Tips-Of-Mine/Ansible
2
0
Fork 0
Code Pull Requests Wiki Activity

Update

Browse Source
This commit is contained in:
Hubert Cornet
2023-07-03 20:39:45 +02:00
parent 25445b2a98
commit 5152f44924
149 changed files with 17896 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
yml/Centos-Install-FusionInventory.yml Normal file
View File

@ -0,0 +1,37 @@
- name: "Installation Fusion Inventory"
hosts: linux
remote_user: root
tasks:
- name: Install de Fusion inventory
yum:
name:
- fusioninventory-agent*
- fusioninventory-agent-task-inventory*
- epel-release*
state: "latest"
- name: "Mise en place de la Template snmpd.conf"
template:
src: "/opt/ansible/files/snmp/etc-agent.conf"
dest: "/etc/fusioninventory/agent.conf"
owner: "root"
group: "root"
mode: "755"
backup: "yes"
notify: Restart fusioninventory-agent
- name: Enable snmpd service
service:
name: "fusioninventory-agent"
enabled: "started"
enabled: "yes"
state: "present"
notify: Restart fusioninventory-agent
handlers:
- name: Restart fusioninventory-agent
action:
service:
name: "fusioninventory-agent"
state: "restarted"

81
yml/Centos-Install-NRPE-NAGIOS.yml Normal file
View File

@ -0,0 +1,81 @@
- name: "Installation NRPE et Nagios"
hosts: linux
remote_user: root
tasks:
- name: "Install nrpe et nagios package"
yum:
name:
- nrpe*
- nagios-plugins-*
- epel-release*
state: "latest"
async: 3600
poll: 0
register: yum_sleeper
- name: "ouverture de port du firewall pour NRPE 1/2"
firewalld:
service: nrpe
zone: public
immediate: yes
permanent: true
state: enabled
- name: "ouverture des ports du firewall 2/3"
firewalld:
port: 5666/udp
zone: public
immediate: yes
permanent: true
state: enabled
- name: "ouverture des ports du firewall 3/3"
firewalld:
port: 5666/tcp
zone: public
immediate: yes
permanent: true
state: enabled
- name: "Template nrpe.conf"
template:
src: "/opt/ansible/files/nrpe/etc-nrpe.conf"
dest: "/etc/snmp/nrpe.conf"
owner: "root"
group: "root"
mode: "755"
backup: "yes"
notify: Restart nrpe
- name: "Template Nagios 32b"
template:
src: "/opt/ansible/files/nagios/"
dest: "/usr/lib/nagios/plugins/"
owner: "root"
group: "root"
mode: "755"
backup: "yes"
notify: Restart nrpe
- name: "Template Nagios 64b"
template:
src: "/opt/ansible/files/nagios/"
dest: "/usr/lib64/nagios/plugins/"
owner: "root"
group: "root"
mode: "755"
backup: "yes"
notify: Restart nrpe
- name: "Activation du service nrpe"
service:
name: nrpe
enabled: yes
state: started
handlers:
- name: Restart nrpe
service:
name: "nrpe"
state: "restarted"

60
yml/Centos-Install-SNMP.yml Normal file
View File

@ -0,0 +1,60 @@
- name: "Installation SNMP"
hosts: linux
remote_user: root
tasks:
- name: "Installation du paquet snmpd"
yum:
name:
- net-snmp*
- epel-release*
state: "latest"
async: 3600
poll: 0
register: yum_sleeper
- name: "ouverture des ports du firewall 1/3"
firewalld:
service: snmpd
zone: public
immediate: yes
permanent: true
state: enabled
- name: "ouverture des ports du firewall 2/3"
firewalld:
port: 161-162/udp
zone: public
immediate: yes
permanent: true
state: enabled
- name: "ouverture des ports du firewall 3/3"
firewalld:
port: 161-162/tcp
zone: public
immediate: yes
permanent: true
state: enabled
- name: "Mise en place de la Template snmpd.conf"
template:
src: "/opt/ansible/files/snmp/etc-snmp-snmpd.conf"
dest: "/etc/snmp/snmpd.conf"
owner: "root"
group: "root"
mode: "755"
backup: "yes"
notify: Restart snmpd
- name: "Activation du service snmpd"
service:
name: snmpd
enabled: yes
state: started
handlers:
- name: Restart snmpd
service:
name: "snmpd"
state: "restarted"

