Note: The default ITS GitLab runner is a shared resource and is subject to slowdowns during heavy usage.
You can run your own GitLab runner that is dedicated just to your group if you need to avoid processing delays.

Commit d629c260 authored by Adam Robinson's avatar Adam Robinson
Browse files

initial import

parents
VMSA-2019-0011_workaround
=========
This role implements a workaround for
[VMSA-2019-0011](https://www.vmware.com/in/security/advisories/VMSA-2019-0011.html) as described in
[VMware kb 67920](https://kb.vmware.com/s/article/67920).
Requirements
------------
pyvmomi is required. This role assumes your inventory file contains each ESXi host you are managing.
Role Variables
--------------
### Required
- `vcenter_hostname` - The hostname or address of the vCenter server.
- `inventory_hostname` - The hostname or address of the ESXi server.
Dependencies
------------
None
Example Playbook
----------------
Todo
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
---
# defaults file for VMSA-2019-0011-Workaround
vmware_user: "{{ lookup('env','VMWARE_USER') }}"
vmware_password: "{{ lookup('env','VMWARE_PASSWORD') }}"
\ No newline at end of file
---
# handlers file for VMSA-2019-0011-Workaround
- name: Restart hostd
shell: /etc/init.d/hostd restart && sleep 120
vars:
ansible_user: '{{ vmware_user }}@{{ ad_domain|upper }}'
ansible_password: '{{ vmware_password }}'
ansible_connection: paramiko
ansible_python_interpreter: /bin/python
- name: Stop SSH
vmware_host_service_manager:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
service_name: TSM-SSH
state: stop
delegate_to: localhost
when: not host_service_facts['host_service_facts'][inventory_hostname] | selectattr('key', 'equalto', 'TSM-SSH') | map(attribute='running') | list | first | bool
galaxy_info:
author: your name
description: your description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.4
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
\ No newline at end of file
---
# tasks file for VMSA-2019-0011-Workaround
- name: Get the current state of all services
vmware_host_service_facts:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
delegate_to: localhost
register: host_service_facts
- name: Start SSH Temporarily
vmware_host_service_manager:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
service_name: TSM-SSH
state: start
delegate_to: localhost
when: (ansible_distribution_version == "6.7.0" or ansible_distribution_version == "6.5.0") and not host_service_facts['host_service_facts'][inventory_hostname] | selectattr('key', 'equalto', 'TSM-SSH') | map(attribute='running') | list | first | bool
notify: Stop SSH
- name: Add ioTrackers to /etc/vmware/hostd/config.xml
xml:
backup: yes
path: /etc/vmware/hostd/config.xml
xpath: /config/ioTrackers
value: ' false '
when: (ansible_distribution_version == "6.7.0" and ansible_distribution_build|int <= 13981272) or (ansible_distribution_version == "6.5.0" and ansible_distribution_build|int < 13932383)
notify: Restart hostd
vars:
ansible_user: '{{ vmware_user }}@{{ ad_domain|upper }}'
ansible_password: '{{ vmware_password }}'
ansible_connection: paramiko
ansible_python_interpreter: /bin/python
- name: Remove ioTrackers from /etc/vmware/hostd/config.xml
xml:
backup: yes
path: /etc/vmware/hostd/config.xml
xpath: /config/ioTrackers
state: absent
when: (ansible_distribution_version == "6.7.0" and ansible_distribution_build|int > 13981272) or (ansible_distribution_version == "6.5.0" and ansible_distribution_build|int >= 13932383)
notify: Restart hostd
vars:
ansible_user: '{{ vmware_user }}@{{ ad_domain|upper }}'
ansible_password: '{{ vmware_password }}'
ansible_connection: paramiko
ansible_python_interpreter: /bin/python
\ No newline at end of file
---
- hosts: localhost
remote_user: root
roles:
- VMSA-2019-0011-Workaround
\ No newline at end of file
---
# vars file for VMSA-2019-0011-Workaround
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment