├── .gitattributes
├── .gitignore
├── LICENSE
├── README.md
├── chap1-code
    └── chap1-os-services.txt
├── chap10-code
    ├── base-infra.yml
    ├── base-nagios.yml
    ├── base-nconf.yml
    ├── base.yml
    ├── group_vars
    │   ├── all_containers
    │   ├── hosts
    │   └── nagios-server
    ├── hosts
    ├── post-nagios-install.yml
    ├── post-nconf-install.yml
    └── roles
    │   ├── create-nagios-user
    │       ├── files
    │       │   └── nagios-key
    │       └── tasks
    │       │   └── main.yml
    │   ├── infra-plugin-config
    │       ├── files
    │       │   ├── check_http
    │       │   ├── check_port.pl
    │       │   ├── check_snmp_process.pl
    │       │   ├── show_users
    │       │   ├── utils.pm
    │       │   └── utils.sh
    │       └── tasks
    │       │   └── main.yml
    │   ├── install-nagios
    │       ├── files
    │       │   ├── id_dsa
    │       │   ├── id_dsa.pub
    │       │   └── nagios-ubuntu-logo.tar
    │       └── tasks
    │       │   └── main.yml
    │   ├── install-nconf
    │       ├── tasks
    │       │   └── main.yml
    │       └── templates
    │       │   └── create-nconf-db.sql
    │   ├── nagios-plugins
    │       ├── files
    │       │   ├── NagiosConfig.zip
    │       │   └── nagios-plugins.tar
    │       └── tasks
    │       │   └── main.yml
    │   ├── nagios-post-install
    │       ├── files
    │       │   ├── deploy_local.sh
    │       │   └── nagios.txt
    │       └── tasks
    │       │   └── main.yml
    │   ├── nconf-post-install
    │       └── tasks
    │       │   └── main.yml
    │   └── snmp-config
    │       ├── tasks
    │           └── main.yml
    │       └── templates
    │           └── snmpd.conf
├── chap2-code
    └── chap2-ansible.txt
├── chap3-code
    ├── base.yml
    ├── create-users-env
    │   ├── tasks
    │   │   └── main.yml
    │   └── vars
    │   │   └── main.yml
    ├── group_vars
    │   └── util_container
    └── hosts
├── chap4-code
    ├── adjust-quotas
    │   ├── tasks
    │   │   └── main.yml
    │   └── vars
    │   │   └── main.yml
    ├── group_vars
    │   └── util_container
    ├── hosts
    └── quota-update.yml
├── chap5-code
    ├── create-snapshot
    │   ├── tasks
    │   │   └── main.yml
    │   └── vars
    │   │   └── main.yml
    ├── group_vars
    │   └── util_container
    ├── hosts
    └── snapshot-tenant.yml
├── chap6-code
    ├── group_vars
    │   └── util_container
    ├── hosts
    ├── instance-migrate
    │   ├── tasks
    │   │   └── main.yml
    │   └── vars
    │   │   └── main.yml
    └── migrate.yml
├── chap7-code
    └── ansible-coreos
    │   ├── base.yml
    │   ├── hosts
    │   └── roles
    │       └── defunctzombie.coreos-bootstrap
    │           ├── .editorconfig
    │           ├── .travis.yml
    │           ├── LICENSE
    │           ├── README.md
    │           ├── files
    │               ├── bootstrap.sh
    │               ├── get-pip.py
    │               └── runner
    │           ├── meta
    │               ├── .galaxy_install_info
    │               └── main.yml
    │           ├── tasks
    │               └── main.yml
    │           └── tests
    │               └── test.yml
├── chap8-code
    ├── config-admin-region
    │   ├── tasks
    │   │   └── main.yml
    │   └── vars
    │   │   └── main.yml
    ├── config-admin.yml
    ├── configure-region-authentication.txt
    ├── group_vars
    │   └── util_container
    ├── hosts
    ├── register-endpoints.yml
    └── register-endpoints
    │   ├── tasks
    │       └── main.yml
    │   └── vars
    │       └── main.yml
└── chap9-code
    └── cloud-inventory
        ├── group_vars
            ├── galera_container
            └── util_container
        ├── hosts
        ├── inventory.yml
        └── roles
            ├── cloud-inventory
                ├── files
                │   └── cloud_report.sql
                └── tasks
                │   └── main.yml
            ├── cloud-usage
                └── tasks
                │   └── main.yml
            ├── network-inventory
                ├── files
                │   └── network_report.sql
                └── tasks
                │   └── main.yml
            ├── project-inventory
                ├── files
                │   └── project_report.sql
                └── tasks
                │   └── main.yml
            ├── user-inventory
                ├── files
                │   └── user_report.sql
                └── tasks
                │   └── main.yml
            └── volume-inventory
                ├── files
                    └── volume_report.sql
                └── tasks
                    └── main.yml


/.gitattributes:
--------------------------------------------------------------------------------
 1 | # Auto detect text files and perform LF normalization
 2 | * text=auto
 3 | 
 4 | # Custom for Visual Studio
 5 | *.cs     diff=csharp
 6 | 
 7 | # Standard to msysgit
 8 | *.doc	 diff=astextplain
 9 | *.DOC	 diff=astextplain
10 | *.docx diff=astextplain
11 | *.DOCX diff=astextplain
12 | *.dot  diff=astextplain
13 | *.DOT  diff=astextplain
14 | *.pdf  diff=astextplain
15 | *.PDF	 diff=astextplain
16 | *.rtf	 diff=astextplain
17 | *.RTF	 diff=astextplain
18 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Windows image file caches
 2 | Thumbs.db
 3 | ehthumbs.db
 4 | 
 5 | # Folder config file
 6 | Desktop.ini
 7 | 
 8 | # Recycle Bin used on file shares
 9 | $RECYCLE.BIN/
10 | 
11 | # Windows Installer files
12 | *.cab
13 | *.msi
14 | *.msm
15 | *.msp
16 | 
17 | # Windows shortcuts
18 | *.lnk
19 | 
20 | # =========================
21 | # Operating System Files
22 | # =========================
23 | 
24 | # OSX
25 | # =========================
26 | 
27 | .DS_Store
28 | .AppleDouble
29 | .LSOverride
30 | 
31 | # Thumbnails
32 | ._*
33 | 
34 | # Files that might appear in the root of a volume
35 | .DocumentRevisions-V100
36 | .fseventsd
37 | .Spotlight-V100
38 | .TemporaryItems
39 | .Trashes
40 | .VolumeIcon.icns
41 | 
42 | # Directories potentially created on remote AFP share
43 | .AppleDB
44 | .AppleDesktop
45 | Network Trash Folder
46 | Temporary Items
47 | .apdisk
48 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2016 Packt
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | # OpenStack Administration with Ansible 2
 5 | This is the code repository for [OpenStack Administration with Ansible 2](https://www.packtpub.com/virtualization-and-cloud/openstack-administration-ansible-2-second-edition?utm_source=github&utm_medium=repository&utm_content=9781787121638), published by Packt. It contains all the supporting project files necessary to work through the book from start to finish.
 6 | ## Instructions and Navigations
 7 | All of the code is organized into folders. Each folder starts with a number followed by the application name. For example, chap2-code
 8 | 
 9 | The code will look like the following:
10 |        
11 |         - name: User password assignment 
12 |          debug: msg="User {{ item.0 }} was added to {{ item.2 }} project, with the assigned password of {{ item.1 }}" 
13 |          with_together: 
14 |         - userid 
15 |         - passwdss.stdout_lines 
16 |         - tenantid 
17 | 
18 | ### Software requirements:
19 | 
20 | * Linux based OS, OS X and/or any of the BSD’s
21 |        
22 |        * openstack-ansible (OSA): https://github.com/openstack/openstack-ansible
23 |        * Ansible 2.0 or better  : http://docs.ansible.com/ansible/intro_installation.html
24 |        * Ansible Container      : https://docs.ansible.com/ansible-container/installation.html
25 |        * Kargo                  : https://github.com/kubernetes-incubator/kargo
26 |        * Nagios                 : https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/4/en/quickstart.html
27 |        * Nconf                  : http://www.nconf.org/dokuwiki/doku.php?id=nconf:help:documentation:start:installation
28 |        
29 | ## Related Products:
30 | 
31 | * [OpenStack Cloud Computing Cookbook - Third Edition]( https://www.packtpub.com/virtualization-and-cloud/openstack-cloud-computing-cookbook-third-edition?utm_source=github&utm_medium=repository&utm_content=9781782174783 )
32 | 
33 | * [OpenStack: Building a Cloud Environment]( https://www.packtpub.com/virtualization-and-cloud/openstack-building-cloud-environment?utm_source=github&utm_medium=repository&utm_content=9781787123182 )
34 | 
35 | * [Ansible 2 for Beginners [Video]]( https://www.packtpub.com/networking-and-servers/ansible-2-beginners-video?utm_source=github&utm_medium=repository&utm_content=9781786465719 )
36 | 
37 | ###Suggestions and Feedback
38 | [Click here] ( https://docs.google.com/forms/d/e/1FAIpQLSe5qwunkGf6PUvzPirPDtuy1Du5Rlzew23UBp2S-P3wB-GcwQ/viewform ) if you have any feedback or suggestions.
39 | ### Download a free PDF
40 | 
41 |  <i>If you have already purchased a print or Kindle version of this book, you can get a DRM-free PDF version at no cost.<br>Simply click on the link to claim your free PDF.</i>
42 | <p align="center"> <a href="https://packt.link/free-ebook/9781785884610">https://packt.link/free-ebook/9781785884610 </a> </p>


--------------------------------------------------------------------------------
/chap1-code/chap1-os-services.txt:
--------------------------------------------------------------------------------
 1 | ## List OpenStack Services
 2 | 
 3 | ### Via API
 4 | $ curl -d @credentials.json –X POST -H "Content-Type: application/json" http://127.0.0.1:5000/v3/auth/tokens | python -mjson.tool
 5 | 
 6 | #### Authorization string
 7 | {
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "name": "admin",
                    "domain": {
                        "id": "default"
                    },
                    "password": "passwd"
                }
            }
        }
    }
}
 8 | 
 9 | #### HTTP Header Output
10 | HTTP/1.1 201 Created
Date: Tue, 20 Sep 2016 21:20:02 GMT
Server: Apache
X-Subject-Token: gAAAAABX4agC32nymQSbku39x1QPooKDpU2T9oPYapF6ZeY4QSA9EOqQZ8PcKqMT2j5m9uvOtC9c8d9szObciFr06stGo19tNueHDfvHbgRLFmjTg2k8Scu1Q4esvjbwth8aQ-qMSe4NRTWmD642i6pDfk_AIIQCNA
Vary: X-Auth-Token
x-openstack-request-id: req-8de6fa59-8256-4a07-b040-c21c4aee6064
Content-Length: 283
Content-Type: application/json

11 | #### API Request
12 | $ curl -X GET http://127.0.0.1:35357/v3/services -H "Accept: application/json" -H "X-Auth-Token: 907ca229af164a09918a661ffa224747" | python -mjson.tool
13 | 
14 | #### JSON Output
15 | {
    "links": {
        "next": null,
        "previous": null,
        "self": "http://example.com/identity/v3/services"
    },
    "services": [
        {
            "description": "Nova Compute Service",
            "enabled": true,
            "id": "1999c3a858c7408fb586817620695098",
            "links": {
                "...
            },
            "name": "nova",
            "type": "compute"
        },
        {
            "description": "Cinder Volume Service V2",
            "enabled": true,
            "id": "39216610e75547f1883037e11976fc0f",
            "links": {
                "...
            },
            "name": "cinderv2",
            "type": "volumev2"
        },
...

16 | ### Via CLI
17 | 
18 | #### OpenRC v2.0 file example
19 | # To use an OpenStack cloud you need to authenticate against keystone.
20 | export OS_ENDPOINT_TYPE=internalURL
21 | export OS_USERNAME=admin
22 | export OS_TENANT_NAME=admin
23 | export OS_AUTH_URL=http://127.0.0.1:5000/v2.0
24 | 
25 | # With Keystone you pass the keystone password.
26 | echo "Please enter your OpenStack Password: "
27 | read -sr OS_PASSWORD_INPUT
28 | export OS_PASSWORD=$OS_PASSWORD_INPUT
29 | 
30 | 
31 | #### OpenRC v3.0 file example
32 | # *NOTE*: Using the 3 *Identity API* does not necessarily mean any other
# OpenStack API is version 3. For example, your cloud provider may implement
# Image API v1.1, Block Storage API v2, and Compute API v2.0. OS_AUTH_URL is
# only for the Identity API served through keystone.
export OS_AUTH_URL=http://172.29.238.2:5000/v3

# With the addition of Keystone we have standardized on the term **project**
# as the entity that owns the resources.
export OS_PROJECT_ID=5408dd3366e943b694cae90a04d71c88
export OS_PROJECT_NAME="admin"
export OS_USER_DOMAIN_NAME="Default"
if [ -z "$OS_USER_DOMAIN_NAME" ]; then unset OS_USER_DOMAIN_NAME; fi

# unset v2.0 items in case set
unset OS_TENANT_ID
unset OS_TENANT_NAME

# In addition to the owning entity (tenant), OpenStack stores the entity
# performing the action as the **user**.
export OS_USERNAME="admin"

# With Keystone you pass the keystone password.
echo "Please enter your OpenStack Password: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=$OS_PASSWORD_INPUT

# If your configuration has multiple regions, we set that information here.
# OS_REGION_NAME is optional and only valid in certain environments.
export OS_REGION_NAME="RegionOne"
# Don't leave a blank variable, unset it if it was empty
if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi
33 | 
34 | 
35 | #### CLI commands
36 | $ source openrc
37 | $ keystone service-list
38 | OR
39 | $ openstack service list
40 | 
41 | 


--------------------------------------------------------------------------------
/chap10-code/base-infra.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook deploys components needed for the Infrastructure hosts. 
3 | 
4 | - hosts: hosts
5 |   remote_user: root
6 |   become: true
7 |   roles:
8 |     - create-nagios-user
9 |     - infra-plugin-config


--------------------------------------------------------------------------------
/chap10-code/base-nagios.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook deploys components needed for Nagios. 
3 | 
4 | - hosts: nagios-server
5 |   remote_user: root
6 |   become: true
7 |   roles:
8 |     - install-nagios
9 |     - nagios-plugins


--------------------------------------------------------------------------------
/chap10-code/base-nconf.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook deploys components needed for NConf. 
3 | 
4 | - hosts: nagios-server
5 |   remote_user: root
6 |   become: true
7 |   roles:
8 |     - install-nconf


--------------------------------------------------------------------------------
/chap10-code/base.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # This playbook deploys components needed for Infrastructure hosts and containers. 
 3 | 
 4 | - hosts: all_containers
 5 |   remote_user: root
 6 |   become: true
 7 |   roles:
 8 |     - snmp-config
 9 |     
10 | - hosts: hosts
11 |   remote_user: root
12 |   become: true
13 |   roles:
14 |     - snmp-config


--------------------------------------------------------------------------------
/chap10-code/group_vars/all_containers:
--------------------------------------------------------------------------------
1 | # Here are variables related to the install
2 | 
3 | USER: nagios
4 | SNMP_COMMUNITY: osad
5 | SYS_LOCATION: SAT
6 | SYS_CONTACT: support@rackspace.com
7 | 
8 | 


--------------------------------------------------------------------------------
/chap10-code/group_vars/hosts:
--------------------------------------------------------------------------------
1 | # Here are variables related to the install
2 | 
3 | USER: nagios
4 | SNMP_COMMUNITY: osad
5 | SYS_LOCATION: SAT
6 | SYS_CONTACT: support@rackspace.com
7 | 
8 | 


--------------------------------------------------------------------------------
/chap10-code/group_vars/nagios-server:
--------------------------------------------------------------------------------
1 | # Here are variables related to the install
2 | 
3 | DB_NAME: NCONF_DB
4 | DB_USER: root
5 | DB_PASS: passwd


--------------------------------------------------------------------------------
/chap10-code/hosts:
--------------------------------------------------------------------------------
1 | 
2 | [nagios-server]
3 | 021579-nagios01
4 | 


--------------------------------------------------------------------------------
/chap10-code/post-nagios-install.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook deploys components needed for NConf. 
3 | 
4 | - hosts: nagios-server
5 |   remote_user: root
6 |   become: true
7 |   roles:
8 |     - nagios-post-install


--------------------------------------------------------------------------------
/chap10-code/post-nconf-install.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook deploys components needed for NConf. 
3 | 
4 | - hosts: nagios-server
5 |   remote_user: root
6 |   become: true
7 |   roles:
8 |     - nconf-post-install


--------------------------------------------------------------------------------
/chap10-code/roles/create-nagios-user/files/nagios-key:
--------------------------------------------------------------------------------
1 | ssh-dss AAAAB3NzaC1kc3MAAACBAJI8cQX6ujs5iXdJ/vsqjHZeZHyT11hc7TJ6p5sb1nd8v8vfQ2Z1azyOZ0Zraz5gk9QkiBhM2lhulQKhHdcjh9SRuVWaiL6Xn074FWPNqWBqI5kMNDu87oxrFFqjhl9xHCicQL2FeL3J2K64OqhX7reTmnXeU4EpiUvGBiCEU9HjAAAAFQCmu5AuLABeUiu0DBJVFHiDLXR+zQAAAIB79/1R1zQdG95ZSGNwiyHTeb2rBTvSP11hbRYFpCJ0NwmGLOIajrbJsgPcHwmroAwBo2HlRaOcjtDSyzHxaUpTXwck0HnzuffnbEH18WvWYxFQ9LIk+xbQybakADJMVncd/AKbS3g+x9bPpcUwJT2ir5CCfwwol5YTS5icl3bZCwAAAIEAi93ycGNBLVtMeafSGiCdiHrPToO4HGokpepHuIo5ryaE8G6B5r4NyrJCudGfVYIiyhrUDcgUyV2PA91m/HqmxczhyexyqTy0Edev6FEPoxR5dh02NLd+zHa7yFNaGvT1meFM42hCltcIW61/ofveuijGzwdU9cohosFKeMrRC3w= nagios@021579-deploy01


--------------------------------------------------------------------------------
/chap10-code/roles/create-nagios-user/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Create Nagios user
 4 |   user: name="{{ USER }}" comment="{{ USER }} User" 
 5 |   ignore_errors: yes
 6 | 
 7 | - name: Create user .ssh directory 
 8 |   file: path=/home/"{{ USER }}"/.ssh state=directory
 9 | 
10 | - name: Copy authorized keys
11 |   copy: src=nagios-key dest=/home/"{{ USER }}"/.ssh/authorized_keys mode=0644
12 | 
13 | - name: Set home directory permissions 
14 |   file: path=/home/"{{ USER }}" owner="{{ USER }}" group="{{ USER }}" recurse=yes


--------------------------------------------------------------------------------
/chap10-code/roles/infra-plugin-config/files/check_http:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/OpenStack-Administration-with-Ansible-2/b873eba0b58ab6db8274fb8b68a4424533c19a54/chap10-code/roles/infra-plugin-config/files/check_http


--------------------------------------------------------------------------------
/chap10-code/roles/infra-plugin-config/files/check_port.pl:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/perl  -w
  2 | #===============================================================================
  3 | #
  4 | #         FILE:  check_port.pl
  5 | #
  6 | #        USAGE:  check_port.pl -p <port> -h <host> (-c <critical> -w <warning> -v)
  7 | #
  8 | #  DESCRIPTION:  tests to see if the port is responding and can display timing
  9 | #
 10 | #      OPTIONS:  ---
 11 | # REQUIREMENTS:  ---
 12 | #         BUGS:  ---
 13 | #        NOTES:  ---
 14 | #       AUTHOR:  Tim Pretlove
 15 | #      VERSION:  1.3
 16 | #      CREATED:  04/12/09 13:57:23
 17 | #     REVISION:  ---
 18 | #      LICENCE:  GNU
 19 | #
 20 | #       AUTHOR:  Jim Sander jim.sander@jdsmedia.net
 21 | #      VERSION:  1.2
 22 | #     MODIFIED:  10-04-2014 16:00
 23 | #         BUGS:  Socket::pack_sockaddr_in, length is 0 error for unresolvable hostnames
 24 | #        NOTES:  Fixed; now exits with '3', status UNKNOWN, and 'host lookup failed'
 25 | #
 26 | #    This program is free software: you can redistribute it and/or modify
 27 | #    it under the terms of the GNU General Public License as published by
 28 | #    the Free Software Foundation, either version 3 of the License, or
 29 | #    (at your option) any later version.
 30 | #
 31 | #    This program is distributed in the hope that it will be useful,
 32 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
 33 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 34 | #    GNU General Public License for more details.
 35 | #
 36 | #    You should have received a copy of the GNU General Public License
 37 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 38 | #
 39 | #===============================================================================
 40 | 
 41 | use strict;
 42 | use warnings;
 43 | use Socket;
 44 | use Getopt::Long;
 45 | use Time::HiRes qw(gettimeofday tv_interval);
 46 | 
 47 | my ($crit, $warn, $timeout, $host, $portnum, $verbose);
 48 | GetOptions(
 49 |     'crtitical=s'   => \$crit,
 50 |     'warning=s'     => \$warn,
 51 |     'timeout=s'     => \$timeout,
 52 |     'host=s'        => \$host,
 53 |     'port=s'        => \$portnum,
 54 |     'verbose'       => \$verbose) or HELP_MESSAGE();
 55 | 
 56 | sub testport {
 57 | 	my ($host,$port,$protocol,$timeout) = @_;
 58 |     my $startsec;
 59 |     my $elapsed = 0;
 60 | 	if (!defined $timeout) { $timeout = 10 }
 61 | 	if (!defined $protocol) { $protocol = "tcp" }
 62 | 	my $proto = getprotobyname($protocol);
 63 | 	my $iaddr = inet_aton($host);
 64 | 	if ( !defined $iaddr ){ return 3,$elapsed; }
 65 | 	my $paddr = sockaddr_in($port, $iaddr);
 66 | 	$startsec = [gettimeofday()];
 67 | 	socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
 68 | 	eval {
 69 | 		local $SIG{ALRM} = sub { die "timeout" };
 70 | 		alarm($timeout);
 71 | 		connect(SOCKET, $paddr) or error();
 72 | 		alarm(0);
 73 | 	};
 74 | 	if ($@) {
 75 | 		close SOCKET || die "close: $!";
 76 | 		$elapsed = tv_interval ($startsec, [gettimeofday]);
 77 | 		return "1",$elapsed;
 78 | 	} else {
 79 | 		close SOCKET || die "close: $!";
 80 | 		$elapsed = tv_interval ($startsec, [gettimeofday]);
 81 | 		return "0",$elapsed;
 82 | 	}
 83 | }
 84 | sub HELP_MESSAGE {
 85 | 	print "$0 -p <port> -h <host> (-c <critical> -w <warning> -v)\n"; 
 86 | 	print "\t -p <port> # port number to examine\n";
 87 | 	print "\t -h <hostname> # hostname or ip address to contact\n";
 88 | 	print "\t -c <seconds> # the number of seconds to wait before a going critical\n";
 89 | 	print "\t -w <seconds> # the number of seconds to wait before a flagging a warning\n";
 90 | 	print "\t -v # displays nagios performance information\n";
 91 | 	print "\te.g $0 -p 80 -h www.google.com -c 1.5 -w 1.0 -v\n";
 92 |     exit(4);
 93 | }
 94 | 
 95 | sub printperf {
 96 |     my ($warning,$critical,$elapsed) = @_;
 97 | 	if ((defined $warning) && (defined $critical)) {
 98 | 		print "|rta=$elapsed" . "s;$warning;$critical;0;$critical";
 99 | 	} else {
100 | 		print "|rta=$elapsed" 
101 | 	}
102 | }
103 | 
104 | sub test {
105 |     my ($critical,$warning,$host,$portnum,$timeout) = @_;
106 |     my $proto = "tcp";
107 | 	my ($rc,$elapsed) = testport($host,$portnum,$proto,$timeout); 
108 | 	if ($rc == 0) {
109 | 		if (defined $critical) {
110 | 			if ($critical <= $elapsed) {
111 | 				return 2,$elapsed;
112 | 			}
113 | 		}
114 | 		if (defined $warning) {
115 | 			if ($warning <= $elapsed) {
116 | 				return 1,$elapsed;
117 | 			}
118 | 		}
119 | 		return $rc,$elapsed;
120 | 	} else {
121 | 		return 2,$elapsed;
122 | 	}
123 | }
124 | 
125 | unless ((defined $portnum) && (defined $host)) { 
126 | 	HELP_MESSAGE();
127 | 	exit 1;
128 | }
129 | if ((defined $crit) && (defined $warn)) {
130 | 	if ($crit <= $warn) {
131 | 		print "Error: warning is greater than critical will never reach warning\n";
132 | 		exit 4;
133 | 	}
134 | }
135 | 
136 | my @mess = qw(OK WARNING CRITICAL UNKNOWN);
137 | my @mess2 = ("is responding","is slow responding","is not responding","host lookup failed");
138 | my ($rc,$elapsed) = test($crit,$warn,$host,$portnum,$timeout);
139 | print "PORT $portnum $mess[$rc]: $host/$portnum $mess2[$rc]";
140 | if (defined $verbose) {
141 | 	printperf($warn,$crit,$elapsed);
142 | }
143 | exit($rc);
144 | 


--------------------------------------------------------------------------------
/chap10-code/roles/infra-plugin-config/files/check_snmp_process.pl:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/perl -w
  2 | ############################## check_snmp_process ##############
  3 | # Version : 1.4
  4 | # Date : March 12 2007
  5 | # Author  : Patrick Proy (patrick at proy.org)
  6 | # Help : http://nagios.manubulon.com
  7 | # Licence : GPL - http://www.fsf.org/licenses/gpl.txt
  8 | # Contrib : Makina Corpus
  9 | # TODO : put $o_delta as an option
 10 | # Contrib : 
 11 | ###############################################################
 12 | #
 13 | # help : ./check_snmp_process -h
 14 | 
 15 | ############### BASE DIRECTORY FOR TEMP FILE ########
 16 | my $o_base_dir="/tmp/tmp_Nagios_proc.";
 17 | my $file_history=200;   # number of data to keep in files.
 18 | my $delta_of_time_to_make_average=300;  # 5minutes by default
 19 |  
 20 | use strict;
 21 | use Net::SNMP;
 22 | use Getopt::Long;
 23 | 
 24 | # Nagios specific
 25 | 
 26 | use lib "/usr/local/nagios/libexec";
 27 | use utils qw(%ERRORS $TIMEOUT);
 28 | #my $TIMEOUT = 5;
 29 | #my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
 30 | 
 31 | # SNMP Datas
 32 | my $process_table= '1.3.6.1.2.1.25.4.2.1';
 33 | my $index_table = '1.3.6.1.2.1.25.4.2.1.1';
 34 | my $run_name_table = '1.3.6.1.2.1.25.4.2.1.2';
 35 | my $run_path_table = '1.3.6.1.2.1.25.4.2.1.4';
 36 | my $proc_mem_table = '1.3.6.1.2.1.25.5.1.1.2'; # Kbytes
 37 | my $proc_cpu_table = '1.3.6.1.2.1.25.5.1.1.1'; # Centi sec of CPU
 38 | my $proc_run_state = '1.3.6.1.2.1.25.4.2.1.7';
 39 | 
 40 | # Globals
 41 | 
 42 | my $Version='1.4';
 43 | 
 44 | my $o_host = 	undef; 		# hostname 
 45 | my $o_community =undef; 	# community 
 46 | my $o_port = 	161; 		# port
 47 | my $o_version2	= undef;	#use snmp v2c
 48 | my $o_descr = 	undef; 		# description filter 
 49 | my $o_warn = 	0; 		# warning limit 
 50 | my @o_warnL=	undef;		# warning limits (min,max)
 51 | my $o_crit=	0; 		# critical limit
 52 | my @o_critL=	undef;		# critical limits (min,max)
 53 | my $o_help=	undef; 		# wan't some help ?
 54 | my $o_verb=	undef;		# verbose mode
 55 | my $o_version=   undef;         # print version
 56 | my $o_noreg=	undef;		# Do not use Regexp for name
 57 | my $o_path=	undef;		# check path instead of name
 58 | my $o_inverse=	undef;		# checks max instead of min number of process
 59 | my $o_get_all=	undef;		# get all tables at once
 60 | my $o_timeout=  5;            	# Default 5s Timeout
 61 | # SNMP V3 specific
 62 | my $o_login=	undef;		# snmp v3 login
 63 | my $o_passwd=	undef;		# snmp v3 passwd
 64 | my $v3protocols=undef;	# V3 protocol list.
 65 | my $o_authproto='md5';		# Auth protocol
 66 | my $o_privproto='des';		# Priv protocol
 67 | my $o_privpass= undef;		# priv password
 68 | # SNMP Message size parameter (Makina Corpus contrib)
 69 | my $o_octetlength=undef;
 70 | # Memory & CPU
 71 | my $o_mem=	undef;		# checks memory (max)
 72 | my @o_memL=	undef;		# warn and crit level for mem
 73 | my $o_mem_avg=	undef;		# cheks memory average
 74 | my $o_cpu=	undef;		# checks CPU usage
 75 | my @o_cpuL=	undef;		# warn and crit level for cpu
 76 | my $o_delta=	$delta_of_time_to_make_average;		# delta time for CPU check
 77 | 
 78 | # functions
 79 | 
 80 | sub p_version { print "check_snmp_process version : $Version\n"; }
 81 | 
 82 | sub print_usage {
 83 |     print "Usage: $0 [-v] -H <host> -C <snmp_community> [-2] | (-l login -x passwd) [-p <port>] -n <name> [-w <min_proc>[,<max_proc>] -c <min_proc>[,max_proc] ] [-m<warn Mb>,<crit Mb> -a -u<warn %>,<crit%> ] [-t <timeout>] [-o <octet_length>] [-f ] [-r] [-V] [-g]\n";
 84 | }
 85 | 
 86 | sub isnotnum { # Return true if arg is not a number
 87 |   my $num = shift;
 88 |   if ( $num =~ /^-?(\d+\.?\d*)|(^\.\d+)$/ ) { return 0 ;}
 89 |   return 1;
 90 | }
 91 | 
 92 | # Get the alarm signal (just in case snmp timout screws up)
 93 | $SIG{'ALRM'} = sub {
 94 |      print ("ERROR: Alarm signal (Nagios time-out)\n");
 95 |      exit $ERRORS{"UNKNOWN"};
 96 | };
 97 | 
 98 | sub read_file { 
 99 |         # Input : File, items_number
100 |         # Returns : array of value : [line][item] 
101 |   my ($traffic_file,$items_number)=@_;
102 |   my ($ligne,$n_rows)=(undef,0);  
103 |   my (@last_values,@file_values,$i);
104 |   open(FILE,"<".$traffic_file) || return (1,0,0); 
105 |   
106 |   while($ligne = <FILE>)
107 |   {
108 |     chomp($ligne);
109 |     @file_values = split(":",$ligne);
110 |     #verb("@file_values");
111 |     if ($#file_values >= ($items_number-1)) { 
112 |         # check if there is enough data, else ignore line
113 |       for ( $i=0 ; $i< $items_number ; $i++ ) {$last_values[$n_rows][$i]=$file_values[$i]; }
114 |       $n_rows++;
115 |     } 
116 |   }
117 |   close FILE;
118 |   if ($n_rows != 0) { 
119 |     return (0,$n_rows,@last_values);
120 |   } else {
121 |     return (1,0,0);
122 |   }
123 | }
124 | 
125 | sub write_file { 
126 |         # Input : file , rows, items, array of value : [line][item]
127 |         # Returns : 0 / OK, 1 / error
128 |   my ($file_out,$rows,$item,@file_values)=@_;
129 |   my $start_line= ($rows > $file_history) ? $rows -  $file_history : 0;
130 |   if ( open(FILE2,">".$file_out) ) {
131 |     for (my $i=$start_line;$i<$rows;$i++) {
132 |       for (my $j=0;$j<$item;$j++) {
133 |         print FILE2 $file_values[$i][$j];
134 |         if ($j != ($item -1)) { print FILE2 ":" };
135 |       }
136 |       print FILE2 "\n";
137 |     }
138 |     close FILE2;
139 |     return 0;
140 |   } else {
141 |     return 1;
142 |   }
143 | }
144 | 
145 | sub help {
146 |    print "\nSNMP Process Monitor for Nagios version ",$Version,"\n";
147 |    print "GPL licence, (c)2004-2006 Patrick Proy\n\n";
148 |    print_usage();
149 |    print <<EOT;
150 | -v, --verbose
151 |    print extra debugging information (and lists all storages)
152 | -h, --help
153 |    print this help message
154 | -H, --hostname=HOST
155 |    name or IP address of host to check
156 | -C, --community=COMMUNITY NAME
157 |    community name for the host's SNMP agent (implies SNMP v1 or v2c with option)
158 | -l, --login=LOGIN ; -x, --passwd=PASSWD, -2, --v2c
159 |    Login and auth password for snmpv3 authentication 
160 |    If no priv password exists, implies AuthNoPriv 
161 |    -2 : use snmp v2c
162 | -X, --privpass=PASSWD
163 |    Priv password for snmpv3 (AuthPriv protocol)
164 | -L, --protocols=<authproto>,<privproto>
165 |    <authproto> : Authentication protocol (md5|sha : default md5)
166 |    <privproto> : Priv protocole (des|aes : default des) 
167 | -p, --port=PORT
168 |    SNMP port (Default 161)
169 | -n, --name=NAME
170 |    Name of the process (regexp)
171 |    No trailing slash !
172 | -r, --noregexp
173 |    Do not use regexp to match NAME in description OID
174 | -f, --fullpath
175 |    Use full path name instead of process name 
176 |    (Windows doesn't provide full path name)
177 | -w, --warn=MIN[,MAX]
178 |    Number of process that will cause a warning 
179 |    -1 for no warning, MAX must be >0. Ex : -w-1,50
180 | -c, --critical=MIN[,MAX]
181 |    number of process that will cause an error (
182 |    -1 for no critical, MAX must be >0. Ex : -c-1,50
183 | Notes on warning and critical : 
184 |    with the following options : -w m1,x1 -c m2,x2
185 |    you must have : m2 <= m1 < x1 <= x2
186 |    you can omit x1 or x2 or both
187 | -m, --memory=WARN,CRIT
188 |    checks memory usage (default max of all process)
189 |    values are warning and critical values in Mb
190 | -a, --average
191 |    makes an average of memory used by process instead of max
192 | -u, --cpu=WARN,CRIT
193 |    checks cpu usage of all process
194 |    values are warning and critical values in % of CPU usage
195 |    if more than one CPU, value can be > 100% : 100%=1 CPU
196 | -g, --getall
197 |   In some cases, it is necessary to get all data at once because
198 |   process die very frequently.
199 |   This option eats bandwidth an cpu (for remote host) at breakfast.
200 | -o, --octetlength=INTEGER
201 |   max-size of the SNMP message, usefull in case of Too Long responses.
202 |   Be carefull with network filters. Range 484 - 65535, default are
203 |   usually 1472,1452,1460 or 1440.  
204 | -t, --timeout=INTEGER
205 |    timeout for SNMP in seconds (Default: 5)
206 | -V, --version
207 |    prints version number
208 | Note :   
209 |   CPU usage is in % of one cpu, so maximum can be 100% * number of CPU 
210 |   example : 
211 |   Browse process list : <script> -C <community> -H <host> -n <anything> -v 
212 |   the -n option allows regexp in perl format : 
213 |   All process of /opt/soft/bin  	: -n /opt/soft/bin/ -f
214 |   All 'named' process			: -n named
215 | 
216 | EOT
217 | }
218 | 
219 | sub verb { my $t=shift; print $t,"\n" if defined($o_verb) ; }
220 | 
221 | sub check_options {
222 |     Getopt::Long::Configure ("bundling");
223 |     GetOptions(
224 |    	'v'	=> \$o_verb,		'verbose'	=> \$o_verb,
225 |         'h'     => \$o_help,    	'help'        	=> \$o_help,
226 |         'H:s'   => \$o_host,		'hostname:s'	=> \$o_host,
227 |         'p:i'   => \$o_port,   		'port:i'	=> \$o_port,
228 |         'C:s'   => \$o_community,	'community:s'	=> \$o_community,
229 |         'l:s'   => \$o_login,           'login:s'       => \$o_login,
230 |         'x:s'   => \$o_passwd,          'passwd:s'      => \$o_passwd,
231 | 	'X:s'	=> \$o_privpass,		'privpass:s'	=> \$o_privpass,
232 | 	'L:s'	=> \$v3protocols,		'protocols:s'	=> \$v3protocols,   
233 | 	'c:s'   => \$o_crit,    	'critical:s'	=> \$o_crit,
234 |         'w:s'   => \$o_warn,    	'warn:s'	=> \$o_warn,
235 | 		't:i'   => \$o_timeout,       	'timeout:i'     => \$o_timeout,
236 |         'n:s'   => \$o_descr,		'name:s'	=> \$o_descr,
237 |         'r'     => \$o_noreg,           'noregexp'      => \$o_noreg,
238 |         'f'     => \$o_path,           	'fullpath'      => \$o_path,
239 |         'm:s'   => \$o_mem,           	'memory:s'    	=> \$o_mem,
240 |         'a'     => \$o_mem_avg,       	'average'      	=> \$o_mem_avg,
241 |         'u:s'   => \$o_cpu,       	'cpu'      	=> \$o_cpu,
242 | 		'2'	=> \$o_version2,	'v2c'		=> \$o_version2,
243 | 		'o:i'   => \$o_octetlength,    	'octetlength:i' => \$o_octetlength,
244 | 		'g'   	=> \$o_get_all,       	'getall'      	=> \$o_get_all,
245 | 		'V'     => \$o_version,         'version'       => \$o_version
246 |     );
247 |     if (defined ($o_help)) { help(); exit $ERRORS{"UNKNOWN"}};
248 |     if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}};
249 |     # check snmp information
250 |     if ( !defined($o_community) && (!defined($o_login) || !defined($o_passwd)) )
251 |         { print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
252 | 	if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) )
253 | 	{ print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
254 | 	if (defined ($v3protocols)) {
255 | 	  if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
256 | 	  my @v3proto=split(/,/,$v3protocols);
257 | 	  if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0];	}	# Auth protocol
258 | 	  if (defined ($v3proto[1])) {$o_privproto=$v3proto[1];	}	# Priv  protocol
259 | 	  if ((defined ($v3proto[1])) && (!defined($o_privpass))) {
260 | 	    print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
261 | 	}
262 | 	if (defined($o_timeout) && (isnotnum($o_timeout) || ($o_timeout < 2) || ($o_timeout > 60))) 
263 | 	  { print "Timeout must be >1 and <60 !\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
264 | 	if (!defined($o_timeout)) {$o_timeout=5;}
265 |     # Check compulsory attributes
266 |     if ( ! defined($o_descr) ||  ! defined($o_host) ) { print_usage(); exit $ERRORS{"UNKNOWN"}};
267 |     @o_warnL=split(/,/,$o_warn);
268 |     @o_critL=split(/,/,$o_crit);
269 |     verb("$o_warn $o_crit $#o_warnL $#o_critL");
270 |     if ( isnotnum($o_warnL[0]) || isnotnum($o_critL[0]))
271 |        { print "Numerical values for warning and critical\n";print_usage(); exit $ERRORS{"UNKNOWN"};}
272 |     if ((defined($o_warnL[1]) && isnotnum($o_warnL[1])) || (defined($o_critL[1]) && isnotnum($o_critL[1])))
273 |        { print "Numerical values for warning and critical\n";print_usage(); exit $ERRORS{"UNKNOWN"};}
274 |     # Check for positive numbers on maximum number of processes
275 |     if ((defined($o_warnL[1]) && ($o_warnL[1] < 0)) || (defined($o_critL[1]) && ($o_critL[1] < 0))) 
276 |       { print " Maximum process warn and critical > 0 \n";print_usage(); exit $ERRORS{"UNKNOWN"}};
277 |     # Check min_crit < min warn < max warn < crit warn
278 |     if ($o_warnL[0] < $o_critL[0]) { print " warn minimum must be >= crit minimum\n";print_usage(); exit $ERRORS{"UNKNOWN"}};
279 |     if (defined($o_warnL[1])) {
280 |       if ($o_warnL[1] <= $o_warnL[0])
281 |         { print "warn minimum must be < warn maximum\n";print_usage(); exit $ERRORS{"UNKNOWN"}};
282 |     } elsif ( defined($o_critL[1]) && ($o_critL[1] <= $o_warnL[0])) 
283 |        { print "warn minimum must be < crit maximum when no crit warning defined\n";print_usage(); exit $ERRORS{"UNKNOWN"};} 
284 |     if ( defined($o_critL[1]) && defined($o_warnL[1]) && ($o_critL[1]<$o_warnL[1])) 
285 |        { print "warn max must be <= crit maximum\n";print_usage(); exit $ERRORS{"UNKNOWN"};}  
286 |     #### Memory checks
287 |     if (defined ($o_mem)) {
288 |       @o_memL=split(/,/,$o_mem);
289 |       if ($#o_memL != 1) 
290 |         {print "2 values (warning,critical) for memory\n";print_usage(); exit $ERRORS{"UNKNOWN"}};
291 |       if (isnotnum($o_memL[0]) || isnotnum($o_memL[1]))
292 |        {print "Numeric values for memory!\n";print_usage(); exit $ERRORS{"UNKNOWN"}};
293 |       if ($o_memL[0]>$o_memL[1])
294 |        {print "Warning must be <= Critical for memory!\n";print_usage(); exit $ERRORS{"UNKNOWN"}};
295 |     }
296 |     #### CPU checks
297 |     if (defined ($o_cpu)) {
298 |       @o_cpuL=split(/,/,$o_cpu);
299 |       if ($#o_cpuL != 1) 
300 |         {print "2 values (warning,critical) for cpu\n";print_usage(); exit $ERRORS{"UNKNOWN"}};
301 |       if (isnotnum($o_cpuL[0]) || isnotnum($o_cpuL[1]))
302 |        {print "Numeric values for cpu!\n";print_usage(); exit $ERRORS{"UNKNOWN"}};
303 |       if ($o_cpuL[0]>$o_cpuL[1])
304 |        {print "Warning must be <= Critical for cpu!\n";print_usage(); exit $ERRORS{"UNKNOWN"}};
305 |     }
306 |     #### octet length checks
307 |     if (defined ($o_octetlength) && (isnotnum($o_octetlength) || $o_octetlength > 65535 || $o_octetlength < 484 )) {
308 | 		print "octet lenght must be < 65535 and > 484\n";print_usage(); exit $ERRORS{"UNKNOWN"};
309 |     }
310 | }
311 | 
312 | ########## MAIN #######
313 | 
314 | check_options();
315 | 
316 | # Check gobal timeout if snmp screws up
317 | if (defined($TIMEOUT)) {
318 |   verb("Alarm at $TIMEOUT");
319 |   alarm($TIMEOUT);
320 | } else {
321 |   verb("no timeout defined : $o_timeout + 10");
322 |   alarm ($o_timeout+10);
323 | }
324 | 
325 | # Connect to host
326 | my ($session,$error);
327 | if ( defined($o_login) && defined($o_passwd)) {
328 |   # SNMPv3 login
329 |   if (!defined ($o_privpass)) {
330 |   verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto");
331 |     ($session, $error) = Net::SNMP->session(
332 |       -hostname   	=> $o_host,
333 |       -version		=> '3',
334 |       -port      	=> $o_port,
335 |       -username		=> $o_login,
336 |       -authpassword	=> $o_passwd,
337 |       -authprotocol	=> $o_authproto,
338 |       -timeout          => $o_timeout
339 |     );  
340 |   } else {
341 |     verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto");
342 |     ($session, $error) = Net::SNMP->session(
343 |       -hostname   	=> $o_host,
344 |       -version		=> '3',
345 |       -username		=> $o_login,
346 |       -port      	=> $o_port,
347 |       -authpassword	=> $o_passwd,
348 |       -authprotocol	=> $o_authproto,
349 |       -privpassword	=> $o_privpass,
350 | 	  -privprotocol => $o_privproto,
351 |       -timeout          => $o_timeout
352 |     );
353 |   }
354 | } else {
355 |   if (defined ($o_version2)) {
356 |     # SNMPv2 Login
357 | 	($session, $error) = Net::SNMP->session(
358 |        -hostname  => $o_host,
359 | 	   -version   => 2,
360 |        -community => $o_community,
361 |        -port      => $o_port,
362 |        -timeout   => $o_timeout
363 |     );
364 |   } else {
365 |   # SNMPV1 login
366 |     ($session, $error) = Net::SNMP->session(
367 |        -hostname  => $o_host,
368 |        -community => $o_community,
369 |        -port      => $o_port,
370 |        -timeout   => $o_timeout
371 |     );
372 |   }
373 | }
374 | 
375 | if (!defined($session)) {
376 |    printf("ERROR: %s.\n", $error);
377 |    exit $ERRORS{"UNKNOWN"};
378 | }
379 | 
380 | if (defined($o_octetlength)) {
381 | 	my $oct_resultat=undef;
382 | 	my $oct_test= $session->max_msg_size();
383 | 	verb(" actual max octets:: $oct_test");
384 | 	$oct_resultat = $session->max_msg_size($o_octetlength);
385 | 	if (!defined($oct_resultat)) {
386 | 		 printf("ERROR: Session settings : %s.\n", $session->error);
387 | 		 $session->close;
388 | 		 exit $ERRORS{"UNKNOWN"};
389 | 	}
390 | 	$oct_test= $session->max_msg_size();
391 | 	verb(" new max octets:: $oct_test");
392 | }
393 | 
394 | # Look for process in name or path name table
395 | my $resultat=undef;
396 | my %result_cons=();
397 | my ($getall_run,$getall_cpu,$getall_mem)=(undef,undef,undef);
398 | if ( !defined ($o_path) ) {
399 |   $resultat = (Net::SNMP->VERSION lt 4) ? 
400 | 		$session->get_table($run_name_table)
401 | 		: $session->get_table(Baseoid => $run_name_table);
402 | } else {
403 |   $resultat = (Net::SNMP->VERSION < 4) ?
404 | 	$session->get_table($run_path_table)
405 | 	:$session->get_table(Baseoid => $run_path_table);
406 | }
407 | 
408 | if (!defined($resultat)) {
409 |    printf("ERROR: Process name table : %s.\n", $session->error);
410 |    $session->close;
411 |    exit $ERRORS{"UNKNOWN"};
412 | }
413 | 
414 | if (defined ($o_get_all)) {
415 |   $getall_run = (Net::SNMP->VERSION < 4) ?
416 | 	$session->get_table($proc_run_state )
417 | 	:$session->get_table(Baseoid => $proc_run_state );
418 |   if (!defined($getall_run)) {
419 |     printf("ERROR: Process run table : %s.\n", $session->error);
420 |     $session->close;
421 |     exit $ERRORS{"UNKNOWN"};
422 |   }
423 |   foreach my $key ( keys %$getall_run) {
424 |     $result_cons{$key}=$$getall_run{$key};
425 |   } 
426 |   $getall_cpu = (Net::SNMP->VERSION < 4) ?
427 | 	$session->get_table($proc_cpu_table)
428 | 	: $session->get_table(Baseoid => $proc_cpu_table);
429 |   if (!defined($getall_cpu)) {
430 |     printf("ERROR: Process cpu table : %s.\n", $session->error);
431 |     $session->close;
432 |     exit $ERRORS{"UNKNOWN"};
433 |   }
434 |   foreach my $key ( keys %$getall_cpu) {
435 |     $result_cons{$key}=$$getall_cpu{$key};
436 |   } 
437 |   $getall_mem = (Net::SNMP->VERSION < 4) ? 
438 | 	$session->get_table($proc_mem_table)
439 | 	: $session->get_table(Baseoid => $proc_mem_table);
440 |   if (!defined($getall_mem)) {
441 |     printf("ERROR: Process memory table : %s.\n", $session->error);
442 |     $session->close;
443 |     exit $ERRORS{"UNKNOWN"};
444 |   }
445 |   foreach my $key ( keys %$getall_mem) {
446 |     $result_cons{$key}=$$getall_mem{$key};
447 |   } 
448 | } 
449 | 
450 | my @tindex = undef;
451 | my @oids = undef;
452 | my @descr = undef;
453 | my $num_int = 0;
454 | my $count_oid = 0;
455 | # Select storage by regexp of exact match
456 | # and put the oid to query in an array
457 | 
458 | verb("Filter : $o_descr");
459 | 
460 | foreach my $key ( keys %$resultat) {
461 |    verb("OID : $key, Desc : $$resultat{$key}");
462 |    # test by regexp or exact match
463 |    my $test = defined($o_noreg)
464 |                 ? $$resultat{$key} eq $o_descr
465 |                 : $$resultat{$key} =~ /$o_descr/;
466 |   if ($test) {
467 |      # get the index number of the interface
468 |      my @oid_list = split (/\./,$key);
469 |      $tindex[$num_int] = pop (@oid_list);
470 |      # get the full description
471 |      $descr[$num_int]=$$resultat{$key};
472 |      # put the oid of running and mem (check this maybe ?) in an array.
473 |      $oids[$count_oid++]=$proc_mem_table . "." . $tindex[$num_int];
474 |      $oids[$count_oid++]=$proc_cpu_table . "." . $tindex[$num_int];
475 |      $oids[$count_oid++]=$proc_run_state . "." . $tindex[$num_int];
476 |      #verb("Name : $descr[$num_int], Index : $tindex[$num_int]");
477 |      verb($oids[$count_oid-1]);
478 |      $num_int++;
479 |   }
480 | }
481 | 
482 | if ( $num_int == 0) {
483 |    print "No process ",(defined ($o_noreg)) ? "named " : "matching ", $o_descr, " found : ";
484 |    if ($o_critL[0]>=0) {
485 |      print "CRITICAL\n";
486 |      exit $ERRORS{"CRITICAL"};
487 |    } elsif ($o_warnL[0]>=0) {
488 |      print "WARNING\n";
489 | 	 exit $ERRORS{"WARNING"};
490 |    }
491 |    print "YOU told me it was : OK\n";
492 |    exit $ERRORS{"OK"};
493 | }
494 | 
495 | my $result=undef;
496 | my $num_int_ok=0;
497 | # Splitting snmp request because can't use get_bulk_request with v1 protocol
498 | if (!defined ($o_get_all)) {
499 |   if ( $count_oid >= 50) {
500 |     my @toid=undef;
501 |     my $tmp_num=0;
502 |     my $tmp_index=0;
503 |     my $tmp_count=$count_oid;
504 |     my $tmp_result=undef;
505 |     verb("More than 50 oid, splitting");
506 |     while ( $tmp_count != 0 ) {
507 |       $tmp_num = ($tmp_count >=50) ? 50 : $tmp_count;
508 |       for (my $i=0; $i<$tmp_num;$i++) {
509 | 	 $toid[$i]=$oids[$i+$tmp_index];
510 | 	 #verb("$i :  $toid[$i] : $oids[$i+$tmp_index]");
511 |       }
512 |       $tmp_result = (Net::SNMP->VERSION lt 4) ? 
513 | 	    $session->get_request(@toid)
514 | 		: $session->get_request(Varbindlist => \@toid);
515 |       if (!defined($tmp_result)) { printf("ERROR: running table : %s.\n", $session->error); $session->close;
516 | 	  exit $ERRORS{"UNKNOWN"};
517 |       } 
518 |       foreach (@toid) { $result_cons{$_}=$$tmp_result{$_}; }
519 |       $tmp_count-=$tmp_num;
520 |       $tmp_index+=$tmp_num;
521 |     }  
522 | 
523 |   } else {
524 |     $result = (Net::SNMP->VERSION lt 4) ? 
525 | 		$session->get_request(@oids)
526 | 		: $session->get_request(Varbindlist => \@oids);
527 |     if (!defined($result)) { printf("ERROR: running table : %s.\n", $session->error); $session->close;
528 |      exit $ERRORS{"UNKNOWN"};
529 |     }
530 |     foreach (@oids) {$result_cons{$_}=$$result{$_};}
531 |   }
532 | }
533 | 
534 | $session->close;
535 | 
536 | #Check if process are in running or runnable state
537 | for (my $i=0; $i< $num_int; $i++) {
538 |    my $state=$result_cons{$proc_run_state . "." . $tindex[$i]};
539 |    my $tmpmem=$result_cons{$proc_mem_table . "." . $tindex[$i]};
540 |    my $tmpcpu=$result_cons{$proc_cpu_table . "." . $tindex[$i]};
541 |    verb ("Process $tindex[$i] in state $state using $tmpmem, and $tmpcpu CPU");
542 |    if (!isnotnum($state)) { # check argument is numeric (can be NoSuchInstance)
543 |      $num_int_ok++ if (($state == 1) || ($state ==2));
544 |    }
545 | }
546 | 
547 | my $final_status=0;
548 | my ($res_memory,$res_cpu)=(0,0);
549 | my $memory_print="";
550 | my $cpu_print="";
551 | ###### Checks memory usage
552 | 
553 | if (defined ($o_mem) ) {
554 |  if (defined ($o_mem_avg)) {
555 |    for (my $i=0; $i< $num_int; $i++) { $res_memory += $result_cons{$proc_mem_table . "." . $tindex[$i]};}
556 |    $res_memory /= ($num_int_ok*1024);
557 |    verb("Memory average : $res_memory"); 
558 |  } else {
559 |    for (my $i=0; $i< $num_int; $i++) { 
560 |      $res_memory = ($result_cons{$proc_mem_table . "." . $tindex[$i]} > $res_memory) ? $result_cons{$proc_mem_table . "." . $tindex[$i]} : $res_memory;
561 |    } 
562 |    $res_memory /=1024;
563 |    verb("Memory max : $res_memory");
564 |  }
565 |  if ($res_memory > $o_memL[1]) {
566 |    $final_status=2;
567 |    $memory_print=", Mem : ".sprintf("%.1f",$res_memory)."Mb > ".$o_memL[1]." CRITICAL";
568 |  } elsif ( $res_memory > $o_memL[0]) {
569 |    $final_status=1;
570 |    $memory_print=", Mem : ".sprintf("%.1f",$res_memory)."Mb > ".$o_memL[0]." WARNING";
571 |  } else {
572 |    $memory_print=", Mem : ".sprintf("%.1f",$res_memory)."Mb OK";
573 |  }
574 | }
575 | 
576 | ######## Checks CPU usage
577 | 
578 | if (defined ($o_cpu) ) {
579 |   my $timenow=time;
580 |   my $temp_file_name;
581 |   my ($return,@file_values)=(undef,undef);
582 |   my $n_rows=0;
583 |   my $n_items_check=2;
584 |   my $trigger=$timenow - ($o_delta - ($o_delta/10));
585 |   my $trigger_low=$timenow - 3*$o_delta;
586 |   my ($old_value,$old_time)=undef; 
587 |   my $found_value=undef;
588 |   
589 |   #### Get the current values
590 |   for (my $i=0; $i< $num_int; $i++) { $res_cpu += $result_cons{$proc_cpu_table . "." . $tindex[$i]};}
591 |   
592 |   verb("Time: $timenow , cpu (centiseconds) : $res_cpu");
593 | 
594 |   #### Read file
595 |   $temp_file_name=$o_descr;
596 |   $temp_file_name =~ s/ /_/g;
597 |   $temp_file_name = $o_base_dir . $o_host ."." . $temp_file_name; 
598 |   # First, read entire file
599 |   my @ret_array=read_file($temp_file_name,$n_items_check);
600 |   $return = shift(@ret_array);
601 |   $n_rows = shift(@ret_array);
602 |   if ($n_rows != 0) { @file_values = @ret_array };     
603 |   verb ("File read returns : $return with $n_rows rows");
604 |   #make the checks if the file is OK  
605 |   if ($return ==0) {
606 |     my $j=$n_rows-1;
607 |     do {
608 |       if ($file_values[$j][0] < $trigger) {
609 |         if ($file_values[$j][0] > $trigger_low) {
610 |           # found value = centiseconds / seconds = %cpu
611 |           $found_value= ($res_cpu-$file_values[$j][1]) / ($timenow - $file_values[$j][0] );
612 |         }
613 |       }
614 |       $j--;
615 |     } while ( ($j>=0) && (!defined($found_value)) );
616 |   }
617 |   ###### Write file
618 |   $file_values[$n_rows][0]=$timenow;
619 |   $file_values[$n_rows][1]=$res_cpu;
620 |   $n_rows++;
621 |   $return=write_file($temp_file_name,$n_rows,$n_items_check,@file_values);
622 |   if ($return != 0) { $cpu_print.="! ERROR writing file $temp_file_name !";$final_status=3;}
623 |   ##### Check values (if something to check...)
624 |   if (defined($found_value)) {
625 |     if ($found_value > $o_cpuL[1]) {
626 |       $final_status=2;
627 |       $cpu_print.=", Cpu : ".sprintf("%.0f",$found_value)."% > ".$o_cpuL[1]." CRITICAL";
628 |     } elsif ( $found_value > $o_cpuL[0]) {
629 |       $final_status=($final_status==2)?2:1;
630 |       $cpu_print.=", Cpu : ".sprintf("%.0f",$found_value)."% > ".$o_cpuL[0]." WARNING";
631 |     } else {
632 |       $cpu_print.=", Cpu : ".sprintf("%.0f",$found_value)."% OK";
633 |     }
634 |   } else {
635 |     if ($final_status==0) { $final_status=3 };
636 |     $cpu_print.=", No data for CPU (".$n_rows." line(s)):UNKNOWN";
637 |   }
638 | }
639 | 
640 | print $num_int_ok, " process ", (defined ($o_noreg)) ? "named " : "matching ", $o_descr, " ";
641 | 
642 | #### Check for min and max number of process
643 | if ( $num_int_ok <= $o_critL[0] ) {
644 |    print "(<= ",$o_critL[0]," : CRITICAL)";
645 |    $final_status=2;
646 | } elsif ( $num_int_ok <= $o_warnL[0] ) {
647 |    print "(<= ",$o_warnL[0]," : WARNING)";
648 |    $final_status=($final_status==2)?2:1;
649 | } else {
650 |    print "(> ",$o_warnL[0],")";
651 | }
652 | if (defined($o_critL[1]) && ($num_int_ok > $o_critL[1])) {
653 |   print " (> ",$o_critL[1]," : CRITICAL)";
654 |   $final_status=2;
655 | } elsif (defined($o_warnL[1]) && ($num_int_ok > $o_warnL[1])) {
656 |    print " (> ",$o_warnL[1]," : WARNING)";
657 |    $final_status=($final_status==2)?2:1;
658 | } elsif (defined($o_warnL[1])) {
659 |    print " (<= ",$o_warnL[1],"):OK";
660 | }
661 | 
662 | print $memory_print,$cpu_print,"\n";
663 | 
664 | if ($final_status==2) { exit $ERRORS{"CRITICAL"};}
665 | if ($final_status==1) { exit $ERRORS{"WARNING"};}
666 | if ($final_status==3) { exit $ERRORS{"UNKNOWN"};}
667 | exit $ERRORS{"OK"};
668 | 
669 | 


