Some updates, 2 new recipes....

This commit is contained in:
nemo 2019-06-15 17:15:10 +02:00
parent 6da37fa7a1
commit fa2244190a
7 changed files with 205 additions and 6 deletions

View File

@ -3,24 +3,27 @@
Check system configuration for a gentoo machine (VM or PHYSICAL) based on GRIFON's architecture. Check system configuration for a gentoo machine (VM or PHYSICAL) based on GRIFON's architecture.
It's a Gentoo OS configuration recipe. This script normally doesn't modify anything on the system. It's a Gentoo OS configuration recipe. This script normally doesn't modify anything on the system.
To use : ./recipe_gentoo.sh [--physical] To use (with root user) :
mv ./vars.example ./vars.sh
vim ./vars.sh # Edit all values which will be used by the script
./recipe_gentoo.sh [--physical]
If you cannot execute the script, add the 'x' permission for the user (chmod u+x ./recipe_gentoo.sh).
Not finished, in progress.... Not finished, in progress....
TO DO : TO DO :
- Reorganise script to limit text repetitions (make functions for example)
- Check if sending a mail works (find a way to check)
- Check detailled DNS records (PTR, A, AAAA)
- Check if borgbackup is configured (OK, need to be fully tested) - Check if borgbackup is configured (OK, need to be fully tested)
- Check if auto-update script is configured - Check if auto-update script is configured
- Portage configuration (for VM and Physical) - Portage configuration (for VM and Physical)
- Others (script design, documentation...)
Checked point : Checked point :
- User is root to run the script - User is root to run the script
- Check requirements - Check requirements
- Installed packages - Installed packages
- Hostname configuration - Hostname configuration
- DNS configuration (resolve external name, configured nameserver and check if all IPs (scope global) are configured in DNS) - DNS configuration (resolve external name, configured nameserver, check if all IPs (scope global) are configured in DNS and check if the hostname has A and AAAA recods in DNS)
- Ping external machine for IPv4 and IPv6 - Ping external machine for IPv4 and IPv6
- If Admin IPs are configured - If Admin IPs are configured
- Services status - Services status
@ -32,3 +35,5 @@ Checked point :
- Check postfix config (inet_protocols, mail_owner) - Check postfix config (inet_protocols, mail_owner)
- Add to check service if they are enabled - Add to check service if they are enabled
- Check if IPs (scope global) are recorded in IPAM - Check if IPs (scope global) are recorded in IPAM
- Check if the selected Gentoo profile is the expected profile
- Print additional manuel verification (send reporting mail, if /etc conf file need to be updated, if a new kernel can be installed, if server-side for Icinga, SNMP and Munin are configured)

View File

@ -43,6 +43,8 @@ done
# Variables used to print the summary messages at the and of the script # Variables used to print the summary messages at the and of the script
export PACKAGES_TO_CHECK="" export PACKAGES_TO_CHECK=""
export RESOLV_FAILED="" export RESOLV_FAILED=""
export HOSTNAME_A_RECORD_NOT_IN_DNS=0
export HOSTNAME_AAAA_RECORD_NOT_IN_DNS=0
export RESOLVER_NOT_IN_ETC_RESOLVCONF="" export RESOLVER_NOT_IN_ETC_RESOLVCONF=""
export IP_NOT_RECORDED_IN_DNS="" export IP_NOT_RECORDED_IN_DNS=""
export PING_FAILED="" export PING_FAILED=""
@ -52,11 +54,13 @@ export MUNIN_CONFIG_CHECK_FAILED=""
export MAIL_ALIAS_CONFIG_CHECK_FAILED="" export MAIL_ALIAS_CONFIG_CHECK_FAILED=""
export SNMP_CONFIG_CHECK_FAILED="" export SNMP_CONFIG_CHECK_FAILED=""
export POSTFIX_CONFIG_CHECK_FAILED="" export POSTFIX_CONFIG_CHECK_FAILED=""
export AUTOBACKUP_CONFIG_CHECK_FAILED=""
export IPAM_CONFIG_CHECK_FAILED="" export IPAM_CONFIG_CHECK_FAILED=""
export SERVICES_NOT_STARTED_OR_ERROR="" export SERVICES_NOT_STARTED_OR_ERROR=""
export BOOL_CHECK_HOSTNAME=0 # Print message at end script if hostname *.grif or *.grifon.fr not configured export BOOL_CHECK_HOSTNAME=0 # Print message at end script if hostname *.grif or *.grifon.fr not configured
export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0 export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0
export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0 export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0
export WRONG_GENTOO_PROFILE_SELECTED=0
# Get ALL locales IPs except loopback # Get ALL locales IPs except loopback
export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq) export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq)
@ -125,6 +129,10 @@ print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
#. recipes/recipe_check_ipam_config.sh #. recipes/recipe_check_ipam_config.sh
. recipes/recipe_check_eselect.sh
. recipes/recipe_final_summary.sh . recipes/recipe_final_summary.sh
. recipes/recipe_addtional_manual_verification.sh
exit 0 exit 0

