evomaintenance: a vendored version is available to install

This commit is contained in:
Jérémy Lecour 2018-09-20 17:08:30 +02:00 committed by Jérémy Lecour
parent c7cc63444d
commit 2b5e83fa34
7 changed files with 251 additions and 31 deletions

View file

@ -2,9 +2,6 @@
Install a script to notify when operations are performed on a server
The Debian package is available at `pub.evolix.net`.
Make you have `deb http://pub.evolix.net/ jessie/` in your sources list.
## Tasks
Installation and configuration are performed via `tasks/main.yml`.

View file

@ -2,20 +2,32 @@
general_alert_email: "root@localhost"
evomaintenance_alert_email: Null
evomaintenance_hostname: "{{ ansible_fqdn }}"
### copied from evolinux-base ###
evolinux_hostname: "{{ ansible_hostname }}"
evolinux_domain: "{{ ansible_domain }}"
evolinux_fqdn: "{{ evolinux_hostname }}.{{ evolinux_domain }}"
evolinux_internal_hostname: "{{ evolinux_hostname }}"
evolinux_internal_domain: "{{ evolinux_domain }}"
evolinux_internal_fqdn: "{{ evolinux_internal_hostname }}.{{ evolinux_internal_domain }}"
#################################
evomaintenance_install_vendor: False
evomaintenance_hostname: "{{ evolinux_internal_fqdn }}"
evomaintenance_pg_host: Null
evomaintenance_pg_passwd: Null
evomaintenance_pg_db: Null
evomaintenance_pg_table: Null
evomaintenance_from: "evomaintenance@{{ ansible_fqdn }}"
evomaintenance_from: "evomaintenance@{{ evolinux_internal_fqdn }}"
evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
evomaintenance_urgency_from: mama.doe@example.com
evomaintenance_urgency_tel: "06.00.00.00.00"
evomaintenance_realm: "{{ ansible_domain }}"
evomaintenance_realm: "{{ evolinux_internal_domain }}"
evomaintenance_default_hosts: []
evomaintenance_additional_hosts: []

