Add IPAM check record

2019-03-31 10:57:45 +02:00 · 2019-03-31 10:57:45 +02:00 · 648c96f4da
parent b10909dd09
commit 648c96f4da
3 changed files with 95 additions and 31 deletions
--- a/recipe_gentoo.sh
+++ b/recipe_gentoo.sh
@ -3,14 +3,15 @@
 # Recipe script for a Gentoo system to check basic configuration

 # Define colors
-RED='\033[1;31m'
-BLUE='\033[1;34m'
-GREEN='\033[1;32m'
-NC='\033[0m' # No Color
+export RED='\033[1;31m'
+export BLUE='\033[1;34m'
+export GREEN='\033[1;32m'
+# No Color
+export NC='\033[0m' 

-REQUIREMENTS="GREP ECHO EMERGE NSLOOKUP IP HOSTNAME AWK SED CUT TR PING"
+REQUIREMENTS="CURL GREP ECHO EMERGE NSLOOKUP IP HOSTNAME AWK SED CUT TR PING JQ CURL"

-. vars.sh
+source vars.sh

 # Check requirements
 for requirement in $REQUIREMENTS
@ -36,29 +37,30 @@ fi


 # Print packages not installed or with error at end script
-PACKAGES_TO_CHECK=""
-RESOLV_FAILED=""
-RESOLVER_NOT_IN_ETC_RESOLVCONF=""
-IP_NOT_RECORDED_IN_DNS=""
-PING_FAILED=""
+export PACKAGES_TO_CHECK=""
+export RESOLV_FAILED=""
+export RESOLVER_NOT_IN_ETC_RESOLVCONF=""
+export IP_NOT_RECORDED_IN_DNS=""
+export PING_FAILED=""

 # Get ALL locales IPs except loopback
-LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }')
+export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq)

-BOOL_ADMIN_IPV4_NOT_CONFIGURED=0
-BOOL_ADMIN_IPV6_NOT_CONFIGURED=0
+export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0
+export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0

 # Print services not started or with error at end script
-SERVICES_NOT_STARTED_OR_ERROR=""
+export SERVICES_NOT_STARTED_OR_ERROR=""

 # Print message at end script if hostname *.grif or *.grifon.fr not configured  
-BOOL_CHECK_HOSTNAME=0
+export BOOL_CHECK_HOSTNAME=0

-SSH_CONFIG_CHECK_FAILED=""
-NRPE_CONFIG_CHECK_FAILED=""
-MUNIN_CONFIG_CHECK_FAILED=""
-MAIL_ALIAS_CONFIG_CHECK_FAILED=""
-SNMP_CONFIG_CHECK_FAILED=""
+export SSH_CONFIG_CHECK_FAILED=""
+export NRPE_CONFIG_CHECK_FAILED=""
+export MUNIN_CONFIG_CHECK_FAILED=""
+export MAIL_ALIAS_CONFIG_CHECK_FAILED=""
+export SNMP_CONFIG_CHECK_FAILED=""
+export IPAM_CONFIG_CHECK_FAILED=""

 usage() {
 	printf "Usage: ./recipe_gentoo.sh [--physical]\n"
@ -94,28 +96,30 @@ echo -e "-------------------------------------------------\n"

