From 5df550669aabbddf0004ccf87ebcfa11a27ff469 Mon Sep 17 00:00:00 2001 From: Ethan Paul <24588726+enpaul@users.noreply.github.com> Date: Fri, 4 Dec 2020 14:47:03 -0500 Subject: [PATCH] Remove legacy content from remote --- _legacy/groups/all.yml | 8 -- _legacy/groups/cloud.yml | 12 -- _legacy/groups/servers.yml | 12 -- _legacy/groups/vms.yml | 12 -- _legacy/groups/workstations.yml | 12 -- _legacy/hosts/apex.yml | 6 - _legacy/hosts/inerro.tre2.local.yml | 8 -- _legacy/hosts/jupiter.net.enp.one.yml | 20 --- _legacy/hosts/nimbus-1.net.enp.one.yml | 6 - _legacy/hosts/novis.tre2.local.yml | 5 - _legacy/hosts/omega.tre2.local.yml | 6 - _legacy/hosts/remus.net.enp.one.yml | 9 -- _legacy/hosts/romulus.net.enp.one.yml | 10 -- _legacy/hosts/router.net.enp.one.yml | 33 ----- _legacy/hosts/serico-nox.tre2.local.yml | 8 -- _legacy/hosts/vigil-nox.tre2.local.yml | 8 -- _legacy/hosts/vm-db-maria.net.enp.one.yml | 5 - _legacy/hosts/vm-db-mysql.net.enp.one.yml | 5 - .../hosts/vm-db-prometheus.net.enp.one.yml | 5 - _legacy/hosts/vm-dev-nginx.net.enp.one.yml | 6 - .../hosts/vm-host-bitwarden.net.enp.one.yml | 9 -- _legacy/hosts/vm-host-gitea.net.enp.one.yml | 9 -- .../hosts/vm-host-minecraft.net.enp.one.yml | 9 -- .../hosts/vm-host-nextcloud.net.enp.one.yml | 9 -- _legacy/hosts/vm-host-plex.net.enp.one.yml | 6 - _legacy/playbooks/backup.yml | 0 _legacy/playbooks/initialize.yml | 32 ----- _legacy/playbooks/provision-hypervisor.yml | 0 _legacy/playbooks/provision-server.yml | 0 .../playbooks/provision-virtual-machine.yml | 26 ---- _legacy/playbooks/provision-workstation.yml | 0 _legacy/playbooks/templates/motd.j2 | 7 - _legacy/playbooks/templates/network.j2 | 8 -- _legacy/playbooks/update-system.yml | 26 ---- _legacy/playbooks/update-users-local.yml | 132 ------------------ _legacy/playbooks/update-users-network.yml | 59 -------- _legacy/playbooks/update.yml | 5 - _legacy/roles/ldap_host/tasks/main.yml | 12 -- _legacy/roles/ovirt/tasks/install.yml | 36 ----- _legacy/tasks/centos.yml | 0 _legacy/tasks/centos/bindings.yml | 20 --- _legacy/tasks/centos/networkd.yml | 8 -- _legacy/tasks/centos/packages.yml | 9 -- _legacy/tasks/centos/repositories.yml | 31 ---- _legacy/tasks/fedora/bindings.yml | 10 -- _legacy/tasks/fedora/networkd.yml | 8 -- _legacy/tasks/fedora/packages.yml | 9 -- _legacy/tasks/networkd.yml | 55 -------- _legacy/tasks/networkd/config.yml | 22 --- _legacy/tasks/networkd/services.yml | 38 ----- _legacy/tasks/preprocess-local-users.yml | 39 ------ _legacy/tasks/sshd/banner.yml | 14 -- _legacy/tasks/sshd/disable-password-auth.yml | 21 --- _legacy/tasks/tasks | 1 - _legacy/vars/global.yml | 2 - _legacy/vars/network.yml | 27 ---- _legacy/vars/packages.yml | 28 ---- 57 files changed, 923 deletions(-) delete mode 100644 _legacy/groups/all.yml delete mode 100644 _legacy/groups/cloud.yml delete mode 100644 _legacy/groups/servers.yml delete mode 100644 _legacy/groups/vms.yml delete mode 100644 _legacy/groups/workstations.yml delete mode 100644 _legacy/hosts/apex.yml delete mode 100644 _legacy/hosts/inerro.tre2.local.yml delete mode 100644 _legacy/hosts/jupiter.net.enp.one.yml delete mode 100644 _legacy/hosts/nimbus-1.net.enp.one.yml delete mode 100644 _legacy/hosts/novis.tre2.local.yml delete mode 100644 _legacy/hosts/omega.tre2.local.yml delete mode 100644 _legacy/hosts/remus.net.enp.one.yml delete mode 100644 _legacy/hosts/romulus.net.enp.one.yml delete mode 100644 _legacy/hosts/router.net.enp.one.yml delete mode 100644 _legacy/hosts/serico-nox.tre2.local.yml delete mode 100644 _legacy/hosts/vigil-nox.tre2.local.yml delete mode 100644 _legacy/hosts/vm-db-maria.net.enp.one.yml delete mode 100644 _legacy/hosts/vm-db-mysql.net.enp.one.yml delete mode 100644 _legacy/hosts/vm-db-prometheus.net.enp.one.yml delete mode 100644 _legacy/hosts/vm-dev-nginx.net.enp.one.yml delete mode 100644 _legacy/hosts/vm-host-bitwarden.net.enp.one.yml delete mode 100644 _legacy/hosts/vm-host-gitea.net.enp.one.yml delete mode 100644 _legacy/hosts/vm-host-minecraft.net.enp.one.yml delete mode 100644 _legacy/hosts/vm-host-nextcloud.net.enp.one.yml delete mode 100644 _legacy/hosts/vm-host-plex.net.enp.one.yml delete mode 100644 _legacy/playbooks/backup.yml delete mode 100644 _legacy/playbooks/initialize.yml delete mode 100644 _legacy/playbooks/provision-hypervisor.yml delete mode 100644 _legacy/playbooks/provision-server.yml delete mode 100644 _legacy/playbooks/provision-virtual-machine.yml delete mode 100644 _legacy/playbooks/provision-workstation.yml delete mode 100644 _legacy/playbooks/templates/motd.j2 delete mode 100644 _legacy/playbooks/templates/network.j2 delete