stefan/network-automation-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

transfer from github

Browse Source
This commit is contained in:
Stefan 2024-12-28 20:10:53 +01:00
parent 68d2ae4a66
commit 7a9c910c23
47 changed files with 706 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ansible/debian-graylog-example/README.md Normal file
View File

@ -0,0 +1,9 @@
# debian-graylog-example
## English
🇺🇸 [Ansible Role to onboard Debian Linux in Graylog Open](https://www.thierolf.org/posts/ansible-role-to-onboard-debian-linux-in-graylog-open/)
## Deutsch
🇩🇪 [Ansible Role für das Onboarding von Debian Linux in Graylog Open](https://www.thierolf.org/posts/ansible-role-fuer-das-onboarding-von-debian-linux-in-graylog-open/)

8
ansible/debian-graylog-example/inventory/group_vars/debian_linux.yaml Normal file
View File

@ -0,0 +1,8 @@
---
# Group_vars for Debian Linux
# ===========================
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
ansible_user: "[ANSIBLE_USERNAME]"
ansible_password: "[ANSIBLE_PASSWORD]"
ansible_become_password: "[ANSIBLE_PASSWORD]"
ansible_become: true

11
ansible/debian-graylog-example/inventory/host_vars/debian-test.example.com.yaml Normal file
View File

@ -0,0 +1,11 @@
---
# Ansible-specific
# ================
ansible_host: n.n.n.n
hostname: debian-test
domainname: example.com
fqdn: "{{ hostname }}.{{ domainname }}"
# Graylog-Node-ID
# ===============
graylog_node_id: nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn

9
ansible/debian-graylog-example/inventory/inventory.yaml Normal file
View File

@ -0,0 +1,9 @@
---
#
# Inventory
#
all:
children:
debian_linux:
hosts:
debian-test.example.com:

7
ansible/debian-graylog-example/playbooks/deploy_debian_test,yaml Normal file
View File

@ -0,0 +1,7 @@
---
# Playbook
# ========
- hosts: debian_linux
gather_facts: true
roles:
- server/debian/graylog

2
ansible/debian-graylog-example/roles/files/graylog-sidecar-repository_1-5_all.deb Normal file
View File

@ -0,0 +1,2 @@
!! DUMMY FILE !!
See: https://github.com/Graylog2/collector-sidecar/releases

7
ansible/debian-graylog-example/roles/handlers/main.yaml Normal file
View File

@ -0,0 +1,7 @@
# Handlers
# ========
- name: "Restart: graylog-sidecar"
ansible.builtin.systemd_service:
name: graylog-sidecar
enabled: true
state: restarted

10
ansible/debian-graylog-example/roles/tasks/main.yaml Normal file
View File

@ -0,0 +1,10 @@
---
# Tasks
# =====
- name: "Block"
ansible.builtin.include_tasks: "{{ tasks }}"
loop:
- task_01_install_graylog.yaml
- task_02_configure_graylog.yaml
loop_control:
loop_var: tasks

41
ansible/debian-graylog-example/roles/tasks/task_01_install_graylog.yaml Normal file
View File

@ -0,0 +1,41 @@
---
# task_01_install_graylog
# =======================
- name: "Block"
notify: "Restart: graylog-sidecar"
when: ansible_os_family == "Debian"
block:
- name: "Assert vars: graylog-sidecar"
ansible.builtin.assert:
that:
- graylog_server_url is defined
- graylog_server_api_token is defined
- graylog_update_interval is defined
- graylog_tls_skip_verify is defined
- graylog_node_id is defined
- graylog_log_rotate_max_file_size is defined
- graylog_log_rotate_keep_files is defined
- graylog_collector_validation_timeout is defined
- name: "Create /tmp directory"
ansible.builtin.file:
path: /tmp
state: directory
- name: "Copy: graylog-sidecar-repository_1-5_all.deb"
ansible.builtin.copy:
src: graylog-sidecar-repository_1-5_all.deb
dest: /tmp/graylog-sidecar-repository_1-5_all.deb
- name: "Make package available: graylog-sidecar"
ansible.builtin.apt:
deb: /tmp/graylog-sidecar-repository_1-5_all.deb
- name: "Apt Update"
ansible.builtin.apt:
update_cache: yes
- name: "Install: graylog-sidecar"
ansible.builtin.apt:
name: graylog-sidecar

