diff --git a/.github/workflows/galaxy.yml b/.github/workflows/galaxy.yml new file mode 100644 index 0000000..3c35b80 --- /dev/null +++ b/.github/workflows/galaxy.yml @@ -0,0 +1,16 @@ +--- +name: Release to Ansible Galaxy + +on: + push: + tags: + - '*' + +jobs: + release: + runs-on: ubuntu-22.04 + steps: + - name: galaxy + uses: robertdebock/galaxy-action@1.0.1 + with: + galaxy_api_key: ${{ secrets.galaxy_api_key }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..8437bb4 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,73 @@ +--- +name: Lint +on: + pull_request: + push: + branches: + - master + +jobs: + + yamllint: + name: yamllint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + + - name: Set up Python 3.7. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install yamllist + run: pip3 install yamllint + + - name: Run yamllint. + run: yamllint . + + ansible-lint: + name: ansible-lint + runs-on: ubuntu-latest + steps: + - name: Checkout the codebase. + uses: actions/checkout@v2 + + - name: Set up Python 3.7. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install ansible and other packages + run: pip3 install ansible ansible-lint + + - name: Run ansible-lint. + run: ansible-lint + + pre-commit: + name: 'Pre-Commit' + needs: + - yamllint + - ansible-lint + runs-on: ubuntu-latest + steps: + - name: 'Checkout' + uses: actions/checkout@v2.3.4 + + - name: Install ansible-lint + run: pip3 install ansible-lint + + - name: 'Pre-Commit 🔎' + uses: pre-commit/action@v2.0.3 + continue-on-error: true + + - name: 'Slack Notification' + uses: clouddrove/action-slack@v2 + with: + status: ${{ job.status }} + fields: repo,author + author_name: 'CloudDrove Inc.' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_ANSIBLE }} + if: always() diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml new file mode 100644 index 0000000..42833db --- /dev/null +++ b/.github/workflows/readme.yml @@ -0,0 +1,58 @@ +--- +name: 'Create README.md file' +'on': + push: + branches: + - master + +jobs: + readme-create: + name: 'Autogenerate Readme file' + runs-on: ubuntu-latest + steps: + - name: 'Checkout' + uses: actions/checkout@master + + - name: Set up Python 3.7. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: 'Generate readme.md from readme.yaml' + uses: 'clouddrove/github-actions@v8.0' + with: + actions_subcommand: 'readme' + github_token: '${{ secrets.GITHUB }}' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + continue-on-error: true + + - name: Install ansible-lint + run: pip3 install ansible-lint + + - name: pre-commit check errors + uses: pre-commit/action@v2.0.0 + continue-on-error: true + + - name: pre-commit fix errors + uses: pre-commit/action@v2.0.0 + continue-on-error: true + + - name: 'push readme' + uses: 'clouddrove/github-actions@v8.0' + continue-on-error: true + with: + actions_subcommand: 'push' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Slack Notification' + uses: clouddrove/action-slack@v2 + with: + status: ${{ job.status }} + fields: repo,author + author_name: 'CloudDrove Inc.' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_ANSIBLE }} + if: always() diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..59bb916 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +# ignored files +.idea +*.iml +*.zip +.cache diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..452b1cd --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,21 @@ +--- +repos: + + - repo: https://github.com/pre-commit/pre-commit-hooks.git + rev: v3.4.0 + hooks: + - id: end-of-file-fixer + - id: trailing-whitespace + - id: mixed-line-ending + - id: check-byte-order-marker + - id: check-executables-have-shebangs + - id: check-merge-conflict + - id: debug-statements + - id: check-yaml + - id: check-added-large-files + + - repo: https://github.com/ansible/ansible-lint.git + rev: v5.0.8 + hooks: + - id: ansible-lint + files: \.(yaml|yml)$ diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..972ae51 --- /dev/null +++ b/.yamllint @@ -0,0 +1,9 @@ +--- +extends: default + +rules: + line-length: + max: 153 + level: warning + truthy: + allowed-values: ['true', 'false', 'yes', 'no'] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..55beef5 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 Cloud Drove + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..f0eef15 --- /dev/null +++ b/Makefile @@ -0,0 +1,3 @@ +export GENIE_PATH ?= $(shell 'pwd')/../../../genie + +include $(GENIE_PATH)/Makefile diff --git a/README.md b/README.md new file mode 100644 index 0000000..dcb69eb --- /dev/null +++ b/README.md @@ -0,0 +1,146 @@ + + + +
+ +
+ This ansible role install S3 SFTP packages On Ubuntu. +
+ ++ + + + + + + + + + + + + + + +
+ +We are The Cloud Experts!
