commit 017a3a00ee9ac30147b11036ba133bb909662016 Author: sam Date: Sat Feb 28 22:27:58 2026 -0700 Initial commit: playbooks and inventory for Semaphore automation - find_docker_enroll_portainer.yml: discover Docker hosts across all VLANs, deploy Portainer Agent, register in Portainer, write discovery report - inventory/hosts.yml: auto-generated from NetBox (31 hosts) + UniFi clients (135 unmanaged hosts not in NetBox) across vlan1/vlan40/vlan20 Co-Authored-By: Claude Sonnet 4.6 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6b8d42e --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +# Ansible run reports (generated per-run) +reports/*.txt diff --git a/inventory/hosts.yml b/inventory/hosts.yml new file mode 100644 index 0000000..905da95 --- /dev/null +++ b/inventory/hosts.yml @@ -0,0 +1,1343 @@ +# Auto-generated by semaphore/generate_inventory.py +# Generated: 2026-03-01 05:09 UTC +# NetBox: http://172.19.77.160:8000 (31 hosts) +# UniFi unmanaged supplement: 135 hosts +# +all: + children: + netbox_devices: + hosts: + nid12_dc_mtso_pri: {} + netbox_vms: + hosts: + cml_2_9_0: {} + gns3_vm: {} + graylog: {} + labtainervm_24a: {} + labtainervm_vmware: {} + librenms: {} + myip: {} + pdmbeta: {} + pingvin: {} + proxmox_datacenter_manager: {} + securityonion: {} + semaphore: {} + server_2012___storage_host: {} + server_2019___dc: {} + sp_ie_containerlab: {} + speedtest_tracker: {} + tacgui_new_attempt: {} + technitiumdns: {} + truenas_scale: {} + ubuntu_server_01: {} + ubuntu_server_02: {} + unbound: {} + vaultwarden: {} + vcenter_7_0_3: {} + vrouter_host: {} + wazuh___graylog_server: {} + wikijs: {} + windows_10_domain_test: {} + windows_10_isolation_vlan_50: {} + zabbix: {} + platform_amt-7-9-1-23673: + hosts: + nid12_dc_mtso_pri: {} + platform_debian: + hosts: + graylog: {} + librenms: {} + myip: {} + pdmbeta: {} + pingvin: {} + proxmox_datacenter_manager: {} + semaphore: {} + speedtest_tracker: {} + technitiumdns: {} + unbound: {} + vaultwarden: {} + wikijs: {} + zabbix: {} + platform_linux: + hosts: + cml_2_9_0: {} + gns3_vm: {} + labtainervm_24a: {} + labtainervm_vmware: {} + securityonion: {} + sp_ie_containerlab: {} + tacgui_new_attempt: {} + truenas_scale: {} + ubuntu_server_01: {} + ubuntu_server_02: {} + vcenter_7_0_3: {} + vrouter_host: {} + wazuh___graylog_server: {} + platform_windows: + hosts: + server_2012___storage_host: {} + server_2019___dc: {} + windows_10_domain_test: {} + windows_10_isolation_vlan_50: {} + role_lxc-container: + hosts: + graylog: {} + librenms: {} + myip: {} + pdmbeta: {} + pingvin: {} + proxmox_datacenter_manager: {} + semaphore: {} + speedtest_tracker: {} + technitiumdns: {} + unbound: {} + vaultwarden: {} + wikijs: {} + zabbix: {} + role_nid: + hosts: + nid12_dc_mtso_pri: {} + role_virtual-machine: + hosts: + cml_2_9_0: {} + gns3_vm: {} + labtainervm_24a: {} + labtainervm_vmware: {} + securityonion: {} + server_2012___storage_host: {} + server_2019___dc: {} + sp_ie_containerlab: {} + tacgui_new_attempt: {} + truenas_scale: {} + ubuntu_server_01: {} + ubuntu_server_02: {} + vcenter_7_0_3: {} + vrouter_host: {} + wazuh___graylog_server: {} + windows_10_domain_test: {} + windows_10_isolation_vlan_50: {} + site_lab: + hosts: + nid12_dc_mtso_pri: {} + site_main: + hosts: + cml_2_9_0: {} + gns3_vm: {} + graylog: {} + labtainervm_24a: {} + labtainervm_vmware: {} + librenms: {} + myip: {} + pdmbeta: {} + pingvin: {} + proxmox_datacenter_manager: {} + securityonion: {} + semaphore: {} + server_2012___storage_host: {} + server_2019___dc: {} + sp_ie_containerlab: {} + speedtest_tracker: {} + tacgui_new_attempt: {} + technitiumdns: {} + truenas_scale: {} + ubuntu_server_01: {} + ubuntu_server_02: {} + unbound: {} + vaultwarden: {} + vcenter_7_0_3: {} + vrouter_host: {} + wazuh___graylog_server: {} + wikijs: {} + windows_10_domain_test: {} + windows_10_isolation_vlan_50: {} + zabbix: {} + subnet_vlan1_192_168_1: + hosts: + 005056b39bfd: {} + 00c0b7d01f77: {} + 09aa01af212006br: {} + 0c1414470000: {} + 0c31404c0000: {} + 0c3a921d0000: {} + 0c4c6a530000: {} + 0cee96b50000: {} + 525400a1015b: {} + 526ccf9481c2: {} + 55tclrokutv: {} + 7c630525dd7a: {} + 9418827f24ca: {} + aaa_apodacalab_com: {} + aabbcc000533: {} + amazon_5ff6fb95c: {} + amazon_c8b6c57d5: {} + amazonplug023e: {} + amazonplug0390: {} + avocent_apodacalab_com: {} + batts3000: {} + cc4e24132562: {} + cml_2_9_0: {} + cml_apodacalab_com: {} + cml_rtr_01: {} + denon_avr_x6500h: {} + desktop_3ff1991: {} + desktop_4vqb0hp: {} + dl360_apodacalab_com: {} + envoy: {} + es20m_localdomain: {} + g432_0209: {} + g5_bullet: {} + g5_dome: {} + gemodule79c0: {} + gns3_vm: {} + harmonyhub: {} + home: {} + hpiac9bac: {} + hs220: {} + idrac_apodacalab_com: {} + idrac_f5123w2: {} + ilo: {} + ilo___ona4__h: {} + ilomxq62909rq: {} + inserthostname_here: {} + iphone: {} + iphone_localdomain: {} + irobot_d4c931f4da324976beb33823c15dc871: {} + ista_vcclpsed3ka6ml014242: {} + kendra_s_iphone: {} + kendras_ipad: {} + kendras_iphone: {} + kendraslaptop: {} + labtainervm_vmware: {} + lauras_ipad: {} + lg_smart_washtower2_open: {} + myq_0b4: {} + opnsense_master: {} + pdu1_apodacalab_com: {} + prox940_ve_mgmt: {} + proxmox_datacenter_manager: {} + proxmox_host_gen_9: {} + r930server_apodacalab_com: {} + rest2ndgen_20e9c6: {} + roomba_3198091841904740: {} + sdwan_apodacalab_com: {} + server_2012___storage_host: {} + server_2019___dc: {} + smokeping: {} + sony_ubp_x700_blu_ray: {} + speedtest_tracker: {} + tacgui_new_attempt: {} + truenas_scale: {} + vcenter_7_0_3: {} + vrouterhost: {} + vtech: {} + vyos: {} + watch: {} + watch_localdomain: {} + wazuh___graylog_server: {} + webterm_2: {} + wemo: {} + windows_10_domain_test: {} + wlan0: {} + xboxone: {} + subnet_vlan20_10_10_20: + hosts: + '2901_01': {} + 748ef8e9d3e2: {} + 748ef8ff4060: {} + 9950x3d_pc: {} + avocent_vlan_20_interface: {} + b2a8c2ec8640: {} + brocade10g_01: {} + c3850_01_svi: {} + c3850_02_svi: {} + c3850_03: {} + c3850_04: {} + cc8e718d46c2: {} + iphone: {} + isr4331_01: {} + isr4331_02: {} + masterbedroom: {} + msrp_pc: {} + opengear: {} + precision5530: {} + sam_ipad_pro: {} + samsung: {} + watch: {} + subnet_vlan40_10_40_40: + hosts: + 000c29d06e57: {} + 50eb1adccf25: {} + bc24113a0806: {} + bc2411f10d39: {} + bookstack: {} + caddy: {} + docker: {} + elementsynapse: {} + emqx: {} + gitea: {} + graylog: {} + labtainervm_24a: {} + librenms: {} + lldap: {} + metube: {} + myip: {} + netbox: {} + netvisor: {} + nginxproxymanager: {} + observium_apodacalab_com: {} + ollama: {} + opnsense_apodacalab_com: {} + pdmbeta: {} + pingvin: {} + proxmox2: {} + proxmox_datacenter_manager: {} + proxmoxtest_apodacalab_com: {} + runtipi: {} + securityonion: {} + semaphore: {} + sp_ie_containerlab: {} + speedtest: {} + technitiumdns: {} + traefik: {} + ubuntu_gns3: {} + ubuntu_server_01: {} + ubuntu_server_02: {} + ubuntu_vm: {} + unbound: {} + uptimekuma: {} + vaultwarden: {} + vrouter_host: {} + web_check: {} + wikijs: {} + zabbix: {} + unmanaged: + hosts: + 000c29d06e57: {} + 005056b39bfd: {} + 007e95a9b3e7: {} + 00c0b7d01f77: {} + 09aa01af212006br: {} + 0c1414470000: {} + 0c31404c0000: {} + 0c3a921d0000: {} + 0c4c6a530000: {} + 0cee96b50000: {} + 229e6facad0d: {} + '2901_01': {} + 4e4e054dc581: {} + 50eb1adccf25: {} + 525400a1015b: {} + 526ccf9481c2: {} + 55tclrokutv: {} + 5897bdaefd21: {} + 748ef8e9d3e2: {} + 748ef8ff4060: {} + 75tclrokutv: {} + 7c630525dd7a: {} + 9418827f24ca: {} + 9950x3d_pc: {} + a225eef8963b: {} + aa8763e77038: {} + aaa_apodacalab_com: {} + aabbcc000533: {} + amazon_5ff6fb95c: {} + amazon_c8b6c57d5: {} + amazonplug023e: {} + amazonplug0390: {} + avocent_apodacalab_com: {} + avocent_vlan_20_interface: {} + b2a8c2ec8640: {} + batts3000: {} + bc24113a0806: {} + bc2411f10d39: {} + bookstack: {} + brocade10g_01: {} + c3850_01_svi: {} + c3850_02_svi: {} + c3850_03: {} + c3850_04: {} + caddy: {} + cc4e24132562: {} + cc8e718d46c2: {} + chargepoint_flex: {} + cml_apodacalab_com: {} + cml_rtr_01: {} + denon_avr_x6500h: {} + desktop_3ff1991: {} + desktop_4vqb0hp: {} + dl360_apodacalab_com: {} + dl380_apodacalab_com: {} + docker: {} + elementsynapse: {} + emqx: {} + envoy: {} + es20m_localdomain: {} + g432_0209: {} + g5_bullet: {} + g5_dome: {} + gemodule79c0: {} + gitea: {} + grtilt70: {} + harmonyhub: {} + home: {} + hpiac9bac: {} + hs220: {} + idrac_apodacalab_com: {} + idrac_f5123w2: {} + ilo: {} + ilo___ona4__h: {} + ilomxq62909rq: {} + inserthostname_here: {} + iphone: {} + iphone_localdomain: {} + irobot_d4c931f4da324976beb33823c15dc871: {} + isr4331_01: {} + isr4331_02: {} + ista_vcclpsed3ka6ml014242: {} + kendra_s_iphone: {} + kendras_ipad: {} + kendras_iphone: {} + kendraslaptop: {} + lauras_ipad: {} + lg_smart_washtower2_open: {} + librenms: {} + lldap: {} + masterbedroom: {} + metube: {} + msrp_pc: {} + myq_0b4: {} + netbox: {} + netvisor: {} + nginxproxymanager: {} + observium_apodacalab_com: {} + ollama: {} + opengear: {} + opnsense_apodacalab_com: {} + opnsense_master: {} + pdu1_apodacalab_com: {} + precision5530: {} + prox940_ve_mgmt: {} + proxmox2: {} + proxmox_datacenter_manager: {} + proxmox_host_gen_9: {} + proxmoxtest_apodacalab_com: {} + r930server_apodacalab_com: {} + rest2ndgen_20e9c6: {} + roomba_3198091841904740: {} + runtipi: {} + sam_ipad_pro: {} + samsung: {} + sdwan_apodacalab_com: {} + smokeping: {} + sony_ubp_x700_blu_ray: {} + speedtest: {} + technitiumdns: {} + traefik: {} + ubuntu_gns3: {} + ubuntu_vm: {} + uptimekuma: {} + vrouterhost: {} + vtech: {} + vyos: {} + watch: {} + watch_localdomain: {} + web_check: {} + webterm_2: {} + wemo: {} + wlan0: {} + xboxone: {} + zabbix: {} + hosts: + 000c29d06e57: + ansible_host: 10.40.40.150 + unifi_display: 000c29d06e57 + unifi_mac: 00:0c:29:d0:6e:57 + unifi_oui: VMware, Inc. + 005056b39bfd: + ansible_host: 192.168.1.241 + unifi_display: 005056b39bfd + unifi_mac: 00:50:56:b3:9b:fd + unifi_oui: VMware, Inc. + 007e95a9b3e7: + ansible_host: 172.16.50.4 + unifi_display: 007e95a9b3e7 + unifi_mac: 00:7e:95:a9:b3:e7 + unifi_oui: Cisco Systems, Inc + 00c0b7d01f77: + ansible_host: 192.168.1.236 + unifi_display: 00c0b7d01f77 + unifi_mac: 00:c0:b7:d0:1f:77 + unifi_oui: American Power Conversion Corp + 09aa01af212006br: + ansible_host: 192.168.1.104 + unifi_display: 09AA01AF212006BR + unifi_mac: cc:a7:c1:05:b9:01 + unifi_oui: Google, Inc. + 0c1414470000: + ansible_host: 192.168.1.74 + unifi_display: 0c1414470000 + unifi_mac: 0c:14:14:47:00:00 + unifi_oui: '' + 0c31404c0000: + ansible_host: 192.168.1.147 + unifi_display: 0c31404c0000 + unifi_mac: 0c:31:40:4c:00:00 + unifi_oui: '' + 0c3a921d0000: + ansible_host: 192.168.1.203 + unifi_display: 0c3a921d0000 + unifi_mac: 0c:3a:92:1d:00:00 + unifi_oui: '' + 0c4c6a530000: + ansible_host: 192.168.1.206 + unifi_display: 0c4c6a530000 + unifi_mac: 0c:4c:6a:53:00:00 + unifi_oui: '' + 0cee96b50000: + ansible_host: 