:\Program Files\AzureConnectedMachineAgent'
# when: (azcmagent_win_connected.rc is defined and azcmagent_win_connected.rc != 0)
# when: (ansible_os_family == 'Windows') and

1
README.md Normal file
View File

@@ -0,0 +1 @@
##test

27
TKM Normal file
View File

@@ -0,0 +1,27 @@
all:
hosts:
children:
windows:
children:
WIN:
hosts:
apeappddc620:
awe-acc-001:
awe-acc-004:
awe-acc-005:
awe-acc-007:
awe-acc-012:
awe-acc-013:
awe-acc-014:
awe-acc-015:
awe-acc-019:
awe-acc-020:
awe-acc-029:
awe-acc-030:
awe-acc-031:
linux:
children:
LIN:
hosts:
awe-app-043:

18
arc_stage-updates.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: Stage updates arc
become_method: runas
hosts: all
tasks:
- name: stage all updates without installing them
ansible.windows.win_updates:
category_names:
- SecurityUpdates
- CriticalUpdates
- DefinitionUpdates
state: downloaded
server_selection: "windows_update"
reboot: false
ignore_unreachable: true

171
aruba_first-playbook.yml Normal file
View File

@@ -0,0 +1,171 @@
# FILEPATH: /Users/bramvandendaele/Documents/aperam/ansible/automation/aruba_first-playbook.yml
# This playbook prepares a switch for REST API, copies the primary image to the secondary slot,
# checks the boot info after the copy, downloads a new image to the primary slot, and reboots the switch.
# This section of the playbook is responsible for downloading a new firmware image to the primary slot of the switch.
# The `arubaoss_file_transfer` module is used to download the firmware from a specified URL.
# The `file_type` is set to "FTT_FIRMWARE" indicating that the file being transferred is a firmware image.
# The `action` is set to "FTA_DOWNLOAD" to download the file.
# SSL is used for the file transfer (`use_ssl: true`) but certificate validation is disabled (`validate_certs: false`).
# The file is downloaded to the primary boot image slot (`boot_image: BI_PRIMARY_IMAGE`).
# This task is only executed if the current boot image is the primary image, the switch type is "YC", and the primary version is not "16.11.0016".
# If the task fails, the playbook continues due to `ignore_errors: true`.
# The next section of the playbook disables the REST interface on the switch and clears the certificate for upgrade.
# The `arubaoss_command` module is used to execute a series of commands on the switch.
# These tasks are only executed if the current boot image is the primary image.
# The playbook then retrieves the boot information after the new firmware has been downloaded using the `aruba_get-boot-info` role.
# Finally, the playbook saves the running configuration to memory using the `write memory` command.
# The switch is scheduled to reload at a specified time and date.
# This task is only executed if the current boot image is the primary image, the primary version is "16.11.0016", and the NTP status is "Synchronized".
# The output of this task is saved to the `output` variable.
---
- name: Setup hosts
#become: true
#become_user: root
#become_method: su
hosts: localhost
roles:
- awx_import-hosts-from-list
### PREPARE SWITCH FOR REST API + OUTPUT BOOT INFO"
- hosts: aruba_hosts
gather_facts: false
collections:
- arubanetworks.aos_switch
- ansible.netcommon
vars:
ansible_connection: network_cli
ansible_command_timeout: 180
# ansible_connection: local
environment:
NETWORK_GROUP_MODULES: arubaoss
ANSIBLE_CONFIG: config/ansible.cfg
roles:
- aruba_prepare-rest
- aruba_get-boot-info
- aruba_get-ntp-info
tasks:
- name: Copy primary to secondary
arubaoss_command:
commands: ['config',
'copy flash flash Secondary']
when: boot == "Primary" and primary_version != "16.11.0016"
# This task copies the primary configuration to the secondary device
# if the boot mode is set to "Primary" and the primary version is not "16.11.0016"
###CHECK BOOT INFO AFTER COPY OF PRIMARY TO SECONDARY###
- hosts: all
gather_facts: false
collections:
- arubanetworks.aos_switch
- ansible.netcommon
vars:
ansible_connection: network_cli
# ansible_connection: local
environment:
NETWORK_GROUP_MODULES: arubaoss
tasks:
- name: Get boot info after copy primary to secondary
ansible.builtin.include_role:
name: aruba_get-boot-info
- name: save running config
arubaoss_command:
commands: ['write memory']
when: boot == "Primary"
###DOWNLOAD NEW IMAGE TO PRIMARY SLOT AND REBOOT###
- hosts: all
collections:
- arubanetworks.aos_switch
- ansible.netcommon
vars:
ansible_connection: local
ansible_command_timeout: 180
environment:
NETWORK_GROUP_MODULES: arubaoss
tasks:
- name: Download and install YA firmware to primary
arubaoss_file_transfer:
file_url: "http://10.245.3.54/test/YA_16_11_0016.swi"
file_type: "FTT_FIRMWARE"
action: "FTA_DOWNLOAD"
use_ssl: true
validate_certs: false
port: 443
boot_image: BI_PRIMARY_IMAGE
ignore_errors: true
when: boot == "Primary" and type == "YA" and primary_version != "16.11.0016"
- name: Download and install YB firmware to primary
arubaoss_file_transfer:
file_url: "http://10.245.3.54/test/YB_16_11_0016.swi"
file_type: "FTT_FIRMWARE"
action: "FTA_DOWNLOAD"
use_ssl: true
validate_certs: false
port: 443
boot_image: BI_PRIMARY_IMAGE
ignore_errors: true
when: boot == "Primary" and type == "YB" and primary_version != "16.11.0016"
- name: Download and install YC firmware to primary
arubaoss_file_transfer:
file_url: "http://10.245.3.54/test/YC_16_11_0016.swi"
file_type: "FTT_FIRMWARE"
action: "FTA_DOWNLOAD"
use_ssl: true
validate_certs: false
port: 443
retries: 3
boot_image: BI_PRIMARY_IMAGE
ignore_errors: true
when: boot == "Primary" and type == "YC" and primary_version != "16.11.0016"
- hosts: all
gather_facts: false
collections:
- arubanetworks.aos_switch
- ansible.netcommon
vars:
ansible_connection: network_cli
ansible_command_timeout: 180
environment:
NETWORK_GROUP_MODULES: arubaoss
tasks:
- name: disable rest
arubaoss_command:
commands: [ 'conf',
'no rest-interface',
'no web-management ssl',
'aaa authentication rest login local none',
'aaa authentication rest enable local none']
when: boot == "Primary"
- name: clear cert
arubaoss_command:
commands:
- command: "conf"
- command: 'crypto pki clear certificate-name upgrade'
prompt:
- '.*Continue.*'
answer:
- y
when: boot == "Primary"
- name: Get boot info after download of new firmware
ansible.builtin.include_role:
name: aruba_get-boot-info
- name: write config to memory and reload on specified timeslot
arubaoss_command:
commands:
- command: 'write memory'
# - command: 'reload after {{reload_time}} {{ reload_date }}'
- command: 'reload at {{reload_time}} {{ reload_date }}'
prompt:
- '.*reboot.*'
answer:
- y
# - command: 'no reload'
when: boot == "Primary" and primary_version == "16.11.0016" and ntp_status == "Synchronized"
register: output
# changed_when: boot == "Primary" and primary_version != "16.11.0016"
#when: boot == "Primary" and primary_version != "16.11.0016"

64
awx_import-hosts-from-list.yml Normal file
View File

@@ -0,0 +1,64 @@
---
- name: Setup hosts
#become: true
#become_user: root
#become_method: su
hosts: localhost
roles:
- awx_import-hosts-from-list
tasks:
- name:
debug:
var: output
# - name: create list
# set_fact:
# namen: []
# - name: add hosts to list
# set_fact:
# namen: "{{ aruba_devices | split('\n') }}"
# - name:
# debug:
# var: namen
# - name: make host group from survey hosts list
# add_host:
# hostname: "{{ item }}"
# groups: aruba_hosts
# ansible_user: sys-switchupgrade
# ansible_password: "{{aruba_pass}}"
# ansible_network_os: arubanetworks.aos_switch.arubaoss
# with_items: "{{namen}}"
# - name: Add inventory
# awx.awx.inventory:
# name: "Aruba hosts (dynamic)"
# description: "Hosts imported from playbook"
# organization: "Aperam"
# state: present
# controller_host: https://awx-prd.aperam.internal
# controller_oauthtoken: "{{oauth}}"
# validate_certs: false
# - name: add hosts to inventory
# awx.awx.host:
# inventory: "Azure Arc enabled hosts (dynamic)"
# name: "{{item}}"
# state: present
# controller_host: https://awx-prd.aperam.internal
# controller_oauthtoken: "{{oauth}}"
# validate_certs: false
# enabled: true
# with_items: "{{namen}}"