--------------------------------------------------------------------------------
/chap10-code/roles/infra-plugin-config/files/show_users:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | #
  3 | #   Copyright Hari Sekhon 2007
  4 | #
  5 | #   This program is free software; you can redistribute it and/or modify
  6 | #   it under the terms of the GNU General Public License as published by
  7 | #   the Free Software Foundation; either version 2 of the License, or
  8 | #   (at your option) any later version.
  9 | #
 10 | #   This program is distributed in the hope that it will be useful,
 11 | #   but WITHOUT ANY WARRANTY; without even the implied warranty of
 12 | #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 13 | #   GNU General Public License for more details.
 14 | #
 15 | #   You should have received a copy of the GNU General Public License
 16 | #   along with this program; if not, write to the Free Software
 17 | #   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 18 | #
 19 | 
 20 | # Nagios Plugin to list all currently logged on users to a system.
 21 | 
 22 | version=0.2
 23 | 
 24 | # This makes coding much safer as a varible typo is caught 
 25 | # with an error rather than passing through
 26 | set -u
 27 | 
 28 | # Note: resisted urge to use <<<, instead sticking with |
 29 | # in case anyone uses this with an older version of bash
 30 | # so no bash bashers please on this
 31 | 
 32 | # Standard Nagios exit codes
 33 | OK=0
 34 | WARNING=1
 35 | CRITICAL=2
 36 | UNKNOWN=3
 37 | 
 38 | usage(){
 39 |     echo "usage: ${0##*/} [--simple] [ --mandatory username ] [ --unauthorized username ] [ --whitelist username ]"
 40 |     echo
 41 |     echo "returns a list of users on the local machine"
 42 |     echo
 43 |     echo "   -s, --simple show users without the number of sessions"
 44 |     echo "   -m username, --mandatory username"
 45 |     echo "                Mandatory users. Return CRITICAL if any of these users are not"
 46 |     echo "                currently logged in"
 47 |     echo "   -u username, --unauthorized username"
 48 |     echo "                Unauthorized users. Returns CRITICAL if any of these users are"
 49 |     echo "                logged in. This can be useful if you have a policy that states"
 50 |     echo "                that you may not have a root shell but must instead only use "
 51 |     echo "                'sudo command'. Specifying '-u root' would alert on root having"
 52 |     echo "                a session and hence catch people violating such a policy."
 53 |     echo "   -w username, --whitelist username"
 54 |     echo "                Whitelist users. This is exceptionally useful. If you define"
 55 |     echo "                a bunch of users here that you know you use, and suddenly"
 56 |     echo "                there is a user session open for another account it could"
 57 |     echo "                alert you to a compromise. If you run this check say every"
 58 |     echo "                3 minutes, then any attacker has very little time to evade"
 59 |     echo "                detection before this trips."
 60 |     echo
 61 |     echo "                -m,-u and -w can be specified multiple times for multiple users"
 62 |     echo "                or you can use a switch a single time with a comma separated"
 63 |     echo "                list."
 64 |     echo
 65 |     echo "   -V --version Print the version number and exit"
 66 |     echo
 67 |     exit $UNKNOWN
 68 | }
 69 | 
 70 | simple=""
 71 | mandatory_users=""
 72 | unauthorized_users=""
 73 | whitelist_users=""
 74 | 
 75 | while [ "$#" -ge 1 ]; do
 76 |     case "$1" in
 77 |         -h|--help)  usage
 78 |                     ;;
 79 |      -V|--version)  echo $version
 80 |                     exit $UNKNOWN
 81 |                     ;;
 82 |       -s|--simple)  simple=true
 83 |                     ;;
 84 |    -m|--mandatory)  if [ "$#" -ge 2 ]; then
 85 |                         if [ -n "$mandatory_users" ]; then
 86 |                             mandatory_users="$mandatory_users $2"
 87 |                         else
 88 |                             mandatory_users="$2"
 89 |                         fi
 90 |                         shift
 91 |                     else
 92 |                         usage
 93 |                     fi
 94 |                     ;;
 95 | -u|--unauthorized)  if [ "$#" -ge 2 ]; then
 96 |                         if [ -n "$unauthorized_users" ]; then
 97 |                             unauthorized_users="$unauthorized_users $2"
 98 |                         else
 99 |                             unauthorized_users="$2"
100 |                         fi
101 |                         shift
102 |                     else
103 |                         usage
104 |                     fi
105 |                     ;;
106 |    -w|--whitelist)  if [ "$#" -ge 2 ]; then
107 |                         if [ -n "$whitelist_users" ]; then
108 |                             whitelist_users="$whitelist_users $2"
109 |                         else
110 |                             whitelist_users="$2"
111 |                         fi
112 |                         shift
113 |                     else
114 |                         usage
115 |                     fi
116 |                     ;;
117 |                 *)  usage
118 |                     ;;
119 |     esac
120 |     shift
121 | done
122 | 
123 | mandatory_users="`echo $mandatory_users | tr ',' ' '`"
124 | unauthorized_users="`echo $unauthorized_users | tr ',' ' '`"
125 | whitelist_users="`echo $whitelist_users | tr ',' ' '`"
126 | 
127 | # Must be a list of usernames only.
128 | userlist="`who|grep -v "^ *$"|awk '{print $1}'|sort`"
129 | errormsg=""
130 | exitcode=$OK
131 | 
132 | if [ -n "$userlist" ]; then
133 |     if [ -n "$mandatory_users" ]; then
134 |         missing_users=""
135 |         for user in $mandatory_users; do
136 |             if ! echo "$userlist"|grep "^$user$" >/dev/null 2>&1; then
137 |                 missing_users="$missing_users $user"
138 |                 exitcode=$CRITICAL
139 |             fi
140 |         done
141 |         for user in `echo $missing_users|tr " " "\n"|sort -u`; do
142 |             errormsg="${errormsg}user '$user' not logged in. "
143 |         done 
144 |     fi
145 | 
146 |     if [ -n "$unauthorized_users" ]; then
147 |         blacklisted_users=""
148 |         for user in $unauthorized_users; do
149 |             if echo "$userlist"|sort -u|grep "^$user$" >/dev/null 2>&1; then
150 |                 blacklisted_users="$blacklisted_users $user"
151 |                 exitcode=$CRITICAL
152 |             fi
153 |         done
154 |         for user in `echo $blacklisted_users|tr " " "\n"|sort -u`; do
155 |             errormsg="${errormsg}Unauthorized user '$user' is logged in! "
156 |         done 
157 |     fi
158 | 
159 |     if [ -n "$whitelist_users" ]; then
160 |         unwanted_users=""
161 |         for user in `echo "$userlist"|sort -u`; do
162 |             if ! echo $whitelist_users|tr " " "\n"|grep "^$user$" >/dev/null 2>&1; then
163 |                 unwanted_users="$unwanted_users $user"
164 |                 exitcode=$CRITICAL
165 |             fi
166 |         done
167 |         for user in `echo $unwanted_users|tr " " "\n"|sort -u`; do
168 |             errormsg="${errormsg}Unauthorized user '$user' detected! "
169 |         done 
170 |     fi
171 | 
172 |     if [ "$simple" == "true" ]
173 |         then
174 |         finallist=`echo "$userlist"|uniq`
175 |     else
176 |         finallist=`echo "$userlist"|uniq -c|awk '{print $2"("$1")"}'`
177 |     fi
178 | else
179 |     finallist="no users logged in"
180 | fi
181 | 
182 | if [ "$exitcode" -eq $OK ]; then
183 |     echo "USERS OK:" $finallist
184 |     exit $OK
185 | elif [ "$exitcode" -eq $WARNING ]; then
186 |     echo "USERS WARNING:" $errormsg"[users: "$finallist"]"
187 |     exit $WARNING
188 | elif [ "$exitcode" -eq $CRITICAL ]; then
189 |     echo "USERS CRITICAL:" $errormsg"[users: "$finallist"]"
190 |     exit $CRITICAL
191 | else
192 |     echo "USERS UNKNOWN:" $errormsg"[users: "$finallist"]"
193 |     exit $UNKNOWN
194 | fi
195 | 
196 | exit $UNKNOWN
197 | 