192.168.1.203 + unifi_display: 0cee96b50000 + unifi_mac: 0c:ee:96:b5:00:00 + unifi_oui: '' + 229e6facad0d: + ansible_host: 192.168.6.2 + unifi_display: 229e6facad0d + unifi_mac: 22:9e:6f:ac:ad:0d + unifi_oui: '' + '2901_01': + ansible_host: 10.10.20.3 + unifi_display: 2901-01 + unifi_mac: 60:73:5c:f7:24:f8 + unifi_oui: Cisco Systems, Inc + 4e4e054dc581: + ansible_host: 192.168.10.16 + unifi_display: 4e4e054dc581 + unifi_mac: 4e:4e:05:4d:c5:81 + unifi_oui: '' + 50eb1adccf25: + ansible_host: 10.40.40.40 + unifi_display: 50eb1adccf25 + unifi_mac: 50:eb:1a:dc:cf:25 + unifi_oui: Brocade Communications Systems LLC + 525400a1015b: + ansible_host: 192.168.1.21 + unifi_display: 525400a1015b + unifi_mac: 52:54:00:a1:01:5b + unifi_oui: '' + 526ccf9481c2: + ansible_host: 192.168.1.163 + unifi_display: 526ccf9481c2 + unifi_mac: 52:6c:cf:94:81:c2 + unifi_oui: '' + 55tclrokutv: + ansible_host: 192.168.1.238 + unifi_display: 55TCLRokuTV + unifi_mac: 4c:50:dd:ce:31:73 + unifi_oui: Hui Zhou Gaoshengda Technology Co.,LTD + 5897bdaefd21: + ansible_host: 10.6.6.6 + unifi_display: 5897bdaefd21 + unifi_mac: 58:97:bd:ae:fd:21 + unifi_oui: Cisco Systems, Inc + 748ef8e9d3e2: + ansible_host: 10.10.20.77 + unifi_display: 748ef8e9d3e2 + unifi_mac: 74:8e:f8:e9:d3:e2 + unifi_oui: Brocade Communications Systems LLC + 748ef8ff4060: + ansible_host: 10.10.20.65 + unifi_display: 748ef8ff4060 + unifi_mac: 74:8e:f8:ff:40:60 + unifi_oui: Brocade Communications Systems LLC + 75tclrokutv: + ansible_host: 192.168.7.15 + unifi_display: 75TCLRokuTV + unifi_mac: dc:72:23:0b:d4:5e + unifi_oui: Hui Zhou Gaoshengda Technology Co.,LTD + 7c630525dd7a: + ansible_host: 192.168.1.169 + unifi_display: 7c630525dd7a + unifi_mac: 7c:63:05:25:dd:7a + unifi_oui: Amazon Technologies Inc. + 9418827f24ca: + ansible_host: 192.168.1.229 + unifi_display: 9418827f24ca + unifi_mac: 94:18:82:7f:24:ca + unifi_oui: Hewlett Packard Enterprise + 9950x3d_pc: + ansible_host: 10.10.20.212 + unifi_display: 9950X3D-PC + unifi_mac: e4:1d:2d:b8:97:60 + unifi_oui: Mellanox Technologies, Inc. + a225eef8963b: + ansible_host: 169.254.118.72 + unifi_display: a225eef8963b + unifi_mac: a2:25:ee:f8:96:3b + unifi_oui: '' + aa8763e77038: + ansible_host: 172.50.1.4 + unifi_display: aa8763e77038 + unifi_mac: aa:87:63:e7:70:38 + unifi_oui: '' + aaa_apodacalab_com: + ansible_host: 192.168.1.200 + unifi_display: aaa.apodacalab.com + unifi_mac: 00:50:56:b3:5b:63 + unifi_oui: VMware, Inc. + aabbcc000533: + ansible_host: 192.168.1.253 + unifi_display: aabbcc000533 + unifi_mac: aa:bb:cc:00:05:33 + unifi_oui: '' + amazon_5ff6fb95c: + ansible_host: 192.168.1.171 + unifi_display: amazon-5ff6fb95c + unifi_mac: 90:a8:22:c4:a8:e7 + unifi_oui: Amazon Technologies Inc. + amazon_c8b6c57d5: + ansible_host: 192.168.1.45 + unifi_display: amazon-c8b6c57d5 + unifi_mac: fc:65:de:ff:92:7a + unifi_oui: Amazon Technologies Inc. + amazonplug023e: + ansible_host: 192.168.1.118 + unifi_display: AmazonPlug023E + unifi_mac: 08:c2:24:09:67:2c + unifi_oui: Amazon Technologies Inc. + amazonplug0390: + ansible_host: 192.168.1.157 + unifi_display: AmazonPlug0390 + unifi_mac: 08:c2:24:3b:3d:76 + unifi_oui: Amazon Technologies Inc. + avocent_apodacalab_com: + ansible_host: 192.168.1.100 + unifi_display: avocent.apodacalab.com + unifi_mac: 00:e0:86:19:31:22 + unifi_oui: Emerson Network Power, Avocent Division + avocent_vlan_20_interface: + ansible_host: 10.10.20.100 + unifi_display: Avocent VLAN 20 Interface + unifi_mac: 00:e0:86:19:31:21 + unifi_oui: Emerson Network Power, Avocent Division + b2a8c2ec8640: + ansible_host: 10.10.20.137 + unifi_display: b2a8c2ec8640 + unifi_mac: b2:a8:c2:ec:86:40 + unifi_oui: '' + batts3000: + ansible_host: 192.168.1.81 + unifi_display: Batts3000 + unifi_mac: 00:c0:b7:9b:a7:a3 + unifi_oui: American Power Conversion Corp + bc24113a0806: + ansible_host: 10.40.40.4 + unifi_display: bc24113a0806 + unifi_mac: bc:24:11:3a:08:06 + unifi_oui: Proxmox Server Solutions GmbH + bc2411f10d39: + ansible_host: 10.40.40.128 + unifi_display: bc2411f10d39 + unifi_mac: bc:24:11:f1:0d:39 + unifi_oui: Proxmox Server Solutions GmbH + bookstack: + ansible_host: 10.40.40.115 + unifi_display: bookstack + unifi_mac: bc:24:11:9b:5c:a0 + unifi_oui: Proxmox Server Solutions GmbH + brocade10g_01: + ansible_host: 10.10.20.55 + unifi_display: Brocade10G-01 + unifi_mac: 00:e0:52:00:01:00 + unifi_oui: Brocade Communications Systems LLC + c3850_01_svi: + ansible_host: 10.10.20.11 + unifi_display: C3850-01 SVI + unifi_mac: e0:d1:73:7e:f0:d6 + unifi_oui: Cisco Systems, Inc + c3850_02_svi: + ansible_host: 10.10.20.22 + unifi_display: C3850-02 SVI + unifi_mac: 50:1c:bf:73:2d:56 + unifi_oui: Cisco Systems, Inc + c3850_03: + ansible_host: 10.10.20.33 + unifi_display: C3850-03 + unifi_mac: 00:5f:86:1b:ff:d6 + unifi_oui: Cisco Systems, Inc + c3850_04: + ansible_host: 10.10.20.44 + unifi_display: C3850-04 + unifi_mac: 00:7e:95:a9:b3:d6 + unifi_oui: Cisco Systems, Inc + caddy: + ansible_host: 10.40.40.113 + unifi_display: caddy + unifi_mac: bc:24:11:7f:8a:82 + unifi_oui: Proxmox Server Solutions GmbH + cc4e24132562: + ansible_host: 192.168.1.250 + unifi_display: cc4e24132562 + unifi_mac: cc:4e:24:13:25:62 + unifi_oui: Brocade Communications Systems LLC + cc8e718d46c2: + ansible_host: 10.10.20.55 + unifi_display: cc8e718d46c2 + unifi_mac: cc:8e:71:8d:46:c2 + unifi_oui: Cisco Systems, Inc + chargepoint_flex: + ansible_host: 192.168.7.50 + unifi_display: 'Chargepoint