+We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.
+ + [website]: https://clouddrove.com + [github]: https://github.com/clouddrove + [linkedin]: https://cpco.io/linkedin + [twitter]: https://twitter.com/clouddrove/ + [email]: https://clouddrove.com/contact-us.html + [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language= diff --git a/README.yaml b/README.yaml new file mode 100644 index 0000000..0bf1595 --- /dev/null +++ b/README.yaml @@ -0,0 +1,92 @@ +--- +# +# This is the canonical configuration for the `README.md` +# Run `make readme` to rebuild the `README.md` +# + +# Name of this project +name: Ansible Role S3 SFTP + +# License of this project +license: "MIT" + +# Canonical GitHub repo +github_repo: clouddrove/ansible-role-s3-sftp + +# Badges to display +badges: + - name: "Ansible" + image: "https://img.shields.io/badge/Ansible-2.9-green?style=flat&logo=ansible" + url: "https://www.ansible.com" + - name: "Licence" + image: "https://img.shields.io/badge/License-MIT-blue.svg" + url: "LICENSE.md" + - name: "Distribution" + image: "https://img.shields.io/badge/ubuntu-23.x-orange?style=flat&logo=ubuntu" + url: "https://ubuntu.com/" + - name: "Actions" + image: "https://github.com/clouddrove/ansible-role-s3-sftp/actions/workflows/lint.yml/badge.svg" + url: "https://github.com/clouddrove/ansible-role-s3-sftp/actions/workflows/lint.yml" + +# Prerequesties to display +# yamllint disable +prerequesties: + - name: "Ansible2.9" + url: "https://www.ansible.com" + - name: "Python" + url: "https://www.python.org/downloads" + +# What Includes to display +what_includes: + - name: "s3fs" + - name: "openssl" + - name: "groff" + - name: "telnet" + - name: "htop" + - name: "wget" + - name: "python3-pip" + - name: "zip" + - name: "unzip" + - name: "fuse" + - name: "libssl-dev" + - name: "pkg-config" + - name: "build-essential" + - name: "libfuse-dev" + - name: "libcurl4-openssl-dev" + - name: "libxml2-dev" + - name: "mime-support" + - name: "automake" + - name: "libtool" + - name: "ntp" + +# description of this project +description: |- + This ansible role install S3 SFTP and S3FS/Fuse packages On Ubuntu. +# yamllint enable +# How to use this project +usage: |- + ```yaml + - hosts: localhost + remote_user: root + become: true + roles: + - ansible-role-s3-sftp + ``` + +# How to install project +installation: |- + ```console + $ ansible-galaxy install clouddrove.ansible-role-s3-sftp + ``` + + +variables: |- + ```yaml + zsh_theme: steeef + state: present + aws: true + + user: false + username: ec2-user + + ``` diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..f456335 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,38 @@ +--- +# Default file for ansible-role-s3-sftp + +# SFTP Group +sftp_groups: + - name: sftpusers + default_directory_enabled: true + default_directory_path: /%u + sftp_allow_passwords: false + sftp_enable_logging: false +sftp_enable_key_based_auth: true + +# Create SFTP Users +sftp_users: + - name: testuser + group: sftpusers + shell: /sbin/nologin # This will prevent ssh login for this User, only SFTP Login will be allowed + extra_dir: /home/testuser/testuser + # home: /home/testuser # Uncomment this use override default Home Directory for User + key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCilb6q4n3bnXxFtPkzUCQ6UqF+Gr+Bnjg5e/aF5vv/QRcVf67B6W8xfPZt0fwxRokMDgWF8IWc8U6Kbw2xmMvglz4aHsHjTtMmPkNORtyHZpgOyEQSGzdfpkC7xmU8hcmzHlZ37mribD5oGk5PSovkLR4q4LiEpysG3nm3+P80KIDx82qHmywOYdpPzk0SxHcFK1NwQvb9i292eeQNXnSCqmlsLMF5nhb8YvxfToTnNnYxwh13BPN/VzBNP1E9CT5d6D7p1dACVxwVQk9Z85Y22eqDy/YQaz+my7aKaIqd1djMLVGQIMFGZkEwRS5LiI/2T0mipaQklx/OzJKBOCMt key-pair-name" + +# S3FS setup +s3fs: + version: 1.94 + install_prefix: /usr # Default is also /usr, (change tis value to override install prefix) + buckets: + - bucket: sftp-role-testing-bucket + mountpoints: /home/testuser/testuser + # accessKeyId: xxxx9tIxxxxx # Uncomment and change default value to actually working Access Key ID which have S3 bucket access. + # secretAccessKey: XxxxxXXXXxxxxXXXXXXxxxXXX # Uncomment and change default value to actually working Secret Access Key ID which have S3 bucket access + options: + - endpoint=us-east-1 + - nonempty + - use_cache=/tmp + - mp_umask=002 + - allow_other + - multireq_max=5 + - iam_role=sftp-role-testing-role # Update this IAM role with created IAM role to access s3 bucket from the server or provide `accessKeyId` and `secretAccessKey`. diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..9443224 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: SFTP-Server | Restart sshd + service: + name: "{{ 'ssh' if ansible_os_family == 'Debian' else 'sshd' }}" + state: restarted + +- name: S3FS | Restart s3fs + become: true + service: + name: s3fs + state: restarted + enabled: true diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..f711dc3 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,39 @@ +--- +galaxy_info: + author: Anmol Nagpal + description: This ansible role install sftp in the ubuntu and setup users and groups accordingly and mount aws s3 bucket to all users + company: "CloudDrove Inc." + license: "license (BSD, MIT)" + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Ubuntu + versions: + - trusty + - xenial + - focal + + galaxy_tags: + - server + - cloud + - amazon + - aws + - sftp + - s3 + - storage + - ubuntu + - linux + - debian + - apt + +dependencies: [] diff --git a/tasks/apt-pkg.yml b/tasks/apt-pkg.yml new file mode 100644 index 0000000..6108e9c --- /dev/null +++ b/tasks/apt-pkg.yml @@ -0,0 +1,31 @@ +--- +- name: Add git stable apt_repository on Ubuntu + apt_repository: + repo: ppa:git-core/ppa + state: present + +- name: Install system packages and utils on ubuntu + apt: + pkg: + [ + "openssl", + "groff", + "telnet", + "s3fs", # Tool to mount aws S3 to local storage + "htop", + "wget", + "python3-pip", + "zip", + "unzip", + ] + state: present + update_cache: true + cache_valid_time: 5400 + changed_when: false + +- name: Install python packages + apt: + name: + - awscli + - iotop + state: present diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..82d9509 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,13 @@ +--- + +# Download Required Packages +- include_tasks: apt-pkg.yml + +# Configure SFTP +- include_tasks: sftp.yml + +# User Configurations +- include_tasks: user.yml + +# Setup and Mount S3FS +- include_tasks: s3fs.yml diff --git a/tasks/s3fs.yml b/tasks/s3fs.yml new file mode 100644 index 0000000..c11516d --- /dev/null +++ b/tasks/s3fs.yml @@ -0,0 +1,55 @@ +--- +- name: Install dependent packages for s3fs-fuse + package: + name="{{ item }}" + state="present" + update_cache=yes + with_items: "{{ s3fs_dependencies }}" + +# Download and Setup S3FS +- name: Download s3fs sources + get_url: url=https://github.com/s3fs-fuse/s3fs-fuse/archive/v{{ s3fs.version }}.tar.gz dest=/tmp/s3fs-fuse-{{ s3fs.version }}.tar.gz +- name: extract tar.gz of s3fs-fuse + unarchive: + src: /tmp/s3fs-fuse-{{ s3fs.version }}.tar.gz + remote_src: yes + dest: /tmp + creates: s3fs-fuse-{{ s3fs.version }} + +- name: Building and installing s3fs-fuse v{{ s3fs.version }} + command: "{{ item }} chdir=/tmp/s3fs-fuse-{{ s3fs.version }}" + with_items: + - ./autogen.sh + - ./configure --prefix={{ s3fs.install_prefix | default('/usr') }} + - make + - make install + +- name: Allow non-root users to specify the allow_other or allow_root mount options + become: true + lineinfile: + dest: "/etc/fuse.conf" + regexp: "^#user_allow_other$" + line: "user_allow_other" + state: present + backrefs: yes + +- name: Make sure the access keys of buckets are present + become: true + template: + src: passwd-s3fs.j2 + dest: "/etc/passwd-s3fs" + mode: 0640 + owner: "{{ ansible_user_id }}" + with_items: "{{ s3fs.buckets }}" + when: item.accessKeyId is defined and item.secretAccessKey is defined + notify: S3FS | Restart s3fs + +# Mount S3 Bucket to MountPoints +- name: Mount folder to s3 bucket + command: > + s3fs + {% for option in item.options %} + -o {{ option }} + {% endfor %} + {{ item.bucket }} {{ item.mountpoints }} + with_items: "{{ s3fs.buckets }}" diff --git a/tasks/sftp.yml b/tasks/sftp.yml new file mode 100644 index 0000000..1b245e2 --- /dev/null +++ b/tasks/sftp.yml @@ -0,0 +1,24 @@ +--- +# Create main group for SFTP users. +- name: SFTP-Server | Create main sftp user group + group: + name: "{{ item.name }}" + state: present + with_items: "{{ sftp_groups }}" + +- name: SFTP-Server | Add 'Match Group' sshd_config block + blockinfile: + dest: /etc/ssh/sshd_config + marker: '# {mark} SFTP-Server {{ item.name }} group block' + block: | + Match Group {{ item.name }} + ForceCommand internal-sftp {{ item.sftp_enable_logging | ternary('-l VERBOSE', '') }}{% if item.readonly is defined and item.readonly %}-R{% endif %}{{''}}{% if item.default_directory_path is defined and item.default_directory_enabled %}-d {{ item.default_directory_path }}{% endif %}{{''}} + ChrootDirectory %h + PermitTunnel no + AllowTCPForwarding no + X11Forwarding no + PasswordAuthentication {{ item.sftp_allow_passwords | ternary('yes', 'no') }} + PubkeyAuthentication {% if sftp_enable_key_based_auth %}yes{%- else -%}no{% endif %}{{''}} + AllowAgentForwarding no + notify: SFTP-Server | Restart sshd + with_items: "{{ sftp_groups }}" diff --git a/tasks/user.yml b/tasks/user.yml new file mode 100644 index 0000000..98a7957 --- /dev/null +++ b/tasks/user.yml @@ -0,0 +1,55 @@ +--- + +# Create each SFTP user with home directory on the correct partition, and add to SFTP group. +- name: SFTP-Server | Create sftp users + user: + name: "{{ item.name }}" + group: "{{ item.group | default(sftp_groups.0.name) }}" + groups: "{{ (item.groups|default([])) + [sftp_groups.0.name] }}" + append: "{{ item.append | default(False) }}" + home: "{{ item.home | default('/home' + '/' + item.name) }}" + uid: "{{ item.uid | default(omit) }}" + # `None` means default value -> default is to have a shell + shell: "{{ None if (item.shell | default(True)) else '/sbin/nologin' }}" + state: present + with_items: "{{ sftp_users }}" + +# A working chrooted SFTP setup requires root:sftgroup ownership of a user's home directory. +- name: SFTP-Server | Correct ownership and permission of home directories + file: + path: "{{ item.home | default('/home' + '/' + item.name) }}" + owner: root + group: "{{ sftp_chroot_group | default(sftp_groups.0.name) }}" + mode: "0750" + with_items: "{{ sftp_users }}" + +# Install all relevant public keys. +- name: SFTP-Server | Install public keys + authorized_key: + user: "{{ item.name }}" + path: "{{ item.home | default('/home' + '/' + item.name) }}/.ssh/authorized_keys" + key: "{{ item.key }}" + manage_dir: true + with_items: + - "{{ sftp_users }}" + when: item.key is defined + +# Update user passwords, if they were specified. +- name: SFTP-Server | Update user passwords + user: + name: "{{ item.name }}" + password: "{{ item.password }}" + with_items: "{{ sftp_users }}" + when: item.update_password | default(False) + +# Create directories for individual SFTP users. Optional. +- name: SFTP-Server | Create required directories per user + file: + path: "{{ item.extra_dir }}" + owner: "{{ item.name }}" + group: "{{ item.group | default(sftp_groups.0.name) }}" + mode: "{{ item.mode | default('0750') }}" + state: directory + with_items: + - "{{ sftp_users }}" + when: item.extra_dir is defined diff --git a/templates/config/bash_profile.in b/templates/config/bash_profile.in new file mode 100644 index 0000000..0178c17 --- /dev/null +++ b/templates/config/bash_profile.in @@ -0,0 +1,14 @@ +# {{ ansible_managed }} + +printf "\n" +TEXT="{{Env | default ('')}} {{hostvars[inventory_hostname].EcType | default ('')}} {{hostvars[inventory_hostname].Nr | default ('')}}" +sysbanner=`perl -e "print uc('$TEXT');"` +figlet $sysbanner +printf "\n" + +# Terminal PS1 +export PS1="\n\[\\e[1;37m\\]\T : \[\033[01;31m\]\u\[\033[01;33m\] @ \[\033[01;36m\]\H \[\033[01;33m\]\w \[\033[01;35m\]\$ \[\033[00m\]" + +#UTF-8 Compass generation +export LC_ALL="en_US.UTF-8" +export LANG="en_US.UTF-8" diff --git a/templates/config/extra.in b/templates/config/extra.in new file mode 100644 index 0000000..227b271 --- /dev/null +++ b/templates/config/extra.in @@ -0,0 +1,36 @@ +# Ansible managed + +TEXT="prod bastion 1" + +upSeconds="$(/usr/bin/cut -d. -f1 /proc/uptime)" +secs=$((${upSeconds}%60)) +mins=$((${upSeconds}/60%60)) +hours=$((${upSeconds}/3600%24)) +days=$((${upSeconds}/86400)) +UPTIME=`printf "%d days, %02dh%02dm%02ds" "$days" "$hours" "$mins" "$secs"` + +# get the load averages +read one five fifteen rest < /proc/loadavg + +echo "$(tput setaf 033) + .