--------------------------------------------------------------------------------
/chap10-code/roles/infra-plugin-config/files/utils.pm:
--------------------------------------------------------------------------------
 1 | # Utility drawer for Nagios plugins.
 2 | #
 3 | # This will be deprecated soon. Please use Nagios::Plugin from CPAN
 4 | # for new plugins
 5 | 
 6 | package utils;
 7 | 
 8 | require Exporter;
 9 | @ISA = qw(Exporter);
10 | @EXPORT_OK = qw($TIMEOUT %ERRORS &print_revision &support &usage);
11 | 
12 | #use strict;
13 | #use vars($TIMEOUT %ERRORS);
14 | sub print_revision ($$);
15 | sub usage;
16 | sub support();
17 | sub is_hostname;
18 | 
19 | ## updated by autoconf
20 | $PATH_TO_RPCINFO = "/usr/sbin/rpcinfo" ;
21 | $PATH_TO_LMSTAT  = "" ;
22 | $PATH_TO_SMBCLIENT = "/usr/bin/smbclient" ;
23 | $PATH_TO_MAILQ   = "/usr/bin/mailq";
24 | $PATH_TO_QMAIL_QSTAT = "";
25 | 
26 | ## common variables
27 | $TIMEOUT = 15;
28 | %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
29 | 
30 | ## utility subroutines
31 | sub print_revision ($$) {
32 | 	my $commandName = shift;
33 | 	my $pluginRevision = shift;
34 | 	print "$commandName v$pluginRevision (nagios-plugins 1.5)\n";
35 | 	print "The nagios plugins come with ABSOLUTELY NO WARRANTY. You may redistribute\ncopies of the plugins under the terms of the GNU General Public License.\nFor more information about these matters, see the file named COPYING.\n";
36 | }
37 | 
38 | sub support () {
39 | 	my $support='Send email to nagios-users@lists.sourceforge.net if you have questions\nregarding use of this software. To submit patches or suggest improvements,\nsend email to nagiosplug-devel@lists.sourceforge.net.\nPlease include version information with all correspondence (when possible,\nuse output from the --version option of the plugin itself).\n';
40 | 	$support =~ s/@/\@/g;
41 | 	$support =~ s/\\n/\n/g;
42 | 	print $support;
43 | }
44 | 
45 | sub usage {
46 | 	my $format=shift;
47 | 	printf($format,@_);
48 | 	exit $ERRORS{'UNKNOWN'};
49 | }
50 | 
51 | sub is_hostname {
52 | 	my $host1 = shift;
53 | 	return 0 unless defined $host1;
54 | 	if ($host1 =~ m/^[\d\.]+$/ && $host1 !~ /\.$/) {
55 | 		if ($host1 =~ m/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/) {
56 | 			return 1;
57 | 		} else {
58 | 			return 0;
59 | 		}
60 | 	} elsif ($host1 =~ m/^[a-zA-Z0-9][-a-zA-Z0-9]*(\.[a-zA-Z0-9][-a-zA-Z0-9]*)*\.?$/) {
61 | 		return 1;
62 | 	} else {
63 | 		return 0;
64 | 	}
65 | }
66 | 
67 | 1;
68 | 


--------------------------------------------------------------------------------
/chap10-code/roles/infra-plugin-config/files/utils.sh:
--------------------------------------------------------------------------------
  1 | #! /bin/sh
  2 | 
  3 | STATE_OK=0
  4 | STATE_WARNING=1
  5 | STATE_CRITICAL=2
  6 | STATE_UNKNOWN=3
  7 | STATE_DEPENDENT=4
  8 | 
  9 | if test -x /usr/bin/printf; then
 10 | 	ECHO=/usr/bin/printf
 11 | else
 12 | 	ECHO=echo
 13 | fi
 14 | 
 15 | print_revision() {
 16 | 	echo "$1 v$2 (nagios-plugins 1.5)"
 17 | 	$ECHO "The nagios plugins come with ABSOLUTELY NO WARRANTY. You may redistribute\ncopies of the plugins under the terms of the GNU General Public License.\nFor more information about these matters, see the file named COPYING.\n" | sed -e 's/\n/ /g'
 18 | }
 19 | 
 20 | support() {
 21 | 	$ECHO "Send email to nagios-users@lists.sourceforge.net if you have questions\nregarding use of this software. To submit patches or suggest improvements,\nsend email to nagiosplug-devel@lists.sourceforge.net.\nPlease include version information with all correspondence (when possible,\nuse output from the --version option of the plugin itself).\n" | sed -e 's/\n/ /g'
 22 | }
 23 | 
 24 | #
 25 | # check_range takes a value and a range string, returning successfully if an
 26 | # alert should be raised based on the range.  Range values are inclusive.
 27 | # Values may be integers or floats.
 28 | #
 29 | # Example usage:
 30 | #
 31 | # Generating an exit code of 1:
 32 | # check_range 5 2:8
 33 | #
 34 | # Generating an exit code of 0:
 35 | # check_range 1 2:8
 36 | #
 37 | check_range() {
 38 | 	local v range yes no err decimal start end cmp match
 39 | 	v="$1"
 40 | 	range="$2"
 41 | 
 42 | 	# whether to raise an alert or not
 43 | 	yes=0
 44 | 	no=1
 45 | 	err=2
 46 | 
 47 | 	# regex to match a decimal number
 48 | 	decimal="-?([0-9]+\.?[0-9]*|[0-9]*\.[0-9]+)"
 49 | 
 50 | 	# compare numbers (including decimals), returning true/false
 51 | 	cmp() { awk "BEGIN{ if ($1) exit(0); exit(1)}"; }
 52 | 
 53 | 	# returns successfully if the string in the first argument matches the
 54 | 	# regex in the second
 55 | 	match() { echo "$1" | grep -E -q -- "$2"; }
 56 | 
 57 | 	# make sure value is valid
 58 | 	if ! match "$v" "^$decimal$"; then
 59 | 		echo "${0##*/}: check_range: invalid value" >&2
 60 | 		unset -f cmp match
 61 | 		return "$err"
 62 | 	fi
 63 | 
 64 | 	# make sure range is valid
 65 | 	if ! match "$range" "^@?(~|$decimal)(:($decimal)?)?$"; then
 66 | 		echo "${0##*/}: check_range: invalid range" >&2
 67 | 		unset -f cmp match
 68 | 		return "$err"
 69 | 	fi
 70 | 
 71 | 	# check for leading @ char, which negates the range
 72 | 	if match $range '^@'; then
 73 | 		range=${range#@}
 74 | 		yes=1
 75 | 		no=0
 76 | 	fi
 77 | 
 78 | 	# parse the range string
 79 | 	if ! match "$range" ':'; then
 80 | 		start=0
 81 | 		end="$range"
 82 | 	else
 83 | 		start="${range%%:*}"
 84 | 		end="${range#*:}"
 85 | 	fi
 86 | 
 87 | 	# do the comparison, taking positive ("") and negative infinity ("~")
 88 | 	# into account
 89 | 	if [ "$start" != "~" ] && [ "$end" != "" ]; then
 90 | 		if cmp "$start <= $v" && cmp "$v <= $end"; then
 91 | 			unset -f cmp match
 92 | 			return "$no"
 93 | 		else
 94 | 			unset -f cmp match
 95 | 			return "$yes"
 96 | 		fi
 97 | 	elif [ "$start" != "~" ] && [ "$end" = "" ]; then
 98 | 		if cmp "$start <= $v"; then
 99 | 			unset -f cmp match
100 | 			return "$no"
101 | 		else
102 | 			unset -f cmp match
103 | 			return "$yes"
104 | 		fi
105 | 	elif [ "$start" = "~" ] && [ "$end" != "" ]; then
106 | 		if cmp "$v <= $end"; then
107 | 			unset -f cmp match
108 | 			return "$no"
109 | 		else
110 | 			unset -f cmp match
111 | 			return "$yes"
112 | 		fi
113 | 	else
114 | 		unset -f cmp match
115 | 		return "$no"
116 | 	fi
117 | }
118 | 


--------------------------------------------------------------------------------
/chap10-code/roles/infra-plugin-config/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Install additional packages
 4 |   apt: name={{item}} state=present
 5 |   with_items:
 6 |    - libnet-snmp-perl
 7 |    
 8 | - name: Create bin directory 
 9 |   file: path=/home/"{{ USER }}"/bin state=directory
10 |   ignore_errors: yes
11 | 
12 | - name: Fix libcrypto link 
13 |   command: chdir=/lib/x86_64-linux-gnu ln -s libcrypto.so.1.0.0 libcrypto.so.6
14 |   ignore_errors: yes
15 |   
16 | - name: Fix libssl link 
17 |   command: chdir=/lib/x86_64-linux-gnu ln -s libssl.so.1.0.0 libssl.so.6
18 |   ignore_errors: yes
19 |   
20 | - name: Copy nagios plugins
21 |   copy: src=check_http dest=/home/"{{ USER }}"/bin
22 |   
23 | - name: Copy nagios plugins
24 |   copy: src=check_port.pl dest=/home/"{{ USER }}"/bin
25 |   
26 | - name: Copy nagios plugins
27 |   copy: src=check_snmp_process.pl dest=/home/"{{ USER }}"/bin
28 |   
29 | - name: Copy nagios plugins
30 |   copy: src=show_users dest=/home/"{{ USER }}"/bin
31 |   
32 | - name: Copy perl utils
33 |   copy: src=utils.pm dest=/etc/perl
34 |   
35 | - name: Copy perl utils
36 |   copy: src=utils.sh dest=/etc/perl
37 |   
38 | - name: Confirm plugin file permissions 
39 |   file: path=/home/nagios/bin/check* mode=0777
40 | 
41 | - name: Confirm plug file ownership 
42 |   file: path=/home/nagios/bin owner=nagios group=nagios recurse=yes


--------------------------------------------------------------------------------
/chap10-code/roles/install-nagios/files/id_dsa:
--------------------------------------------------------------------------------
 1 | -----BEGIN DSA PRIVATE KEY-----
 2 | MIIBuwIBAAKBgQCSPHEF+ro7OYl3Sf77Kox2XmR8k9dYXO0yeqebG9Z3fL/L30Nm
 3 | dWs8jmdGa2s+YJPUJIgYTNpYbpUCoR3XI4fUkblVmoi+l59O+BVjzalgaiOZDDQ7
 4 | vO6MaxRao4ZfcRwonEC9hXi9ydiuuDqoV+63k5p13lOBKYlLxgYghFPR4wIVAKa7
 5 | kC4sAF5SK7QMElUUeIMtdH7NAoGAe/f9Udc0HRveWUhjcIsh03m9qwU70j9dYW0W
 6 | BaQidDcJhiziGo62ybID3B8Jq6AMAaNh5UWjnI7Q0ssx8WlKU18HJNB587n352xB
 7 | 9fFr1mMRUPSyJPsW0Mm2pAAyTFZ3HfwCm0t4PsfWz6XFMCU9oq+Qgn8MKJeWE0uY
 8 | nJd22QsCgYEAi93ycGNBLVtMeafSGiCdiHrPToO4HGokpepHuIo5ryaE8G6B5r4N
 9 | yrJCudGfVYIiyhrUDcgUyV2PA91m/HqmxczhyexyqTy0Edev6FEPoxR5dh02NLd+
10 | zHa7yFNaGvT1meFM42hCltcIW61/ofveuijGzwdU9cohosFKeMrRC3wCFE+5Ie5+
11 | 9rnp2yHNaMHZjtKYe903
12 | -----END DSA PRIVATE KEY-----
13 | 


--------------------------------------------------------------------------------
/chap10-code/roles/install-nagios/files/id_dsa.pub:
--------------------------------------------------------------------------------
1 | ssh-dss AAAAB3NzaC1kc3MAAACBAJI8cQX6ujs5iXdJ/vsqjHZeZHyT11hc7TJ6p5sb1nd8v8vfQ2Z1azyOZ0Zraz5gk9QkiBhM2lhulQKhHdcjh9SRuVWaiL6Xn074FWPNqWBqI5kMNDu87oxrFFqjhl9xHCicQL2FeL3J2K64OqhX7reTmnXeU4EpiUvGBiCEU9HjAAAAFQCmu5AuLABeUiu0DBJVFHiDLXR+zQAAAIB79/1R1zQdG95ZSGNwiyHTeb2rBTvSP11hbRYFpCJ0NwmGLOIajrbJsgPcHwmroAwBo2HlRaOcjtDSyzHxaUpTXwck0HnzuffnbEH18WvWYxFQ9LIk+xbQybakADJMVncd/AKbS3g+x9bPpcUwJT2ir5CCfwwol5YTS5icl3bZCwAAAIEAi93ycGNBLVtMeafSGiCdiHrPToO4HGokpepHuIo5ryaE8G6B5r4NyrJCudGfVYIiyhrUDcgUyV2PA91m/HqmxczhyexyqTy0Edev6FEPoxR5dh02NLd+zHa7yFNaGvT1meFM42hCltcIW61/ofveuijGzwdU9cohosFKeMrRC3w= nagios@021579-deploy01
2 | 


--------------------------------------------------------------------------------
/chap10-code/roles/install-nagios/files/nagios-ubuntu-logo.tar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/OpenStack-Administration-with-Ansible-2/b873eba0b58ab6db8274fb8b68a4424533c19a54/chap10-code/roles/install-nagios/files/nagios-ubuntu-logo.tar


--------------------------------------------------------------------------------
/chap10-code/roles/install-nagios/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Install additional packages
 4 |   apt: name={{item}} state=present
 5 |   with_items:
 6 |    - vim
 7 |    - nagios3
 8 |    - unzip
 9 | 
10 | - name: Backup Nagios config files
11 |   command: cp -r /etc/nagios3 /etc/nagios3.backup
12 |   
13 | - name: Check Nagios service
14 |   shell: ps -ef |grep nagios3
15 | 
16 | - name: Create user .ssh directory 
17 |   file: path=/var/lib/nagios/.ssh state=directory
18 |   ignore_errors: yes
19 | 
20 | - name: Copy SSH private keys
21 |   copy: src=id_dsa dest=/var/lib/nagios/.ssh mode=0600
22 |   
23 | - name: Copy SSH public keys
24 |   copy: src=id_dsa.pub dest=/var/lib/nagios/.ssh mode=0644
25 |   
26 | - name: Copy nagios Ubuntu logo archive
27 |   copy: src=nagios-ubuntu-logo.tar dest=/usr/share
28 |   
29 | - name: Decompress nagios Ubuntu logo archive
30 |   command: chdir=/usr/share tar xvf nagios-ubuntu-logo.tar -C /usr/share/nagios/htdocs/images/logos/base


--------------------------------------------------------------------------------
/chap10-code/roles/install-nconf/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Install additional packages
 4 |   apt: name={{item}} state=present
 5 |   with_items:
 6 |    - mysql-server
 7 |    - mysql-client
 8 |    - php5
 9 |    - libapache2-mod-php5
10 |    - php5-mysql
11 |    - php5-cli
12 |    - php5-common
13 |    - libtext-csv-xs-perl
14 |    
15 | - name: Download NConf binaries
16 |   command: wget http://sourceforge.net/projects/nconf/files/nconf/1.3.0-0/nconf-1.3.0-0.tgz/download -O /usr/share/nconf-1.3.0-0.tgz
17 | 
18 | - name: Unpack NConf binaries
19 |   command: chdir=/usr/share tar xzvf nconf-1.3.0-0.tgz -C /var/www/html
20 |   
21 | - name: Set proper NConf directory permissions
22 |   command: chdir=/var/www/html/nconf chmod 644 config output static_cfg temp
23 |   
24 | - name: Copy NConf DB script
25 |   template: src=create-nconf-db.sql dest=/usr/share
26 | 
27 | - name: Create NConf DB
28 |   shell: chdir=/usr/bin mysql -u "{{ DB_USER }}" --password= < /usr/share/create-nconf-db.sql
29 | 
30 | - name: Set NConf directory ownership
31 |   file: path=/var/www/html/nconf owner=www-data group=www-data recurse=yes
32 | 
33 | - name: Set NConf directory permissions
34 |   file: path=/var/www/html/nconf mode=0777
35 | 
36 | - name: Stop apache
37 |   command: service apache2 stop
38 |   
39 | - name: Start apache
40 |   command: service apache2 start