133
azure_create-clean-room.yml Normal file
View File

@@ -0,0 +1,133 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
tasks:
## create the resource group
- name: create resource_group
azure_rm_resourcegroup:
name: "rg-clean_room"
location: westeurope
## create the vnet with subnets
- name: Create virtual network vnet-clean_room
azure_rm_virtualnetwork:
resource_group: "rg-clean_room"
name: vnet-clean_room
address_prefixes:
- "10.10.0.0/24"
- "10.245.140.0/22"
dns_servers:
- "10.245.142.82"
- "10.245.142.83"
- name: create nsg
azure.azcollection.azure_rm_securitygroup:
resource_group: "rg-clean_room"
name: nsg-clean-room
rules:
- name: DENYOUTBOUNDINTERNET
protocol: "*"
access: Deny
priority: 100
destination_address_prefix: Internet
direction: Outbound
state: present
- name: Add subnet clean_room
azure_rm_subnet:
resource_group: "rg-clean_room"
name: sn-clean_room
address_prefix: "10.245.140.0/24"
virtual_network: vnet-clean_room
security_group:
name: nsg-clean-room
resource_group: rg-clean_room
- name: Add subnet clean_room1
azure_rm_subnet:
resource_group: "rg-clean_room"
name: sn-clean_room1
address_prefix: "10.245.141.0/24"
virtual_network: vnet-clean_room
security_group:
name: nsg-clean-room
resource_group: rg-clean_room
- name: Add subnet clean_room2
azure_rm_subnet:
resource_group: "rg-clean_room"
name: sn-clean_room2
address_prefix: "10.245.142.0/24"
virtual_network: vnet-clean_room
security_group:
name: nsg-clean-room
resource_group: rg-clean_room
- name: Add subnet clean_room3
azure_rm_subnet:
resource_group: "rg-clean_room"
name: sn-clean_room3
address_prefix: "10.245.143.0/24"
virtual_network: vnet-clean_room
security_group:
name: nsg-clean-room
resource_group: rg-clean_room
- name: Add subnet Azure Bastion
azure_rm_subnet:
resource_group: "rg-clean_room"
name: AzureBastionSubnet
address_prefix: "10.10.0.0/26"
virtual_network: vnet-clean_room
register: bastion_subnet
## create Bastion
- name: Create a public ip address
azure_rm_publicipaddress:
resource_group: "rg-clean_room"
name: bastion_pub_ip
sku: "Standard"
allocation_method: static
- name: get pubip info
azure_rm_publicipaddress_info:
resource_group: "rg-clean_room"
name: bastion_pub_ip
register: pub_ip
#domain_name: foobar
- name: check if bastion host exists
azure.azcollection.azure_rm_bastionhost_info:
name: "Bastion-clean_room"
resource_group: rg-clean_room
register: bastion
- name: Create Bastion host
azure.azcollection.azure_rm_bastionhost:
name: "Bastion-clean_room"
resource_group: "rg-clean_room"
ip_configurations:
- name: bastion-cr_ipconfig
public_ip_address:
id: "{{ pub_ip.publicipaddresses[0].id }}"
subnet:
id: "{{bastion_subnet.state.id}}"
sku:
name: "Standard"
state: present
when: bastion == None
## create staging storage account
- name: create staging storage account
azure_rm_storageaccount:
resource_group: "rg-clean_room"
name: sacleanroomstaging
type: "Standard_LRS"
kind: "StorageV2"
location: westeurope
public_network_access: "Enabled"
- name: Create container VHDS
azure_rm_storageblob:
resource_group: "rg-clean_room"
storage_account_name: sacleanroomstaging
container: vhds
environment:
- AZURE_CLIENT_ID: "{{AZURE_CLIENT_ID}}"
- AZURE_SECRET: "{{AZURE_SECRET}}"
- AZURE_SUBSCRIPTION_ID: "{{AZURE_SUBSCRIPTION_ID}}"
- AZURE_TENANT: "{{AZURE_TENANT}}"

45
azure_create-lin-vm-without-rg.yml Normal file
View File

@@ -0,0 +1,45 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
roles:
- role: azure_createlinvm
tasks:
- name: make host group from survey hosts list
add_host:
hostname: "{{nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address}}"
groups: new_group
ansible_connection: ssh
# become: true
become_method: sudo
ansible_user: ApeAdmin
ansible_ssh_pass: "{{password}}"
environment:
- AZURE_CLIENT_ID: 140ddce1-f5e1-45a3-84e0-38e8ec16e72b
- AZURE_SECRET: "{{secret}}"
- AZURE_SUBSCRIPTION_ID: a7f4215b-c8f8-45ac-8fdd-062c940b02f6
- AZURE_TENANT: 26845d4f-0cf4-4d08-b717-06b6b7824ec4
- name: ping vm
gather_facts: true
# become: false
hosts: new_group
tasks:
- name: ping vm
ansible.builtin.ping:
- name: Onboard vm
gather_facts: true
become: true
become_method: sudo
become_user: root
hosts: new_group
roles:
- role: linux_onboard-adagility
- role: linux_install-checkmk
- role: linux_install-sentinelone

19
azure_create-nsg.yml Normal file
View File

@@ -0,0 +1,19 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
roles:
# - role: linux_update
- role: azure_createRG
- role: azure_create-vnet
- role: azure_createwindowsvm
environment:
- AZURE_CLIENT_ID: 141cd3f9-e466-4086-bfe9-9d6873a84084
- AZURE_SECRET: "{{secret}}"
- AZURE_SUBSCRIPTION_ID: dd4dbc55-c970-4a1f-8ddd-8cb7ae7900dd
- AZURE_TENANT: 03a0b8f2-7896-4d4d-bd81-9d6314ae3e15

18
azure_create-rg.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: azure create resource group
become: true
become_user: root
# become_method: runas
hosts: localhost
roles:
# - role: linux_update
- role: azure_createRG
environment:
#aperam.com
- AZURE_CLIENT_ID: 140ddce1-f5e1-45a3-84e0-38e8ec16e72b
- AZURE_SECRET: "{{secret}}"
- AZURE_SUBSCRIPTION_ID: "{{((sub_id | split(':'))[1]) | trim }}"
- AZURE_TENANT: 26845d4f-0cf4-4d08-b717-06b6b7824ec4

81
azure_create-vm-with-rg-demo.yml Normal file
View File

@@ -0,0 +1,81 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
roles:
- role: azure_createRG
- role: azure_createwindowsvm-demo
tasks:
- name: make host group from survey hosts list
add_host:
hostname: "{{nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address}}"
#hostname: "{{ hostname }}.adagility.net"
groups: new_group
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_user: ApeAdmin
ansible_password: "{{password}}"
ansible_winrm_transport: ntlm
#ansible_user: "{{ansible_user}}"
#ansible_password: "{{ansible_password}}"
- name: create hostgroup for ad group creation
add_host:
hostname: awe-mps-006.adagility.net
groups: ad_group
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_user: "{{ansible_user}}"
ansible_password: "{{ansible_password}}"
ansible_winrm_transport: kerberos
environment:
- AZURE_CLIENT_ID: 141cd3f9-e466-4086-bfe9-9d6873a84084
- AZURE_SECRET: "{{secret}}"
- AZURE_SUBSCRIPTION_ID: dd4dbc55-c970-4a1f-8ddd-8cb7ae7900dd
- AZURE_TENANT: 03a0b8f2-7896-4d4d-bd81-9d6314ae3e15
- name: Onboard vm
gather_facts: no
hosts: new_group
roles:
- role: win_ping
- role: windows_install-check-mk
- role: windows_install-sentinelone
- role: windows_install-windirstat
- role: windows_domain-join
- role: windows_finalize
- name: Create admin group
gather_facts:
hosts: ad_group
tasks:
- name: Create ad security group for Devices
community.windows.win_domain_group:
name: G-MGMT-LA-DEVADM-{{ hostname|upper }}
path: OU=Local_Admin,OU=Device_Privileges,OU=Management_Groups,OU=Aperam,DC=ADAGILITY,DC=NET
domain_username: "{{domain_admin}}"
domain_password: "{{domain_password}}"
state: present
scope: global
- name: Destroy demo RG
become: true
become_user: root
# become_method: runas
hosts: localhost
tasks:
- name: delete RG
azure_rm_resourcegroup:
name: "{{ RG_name }}"
force_delete_nonempty: yes
state: absent
environment:
- AZURE_CLIENT_ID: 141cd3f9-e466-4086-bfe9-9d6873a84084
- AZURE_SECRET: "{{secret}}"
- AZURE_SUBSCRIPTION_ID: dd4dbc55-c970-4a1f-8ddd-8cb7ae7900dd
- AZURE_TENANT: 03a0b8f2-7896-4d4d-bd81-9d6314ae3e15