View file

@ -0,0 +1,143 @@
#!/bin/sh
# EvoMaintenance script
# Dependencies (all OS): git postgresql-client
# Dependencies (Debian): sudo
# version 0.3
# Copyright 2007-2018 Gregory Colpart <reg@evolix.fr>, Jérémy Lecour <jlecour@evolix.fr>, Evolix <info@evolix.fr>
test -f /etc/evomaintenance.cf && . /etc/evomaintenance.cf
[ -n "${HOSTNAME}" ] || HOSTNAME=$(hostname --fqdn)
[ -n "${EVOMAINTMAIL}" ] || EVOMAINTMAIL=evomaintenance-$(echo "${HOSTNAME}" | cut -d- -f1)@${REALM}
[ -n "${LOGFILE}" ] || LOGFILE=/var/log/evomaintenance.log
# Treat unset variables as an error when substituting.
# Only after this line, because some config variables might be missing.
set -u
REAL_HOSTNAME=$(hostname --fqdn)
if [ "${HOSTNAME}" = "${REAL_HOSTNAME}" ]; then
HOSTNAME_TEXT="${HOSTNAME}"
else
HOSTNAME_TEXT="${HOSTNAME} (${REAL_HOSTNAME})"
fi
PATH=${PATH}:/usr/sbin
SENDMAIL_BIN=$(command -v sendmail)
GIT_BIN=$(command -v git)
GIT_REPOSITORIES="/etc /etc/bind"
WHO=$(LC_ALL=C who -m)
USER=$(echo ${WHO} | cut -d" " -f1)
IP=$(echo ${WHO} | cut -d" " -f6 | sed -e "s/^(// ; s/)$//")
BEGIN_DATE="$(date "+%Y") $(echo ${WHO} | cut -d" " -f3,4,5)"
END_DATE=$(date +"%Y %b %d %H:%M")
# we can't use "date --iso8601" because this options is not available everywhere
NOW_ISO=$(date +"%Y-%m-%dT%H:%M:%S%z")
# git statuses
GIT_STATUSES=""
if test -x "${GIT_BIN}"; then
# loop on possible directories managed by GIT
for dir in ${GIT_REPOSITORIES}; do
# tell Git where to find the repository and the work tree (no need to `cd …` there)
export GIT_DIR="${dir}/.git" GIT_WORK_TREE="${dir}"
# If the repository and the work tree exist, try to commit changes
if test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then
CHANGED_LINES=$(${GIT_BIN} status --porcelain | wc -l)
if [ "${CHANGED_LINES}" != "0" ]; then
STATUS=$(${GIT_BIN} status --short | tail -n 10)
# append diff data, without empty lines
GIT_STATUSES=$(echo "${GIT_STATUSES}\n${GIT_DIR} (last 10 lines)\n${STATUS}\n" | sed -e '/^$/d')
fi
fi
# unset environment variables to prevent accidental influence on other git commands
unset GIT_DIR GIT_WORK_TREE
done
if [ -n "${GIT_STATUSES}" ]; then
echo "/!\ There are some uncommited changes. If you proceed, everything will be commited."
echo "${GIT_STATUSES}"
echo ""
fi
fi
# get input from stdin
echo "> Please, enter details about your maintenance"
read TEXTE
if [ "${TEXTE}" = "" ]; then
echo "no value..."
exit 1
fi
# recapitulatif
BLOB=$(cat <<END
Host : $HOSTNAME_TEXT
User : $USER
IP : $IP
Begin : $BEGIN_DATE
End : $END_DATE
Message : $TEXTE
END
)
echo ""
echo "${BLOB}"
echo ""
echo "> Press <Enter> to submit, or <Ctrl+c> to cancel."
read enter
# write log
echo "----------- ${NOW_ISO} ---------------" >> "${LOGFILE}"
echo "${BLOB}" >> "${LOGFILE}"
# git commit
GIT_COMMITS=""
if test -x "${GIT_BIN}"; then
# loop on possible directories managed by GIT
for dir in ${GIT_REPOSITORIES}; do
# tell Git where to find the repository and the work tree (no need to `cd …` there)
export GIT_DIR="${dir}/.git" GIT_WORK_TREE="${dir}"
# If the repository and the work tree exist, try to commit changes
if test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then
CHANGED_LINES=$(${GIT_BIN} status --porcelain | wc -l)
if [ "${CHANGED_LINES}" != "0" ]; then
${GIT_BIN} add --all
${GIT_BIN} commit --message "${TEXTE}" --author="${USER} <${USER}@evolix.net>" --quiet
# Add the SHA to the log file if something has been committed
SHA=$(${GIT_BIN} rev-parse --short HEAD)
STATS=$(${GIT_BIN} show --stat | tail -1)
# append commit data, without empty lines
GIT_COMMITS=$(echo "${GIT_COMMITS}\n${GIT_DIR} : ${SHA} ${STATS}" | sed -e '/^$/d')
fi
fi
# unset environment variables to prevent accidental influence on other git commands
unset GIT_DIR GIT_WORK_TREE
done
if [ -n "${GIT_COMMITS}" ]; then
echo "${GIT_COMMITS}" >> "${LOGFILE}"
fi
fi
# insert into PG
# SQL_TEXTE=`echo "${TEXTE}" | sed "s/'/\\\\\\'/g ; s@/@\\\\\/@g ; s@\\&@et@g"`
SQL_TEXTE=`echo "${TEXTE}" | sed "s/'/''/g"`
PG_QUERY="INSERT INTO evomaint(hostname,userid,ipaddress,begin_date,end_date,details) VALUES ('${HOSTNAME}','${USER}','${IP}','${BEGIN_DATE}',now(),'${SQL_TEXTE}')"
echo "${PG_QUERY}" | psql ${PGDB} ${PGTABLE} -h ${PGHOST} --quiet
# send mail
MAIL_TEXTE=$(echo "${TEXTE}" | sed -e "s@/@\\\\\/@g ; s@&@\\\\&@")
MAIL_GIT_COMMITS=$(echo "${GIT_COMMITS}" | sed -e "s@/@\\\\\/@g ; s@&@\\\\&@")
cat /usr/share/scripts/evomaintenance.tpl | \
sed -e "s/__TO__/${EVOMAINTMAIL}/ ; s/__HOSTNAME__/${HOSTNAME_TEXT}/ ; s/__USER__/${USER}/ ; s/__BEGIN_DATE__/${BEGIN_DATE}/ ; s/__END_DATE__/${END_DATE}/ ; s/__GIT_COMMITS__/${MAIL_GIT_COMMITS}/ ; s/__TEXTE__/${MAIL_TEXTE}/ ; s/__IP__/${IP}/ ; s/__FULLFROM__/${FULLFROM}/ ; s/__FROM__/${FROM}/ ; s/__URGENCYFROM__/${URGENCYFROM}/ ; s/__URGENCYTEL__/${URGENCYTEL}/" | \
${SENDMAIL_BIN} -oi -t -f ${FROM}
exit 0