--------------------------------------------------------------------------------
/chap10-code/roles/install-nconf/templates/create-nconf-db.sql:
--------------------------------------------------------------------------------
1 | CREATE DATABASE {{ DB_NAME }};
2 | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER ON {{ DB_NAME }}.* TO '{{ DB_USER }}'@'localhost' IDENTIFIED BY '{{ DB_PASS }}';


--------------------------------------------------------------------------------
/chap10-code/roles/nagios-plugins/files/NagiosConfig.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/OpenStack-Administration-with-Ansible-2/b873eba0b58ab6db8274fb8b68a4424533c19a54/chap10-code/roles/nagios-plugins/files/NagiosConfig.zip


--------------------------------------------------------------------------------
/chap10-code/roles/nagios-plugins/files/nagios-plugins.tar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/OpenStack-Administration-with-Ansible-2/b873eba0b58ab6db8274fb8b68a4424533c19a54/chap10-code/roles/nagios-plugins/files/nagios-plugins.tar


--------------------------------------------------------------------------------
/chap10-code/roles/nagios-plugins/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Copy nagios plugins tar file
 4 |   copy: src=nagios-plugins.tar dest=/usr/share
 5 | 
 6 | - name: Decompress nagios plugins archive
 7 |   command: chdir=/usr/share tar xvf nagios-plugins.tar -C /usr/lib/nagios/plugins
 8 | 
 9 | - name: Confirm plugin file permissions 
10 |   file: path=/usr/lib/nagios/plugins/* mode=0774 
11 | 
12 | - name: Confirm plugin file ownership 
13 |   file: path=/usr/lib/nagios/plugins owner=nagios owner=nagios recurse=yes
14 |   
15 | - name: Copy nagios configs zip file
16 |   copy: src=NagiosConfig.zip dest=/usr/share
17 | 
18 | - name: Create rpc-nagios-configs directory 
19 |   file: path=/etc/nagios3/rpc-nagios-configs state=directory
20 | 
21 | - name: Decompress nagios configs archive
22 |   command: chdir=/usr/share unzip NagiosConfig.zip -d /etc/nagios3/rpc-nagios-configs


--------------------------------------------------------------------------------
/chap10-code/roles/nagios-post-install/files/deploy_local.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | OUTPUT_DIR="/var/www/html/nconf/output/"
 4 | NAGIOS_DIR="/etc/nagios3/"
 5 | TEMP_DIR=${NAGIOS_DIR}"import/"
 6 | CONF_ARCHIVE="NagiosConfig.tgz"
 7 | 
 8 | if [ ! -e ${TEMP_DIR} ] ; then
 9 | mkdir -p ${TEMP_DIR}
10 | fi
11 | 
12 | if [ ${OUTPUT_DIR}${CONF_ARCHIVE} -nt ${TEMP_DIR}${CONF_ARCHIVE} ] ; then
13 | cp -p ${OUTPUT_DIR}${CONF_ARCHIVE} ${TEMP_DIR}${CONF_ARCHIVE}
14 | tar -xf ${TEMP_DIR}${CONF_ARCHIVE} -C ${NAGIOS_DIR}
15 | service nagios3 restart
16 | fi
17 | 
18 | exit


--------------------------------------------------------------------------------
/chap10-code/roles/nagios-post-install/files/nagios.txt:
--------------------------------------------------------------------------------
1 | cfg_dir=/etc/nagios3/global
2 | cfg_dir=/etc/nagios3/Default_collector


--------------------------------------------------------------------------------
/chap10-code/roles/nagios-post-install/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Copy NConf config file
 4 |   copy: src=nconf.php dest=/var/www/html/nconf/config mode=0644
 5 | 
 6 | - name: Change default Nagios config to use NConf
 7 |   shell: chdir=/bin sed -i 's/^cfg_dir.*/#/g' /etc/nagios3/nagios.cfg
 8 | 
 9 | - name: Change default Nagios config to use NConf
10 |   shell: chdir=/bin sed -i 's/^cfg_file.*/#/g' /etc/nagios3/nagios.cfg
11 | 
12 | - name: Make import directory
13 |   file: path=/etc/nagios3/import state=directory
14 |   
15 | - name: Copy Nagios config snippet
16 |   copy: src=nagios.txt dest=/usr/share
17 |   
18 | - name: Change default Nagios config to use NConf
19 |   shell: chdir=/usr/share cat /usr/share/nagios.txt >> /etc/nagios3/nagios.cfg
20 |   
21 | - name: Copy updated NConf deployment script
22 |   copy: src=deploy_local.sh dest=/var/www/html/nconf/ADD-ONS mode=0777


--------------------------------------------------------------------------------
/chap10-code/roles/nconf-post-install/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Remove installation directories and files
 4 |   command: rm -r /var/www/html/nconf/INSTALL
 5 | 
 6 | - name: Remove installation directories and files
 7 |   command: rm /var/www/html/nconf/INSTALL.php
 8 |   
 9 | - name: Remove installation directories and files
10 |   command: rm -r /var/www/html/nconf/UPDATE
11 |   
12 | - name: Remove installation directories and files
13 |   command: rm /var/www/html/nconf/UPDATE.php


--------------------------------------------------------------------------------
/chap10-code/roles/snmp-config/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Install additional packages
 4 |   apt: name="{{ item }}" state=present
 5 |   with_items:
 6 |    - snmpd
 7 |    
 8 | - name: Move standard config
 9 |   command: mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org
10 | 
11 | - name: Place new config file
12 |   template: src=snmpd.conf dest=/etc/snmp/snmpd.conf
13 |   
14 | - name: Update SNMP options
15 |   shell: chdir=/bin sed -i 's+^SNMPDOPTS.*+SNMPDOPTS="-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf"+' /etc/default/snmpd
16 | 
17 | - name: Stop SNMP service
18 |   command: service snmpd stop
19 | 
20 | - name: Start SNMP service
21 |   command: service snmpd start
22 |   
23 | - name: Set SNMP service to start automatically
24 |   command: update-rc.d snmpd defaults


--------------------------------------------------------------------------------
/chap10-code/roles/snmp-config/templates/snmpd.conf:
--------------------------------------------------------------------------------
1 | rocommunity  {{ SNMP_COMMUNITY }}
2 | syslocation  {{ SYS_LOCATION }}
3 | syscontact  {{ SYS_CONTACT }}


--------------------------------------------------------------------------------
/chap2-code/chap2-ansible.txt:
--------------------------------------------------------------------------------
 1 | ## Playbook examples
 2 | 
 3 | ---
# Sample playbooks structure/syntax.

- hosts: dbservers
  remote_user: root
  become: true
  roles:
    - mysql-install
 4 | 
 5 | ---
# Sample simple playbooks structure/syntax 

- name: Install MySQL Playbook
  hosts: dbservers
  remote_user: root
  become: true
  tasks:
    - name: Install MySQL
      apt: name={{item}} state=present
      with_items:
       - libselinux-python
       - mysql
       - mysql-server
       - MySQL-python

    - name: Copying my.cnf configuration file
      template: src=cust_my.cnf dest=/etc/my.cnf mode=0755

    - name: Prep MySQL db
      command: chdir=/usr/bin mysql_install_db

    - name: Enable MySQL to be started at boot
      service: name=mysqld enabled=yes state=restarted

    - name: Prep MySQL db
      command: chdir=/usr/bin mysqladmin -u root password 'passwd'
 6 | 
 7 | 
 8 | ## Role examples
 9 | 
10 | ---
- name: Install MySQL
  apt: name={{item}} state=present
  with_items:
   - libselinux-python
   - mysql
   - mysql-server
   - MySQL-python

- name: Copying my.cnf configuration file
  template: src=cust_my.cnf dest=/etc/my.cnf mode=0755

- name: Prep MySQL db
  command: chdir=/usr/bin mysql_install_db

- name: Enable MySQL to be started at boot
  service: name=mysqld enabled=yes state=restarted

- name: Prep MySQL db
  command: chdir=/usr/bin mysqladmin -u root password 'passwd'
11 | 
12 | 
13 | ## Variable examples
14 | 
15 | - name: Copying my.cnf configuration file
16 |   template: src=cust_my.cnf dest={{ CONFIG_LOC }} mode=0755
17 | 
18 | ##
19 | 
20 | ---
21 | # Sample simple playbooks structure/syntax 
22 | 
23 | - name: Install MySQL Playbook
24 |   hosts: dbservers
25 | ...
26 |   vars:
27 |     CONFIG_LOC: /etc/my.cnf
28 | ...
29 | 
30 | ## Registering variables
31 | 
32 | - name: Check Keystone process
33 |   shell: ps -ef | grep keystone
34 |   register: keystone_check
35 | 
36 | ## Blocks
37 | 
38 | ---
# Sample simple playbooks structure/syntax 

- name: Install MySQL Playbook
  hosts: dbservers
  tasks:
    - block:
      - apt: name={{item}} state=present
        with_items:
          - libselinux-python
          - mysql
          - mysql-server
          - MySQL-python

      - template: src=cust_my.cnf dest=/etc/my.cnf mode=0755

      - command: chdir=/usr/bin mysql_install_db

      - service: name=mysqld enabled=yes state=restarted

      - command: chdir=/usr/bin mysqladmin -u root password 'passwd'
      
    when: ansible_distribution == 'Ubuntu'
    remote_user: root
    become: true


## Strategy
39 | 
40 | ---
# Sample simple playbooks structure/syntax 

- name: Install MySQL Playbook
  hosts: dbservers
  strategy: free
  tasks:
  ...
41 | 


--------------------------------------------------------------------------------
/chap3-code/base.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook used to demo OpenStack Juno user, role and project features. 
3 | 
4 | - hosts: util_container
5 |   remote_user: root
6 |   become: true
7 |   roles:
8 |     - create-users-env


--------------------------------------------------------------------------------
/chap3-code/create-users-env/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Install random password generator package
 4 |   apt: name={{item}} state=present
 5 |   with_items:
 6 |    - apg
 7 | 
 8 | - name: Random generate passwords
 9 |   command: apg -n {{ pass_cnt }} -M NCL -q
10 |   register: passwdss
11 | 
12 | - name: Create users
13 |   os_user:
14 |     cloud: "{{CLOUD_NAME}}"
15 |     state: present
16 |     name: "{{ item.0 }}"
17 |     password: "{{ item.1 }}"
18 |     domain: default
19 |   with_together:
20 |     - "{{userid}}"
21 |     - "{{passwdss.stdout_lines}}"
22 | 
23 | - name: Create user environments
24 |   os_project:
25 |     cloud: "{{CLOUD_NAME}}"
26 |     state: present
27 |     name: "{{ item }}"
28 |     description: "{{ item }}"
29 |     domain_id: default
30 |     enabled: True
31 |   with_items: "{{tenantid}}"
32 | 
33 | - name: Assign user to specified role in designated environment
34 |   os_user_role:
35 |     cloud: "{{CLOUD_NAME}}"
36 |     user: "{{ item.0 }}"
37 |     role: "{{ urole }}"
38 |     project: "{{ item.1 }}"
39 |   with_together: 
40 |     - "{{userid}}"
41 |     - "{{tenantid}}"
42 |     
43 | - name: User password assignment
44 |   debug: msg="User {{ item.0 }} was added to {{ item.2 }} project, with the assigned password of {{ item.1 }}"
45 |   with_together:
46 |     - userid
47 |     - passwdss.stdout_lines
48 |     - tenantid


--------------------------------------------------------------------------------
/chap3-code/create-users-env/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | pass_cnt: 10
3 | userid: [ 'mrkt-dev01', 'mrkt-dev02', 'mrkt-dev03', 'mrkt-dev04', 'mrkt-dev05', 'mrkt-dev06', 'mrkt-dev07', 'mrkt-dev08', 'mrkt-dev09', 'mrkt-dev10' ]
4 | tenantid: [ 'MRKT-Proj01', 'MRKT-Proj02', 'MRKT-Proj03', 'MRKT-Proj04', 'MRKT-Proj05', 'MRKT-Proj06', 'MRKT-Proj07', 'MRKT-Proj08', 'MRKT-Proj09', 'MRKT-Proj10' ]
5 | urole: _member_


--------------------------------------------------------------------------------
/chap3-code/group_vars/util_container:
--------------------------------------------------------------------------------
1 | # Here are variables related globally to the util_container host group
2 | 
3 | CLOUD_NAME: default
4 | 


--------------------------------------------------------------------------------
/chap3-code/hosts:
--------------------------------------------------------------------------------
1 | [localhost]
2 | localhost ansible_connection=local
3 | 
4 | [util_container]
5 | 172.29.236.224
6 | 


--------------------------------------------------------------------------------
/chap4-code/adjust-quotas/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | - name: Adjust tenant quotas
4 |   command: openstack --os-cloud="{{ CLOUD_NAME }}"
5 |            quota set "{{ item.1 }}" "{{ item.0 }}"
6 |   with_together:
7 |     - "{{qoptions}}"
8 |     - "{{tenantname}}"
9 | 


--------------------------------------------------------------------------------
/chap4-code/adjust-quotas/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | qoptions: [ '--cores=30', '--cores=30', '--cores=30', '--instances=20', '--instances=20', '--instances=20', '--instances=20', '--instances=20', '--instances=20', '--instances=20', '--cores=20' ]
3 | tenantname: [ 'MRKT-Proj01', 'MRKT-Proj02', 'MRKT-Proj03', 'MRKT-Proj04', 'MRKT-Proj05', 'MRKT-Proj06', 'MRKT-Proj07', 'MRKT-Proj08', 'MRKT-Proj09', 'MRKT-Proj10', 'MRKT-Proj10' ]


--------------------------------------------------------------------------------
/chap4-code/group_vars/util_container:
--------------------------------------------------------------------------------
1 | # Here are variables related globally to the util_container host group
2 | 
3 | CLOUD_NAME: default
4 | 


--------------------------------------------------------------------------------
/chap4-code/hosts:
--------------------------------------------------------------------------------
1 | [localhost]
2 | localhost ansible_connection=local
3 | 
4 | [util_container]
5 | 172.29.236.224
6 | 


--------------------------------------------------------------------------------
/chap4-code/quota-update.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook used to demo OpenStack Havanna user, role, image and volume features. 
3 | 
4 | - hosts: util_container
5 |   remote_user: root
6 |   become: true
7 |   roles:
8 |     - adjust-quotas


--------------------------------------------------------------------------------
/chap5-code/create-snapshot/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Retrieve project ID
 4 |   shell: openstack --os-cloud="{{ CLOUD_NAME }}"
 5 |          project list | awk '/ "{{tenantname}}" / { print $2 }'
 6 |   register: tenantid
 7 | 
 8 | - name: Retrieve instance id from project
 9 |   shell: openstack --os-cloud="{{ CLOUD_NAME }}"
10 |          server list --all-projects --project "{{ tenantid.stdout }}" | awk 'NR > 3 { print $2 }'
11 |   register: instid
12 | 
13 | - name: Create instance snapshot
14 |   command: openstack --os-cloud="{{ CLOUD_NAME }}" 
15 |            server image create --name="{{ tenantname }}"-snap-"{{ item }}" "{{ item }}" 
16 |   with_items: "{{instid.stdout_lines}}"
17 |   register: command_result
18 |   failed_when: "'_info' not in command_result.stderr"
19 | 


--------------------------------------------------------------------------------
/chap5-code/create-snapshot/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | tenantname: MRKT-Proj01
3 | 


--------------------------------------------------------------------------------
/chap5-code/group_vars/util_container:
--------------------------------------------------------------------------------
1 | # Here are variables related globally to the util_container host group
2 | 
3 | CLOUD_NAME: default 
4 | 


--------------------------------------------------------------------------------
/chap5-code/hosts:
--------------------------------------------------------------------------------
1 | [localhost]
2 | localhost ansible_connection=local
3 | 
4 | [util_container]
5 | 172.29.236.224
6 | 


--------------------------------------------------------------------------------
/chap5-code/snapshot-tenant.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook used to demo OpenStack Newton user, role, image and volume features. 
3 | 
4 | - hosts: util_container
5 |   remote_user: root
6 |   become: true
7 |   roles:
8 |     - create-snapshot


--------------------------------------------------------------------------------
/chap6-code/group_vars/util_container:
--------------------------------------------------------------------------------
 1 | # Here are variables related globally to the util_container host group
 2 | 
 3 | CLOUD_NAME: default
 4 | 
 5 | AUTH_S: --os-username {{ OS_USERNAME }} --os-password {{ OS_PASSWORD }} --os-project-name {{ OS_TENANT_NAME }} —-os-domain-name {{ OS_DOMAIN_NAME }} —-os-auth-url {{ OS_AUTH_URL }}
 6 | 
 7 | OS_USERNAME: admin
 8 | OS_PASSWORD: passwd
 9 | OS_TENANT_NAME: admin
10 | OS_DOMAIN_NAME: default
11 | OS_AUTH_URL: http://172.29.238.2:5000/v3
12 | 