83
azure_create-vm-with-rg.yml Normal file
View File

@@ -0,0 +1,83 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
roles:
- role: azure_createRG
- role: azure_createwindowsvm
tasks:
- name: make host group from survey hosts list
add_host:
hostname: "{{nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address}}"
#hostname: "{{ hostname }}.adagility.net"
groups: new_group
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_user: ApeAdmin
ansible_password: "{{password}}"
ansible_winrm_transport: ntlm
#ansible_user: "{{ansible_user}}"
#ansible_password: "{{ansible_password}}"
environment:
- AZURE_CLIENT_ID: 141cd3f9-e466-4086-bfe9-9d6873a84084
- AZURE_SECRET: "{{secret}}"
- AZURE_SUBSCRIPTION_ID: dd4dbc55-c970-4a1f-8ddd-8cb7ae7900dd
- AZURE_TENANT: 03a0b8f2-7896-4d4d-bd81-9d6314ae3e15
- name: Onboard vm
gather_facts: no
hosts: new_group
roles:
- role: win_ping
- role: windows_domain-join
- role: windows_install-check-mk
- role: windows_install-sentinelone
- role: windows_install-laps
- role: windows_install-windirstat
- role: windows_finalize
- name: add host to checkmk
hosts: localhost
become: true
become_user: root
tasks:
- name: Add host
tribe29.checkmk.host:
server_url: "https://monitoringeu.aperam.internal/"
site: "monaperam"
automation_user: "ansible"
automation_secret: "TJXTVH@GFYPRNCJCWUMY"
name: "{{ hostname }}.adagility.net"
validate_certs: false
folder: /
state: present
with_inventory_hostnames:
- checkmk_hosts
- name: "Add newly discovered services on host."
tribe29.checkmk.discovery:
server_url: "https://monitoringeu.aperam.internal/"
site: "monaperam"
automation_user: "ansible"
automation_secret: "TJXTVH@GFYPRNCJCWUMY"
host_name: "{{ hostname }}.adagility.net"
state: "new"
validate_certs: false
with_inventory_hostnames:
- checkmk_hosts
- name: "Activate changes on all sites."
tribe29.checkmk.activation:
server_url: "https://monitoringeu.aperam.internal/"
site: "monaperam"
automation_user: "ansible"
automation_secret: "TJXTVH@GFYPRNCJCWUMY"
force_foreign_changes: 'true'
validate_certs: false
run_once: 'true'

93
azure_create-vm-without-rg-workgroup.yml Normal file
View File

@@ -0,0 +1,93 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
roles:
- role: azure_createwindowsvm
tasks:
- name: make host group from survey hosts list
add_host:
hostname: "{{nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address}}"
#hostname: "{{ hostname }}.adagility.net"
groups: new_group
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_user: ApeAdmin
ansible_password: "{{password}}"
ansible_winrm_transport: ntlm
#ansible_user: "{{ansible_user}}"
#ansible_password: "{{ansible_password}}"
- name: create hostgroup for ad group creation
add_host:
hostname: awe-mps-006.adagility.net
groups: ad_group
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_user: "{{ansible_user}}"
ansible_password: "{{ansible_password}}"
ansible_winrm_transport: kerberos
environment:
- AZURE_CLIENT_ID: 140ddce1-f5e1-45a3-84e0-38e8ec16e72b
- AZURE_SECRET: "{{secret}}"
- AZURE_SUBSCRIPTION_ID: a7f4215b-c8f8-45ac-8fdd-062c940b02f6
- AZURE_TENANT: 26845d4f-0cf4-4d08-b717-06b6b7824ec4
- name: Onboard vm
gather_facts: no
hosts: new_group
roles:
- role: win_ping
- role: windows_install-check-mk
- role: windows_install-sentinelone
- role: windows_install-windirstat
# - role: windows_domain-join
- role: windows_finalize
# - role: windows_install-laps
- name: add host to checkmk
hosts: localhost
become: true
become_user: root
tasks:
- name: Add host
tribe29.checkmk.host:
server_url: "https://monitoringeu.aperam.internal/"
site: "monaperam"
automation_user: "ansible"
automation_secret: "TJXTVH@GFYPRNCJCWUMY"
name: "{{hostname}}.adagility.net"
validate_certs: false
folder: /
state: present
with_inventory_hostnames:
- new_group
- name: "Add newly discovered services on host."
tribe29.checkmk.discovery:
server_url: "https://monitoringeu.aperam.internal/"
site: "monaperam"
automation_user: "ansible"
automation_secret: "TJXTVH@GFYPRNCJCWUMY"
host_name: "{{ hostname }}.adagility.net"
state: "new"
validate_certs: false
with_inventory_hostnames:
- new_group
- name: "Activate changes on all sites."
tribe29.checkmk.activation:
server_url: "https://monitoringeu.aperam.internal/"
site: "monaperam"
automation_user: "ansible"
automation_secret: "TJXTVH@GFYPRNCJCWUMY"
force_foreign_changes: 'true'
validate_certs: false
run_once: 'true'

133
azure_create-vm-without-rg.yml Normal file
View File

@@ -0,0 +1,133 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
roles:
- role: azure_createwindowsvm
environment:
- AZURE_CLIENT_ID: 140ddce1-f5e1-45a3-84e0-38e8ec16e72b
- AZURE_SECRET: "{{secret}}"
- AZURE_SUBSCRIPTION_ID: "{{((sub_id | split(':'))[1]) | trim }}"
# - AZURE_SUBSCRIPTION_ID: a7f4215b-c8f8-45ac-8fdd-062c940b02f6
- AZURE_TENANT: 26845d4f-0cf4-4d08-b717-06b6b7824ec4
tasks:
- name: output subscriptionID
debug:
var: "AZURE_SUBSCRIPTION_ID"
- name: make host group from survey hosts list
add_host:
hostname: "{{nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address}}"
#hostname: "{{ hostname }}.adagility.net"
groups: new_group
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_user: ApeAdmin
ansible_password: "{{password}}"
ansible_winrm_transport: ntlm
#ansible_user: "{{ansible_user}}"
#ansible_password: "{{ansible_password}}"
- name: create hostgroup for ad group creation
add_host:
hostname: awe-mps-006.adagility.net
groups: ad_group
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_user: "{{ansible_user}}"
ansible_password: "{{ansible_password}}"
ansible_winrm_transport: kerberos
- name: Onboard vm
gather_facts: no
hosts: new_group
roles:
- role: win_ping
- role: windows_install-check-mk
- role: windows_install-sentinelone
- role: windows_install-windirstat
- role: windows_domain-join
- role: windows_finalize
ansible_user: "{{ansible_user}}"
ansible_password: "{{ansible_password}}"
# - role: windows_install-laps
- name: Create admin group
gather_facts:
hosts: ad_group
tasks:
- name: Create ad security group for Devices
community.windows.win_domain_group:
name: G-MGMT-LA-DEVADM-{{ hostname|upper }}
path: OU=Local_Admin,OU=Device_Privileges,OU=Management_Groups,OU=Aperam,DC=ADAGILITY,DC=NET
domain_username: "{{domain_admin}}"
domain_password: "{{domain_password}}"
domain_server: awe-dcw-004.adagility.net
state: present
scope: global
ignore_errors: true
# - name: add host to security group to use azure updates
# community.windows.win_domain_group_membership:
# identity: GG-GPO-APERAM-SERVERS-AZUREUPDATES
# members: "{{hostname}}$"
# domain_username: "{{domain_admin}}"
# domain_password: "{{domain_password}}"
# domain_server: awe-dcw-004.adagility.net
# state: present
# scope: global
# ignore_errors: true
- name: add host to azure updates group
microsoft.ad.group:
name: GG-GPO-APERAM-SERVERS-AZUREUPDATES
identity: GG-GPO-APERAM-SERVERS-AZUREUPDATES
members:
add:
- "{{hostname}}$"
domain_username: "{{domain_admin}}"
domain_password: "{{domain_password}}"
domain_server: awe-dcw-004.adagility.net
scope: global
ignore_errors: true
- name: add host to checkmk
hosts: localhost
become: true
become_user: root
tasks:
- name: Add host
tribe29.checkmk.host:
server_url: "https://monitoringeu.aperam.internal/"
site: "monaperam"
automation_user: "ansible"
automation_secret: "TJXTVH@GFYPRNCJCWUMY"
name: "{{hostname}}.adagility.net"
validate_certs: false
folder: /
state: present
with_inventory_hostnames:
- new_group
- name: "Add newly discovered services on host."
tribe29.checkmk.discovery:
server_url: "https://monitoringeu.aperam.internal/"
site: "monaperam"
automation_user: "ansible"
automation_secret: "TJXTVH@GFYPRNCJCWUMY"
host_name: "{{ hostname }}.adagility.net"
state: "new"
validate_certs: false
with_inventory_hostnames:
- new_group
- name: "Activate changes on all sites."
tribe29.checkmk.activation:
server_url: "https://monitoringeu.aperam.internal/"
site: "monaperam"
automation_user: "ansible"
automation_secret: "TJXTVH@GFYPRNCJCWUMY"
force_foreign_changes: 'true'
validate_certs: false
run_once: 'true'