mode 100644 _legacy/playbooks/update-system.yml delete mode 100644 _legacy/playbooks/update-users-local.yml delete mode 100644 _legacy/playbooks/update-users-network.yml delete mode 100644 _legacy/playbooks/update.yml delete mode 100644 _legacy/roles/ldap_host/tasks/main.yml delete mode 100644 _legacy/roles/ovirt/tasks/install.yml delete mode 100644 _legacy/tasks/centos.yml delete mode 100644 _legacy/tasks/centos/bindings.yml delete mode 100644 _legacy/tasks/centos/networkd.yml delete mode 100644 _legacy/tasks/centos/packages.yml delete mode 100644 _legacy/tasks/centos/repositories.yml delete mode 100644 _legacy/tasks/fedora/bindings.yml delete mode 100644 _legacy/tasks/fedora/networkd.yml delete mode 100644 _legacy/tasks/fedora/packages.yml delete mode 100644 _legacy/tasks/networkd.yml delete mode 100644 _legacy/tasks/networkd/config.yml delete mode 100644 _legacy/tasks/networkd/services.yml delete mode 100644 _legacy/tasks/preprocess-local-users.yml delete mode 100644 _legacy/tasks/sshd/banner.yml delete mode 100644 _legacy/tasks/sshd/disable-password-auth.yml delete mode 120000 _legacy/tasks/tasks delete mode 100644 _legacy/vars/global.yml delete mode 100644 _legacy/vars/network.yml delete mode 100644 _legacy/vars/packages.yml diff --git a/_legacy/groups/all.yml b/_legacy/groups/all.yml deleted file mode 100644 index a5a8b8a..0000000 --- a/_legacy/groups/all.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -ansible_user: ansible - -protected_users: - - root - - ansible - -domain: net.enp.one diff --git a/_legacy/groups/cloud.yml b/_legacy/groups/cloud.yml deleted file mode 100644 index 9d06122..0000000 --- a/_legacy/groups/cloud.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -enable_gui: False - -enable_ssh: True - -enable_ssh_password_auth: False - -disable_sudo_password: True - -enable_networkd: True - -generate_keys: False diff --git a/_legacy/groups/servers.yml b/_legacy/groups/servers.yml deleted file mode 100644 index d9c6255..0000000 --- a/_legacy/groups/servers.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -enable_gui: False - -enable_ssh: True - -enable_ssh_password_auth: False - -disable_sudo_password: False - -enable_networkd: True - -generate_keys: False diff --git a/_legacy/groups/vms.yml b/_legacy/groups/vms.yml deleted file mode 100644 index 9d06122..0000000 --- a/_legacy/groups/vms.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -enable_gui: False - -enable_ssh: True - -enable_ssh_password_auth: False - -disable_sudo_password: True - -enable_networkd: True - -generate_keys: False diff --git a/_legacy/groups/workstations.yml b/_legacy/groups/workstations.yml deleted file mode 100644 index 1c762cf..0000000 --- a/_legacy/groups/workstations.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -enable_gui: True - -enable_ssh: False - -enable_ssh_password_auth: False - -disable_sudo_password: False - -enable_networkd: False - -generate_keys: False diff --git a/_legacy/hosts/apex.yml b/_legacy/hosts/apex.yml deleted file mode 100644 index 6e9aabe..0000000 --- a/_legacy/hosts/apex.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -description: "EN1 Reverse Proxy / EN1 VPN Server" - -targets: - - admin - - vpn diff --git a/_legacy/hosts/inerro.tre2.local.yml b/_legacy/hosts/inerro.tre2.local.yml deleted file mode 100644 index 1977d48..0000000 --- a/_legacy/hosts/inerro.tre2.local.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -description: "Wandering excursion" - -targets: - - admin - - workstations - -ansible_python_interpreter: /usr/bin/python3 diff --git a/_legacy/hosts/jupiter.net.enp.one.yml b/_legacy/hosts/jupiter.net.enp.one.yml deleted file mode 100644 index 08cb40a..0000000 --- a/_legacy/hosts/jupiter.net.enp.one.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -description: "EN1 System Control Node" - -targets: - - admin - - network - -networking: - eno1: - dhcp: Yes - eno2: - addresses: ["192.168.255.10/24"] - - # demo: - # addresses: ["192.168.1.10/24", "192.168.100.10/24"] - # dhcp: true - # dhcp6: true - # gateway: 192.168.1.1 - # dns: ["8.8.8.8", "8.8.4.4"] - # vlans: ["101", "200"] diff --git a/_legacy/hosts/nimbus-1.net.enp.one.yml b/_legacy/hosts/nimbus-1.net.enp.one.yml deleted file mode 100644 index d032643..0000000 --- a/_legacy/hosts/nimbus-1.net.enp.one.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -description: "EN2 Digitial Ocean Cloud Server" - -targets: - - admin - - web diff --git a/_legacy/hosts/novis.tre2.local.yml b/_legacy/hosts/novis.tre2.local.yml deleted file mode 100644 index 0a9a0bd..0000000 --- a/_legacy/hosts/novis.tre2.local.