View file

@ -0,0 +1,33 @@
From: __FULLFROM__
Content-Type: text/plain; charset=UTF-8
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
To: __TO__
Subject: [evomaintenance] Intervention sur __HOSTNAME__ (__USER__)
Bonjour,
Une intervention vient de se terminer sur votre serveur.
Voici les renseignements sur l'intervention :
Nom du serveur : __HOSTNAME__
Personne ayant réalisée l'intervention : __USER__
Intervention réalisée depuis : __IP__
Début de l'intervention : __BEGIN_DATE__
Fin de l'intervention : __END_DATE__
###
Renseignements sur l'intervention :
__TEXTE__
###
__GIT_COMMITS__
Pour réagir à cette intervention, vous pouvez répondre à ce message
(sur l'adresse mail __FROM__). En cas d'urgence, utilisez
l'adresse __URGENCYFROM__ ou notre téléphone portable d'astreinte
(__URGENCYTEL__)
Cordialement,
--
__FULLFROM__

View file

@ -0,0 +1,15 @@
---
- name: Install Evolix public repositry
include_role:
name: apt
tasks_from: evolix_public.yml
tags:
- evomaintenance
- name: evomaintenance is installed
apt:
name: evomaintenance
allow_unauthenticated: yes
tags:
- evomaintenance

View file

@ -0,0 +1,40 @@
---
- include_role:
name: remount-usr
tags:
- evomaintenance
- name: /usr/share/scripts exists
file:
dest: /usr/share/scripts
mode: "0700"
owner: root
group: root
state: directory
tags:
- evomaintenance
- name: Script is installed
copy:
src: evomaintenance.sh
dest: /usr/share/scripts/evomaintenance.sh
mode: "0700"
owner: root
group: root
force: yes
backup: yes
tags:
- evomaintenance
- name: Template is installed
copy:
src: evomaintenance.tpl
dest: /usr/share/scripts/evomaintenance.tpl
mode: "0600"
owner: root
group: root
force: yes
backup: yes
tags:
- evomaintenance

View file

@ -1,17 +1,10 @@
---
- name: Install Evolix public repositry
include_role:
name: apt
tasks_from: evolix_public.yml
tags:
- evomaintenance
- name: evomaintenance is installed
apt:
name: evomaintenance
allow_unauthenticated: yes
tags:
- evomaintenance
- include: install_package.yml
when: not evomaintenance_install_vendor
- include: install_vendor.yml
when: evomaintenance_install_vendor
- name: configuration is applied
template:
@ -23,19 +16,6 @@
tags:
- evomaintenance
# - name: list users with a shell
# shell: "cat /etc/passwd | grep -vE \"^root:\" | grep -E \":/[^:]+sh$\" | cut -d: -f6"
# changed_when: False
# check_mode: no
# register: home_of_shell_users
# tags:
# - evomaintenance
#
# - include: trap.yml home={{ item }}
# with_items: "{{ home_of_shell_users.stdout_lines }}"
# tags:
# - evomaintenance
- name: Is minifirewall installed?
stat:
path: /etc/default/minifirewall