feat(agent): move config of variables to vars file

!8 closes #11
2024-02-23 13:24:02 +09:30
parent 49682d6038
commit df464acaef
10 changed files with 84 additions and 78 deletions
--- a/4
+++ b/4
@ -106,7 +106,9 @@ RUN mkdir -p /tmp/collection; \
    /tmp/collection/.; \
    rm -Rf /tmp/collection; \
  fi; \
-  chmod +x /etc/cron.d/*;
+  chmod +x /etc/cron.d/*; \
+  chown root:root -R /etc/phpipam; \
+  chmod 740 -R /etc/phpipam;


 WORKDIR /root
--- a/docs/projects/ansible/collection/phpipam_scan_agent/docker.md
+++ b/docs/projects/ansible/collection/phpipam_scan_agent/docker.md
@ -23,9 +23,6 @@ docker run \
    -e "MYSQL_HOST=<your value here>" \
    -e "MYSQL_USER=<your value here>" \
    -e "MYSQL_PASSWORD=<your value here>" \
-    -e "SCANNER_TOKEN=<your value here>" \
-    -e "SCANNER_NAME=<your value here>" \
-    -e "SCANNER_CODE=<your value here>" \
    -p "5000:5000" \
    --name scan-agent \
    scan-agent:latest;
@ -44,7 +41,7 @@ During the build of the container environmental variable `ANSIBLE_FORCE_COLOR='t

 ### Volumes

-There are no volumes for this container.
+You will need to mount the scanner config file at path `/etc/phpipam/scan_agent.yaml`, see [scanner docs](scanner.md#variables) for details.

 If you wish to customize the cronjob for the scan component within the container, mount a new cron file to path `/etc/cron.d/scanner`. The default cron file is as follows:

--- a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md
+++ b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md
@ -33,19 +33,24 @@ The scanner component requires API access to phpIPAM. THe API user that is used,

 ### Variables

-The variables described below, if optional the value specified here is the default value. Any variable that can be set via environmental variables have the variable name enclosed in `[]`
+Variables for the scanner are set in a variables file at path `/etc/phpipam/scan_agent.yaml`. The variables described below, if optional the value specified here is the default value.

 ``` yaml
+nofusscomputing_phpipam_scan_agent:

-nfc_c_http_port: 5000                  # Optional, Integer. http port to connect to the server. [HTTP_PORT]
-nfc_c_http_server: http://127.0.0.1    # Optional, Integer. url with protocol of the Scan Server to connect to. [HTTP_URL]
+  api_url:                           # Mandatory, String. url with protocol of the phpIPAM API to connect to.

+  http_port: 5000                    # Optional, Integer. http port to connect to the server.
+  http_server: http://127.0.0.1      # Optional, Integer. url with protocol of the Scan Server to connect to.

-api_url: http://127.0.0.1              # Optional, String. url with protocol of the phpIPAM API to connect to. [API_URL]
+  cache_expire_time: 1800            # Optional, Integer. Time in seconds to expire the phpIPAM cache.
+  epoch_time_offset: 0               # optional, int. Value in seconds to offset the time

+# phpIPAM Scan Agent Settings
+  client_token:                      # Mandatory, String client api token to connect to phpIPAM API [client_token]
+  client_name:                       # Mandatory, String. The scanner name as set in phpIPAM interface [client_name]
+  scanagent_code:                    # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code]

-nfc_c_cache_expire_time: 1800          # Optional, Integer. Time in seconds to expire the phpIPAM cache.
-nfc_c_epoch_time_offset: 0             # optional, int. Value in seconds to offset the time

 ```

@ -53,6 +58,19 @@ nfc_c_epoch_time_offset: 0             # optional, int. Value in seconds to offs
    You can specify environmental variable `ANSIBLE_LOG_PATH=/var/log/ansible.log`, which will tell the scanner component to log to a file at path `/var/log/ansible.log`


+#### phpIPAM Interface variable Mapping
+
+These images are of the phpIPAM interface that show in green text the variable name that would be set as detailed above.
+
+![phpIPAM API](images/phpipam_api.png)
+phpIPAM API Settings
+
+----
+
+![phpIPAM Scan Agent](images/phpipam_scan_agent_details.png)
+phpIPAM Scan Agent Settings
+
+
 ## Workflow

 The scanner component has the following workflow:
--- a/docs/projects/ansible/collection/phpipam_scan_agent/server.md
+++ b/docs/projects/ansible/collection/phpipam_scan_agent/server.md
@ -25,10 +25,6 @@ ansible-rulebook -r nofusscomputing.phpipam_scan_agent.agent_receive
 The variables described below, if optional the value specified here is the default value. All variables that are used by the server component are environmental variables that must be set before execution. Ansbible variable name is enclused in `[]`

 ``` bash
-# phpIPAM Scan Agent Settings
-SCANNER_TOKEN=         # Mandatory, String client api token to connect to phpIPAM API [client_token]
-SCANNER_NAME=          # Mandatory, String. The scanner name as set in phpIPAM interface [client_name]
-SCANNER_CODE=          # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code]

 # phpIPAM MariaDB/MySQL Variables
 MYSQL_HOST=            # Mandatory, String. IP/DNS of host to connect. [nfc_c_mysql_host]
@ -43,21 +39,6 @@ HTTP_PORT=5000         # Optional, Integer. The port for the Server component to
 ```