--------------------------------------------------------------------------------
/chap6-code/hosts:
--------------------------------------------------------------------------------
1 | [localhost]
2 | localhost ansible_connection=local
3 | 
4 | [util_container]
5 | 172.29.236.85
6 | 


--------------------------------------------------------------------------------
/chap6-code/instance-migrate/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Retrieve hypervisor list
 4 |   shell: openstack --os-cloud="{{ CLOUD_NAME }}"
 5 |          hypervisor list | awk 'NR > 3' | awk '$4 != "{{ desthype }}" { print $4 }'
 6 |   register: hypelist
 7 | 
 8 | - name: Collect pre-migration instance details
 9 |   shell: openstack --os-cloud="{{ CLOUD_NAME }}" 
10 |          server list --name "{{ instance }}" --long | awk 'NR > 3' | awk '{ print $16 }'
11 |   register: preinststat
12 | 
13 | - name: Disable unselected hypervisors
14 |   command: nova "{{ AUTH_S }}" 
15 |            service-disable "{{ item }}" nova-compute --reason '{{ migreason }}'
16 |   with_items: "{{hypelist.stdout_lines}}"
17 |   
18 | - name: Migrate instance
19 |   command: openstack --os-cloud="{{ CLOUD_NAME }}" 
20 |            server migrate "{{ instance }}"
21 | 
22 | - name: Enable the disabled hypervisors
23 |   command: nova "{{ AUTH_S }}"
24 |            service-enable "{{ item }}" nova-compute
25 |   with_items: "{{hypelist.stdout_lines}}"
26 | 
27 | - name: Confirm instance migration
28 |   command: openstack --os-cloud="{{ CLOUD_NAME }}" 
29 |            server resize --confirm "{{ instance }}"
30 | 
31 | - name: Collect post-migration instance details
32 |   shell: openstack --os-cloud="{{ CLOUD_NAME }}" 
33 |          server list --name "{{ instance }}" --long | awk 'NR > 3' | awk '{ print $16 " and has a status of " $10 }' | awk 'NR == 1'
34 |   register: postinststat
35 |   
36 | - name: Show instance location and status
37 |   debug: msg="{{ instance }} was migrated from {{ item.0 }} to {{ item.1 }}"
38 |   with_together:
39 |     - "{{preinststat.stdout_lines}}"
40 |     - "{{postinststat.stdout_lines}}"


--------------------------------------------------------------------------------
/chap6-code/instance-migrate/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | desthype: 021579-compute02
3 | instance: testG-2c00131c-c2c7-4eae-aa90-981e54ca7b04
4 | migreason: "Migrating instance to new compute node"


--------------------------------------------------------------------------------
/chap6-code/migrate.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook used to migrate instance to specific compute node. 
3 | 
4 | - hosts: util_container
5 |   remote_user: root
6 |   become: true
7 |   roles:
8 |     - instance-migrate


--------------------------------------------------------------------------------
/chap7-code/ansible-coreos/base.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # This playbook deploys the ELK stack on CoreOS
 3 | 
 4 | - name: Bootstrap CoreOS
 5 |   hosts: coreos
 6 |   gather_facts: False
 7 |   roles:
 8 |     - defunctzombie.coreos-bootstrap
 9 | 
10 | - name: Deploy ELK Stack
11 |   hosts: coreos
12 |   remote_user: core
13 |   become: false
14 |   tasks:
15 |     - name: Start etcd
16 |       service: name=etcd.service state=started
17 |       become: true
18 | 
19 |     - name: Install docker-py
20 |       shell: /home/core/bin/pip install docker-py==1.9.0 docker-compose==1.8.0
21 | 
22 |     - name: Pull Elasticsearch container
23 |       docker_image: name=elasticsearch
24 | 
25 |     - name: Pull Kibana container
26 |       docker_image: name=kibana
27 |       
28 |     - name: Pull Logstash container
29 |       docker_image: name=logstash
30 | 
31 |     - name: Launch Elasticsearch container
32 |       docker_container:
33 |         name: elasticsearch-cont
34 |         image: elasticsearch
35 |         state: started
36 | 
37 |     - name: Launch Kibana container
38 |       docker_container:
39 |         name: kibana-cont
40 |         image: kibana
41 |         state: started
42 |         
43 |     - name: Launch Logstash container
44 |       docker_container:
45 |         name: logstash-cont
46 |         image: logstash
47 |         state: started
48 | 


--------------------------------------------------------------------------------
/chap7-code/ansible-coreos/hosts:
--------------------------------------------------------------------------------
1 | 
2 | [coreos]
3 | 162.209.96.54
4 | 
5 | [coreos:vars]
6 | ansible_ssh_user=core
7 | ansible_python_interpreter=/home/core/bin/python
8 | ansible_pip_interpreter=/home/core/bin/pip


--------------------------------------------------------------------------------
/chap7-code/ansible-coreos/roles/defunctzombie.coreos-bootstrap/.editorconfig:
--------------------------------------------------------------------------------
 1 | # EditorConfig is awesome: http://EditorConfig.org
 2 | 
 3 | # top-most EditorConfig file
 4 | root = true
 5 | 
 6 | # Unix-style newlines with a newline ending every file
 7 | [*]
 8 | end_of_line = lf
 9 | insert_final_newline = true
10 | indent_style = space
11 | indent_size = 2
12 | 


--------------------------------------------------------------------------------
/chap7-code/ansible-coreos/roles/defunctzombie.coreos-bootstrap/.travis.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | language: python
 3 | python: "2.7"
 4 | 
 5 | env:
 6 |   - SITE=test.yml
 7 | 
 8 | before_install:
 9 |   - sudo apt-get update -qq
10 |   - sudo apt-get install -y curl
11 | 
12 | install:
13 |   - pip install ansible
14 | 
15 |   # Add ansible.cfg to pick up roles path.
16 |   - "printf '[defaults]\nroles_path = ../' > ansible.cfg"
17 | 
18 | script:
19 |   - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
20 | 


--------------------------------------------------------------------------------
/chap7-code/ansible-coreos/roles/defunctzombie.coreos-bootstrap/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2014 Roman Shtylman
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/chap7-code/ansible-coreos/roles/defunctzombie.coreos-bootstrap/README.md:
--------------------------------------------------------------------------------
 1 | # coreos-bootstrap
 2 | 
 3 | In order to effectively run ansible, the target machine needs to have a python interpreter. Coreos machines are minimal and do not ship with any version of python. To get around this limitation we can install [pypy](http://pypy.org/), a lightweight python interpreter. The coreos-bootstrap role will install pypy for us and we will update our inventory file to use the installed python interpreter.
 4 | 
 5 | # install
 6 | 
 7 | ```
 8 | ansible-galaxy install defunctzombie.coreos-bootstrap
 9 | ```
10 | 
11 | # Configure your project
12 | 
13 | Unlike a typical role, you need to configure Ansible to use an alternative python interpreter for coreos hosts. This can be done by adding a `coreos` group to your inventory file and setting the group's vars to use the new python interpreter. This way, you can use ansible to manage CoreOS and non-CoreOS hosts. Simply put every host that has CoreOS into the `coreos` inventory group and it will automatically use the specified python interpreter.
14 | ```
15 | [coreos]
16 | host-01
17 | host-02
18 | 
19 | [coreos:vars]
20 | ansible_ssh_user=core
21 | ansible_python_interpreter=/home/core/bin/python
22 | ```
23 | 
24 | This will configure ansible to use the python interpreter at `/home/core/bin/python` which will be created by the coreos-bootstrap role.
25 | 
26 | ## Bootstrap Playbook
27 | 
28 | Now you can simply add the following to your playbook file and include it in your `site.yml` so that it runs on all hosts in the coreos group.
29 | 
30 | ```yaml
31 | - hosts: coreos
32 |   gather_facts: False
33 |   roles:
34 |     - defunctzombie.coreos-bootstrap
35 | ```
36 | 
37 | Make sure that `gather_facts` is set to false, otherwise ansible will try to first gather system facts using python which is not yet installed!
38 | 
39 | ## Example Playbook
40 | 
41 | After bootstrap, you can use ansible as usual to manage system services, install python modules (via pip), and run containers. Below is a basic example that starts the `etcd` service, installs the `docker-py` module and then uses the ansible `docker` module to pull and start a basic nginx container.
42 | 
43 | ```yaml
44 | - name: Nginx Example
45 |   hosts: web
46 |   sudo: true
47 |   tasks:
48 |     - name: Start etcd
49 |       service: name=etcd.service state=started
50 | 
51 |     - name: Install docker-py
52 |       pip: name=docker-py
53 | 
54 |     - name: pull container
55 |       raw: docker pull nginx:1.7.1
56 | 
57 |     - name: launch nginx container
58 |       docker:
59 |         image="nginx:1.7.1"
60 |         name="example-nginx"
61 |         ports="8080:80"
62 |         state=running
63 | ```
64 | 
65 | # License
66 | MIT
67 | 


--------------------------------------------------------------------------------
/chap7-code/ansible-coreos/roles/defunctzombie.coreos-bootstrap/files/bootstrap.sh:
--------------------------------------------------------------------------------
 1 | #/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | cd
 6 | 
 7 | if [[ -e $HOME/.bootstrapped ]]; then
 8 |   exit 0
 9 | fi
10 | 
11 | PYPY_VERSION=5.1.0
12 | 
13 | if [[ -e $HOME/pypy-$PYPY_VERSION-linux64.tar.bz2 ]]; then
14 |   tar -xjf $HOME/pypy-$PYPY_VERSION-linux64.tar.bz2
15 |   rm -rf $HOME/pypy-$PYPY_VERSION-linux64.tar.bz2
16 | else
17 |   wget -O - https://bitbucket.org/pypy/pypy/downloads/pypy-$PYPY_VERSION-linux64.tar.bz2 |tar -xjf -
18 | fi
19 | 
20 | mv -n pypy-$PYPY_VERSION-linux64 pypy
21 | 
22 | ## library fixup
23 | mkdir -p pypy/lib
24 | ln -snf /lib64/libncurses.so.5.9 $HOME/pypy/lib/libtinfo.so.5
25 | 
26 | mkdir -p $HOME/bin
27 | 
28 | cat > $HOME/bin/python <<EOF
29 | #!/bin/bash
30 | LD_LIBRARY_PATH=$HOME/pypy/lib:$LD_LIBRARY_PATH exec $HOME/pypy/bin/pypy "\$@"
31 | EOF
32 | 
33 | chmod +x $HOME/bin/python
34 | $HOME/bin/python --version
35 | 
36 | touch $HOME/.bootstrapped
37 | 


--------------------------------------------------------------------------------
/chap7-code/ansible-coreos/roles/defunctzombie.coreos-bootstrap/files/runner:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | LD_LIBRARY_PATH=$HOME/pypy/lib:$LD_LIBRARY_PATH $HOME/pypy/bin/$(basename $0) $@
3 | 


--------------------------------------------------------------------------------
/chap7-code/ansible-coreos/roles/defunctzombie.coreos-bootstrap/meta/.galaxy_install_info:
--------------------------------------------------------------------------------
1 | {install_date: 'Tue Dec 13 17:42:43 2016', version: master}
2 | 


--------------------------------------------------------------------------------
/chap7-code/ansible-coreos/roles/defunctzombie.coreos-bootstrap/meta/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | dependencies: []
 3 | 
 4 | galaxy_info:
 5 |   author: defunctzombie
 6 |   description: "bootstrap coreos hosts to run ansible"
 7 |   license: "MIT"
 8 |   min_ansible_version: 1.4
 9 |   categories:
10 |     - system
11 | 


--------------------------------------------------------------------------------
/chap7-code/ansible-coreos/roles/defunctzombie.coreos-bootstrap/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | - name: Check if bootstrap is needed
 2 |   raw: stat $HOME/.bootstrapped
 3 |   register: need_bootstrap
 4 |   ignore_errors: True
 5 | 
 6 | - name: Run bootstrap.sh
 7 |   script: bootstrap.sh
 8 |   when: need_bootstrap | failed
 9 | 
10 | - name: Check if we need to install pip
11 |   shell: "{{ansible_python_interpreter}} -m pip --version"
12 |   register: need_pip
13 |   ignore_errors: True
14 |   changed_when: false
15 |   when: need_bootstrap | failed
16 | 
17 | - name: Copy get-pip.py
18 |   copy: src=get-pip.py dest=~/get-pip.py
19 |   when: need_pip | failed
20 | 
21 | - name: Install pip
22 |   shell: "{{ansible_python_interpreter}} ~/get-pip.py"
23 |   when: need_pip | failed
24 | 
25 | - name: Remove get-pip.py
26 |   file: path=~/get-pip.py state=absent
27 |   when: need_pip | failed
28 | 
29 | - name: Install pip launcher
30 |   copy: src=runner dest=~/bin/pip mode=0755
31 |   when: need_pip | failed
32 | 


--------------------------------------------------------------------------------
/chap7-code/ansible-coreos/roles/defunctzombie.coreos-bootstrap/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: all
3 |   roles:
4 |     - coreos-bootstrap
5 | 


--------------------------------------------------------------------------------
/chap8-code/config-admin-region/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Create users
 4 |   os_user:
 5 |     cloud: "{{CLOUD_NAME}}"
 6 |     state: present
 7 |     name: "{{ item.0 }}"
 8 |     password: "{{ item.1 }}"
 9 |     default_project: "{{ servicesproject }}"
10 |     domain: default
11 |   with_together:
12 |     - "{{userid}}"
13 |     - "{{passwdss}}"
14 | 
15 | - name: Assign user to specified role in designated environment
16 |   os_user_role:
17 |     cloud: "{{CLOUD_NAME}}"
18 |     user: "{{ item.0 }}"
19 |     role: "{{ urole }}"
20 |     project: "{{ servicesproject }}"
21 |   with_together: 
22 |     - "{{userid}}"
23 |     
24 | - name: Register the new services on the Admin region
25 |   shell: openstack --os-cloud="{{ CLOUD_NAME }}"
26 |          service create --name "{{ item.0 }}" --description "{{ item.1 }}" "{{ servicetype }}"
27 |   with_together:
28 |     - "{{userid}}"
29 |     - "{{descrip}}"
30 | 


--------------------------------------------------------------------------------
/chap8-code/config-admin-region/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | userid: [ 'glance', 'nova', 'neutron', 'heat' ]
3 | passwdss: [ 'passwd', 'passwd', 'passwd', 'passwd' ]
4 | descrip: [ 'Glance Image Service', 'Nova Compute Service', 'Neutron Network Service', 'Heat Orchestration Service' ]
5 | servicetype: [ 'image', 'compute', 'network', 'orchestration' ]
6 | 
7 | servicesproject: service
8 | urole: admin
9 | 


--------------------------------------------------------------------------------
/chap8-code/config-admin.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook used to demo OpenStack Juno user, role and project features. 
3 | 
4 | - hosts: util_container
5 |   remote_user: root
6 |   become: true
7 |   roles:
8 |     - config-admin-region


