Ansible: More structure and config.pm template

8 files changed, 239 insertions, 97 deletions

diff --git a/nms/ansible/inventories/localtest b/nms/ansible/inventories/localtest
new file mode 100644
index 0000000..1a527db
--- /dev/null
+++ b/nms/ansible/inventories/localtest
@@ -0,0 +1,5 @@
+[db]
+nms-dev-db.gathering.org
+
+[nms-front]
+dockerlol
diff --git a/nms/ansible/inventory b/nms/ansible/inventories/prod
index 8e6c8ff..4c4f31b 100644
--- a/nms/ansible/inventory
+++ b/nms/ansible/inventories/prod
@@ -2,5 +2,4 @@
 nms-dev-db.gathering.org
 
 [nms-front]
-dockerlol
 nms-dev-db.gathering.org
diff --git a/nms/ansible/playbook.yml b/nms/ansible/playbook.yml
deleted file mode 100644
index c6f558c..0000000
--- a/nms/ansible/playbook.yml
+++ /dev/null
@@ -1,96 +0,0 @@
----
-- hosts: nms-front
-  become: false
-  tasks:
-  # Some of these are probably redundant, but kept around because it works
-  # and they aren't too bad.
-  - name: Misc packages
-    apt: name={{ item }} state=present
-    with_items:
-    - wget
-    - vim
-    - man
-    - build-essential
-    - net-tools
-    - bash-completion
-    - git-core
-    - autoconf
-    - netcat
-    - libwww-perl
-    - libmicrohttpd-dev
-    - libcurl4-gnutls-dev
-    - libedit-dev
-    - libpcre3-dev
-    - libncurses5-dev
-    - python-demjson
-    - python-docutils
-    - libtool
-    - locales
-    - screen
-    - openssh-server	
-    - libcapture-tiny-perl
-    - libcgi-pm-perl
-    - libcommon-sense-perl
-    - libdata-dumper-simple-perl
-    - libdbd-pg-perl
-    - libdbi-perl
-    - libdigest-perl
-    - libgd-perl
-    - libgeo-ip-perl
-    - libhtml-parser-perl
-    - libhtml-template-perl
-    - libimage-magick-perl
-    - libimage-magick-q16-perl
-    - libjson-perl
-    - libjson-xs-perl
-    - libnetaddr-ip-perl
-    - libnet-cidr-perl
-    - libnet-ip-perl
-    - libnet-openssh-perl
-    - libnet-oping-perl
-    - libnet-rawip-perl
-    - libnet-telnet-cisco-perl
-    - libnet-telnet-perl
-    - libsnmp-perl
-    - libsocket6-perl
-    - libsocket-perl
-    - libswitch-perl
-    - libtimedate-perl
-    - perl
-    - perl-base
-    - perl-modules
-    - varnish
-    - libfreezethaw-perl		
-    - apache2
-
-  # Note the update!
-  # 
-  # The idea here is that you run this playbook repeatedly on whatever
-  # "production" site is in use instead of manually logging in and doing
-  # changes.
-  - name: tgmanage repo
-    git: repo=https://github.com/tech-server/tgmanage.git dest=/srv/tgmanage update=true accept_hostkey=yes track_submodules=no
-
-  - name: Enable CGI
-    apache2_module: state=present name=cgid
-
-  - name: Remove default apache site
-    file: path=/etc/apache2/sites-enabled/000-default.conf  state=absent
-
-  - name: Add NMS site config
-    file: src=/srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf dest=/etc/apache2/sites-enabled/nms.tg16.gathering.org.conf state=link
-
-  - name: "Apache: Don't listen on 80"
-    lineinfile: line="Listen 80" state=absent dest=/etc/apache2/ports.conf
-
-  - name: "Apache: DO listen on 8080"
-    lineinfile: line="Listen 8080" state=present dest=/etc/apache2/ports.conf
-
-  - name: "Varnish: Set up VCL"
-    file: path=/etc/varnish/default.vcl src=/srv/tgmanage/web/etc/varnish/nms.vcl state=link force=true
-
-  - name: "Varnish: Remove default systemd config"
-    lineinfile: line="ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m" state=absent dest=/lib/systemd/system/varnish.service