Flex ' + unifi_mac: b0:fb:15:04:c5:f4 + unifi_oui: Laird Connectivity + cml_2_9_0: + ansible_host: 192.168.1.66 + netbox_display: CML 2.9.0 + netbox_id: 62 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + cml_apodacalab_com: + ansible_host: 192.168.1.254 + unifi_display: cml.apodacalab.com + unifi_mac: 52:54:00:08:1a:56 + unifi_oui: '' + cml_rtr_01: + ansible_host: 192.168.1.254 + unifi_display: CML-RTR-01 + unifi_mac: 52:54:00:14:97:b6 + unifi_oui: '' + denon_avr_x6500h: + ansible_host: 192.168.1.209 + unifi_display: Denon-AVR-X6500H + unifi_mac: 00:05:cd:8e:9e:1f + unifi_oui: D&M Holdings Inc. + desktop_3ff1991: + ansible_host: 192.168.1.121 + unifi_display: DESKTOP-3FF1991 + unifi_mac: f0:d5:bf:be:a2:67 + unifi_oui: Intel Corporate + desktop_4vqb0hp: + ansible_host: 192.168.1.122 + unifi_display: DESKTOP-4VQB0HP + unifi_mac: f4:8c:50:36:09:66 + unifi_oui: Intel Corporate + dl360_apodacalab_com: + ansible_host: 192.168.1.226 + unifi_display: dl360.apodacalab.com + unifi_mac: ac:16:2d:9e:76:83 + unifi_oui: Hewlett Packard + dl380_apodacalab_com: + ansible_host: 192.168.14.221 + unifi_display: dl380.apodacalab.com + unifi_mac: 1c:98:ec:12:6f:10 + unifi_oui: Hewlett Packard Enterprise + docker: + ansible_host: 10.40.40.140 + unifi_display: docker + unifi_mac: 02:16:bd:ce:e8:56 + unifi_oui: '' + elementsynapse: + ansible_host: 10.40.40.168 + unifi_display: elementsynapse + unifi_mac: bc:24:11:6a:20:ae + unifi_oui: Proxmox Server Solutions GmbH + emqx: + ansible_host: 10.40.40.209 + unifi_display: emqx + unifi_mac: bc:24:11:f6:c6:e2 + unifi_oui: Proxmox Server Solutions GmbH + envoy: + ansible_host: 192.168.1.67 + unifi_display: envoy + unifi_mac: 64:33:db:d8:61:e4 + unifi_oui: Texas Instruments + es20m_localdomain: + ansible_host: 192.168.1.25 + unifi_display: ES20M.localdomain + unifi_mac: 28:87:ba:87:82:3f + unifi_oui: TP-Link Corporation Limited + g432_0209: + ansible_host: 192.168.1.59 + unifi_display: G432-0209 + unifi_mac: 00:15:ad:61:2b:4d + unifi_oui: Accedian Networks + g5_bullet: + ansible_host: 192.168.1.26 + unifi_display: g5-bullet + unifi_mac: 70:a7:41:5f:dd:6b + unifi_oui: Ubiquiti Inc. + g5_dome: + ansible_host: 192.168.1.31 + unifi_display: g5-dome + unifi_mac: 70:a7:41:3f:23:f8 + unifi_oui: Ubiquiti Inc. + gemodule79c0: + ansible_host: 192.168.1.173 + unifi_display: GEModule79C0 + unifi_mac: d8:28:c9:59:79:c0 + unifi_oui: General Electric Consumer and Industrial + gitea: + ansible_host: 10.40.40.143 + unifi_display: gitea + unifi_mac: bc:24:11:39:97:df + unifi_oui: Proxmox Server Solutions GmbH + gns3_vm: + ansible_host: 192.168.1.113 + netbox_display: GNS3 VM + netbox_id: 85 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + graylog: + ansible_host: 10.40.40.216 + netbox_display: graylog + netbox_id: 33 + netbox_kind: vm + netbox_platform: debian + netbox_role: lxc-container + netbox_site: main + grtilt70: + ansible_host: 192.168.6.4 + unifi_display: GRTILT70 + unifi_mac: 4c:44:5b:07:ba:ac + unifi_oui: Intel Corporate + harmonyhub: + ansible_host: 192.168.1.189 + unifi_display: HarmonyHub + unifi_mac: c8:db:26:00:c4:03 + unifi_oui: Logitech + home: + ansible_host: 192.168.1.101 + unifi_display: Home + unifi_mac: 44:61:32:19:29:dc + unifi_oui: ecobee inc + hpiac9bac: + ansible_host: 192.168.1.183 + unifi_display: HPIAC9BAC + unifi_mac: 4c:cf:7c:ac:9b:ae + unifi_oui: '' + hs220: + ansible_host: 192.168.1.23 + unifi_display: HS220 + unifi_mac: e4:c3:2a:15:6c:15 + unifi_oui: Tp-Link Technologies Co.,Ltd. + idrac_apodacalab_com: + ansible_host: 192.168.1.120 + unifi_display: idrac.apodacalab.com + unifi_mac: 64:00:6a:c3:5a:62 + unifi_oui: Dell Inc. + idrac_f5123w2: + ansible_host: 192.168.1.218 + unifi_display: idrac-F5123W2 + unifi_mac: 6c:2b:59:83:fa:41 + unifi_oui: Dell Inc. + ilo: + ansible_host: 192.168.1.117 + unifi_display: ILO + unifi_mac: c4:34:6b:c6:13:02 + unifi_oui: Hewlett Packard + ilo___ona4__h: + ansible_host: 192.168.1.171 + unifi_display: ILO---oNA4--H + unifi_mac: 78:e7:d1:91:7c:70 + unifi_oui: Hewlett Packard + ilomxq62909rq: + ansible_host: 192.168.1.228 + unifi_display: ILOMXQ62909RQ + unifi_mac: 1c:98:ec:25:f0:36 + unifi_oui: Hewlett Packard Enterprise + inserthostname_here: + ansible_host: 192.168.1.174 + unifi_display: inserthostname-here + unifi_mac: 52:54:00:d0:d5:cf + unifi_oui: '' + iphone: + ansible_host: 192.168.6.5 + unifi_display: iPhone + unifi_mac: 5c:87:30:66:87:60 + unifi_oui: Apple, Inc. + iphone_localdomain: + ansible_host: 192.168.1.219 + unifi_display: iPhone.localdomain + unifi_mac: 1a:71:e2:8c:d0:81 + unifi_oui: '' + irobot_d4c931f4da324976beb33823c15dc871: + ansible_host: 192.168.1.175 + unifi_display: iRobot-D4C931F4DA324976BEB33823C15DC871 + unifi_mac: 50:14:79:e9:dc:55 + unifi_oui: iRobot Corporation + isr4331_01: + ansible_host: 10.10.20.1 + unifi_display: ISR4331-01 + unifi_mac: 70:d3:79:09:0a:a1 + unifi_oui: Cisco Systems, Inc + isr4331_02: + ansible_host: 10.10.20.2 + unifi_display: ISR4331-02 + unifi_mac: 00:2a:10:16:98:00 + unifi_oui: Cisco Systems, Inc + ista_vcclpsed3ka6ml014242: + ansible_host: 192.168.1.56 + unifi_display: ISTA-VCCLPSED3KA6ML014242 + unifi_mac: 20:ad:56:50:dd:fb + unifi_oui: Continental Automotive Systems Inc. + kendra_s_iphone: + ansible_host: 192.168.1.36 + unifi_display: Kendra's iPhone + unifi_mac: 2a:bf:d7:97:09:d5 + unifi_oui: '' + kendras_ipad: + ansible_host: 192.168.1.237 + unifi_display: Kendras-iPad + unifi_mac: 