evomaintenance: a vendored version is available to install
This commit is contained in:
parent
c7cc63444d
commit
2b5e83fa34
7 changed files with 251 additions and 31 deletions
|
@ -2,9 +2,6 @@
|
|||
|
||||
Install a script to notify when operations are performed on a server
|
||||
|
||||
The Debian package is available at `pub.evolix.net`.
|
||||
Make you have `deb http://pub.evolix.net/ jessie/` in your sources list.
|
||||
|
||||
## Tasks
|
||||
|
||||
Installation and configuration are performed via `tasks/main.yml`.
|
||||
|
|
|
@ -2,20 +2,32 @@
|
|||
general_alert_email: "root@localhost"
|
||||
evomaintenance_alert_email: Null
|
||||
|
||||
evomaintenance_hostname: "{{ ansible_fqdn }}"
|
||||
### copied from evolinux-base ###
|
||||
evolinux_hostname: "{{ ansible_hostname }}"
|
||||
evolinux_domain: "{{ ansible_domain }}"
|
||||
evolinux_fqdn: "{{ evolinux_hostname }}.{{ evolinux_domain }}"
|
||||
|
||||
evolinux_internal_hostname: "{{ evolinux_hostname }}"
|
||||
evolinux_internal_domain: "{{ evolinux_domain }}"
|
||||
evolinux_internal_fqdn: "{{ evolinux_internal_hostname }}.{{ evolinux_internal_domain }}"
|
||||
#################################
|
||||
|
||||
evomaintenance_install_vendor: False
|
||||
|
||||
evomaintenance_hostname: "{{ evolinux_internal_fqdn }}"
|
||||
|
||||
evomaintenance_pg_host: Null
|
||||
evomaintenance_pg_passwd: Null
|
||||
evomaintenance_pg_db: Null
|
||||
evomaintenance_pg_table: Null
|
||||
|
||||
evomaintenance_from: "evomaintenance@{{ ansible_fqdn }}"
|
||||
evomaintenance_from: "evomaintenance@{{ evolinux_internal_fqdn }}"
|
||||
evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
|
||||
|
||||
evomaintenance_urgency_from: mama.doe@example.com
|
||||
evomaintenance_urgency_tel: "06.00.00.00.00"
|
||||
|
||||
evomaintenance_realm: "{{ ansible_domain }}"
|
||||
evomaintenance_realm: "{{ evolinux_internal_domain }}"
|
||||
|
||||
evomaintenance_default_hosts: []
|
||||
evomaintenance_additional_hosts: []
|
||||
|
|
143
evomaintenance/files/evomaintenance.sh
Normal file
143
evomaintenance/files/evomaintenance.sh
Normal file
|
@ -0,0 +1,143 @@
|
|||
#!/bin/sh
|
||||
|
||||
# EvoMaintenance script
|
||||
# Dependencies (all OS): git postgresql-client
|
||||
# Dependencies (Debian): sudo
|
||||
|
||||
# version 0.3
|
||||
# Copyright 2007-2018 Gregory Colpart <reg@evolix.fr>, Jérémy Lecour <jlecour@evolix.fr>, Evolix <info@evolix.fr>
|
||||
|
||||
test -f /etc/evomaintenance.cf && . /etc/evomaintenance.cf
|
||||
|
||||
[ -n "${HOSTNAME}" ] || HOSTNAME=$(hostname --fqdn)
|
||||
[ -n "${EVOMAINTMAIL}" ] || EVOMAINTMAIL=evomaintenance-$(echo "${HOSTNAME}" | cut -d- -f1)@${REALM}