69
azure_create-win10vm-without-rg.yml Normal file
View File

@@ -0,0 +1,69 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
roles:
- role: azure_createwindowsvm
environment:
- AZURE_CLIENT_ID: 140ddce1-f5e1-45a3-84e0-38e8ec16e72b
- AZURE_SECRET: "{{secret}}"
- AZURE_SUBSCRIPTION_ID: "{{((sub_id | split(':'))[1]) | trim }}"
# - AZURE_SUBSCRIPTION_ID: a7f4215b-c8f8-45ac-8fdd-062c940b02f6
- AZURE_TENANT: 26845d4f-0cf4-4d08-b717-06b6b7824ec4
tasks:
- name: output subscriptionID
debug:
var: "AZURE_SUBSCRIPTION_ID"
- name: make host group from survey hosts list
add_host:
hostname: "{{nic_info.networkinterfaces[0].ip_configurations[0].private_ip_address}}"
groups: new_group
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_user: ApeAdmin
ansible_password: "{{password}}"
ansible_winrm_transport: ntlm
no_log: True
- name: create hostgroup for ad group creation
add_host:
hostname: awe-mps-006.adagility.net
groups: ad_group
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_user: "{{ansible_user}}"
ansible_password: "{{ansible_password}}"
ansible_winrm_transport: kerberos
no_log: True
- name: Onboard vm
gather_facts: no
hosts: new_group
roles:
- role: win_ping
- role: windows_domain-join
- role: windows_finalize
ansible_user: "{{ansible_user}}"
ansible_password: "{{ansible_password}}"
- name: Create admin group
gather_facts:
hosts: ad_group
tasks:
- name: Create ad security group for Devices
community.windows.win_domain_group:
name: G-MGMT-LA-DEVADM-{{ hostname|upper }}
path: OU=Local_Admin,OU=Device_Privileges,OU=Management_Groups,OU=Aperam,DC=ADAGILITY,DC=NET
domain_username: "{{domain_admin}}"
domain_password: "{{domain_password}}"
domain_server: awe-dcw-004.adagility.net
state: present
scope: global
ignore_errors: true
no_log: true

17
azure_delete-rg.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
roles:
# - role: linux_update
- role: azure_delete-rg
environment:
- AZURE_CLIENT_ID: 141cd3f9-e466-4086-bfe9-9d6873a84084
- AZURE_SECRET: "{{secret}}"
- AZURE_SUBSCRIPTION_ID: dd4dbc55-c970-4a1f-8ddd-8cb7ae7900dd
- AZURE_TENANT: 03a0b8f2-7896-4d4d-bd81-9d6314ae3e15

38
azure_delete-vm.yml Normal file
View File

@@ -0,0 +1,38 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
tasks:
- name: Remove a VM and all resources that were autocreated in azure
azure_rm_virtualmachine:
resource_group: "{{RG_name}}"
name: "{{VM_name}}"
state: absent
environment:
- AZURE_CLIENT_ID: 140ddce1-f5e1-45a3-84e0-38e8ec16e72b
- AZURE_SECRET: "{{secret}}"
- AZURE_SUBSCRIPTION_ID: a7f4215b-c8f8-45ac-8fdd-062c940b02f6
- AZURE_TENANT: 26845d4f-0cf4-4d08-b717-06b6b7824ec4
- name: remove computer object with devadm group
become_method: runas
hosts: all
vars:
ansible_user: "{{sysawxuser}}"
ansible_password: "{{sysawxpass}}"
tasks:
- name: delete devadm group
community.windows.win_domain_group:
name: CN=G-MGMT-LA-DEVADM-{{ VM_name |upper }}, OU=Local_Admin,OU=Device_Privileges,OU=Management_Groups,OU=Aperam,DC=ADAGILITY,DC=NET
domain_username: "{{sysaduser}}"
domain_password: "{{sysadpass}}"
state: absent
ignore_protection: yes
- name: delete computer account
community.windows.win_domain_computer:
name: "{{ VM_name |upper }}"
domain_username: "{{sysaduser}}"
domain_password: "{{sysadpass}}"
state: absent
ignore_protection: yes

17
azure_get-expiring-secrets.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- name: azure get app secrets
become: true
become_user: root
# become_method: runas
hosts: localhost
roles:
# - role: linux_update
- role: azure_get-expiring-tokens-az
environment:
- AZURE_CLIENT_ID: "{{AZURE_CLIENT_ID}}"
- AZURE_SECRET: "{{AZURE_SECRET}}"
- AZURE_SUBSCRIPTION_ID: "{{AZURE_SUBSCRIPTION_ID}}"
- AZURE_TENANT: "{{AZURE_TENANT}}"

21
azure_get-rg-facts.yml Normal file
View File

@@ -0,0 +1,21 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
roles:
# - role: linux_update
- role: azure_get-rg-facts
environment:
#aperam.com
- AZURE_CLIENT_ID: "{{AZURE_CLIENT_ID}}"
- AZURE_SECRET: "{{AZURE_SECRET}}"
- AZURE_SUBSCRIPTION_ID: "{{AZURE_SUBSCRIPTION_ID}}"
- AZURE_TENANT: "{{AZURE_TENANT}}"

55
azure_get-stopped-vms.yml Normal file
View File

@@ -0,0 +1,55 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
# roles:
# - role: azure_createRG
# - role: azure_createwindowsvm-demo
tasks:
- name: get all resource groups
azure_rm_resourcegroup_info:
register: resource_groups
- name: create list
set_fact:
rgs: []
- name: add rg to list
set_fact:
rgs: "{{rgs + [item.name]}}"
with_items: "{{resource_groups.resourcegroups}}"
when: (item.name != "rg-project-testdeploy" or item.name != "databricks-rg-adb_tobias-gfw3cjeh6ynr6" or item.name != "rg-data-datamanagement-prd-02-databricks") and item.location == "westeurope"
- name: Get all facts
azure_rm_virtualmachine_info:
resource_group: "{{item}}"
with_items: "{{ rgs }}"
register: all_facts
ignore_errors: true
# no_log: true
- name: init list
set_fact:
lijstje: []
- name: set RG name
set_fact:
rg_name: "{{item.resource_group}}"
vm_name: "{{item.name}}"
power_state: "{{item.power_state}}"
textje: "The vm {{ item.name }} has power state: {{ item.power_state}}"
lijstje: "{{ lijstje + ['The vm' + item.name + ' has power state:' + item.power_state] }}"
# when: item.name == "{{ vmname }}"
with_items: "{{all_facts.vms}}"
register: output
# no_log: true
- name: get rg_info
debug:
msg: "{{lijstje}}"
# with_items: "{{all_facts.vms}}"
environment:
- AZURE_CLIENT_ID: "{{AZURE_CLIENT_ID}}"
- AZURE_SECRET: "{{AZURE_SECRET}}"
- AZURE_SUBSCRIPTION_ID: "{{AZURE_SUBSCRIPTION_ID}}"
- AZURE_TENANT: "{{AZURE_TENANT}}"

34
azure_get-vminfo.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
gather_facts: no
tasks:
- name: Get all facts
azure_rm_virtualmachine_info:
register: all_facts
no_log: true
- name: set RG name
set_fact:
rg_name: "{{item.resource_group}}"
when: item.name == "{{ vmname }}"
with_items: "{{all_facts.vms}}"
no_log: true
- name: get rg_info
debug:
msg: "The vm {{vmname}} is located in the resource group {{rg_name}}"
environment:
#aperam.com
- AZURE_CLIENT_ID: "{{AZURE_CLIENT_ID}}"
- AZURE_SECRET: "{{AZURE_SECRET}}"
- AZURE_SUBSCRIPTION_ID: "{{AZURE_SUBSCRIPTION_ID}}"
- AZURE_TENANT: "{{AZURE_TENANT}}"

