diff --git a/inventory/inventory.sh b/inventory/inventory.sh index 48545c0..5d5fb0d 100755 --- a/inventory/inventory.sh +++ b/inventory/inventory.sh @@ -114,6 +114,9 @@ all: # Loop through each IP in the comma-separated list IFS=',' read -ra IPS <<< "$IP_LIST" for IP in "${IPS[@]}"; do + ip_check=$(curl -s http://172.25.100.15:15010/ip_check?ip=${IP} | jq .in_subnets) + echo $ip_check + inventory_content+=" ${IP}: ansible_host: ${IP} " diff --git a/roles/storage_api/files/disk_service.py b/roles/storage_api/files/disk_service.py new file mode 100644 index 0000000..ae62b5d --- /dev/null +++ b/roles/storage_api/files/disk_service.py @@ -0,0 +1,34 @@ +from flask import Flask, jsonify +import psutil + +app = Flask(__name__) +app.config['JSONIFY_PRETTYPRINT_REGULAR'] = True + +def bytes_to_human_readable(bytes): + for unit in ['B', 'KB', 'MB', 'GB', 'TB']: + if bytes < 1024.0: + return f"{bytes:.2f} {unit}" + bytes /= 1024.0 + +def get_disk_info(): + disk_info = [] + partitions = psutil.disk_partitions() + for partition in partitions: + usage = psutil.disk_usage(partition.mountpoint) + disk_info.append({ + 'device': partition.device.replace('\\\\', '\\').rstrip('\\'), + #'mountpoint': partition.mountpoint, + #'fstype': partition.fstype, + 'total': bytes_to_human_readable(usage.total), + 'used': bytes_to_human_readable(usage.used), + 'free': bytes_to_human_readable(usage.free), + 'percent': usage.percent + }) + return disk_info + +@app.route('/disk', methods=['GET']) +def disk(): + return jsonify(get_disk_info()) + +if __name__ == '__main__': + app.run(host='0.0.0.0', port=5000) diff --git a/roles/user_check/defaults/main.yaml b/roles/user_check/defaults/main.yaml new file mode 100644 index 0000000..57266e8 --- /dev/null +++ b/roles/user_check/defaults/main.yaml @@ -0,0 +1,7 @@ +--- + + +ip_check_folder: "/opt/cosmos/ip_check" + + +... \ No newline at end of file diff --git a/roles/user_check/tasks/main.yaml b/roles/user_check/tasks/main.yaml new file mode 100644 index 0000000..f1adf0d --- /dev/null +++ b/roles/user_check/tasks/main.yaml @@ -0,0 +1,7 @@ +--- + +- name: Subnet Security Check + #when: 'SERVER_SUBNET_GROUP not in subnet_group_check' + include_tasks: user_check.yaml + +... \ No newline at end of file diff --git a/roles/user_check/tasks/user_check.yaml b/roles/user_check/tasks/user_check.yaml new file mode 100644 index 0000000..93eff04 --- /dev/null +++ b/roles/user_check/tasks/user_check.yaml @@ -0,0 +1,71 @@ +--- +- name: user check + delegate_to: localhost + block: + + - name: show user vars + debug: + msg: + - "User email:" + - "{{ jenkins_user}}" + - "Jenkins Group:" + - "{{ jenkins_group}}" + - "SERVER_SUBNET_GROUP:" + - "{{ SERVER_SUBNET_GROUP }}" + - "subnet_group_check:" + - "{{ subnet_group_check }}" + - "Host IP:" + - "{{ ansible_ssh_host }}" + + # Create venv Folder + - name: create ip venv folder + file: + path: "{{ ip_check_folder }}" + state: directory + #mode: '0755' + + # Copy venv files + - name: copy ip venv files + copy: + src: subnet_check/ + dest: "{{ ip_check_folder }}" + #mode: 0644 + + - name: extract venv + unarchive: + src: /var/jenkins_home/ansible-files/programs/ip_check_venv.tar.gz + dest: "{{ ip_check_folder }}" + #mode: 0644 + + ## build venv + ## commenting and using pre-made archived env to save time + #- name: build venv + # pip: + # virtualenv: "{{ ip_check_folder }}/venv" + # requirements: "{{ ip_check_folder }}/requirements.txt" + # virtualenv_command: python3 -m venv + # state: present + + # check if IP is restricted + - name: check for restricted IP + shell: "{{ ip_check_folder }}/venv/bin/python {{ ip_check_folder }}/ip_check.py {{ ansible_ssh_host }}" + args: + chdir: "{{ ip_check_folder }}" + register: restricted_ip_check + + - name: display output of this + debug: + msg: + - "{{ restricted_ip_check.cmd }}" + - "{{ restricted_ip_check.stdout_lines }}" + + - name: end play if not admin + when: restricted_ip_check.stdout_lines[0] | bool + block: + + - name: display warning + debug: + msg: "Warning: Your user account is not authorized to run playbooks on this subnet." + - meta: end_play + +... \ No newline at end of file