Commit 3ea83099 authored by Jens Langhammer's avatar Jens Langhammer

initial commit

parents
This diff is collapsed.
#!/bin/bash
SLACK_URL=""
CLIENT="$1" # %c
JOB="$2" # %j
RESULT="$3" # %e
LEVEL="$4" # %l
OK_COLOR="#2FA44F"
ERR_COLOR="#D50200"
if [[ $RESULT == *"OK"* ]]; then
COLOR=$OK_COLOR
else
COLOR=$ERR_COLOR
fi
msg="{\"attachments\": [{\"color\": \"$COLOR\",\"title\": \"$CLIENT\",\"text\": \"$JOB#$LEVEL completed $RESULT\"}]}"
/usr/bin/curl -X POST -H 'Content-type: application/json' --data "$msg" "$SLACK_URL"
#!/usr/bin/python3
import socket
import struct
import subprocess
import sys
import fcntl
current_name = socket.getfqdn()
new_name = sys.argv[1]
def file_replace(file, search_pairs):
with open(file, 'r') as r_file :
filedata = r_file.read()
for search, replace in search_pairs.items():
filedata = filedata.replace(search, replace)
with open(file, 'w') as w_file:
w_file.write(filedata)
def run_output(*args):
p = subprocess.Popen(*args, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
print(p.stderr.read())
print(p.stdout.read())
def get_ip_address(ifname):
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
return socket.inet_ntoa(fcntl.ioctl(
s.fileno(),
0x8915, # SIOCGIFADDR
struct.pack('256s', ifname[:15])
)[20:24])
file_replace('/etc/hosts', {
current_name: new_name,
current_name.split('.')[0]: new_name.split('.')[0]
})
file_replace('/etc/hostname', {
current_name: new_name,
current_name.split('.')[0]: new_name.split('.')[0]
})
file_replace('/etc/mailname', {
current_name: new_name,
current_name.split('.')[0]: new_name.split('.')[0]
})
file_replace('/etc/puppetlabs/puppet/puppet.conf', {
current_name: new_name,
current_name.split('.')[0]: new_name.split('.')[0]
})
run_output(['hostname', new_name])
run_output(['puppet', 'agent', '-t'])
# also print dns update statements
ip = get_ip_address(b'eth0')
rev_ip = '.'.join(ip.split('.')[::-1])
print("update add %s 86400 A %s\n\n"
"update add %s.in-addr.arpa. 86400 IN PTR %s\n\n" \
% (new_name, ip, rev_ip, new_name))
<?php
$config = [
'ldap_server' => 'prd-dc01.corp.beryju.org',
'ldap_suffix' => 'corp.beryju.org',
'ldap_user' => 'ccpanel.service@corp.beryju.org',
'ldap_pass' => '',
'ldap_base' => 'OU=users,OU=beryjuorg,DC=corp,DC=beryju,DC=org'
];
$messages = [];
function _ldap_connect($dn, $pass) {
global $config;
$ldap = ldap_connect($config['ldap_server']);
ldap_start_tls($ldap);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = ldap_bind($ldap, $dn, $pass);
if (!$bind) throw new Exception("Failed to bind as $dn");
return $ldap;
}
function _ldap_search($ldap, $mail) {
global $config;
$mail = ldap_escape($mail, null, LDAP_ESCAPE_FILTER);
$filter = "(mail=$mail)";
$info = ldap_search($ldap, $config['ldap_base'], $filter, ['distinguishedName']);
$data = ldap_get_entries($ldap, $info);
return $data;
}
function _ldap_change_pass($ldap, $dn, $oldpass, $newpass) {
$o_pass = iconv('UTF-8', 'UTF-16LE', '"'.$oldpass.'"');
$n_pass = iconv('UTF-8', 'UTF-16LE', '"'.$newpass.'"');
$modifs = [
[
"attrib" => "unicodePwd",
"modtype" => LDAP_MODIFY_BATCH_REMOVE,
"values" => [$o_pass],
],
[
"attrib" => "unicodePwd",
"modtype" => LDAP_MODIFY_BATCH_ADD,
"values" => [$n_pass],
],
];
return ldap_modify_batch($ldap, $dn, $modifs);
}
function msg($msg, $level = 'info') {
global $messages;
$messages[] = [
'msg' => $msg,
'level' => $level
];
}
function main() {
global $config;
// bind as admin to search all users and get DN from mail
$ldap = _ldap_connect($config['ldap_user'], $config['ldap_pass']);
$users = _ldap_search($ldap, $_POST['email']);
if ($users['count'] > 0) {
$dn = $users[0]['distinguishedname'][0];
$ldap = _ldap_connect($dn, $_POST['cur-pass']);
if ($_POST['new-pass'] !== $_POST['new-rep-pass']) {
msg('Passwords not the same', 'danger');
return;
}
if (_ldap_change_pass($ldap, $dn, $_POST['cur-pass'], $_POST['new-pass'])) {
msg('Password successfully changed', 'success');
} else {
msg('Failed to change password', 'danger');
}
} else {
// user not found
msg('User not found', 'danger');
return;
}
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
main();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>BeryJu.org Password Change</title>
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet">
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<nav class="navbar navbar-default">
<div class="container">
<div class="navbar-header">
<a class="navbar-brand" href="https://beryju.org">BeryJu.org</a>
</div>
</div>
</nav>
<div class="row">