7c:2a:ca:a7:99:cb + unifi_oui: Apple, Inc. + kendras_iphone: + ansible_host: 192.168.1.243 + unifi_display: Kendras-iPhone + unifi_mac: b0:8c:75:66:71:b7 + unifi_oui: Apple, Inc. + kendraslaptop: + ansible_host: 192.168.1.123 + unifi_display: KendrasLaptop + unifi_mac: 7c:fa:80:f3:0d:20 + unifi_oui: '' + labtainervm_24a: + ansible_host: 10.40.40.23 + netbox_display: LabtainerVM 24a + netbox_id: 87 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + labtainervm_vmware: + ansible_host: 192.168.1.40 + netbox_display: LabtainerVM-VMWare + netbox_id: 56 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + lauras_ipad: + ansible_host: 192.168.1.233 + unifi_display: Lauras-iPad + unifi_mac: 7c:2a:ca:a2:4b:8f + unifi_oui: Apple, Inc. + lg_smart_washtower2_open: + ansible_host: 192.168.1.152 + unifi_display: LG_Smart_WashTower2_open + unifi_mac: c8:dd:6a:0f:90:7e + unifi_oui: '' + librenms: + ansible_host: 10.40.40.110 + unifi_display: librenms + unifi_mac: e4:1d:2d:e0:fb:30 + unifi_oui: Mellanox Technologies, Inc. + lldap: + ansible_host: 10.40.40.147 + unifi_display: lldap + unifi_mac: bc:24:11:2e:06:60 + unifi_oui: Proxmox Server Solutions GmbH + masterbedroom: + ansible_host: 10.10.20.168 + unifi_display: MasterBedroom + unifi_mac: 80:f3:ef:12:9b:4f + unifi_oui: Meta Platforms Technologies, LLC + metube: + ansible_host: 10.40.40.248 + unifi_display: metube + unifi_mac: bc:24:11:b2:8c:fc + unifi_oui: Proxmox Server Solutions GmbH + msrp_pc: + ansible_host: 10.10.20.112 + unifi_display: MSRP-PC + unifi_mac: 90:e2:ba:29:de:14 + unifi_oui: Intel Corporate + myip: + ansible_host: 10.40.40.158 + netbox_display: myip + netbox_id: 38 + netbox_kind: vm + netbox_platform: debian + netbox_role: lxc-container + netbox_site: main + myq_0b4: + ansible_host: 192.168.1.182 + unifi_display: MyQ-0B4 + unifi_mac: ca:6a:10:24:cf:52 + unifi_oui: '' + netbox: + ansible_host: 10.40.40.250 + unifi_display: Netbox + unifi_mac: bc:24:11:b7:52:b9 + unifi_oui: Proxmox Server Solutions GmbH + netvisor: + ansible_host: 10.40.40.245 + unifi_display: netvisor + unifi_mac: bc:24:11:b2:45:1c + unifi_oui: Proxmox Server Solutions GmbH + nginxproxymanager: + ansible_host: 10.40.40.123 + unifi_display: nginxproxymanager + unifi_mac: bc:24:11:8c:e5:ec + unifi_oui: Proxmox Server Solutions GmbH + nid12_dc_mtso_pri: + ansible_host: 10.13.60.102 + netbox_display: NID12-DC-MTSO-Pri + netbox_id: 1 + netbox_kind: device + netbox_platform: amt-7-9-1-23673 + netbox_role: nid + netbox_site: lab + observium_apodacalab_com: + ansible_host: 10.40.40.114 + unifi_display: Observium.apodacalab.com + unifi_mac: bc:24:11:66:08:1a + unifi_oui: Proxmox Server Solutions GmbH + ollama: + ansible_host: 10.40.40.239 + unifi_display: ollama + unifi_mac: bc:24:11:9e:06:f9 + unifi_oui: Proxmox Server Solutions GmbH + opengear: + ansible_host: 10.10.20.182 + unifi_display: OpenGear + unifi_mac: 00:13:c6:02:69:61 + unifi_oui: OpenGear, Inc + opnsense_apodacalab_com: + ansible_host: 10.40.40.230 + unifi_display: opnsense.apodacalab.com + unifi_mac: bc:24:11:63:60:6c + unifi_oui: Proxmox Server Solutions GmbH + opnsense_master: + ansible_host: 192.168.1.64 + unifi_display: Opnsense-Master + unifi_mac: 0c:6d:fa:26:00:00 + unifi_oui: '' + pdmbeta: + ansible_host: 10.40.40.232 + netbox_display: pdmbeta + netbox_id: 27 + netbox_kind: vm + netbox_platform: debian + netbox_role: lxc-container + netbox_site: main + pdu1_apodacalab_com: + ansible_host: 192.168.1.235 + unifi_display: pdu1.apodacalab.com + unifi_mac: 00:c0:b7:d0:1e:6b + unifi_oui: American Power Conversion Corp + pingvin: + ansible_host: 10.40.40.180 + netbox_display: pingvin + netbox_id: 24 + netbox_kind: vm + netbox_platform: debian + netbox_role: lxc-container + netbox_site: main + precision5530: + ansible_host: 10.10.20.139 + unifi_display: precision5530 + unifi_mac: 28:3a:4d:2a:8a:b9 + unifi_oui: Cloud Network Technology (Samoa) Limited + prox940_ve_mgmt: + ansible_host: 192.168.1.190 + unifi_display: Prox940 VE mgmt + unifi_mac: b0:26:28:50:77:37 + unifi_oui: Broadcom Limited + proxmox2: + ansible_host: 10.40.40.107 + unifi_display: Proxmox2 + unifi_mac: 00:50:56:b3:77:54 + unifi_oui: VMware, Inc. + proxmox_datacenter_manager: + ansible_host: 10.40.40.199 + unifi_display: proxmox-datacenter-manager + unifi_mac: bc:24:11:89:09:39 + unifi_oui: Proxmox Server Solutions GmbH + proxmox_host_gen_9: + ansible_host: 192.168.1.107 + unifi_display: Proxmox Host Gen 9 + unifi_mac: 94:18:82:82:b2:6c + unifi_oui: Hewlett Packard Enterprise + proxmoxtest_apodacalab_com: + ansible_host: 10.40.40.106 + unifi_display: proxmoxtest.apodacalab.com + unifi_mac: 00:50:56:b3:eb:e9 + unifi_oui: VMware, Inc. + r930server_apodacalab_com: + ansible_host: 192.168.1.27 + unifi_display: r930server.apodacalab.com + unifi_mac: a0:36:9f:7e:d9:cc + unifi_oui: Intel Corporate + rest2ndgen_20e9c6: + ansible_host: 192.168.1.105 + unifi_display: Rest2ndGen-20E9C6 + unifi_mac: b0:a7:32:20:e9:c4 + unifi_oui: Espressif Inc. + roomba_3198091841904740: + ansible_host: 192.168.1.42 + unifi_display: Roomba-3198091841904740 + unifi_mac: c0:e4:34:4c:23:fe + unifi_oui: AzureWave Technology Inc. + runtipi: + ansible_host: 10.40.40.211 + unifi_display: runtipi + unifi_mac: bc:24:11:df:6c:92 + unifi_oui: Proxmox Server Solutions GmbH + sam_ipad_pro: + ansible_host: 10.10.20.47 + unifi_display: Sam-iPad-Pro + unifi_mac: 88:ae:07:54:93:24 + unifi_oui: Apple, Inc. + samsung: + ansible_host: 10.10.20.7 + unifi_display: Samsung + unifi_mac: 1c:af:4a:03:ff:f2 + unifi_oui: Samsung Electronics Co.,Ltd + sdwan_apodacalab_com: + ansible_host: 192.168.1.158 + unifi_display: sdwan.apodacalab.com + unifi_mac: 52:54:00:59:4f:e4 + unifi_oui: '' + securityonion: + ansible_host: 10.40.40.135 + netbox_display: SecurityOnion + netbox_id: 89 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + semaphore: + ansible_host: 10.40.40.119 + netbox_display: semaphore + netbox_id: 35 + netbox_kind: vm + netbox_platform: debian + netbox_role: lxc-container + netbox_site: main + server_2012___storage_host: + ansible_host: 192.168.1.197 + netbox_display: Server 2012 - Storage Host + netbox_id: 79 + netbox_kind: vm + netbox_platform: windows + netbox_role: virtual-machine + netbox_site: main + server_2019___dc: + ansible_host: 192.168.1.156 + netbox_display: Server 2019 - DC + netbox_id: 81 + netbox_kind: vm + netbox_platform: windows + netbox_role: virtual-machine + netbox_site: main + smokeping: + ansible_host: 192.168.1.88 + unifi_display: smokeping + unifi_mac: bc:24:11:1a:86:cd + unifi_oui: Proxmox Server Solutions GmbH + sony_ubp_x700_blu_ray: + ansible_host: 192.168.1.185 + unifi_display: Sony UBP-X700 Blu-Ray + unifi_mac: 64:ff:0a:87:02:62 + unifi_oui: Wistron Neweb Corporation + sp_ie_containerlab: + ansible_host: 10.40.40.156 + netbox_display: SP IE Containerlab + netbox_id: 54 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + speedtest: + ansible_host: 10.40.40.217 + unifi_display: speedtest + unifi_mac: bc:24:11:73:31:41 + unifi_oui: Proxmox Server Solutions GmbH + speedtest_tracker: + ansible_host: 192.168.1.159 + netbox_display: speedtest-tracker + netbox_id: 3 + netbox_kind: vm + netbox_platform: debian + netbox_role: lxc-container + netbox_site: main + tacgui_new_attempt: + ansible_host: 192.168.1.73 + netbox_display: TacGUI New Attempt + netbox_id: 77 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + technitiumdns: + ansible_host: 10.40.40.141 + unifi_display: technitiumdns + unifi_mac: bc:24:11:0d:c3:76 + unifi_oui: Proxmox Server Solutions GmbH + traefik: + ansible_host: 10.40.40.204 + unifi_display: traefik + unifi_mac: bc:24:11:59:50:3a + unifi_oui: Proxmox Server Solutions GmbH + truenas_scale: + ansible_host: 192.168.1.126 + netbox_display: TrueNAS Scale + netbox_id: 83 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + ubuntu_gns3: + ansible_host: 10.40.40.151 + unifi_display: ubuntu-gns3 + unifi_mac: 02:36:42:3c:38:c3 + unifi_oui: '' + ubuntu_server_01: + ansible_host: 10.40.40.2 + netbox_display: ubuntu-server-01 + netbox_id: 64 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + ubuntu_server_02: + ansible_host: 10.40.40.3 + netbox_display: ubuntu-server-02 + netbox_id: 58 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + ubuntu_vm: + ansible_host: 10.40.40.157 + unifi_display: ubuntu-vm + unifi_mac: 02:07:8c:db:69:de + unifi_oui: '' + unbound: + ansible_host: 10.40.40.178 + netbox_display: unbound + netbox_id: 50 + netbox_kind: vm + netbox_platform: debian + netbox_role: lxc-container + netbox_site: main + uptimekuma: + ansible_host: 10.40.40.102 + unifi_display: uptimekuma + unifi_mac: bc:24:11:80:08:27 + unifi_oui: Proxmox Server Solutions GmbH + vaultwarden: + ansible_host: 10.40.40.166 + netbox_display: vaultwarden + netbox_id: 31 + netbox_kind: vm + netbox_platform: debian + netbox_role: lxc-container + netbox_site: main + vcenter_7_0_3: + ansible_host: 192.168.1.150 + netbox_display: vCenter 7.0.3 + netbox_id: 73 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + vrouter_host: + ansible_host: 10.40.40.202 + netbox_display: vRouter Host + netbox_id: 68 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + vrouterhost: + ansible_host: 192.168.1.109 + unifi_display: vRouterHost + unifi_mac: 3e:9a:95:87:3b:e1 + unifi_oui: '' + vtech: + ansible_host: 192.168.1.232 + unifi_display: vTech + unifi_mac: 14:ae:db:fe:9f:8e + unifi_oui: VTech Telecommunications Ltd. + vyos: + ansible_host: 192.168.1.146 + unifi_display: vyos + unifi_mac: 00:50:56:b3:c1:58 + unifi_oui: VMware, Inc. + watch: + ansible_host: 192.168.1.164 + unifi_display: Watch + unifi_mac: 42:dd:5d:76:28:a3 + unifi_oui: '' + watch_localdomain: + ansible_host: 192.168.1.9 + unifi_display: Watch.localdomain + unifi_mac: 82:01:de:0d:84:2f + unifi_oui: '' + wazuh___graylog_server: + ansible_host: 192.168.1.30 + netbox_display: Wazuh | Graylog Server + netbox_id: 66 + netbox_kind: vm + netbox_platform: linux + netbox_role: virtual-machine + netbox_site: main + web_check: + ansible_host: 10.40.40.219 + unifi_display: web-check + unifi_mac: bc:24:11:f1:a9:07 + unifi_oui: Proxmox Server Solutions GmbH + webterm_2: + ansible_host: 192.168.1.37 + unifi_display: webterm-2 + unifi_mac: 02:42:e9:bd:65:00 + unifi_oui: '' + wemo: + ansible_host: 192.168.1.127 + unifi_display: wemo + unifi_mac: 08:86:3b:71:7f:09 + unifi_oui: Belkin International Inc. + wikijs: + ansible_host: 10.40.40.190 + netbox_display: wikijs + netbox_id: 48 + netbox_kind: vm + netbox_platform: debian + netbox_role: lxc-container + netbox_site: main + windows_10_domain_test: + ansible_host: 192.168.1.24 + netbox_display: Windows 10 Domain Test + netbox_id: 71 + netbox_kind: vm + netbox_platform: windows + netbox_role: virtual-machine + netbox_site: main + windows_10_isolation_vlan_50: + ansible_host: 172.16.50.23 + netbox_display: Windows 10 isolation