diff --git a/.github/workflows/galaxy.yml b/.github/workflows/galaxy.yml new file mode 100644 index 0000000..3c35b80 --- /dev/null +++ b/.github/workflows/galaxy.yml @@ -0,0 +1,16 @@ +--- +name: Release to Ansible Galaxy + +on: + push: + tags: + - '*' + +jobs: + release: + runs-on: ubuntu-22.04 + steps: + - name: galaxy + uses: robertdebock/galaxy-action@1.0.1 + with: + galaxy_api_key: ${{ secrets.galaxy_api_key }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..8437bb4 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,73 @@ +--- +name: Lint +on: + pull_request: + push: + branches: + - master + +jobs: + + yamllint: + name: yamllint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + + - name: Set up Python 3.7. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install yamllist + run: pip3 install yamllint + + - name: Run yamllint. + run: yamllint . + + ansible-lint: + name: ansible-lint + runs-on: ubuntu-latest + steps: + - name: Checkout the codebase. + uses: actions/checkout@v2 + + - name: Set up Python 3.7. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install ansible and other packages + run: pip3 install ansible ansible-lint + + - name: Run ansible-lint. + run: ansible-lint + + pre-commit: + name: 'Pre-Commit' + needs: + - yamllint + - ansible-lint + runs-on: ubuntu-latest + steps: + - name: 'Checkout' + uses: actions/checkout@v2.3.4 + + - name: Install ansible-lint + run: pip3 install ansible-lint + + - name: 'Pre-Commit 🔎' + uses: pre-commit/action@v2.0.3 + continue-on-error: true + + - name: 'Slack Notification' + uses: clouddrove/action-slack@v2 + with: + status: ${{ job.status }} + fields: repo,author + author_name: 'CloudDrove Inc.' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_ANSIBLE }} + if: always() diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml new file mode 100644 index 0000000..42833db --- /dev/null +++ b/.github/workflows/readme.yml @@ -0,0 +1,58 @@ +--- +name: 'Create README.md file' +'on': + push: + branches: + - master + +jobs: + readme-create: + name: 'Autogenerate Readme file' + runs-on: ubuntu-latest + steps: + - name: 'Checkout' + uses: actions/checkout@master + + - name: Set up Python 3.7. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: 'Generate readme.md from readme.yaml' + uses: 'clouddrove/github-actions@v8.0' + with: + actions_subcommand: 'readme' + github_token: '${{ secrets.GITHUB }}' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + continue-on-error: true + + - name: Install ansible-lint + run: pip3 install ansible-lint + + - name: pre-commit check errors + uses: pre-commit/action@v2.0.0 + continue-on-error: true + + - name: pre-commit fix errors + uses: pre-commit/action@v2.0.0 + continue-on-error: true + + - name: 'push readme' + uses: 'clouddrove/github-actions@v8.0' + continue-on-error: true + with: + actions_subcommand: 'push' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Slack Notification' + uses: clouddrove/action-slack@v2 + with: + status: ${{ job.status }} + fields: repo,author + author_name: 'CloudDrove Inc.' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_ANSIBLE }} + if: always() diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..59bb916 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +# ignored files +.idea +*.iml +*.zip +.cache diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..452b1cd --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,21 @@ +--- +repos: + + - repo: https://github.com/pre-commit/pre-commit-hooks.git + rev: v3.4.0 + hooks: + - id: end-of-file-fixer + - id: trailing-whitespace + - id: mixed-line-ending + - id: check-byte-order-marker + - id: check-executables-have-shebangs + - id: check-merge-conflict + - id: debug-statements + - id: check-yaml + - id: check-added-large-files + + - repo: https://github.com/ansible/ansible-lint.git + rev: v5.0.8 + hooks: + - id: ansible-lint + files: \.(yaml|yml)$ diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..972ae51 --- /dev/null +++ b/.yamllint @@ -0,0 +1,9 @@ +--- +extends: default + +rules: + line-length: + max: 153 + level: warning + truthy: + allowed-values: ['true', 'false', 'yes', 'no'] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..55beef5 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 Cloud Drove + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..f0eef15 --- /dev/null +++ b/Makefile @@ -0,0 +1,3 @@ +export GENIE_PATH ?= $(shell 'pwd')/../../../genie + +include $(GENIE_PATH)/Makefile diff --git a/README.md b/README.md new file mode 100644 index 0000000..dcb69eb --- /dev/null +++ b/README.md @@ -0,0 +1,146 @@ + + + +