|
||||
[ -n "${LOGFILE}" ] || LOGFILE=/var/log/evomaintenance.log
|
||||
|
||||
# Treat unset variables as an error when substituting.
|
||||
# Only after this line, because some config variables might be missing.
|
||||
set -u
|
||||
|
||||
REAL_HOSTNAME=$(hostname --fqdn)
|
||||
if [ "${HOSTNAME}" = "${REAL_HOSTNAME}" ]; then
|
||||
HOSTNAME_TEXT="${HOSTNAME}"
|
||||
else
|
||||
HOSTNAME_TEXT="${HOSTNAME} (${REAL_HOSTNAME})"
|
||||
fi
|
||||
|
||||
PATH=${PATH}:/usr/sbin
|
||||
|
||||
SENDMAIL_BIN=$(command -v sendmail)
|
||||
GIT_BIN=$(command -v git)
|
||||
|
||||
GIT_REPOSITORIES="/etc /etc/bind"
|
||||
|
||||
WHO=$(LC_ALL=C who -m)
|
||||
USER=$(echo ${WHO} | cut -d" " -f1)
|
||||
IP=$(echo ${WHO} | cut -d" " -f6 | sed -e "s/^(// ; s/)$//")
|
||||
BEGIN_DATE="$(date "+%Y") $(echo ${WHO} | cut -d" " -f3,4,5)"
|
||||
END_DATE=$(date +"%Y %b %d %H:%M")
|
||||
# we can't use "date --iso8601" because this options is not available everywhere
|
||||
NOW_ISO=$(date +"%Y-%m-%dT%H:%M:%S%z")
|
||||
|
||||
# git statuses
|
||||
GIT_STATUSES=""
|
||||
|
||||
if test -x "${GIT_BIN}"; then
|
||||
# loop on possible directories managed by GIT
|
||||
for dir in ${GIT_REPOSITORIES}; do
|
||||
# tell Git where to find the repository and the work tree (no need to `cd …` there)
|
||||
export GIT_DIR="${dir}/.git" GIT_WORK_TREE="${dir}"
|
||||
# If the repository and the work tree exist, try to commit changes
|
||||
if test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then
|
||||
CHANGED_LINES=$(${GIT_BIN} status --porcelain | wc -l)
|
||||
if [ "${CHANGED_LINES}" != "0" ]; then
|
||||
STATUS=$(${GIT_BIN} status --short | tail -n 10)
|
||||
# append diff data, without empty lines
|
||||
GIT_STATUSES=$(echo "${GIT_STATUSES}\n${GIT_DIR} (last 10 lines)\n${STATUS}\n" | sed -e '/^$/d')
|
||||
fi
|
||||
fi
|
||||
# unset environment variables to prevent accidental influence on other git commands
|
||||
unset GIT_DIR GIT_WORK_TREE
|
||||
done
|
||||
if [ -n "${GIT_STATUSES}" ]; then
|
||||
echo "/!\ There are some uncommited changes. If you proceed, everything will be commited."
|
||||
echo "${GIT_STATUSES}"
|
||||
echo ""
|
||||
fi
|
||||
fi
|
||||
|
||||
# get input from stdin
|
||||
echo "> Please, enter details about your maintenance"
|
||||
read TEXTE
|
||||
|
||||
if [ "${TEXTE}" = "" ]; then
|
||||
echo "no value..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# recapitulatif
|
||||
BLOB=$(cat <<END
|
||||
Host : $HOSTNAME_TEXT
|
||||
User : $USER
|
||||
IP : $IP
|
||||
Begin : $BEGIN_DATE
|
||||
End : $END_DATE
|
||||
Message : $TEXTE
|
||||
END
|
||||
)
|
||||
|
||||
echo ""
|
||||
echo "${BLOB}"
|
||||
echo ""
|
||||
echo "> Press <Enter> to submit, or <Ctrl+c> to cancel."