31
azure_restore-to-clean-room.yml Normal file
View File

@@ -0,0 +1,31 @@
---
- name: Get resource group info
become: true
# become_user: root
# become_method: runas
hosts: all
tasks:
- name: Copy VHD from WORM sa to corporate sa
ansible.windows.win_command: powershell.exe -
args:
stdin: |
C:\Windows\System32\azcopy_windows_amd64_10.16.2\azcopy.exe copy --recursive
"https://saapewormsaweprd.blob.core.windows.net/coapewormsaweprd0/?sv=2021-06-08&ss=bfqt&srt=co&sp=rwdlacupiytfx&se=2023-01-31T21:01:05Z&st=2022-11-30T13:01:05Z&spr=https&sig=7HCiPgsEF7LPik0QxPfoDysKNsInZyyk%2BQiKGkgNxfM%3D"
"https://sacleanroomstaging.blob.core.windows.net/vhds/?sv=2021-12-02&ss=bfqt&srt=co&sp=rwdlacupiytfx&se=2024-04-25T16:39:57Z&st=2023-04-25T08:39:57Z&spr=https&sig=o3huUH3%2F0xBXu0FBPuhvKacitPWrLRf7oLYGY9SqYLc%3D"
--include-pattern 'OG_{{ host }}*{{ day }}-{{ month }}-{{ year }}.vhd'
register: output
# async: 1200
# poll: 120
when: sa == 'coapewormsaweprd0'
- name: Copy VHD from WORM sa to corporate sa
ansible.windows.win_command: powershell.exe -
args:
stdin: C:\Windows\System32\azcopy_windows_amd64_10.16.2\azcopy.exe copy --recursive "https://saapewormlaweprd1.blob.core.windows.net/coapewormlaweprd1-0?sp=rl&st=2023-05-25T11:09:20Z&se=2024-05-25T19:09:20Z&spr=https&sv=2022-11-02&sr=c&sig=p4wInyNdaS3dkmuMyqZEB%2BkrHYtT1diM0eEgqE%2FmqY4%3D" "https://sacleanroomstaging.blob.core.windows.net/vhds/?sv=2021-12-02&ss=bfqt&srt=co&sp=rwdlacupiytfx&se=2024-04-25T16:39:57Z&st=2023-04-25T08:39:57Z&spr=https&sig=o3huUH3%2F0xBXu0FBPuhvKacitPWrLRf7oLYGY9SqYLc%3D" --include-pattern 'OG_{{ host }}*{{ day }}-{{ month }}-{{ year }}.vhd'
register: output
# async: 1200
# poll: 120
when: sa == 'saapewormlaweprd1'
- name: Debug output
ansible.builtin.debug:
var: output.stdout

40
azure_restore-vm-from-disk.yml Normal file
View File

@@ -0,0 +1,40 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
tasks:
# ## create the resource group
# - name: create resource_group
# azure_rm_resourcegroup:
# name: "rg-clean_room"
# location: westeurope
# ## create the vnet with subnets
# - name: Create virtual network vnet-clean_room
# azure_rm_virtualnetwork:
# resource_group: "rg-clean_room"
# name: vnet-clean_room
# address_prefixes:
# - "10.10.0.0/24"
# - "10.245.140.0/22"
# dns_servers:
# - "10.245.142.82"
# - "10.245.142.83"
- name: Create managed operating system disk from page blob
azure_rm_manageddisk:
name: awe-tst-003-osdisk
location: westeurope
resource_group: rg-clean_room
create_option: import
source_uri: https://sacleanroomstaging.blob.core.windows.net/vhds/OG_awe-tst-003_OSDISK_Snapshot_MSS-3RD-SUN-0200-AM-LT0_16-4-2023.vhd
storage_account_id: "/subscriptions/5639f350-6bf6-4f6c-b084-52a060aa1f99/resourceGroups/rg-clean_room/providers/Microsoft.Storage/storageAccounts/sacleanroomstaging"
os_type: windows
storage_account_type: Premium_LRS
# disk_size_gb: 128
environment:
- AZURE_CLIENT_ID: "{{AZURE_CLIENT_ID}}"
- AZURE_SECRET: "{{AZURE_SECRET}}"
- AZURE_SUBSCRIPTION_ID: "{{AZURE_SUBSCRIPTION_ID}}"
- AZURE_TENANT: "{{AZURE_TENANT}}"

61
azure_sync-azure-arc-to-local.yml Normal file
View File

@@ -0,0 +1,61 @@
---
- name: get resource group info
become: true
become_user: root
# become_method: runas
hosts: localhost
tasks:
- name: Get facts for one resource group
azure_rm_resourcegroup_info:
name: "ape-platform-management-arc-prd-rg"
list_resources: yes
register: rg_info
- name: create list
set_fact:
namen: []
- name: add to list
set_fact:
namen: "{{namen + (rg_info.resourcegroups[0].resources | selectattr('type', 'eq', 'Microsoft.HybridCompute/machines') | map(attribute='name') | list )}}"
- name:
debug:
var: namen
- name: Add inventory
awx.awx.inventory:
name: "Azure Arc enabled hosts (dynamic)"
description: "Hosts synced from the azure arc prd resource group"
organization: "Aperam"
state: present
controller_host: https://awx-prd.aperam.internal
controller_oauthtoken: "{{oauth}}"
validate_certs: false
- name: add hosts to inventory
awx.awx.host:
inventory: "Azure Arc enabled hosts (dynamic)"
name: "{{item}}"
state: present
controller_host: https://awx-prd.aperam.internal
controller_oauthtoken: "{{oauth}}"
validate_certs: false
enabled: true
with_items: "{{namen}}"
#roles:
# - role: linux_update
# - role: azure_get-rg-facts
# - role: awx_create-inventory-from-list
#environment:
#aperam.com
# - AZURE_CLIENT_ID: "{{AZURE_CLIENT_ID}}"
# - AZURE_SECRET: "{{AZURE_SECRET}}"
# - AZURE_SUBSCRIPTION_ID: "{{AZURE_SUBSCRIPTION_ID}}"
# - AZURE_TENANT: "{{AZURE_TENANT}}"
vars:
- RG_name: ape-platform-management-arc-prd-rg

5
central_fs-ISB-sync.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: push data to WORM
hosts: all
roles:
- role: windows_push-ISB-to-SA

18
central_fs-bootstrap.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: Create needed folders for the central file server
hosts: all
tasks:
- name: set folders
ansible.builtin.set_fact:
folders: ['\\awe-mps-006.adagility.net\cor$\{{ "%Y%m%d" | strftime( ( ansible_date_time.epoch | int ))}}\Infra\',
'\\awe-mps-006.adagility.net\cor$\{{ "%Y%m%d" | strftime( ( ansible_date_time.epoch | int ))}}\Middleware\',
'\\awe-mps-006.adagility.net\cor$\{{ "%Y%m%d" | strftime( ( ansible_date_time.epoch | int ))}}\Infra\Configs\',
'\\awe-mps-006.adagility.net\cor$\{{ "%Y%m%d" | strftime( ( ansible_date_time.epoch | int ))}}\Infra\Configs\AZ_VMINFO\',
'\\awe-mps-006.adagility.net\cor$\{{ "%Y%m%d" | strftime( ( ansible_date_time.epoch | int ))}}\Infra\Configs\PRINTER\',
'\\awe-mps-006.adagility.net\cor$\{{ "%Y%m%d" | strftime( ( ansible_date_time.epoch | int ))}}\Infra\Configs\DHCP\']
- name: create daily folder
ansible.windows.win_file:
path: "{{ item }}"
state: directory
with_items: "{{ folders }}"