+ +

+ Ansible Role S3 SFTP +

+ +

+ This ansible role install S3 SFTP packages On Ubuntu. +

+ +

+ + + Ansible + + + Licence + + + Distribution + + + Actions + + + +

+

+ + + + + + + + + + + +

+
+ + + +We eat, drink, sleep and most importantly love **DevOps**. DevOps always promotes automation and standardisation. While setting up various environments like local, dev, testing, production, etc. it is critical to maintain the same environment across. This can easily be achieved using automating the environment setup & installation with the help of ansible-playbooks. + +Smaller roles are created for each environment elements; which also include tasks & tests. These roles can then be grouped together in [ansible-playbook](https://docs.ansible.com/ansible/latest/user_guide/playbooks_intro.html) to achieve the desired yet consistent results. + + + +## Prerequisites + +This module has a few dependencies: + +- [Ansible2.9](https://www.ansible.com) +- [Python](https://www.python.org/downloads) + + + + +## What Includes + +Following things includes in this role: + +- ntp +- openssl +- git +- telnet +- figlet +- git-core +- htop +- ntp +- wget +- python-pip +- zip +- vim +- curl +- rsyslog +- libjson-xs-perl + + + + + + + +## Example Playbook + +**IMPORTANT:** Since the `master` branch used in `source` varies based on new modifications, we suggest that you use the release versions [here](https://github.com/clouddrove/ansible-role-s3-sftp/releases). + + +```yaml + - hosts: localhost + remote_user: root + become: true + roles: + - ansible-role-s3-sftp +``` + + +## Variables + +```yaml + zsh_theme: steeef + state: present + aws: true + + user: false + username: ec2-user + +``` + + +## Installation + +```console + $ ansible-galaxy install clouddrove.ansible-role-s3-sftp +``` + + + + + + +## Feedback +If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/ansible-role-s3-sftp/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). + +If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/ansible-role-s3-sftp)! + +## About us + +At [CloudDrove][website], we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering. + +

We are The Cloud Experts!