31
ansible/debian-graylog-example/roles/tasks/task_02_configure_graylog.yaml Normal file
View File

@ -0,0 +1,31 @@
---
# task_02_configure_graylog
# =========================
- name: "Block"
notify: "Restart: graylog-sidecar"
when: ansible_os_family == "Debian"
block:
- name: "Assert vars: graylog-sidecar"
ansible.builtin.assert:
that:
- graylog_server_url is defined
- graylog_server_api_token is defined
- graylog_update_interval is defined
- graylog_tls_skip_verify is defined
- graylog_node_id is defined
- graylog_log_rotate_max_file_size is defined
- graylog_log_rotate_keep_files is defined
- graylog_collector_validation_timeout is defined
- name: "Deploy config: sidecar.yaml.j2"
ansible.builtin.template:
src: sidecar.yaml.j2
dest: /etc/graylog/sidecar/sidecar.yml
backup: true
- name: "Deploy config: node-id.j2"
ansible.builtin.template:
src: node-id.j2
dest: /etc/graylog/sidecar/node-id
backup: false

1
ansible/debian-graylog-example/roles/templates/node-id.j2 Normal file
View File

@ -0,0 +1 @@
{{ graylog_node_id }}

29
ansible/debian-graylog-example/roles/templates/sidecar.yaml.j2 Normal file
View File

@ -0,0 +1,29 @@
#
# !! This configuration file is managed by Ansible !!
# !! DO NOT change local file. Change Ansible role !!
#
server_url: "{{ graylog_server_url }}"
server_api_token: "{{ graylog_server_api_token }}"
node_id: "file:/etc/graylog/sidecar/node-id"
update_interval: {{ graylog_update_interval }}
tls_skip_verify: {{ graylog_tls_skip_verify }}
send_status: true
cache_path: "/var/cache/graylog-sidecar"
log_path: "/var/log/graylog-sidecar"
log_rotate_max_file_size: {{ graylog_log_rotate_max_file_size }}
log_rotate_keep_files: {{ graylog_log_rotate_keep_files }}
collector_validation_timeout: {{ graylog_collector_validation_timeout }}
collector_shutdown_timeout: "10s"
collector_configuration_directory: "/var/lib/graylog-sidecar/generated"
#list_log_files: []
tags:
- default
collector_binaries_accesslist:
- "/usr/lib/graylog-sidecar/filebeat"
- "/usr/lib/graylog-sidecar/auditbeat"

11
ansible/debian-graylog-example/roles/vars/main.yaml Normal file
View File

@ -0,0 +1,11 @@
---
# Vars
# ====
graylog_server_url: "https://___URL_OF_GRAYLOG_SERVER___/api"
graylog_server_api_token: "___GRAYLOG_API_TOKEN___"
graylog_update_interval: 10
graylog_tls_skip_verify: true
graylog_send_status: true
graylog_log_rotate_max_file_size: "10MiB"
graylog_log_rotate_keep_files: 10
graylog_collector_validation_timeout: "1m"

9
ansible/windows-graylog-example/README.md Normal file
View File

@ -0,0 +1,9 @@
# windows-graylog-example
## English
🇺🇸 [Ansible Role to onboard Windows Servers in Graylog Open](https://www.thierolf.org/posts/ansible-role-to-onboard-windows-server-in-graylog-open/)
## Deutsch
🇩🇪 [Ansible Role für das Onboarding von Windows Server in Graylog Open](https://www.thierolf.org/posts/ansible-role-fuer-das-onboarding-von-windows-server-in-graylog-open/)

10
ansible/windows-graylog-example/inventory/group_vars/microsoft_windows.yaml Normal file
View File

@ -0,0 +1,10 @@
---
#
# group_vars for Microsoft Windows
#
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
ansible_user: "[ANSIBLE_USERNAME]"
ansible_password: "[ANSIBLE_PASSWORD]"
ansible_become_password: "{{ ansible_password }}"
ansible_connection: ssh
ansible_shell_type: powershell

11
ansible/windows-graylog-example/inventory/host_vars/win-test.example.com.yaml Normal file
View File

