Initial commit of PVC Ansible role

2023-09-01 15:42:19 -04:00
commit 6dfaf433dc
92 changed files with 4709 additions and 0 deletions
--- a/roles/base/files/usr/bin/check_mk_agent
+++ b/roles/base/files/usr/bin/check_mk_agent
--- a/roles/base/files/usr/lib/check_mk_agent/plugins/backup
+++ b/roles/base/files/usr/lib/check_mk_agent/plugins/backup
@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Backup check for Check_MK
+# Installed by BLSE 2.0 ansible
+
+SHARELIST=( $( cat /var/backups/shares ) )
+
+echo "<<<backup>>>"
+for SHARE in ${SHARELIST[@]}; do
+    echo "${SHARE} $( cat ${SHARE}/.backup )"
+done
--- a/roles/base/files/usr/lib/check_mk_agent/plugins/cephfsmounts
+++ b/roles/base/files/usr/lib/check_mk_agent/plugins/cephfsmounts
@ -0,0 +1,15 @@
+echo '<<<cephfsmounts>>>'
+sed -n '/ ceph\? /s/[^ ]* \([^ ]*\) .*/\1/p' < /proc/mounts |
+    sed 's/\\040/ /g' |
+    while read MP
+    do
+    if [ ! -r $MP ]; then
+        echo "$MP Permission denied"
+        elif [ $STAT_VERSION != $STAT_BROKE ]; then
+            waitmax -s 9 2 stat -f -c "$MP ok %b %f %a %s" "$MP" || \
+            echo "$MP hanging 0 0 0 0"
+        else
+            waitmax -s 9 2 stat -f -c "$MP ok %b %f %a %s" "$MP" && \
+                printf '\n'|| echo "$MP hanging 0 0 0 0"
+        fi
+    done
--- a/roles/base/files/usr/lib/check_mk_agent/plugins/dpkg
+++ b/roles/base/files/usr/lib/check_mk_agent/plugins/dpkg
@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Apt and dpkg status check for Check_MK
+# Installed by BLSE 2.0 ansible
+
+TMP_DPKG="$( COLUMNS=200 dpkg --list )"
+TMP_AWK="$( awk '
+    { if (NR>5) {
+        if ($1 != "ii") bad_package[$2]=$1;
+    }}
+    END {
+        print NR-5;
+        bad_package_count=asort(bad_package,junk)
+        if (bad_package_count) {
+            for (package in bad_package)
+                print package "[" bad_package[package] "]"
+            exit 1
+        }
+    }
+' <<<"$TMP_DPKG" )"
+
+DEBIAN_VERSION="$( cat /etc/debian_version )"
+TOTAL_PACKAGES=$( head --lines=1 <<<"${TMP_AWK}" )
+UPGRADABLE_PACKAGES=( $( apt list --upgradable 2>/dev/null | grep -v '^Listing' | awk '{ gsub(/\]/,"",$NF); print $1 "[" $NF "<>" $2 "]" }' ) )
+INCONSISTENT_PACKAGES=( $( tail --lines=+2 <<<"${TMP_AWK}" ) )
+OLD_CONFIG_FILES=( $( ionice -c3 find /etc -type f -a \( -name '*.dpkg-*' -o -name '*.ucf-*' \) 2>/dev/null ) )
+
+echo "<<<dpkg>>>"
+echo "debian_version ${DEBIAN_VERSION}"
+echo "total_packages ${TOTAL_PACKAGES}"
+echo "upgradable_packages ${#UPGRADABLE_PACKAGES[*]} ${UPGRADABLE_PACKAGES[*]}"
+echo "inconsistent_packages ${#INCONSISTENT_PACKAGES[*]} ${INCONSISTENT_PACKAGES[*]}"
+echo "obsolete_configuration_files ${#OLD_CONFIG_FILES[*]} ${OLD_CONFIG_FILES[*]}"
--- a/roles/base/files/usr/lib/check_mk_agent/plugins/entropy
+++ b/roles/base/files/usr/lib/check_mk_agent/plugins/entropy
@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Entropy availability check for Check_MK
+# Installed by BLSE 2.0 ansible
+
+if [ -e /proc/sys/kernel/random/entropy_avail ]; then
+
+  echo '<<<entropy_avail>>>'
+
+  echo -n "entropy_avail "
+  cat /proc/sys/kernel/random/entropy_avail
+
+  echo -n "poolsize "
+  cat /proc/sys/kernel/random/poolsize
+
+fi
--- a/roles/base/files/usr/lib/check_mk_agent/plugins/freshness
+++ b/roles/base/files/usr/lib/check_mk_agent/plugins/freshness
@ -0,0 +1,52 @@
+#!/bin/bash
+
+# Open file handle freshness check for Check_MK
+# Installed by BLSE 2.0 ansible
+
+OK=0
+WARNING=1
+
+FRESHNESS="$( lsof -Fcftn / 2>/dev/null | grep -v '/tmp' | \
+awk '
+{
+    field=substr($0,1,1);