+
+

We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

+ + [website]: https://clouddrove.com + [github]: https://github.com/clouddrove + [linkedin]: https://cpco.io/linkedin + [twitter]: https://twitter.com/clouddrove/ + [email]: https://clouddrove.com/contact-us.html + [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language= diff --git a/README.yaml b/README.yaml new file mode 100644 index 0000000..0bf1595 --- /dev/null +++ b/README.yaml @@ -0,0 +1,92 @@ +--- +# +# This is the canonical configuration for the `README.md` +# Run `make readme` to rebuild the `README.md` +# + +# Name of this project +name: Ansible Role S3 SFTP + +# License of this project +license: "MIT" + +# Canonical GitHub repo +github_repo: clouddrove/ansible-role-s3-sftp + +# Badges to display +badges: + - name: "Ansible" + image: "https://img.shields.io/badge/Ansible-2.9-green?style=flat&logo=ansible" + url: "https://www.ansible.com" + - name: "Licence" + image: "https://img.shields.io/badge/License-MIT-blue.svg" + url: "LICENSE.md" + - name: "Distribution" + image: "https://img.shields.io/badge/ubuntu-23.x-orange?style=flat&logo=ubuntu" + url: "https://ubuntu.com/" + - name: "Actions" + image: "https://github.com/clouddrove/ansible-role-s3-sftp/actions/workflows/lint.yml/badge.svg" + url: "https://github.com/clouddrove/ansible-role-s3-sftp/actions/workflows/lint.yml" + +# Prerequesties to display +# yamllint disable +prerequesties: + - name: "Ansible2.9" + url: "https://www.ansible.com" + - name: "Python" + url: "https://www.python.org/downloads" + +# What Includes to display +what_includes: + - name: "s3fs" + - name: "openssl" + - name: "groff" + - name: "telnet" + - name: "htop" + - name: "wget" + - name: "python3-pip" + - name: "zip" + - name: "unzip" + - name: "fuse" + - name: "libssl-dev" + - name: "pkg-config" + - name: "build-essential" + - name: "libfuse-dev" + - name: "libcurl4-openssl-dev" + - name: "libxml2-dev" + - name: "mime-support" + - name: "automake" + - name: "libtool" + - name: "ntp" + +# description of this project +description: |- + This ansible role install S3 SFTP and S3FS/Fuse packages On Ubuntu. +# yamllint enable +# How to use this project +usage: |- + ```yaml + - hosts: localhost + remote_user: root + become: true + roles: + - ansible-role-s3-sftp + ``` + +# How to install project +installation: |- + ```console + $ ansible-galaxy install clouddrove.ansible-role-s3-sftp + ``` + + +variables: |- + ```yaml + zsh_theme: steeef + state: present + aws: true + + user: false + username: ec2-user + + ``` diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..f456335 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,38 @@ +--- +# Default file for ansible-role-s3-sftp + +# SFTP Group +sftp_groups: + - name: sftpusers + default_directory_enabled: true + default_directory_path: /%u + sftp_allow_passwords: false + sftp_enable_logging: false +sftp_enable_key_based_auth: true + +# Create SFTP Users +sftp_users: + - name: testuser + group: sftpusers + shell: /sbin/nologin # This will prevent ssh login for this User, only SFTP Login will be allowed + extra_dir: /home/testuser/testuser + # home: /home/testuser # Uncomment this use override default Home Directory for User + key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCilb6q4n3bnXxFtPkzUCQ6UqF+Gr+Bnjg5e/aF5vv/QRcVf67B6W8xfPZt0fwxRokMDgWF8IWc8U6Kbw2xmMvglz4aHsHjTtMmPkNORtyHZpgOyEQSGzdfpkC7xmU8hcmzHlZ37mribD5oGk5PSovkLR4q4LiEpysG3nm3+P80KIDx82qHmywOYdpPzk0SxHcFK1NwQvb9i292eeQNXnSCqmlsLMF5nhb8YvxfToTnNnYxwh13BPN/VzBNP1E9CT5d6D7p1dACVxwVQk9Z85Y22eqDy/YQaz+my7aKaIqd1djMLVGQIMFGZkEwRS5LiI/2T0mipaQklx/OzJKBOCMt key-pair-name" + +# S3FS setup +s3fs: + version: 1.94 + install_prefix: /usr # Default is also /usr, (change tis value to override install prefix) + buckets: + - bucket: sftp-role-testing-bucket + mountpoints: /home/testuser/testuser + # accessKeyId: xxxx9tIxxxxx # Uncomment and change default value to actually working Access Key ID which have S3 bucket access. + # secretAccessKey: XxxxxXXXXxxxxXXXXXXxxxXXX # Uncomment and change default value to actually working Secret Access Key ID which have S3 bucket access + options: + - endpoint=us-east-1 + - nonempty + - use_cache=/tmp + - mp_umask=002 + - allow_other + - multireq_max=5 + - iam_role=sftp-role-testing-role # Update this IAM role with created IAM role to access s3 bucket from the server or provide `accessKeyId` and `secretAccessKey`. diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..9443224 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: SFTP-Server | Restart sshd + service: + name: "{{ 'ssh' if ansible_os_family == 'Debian' else 'sshd' }}" + state: restarted + +- name: S3FS | Restart s3fs + become: true + service: + name: s3fs + state: restarted + enabled: true diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..f711dc3 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,39 @@ +--- +galaxy_info: + author: Anmol Nagpal + description: This ansible role install sftp in the ubuntu and setup users and groups accordingly and mount aws s3 bucket to all users + company: "CloudDrove Inc." + license: "license (BSD, MIT)" + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Ubuntu + versions: + - trusty + - xenial + - focal + + galaxy_tags: + - server + - cloud + - amazon + - aws + - sftp + - s3 + - storage + - ubuntu + - linux + - debian + - apt + +dependencies: [] diff --git a/tasks/apt-pkg.yml b/tasks/apt-pkg.yml new file mode 100644 index 0000000..6108e9c --- /dev/null +++ b/tasks/apt-pkg.yml @@ -0,0 +1,31 @@ +--- +- name: Add git stable apt_repository on Ubuntu + apt_repository: + repo: ppa:git-core/ppa + state: present + +- name: Install system packages and utils on ubuntu + apt: + pkg: + [ + "openssl", + "groff", + "telnet", + "s3fs", # Tool to mount aws S3 to local storage + "htop", + "wget", + "python3-pip", + "zip", + "unzip", + ] + state: present + update_cache: true + cache_valid_time: 5400 + changed_when: false + +- name: Install python packages + apt: + name: + - awscli + - iotop + state: present diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..82d9509 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,13 @@ +--- + +# Download Required Packages +- include_tasks: apt-pkg.yml + +# Configure SFTP +- include_tasks: sftp.yml + +# User Configurations +- include_tasks: user.yml + +# Setup and Mount S3FS +- include_tasks: s3fs.yml diff --git a/tasks/s3fs.yml b/tasks/s3fs.yml new file mode 100644 index 0000000..c11516d --- /dev/null +++ b/tasks/s3fs.yml @@ -0,0 +1,55 @@ +--- +- name: Install dependent packages for s3fs-fuse + package: + name="{{ item }}" + state="present" + update_cache=yes + with_items: "{{ s3fs_dependencies }}" + +# Download and Setup S3FS +- name: Download s3fs sources + get_url: url=https://github.com/s3fs-fuse/s3fs-fuse/archive/v{{ s3fs.version }}.tar.gz dest=/tmp/s3fs-fuse-{{ s3fs.version }}.tar.gz +- name: extract tar.gz of s3fs-fuse + unarchive: + src: /tmp/s3fs-fuse-{{ s3fs.version }}.tar.gz + remote_src: yes + dest: /tmp + creates: s3fs-fuse-{{ s3fs.version }} + +- name: Building and installing s3fs-fuse v{{ s3fs.version }} + command: "{{ item }} chdir=/tmp/s3fs-fuse-{{ s3fs.version }}" + with_items: + - ./autogen.sh + - ./configure --prefix={{ s3fs.install_prefix | default('/usr') }} + - make + - make install + +- name: Allow non-root users to specify the allow_other or allow_root mount options + become: true + lineinfile: + dest: "/etc/fuse.conf" + regexp: "^#user_allow_other$" + line: "user_allow_other" + state: present + backrefs: yes + +- name: Make sure the access keys of buckets are present + become: true + template: + src: passwd-s3fs.j2 + dest: "/etc/passwd-s3fs" + mode: 0640 + owner: "{{ ansible_user_id }}" + with_items: "{{ s3fs.buckets }}" + when: item.accessKeyId is defined and item.secretAccessKey is defined + notify: S3FS | Restart s3fs + +# Mount S3 Bucket to MountPoints +- name: Mount folder to s3 bucket + command: > + s3fs + {% for option in item.options %} + -o {{ option }} + {% endfor %} + {{ item.bucket }} {{ item.mountpoints }} + with_items: "{{ s3fs.buckets }}" diff --git a/tasks/sftp.yml b/tasks/sftp.yml new file mode 100644 index 0000000..1b245e2 --- /dev/null +++ b/tasks/sftp.yml @@ -0,0 +1,24 @@ +--- +# Create main group for SFTP users. +- name: SFTP-Server | Create main sftp user group + group: + name: "{{ item.name }}" + state: present + with_items: "{{ sftp_groups }}" + +- name: SFTP-Server | Add 'Match Group' sshd_config block + blockinfile: + dest: /etc/ssh/sshd_config + marker: '# {mark} SFTP-Server {{ item.name }} group block' + block: | + Match Group {{ item.name }} + ForceCommand internal-sftp {{ item.sftp_enable_logging | ternary('-l VERBOSE', '') }}{% if item.readonly is defined and item.readonly %}-R{% endif %}{{''}}{% if item.default_directory_path is defined and item.default_directory_enabled %}-d {{ item.default_directory_path }}{% endif %}{{''}} + ChrootDirectory %h + PermitTunnel no + AllowTCPForwarding no + X11Forwarding no + PasswordAuthentication {{ item.sftp_allow_passwords | ternary('yes', 'no') }} + PubkeyAuthentication {% if sftp_enable_key_based_auth %}yes{%- else -%}no{% endif %}{{''}} + AllowAgentForwarding no + notify: SFTP-Server | Restart sshd + with_items: "{{ sftp_groups }}" diff --git a/tasks/user.yml b/tasks/user.yml new file mode 100644 index 0000000..98a7957 --- /dev/null +++ b/tasks/user.yml @@ -0,0 +1,55 @@ +--- + +# Create each SFTP user with home directory