View File

@ -0,0 +1,15 @@
print_config_title 'ADDTIONAL MANUAL VERIFICATION'
echo -e "- Check if sending a reporting mail works with the command, and after, check your adminsys mailbox :
\techo \"Test if sending a reporting mail works\" | mail -s \"Test if sending a reporting mail works\" root\n"
echo -e "- Check if any /etc files need to be updated (or not) with :
\tetc-update\n"
echo -e "- Check if no new kernel is available :
\teselect kernel list\n"
echo -e "- Check if server-side Icinga, SNMP and Munin are configured for this server\n"

View File

@ -60,9 +60,44 @@ do
if [ $RC -ne 0 ] if [ $RC -ne 0 ]
then then
IP_NOT_RECORDED_IN_DNS="${IP_NOT_RECORDED_IN_DNS} ${ip}" IP_NOT_RECORDED_IN_DNS="${IP_NOT_RECORDED_IN_DNS} ${ip}"
echo -e "${RED}${ip} is NOT recorded in /DNS : check KO${NC}\n" echo -e "${RED}${ip} is NOT recorded in DNS : check KO${NC}\n"
# IP recorded in DNS # IP recorded in DNS
else else
echo -e "${GREEN}${ip} is recorded in DNS : check OK${NC}\n" echo -e "${GREEN}${ip} is recorded in DNS : check OK${NC}\n"
fi fi
done done
# Check if hostname recorded in DNS (A and AAAA records)
echo -e "Check if hostname is recorded in DNS : ${BLUE}A and AAAA records${NC}"
# Check if record A is set in DNS for hostname
nslookup -querytype=A $(hostname) &>/dev/null
# Return Code
RC=$?
# If no 'A' DNS record for hostname
if [ $RC -ne 0 ]
then
HOSTNAME_A_RECORD_NOT_IN_DNS=1
echo -e "${RED}Hostname is NOT recorded in DNS (A record) : check KO${NC}\n"
# If 'A' DNS record for hostname exist
else
echo -e "${GREEN}Hostname is recorded in DNS (A record) : check OK${NC}\n"
fi
# Check if record AAAA is set in DNS for hostname
nslookup -querytype=AAAA $(hostname) &>/dev/null
# Return Code
RC=$?
# If no 'AAAA' DNS record for hostname
if [ $RC -ne 0 ]
then
HOSTNAME_AAAA_RECORD_NOT_IN_DNS=1
echo -e "${RED}Hostname is NOT recorded in DNS (AAAA record) : check KO${NC}\n"
# If 'AAAA' DNS record for hostname exist
else
echo -e "${GREEN}Hostname is recorded in DNS (AAAA record) : check OK${NC}\n"
fi

View File

@ -0,0 +1,11 @@
print_config_title 'CHECK GENTOO PROFILE'
# Check if the active Gentoo profile is the expected profile
if [ "${GENTOO_PROFILE}" == "$(eselect profile list |grep '*' | tr -s " "| cut -d' ' -f3)" ]
then
echo -e "${GREEN}Gentoo profile ${GENTOO_PROFILE} is selected : check OK${NC}\n"
# If wrong Gentoo profile selected
else
WRONG_GENTOO_PROFILE_SELECTED=1
echo -e "${RED}Gentoo profile ${GENTOO_PROFILE} is NOT SELECTED : check KO${NC}\n"
fi

View File

@ -17,6 +17,10 @@ print_config_title 'FINAL SUMMARY'
[ ! -z "${IP_NOT_RECORDED_IN_DNS}" ] && echo -e "${RED}IP RECORD TO CHECK (NOT RECORDED IN DNS) :${NC} ${IP_NOT_RECORDED_IN_DNS}\n" [ ! -z "${IP_NOT_RECORDED_IN_DNS}" ] && echo -e "${RED}IP RECORD TO CHECK (NOT RECORDED IN DNS) :${NC} ${IP_NOT_RECORDED_IN_DNS}\n"
[ ${HOSTNAME_A_RECORD_NOT_IN_DNS} -ne 0 ] && echo -e "${RED}Hostname is NOT recorded in DNS (A record) :${NC} add A record in DNS for the hostname $(hostname)\n"
[ ${HOSTNAME_AAAA_RECORD_NOT_IN_DNS} -ne 0 ] && echo -e "${RED}Hostname is NOT recorded in DNS (AAAA record) :${NC} add AAAA record in DNS for the hostname $(hostname)\n"
[ ! -z "${PING_FAILED}" ] && echo -e "${RED}PING TO CHECK :${NC} ${PING_FAILED}\n" [ ! -z "${PING_FAILED}" ] && echo -e "${RED}PING TO CHECK :${NC} ${PING_FAILED}\n"
[ ! -z "${SERVICES_NOT_STARTED_OR_ERROR}" ] && echo -e "${RED}SERVICE(S) TO CHECK :${NC} ${SERVICES_NOT_STARTED_OR_ERROR}\n" [ ! -z "${SERVICES_NOT_STARTED_OR_ERROR}" ] && echo -e "${RED}SERVICE(S) TO CHECK :${NC} ${SERVICES_NOT_STARTED_OR_ERROR}\n"
@ -34,3 +38,5 @@ print_config_title 'FINAL SUMMARY'
[ ! -z "${POSTFIX_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}POSTFIX CONFIG TO CHECK :${NC} ${POSTFIX_CONFIG_CHECK_FAILED}\n" [ ! -z "${POSTFIX_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}POSTFIX CONFIG TO CHECK :${NC} ${POSTFIX_CONFIG_CHECK_FAILED}\n"
[ ! -z "${IPAM_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}IPAM CONFIG TO CHECK :${NC} ${IPAM_CONFIG_CHECK_FAILED}\n" [ ! -z "${IPAM_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}IPAM CONFIG TO CHECK :${NC} ${IPAM_CONFIG_CHECK_FAILED}\n"
[ ${WRONG_GENTOO_PROFILE_SELECTED} -ne 0 ] && echo -e "${RED}Wrong Gentoo profile selecte :${NC} select ${GENTOO_PROFILE} profile with \"eselect profile list / set [ID]\"\n"

