ansible-collections/phpipam_scan_agent
2
0
Fork 0
Code Issues 10 Pull Requests Actions Projects Releases 7 Wiki Activity

feat(agent): move config of variables to vars file

Browse Source 
!8 closes #11
This commit is contained in:
Jon Lockwood
2024-02-23 13:24:02 +09:30
parent 49682d6038
commit de7752cfcf
10 changed files with 90 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dockerfile
View File

@ -106,7 +106,9 @@ RUN mkdir -p /tmp/collection; \
/tmp/collection/.; \ /tmp/collection/.; \
rm -Rf /tmp/collection; \ rm -Rf /tmp/collection; \
fi; \ fi; \
chmod +x /etc/cron.d/*; chmod +x /etc/cron.d/*; \
chown root:root -R /etc/phpipam; \
chmod 740 -R /etc/phpipam;
WORKDIR /root WORKDIR /root

9
docs/projects/ansible/collection/phpipam_scan_agent/docker.md
View File

@ -23,12 +23,9 @@ docker run \
-e "MYSQL_HOST=<your value here>" \ -e "MYSQL_HOST=<your value here>" \
-e "MYSQL_USER=<your value here>" \ -e "MYSQL_USER=<your value here>" \
-e "MYSQL_PASSWORD=<your value here>" \ -e "MYSQL_PASSWORD=<your value here>" \
-e "SCANNER_TOKEN=<your value here>" \
-e "SCANNER_NAME=<your value here>" \
-e "SCANNER_CODE=<your value here>" \
-p "5000:5000" \ -p "5000:5000" \
--name scan-agent \ --name scan-agent \
scan-agent:latest; nofusscomputing/phpipam-scan-agent:latest;
``` ```
@ -44,7 +41,9 @@ During the build of the container environmental variable `ANSIBLE_FORCE_COLOR='t
### Volumes ### Volumes
There are no volumes for this container. You will need to configure the scan components:
- scanner config file at path `/etc/phpipam/scan_agent.yaml`, see [scanner docs](scanner.md#variables) for details.
If you wish to customize the cronjob for the scan component within the container, mount a new cron file to path `/etc/cron.d/scanner`. The default cron file is as follows: If you wish to customize the cronjob for the scan component within the container, mount a new cron file to path `/etc/cron.d/scanner`. The default cron file is as follows:

38
docs/projects/ansible/collection/phpipam_scan_agent/scanner.md
View File

@ -11,15 +11,11 @@ The Scan Agent Scanner component is intended to scan networks that are assigned
## Usage ## Usage
After installing the collection, running the agent is as simple as running the following command: After installing the collection and configuring. Running the agent is as simple as running the following command:
``` bash ``` bash
ansible-playbook nofusscomputing.phpipam_scan_agent.agent \ ansible-playbook nofusscomputing.phpipam_scan_agent.agent
--extra-vars "api_url=<your value here>" \
--extra-vars "client_token=<your value here>" \
--extra-vars "client_name=<your value here>" \
--extra-vars "scanagent_code=<your value here>"
``` ```
@ -33,19 +29,24 @@ The scanner component requires API access to phpIPAM. THe API user that is used,
### Variables ### Variables
The variables described below, if optional the value specified here is the default value. Any variable that can be set via environmental variables have the variable name enclosed in `[]` Variables for the scanner are set in a variables file at path `/etc/phpipam/scan_agent.yaml`. The variables described below, if optional the value specified here is the default value.
``` yaml ``` yaml
nofusscomputing_phpipam_scan_agent:
nfc_c_http_port: 5000 # Optional, Integer. http port to connect to the server. [HTTP_PORT] api_url: # Mandatory, String. url with protocol of the phpIPAM API to connect to.
nfc_c_http_server: http://127.0.0.1 # Optional, Integer. url with protocol of the Scan Server to connect to. [HTTP_URL]
http_port: 5000 # Optional, Integer. http port to connect to the server.
http_server: http://127.0.0.1 # Optional, Integer. url with protocol of the Scan Server to connect to.
api_url: http://127.0.0.1 # Optional, String. url with protocol of the phpIPAM API to connect to. [API_URL] cache_expire_time: 1800 # Optional, Integer. Time in seconds to expire the phpIPAM cache.
epoch_time_offset: 0 # optional, int. Value in seconds to offset the time
# phpIPAM Scan Agent Settings
client_token: # Mandatory, String client api token to connect to phpIPAM API [client_token]
client_name: # Mandatory, String. The scanner name as set in phpIPAM interface [client_name]
scanagent_code: # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code]
nfc_c_cache_expire_time: 1800 # Optional, Integer. Time in seconds to expire the phpIPAM cache.