on the correct partition, and add to SFTP group. +- name: SFTP-Server | Create sftp users + user: + name: "{{ item.name }}" + group: "{{ item.group | default(sftp_groups.0.name) }}" + groups: "{{ (item.groups|default([])) + [sftp_groups.0.name] }}" + append: "{{ item.append | default(False) }}" + home: "{{ item.home | default('/home' + '/' + item.name) }}" + uid: "{{ item.uid | default(omit) }}" + # `None` means default value -> default is to have a shell + shell: "{{ None if (item.shell | default(True)) else '/sbin/nologin' }}" + state: present + with_items: "{{ sftp_users }}" + +# A working chrooted SFTP setup requires root:sftgroup ownership of a user's home directory. +- name: SFTP-Server | Correct ownership and permission of home directories + file: + path: "{{ item.home | default('/home' + '/' + item.name) }}" + owner: root + group: "{{ sftp_chroot_group | default(sftp_groups.0.name) }}" + mode: "0750" + with_items: "{{ sftp_users }}" + +# Install all relevant public keys. +- name: SFTP-Server | Install public keys + authorized_key: + user: "{{ item.name }}" + path: "{{ item.home | default('/home' + '/' + item.name) }}/.ssh/authorized_keys" + key: "{{ item.key }}" + manage_dir: true + with_items: + - "{{ sftp_users }}" + when: item.key is defined + +# Update user passwords, if they were specified. +- name: SFTP-Server | Update user passwords + user: + name: "{{ item.name }}" + password: "{{ item.password }}" + with_items: "{{ sftp_users }}" + when: item.update_password | default(False) + +# Create directories for individual SFTP users. Optional. +- name: SFTP-Server | Create required directories per user + file: + path: "{{ item.extra_dir }}" + owner: "{{ item.name }}" + group: "{{ item.group | default(sftp_groups.0.name) }}" + mode: "{{ item.mode | default('0750') }}" + state: directory + with_items: + - "{{ sftp_users }}" + when: item.extra_dir is defined diff --git a/templates/config/bash_profile.in b/templates/config/bash_profile.in new file mode 100644 index 0000000..0178c17 --- /dev/null +++ b/templates/config/bash_profile.in @@ -0,0 +1,14 @@ +# {{ ansible_managed }} + +printf "\n" +TEXT="{{Env | default ('')}} {{hostvars[inventory_hostname].EcType | default ('')}} {{hostvars[inventory_hostname].Nr | default ('')}}" +sysbanner=`perl -e "print uc('$TEXT');"` +figlet $sysbanner +printf "\n" + +# Terminal PS1 +export PS1="\n\[\\e[1;37m\\]\T : \[\033[01;31m\]\u\[\033[01;33m\] @ \[\033[01;36m\]\H \[\033[01;33m\]\w \[\033[01;35m\]\$ \[\033[00m\]" + +#UTF-8 Compass generation +export LC_ALL="en_US.UTF-8" +export LANG="en_US.UTF-8" diff --git a/templates/config/extra.in b/templates/config/extra.in new file mode 100644 index 0000000..227b271 --- /dev/null +++ b/templates/config/extra.in @@ -0,0 +1,36 @@ +# Ansible managed + +TEXT="prod bastion 1" + +upSeconds="$(/usr/bin/cut -d. -f1 /proc/uptime)" +secs=$((${upSeconds}%60)) +mins=$((${upSeconds}/60%60)) +hours=$((${upSeconds}/3600%24)) +days=$((${upSeconds}/86400)) +UPTIME=`printf "%d days, %02dh%02dm%02ds" "$days" "$hours" "$mins" "$secs"` + +# get the load averages +read one five fifteen rest < /proc/loadavg + +echo "$(tput setaf 033) + .//////////////, + //////////////////// +.///////////////////(((. +/(((((((((((((((((. $(tput setaf 244) ./((((( (( ((((((* (( /( (((((/, $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) HostName...........:$(tput setaf 244) $(tput bold)`perl -e "print uc('$TEXT');"`$(tput sgr0)$(tput setaf 033) +/(((((((((((((%(, $(tput setaf 244) (/ (( /( /( (( (( (( ,( $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) OS.................:$(tput setaf 244) `uname -srmo`$(tput setaf 033) +/((((((((((((/ $(tput setaf 244) (( (( (( (, (( (( (( (/ $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) Uptime.............:$(tput setaf 244) ${UPTIME}$(tput setaf 033) +/((((((((((%*. $(tput setaf 244) .((((((( (((((( ((((((((, (((((((* (((((((( $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) Memory.............:$(tput setaf 244) `cat /proc/meminfo | grep MemFree | awk {'print $2/1000000'}`G (Free) / `cat /proc/meminfo | grep MemTotal | awk {'print $2/1000000'}`G (Total) $(tput setaf 033) +/((((####(, $(tput setaf 244) $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) HDD................:$(tput setaf 244) `df -h --total | grep total | awk '{print $4}'` (Free) / `df -h --total | grep total | awk '{print $2}'` (Total) $(tput setaf 033) +/######### $(tput setaf 244) ###(####. ###*/(## ###%#(##/ ### ## ####### $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) Load Averages......:$(tput setaf 244) ${one}, ${five}, ${fifteen} (1, 5, 15 min) $(tput setaf 033) +/##########. $(tput setaf 244) ##* ## ### ### ## ##. ### ## #,,,,, $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) Running Processes..:$(tput setaf 244) `ps ax | wc -l | tr -d " "` $(tput setaf 033) +/################ $(tput setaf 244) ##* %## ###.