diff --git a/dockerfile b/dockerfile index 43a8cb6..d0e923e 100644 --- a/dockerfile +++ b/dockerfile @@ -106,7 +106,9 @@ RUN mkdir -p /tmp/collection; \ /tmp/collection/.; \ rm -Rf /tmp/collection; \ fi; \ - chmod +x /etc/cron.d/*; + chmod +x /etc/cron.d/*; \ + chown root:root -R /etc/phpipam; \ + chmod 740 -R /etc/phpipam; WORKDIR /root diff --git a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md index 095a910..c0ff0bc 100644 --- a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md +++ b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md @@ -33,19 +33,24 @@ The scanner component requires API access to phpIPAM. THe API user that is used, ### Variables -The variables described below, if optional the value specified here is the default value. Any variable that can be set via environmental variables have the variable name enclosed in `[]` +Variables for the scanner are set in a variables file at path `/etc/phpipam/scan_agent.yaml`. The variables described below, if optional the value specified here is the default value. ``` yaml +nofusscomputing_phpipam_scan_agent: -nfc_c_http_port: 5000 # Optional, Integer. http port to connect to the server. [HTTP_PORT] -nfc_c_http_server: http://127.0.0.1 # Optional, Integer. url with protocol of the Scan Server to connect to. [HTTP_URL] + api_url: # Mandatory, String. url with protocol of the phpIPAM API to connect to. + http_port: 5000 # Optional, Integer. http port to connect to the server. + http_server: http://127.0.0.1 # Optional, Integer. url with protocol of the Scan Server to connect to. -api_url: http://127.0.0.1 # Optional, String. url with protocol of the phpIPAM API to connect to. [API_URL] + cache_expire_time: 1800 # Optional, Integer. Time in seconds to expire the phpIPAM cache. + epoch_time_offset: 0 # optional, int. Value in seconds to offset the time +# phpIPAM Scan Agent Settings + client_token: # Mandatory, String client api token to connect to phpIPAM API [client_token] + client_name: # Mandatory, String. The scanner name as set in phpIPAM interface [client_name] + scanagent_code: # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code] -nfc_c_cache_expire_time: 1800 # Optional, Integer. Time in seconds to expire the phpIPAM cache. -nfc_c_epoch_time_offset: 0 # optional, int. Value in seconds to offset the time ``` @@ -53,6 +58,19 @@ nfc_c_epoch_time_offset: 0 # optional, int. Value in seconds to offs You can specify environmental variable `ANSIBLE_LOG_PATH=/var/log/ansible.log`, which will tell the scanner component to log to a file at path `/var/log/ansible.log` +#### phpIPAM Interface variable Mapping + +These images are of the phpIPAM interface that show in green text the variable name that would be set as detailed above. + +![phpIPAM API](images/phpipam_api.png) +phpIPAM API Settings + +---- + +![phpIPAM Scan Agent](images/phpipam_scan_agent_details.png) +phpIPAM Scan Agent Settings + + ## Workflow The scanner component has the following workflow: diff --git a/docs/projects/ansible/collection/phpipam_scan_agent/server.md b/docs/projects/ansible/collection/phpipam_scan_agent/server.md index b34b6c2..a5713ae 100644 --- a/docs/projects/ansible/collection/phpipam_scan_agent/server.md +++ b/docs/projects/ansible/collection/phpipam_scan_agent/server.md @@ -25,10 +25,6 @@ ansible-rulebook -r nofusscomputing.phpipam_scan_agent.agent_receive The variables described below, if optional the value specified here is the default value. All variables that are used by the server component are environmental variables that must be set before execution. Ansbible variable name is enclused in `[]` ``` bash -# phpIPAM Scan Agent Settings -SCANNER_TOKEN= # Mandatory, String client api token to connect to phpIPAM API [client_token] -SCANNER_NAME= # Mandatory, String. The scanner name as set in phpIPAM interface [client_name] -SCANNER_CODE= # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code] # phpIPAM MariaDB/MySQL Variables MYSQL_HOST= # Mandatory, String. IP/DNS of host to connect. [nfc_c_mysql_host] @@ -43,21 +39,6 @@ HTTP_PORT=5000 # Optional, Integer. The port for the Server