nfc_c_epoch_time_offset: 0 # optional, int. Value in seconds to offset the time
``` ```
@ -53,6 +54,19 @@ nfc_c_epoch_time_offset: 0 # optional, int. Value in seconds to offs
You can specify environmental variable `ANSIBLE_LOG_PATH=/var/log/ansible.log`, which will tell the scanner component to log to a file at path `/var/log/ansible.log` You can specify environmental variable `ANSIBLE_LOG_PATH=/var/log/ansible.log`, which will tell the scanner component to log to a file at path `/var/log/ansible.log`
#### phpIPAM Interface variable Mapping
These images are of the phpIPAM interface that show in green text the variable name that would be set as detailed above.
![phpIPAM API](images/phpipam_api.png)
phpIPAM API Settings
----
![phpIPAM Scan Agent](images/phpipam_scan_agent_details.png)
phpIPAM Scan Agent Settings
## Workflow ## Workflow
The scanner component has the following workflow: The scanner component has the following workflow:

19
docs/projects/ansible/collection/phpipam_scan_agent/server.md
View File

@ -25,10 +25,6 @@ ansible-rulebook -r nofusscomputing.phpipam_scan_agent.agent_receive
The variables described below, if optional the value specified here is the default value. All variables that are used by the server component are environmental variables that must be set before execution. Ansbible variable name is enclused in `[]` The variables described below, if optional the value specified here is the default value. All variables that are used by the server component are environmental variables that must be set before execution. Ansbible variable name is enclused in `[]`
``` bash ``` bash
# phpIPAM Scan Agent Settings
SCANNER_TOKEN= # Mandatory, String client api token to connect to phpIPAM API [client_token]
SCANNER_NAME= # Mandatory, String. The scanner name as set in phpIPAM interface [client_name]
SCANNER_CODE= # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code]
# phpIPAM MariaDB/MySQL Variables # phpIPAM MariaDB/MySQL Variables
MYSQL_HOST= # Mandatory, String. IP/DNS of host to connect. [nfc_c_mysql_host] MYSQL_HOST= # Mandatory, String. IP/DNS of host to connect. [nfc_c_mysql_host]
@ -43,21 +39,6 @@ HTTP_PORT=5000 # Optional, Integer. The port for the Server component to
``` ```
#### phpIPAM Interface variable Mapping
These images are of the phpIPAM interface that show in green text the variable name that would be set as detailed above.
![phpIPAM API](images/phpipam_api.png)
phpIPAM API Settings
----
![phpIPAM Scan Agent](images/phpipam_scan_agent_details.png)
phpIPAM Scan Agent Settings
# Workflow # Workflow
The Server componet has the following workflow: The Server componet has the following workflow:

18
includes/etc/phpipam/scan_agent.yaml Normal file
View File

@ -0,0 +1,18 @@
---
nofusscomputing_phpipam_scan_agent:
# api_url: http://127.0.0.1 # Mandatory, String. url with protocol of the phpIPAM API to connect to.
# http_port: 5000 # Optional, Integer. http port to connect to the server.
# http_server: http://127.0.0.1 # Optional, Integer. url with protocol of the Scan Server to connect to.
# cache_expire_time: 1800 # Optional, Integer. Time in seconds to expire the phpIPAM cache.
# epoch_time_offset: 0 # optional, int. Value in seconds to offset the time
# phpIPAM Scan Agent Settings
client_token: # Mandatory, String client api token to connect to phpIPAM API [client_token]
client_name: # Mandatory, String. The scanner name as set in phpIPAM interface [client_name]
scanagent_code: # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code]

56
playbooks/agent.yaml
View File

@ -5,64 +5,48 @@
tasks: tasks:
- name: Check for Existance of config file
ansible.builtin.stat:
path: /etc/phpipam/scan_agent.yaml
register: config_file_check
- name: Fetch Required Environmental Variables
ansible.builtin.set_fact: - name: Load Config File
client_token: "{{ lookup('ansible.builtin.env', 'SCANNER_TOKEN') | default('') }}" ansible.builtin.include_vars:
client_name: "{{ lookup('ansible.builtin.env', 'SCANNER_NAME') }}" file: /etc/phpipam/scan_agent.yaml
scanagent_code: "{{ lookup('ansible.builtin.env', 'SCANNER_CODE') | default('') }}"
api_url: "{{ lookup('ansible.builtin.env', 'API_URL') | default('') }}"
no_log: true
when: > when: >
client_token is not defined config_file_check.stat.exists
and
client_name is not defined
and
scanagent_code is not defined
and
api_url is not defined
- name: Fetch Required Environmental Variable - HTTP_URL
ansible.builtin.set_fact:
nfc_c_http_server: "{{ lookup('ansible.builtin.env', 'HTTP_URL') | default('') }}"
when: >
lookup('ansible.builtin.env', 'HTTP_URL') | default('') != ''
- name: Fetch Required Environmental Variable - HTTP_PORT
ansible.builtin.set_fact:
nfc_c_http_port: "{{ lookup('ansible.builtin.env', 'HTTP_PORT') | default('') }}"
when: >
lookup('ansible.builtin.env', 'HTTP_PORT') | default('') != ''
- name: Confirm 'api_url' is Set - name: Confirm 'api_url' is Set
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- api_url is defined - nofusscomputing_phpipam_scan_agent.api_url is defined
- api_url != '' - nofusscomputing_phpipam_scan_agent.api_url != ''
msg: "missing Required Variables" msg: "missing Required Variables"
- name: Confirm 'client_token' is Set - name: Confirm 'client_token' is Set
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- client_token is defined - nofusscomputing_phpipam_scan_agent.client_token is defined
- nofusscomputing_phpipam_scan_agent.client_token != ''
msg: "missing Required Variables" msg: "missing Required Variables"
- name: Confirm 'client_name' is Set - name: Confirm 'client_name' is Set
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- client_name is defined - nofusscomputing_phpipam_scan_agent.client_name is defined
- nofusscomputing_phpipam_scan_agent.client_name != ''
msg: "missing Required Variables" msg: "missing Required Variables"
- name: Confirm 'scanagent_code' is Set - name: Confirm 'scanagent_code' is Set
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- scanagent_code is defined - nofusscomputing_phpipam_scan_agent.scanagent_code is defined
- nofusscomputing_phpipam_scan_agent.scanagent_code != ''
msg: "missing Required Variables" msg: "missing Required Variables"
@ -89,12 +73,12 @@
loop_var: subnet loop_var: subnet
vars: # ToDo: remove the below t4est vars vars:
nfc_c_cache_expire_time: 1800
nfc_c_http_port: 5000 nfc_c_http_port: 5000
nfc_c_http_server: http://127.0.0.1 nfc_c_http_server: http://127.0.0.1
nfc_c_path_cache: "{{ playbook_dir }}/../cache"
api_address: addresses api_address: addresses
api_subnets: subnets api_subnets: subnets
api_scanagents: tools/scanagents api_scanagents: tools/scanagents
nfc_c_path_cache: "{{ playbook_dir }}/../cache"
nfc_c_cache_expire_time: 1800

6
playbooks/tasks/agent_id.yaml
View File

@ -4,10 +4,10 @@
ansible.builtin.include_tasks: ansible.builtin.include_tasks:
file: tasks/api_call.yaml file: tasks/api_call.yaml
vars: vars:
api_client_name: "{{ client_name }}" api_client_name: "{{ nofusscomputing_phpipam_scan_agent.client_name }}"
api_token: "{{ client_token }}" api_token: "{{ nofusscomputing_phpipam_scan_agent.client_token }}"
api_path: "{{ api_scanagents }}" api_path: "{{ api_scanagents }}"
api_query_string: "filter_by=code&filter_value={{ scanagent_code }}" api_query_string: "filter_by=code&filter_value={{ nofusscomputing_phpipam_scan_agent.scanagent_code }}"
- name: My ScanAgent ID - name: My ScanAgent ID