120
central_fs-cleanup.yml Normal file
View File

@@ -0,0 +1,120 @@
---
- name: push data to WORM
hosts: all
tasks:
# - name: check if folder isn't empty
# ansible.windows.win_stat:
# path: F:\Data\PON
# register: folderinfo
# environment:
# ponfolder: folderinfo.stat.size
# - name: set fact
# set_fact: ponfolder="{{folderinfo.stat.size}}"
- name: make host group from survey hosts list
add_host:
hostname: "awe-mgt-050.adagility.net"
groups: new_group
ansible_connection: ssh
ansible_port: 22
ansible_user: sys-awx-srvautomate@ADAGILITY.NET
become_user: root
become: yes
ansible_ssh_pass: "{{pass}}"
ansible_sudo_pass: "{{pass}}"
# ponfolder: "{{folderinfo.stat.size}}"
delegate_to: localhost
- name: mount
hosts: new_group
tasks:
- name: mount central file server
ansible.posix.mount:
src: //awe-mps-006.adagility.net/COR$
path: /mnt/smbshare
fstype: cifs
opts: "username=adm-bvandendaele,password={{ passcor }}"
state: mounted
boot: no
become_method: sudo
become: true
- name: check if folder exists
ansible.builtin.stat:
path: /mnt/smbshare
register: state
# - name: check folder content
# ansible.builtin.find:
# paths: "/mnt/smbshare/{{'%Y%m%d' | strftime((ansible_date_time['epoch']|int)-(86400*(item | int))) }}"
# file_type: any
# recurse: no
# with_sequence: start=60 end=30 stride=-1
# register: output
- name: Delete content & directory
ansible.builtin.file:
state: absent
path: "/mnt/smbshare/{{'%Y%m%d' | strftime((ansible_date_time['epoch']|int)-(86400*(item | int))) }}"
with_sequence: start=20 end=3 stride=-1
become: true
# - name: get folder
# ansible.builtin.debug:
# var: output
# - name: create list
# set_fact:
# paths: []
# - name: append paths to list
# set_fact:
# paths: "{{paths + [item.path]}}"
# with_items: "{{output.files}}"
# - name: get items
# debug:
# var: paths
# - name: upload files to blob
# azure.azcollection.azure_rm_storageblob:
# resource_group: rg-project-wormbackup-prd
# storage_account_name: saapewormsprd2prd
# container: coapewormsprd2prd-0
# batch_upload_dst: Data/PON/{{ansible_date_time.year + ansible_date_time.month + ansible_date_time.day}}/test/
# batch_upload_src: /mnt/smbshare/{{ item }}
# auth_source: env
# force: false
# with_items: paths
# when: ponfolder != 0
# - name: clean local folder
# ansible.builtin.file:
# path: "{{item}}"
# state: absent
# with_items: "{{paths}}"
# when: ponfolder != 0
# become: true
environment:
- AZURE_CLIENT_ID: "{{AZURE_CLIENT_ID}}"
- AZURE_SECRET: "{{AZURE_SECRET}}"
- AZURE_SUBSCRIPTION_ID: "{{AZURE_SUBSCRIPTION_ID}}"
- AZURE_TENANT: "{{AZURE_TENANT}}"
# - name: Copy local folder to WORM
# ansible.windows.win_powershell:
# script: |
# C:\Windows\System32\azcopy_windows_amd64_10.16.2\azcopy.exe copy --recursive "F:\Data\COR\$((get-date).AddDays(-1).ToString("yyyyMMdd"))" "https://saapewormsprd2prd.blob.core.windows.net/coapewormsprd2prd-0/Data/COR/?sv=2021-06-08&ss=bfqt&srt=co&sp=rwdlacupiytfx&se=2024-03-03T15:34:11Z&st=2023-03-03T07:34:11Z&spr=https&sig=X4o7LwIgrctnl5M9C%2B4VrI%2FwFp3Ahk049YVN0fgAauU%3D"
# - name: Copy local google drive folder to WORM
# ansible.windows.win_powershell:
# script: |
# C:\Windows\System32\azcopy_windows_amd64_10.16.2\azcopy.exe copy --recursive "E:\Shared drives\Global IT Infrastructure Library\Design Documentation\Network" "https://saapewormsprd2prd.blob.core.windows.net/coapewormsprd2prd-0/Data/COR/$((get-date).AddDays(-1).ToString("yyyyMMdd"))/GDrive/?sv=2021-06-08&ss=bfqt&srt=co&sp=rwdlacupiytfx&se=2024-03-03T15:34:11Z&st=2023-03-03T07:34:11Z&spr=https&sig=X4o7LwIgrctnl5M9C%2B4VrI%2FwFp3Ahk049YVN0fgAauU%3D" --include-pattern '*.vsd;*.vsdx;*.pdf;*.png;*.jpg'

120
central_fs-sync-pon.yml Normal file
View File

@@ -0,0 +1,120 @@
---
- name: push data to WORM
hosts: all
tasks:
- name: check if folder isn't empty
ansible.windows.win_stat:
path: F:\Data\PON
register: folderinfo
environment:
ponfolder: folderinfo.stat.size
- name: set fact
set_fact: ponfolder="{{folderinfo.stat.size}}"
- name: get folder stats
ansible.windows.win_stat:
path: F:\Data\GUE
register: folderinfo1
- name: Copy local folder to WORM
ansible.windows.win_powershell:
script: |
C:\Windows\System32\azcopy_windows_amd64_10.16.2\azcopy.exe copy --recursive "F:\Data\PON\" "https://saapewormsprd2prd.blob.core.windows.net/coapewormsprd2prd-0/Data/PON/{{ansible_date_time.year + ansible_date_time.month + ansible_date_time.day}}/?sv=2021-06-08&ss=bfqt&srt=co&sp=rwdlacupiytfx&se=2024-03-03T15:34:11Z&st=2023-03-03T07:34:11Z&spr=https&sig=X4o7LwIgrctnl5M9C%2B4VrI%2FwFp3Ahk049YVN0fgAauU%3D"
when: ponfolder != 0
- name: make host group from survey hosts list
add_host:
hostname: "awe-mgt-050.adagility.net"
groups: new_group
ansible_connection: ssh
ansible_port: 22
ansible_user: sys-awx-srvautomate@ADAGILITY.NET
become_user: root
become: yes
ansible_ssh_pass: "{{pass}}"
ansible_sudo_pass: "{{pass}}"
ponfolder: "{{folderinfo.stat.size}}"
delegate_to: localhost
- name: mount
hosts: new_group
tasks:
- name: mount central file server
ansible.posix.mount:
src: //awe-mps-006.adagility.net/PON$
path: /mnt/smbshare
fstype: cifs
opts: "username=sys-cfscopier4pon,password={{ passpon }}"
state: mounted
boot: no
become_method: sudo
become: true
- name: check if folder exists
ansible.builtin.stat:
path: /mnt/smbshare
register: state
- name:
debug:
var: ponfolder
- name: check folder content
ansible.builtin.find:
paths: /mnt/smbshare
file_type: any
recurse: yes
register: output
- name: create list
set_fact:
paths: []
- name: append paths to list
set_fact:
paths: "{{paths + [item.path]}}"
with_items: "{{output.files}}"
- name: get items
debug:
var: paths
# - name: upload files to blob
# azure.azcollection.azure_rm_storageblob:
# resource_group: rg-project-wormbackup-prd
# storage_account_name: saapewormsprd2prd
# container: coapewormsprd2prd-0
# batch_upload_dst: Data/PON/{{ansible_date_time.year + ansible_date_time.month + ansible_date_time.day}}/test/
# batch_upload_src: /mnt/smbshare/{{ item }}
# auth_source: env
# force: false
# with_items: paths
# when: ponfolder != 0
- name: clean local folder
ansible.builtin.file:
path: "{{item}}"
state: absent
with_items: "{{paths}}"
when: ponfolder != 0
become: true
environment:
- AZURE_CLIENT_ID: "{{AZURE_CLIENT_ID}}"
- AZURE_SECRET: "{{AZURE_SECRET}}"
- AZURE_SUBSCRIPTION_ID: "{{AZURE_SUBSCRIPTION_ID}}"
- AZURE_TENANT: "{{AZURE_TENANT}}"
# - name: Copy local folder to WORM
# ansible.windows.win_powershell:
# script: |
# C:\Windows\System32\azcopy_windows_amd64_10.16.2\azcopy.exe copy --recursive "F:\Data\COR\$((get-date).AddDays(-1).ToString("yyyyMMdd"))" "https://saapewormsprd2prd.blob.core.windows.net/coapewormsprd2prd-0/Data/COR/?sv=2021-06-08&ss=bfqt&srt=co&sp=rwdlacupiytfx&se=2024-03-03T15:34:11Z&st=2023-03-03T07:34:11Z&spr=https&sig=X4o7LwIgrctnl5M9C%2B4VrI%2FwFp3Ahk049YVN0fgAauU%3D"
# - name: Copy local google drive folder to WORM
# ansible.windows.win_powershell:
# script: |
# C:\Windows\System32\azcopy_windows_amd64_10.16.2\azcopy.exe copy --recursive "E:\Shared drives\Global IT Infrastructure Library\Design Documentation\Network" "https://saapewormsprd2prd.blob.core.windows.net/coapewormsprd2prd-0/Data/COR/$((get-date).AddDays(-1).ToString("yyyyMMdd"))/GDrive/?sv=2021-06-08&ss=bfqt&srt=co&sp=rwdlacupiytfx&se=2024-03-03T15:34:11Z&st=2023-03-03T07:34:11Z&spr=https&sig=X4o7LwIgrctnl5M9C%2B4VrI%2FwFp3Ahk049YVN0fgAauU%3D" --include-pattern '*.vsd;*.vsdx;*.pdf;*.png;*.jpg'