## ### ### ## ##/ #''''' $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) Internal IP........:$(tput setaf 244) `ip a | grep glo | awk '{print $2}' | head -1 | cut -f1 -d/` $(tput setaf 033) +*#################* $(tput setaf 244) %%%%%%% %%# %%# %%%%%%. %%%# %%%%%%% $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) External IP........:$(tput setaf 244) `wget -q -O - http://icanhazip.com/ | tail` $(tput setaf 033) + %%%%%%%%%%%%%%%%%%%%%%. + *%%%%%%%%%%%%%%%%%%* + .,/#%%%%%%%%#/,. + +$(tput sgr0)" + +# UTF-8 Compass generation +export LC_ALL='en_US.UTF-8' +export LANG='en_US.UTF-8' diff --git a/templates/config/nrpe.in b/templates/config/nrpe.in new file mode 100644 index 0000000..3700b1c --- /dev/null +++ b/templates/config/nrpe.in @@ -0,0 +1,247 @@ +# {{ ansible_managed }} + +############################################################################# +# Sample NRPE Config File +# Written by: Ethan Galstad (nagios@nagios.org) +# +# Last Modified: 11-23-2007 +# +# NOTES: +# This is a sample configuration file for the NRPE daemon. It needs to be +# located on the remote host that is running the NRPE daemon, not the host +# from which the check_nrpe client is being executed. +############################################################################# + + +# LOG FACILITY +# The syslog facility that should be used for logging purposes. + +log_facility=daemon + + + +# PID FILE +# The name of the file in which the NRPE daemon should write it's process ID +# number. The file is only written if the NRPE daemon is started by the root +# user and is running in standalone mode. + +pid_file=/var/run/nagios/nrpe.pid + + + +# PORT NUMBER +# Port number we should wait for connections on. +# NOTE: This must be a non-priviledged port (i.e. > 1024). +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +server_port=5666 + + + +# SERVER ADDRESS +# Address that nrpe should bind to in case there are more than one interface +# and you do not want nrpe to bind on all interfaces. +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +#server_address={{ansible_hostname}} + + + +# NRPE USER +# This determines the effective user that the NRPE daemon should run as. +# You can either supply a username or a UID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_user=nagios + + + +# NRPE GROUP +# This determines the effective group that the NRPE daemon should run as. +# You can either supply a group name or a GID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_group=nagios + + + +# ALLOWED HOST ADDRESSES +# This is an optional comma-delimited list of IP address or hostnames +# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask +# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently +# supported. +# +# Note: The daemon only does rudimentary checking of the client's IP +# address. I would highly recommend adding entries in your /etc/hosts.allow +# file to allow only the specified host to connect to the port +# you are running this daemon on. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +allowed_hosts=52.31.32.200 + + + +# COMMAND ARGUMENT PROCESSING +# This option determines whether or not the NRPE daemon will allow clients +# to specify arguments to commands that are executed. This option only works +# if the daemon was configured with the --enable-command-args configure script +# option. +# +# *** ENABLING THIS OPTION IS A SECURITY RISK! *** +# Read the SECURITY file for information on some of the security implications +# of enabling this variable. +# +# Values: 0=do not allow arguments, 1=allow command arguments + +dont_blame_nrpe=0 + + + +# BASH COMMAND SUBTITUTION +# This option determines whether or not the NRPE daemon will allow clients +# to specify arguments that contain bash command substitutions of the form +# $(...). This option only works if the daemon was configured with both +# the --enable-command-args and --enable-bash-command-substitution configure +# script options. +# +# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** +# Read the SECURITY file for information on some of the security implications +# of enabling this variable. +# +# Values: 0=do not allow bash command substitutions, +# 1=allow bash command substitutions + +allow_bash_command_substitution=0 + + + +# COMMAND PREFIX +# This option allows you to prefix all commands with a user-defined string. +# A space is automatically added between the specified prefix string and the +# command line from the command definition. +# +# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** +# Usage scenario: +# Execute restricted commmands using sudo. For this to work, you need to add +# the nagios user to your /etc/sudoers. An example entry for alllowing +# execution of the plugins from might be: +# +# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ +# +# This lets the nagios user run all commands in that directory (and only them) +# without asking for a password. If you do this, make sure you don't give +# random users write access to that directory or its contents! + +# command_prefix=/usr/bin/sudo + + + +# DEBUGGING OPTION +# This option determines whether or not debugging messages are logged to the +# syslog facility. +# Values: 0=debugging off, 1=debugging on + +debug=0 + + + +# COMMAND TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# allow plugins to finish executing before killing them off. + +command_timeout=60 + + + +# CONNECTION TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# wait for a connection to be established before exiting. This is sometimes +# seen where a network problem stops the SSL being established even though +# all network sessions are connected. This causes the nrpe daemons to +# accumulate, eating system resources. Do not set this too low. + +connection_timeout=300 + + + +# WEEK RANDOM SEED OPTION +# This directive allows you to use SSL even if your system does not have +# a /dev/random or /dev/urandom (on purpose or because the necessary patches +# were not applied). The random number generator will be seeded from a file +# which is either a file pointed to by the environment valiable $RANDFILE +# or $HOME/.rnd. If neither exists, the pseudo random number generator will +# be initialized and a warning will be issued. +# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness + +#allow_weak_random_seed=1 + + + +# INCLUDE CONFIG FILE +# This directive allows you to include definitions from an external config file. + +#include= + + + +# INCLUDE CONFIG DIRECTORY +# This directive allows you to include definitions from config files (with a +# .cfg extension) in one or more directories (with recursion). + +#include_dir= +#include_dir= + + + +# COMMAND DEFINITIONS +# Command definitions that this daemon will run. Definitions +# are in the following format: +# +# command[]= +# +# When the daemon receives a request to return the results of +# it will execute the command specified by the argument. +# +# Unlike Nagios, the command line cannot contain macros - it must be +# typed exactly as it should be executed. +# +# Note: Any plugins that are used in the command lines must reside +# on the machine that this daemon is running on! The examples below +# assume that you have plugins installed in a /usr/local/nagios/libexec +# directory. Also note that you will have to modify the definitions below +# to match the argument format the plugins expect. Remember, these are +# examples only! + + +# The following examples use hardcoded command arguments... + +command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 +command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 +command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 +command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z +command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 + + +# The following examples allow user-supplied arguments and can +# only be used if the NRPE daemon was compiled with support for +# command arguments *AND* the dont_blame_nrpe directive in this +# config file is set to '1'. This poses a potential security risk, so +# make sure you read the SECURITY file before doing this. + +#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ +#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ +#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ +#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ + +# +# local configuration: +# if you'd prefer, you can instead place directives here +include=/etc/nagios/nrpe_local.cfg + +# +# you can place your config snipplets into nrpe.d/ +# only snipplets ending in .cfg will get included +include_dir=/etc/nagios/nrpe.d/ diff --git a/templates/passwd-s3fs.j2 b/templates/passwd-s3fs.j2 new file mode 100644 index 0000000..f19456a --- /dev/null +++ b/templates/passwd-s3fs.j2 @@ -0,0 +1,3 @@ +{% for bucket in s3fs.buckets %} +{{ bucket.bucket }}:{{ bucket.accessKeyId | default('accessKeyId') }}:{{ bucket.secretAccessKey | default('secretAccessKey') }} +{% endfor %} diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..30b90d8 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,14 @@ +--- +s3fs_dependencies: + - unzip + - fuse + - libssl-dev + - pkg-config + - build-essential + - libfuse-dev + - libcurl4-openssl-dev + - libxml2-dev + - mime-support + - automake + - libtool + - ntp