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -description: "EN1 Secondary Datastore" -targets: - - admin - - datastore diff --git a/_legacy/hosts/omega.tre2.local.yml b/_legacy/hosts/omega.tre2.local.yml deleted file mode 100644 index 152c136..0000000 --- a/_legacy/hosts/omega.tre2.local.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -description: "And the Last" - -targets: - - admin - - workstations diff --git a/_legacy/hosts/remus.net.enp.one.yml b/_legacy/hosts/remus.net.enp.one.yml deleted file mode 100644 index f859450..0000000 --- a/_legacy/hosts/remus.net.enp.one.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -description: "EN1 Primary Datastore / EN1 Secondary Hypervisor" - -targets: - - admin - - datastore - -networking: - ovirtmgt: diff --git a/_legacy/hosts/romulus.net.enp.one.yml b/_legacy/hosts/romulus.net.enp.one.yml deleted file mode 100644 index e292c4b..0000000 --- a/_legacy/hosts/romulus.net.enp.one.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -description: "EN1 Primary Hypervisor" - -targets: - - admin - - datastore - - hypervisor - -networking: - ovirtmgt: diff --git a/_legacy/hosts/router.net.enp.one.yml b/_legacy/hosts/router.net.enp.one.yml deleted file mode 100644 index f2bd7ca..0000000 --- a/_legacy/hosts/router.net.enp.one.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -description: EN1 Core Router - -ansible_network_os: edgeos - -targets: - - admin - - network - -network: - ethernet_eth0: - address: dhcp - description: UPLINK - extra: - - duplex auto - - speed auto - ethernet_eth1: - address: 10.42.100.1/24 - description: PUBLIC - extra: - - duplex auto - - speed auto - ethernet_eth2: - address: 10.42.101.1/24 - description: PRIVATE - extra: - - duplex auto - - speed auto - ethernet_eth2_vif_10: - address: 10.42.102.1/24 - description: SECURE - extra: - - mtu 1500 diff --git a/_legacy/hosts/serico-nox.tre2.local.yml b/_legacy/hosts/serico-nox.tre2.local.yml deleted file mode 100644 index c6089af..0000000 --- a/_legacy/hosts/serico-nox.tre2.local.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -description: "Smooth as Silk" - -targets: - - admin - - workstations - -ansible_python_interpreter: /usr/bin/python3 diff --git a/_legacy/hosts/vigil-nox.tre2.local.yml b/_legacy/hosts/vigil-nox.tre2.local.yml deleted file mode 100644 index bc7e52b..0000000 --- a/_legacy/hosts/vigil-nox.tre2.local.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -description: "Watcher who Watches the Watchmen" - -targets: - - admin - - workstations - -ansible_python_interpreter: /usr/bin/python3 diff --git a/_legacy/hosts/vm-db-maria.net.enp.one.yml b/_legacy/hosts/vm-db-maria.net.enp.one.yml deleted file mode 100644 index 145b1c7..0000000 --- a/_legacy/hosts/vm-db-maria.net.enp.one.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -description: "Database Host: MariaDB" - -targets: - - admin diff --git a/_legacy/hosts/vm-db-mysql.net.enp.one.yml b/_legacy/hosts/vm-db-mysql.net.enp.one.yml deleted file mode 100644 index 78edbd3..0000000 --- a/_legacy/hosts/vm-db-mysql.net.enp.one.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -description: "Database Host: MySQL" - -targets: - - admin diff --git a/_legacy/hosts/vm-db-prometheus.net.enp.one.yml b/_legacy/hosts/vm-db-prometheus.net.enp.one.yml deleted file mode 100644 index 10a8e30..0000000 --- a/_legacy/hosts/vm-db-prometheus.net.enp.one.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -description: "Database Host: PrometheusDB" - -targets: - - admin diff --git a/_legacy/hosts/vm-dev-nginx.net.enp.one.yml b/_legacy/hosts/vm-dev-nginx.net.enp.one.yml deleted file mode 100644 index 2be3821..0000000 --- a/_legacy/hosts/vm-dev-nginx.net.enp.one.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -description: "Development Host: Nginx Web Server" - -targets: - - admin - - web diff --git a/_legacy/hosts/vm-host-bitwarden.net.enp.one.yml b/_legacy/hosts/vm-host-bitwarden.net.enp.one.yml deleted file mode 100644 index 291f16e..0000000 --- a/_legacy/hosts/vm-host-bitwarden.net.enp.one.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -description: "Application Host: Bitwarden" - -targets: - - admin - - bitwarden - -networking: - eth0: diff --git a/_legacy/hosts/vm-host-gitea.net.enp.one.yml b/_legacy/hosts/vm-host-gitea.net.enp.one.yml deleted file mode 100644 index 7946ea3..0000000 --- a/_legacy/hosts/vm-host-gitea.net.enp.one.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -description: "Application Host: Gitea" - -targets: - - admin - - gitea - -networking: - eth0: diff --git a/_legacy/hosts/vm-host-minecraft.net.enp.one.yml b/_legacy/hosts/vm-host-minecraft.net.enp.one.yml deleted file mode 100644 index de2b9e6..0000000 --- a/_legacy/hosts/vm-host-minecraft.net.enp.one.