evolix
/
ansible-roles
22
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity
ansible-roles/generate-ldif/templates/generateldif.sh.j2

613 lines
16 KiB
Django/Jinja
Executable File
Raw Blame History

#!/bin/sh
if [ $(id -u) != 0 ]; then
echo "You must be root" 2>&1
exit 1
fi
is_pkg_installed() {
dpkg -l "$1" 2>/dev/null | grep -q -E '^(i|h)i'
}
get_pkg_version() {
dpkg-query -W -f='${Version}\n' "$1" | \
sed 's/[~+-].\+//' | sed 's/.\+://' | sed 's/p.*//' | cut -d'.' -f1,2
}
clientNumber="{{ client_number | mandatory }}"
monitoringMode="{{ monitoring_mode | mandatory }}"
monitoringType="{{ monitoring_type | mandatory }}"
monitoringTimeout="{{ monitoring_timeout | mandatory }}"
isActive="TRUE"
NagiosEnabled="TRUE"
EvoComputerName=$(hostname -s)
dnsPTRrecord=$(hostname -f)
HardwareMark=$(dmidecode -s system-manufacturer | grep -v '^#')
computerIP=$(hostname -i | cut -d' ' -f1)
# The sed part does not works for squeeze and previous
computerOS=$(lsb_release -s -d | sed -E 's#\.[0-9]{1,}##')
computerKernel=$(uname -r)
HardwareSerial=$(dmidecode -s system-serial-number | grep -v '^#')
type="baremetal"
lscpu | grep -q KVM && type="kvm"
lscpu | grep -q Oracle && type="virtualbox"
if [ "$type" = "kvm" ]; then
HardwareMark="KVM"
HardwareModel="Virtual Machine"
cpuMark=$(lscpu | grep Vendor | tr -s '\t' ' ' | cut -d' ' -f3)
cpuModel="Virtual $(lscpu | grep "Model name" | tr -s '\t' ' ' | cut -d' ' -f3-), $(nproc) vCPU"
cpuFreq="$(lscpu | grep "CPU MHz" | tr -s '\t' ' ' | cut -d' ' -f3-)MHz"
elif [ "$type" = "virtualbox" ]; then
HardwareMark="VirtualBox"
HardwareModel="Virtual Machine"
cpuMark=$(lscpu | grep Vendor | tr -s '\t' ' ' | cut -d' ' -f3)
cpuModel="Virtual $(lscpu | grep "Model name" | tr -s '\t' ' ' | cut -d' ' -f3-), $(nproc) vCPU"
cpuFreq="$(lscpu | grep "CPU MHz" | tr -s '\t' ' ' | cut -d' ' -f3-)MHz"
else
HardwareModel=$(dmidecode -s system-product-name | grep -v '^#')
cpuMark=$(dmidecode -s processor-manufacturer | grep -v '^#' | head -1)
cpuModel=$(dmidecode -s processor-version | grep -v '^#' | head -1)
cpuFreq=$(dmidecode -s processor-frequency | grep -v '^#' | head -1)
fi
# lspci is not available on OpenVZ container.
if ( test -d /proc/vz && ! test -d /proc/bc ); then
screen0Mark="No screen on OpenVZ container"
screen0Model="No screen on OpenVZ container"
sdaSize="Total SIMFS $(df -h -t simfs --total | tail -1 | tr -s '\t' ' ' | cut -d' ' -f2)"
else
screen0Mark=$(lspci -q -vm | grep VGA -A3 | grep Vendor | tr -d '\t' | cut -d':' -f2 | head -1)
screen0Model=$(lspci -q -vm | grep VGA -A3 | grep Device | tr -d '\t' | cut -d':' -f2 | head -1)
sdaSize=$(lsblk -d -r -n -o TYPE,SIZE | grep disk | sed 's/^disk //'| xargs | sed 's/ / + /g')
raidModel=$(lspci -q -vm | grep RAID -A3 | grep Device | tr -d '\t' | cut -d':' -f2 | head -1)
fi
if (test -b /dev/vda); then
sdaModel="Virtual VirtIO Disk"
elif [ -d /proc/vz ] && [ ! -d /proc/bc ]; then
sdaModel="OpenVZ SIMFS disk"
elif (lsblk -d -r -n -o TYPE,SIZE,PATH | grep -q sda); then
hdparm -I /dev/sda 2>&1 | grep -q bad
if [ $? -eq 0 ]; then
if (test -n "${raidModel}"); then
sdaModel=${raidModel}
else
sdaModel="Model unknown, RAID HW?"
