Ansible: More structure and config.pm template

4 files changed, 160 insertions, 0 deletions

diff --git a/nms/ansible/roles/nmsfront/tasks/main.yml b/nms/ansible/roles/nmsfront/tasks/main.yml
new file mode 100644
index 0000000..4e9d7b2
--- /dev/null
+++ b/nms/ansible/roles/nmsfront/tasks/main.yml
@@ -0,0 +1,24 @@
+
+  - name: Enable CGI
+    apache2_module: state=present name=cgid
+
+  - name: Remove default apache site
+    file: path=/etc/apache2/sites-enabled/000-default.conf  state=absent
+
+  - name: Add NMS site config
+    file: src=/srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf dest=/etc/apache2/sites-enabled/nms.tg16.gathering.org.conf state=link
+
+  - name: "Apache: Don't listen on 80"
+    lineinfile: line="Listen 80" state=absent dest=/etc/apache2/ports.conf
+
+  - name: "Apache: DO listen on 8080"
+    lineinfile: line="Listen 8080" state=present dest=/etc/apache2/ports.conf
+
+  - name: "Varnish: Set up VCL"
+    file: path=/etc/varnish/default.vcl src=/srv/tgmanage/web/etc/varnish/nms.vcl state=link force=true
+
+  - name: "Varnish: Remove default systemd config"
+    lineinfile: line="ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m" state=absent dest=/lib/systemd/system/varnish.service
+
+  - name: "Varnish: Add sensible systemd config"
+    lineinfile: line="ExecStart=/usr/sbin/varnishd -f /etc/varnish/default.vcl -s malloc,256m" state=present dest=/lib/systemd/system/varnish.service insertafter="Service"
diff --git a/nms/ansible/roles/tgmanage/tasks/main.yml b/nms/ansible/roles/tgmanage/tasks/main.yml
new file mode 100644
index 0000000..cbd48ae
--- /dev/null
+++ b/nms/ansible/roles/tgmanage/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+  - name: Git core
+    apt: name=git-core state=present
+    
+  # Note the update!
+  # 
+  # The idea here is that you run this playbook repeatedly on whatever
+  # "production" site is in use instead of manually logging in and doing
+  # changes.
+  - name: tgmanage repo
+    git: repo=https://github.com/tech-server/tgmanage.git dest=/srv/tgmanage update=true accept_hostkey=yes track_submodules=no
+  
+  - name: "Copy config.pm.dist to config.pm"
+    template: src=config.pm.j2 dest=/srv/tgmanage/include/config.pm mode=0644
diff --git a/nms/ansible/roles/tgmanage/templates/config.pm.j2 b/nms/ansible/roles/tgmanage/templates/config.pm.j2
new file mode 100755
index 0000000..73b59e3
--- /dev/null
+++ b/nms/ansible/roles/tgmanage/templates/config.pm.j2
@@ -0,0 +1,109 @@
+#! /usr/bin/perl
+use strict;
+use warnings;
+use DBI;
+package nms::config;
+
+# DB
+our $db_name = "{{ db_name }}";
+our $db_host = "{{ db_host }}";
+our $db_username = "{{ db_user }}";
+our $db_password = "{{ db_password }}";
+
+# NMS: What SNMP objects to fetch.
+# Some basics
+our @snmp_objects = [
+['ifIndex'],
+['sysName'],
+['sysDescr'],
+['ifHighSpeed'],
+['ifType'],
+['ifName'],
+['ifDescr'],
+['ifAlias'],
+['ifOperStatus'],
+['ifAdminStatus'],
+['ifLastChange'],
+['ifHCInOctets'],
+['ifHCOutOctets'],
+['ifInDiscards'],
+['ifOutDiscards'],
+['ifInErrors'],
+['ifOutErrors'],
+['ifInUnknownProtos'],
+['ifOutQLen'],
+['sysUpTime'],
+['jnxOperatingTemp'],
+['jnxOperatingCPU'],
+['jnxOperatingDescr'],
+['jnxBoxSerialNo']
+];
+# Max SNMP polls to fire off at the same time.