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -description: "Application Host: Minecraft" - -targets: - - admin - - minecraft - -networking: - eth0: diff --git a/_legacy/hosts/vm-host-nextcloud.net.enp.one.yml b/_legacy/hosts/vm-host-nextcloud.net.enp.one.yml deleted file mode 100644 index 0f59d7f..0000000 --- a/_legacy/hosts/vm-host-nextcloud.net.enp.one.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -description: "Application Host: Nextcloud" - -targets: - - admin - - nextcloud - -networking: - eth0: diff --git a/_legacy/hosts/vm-host-plex.net.enp.one.yml b/_legacy/hosts/vm-host-plex.net.enp.one.yml deleted file mode 100644 index 0e965ee..0000000 --- a/_legacy/hosts/vm-host-plex.net.enp.one.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -description: "Application Host: Plex Media Server" - -targets: - - admin - - plex diff --git a/_legacy/playbooks/backup.yml b/_legacy/playbooks/backup.yml deleted file mode 100644 index e69de29..0000000 diff --git a/_legacy/playbooks/initialize.yml b/_legacy/playbooks/initialize.yml deleted file mode 100644 index bb64eba..0000000 --- a/_legacy/playbooks/initialize.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- import_playbook: dependencies.yml - -- name: Setup environment - hosts: all:!network - tags: - - initialize - vars: - restart_services: true - roles: - - role: packages - vars: - update: true - exclude: [] # Override the default kernel exclusion - clean: true - - role: sshd - - role: networkd - tasks: - - name: Set hostname - become: true - hostname: - name: "{{ inventory_hostname }}" - - name: Install global bashrc - become: true - copy: - src: bashrc.sh - dest: /etc/profile.d/ZA-enpn-bashrc.sh - mode: 0644 - -- import_playbook: deploy-local-auth.yml - -- import_playbook: deploy-sshkeys.yml diff --git a/_legacy/playbooks/provision-hypervisor.yml b/_legacy/playbooks/provision-hypervisor.yml deleted file mode 100644 index e69de29..0000000 diff --git a/_legacy/playbooks/provision-server.yml b/_legacy/playbooks/provision-server.yml deleted file mode 100644 index e69de29..0000000 diff --git a/_legacy/playbooks/provision-virtual-machine.yml b/_legacy/playbooks/provision-virtual-machine.yml deleted file mode 100644 index fe0949f..0000000 --- a/_legacy/playbooks/provision-virtual-machine.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- hosts: vms - name: Replace NetworkManager with systemd-networkd - tasks: - - name: Install systemd-networkd - when: enable_networkd == true - block: - - import_tasks: tasks/centos/networkd.yml - when: ansible_distribution == "CentOS" - - import_tasks: tasks/fedora/networkd.yml - when: ansible_distribution == "Fedora" - # - import_tasks: common/debian/networkd.yml - # when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu" - - - import_tasks: tasks/networkd/config.yml - - import_tasks: tasks/networkd/services.yml - - -- hosts: vms - name: Install ovirt agent - tasks: - - name: Install ovirt-agent - become: true - yum: - name: ovirt-guest-agent - state: latest diff --git a/_legacy/playbooks/provision-workstation.yml b/_legacy/playbooks/provision-workstation.yml deleted file mode 100644 index e69de29..0000000 diff --git a/_legacy/playbooks/templates/motd.j2 b/_legacy/playbooks/templates/motd.j2 deleted file mode 100644 index 4fdc8aa..0000000 --- a/_legacy/playbooks/templates/motd.j2 +++ /dev/null @@ -1,7 +0,0 @@ - - //////////// //// //// /////////// - //// ////// //// //// //// - //////// //// /// //// /////////// - //// //// ////// //// - //////////// //// //// {{ omni_description | default('Omni Network System') }} - _______________________________{{ omni_description | default('Omni Network System') | length * '\\' }}\ diff --git a/_legacy/playbooks/templates/network.j2 b/_legacy/playbooks/templates/network.j2 deleted file mode 100644 index f51356a..0000000 --- a/_legacy/playbooks/templates/network.j2 +++ /dev/null @@ -1,8 +0,0 @@ -# ANSIBLE MANAGED FILE - DO NOT EDIT -[Match] -Name={{ item.key }} - -[Network] -DHCP=Yes - -# EOF diff --git a/_legacy/playbooks/update-system.yml b/_legacy/playbooks/update-system.yml deleted file mode 100644 index ec0bf4d..0000000 --- a/_legacy/playbooks/update-system.