files deleted
This commit is contained in:
parent
e5f7a15d74
commit
10e2357cbb
Binary file not shown.
Binary file not shown.
@ -1,227 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# prevent SYNC-floods:
|
|
||||||
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
|
|
||||||
|
|
||||||
# initialize:
|
|
||||||
iptables -F
|
|
||||||
iptables -X
|
|
||||||
iptables -Z
|
|
||||||
|
|
||||||
# config default policy's:
|
|
||||||
iptables -P INPUT DROP
|
|
||||||
iptables -P OUTPUT DROP
|
|
||||||
iptables -P FORWARD DROP
|
|
||||||
|
|
||||||
iptables -N LOGDROP
|
|
||||||
iptables -A LOGDROP -j LOG
|
|
||||||
iptables -A LOGDROP -j DROP
|
|
||||||
|
|
||||||
# kernel tweaks:
|
|
||||||
/bin/echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
|
|
||||||
/bin/echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
|
|
||||||
/bin/echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
|
|
||||||
/bin/echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
|
|
||||||
/bin/echo 0 > /proc/sys/net/ipv4/ip_forward
|
|
||||||
|
|
||||||
# allow loopback:
|
|
||||||
iptables -A INPUT -i lo -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o lo -j ACCEPT
|
|
||||||
|
|
||||||
# allow asds.id.rug.nl
|
|
||||||
iptables -A INPUT -i br0 -s 129.125.2.50 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -d 129.125.2.50 -j ACCEPT
|
|
||||||
|
|
||||||
# allow vlan933:
|
|
||||||
iptables -A INPUT -i bond0.933 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o bond0.933 -j ACCEPT
|
|
||||||
|
|
||||||
# allow vlan934:
|
|
||||||
iptables -A INPUT -i bond0.934 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o bond0.934 -j ACCEPT
|
|
||||||
#allow outbound to databases:
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.182 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.182 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.183 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.183 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.184 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.184 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.185 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.185 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.186 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.186 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.187 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.187 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.188 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.188 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.141 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.141 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.142 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.142 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.143 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.143 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.144 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.144 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.148 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.148 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.149 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.149 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.150 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.150 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.50.147 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.50.147 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.71 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.71 -j ACCEPT
|
|
||||||
|
|
||||||
# allow munin-statieken-server:
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.50.91 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.50.91 -j ACCEPT
|
|
||||||
|
|
||||||
# allow agenda:
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.2.116 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.2.116 -j ACCEPT
|
|
||||||
|
|
||||||
# allow imap.google.com:
|
|
||||||
iptables -A INPUT -p tcp -s 74.125.136/24 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 74.125.136/24 -j ACCEPT
|
|
||||||
|
|
||||||
# allow imap.rug.nl:
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.2.81/32 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.2.81/32 -j ACCEPT
|
|
||||||
|
|
||||||
# allow more google:
|
|
||||||
iptables -A INPUT -p tcp -s 173.194.65.0/24 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 173.194.65.0/24 -j ACCEPT
|
|
||||||
|
|
||||||
# new tcp packets sync packets:
|
|
||||||
iptables -A INPUT -i br0 -p tcp ! --syn -m state --state NEW -j DROP
|
|
||||||
|
|
||||||
# refuse loopback pacts incoming eth0:
|
|
||||||
iptables -A INPUT -i br0 -d 127.0.0.0/8 -j DROP
|
|
||||||
|
|
||||||
# allow dns outbound to/from DNS server:
|
|
||||||
iptables -A INPUT -i br0 -p udp --sport 53 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p udp --dport 53 -j ACCEPT
|
|
||||||
|
|
||||||
# allow www outbound to 80:
|
|
||||||
iptables -A INPUT -i br0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
# allow www outbound to 443:
|
|
||||||
iptables -A INPUT -i br0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
# allow smtp outbound:
|
|
||||||
iptables -A INPUT -i br0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
# allow ssh from BWP:
|
|
||||||
iptables -A INPUT -i br0 -p tcp -s 129.125.249.0/24 -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p tcp -d 129.125.249.0/24 -m state --state ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
# log/drop the rest:
|
|
||||||
iptables -A INPUT -i br0 -s 129.125.0.0/16 -d 129.125.36.121/32 -j LOGDROP
|
|
||||||
|
|
||||||
#zabbix monitorings
|
|
||||||
iptables -A INPUT -i br0 -s 129.125.50.238 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -d 129.125.50.238 -j ACCEPT
|
|
||||||
|
|
||||||
# allow 9080 inbound:
|
|
||||||
iptables -A INPUT -i br0 -p tcp --dport 9080 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p tcp --sport 9080 -j ACCEPT
|
|
||||||
|
|
||||||
# allow 2222 inbound:
|
|
||||||
iptables -A INPUT -i br0 -p tcp -s 129.125.249.0/24 --dport 2222 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p tcp -d 129.125.249.0/24 --sport 2222 -j ACCEPT
|
|
||||||
|
|
||||||
# inbound gadgets:
|
|
||||||
iptables -A INPUT -i br0 -p tcp -m state --state ESTABLISHED -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
# allow from operator:
|
|
||||||
iptables -A INPUT -i br0 -s 129.125.50.41/32 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -d 129.125.50.41/32 -j ACCEPT
|
|
||||||
|
|
||||||
# allow from/to ldap:
|
|
||||||
iptables -A INPUT -i br0 -s 129.125.68.50/32 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -d 129.125.68.50/32 -j ACCEPT
|
|
||||||
|
|
||||||
# ldaps outbound:
|
|
||||||
iptables -A INPUT -i br0 -p tcp --sport 636 -m state --state ESTABLISHED -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p tcp --dport 636 -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
# allow nfs:
|
|
||||||
iptables -A INPUT -i br0 -s 129.125.50.171/32 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -d 129.125.50.171/32 -j ACCEPT
|
|
||||||
|
|
||||||
|
|
||||||
# allow ntp
|
|
||||||
iptables -A INPUT -i br0 -p tcp --sport 123 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p tcp --dport 123 -j ACCEPT
|
|
||||||
iptables -A INPUT -i br0 -p udp --sport 123 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p udp --dport 123 -j ACCEPT
|
|
||||||
|
|
||||||
# allow charanga:
|
|
||||||
iptables -A INPUT -i br0 -p tcp -s 129.125.60.94/32 --dport 22 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p tcp -d 129.125.60.94/32 --sport 22 -j ACCEPT
|
|
||||||
|
|
||||||
# charanga 129.125.60.94 port 2222:
|
|
||||||
iptables -A INPUT -i br0 -p tcp -s 129.125.60.94/32 --dport 2222 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p tcp -d 129.125.60.94/32 --sport 2222 -j ACCEPT
|
|
||||||
|
|
||||||
|
|
||||||
# allow imaps:
|
|
||||||
iptables -A INPUT -p tcp --sport 993 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp --dport 993 -j ACCEPT
|
|
||||||
|
|
||||||
# Flush & default
|
|
||||||
ip6tables -F INPUT
|
|
||||||
ip6tables -F OUTPUT
|
|
||||||
ip6tables -F FORWARD
|
|
||||||
|
|
||||||
# setup log-chain:
|
|
||||||
ip6tables -N LOGREJECT
|
|
||||||
ip6tables -A LOGREJECT -j LOG
|
|
||||||
ip6tables -A LOGREJECT -j REJECT
|
|
||||||
|
|
||||||
# Set the default policy to drop
|
|
||||||
ip6tables -P INPUT DROP
|
|
||||||
ip6tables -P OUTPUT DROP
|
|
||||||
ip6tables -P FORWARD DROP
|
|
||||||
|
|
||||||
# rules:
|
|
||||||
ip6tables -A INPUT -i lo -j ACCEPT
|
|
||||||
ip6tables -A INPUT -j REJECT
|
|
||||||
ip6tables -A OUTPUT -j REJECT
|
|
||||||
|
|
||||||
# allow ganglia-statieken-server:
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.60.89 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.60.89 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.191 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.191 -j ACCEPT
|
|
||||||
|
|
||||||
# open up port 9100 prometues:
|
|
||||||
iptables -A INPUT -i br0 -p tcp -s 129.125.2.233/32 --dport 9100 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o br0 -p tcp -d 129.125.2.233/32 --sport 9100 -j ACCEPT
|
|
||||||
|
|
||||||
# allow icmp:
|
|
||||||
iptables -A INPUT -p icmp -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p icmp -j ACCEPT
|
|
@ -1,209 +0,0 @@
|
|||||||
#!/usr/bin/python
|
|
||||||
|
|
||||||
import os
|
|
||||||
import re
|
|
||||||
import sys
|
|
||||||
|
|
||||||
binarypath = "/usr/sbin/megacli"
|
|
||||||
|
|
||||||
if len(sys.argv) > 2:
|
|
||||||
print 'Usage: megaclisas-status [--nagios]'
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
nagiosmode=False
|
|
||||||
nagiosoutput=''
|
|
||||||
nagiosgoodarray=0
|
|
||||||
nagiosbadarray=0
|
|
||||||
nagiosgooddisk=0
|
|
||||||
nagiosbaddisk=0
|
|
||||||
|
|
||||||
# Check command line arguments to enable nagios or not
|
|
||||||
if len(sys.argv) > 1:
|
|
||||||
if sys.argv[1] == '--nagios':
|
|
||||||
nagiosmode=True
|
|
||||||
else:
|
|
||||||
print 'Usage: megaclisas-status [-nagios]'
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
# Check binary exists (and +x), if not print an error message
|
|
||||||
# or return UNKNOWN nagios error code
|
|
||||||
if os.path.exists(binarypath) and os.access(binarypath, os.X_OK):
|
|
||||||
pass
|
|
||||||
else:
|
|
||||||
if nagiosmode:
|
|
||||||
print 'UNKNOWN - Cannot find '+binarypath
|
|
||||||
else:
|
|
||||||
print 'Cannot find '+binarypath+'. Please install it.'
|
|
||||||
sys.exit(3)
|
|
||||||
|
|
||||||
# Get command output
|
|
||||||
def getOutput(cmd):
|
|
||||||
output = os.popen(cmd)
|
|
||||||
lines = []
|
|
||||||
for line in output:
|
|
||||||
if not re.match(r'^$',line.strip()):
|
|
||||||
lines.append(line.strip())
|
|
||||||
return lines
|
|
||||||
|
|
||||||
def returnControllerNumber(output):
|
|
||||||
for line in output:
|
|
||||||
if re.match(r'^Controller Count.*$',line.strip()):
|
|
||||||
return int(line.split(':')[1].strip().strip('.'))
