sync with second remote

ansible.cfg

@@ -0,0 +1,5 @@
+[defaults]
+
+roles_path = /var/jenkins_home/ansible-windows/roles
+
+ansible_root = /var/jenkins_home/ansible-windows

inventory/inventory.sh

@@ -0,0 +1,163 @@
+#!/bin/bash
+
+# Dynamic inventory generation script ansible windows
+
+# Function to display usage
+usage() {
+    echo "Windows Ansible Dynamic Inventory File Generation Script"
+    echo "Usage: $0 -i IP_LIST -u JENKINS_USER -g JENKINS_GROUP -w WINDOWS_USER -p ANSIBLE_PASSWORD [-a SERVER_SUBNET_GROUP] [-s] [-v] [-e]"
+    echo "Options:"
+    echo "  -i IP_LIST                  Comma-separated list of IPs"
+    echo "  -u JENKINS_USER             Jenkins user"
+    echo "  -g JENKINS_GROUP            Jenkins primary group"
+    echo "  -a SERVER_SUBNET_GROUP      Jenkins group for SSH access, need to pass something when called"
+    echo "  -w WINDOWS_USER             Windows user"
+    echo "  -p ANSIBLE_PASSWORD         Password for the service account (Windows user)"
+    echo "  -q                          Be quieter"
+    echo "  -s                          Set variable to true if more than one IP is passed"
+    echo "  -v                          Display Ansible Version"
+    exit 1
+}
+
+# Initialize variables with default values
+skip=false
+more_than_one=false
+display_version=false
+allsubnet_group=missing
+be_quiet=false
+
+# Parse command line options
+while getopts ":i:u:w:p:g:a:svq" opt; do
+  case ${opt} in
+    i ) # process option i
+        IP_LIST=$OPTARG
+        ;;
+    u ) # process option u
+        JENKINS_USER=$OPTARG
+        ;;
+    w ) # process option w
+        WINDOWS_USER=$OPTARG
+        ;;
+    p ) # process option p
+        ANSIBLE_PASSWORD=$OPTARG
+        ;;
+    g ) # process option g
+        JENKINS_GROUP=$OPTARG
+        ;;
+    s ) # process option s
+        skip=true
+        ;;
+    v ) # process option v
+        display_version=true
+        ;;
+    q ) # process option q
+        be_quiet=true
+        ;;
+    a ) # process option a
+        allsubnet_group=$OPTARG
+        ;;
+    \? ) usage
+        ;;
+  esac
+done
+shift $((OPTIND -1))
+# Check if all required options are provided
+if [ -z "$IP_LIST" ] || [ -z "$JENKINS_USER" ] || [ -z "$JENKINS_GROUP" ] || [ -z "$WINDOWS_USER" ] || [ -z "$ANSIBLE_PASSWORD" ]; then
+    usage
+fi
+
+if $display_version; then
+    if ! $be_quiet; then
+        echo "Showing ansible version"
+        ansible --version   
+    fi
+fi
+
+# Generate an 8-character hash from the IP list
+hash=$(echo -n "$IP_LIST" | md5sum | cut -c 1-8)
+
+if ! $be_quiet; then
+    echo "IP List:"
+    echo $IP_LIST
+    echo $hash
+fi
+
+
+# Define the inventory file path with the hash
+inventory_file="/var/jenkins_home/ansible-windows/.inv/inventory-$hash.yml"
+
+if $skip; then
+    IFS=',' read -ra IPS <<< "$IP_LIST"
+    if [ ${#IPS[@]} -gt 1 ]; then
+        more_than_one=true
+    fi
+fi
+
+if $skip; then
+    if ! $be_quiet; then
+        echo "Single host option set"
+    fi
+    if $more_than_one; then
+        if ! $be_quiet; then
+            echo "IP list provided, inventory will be emptied"
+        fi
+        IP_LIST=""
+    fi
+fi
+
+# Initialize the YAML inventory content
+inventory_content="---
+all:
+  hosts:
+"
+
+# Loop through each IP in the comma-separated list
+IFS=',' read -ra IPS <<< "$IP_LIST"
+for IP in "${IPS[@]}"; do
+    ip_check=$(curl -s http://172.25.100.15:15010/ip_check?ip=${IP} | jq .in_subnets)
+    echo $ip_check
+
+    inventory_content+="    ${IP}:
+      ansible_host: ${IP}
+"
+done
+
+inventory_content+="  vars:
+    # windows user info
+    ansible_user: ${WINDOWS_USER}
+    ansible_password: '${ANSIBLE_PASSWORD}'
+    ansible_become_user: ${WINDOWS_USER}
+    ansible_become_pass: '${ANSIBLE_PASSWORD}'
+
+    # ansible connection info
+    ansible_connection: winrm
+    ansible_winrm_transport: basic
+    ansible_winrm_server_cert_validation: ignore
+    ansible_winrm_scheme: http
+    ansible_winrm_port: 5985
+    
+    # jenkins user info
+    jenkins_user: '${JENKINS_USER}'
+    jenkins_group: '${JENKINS_GROUP}'
+    subnet_group_check: '${allsubnet_group}'
+    SERVER_SUBNET_GROUP: '${SERVER_SUBNET_GROUP}'
+
+    # other variables
+    ansible_python_interpreter: /usr/bin/python3
+"
+
+# Write the inventory content to the file
+echo "$inventory_content" > $inventory_file
+
+# secure inventory file
+if ! $be_quiet; then
+    echo "Securing inventory file"
+fi
+chmod 700 $inventory_file
+
+# echo inventory
+if ! $be_quiet; then
+    echo "Inventory file created at $inventory_file with the following content:"
+    cat $inventory_file
+fi
+