@ -0,0 +1,11 @@
---
# Ansible-specific
# ================
ansible_host: n.n.n.n
hostname: win-test
domainname: example.com
fqdn: "{{ hostname }}.{{ domainname }}"
# Graylog-Node-ID
# ===============
graylog_node_id: nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn

9
ansible/windows-graylog-example/inventory/inventory.yaml Normal file
View File

@ -0,0 +1,9 @@
---
#
# Inventory
#
all:
children:
microsoft_windows:
hosts:
win-test.example.com:

7
ansible/windows-graylog-example/playbooks/deploy_win-test.yaml Normal file
View File

@ -0,0 +1,7 @@
---
# Playbook
# ========
- hosts: microsoft_windows
gather_facts: true
roles:
- server/windows/graylog

2
ansible/windows-graylog-example/roles/windows/graylog/files/graylog_sidecar_installer_1.5.0-1.exe Normal file
View File

@ -0,0 +1,2 @@
!! DUMMY FILE !!
See: https://github.com/Graylog2/collector-sidecar/releases

7
ansible/windows-graylog-example/roles/windows/graylog/handlers/main.yaml Normal file
View File

@ -0,0 +1,7 @@
---
# Handlers
# ========
- name: "Restart: graylog-sidecar"
ansible.windows.win_service:
name: graylog-sidecar
state: restarted

10
ansible/windows-graylog-example/roles/windows/graylog/tasks/main.yaml Normal file
View File

@ -0,0 +1,10 @@
---
# Tasks
# =====
- name: "Block"
ansible.builtin.include_tasks: "{{ tasks }}"
loop:
- task_01_install_graylog.yaml
- task_02_configure_graylog.yaml
loop_control:
loop_var: tasks

31
ansible/windows-graylog-example/roles/windows/graylog/tasks/task_01_install_graylog.yaml Normal file
View File

@ -0,0 +1,31 @@
---
# Tasks
# =====
- name: "Block"
notify: "Restart: graylog-sidecar"
when: ansible_os_family == "Windows"
block:
- name: "Assert vars: graylog-sidecar"
ansible.builtin.assert:
that:
- graylog_server_url is defined
- graylog_server_api_token is defined
- name: "Create: TEMP directory"
ansible.windows.win_file:
path: C:\Temp
state: directory
- name: "Copy: graylog_sidecar_installer_1.5.0-1.exe"
ansible.builtin.copy:
src: graylog_sidecar_installer_1.5.0-1.exe
dest: C:\temp\graylog_sidecar_installer_1.5.0-1.exe
- name: "Install: graylog-sidecar"
ansible.windows.win_package:
path: C:\temp\graylog_sidecar_installer_1.5.0-1.exe
creates_path: C:\Program Files\Graylog\sidecar
arguments:
- "/S -SERVERURL={{ graylog_server_url }} -APITOKEN={{ graylog_server_api_token }}"
state: present

33
ansible/windows-graylog-example/roles/windows/graylog/tasks/task_02_configure_graylog.yaml Normal file
View File

@ -0,0 +1,33 @@
---
# Tasks
# =====
- name: "Block"
notify: "Restart: graylog-sidecar"
when: ansible_os_family == "Windows"
block:
- name: "Assert vars: graylog-sidecar"
ansible.builtin.assert:
that:
- graylog_server_url is defined
- graylog_server_api_token is defined
- graylog_update_interval is defined
- graylog_tls_skip_verify is defined
- graylog_node_id is defined
- graylog_tls_skip_verify is defined
- graylog_send_status is defined
- graylog_log_rotate_max_file_size is defined
- graylog_log_rotate_keep_files is defined
- graylog_collector_validation_timeout is defined
- name: "Deploy config: sidecar.yaml.j2"
ansible.builtin.template:
src: sidecar.yaml.j2
dest: C:\Program Files\Graylog\sidecar\sidecar.yml
backup: true
- name: "Deploy config: node-id.j2"
ansible.builtin.template:
src: node-id.j2
dest: C:\Program Files\Graylog\sidecar\node-id
backup: false

1
ansible/windows-graylog-example/roles/windows/graylog/templates/node-id.j2 Normal file
View File