fi
else
sdaModel=$(hdparm -I /dev/sda | grep Model | tr -s '\t' ' ' | cut -d' ' -f4-)
fi
# hdparm does not support NVME, use smartctl
elif (lsblk -d -r -n -o TYPE,SIZE,PATH | grep -q nvme); then
sdaModel="SSD NVMe: $(smartctl -a /dev/nvme0n1 | grep "Model Number" | tr -s ' ' | cut -d' ' -f3-)"
fi
ldif_file="/root/${EvoComputerName}.$(date +"%Y%m%d%H%M%S").ldif"
computer_dn="EvoComputerName=${EvoComputerName},ou=computer,dc=evolix,dc=net"
# Generic services.
cat <<EOT > "${ldif_file}"
## Generated on $(date --iso-8601=seconds)
## Can be injected in LDAP with this command:
# ldapvi --profile evolix --add --in ${EvoComputerName}.ldif
dn: ${computer_dn}
dnsArecord: ${EvoComputerName}
EvoComputerName: ${EvoComputerName}
HardwareMark: ${HardwareMark}
HardwareModel: ${HardwareModel}
dnsZone: evolix.net
objectClass: EvoComputer
objectClass: top
computerIP: ${computerIP}
dnsPTRrecord: ${dnsPTRrecord}
computerOS: ${computerOS}
computerKernel: Linux ${computerKernel}
isActive: ${isActive}
NagiosEnabled: ${NagiosEnabled}
NagiosComments: ${monitoringType},${monitoringMode},${monitoringTimeout}
HardwareSerial: ${HardwareSerial}
clientNumber: ${clientNumber}
EOT
# CPU
if [ -n "${cpuMark}" ]; then
cat <<EOT >> "${ldif_file}"
dn: HardwareName=cpu0,${computer_dn}
HardwareMark: ${cpuMark}
objectClass: EvoHardware
HardwareName: cpu0
HardwareSize: ${cpuFreq}
HardwareType: CPU
HardwareModel: ${cpuModel}
EOT
fi
# Memory
mem=$(free -h | grep Mem: | tr -s ' ' | cut -d ' ' -f2)
if [ -n "${mem}" ]; then
cat <<EOT >> "${ldif_file}"
dn: HardwareName=ram0,${computer_dn}
HardwareName: ram0
objectClass: EvoHardware
HardwareSize: ${mem}
HardwareType: mem
NagiosEnabled: TRUE
EOT
fi
# Screen
swap=$(free -h | grep Swap: | tr -s ' ' | cut -d ' ' -f2)
if [ -n "${screen0Mark}" ]; then
cat <<EOT >> "${ldif_file}"
dn: HardwareName=screen0,${computer_dn}
HardwareMark: ${screen0Mark}
HardwareName: screen0
objectClass: EvoHardware
HardwareModel: ${screen0Model}
HardwareType: video
EOT
fi
# /dev/sda
if [ -n "${sdaModel}" ]; then
cat <<EOT >> "${ldif_file}"
dn: HardwareName=sda,${computer_dn}
objectClass: EvoHardware
HardwareName: sda
HardwareSize: ${sdaSize}
HardwareType: disk
HardwareModel: ${sdaModel}
HardwarePartitioncount: 1
NagiosEnabled: TRUE
EOT
fi
# raid hardware
if [ -n "${raidModel}" ]; then
cat <<EOT >> "${ldif_file}"
dn: HardwareName=raid_card,${computer_dn}
objectClass: EvoHardware
HardwareName: raid_card
HardwareType: disk
HardwareModel: ${raidModel}
NagiosEnabled: TRUE
EOT
fi
# Swap
swap=$(free -h | grep Swap: | tr -s ' ' | cut -d ' ' -f2)
if [ -n "${swap}" ]; then
cat <<EOT >> "${ldif_file}"
dn: HardwareName=swap,${computer_dn}
objectClass: EvoHardware
HardwareName: swap
HardwareSize: ${swap}
HardwareType: mem
NagiosEnabled: TRUE
EOT
fi
# NRPE
nrpe_version=$(get_pkg_version nagios-nrpe-server)
if [ -n "${nrpe_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=nrpe,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: TCP
ServiceVersion: NRPE ${nrpe_version}
objectClass: EvoService
ServiceName: nrpe
ipServicePort: 5666
ServiceType: monitoring
EOT
fi
# minifirewall
if [ -f "/etc/default/minifirewall" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=minifirewall,${computer_dn}
NagiosEnabled: TRUE
objectClass: EvoService
ServiceName: minifirewall
ServiceType: firewall
ServiceVersion: minifirewall
EOT
fi
# Postfix
postfix_version=$(get_pkg_version postfix)
if [ -n "${postfix_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=postfix,${computer_dn}
ipServiceProtocol: tcp
NagiosEnabled: TRUE
objectClass: EvoService
ServiceName: postfix
ipServicePort: 25
ServiceType: smtp
ServiceVersion: Postfix ${postfix_version}
EOT
fi
# OpenSSH
openssh_version=$(get_pkg_version openssh-server)
if [ -n "${openssh_version}" ]; then
opensshFingerprintRSA=$(ssh-keyscan -t rsa localhost 2>/dev/null\
| sed -e 's/localhost //' -e 's/ssh-rsa /ssh-rsa,/')
opensshFingerprintED25519=$(ssh-keyscan -t ed25519 localhost 2>/dev/null\