jenkins/Jenkinsfile.test

@@ -13,19 +13,7 @@ pipeline {
 
     environment {
         ANSIBLE_FORCE_COLOR = '1'
-        SATURN_BEHEMOTH = credentials('SATURN_BEHEMOTH')
+        ansible_service_windows = credentials('	ansible-service-windows')
-        pxe_proxy_password = credentials('pxe_proxy_password')
-        PXE_API_KEY = credentials('PXE_API_KEY')
-        LINUX_LDAP_PWD = credentials('LINUX_LDAP')
-        AUTHORIZED_KEY = credentials('AUTH_SSH_KEY')
-        TERRA_BEHEMOTH_SMB = credentials('TERRA_BEHEMOTH_SMB')
-        MATT_PASSWORD = credentials('MATT_PASSWORD')
-        matt_public_key = credentials('matt_public_key')
-        matt_private_key = credentials('matt_private_key')
-        cosmos_password = credentials('cosmos_password')
-        cosmos_root_password = credentials('cosmos_root_password')
-        vm_party_username_password = credentials('cosmos_root_password')
-        is_admin = '0'
     }
 
     options {
@@ -38,14 +26,15 @@ pipeline {
             steps {
 
                 // Generate the dynamic inventory file
+                // Usage: $0 -i IP_LIST -u JENKINS_USER -g JENKINS_GROUP -w WINDOWS_USER -p ANSIBLE_PASSWORD [-a SERVER_SUBNET_GROUP] [-s] [-v] [-e]"
                 sh """
 
                 jenkins_group=\$(echo ${env.BUILD_USER_GROUPS} |  sed 's/,/\\n/g' | grep -v \$SERVER_SUBNET_GROUP | grep Jenkins | head -n 1)
                 jenkins_subnet_group=\$(echo ${env.BUILD_USER_GROUPS} |  sed 's/,/\\n/g' | grep -e authenticated -e \$SERVER_SUBNET_GROUP | sort -rf | head -n 1)
                 jenkins_user=\$(echo ${env.BUILD_USER})
-                cd /var/jenkins_home/ansible
+                cd /var/jenkins_home/ansible-windows
-                chmod +x /var/jenkins_home/ansible/inventory/inventory.sh
+                chmod +x /var/jenkins_home/ansible-windows/inventory/inventory.sh
-                /var/jenkins_home/ansible/inventory/inventory.sh -v -s -a \$jenkins_subnet_group -g \$jenkins_group -u \$jenkins_user -i ${params.host_ip} 
+                /var/jenkins_home/ansible-windows/inventory/inventory.sh -v -s -a \$jenkins_subnet_group -g \$jenkins_group -u \$jenkins_user -w ${env.ansible_service_windows_USR} -p ${env.ansible_service_windows_PSW} -i ${params.host_ip} 
 
