evomaintenance: a vendored version is available to install

evomaintenance/README.md

@@ -2,9 +2,6 @@
 
 Install a script to notify when operations are performed on a server
 
-The Debian package is available at `pub.evolix.net`.
-Make you have `deb http://pub.evolix.net/ jessie/` in your sources list.
-
 ## Tasks
 
 Installation and configuration are performed via `tasks/main.yml`.

evomaintenance/defaults/main.yml

@@ -2,20 +2,32 @@
 general_alert_email: "root@localhost"
 evomaintenance_alert_email: Null
 
-evomaintenance_hostname: "{{ ansible_fqdn }}"
+### copied from evolinux-base ###
+evolinux_hostname: "{{ ansible_hostname }}"
+evolinux_domain:   "{{ ansible_domain }}"
+evolinux_fqdn:     "{{ evolinux_hostname }}.{{ evolinux_domain }}"
+
+evolinux_internal_hostname: "{{ evolinux_hostname }}"
+evolinux_internal_domain:   "{{ evolinux_domain }}"
+evolinux_internal_fqdn:     "{{ evolinux_internal_hostname }}.{{ evolinux_internal_domain }}"
+#################################
+
+evomaintenance_install_vendor: False
+
+evomaintenance_hostname: "{{ evolinux_internal_fqdn }}"
 
 evomaintenance_pg_host: Null
 evomaintenance_pg_passwd: Null
 evomaintenance_pg_db: Null
 evomaintenance_pg_table: Null
 
-evomaintenance_from: "evomaintenance@{{ ansible_fqdn }}"
+evomaintenance_from: "evomaintenance@{{ evolinux_internal_fqdn }}"
 evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
 
 evomaintenance_urgency_from: mama.doe@example.com
 evomaintenance_urgency_tel: "06.00.00.00.00"
 
-evomaintenance_realm: "{{ ansible_domain }}"
+evomaintenance_realm: "{{ evolinux_internal_domain }}"
 
 evomaintenance_default_hosts: []
 evomaintenance_additional_hosts: []