|
|
||||||
|
|
||||||
def returnControllerModel(output):
|
|
||||||
for line in output:
|
|
||||||
if re.match(r'^Product Name.*$',line.strip()):
|
|
||||||
return line.split(':')[1].strip()
|
|
||||||
|
|
||||||
def returnArrayNumber(output):
|
|
||||||
i = 0
|
|
||||||
for line in output:
|
|
||||||
if re.match(r'^Number of Virtual (Disk|Drive).*$',line.strip()):
|
|
||||||
i = line.strip().split(':')[1].strip()
|
|
||||||
return i
|
|
||||||
|
|
||||||
def returnArrayInfo(output,controllerid,arrayid):
|
|
||||||
id = 'c'+str(controllerid)+'u'+str(arrayid)
|
|
||||||
operationlinennumber = False
|
|
||||||
linenumber = 0
|
|
||||||
|
|
||||||
for line in output:
|
|
||||||
if re.match(r'Number Of Drives\s*((per span))?:.*[0-9]+$',line.strip()):
|
|
||||||
ldpdcount = line.split(':')[1].strip()
|
|
||||||
if re.match(r'Span Depth *:.*[0-9]+$',line.strip()):
|
|
||||||
spandepth = line.split(':')[1].strip()
|
|
||||||
if re.match(r'^RAID Level\s*:.*$',line.strip()):
|
|
||||||
raidlevel = line.strip().split(':')[1].split(',')[0].split('-')[1].strip()
|
|
||||||
type = 'RAID' + raidlevel
|
|
||||||
if re.match(r'^Size\s*:.*$',line.strip()):
|
|
||||||
# Size reported in MB
|
|
||||||
if re.match(r'^.*MB$',line.strip().split(':')[1]):
|
|
||||||
size = line.strip().split(':')[1].strip('MB').strip()
|
|
||||||
size = str(int(round((float(size) / 1000))))+'G'
|
|
||||||
# Size reported in TB
|
|
||||||
elif re.match(r'^.*TB$',line.strip().split(':')[1]):
|
|
||||||
size = line.strip().split(':')[1].strip('TB').strip()
|
|
||||||
size = str(int(round((float(size) * 1000))))+'G'
|
|
||||||
# Size reported in GB (default)
|
|
||||||
else:
|
|
||||||
size = line.strip().split(':')[1].strip('GB').strip()
|
|
||||||
size = str(int(round((float(size)))))+'G'
|
|
||||||
if re.match(r'^State\s*:.*$',line.strip()):
|
|
||||||
state = line.strip().split(':')[1].strip()
|
|
||||||
if re.match(r'^Ongoing Progresses\s*:.*$',line.strip()):
|
|
||||||
operationlinennumber = linenumber
|
|
||||||
linenumber += 1
|
|
||||||
if operationlinennumber:
|
|
||||||
inprogress = output[operationlinennumber+1]
|
|
||||||
else:
|
|
||||||
inprogress = 'None'
|
|
||||||
|
|
||||||
if ldpdcount and (int(spandepth) > 1):
|
|
||||||
ldpdcount = int(ldpdcount) * int(spandepth)
|
|
||||||
if int(raidlevel) < 10:
|
|
||||||
type = type + "0"
|
|
||||||
|
|
||||||
return [id,type,size,state,inprogress]
|
|
||||||
|
|
||||||
def returnDiskInfo(output,controllerid):
|
|
||||||
arrayid = False
|
|
||||||
diskid = False
|
|
||||||
table = []
|
|
||||||
state = 'undef'
|
|
||||||
model = 'undef'
|
|
||||||
for line in output:
|
|
||||||
if re.match(r'^Virtual (Disk|Drive): [0-9]+.*$',line.strip()):
|
|
||||||
arrayid = line.split('(')[0].split(':')[1].strip()
|
|
||||||
if re.match(r'Firmware state: .*$',line.strip()):
|
|
||||||
state = line.split(':')[1].strip()
|
|
||||||
if re.match(r'Inquiry Data: .*$',line.strip()):
|
|
||||||
model = line.split(':')[1].strip()
|
|
||||||
model = re.sub(' +', ' ', model)
|
|
||||||
if re.match(r'PD: [0-9]+ Information.*$',line.strip()):
|
|
||||||
diskid = line.split()[1].strip()
|
|
||||||
|
|
||||||
if arrayid != False and state != 'undef' and model != 'undef' and diskid != False:
|
|
||||||
table.append([str(arrayid), str(diskid), state, model])
|
|
||||||
state = 'undef'
|
|
||||||
model = 'undef'
|
|
||||||
|
|
||||||
return table
|
|
||||||
|
|
||||||
cmd = binarypath+' -adpCount -NoLog'
|
|
||||||
output = getOutput(cmd)
|
|
||||||
controllernumber = returnControllerNumber(output)
|
|
||||||
|
|
||||||
bad = False
|
|
||||||
|
|
||||||
# List available controller
|
|
||||||
if not nagiosmode:
|
|
||||||
print '-- Controller informations --'
|
|
||||||
print '-- ID | Model'
|
|
||||||
controllerid = 0
|
|
||||||
while controllerid < controllernumber:
|
|
||||||
cmd = binarypath+' -AdpAllInfo -a'+str(controllerid)+' -NoLog'
|
|
||||||
output = getOutput(cmd)
|
|
||||||
controllermodel = returnControllerModel(output)
|
|
||||||
print 'c'+str(controllerid)+' | '+controllermodel
|
|
||||||
controllerid += 1
|
|
||||||
print ''
|
|
||||||
|
|
||||||
controllerid = 0
|
|
||||||
if not nagiosmode:
|
|
||||||
print '-- Arrays informations --'
|
|
||||||
print '-- ID | Type | Size | Status | InProgress'
|
|
||||||
|
|
||||||
while controllerid < controllernumber:
|
|
||||||
arrayid = 0
|
|
||||||
cmd = binarypath+' -LdGetNum -a'+str(controllerid)+' -NoLog'
|
|
||||||
output = getOutput(cmd)
|
|
||||||
arraynumber = returnArrayNumber(output)
|
|
||||||
while arrayid < int(arraynumber):
|
|
||||||
cmd = binarypath+' -LDInfo -l'+str(arrayid)+' -a'+str(controllerid)+' -NoLog'
|
|
||||||
output = getOutput(cmd)
|
|
||||||
arrayinfo = returnArrayInfo(output,controllerid,arrayid)
|
|
||||||
if not nagiosmode:
|
|
||||||
print arrayinfo[0]+' | '+arrayinfo[1]+' | '+arrayinfo[2]+' | '+arrayinfo[3]+' | '+arrayinfo[4]
|
|
||||||
if not arrayinfo[3] == 'Optimal':
|
|
||||||
bad = True
|
|
||||||
nagiosbadarray=nagiosbadarray+1
|
|
||||||
else:
|
|
||||||
nagiosgoodarray=nagiosgoodarray+1
|
|
||||||
arrayid += 1
|
|
||||||
controllerid += 1
|
|
||||||
if not nagiosmode:
|
|
||||||
print ''
|
|
||||||
|
|
||||||
if not nagiosmode:
|
|
||||||
print '-- Disks informations'
|
|
||||||
print '-- ID | Model | Status'
|
|
||||||
|
|
||||||
controllerid = 0
|
|
||||||
while controllerid < controllernumber:
|
|
||||||
arrayid = 0
|
|
||||||
cmd = binarypath+' -LDInfo -lall -a'+str(controllerid)+' -NoLog'
|
|
||||||
output = getOutput(cmd)
|
|
||||||
cmd = binarypath+' -LdPdInfo -a'+str(controllerid)+' -NoLog'
|
|
||||||
output = getOutput(cmd)
|
|
||||||
arraydisk = returnDiskInfo(output,controllerid)
|
|
||||||
for array in arraydisk:
|
|
||||||
if not array[2] == 'Online' and not array[2] == 'Online, Spun Up':
|
|
||||||
bad=True
|
|
||||||
nagiosbaddisk=nagiosbaddisk+1
|
|
||||||
else:
|
|
||||||
nagiosgooddisk=nagiosgooddisk+1
|
|
||||||
if not nagiosmode:
|
|
||||||
print 'c'+str(controllerid)+'u'+array[0]+'p'+array[1]+' | '+array[3]+' | '+array[2]
|
|
||||||
controllerid += 1
|
|
||||||
|
|
||||||
if nagiosmode:
|
|
||||||
if bad:
|
|
||||||
print 'RAID ERROR - Arrays: OK:'+str(nagiosgoodarray)+' Bad:'+str(nagiosbadarray)+' - Disks: OK:'+str(nagiosgooddisk)+' Bad:'+str(nagiosbaddisk)
|
|
||||||
sys.exit(2)
|
|
||||||
else:
|
|
||||||
print 'RAID OK - Arrays: OK:'+str(nagiosgoodarray)+' Bad:'+str(nagiosbadarray)+' - Disks: OK:'+str(nagiosgooddisk)+' Bad:'+str(nagiosbaddisk)
|
|
||||||
else:
|
|
||||||
if bad:
|
|
||||||
print '\nThere is at least one disk/array in a NOT OPTIMAL state.'