-#### phpIPAM Interface variable Mapping
-
-These images are of the phpIPAM interface that show in green text the variable name that would be set as detailed above.
-
-![phpIPAM API](images/phpipam_api.png)
-
-phpIPAM API Settings
-
----
-
-![phpIPAM Scan Agent](images/phpipam_scan_agent_details.png)
-
-phpIPAM Scan Agent Settings
-
-
 # Workflow

 The Server componet has the following workflow:
--- a/includes/etc/phpipam/scan_agent.yaml
+++ b/includes/etc/phpipam/scan_agent.yaml
@ -0,0 +1,18 @@
+---
+
+nofusscomputing_phpipam_scan_agent:
+
+  # api_url: http://127.0.0.1          # Mandatory, String. url with protocol of the phpIPAM API to connect to.
+
+  # http_port: 5000                    # Optional, Integer. http port to connect to the server.
+  # http_server: http://127.0.0.1      # Optional, Integer. url with protocol of the Scan Server to connect to.
+
+
+  # cache_expire_time: 1800            # Optional, Integer. Time in seconds to expire the phpIPAM cache.
+  # epoch_time_offset: 0               # optional, int. Value in seconds to offset the time
+
+
+# phpIPAM Scan Agent Settings
+  client_token:                      # Mandatory, String client api token to connect to phpIPAM API [client_token]
+  client_name:                       # Mandatory, String. The scanner name as set in phpIPAM interface [client_name]
+  scanagent_code:                    # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code]
--- a/playbooks/agent.yaml
+++ b/playbooks/agent.yaml
@ -5,64 +5,48 @@

  tasks:

+    - name: Check for Existance of config file
+      ansible.builtin.stat:
+        path: /etc/phpipam/scan_agent.yaml
+      register: config_file_check

-    - name: Fetch Required Environmental Variables
-      ansible.builtin.set_fact:
-        client_token: "{{ lookup('ansible.builtin.env', 'SCANNER_TOKEN') | default('') }}"
-        client_name: "{{ lookup('ansible.builtin.env', 'SCANNER_NAME') }}"
-        scanagent_code: "{{ lookup('ansible.builtin.env', 'SCANNER_CODE') | default('') }}"
-        api_url: "{{ lookup('ansible.builtin.env', 'API_URL') | default('') }}"
-      no_log: true
+
+    - name: Load Config File
+      ansible.builtin.include_vars:
+        file: /etc/phpipam/scanagent.yaml
      when: >
-        client_token is not defined
-          and
-        client_name is not defined
-          and
-        scanagent_code is not defined
-          and
-        api_url is not defined
-
-
-    - name: Fetch Required Environmental Variable - HTTP_URL
-      ansible.builtin.set_fact:
-        nfc_c_http_server: "{{ lookup('ansible.builtin.env', 'HTTP_URL') | default('') }}"
-      when: >
-        lookup('ansible.builtin.env', 'HTTP_URL') | default('') != ''
-
-
-    - name: Fetch Required Environmental Variable - HTTP_PORT
-      ansible.builtin.set_fact:
-        nfc_c_http_port: "{{ lookup('ansible.builtin.env', 'HTTP_PORT') | default('') }}"
-      when: >
-        lookup('ansible.builtin.env', 'HTTP_PORT') | default('') != ''
+        config_file_check.stat.exists


    - name: Confirm 'api_url' is Set
      ansible.builtin.assert:
        that:
-          - api_url is defined
-          - api_url != ''
+          - nofusscomputing_phpipam_scan_agent.api_url is defined
+          - nofusscomputing_phpipam_scan_agent.api_url != ''
        msg: "missing Required Variables"


    - name: Confirm 'client_token' is Set
      ansible.builtin.assert:
        that:
-          - client_token is defined
+          - nofusscomputing_phpipam_scan_agent.client_token is defined
+          - nofusscomputing_phpipam_scan_agent.client_token != ''
        msg: "missing Required Variables"


    - name: Confirm 'client_name' is Set
      ansible.builtin.assert:
        that:
-          - client_name is defined
+          - nofusscomputing_phpipam_scan_agent.client_name is defined
+          - nofusscomputing_phpipam_scan_agent.client_name != ''
        msg: "missing Required Variables"


    - name: Confirm 'scanagent_code' is Set
      ansible.builtin.assert:
        that:
-          - scanagent_code is defined
+          - nofusscomputing_phpipam_scan_agent.scanagent_code is defined
+          - nofusscomputing_phpipam_scan_agent.scanagent_code !=
        msg: "missing Required Variables"