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- hosts: all - name: Upgrade packages - tasks: - - - - name: Upgrade YUM packages - when: ansible_distribution == "CentOS" - become: true - yum: - state: latest - name: "*" - exclude: kernel*{{ ',' + exclude_upgrade | default('') }} - - - name: Upgrade DNF packages - when: ansible_distribution == "Fedora" - become: true - dnf: - state: latest - name: "*" - exclude: kernel*{{ ',' + exclude_upgrade | default('') }} - - # - name: Upgrade APT packages - # when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu" - # become: true - # apt: diff --git a/_legacy/playbooks/update-users-local.yml b/_legacy/playbooks/update-users-local.yml deleted file mode 100644 index e69388e..0000000 --- a/_legacy/playbooks/update-users-local.yml +++ /dev/null @@ -1,132 +0,0 @@ ---- -- import_playbook: dependencies.yml - -- hosts: all:!network - name: Update local user accounts and access controls - tasks: - - import_tasks: tasks/users-preprocessing.yml - - - name: Create local user accounts - tags: users_create - become: true - block: - - name: Create groups - group: - name: "{{ item }}" - state: present - loop: "{{ targets + ['omni'] }}" - - - name: Create users - user: - name: "{{ item.name }}" - comment: "{{ item.fullname | default('') }}" - shell: /bin/bash - groups: "{{ item.targets | intersect(targets) + ['omni'] }}" - system: "{{ item.svc | default(False) }}" - state: present - generate_ssh_key: "{{ True if generate_keys | bool == true else False }}" - ssh_key_comment: "{{ item.name }}@{{ inventory_hostname }}" - ssh_key_bits: 4096 - ssh_key_type: ed25519 - password: "{{ item.password }}" - loop: "{{ local_users }}" - - - name: Delete removed user accounts - become: true - user: - name: "{{ item }}" - state: absent - loop: "{{ local_removed_users | difference(protected_users) }}" - - - name: Grant sudo permissions to admin user accounts - become: true - user: - name: "{{ item.name }}" - groups: "{{ 'wheel' if ansible_os_family | lower == 'redhat' else 'sudo' }}" - state: present - loop: "{{ local_admin_users }}" - - - name: Disable sudo password for ansible - become: true - lineinfile: - create: true - path: /etc/sudoers.d/30-ansible - line: "ansible ALL=(ALL) NOPASSWD:ALL" - mode: 0644 - - - name: Disable sudo password for admin users - become: true - lineinfile: - create: true - path: /etc/sudoers.d/40-admin - line: "{{ item.name }} ALL=(ALL) NOPASSWD:ALL" - mode: 0644 - state: "{{ 'absent' if disable_sudo_password | bool == false else 'present' }}" - loop: "{{ local_admin_users }}" - - - name: Configure GNOME - tags: users_gnome - when: ansible_distribution == "Fedora" and disable_gnome_user_list | bool == true - become: true - block: - - name: Configure GDM profile - blockinfile: - create: true - path: /etc/dconf/profile/gdm - block: | - user-db:user - system-db:gdm - file-db:/usr/share/gdm/greeter-dconf-defaults - - name: Configure GDM keyfile - blockinfile: - create: true - path: /etc/dconf/db/gdm.d/00-login-screen - block: | - [org/gnome/login-screen] - # Do not show the user list - disable-user-list=true - - name: Delete existing user database - file: - path: /var/lib/gdm/.config/dconf/user - state: absent - - name: Restart dconf database - shell: dconf update - - - name: Ensure proper ownership of user home directories - become: true - file: - group: "{{ item.name }}" - owner: "{{ item.name }}" - path: /home/{{ item.name }} - recurse: true - state: directory - loop: "{{ local_users }}" - -# - hosts: router.net.enp.one -# name: Configure users on router -# connection: network_cli -# vars: -# ansible_network_os: edgeos -# tasks: -# - import_tasks: tasks/users-preprocessing.yml -# -# - name: Create users -# edgeos_config: -# lines: -# - set system login user {{ item.name }} authentication encrypted-password "{{ item.password }}" -# - set system login user {{ item.name }} full-name "{{ item.fullname if item.fullname is defined else "" }}" -# - set system login user {{ item.name }} level {{ 'operator' if item.name != 'ansible' else 'admin' }} -# loop: "{{ local_users | difference([None]) }}" -# -# - name: Grant administrative access to admin users -# edgeos_config: -# lines: -# - set system login user {{ item.name }} level admin -# loop: "{{ local_admin_users | difference([None]) }}" -# -# - name: Assemble key files for loadkey usage -# edgeos_command: -# commands: sudo tee /tmp/{{ item.name }}.keys<<<"{{ item.sshkeys | join('\n') }}" -# loop: "{{ local_admin_users | difference([None]) }}" -# -# - import_playbook: deploy-sshkeys.yml diff --git a/_legacy/playbooks/update-users-network.yml b/_legacy/playbooks/update-users-network.yml deleted file mode 100644 index 73713a3..0000000 --- a/_legacy/playbooks/update-users-network.