119
vars.example Executable file
View File

@ -0,0 +1,119 @@
# Set absolute PATH for tools
export GREP="/bin/grep"
export ECHO="/bin/echo"
export EMERGE="/usr/bin/emerge"
export NSLOOKUP="/usr/bin/nslookup"
export IP="/bin/ip"
export HOSTNAME="/bin/hostname"
export AWK="/bin/awk"
export SED="/bin/sed"
export CUT="/bin/cut"
export TR="/bin/tr"
export PING="/bin/ping"
export CURL="/usr/bin/curl"
export JQ="/usr/bin/jq"
# Packages to check (it's a list to simplify comment)
export PACKAGES="
virtual/ssh
app-admin/rsyslog
net-misc/ntp
app-backup/borgbackup
virtual/cron
sys-process/cronie
net-analyzer/munin
app-portage/eix'
app-portage/gentoolkit'
app-portage/genlop'
app-misc/tmux'
net-analyzer/tcpdump'
app-editors/vim'
sys-process/htop-2.2.0'
app-admin/sysklogd
dev-vcs/git
net-analyzer/nrpe
net-analyzer/net-snmp
net-dns/bind-tools
dev-vcs/git
mail-mta/postfix
mail-mta/postfix
app-admin/sudo
"
# Package to check if it's a physical machine
export PACKAGES_PHYSICAL="
sys-apps/smartmontools
"
# Hostname to be resolved in recipes
export NAMES_TO_RESOLV_AND_PING="
grifon.fr
arn-fai.net
grifonfesfdsfdsf.fr
"
# Resolver to check if they are in /etc/resolv.conf
export RESOLVERS="
2a00:5884::7
89.234.186.4
"
# Services to check if they are working/running
export SERVICES_TO_CHECK="
rsyslog
ntpd
munin-node
iptables
ip6tables
sshd
postfix
nrpe
snmpd
hostname
"
# Same but with physical host services
export SERVICES_TO_CHECK_PHYSICAL="
smard
"
# Admin network
export IPV4_ADMIN_NETWORK="172.16.0."
export IPV6_ADMIN_NETWORK="fd00:1111:1111:"
# AS IPs ranges
export RANGE_IPV4_1_NETWORK="89.234.186."
export RANGE_IPV4_2_NETWORK="80.67.190."
export RANGE_IPV6_NETWORK="2a00:5884:"
# Admin hostname of the Monitoring server (Munin + libreNMS)
export NAME_MASTER_MONITORING="serveur-sup.local"
# Address of the Monitoring server in Munin's configuration format
export IPV4_MASTER_MUNIN='^172\\\.16\\\.0\\\.123\$'
export IPV6_MASTER_MUNIN='^fd00:1111:1111::123\$'
# root/operator aliases for mailing
export MAIL_ALIAS_ROOT="adminsys@example.tld"
# General informations and replace space by [[:space:]]* to be used in regex
export DC="Datacenter"
export DC_for_function_check_value_in_conf_file=$(echo -e ${DC} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
export ENTITY="Entity"
export ENTITY_for_function_check_value_in_conf_file=$(echo -e ${ENTITY} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
# Backup informations
export BACKUP_SCRIPT="/usr/local/sbin/backup.sh"
export BACKUP_REMOTE_USER="user-backup"
export BACKUP_REMOTE_SERVER="backup.example.tld"
export BACKUP_REMOTE_REPERTORY="/var/backup"
# User and password to request a token on phpIPAM API
export USER_IPAM='ipam-user'
export PASSWORD_IPAM='password'
# URL of the API
export URL="https://ipam.example.tld/api/${USER_IPAM}"
# Gentoo profile
export GENTOO_PROFILE="default/linux/amd64/17.1"