--------------------------------------------------------------------------------
/chap8-code/configure-region-authentication.txt:
--------------------------------------------------------------------------------
 1 | # The next set of steps will be to configure each OpenStack service on that region to authenticate against the Admin Region identity service, instead of the local regions identity service.  Please be patient as this part is tedious and requires focused attention.
 2 | 
 3 | #Each OpenStack service is located in a separate LXC container.  You will be tasked with connecting to each container and making conf file updates to adjust the URL it will use to authenticate against.  After each conf file is updated, the corresponding OpenStack service will need to be restarted.
 4 | 
 5 | #Highly recommended that you do a find and replace for the following phrase “<admin region IP>” with the IP address of your admin region.
 6 | 
 7 | # Change into OSA playbooks directory
 8 | cd /opt/openstack-ansible/playbooks
 9 | 
10 | ## Glance
11 | 
12 | ansible glance_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357+auth_url = http://<admin region IP>:35357+' /etc/glance/glance-api.conf"
13 | ansible glance_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357+auth_url = http://<admin region IP>:35357+' /etc/glance/glance-registry.conf"
14 | 
15 | ansible glance_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:5000/v3+auth_url = http://<admin region IP>:5000/v3+' /etc/glance/glance-cache.conf"
16 | 
17 | ansible glance_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000+auth_uri = http://<admin region IP>:5000+' /etc/glance/glance-api.conf"
18 | ansible glance_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000+auth_uri = http://<admin region IP>:5000+' /etc/glance/glance-registry.conf"
19 | 
20 | ansible glance_container -m shell -a "service glance-api restart"
21 | ansible glance_container -m shell -a "service glance-registry restart"
22 | 
23 | ## Nova
24 | ansible nova_api_metadata_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357/v3+auth_url = http://<admin region IP>:35357/v3+' /etc/nova/nova.conf"
25 | ansible nova_api_os_compute_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357/v3+auth_url = http://<admin region IP>:35357/v3+' /etc/nova/nova.conf"
26 | ansible nova_cert_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357/v3+auth_url = http://<admin region IP>:35357/v3+' /etc/nova/nova.conf"
27 | ansible nova_conductor_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357/v3+auth_url = http://<admin region IP>:35357/v3+' /etc/nova/nova.conf"
28 | ansible nova_console_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357/v3+auth_url = http://<admin region IP>:35357/v3+' /etc/nova/nova.conf"
29 | ansible nova_scheduler_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357/v3+auth_url = http://<admin region IP>:35357/v3+' /etc/nova/nova.conf"
30 | ansible compute_hosts -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357/v3+auth_url = http://<admin region IP>:35357/v3+' /etc/nova/nova.conf"
31 | 
32 | ansible nova_api_metadata_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357+auth_url = http://<admin region IP>:35357+' /etc/nova/nova.conf"
33 | ansible nova_api_os_compute_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357+auth_url = http://<admin region IP>:35357+' /etc/nova/nova.conf"
34 | ansible nova_cert_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357+auth_url = http://<admin region IP>:35357+' /etc/nova/nova.conf"
35 | ansible nova_conductor_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357+auth_url = http://<admin region IP>:35357+' /etc/nova/nova.conf"
36 | ansible nova_console_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357+auth_url = http://<admin region IP>:35357+' /etc/nova/nova.conf"
37 | ansible nova_scheduler_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357+auth_url = http://<admin region IP>:35357+' /etc/nova/nova.conf"
38 | ansible compute_hosts -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357+auth_url = http://<admin region IP>:35357+' /etc/nova/nova.conf"
39 | 
40 | ansible nova_api_metadata_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000+auth_uri = http://<admin region IP>:5000+' /etc/nova/nova.conf"
41 | ansible nova_api_os_compute_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000+auth_uri = http://<admin region IP>:5000+' /etc/nova/nova.conf"
42 | ansible nova_cert_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000+auth_uri = http://<admin region IP>:5000+' /etc/nova/nova.conf"
43 | ansible nova_conductor_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000+auth_uri = http://<admin region IP>:5000+' /etc/nova/nova.conf"
44 | ansible nova_console_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000+auth_uri = http://<admin region IP>:5000+' /etc/nova/nova.conf"
45 | ansible nova_scheduler_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000+auth_uri = http://<admin region IP>:5000+' /etc/nova/nova.conf"
46 | ansible compute_hosts -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000+auth_uri = http://<admin region IP>:5000+' /etc/nova/nova.conf"
47 | 
48 | ansible nova_api_metadata_container -m shell -a "service nova-api-metadata restart"
49 | ansible nova_api_os_compute_container -m shell -a "service nova-api-os-compute restart"
50 | ansible nova_cert_container -m shell -a "service nova-cert restart"
51 | ansible nova_conductor_container -m shell -a "service nova-conductor restart"
52 | ansible nova_console_container -m shell -a "service nova-consoleauth restart"
53 | ansible nova_console_container -m shell -a "service nova-spicehtml5proxy restart"
54 | ansible nova_scheduler_container -m shell -a "service nova-scheduler restart"
55 | ansible compute_hosts -m shell -a "service nova-compute restart"
56 | 
57 | ## Neutron
58 | ansible neutron_server_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357+auth_url = http://<admin region IP>:35357+' /etc/neutron/neutron.conf"
59 | ansible neutron_server_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000+auth_uri = http://<admin region IP>:5000+' /etc/neutron/neutron.conf"
60 | 
61 | ansible neutron_server_container -m shell -a "service neutron-server restart"
62 | 
63 | ## Heat
64 | ansible heat_apis_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000+auth_uri = http://<admin region IP>:5000+' /etc/heat/heat.conf"
65 | ansible heat_apis_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000/v3+auth_uri = http://<admin region IP>:5000/v3+' /etc/heat/heat.conf"
66 | ansible heat_apis_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357+auth_url = http://<admin region IP>:35357+' /etc/heat/heat.conf"
67 | 
68 | ansible heat_engine_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000+auth_uri = http://<admin region IP>:5000+' /etc/heat/heat.conf"
69 | ansible heat_engine_container -m shell -a "sed -i 's+^auth_uri = http://172.30.238.2:5000/v3+auth_uri = http://<admin region IP>:5000/v3+' /etc/heat/heat.conf"
70 | ansible heat_engine_container -m shell -a "sed -i 's+^auth_url = http://172.30.238.2:35357+auth_url = http://<admin region IP>:35357+' /etc/heat/heat.conf"
71 | 
72 | ansible heat_apis_container -m shell -a "service heat-api restart"
73 | ansible heat_engine_container -m shell -a "service heat-engine restart"
74 | 
75 | 
76 | 


--------------------------------------------------------------------------------
/chap8-code/group_vars/util_container:
--------------------------------------------------------------------------------
1 | # Here are variables related globally to the util_container host group
2 | 
3 | CLOUD_NAME: default
4 | 


--------------------------------------------------------------------------------
/chap8-code/hosts:
--------------------------------------------------------------------------------
1 | [localhost]
2 | localhost ansible_connection=local
3 | 
4 | [util_container]
5 | 172.29.236.224
6 | 


--------------------------------------------------------------------------------
/chap8-code/register-endpoints.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook used to demo OpenStack Juno user, role and project features. 
3 | 
4 | - hosts: util_container
5 |   remote_user: root
6 |   become: true
7 |   roles:
8 |     - register-endpoints


--------------------------------------------------------------------------------
/chap8-code/register-endpoints/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Register the region service endpoints on the Admin region
 4 |   shell: openstack --os-cloud="{{ CLOUD_NAME }}"
 5 |          service endpoint create --region "{{ item.1 }}" "{{ item.0 }}" "{{ item.2 }}" "{{ item.3 }}"
 6 |   with_together:
 7 |     - "{{endpointname}}"
 8 |     - "{{regionname}}"
 9 |     - "{{endpointtype}}"
10 |     - "{{endpointurl}}"


--------------------------------------------------------------------------------
/chap8-code/register-endpoints/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | endpointname: [ 'glance', 'nova', 'neutron', 'heat' ] 
3 | regionname: alpha
4 | endpointtype: internal
5 | endpointurl: [ 'http://<alpha region IP>:9292', 'http://<alpha region IP>:8774/v2.1/%\(tenant_id\)s', 'http://<alpha region IP>:9696', 'http://<alpha region IP>:8004/v1/%\(tenant_id\)s' ]
6 | 


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/group_vars/galera_container:
--------------------------------------------------------------------------------
1 | # Here are variables related globally to the galera_container host group
2 | 
3 | MYSQLPASS: passwd
4 | COMPANY: Rackspace RPC
5 | REPORT_DIR: /usr/share/os-report
6 | REPORT_DEST: /usr/share/


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/group_vars/util_container:
--------------------------------------------------------------------------------
1 | # Here are variables related globally to the util_container host group
2 | 
3 | CLOUD_NAME: default
4 | 
5 | REPORT_DIR: /usr/share/os-report
6 | REPORT_DEST: /usr/share/
7 | RPTSTART: 2016-10-01
8 | RPTEND: 2016-11-01


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/hosts:
--------------------------------------------------------------------------------
1 | [localhost]
2 | localhost ansible_connection=local
3 | 
4 | [util_container]
5 | 172.29.238.245
6 | 
7 | [galera_container]
8 | 172.29.238.248
9 | 


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/inventory.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # This playbook used to run a cloud resource inventory report. 
 3 | 
 4 | - hosts: galera_container
 5 |   remote_user: root
 6 |   become: true
 7 |   roles:
 8 |     - cloud-inventory
 9 |     
10 | - hosts: util_container
11 |   remote_user: root
12 |   become: true
13 |   roles:
14 |     - cloud-usage
15 | 
16 | - hosts: galera_container
17 |   remote_user: root
18 |   become: true
19 |   roles:
20 |     - user-inventory
21 |     - project-inventory
22 |     - network-inventory
23 |     - volume-inventory


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/roles/cloud-inventory/files/cloud_report.sql:
--------------------------------------------------------------------------------
 1 | USE keystone;
 2 | SELECT count(*) as total_users from user WHERE user.enabled=1;
 3 | SELECT count(*) as total_projects from project WHERE project.enabled=1;
 4 | USE cinder;
 5 | SELECT count(*) as total_volumes, SUM(volumes.size) as total_volume_usage_GB from volumes
 6 | WHERE volumes.status='available';
 7 | USE neutron;
 8 | SELECT count(*) as total_networks from networks WHERE networks.status='ACTIVE';
 9 | USE nova;
10 | SELECT SUM(instances.vcpus) as total_vCPU, SUM(instances.memory_mb) as total_memory_MB, SUM(instances.root_gb) as total_disk_GB from instances
11 | WHERE instances.vm_state='active';


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/roles/cloud-inventory/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Create working directory
 3 |   file: path="{{ REPORT_DIR }}" state=directory
 4 |   ignore_errors: yes
 5 | 
 6 | - name: Copy the cloud_report script
 7 |   copy: src=cloud_report.sql dest=/usr/share mode=0755
 8 | 
 9 | - name: Add report header
10 |   shell: ( echo "+------------------------------------+"; echo "| {{ COMPANY }} Cloud Report         |"; echo "| Created at {{ lookup('pipe', 'date +%Y-%m-%d%t%X') }}  |"; echo "+------------------------------------+"; ) >> {{ REPORT_DIR }}/os_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log 
11 | 
12 | - name: Execute cloud report
13 |   shell: chdir=/usr/bin mysql -u root --password={{ MYSQLPASS }} --table < /usr/share/cloud_report.sql >> {{ REPORT_DIR }}/os_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/roles/cloud-usage/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Create working directory
 3 |   file: path="{{ REPORT_DIR }}" state=directory
 4 |   ignore_errors: yes
 5 |   
 6 | - name: Retrieve projectIDs
 7 |   shell: openstack --os-cloud="{{ CLOUD_NAME }}"
 8 |          project list | awk 'NR > 3 { print $2 }'
 9 |   register: tenantid
10 | 
11 | - name: Add report header
12 |   shell: ( echo "+------------------------------------+"; echo "| Project Usage Report                |"; echo "| Created at {{ lookup('pipe', 'date +%Y-%m-%d%t%X') }}  |"; echo "+------------------------------------+"; echo " "; ) >> {{ REPORT_DIR }}/os_usage_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log 
13 | 
14 | - name: Record project usage
15 |   shell: ( echo "Project - {{ item }}" && openstack --os-cloud="{{ CLOUD_NAME }}"
16 |          usage show --start {{ RPTSTART }} --end {{ RPTEND }} --project {{ item }} && echo " " ) >> {{ REPORT_DIR }}/os_usage_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log
17 |   with_items: "{{ tenantid.stdout_lines }}"
18 | 
19 | - name: Retrieve project usage report file
20 |   fetch: src={{ REPORT_DIR }}/os_usage_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log dest={{ REPORT_DEST }} flat=yes
21 | 


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/roles/network-inventory/files/network_report.sql:
--------------------------------------------------------------------------------
1 | USE neutron;
2 | SELECT networks.id, networks.name, subnets.name as subnet, subnets.cidr, networks.status, keystone.project.name as tenant from networks
3 | INNER JOIN keystone.project ON networks.project_id COLLATE utf8_unicode_ci = keystone.project.id 
4 | INNER JOIN subnets ON networks.id=subnets.network_id
5 | ORDER BY tenant;


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/roles/network-inventory/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Create working directory
 3 |   file: path={{ REPORT_DIR }} state=directory
 4 |   ignore_errors: yes
 5 | 
 6 | - name: Copy the network_report script
 7 |   copy: src=network_report.sql dest=/usr/share mode=0755
 8 | 
 9 | - name: Add report header
10 |   shell: ( echo "+-------------------------+"; echo "| Cloud Network Report    |"; echo "+-------------------------+"; ) >> {{ REPORT_DIR }}/os_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log 
11 |   
12 | - name: Execute network report
13 |   shell: chdir=/usr/bin mysql -u root --password={{ MYSQLPASS }} --table < /usr/share/network_report.sql >> {{ REPORT_DIR }}/os_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/roles/project-inventory/files/project_report.sql:
--------------------------------------------------------------------------------
1 | USE nova;
2 | SELECT SUM(instances.vcpus) as vCPU, SUM(instances.memory_mb) as memory_MB, SUM(instances.root_gb) as disk_GB, keystone.project.name as tenant from instances
3 | INNER JOIN keystone.project ON
4 | instances.project_id=keystone.project.id 
5 | WHERE instances.vm_state='active' GROUP BY tenant;


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/roles/project-inventory/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Create working directory
 3 |   file: path={{ REPORT_DIR }} state=directory
 4 |   ignore_errors: yes
 5 | 
 6 | - name: Copy the tenant_report script
 7 |   copy: src=project_report.sql dest=/usr/share mode=0755
 8 |   
 9 | - name: Add report header
10 |   shell: ( echo "+-------------------------+"; echo "| Cloud Project Report     |"; echo "+-------------------------+"; ) >> {{ REPORT_DIR }}/os_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log 
11 | 
12 | - name: Execute tenant report
13 |   shell: chdir=/usr/bin mysql -u root --password={{ MYSQLPASS }} --table < /usr/share/project_report.sql >> {{ REPORT_DIR }}/os_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/roles/user-inventory/files/user_report.sql:
--------------------------------------------------------------------------------
1 | USE keystone;
2 | SELECT local_user.user_id, local_user.name as username, role.name as role, project.name as tenant from local_user 
3 | INNER JOIN assignment ON 
4 | local_user.user_id=assignment.actor_id INNER JOIN 
5 | role ON assignment.role_id=role.id INNER JOIN
6 | project ON assignment.target_id=project.id
7 | ORDER BY tenant;


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/roles/user-inventory/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Create working directory
 3 |   file: path={{ REPORT_DIR }} state=directory
 4 |   ignore_errors: yes
 5 | 
 6 | - name: Copy the user_report script
 7 |   copy: src=user_report.sql dest=/usr/share mode=0755
 8 |  
 9 | - name: Add report header
10 |   shell: ( echo "+------------------------+"; echo "| Cloud User Report      |"; echo "+------------------------+"; ) >> {{ REPORT_DIR }}/os_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log 
11 | 
12 | - name: Execute user report
13 |   shell: chdir=/usr/bin mysql -u root --password={{ MYSQLPASS }} --table < /usr/share/user_report.sql >> {{ REPORT_DIR }}/os_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/roles/volume-inventory/files/volume_report.sql:
--------------------------------------------------------------------------------
 1 | USE cinder;
 2 | SELECT volumes.id, volumes.display_name as volume_name, volumes.size as size_GB, volume_types.name as volume_type, keystone.project.name as tenant from volumes
 3 | INNER JOIN keystone.project ON volumes.project_id=keystone.project.id 
 4 | INNER JOIN volume_types ON volumes.volume_type_id=volume_types.id
 5 | WHERE volumes.status='available' 
 6 | ORDER BY tenant;
 7 | SELECT SUM(volumes.size) as volume_usage_GB, keystone.project.name as tenant from volumes
 8 | INNER JOIN keystone.project ON volumes.project_id=keystone.project.id
 9 | WHERE volumes.status='available' 
10 | GROUP BY tenant;
11 | SELECT volume_types.name as volume_type, SUM(volumes.size) as volume_usage_GB from volumes
12 | INNER JOIN volume_types ON volumes.volume_type_id=volume_types.id
13 | WHERE volumes.status='available' 
14 | GROUP BY volume_type;


--------------------------------------------------------------------------------
/chap9-code/cloud-inventory/roles/volume-inventory/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Create working directory
 3 |   file: path={{ REPORT_DIR }} state=directory
 4 |   ignore_errors: yes
 5 | 
 6 | - name: Copy the volume_report script
 7 |   copy: src=volume_report.sql dest=/usr/share mode=0755
 8 |   
 9 | - name: Add report header
10 |   shell: ( echo "+--------------------------+"; echo "| Cloud Volume Report      |"; echo "+--------------------------+"; ) >> {{ REPORT_DIR }}/os_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log 
11 | 
12 | - name: Execute volume report
13 |   shell: chdir=/usr/bin mysql -u root --password={{ MYSQLPASS }} --table < /usr/share/volume_report.sql >> {{ REPORT_DIR }}/os_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log
14 |   
15 | - name: Retrieve completed cloud report file
16 |   fetch: src={{ REPORT_DIR }}/os_report_{{ lookup('pipe', 'date +%Y%m%d') }}.log dest={{ REPORT_DEST }} flat=yes


--------------------------------------------------------------------------------