diff options
Diffstat (limited to 'extra')
| -rwxr-xr-x | extra/auto-reload-config.runit | 2 | ||||
| -rwxr-xr-x | extra/oxidized-report-git-commits | 61 | ||||
| -rw-r--r-- | extra/oxidized-ubuntu.haproxy | 45 | ||||
| -rwxr-xr-x | extra/oxidized.init | 6 | ||||
| -rw-r--r-- | extra/oxidized.logrotate | 7 | ||||
| -rw-r--r-- | extra/oxidized.service | 4 | ||||
| -rw-r--r-- | extra/rest_client.rb | 9 | ||||
| -rwxr-xr-x | extra/syslog.rb | 32 | ||||
| -rwxr-xr-x | extra/update-ca-certificates.runit | 7 |
9 files changed, 108 insertions, 65 deletions
diff --git a/extra/auto-reload-config.runit b/extra/auto-reload-config.runit index 5eaecc8..cf6e7c2 100755 --- a/extra/auto-reload-config.runit +++ b/extra/auto-reload-config.runit @@ -2,7 +2,7 @@ if [ -z "$CONFIG_RELOAD_INTERVAL" ]; then # Just stop and do nothing - read + sleep infinity fi while true; do diff --git a/extra/oxidized-report-git-commits b/extra/oxidized-report-git-commits index 2fd4870..193e2cd 100755 --- a/extra/oxidized-report-git-commits +++ b/extra/oxidized-report-git-commits @@ -17,64 +17,45 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# 20170615 - Andre Sencioles <asenci@gmail.com> +# Removed requirement for Git working directory +# Check job status +# +# # usage: add the following hook to the oxidized config file: # # hooks: # email_output: # type: exec # events: [post_store, node_fail] -# cmd: '/home/oxidized/extra/oxidized-report-git-commits ~/gitdir/ | mail -s "Oxidized updates for ${OX_NODE_NAME}" update-recipient@example.com' +# cmd: '/home/oxidized/extra/oxidized-report-git-commits | mail -s "Oxidized updates for ${OX_NODE_NAME}" update-recipient@example.com' # async: true # timeout: 120 # # -# The script takes a single argument, namely a git working directory name, -# e.g. "~/gitdir/". This is only used as a staging directory and should -# not be set to be the same as the git repo directory. -# -PATH=${PATH}:/usr/local/bin:/usr/local/sbin -export PATH +echo "Node name: ${OX_NODE_NAME}" +echo "Group name: ${OX_NODE_GROUP}" +echo "Job status: ${OX_JOB_STATUS}" +echo "Job time: ${OX_JOB_TIME}" -gitdir=$1 +if [ "${OX_EVENT}" = "node_fail" ]; then + echo 'Job failed' + exit 64 +fi -if [ X${OX_REPO_COMMITREF} = "X" ]; then - echo \$OX_REPO_COMMITREF not set +if [ -z "${OX_REPO_COMMITREF}" ]; then + echo '$OX_REPO_COMMITREF not set' exit 64 fi -if [ X${OX_REPO_NAME} = "X" ]; then - echo \$OX_REPO_NAME not set +if [ -z "${OX_REPO_NAME}" ]; then + echo '$OX_REPO_NAME not set' exit 64 fi -if [ ! -d ${gitdir}/.git ]; then - git clone -q ${OX_REPO_NAME} ${gitdir} - - ret=$? - if [ X"${ret}" != X0 ] && [ X"${ret}" != X1 ]; then - echo git clone failed: aborting. - exit 128 - fi -fi - -cd ${gitdir} - -git pull -q > /dev/null 2>&1 -ret=$? -if [ X"${ret}" != X0 ] && [ X"${ret}" != X1 ]; then - echo git pull failed: aborting. - exit 128 -fi - -# Git is probably working at this stage, so safe to emit more info - -echo "Node name: ${OX_NODE_NAME}" -echo "Group Name: ${OX_NODE_GROUP}" -echo "Job Time: ${OX_JOB_TIME}" -echo "Git Commit ID: ${OX_REPO_COMMITREF}" -echo "Git Repo: ${OX_REPO_NAME}" -echo "Local working dir: ${gitdir}" +echo "Git repo: ${OX_REPO_NAME}" +echo "Git commit ID: ${OX_REPO_COMMITREF}" echo "" -git diff --no-color ${OX_REPO_COMMITREF}~1..