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -- hosts: router.net.enp.one - name: Configure users on router - connection: network_cli -<<<<<<< Updated upstream - gather_facts: false -======= - vars: - ansible_network_os: edgeos ->>>>>>> Stashed changes - tasks: - - import_tasks: tasks/users-preprocessing.yml - - - name: Create users - edgeos_config: - lines: - - set system login user {{ item.name }} authentication encrypted-password "{{ item.password }}" - - set system login user {{ item.name }} full-name "{{ item.fullname if item.fullname is defined else "" }}" - - set system login user {{ item.name }} level {{ 'operator' if item.name != 'ansible' else 'admin' }} - loop: "{{ local_users | difference([None]) }}" - - - name: Grant administrative access to admin users - edgeos_config: - lines: - - set system login user {{ item.name }} level admin - loop: "{{ local_admin_users | difference([None]) }}" - -<<<<<<< Updated upstream - - name: Assemble loadkey files - edgeos_command: - commands: - - sudo tee "{{ item.sshkeys | join('\n') }}"<<>>>>>> Stashed changes diff --git a/_legacy/playbooks/update.yml b/_legacy/playbooks/update.yml deleted file mode 100644 index 08f7b67..0000000 --- a/_legacy/playbooks/update.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- import_playbook: dependencies.yml - -- import_playbook: update-system.yml -- import_playbook: update-users-local.yml diff --git a/_legacy/roles/ldap_host/tasks/main.yml b/_legacy/roles/ldap_host/tasks/main.yml deleted file mode 100644 index a438960..0000000 --- a/_legacy/roles/ldap_host/tasks/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Install required packages - when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8") - become: true - dnf: - state: latest - name: - - openldap-servers - - openldap-clients - - nss-pam-ldapd - -- name: Configure diff --git a/_legacy/roles/ovirt/tasks/install.yml b/_legacy/roles/ovirt/tasks/install.yml deleted file mode 100644 index b3dd254..0000000 --- a/_legacy/roles/ovirt/tasks/install.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Install Ovirt on CentOS 8 - become: true - when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8" - block: - - name: Install Ovirt repository - dnf: - state: latest - name: http://resources.ovirt.org/pub/yum-repo/ovirt-release43.rpm - - name: Update using the new repository - dnf: - state: latest - name: "*" - exclude: kernel* - - name: Install Ovirt - dnf: - state: latest - name: ovirt-engine - -- name: Install Ovrit on CentOS 7 - become: true - when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" - block: - - name: Install Ovirt repository - yum: - state: latest - name: http://resources.ovirt.org/pub/yum-repo/ovirt-release43.rpm - - name: Update using the new repository - yum: - state: latest - name: "*" - exclude: kernel* - - name: Install Ovirt - yum: - state: latest - name: ovirt-engine diff --git a/_legacy/tasks/centos.yml b/_legacy/tasks/centos.yml deleted file mode 100644 index e69de29..0000000 diff --git a/_legacy/tasks/centos/bindings.yml b/_legacy/tasks/centos/bindings.yml deleted file mode 100644 index abe8559..0000000 --- a/_legacy/tasks/centos/bindings.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Install CentOS 8 python bindings - when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8" - become: true - dnf: - state: latest - name: - - python3-libselinux - - python3-policycoreutils - - python3-firewall - -- name: Install CentoOS 7 python bindings - when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" - become: true - yum: - state: latest - name: - - libselinux-python - - policycoreutils-python - - python-firewall diff --git a/_legacy/tasks/centos/networkd.yml b/_legacy/tasks/centos/networkd.yml deleted file mode 100644 index 5823605..0000000 --- a/_legacy/tasks/centos/networkd.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Install systemd-networkd - become: true - yum: - state: latest - name: - - systemd-resolved - - systemd-networkd diff --git a/_legacy/tasks/centos/packages.yml b/_legacy/tasks/centos/packages.yml deleted file mode 100644 index 5ab449c..0000000 --- a/_legacy/tasks/centos/packages.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Install global packages using YUM - become: true - yum: - state: latest - name: "{{ item }}" - with_items: - - "{{ packages_global }}" - - "{{ packages_yum }}" diff --git a/_legacy/tasks/centos/repositories.yml b/_legacy/tasks/centos/repositories.yml deleted file mode 100644 index 15b04e0..0000000 --- a/_legacy/tasks/centos/repositories.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: Enable Extra Packages for Enterprise Linux - become: true - dnf_repository: - name: epel - description: Extra Packages for Enterprise Linux - baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/ - -- name: Install Extra Packages for Enterprise Linux GPG key - become: true - rpm_key: - state: present - key: https://archive.