evomaintenance/files/evomaintenance.sh

@@ -0,0 +1,143 @@
+#!/bin/sh
+
+# EvoMaintenance script
+# Dependencies (all OS): git postgresql-client
+# Dependencies (Debian): sudo
+
+# version 0.3
+# Copyright 2007-2018 Gregory Colpart <reg@evolix.fr>, Jérémy Lecour <jlecour@evolix.fr>, Evolix <info@evolix.fr>
+
+test -f /etc/evomaintenance.cf && . /etc/evomaintenance.cf
+
+[ -n "${HOSTNAME}" ]     || HOSTNAME=$(hostname --fqdn)
+[ -n "${EVOMAINTMAIL}" ] || EVOMAINTMAIL=evomaintenance-$(echo "${HOSTNAME}" | cut -d- -f1)@${REALM}
+[ -n "${LOGFILE}" ]      || LOGFILE=/var/log/evomaintenance.log
+
+# Treat unset variables as an error when substituting.
+# Only after this line, because some config variables might be missing.
+set -u
+
+REAL_HOSTNAME=$(hostname --fqdn)
+if [ "${HOSTNAME}" = "${REAL_HOSTNAME}" ]; then
+    HOSTNAME_TEXT="${HOSTNAME}"
+else
+    HOSTNAME_TEXT="${HOSTNAME} (${REAL_HOSTNAME})"
+fi
+
+PATH=${PATH}:/usr/sbin
+
+SENDMAIL_BIN=$(command -v sendmail)
+GIT_BIN=$(command -v git)
+
+GIT_REPOSITORIES="/etc /etc/bind"
+
+WHO=$(LC_ALL=C who -m)
+USER=$(echo ${WHO} | cut -d" " -f1)
+IP=$(echo ${WHO} | cut -d" " -f6  | sed -e "s/^(// ; s/)$//")
+BEGIN_DATE="$(date "+%Y") $(echo ${WHO} | cut -d" " -f3,4,5)"
+END_DATE=$(date +"%Y %b %d %H:%M")
+# we can't use "date --iso8601" because this options is not available everywhere
+NOW_ISO=$(date +"%Y-%m-%dT%H:%M:%S%z")
+
+# git statuses
+GIT_STATUSES=""
+
+if test -x "${GIT_BIN}"; then
+    # loop on possible directories managed by GIT
+    for dir in ${GIT_REPOSITORIES}; do
+        # tell Git where to find the repository and the work tree (no need to `cd …` there)
+        export GIT_DIR="${dir}/.git" GIT_WORK_TREE="${dir}"
+        # If the repository and the work tree exist, try to commit changes
+        if test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then
+            CHANGED_LINES=$(${GIT_BIN} status --porcelain | wc -l)
+            if [ "${CHANGED_LINES}" != "0" ]; then
+              STATUS=$(${GIT_BIN} status --short | tail -n 10)
+              # append diff data, without empty lines
+              GIT_STATUSES=$(echo "${GIT_STATUSES}\n${GIT_DIR} (last 10 lines)\n${STATUS}\n" | sed -e '/^$/d')
+            fi
+        fi
+        # unset environment variables to prevent accidental influence on other git commands
+        unset GIT_DIR GIT_WORK_TREE
+    done
+    if [ -n "${GIT_STATUSES}" ]; then
+      echo "/!\ There are some uncommited changes. If you proceed, everything will be commited."
+      echo "${GIT_STATUSES}"
+      echo ""
+    fi
+fi
+
+# get input from stdin
+echo "> Please, enter details about your maintenance"
+read TEXTE
+
+if [ "${TEXTE}" = "" ]; then
+    echo "no value..."
+    exit 1
+fi
+
+# recapitulatif
+BLOB=$(cat <<END
+Host      : $HOSTNAME_TEXT
+User      : $USER
+IP        : $IP
+Begin     : $BEGIN_DATE
+End       : $END_DATE
+Message   : $TEXTE
+END
+)
+
+echo ""
+echo "${BLOB}"
+echo ""
+echo "> Press <Enter> to submit, or <Ctrl+c> to cancel."
+read enter
+
+# write log
+echo "----------- ${NOW_ISO} ---------------" >> "${LOGFILE}"
+echo "${BLOB}" >> "${LOGFILE}"
+
+# git commit
+GIT_COMMITS=""
+
+if test -x "${GIT_BIN}"; then
+    # loop on possible directories managed by GIT
+    for dir in ${GIT_REPOSITORIES}; do
+        # tell Git where to find the repository and the work tree (no need to `cd …` there)
+        export GIT_DIR="${dir}/.git" GIT_WORK_TREE="${dir}"
+        # If the repository and the work tree exist, try to commit changes
+        if test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then
+            CHANGED_LINES=$(${GIT_BIN} status --porcelain | wc -l)
+            if [ "${CHANGED_LINES}" != "0" ]; then
+              ${GIT_BIN} add --all
+              ${GIT_BIN} commit --message "${TEXTE}" --author="${USER} <${USER}@evolix.net>" --quiet
+              # Add the SHA to the log file if something has been committed
+              SHA=$(${GIT_BIN} rev-parse --short HEAD)
+              STATS=$(${GIT_BIN} show --stat | tail -1)
+              # append commit data, without empty lines
+              GIT_COMMITS=$(echo "${GIT_COMMITS}\n${GIT_DIR} : ${SHA} –${STATS}" | sed -e '/^$/d')
+            fi
+        fi
+        # unset environment variables to prevent accidental influence on other git commands
+        unset GIT_DIR GIT_WORK_TREE
+    done
+    if [ -n "${GIT_COMMITS}" ]; then
+      echo "${GIT_COMMITS}" >> "${LOGFILE}"
+    fi
+fi
+
+# insert into PG
+# SQL_TEXTE=`echo "${TEXTE}" | sed "s/'/\\\\\\'/g ; s@/@\\\\\/@g ; s@\\&@et@g"`
+SQL_TEXTE=`echo "${TEXTE}" | sed "s/'/''/g"`
+
+PG_QUERY="INSERT INTO evomaint(hostname,userid,ipaddress,begin_date,end_date,details) VALUES ('${HOSTNAME}','${USER}','${IP}','${BEGIN_DATE}',now(),'${SQL_TEXTE}')"
+echo "${PG_QUERY}" | psql ${PGDB} ${PGTABLE} -h ${PGHOST} --quiet
+
+# send mail
+MAIL_TEXTE=$(echo "${TEXTE}" | sed -e "s@/@\\\\\/@g ; s@&@\\\\&@")
+MAIL_GIT_COMMITS=$(echo "${GIT_COMMITS}" | sed -e "s@/@\\\\\/@g ; s@&@\\\\&@")
+
+cat /usr/share/scripts/evomaintenance.tpl | \
+    sed -e "s/__TO__/${EVOMAINTMAIL}/ ; s/__HOSTNAME__/${HOSTNAME_TEXT}/ ; s/__USER__/${USER}/ ; s/__BEGIN_DATE__/${BEGIN_DATE}/ ; s/__END_DATE__/${END_DATE}/ ; s/__GIT_COMMITS__/${MAIL_GIT_COMMITS}/ ; s/__TEXTE__/${MAIL_TEXTE}/ ; s/__IP__/${IP}/ ; s/__FULLFROM__/${FULLFROM}/ ; s/__FROM__/${FROM}/ ; s/__URGENCYFROM__/${URGENCYFROM}/ ; s/__URGENCYTEL__/${URGENCYTEL}/" | \
+    ${SENDMAIL_BIN} -oi -t -f ${FROM}
+
+exit 0

