Merge branch 'main' of github.com:CloudMOA/dsk-iac into main

2024-01-09 12:24:23 +09:00
parent 407f967006 c9a8345f70
commit aafca9fe68
5 changed files with 43 additions and 17 deletions
--- a/ansible/infra_setting/infra-settings.yml
+++ b/ansible/infra_setting/infra-settings.yml
@@ -16,4 +16,12 @@
    # custom_labels: 'user=havelight,company=exem'
    #update: True
    # install: True
+    iptables_rules:
+      - { source: "10.10.45.0/24", target: "DROP" }
+      - { source: "10.10.47.0/24", target: "DROP" }
+      - { source: "10.10.48.0/24", target: "DROP" }
+      - { source: "10.10.50.0/24", target: "DROP" }
+      - { source: "10.10.37.0/24", target: "DROP" }
+    delete_rule: False
+    add_rule: True

--- a/ansible/infra_setting/passwd_inventory
+++ b/ansible/infra_setting/passwd_inventory
@@ -73,4 +73,32 @@
 10.10.43.193 ansible_port=2222 ansible_user=dev2
 10.10.43.194 ansible_port=2222 ansible_user=dev2
 10.10.43.199 ansible_port=2222 ansible_user=dev2
-
+10.10.43.195 ansible_port=2222 ansible_user=dev2
+10.10.43.196 ansible_port=2222 ansible_user=dev2
+10.10.43.197 ansible_port=2222 ansible_user=dev2
+10.10.43.200 ansible_port=2222 ansible_user=dev2
+10.10.43.201 ansible_port=2222 ansible_user=dev2
+10.10.43.202 ansible_port=2222 ansible_user=dev2
+10.10.43.203 ansible_port=2222 ansible_user=dev2
+10.10.43.204 ansible_port=2222 ansible_user=dev2
+10.10.43.205 ansible_port=2222 ansible_user=dev2
+10.10.43.206 ansible_port=2222 ansible_user=dev2
+10.10.43.207 ansible_port=2222 ansible_user=dev2
+10.10.43.208 ansible_port=2222 ansible_user=dev2
+10.10.43.210 ansible_port=2222 ansible_user=dev2
+10.10.43.211 ansible_port=2222 ansible_user=dev2
+10.10.43.212 ansible_port=2222 ansible_user=dev2
+10.10.43.213 ansible_port=2222 ansible_user=dev2
+10.10.43.214 ansible_port=2222 ansible_user=dev2
+10.10.43.215 ansible_port=2222 ansible_user=dev2
+10.10.43.216 ansible_port=2222 ansible_user=dev2
+10.10.43.217 ansible_port=2222 ansible_user=dev2
+10.10.43.218 ansible_port=2222 ansible_user=dev2
+10.10.43.224 ansible_port=2222 ansible_user=dev2
+10.10.43.225 ansible_port=2222 ansible_user=dev2
+10.10.43.226 ansible_port=2222 ansible_user=dev2
+10.10.43.227 ansible_port=2222 ansible_user=dev2
+10.10.43.228 ansible_port=2222 ansible_user=dev2
+10.10.43.235 ansible_port=2222 ansible_user=dev2
+10.10.43.236 ansible_port=2222 ansible_user=dev2
+10.10.43.252 ansible_port=2222 ansible_user=dev2
--- a/ansible/infra_setting/roles/connect-settings/tasks/00_host_setting.yml
+++ b/ansible/infra_setting/roles/connect-settings/tasks/00_host_setting.yml
@@ -1,17 +1,4 @@
 ---
- name: "host setting"
-  hosts: all
-  become: yes
-  vars:
-    iptables_rules:
-      - { source: "10.10.45.0/24", target: "DROP" }
-      - { source: "10.10.47.0/24", target: "DROP" }
-      - { source: "10.10.48.0/24", target: "DROP" }
-      - { source: "10.10.50.0/24", target: "DROP" }
-      - { source: "10.10.37.0/24", target: "DROP" }
-    delete_rule: False
-    add_rule: True
-
 - name: "Create dev2 group"
  ansible.builtin.group:
    name: "dev2"
@@ -49,6 +36,7 @@
  with_items:
    - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRP/Kjn7UBudTO4ZLtWXRJNDcOPGbm+5jLKax+1tVgN2n0MCmwwrbFJQJvdaE/wp4+PnMtEyt+IqdwFdUDah8tu9CIYZ2Jk2T18oU7hYGvymh+QJmZgCNvYcmM9ATJbXpns7y8VLDVbkSq9EJIB+emLt1ZV/C8cyvhlmBUwGQA6c3zMgzWl9MT0HLa7H88cNVVknZPY0vGIw+H0Y2JtDr62xyVNT7w8B+jh7Yu6nCnQchwx3IRWGATuKfi2FB3rhkDqNvM1h00JJosu5ooBn3g5xll+w+sVKIQxEWShI9zatYP9/zrce+uVYeZLfz52X8giJ9dns66vqEKdJtdp4By5RPxRSsdQ2QGAQ0UuBHKgweU2EzivLynu49oiShAiJPxmru4TiGtchl52dvw/E9rjZiCKTq697azHHLbwTiOgbHpnu7GrxNRMdXCON70RYJpfERg/SGxxmUNF9OhYUeQJGNc8DcWnlBUrT/9Wi3Ryh1rKx2wtZt6eDkrehJ1lgU="
    - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmxGUDo5rdB/XA+cyH4a7Kn8zGWHqbL0AZDL55j5JLRLXC/z482Rp2cIx/FsQRtwEslEVXHHSowpJWHvQ4Z6NcInh0/0psJK2K8qnApLDHhPoiQzpGL+nG4JIho/10QPGpJ2aDcXdushvUME97j0A8hfaoR2xhBl2C9r865Vred0M971A5SRchwN/cmsTh2OMYGXKHD9RC6OFud2sQjyidkSTW58yBoN2B5CoAO4GMV09jX6Wp43jot19xJ5lX65NAHLsNIXMWiURmQDieIKqEiwWlPgwo7geErHlMOoNoypU9yTaN9NMYWZBG1xVL5skjmkdTEd+cnHBLAvhVtW1w5pOA7S8OUXkmiu0UITLYyWfzUx4uwzb7nGcb6aDboRVX6w8H4+GVgpYWJq+fh0ZZ9JbsdP6+PjRz1vgptM7K4Ji5ZRvqV5WMT0cvpySBaJakLSiPSa+dxGi6nfowXvUEAzMIVyaScNgCs1/NpdgN8dwffZlYB9WBUxY+5IjBQc8=" 
+    - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKDxtkcfx2ITlT2Yh7ZCT79do/25YQ2vROz38m8veAuBhOw+75oZJ4nN//zOWaaMvpC3Z7NIzOR+3UeukhnLZ591q8AaHcKjV8JEJMo2pvpH1vdLcTL9baLqWrxzgRimnZUNf5n5HNr+AKoXuPp//aVSJSoeznb66r04/rJSetT0QGDC8Kj5Q+MNvdd0/3U/nu7JxW9LIEaLoeiX6mVb4PpV7kl3rI3Vut/GnWakOhbS4yNvIFdR6d8rv305/BXJOz/aWy+0j7qK+NBzbSsI/l0vVUHfeD3whYGePCpWmj73ZsMTMjIjrC8DpRQlOJlAZ0GVpQnd/ayIWi4+V8VjvFcd6vSqrhhsNoOyo0Y/6cyO6iyvKqohMK6+HF1w6aXoaGCFFSl/3gw63saNAsdZPArnwf5yZ6GfPa/9bRn2k9g5xfp97Itpo6Iqq+PuRcZOes0EiIQe2hOoYQEIHIRhf8CZ+Xf6W1+XZB+WxEzUe4GCCwgUdTB6RIr4ThDxwCBV0="
  when:
    - add_rule == True