10
yml/Centos-Update-Install-Exclud.yml Normal file
View File

@ -0,0 +1,10 @@
- name: "Mise a jours avec restriction docker"
hosts: linux
remote_user: root
tasks:
- name: "Mise a jours avec restriction docker"
yum:
name: '*'
state: latest
exclude: docker*

9
yml/Centos-Update-Install.yml Normal file
View File

@ -0,0 +1,9 @@
- name: "Mise a jours sans restriction"
hosts: linux
remote_user: root
tasks:
- name: "Mise a jours sans restriction"
yum:
name: '*'
state: latest

14
yml/Windows-Conf-DisableUAC.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: "Desactivation du UAC"
hosts: windows
gather_facts: no
become: false
tasks:
- name: Disable UAC via LUA
win_regedit:
path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
name: EnableLUA
data: 0
type: dword
...

17
yml/Windows-Conf-Firewall-OpenPort.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: "Parametrage firewall"
hosts: windows
gather_facts: no
become: false
tasks:
- name: Open firewall port 80 for the IIS web server on {{ inventory_hostname }}
win_firewall_rule:
name: "{{ inventory_hostname }}_80"
enable: yes
state: present
localport: 80
action: Allow
direction: In
protocol: Tcp
...

15
yml/Windows-Conf-Firewall.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: "Desactivation du firewall"
hosts: windows
gather_facts: no
become: false
tasks:
- name: Disable Domain Firewall
win_firewall:
state: disabled
profiles:
- Domain
- Private
- Public
...

29
yml/Windows-Install-7zip.yml Normal file
View File

@ -0,0 +1,29 @@
---
- name: Install Apache from an MSI
hosts: windows
gather_facts: no
become: false
- name: Install 7zip on Windows Hosts
win_package:
path: http://www.7-zip.org/a/7z1701-x64.msi
product_id: '{23170F69-40C1-2702-1701-000001000000}'
arguments: '/qb'
state: present
when: ansible_os_family == 'Windows'
- name: Check Path Variable on Windows hosts
win_shell: $Env:Path
register: path
changed_when: False
when: ansible_os_family == 'Windows'
- name: Add 7zip Path Variable on Windows hosts
win_environment:
state: present
name: Path
value: '{{ path.stdout }};C:\Program Files\7-Zip\'
level: machine
when: (path.stdout.find('7-Zip') == -1 ) and
(ansible_os_family == 'Windows')
...

21
yml/Windows-Install-AdminTools.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: Installation AdminTools
hosts: windows
gather_facts: no
become: false
tasks:
- name: "Creation du dossier AdminTools"
win_file:
path: C:\AdminTools
state: directory
- name: "Mise a jour des scripts"
win_copy:
src: "/opt/ansible/files/nsclient/scripts/"
dest: "C:\\AdminTools\\"
backup: yes
force: yes
tags:
- scripts
...

26
yml/Windows-Install-Chocloatey.yml Normal file
View File

@ -0,0 +1,26 @@
- name: Install Chocolatey
win_shell: |
Set-ExecutionPolicy Bypass;
Invoke-Expression (
(New-Object System.Net.WebClient).DownloadString(
'https://chocolatey.org/install.ps1'
)
)
args:
creates: 'C:\ProgramData\chocolatey'
when: ansible_os_family == 'Windows'
- name: Check Path Variable on Windows hosts
win_shell: $Env:Path
register: path
changed_when: False
when: ansible_os_family == 'Windows'
- name: Add Choco Path to Path Variable on Windows hosts
win_environment:
state: present
name: Path
value: '{{ path.stdout }};C:\ProgramData\chocolatey\bin'
level: machine
when: (path.stdout.find('chocolatey') == -1 ) and
(ansible_os_family == 'Windows')