+our $snmp_max = 20;
+
+# DHCP-servers
+our $dhcp_server1 = "185.110.149.2"; # primary
+our $dhcp_server2 = "185.110.148.2"; # secondary
+
+# TACACS-login for NMS
+our $tacacs_user = "<removed>";
+our $tacacs_pass = "<removed>";
+
+# Telnet-timeout for smanagrun
+our $telnet_timeout = 300;
+
+# IP/IPv6/DNS-info
+our $tgname = "tg16";
+our $pri_hostname = "r2-d2";
+our $pri_v4 = "185.110.149.2";
+our $pri_v6 = "2a06:5841:149a::2";
+our $pri_net_v4 = "185.110.149.0/26";
+our $pri_net_v6 = "2a06:5841:149a::/64";
+
+our $sec_hostname = "c-3po";
+our $sec_v4 = "185.110.148.2";
+our $sec_v6 = "2a06:5841:1337::2";
+our $sec_net_v4 = "185.110.148.0/26";
+our $sec_net_v6 = "2a06:5841:1337::/64";
+
+# for RIPE to get reverse zones via DNS AXFR
+# https://www.ripe.net/data-tools/dns/reverse-dns/how-to-set-up-reverse-delegation
+our $ext_xfer  = "193.0.0.0/22; 2001:610:240::/48; 2001:67c:2e8::/48";
+
+# allow XFR from NOC
+our $noc_net  = "185.110.150.0/25; 2a06:5841:150a::1/64";
+
+# To generate new dnssec-key for ddns:
+# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST DHCP_UPDATER
+our $ddns_key = "<removed>";
+our $ddns_to  = "127.0.0.1"; # just use localhost
+
+# Base networks
+our $base_ipv4net = "88.92.0.0/17";
+our $base_ipv6net = "2a06:5840::/29";
+our $ipv6zone = "0.4.8.5.6.0.a.2.ip6.arpa";
+
+# extra networks that are outside the normal ranges
+# that should have recursive DNS access
+our $rec_net = "185.110.148.0/22";
+
+# extra networks that are outside the normal ranges
+# that should be added to DNS
+our @extra_nets = (
+	'185.110.148.0/24',
+	'185.110.149.0/24',
+	'185.110.150.0/24',
+	'185.110.151.0/24',
+);
+
+# add WLC's
+our $wlc1 = "185.110.148.14";
+
+# add VOIP-server
+our $voip1 = "<removed>";
+
+# PXE-server (rest of bootstrap assumes $sec_v4/$sec_v6)
+our $pxe_server_v4 = $sec_v4;
+our $pxe_server_v6 = $sec_v6;
+
+1;
diff --git a/nms/ansible/roles/tgmanage/vars/main.yml b/nms/ansible/roles/tgmanage/vars/main.yml
new file mode 100644
index 0000000..447e3e8
--- /dev/null
+++ b/nms/ansible/roles/tgmanage/vars/main.yml
@@ -0,0 +1,13 @@
+$ANSIBLE_VAULT;1.1;AES256
+63623639616438346566333434306435303933343234636339336638633166626465613832656462
+3764636465303334666265626334613364383833623239660a366136303264323463656336333732
+33323236626465656535313938663534306462383265313635393634336233303735383033333737
+6465383165653738300a653663303362333030386638313237656535643563333033633838656630
+34333430623934346565303765666239646363613230326531663032323164346365356466363134
+36356239643235303039366363353065306130656462383135343031366234316535386635306466
+30303039656531353339333434633566316534613538666432336135363864383139303035343436
+32396130643366363339363934653763326432396165393531656533376237346563376434653932
+66333565316336643366643336633131323066663862363735636464376138303031623933386363
+33396364623331393438393036623261323866643430623137626430326162663936633766646231
+36656533343466653735386136663764613466663033613561373734303565323534323436623066
+38653761396334643236