diff options
| author | Kristian Lyngstol <kristian@bohemians.org> | 2016-04-02 00:08:33 +0200 | 
|---|---|---|
| committer | Kristian Lyngstol <kristian@bohemians.org> | 2016-04-02 00:08:33 +0200 | 
| commit | b2768b697599d51ef4d1ecd2dfb05d3ec5515602 (patch) | |
| tree | 42115f38291574704ba5108f4482ade943c6566d /nms | |
| parent | d1f06af5828a198bda396e04a712774b7a449d00 (diff) | |
Ansible: More structure and config.pm template
Diffstat (limited to 'nms')
| -rw-r--r-- | nms/ansible/inventories/localtest | 5 | ||||
| -rw-r--r-- | nms/ansible/inventories/prod (renamed from nms/ansible/inventory) | 1 | ||||
| -rw-r--r-- | nms/ansible/playbook.yml | 96 | ||||
| -rw-r--r-- | nms/ansible/roles/nmsfront/tasks/main.yml | 24 | ||||
| -rw-r--r-- | nms/ansible/roles/tgmanage/tasks/main.yml | 14 | ||||
| -rwxr-xr-x | nms/ansible/roles/tgmanage/templates/config.pm.j2 | 109 | ||||
| -rw-r--r-- | nms/ansible/roles/tgmanage/vars/main.yml | 13 | ||||
| -rw-r--r-- | nms/ansible/site.yml | 74 | 
8 files changed, 239 insertions, 97 deletions
| diff --git a/nms/ansible/inventories/localtest b/nms/ansible/inventories/localtest new file mode 100644 index 0000000..1a527db --- /dev/null +++ b/nms/ansible/inventories/localtest @@ -0,0 +1,5 @@ +[db] +nms-dev-db.gathering.org + +[nms-front] +dockerlol diff --git a/nms/ansible/inventory b/nms/ansible/inventories/prod index 8e6c8ff..4c4f31b 100644 --- a/nms/ansible/inventory +++ b/nms/ansible/inventories/prod @@ -2,5 +2,4 @@  nms-dev-db.gathering.org  [nms-front] -dockerlol  nms-dev-db.gathering.org diff --git a/nms/ansible/playbook.yml b/nms/ansible/playbook.yml deleted file mode 100644 index c6f558c..0000000 --- a/nms/ansible/playbook.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- -- hosts: nms-front -  become: false -  tasks: -  # Some of these are probably redundant, but kept around because it works -  # and they aren't too bad. -  - name: Misc packages -    apt: name={{ item }} state=present -    with_items: -    - wget -    - vim -    - man -    - build-essential -    - net-tools -    - bash-completion -    - git-core -    - autoconf -    - netcat -    - libwww-perl -    - libmicrohttpd-dev -    - libcurl4-gnutls-dev -    - libedit-dev -    - libpcre3-dev -    - libncurses5-dev -    - python-demjson -    - python-docutils -    - libtool -    - locales -    - screen -    - openssh-server	 -    - libcapture-tiny-perl -    - libcgi-pm-perl -    - libcommon-sense-perl -    - libdata-dumper-simple-perl -    - libdbd-pg-perl -    - libdbi-perl -    - libdigest-perl -    - libgd-perl -    - libgeo-ip-perl -    - libhtml-parser-perl -    - libhtml-template-perl -    - libimage-magick-perl -    - libimage-magick-q16-perl -    - libjson-perl -    - libjson-xs-perl -    - libnetaddr-ip-perl -    - libnet-cidr-perl -    - libnet-ip-perl -    - libnet-openssh-perl -    - libnet-oping-perl -    - libnet-rawip-perl -    - libnet-telnet-cisco-perl -    - libnet-telnet-perl -    - libsnmp-perl -    - libsocket6-perl -    - libsocket-perl -    - libswitch-perl -    - libtimedate-perl -    - perl -    - perl-base -    - perl-modules -    - varnish -    - libfreezethaw-perl		 -    - apache2 - -  # Note the update! -  #  -  # The idea here is that you run this playbook repeatedly on whatever -  # "production" site is in use instead of manually logging in and doing -  # changes. -  - name: tgmanage repo -    git: repo=https://github.com/tech-server/tgmanage.git dest=/srv/tgmanage update=true accept_hostkey=yes track_submodules=no - -  - name: Enable CGI -    apache2_module: state=present name=cgid - -  - name: Remove default apache site -    file: path=/etc/apache2/sites-enabled/000-default.conf  state=absent - -  - name: Add NMS site config -    file: src=/srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf dest=/etc/apache2/sites-enabled/nms.tg16.gathering.org.conf state=link - -  - name: "Apache: Don't listen on 80" -    lineinfile: line="Listen 80" state=absent dest=/etc/apache2/ports.conf - -  - name: "Apache: DO listen on 8080" -    lineinfile: line="Listen 8080" state=present dest=/etc/apache2/ports.conf - -  - name: "Varnish: Set up VCL" -    file: path=/etc/varnish/default.vcl