enterprise-ansible

Central Enterprise Ansible Repository

Playbooks

Some playbooks have a default group, if one is not hard-coded if one is not specified on the command line. To specify a group, add a variable called "group" to the oxtra-vars option to the ansible[-playbook] command line. (-e "group=") The value can be a group name or a system name that is in the inventory file>

Windows Playbooks

All windows playbooks now rely on the local user's Kerberos tickets for authentication on the remote server. SSSd will attempt to keep tickets current, by renewing them automatically. To check if tickets are current, run klist and verify the dates. To get new tickets, run kinit after logging into the system. This will ask for the domain password and fetch a current ticket, replacing any expired ticket. Use klist to list the user's principal and tickets.

prompt> kinit dmaple@GMTI.GBAHN.NET
Password for dmaple@GMTI.GBAHN.NET:

prompt> klist
Ticket cache: FILE:/tmp/krb5cc_149813743
Default principal: dmaple@GMTI.GBAHN.NET

Valid starting       Expires              Service principal
07/18/2017 10:06:54  07/18/2017 20:06:54  krbtgt/GMTI.GBAHN.NET@GMTI.GBAHN.NET
	renew until 07/25/2017 10:06:49

• win-test.yml - Tests access to Windows systems or groups.
• win-check-updates.yml - Checks for updates to Windows systems.
• win-update-critsec.yml - Apply Critical and Security updates and reboot the servers when needed.
• win-update-critsec-cron.yml - Cron version of the Critical and Security update playbook.
• win-update-all.yml - Apply ALL AVAILABLE UPDATES and reboot, if necessary.

Linux Playbooks

• bootstrap-rhel5 - Runs the bootstrap-rhel5 role, followed by the ansible-client role to prepare an EL5 host for management by Ansible.
• ansible-client.yml - Runs the ansible-client role to create the ansible user and grant necessary access.
• spacewalk-join.yml - Runs the epel-repo and spacewalk roles to register a host with Spacewalk.
• net-snmp.yml - Runs the net-snmp role to install and configure net-snmp for SNMPv3 monitoring by EM7.
• rhn_check.yml - Runs rhn_check on hosts to get them to check-in with Spacewalk or Satellite.
• rhncfg-client.yml - Runs rhncfg to list configuration channels and verify configuration files (does not make any changes.)
• linux-update.yml - Runs the default package manager for the Linux system using the ansible package module that auto-detects the system package manager.

Cross-platform Playbooks

• ping-any.yml - Basic test of ansible connectivity to any system, using the right method for that system.
• tripwire.yml - Install Tripwire Axon Agent on Windows or Linux
• tripwire_rm_psk.yml - Cleanup the PSK file from a host, if it was put there after the host was already registered.

Roles

• ansible-client - Creates the ansible user on all linux systems. It creates the ansible user and group, if needed, copies the authorized_keys and configures sudors for elevated privileges.
• bootstrap-rhel5 - Used on RedHat and CentOS 5 systems to get them ready for management by ansible. It removes the python-json package, if installed and installs the python-simplejson package.
• epel-repo - Update some packages and install the epel repository configuration for yum.
• net-snmp - Install net-snmp packages as needed, and configure snmpd.conf for SNMPv3 access by EM7.
• spacewalk - Install spacewalk client packages and register a system with the Spacewalk server.
• axon-linux - Install, configure and register Tripwire Axon Agent on RHEL/CentOS hosts. (currently 64-bit only)
• axon-windows - Install, configure and register Tripwire Axon Agent on Windows hosts. (currently 64-bit only)

Configuration Files

• ansible.cfg - Local configuration file (overrides /etc/ansible/ansible.cfg)

Inventory Files (To use, add "-i " to the ansible[-playbook] command.)

• hosts-init - Default inventory file (copy to "hosts" to make live)
• hosts-gci - Inventory of Enterprise systems.
• tripwire-hosts.yml - Inventory of Tripwire client systems for the Tripwire Axon Agent playbooks