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ____
|
|
||||||
____ _____ ______ _/ ____\____ \_____ \/_ |
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ | |
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \ | |
|
|
||||||
\___ >__|_| /____ > |__| (____ /\_______ \|___|
|
|
||||||
\/ \/ \/ \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ________
|
|
||||||
____ _____ ______ _/ ____\____ \_____ \\_____ \
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ / ____/
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \/ \
|
|
||||||
\___ >__|_| /____ > |__| (____ /\_______ \_______ \
|
|
||||||
\/ \/ \/ \/ \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,9 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ________
|
|
||||||
____ _____ ______ _/ ____\____ \_____ \ \_____ \
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ _(__ <
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \ / \
|
|
||||||
\___ >__|_| /____ > |__| (____ /\_______ \/______ /
|
|
||||||
\/ \/ \/ \/ \/ \/
|
|
||||||
|
|
@ -1,9 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ _____
|
|
||||||
____ _____ ______ _/ ____\____ \_____ \ / | |
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ / | |_
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \/ ^ /
|
|
||||||
\___ >__|_| /____ > |__| (____ /\_______ \____ |
|
|
||||||
\/ \/ \/ \/ \/ |__|
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ____
|
|
||||||
____ _____ ______ _/ ____\_____ \_____ \/_ |
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ | |
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | |_> > \ | |
|
|
||||||
\___ >__|_| /____ > |__| | __/\_______ \|___|
|
|
||||||
\/ \/ \/ |__| \/
|
|
||||||
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ________
|
|
||||||
____ _____ ______ _/ ____\_____ \_____ \\_____ \
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ / ____/
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | |_> > \/ \
|
|
||||||
\___ >__|_| /____ > |__| | __/\_______ \_______ \
|
|
||||||
\/ \/ \/ |__| \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ________
|
|
||||||
____ _____ ______ _/ ____\_____ \_____ \ \_____ \
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ _(__ <
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | |_> > \ / \
|
|
||||||
\___ >__|_| /____ > |__| | __/\_______ \/______ /
|
|
||||||
\/ \/ \/ |__| \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ _____
|
|
||||||
____ _____ ______ _/ ____\_____ \_____ \ / | |
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ / | |_
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | |_> > \/ ^ /
|
|
||||||
\___ >__|_| /____ > |__| | __/\_______ \____ |
|
|
||||||
\/ \/ \/ |__| \/ |__|
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ .________
|
|
||||||
____ _____ ______ _/ ____\_____ \_____ \ | ____/
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ |____ \
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | |_> > \ / \
|
|
||||||
\___ >__|_| /____ > |__| | __/\_______ \/______ /
|
|
||||||
\/ \/ \/ |__| \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ________
|
|
||||||
____ _____ ______ _/ ____\_____ \_____ \/ _____/
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ __ \
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | |_> > \ |__\ \
|
|
||||||
\___ >__|_| /____ > |__| | __/\_______ \_____ /
|
|
||||||
\/ \/ \/ |__| \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ __ ________ ____
|
|
||||||
____ _____ ______ _/ ____\/ |_\_____ \/_ |
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\ __\/ ____/ | |
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | | / \ | |
|
|
||||||
\___ >__|_| /____ > |__| |__| \_______ \|___|
|
|
||||||
\/ \/ \/ \/
|
|
||||||
|
|
||||||
|
|
Binary file not shown.
@ -1,47 +0,0 @@
|
|||||||
umask 022
|
|
||||||
|
|
||||||
# if running bash
|
|
||||||
if [ -n "$BASH_VERSION" ]; then
|
|
||||||
# include .bashrc if it exists
|
|
||||||
if [ -f "$HOME/.bashrc" ]; then
|
|
||||||
. "$HOME/.bashrc"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# set PATH so it includes user's private bin if it exists
|
|
||||||
if [ -d "$HOME/bin" ] ; then
|
|
||||||
PATH="$HOME/bin:$PATH"
|
|
||||||
fi
|
|
||||||
|
|
||||||
EDITOR=nano
|
|
||||||
export EDITOR
|
|
||||||
|
|
||||||
JAVA_HOME=$HOME/software/java
|
|
||||||
export JAVA_HOME
|
|
||||||
|
|
||||||
PATH=$JAVA_HOME/bin:/usr/local/bin:/usr/bin:/usr/ccs/bin:$PATH
|
|
||||||
export PATH
|
|
||||||
|
|
||||||
RUGCMS_CLASSPATH=\
|
|
||||||
$HOME/software/tomcat/lib/*:\
|
|
||||||
$HOME/servers/tomcat-common/lib/*:\
|
|
||||||
$HOME/servers/ucms-common/lib/ucms/*:\
|
|
||||||
$HOME/servers/ucms-common/lib/xml/*:\
|
|
||||||
$HOME/servers/ucms-common/lib/jackrabbit/*:\
|
|
||||||
$HOME/servers/ucms-common/lib/apache/*:\
|
|
||||||
$HOME/servers/ucms-common/lib/google/*:\
|
|
||||||
$HOME/servers/ucms-common/lib/*
|
|
||||||
export RUGCMS_CLASSPATH
|
|
||||||
|
|
||||||
source $HOME/scripts/setClusterAndNode.sh
|
|
||||||
|
|
||||||
if [[ $CLUSTER == 'test' ]]; then
|
|
||||||
PS1=$'\\[\\e[32;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
|
|
||||||
elif [[ $CLUSTER == 'acceptation' ]]; then
|
|
||||||
PS1=$'\\[\\e[33;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
|
|
||||||
elif [[ $CLUSTER == 'production' ]]; then
|
|
||||||
PS1=$'\\[\\e[31m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
|
|
||||||
else
|
|
||||||
PS1=$'\\[\\e[35;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
|
|
||||||
fi
|
|
||||||
export PS1
|
|
@ -1,3 +0,0 @@
|
|||||||
search service.rug.nl
|
|
||||||
nameserver 129.125.4.6
|
|
||||||
nameserer 8.8.8.8
|
|
@ -1,139 +0,0 @@
|
|||||||
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
|
|
||||||
|
|
||||||
# This is the sshd server system-wide configuration file. See
|
|
||||||
# sshd_config(5) for more information.
|
|
||||||
|
|
||||||
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
|
|
||||||
|
|
||||||
# The strategy used for options in the default sshd_config shipped with
|
|
||||||
# OpenSSH is to specify options with their default value where
|
|
||||||
# possible, but leave them commented. Uncommented options override the
|
|
||||||
# default value.
|
|
||||||
|
|
||||||
# If you want to change the port on a SELinux system, you have to tell
|
|
||||||
# SELinux about this change.
|
|
||||||
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
|
|
||||||
#
|
|
||||||
#Port 22
|
|
||||||
#AddressFamily any
|
|
||||||
#ListenAddress 0.0.0.0
|
|
||||||
#ListenAddress ::
|
|
||||||
|
|
||||||
HostKey /etc/ssh/ssh_host_rsa_key
|
|
||||||
#HostKey /etc/ssh/ssh_host_dsa_key
|
|
||||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
||||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
||||||
|
|
||||||
# Ciphers and keying
|
|
||||||
#RekeyLimit default none
|
|
||||||
|
|
||||||
# Logging
|
|
||||||
#SyslogFacility AUTH
|
|
||||||
SyslogFacility AUTHPRIV
|
|
||||||
#LogLevel INFO
|
|
||||||
|
|
||||||
# Authentication:
|
|
||||||
|
|
||||||
#LoginGraceTime 2m
|
|
||||||
PermitRootLogin without-password
|
|
||||||
#StrictModes yes
|
|
||||||
#MaxAuthTries 6
|
|
||||||
#MaxSessions 10
|
|
||||||
|
|
||||||
#PubkeyAuthentication yes
|
|
||||||
|
|
||||||
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
|
|
||||||
# but this is overridden so installations will only check .ssh/authorized_keys
|
|
||||||
AuthorizedKeysFile .ssh/authorized_keys
|
|
||||||
|
|
||||||
#AuthorizedPrincipalsFile none
|
|
||||||
|
|
||||||
#AuthorizedKeysCommand none
|
|
||||||
#AuthorizedKeysCommandUser nobody
|
|
||||||
|
|
||||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
|
||||||
#HostbasedAuthentication no
|
|
||||||
# Change to yes if you don't trust ~/.ssh/known_hosts for
|
|
||||||
# HostbasedAuthentication
|
|
||||||
#IgnoreUserKnownHosts no
|
|
||||||
# Don't read the user's ~/.rhosts and ~/.shosts files
|
|
||||||
#IgnoreRhosts yes
|
|
||||||
|
|
||||||
# To disable tunneled clear text passwords, change to no here!
|
|
||||||
#PasswordAuthentication yes
|
|
||||||
#PermitEmptyPasswords no
|
|
||||||
PasswordAuthentication yes
|
|
||||||
|
|
||||||
# Change to no to disable s/key passwords
|
|
||||||
#ChallengeResponseAuthentication yes
|
|
||||||
ChallengeResponseAuthentication no
|
|
||||||
|
|
||||||
# Kerberos options
|
|
||||||
#KerberosAuthentication no
|
|
||||||
#KerberosOrLocalPasswd yes
|
|
||||||
#KerberosTicketCleanup yes
|
|
||||||
#KerberosGetAFSToken no
|
|
||||||
#KerberosUseKuserok yes
|
|
||||||
|
|
||||||
# GSSAPI options
|
|
||||||
GSSAPIAuthentication yes
|
|
||||||
GSSAPICleanupCredentials no
|
|
||||||
#GSSAPIStrictAcceptorCheck yes
|
|
||||||
#GSSAPIKeyExchange no
|
|
||||||
#GSSAPIEnablek5users no
|
|
||||||
|
|
||||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
|
||||||
# and session processing. If this is enabled, PAM authentication will
|
|
||||||
# be allowed through the ChallengeResponseAuthentication and
|
|
||||||
# PasswordAuthentication. Depending on your PAM configuration,
|
|
||||||
# PAM authentication via ChallengeResponseAuthentication may bypass
|
|
||||||
# the setting of "PermitRootLogin without-password".
|
|
||||||
# If you just want the PAM account and session checks to run without
|
|
||||||
# PAM authentication, then enable this but set PasswordAuthentication
|
|
||||||
# and ChallengeResponseAuthentication to 'no'.
|
|
||||||
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
|
|
||||||
# problems.
|
|
||||||
UsePAM yes
|
|
||||||
|
|
||||||
#AllowAgentForwarding yes
|
|
||||||
#AllowTcpForwarding yes
|
|
||||||
#GatewayPorts no
|
|
||||||
X11Forwarding yes
|
|
||||||
#X11DisplayOffset 10
|
|
||||||
#X11UseLocalhost yes
|
|
||||||
#PermitTTY yes
|
|
||||||
#PrintMotd yes
|
|
||||||
#PrintLastLog yes
|
|
||||||
#TCPKeepAlive yes
|
|
||||||
#UseLogin no
|
|
||||||
#UsePrivilegeSeparation sandbox
|
|
||||||
#PermitUserEnvironment no
|
|
||||||
#Compression delayed
|
|
||||||
#ClientAliveInterval 0
|
|
||||||
#ClientAliveCountMax 3
|
|
||||||
#ShowPatchLevel no
|
|
||||||
#UseDNS yes
|
|
||||||
#PidFile /var/run/sshd.pid
|
|
||||||
#MaxStartups 10:30:100
|
|
||||||
#PermitTunnel no
|
|
||||||
#ChrootDirectory none
|
|
||||||
#VersionAddendum none
|
|
||||||
|
|
||||||
# no default banner path
|
|
||||||
#Banner none
|
|
||||||
|
|
||||||
# Accept locale-related environment variables
|
|
||||||
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
||||||
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
||||||
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
|
|
||||||
AcceptEnv XMODIFIERS
|
|
||||||
|
|
||||||
# override default of no subsystems
|
|
||||||
Subsystem sftp /usr/libexec/openssh/sftp-server
|
|
||||||
|
|
||||||
# Example of overriding settings on a per-user basis
|
|
||||||
#Match User anoncvs
|
|
||||||
# X11Forwarding no
|
|
||||||
# AllowTcpForwarding no
|
|
||||||
# PermitTTY no
|
|
||||||
# ForceCommand cvs server
|
|
Binary file not shown.