@ -0,0 +1 @@
{{ graylog_node_id }}

26
ansible/windows-graylog-example/roles/windows/graylog/templates/sidecar.yaml.j2 Normal file
View File

@ -0,0 +1,26 @@
#
# !! This configuration file is managed by Ansible !!
# !! DO NOT change local file. Change Ansible role !!
#
server_url: "{{ graylog_server_url }}"
server_api_token: "{{ graylog_server_api_token }}"
node_id: "file:C:\\Program Files\\Graylog\\sidecar\\node-id"
node_name: ""
update_interval: {{ graylog_update_interval }}
tls_skip_verify: "{{ graylog_tls_skip_verify }}"
send_status: "{{ graylog_send_status }}"
cache_path: "C:\\Program Files\\Graylog\\sidecar\\cache"
log_path: "C:\\Program Files\\Graylog\\sidecar\\logs"
log_rotate_max_file_size: "{{ graylog_log_rotate_max_file_size }}"
log_rotate_keep_files: {{ graylog_log_rotate_keep_files }}
collector_validation_timeout: "{{ graylog_collector_validation_timeout }}"
collector_configuration_directory: "C:\\Program Files\\Graylog\\sidecar\\generated"
windows_drive_range: "CDEFGHIJKLMNOPQRSTUVWXYZ"
tags: [ default ]
collector_binaries_accesslist:
- "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"

11
ansible/windows-graylog-example/roles/windows/graylog/vars/main.yaml Normal file
View File

@ -0,0 +1,11 @@
---
# Vars
# ====
graylog_server_url: "https://___URL_OF_GRAYLOG_SERVER___/api"
graylog_server_api_token: "___GRAYLOG_API_TOKEN___"
graylog_update_interval: 10
graylog_tls_skip_verify: true
graylog_send_status: true
graylog_log_rotate_max_file_size: "10MiB"
graylog_log_rotate_keep_files: 10
graylog_collector_validation_timeout: "1m"

9
ansible/windows-nsclientplusplus-example/README.md Normal file
View File

@ -0,0 +1,9 @@
# windows-nsclientplusplus-example
## English
🇺🇸 [Deploy NSCLient++ on Windows Servers with an Ansible Role](https://www.thierolf.org/posts/deploy-nsclient-on-windows-servers-with-an-ansible-role/)
## Deutsch
🇩🇪 [Installation von NSClient++ auf Windows Server mit einer Ansible Role](https://www.thierolf.org/posts/installation-von-nsclient-auf-windows-server-mit-einer-ansible-rolle/)

9
ansible/windows-nsclientplusplus-example/inventory/group_vars/microsoft_windows.yaml Normal file
View File

@ -0,0 +1,9 @@
---
#
# group_vars for Microsoft Windows
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
ansible_user: "[ANSIBLE_USERNAME]"
ansible_password: "[ANSIBLE_PASSWORD]"
ansible_become_password: "{{ ansible_password }}"
ansible_connection: ssh
ansible_shell_type: powershell

30
ansible/windows-nsclientplusplus-example/inventory/host_vars/win-test.example.com.yaml Normal file
View File

@ -0,0 +1,30 @@
---
# Ansible-specific
# ================
ansible_host: n.n.n.n
hostname: win-server1
domainname: example.com
fqdn: "{{ hostname }}.{{ domainname }}"
# NSClient++
# ==========
nscp_module_nrpe_server: enabled
nscp_module_nrpe_simple_cache: enabled
nscp_module_nrpe_command_client: disabled
nscp_module_nrpe_check_disk: enabled
nscp_module_nrpe_check_eventglog: enabled
nscp_module_nrpe_check_externalscripts: enabled
nscp_module_nrpe_check_helpers: enabled
nscp_module_nrpe_check_logfile: enabled
nscp_module_nrpe_check_nscp: enabled
nscp_module_nrpe_check_system: enabled
nscp_module_nrpe_check_tasksched: enabled
nscp_module_nrpe_check_wmi: enabled
nscp_module_nrpe_check_net: disabled
# NRPE Win-PDH
# ============
nrpe_win_pdh_total_disk_reads: true
nrpe_win_pdh_total_disk_writes: true
nrpe_win_pdh_thread_context_switches: true
nrpe_win_pdh_memory_page_faults: true