 # Voir pour mettre ./ à la place de .

-. recipes/recipe_check_packages.sh
+#. recipes/recipe_check_packages.sh

-. recipes/recipe_check_hostname.sh
+#. recipes/recipe_check_hostname.sh

-. recipes/recipe_check_dns_config.sh
+#. recipes/recipe_check_dns_config.sh

-. recipes/recipe_check_ping.sh
+#. recipes/recipe_check_ping.sh

-. recipes/recipe_check_ip_admin.sh
+#. recipes/recipe_check_ip_admin.sh

-. recipes/recipe_check_services.sh
+#. recipes/recipe_check_services.sh

-. recipes/recipe_check_ssh_config.sh
+#. recipes/recipe_check_ssh_config.sh

-. recipes/recipe_check_nrpe_config.sh
+#. recipes/recipe_check_nrpe_config.sh

-. recipes/recipe_check_munin_config.sh
+#. recipes/recipe_check_munin_config.sh

-. recipes/recipe_check_snmp_config.sh
+#. recipes/recipe_check_snmp_config.sh

 . recipes/recipe_check_mail_alias_config.sh

+. recipes/recipe_check_ipam_config.sh
+
 . recipes/recipe_final_summary.sh

 exit 0
--- a/recipes/recipe_check_ipam_config.sh
+++ b/recipes/recipe_check_ipam_config.sh
@ -0,0 +1,53 @@
+echo "-------------------------------------------------"
+echo -e "---------------- ${BLUE}CHECK IPAM CONFIG${NC} --------------"
+echo -e "-------------------------------------------------\n"
+
+RES_AUTHENT=$(${CURL} -k -X POST --user ${USER_IPAM}:${PASSWORD_IPAM} ${URL}/user/ 2>/dev/null)
+CODE_RETOUR_RES_AUTHENT=$(echo ${RES_AUTHENT} | jq '.code')
+TOKEN=$(echo ${RES_AUTHENT} | jq -r '.data.token')
+
+# Check if IPAM API request succeded
+# If IPAM API connection FAILED
+if [ ${CODE_RETOUR_RES_AUTHENT} != 200 ] || [ ! -n "${TOKEN}" ]; then
+	echo -e "${RED}Connection to IPAM API FAILED or empty TOKEN : check KO${NC}\n"
+	
+# If IPAM API connection SUCCEDED
+else
+
+	# Get list of IP to check
+	# WARNING, if one of variable is empty, ALL IP may be checked (but we just want to check our public ranges and admin IPs)
+	IPS_TO_CHECK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq | grep -e "^${IPV4_ADMIN_NETWORK}" -e "^${IPV6_ADMIN_NETWORK}" -e "^${RANGE_IPV4_1_NETWORK}" -e "^${RANGE_IPV4_2_NETWORK}" -e "^${RANGE_IPV6_NETWORK}" )
+
+	# Return Code
+	RC=$?
+	
+	# If no IP to check found
+	if [ $RC -ne 0 ]
+	then
+		IPAM_CONFIG_CHECK_FAILED="${IPAM_CONFIG_CHECK_FAILED} No IP to check in IPAM, check the IP configuration"
+		echo -e "${RED}NO IP to check in IPAM : check KO${NC}\n"
+	else
+		
+		# Check if all found IP are recorded in IPAM
+		for ip_to_check in ${IPS_TO_CHECK}
+		do
+			echo -e "Check if ${BLUE}${ip_to_check}${NC} is recorded in IPAM"
+			
+			# Request one IP
+			REQUEST_ONE_IP=$(curl -k --header "Content-type: application/x-www-form-urlencoded" --header "token: ${TOKEN}" -X GET "${URL}/addresses/search/fd00:1e02:40::1/" 2>/dev/null | jq -r .data[].ip &>/dev/null)
+			
+			# Return Code
+			RC=$?
+			
+			# If IP not found in IPAM
+			if [ $RC -ne 0 ]
+			then
+				IPAM_CONFIG_CHECK_FAILED="${IPAM_CONFIG_CHECK_FAILED} ${ip_to_check} NOT FOUND in IPAM or problem with API connection ;"
+				echo -e "${RED}${ip_to_check} NOT FOUND in IPAM or problem with API connection : check KO${NC}\n"
+			# If IP found in IPAM
+			else
+				echo -e "${GREEN}${ip_to_check}FOUND in IPAM : check OK${NC}\n"
+			fi
+		done		
+	fi
+fi
--- a/recipes/recipe_final_summary.sh
+++ b/recipes/recipe_final_summary.sh
@ -5,10 +5,13 @@ echo -e "-------------------------------------------------\n"
 [ ! -z "${PACKAGES_TO_CHECK}" ] && echo -e "${RED}PACKAGE(S) TO CHECK :${NC} ${PACKAGES_TO_CHECK}\n";

 [ ${BOOL_CHECK_HOSTNAME} -ne 0 ] && echo -e "${RED}HOSTNAME TO CHECK :${NC} check in /etc/conf.d/hostname\n"
+#if [ ! ${BOOL_CHECK_HOSTNAME} ]; then echo -e "${RED}HOSTNAME TO CHECK :${NC} check in /etc/conf.d/hostname\n";fi

 [ ${BOOL_ADMIN_IPV4_NOT_CONFIGURED} -ne 0 ] && echo -e "${RED}NO IPv4 ADMIN :${NC} add IPv4 for ADMIN LAN\n"
+#[ ! ${BOOL_ADMIN_IPV4_NOT_CONFIGURED} ] && echo -e "${RED}NO IPv4 ADMIN :${NC} add IPv4 for ADMIN LAN\n"

 [ ${BOOL_ADMIN_IPV6_NOT_CONFIGURED} -ne 0 ] && echo -e "${RED}NO IPv6 ADMIN :${NC} add IPv6 for ADMIN LAN\n"
+#[ ! ${BOOL_ADMIN_IPV6_NOT_CONFIGURED} ] && echo -e "${RED}NO IPv6 ADMIN :${NC} add IPv6 for ADMIN LAN\n"

 [ ! -z "${RESOLV_FAILED}" ] && echo -e "${RED}RESOLVE TO CHECK (UNABLE TO RESOLVE) :${NC} ${RESOLV_FAILED}\n"

@ -26,4 +29,8 @@ echo -e "-------------------------------------------------\n"

 [ ! -z "${MUNIN_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}MUNIN CONFIG TO CHECK :${NC} ${MUNIN_CONFIG_CHECK_FAILED}\n"

+[ ! -z "${SNMP_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}SNMPD CONFIG TO CHECK :${NC} ${SNMP_CONFIG_CHECK_FAILED}\n"
+
 [ ! -z "${MAIL_ALIAS_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}MAIL ALIASES TO CHECK :${NC} ${MAIL_ALIAS_CONFIG_CHECK_FAILED}\n"
+
+[ ! -z "${IPAM_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}IPAM CONFIG TO CHECK :${NC} ${IPAM_CONFIG_CHECK_FAILED}\n"