src=/srv/tgmanage/web/etc/varnish/nms.vcl state=link force=true - -  - name: "Varnish: Remove default systemd config" -    lineinfile: line="ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m" state=absent dest=/lib/systemd/system/varnish.service - -  - name: "Varnish: Add sensible systemd config" -    lineinfile: line="ExecStart=/usr/sbin/varnishd -f /etc/varnish/default.vcl -s malloc,256m" state=present dest=/lib/systemd/system/varnish.service insertafter="Service" diff --git a/nms/ansible/roles/nmsfront/tasks/main.yml b/nms/ansible/roles/nmsfront/tasks/main.yml new file mode 100644 index 0000000..4e9d7b2 --- /dev/null +++ b/nms/ansible/roles/nmsfront/tasks/main.yml @@ -0,0 +1,24 @@ + +  - name: Enable CGI +    apache2_module: state=present name=cgid + +  - name: Remove default apache site +    file: path=/etc/apache2/sites-enabled/000-default.conf  state=absent + +  - name: Add NMS site config +    file: src=/srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf dest=/etc/apache2/sites-enabled/nms.tg16.gathering.org.conf state=link + +  - name: "Apache: Don't listen on 80" +    lineinfile: line="Listen 80" state=absent dest=/etc/apache2/ports.conf + +  - name: "Apache: DO listen on 8080" +    lineinfile: line="Listen 8080" state=present dest=/etc/apache2/ports.conf + +  - name: "Varnish: Set up VCL" +    file: path=/etc/varnish/default.vcl src=/srv/tgmanage/web/etc/varnish/nms.vcl state=link force=true + +  - name: "Varnish: Remove default systemd config" +    lineinfile: line="ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m" state=absent dest=/lib/systemd/system/varnish.service + +  - name: "Varnish: Add sensible systemd config" +    lineinfile: line="ExecStart=/usr/sbin/varnishd -f /etc/varnish/default.vcl -s malloc,256m" state=present dest=/lib/systemd/system/varnish.service insertafter="Service" diff --git a/nms/ansible/roles/tgmanage/tasks/main.yml b/nms/ansible/roles/tgmanage/tasks/main.yml new file mode 100644 index 0000000..cbd48ae --- /dev/null +++ b/nms/ansible/roles/tgmanage/tasks/main.yml @@ -0,0 +1,14 @@ +--- +  - name: Git core +    apt: name=git-core state=present +     +  # Note the update! +  #  +  # The idea here is that you run this playbook repeatedly on whatever +  # "production" site is in use instead of manually logging in and doing +  # changes. +  - name: tgmanage repo +    git: repo=https://github.com/tech-server/tgmanage.git dest=/srv/tgmanage update=true accept_hostkey=yes track_submodules=no +   +  - name: "Copy config.pm.dist to config.pm" +    template: src=config.pm.j2 dest=/srv/tgmanage/include/config.pm mode=0644 diff --git a/nms/ansible/roles/tgmanage/templates/config.pm.j2 b/nms/ansible/roles/tgmanage/templates/config.pm.j2 new file mode 100755 index 0000000..73b59e3 --- /dev/null +++ b/nms/ansible/roles/tgmanage/templates/config.pm.j2 @@ -0,0 +1,109 @@ +#! /usr/bin/perl +use strict; +use warnings; +use DBI; +package nms::config; + +# DB +our $db_name = "{{ db_name }}"; +our $db_host = "{{ db_host }}"; +our $db_username = "{{ db_user }}"; +our $db_password = "{{ db_password }}"; + +# NMS: What SNMP objects to fetch. +# Some basics +our @snmp_objects = [ +['ifIndex'], +['sysName'], +['sysDescr'], +['ifHighSpeed'], +['ifType'], +['ifName'], +['ifDescr'], +['ifAlias'], +['ifOperStatus'], +['ifAdminStatus'], +['ifLastChange'], +['ifHCInOctets'], +['ifHCOutOctets'], +['ifInDiscards'], +['ifOutDiscards'], +['ifInErrors'], +['ifOutErrors'], +['ifInUnknownProtos'], +['ifOutQLen'], +['sysUpTime'], +['jnxOperatingTemp'], +['jnxOperatingCPU'], +['jnxOperatingDescr'], +['jnxBoxSerialNo'] +]; +# Max SNMP polls to fire off at the same time. +our $snmp_max = 20; + +# DHCP-servers +our $dhcp_server1 = "185.110.149.2"; # primary +our $dhcp_server2 = "185.110.148.2"; # secondary + +# TACACS-login for NMS +our $tacacs_user = "<removed>"; +our $tacacs_pass = "<removed>"; + +# Telnet-timeout for smanagrun +our $telnet_timeout = 300; + +# IP/IPv6/DNS-info +our $tgname = "tg16"; +our $pri_hostname = "r2-d2"; +our $pri_v4 = "185.110.149.2"; +our $pri_v6 = "2a06:5841:149a::2"; +our $pri_net_v4 = "185.110.149.0/26"; +our $pri_net_v6 = "2a06:5841:149a::/64"; + +our $sec_hostname = "c-3po"; +our $sec_v4 = "185.110.148.2"; +our $sec_v6 = "2a06:5841:1337::2"; +our $sec_net_v4 = "185.110.148.0/26"; +our $sec_net_v6 = "2a06:5841:1337::/64"; + +# for RIPE to get reverse zones via DNS AXFR +# https://www.ripe.net/data-tools/dns/reverse-dns/how-to-set-up-reverse-delegation +our $ext_xfer  = "193.0.0.0/22; 2001:610:240::/48; 2001:67c:2e8::/48"; + +# allow XFR from NOC +our $noc_net  = "185.110.150.0/25; 2a06:5841:150a::1/64"; + +# To generate new dnssec-key for ddns: +# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST DHCP_UPDATER +our $ddns_key = "<removed>"; +our $ddns_to  = "127.0.0.1"; # just use localhost + +# Base networks +our $base_ipv4net = "88.92.0.0/17"; +our $base_ipv6net = "2a06:5840::/29"; +our $ipv6zone = "0.4.8.5.6.0.a.2.ip6.arpa"; + +# extra networks that are outside the normal ranges +# that should have recursive DNS access +our $rec_net = "185.110.148.0/22"; + +# extra networks that are outside the normal ranges +# that should be added to DNS +our @extra_nets = ( +	'185.110.148.0/24', +	'185.110.149.0/24', +	'185.110.150.0/24', +	'185.110.151.0/24', +); + +# add WLC's +our $wlc1 = "185.110.148.14"; + +# add VOIP-server +our $voip1 = "<removed>"; + +# PXE-server (rest of bootstrap assumes $sec_v4/$sec_v6) +our $pxe_server_v4 = $sec_v4; +our $pxe_server_v6 = $sec_v6; + +1; diff --git a/nms/ansible/roles/tgmanage/vars/main.yml b/nms/ansible/roles/tgmanage/vars/main.yml new file mode 100644 index 0000000..447e3e8 --- /dev/null +++ b/nms/ansible/roles/tgmanage/vars/main.yml @@ -0,0 +1,13 @@ +$ANSIBLE_VAULT;1.1;AES256 +63623639616438346566333434306435303933343234636339336638633166626465613832656462 +3764636465303334666265626334613364383833623239660a366136303264323463656336333732 +33323236626465656535313938663534306462383265313635393634336233303735383033333737 +6465383165653738300a653663303362333030386638313237656535643563333033633838656630 +34333430623934346565303765666239646363613230326531663032323164346365356466363134 +36356239643235303039366363353065306130656462383135343031366234316535386635306466 +30303039656531353339333434633566316534613538666432336135363864383139303035343436 +32396130643366363339363934653763326432396165393531656533376237346563376434653932 +66333565316336643366643336633131323066663862363735636464376138303031623933386363 +33396364623331393438393036623261323866643430623137626430326162663936633766646231 +36656533343466653735386136663764613466663033613561373734303565323534323436623066 +38653761396334643236 diff --git a/nms/ansible/site.yml b/nms/ansible/site.yml new file mode 100644 index 0000000..27ad768 --- /dev/null +++ b/nms/ansible/site.yml @@ -0,0 +1,74 @@ +--- +- hosts: all +  roles: +  - tgmanage + +- hosts: nms-front +  roles: +  - nmsfront +  become: false +  tasks: +  # Some of these are probably redundant, but kept around because it works +  # and they aren't too bad. +  - name: Misc packages +    apt: name={{ item }} state=present +    with_items: +    - wget +    - vim +    - man +    - build-essential +    - net-tools +    - bash-completion +    - git-core +    - autoconf +    - netcat +    - libwww-perl +    - libmicrohttpd-dev +    - libcurl4-gnutls-dev +    - libedit-dev +    - libpcre3-dev +    - libncurses5-dev +    - python-demjson +    - python-docutils +    - libtool +    - locales +    - screen +    - openssh-server	 +    - libcapture-tiny-perl +    - libcgi-pm-perl +    - libcommon-sense-perl +    - libdata-dumper-simple-perl +    - libdbd-pg-perl +    - libdbi-perl +    - libdigest-perl +    - libgd-perl +    - libgeo-ip-perl +    - libhtml-parser-perl +    - libhtml-template-perl +    - libimage-magick-perl +    - libimage-magick-q16-perl +    - libjson-perl +    - libjson-xs-perl +    - libnetaddr-ip-perl +    - libnet-cidr-perl +    - libnet-ip-perl +    - libnet-openssh-perl +    - libnet-oping-perl +    - libnet-rawip-perl +    - libnet-telnet-cisco-perl +    - libnet-telnet-perl +    - libsnmp-perl +    - libsocket6-perl +    - libsocket-perl +    - libswitch-perl +    - libtimedate-perl +    - perl +    - perl-base +    - perl-modules +    - varnish +    - libfreezethaw-perl		 +    - apache2 + + + + | 