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 - -- name: Disable yum subscription-manager - become: true - lineinfile: - regex: enabled=1 - line: enabled=0 - path: /etc/yum/pluginconf.d/subscription-manager.conf - create: yes - state: present - -- name: Disable yum repo report upload - become: true - lineinfile: - regex: enabled=1 - line: enabled=0 - path: /etc/yum/pluginconf.d/enabled_repos_upload.conf - create: yes - state: present diff --git a/_legacy/tasks/fedora/bindings.yml b/_legacy/tasks/fedora/bindings.yml deleted file mode 100644 index a285d24..0000000 --- a/_legacy/tasks/fedora/bindings.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Install Fedora python bindings - when: ansible_distribution == "Fedora" - become: true - dnf: - state: latest - name: - - libselinux-python - - policycoreutils-python - - python3-firewall diff --git a/_legacy/tasks/fedora/networkd.yml b/_legacy/tasks/fedora/networkd.yml deleted file mode 100644 index b0b76a9..0000000 --- a/_legacy/tasks/fedora/networkd.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Install systemd-networkd - become: true - dnf: - state: latest - name: - - systemd-resolved - - systemd-networkd diff --git a/_legacy/tasks/fedora/packages.yml b/_legacy/tasks/fedora/packages.yml deleted file mode 100644 index faec9c8..0000000 --- a/_legacy/tasks/fedora/packages.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Install global packages using DNF - become: true - dnf: - state: latest - name: "{{ item }}" - with_items: - - "{{ packages_global }}" - - "{{ packages_dnf }}" diff --git a/_legacy/tasks/networkd.yml b/_legacy/tasks/networkd.yml deleted file mode 100644 index 6ad1626..0000000 --- a/_legacy/tasks/networkd.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# The directory is deleted ahead of creation to ensure that no old configs -# remain after runnign ansible -- name: Delete networkd config directory - become: true - file: - path: /etc/systemd/network - state: absent - -- name: Create the networkd config directory - become: true - file: - path: /etc/systemd/network - state: directory - -- name: Make .network files - become: true - template: - src: network.j2 - dest: "/etc/systemd/network/{{ item.key }}.network" - with_dict: "{{ networking }}" - -- name: Configure systemd services - become: true - block: - - name: Disable network scripts and NetworkManager - service: - name: "{{ item }}" - enabled: false - with_items: - - network - - NetworkManager - - NetworkManager-wait-online - - name: Enable systemd-networkd and systemd-resolved - service: - name: "{{ item }}" - enabled: true - state: started - with_items: - - systemd-networkd - - systemd-resolved - - systemd-networkd-wait-online - - name: Symlink so systemd-resolved uses /etc/resolv.conf - file: - dest: /etc/resolv.conf - src: /run/systemd/resolve/resolv.conf - state: link - force: true - setype: net_conf_t - - name: Symlink so /etc/resolv.conf uses systemd - file: - dest: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service - src: /usr/lib/systemd/system/systemd-resolved.service - state: link - force: true diff --git a/_legacy/tasks/networkd/config.yml b/_legacy/tasks/networkd/config.yml deleted file mode 100644 index 92577bb..0000000 --- a/_legacy/tasks/networkd/config.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# The directory is deleted ahead of creation to ensure that no old configs -# remain after runnign ansible -- name: Delete networkd config directory - become: true - file: - path: /etc/systemd/network - state: absent - -- name: Create the networkd config directory - become: true - file: - path: /etc/systemd/network - state: directory - -- name: Make .network files - when: networking is defined - become: true - template: - src: network.j2 - dest: "/etc/systemd/network/{{ item.key }}.network" - with_dict: "{{ networking }}" diff --git a/_legacy/tasks/networkd/services.yml b/_legacy/tasks/networkd/services.yml deleted file mode 100644 index 497ad01..0000000 --- a/_legacy/tasks/networkd/services.