| sed -e 's/localhost //' -e 's/ssh-ed25519 /ssh-ed25519,/')
opensshFingerprintECDSA=$(ssh-keyscan -t ecdsa-sha2-nistp256 localhost 2>/dev/null\
| sed -e 's/localhost //' -e 's/ecdsa-sha2-nistp256 /ecdsa-sha2-nistp256,/')
opensshFingerprint="${opensshFingerprintRSA}${opensshFingerprintRSA:+;}${opensshFingerprintED25519}${opensshFingerprintED25519:+;}${opensshFingerprintECDSA}"
cat <<EOT >> "${ldif_file}"
dn: ServiceName=openssh,${computer_dn}
ipServiceProtocol: tcp
NagiosEnabled: TRUE
objectClass: EvoService
ipServicePort: 22
ServiceName: openssh
ServiceType: ssh
ServiceVersion: OpenSSH ${openssh_version}
ServiceFingerprint: ${opensshFingerprint}
EOT
fi
# NTP
ntp_version=$(get_pkg_version ntp)
if [ -n "${ntp_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=ntp,${computer_dn}
NagiosEnabled: TRUE
objectClass: EvoService
ServiceName: ntp
ServiceType: ntp
ServiceVersion: NTP ${ntp_version}
EOT
fi
for net in $(ls /sys/class/net); do
path=$(readlink -e /sys/class/net/${net})
echo $path | grep -q virtual
if [ $? -ne 0 ]; then
hw=$(cat ${path}/address)
# In some cases some devices does not have a vendor or device, skip it
test -f ${path}/device/vendor || continue
vendor_id=$(cat ${path}/device/vendor)
test -f ${path}/device/device || continue
dev_id=$(cat ${path}/device/device)
[ "${dev_id}" = "0x0001" ] && dev_id="0x1000"
dev=$(lspci -d "${vendor_id}:${dev_id}" -vm)
vendor=$(echo "${dev}" | grep -E "^Vendor" | cut -d':' -f2 | xargs)
model=$(echo "${dev}" | grep -E "^Vendor" -A1 | grep -E "^Device" | cut -d':' -f2 | xargs)
size=$(cat ${path}/tx_queue_len)
ips=$(ip -o addr show "${net}" | grep "global" | awk '{print $4 }' | xargs | cut -d'/' -f1)
cat <<EOT >> "${ldif_file}"
dn: HardwareName=$net,EvoComputerName=$(hostname),ou=computer,dc=evolix,dc=net
objectClass: EvoHardware
HardwareAddress: ${hw}
EOT
[ -n "$ips" ] && echo "HardwareIP: ${ips}" >> "${ldif_file}"
cat <<EOT >> "${ldif_file}"
HardwareMark: ${vendor}
HardwareModel: ${model}
HardwareName: ${net}
HardwareSize: ${size}
HardwareType: netcard
EOT
fi
done
# Apache
if is_pkg_installed apache2-data; then
apache_version=$(get_pkg_version apache2-data)
fi
if [ -n "${apache_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=apache,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: apache
ipServicePort: 80
ServiceType: http
ServiceVersion: Apache ${apache_version}
dn: ServiceName=apache-ssl,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: apache-ssl
ipServicePort: 443
ServiceType: http
ServiceVersion: Apache ${apache_version}
EOT
fi
# Nginx
if is_pkg_installed nginx-common; then
nginx_version=$(get_pkg_version nginx-common)
fi
if [ -n "${nginx_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=nginx,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: nginx
ipServicePort: 80
ServiceType: http
ServiceVersion: Nginx ${nginx_version}
dn: ServiceName=nginx-ssl,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ipServicePort: 443
ServiceName: nginx-ssl
ServiceType: https
ServiceVersion: Nginx ${nginx_version}
EOT
fi
# MySQL
if is_pkg_installed mysql-server-5.5; then
mysql_version=$(get_pkg_version mysql-server-5.5)
elif is_pkg_installed mysql-server-5.7; then
mysql_version=$(get_pkg_version mysql-server-5.7)
fi
if [ -n "${mysql_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=mysql,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: mysql
ipServicePort: 3306
ServiceType: sql
ServiceVersion: MySQL ${mysql_version}
EOT
fi
# MariaDB
if is_pkg_installed mariadb-server-10.3; then
mariadb_version=$(get_pkg_version mariadb-server-10.3)
elif is_pkg_installed mariadb-server-10.1; then
mariadb_version=$(get_pkg_version mariadb-server-10.1)
elif is_pkg_installed mariadb-server-10.0; then
mariadb_version=$(get_pkg_version mariadb-server-10.0)
fi
if [ -n "${mariadb_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=mysql,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: mysql