evomaintenance/files/evomaintenance.tpl

@@ -0,0 +1,33 @@
+From: __FULLFROM__
+Content-Type: text/plain; charset=UTF-8
+MIME-Version: 1.0
+Content-Transfer-Encoding: 8bit
+To: __TO__
+Subject: [evomaintenance] Intervention sur __HOSTNAME__ (__USER__)
+
+Bonjour,
+
+Une intervention vient de se terminer sur votre serveur.
+Voici les renseignements sur l'intervention :
+
+Nom du serveur : __HOSTNAME__
+Personne ayant réalisée l'intervention : __USER__
+Intervention réalisée depuis : __IP__
+Début de l'intervention : __BEGIN_DATE__
+Fin de l'intervention : __END_DATE__
+
+###
+Renseignements sur l'intervention :
+__TEXTE__
+###
+
+__GIT_COMMITS__
+
+Pour réagir à cette intervention, vous pouvez répondre à ce message
+(sur l'adresse mail __FROM__). En cas d'urgence, utilisez
+l'adresse __URGENCYFROM__ ou notre téléphone portable d'astreinte
+(__URGENCYTEL__)
+
+Cordialement,
+--
+__FULLFROM__

evomaintenance/tasks/install_package.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Install Evolix public repositry
+  include_role:
+    name: apt
+    tasks_from: evolix_public.yml
+  tags:
+    - evomaintenance
+
+- name: evomaintenance is installed
+  apt:
+    name: evomaintenance
+    allow_unauthenticated: yes
+  tags:
+    - evomaintenance

evomaintenance/tasks/install_vendor.yml

@@ -0,0 +1,40 @@
+---
+
+- include_role:
+    name: remount-usr
+  tags:
+    - evomaintenance
+
+- name: /usr/share/scripts exists
+  file:
+    dest: /usr/share/scripts
+    mode: "0700"
+    owner: root
+    group: root
+    state: directory
+  tags:
+    - evomaintenance
+
+- name: Script is installed
+  copy:
+    src: evomaintenance.sh
+    dest: /usr/share/scripts/evomaintenance.sh
+    mode: "0700"
+    owner: root
+    group: root
+    force: yes
+    backup: yes
+  tags:
+    - evomaintenance
+
+- name: Template is installed
+  copy:
+    src: evomaintenance.tpl
+    dest: /usr/share/scripts/evomaintenance.tpl
+    mode: "0600"
+    owner: root
+    group: root
+    force: yes
+    backup: yes
+  tags:
+    - evomaintenance

evomaintenance/tasks/main.yml

@@ -1,17 +1,10 @@
 ---
-- name: Install Evolix public repositry
-  include_role:
-    name: apt
-    tasks_from: evolix_public.yml
-  tags:
-    - evomaintenance
 
-- name: evomaintenance is installed
-  apt:
-    name: evomaintenance
-    allow_unauthenticated: yes
-  tags:
-    - evomaintenance
+- include: install_package.yml
+  when: not evomaintenance_install_vendor
+
+- include: install_vendor.yml
+  when: evomaintenance_install_vendor
 
 - name: configuration is applied
   template:
@@ -23,19 +16,6 @@
   tags:
     - evomaintenance
 
-# - name: list users with a shell
-#   shell: "cat /etc/passwd | grep -vE \"^root:\"  | grep -E \":/[^:]+sh$\" | cut -d: -f6"
-#   changed_when: False
-#   check_mode: no
-#   register: home_of_shell_users
-#   tags:
-#     - evomaintenance
-#
-# - include: trap.yml home={{ item }}
-#   with_items: "{{ home_of_shell_users.stdout_lines }}"
-#   tags:
-#     - evomaintenance
-
 - name: Is minifirewall installed?
   stat:
     path: /etc/default/minifirewall