52
yml/Windows-Install-FusionInventory.yml Normal file
View File

@ -0,0 +1,52 @@
---
- name: Installation FusionInventory
hosts: windows
gather_facts: no
become: false
tasks:
- name: "Creation du dossier AdminTools"
win_file:
path: C:\AdminTools
state: directory
tasks:
- name: "Creation du dossier FusionInventory"
win_file:
path: C:\AdminTools\FusionInventory
state: directory
- name: "Controle de FusionInventory"
win_stat:
path: "C:\\AdminTools\\FusionInventory\\npp.7.7.1.Installer.exe"
- name: "Telechargement FusionInventory"
win_get_url:
url: "https://notepad-plus-plus.org/repository/7.x/7.7.1/npp.7.7.1.Installer.exe"
dest: "C:\\AdminTools\\FusionInventory\\npp.7.7.1.Installer.exe"
- name: "Installation Notepad++"
win_package:
path: "C:\\AdminTools\\FusionInventory\\npp.7.7.1.Installer.exe"
arguments: '/S'
product_id: 'Notepad++'
creates_version: '7.7.1'
creates_path: C:\\Program Files (x86)\\FusionInventory++\\notepad++.exe'
state: present
#when: ansible_os_family == 'Windows'
- name: "Verifier la variable de chemin sur les hotes Windows"
win_shell: $Env:Path
register: path
changed_when: False
#when: ansible_os_family == 'Windows'
- name: "Ajouter le bloc-notes ++ a la variable de chemin sur les hotes Windows"
win_environment:
state: present
name: Path
value: '{{ path.stdout }};C:\Program Files (x86)\FusionInventory'
level: machine
# when: (path.stdout.find('Notepad++') == -1 ) and
# (ansible_os_family == 'Windows')
...

13
yml/Windows-Install-GoogleChrome.yml Normal file
View File

@ -0,0 +1,13 @@
---
- name: Installation de Google Chrome
hosts: windows
gather_facts: no
become: false
- name: "Installation de Google Chrome ""
win_package:
path: "https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B1EB7E3F2-AA3B-F8C2-DA6D-E5C558CD4690%7D%26lang%3Den%26browser%3D2%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dtrue%26ap%3Dx64-stable-statsdef_1%26installdataindex%3Ddefaultbrowser/update2/installers/ChromeSetup.exe"
arguments: '/silent /install'
product_id: "Google Chrome"
when: ansible_os_family == 'Windows'
...

58
yml/Windows-Install-NSClient.yml Normal file
View File

@ -0,0 +1,58 @@
---
- name: Installation NSClient
hosts: windows
gather_facts: no
become: false
tasks:
- name: "Creation du dossier AdminTools"
win_file:
path: C:\AdminTools
state: directory
tasks:
- name: "Creation du dossier NSCP"
win_file:
path: C:\AdminTools\NSCP
state: directory
- name: "Controle de NSClient++"
win_stat:
path: "C:\\AdminTools\\NSCP\\NSCP-0.5.2.35-Win32.msi"
register: msipackagestat
- name: "Telechargement NSClient++"
win_get_url:
url: "https://github.com/mickem/nscp/releases/download/0.5.2.35/NSCP-0.5.2.35-Win32.msi"
dest: "C:\\AdminTools\\NSCP\\NSCP-0.5.2.35-Win32.msi"
when: not msipackagestat.stat.exists
- name: "Installation NSClient++"
win_msi:
path: "C:\\AdminTools\\NSCP\\NSCP-0.5.2.35-Win32.msi"
wait: True
when: not msipackagestat.stat.exists
- name: "Mise a jour de la configuration NSClient++"
win_template:
src: "/opt/ansible/files/nsclient/etc-nsclient.ini"
dest: "C:\\Program Files (x86)\\NSClient++\\nsclient.ini"
backup: yes
force: yes
tags:
- configuration
- name: "Mise a jour des scripts"
win_copy:
src: "/opt/ansible/files/nsclient/scripts/"
dest: "C:\\Program Files (x86)\\NSClient++\\scripts\\"
backup: yes
force: yes
tags:
- scripts
- name: restart nsclient
win_service:
name: nscp
state: restarted
...