8
ansible/windows-nsclientplusplus-example/inventory/inventory.yaml Normal file
View File

@ -0,0 +1,8 @@
---
#
# Inventory
all:
children:
microsoft_windows:
hosts:
win-test.example.com:

7
ansible/windows-nsclientplusplus-example/playbooks/deploy_win-test.yaml Normal file
View File

@ -0,0 +1,7 @@
---
# Playbook
# ========
- hosts: microsoft_windows
gather_facts: true
roles:
- server/windows/nsclientplusplus

2
ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/files/NSCP-0.5.3.4-x64.msi Normal file
View File

@ -0,0 +1,2 @@
!! DUMMY FILE !!
See: https://github.com/mickem/nscp/releases/tag/0.5.3.4

7
ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/handlers/main.yaml Normal file
View File

@ -0,0 +1,7 @@
---
# Handlers
# ========
- name: "Restart: nscp"
ansible.windows.win_service:
name: nscp
state: restarted

10
ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/tasks/main.yaml Normal file
View File

@ -0,0 +1,10 @@
---
# Tasks
# =====
- name: "Block"
ansible.builtin.include_tasks: "{{ tasks }}"
loop:
- task_01_install_nsclientplusplus.yaml
- task_02_configure_nsclientplusplus.yaml
loop_control:
loop_var: tasks

39
ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/tasks/task_01_install_nsclientplusplus.yaml Normal file
View File

@ -0,0 +1,39 @@
---
# Tasks
# =====
- name: "Block"
notify: "Restart: nscp"
when: ansible_os_family == "Windows"
block:
- name: "Assert vars: nscp"
ansible.builtin.assert:
that:
- nscp_allowed_hosts is defined
- nscp_cache_allowed_hosts is defined
- nscp_timeout is defined
- nscp_nrpe_allow_arguments is defined
- nscp_nrpe_nasty_characters is defined
- nscp_nrpe_allowed_hosts is defined
- nscp_nrpe_use_ssl is defined
- nscp_nrpe_insecure is defined
- nscp_nrpe_port is defined
- nscp_nrpe_performance_data is defined
- name: "Create TEMP directory"
ansible.windows.win_file:
path: C:\Temp
state: directory
- name: "Copy: NSCP-0.5.3.4-x64.msi"
ansible.builtin.copy:
src: NSCP-0.5.3.4-x64.msi
dest: C:\temp\NSCP-0.5.3.4-x64.msi
- name: "Install: nscp"
ansible.windows.win_package:
path: C:\temp\NSCP-0.5.3.4-x64.msi
creates_path: C:\Program Files\NSClient++
arguments:
- "/quiet"
state: present

57
ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/tasks/task_02_configure_nsclientplusplus.yaml Normal file
View File

@ -0,0 +1,57 @@
---
# Tasks
# =====
- name: "Block"
notify: "Restart: nscp"
when: ansible_os_family == "Windows"
block:
- name: "Assert vars: nscp"
ansible.builtin.assert:
that:
- nscp_allowed_hosts is defined
- nscp_cache_allowed_hosts is defined
- nscp_timeout is defined
- nscp_nrpe_allow_arguments is defined
- nscp_nrpe_nasty_characters is defined
- nscp_nrpe_allowed_hosts is defined
- nscp_nrpe_use_ssl is defined
- nscp_nrpe_insecure is defined
- nscp_nrpe_port is defined
- nscp_nrpe_performance_data is defined
- nscp_module_nrpe_server is defined
- nscp_module_nrpe_simple_cache is defined
- nscp_module_nrpe_command_client is defined
- nscp_module_nrpe_check_disk is defined
- nscp_module_nrpe_check_eventglog is defined
- nscp_module_nrpe_check_externalscripts is defined
- nscp_module_nrpe_check_helpers is defined
- nscp_module_nrpe_check_logfile is defined
- nscp_module_nrpe_check_nscp is defined
- nscp_module_nrpe_check_system is defined
- nscp_module_nrpe_check_tasksched is defined
- nscp_module_nrpe_check_wmi is defined
- nscp_module_nrpe_check_net is defined
- nrpe_win_pdh_total_disk_reads is defined
- nrpe_win_pdh_total_disk_writes is defined
- nrpe_win_pdh_thread_context_switches is defined
- nrpe_win_pdh_memory_page_faults is defined
- name: "Deploy config: nsclient.ini.j2"
ansible.builtin.template:
src: nsclient.ini.j2
dest: C:\Program Files\NSClient++\nsclient.ini
backup: true
- name: "Set Win-Firewall to allow nscp"
community.windows.win_firewall_rule:
name: "[ansible-managed] Allow-TCP-NSClient++"
localport: {{ nscp_nrpe_port }}
action: allow
direction: in
protocol: tcp
profiles:
- domain
- private
enabled: yes
state: present

60
ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/templates/nsclient.ini.j2 Normal file
View File

@ -0,0 +1,60 @@
#
# !! This configuration file is managed by Ansible !!
# !! DO NOT change local file. Change Ansible role !!
#
[/settings/default]
allowed hosts = {{ nscp_allowed_hosts }}
cache allowed hosts = {{ nscp_cache_allowed_hosts }}
timeout = {{ nscp_timeout }}
[/settings/NRPE/server]
allow arguments = {{ nscp_nrpe_allow_arguments }}
allow nasty characters = {{ nscp_nrpe_nasty_characters }}
allowed hosts = {{ nscp_nrpe_allowed_hosts }}
use ssl = {{ nscp_nrpe_use_ssl }}
insecure = {{ nscp_nrpe_insecure }}
port = {{ nscp_nrpe_port }}
performance data = {{ nscp_nrpe_performance_data }}
[/modules]
NRPEServer = {{ nscp_module_nrpe_server }}
SimpleCache = {{ nscp_module_nrpe_simple_cache }}
CommandClient = {{ nscp_module_nrpe_command_client }}
CheckDisk = {{ nscp_module_nrpe_check_disk }}
CheckEventLog = {{ nscp_module_nrpe_check_eventglog }}
CheckExternalScripts = {{ nscp_module_nrpe_check_externalscripts }}
CheckHelpers = {{ nscp_module_nrpe_check_helpers }}
CheckLogFile = {{ nscp_module_nrpe_check_logfile }}
CheckNSCP = {{ nscp_module_nrpe_check_nscp }}
CheckSystem = {{ nscp_module_nrpe_check_system }}
CheckTaskSched = {{ nscp_module_nrpe_check_tasksched }}
CheckWMI = {{ nscp_module_nrpe_check_wmi }}
CheckNet = {{ nscp_module_nrpe_check_net }}
#
# Standard Performance Counters
#
{% if nrpe_win_pdh_total_disk_reads == true %}
[/settings/system/windows/counters/TotalDiskReads]
collection strategy=rrd
useEnglishOnly = 1
counter=\PhysicalDisk(_Total)\Disk Reads/sec
{% endif %}
{% if nrpe_win_pdh_total_disk_writes == true %}
[/settings/system/windows/counters/TotalDiskWrites]
collection strategy=rrd
useEnglishOnly = 1
counter=\PhysicalDisk(_Total)\Disk Writes/sec
{% endif %}
{% if nrpe_win_pdh_thread_context_switches == true %}
[/settings/system/windows/counters/ThreadContextSwitches]
collection strategy=rrd
useEnglishOnly = 1
counter=\Thread(*)\Context Switches/sec
{% endif %}
{% if nrpe_win_pdh_memory_page_faults == true %}
[/settings/system/windows/counters/MemoryPageFaults]
collection strategy=rrd
useEnglishOnly = 1
counter=\Memory\Page Faults/sec
{% endif %}

14
ansible/windows-nsclientplusplus-example/roles/windows/nsclientplusplus/vars/main.yaml Normal file
View File

@ -0,0 +1,14 @@
---
# Vars
# ====
nscp_allowed_hosts: "___IP_MONITORING_SYSTEM___"
nscp_cache_allowed_hosts: true
nscp_timeout: 90
nscp_nrpe_allow_arguments: true
nscp_nrpe_nasty_characters: true
nscp_nrpe_allowed_hosts: "___IP_MONITORING_SYSTEM___"
nscp_nrpe_use_ssl: false
nscp_nrpe_insecure: true
nscp_nrpe_port: 5666
nscp_nrpe_performance_data: true

