VOICE1/ansible-msp-automations
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial repo structure — playbook skeletons, roles, client template inventory

Browse Source
This commit is contained in:
Semaphore
2026-03-10 14:03:29 -07:00
commit 1ae6576dab
22 changed files with 180 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.gitignore vendored Normal file
View File

@@ -0,0 +1,8 @@
*.retry
.vault_pass
*.log
__pycache__/
*.pyc
.ansible/
fact_cache/
*.swp

27
ansible.cfg Normal file
View File

@@ -0,0 +1,27 @@
[defaults]
inventory = inventories/
roles_path = roles/
callback_plugins = callback_plugins/
stdout_callback = yaml
callbacks_enabled = n8n_reporter
retry_files_enabled = False
host_key_checking = True
timeout = 30
forks = 10
gathering = smart
fact_caching = jsonfile
fact_caching_connection = /tmp/ansible_facts_cache
fact_caching_timeout = 3600
[privilege_escalation]
become = True
become_method = sudo
become_ask_pass = False
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=yes
pipelining = True
[persistent_connection]
connect_timeout = 30
command_timeout = 30

9
callback_plugins/n8n_reporter.py Normal file
View File

@@ -0,0 +1,9 @@
# n8n_reporter.py
# Ansible callback plugin
# Posts structured patch run results to n8n webhook
# Full implementation to follow
DOCUMENTATION = '''
callback: n8n_reporter
type: notification
short_description: Posts patch run results to n8n webhook
'''

16
group_vars/all.yml Normal file
View File

@@ -0,0 +1,16 @@
---
min_free_disk_percent: 20
max_load_multiplier: 2
snapshot_max_age_hours: 24
human_estimates:
linux_full_patch: 2700
linux_security_only: 1800
windows_full_patch: 3600
preflight_check: 600
report_on_success: true
report_on_failure: true
snapshot_retain_count: 3
snapshot_name_prefix: "ansible-pre-patch"

7
inventories/client_template/group_vars/all.yml Normal file
View File

@@ -0,0 +1,7 @@
---
# Client-specific overrides go here
# client_id: "ACME-001"
# client_name: "ACME Corp"
# billing_model: "hybrid"
# change_freeze: false
# human_estimate_seconds: 2700

29
inventories/client_template/hosts.yml Normal file
View File

@@ -0,0 +1,29 @@
---
all:
vars:
client_id: "CLIENT_ID"
client_name: "Client Name"
billing_model: "hybrid"
maintenance_window_start: "02:00"
maintenance_window_end: "05:00"
maintenance_window_tz: "UTC"
n8n_webhook_url: "{{ lookup('env', 'N8N_WEBHOOK_URL') }}"
human_estimate_seconds: 2700
change_freeze: false
children:
linux_hosts:
hosts: {}
vars:
ansible_user: root
ansible_ssh_private_key_file: "~/.ssh/client_key"
os_family: "debian"
windows_hosts:
hosts: {}
vars:
ansible_user: Administrator
ansible_connection: winrm
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: validate
ansible_port: 5986

9
playbooks/linux_patch.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: Linux patching
hosts: linux_hosts
gather_facts: true
roles:
- snapshot
- preflight
- linux_patch
- report

7
playbooks/site_maintenance.yml Normal file
View File

@@ -0,0 +1,7 @@
---
# Master wrapper — runs full maintenance sequence
# This is the single template to schedule in Semaphore per client
- import_playbook: snapshot_pre.yml
- import_playbook: site_preflight.yml
- import_playbook: linux_patch.yml
- import_playbook: windows_patch.yml

6
playbooks/site_preflight.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Pre-flight safety checks
hosts: all
gather_facts: true
roles:
- preflight

6
playbooks/snapshot_pre.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Pre-patch snapshot
hosts: all
gather_facts: true
roles:
- snapshot

8
playbooks/snapshot_verify.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: Verify snapshot exists
hosts: all
gather_facts: false
tasks:
- name: Placeholder - snapshot verification tasks
ansible.builtin.debug:
msg: "Snapshot verification to be implemented"

8
playbooks/windows_patch.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: Windows patching
hosts: windows_hosts
gather_facts: true
roles:
- preflight
- windows_patch
- report

2
roles/linux_patch/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# linux_patch default variables

6
roles/linux_patch/tasks/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# linux_patch tasks
# Implementation to follow
- name: Placeholder
ansible.builtin.debug:
msg: "linux_patch role - tasks to be implemented"

2
roles/preflight/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# preflight default variables

6
roles/preflight/tasks/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# preflight tasks
# Implementation to follow
- name: Placeholder
ansible.builtin.debug:
msg: "preflight role - tasks to be implemented"

2
roles/report/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# report default variables

6
roles/report/tasks/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# report tasks
# Implementation to follow
- name: Placeholder
ansible.builtin.debug:
msg: "report role - tasks to be implemented"

2
roles/snapshot/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# snapshot default variables

6
roles/snapshot/tasks/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# snapshot tasks
# Implementation to follow
- name: Placeholder
ansible.builtin.debug:
msg: "snapshot role - tasks to be implemented"

2
roles/windows_patch/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# windows_patch default variables

6
roles/windows_patch/tasks/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# windows_patch tasks
# Implementation to follow
- name: Placeholder
ansible.builtin.debug:
msg: "windows_patch role - tasks to be implemented"