From c269e41eec5213df07973eb2cb09bfad93c04ab6 Mon Sep 17 00:00:00 2001
From: Kyle Kaminski <kyle.kaminski@trustwave.com>
Date: Wed, 14 Jul 2021 17:39:37 -0500
Subject: play around with ansible

---
 ansible/clean-vms/README        |  9 +++++++++
 ansible/clean-vms/ansible.cfg   |  3 +++
 ansible/clean-vms/clean-logs.sh | 45 +++++++++++++++++++++++++++++++++++++++++
 ansible/clean-vms/hosts         | 10 +++++++++
 ansible/clean-vms/vm-clean.yml  |  7 +++++++
 ansible/clean-vms/vm-setup.yml  | 33 ++++++++++++++++++++++++++++++
 6 files changed, 107 insertions(+)
 create mode 100644 ansible/clean-vms/README
 create mode 100644 ansible/clean-vms/ansible.cfg
 create mode 100755 ansible/clean-vms/clean-logs.sh
 create mode 100644 ansible/clean-vms/hosts
 create mode 100644 ansible/clean-vms/vm-clean.yml
 create mode 100644 ansible/clean-vms/vm-setup.yml

diff --git a/ansible/clean-vms/README b/ansible/clean-vms/README
new file mode 100644
index 0000000..e485651
--- /dev/null
+++ b/ansible/clean-vms/README
@@ -0,0 +1,9 @@
+- requirements
+  # sudo apt-get install sshpass -y  (install on the Control node), needed when ansible_ssh_pass is defined
+
+- to run
+  $ ansible-playbook vm-setup.yml
+  $ ansible-playbook vm-clean.yml
+
+- if ansible.cfg & hosts weren't present or you wanted to override them, the full 'ansible-playbook' command would be:
+$ ansible-playbook - i "192.168.56.101, 192.168.56.102 192.168.56.103 192.168.56.104" ansible_user=root ansible_ssh_pass=foobar -e  ‘{“user”: [{ "name": "root", "password": "Foobar64", "state": "present" }] }’ -e '{"packages":["curl","wget","vim","atop"]}' vm-setup.yml
diff --git a/ansible/clean-vms/ansible.cfg b/ansible/clean-vms/ansible.cfg
new file mode 100644
index 0000000..b16ea3d
--- /dev/null
+++ b/ansible/clean-vms/ansible.cfg
@@ -0,0 +1,3 @@
+[defaults]
+inventory = hosts
+host_key_checking = False
diff --git a/ansible/clean-vms/clean-logs.sh b/ansible/clean-vms/clean-logs.sh
new file mode 100755
index 0000000..5d79011
--- /dev/null
+++ b/ansible/clean-vms/clean-logs.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+#
+# ToDo
+# truncate -s 0 /var/log/syslog
+# /var/log/journal/f* (new in 18.10)
+#
+
+# clean traditional logs etc.
+find /var/log/ -type f -name "*.gz" -exec rm -f {} \;
+find /var/log/ -type f -name "*.1" -exec rm -f {} \;
+find /var/log/ -type f -name "*.old" -exec rm -f {} \;
+
+# clean systemd's journal
+if [[ -d /var/log/journal || -d /run/log/journal/ ]]; then
+    systemctl stop systemd-journald
+    journal_dirs1=$(find /var/log/journal/ -maxdepth 1 -type d -name "a*")
+    journal_dirs2=$(find /run/log/journal/ -maxdepth 1 -type d -name "f*")
+    journal_dirs3=$(find /run/log/journal/ /var/log/journal/ -maxdepth 1 -type d -name "[0-9]*" 2> /dev/null)
+    journal_dirs="$journal_dirs1 $journal_dirs2 $journal_dirs3";
+
+    for j in $journal_dirs; do
+        echo "removing ${j}"
+        rm -rf $j
+    done
+    systemctl start systemd-journald
+fi
+
+# clean atop logs
+if [[ -d /var/log/atop ]]; then
+    systemctl stop atop
+    rm -f /var/log/atop/*
+    systemctl start atop
+fi
+
+# clean samba logs
+if [[ -d /var/log/samba ]]; then
+    rm -rf /var/log/samba/*
+fi
+
+# at last truncate all *.log
+find /var/log/ -name "*.log" -exec truncate -s 0 {} \;
+
+exit 0
+
diff --git a/ansible/clean-vms/hosts b/ansible/clean-vms/hosts
new file mode 100644
index 0000000..70698d2
--- /dev/null
+++ b/ansible/clean-vms/hosts
@@ -0,0 +1,10 @@
+[vms]
+192.168.56.101
+192.168.56.102
+192.168.56.103
+192.168.56.104
+
+[vms:vars]
+ansible_connection=ssh  
+ansible_user=root 
+ansible_ssh_pass=foobar
diff --git a/ansible/clean-vms/vm-clean.yml b/ansible/clean-vms/vm-clean.yml
new file mode 100644
index 0000000..062e538
--- /dev/null
+++ b/ansible/clean-vms/vm-clean.yml
@@ -0,0 +1,7 @@
+- hosts: vms
+  tasks:
+    - name: Clean logs under /var/log/
+      script: clean-logs.sh
+    - name: All done!
+      debug:
+        msg: Packages have been successfully installed
diff --git a/ansible/clean-vms/vm-setup.yml b/ansible/clean-vms/vm-setup.yml
new file mode 100644
index 0000000..7fb9551
--- /dev/null
+++ b/ansible/clean-vms/vm-setup.yml
@@ -0,0 +1,33 @@
+- hosts: vms
+  become: 'yes'
+  vars:
+    user:
+      - name: "root"
+        password: "foobar"
+        ssh_key: "ssh-rsa …"
+    packages:
+      - vim
+      - wget
+      - curl
+      - atop
+  tasks:
+#    - name: Change password for default user
+#      user:
+#        name: '"{{ item.name }}"'
+#        password: '"{{ item.password | password_hash('sha512') }}"'
+#        state: present
+#      loop:
+#        - '"{{ user }}"'
+    - name: Add SSH public key
+      authorized_key:
+        user: '"{{ item.name }}"'
+        key: '"{{ item.ssh_key }}"'
+      loop:
+        - '"{{ user }}"'
+    - name: Ensure a list of packages installed
+      apt:
+        name: '"{{ packages }}"'
+        state: present
+    - name: All done!
+      debug:
+        msg: Packages have been successfully installed
-- 
cgit v1.2.3