Binary file not shown.
@ -1,34 +0,0 @@
|
|||||||
- copy:
|
|
||||||
src: files/motd.{{ ansible_hostname }}
|
|
||||||
dest: /etc/motd
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
- copy:
|
|
||||||
src: files/hosts
|
|
||||||
dest: /etc/hosts
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
- copy:
|
|
||||||
src: files/sshd_config
|
|
||||||
dest: /etc/ssh/sshd_config
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0600
|
|
||||||
|
|
||||||
- copy:
|
|
||||||
src: files/resolv.conf
|
|
||||||
dest: /etc/resolv.conf
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
- copy:
|
|
||||||
src: files/yum_debug_dump.txt.gz
|
|
||||||
dest: /root/yum_debug_dump.txt.gz
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0600
|
|
@ -1,6 +0,0 @@
|
|||||||
- copy:
|
|
||||||
src: files/firewall.sh
|
|
||||||
dest: /root/firewall/firewall.sh
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0700
|
|
@ -1 +0,0 @@
|
|||||||
- selinux: state=disabled
|
|
@ -1,9 +0,0 @@
|
|||||||
- docker_container:
|
|
||||||
name: netdata
|
|
||||||
image: titpetric/netdata
|
|
||||||
network_mode: host
|
|
||||||
hostname: "{{ ansible_hostname }}"
|
|
||||||
capabilities: SYS_PTRACE
|
|
||||||
state: started
|
|
||||||
volumes:
|
|
||||||
- /sys:/host/sys:ro
|
|
@ -1,6 +0,0 @@
|
|||||||
- user:
|
|
||||||
name: ger
|
|
||||||
comment: "ger user"
|
|
||||||
state: present
|
|
||||||
group: rugcms
|
|
||||||
home: /home/ger
|
|
@ -1 +0,0 @@
|
|||||||
- yum: name=python-docker-py state=latest
|
|
@ -1 +0,0 @@
|
|||||||
- yum: name=epel-release state=latest
|
|
@ -1 +0,0 @@
|
|||||||
- yum: name=ntp state=latest
|
|
@ -1 +0,0 @@
|
|||||||
- yum: name=yum-utils state=latest
|
|
@ -1,21 +0,0 @@
|
|||||||
- include: rugcms-group.yml
|
|
||||||
- include: rugcms-user.yml
|
|
||||||
- include: rugcms-keys.yml
|
|
||||||
- include: rugcms-profile.yml
|
|
||||||
- include: rugcms-password.yml
|
|
||||||
- include: stealth-client.yml
|
|
||||||
- include: install-epel.yml
|
|
||||||
- include: install-ntp.yml
|
|
||||||
- include: install-yum-utils.yml
|
|
||||||
- include: install-docker-py.yml
|
|
||||||
- include: disable-selinux.yml
|
|
||||||
- include: start-ntp.yml
|
|
||||||
- include: stop-firewalld.yml
|
|
||||||
- include: copy-firewall.yml
|
|
||||||
- include: run-firewall.yml
|
|
||||||
- include: nagios-client.yml
|
|
||||||
- include: mega-cli.yml
|
|
||||||
- include: copy-files.yml
|
|
||||||
- include: start-services.yml
|
|
||||||
- include: docker-netdata.yml
|
|
||||||
- include: upgrade.yml
|
|
@ -1,27 +0,0 @@
|
|||||||
- copy:
|
|
||||||
src: files/Lib_Utils-1.00-09.noarch.rpm
|
|
||||||
dest: /tmp/Lib_Utils-1.00-09.noarch.rpm
|
|
||||||
|
|
||||||
- yum:
|
|
||||||
name: /tmp/Lib_Utils-1.00-09.noarch.rpm
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- copy:
|
|
||||||
src: files/MegaCli-8.04.07-1.noarch.rpm
|
|
||||||
dest: /tmp/MegaCli-8.04.07-1.noarch.rpm
|
|
||||||
|
|
||||||
- yum:
|
|
||||||
name: /tmp/MegaCli-8.04.07-1.noarch.rpm
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- copy:
|
|
||||||
src: files/megaclisas-status
|
|
||||||
dest: /usr/sbin/megaclisas-status
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0700
|
|
||||||
|
|
||||||
- file:
|
|
||||||
src: /opt/MegaRAID/MegaCli/MegaCli64
|
|
||||||
dest: /usr/sbin/megacli
|
|
||||||
state: link
|
|
@ -1,42 +0,0 @@
|
|||||||
|
|
||||||
- file: path=/nagios state=directory
|
|
||||||
|
|
||||||
- unarchive:
|
|
||||||
src: files/nagios.tar.gz
|
|
||||||
dest: /nagios
|
|
||||||
|
|
||||||
- cron:
|
|
||||||
name: "check disk full"
|
|
||||||
minute: "00,10,20,30,40,50"
|
|
||||||
hour: "*"
|
|
||||||
job: "/nagios/cron/check_disk"
|
|
||||||
|
|
||||||
- cron:
|
|
||||||
name: "check disk ok"
|
|
||||||
minute: "00,10,20,30,40,50"
|
|
||||||
hour: "*"
|
|
||||||
job: "/nagios/cron/check_disks"
|
|
||||||
|
|
||||||
- cron:
|
|
||||||
name: "check firewall"
|
|
||||||
minute: "00,10,20,30,40,50"
|
|
||||||
hour: "*"
|
|
||||||
job: "/nagios/cron/check_iptables"
|
|
||||||
|
|
||||||
- replace:
|
|
||||||
path: /nagios/cron/check_iptables
|
|
||||||
regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
|
|
||||||
replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
|
|
||||||
backup: yes
|
|
||||||
|
|
||||||
- replace:
|
|
||||||
path: /nagios/cron/check_disk
|
|
||||||
regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
|
|
||||||
replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
|
|
||||||
backup: yes
|
|
||||||
|
|
||||||
- replace:
|
|
||||||
path: /nagios/cron/check_disks
|
|
||||||
regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
|
|
||||||
replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
|
|
||||||
backup: yes
|
|
@ -1,3 +0,0 @@
|
|||||||
- group:
|
|
||||||
name: rugcms
|
|
||||||
state: present
|
|
@ -1,7 +0,0 @@
|
|||||||
- authorized_key:
|
|
||||||
user: rugcms
|
|
||||||
key: '{{ item }}'
|
|
||||||
state: present
|
|
||||||
with_items:
|
|
||||||
- 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl'
|
|
||||||
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga'
|
|
@ -1,6 +0,0 @@
|
|||||||
- copy:
|
|
||||||
src: files/profile_rugcms
|
|
||||||
dest: /local_disk/.profile
|
|
||||||
owner: rugcms
|
|
||||||
group: rugcms
|
|
||||||
mode: 0700
|
|
@ -1,6 +0,0 @@
|
|||||||
- user:
|
|
||||||
name: rugcms
|
|
||||||
comment: "rugcms user"
|
|
||||||
state: present
|
|
||||||
group: rugcms
|
|
||||||
home: /local_disk
|
|
@ -1 +0,0 @@
|
|||||||
- script: chdir=/root/firewall firewall.sh
|
|
@ -1,4 +0,0 @@
|
|||||||
- systemd:
|
|
||||||
name: ntpd.service
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
@ -1,14 +0,0 @@
|
|||||||
- systemd:
|
|
||||||
name: sshd.service
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
||||||
|
|
||||||
- systemd:
|
|
||||||
name: postfix.service
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
||||||
|
|
||||||
- systemd:
|
|
||||||
name: docker.service
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
@ -1,15 +0,0 @@
|
|||||||
- group:
|
|
||||||
name: kees
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- user:
|
|
||||||
name: kees
|
|
||||||
comment: "stealth user"
|
|
||||||
state: present
|
|
||||||
group: kees
|
|
||||||
home: /home/kees
|
|
||||||
|
|
||||||
- authorized_key:
|
|
||||||
user: kees
|
|
||||||
key: 'ssh-dss AAAAB3NzaC1kc3MAAACBALg7GbHKk2jYPNXUgW69AKKnCALjroTtwCA0bt4zde1mavYNoQK8JY/pe4BSOQtsyo3JECYzmAZwoNbq8nJCh8ORf5tKs8njEykZ0n7BVWtCT/jh9EFPTFhFK864TdFVCvwtIafAL4kEVNvJ0wrJYa1mN/ds03HWliv+3Shj6x0dAAAAFQDxlwgId3zlrXiCfk3ciAHN5b2ScwAAAIEArZ3/Hg7FECh5Fjf7lnBQZW7sjG5OLZRJIZlj2/jYnvIRUrsN2XmebwO4Q5q7g7FLWlfbg+x2Lmv1OWf/zGd3U6aAx8M+d+nTWDtWpQNvcE99HlfOs9Q4Rzxx6ZOyaZn57lCva/nCmLe0DTPVB8rvocMmqe1r3n7/KgxxKttbWRUAAACAfH2y4JPt2AcVdHnHiibpQBtxK/9m6AEjsB/g02tMXHZletMs9jF6kGynan7xJqRqvWxkGS1ClHIUdt2uK6A6pbqOf2BwcBIxAdljLRrZOyvmW9KTqduHMemYv6xQnpNGb8moWq5V5FKiATvd/LB46O1zwZejJErfj70LRE98Hv4= stealth@operator'
|
|
||||||
state: present
|
|
@ -1,3 +0,0 @@
|
|||||||
- systemd:
|
|
||||||
name: firewalld.service
|
|
||||||
enabled: no
|
|
@ -1 +0,0 @@
|
|||||||
- yum: name=* state=latest
|
|
Binary file not shown.
Binary file not shown.