@@ -59,6 +47,7 @@
  with_items:
    - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRP/Kjn7UBudTO4ZLtWXRJNDcOPGbm+5jLKax+1tVgN2n0MCmwwrbFJQJvdaE/wp4+PnMtEyt+IqdwFdUDah8tu9CIYZ2Jk2T18oU7hYGvymh+QJmZgCNvYcmM9ATJbXpns7y8VLDVbkSq9EJIB+emLt1ZV/C8cyvhlmBUwGQA6c3zMgzWl9MT0HLa7H88cNVVknZPY0vGIw+H0Y2JtDr62xyVNT7w8B+jh7Yu6nCnQchwx3IRWGATuKfi2FB3rhkDqNvM1h00JJosu5ooBn3g5xll+w+sVKIQxEWShI9zatYP9/zrce+uVYeZLfz52X8giJ9dns66vqEKdJtdp4By5RPxRSsdQ2QGAQ0UuBHKgweU2EzivLynu49oiShAiJPxmru4TiGtchl52dvw/E9rjZiCKTq697azHHLbwTiOgbHpnu7GrxNRMdXCON70RYJpfERg/SGxxmUNF9OhYUeQJGNc8DcWnlBUrT/9Wi3Ryh1rKx2wtZt6eDkrehJ1lgU="
    - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmxGUDo5rdB/XA+cyH4a7Kn8zGWHqbL0AZDL55j5JLRLXC/z482Rp2cIx/FsQRtwEslEVXHHSowpJWHvQ4Z6NcInh0/0psJK2K8qnApLDHhPoiQzpGL+nG4JIho/10QPGpJ2aDcXdushvUME97j0A8hfaoR2xhBl2C9r865Vred0M971A5SRchwN/cmsTh2OMYGXKHD9RC6OFud2sQjyidkSTW58yBoN2B5CoAO4GMV09jX6Wp43jot19xJ5lX65NAHLsNIXMWiURmQDieIKqEiwWlPgwo7geErHlMOoNoypU9yTaN9NMYWZBG1xVL5skjmkdTEd+cnHBLAvhVtW1w5pOA7S8OUXkmiu0UITLYyWfzUx4uwzb7nGcb6aDboRVX6w8H4+GVgpYWJq+fh0ZZ9JbsdP6+PjRz1vgptM7K4Ji5ZRvqV5WMT0cvpySBaJakLSiPSa+dxGi6nfowXvUEAzMIVyaScNgCs1/NpdgN8dwffZlYB9WBUxY+5IjBQc8=" 
+    - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKDxtkcfx2ITlT2Yh7ZCT79do/25YQ2vROz38m8veAuBhOw+75oZJ4nN//zOWaaMvpC3Z7NIzOR+3UeukhnLZ591q8AaHcKjV8JEJMo2pvpH1vdLcTL9baLqWrxzgRimnZUNf5n5HNr+AKoXuPp//aVSJSoeznb66r04/rJSetT0QGDC8Kj5Q+MNvdd0/3U/nu7JxW9LIEaLoeiX6mVb4PpV7kl3rI3Vut/GnWakOhbS4yNvIFdR6d8rv305/BXJOz/aWy+0j7qK+NBzbSsI/l0vVUHfeD3whYGePCpWmj73ZsMTMjIjrC8DpRQlOJlAZ0GVpQnd/ayIWi4+V8VjvFcd6vSqrhhsNoOyo0Y/6cyO6iyvKqohMK6+HF1w6aXoaGCFFSl/3gw63saNAsdZPArnwf5yZ6GfPa/9bRn2k9g5xfp97Itpo6Iqq+PuRcZOes0EiIQe2hOoYQEIHIRhf8CZ+Xf6W1+XZB+WxEzUe4GCCwgUdTB6RIr4ThDxwCBV0="
  when:
    - add_rule == True

