From 1c9df4f36f9fbb0fefa32777afe0f7c77915704d Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 19 Mar 2021 18:21:38 +0000
Subject: [PATCH] Add nms01/02 hosts

---
 group_vars/nms.yml              | 18 +++++++++++++++++
 host_vars/nms01.home.foo.sh.yml | 18 +++++++++++++++++
 host_vars/nms02.home.foo.sh.yml | 18 +++++++++++++++++
 hosts                           |  5 +++++
 playbooks/nms.yml               | 36 +++++++++++++++++++++++++++++++++
 5 files changed, 95 insertions(+)
 create mode 100644 group_vars/nms.yml
 create mode 100644 host_vars/nms01.home.foo.sh.yml
 create mode 100644 host_vars/nms02.home.foo.sh.yml
 create mode 100644 playbooks/nms.yml

diff --git a/group_vars/nms.yml b/group_vars/nms.yml
new file mode 100644
index 0000000..0ee594b
--- /dev/null
+++ b/group_vars/nms.yml
@@ -0,0 +1,18 @@
+---
+datadisks:
+  - 10
+
+network_vip_interfaces:
+  - device: eth1
+    vhid: 25
+    ipaddr: 172.20.25.1
+    netmask: 255.255.0.0
+    pass: "{{ vip25_pass }}"
+    priority: "{{ vip25_priority }}"
+
+firewall_in:
+  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
+firewall_raw:
+  - "-A INPUT -i eth1 -d 224.0.0.0/8 -j ACCEPT"
+  - "-A INPUT -i eth1 -p vrrp -j ACCEPT"
diff --git a/host_vars/nms01.home.foo.sh.yml b/host_vars/nms01.home.foo.sh.yml
new file mode 100644
index 0000000..f265c1e
--- /dev/null
+++ b/host_vars/nms01.home.foo.sh.yml
@@ -0,0 +1,18 @@
+---
+vmhost: vmhost01.home.foo.sh
+network_interfaces:
+  - device: eth0
+    vlan: 20
+    mac: "52:54:00:ac:dc:43"
+  - device: eth1
+    vlan: 25
+    ipaddr: 172.20.25.2
+    netmask: 255.255.255.0
+    proto: static
+  - device: eth2
+    vlan: 103
+    ipaddr: 192.168.100.2
+    netmask: 255.255.255.248
+    proto: static
+
+vip25_priority: 128
diff --git a/host_vars/nms02.home.foo.sh.yml b/host_vars/nms02.home.foo.sh.yml
new file mode 100644
index 0000000..dbebdc0
--- /dev/null
+++ b/host_vars/nms02.home.foo.sh.yml
@@ -0,0 +1,18 @@
+---
+vmhost: vmhost02.home.foo.sh
+network_interfaces:
+  - device: eth0
+    vlan: 20
+    mac: "52:54:00:ac:dc:44"
+  - device: eth1
+    vlan: 25
+    ipaddr: 172.20.25.3
+    netmask: 255.255.255.0
+    proto: static
+  - device: eth2
+    vlan: 103
+    ipaddr: 192.168.100.3
+    netmask: 255.255.255.248
+    proto: static
+
+vip25_priority: 0
diff --git a/hosts b/hosts
index a63cf77..3b5f8cb 100644
--- a/hosts
+++ b/hosts
@@ -33,6 +33,10 @@ munin01.home.foo.sh
 [nas]
 nas02.home.foo.sh
 
+[nms]
+nms01.home.foo.sh
+nms02.home.foo.sh
+
 [ns]
 ns01.home.foo.sh
 ns02.home.foo.sh
@@ -64,6 +68,7 @@ mail
 mirror
 munin
 nas
+nms
 shell
 static
 vmhost
diff --git a/playbooks/nms.yml b/playbooks/nms.yml
new file mode 100644
index 0000000..a6f8b35
--- /dev/null
+++ b/playbooks/nms.yml
@@ -0,0 +1,36 @@
+---
+- import_playbook: "include/deploy-kvm-guest.yml myhosts=nms"
+
+- name: configure instance
+  hosts: nms
+  user: root
+  gather_facts: true
+
+  pre_tasks:
+    - name: mount /export
+      mount:
+        name: /export
+        src: LABEL=/export
+        fstype: xfs
+        opts: noatime,noexec,nosuid,nodev
+        passno: "0"
+        dump: "0"
+        state: mounted
+
+  vars_files:
+    - "{{ ansible_private }}/vars.yml"
+
+  roles:
+    - base
+    - mkhomedir
+    - sssd
+
+  tasks:
+    - name: install extra tools
+      package:
+        name: "{{ item }}"
+        state: installed
+      with_items:
+        - nmap
+        - scanssh
+        - sslscan