@ -1,227 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# prevent SYNC-floods:
|
|
||||||
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
|
|
||||||
|
|
||||||
# initialize:
|
|
||||||
iptables -F
|
|
||||||
iptables -X
|
|
||||||
iptables -Z
|
|
||||||
|
|
||||||
# config default policy's:
|
|
||||||
iptables -P INPUT DROP
|
|
||||||
iptables -P OUTPUT DROP
|
|
||||||
iptables -P FORWARD DROP
|
|
||||||
|
|
||||||
iptables -N LOGDROP
|
|
||||||
iptables -A LOGDROP -j LOG
|
|
||||||
iptables -A LOGDROP -j DROP
|
|
||||||
|
|
||||||
# kernel tweaks:
|
|
||||||
/bin/echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
|
|
||||||
/bin/echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
|
|
||||||
/bin/echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
|
|
||||||
/bin/echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
|
|
||||||
/bin/echo 0 > /proc/sys/net/ipv4/ip_forward
|
|
||||||
|
|
||||||
# allow loopback:
|
|
||||||
iptables -A INPUT -i lo -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o lo -j ACCEPT
|
|
||||||
|
|
||||||
# allow asds.id.rug.nl
|
|
||||||
iptables -A INPUT -i eth0 -s 129.125.2.50 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -d 129.125.2.50 -j ACCEPT
|
|
||||||
|
|
||||||
# allow vlan933:
|
|
||||||
iptables -A INPUT -i bond0.933 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o bond0.933 -j ACCEPT
|
|
||||||
|
|
||||||
# allow vlan934:
|
|
||||||
iptables -A INPUT -i bond0.934 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o bond0.934 -j ACCEPT
|
|
||||||
#allow outbound to databases:
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.182 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.182 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.183 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.183 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.184 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.184 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.185 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.185 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.186 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.186 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.187 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.187 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.188 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.188 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.141 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.141 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.142 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.142 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.143 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.143 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.144 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.144 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.148 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.148 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.149 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.149 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.150 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.150 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.50.147 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.50.147 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.71 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.71 -j ACCEPT
|
|
||||||
|
|
||||||
# allow munin-statieken-server:
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.50.91 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.50.91 -j ACCEPT
|
|
||||||
|
|
||||||
# allow agenda:
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.2.116 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.2.116 -j ACCEPT
|
|
||||||
|
|
||||||
# allow imap.google.com:
|
|
||||||
iptables -A INPUT -p tcp -s 74.125.136/24 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 74.125.136/24 -j ACCEPT
|
|
||||||
|
|
||||||
# allow imap.rug.nl:
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.2.81/32 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.2.81/32 -j ACCEPT
|
|
||||||
|
|
||||||
# allow more google:
|
|
||||||
iptables -A INPUT -p tcp -s 173.194.65.0/24 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 173.194.65.0/24 -j ACCEPT
|
|
||||||
|
|
||||||
# new tcp packets sync packets:
|
|
||||||
iptables -A INPUT -i eth0 -p tcp ! --syn -m state --state NEW -j DROP
|
|
||||||
|
|
||||||
# refuse loopback pacts incoming eth0:
|
|
||||||
iptables -A INPUT -i eth0 -d 127.0.0.0/8 -j DROP
|
|
||||||
|
|
||||||
# allow dns outbound to/from DNS server:
|
|
||||||
iptables -A INPUT -i eth0 -p udp --sport 53 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
|
|
||||||
|
|
||||||
# allow www outbound to 80:
|
|
||||||
iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
# allow www outbound to 443:
|
|
||||||
iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
# allow smtp outbound:
|
|
||||||
iptables -A INPUT -i eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
# allow ssh from BWP:
|
|
||||||
iptables -A INPUT -i eth0 -p tcp -s 129.125.249.0/24 -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p tcp -d 129.125.249.0/24 -m state --state ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
# log/drop the rest:
|
|
||||||
iptables -A INPUT -i eth0 -s 129.125.0.0/16 -d 129.125.36.121/32 -j LOGDROP
|
|
||||||
|
|
||||||
#zabbix monitorings
|
|
||||||
iptables -A INPUT -i eth0 -s 129.125.50.238 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -d 129.125.50.238 -j ACCEPT
|
|
||||||
|
|
||||||
# allow 9080 inbound:
|
|
||||||
iptables -A INPUT -i eth0 -p tcp --dport 9080 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p tcp --sport 9080 -j ACCEPT
|
|
||||||
|
|
||||||
# allow 2222 inbound:
|
|
||||||
iptables -A INPUT -i eth0 -p tcp -s 129.125.249.0/24 --dport 2222 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p tcp -d 129.125.249.0/24 --sport 2222 -j ACCEPT
|
|
||||||
|
|
||||||
# inbound gadgets:
|
|
||||||
iptables -A INPUT -i eth0 -p tcp -m state --state ESTABLISHED -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
# allow from operator:
|
|
||||||
iptables -A INPUT -i eth0 -s 129.125.50.41/32 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -d 129.125.50.41/32 -j ACCEPT
|
|
||||||
|
|
||||||
# allow from/to ldap:
|
|
||||||
iptables -A INPUT -i eth0 -s 129.125.68.50/32 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -d 129.125.68.50/32 -j ACCEPT
|
|
||||||
|
|
||||||
# ldaps outbound:
|
|
||||||
iptables -A INPUT -i eth0 -p tcp --sport 636 -m state --state ESTABLISHED -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p tcp --dport 636 -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
# allow nfs:
|
|
||||||
iptables -A INPUT -i eth0 -s 129.125.50.171/32 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -d 129.125.50.171/32 -j ACCEPT
|
|
||||||
|
|
||||||
|
|
||||||
# allow ntp
|
|
||||||
iptables -A INPUT -i eth0 -p tcp --sport 123 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p tcp --dport 123 -j ACCEPT
|
|
||||||
iptables -A INPUT -i eth0 -p udp --sport 123 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p udp --dport 123 -j ACCEPT
|
|
||||||
|
|
||||||
# allow charanga:
|
|
||||||
iptables -A INPUT -i eth0 -p tcp -s 129.125.60.94/32 --dport 22 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p tcp -d 129.125.60.94/32 --sport 22 -j ACCEPT
|
|
||||||
|
|
||||||
# charanga 129.125.60.94 port 2222:
|
|
||||||
iptables -A INPUT -i eth0 -p tcp -s 129.125.60.94/32 --dport 2222 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p tcp -d 129.125.60.94/32 --sport 2222 -j ACCEPT
|
|
||||||
|
|
||||||
|
|
||||||
# allow imaps:
|
|
||||||
iptables -A INPUT -p tcp --sport 993 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp --dport 993 -j ACCEPT
|
|
||||||
|
|
||||||
# Flush & default
|
|
||||||
ip6tables -F INPUT
|
|
||||||
ip6tables -F OUTPUT
|
|
||||||
ip6tables -F FORWARD
|
|
||||||
|
|
||||||
# setup log-chain:
|
|
||||||
ip6tables -N LOGREJECT
|
|
||||||
ip6tables -A LOGREJECT -j LOG
|
|
||||||
ip6tables -A LOGREJECT -j REJECT
|
|
||||||
|
|
||||||
# Set the default policy to drop
|
|
||||||
ip6tables -P INPUT DROP
|
|
||||||
ip6tables -P OUTPUT DROP
|
|
||||||
ip6tables -P FORWARD DROP
|
|
||||||
|
|
||||||
# rules:
|
|
||||||
ip6tables -A INPUT -i lo -j ACCEPT
|
|
||||||
ip6tables -A INPUT -j REJECT
|
|
||||||
ip6tables -A OUTPUT -j REJECT
|
|
||||||
|
|
||||||
# allow ganglia-statieken-server:
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.60.89 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.60.89 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p tcp -s 129.125.36.191 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p tcp -d 129.125.36.191 -j ACCEPT
|
|
||||||
|
|
||||||
# open up port 9100 prometues:
|
|
||||||
iptables -A INPUT -i eth0 -p tcp -s 129.125.2.233/32 --dport 9100 -j ACCEPT
|
|
||||||
iptables -A OUTPUT -o eth0 -p tcp -d 129.125.2.233/32 --sport 9100 -j ACCEPT
|
|
||||||
|
|
||||||
# allow icmp:
|
|
||||||
iptables -A INPUT -p icmp -j ACCEPT
|
|
||||||
iptables -A OUTPUT -p icmp -j ACCEPT
|
|
@ -1,209 +0,0 @@
|
|||||||
#!/usr/bin/python
|
|
||||||
|
|
||||||
import os
|
|
||||||
import re
|
|
||||||
import sys
|
|
||||||
|
|
||||||
binarypath = "/usr/sbin/megacli"
|
|
||||||
|
|
||||||
if len(sys.argv) > 2:
|
|
||||||
print 'Usage: megaclisas-status [--nagios]'
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
nagiosmode=False
|
|
||||||
nagiosoutput=''
|
|
||||||
nagiosgoodarray=0
|
|
||||||
nagiosbadarray=0
|
|
||||||
nagiosgooddisk=0
|
|
||||||
nagiosbaddisk=0
|
|
||||||
|
|
||||||
# Check command line arguments to enable nagios or not
|
|
||||||
if len(sys.argv) > 1:
|
|
||||||
if sys.argv[1] == '--nagios':
|
|
||||||
nagiosmode=True
|
|
||||||
else:
|
|
||||||
print 'Usage: megaclisas-status [-nagios]'
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
# Check binary exists (and +x), if not print an error message
|
|
||||||
# or return UNKNOWN nagios error code
|
|
||||||
if os.path.exists(binarypath) and os.access(binarypath, os.X_OK):
|
|
||||||
pass
|
|
||||||
else:
|
|
||||||
if nagiosmode:
|
|
||||||
print 'UNKNOWN - Cannot find '+binarypath
|
|
||||||
else:
|
|
||||||
print 'Cannot find '+binarypath+'. Please install it.'
|
|
||||||
sys.exit(3)
|
|
||||||
|
|
||||||
# Get command output
|
|
||||||
def getOutput(cmd):
|
|
||||||
output = os.popen(cmd)
|
|
||||||
lines = []
|
|
||||||
for line in output:
|
|
||||||
if not re.match(r'^$',line.strip()):
|
|
||||||
lines.append(line.strip())
|
|
||||||
return lines
|
|
||||||
|
|
||||||
def returnControllerNumber(output):
|
|
||||||
for line in output:
|
|
||||||
if re.match(r'^Controller Count.*$',line.strip()):
|
|
||||||
return int(line.split(':')[1].strip().strip('.'))
