useraddopnsense mit ansible
20 September 2021
admin Benutzer auf opnsense anlegen.
Entweder über die GUI: System → Access → User (Authorized keys nicht vergessen) oder über die Shell mit
Benutzer admin zu wheel und admin Gruppe hinzufügen
Dazu /etc/group editieren:
wheel:*:0:root,admin
admins:*:1999:root,adminsudo für admin einrichten
visudohier die Zeile auskommenteiren:
## Uncomment to allow members of group wheel to execute any command
%wheel ALL=ALL(ALL) ALLPython Pfad anpassen auf Ansible-Host
Auf openBSD sind die Pfade für Python anders, daher müssen diese in der hosts Datei angepasst werden:
ansible_python_interpreter=/usr/local/bin/python3Beispiele
Ansible Playbook
---
- hosts: opnsense
remote_user: admin
become: yes
gather_facts: true
vars:
# change it to your checkmk host
check_mk_host: checkmk.int.DOAMIN.COM
roles:
- opnsense_pkg
- opnsense_backup
- opnsense_deploy_checkmkroles/opnsense_backup/tasks/main.yml
- name: backup opnsense config.xml
vars:
date: "{{ lookup('pipe', 'date +%Y%m%d-%H%M') }}"
# when: inventory_hostname in groups['opnsense']
fetch:
src: /conf/config.xml
dest: "./opnsense-backup/{{ inventory_hostname }}-{{ date }}.xml"
flat: yesroles/opnsense_pkg/tasks/main.yml
- name: pkg upgrade
tags: pkg-upgrade
become: yes
community.general.pkgng:
name: "*"
state: latest
- name: Install midnight commander
community.general.pkgng:
name: mc-nox11
state: present
- name: Install bind-tools
community.general.pkgng:
name: bind-tools
state: present
- name: os-nextcloud-backup
community.general.pkgng:
name: os-nextcloud-backup
state: present
- name: deploy my aliases
# when: inventory_hostname in groups['opnsense']
copy:
src: .cshrc
dest: /root/
owner: root
group: wheel
mode: 0644deploy check_mk agent
- name: Create a directory if it does not exist
ansible.builtin.file:
path: /opt/bin/
state: directory
- name: install check_mk agent
get_url:
url: https://raw.githubusercontent.com/tribe29/checkmk/master/agents/check_mk_agent.freebsd
dest: /opt/bin/check_mk_agent
mode: '0770'
- name: Install libstatgrab
community.general.pkgng:
name: libstatgrab
state: present
- name: Install bash
community.general.pkgng:
name: bash
state: present
- name: Add check_mk agent to inetd.conf
ansible.builtin.lineinfile:
path: /etc/inetd.conf
line: check_mk stream tcp nowait root /opt/bin/check_mk_agent check_mk_agent
register: result
- name: Add check_mk agent port to /etc/services
ansible.builtin.lineinfile:
path: /etc/services
line: check_mk 6556/tcp #check_mk agent
- name: Allow nagios server to access us /etc/hosts.allow
ansible.builtin.lineinfile:
path: /etc/hosts.allow
line: "check_mk_agent : {{ check_mk_host }}: allow"
- name: Allow nagios server to access us /etc/hosts.allow
ansible.builtin.lineinfile:
path: /etc/hosts.allow
line: "check_mk_agent : ALL : deny"
- name: Restart inetd service
ansible.builtin.service:
name: inetd
state: restarted
when: result.changed