Working?

docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   ansible:
-    image: ansible
+    image: ghcr.io/dsiemienas03/ccdc-ansible:latest
     user: 1001:1001
     volumes:
       - data:/home/ansible/data

src/data/vars/important_ips.yml

@@ -16,5 +16,5 @@ wazuh_protocol: TCP
 
 # Remote IPS
 # remote_ip: 172.16.1.
-remote_net: 
+remote_net:
   - 172.16.1.0/24

src/data/vars/service_map.yml

@@ -64,3 +64,4 @@ wrccdc_fw:
 fw_block:
   - esx
   - dc
+  - db

src/playbooks/palo-gather.yml

@@ -0,0 +1,35 @@
+---
+- name: Palo initial config
+  hosts: palo
+  connection: local
+  gather_facts: true
+  # ignore_errors: true
+  roles:
+    - dsu.ccdc.palo
+  vars:
+    provider:
+      ip_address: "{{ inventory_hostname }}"
+      api_key: "{{ api_key }}"
+
+  tasks:
+    - name: Include role
+      ansible.builtin.include_role:
+        name: dsu.ccdc.palo
+        vars_from: main.yml
+    # - name: Show Facts
+    #   ansible.builtin.debug:
+    #     var: "{{update_os}}, {{logging}}"
+
+    - name: Load vars
+      ansible.builtin.include_vars:
+        dir: /home/ansible/data/vars/
+
+    - name: Gather info
+      paloaltonetworks.panos.panos_facts:
+        provider: "{{ provider }}"
+        gather_subset: vsys
+      register: info
+
+    - name: Print info
+      ansible.builtin.debug:
+        var: info

src/playbooks/palo-init.yml

@@ -5,18 +5,19 @@
   # ignore_errors: true
   roles:
     - dsu.ccdc.palo
+  gather_facts: true
   vars:
     provider:
       ip_address: "{{ inventory_hostname }}"
       api_key: "{{ api_key }}"
 
     # palo_config_initial_interface: true
     # palo_config_initial_zones: true
-    # palo_config_initial_rules: true
+    palo_config_initial_rules: true
     # palo_config_logging: true
     # palo_config_initial_groups: true
     # palo_update_other: false
-    # palo_update_os: false
+    # palo_update_os: true
 
   tasks:
     - name: Include role
@@ -70,11 +71,20 @@
         dns_server_primary: "{{ local_dns }}"
         dns_server_secondary: "{{ white_dns }}"
         ntp_server_primary: "{{ white_ntp }}"
+        ntp_server_secondary: "time.cloudflare.com"
+      when: palo_config_initial_interface
 
     # Updates
+    - name: Update content
+      ansible.builtin.import_role:
+        name: dsu.ccdc.palo
+        tasks_from: content_update
+      when: palo_update_os
+
     - name: Palo OS Update
       ansible.builtin.import_role:
         name: dsu.ccdc.palo
+        # tasks_from: os_update
         tasks_from: os_update
         vars_from: main
       when: palo_update_os

src/playbooks/palo-os-update.yml

@@ -0,0 +1,69 @@
+---
+- name: Palo initial config
+  hosts: palo
+  connection: local
+  # ignore_errors: true
+  roles:
+    - dsu.ccdc.palo
+  vars:
+    provider:
+      ip_address: "{{ inventory_hostname }}"
+      api_key: "{{ api_key }}"
+
+  tasks:
+    - name: PAN-OS_update
+      ansible.builtin.debug:
+        msg: "{{ palo_panos_version }}"
+
+    - name: Download PAN-OS update
+      paloaltonetworks.panos.panos_software:
+        provider: "{{ provider }}"
+        version: "{{ palo_panos_version }}"
+        install: true
+        restart: true
+      register: install_result
+
+    - name: Notify Reboot Handler
+      ansible.builtin.command: echo "Wait for Device Reboot"
+      notify: reboot
+      changed_when: false
+
+    - name: Pause for Restart Checks
+      ansible.builtin.pause:
+        seconds: 10
+
+    - name: Wait for Online Handler
+      ansible.builtin.meta: flush_handlers
+
+    - name: Set os_update as done
+      ansible.builtin.set_fact:
+        palo_update_os: false
+        cacheable: true
+      when: palo_update_os
+
+  handlers:
+    - name: Wait for System Information
+      paloaltonetworks.panos.panos_op:
+        provider: "{{ provider }}"
+        device_group: "{{ device_group if device_group is defined else omit }}"
+        cmd: show system info
+      register: system_info
+      until: system_info is not failed
+      retries: 100
+      delay: 10
+      listen: reboot
+
+    - name: Update System Info
+      ansible.builtin.set_fact:
+        system_info_json: "{{ system_info.stdout | from_json }}"
+      listen: reboot
+
+    - name: Update Software Version
+      ansible.builtin.set_fact:
+        sw_version: "{{ system_info_json.response.result.system['sw-version'] }}"
+      listen: reboot
+
+    - name: Display Current Software version
+      ansible.builtin.debug:
+        msg: "Current software version is: {{ sw_version }}"
+      listen: reboot

src/playbooks/palo-update.yml

@@ -0,0 +1,36 @@
+---
+- name: Palo initial config
+  hosts: palo
+  connection: local
+  # ignore_errors: true
+  roles:
+    - dsu.ccdc.palo
+  vars:
+    provider:
+      ip_address: "{{ inventory_hostname }}"
+      api_key: "{{ api_key }}"
+
+  tasks:
+    - name: Include role
+      ansible.builtin.include_role:
+        name: dsu.ccdc.palo
+        vars_from: main
+
+    - name: Load vars
+      ansible.builtin.include_vars:
+        dir: /home/ansible/data/vars/
+
+    - name: Palo update content
+      ansible.builtin.import_role:
+        name: dsu.ccdc.palo
+        tasks_from: content_update
+
+    - name: Palo update wildfire
+      ansible.builtin.import_role:
+        name: dsu.ccdc.palo
+        tasks_from: wildfire_update
+
+    - name: Palo update AV
+      ansible.builtin.import_role:
+        name: dsu.ccdc.palo
+        tasks_from: av_update

src/scripts/init.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -q -N ""
+cat ~/.ssh/id_rsa.pub