|
|
||||||
|
|
||||||
def returnControllerModel(output):
|
|
||||||
for line in output:
|
|
||||||
if re.match(r'^Product Name.*$',line.strip()):
|
|
||||||
return line.split(':')[1].strip()
|
|
||||||
|
|
||||||
def returnArrayNumber(output):
|
|
||||||
i = 0
|
|
||||||
for line in output:
|
|
||||||
if re.match(r'^Number of Virtual (Disk|Drive).*$',line.strip()):
|
|
||||||
i = line.strip().split(':')[1].strip()
|
|
||||||
return i
|
|
||||||
|
|
||||||
def returnArrayInfo(output,controllerid,arrayid):
|
|
||||||
id = 'c'+str(controllerid)+'u'+str(arrayid)
|
|
||||||
operationlinennumber = False
|
|
||||||
linenumber = 0
|
|
||||||
|
|
||||||
for line in output:
|
|
||||||
if re.match(r'Number Of Drives\s*((per span))?:.*[0-9]+$',line.strip()):
|
|
||||||
ldpdcount = line.split(':')[1].strip()
|
|
||||||
if re.match(r'Span Depth *:.*[0-9]+$',line.strip()):
|
|
||||||
spandepth = line.split(':')[1].strip()
|
|
||||||
if re.match(r'^RAID Level\s*:.*$',line.strip()):
|
|
||||||
raidlevel = line.strip().split(':')[1].split(',')[0].split('-')[1].strip()
|
|
||||||
type = 'RAID' + raidlevel
|
|
||||||
if re.match(r'^Size\s*:.*$',line.strip()):
|
|
||||||
# Size reported in MB
|
|
||||||
if re.match(r'^.*MB$',line.strip().split(':')[1]):
|
|
||||||
size = line.strip().split(':')[1].strip('MB').strip()
|
|
||||||
size = str(int(round((float(size) / 1000))))+'G'
|
|
||||||
# Size reported in TB
|
|
||||||
elif re.match(r'^.*TB$',line.strip().split(':')[1]):
|
|
||||||
size = line.strip().split(':')[1].strip('TB').strip()
|
|
||||||
size = str(int(round((float(size) * 1000))))+'G'
|
|
||||||
# Size reported in GB (default)
|
|
||||||
else:
|
|
||||||
size = line.strip().split(':')[1].strip('GB').strip()
|
|
||||||
size = str(int(round((float(size)))))+'G'
|
|
||||||
if re.match(r'^State\s*:.*$',line.strip()):
|
|
||||||
state = line.strip().split(':')[1].strip()
|
|
||||||
if re.match(r'^Ongoing Progresses\s*:.*$',line.strip()):
|
|
||||||
operationlinennumber = linenumber
|
|
||||||
linenumber += 1
|
|
||||||
if operationlinennumber:
|
|
||||||
inprogress = output[operationlinennumber+1]
|
|
||||||
else:
|
|
||||||
inprogress = 'None'
|
|
||||||
|
|
||||||
if ldpdcount and (int(spandepth) > 1):
|
|
||||||
ldpdcount = int(ldpdcount) * int(spandepth)
|
|
||||||
if int(raidlevel) < 10:
|
|
||||||
type = type + "0"
|
|
||||||
|
|
||||||
return [id,type,size,state,inprogress]
|
|
||||||
|
|
||||||
def returnDiskInfo(output,controllerid):
|
|
||||||
arrayid = False
|
|
||||||
diskid = False
|
|
||||||
table = []
|
|
||||||
state = 'undef'
|
|
||||||
model = 'undef'
|
|
||||||
for line in output:
|
|
||||||
if re.match(r'^Virtual (Disk|Drive): [0-9]+.*$',line.strip()):
|
|
||||||
arrayid = line.split('(')[0].split(':')[1].strip()
|
|
||||||
if re.match(r'Firmware state: .*$',line.strip()):
|
|
||||||
state = line.split(':')[1].strip()
|
|
||||||
if re.match(r'Inquiry Data: .*$',line.strip()):
|
|
||||||
model = line.split(':')[1].strip()
|
|
||||||
model = re.sub(' +', ' ', model)
|
|
||||||
if re.match(r'PD: [0-9]+ Information.*$',line.strip()):
|
|
||||||
diskid = line.split()[1].strip()
|
|
||||||
|
|
||||||
if arrayid != False and state != 'undef' and model != 'undef' and diskid != False:
|
|
||||||
table.append([str(arrayid), str(diskid), state, model])
|
|
||||||
state = 'undef'
|
|
||||||
model = 'undef'
|
|
||||||
|
|
||||||
return table
|
|
||||||
|
|
||||||
cmd = binarypath+' -adpCount -NoLog'
|
|
||||||
output = getOutput(cmd)
|
|
||||||
controllernumber = returnControllerNumber(output)
|
|
||||||
|
|
||||||
bad = False
|
|
||||||
|
|
||||||
# List available controller
|
|
||||||
if not nagiosmode:
|
|
||||||
print '-- Controller informations --'
|
|
||||||
print '-- ID | Model'
|
|
||||||
controllerid = 0
|
|
||||||
while controllerid < controllernumber:
|
|
||||||
cmd = binarypath+' -AdpAllInfo -a'+str(controllerid)+' -NoLog'
|
|
||||||
output = getOutput(cmd)
|
|
||||||
controllermodel = returnControllerModel(output)
|
|
||||||
print 'c'+str(controllerid)+' | '+controllermodel
|
|
||||||
controllerid += 1
|
|
||||||
print ''
|
|
||||||
|
|
||||||
controllerid = 0
|
|
||||||
if not nagiosmode:
|
|
||||||
print '-- Arrays informations --'
|
|
||||||
print '-- ID | Type | Size | Status | InProgress'
|
|
||||||
|
|
||||||
while controllerid < controllernumber:
|
|
||||||
arrayid = 0
|
|
||||||
cmd = binarypath+' -LdGetNum -a'+str(controllerid)+' -NoLog'
|
|
||||||
output = getOutput(cmd)
|
|
||||||
arraynumber = returnArrayNumber(output)
|
|
||||||
while arrayid < int(arraynumber):
|
|
||||||
cmd = binarypath+' -LDInfo -l'+str(arrayid)+' -a'+str(controllerid)+' -NoLog'
|
|
||||||
output = getOutput(cmd)
|
|
||||||
arrayinfo = returnArrayInfo(output,controllerid,arrayid)
|
|
||||||
if not nagiosmode:
|
|
||||||
print arrayinfo[0]+' | '+arrayinfo[1]+' | '+arrayinfo[2]+' | '+arrayinfo[3]+' | '+arrayinfo[4]
|
|
||||||
if not arrayinfo[3] == 'Optimal':
|
|
||||||
bad = True
|
|
||||||
nagiosbadarray=nagiosbadarray+1
|
|
||||||
else:
|
|
||||||
nagiosgoodarray=nagiosgoodarray+1
|
|
||||||
arrayid += 1
|
|
||||||
controllerid += 1
|
|
||||||
if not nagiosmode:
|
|
||||||
print ''
|
|
||||||
|
|
||||||
if not nagiosmode:
|
|
||||||
print '-- Disks informations'
|
|
||||||
print '-- ID | Model | Status'
|
|
||||||
|
|
||||||
controllerid = 0
|
|
||||||
while controllerid < controllernumber:
|
|
||||||
arrayid = 0
|
|
||||||
cmd = binarypath+' -LDInfo -lall -a'+str(controllerid)+' -NoLog'
|
|
||||||
output = getOutput(cmd)
|
|
||||||
cmd = binarypath+' -LdPdInfo -a'+str(controllerid)+' -NoLog'
|
|
||||||
output = getOutput(cmd)
|
|
||||||
arraydisk = returnDiskInfo(output,controllerid)
|
|
||||||
for array in arraydisk:
|
|
||||||
if not array[2] == 'Online' and not array[2] == 'Online, Spun Up':
|
|
||||||
bad=True
|
|
||||||
nagiosbaddisk=nagiosbaddisk+1
|
|
||||||
else:
|
|
||||||
nagiosgooddisk=nagiosgooddisk+1
|
|
||||||
if not nagiosmode:
|
|
||||||
print 'c'+str(controllerid)+'u'+array[0]+'p'+array[1]+' | '+array[3]+' | '+array[2]
|
|
||||||
controllerid += 1
|
|
||||||
|
|
||||||
if nagiosmode:
|
|
||||||
if bad:
|
|
||||||
print 'RAID ERROR - Arrays: OK:'+str(nagiosgoodarray)+' Bad:'+str(nagiosbadarray)+' - Disks: OK:'+str(nagiosgooddisk)+' Bad:'+str(nagiosbaddisk)
|
|
||||||
sys.exit(2)
|
|
||||||
else:
|
|
||||||
print 'RAID OK - Arrays: OK:'+str(nagiosgoodarray)+' Bad:'+str(nagiosbadarray)+' - Disks: OK:'+str(nagiosgooddisk)+' Bad:'+str(nagiosbaddisk)
|
|
||||||
else:
|
|
||||||
if bad:
|
|
||||||
print '\nThere is at least one disk/array in a NOT OPTIMAL state.'