@ -89,12 +73,12 @@
        loop_var: subnet


-  vars: # ToDo: remove the below t4est vars
+  vars:
+    nfc_c_cache_expire_time: 1800
    nfc_c_http_port: 5000
    nfc_c_http_server: http://127.0.0.1
+    nfc_c_path_cache: "{{ playbook_dir }}/../cache"

    api_address: addresses
    api_subnets: subnets
    api_scanagents: tools/scanagents
-    nfc_c_path_cache: "{{ playbook_dir }}/../cache"
-    nfc_c_cache_expire_time: 1800
--- a/playbooks/tasks/agent_id.yaml
+++ b/playbooks/tasks/agent_id.yaml
@ -4,10 +4,10 @@
  ansible.builtin.include_tasks:
    file: tasks/api_call.yaml
  vars:
-    api_client_name: "{{ client_name }}"
-    api_token: "{{ client_token }}"
+    api_client_name: "{{ nofusscomputing_phpipam_scan_agent.client_name }}"
+    api_token: "{{ nofusscomputing_phpipam_scan_agent.client_token }}"
    api_path: "{{ api_scanagents }}"
-    api_query_string: "filter_by=code&filter_value={{ scanagent_code }}"
+    api_query_string: "filter_by=code&filter_value={{ nofusscomputing_phpipam_scan_agent.scanagent_code }}"


 - name: My ScanAgent ID
--- a/playbooks/tasks/api_call.yaml
+++ b/playbooks/tasks/api_call.yaml
@ -31,7 +31,8 @@

    - name: Expire
      ansible.builtin.set_fact:
-        expired: "{{ ((epoch | int + (nfc_c_epoch_time_offset | default(0)) | int) >= ((cached_file.stat.mtime | int) + nfc_c_cache_expire_time | int) | int ) | bool }}"
+        expired: "{{ ((epoch | int + (nfc_c_epoch_time_offset | default(0)) | int) >= ((cached_file.stat.mtime | int) +
+          (nofusscomputing_phpipam_scan_agent.cache_expire_time | default(nfc_c_cache_expire_time)) | int) | int ) | bool }}"
      when: cached_file.stat.exists


@ -40,8 +41,9 @@
        msg:
          - "exists: {{ cached_file.stat.exists | default('') }}"
          - "mtime:  {{ cached_file.stat.mtime | default(0) | int }}"
-          - "expire: {{ (cached_file.stat.mtime | int) + nfc_c_cache_expire_time | int }}" 
-          - "epoch:  {{ (epoch | int + (nfc_c_epoch_time_offset | default(0)) | int) | int }} [{{ nfc_c_cache_expire_time }}]"
+          - "expire: {{ (cached_file.stat.mtime | int) + (nofusscomputing_phpipam_scan_agent.cache_expire_time | default(nfc_c_cache_expire_time)) | int }}"
+          - "epoch:  {{ (epoch | int + (nfc_c_epoch_time_offset | default(0)) | int) | int }} [{{
+            (nofusscomputing_phpipam_scan_agent.cache_expire_time | default(nfc_c_cache_expire_time)) }}]"
          - "epoch: {{ epoch }}"
          - "expired: {{ expired }}"
      when: cached_file.stat.exists
--- a/playbooks/tasks/scan_subnet.yaml
+++ b/playbooks/tasks/scan_subnet.yaml
@ -5,12 +5,14 @@
    cmd: nmap -sn "{{ subnet.address }}" -oX -
  become: true
  register: nmap_scan
+
+
 - name: Get subnets Address'
  ansible.builtin.include_tasks:
    file: tasks/api_call.yaml
  vars:
-    api_client_name: "{{ client_name }}"
-    api_token: "{{ client_token }}"
+    api_client_name: "{{ nofusscomputing_phpipam_scan_agent.client_name }}"
+    api_token: "{{ nofusscomputing_phpipam_scan_agent.client_token }}"
    api_path: "{{ api_address }}"
    api_query_string: "filter_by=subnetId&filter_value={{ subnet.id }}"

@ -65,11 +67,13 @@

 - name: Upload Scan Results - {{ subnet.address }}
  ansible.builtin.uri:
-    url: "{{ nfc_c_http_server }}:{{ nfc_c_http_port }}/"
+    url: "{{
+      nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server)
+      }}:{{ nofusscomputing_phpipam_scan_agent.http_port | default(nfc_c_http_port) }}/"
    method: POST
    body_format: json
    body: {
-      "code": "{{ scanagent_code }}",
+      "code": "{{ nofusscomputing_phpipam_scan_agent.scanagent_code }}",
      "scan": {
        "subnet": "{{ subnet.address }}",
        "results": "{{ subnet_scan_results }}"
--- a/playbooks/tasks/subnets.yaml
+++ b/playbooks/tasks/subnets.yaml
@ -9,8 +9,8 @@
  ansible.builtin.include_tasks:
    file: tasks/api_call.yaml
  vars:
-    api_client_name: "{{ client_name }}"
-    api_token: "{{ client_token }}"
+    api_client_name: "{{ nofusscomputing_phpipam_scan_agent.client_name }}"
+    api_token: "{{ nofusscomputing_phpipam_scan_agent.client_token }}"
    api_path: "{{ api_subnets }}"
    api_query_string: "filter_by=scanAgent&filter_value={{ nfc_c_scan_agent_id }}"