+    data=substr($0,2);
+    if (field=="f") {
+        file_descriptor=data;
+    } else if (field=="t") {
+        file_type=data;
+    } else if (field=="c") {
+        command_name=data;
+    } else if (field=="n" && file_descriptor=="DEL" && file_type=="REG") {
+        name=data;
+        file[command_name]++;
+    }
+}
+END {
+    for (name in file) {
+        error++;
+    # Skip these problematic programs
+    if (name=="systemd-udevd") { continue; }
+    if (name=="pulseaudio") { continue; }
+    if (name=="light-locker") { continue; }
+    if (name=="at-spi-bus-laun") { continue; }
+    if (name=="node") { continue; }
+    if (error_name) { error_name=error_name " " };
+        error_name=error_name name;
+    }
+    if (error_name) {
+        print error_name;
+        exit error;
+    } else {
+        exit;
+    }
+}' )";
+
+echo "<<<freshness>>>"
+if [ "$FRESHNESS" ]; then
+    echo "Applications needing restart: $FRESHNESS"
+    exit $WARNING
+else
+    echo "No applications needing restart"
+    exit $OK
+fi
--- a/roles/base/files/usr/lib/check_mk_agent/plugins/kernelversion
+++ b/roles/base/files/usr/lib/check_mk_agent/plugins/kernelversion
@ -0,0 +1,14 @@
+#!/bin/bash
+OK=0
+WARNING=1
+
+echo "<<<kernelversion>>>"
+ACTIVE="$( uname -v | awk '{ print $4" "$5 }' )"
+ONDISK="$( strings /vmlinuz | grep 'Debian' | head -1 | awk '{ print $6" "$7 }' )"
+echo ${ACTIVE}
+echo ${ONDISK}
+if [[ ${ACTIVE} != ${ONDISK} ]]; then
+    exit $WARNING
+else
+    exit $OK
+fi
--- a/roles/base/files/usr/lib/check_mk_agent/plugins/ownership
+++ b/roles/base/files/usr/lib/check_mk_agent/plugins/ownership
@ -0,0 +1,68 @@
+#!/bin/bash
+
+# File ownership check for Check_MK
+# Installed by BLSE 2.0 ansible
+
+UID_MAX=299
+# http://www.debian.org/doc/debian-policy/ch-opersys.html
+# 0-99: Globally allocated by the Debian project
+# 100-199: (BLSE) Dynamically allocated system users and groups
+# 200-299: (BLSE) BLSE users and groups
+# 300-499: (BLSE) reserved
+# 500-599: (BLSE) system administrators
+# 600-999: (BLSE) reserved
+# 64045:   (BLSE) ceph
+
+function is_element_of {
+    local TO_FIND=$1
+    shift
+
+    for ARRAY_ELEMENT in $*
+    do
+        if test $TO_FIND = $ARRAY_ELEMENT
+        then
+            return 0
+        fi
+    done
+    return 1
+}
+
+OK=0
+WARNING=1
+
+FILESYSTEMs=(/ /var/log)
+MOUNTs=($(awk '{print $2}' '/proc/mounts'))
+
+FILEs=()
+for FILESYSTEM in ${FILESYSTEMs[@]}; do
+    while IFS= read -r -d $'\0' FILE
+    do
+        if ! is_element_of "$FILE" ${FILESYSTEMs[*]}; then
+            if is_element_of $FILE ${MOUNTs[*]}; then
+                continue
+            fi
+        fi
+        FILEs+=($FILE)
+    done < <( find ${FILESYSTEM} -xdev -uid +$UID_MAX -not -uid +64000 -not -uid 2000 \
+        -not \( -type d -a \( -path /media -o -path /mnt \) \) \
+        -not \( -name '.*.swp' -a -mtime -3 \) \
+        -not \( -path '*/.git' -o -path '*/.git/*' \) \
+        -not \( -path '*.dirtrack.Storable' \) \
+        -not \( -path '/home/*' \) \
+        -not \( -path '/tmp/*' \) \
+        -not \( -path '/var/home/*' \) \
+        -not \( -path '/var/log/gitlab/*' \) \
+        -print0 2>/dev/null )
+done
+
+echo "<<<file_ownership>>>"
+
+if ! test ${#FILEs[*]} -eq 0; then
+    echo -n "${#FILEs[*]} file(s) found with invalid ownership (must be UID <299): "
+    echo "${FILEs[*]}"
+    exit $WARNING
+else
+    echo "All files have valid ownership"
+    exit $OK
+fi
+
--- a/roles/base/files/usr/lib/openssh/ssh-keysign
+++ b/roles/base/files/usr/lib/openssh/ssh-keysign