ipServicePort: 3306
ServiceType: sql
ServiceVersion: MariaDB ${mariadb_version}
EOT
fi
# Squid
if is_pkg_installed squid; then
# squid on Debian 9+
squid_version=$(get_pkg_version squid)
elif is_pkg_installed squid3-common; then
# squid on Debian 8
squid_version=$(get_pkg_version squid3-common)
fi
if [ -n "${squid_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=squid,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: squid
ipServicePort: 3128
ServiceType: proxy
ServiceVersion: Squid ${squid_version}
EOT
fi
# ProFTPD
if is_pkg_installed proftpd-basic; then
proftpd_version=$(get_pkg_version proftpd-basic)
fi
if [ -n "${proftpd_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=proftpd,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: proftpd
ipServicePort: 3128
ServiceType: ftp
ServiceVersion: ProFTPD ${proftpd_version}
EOT
fi
# OpenLDAP
if is_pkg_installed slapd; then
ldap_version=$(get_pkg_version slapd)
fi
if [ -n "${ldap_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=openldap,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: openldap
ipServicePort: 389
ServiceType: ldap
ServiceVersion: OpenLDAP ${ldap_version}
EOT
fi
# Dovecot
if is_pkg_installed dovecot-common; then
dovecot_version=$(get_pkg_version dovecot-common)
fi
if [ -n "${dovecot_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=dovecot-pop,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: dovecot-pop
ipServicePort: 110
ServiceType: pop
ServiceVersion: Dovecot ${dovecot_version}
dn: ServiceName=dovecot-pop-ssl,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: dovecot-pop-ssl
ipServicePort: 995
ServiceType: pop
ServiceVersion: Dovecot ${dovecot_version}
dn: ServiceName=dovecot-imap,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: dovecot-imap
ipServicePort: 143
ServiceType: imap
ServiceVersion: Dovecot ${dovecot_version}
dn: ServiceName=dovecot-imap-ssl,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: dovecot-imap-ssl
ipServicePort: 993
ServiceType: imap
ServiceVersion: Dovecot ${dovecot_version}
EOT
fi
# Amavis
if is_pkg_installed amavisd-new; then
amavis_version=$(get_pkg_version amavisd-new)
fi
if [ -n "${amavis_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=amavisd-new,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: amavisd-new
ipServicePort: 10024
ServiceType: smtp
ServiceVersion: amavisd-new ${amavis_version}
EOT
fi
# ClamAV
if is_pkg_installed clamav-daemon; then
clamav_version=$(get_pkg_version clamav-daemon)
fi
if [ -n "${clamav_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=clamd,${computer_dn}
NagiosEnabled: TRUE
objectClass: EvoService
ServiceName: clamd
ServiceType: antivirus
ServiceVersion: Clamd ${clamav_version}
EOT
fi
# Elasticsearch
if is_pkg_installed elasticsearch; then
elasticsearch_version=$(get_pkg_version elasticsearch)
fi
if [ -n "${elasticsearch_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=elasticsearch,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: elasticsearch
ipServicePort: 9200
ServiceType: http
ServiceVersion: Elasticsearch ${elasticsearch_version}
EOT
fi
# PostgreSQL
if is_pkg_installed postgresql; then
postgresql_version=$(get_pkg_version postgresql)
fi
if [ -n "${postgresql_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=postgresql,${computer_dn}
NagiosEnabled: TRUE
ipServiceProtocol: tcp
objectClass: EvoService
ServiceName: postgresql
ipServicePort: 5432
ServiceType: database
ServiceVersion: PostgreSQL ${postgresql_version}
EOT
fi
# mdadm
if is_pkg_installed mdadm; then
mdadm_version=$(get_pkg_version mdadm)
fi
if [ -n "${mdadm_version}" ]; then
cat <<EOT >> "${ldif_file}"
dn: ServiceName=mdadm,${computer_dn}
NagiosEnabled: TRUE
objectClass: EvoService
ServiceName: mdadm
ServiceType: raid
ServiceVersion: mdadm ${mdadm_version}
EOT
fi
# test if we have a stdout
if [ -t 1 ]; then
echo "Output is in ${ldif_file}"
fi
exit 0
Reference in New Issue View Git Blame Copy Permalink