//////////////, + //////////////////// +.///////////////////(((. +/(((((((((((((((((. $(tput setaf 244) ./((((( (( ((((((* (( /( (((((/, $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) HostName...........:$(tput setaf 244) $(tput bold)`perl -e "print uc('$TEXT');"`$(tput sgr0)$(tput setaf 033) +/(((((((((((((%(, $(tput setaf 244) (/ (( /( /( (( (( (( ,( $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) OS.................:$(tput setaf 244) `uname -srmo`$(tput setaf 033) +/((((((((((((/ $(tput setaf 244) (( (( (( (, (( (( (( (/ $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) Uptime.............:$(tput setaf 244) ${UPTIME}$(tput setaf 033) +/((((((((((%*. $(tput setaf 244) .((((((( (((((( ((((((((, (((((((* (((((((( $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) Memory.............:$(tput setaf 244) `cat /proc/meminfo | grep MemFree | awk {'print $2/1000000'}`G (Free) / `cat /proc/meminfo | grep MemTotal | awk {'print $2/1000000'}`G (Total) $(tput setaf 033) +/((((####(, $(tput setaf 244) $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) HDD................:$(tput setaf 244) `df -h --total | grep total | awk '{print $4}'` (Free) / `df -h --total | grep total | awk '{print $2}'` (Total) $(tput setaf 033) +/######### $(tput setaf 244) ###(####. ###*/(## ###%#(##/ ### ## ####### $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) Load Averages......:$(tput setaf 244) ${one}, ${five}, ${fifteen} (1, 5, 15 min) $(tput setaf 033) +/##########. $(tput setaf 244) ##* ## ### ### ## ##. ### ## #,,,,, $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) Running Processes..:$(tput setaf 244) `ps ax | wc -l | tr -d " "` $(tput setaf 033) +/################ $(tput setaf 244) ##* %## ###.## ### ### ## ##/ #''''' $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) Internal IP........:$(tput setaf 244) `ip a | grep glo | awk '{print $2}' | head -1 | cut -f1 -d/` $(tput setaf 033) +*#################* $(tput setaf 244) %%%%%%% %%# %%# %%%%%%. %%%# %%%%%%% $(tput setaf 033)|$(tput setaf 244)| $(tput setaf 033) External IP........:$(tput setaf 244) `wget -q -O - http://icanhazip.com/ | tail` $(tput setaf 033) + %%%%%%%%%%%%%%%%%%%%%%. + *%%%%%%%%%%%%%%%%%%* + .,/#%%%%%%%%#/,. + +$(tput sgr0)" + +# UTF-8 Compass generation +export LC_ALL='en_US.UTF-8' +export LANG='en_US.UTF-8' diff --git a/templates/config/nrpe.in b/templates/config/nrpe.in new file mode 100644 index 0000000..3700b1c --- /dev/null +++ b/templates/config/nrpe.in @@ -0,0 +1,247 @@ +# {{ ansible_managed }} + +############################################################################# +# Sample NRPE Config File +# Written by: Ethan Galstad (nagios@nagios.org) +# +# Last Modified: 11-23-2007 +# +# NOTES: +# This is a sample configuration file for the NRPE daemon. It needs to be +# located on the remote host that is running the NRPE daemon, not the host +# from which the check_nrpe client is being executed. +############################################################################# + + +# LOG FACILITY +# The syslog facility that should be used for logging purposes. + +log_facility=daemon + + + +# PID FILE +# The name of the file in which the NRPE daemon should write it's process ID +# number. The file is only written if the NRPE daemon is started by the root +# user and is running in standalone mode. + +pid_file=/var/run/nagios/nrpe.pid + + + +# PORT NUMBER +# Port number we should wait for connections on. +# NOTE: This must be a non-priviledged port (i.e. > 1024). +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +server_port=5666 + + + +# SERVER ADDRESS +# Address that nrpe should bind to in case there are more than one interface +# and you do not want nrpe to bind on all interfaces. +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +#server_address={{ansible_hostname}} + + + +# NRPE USER +# This determines the effective user that the NRPE daemon should run as. +# You can either supply a username or a UID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_user=nagios + + + +# NRPE GROUP +# This determines the effective group that the NRPE daemon should run as. +# You can either supply a group name or a GID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_group=nagios + + + +# ALLOWED HOST ADDRESSES +# This is an optional comma-delimited list of IP address or hostnames +# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask +# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently +# supported. +# +# Note: The daemon only does rudimentary checking of the client's IP +# address. I would highly recommend adding entries in your /etc/hosts.allow +# file to allow only the specified host to connect to the port +# you are running this daemon on. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +allowed_hosts=52.31.32.200 + + + +# COMMAND ARGUMENT PROCESSING +# This option determines whether or not the NRPE daemon will allow clients +# to specify arguments to commands that are executed. This option only works +# if the daemon was configured with the --enable-command-args configure script +# option. +# +# *** ENABLING THIS OPTION IS A SECURITY RISK! *** +# Read the SECURITY file for information on some of the security implications +# of enabling this variable. +# +# Values: 0=do not allow arguments, 1=allow command arguments + +dont_blame_nrpe=0 + + + +# BASH COMMAND SUBTITUTION +# This option determines whether or not the NRPE daemon will allow clients +# to specify arguments that contain bash command substitutions of the form +# $(...). This option only works if the daemon was configured with both +# the --enable-command-args and --enable-bash-command-substitution configure +# script options. +# +# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** +# Read the SECURITY file for information on some of the security implications +# of enabling this variable. +# +# Values: 0=do not allow bash command substitutions, +# 1=allow bash command substitutions + +allow_bash_command_substitution=0 + + + +# COMMAND PREFIX +# This option allows you to prefix all commands with a user-defined string. +# A space is automatically added between the specified prefix string and the +# command line from the command definition. +# +# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** +# Usage scenario: +# Execute restricted commmands using sudo. For this to work, you need to add +# the nagios user to your /etc/sudoers. An example entry for alllowing +# execution of the plugins from might be: +# +# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ +# +# This lets the nagios user run all commands in that directory (and only them) +# without asking for a password. If you do this, make sure you don't give +# random users write access to that directory or its contents! + +# command_prefix=/usr/bin/sudo + + + +# DEBUGGING OPTION +# This option determines whether or not debugging messages are logged to the +# syslog facility. +# Values: 0=debugging off, 1=debugging on + +debug=0 + + + +# COMMAND TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# allow plugins to finish executing before killing them off. + +command_timeout=60 + + + +# CONNECTION TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# wait for a connection to be established before exiting. This is sometimes +# seen where a network problem stops the SSL being established even though +# all network sessions are connected. This causes the nrpe daemons to +# accumulate, eating system resources. Do not set this too low. + +connection_timeout=300 + + + +# WEEK RANDOM SEED OPTION +# This directive allows you to use SSL even if your system does not have +# a /dev/random or /dev/urandom (on purpose or because the necessary patches +# were not applied). The random number generator will be seeded from a file +# which is either a file pointed to by the environment valiable $RANDFILE +# or $HOME/.rnd. If neither exists, the pseudo random number generator will +# be initialized and a warning will be issued. +# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness + +#allow_weak_random_seed=1 + + + +# INCLUDE CONFIG FILE +# This directive allows you to include definitions from an external config file. + +#include=