VLAN 50 + netbox_id: 75 + netbox_kind: vm + netbox_platform: windows + netbox_role: virtual-machine + netbox_site: main + wlan0: + ansible_host: 192.168.1.202 + unifi_display: wlan0 + unifi_mac: 50:8b:b9:5d:0e:85 + unifi_oui: Tuya Smart Inc. + xboxone: + ansible_host: 192.168.1.19 + unifi_display: XBOXONE + unifi_mac: 84:57:33:b9:ef:cd + unifi_oui: Microsoft Corporation + zabbix: + ansible_host: 10.40.40.243 + unifi_display: zabbix + unifi_mac: bc:24:11:62:b8:51 + unifi_oui: Proxmox Server Solutions GmbH + vars: + ansible_user: ubuntu diff --git a/playbooks/find_docker_enroll_portainer.yml b/playbooks/find_docker_enroll_portainer.yml new file mode 100644 index 0000000..6cca254 --- /dev/null +++ b/playbooks/find_docker_enroll_portainer.yml @@ -0,0 +1,288 @@ +--- +# find_docker_enroll_portainer.yml +# +# Discovers which hosts in the inventory are running the Docker engine, +# deploys the Portainer Agent container on each Docker host, registers the +# host as a new environment in Portainer, and writes a local report. +# +# Required variables (set in group_vars/all.yml or Semaphore extra-vars): +# portainer_url - e.g. http://10.40.40.2:9000 +# portainer_api_token - Portainer API token (Settings → Users → API key) +# portainer_agent_port - defaults to 9001 +# +# Usage: +# ansible-playbook -i semaphore/inventory/hosts.yml \ +# playbooks/find_docker_enroll_portainer.yml +# +# From Semaphore: point at this playbook, select the hosts.yml inventory, +# and add portainer_api_token as an extra-var or in group_vars/all.yml. + +- name: Discover Docker hosts and collect facts + hosts: all + gather_facts: false + ignore_unreachable: true + tasks: + + - name: Test SSH connectivity + ansible.builtin.wait_for_connection: + timeout: 10 + register: ssh_check + ignore_errors: true + + - name: Gather minimal facts for reachable hosts + ansible.builtin.setup: + gather_subset: + - "!all" + - network + - distribution + when: ssh_check is succeeded + ignore_errors: true + + - name: Check if Docker binary is present + ansible.builtin.command: which docker + register: docker_which + changed_when: false + failed_when: false + when: ssh_check is succeeded + + - name: Check if Docker daemon is responding + ansible.builtin.command: docker info --format '{% raw %}{{json .ServerVersion}}{% endraw %}' + register: docker_info + changed_when: false + failed_when: false + become: true + when: + - ssh_check is succeeded + - docker_which.rc is defined + - docker_which.rc == 0 + + - name: Record Docker status as host fact + ansible.builtin.set_fact: + docker_running: >- + {{ + docker_which.rc is defined and docker_which.rc == 0 and + docker_info.rc is defined and docker_info.rc == 0 + }} + docker_version: >- + {{ + (docker_info.stdout | default('""') | from_json) + if (docker_info.rc is defined and docker_info.rc == 0) + else 'not running' + }} + when: ssh_check is succeeded + + - name: Mark unreachable hosts + ansible.builtin.set_fact: + docker_running: false + ssh_reachable: false + when: ssh_check is failed or ssh_check is skipped + + +# --------------------------------------------------------------------------- +# Play 2: Deploy Portainer Agent on Docker hosts +# --------------------------------------------------------------------------- + +- name: Deploy Portainer Agent on Docker hosts + hosts: all + gather_facts: false + ignore_unreachable: true + become: true + vars: + portainer_agent_port: "{{ portainer_agent_port | default(9001) }}" + tasks: + + - name: Skip hosts without Docker + ansible.builtin.meta: end_host + when: not (docker_running | default(false)) + + - name: Check if portainer_agent container already exists + ansible.builtin.command: > + docker ps -a --filter name=portainer_agent --format "{% raw %}{{.Status}}{% endraw %}" + register: agent_status + changed_when: false + failed_when: false + + - name: Pull Portainer Agent image + community.docker.docker_image: + name: portainer/agent + tag: latest + source: pull + when: "'Up' not in (agent_status.stdout | default(''))" + + - name: Deploy Portainer Agent container + community.docker.docker_container: + name: portainer_agent + image: portainer/agent:latest + state: started + restart_policy: always + ports: + - "{{ portainer_agent_port }}:9001" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/lib/docker/volumes:/var/lib/docker/volumes + env: + AGENT_PORT: "9001" + when: "'Up' not in (agent_status.stdout | default(''))" + register: agent_deployed + + - name: Wait for Portainer Agent to be ready + ansible.builtin.wait_for: + port: "{{ portainer_agent_port }}" + host: "{{ ansible_host }}" + delay: 3 + timeout: 30 + delegate_to: localhost + when: agent_deployed is changed + + +# --------------------------------------------------------------------------- +# Play 3: Register Docker hosts in Portainer +# --------------------------------------------------------------------------- + +- name: Register Docker hosts in Portainer + hosts: all + gather_facts: false + ignore_unreachable: true + vars: + portainer_agent_port: "{{ portainer_agent_port | default(9001) }}" + tasks: + + - name: Skip hosts without Docker + ansible.builtin.meta: end_host + when: not (docker_running | default(false)) + + - name: Check if endpoint already exists in Portainer + ansible.builtin.uri: + url: "{{ portainer_url }}/api/endpoints" + method: GET + headers: + X-API-Key: "{{ portainer_api_token }}" + return_content: true + status_code: 200 + register: existing_endpoints + delegate_to: localhost + run_once: false + + - name: Determine if this host is already enrolled + ansible.builtin.set_fact: + already_enrolled: >- + {{ + existing_endpoints.json + | selectattr('Name', 'equalto', inventory_hostname) + | list | length > 0 + }} + + - name: Register host as Portainer Agent endpoint + ansible.builtin.uri: + url: "{{ portainer_url }}/api/endpoints" + method: POST + headers: + X-API-Key: "{{ portainer_api_token }}" + body_format: form-multipart + body: + Name: "{{ inventory_hostname }}" + EndpointCreationType: "2" + URL: "tcp://{{ ansible_host }}:{{ portainer_agent_port }}" + status_code: [200, 201] + return_content: true + register: portainer_enroll + delegate_to: localhost + when: not already_enrolled + + - name: Store enrollment result + ansible.builtin.set_fact: + portainer_endpoint_id: >- + {{ + (portainer_enroll.json.Id | string) + if (portainer_enroll is not skipped and portainer_enroll.json is defined) + else ( + existing_endpoints.json + | selectattr('Name', 'equalto', inventory_hostname) + | map(attribute='Id') | list | first | string + ) + }} + portainer_enrolled_now: "{{ portainer_enroll is changed }}" + + +# --------------------------------------------------------------------------- +# Play 4: Generate local report +# --------------------------------------------------------------------------- + +- name: Generate Docker host discovery report + hosts: localhost + gather_facts: false + vars: + report_path: "{{ playbook_dir }}/../semaphore/reports/docker_hosts_{{ ansible_date_time.date }}.txt" + tasks: + + - name: Ensure reports directory exists + ansible.builtin.file: + path: "{{ playbook_dir }}/../semaphore/reports" + state: directory + mode: "0755" + + - name: Collect results from all hosts + ansible.builtin.set_fact: + docker_hosts_found: >- + {{ + hostvars | dict2items + | selectattr('value.docker_running', 'defined') + | selectattr('value.docker_running', 'equalto', true) + | map(attribute='key') | list | sort + }} + unreachable_hosts: >- + {{ + hostvars | dict2items + | selectattr('value.ssh_reachable', 'defined') + | selectattr('value.ssh_reachable', 'equalto', false) + | map(attribute='key') | list | sort + }} + no_docker_hosts: >- + {{ + hostvars | dict2items + | selectattr('value.docker_running', 'defined') + | selectattr('value.docker_running', 'equalto', false) + | rejectattr('value.ssh_reachable', 'equalto', false) + | map(attribute='key') | list | sort + }} + + - name: Write report to file + ansible.builtin.copy: + dest: "{{ report_path }}" + mode: "0644" + content: | + Docker Host Discovery Report + ============================ + Generated: {{ ansible_date_time.iso8601 }} + Portainer: {{ portainer_url }} + + DOCKER HOSTS FOUND ({{ docker_hosts_found | length }}) + {% for h in docker_hosts_found %} + - {{ h }} + IP: {{ hostvars[h].ansible_host | default('unknown') }} + Docker version: {{ hostvars[h].docker_version | default('unknown') }} + Portainer ID: {{ hostvars[h].portainer_endpoint_id | default('not enrolled') }} + Enrolled now: {{ hostvars[h].portainer_enrolled_now | default(false) }} + {% endfor %} + + NO DOCKER ({{ no_docker_hosts | length }}) + {% for h in no_docker_hosts %} + - {{ h }} ({{ hostvars[h].ansible_host | default('?') }}) + {% endfor %} + + UNREACHABLE ({{ unreachable_hosts | length }}) + {% for h in unreachable_hosts %} + - {{ h }} ({{ hostvars[h].ansible_host | default('?') }}) + {% endfor %} + + - name: Print report path + ansible.builtin.debug: + msg: "Report written to {{ report_path }}" + + - name: Print Docker hosts summary + ansible.builtin.debug: + msg: | + Docker hosts found ({{ docker_hosts_found | length }}): + {% for h in docker_hosts_found %} + - {{ h }} ({{ hostvars[h].ansible_host | default('?') }}) Docker {{ hostvars[h].docker_version | default('?') }} + {% endfor %} diff --git a/playbooks/group_vars/all.yml b/playbooks/group_vars/all.yml new file mode 100644 index 0000000..08c59b8 --- /dev/null +++ b/playbooks/group_vars/all.yml @@ -0,0 +1,32 @@ +--- +# playbooks/group_vars/all.yml +# +# Defaults for all Ansible playbooks in this repo. +# Override sensitive values (portainer_api_token) via Semaphore's +# "Extra Variables" or a Vault-encrypted file, not here in plaintext. + +# --------------------------------------------------------------------------- +# Portainer +# --------------------------------------------------------------------------- +portainer_url: "http://10.40.40.2:9000" + +# API token: generate in Portainer → User settings → Access tokens +# Set this in Semaphore "Extra Variables" as: portainer_api_token= +# Or export as an env var and reference with: "{{ lookup('env', 'PORTAINER_API_TOKEN') }}" +portainer_api_token: "{{ lookup('env', 'PORTAINER_API_TOKEN') }}" + +# Port the Portainer Agent listens on (default 9001) +portainer_agent_port: 9001 + +# --------------------------------------------------------------------------- +# SSH defaults (override per group in host_vars/.yml or Semaphore) +# --------------------------------------------------------------------------- +ansible_user: ubuntu +ansible_become: true +ansible_become_method: sudo + +# SSH connection settings +ansible_ssh_common_args: >- + -o StrictHostKeyChecking=no + -o UserKnownHostsFile=/dev/null + -o ConnectTimeout=10 diff --git a/reports/.gitkeep b/reports/.gitkeep new file mode 100644 index 0000000..e69de29