9
ansible/windows-snmp-example/README.md Normal file
View File

@ -0,0 +1,9 @@
# windows-snmp-example
## English
🇺🇸 [OpenSSH Server on Windows and SNMP Service Installation with Ansible](https://www.thierolf.org/posts/openssh-server-on-windows-and-snmp-service-installation-with-ansible/)
## Deutsch
🇩🇪 [OpenSSH Server unter Windows und SNMP Service Installation mit Ansible](https://www.thierolf.org/posts/openssh-server-unter-windows-und-snmp-service-installation-mit-ansible/)

10
ansible/windows-snmp-example/inventory/group_vars/microsoft_windows.yaml Normal file
View File

@ -0,0 +1,10 @@
---
#
# group_vars for Microsoft Windows
#
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
ansible_user: "[ANSIBLE_USERNAME]"
ansible_password: "[ANSIBLE_PASSWORD]"
ansible_become_password: "{{ ansible_password }}"
ansible_connection: ssh
ansible_shell_type: powershell

8
ansible/windows-snmp-example/inventory/host_vars/win-test.example.com.yaml Normal file
View File

@ -0,0 +1,8 @@
---
#
# host_vars for Microsoft Windows
#
ansible_host: [IPV4_ADDRESS]
hostname: win-test
domainname: example.com
fqdn: "{{ hostname }}.{{ domainname }}"

9
ansible/windows-snmp-example/inventory/inventory.yaml Normal file
View File

@ -0,0 +1,9 @@
---
#
# Inventory
#
all:
children:
microsoft_windows:
hosts:
win-test.example.com:

8
ansible/windows-snmp-example/playbooks/deploy_win-test.yaml Normal file
View File

@ -0,0 +1,8 @@
---
#
# Playbook
#
- hosts: win-test.example.com
gather_facts: true
roles:
- windows/snmp

12
ansible/windows-snmp-example/roles/windows/snmp/main.yaml Normal file
View File

@ -0,0 +1,12 @@
---
#
# Tasks
#
- name: "Block"
ansible.builtin.include_tasks: "{{ tasks }}"
loop:
- task_01_install_snmp.yaml
- task_02_config_sysinfo.yaml
- task_03_config_firewall.yaml
loop_control:
loop_var: tasks

26
ansible/windows-snmp-example/roles/windows/snmp/task_01_install_snmp.yaml Normal file
View File

@ -0,0 +1,26 @@
---
#
# task_01_install_snmp.yaml
#
- name: "Install SNMP-Service"
ansible.windows.win_feature:
name: SNMP-Service
state: present
include_sub_features: true
include_management_tools: true
- name: "Install RSAT-SNMP"
ansible.windows.win_feature:
name: RSAT-SNMP
state: present
include_sub_features: true
include_management_tools: true
- name: "Set Win-SNMP-Communities"
community.windows.win_snmp:
community_strings:
- "[SNMP_COMMUNITY]"
permitted_managers:
- localhost
- [IPV4_OF_MONITORING_SYSTEM]
action: set

13
ansible/windows-snmp-example/roles/windows/snmp/task_02_config_sysinfo.yaml Normal file
View File

@ -0,0 +1,13 @@
---
#
# task_02_config_sysinfo.yaml
#
- name: "Set SNMP-sysContact"
ansible.windows.win_powershell:
script: |
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent" -Name "sysContact" -Value "SNMP_TEST_CONTACT"
- name: "Set SNMP-sysLocation"
ansible.windows.win_powershell:
script: |
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent" -Name "sysLocation" -Value "SNMP_TEST_LOCATION"

16
ansible/windows-snmp-example/roles/windows/snmp/task_03_config_firewall.yaml Normal file
View File

@ -0,0 +1,16 @@
---
#
# task_03_config_firewall.yaml
#
- name: "Set Win-Firewall to allow SNMP Queries"
community.windows.win_firewall_rule:
name: "Allow-UDP-SNMP [ansible-managed]"
localport: 161
action: allow
direction: in
protocol: udp
profiles:
- domain
- private
enabled: yes
state: present