<div class="container">
<div class="messages">
<?php
global $messages;
foreach ($messages as $value) {
echo "<div class=\"alert alert-${value['level']}\" role=\"alert\">${value['msg']}</div>";
}
?>
</div>
<div class="panel panel-default col-md-6 col-md-offset-3 col-sm-12">
<div class="panel-body">
<form action="#" method="POST">
<div class="form-group">
<label for="email">Email address</label>
<input type="email" class="form-control" name="email" placeholder="Email" required>
</div>
<div class="form-group">
<label for="cur-pass">Current Password</label>
<input type="password" class="form-control" name="cur-pass" placeholder="Current Password" required>
</div>
<div class="form-group">
<label for="new-pass">New Password</label>
<input type="password" class="form-control" name="new-pass" placeholder="New Password" required>
</div>
<div class="form-group">
<label for="new-rep-pass">Repeat New Password</label>
<input type="password" class="form-control" name="new-rep-pass" placeholder="Repeat New Password" required>
</div>
<button type="submit" class="btn btn-default btn-lg btn-primary">Change Password</button>
</form>
</div>
</div>
</div>
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</body>
</html>
# Author: William Lam
# Website: www.virtuallyghetto.com
# Product: VMware ESXi
# Description: Python script to call into vSphere MOB to add ESXi host to VC
# Reference: http://www.virtuallyghetto.com/2011/03/how-to-automatically-add-esxi-host-to.html
# Moddified by: Jens Langhammer
# For: https://beryju.org/blog/getting-started-foreman-part-3
# Made script compatible with Foreman
# Get username/password from Foreman parameters
# Get Datacenter/Cluster from Foreman
import sys
import re
import os
import urllib
import urllib2
import base64
import syslog
import socket
# vCenter server
vcenter_server = "<%= @host.params['vcenter-server'] %>"
# vCenter Cluster path
cluster = '/host/'.join("<%= @host.hostgroup %>".split("/")[1:])
# vCenter credentials using syslog.syslog(syslogGhetto + ' Failedencoded base64 password
vc_username = "<%= @host.params['vcenter-join-user'] %>"
vc_encodedpassword = "<%= @host.params['vcenter-join-password'] %>"
vc_password = base64.b64decode(vc_encodedpassword)
# ESX(i) credentials using encoded base64 password
host_username = "root"
host_encodedpasssword = "<%= @host.params['esxi-password'] %>"
host_password = base64.b64decode(host_encodedpasssword)
### DO NOT EDIT PAST HERE ###
# vCenter mob URL for findByInventoryPath
url = "https://" + vcenter_server + "/mob/?moid=SearchIndex&method=findByInventoryPath"
# Create global variables
global passman,authhandler,opener,req,page,page_content,nonce,headers,cookie,params,e_params,syslogGhetto,clusterMoRef
# syslog key for eaiser troubleshooting
syslogGhetto = 'GHETTO-JOIN-VC'
syslog.syslog(syslogGhetto + ' Starting joinvCenter process - ' + url)
# Code to build opener with HTTP Basic Authentication
try:
passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
passman.add_password(None,url,vc_username,vc_password)
authhandler = urllib2.HTTPBasicAuthHandler(passman)
opener = urllib2.build_opener(authhandler)
urllib2.install_opener(opener)
except IOError, e:
opener.close()
syslog.syslog(syslogGhetto + ' Failed HTTP Basic Authentication!')
sys.exit(1)
else:
syslog.syslog(syslogGhetto + ' Succesfully built HTTP Basic Authentication')
# Code to capture required page data and cookie required for post back to meet CSRF requirements
# Thanks to user klich - http://communities.vmware.com/message/1722582#1722582
try:
req = urllib2.Request(url)
page = urllib2.urlopen(req)
page_content= page.read()
except IOError, e:
opener.close()
syslog.syslog(syslogGhetto + ' Failed to retrieve MOB data -> ' + str(e.args))
sys.exit(1)
else:
syslog.syslog(syslogGhetto + ' Succesfully requested MOB data')
# regex to get the vmware-session-nonce value from the hidden form entry
reg = re.compile('name="vmware-session-nonce" type="hidden" value="?([^\s^"]+)"')
nonce = reg.search(page_content).group(1)
# get the page headers to capture the cookie
headers = page.info()
cookie = headers.get("Set-Cookie")
# Code to search for vCenter Cluster
params = {'vmware-session-nonce':nonce,'inventoryPath':cluster}
e_params = urllib.urlencode(params)
req = urllib2.Request(url, e_params, headers={"Cookie":cookie})
page = urllib2.urlopen(req).read()
clusterMoRef = re.search('domain-c[0-9]*',page)
if clusterMoRef:
syslog.syslog(syslogGhetto + ' Succesfully located cluster "' + cluster + '"!')