-
-  - name: "Varnish: Add sensible systemd config"
-    lineinfile: line="ExecStart=/usr/sbin/varnishd -f /etc/varnish/default.vcl -s malloc,256m" state=present dest=/lib/systemd/system/varnish.service insertafter="Service"
diff --git a/nms/ansible/roles/nmsfront/tasks/main.yml b/nms/ansible/roles/nmsfront/tasks/main.yml
new file mode 100644
index 0000000..4e9d7b2
--- /dev/null
+++ b/nms/ansible/roles/nmsfront/tasks/main.yml
@@ -0,0 +1,24 @@
+
+  - name: Enable CGI
+    apache2_module: state=present name=cgid
+
+  - name: Remove default apache site
+    file: path=/etc/apache2/sites-enabled/000-default.conf  state=absent
+
+  - name: Add NMS site config
+    file: src=/srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf dest=/etc/apache2/sites-enabled/nms.tg16.gathering.org.conf state=link
+
+  - name: "Apache: Don't listen on 80"
+    lineinfile: line="Listen 80" state=absent dest=/etc/apache2/ports.conf
+
+  - name: "Apache: DO listen on 8080"
+    lineinfile: line="Listen 8080" state=present dest=/etc/apache2/ports.conf
+
+  - name: "Varnish: Set up VCL"
+    file: path=/etc/varnish/default.vcl src=/srv/tgmanage/web/etc/varnish/nms.vcl state=link force=true
+
+  - name: "Varnish: Remove default systemd config"
+    lineinfile: line="ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m" state=absent dest=/lib/systemd/system/varnish.service
+
+  - name: "Varnish: Add sensible systemd config"
+    lineinfile: line="ExecStart=/usr/sbin/varnishd -f /etc/varnish/default.vcl -s malloc,256m" state=present dest=/lib/systemd/system/varnish.service insertafter="Service"
diff --git a/nms/ansible/roles/tgmanage/tasks/main.yml b/nms/ansible/roles/tgmanage/tasks/main.yml
new file mode 100644
index 0000000..cbd48ae
--- /dev/null
+++ b/nms/ansible/roles/tgmanage/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+  - name: Git core
+    apt: name=git-core state=present
+    
+  # Note the update!
+  # 
+  # The idea here is that you run this playbook repeatedly on whatever
+  # "production" site is in use instead of manually logging in and doing
+  # changes.
+  - name: tgmanage repo
+    git: repo=https://github.com/tech-server/tgmanage.git dest=/srv/tgmanage update=true accept_hostkey=yes track_submodules=no
+  
+  - name: "Copy config.pm.dist to config.pm"
+    template: src=config.pm.j2 dest=/srv/tgmanage/include/config.pm mode=0644
diff --git a/nms/ansible/roles/tgmanage/templates/config.pm.j2 b/nms/ansible/roles/tgmanage/templates/config.pm.j2
new file mode 100755
index 0000000..73b59e3
--- /dev/null
+++ b/nms/ansible/roles/tgmanage/templates/config.pm.j2
@@ -0,0 +1,109 @@
+#! /usr/bin/perl
+use strict;
+use warnings;
+use DBI;
+package nms::config;
+
+# DB
+our $db_name = "{{ db_name }}";
+our $db_host = "{{ db_host }}";
+our $db_username = "{{ db_user }}";
+our $db_password = "{{ db_password }}";
+
+# NMS: What SNMP objects to fetch.
+# Some basics
+our @snmp_objects = [
+['ifIndex'],
+['sysName'],
+['sysDescr'],
+['ifHighSpeed'],
+['ifType'],
+['ifName'],
+['ifDescr'],
+['ifAlias'],
+['ifOperStatus'],
+['ifAdminStatus'],
+['ifLastChange'],
+['ifHCInOctets'],
+['ifHCOutOctets'],
+['ifInDiscards'],
+['ifOutDiscards'],
+['ifInErrors'],
+['ifOutErrors'],
+['ifInUnknownProtos'],
+['ifOutQLen'],
+['sysUpTime'],
+['jnxOperatingTemp'],
+['jnxOperatingCPU'],
+['jnxOperatingDescr'],
+['jnxBoxSerialNo']
+];
+# Max SNMP polls to fire off at the same time.