|
||||
read enter
|
||||
|
||||
# write log
|
||||
echo "----------- ${NOW_ISO} ---------------" >> "${LOGFILE}"
|
||||
echo "${BLOB}" >> "${LOGFILE}"
|
||||
|
||||
# git commit
|
||||
GIT_COMMITS=""
|
||||
|
||||
if test -x "${GIT_BIN}"; then
|
||||
# loop on possible directories managed by GIT
|
||||
for dir in ${GIT_REPOSITORIES}; do
|
||||
# tell Git where to find the repository and the work tree (no need to `cd …` there)
|
||||
export GIT_DIR="${dir}/.git" GIT_WORK_TREE="${dir}"
|
||||
# If the repository and the work tree exist, try to commit changes
|
||||
if test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then
|
||||
CHANGED_LINES=$(${GIT_BIN} status --porcelain | wc -l)
|
||||
if [ "${CHANGED_LINES}" != "0" ]; then
|
||||
${GIT_BIN} add --all
|
||||
${GIT_BIN} commit --message "${TEXTE}" --author="${USER} <${USER}@evolix.net>" --quiet
|
||||
# Add the SHA to the log file if something has been committed
|
||||
SHA=$(${GIT_BIN} rev-parse --short HEAD)
|
||||
STATS=$(${GIT_BIN} show --stat | tail -1)
|
||||
# append commit data, without empty lines
|
||||
GIT_COMMITS=$(echo "${GIT_COMMITS}\n${GIT_DIR} : ${SHA} –${STATS}" | sed -e '/^$/d')
|
||||
fi
|
||||
fi
|
||||
# unset environment variables to prevent accidental influence on other git commands
|
||||
unset GIT_DIR GIT_WORK_TREE
|
||||
done
|
||||
if [ -n "${GIT_COMMITS}" ]; then
|
||||
echo "${GIT_COMMITS}" >> "${LOGFILE}"
|
||||
fi
|
||||
fi
|
||||
|
||||
# insert into PG
|
||||
# SQL_TEXTE=`echo "${TEXTE}" | sed "s/'/\\\\\\'/g ; s@/@\\\\\/@g ; s@\\&@et@g"`
|
||||
SQL_TEXTE=`echo "${TEXTE}" | sed "s/'/''/g"`
|
||||
|
||||
PG_QUERY="INSERT INTO evomaint(hostname,userid,ipaddress,begin_date,end_date,details) VALUES ('${HOSTNAME}','${USER}','${IP}','${BEGIN_DATE}',now(),'${SQL_TEXTE}')"
|
||||
echo "${PG_QUERY}" | psql ${PGDB} ${PGTABLE} -h ${PGHOST} --quiet
|
||||
|
||||
# send mail
|
||||
MAIL_TEXTE=$(echo "${TEXTE}" | sed -e "s@/@\\\\\/@g ; s@&@\\\\&@")
|
||||
MAIL_GIT_COMMITS=$(echo "${GIT_COMMITS}" | sed -e "s@/@\\\\\/@g ; s@&@\\\\&@")
|
||||
|
||||
cat /usr/share/scripts/evomaintenance.tpl | \
|
||||
sed -e "s/__TO__/${EVOMAINTMAIL}/ ; s/__HOSTNAME__/${HOSTNAME_TEXT}/ ; s/__USER__/${USER}/ ; s/__BEGIN_DATE__/${BEGIN_DATE}/ ; s/__END_DATE__/${END_DATE}/ ; s/__GIT_COMMITS__/${MAIL_GIT_COMMITS}/ ; s/__TEXTE__/${MAIL_TEXTE}/ ; s/__IP__/${IP}/ ; s/__FULLFROM__/${FULLFROM}/ ; s/__FROM__/${FROM}/ ; s/__URGENCYFROM__/${URGENCYFROM}/ ; s/__URGENCYTEL__/${URGENCYTEL}/" | \
|
||||
${SENDMAIL_BIN} -oi -t -f ${FROM}
|
||||
|
||||
exit 0
|
33
evomaintenance/files/evomaintenance.tpl
Normal file
33
evomaintenance/files/evomaintenance.tpl
Normal file
|
@ -0,0 +1,33 @@
|
|||
From: __FULLFROM__
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 8bit
|
||||
To: __TO__
|
||||
Subject: [evomaintenance] Intervention sur __HOSTNAME__ (__USER__)
|
||||
|
||||
Bonjour,
|
||||
|
||||
Une intervention vient de se terminer sur votre serveur.