65
yml/Windows-Install-Notepad++.yml Normal file
View File

@ -0,0 +1,65 @@
---
- name: Installation Notepad++
hosts: windows
gather_facts: no
become: false
tasks:
- name: "Creation du dossier AdminTools"
win_file:
path: C:\AdminTools
state: directory
tasks:
- name: "Creation du dossier Notepad++"
win_file:
path: C:\AdminTools\Notepad
state: directory
- name: "Controle de Notepad"
win_stat:
path: "C:\\AdminTools\\Notepad\\npp.7.7.1.Installer.exe"
- name: "Telechargement Notepad++"
win_get_url:
url: "https://notepad-plus-plus.org/repository/7.x/7.7.1/npp.7.7.1.Installer.exe"
dest: "C:\\AdminTools\\Notepad\\npp.7.7.1.Installer.exe"
- name: "Uninstall Notepad++"
win_package:
path: C:\Program Files\7-Zip\Uninstall.exe
product_id: 7-Zip
arguments: /S
state: absent
- name: Uninstall Notepad++"
win_package:
product_id: Notepad++
arguments: /S
state: absent
- name: "Installation Notepad++"
win_package:
path: "C:\\AdminTools\\Notepad\\npp.7.7.1.Installer.exe"
arguments: '/S'
product_id: 'Notepad++'
creates_version: '7.7.1'
creates_path: C:\\Program Files (x86)\\Notepad++\\notepad++.exe'
state: present
#when: ansible_os_family == 'Windows'
- name: "Verifier la variable de chemin sur les hotes Windows"
win_shell: $Env:Path
register: path
changed_when: False
#when: ansible_os_family == 'Windows'
- name: "Ajouter le bloc-notes ++ a la variable de chemin sur les hotes Windows"
win_environment:
state: present
name: Path
value: '{{ path.stdout }};C:\Program Files (x86)\Notepad++'
level: machine
# when: (path.stdout.find('Notepad++') == -1 ) and
# (ansible_os_family == 'Windows')
...

23
yml/Windows-Install-Service-Divers.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: Installation Divers
hosts: windows
gather_facts: no
become: false
tasks:
- name: "Installation du composant Divers"
win_feature:
name:
- NFS-Client
- Telnet-Client
- NET-Framework-Features
- PowerShellRoot
- XPS-Viewer
- FS-SMBBW
- Simple-TCPIP
include_sub_features: yes
include_management_tools: yes
state: present
register: win_feature
...

17
yml/Windows-Install-Service-Hyper-V.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: Installation Hyper-V
hosts: hyper-v
gather_facts: no
become: false
tasks:
- name: "Installation du composant Hyper-V"
win_feature:
name:
- Hyper-V
include_sub_features: yes
include_management_tools: yes
state: present
register: win_feature
...

26
yml/Windows-Install-Service-SNMP.yml Normal file
View File

@ -0,0 +1,26 @@
---
- name: Installation SNMP
hosts: windows
gather_facts: no
become: false
tasks:
- name: "Installation du composant SNMP"
win_feature:
name:
- SNMP-Service
- SNMP-WMI-Provider
include_sub_features: yes
include_management_tools: yes
state: present
register: win_feature
- name: Remplacement de la communaute SNMP
win_snmp:
community_strings:
- EXEMPLE-PRIV
- EXEMPLE-PUB
permitted_managers:
- 10.59.1.11
action: set
...

17
yml/Windows-Install-msi.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: Install Apache from an MSI
hosts: windows
gather_facts: no
become: false
tasks:
- name: Download the Apache installer
win_get_url:
url: 'http://mirror.cc.columbia.edu/pub/software/apache//httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi'
dest: 'C:\Users\Administrator\Downloads\httpd-2.2.25-win32-x86-no_ssl.msi'
- name: Install MSI
win_package:
path: 'C:\Users\Administrator\Downloads\httpd-2.2.25-win32-x86-no_ssl.msi'
state: present
...

