1

c546d2be · Joab Bremer · bf545fc1 · c546d2be · c546d2be · c546d2be
Commit c546d2be authored Aug 31, 2021 by Joab Bremer
15 changed files
--- a/READ-ME.rmd
+++ b/READ-ME.rmd
+
+ansible-playbook -b -v -u root update_ip.yml -kkkk --extra-vars "usb-group" -i usb_hosts_mails
+ansible-playbook -b -v -u root update_ip.yml -kkkk --extra-vars "usb-group" -i usb_hosts_web
\ No newline at end of file
--- a/host_mail/host_mail.sh
+++ b/host_mail/host_mail.sh
+#!/usr/bin/bash
+echo ""
+echo -e "Preparando o ambiente, aguarde..\n"
+OLD_IP='184.173.20.37'
+NEW_IP='184.173.20.37 177.72.126.15 177.72.126.32'
+INPUT_FILE='/etc/postfix/main.cf'
+INPUT_FILE_F='/etc/fail2ban/jail.local'
+echo -e "Fazendo BKP POSTIFIX"
+
+cp -rp /etc/postfix/main.cf /etc/postfix/main.cf.2021
+
+echo -e "Inserindo Novos IPs no POSTIFIX"
+
+sed -i'.BACKUP' "s/${OLD_IP}/${NEW_IP}/g" "${INPUT_FILE}"
+
+echo -e "Novos Ips Inseridos POSTIFIX\n"
+echo -e "Fazendo BKP FAIL2BAN"
+
+cp -rp /etc/fail2ban/jail.local /etc/fail2ban/jail.local.2021
+echo -e "Inserindo Novos IPs FAIL2BAN"
+sed -i'.BACKUP' "s/${OLD_IP}/${NEW_IP}/g" "${INPUT_FILE_F}"
+echo -e "Reiniciando PostFix\n"
+systemctl restart postfix
+echo -e "Reiniciando FAIL2BAN"
+systemctl restart fail2ban
+
--- a/host_mail/update_ip.yml
+++ b/host_mail/update_ip.yml
+- name: Copia arquivo e executa
+  remote_user: root
+  hosts: usb-group
+  tasks:
+     - name: Transfer executable script script
+       copy: src=/root/host_mail.sh dest=/opt mode=0777
+
+     - name: Execute the script
+       command: sh /opt/host_mail.sh
+       register: command_output
+     - debug:
+         var: command_output.stdout_lines
--- a/host_mail/usb_hosts_mail
+++ b/host_mail/usb_hosts_mail
+[usb-group]
+usb-ac-gw-01.adventistas.org
+usb-acp-gw-01.adventistas.org
+usb-acsr-gw-01.adventistas.org
+usb-anc-gw-01.adventistas.org
+usb-anp-gw-01.adventistas.org
+usb-ansr-gw-01.adventistas.org
+usb-aop-gw-01.adventistas.org
+usb-asp-gw-01.adventistas.org
+usb-asr-gw-01.adventistas.org
+10.11.0.29
+10.11.20.21
--- a/educadventista/DigiCertCA.crt
+++ b/educadventista/DigiCertCA.crt
--- a/educadventista/wildcard_educadventista_org.crt
+++ b/educadventista/wildcard_educadventista_org.crt
--- a/educadventista/wildcard_educadventista_org.key
+++ b/educadventista/wildcard_educadventista_org.key
--- a/host_web.sh
+++ b/host_web.sh
 #!/usr/bin/bash
+echo ""
+echo -e "Fazendo backup dos certificados\n"
 mv /etc/ssl/certs/educadventista /etc/ssl/certs/educadventista_2021
-#rm -rf /etc/ssl/certs/educadventista
+


--- a/update_ip.yml
+++ b/update_ip.yml
@@ -3,7 +3,7 @@
  hosts: usb-group
  tasks:
     - name: Transfer executable script script
-       copy: src=/root/ansible/host_web.sh dest=/opt mode=0777
+       copy: src={{ playbook_dir }}/host_web.sh dest=/opt mode=0777

     - name: Execute the script
       command: sh /opt/host_web.sh
@@ -12,7 +12,7 @@
         var: command_output.stdout_lines

     - name: Transfer executable script script
-       copy: src=/root/ansible/educadventista dest=/etc/ssl/certs
+       copy: src={{ playbook_dir }}/educadventista dest=/etc/ssl/certs

     - name: Reload service httpd, in all cases
       service:

--- a/usb_hosts_mail
+++ b/usb_hosts_mail
--- a/joab_doc/anaconda-ks.cfg
+++ b/joab_doc/anaconda-ks.cfg
+#version=DEVEL
+# Install OS instead of upgrade
+install
+cmdline
+# Firewall configuration
+firewall --disabled
+firstboot --disable
+
+# Keyboard layouts
+# old format: keyboard us
+# new format:
+keyboard --vckeymap=us --xlayouts='us'
+# System language
+lang en_US.UTF-8
+
+# Network information
+network  --bootproto=dhcp --device=link --activate
+# Shutdown after installation
+shutdown
+repo --name="CentOS" --baseurl=http://mirror.centos.org/centos/7/os/x86_64/ --cost=100
+repo --name="Updates" --baseurl=http://mirror.centos.org/centos/7/updates/x86_64/ --cost=100
+# Use network installation
+url --url="http://mirrors.kernel.org/centos/7/os/x86_64/"
+# Root password
+rootpw --iscrypted --lock locked
+# SELinux configuration
+selinux --enforcing
+# System services
+services --disabled="chronyd"
+# Do not configure the X Window System
+skipx
+# System timezone
+timezone UTC --isUtc --nontp
+# System bootloader configuration
+bootloader --disabled
+# Clear the Master Boot Record
+zerombr
+# Partition clearing information
+clearpart --all --initlabel
+# Disk partitioning information
+part / --fstype="ext4" --size=3000
+
+%pre
+# Pre configure tasks for Docker
+
+# Don't add the anaconda build logs to the image
+# see /usr/share/anaconda/post-scripts/99-copy-logs.ks
+touch /tmp/NOSAVE_LOGS
+%end
+
+%post --logfile=/anaconda-post.log
+# Post configure tasks for Docker
+
+# remove stuff we don't need that anaconda insists on
+# kernel needs to be removed by rpm, because of grubby
+rpm -e kernel
+
+yum -y remove bind-libs bind-libs-lite dhclient dhcp-common dhcp-libs \
+  dracut-network e2fsprogs e2fsprogs-libs ebtables ethtool file \
+  firewalld freetype gettext gettext-libs groff-base grub2 grub2-tools \
+  grubby initscripts iproute iptables kexec-tools libcroco libgomp \
+  libmnl libnetfilter_conntrack libnfnetlink libselinux-python lzo \
+  libunistring os-prober python-decorator python-slip python-slip-dbus \
+  snappy sysvinit-tools which linux-firmware GeoIP firewalld-filesystem \
+  qemu-guest-agent
+
+yum clean all
+
+#clean up unused directories
+rm -rf /boot
+rm -rf /etc/firewalld
+
+# Lock roots account, keep roots account password-less.
+passwd -l root
+
+#LANG="en_US"
+#echo "%_install_lang $LANG" > /etc/rpm/macros.image-language-conf
+
+awk '(NF==0&&!done){print "override_install_langs=en_US.utf8\ntsflags=nodocs";done=1}{print}' \
+    < /etc/yum.conf > /etc/yum.conf.new
+mv /etc/yum.conf.new /etc/yum.conf
+echo 'container' > /etc/yum/vars/infra
+
+
+##Setup locale properly
+# Commenting out, as this seems to no longer be needed
+#rm -f /usr/lib/locale/locale-archive
+#localedef -v -c -i en_US -f UTF-8 en_US.UTF-8
+
+## Remove some things we don't need
+rm -rf /var/cache/yum/x86_64
+rm -f /tmp/ks-script*
+rm -rf /etc/sysconfig/network-scripts/ifcfg-*
+# do we really need a hardware database in a container?
+rm -rf /etc/udev/hwdb.bin
+rm -rf /usr/lib/udev/hwdb.d/*
+
+## Systemd fixes
+# no machine-id by default.
+:> /etc/machine-id
+# Fix /run/lock breakage since it's not tmpfs in docker
+umount /run
+systemd-tmpfiles --create --boot
+# Make sure login works
+rm /var/run/nologin
+
+
+#Generate installtime file record
+/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
+
+
+%end
+
+%packages --excludedocs --nocore --instLangs=en
+bash
+bind-utils
+centos-release
+iproute
+iputils
+less
+passwd
+rootfiles
+systemd
+tar
+vim-minimal
+yum
+yum-plugin-ovl
+yum-utils
+-*firmware
+-GeoIP
+-bind-license
+-firewalld-filesystem
+-freetype
+-gettext*
+-kernel*
+-libteam
+-os-prober
+-teamd
+
+%end
+
--- a/joab_doc/kernel.sh
+++ b/joab_doc/kernel.sh
+uname -r
--- a/joab_doc/kernel_exec.yml
+++ b/joab_doc/kernel_exec.yml
+- name: Copia arquivo e executa
+  remote_user: samir
+  hosts: usb-group
+  tasks:
+     - name: Transfer executable script script
+       copy: src=/root/kernel.sh dest=/opt mode=0777
+
+     - name: Execute the script
+       command: sh /opt/kernel.sh
+       register: command_output
+     - debug:
+         var: command_output.stdout_lines
--- a/joab_doc/usb-hosts
+++ b/joab_doc/usb-hosts
+[usb-group]
+10.15.0.1
+10.15.0.5
--- a/usb_hosts_web
+++ b/usb_hosts_web
-[usb-group]
-web.iaesc.org.br
-web.asr.org.br
-web.acsr.org.br
-web.ansr.org.br
-web.iacs.org.br
-web.ansc.org.br
-web.iaesc.org.br
-web.asp.org.br
-web.anp.org.br
-web.aopr.org.br
-web.iap.org.br
-10.19.0.13
-10.14.0.13
-10.12.0.13