5
central_fs-sync.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: push data to WORM
hosts: all
roles:
- role: windows_push-to-SA

64
checkmk_move-host-to-folder.yml Normal file
View File

@@ -0,0 +1,64 @@
---
- name: run automation for windows
gather_facts: yes
hosts: all
become_method: runas
# roles:
# - windows_install-check-mk
tasks:
- name: Add all hosts running this playbook to the done group
ansible.builtin.add_host:
name: '{{ item }}.adagility.net'
groups: checkmk_hosts
loop: "{{ ansible_play_hosts }}"
- name: Onboard host to checkmk GUI
become: true
become_user: root
hosts: localhost
tasks:
- name:
debug:
var: item
with_inventory_hostnames:
- checkmk_hosts
- name: Add host
tribe29.checkmk.host:
server_url: "https://monitoringeu.aperam.internal/"
site: "monaperam"
automation_user: "ansible"
automation_secret: "TJXTVH@GFYPRNCJCWUMY"
name: "{{item}}"
validate_certs: false
folder: "/{{foldername}}"
state: present
with_inventory_hostnames:
- checkmk_hosts
- name: "Add newly discovered services on host."
tribe29.checkmk.discovery:
server_url: "https://monitoringeu.aperam.internal/"
site: "monaperam"
automation_user: "ansible"
automation_secret: "TJXTVH@GFYPRNCJCWUMY"
host_name: "{{item}}"
state: "new"
validate_certs: false
with_inventory_hostnames:
- checkmk_hosts
- name: "Activate changes on all sites."
tribe29.checkmk.activation:
server_url: "https://monitoringeu.aperam.internal/"
site: "monaperam"
automation_user: "ansible"
automation_secret: "TJXTVH@GFYPRNCJCWUMY"
force_foreign_changes: 'true'
validate_certs: false
run_once: 'true'

39
cisco_test.yml Normal file
View File

@@ -0,0 +1,39 @@
---
- name: test connection and automation for cisco acl
# ansible_connection: ansible.netcommon.network_cli
# ansible_network_os: cisco.ios.ios
# ansible_user: "{{USERNAME}}"
# ansible_password: "{{PASSWORD}}"
# ansible_become: yes
# ansible_become_method: enable
# ansible_become_password: "{{BECOME_PASSWORD}}"
hosts: all
tasks:
# - name: Backup current switch config (ios)
# cisco.ios.ios_config:
# backup: yes
# register: backup_ios_location
# when: ansible_network_os == 'cisco.ios.ios'
- name: Gather all legacy facts
cisco.ios.ios_facts:
gather_subset: all
register: ios_info
- name: output info
debug:
var: "ios_info"
- name: test interface acl ip_configuration
cisco.ios.ios_acl_interfaces:
config:
- name: GigabitEthernet 1/0/10
access_groups:
- afi: ipv4
acls:
- name: PG_to_PLC2
direction: in
state: merged

15
collections/requirements.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
collections:
# - ansible.windows
- name: microsoft.ad
version: 1.3.0
- ansible.netcommon
- arubanetworks.aos_switch
#- community.windows
# - community.general
# - tribe29.checkmk
# - ansible.posix
# - azure.azcollection
roles:
# - eduardolmedeiros.azcopy
# - arubanetworks.aoscx

11
config/ansible.cfg Normal file
View File

@@ -0,0 +1,11 @@
[galaxy]
server_list = galaxy
[galaxy_server.galaxy]
url=https://galaxy.ansible.com/
[defaults]
NETWORK_GROUP_MODULES=arubaoss
host_key_checking = false
stdout_callback = actionable

53
hosts Normal file
View File

@@ -0,0 +1,53 @@
# [onpremwin]
# [onpremlin]
# 10.245.142.148
# 10.245.142.150
# [stage1win]
# [stage2lin]
# [linuxadjoin]
# 10.245.142.77
# [switches]
# 10.231.32.100
# [switches:vars]
# ansible_python_interpreter=/usr/bin/python3
all:
hosts:
children:
onpremwin:
hosts:
awe-mgt-044.adagility.net
vars:
become_method: runas
become: yes
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_transport: kerberos
ansible_winrm_server_cert_validation: ignore
onpremlin:
hosts:
10.245.142.148
10.245.142.150
stage1win:
hosts:
stage2lin:
hosts:
linuxadjoin:
hosts:
10.245.142.77
switches:
hosts:
10.231.32.100
vars:
ansible_python_interpreter: /usr/bin/python3

41
hp.yml Normal file
View File

@@ -0,0 +1,41 @@
---
- name: VLAN Automation with Ansible on HP Com7 Devices
hosts: switches
gather_facts: no
connection: local
tasks:
# - name: ensure VLAN 10 exists
# comware_vlan:
# vlanid: 10
# name: VLAN10_WEB
# descr: LOCALSEGMENT
# username: "{{ username }}"
# password: "{{ password }}"
# hostname: "{{ inventory_hostname }}"
- name: get gather_facts
comware_facts:
username: "acladmin"
password: "0V0FKgngLeLqkPvklm9S"
hostname: "{{ inventory_hostname }}"
- name: enable acl
comware_acl:
aclid: "{{ aclid }}"
state: "{{ state }}"
groupcg: advanced
name: "{{interface}}"
appdirec: "{{ appdirec }}"
username: "acladmin"
password: "0V0FKgngLeLqkPvklm9S"
hostname: "{{ inventory_hostname }}"
- name: save running config
comware_save:
username: "{{ username }}"
password: "{{ password }}"
hostname: "{{ inventory_hostname }}"

9
linux.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: run automation for linux
# become: true
# become_method: runas
hosts: all
roles:
# - role: linux_update
- role: linux_install-sentinelone
# - role: linux_install-checkmk

13
linux_add-host-to-checkmk.yml Normal file
View File

@@ -0,0 +1,13 @@
---
- name: run automation for windows
gather_facts: yes
hosts: all
become_method: runas
roles:
- role: linux_add-host-to-checkmk
vars:
hostname: "{{host_name}}"

14
linux_az-sa-sync.yml Normal file
View File

@@ -0,0 +1,14 @@
---
- name: sync storage account
become: true
become_user: root
# become_method: runas
hosts: all
roles:
# - role: linux_update
- role: linux_sync-sa
vars:
vmhostname: "{{ host }}"
dag: "{{day}}"
maand: "{{month}}"
jaar: "{{year}}"

17
linux_get-az-rginfo.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- name: get resource group info
# become: true
# become_user: root
# become_method: runas
hosts: localhost
roles:
# - role: linux_update
- role: linux_get-az-rginfo
environment:
- AZURE_CLIENT_ID: 141cd3f9-e466-4086-bfe9-9d6873a84084
- AZURE_SECRET: "{{secret}}"
- AZURE_SUBSCRIPTION_ID: dd4dbc55-c970-4a1f-8ddd-8cb7ae7900dd
- AZURE_TENANT: 03a0b8f2-7896-4d4d-bd81-9d6314ae3e15

29
linux_install-checkmk.yml Normal file
View File

@@ -0,0 +1,29 @@
---
- name: run automation for windows
gather_facts: yes
hosts: all
become_method: sudo
roles:
- role: linux_install-checkmk
tasks:
- name: Add all hosts running this playbook to the done group
ansible.builtin.add_host:
name: '{{ item }}.adagility.net'
groups: checkmk_hosts
loop: "{{ ansible_play_hosts }}"
- name: Onboard host to checkmk GUI
become: false
# become_user: root
hosts: localhost
roles:
- role: linux_add-host-to-checkmk
tasks:
- name:
debug:
var: item
with_inventory_hostnames:
- checkmk_hosts

27
linux_onboard.yml Normal file
View File

@@ -0,0 +1,27 @@
---
- name: dynamically add ip of target
become: true
hosts: localhost
gather_facts: no
tasks:
- name: make host group from survey hosts list
add_host:
hostname: "{{ipaddr|trim}}"
groups: new_group
- name: linux Onboard
become: true
# become_method: runas
hosts: new_group,!localhost
roles:
# - role: linux_update
- role: linux_onboard-adagility
vars:
ansible_user: "{{user}}"
ansible_ssh_pass: "{{pass}}"
ansible_become_pass: "{{pass}}"
admin_account: "{{ admin_acc }}"
admin_password: "{{ admin_pass }}"
hostname: "{{ host }}"
tstaccprd: "{{ stage }}"

