Lockdownv6 Rebase

.gitignore

@@ -0,0 +1 @@
+.idea

README.md

@@ -0,0 +1,37 @@
+Lockdown v6
+=========
+This is a Lockdown v6 Deployment Repo
+
+Requirements
+------------
+
+python >=2.6
+pyshere
+pyVmomi
+
+Role Variables
+--------------
+
+Variables are generated using dynamic inventory, please check out inventory.py
+(Passwords and other sensitive information is passed thru a CLI, or a survey if you are using Ansible tower)
+
+
+Some Useful Links
+------------------
+https://docs.ansible.com/ansible/latest/modules/vmware_guest_module.html
+
+https://docs.ansible.com/ansible/latest/modules/vsphere_guest_module.html //DEPRICATED
+
+https://docs.ansible.com/ansible/latest/modules/vmware_local_role_manager_module.html
+
+https://docs.ansible.com/ansible/devel/modules/vmware_object_role_permission_module.html
+
+https://docs.ansible.com/ansible/latest/modules/vcenter_folder_module.html
+
+https://docs.ansible.com/ansible/2.7/user_guide/playbooks_filters_ipaddr.html#ip-math
+
+https://docs.ansible.com/ansible/latest/modules/vmware_guest_powerstate_module.html
+
+https://docs.ansible.com/ansible/latest/modules/vmware_vm_shell_module.html
+
+https://paloaltonetworks.github.io/ansible-pan/

deploy.yaml

@@ -0,0 +1,62 @@
+- hosts: localhost
+  gather_facts: no
+  connection: local
+  roles:
+     - folders
+     - folder_permissions
+     - pfsense_deploy_provision
+     - template_deployment
+
+- hosts: AD
+  gather_facts: no
+  roles:
+    - windows_server_provision_AD
+
+- hosts: Linux-A, Linux-B, Linux-C, WEB, DB, GIT
+  gather_facts: no
+  tasks:
+    - name: Wait For AD connection
+      wait_for_connection:
+        timeout: 30000
+        sleep: 5
+
+- hosts: Linux-A, Linux-B, Linux-C, WEB, DB, GIT
+  roles:
+    - local_users_Linux
+
+- hosts: Windows-A, Windows-B, FTP
+  gather_facts: no
+  roles:
+    - Windows_Client_Provision
+
+- hosts: GIT, WEB, DB
+  become: yes
+  roles:
+    - disable_firewall
+
+- hosts: GIT
+  gather_facts: no
+  become: yes
+  roles:
+    - gitlab
+
+
+- hosts: DB
+  gather_facts: no
+  become: true
+  roles:
+    - ansible-role-mysql-master
+
+
+- hosts: WEB
+  become: true
+  roles:
+    - install_php
+    - ansible-role-apache-master
+    - ansible-role-composer-master
+    - install_magento
+
+- hosts: WEB, DB
+  become: true
+  roles:
+    - ansible-docker-master

development roles/paloalto/AWX resstart procedure.txt

@@ -0,0 +1,18 @@
+docker exec -it awx_task
+/etc/python/cert-verification.cfg verify=disable
+export PYTHONHTTPSVERIFY=0
+
+pip install pan-python
+pip install pandevice
+/var/lib/awx/venv/
+
+ansible.cfg:
+
+[defaults]
+host_key_checking = False
+
+[paramiko_connection]
+record_host_keys = False
+
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null

development roles/paloalto/inventory.py

@@ -0,0 +1,84 @@
+#!/usr/bin/env python
+import os
+import sys
+import argparse
+
+try:
+    import json
+except ImportError:
+    import simplejson as json
+
+
+class Inventory(object):
+
+    def __init__(self):
+        self.inventory = {}
+        self.read_cli_args()
+
+        # Called with `--list`.
+        if self.args.list:
+            self.inventory = self.enventory_generator()
+        # Called with `--host [hostname]`.
+        elif self.args.host:
+            # Not implemented, since we return _meta info `--list`.
+            self.inventory = self.empty_inventory()
+        # If no groups or vars are present, return empty inventory.
+        else:
+            self.inventory = self.empty_inventory()
+        print(json.dumps(self.inventory))
+        with open("temp", 'w') as f:
+            f.write(json.dumps(self.inventory))
+
+
+    def enventory_generator(self):
+        PREFERED_DNS = '8.8.8.8'
+
+        inventory = {}
+        _meta = {}
+#####################################################################################################
+        all = {}
+        all_vars = {}
+        all_vars['vcenter_hostname'] = 'cdr-vcenter1.cse.buffalo.edu'
+        all_vars['datastore'] = 'cdr-iscsi2'
+        all_vars['datacenter'] = 'UBNetDef'
+        all_vars['cluster'] = 'MAIN'
+        all_vars['vcenter_username'] = '[email protected]'
+        all_vars['vcenter_username'] = '67K7~A(Dxj2npF,xANq;'
+        all_vars['template'] = 'student_machine'
+        all_vars['vm_name'] = 'student_vm'
+        all_vars['vmnet'] = 'generic-net'
+        all_vars['ip'] = '10.42.25.101'
+        all_vars['netmask'] = '255.255.255.0'
+        all_vars['gateway'] = '10.42.25.1'
+        all_vars['pan_template'] = 'PaloAlto_SysSec_Class'
+        all_vars['pan_ip'] = '192.168.1.1'
+        all_vars['pan_username'] = 'admin'
+        all_vars['pan_password'] = 'admin'
+        all_vars['pan_outside_ip'] = '192.168.8.101'
+        all_vars['gretzky'] = '192.168.0.1'
+
+
+
+        all_vars['dns_list'] = ['8.8.8.8', '8.8.4.4']
+        all_vars['ubit'] = ['jasleena','sennaals','brbarric','dabielli','derekcau','afeedaiy','ohadkatz','ddelanne','scottdep','dgibson4','morshedu','edwardly','grmarcus','rubenoca','aritrapa','jprue','jmromero','ethansac','ashi','zatenenb','cantopra','erictrav']
+
+        all['vars'] = all_vars
+        inventory['all'] = all
+        return inventory
+#####################################################################################################
+
+
+    # Empty inventory for testing.
+    def empty_inventory(self):
+        return {'_meta': {'hostvars': {}}}
+
+    # Read the command line args passed to the script.
+    def read_cli_args(self):
+        parser = argparse.ArgumentParser()
+        parser.add_argument('--list', action='store_true')
+        parser.add_argument('--host', action='store')
+        self.args = parser.parse_args()
+
+Inventory()
+
+