|
||||
Voici les renseignements sur l'intervention :
|
||||
|
||||
Nom du serveur : __HOSTNAME__
|
||||
Personne ayant réalisée l'intervention : __USER__
|
||||
Intervention réalisée depuis : __IP__
|
||||
Début de l'intervention : __BEGIN_DATE__
|
||||
Fin de l'intervention : __END_DATE__
|
||||
|
||||
###
|
||||
Renseignements sur l'intervention :
|
||||
__TEXTE__
|
||||
###
|
||||
|
||||
__GIT_COMMITS__
|
||||
|
||||
Pour réagir à cette intervention, vous pouvez répondre à ce message
|
||||
(sur l'adresse mail __FROM__). En cas d'urgence, utilisez
|
||||
l'adresse __URGENCYFROM__ ou notre téléphone portable d'astreinte
|
||||
(__URGENCYTEL__)
|
||||
|
||||
Cordialement,
|
||||
--
|
||||
__FULLFROM__
|
15
evomaintenance/tasks/install_package.yml
Normal file
15
evomaintenance/tasks/install_package.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
- name: Install Evolix public repositry
|
||||
include_role:
|
||||
name: apt
|
||||
tasks_from: evolix_public.yml
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: evomaintenance is installed
|
||||
apt:
|
||||
name: evomaintenance
|
||||
allow_unauthenticated: yes
|
||||
tags:
|
||||
- evomaintenance
|
40
evomaintenance/tasks/install_vendor.yml
Normal file
40
evomaintenance/tasks/install_vendor.yml
Normal file
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
|
||||
- include_role:
|
||||
name: remount-usr
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: /usr/share/scripts exists
|
||||
file:
|
||||
dest: /usr/share/scripts
|
||||
mode: "0700"
|
||||
owner: root
|
||||
group: root
|
||||
state: directory
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: Script is installed
|
||||
copy:
|
||||
src: evomaintenance.sh
|
||||
dest: /usr/share/scripts/evomaintenance.sh
|
||||
mode: "0700"
|
||||
owner: root
|
||||
group: root
|
||||
force: yes
|
||||
backup: yes
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: Template is installed
|
||||
copy:
|
||||
src: evomaintenance.tpl
|
||||
dest: /usr/share/scripts/evomaintenance.tpl
|
||||
mode: "0600"
|
||||
owner: root
|
||||
group: root
|
||||
force: yes
|
||||
backup: yes
|
||||
tags:
|
||||
- evomaintenance
|
|
@ -1,17 +1,10 @@
|
|||
---
|
||||
- name: Install Evolix public repositry
|
||||
include_role:
|
||||
name: apt
|
||||
tasks_from: evolix_public.yml
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: evomaintenance is installed
|
||||
apt:
|
||||
name: evomaintenance
|
||||
allow_unauthenticated: yes
|
||||
tags:
|
||||
- evomaintenance
|
||||
- include: install_package.yml
|
||||
when: not evomaintenance_install_vendor
|
||||
|
||||
- include: install_vendor.yml
|
||||
when: evomaintenance_install_vendor
|
||||
|
||||
- name: configuration is applied
|
||||
template:
|
||||
|
@ -23,19 +16,6 @@
|
|||
tags:
|
||||
- evomaintenance
|
||||
|
||||
# - name: list users with a shell
|
||||
# shell: "cat /etc/passwd | grep -vE \"^root:\" | grep -E \":/[^:]+sh$\" | cut -d: -f6"
|
||||
# changed_when: False
|
||||
# check_mode: no
|
||||
# register: home_of_shell_users
|
||||
# tags:
|
||||
# - evomaintenance
|
||||
#
|
||||
# - include: trap.yml home={{ item }}
|
||||
# with_items: "{{ home_of_shell_users.stdout_lines }}"
|
||||
# tags:
|
||||
# - evomaintenance
|
||||
|
||||
- name: Is minifirewall installed?
|
||||
stat:
|
||||
path: /etc/default/minifirewall
|
||||
|
|
Loading…
Reference in a new issue