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: Disable network scripts and NetworkManager - become: true - service: - name: "{{ item }}" - enabled: false - with_items: - - network - - NetworkManager - - NetworkManager-wait-online - -- name: Enable systemd-networkd and systemd-resolved - become: true - service: - name: "{{ item }}" - enabled: true - state: started - with_items: - - systemd-networkd - - systemd-resolved - - systemd-networkd-wait-online - -- name: Symlink so systemd-resolved uses /etc/resolv.conf - become: true - file: - dest: /etc/resolv.conf - src: /run/systemd/resolve/resolv.conf - state: link - force: true - setype: net_conf_t - -- name: Symlink so /etc/resolv.conf uses systemd - become: true - file: - dest: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service - src: /usr/lib/systemd/system/systemd-resolved.service - state: link - force: true diff --git a/_legacy/tasks/preprocess-local-users.yml b/_legacy/tasks/preprocess-local-users.yml deleted file mode 100644 index dbf2602..0000000 --- a/_legacy/tasks/preprocess-local-users.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- name: Load users variables - include_vars: - file: users.yml - -- name: Reconcile user targets with host targets to get host users - set_fact: - users_local: >- - {{ - users_local | default([]) + ([item] if item.targets | intersect(local_targets) else []) - }} - loop: "{{ users }}" - -- name: Determine local user names - set_fact: - users_local_names: "{{ users_local_names | default([]) + [item.name] }}" - loop: "{{ users_local }}" - -- name: Determine administrative users - set_fact: - users_local_admin: >- - {{ - users_local_admin | default([]) + ([item] if item.admin | default(False) else []) - }} - loop: "{{ users_local }}" - -- name: Determine existing users - shell: 'grep omni /etc/group | cut -d: -f4 | tr "," "\n"' - changed_when: false - register: users_local_existing - -- name: Determine removed users - set_fact: - users_local_removed: >- - {{ - users_local_removed | default([]) + - ([item] if item not in users_local_names else []) - }} - loop: "{{ users_local_existing.stdout_lines }}" diff --git a/_legacy/tasks/sshd/banner.yml b/_legacy/tasks/sshd/banner.yml deleted file mode 100644 index 1920feb..0000000 --- a/_legacy/tasks/sshd/banner.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Install SSH Banner - become: true - template: - src: motd.j2 - dest: /etc/issue.net - mode: 0644 - -- name: Configure SSH banner - become: true - lineinfile: - path: /etc/ssh/sshd_config - regexp: '#Banner none' - line: 'Banner /etc/issue.net' diff --git a/_legacy/tasks/sshd/disable-password-auth.yml b/_legacy/tasks/sshd/disable-password-auth.yml deleted file mode 100644 index d3c504a..0000000 --- a/_legacy/tasks/sshd/disable-password-auth.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: Turn off password authentication - become: true - replace: - path: /etc/ssh/sshd_config - regexp: "PasswordAuthentication yes" - replace: "PasswordAuthentication no" - -- name: Turn off challenge response authentication - become: true - replace: - path: /etc/ssh/sshd_config - regexp: "ChallengeResponseAuthentication yes" - replace: "ChallengeResponseAuthentication no" - -- name: Turn off GSSAPI authentication - become: true - replace: - path: /etc/ssh/sshd_config - regexp: "GSSAPIAuthentication yes" - replace: "GSSAPIAuthentication no" - diff --git a/_legacy/tasks/tasks b/_legacy/tasks/tasks deleted file mode 120000 index 413c601..0000000 --- a/_legacy/tasks/tasks +++ /dev/null @@ -1 +0,0 @@ -tasks \ No newline at end of file diff --git a/_legacy/vars/global.yml b/_legacy/vars/global.yml deleted file mode 100644 index a2d0440..0000000 --- a/_legacy/vars/global.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -ansible_user: ansible diff --git a/_legacy/vars/network.yml b/_legacy/vars/network.yml deleted file mode 100644 index 2cfb834..0000000 --- a/_legacy/vars/network.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -gateway: router.net.enp.one - -dhcp: - - name: PUBLIC - subnet: 10.42.100.1/24 - dns: 10.42.100.1 - domain: tre2.local - lease: 21600 - start: 10.42.100.26 - stop: 10.42.100.254 - - - name: DOMAIN - subnet: 10.42.101.0/24 - dns: 10.42.101.1 - domain: net.enp.one - lease: 21600 - start: 10.42.101.100 - stop: 10.42.101.254 - - - name: SECURE - subnet: 10.42.102.0/24 - dns: 10.42.102.1 - domain: net.enp.one - lease: 3600 - start: 10.42.102.50 - stop: 10.42.102.254 diff --git a/_legacy/vars/packages.yml b/_legacy/vars/packages.yml deleted file mode 100644 index 3e2539f..0000000 --- a/_legacy/vars/packages.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -packages_global: - - cmake - - curl - - gcc - - gcc-c++ - - git - - libselinux-python - - make - - nano - - openssl-devel - - policycoreutils-python - - python-devel - - python-virtualenv - - systemd-devel - - unzip - - vim - - vim-minimal - -packages_dnf: - - python3-devel - -packages_yum: - - bash-completion - - bash-completion-extras - - nc - - nfs-utils - - wget