                 """
             }
@@ -54,22 +43,17 @@ pipeline {
         stage('Ansible Playbook') {
             steps {
                 sh """
+                echo Generate Hash
                 echo ${params.host_ip}
                 hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8)
-                inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml"
 
-                cd /var/jenkins_home/ansible
+                inventory_file="/var/jenkins_home/ansible-windows/.inv/inventory-\$hash.yml"
+                playbook_file="/var/jenkins_home/ansible-windows/playbooks/test.yaml"
 
-                echo ansible-playbook -i \$inventory_file /var/jenkins_home/ansible/playbooks/test.yaml \
+                cd /var/jenkins_home/ansible-windows
-                    --ssh-common-args='-o StrictHostKeyChecking=no'\
+
-                    --extra-vars "saturn_behemoth=${SATURN_BEHEMOTH} linux_ldap_pwd=${LINUX_LDAP_PWD} \
+                ansible-playbook -i \$inventory_file \$playbook_file \
-                                  pxe_proxy_password=${pxe_proxy_password} PXE_API_KEY=${PXE_API_KEY} \
+                    --ssh-common-args='-o StrictHostKeyChecking=no' 
-                                  AUTHORIZED_KEY=${AUTHORIZED_KEY} TERRA_BEHEMOTH_SMB=${TERRA_BEHEMOTH_SMB} \
-                                  CIFS_USERNAME=${env.TERRA_BEHEMOTH_SMB_USR} CIFS_PASSWORD=${env.TERRA_BEHEMOTH_SMB_PSW} \
-                                  MATT_PASSWORD=${env.MATT_PASSWORD} host_ip=${params.host_ip}  \
-                                  matt_public_key='${env.matt_public_key}' matt_private_key='${env.matt_private_key}' \
-                                  cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' \
-                                  vm_party_username_password=${env.vm_party_username_password} }"
                 """
             }
         }
@@ -80,7 +64,7 @@ pipeline {
             // Remove dynamic Inventory file
             sh """
             hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8)
-            inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml"
+            inventory_file="/var/jenkins_home/ansible-windows/.inv/inventory-\$hash.yml"
             rm \$inventory_file
             
             """

playbooks/test.yaml

@@ -0,0 +1,14 @@
+---
+# https://us.fanntik.top/product/fanttik-e1-max-precision-electric-screwdriver-5/
+- name: Ansible Test
+  hosts: all
+  become: yes
+  become_method: runas
+
+  roles:
+
+    - show_user_vars
+
+    - display_hostname
+
+...

roles/display_hostname/tasks/main.yaml

@@ -0,0 +1,12 @@
+---
+
+- name: Check hostname
+  ansible.windows.win_command: hostname
+  register: hostname_output
+
+
+- name: display hostname
+  debug:
+    msg: "Hostname: {{ hostname_output.stdout_lines[0] }}"
+    
+...

roles/show_user_vars/tasks/main.yaml

@@ -0,0 +1,19 @@
+---
+
+
+- name: show user vars
+  debug:
+    msg: 
+      - "User email:"
+      - "{{ jenkins_user}}"
+      - "Jenkins Group:"
+      - "{{ jenkins_group}}"
+      - "SERVER_SUBNET_GROUP:"
+      - "{{ SERVER_SUBNET_GROUP }}"
+      - "subnet_group_check:"
+      - "{{ subnet_group_check }}"
+      - "Host IP:"
+      - "{{ ansible_ssh_host }}"
+
+
+...