11
yml/Windows-Power-Off.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Arret des serveurs
hosts: windows
gather_facts: no
become: false
tasks:
- name: Turn off computers
# raw: Stop-Computer computer {{ ansible_hostname }} Credential ictadmin
raw: shutdown /s /hybrid /t 15 /c "We are turning computers off after maintenance"
...

11
yml/Windows-Power-Reboot.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Redemarrage des serveurs
hosts: windows
gather_facts: no
become: false
tasks:
- name: Turn off computers
# raw: Stop-Computer computer {{ ansible_hostname }} Credential ictadmin
raw: shutdown /r /s /hybrid /t 15 /c "We are turning computers off after maintenance"
...

10
yml/Windows-Run-powershell.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Execution script
hosts: windows
gather_facts: no
become: false
tasks:
- name: Run powershell script
script: files/helloworld.ps1
...

32
yml/Windows-Updates-Install.yml Normal file
View File

@ -0,0 +1,32 @@
---
- name: Installation mises a jours Windows
hosts: windows
gather_facts: no
become: false
tasks:
- name: "Installation mises a jours Windows"
win_updates:
category_names:
- Application
- Connectors
- CriticalUpdates
- DefinitionUpdates
- SecurityUpdates
- Tools
- UpdateRollups
- Updates
state: "installed"
log_path: "C:\Ansible_WU.txt"
- name: Ensure WinRM starts when the system has settled and is ready to work reliably
win_service:
name: WinRM
start_mode: delayed
# Optionally, you can increase the reboot_timeout to survive long updates during reboot
- name: Ensure we wait long enough for the updates to be applied during reboot
win_updates:
reboot: no
reboot_timeout: 3600
...

32
yml/Windows-Updates-Search.yml Normal file
View File

@ -0,0 +1,32 @@
---
- name: Recherche mise a jours Windows
hosts: windows
gather_facts: no
become: false
tasks:
- name: "Recherche mise a jours Windows"
win_updates:
category_names:
- Application
- Connectors
- CriticalUpdates
- DefinitionUpdates
- SecurityUpdates
- Tools
- UpdateRollups
- Updates
state: "searched"
log_path: "C:\Ansible_WU.txt"
- name: Ensure WinRM starts when the system has settled and is ready to work reliably
win_service:
name: WinRM
start_mode: delayed
# Optionally, you can increase the reboot_timeout to survive long updates during reboot
- name: Ensure we wait long enough for the updates to be applied during reboot
win_updates:
reboot: no
reboot_timeout: 3600
...

20
yml/linux-install-vm-core.yml Normal file
View File

@ -0,0 +1,20 @@
- hosts: "{{ host }}"
become: yes
tasks:
- name: Install core packages
apt:
name:
- prometheus-node-exporter
- nfs-common
- qemu-guest-agent
- unzip
update_cache: yes
- name: Start guest qemu-guest-agent
service:
name: qemu-guest-agent
state: started
enabled: yes

22
yml/linux-update-diskspace.yml Normal file
View File

@ -0,0 +1,22 @@
- hosts: "{{ host }}"
tasks:
- name: Get disk usage
commande: df -h
register: disk_usage
- name: Check disk space available
shell: df -h / | awk 'NR==2 {print $5}'
register: disk_usage
# Send Discord message when disk space is over 80%
-name: Send Discord message
uri:
url: ""
method: POST
body_format: json
body: '{"content": "Disk space on {{ inventory_hostname }} is above 80% !"}'
headers:
Content-Type: application/json
status_code: 204
when: disk_usage.stout[:-1]|int > 80

9
yml/update-apt-packages.yaml Normal file
View File

@ -0,0 +1,9 @@
---
- hosts: all
become: true
tasks:
- name: update apt packages
apt:
upgrade: yes
update_cache: yes