7
linux_update.yml Normal file
View File

@@ -0,0 +1,7 @@
---
- name: run updates for linux
become: true
become_method: sudo
hosts: all
roles:
- role: linux_update

38
roles/aruba_copy-primary-to-secondary/README.md Normal file
View File

@@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
roles/aruba_copy-primary-to-secondary/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for aruba_copy-primary-to-secondary

2
roles/aruba_copy-primary-to-secondary/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for aruba_copy-primary-to-secondary

55
roles/aruba_copy-primary-to-secondary/meta/main.yml Normal file
View File

@@ -0,0 +1,55 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
collections:
- arubanetworks.aos_switch
- ansible.netcommon

2
roles/aruba_copy-primary-to-secondary/tasks/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# tasks file for aruba_copy-primary-to-secondary

2
roles/aruba_copy-primary-to-secondary/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/aruba_copy-primary-to-secondary/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- aruba_copy-primary-to-secondary

2
roles/aruba_copy-primary-to-secondary/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for aruba_copy-primary-to-secondary

38
roles/aruba_get-boot-info/README.md Normal file
View File

@@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
roles/aruba_get-boot-info/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for aruba_get-boot-info

2
roles/aruba_get-boot-info/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for aruba_get-boot-info

55
roles/aruba_get-boot-info/meta/main.yml Normal file
View File

@@ -0,0 +1,55 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
collections:
- arubanetworks.aos_switch
- ansible.netcommon

29
roles/aruba_get-boot-info/tasks/main.yml Normal file
View File

@@ -0,0 +1,29 @@
---
# tasks file for aruba_get-boot-info
- name: Execute show flash on the switch
arubaoss_command:
commands: ['show flash']
register: flash
- name: set facts for boot images
ansible.builtin.set_fact:
primary: "{{ (flash.stdout_lines[0][2] | split(':'))[1] | trim }}"
primary_version: "{{ (((((flash.stdout_lines[0][2] | split(':'))[1]) | split(' '))[6]) | split('.'))[1:] | join('.') }}"
secondary: "{{ (flash.stdout_lines[0][3] | split(':'))[1] | trim }}"
boot: "{{ (flash.stdout_lines[0][9] | split(':'))[1] | trim }}"
type: "{{ (((((flash.stdout_lines[0][2] | split(':'))[1]) | split(' '))[6]) | split('.'))[0] }}"
- name: show primary boot image version
debug:
var: primary
- name: show secondary boot image version
debug:
var: secondary
- name: show default boot
debug:
var: boot
- name: show type
debug:
var: type
- name: show primary version
debug:
var: primary_version

2
roles/aruba_get-boot-info/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/aruba_get-boot-info/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- aruba_get-boot-info

2
roles/aruba_get-boot-info/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for aruba_get-boot-info

38
roles/aruba_get-ntp-info/README.md Normal file
View File

@@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
roles/aruba_get-ntp-info/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for aruba_get-ntp-info

2
roles/aruba_get-ntp-info/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for aruba_get-ntp-info

55
roles/aruba_get-ntp-info/meta/main.yml Normal file
View File

@@ -0,0 +1,55 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
collections:
- arubanetworks.aos_switch
- ansible.netcommon

13
roles/aruba_get-ntp-info/tasks/main.yml Normal file
View File

@@ -0,0 +1,13 @@
---
# tasks file for aruba_get-boot-info
- name: Execute show ntp on the switch
arubaoss_command:
commands: ['show ntp status']
register: ntp
- name: set facts for boot images
ansible.builtin.set_fact:
ntp_status: "{{ ((((ntp.stdout_lines[0][3]) | split(':'))[1]) | split(' '))[1] }}"
- name: show primary boot image version
debug:
var: ntp_status

2
roles/aruba_get-ntp-info/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/aruba_get-ntp-info/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- aruba_get-ntp-info

2
roles/aruba_get-ntp-info/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for aruba_get-ntp-info

38
roles/aruba_prepare-rest/README.md Normal file
View File

@@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
roles/aruba_prepare-rest/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for aruba_prepare-rest

2
roles/aruba_prepare-rest/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for aruba_prepare-rest

55
roles/aruba_prepare-rest/meta/main.yml Normal file
View File

@@ -0,0 +1,55 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
collections:
- arubanetworks.aos_switch
- ansible.netcommon

16
roles/aruba_prepare-rest/tasks/main.yml Normal file
View File

@@ -0,0 +1,16 @@
---
# tasks file for aruba_prepare-rest
- name: Enable rest api
arubaoss_command:
commands: [ 'config',
'crypto pki identity-profile sys-switchupgrade subject common-name sys-switchupgrade',
'crypto pki enroll-self-signed certificate-name upgrade',
'web-management ssl',
'rest-interface',
'aaa authentication rest login radius local',
'aaa authentication rest enable radius local',
'ip dns domain-name "adagility.net"',
'ip dns server-address priority 1 10.245.142.82',
'ip dns server-address priority 2 10.245.3.40']

2
roles/aruba_prepare-rest/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/aruba_prepare-rest/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- aruba_prepare-rest

2
roles/aruba_prepare-rest/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for aruba_prepare-rest

29
roles/awx_create-inventory-from-list/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

38
roles/awx_create-inventory-from-list/README.md Normal file
View File

@@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
roles/awx_create-inventory-from-list/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for awx_create-inventory-from-list

2
roles/awx_create-inventory-from-list/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for awx_create-inventory-from-list

52
roles/awx_create-inventory-from-list/meta/main.yml Normal file
View File

@@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

22
roles/awx_create-inventory-from-list/tasks/main.yml Normal file
View File

@@ -0,0 +1,22 @@
---
# tasks file for awx_create-inventory-from-list
- name: Add inventory
awx.awx.inventory:
name: "Azure Arc enabled hosts (dynamic)"
description: "Hosts synced from the azure arc prd resource group"
organization: "Aperam"
state: present
controller_host: https://awx-prd.aperam.internal
controller_oauthtoken: "{{oauth}}"
validate_certs: false
- name: add hosts to inventory
awx.awx.host:
inventory: "Azure Arc enabled hosts (dynamic)"
name: "{{item}}"
state: present
controller_host: https://awx-prd.aperam.internal
controller_oauthtoken: "{{oauth}}"
validate_certs: false
enabled: true
with_items: "{{namen}}"

2
roles/awx_create-inventory-from-list/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/awx_create-inventory-from-list/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- awx_create-inventory-from-list

2
roles/awx_create-inventory-from-list/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for awx_create-inventory-from-list

38
roles/awx_import-hosts-from-list/README.md Normal file
View File

@@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
roles/awx_import-hosts-from-list/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for awx_import-hosts-from-list

2
roles/awx_import-hosts-from-list/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for awx_import-hosts-from-list

34
roles/awx_import-hosts-from-list/meta/main.yml Normal file
View File

@@ -0,0 +1,34 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

22
roles/awx_import-hosts-from-list/tasks/main.yml Normal file
View File

@@ -0,0 +1,22 @@
---
# tasks file for awx_import-hosts-from-list
- name: create list
set_fact:
namen: []
- name: add hosts to list
set_fact:
namen: "{{ aruba_devices | split('\n') }}"
- name:
debug:
var: namen
- name: make host group from survey hosts list
add_host:
hostname: "{{ item }}"
groups: aruba_hosts
ansible_user: sys-switchupgrade
ansible_password: "{{aruba_pass}}"
ansible_network_os: arubanetworks.aos_switch.arubaoss
with_items: "{{namen}}"
no_log: true

2
roles/awx_import-hosts-from-list/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/awx_import-hosts-from-list/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- awx_import-hosts-from-list

2
roles/awx_import-hosts-from-list/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for awx_import-hosts-from-list

29
roles/azure_create-vnet/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

38
roles/azure_create-vnet/README.md Normal file
View File

@@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
roles/azure_create-vnet/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for azure_create-vnet

2
roles/azure_create-vnet/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for azure_create-vnet

52
roles/azure_create-vnet/meta/main.yml Normal file
View File

@@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

14
roles/azure_create-vnet/tasks/main.yml Normal file
View File

@@ -0,0 +1,14 @@
---
# tasks file for azure_create-vnet
- name: Create virtual network
azure_rm_virtualnetwork:
resource_group: "{{RG_name}}"
name: vNet
address_prefixes: "10.0.0.0/16"
- name: Add subnet
azure_rm_subnet:
resource_group: "{{RG_name}}"
name: subnet
address_prefix: "10.0.1.0/24"
virtual_network: vNet

2
roles/azure_create-vnet/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/azure_create-vnet/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- azure_create-vnet

Some files were not shown because too many files have changed in this diff Show More