${OX_REPO_COMMITREF} +git --bare --git-dir="${OX_REPO_NAME}" show --pretty='' --no-color "${OX_REPO_COMMITREF}" diff --git a/extra/oxidized-ubuntu.haproxy b/extra/oxidized-ubuntu.haproxy new file mode 100644 index 0000000..91b76b2 --- /dev/null +++ b/extra/oxidized-ubuntu.haproxy @@ -0,0 +1,45 @@ +global + log /dev/log local0 + log /dev/log local1 notice + chroot /var/lib/haproxy + stats socket /run/haproxy/admin.sock mode 660 level admin + stats timeout 30s + user haproxy + group haproxy + daemon + + # Default SSL material locations + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + + # Default ciphers to use on SSL-enabled listening sockets. + # For more information, see ciphers(1SSL). This list is from: + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ + ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS + ssl-default-bind-options no-sslv3 + +defaults + log global + mode http + option httplog + option dontlognull + timeout connect 5000 + timeout client 50000 + timeout server 50000 + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http + +frontend oxidized + bind *:80 + mode http + default_backend oxidized + compression algo gzip + compression type text/html text/plain text/css + +backend oxidized + server o1 127.0.0.1:8080 diff --git a/extra/oxidized.init b/extra/oxidized.init index 197c5b1..7a9698d 100755 --- a/extra/oxidized.init +++ b/extra/oxidized.init @@ -14,12 +14,12 @@ set -e -PATH=/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/home/sts/oxidized/bin/oxidized +PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin +DAEMON=$(which oxidized) NAME="oxidized" DESC="Oxidized - Network Device Configuration Backup Tool" ARGS="" -USER="sts" +USER="oxidized" test -x $DAEMON || exit 0 diff --git a/extra/oxidized.logrotate b/extra/oxidized.logrotate new file mode 100644 index 0000000..8c76dee --- /dev/null +++ b/extra/oxidized.logrotate @@ -0,0 +1,7 @@ +/var/log/oxidized/*.log { + weekly + rotate 3 + size 10M + compress + delaycompress +} diff --git a/extra/oxidized.service b/extra/oxidized.service index ba60bd5..ce1b1a3 100644 --- a/extra/oxidized.service +++ b/extra/oxidized.service @@ -1,12 +1,16 @@ #For debian 8 put it in /lib/systemd/system/ +#For RHEL / CentOS 7 put it in /etc/systemd/system/ #and call it with systemctl start oxidized.service [Unit] Description=Oxidized - Network Device Configuration Backup Tool +After=network-online.target multi-user.target +Wants=network-online.target [Service] ExecStart=/usr/local/bin/oxidized User=oxidized +KillSignal=SIGKILL [Install] WantedBy=multi-user.target diff --git a/extra/rest_client.rb b/extra/rest_client.rb index 35d93ae..dba89c3 100644 --- a/extra/rest_client.rb +++ b/extra/rest_client.rb @@ -6,10 +6,10 @@ module Oxidized require 'asetus' class Config - Root = Root = ENV['OXIDIZED_HOME'] || File.join(ENV['HOME'], '.config', 'oxidized') + Root = Root = ENV['OXIDIZED_HOME'] || File.join(ENV['HOME'], '.config', 'oxidized') end - CFGS = Asetus.new :name=>'oxidized', :load=>false, :key_to_s=>true + CFGS = Asetus.new :name => 'oxidized', :load => false, :key_to_s => true CFGS.default.rest = '127.0.0.1:8888' begin @@ -28,13 +28,13 @@ module Oxidized PATH = URI(restcfg).path class << self - def next