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ____
|
|
||||||
____ _____ ______ _/ ____\____ \_____ \/_ |
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ | |
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \ | |
|
|
||||||
\___ >__|_| /____ > |__| (____ /\_______ \|___|
|
|
||||||
\/ \/ \/ \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ________
|
|
||||||
____ _____ ______ _/ ____\____ \_____ \\_____ \
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ / ____/
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \/ \
|
|
||||||
\___ >__|_| /____ > |__| (____ /\_______ \_______ \
|
|
||||||
\/ \/ \/ \/ \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,9 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ________
|
|
||||||
____ _____ ______ _/ ____\____ \_____ \ \_____ \
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ _(__ <
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \ / \
|
|
||||||
\___ >__|_| /____ > |__| (____ /\_______ \/______ /
|
|
||||||
\/ \/ \/ \/ \/ \/
|
|
||||||
|
|
@ -1,9 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ _____
|
|
||||||
____ _____ ______ _/ ____\____ \_____ \ / | |
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\__ \ / ____/ / | |_
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | / __ \_/ \/ ^ /
|
|
||||||
\___ >__|_| /____ > |__| (____ /\_______ \____ |
|
|
||||||
\/ \/ \/ \/ \/ |__|
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ____
|
|
||||||
____ _____ ______ _/ ____\_____ \_____ \/_ |
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ | |
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | |_> > \ | |
|
|
||||||
\___ >__|_| /____ > |__| | __/\_______ \|___|
|
|
||||||
\/ \/ \/ |__| \/
|
|
||||||
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ________
|
|
||||||
____ _____ ______ _/ ____\_____ \_____ \\_____ \
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ / ____/
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | |_> > \/ \
|
|
||||||
\___ >__|_| /____ > |__| | __/\_______ \_______ \
|
|
||||||
\/ \/ \/ |__| \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ________
|
|
||||||
____ _____ ______ _/ ____\_____ \_____ \ \_____ \
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ _(__ <
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | |_> > \ / \
|
|
||||||
\___ >__|_| /____ > |__| | __/\_______ \/______ /
|
|
||||||
\/ \/ \/ |__| \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ _____
|
|
||||||
____ _____ ______ _/ ____\_____ \_____ \ / | |
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ / | |_
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | |_> > \/ ^ /
|
|
||||||
\___ >__|_| /____ > |__| | __/\_______ \____ |
|
|
||||||
\/ \/ \/ |__| \/ |__|
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ .________
|
|
||||||
____ _____ ______ _/ ____\_____ \_____ \ | ____/
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ |____ \
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | |_> > \ / \
|
|
||||||
\___ >__|_| /____ > |__| | __/\_______ \/______ /
|
|
||||||
\/ \/ \/ |__| \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ ________ ________
|
|
||||||
____ _____ ______ _/ ____\_____ \_____ \/ _____/
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\____ \ / ____/ __ \
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | |_> > \ |__\ \
|
|
||||||
\___ >__|_| /____ > |__| | __/\_______ \_____ /
|
|
||||||
\/ \/ \/ |__| \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ __ ________ ____
|
|
||||||
____ _____ ______ _/ ____\/ |_\_____ \/_ |
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\ __\/ ____/ | |
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | | / \ | |
|
|
||||||
\___ >__|_| /____ > |__| |__| \_______ \|___|
|
|
||||||
\/ \/ \/ \/
|
|
||||||
|
|
||||||
|
|
@ -1,16 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
_____ __ ________ ________
|
|
||||||
____ _____ ______ _/ ____\/ |_\_____ \\_____ \
|
|
||||||
_/ ___\ / \ / ___/ ______ \ __\\ __\/ ____/ / ____/
|
|
||||||
\ \___| Y Y \\___ \ /_____/ | | | | / \/ \
|
|
||||||
\___ >__|_| /____ > |__| |__| \_______ \_______ \
|
|
||||||
\/ \/ \/ \/ \/
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
Binary file not shown.
@ -1,47 +0,0 @@
|
|||||||
umask 022
|
|
||||||
|
|
||||||
# if running bash
|
|
||||||
if [ -n "$BASH_VERSION" ]; then
|
|
||||||
# include .bashrc if it exists
|
|
||||||
if [ -f "$HOME/.bashrc" ]; then
|
|
||||||
. "$HOME/.bashrc"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# set PATH so it includes user's private bin if it exists
|
|
||||||
if [ -d "$HOME/bin" ] ; then
|
|
||||||
PATH="$HOME/bin:$PATH"
|
|
||||||
fi
|
|
||||||
|
|
||||||
EDITOR=nano
|
|
||||||
export EDITOR
|
|
||||||
|
|
||||||
JAVA_HOME=$HOME/software/java
|
|
||||||
export JAVA_HOME
|
|
||||||
|
|
||||||
PATH=$JAVA_HOME/bin:/usr/local/bin:/usr/bin:/usr/ccs/bin:$PATH
|
|
||||||
export PATH
|
|
||||||
|
|
||||||
RUGCMS_CLASSPATH=\
|
|
||||||
$HOME/software/tomcat/lib/*:\
|
|
||||||
$HOME/servers/tomcat-common/lib/*:\
|
|
||||||
$HOME/servers/ucms-common/lib/ucms/*:\
|
|
||||||
$HOME/servers/ucms-common/lib/xml/*:\
|
|
||||||
$HOME/servers/ucms-common/lib/jackrabbit/*:\
|
|
||||||
$HOME/servers/ucms-common/lib/apache/*:\
|
|
||||||
$HOME/servers/ucms-common/lib/google/*:\
|
|
||||||
$HOME/servers/ucms-common/lib/*
|
|
||||||
export RUGCMS_CLASSPATH
|
|
||||||
|
|
||||||
source $HOME/scripts/setClusterAndNode.sh
|
|
||||||
|
|
||||||
if [[ $CLUSTER == 'test' ]]; then
|
|
||||||
PS1=$'\\[\\e[32;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
|
|
||||||
elif [[ $CLUSTER == 'acceptation' ]]; then
|
|
||||||
PS1=$'\\[\\e[33;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
|
|
||||||
elif [[ $CLUSTER == 'production' ]]; then
|
|
||||||
PS1=$'\\[\\e[31m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
|
|
||||||
else
|
|
||||||
PS1=$'\\[\\e[35;1m\\]\\u@\\h (\\w) : \\[\\e[0m\\]'
|
|
||||||
fi
|
|
||||||
export PS1
|
|
@ -1,3 +0,0 @@
|
|||||||
search service.rug.nl
|
|
||||||
nameserver 129.125.4.6
|
|
||||||
nameserer 8.8.8.8
|
|
@ -1,139 +0,0 @@
|
|||||||
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
|
|
||||||
|
|
||||||
# This is the sshd server system-wide configuration file. See
|
|
||||||
# sshd_config(5) for more information.
|
|
||||||
|
|
||||||
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
|
|
||||||
|
|
||||||
# The strategy used for options in the default sshd_config shipped with
|
|
||||||
# OpenSSH is to specify options with their default value where
|
|
||||||
# possible, but leave them commented. Uncommented options override the
|
|
||||||
# default value.
|
|
||||||
|
|
||||||
# If you want to change the port on a SELinux system, you have to tell
|
|
||||||
# SELinux about this change.
|
|
||||||
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
|
|
||||||
#
|
|
||||||
#Port 22
|
|
||||||
#AddressFamily any
|
|
||||||
#ListenAddress 0.0.0.0
|
|
||||||
#ListenAddress ::
|
|
||||||
|
|
||||||
HostKey /etc/ssh/ssh_host_rsa_key
|
|
||||||
#HostKey /etc/ssh/ssh_host_dsa_key
|
|
||||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
||||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
||||||
|
|
||||||
# Ciphers and keying
|
|
||||||
#RekeyLimit default none
|
|
||||||
|
|
||||||
# Logging
|
|
||||||
#SyslogFacility AUTH
|
|
||||||
SyslogFacility AUTHPRIV
|
|
||||||
#LogLevel INFO
|
|
||||||
|
|
||||||
# Authentication:
|
|
||||||
|
|
||||||
#LoginGraceTime 2m
|
|
||||||
PermitRootLogin without-password
|
|
||||||
#StrictModes yes
|
|
||||||
#MaxAuthTries 6
|
|
||||||
#MaxSessions 10
|
|
||||||
|
|
||||||
#PubkeyAuthentication yes
|
|
||||||
|
|
||||||
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
|
|
||||||
# but this is overridden so installations will only check .ssh/authorized_keys
|
|
||||||
AuthorizedKeysFile .ssh/authorized_keys
|
|
||||||
|
|
||||||
#AuthorizedPrincipalsFile none
|
|
||||||
|
|
||||||
#AuthorizedKeysCommand none
|
|
||||||
#AuthorizedKeysCommandUser nobody
|
|
||||||
|
|
||||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
|
||||||
#HostbasedAuthentication no
|
|
||||||
# Change to yes if you don't trust ~/.ssh/known_hosts for
|
|
||||||
# HostbasedAuthentication
|
|
||||||
#IgnoreUserKnownHosts no
|
|
||||||
# Don't read the user's ~/.rhosts and ~/.shosts files
|
|
||||||
#IgnoreRhosts yes
|
|
||||||
|
|
||||||
# To disable tunneled clear text passwords, change to no here!
|
|
||||||
#PasswordAuthentication yes
|
|
||||||
#PermitEmptyPasswords no
|
|
||||||
PasswordAuthentication yes
|
|
||||||
|
|
||||||
# Change to no to disable s/key passwords
|
|
||||||
#ChallengeResponseAuthentication yes
|
|
||||||
ChallengeResponseAuthentication no
|
|
||||||
|
|
||||||
# Kerberos options
|
|
||||||
#KerberosAuthentication no
|
|
||||||
#KerberosOrLocalPasswd yes
|
|
||||||
#KerberosTicketCleanup yes
|
|
||||||
#KerberosGetAFSToken no
|
|
||||||
#KerberosUseKuserok yes
|
|
||||||
|
|
||||||
# GSSAPI options
|
|
||||||
GSSAPIAuthentication yes
|
|
||||||
GSSAPICleanupCredentials no
|
|
||||||
#GSSAPIStrictAcceptorCheck yes
|
|
||||||
#GSSAPIKeyExchange no
|
|
||||||
#GSSAPIEnablek5users no
|
|
||||||
|
|
||||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
|
||||||
# and session processing. If this is enabled, PAM authentication will
|
|
||||||
# be allowed through the ChallengeResponseAuthentication and
|
|
||||||
# PasswordAuthentication. Depending on your PAM configuration,
|
|
||||||
# PAM authentication via ChallengeResponseAuthentication may bypass
|
|
||||||
# the setting of "PermitRootLogin without-password".
|
|
||||||
# If you just want the PAM account and session checks to run without
|
|
||||||
# PAM authentication, then enable this but set PasswordAuthentication
|
|
||||||
# and ChallengeResponseAuthentication to 'no'.
|
|
||||||
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
|
|
||||||
# problems.
|
|
||||||
UsePAM yes
|
|
||||||
|
|
||||||
#AllowAgentForwarding yes
|
|
||||||
#AllowTcpForwarding yes
|
|
||||||
#GatewayPorts no
|
|
||||||
X11Forwarding yes
|
|
||||||
#X11DisplayOffset 10
|
|
||||||
#X11UseLocalhost yes
|
|
||||||
#PermitTTY yes
|
|
||||||
#PrintMotd yes
|
|
||||||
#PrintLastLog yes
|
|
||||||
#TCPKeepAlive yes
|
|
||||||
#UseLogin no
|
|
||||||
#UsePrivilegeSeparation sandbox
|
|
||||||
#PermitUserEnvironment no
|
|
||||||
#Compression delayed
|
|
||||||
#ClientAliveInterval 0
|
|
||||||
#ClientAliveCountMax 3
|
|
||||||
#ShowPatchLevel no
|
|
||||||
#UseDNS yes
|
|
||||||
#PidFile /var/run/sshd.pid
|
|
||||||
#MaxStartups 10:30:100
|
|
||||||
#PermitTunnel no
|
|
||||||
#ChrootDirectory none
|
|
||||||
#VersionAddendum none
|
|
||||||
|
|
||||||
# no default banner path
|
|
||||||
#Banner none
|
|
||||||
|
|
||||||
# Accept locale-related environment variables
|
|
||||||
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
||||||
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
||||||
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
|
|
||||||
AcceptEnv XMODIFIERS
|
|
||||||
|
|
||||||
# override default of no subsystems
|
|
||||||
Subsystem sftp /usr/libexec/openssh/sftp-server
|
|
||||||
|
|
||||||
# Example of overriding settings on a per-user basis
|
|
||||||
#Match User anoncvs
|
|
||||||
# X11Forwarding no
|
|
||||||
# AllowTcpForwarding no
|
|
||||||
# PermitTTY no
|
|
||||||
# ForceCommand cvs server
|
|
Binary file not shown.
