- initial commit for fail2ban playbook

3 files changed, 81 insertions, 1 deletions

diff --git a/ansible-practice/system/10-playbook-copy-system-files-on-node.yml b/ansible-practice/system/10-playbook-copy-system-files-on-node.yml
index c073d44..ca00a85 100644
--- a/ansible-practice/system/10-playbook-copy-system-files-on-node.yml
+++ b/ansible-practice/system/10-playbook-copy-system-files-on-node.yml
@@ -41,7 +41,7 @@
 
   - name: backup of system files
     ansible.builtin.copy:
-      src: /etc/{{ item  }}
+      src: /etc/{{ item }}
       remote_src: true
       dest: "{{ backup_etc_dir }}/"
       mode: preserve
diff --git a/ansible-practice/system/18-playbook-slackbuild-fail2ban.yml b/ansible-practice/system/18-playbook-slackbuild-fail2ban.yml
new file mode 100644
index 0000000..4bd28b2
--- /dev/null
+++ b/ansible-practice/system/18-playbook-slackbuild-fail2ban.yml
@@ -0,0 +1,74 @@
+# fail2ban slackbuild install
+#
+#
+---
+- name: import another playbook
+  ansible.builtin.import_playbook: 17-playbook-slackbuild-rsync-repo.yml
+
+- name: "18 - custom ansible - install fail2ban slackbuild"
+  become: yes  # Run tasks with root/sudo privileges
+  hosts: dev
+  vars:
+    rc_local: /etc/rc.d/rc.local
+    rc_local_shutdown: /etc/rc.d/rc.local_shutdown
+    rc_d: /etc/rc.d
+
+  tasks:
+  - name: "test - to see if '{{ rc_local }}' exists"
+    ansible.builtin.stat:
+      path: "{{ rc_local }}"
+    register: etc_rcd_rclocal
+    tags: ['register_etc_rcd_rclocal']
+
+  - name: "fail - if the '{{ rc_local }}' file does not exist !"
+    ansible.builtin.fail:
+      msg: "this host does not have {{ rc_local }}"
+    when: etc_rcd_rclocal.stat.isreg is not defined
+    tags: ['test_etc_rcd_rclocal_exists']
+
+  - name: append to /etc/rc.local
+    ansible.builtin.blockinfile:
+      path: "{{ rc_local }}"
+      backup: true
+      block: |
+        if [ -x /etc/rc.d/rc.fail2ban ]; then
+                /etc/rc.d/rc.fail2ban start
+        fi
+    tags: ['append_to_etc_rcd_rclocal']
+
+  - name: "test - to see if '{{ rc_local_shutdown }}' exists"
+    ansible.builtin.stat:
+      path: "{{ rc_local_shutdown }}"
+    register: etc_rcd_rclocal_shutdown
+    tags: ['register_etc_rcd_rclocal_shutdown']
+
+  - name: "copy - {{ rc_local_shutdown }} from controller to managed node"
+    ansible.builtin.copy:
+      src: rc.local_shutdown     # copying a local file
+      dest: "{{ rc_d }}/"
+      owner: root
+      group: root
+      mode: 0755
+    register: etc_rcd_rclocal_shutdown_created
+    when: etc_rcd_rclocal_shutdown.stat.isreg is not defined
+    tags: ['copy_rc_local_shutdown']
+
+  - name: "append - to {{ rc_local_shutdown }}"
+    ansible.builtin.blockinfile:
+      path: "{{ rc_local }}_shutdown"
+      backup: true
+      block: |
+        if [ -x /etc/rc.d/rc.fail2ban ]; then
+                /etc/rc.d/rc.fail2ban stop
+        fi
+    tags: ['append_to_etc_rcd_rclocal_shutdown']
+
+# - make sure to run 'updatedb' and 'sync' when we've finished all tasks !!!!
+
+# References
+#
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/blockinfile_module.html
+# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/fail_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/stat_module.html
+
diff --git a/ansible-practice/system/rc.local_shutdown b/ansible-practice/system/rc.local_shutdown
new file mode 100644
index 0000000..0e1d179
--- /dev/null
+++ b/ansible-practice/system/rc.local_shutdown
@@ -0,0 +1,6 @@
+#!/bin/sh
+#
+# /etc/rc.d/rc.local_shutdown:  Local system shutdown script.
+#
+# Put any local shutdown commands in here.
+