+our $snmp_max = 20;
+
+# DHCP-servers
+our $dhcp_server1 = "185.110.149.2"; # primary
+our $dhcp_server2 = "185.110.148.2"; # secondary
+
+# TACACS-login for NMS
+our $tacacs_user = "<removed>";
+our $tacacs_pass = "<removed>";
+
+# Telnet-timeout for smanagrun
+our $telnet_timeout = 300;
+
+# IP/IPv6/DNS-info
+our $tgname = "tg16";
+our $pri_hostname = "r2-d2";
+our $pri_v4 = "185.110.149.2";
+our $pri_v6 = "2a06:5841:149a::2";
+our $pri_net_v4 = "185.110.149.0/26";
+our $pri_net_v6 = "2a06:5841:149a::/64";
+
+our $sec_hostname = "c-3po";
+our $sec_v4 = "185.110.148.2";
+our $sec_v6 = "2a06:5841:1337::2";
+our $sec_net_v4 = "185.110.148.0/26";
+our $sec_net_v6 = "2a06:5841:1337::/64";
+
+# for RIPE to get reverse zones via DNS AXFR
+# https://www.ripe.net/data-tools/dns/reverse-dns/how-to-set-up-reverse-delegation
+our $ext_xfer  = "193.0.0.0/22; 2001:610:240::/48; 2001:67c:2e8::/48";
+
+# allow XFR from NOC
+our $noc_net  = "185.110.150.0/25; 2a06:5841:150a::1/64";
+
+# To generate new dnssec-key for ddns:
+# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST DHCP_UPDATER
+our $ddns_key = "<removed>";
+our $ddns_to  = "127.0.0.1"; # just use localhost
+
+# Base networks
+our $base_ipv4net = "88.92.0.0/17";
+our $base_ipv6net = "2a06:5840::/29";
+our $ipv6zone = "0.4.8.5.6.0.a.2.ip6.arpa";
+
+# extra networks that are outside the normal ranges
+# that should have recursive DNS access
+our $rec_net = "185.110.148.0/22";
+
+# extra networks that are outside the normal ranges
+# that should be added to DNS
+our @extra_nets = (
+	'185.110.148.0/24',
+	'185.110.149.0/24',
+	'185.110.150.0/24',
+	'185.110.151.0/24',
+);
+
+# add WLC's
+our $wlc1 = "185.110.148.14";
+
+# add VOIP-server
+our $voip1 = "<removed>";
+
+# PXE-server (rest of bootstrap assumes $sec_v4/$sec_v6)
+our $pxe_server_v4 = $sec_v4;
+our $pxe_server_v6 = $sec_v6;
+
+1;
diff --git a/nms/ansible/roles/tgmanage/vars/main.yml b/nms/ansible/roles/tgmanage/vars/main.yml
new file mode 100644
index 0000000..447e3e8
--- /dev/null
+++ b/nms/ansible/roles/tgmanage/vars/main.yml
@@ -0,0 +1,13 @@
+$ANSIBLE_VAULT;1.1;AES256
+63623639616438346566333434306435303933343234636339336638633166626465613832656462
+3764636465303334666265626334613364383833623239660a366136303264323463656336333732
+33323236626465656535313938663534306462383265313635393634336233303735383033333737
+6465383165653738300a653663303362333030386638313237656535643563333033633838656630
+34333430623934346565303765666239646363613230326531663032323164346365356466363134
+36356239643235303039366363353065306130656462383135343031366234316535386635306466
+30303039656531353339333434633566316534613538666432336135363864383139303035343436
+32396130643366363339363934653763326432396165393531656533376237346563376434653932
+66333565316336643366643336633131323066663862363735636464376138303031623933386363
+33396364623331393438393036623261323866643430623137626430326162663936633766646231
+36656533343466653735386136663764613466663033613561373734303565323534323436623066
+38653761396334643236
diff --git a/nms/ansible/site.yml b/nms/ansible/site.yml
new file mode 100644
index 0000000..27ad768
--- /dev/null
+++ b/nms/ansible/site.yml
@@ -0,0 +1,74 @@
+---
+- hosts: all
+  roles:
+  - tgmanage
+
+- hosts: nms-front
+  roles:
+  - nmsfront
+  become: false
+  tasks:
+  # Some of these are probably redundant, but kept around because it works
+  # and they aren't too bad.
+  - name: Misc packages
+    apt: name={{ item }} state=present
+    with_items:
+    - wget
+    - vim
+    - man
+    - build-essential
+    - net-tools
+    - bash-completion
+    - git-core
+    - autoconf
+    - netcat
+    - libwww-perl
+    - libmicrohttpd-dev
+    - libcurl4-gnutls-dev
+    - libedit-dev
+    - libpcre3-dev
+    - libncurses5-dev
+    - python-demjson
+    - python-docutils
+    - libtool
+    - locales
+    - screen
+    - openssh-server	
+    - libcapture-tiny-perl
+    - libcgi-pm-perl
+    - libcommon-sense-perl
+    - libdata-dumper-simple-perl
+    - libdbd-pg-perl
+    - libdbi-perl
+    - libdigest-perl
+    - libgd-perl
+    - libgeo-ip-perl
+    - libhtml-parser-perl
+    - libhtml-template-perl
+    - libimage-magick-perl
+    - libimage-magick-q16-perl
+    - libjson-perl
+    - libjson-xs-perl
+    - libnetaddr-ip-perl
+    - libnet-cidr-perl
+    - libnet-ip-perl
+    - libnet-openssh-perl
+    - libnet-oping-perl
+    - libnet-rawip-perl
+    - libnet-telnet-cisco-perl
+    - libnet-telnet-perl
+    - libsnmp-perl
+    - libsocket6-perl
+    - libsocket-perl
+    - libswitch-perl
+    - libtimedate-perl
+    - perl
+    - perl-base
+    - perl-modules
+    - varnish
+    - libfreezethaw-perl		
+    - apache2
+
+
+
+