Binary file not shown.
@ -1,34 +0,0 @@
|
|||||||
- copy:
|
|
||||||
src: files/motd.{{ ansible_hostname }}
|
|
||||||
dest: /etc/motd
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
- copy:
|
|
||||||
src: files/hosts
|
|
||||||
dest: /etc/hosts
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
- copy:
|
|
||||||
src: files/sshd_config
|
|
||||||
dest: /etc/ssh/sshd_config
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0600
|
|
||||||
|
|
||||||
- copy:
|
|
||||||
src: files/resolv.conf
|
|
||||||
dest: /etc/resolv.conf
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
- copy:
|
|
||||||
src: files/yum_debug_dump.txt.gz
|
|
||||||
dest: /root/yum_debug_dump.txt.gz
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0600
|
|
@ -1,6 +0,0 @@
|
|||||||
- copy:
|
|
||||||
src: files/firewall.sh
|
|
||||||
dest: /root/firewall/firewall.sh
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0700
|
|
@ -1 +0,0 @@
|
|||||||
- selinux: state=disabled
|
|
@ -1,9 +0,0 @@
|
|||||||
- docker_container:
|
|
||||||
name: netdata
|
|
||||||
image: titpetric/netdata
|
|
||||||
network_mode: host
|
|
||||||
hostname: "{{ ansible_hostname }}"
|
|
||||||
capabilities: SYS_PTRACE
|
|
||||||
state: started
|
|
||||||
volumes:
|
|
||||||
- /sys:/host/sys:ro
|
|
@ -1,6 +0,0 @@
|
|||||||
- user:
|
|
||||||
name: ger
|
|
||||||
comment: "ger user"
|
|
||||||
state: present
|
|
||||||
group: rugcms
|
|
||||||
home: /home/ger
|
|
@ -1 +0,0 @@
|
|||||||
- yum: name=python-docker-py state=latest
|
|
@ -1 +0,0 @@
|
|||||||
- yum: name=epel-release state=latest
|
|
@ -1 +0,0 @@
|
|||||||
- yum: name=ntp state=latest
|
|
@ -1 +0,0 @@
|
|||||||
- yum: name=yum-utils state=latest
|
|
@ -1,21 +0,0 @@
|
|||||||
- include: rugcms-group.yml
|
|
||||||
- include: rugcms-user.yml
|
|
||||||
- include: rugcms-keys.yml
|
|
||||||
- include: rugcms-profile.yml
|
|
||||||
- include: rugcms-password.yml
|
|
||||||
- include: stealth-client.yml
|
|
||||||
- include: install-epel.yml
|
|
||||||
- include: install-ntp.yml
|
|
||||||
- include: install-yum-utils.yml
|
|
||||||
- include: install-docker-py.yml
|
|
||||||
- include: disable-selinux.yml
|
|
||||||
- include: start-ntp.yml
|
|
||||||
- include: stop-firewalld.yml
|
|
||||||
- include: copy-firewall.yml
|
|
||||||
- include: run-firewall.yml
|
|
||||||
- include: nagios-client.yml
|
|
||||||
- include: mega-cli.yml
|
|
||||||
- include: copy-files.yml
|
|
||||||
- include: start-services.yml
|
|
||||||
- include: docker-netdata.yml
|
|
||||||
- include: upgrade.yml
|
|
@ -1,27 +0,0 @@
|
|||||||
- copy:
|
|
||||||
src: files/Lib_Utils-1.00-09.noarch.rpm
|
|
||||||
dest: /tmp/Lib_Utils-1.00-09.noarch.rpm
|
|
||||||
|
|
||||||
- yum:
|
|
||||||
name: /tmp/Lib_Utils-1.00-09.noarch.rpm
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- copy:
|
|
||||||
src: files/MegaCli-8.04.07-1.noarch.rpm
|
|
||||||
dest: /tmp/MegaCli-8.04.07-1.noarch.rpm
|
|
||||||
|
|
||||||
- yum:
|
|
||||||
name: /tmp/MegaCli-8.04.07-1.noarch.rpm
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- copy:
|
|
||||||
src: files/megaclisas-status
|
|
||||||
dest: /usr/sbin/megaclisas-status
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0700
|
|
||||||
|
|
||||||
- file:
|
|
||||||
src: /opt/MegaRAID/MegaCli/MegaCli64
|
|
||||||
dest: /usr/sbin/megacli
|
|
||||||
state: link
|
|
@ -1,42 +0,0 @@
|
|||||||
|
|
||||||
- file: path=/nagios state=directory
|
|
||||||
|
|
||||||
- unarchive:
|
|
||||||
src: files/nagios.tar.gz
|
|
||||||
dest: /nagios
|
|
||||||
|
|
||||||
- cron:
|
|
||||||
name: "check disk full"
|
|
||||||
minute: "00,10,20,30,40,50"
|
|
||||||
hour: "*"
|
|
||||||
job: "/nagios/cron/check_disk"
|
|
||||||
|
|
||||||
- cron:
|
|
||||||
name: "check disk ok"
|
|
||||||
minute: "00,10,20,30,40,50"
|
|
||||||
hour: "*"
|
|
||||||
job: "/nagios/cron/check_disks"
|
|
||||||
|
|
||||||
- cron:
|
|
||||||
name: "check firewall"
|
|
||||||
minute: "00,10,20,30,40,50"
|
|
||||||
hour: "*"
|
|
||||||
job: "/nagios/cron/check_iptables"
|
|
||||||
|
|
||||||
- replace:
|
|
||||||
path: /nagios/cron/check_iptables
|
|
||||||
regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
|
|
||||||
replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
|
|
||||||
backup: yes
|
|
||||||
|
|
||||||
- replace:
|
|
||||||
path: /nagios/cron/check_disk
|
|
||||||
regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
|
|
||||||
replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
|
|
||||||
backup: yes
|
|
||||||
|
|
||||||
- replace:
|
|
||||||
path: /nagios/cron/check_disks
|
|
||||||
regexp: 'HOSTNAME="cms-fa11.service.rug.nl"'
|
|
||||||
replace: 'HOSTNAME="{{ ansible_hostname }}.service.rug.nl"'
|
|
||||||
backup: yes
|
|
@ -1,3 +0,0 @@
|
|||||||
- group:
|
|
||||||
name: rugcms
|
|
||||||
state: present
|
|
@ -1,7 +0,0 @@
|
|||||||
- authorized_key:
|
|
||||||
user: rugcms
|
|
||||||
key: '{{ item }}'
|
|
||||||
state: present
|
|
||||||
with_items:
|
|
||||||
- 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl'
|
|
||||||
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga'
|
|
@ -1,6 +0,0 @@
|
|||||||
- copy:
|
|
||||||
src: files/profile_rugcms
|
|
||||||
dest: /local_disk/.profile
|
|
||||||
owner: rugcms
|
|
||||||
group: rugcms
|
|
||||||
mode: 0700
|
|
@ -1,6 +0,0 @@
|
|||||||
- user:
|
|
||||||
name: rugcms
|
|
||||||
comment: "rugcms user"
|
|
||||||
state: present
|
|
||||||
group: rugcms
|
|
||||||
home: /local_disk
|
|
@ -1 +0,0 @@
|
|||||||
- script: chdir=/root/firewall firewall.sh
|
|
@ -1,4 +0,0 @@
|
|||||||
- systemd:
|
|
||||||
name: ntpd.service
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
@ -1,14 +0,0 @@
|
|||||||
- systemd:
|
|
||||||
name: sshd.service
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
||||||
|
|
||||||
- systemd:
|
|
||||||
name: postfix.service
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
||||||
|
|
||||||
- systemd:
|
|
||||||
name: docker.service
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
@ -1,15 +0,0 @@
|
|||||||
- group:
|
|
||||||
name: kees
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- user:
|
|
||||||
name: kees
|
|
||||||
comment: "stealth user"
|
|
||||||
state: present
|
|
||||||
group: kees
|
|
||||||
home: /home/kees
|
|
||||||
|
|
||||||
- authorized_key:
|
|
||||||
user: kees
|
|
||||||
key: 'ssh-dss AAAAB3NzaC1kc3MAAACBALg7GbHKk2jYPNXUgW69AKKnCALjroTtwCA0bt4zde1mavYNoQK8JY/pe4BSOQtsyo3JECYzmAZwoNbq8nJCh8ORf5tKs8njEykZ0n7BVWtCT/jh9EFPTFhFK864TdFVCvwtIafAL4kEVNvJ0wrJYa1mN/ds03HWliv+3Shj6x0dAAAAFQDxlwgId3zlrXiCfk3ciAHN5b2ScwAAAIEArZ3/Hg7FECh5Fjf7lnBQZW7sjG5OLZRJIZlj2/jYnvIRUrsN2XmebwO4Q5q7g7FLWlfbg+x2Lmv1OWf/zGd3U6aAx8M+d+nTWDtWpQNvcE99HlfOs9Q4Rzxx6ZOyaZn57lCva/nCmLe0DTPVB8rvocMmqe1r3n7/KgxxKttbWRUAAACAfH2y4JPt2AcVdHnHiibpQBtxK/9m6AEjsB/g02tMXHZletMs9jF6kGynan7xJqRqvWxkGS1ClHIUdt2uK6A6pbqOf2BwcBIxAdljLRrZOyvmW9KTqduHMemYv6xQnpNGb8moWq5V5FKiATvd/LB46O1zwZejJErfj70LRE98Hv4= stealth@operator'
|
|
||||||
state: present
|
|
@ -1,3 +0,0 @@
|
|||||||
- systemd:
|
|
||||||
name: firewalld.service
|
|
||||||
enabled: no
|
|
@ -1 +0,0 @@
|
|||||||
- yum: name=* state=latest
|
|
Loading…
Reference in New Issue
Block a user