--- a/ansible/infra_setting/roles/connect-settings/templates/allow_users.j2
+++ b/ansible/infra_setting/roles/connect-settings/templates/allow_users.j2
@@ -1,3 +1,4 @@
+AllowUsers dev2@10.10.43.*
 AllowUsers dev2-iac@10.10.43.*
 AllowUsers *@10.20.142.*
 {% if ansible_distribution == "Ubuntu" %}
--- a/ansible/security_check/roles/security_check/tasks/create_readme.yml
+++ b/ansible/security_check/roles/security_check/tasks/create_readme.yml
@@ -36,8 +36,8 @@
    ls -al
    git config --global user.email "sa_8001@ex-em.com"
    git config --global user.name "ByeonJungHun"
-    git clone https://{{ git_user }}:{{ git_key }}@github.com/CloudMOA/security_check.git ~/security_check
-    cp ./README.md ~/security_check/README.md
+    git clone https://{{ git_user }}:{{ git_key }}github.com/CloudMOA/dsk-iac.git ~/security_check
+    cp ./README.md ~/dsk-iac/ansible/security_check/README.md
    cd ~/security_check
    cat README.md
    pwd
@@ -49,5 +49,5 @@
  when: "'nas' in group_names"

 - debug:
-    msg: "결과 확인 : https://github.com/CloudMOA/security_check.git"
+    msg: "결과 확인 : https://github.com/CloudMOA/dsk-iac/tree/main/ansible/security_check"
  when: "'nas' in group_names"