component to ``` -#### phpIPAM Interface variable Mapping - -These images are of the phpIPAM interface that show in green text the variable name that would be set as detailed above. - -![phpIPAM API](images/phpipam_api.png) - -phpIPAM API Settings - ----- - -![phpIPAM Scan Agent](images/phpipam_scan_agent_details.png) - -phpIPAM Scan Agent Settings - - # Workflow The Server componet has the following workflow: diff --git a/includes/etc/phpipam/scan_agent.yaml b/includes/etc/phpipam/scan_agent.yaml new file mode 100644 index 0000000..3591368 --- /dev/null +++ b/includes/etc/phpipam/scan_agent.yaml @@ -0,0 +1,18 @@ +--- + +nofusscomputing_phpipam_scan_agent: + + # api_url: http://127.0.0.1 # Mandatory, String. url with protocol of the phpIPAM API to connect to. + + # http_port: 5000 # Optional, Integer. http port to connect to the server. + # http_server: http://127.0.0.1 # Optional, Integer. url with protocol of the Scan Server to connect to. + + + # cache_expire_time: 1800 # Optional, Integer. Time in seconds to expire the phpIPAM cache. + # epoch_time_offset: 0 # optional, int. Value in seconds to offset the time + + +# phpIPAM Scan Agent Settings + client_token: # Mandatory, String client api token to connect to phpIPAM API [client_token] + client_name: # Mandatory, String. The scanner name as set in phpIPAM interface [client_name] + scanagent_code: # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code] diff --git a/playbooks/agent.yaml b/playbooks/agent.yaml index 7c33f2c..ec4521a 100644 --- a/playbooks/agent.yaml +++ b/playbooks/agent.yaml @@ -5,64 +5,48 @@ tasks: + - name: Check for Existance of config file + ansible.builtin.stat: + path: /etc/phpipam/scan_agent.yaml + register: config_file_check - - name: Fetch Required Environmental Variables - ansible.builtin.set_fact: - client_token: "{{ lookup('ansible.builtin.env', 'SCANNER_TOKEN') | default('') }}" - client_name: "{{ lookup('ansible.builtin.env', 'SCANNER_NAME') }}" - scanagent_code: "{{ lookup('ansible.builtin.env', 'SCANNER_CODE') | default('') }}" - api_url: "{{ lookup('ansible.builtin.env', 'API_URL') | default('') }}" - no_log: true + + - name: Load Config File + ansible.builtin.include_vars: + file: /etc/phpipam/scanagent.yaml when: > - client_token is not defined - and - client_name is not defined - and - scanagent_code is not defined - and - api_url is not defined - - - - name: Fetch Required Environmental Variable - HTTP_URL - ansible.builtin.set_fact: - nfc_c_http_server: "{{ lookup('ansible.builtin.env', 'HTTP_URL') | default('') }}" - when: > - lookup('ansible.builtin.env', 'HTTP_URL') | default('') != '' - - - - name: Fetch Required Environmental Variable - HTTP_PORT - ansible.builtin.set_fact: - nfc_c_http_port: "{{ lookup('ansible.builtin.env', 'HTTP_PORT') | default('') }}" - when: > - lookup('ansible.builtin.env', 'HTTP_PORT') | default('') != '' + config_file_check.stat.exists - name: Confirm 'api_url' is Set ansible.builtin.assert: that: - - api_url is defined - - api_url != '' + - nofusscomputing_phpipam_scan_agent.api_url is defined + - nofusscomputing_phpipam_scan_agent.api_url != '' msg: "missing Required Variables" - name: Confirm 'client_token' is Set ansible.builtin.assert: that: - - client_token is defined + - nofusscomputing_phpipam_scan_agent.client_token is defined + - nofusscomputing_phpipam_scan_agent.client_token != '' msg: "missing Required Variables" - name: Confirm 'client_name' is Set ansible.builtin.assert: that: - - client_name is defined + - nofusscomputing_phpipam_scan_agent.client_name is defined + - nofusscomputing_phpipam_scan_agent.client_name != '' msg: "missing Required Variables" - name: Confirm 'scanagent_code' is Set ansible.builtin.assert: that: - - scanagent_code is defined + - nofusscomputing_phpipam_scan_agent.scanagent_code is defined + - nofusscomputing_phpipam_scan_agent.scanagent_code != msg: "missing Required Variables" @@ -89,12 +73,12 @@ loop_var: subnet - vars: # ToDo: remove the below t4est vars + vars: + nfc_c_cache_expire_time: 1800 nfc_c_http_port: 5000 nfc_c_http_server: http://127.0.0.1 + nfc_c_path_cache: "{{ playbook_dir }}/../cache" api_address: addresses api_subnets: subnets api_scanagents: tools/scanagents - nfc_c_path_cache: "{{ playbook_dir }}/../cache" - nfc_c_cache_expire_time: 1800 diff --git a/playbooks/tasks/agent_id.yaml b/playbooks/tasks/agent_id.yaml index 2bd20d3..1732a69 100644 --- a/playbooks/tasks/agent_id.yaml +++ b/playbooks/tasks/agent_id.yaml @@ -4,10 +4,10 @@ ansible.builtin.include_tasks: file: tasks/api_call.yaml vars: - api_client_name: "{{ client_name }}" - api_token: "{{ client_token }}" + api_client_name: "{{ nofusscomputing_phpipam_scan_agent.client_name }}" + api_token: "{{ nofusscomputing_phpipam_scan_agent.client_token }}" api_path: "{{ api_scanagents }}" - api_query_string: "filter_by=code&filter_value={{ scanagent_code }}" + api_query_string: "filter_by=code&filter_value={{ nofusscomputing_phpipam_scan_agent.scanagent_code }}" - name: My ScanAgent ID diff --git a/playbooks/tasks/api_call.yaml b/playbooks/tasks/api_call.yaml index 3a537b8..304046c 100644 --- a/playbooks/tasks/api_call.yaml +++ b/playbooks/tasks/api_call.yaml @@ -31,7 +31,8 @@ - name: Expire ansible.builtin.set_fact: - expired: "{{ ((epoch | int + (nfc_c_epoch_time_offset | default(0)) | int) >= ((cached_file.stat.mtime | int) + nfc_c_cache_expire_time | int) | int ) | bool }}" + expired: "{{ ((epoch | int + (nfc_c_epoch_time_offset | default(0)) | int) >= ((cached_file.stat.mtime | int) + + (nofusscomputing_phpipam_scan_agent.cache_expire_time | default(nfc_c_cache_expire_time)) | int) | int ) | bool }}" when: cached_file.stat.exists @@ -40,8 +41,9 @@ msg: - "exists: {{ cached_file.stat.exists | default('') }}" - "mtime: {{ cached_file.stat.mtime | default(0) | int }}" - - "expire: {{ (cached_file.stat.mtime | int) + nfc_c_cache_expire_time | int }}" - - "epoch: {{ (epoch | int + (nfc_c_epoch_time_offset | default(0)) | int) | int }} [{{ nfc_c_cache_expire_time }}]" + - "expire: {{ (cached_file.stat.mtime | int) + (nofusscomputing_phpipam_scan_agent.cache_expire_time | default(nfc_c_cache_expire_time)) | int }}" + - "epoch: {{ (epoch | int + (nfc_c_epoch_time_offset | default(0)) | int) | int }} [{{ + (nofusscomputing_phpipam_scan_agent.cache_expire_time | default(nfc_c_cache_expire_time)) }}]" - "epoch: {{ epoch }}" - "expired: {{ expired }}" when: cached_file.stat.exists diff --git a/playbooks/tasks/scan_subnet.yaml b/playbooks/tasks/scan_subnet.yaml index 25ebcd8..4602786 100644 --- a/playbooks/tasks/scan_subnet.yaml +++ b/playbooks/tasks/scan_subnet.yaml @@ -5,12 +5,14 @@ cmd: nmap -sn "{{ subnet.address }}" -oX - become: true register: nmap_scan + + - name: Get subnets Address' ansible.builtin.include_tasks: file: tasks/api_call.yaml vars: - api_client_name: "{{ client_name }}" - api_token: "{{ client_token }}" + api_client_name: "{{ nofusscomputing_phpipam_scan_agent.client_name }}" + api_token: "{{ nofusscomputing_phpipam_scan_agent.client_token }}" api_path: "{{ api_address }}" api_query_string: "filter_by=subnetId&filter_value={{ subnet.id }}" @@ -65,11 +67,13 @@ - name: Upload Scan Results - {{ subnet.address }} ansible.builtin.uri: - url: "{{ nfc_c_http_server }}:{{ nfc_c_http_port }}/" + url: "{{ + nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server) + }}:{{ nofusscomputing_phpipam_scan_agent.http_port | default(nfc_c_http_port) }}/" method: POST body_format: json body: { - "code": "{{ scanagent_code }}", + "code": "{{ nofusscomputing_phpipam_scan_agent.scanagent_code }}", "scan": { "subnet": "{{ subnet.address }}", "results": "{{ subnet_scan_results }}" diff --git a/playbooks/tasks/subnets.yaml b/playbooks/tasks/subnets.yaml index 923632e..785b31c 100644 --- a/playbooks/tasks/subnets.yaml +++ b/playbooks/tasks/subnets.yaml @@ -9,8 +9,8 @@ ansible.builtin.include_tasks: file: tasks/api_call.yaml vars: - api_client_name: "{{ client_name }}" - api_token: "{{ client_token }}" + api_client_name: "{{ nofusscomputing_phpipam_scan_agent.client_name }}" + api_token: "{{ nofusscomputing_phpipam_scan_agent.client_token }}" api_path: "{{ api_subnets }}" api_query_string: "filter_by=scanAgent&filter_value={{ nfc_c_scan_agent_id }}"