roles/storage_api/files/disk_service.py

@@ -0,0 +1,34 @@
+from flask import Flask, jsonify
+import psutil
+
+app = Flask(__name__)
+app.config['JSONIFY_PRETTYPRINT_REGULAR'] = True
+
+def bytes_to_human_readable(bytes):
+    for unit in ['B', 'KB', 'MB', 'GB', 'TB']:
+        if bytes < 1024.0:
+            return f"{bytes:.2f} {unit}"
+        bytes /= 1024.0
+
+def get_disk_info():
+    disk_info = []
+    partitions = psutil.disk_partitions()
+    for partition in partitions:
+        usage = psutil.disk_usage(partition.mountpoint)
+        disk_info.append({
+            'device': partition.device.replace('\\\\', '\\').rstrip('\\'),
+            #'mountpoint': partition.mountpoint,
+            #'fstype': partition.fstype,
+            'total': bytes_to_human_readable(usage.total),
+            'used': bytes_to_human_readable(usage.used),
+            'free': bytes_to_human_readable(usage.free),
+            'percent': usage.percent
+        })
+    return disk_info
+
+@app.route('/disk', methods=['GET'])
+def disk():
+    return jsonify(get_disk_info())
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0', port=5000)

roles/user_check/defaults/main.yaml

@@ -0,0 +1,7 @@
+---
+
+
+ip_check_folder: "/opt/cosmos/ip_check"
+
+
+...

roles/user_check/tasks/main.yaml

@@ -0,0 +1,7 @@
+---
+
+- name: Subnet Security Check
+  #when: 'SERVER_SUBNET_GROUP not in subnet_group_check'
+  include_tasks: user_check.yaml
+
+...

roles/user_check/tasks/user_check.yaml

@@ -0,0 +1,71 @@
+---
+- name: user check
+  delegate_to: localhost 
+  block:
+
+  - name: show user vars
+    debug:
+      msg: 
+        - "User email:"
+        - "{{ jenkins_user}}"
+        - "Jenkins Group:"
+        - "{{ jenkins_group}}"
+        - "SERVER_SUBNET_GROUP:"
+        - "{{ SERVER_SUBNET_GROUP }}"
+        - "subnet_group_check:"
+        - "{{ subnet_group_check }}"
+        - "Host IP:"
+        - "{{ ansible_ssh_host }}"
+
+  # Create venv Folder
+  - name: create ip venv folder
+    file:
+      path: "{{ ip_check_folder }}"
+      state: directory
+      #mode: '0755'
+
+  # Copy venv files
+  - name: copy ip venv files
+    copy:
+      src: subnet_check/
+      dest: "{{ ip_check_folder }}"
+      #mode: 0644
+
+  - name: extract venv
+    unarchive:
+      src: /var/jenkins_home/ansible-files/programs/ip_check_venv.tar.gz
+      dest: "{{ ip_check_folder }}"
+      #mode: 0644
+
+  ## build venv
+  ## commenting and using pre-made archived env to save time
+  #- name: build venv
+  #  pip:
+  #    virtualenv: "{{ ip_check_folder }}/venv"
+  #    requirements: "{{ ip_check_folder }}/requirements.txt"
+  #    virtualenv_command: python3 -m venv
+  #    state: present
+
+  # check if IP is restricted
+  - name: check for restricted IP
+    shell: "{{ ip_check_folder }}/venv/bin/python {{ ip_check_folder }}/ip_check.py {{ ansible_ssh_host }}"
+    args:
+      chdir: "{{ ip_check_folder }}"
+    register: restricted_ip_check
+
+  - name: display output of this 
+    debug:
+      msg: 
+        - "{{ restricted_ip_check.cmd }}"
+        - "{{ restricted_ip_check.stdout_lines }}"
+
+  - name: end play if not admin
+    when: restricted_ip_check.stdout_lines[0] | bool
+    block:
+
+      - name: display warning
+        debug:
+          msg: "Warning: Your user account is not authorized to run playbooks on this subnet."
+      - meta: end_play
+
+...