opt={}, host=HOST, port=PORT + def next opt = {}, host = HOST, port = PORT web = new host, port web.next opt end end - def initialize host=HOST, port=PORT + def initialize host = HOST, port = PORT @web = Net::HTTP.new host, port end @@ -42,6 +42,5 @@ module Oxidized data = JSON.dump opt @web.put PATH + '/node/next/' + opt[:name].to_s, data end - end end diff --git a/extra/syslog.rb b/extra/syslog.rb index e364cf9..f7d271f 100755 --- a/extra/syslog.rb +++ b/extra/syslog.rb @@ -27,13 +27,12 @@ require 'resolv' require_relative 'rest_client' module Oxidized - require 'asetus' class Config - Root = File.join ENV['HOME'], '.config', 'oxidized' + Root = File.join ENV['HOME'], '.config', 'oxidized' end - CFGS = Asetus.new :name=>'oxidized', :load=>false, :key_to_s=>true + CFGS = Asetus.new :name => 'oxidized', :load => false, :key_to_s => true CFGS.default.syslogd.port = 514 CFGS.default.syslogd.file = 'messages' CFGS.default.syslogd.resolve = true @@ -43,7 +42,7 @@ module Oxidized rescue => error raise InvalidConfig, "Error loading config: #{error.message}" ensure - CFG = CFGS.cfg # convenienence, instead of Config.cfg.password, CFG.password + CFG = CFGS.cfg # convenienence, instead of Config.cfg.password, CFG.password end class SyslogMonitor @@ -59,12 +58,13 @@ module Oxidized } class << self - def udp port=Oxidized::CFG.syslogd.port, listen=0 + def udp port = Oxidized::CFG.syslogd.port, listen = 0 io = UDPSocket.new io.bind listen, port new io, :udp end - def file syslog_file=Oxidized::CFG.syslogd.file + + def file syslog_file = Oxidized::CFG.syslogd.file io = open syslog_file, 'r' io.seek 0, IO::SEEK_END new io, :file @@ -73,7 +73,7 @@ module Oxidized private - def initialize io, mode=:udp + def initialize io, mode = :udp @mode = mode run io end @@ -84,24 +84,24 @@ module Oxidized def ios ip, log, i # TODO: we need to fetch 'ip/name' in mode == :file here - user = log[i+5] + user = log[i + 5] from = log[-1][1..-2] - rest( :user => user, :from => from, :model => 'ios', :ip => ip, - :name => getname(ip) ) + rest(:user => user, :from => from, :model => 'ios', :ip => ip, + :name => getname(ip)) end def jnpr ip, log, i # TODO: we need to fetch 'ip/name' in mode == :file here - user = log[i+2][1..-2] - msg = log[(i+6)..-1].join(' ')[10..-2] + user = log[i + 2][1..-2] + msg = log[(i + 6)..-1].join(' ')[10..-2] msg = nil if msg == 'none' - rest( :user => user, :msg => msg, :model => 'jnpr', :ip => ip, - :name => getname(ip) ) + rest(:user => user, :msg => msg, :model => 'jnpr', :ip => ip, + :name => getname(ip)) end def handle_log log, ip log = log.to_s.split ' ' - if i = log.find_index { |e| e.match( MSG[:ios] ) } + if i = log.find_index { |e| e.match(MSG[:ios]) } ios ip, log, i elsif i = log.index(MSG[:junos]) jnpr ip, log, i @@ -140,4 +140,4 @@ module Oxidized end Oxidized::SyslogMonitor.udp -#Oxidized::SyslogMonitor.file '/var/log/poop' +# Oxidized::SyslogMonitor.file '/var/log/poop' diff --git a/extra/update-ca-certificates.runit b/extra/update-ca-certificates.runit new file mode 100755 index 0000000..53efdb9 --- /dev/null +++ b/extra/update-ca-certificates.runit @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ "$UPDATE_CA_CERTIFICATES" == "true" ]; then + update-ca-certificates +fi + +sleep infinity |