19
playbooks/tasks/api_call.yaml
View File

@ -3,15 +3,6 @@
block: block:
- name: Mandatory Variables set
ansible.builtin.assert:
that:
- api_client_name is defined
- api_path is defined
- api_token is defined
- api_url is defined
- name: API Facts - name: API Facts
ansible.builtin.set_fact: ansible.builtin.set_fact:
epoch: "{{ ((('%Y-%m-%d %H:%M:%S' | strftime) | string | to_datetime) - ('1970-01-01 00:00:00' | to_datetime)).total_seconds() | int }}" epoch: "{{ ((('%Y-%m-%d %H:%M:%S' | strftime) | string | to_datetime) - ('1970-01-01 00:00:00' | to_datetime)).total_seconds() | int }}"
@ -31,7 +22,8 @@
- name: Expire - name: Expire
ansible.builtin.set_fact: ansible.builtin.set_fact:
expired: "{{ ((epoch | int + (nfc_c_epoch_time_offset | default(0)) | int) >= ((cached_file.stat.mtime | int) + nfc_c_cache_expire_time | int) | int ) | bool }}" expired: "{{ ((epoch | int + (nfc_c_epoch_time_offset | default(0)) | int) >= ((cached_file.stat.mtime | int) +
(nofusscomputing_phpipam_scan_agent.cache_expire_time | default(nfc_c_cache_expire_time)) | int) | int ) | bool }}"
when: cached_file.stat.exists when: cached_file.stat.exists
@ -40,8 +32,9 @@
msg: msg:
- "exists: {{ cached_file.stat.exists | default('') }}" - "exists: {{ cached_file.stat.exists | default('') }}"
- "mtime: {{ cached_file.stat.mtime | default(0) | int }}" - "mtime: {{ cached_file.stat.mtime | default(0) | int }}"
- "expire: {{ (cached_file.stat.mtime | int) + nfc_c_cache_expire_time | int }}" - "expire: {{ (cached_file.stat.mtime | int) + (nofusscomputing_phpipam_scan_agent.cache_expire_time | default(nfc_c_cache_expire_time)) | int }}"
- "epoch: {{ (epoch | int + (nfc_c_epoch_time_offset | default(0)) | int) | int }} [{{ nfc_c_cache_expire_time }}]" - "epoch: {{ (epoch | int + (nfc_c_epoch_time_offset | default(0)) | int) | int }} [{{
(nofusscomputing_phpipam_scan_agent.cache_expire_time | default(nfc_c_cache_expire_time)) }}]"
- "epoch: {{ epoch }}" - "epoch: {{ epoch }}"
- "expired: {{ expired }}" - "expired: {{ expired }}"
when: cached_file.stat.exists when: cached_file.stat.exists
@ -62,7 +55,7 @@
{%- endif %} {%- endif %}
ansible.builtin.uri: ansible.builtin.uri:
url: >- url: >-
{{ api_url }}/api/{{ api_client_name }}/{{ api_path }} {{ nofusscomputing_phpipam_scan_agent.api_url }}/api/{{ api_client_name }}/{{ api_path }}
{%- if api_query_string is defined -%} {%- if api_query_string is defined -%}
/?{{ api_query_string }} /?{{ api_query_string }}
{%- endif %} {%- endif %}

12
playbooks/tasks/scan_subnet.yaml
View File

@ -5,12 +5,14 @@
cmd: nmap -sn "{{ subnet.address }}" -oX - cmd: nmap -sn "{{ subnet.address }}" -oX -
become: true become: true
register: nmap_scan register: nmap_scan
- name: Get subnets Address' - name: Get subnets Address'
ansible.builtin.include_tasks: ansible.builtin.include_tasks:
file: tasks/api_call.yaml file: tasks/api_call.yaml
vars: vars:
api_client_name: "{{ client_name }}" api_client_name: "{{ nofusscomputing_phpipam_scan_agent.client_name }}"
api_token: "{{ client_token }}" api_token: "{{ nofusscomputing_phpipam_scan_agent.client_token }}"
api_path: "{{ api_address }}" api_path: "{{ api_address }}"
api_query_string: "filter_by=subnetId&filter_value={{ subnet.id }}" api_query_string: "filter_by=subnetId&filter_value={{ subnet.id }}"
@ -65,11 +67,13 @@
- name: Upload Scan Results - {{ subnet.address }} - name: Upload Scan Results - {{ subnet.address }}
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ nfc_c_http_server }}:{{ nfc_c_http_port }}/" url: "{{
nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server)
}}:{{ nofusscomputing_phpipam_scan_agent.http_port | default(nfc_c_http_port) }}/"
method: POST method: POST
body_format: json body_format: json
body: { body: {
"code": "{{ scanagent_code }}", "code": "{{ nofusscomputing_phpipam_scan_agent.scanagent_code }}",
"scan": { "scan": {
"subnet": "{{ subnet.address }}", "subnet": "{{ subnet.address }}",
"results": "{{ subnet_scan_results }}" "results": "{{ subnet_scan_results }}"

4
playbooks/tasks/subnets.yaml
View File

@ -9,8 +9,8 @@
ansible.builtin.include_tasks: ansible.builtin.include_tasks:
file: tasks/api_call.yaml file: tasks/api_call.yaml
vars: vars:
api_client_name: "{{ client_name }}" api_client_name: "{{ nofusscomputing_phpipam_scan_agent.client_name }}"
api_token: "{{ client_token }}" api_token: "{{ nofusscomputing_phpipam_scan_agent.client_token }}"
api_path: "{{ api_subnets }}" api_path: "{{ api_subnets }}"
api_query_string: "filter_by=scanAgent&filter_value={{ nfc_c_scan_agent_id }}" api_query_string: "filter_by=scanAgent&filter_value={{ nfc_c_scan_agent_id }}"