else:
opener.close()
syslog.syslog(syslogGhetto + ' Failed to find cluster "' + cluster + '"!')
sys.exit(1)
# Code to compute SHA1 hash
cmd = "openssl x509 -sha1 -in /etc/vmware/ssl/rui.crt -noout -fingerprint"
tmp = os.popen(cmd)
tmp_sha1 = tmp.readline()
tmp.close()
s1 = re.split('=',tmp_sha1)
s2 = s1[1]
s3 = re.split('\n', s2)
sha1 = s3[0]
if sha1:
syslog.syslog(syslogGhetto + ' Succesfully computed SHA1 hash: "' + sha1 + '"!')
else:
opener.close()
syslog.syslog(syslogGhetto + ' Failed to compute SHA1 hash!')
sys.exit(1)
# Code to create ConnectHostSpec
xml = '<spec xsi:type="HostConnectSpec"><hostName>%hostname</hostName><sslThumbprint>%sha</sslThumbprint><userName>%user</userName><password>%pass</password><force>1</force></spec>'
# Code to extract IP Address to perform DNS lookup to add FQDN to vCenter
hostip = socket.gethostbyname(socket.gethostname())
if hostip:
syslog.syslog(syslogGhetto + ' Successfully extracted IP Address ' + hostip.strip())
else:
opener.close()
syslog.syslog(syslogGhetto + ' Failed to extract IP Address!')
sys.exit(1)
try:
host = socket.getnameinfo((hostip, 0), 0)[0]
except IOError, e:
syslog.syslog(syslogGhetto + ' Failed to perform DNS lookup for ' + hostipt.strip())
sys.exit(1)
else:
syslog.syslog(syslogGhetto + ' Successfully performed DNS lookup for ' + hostip.strip() + ' is ' + host)
xml = xml.replace("%hostname",host)
xml = xml.replace("%sha",sha1)
xml = xml.replace("%user",host_username)
xml = xml.replace("%pass",host_password)
# Code to join host to vCenter Cluster
try:
url = "https://" + vcenter_server + "/mob/?moid=" + clusterMoRef.group() + "&method=addHost"
params = {'vmware-session-nonce':nonce,'spec':xml,'asConnected':'1','resourcePool':'','license':''}
syslog.syslog(syslogGhetto + ' ' + url)
e_params = urllib.urlencode(params)
req = urllib2.Request(url, e_params, headers={"Cookie":cookie})
page = urllib2.urlopen(req).read()
except IOError, e:
opener.close()
syslog.syslog(syslogGhetto + ' Failed to join vCenter!')
syslog.syslog(syslogGhetto + ' HOSTNAME: ' + host)
syslog.syslog(syslogGhetto + ' USERNAME: ' + host_username)
sys.exit(1)
else:
syslog.syslog(syslogGhetto + ' Succesfully joined vCenter!')
syslog.syslog(syslogGhetto + ' Logging off vCenter')
url = "https://" + vcenter_server + "/mob/?moid=SessionManager&method=logout"
params = {'vmware-session-nonce':nonce}
e_params = urllib.urlencode(params)
req = urllib2.Request(url, e_params, headers={"Cookie":cookie})
page = urllib2.urlopen(req).read()
sys.exit(0)
#!/bin/bash
PUPPETMASTER="foreman.home.beryju.org"
wget https://apt.puppetlabs.com/puppetlabs-release-pc1-jessie.deb
dpkg -i puppetlabs-release-pc1-jessie.deb
rm puppetlabs-release-pc1-jessie.deb
apt-get update
apt-get install puppet augtool -y
augtool -s set /files/etc/puppetlabs/puppet/puppet.conf/agent/server $PUPPETMASTER
augtool -s set /files/etc/puppetlabs/puppet/puppet.conf/agent/environment production
augtool -s set /files/etc/puppetlabs/puppet/puppet.conf/agent/ca_server $PUPPETMASTER
augtool -s set /files/etc/puppetlabs/puppet/puppet.conf/agent/certname `hostname -f`
augtool -s set /files/etc/puppetlabs/puppet/puppet.conf/main/pluginsync true
augtool -s set /files/etc/puppetlabs/puppet/puppet.conf/main/listen true
/opt/puppetlabs/puppet/bin/puppet agent --test
# run puppet cert list and puppet cert sign on your master
<?php
$path = '/srv/drbd/sites/i.beryju.org/';
$uri = 'https://i.beryju.org/';
echo("$uri");
if(isset($_POST['imagedata']) && strlen($_POST['imagedata'])) {
$imagedata = $_POST['imagedata'];
}
elseif(isset($_FILES['imagedata']) && is_uploaded_file($_FILES['imagedata']['tmp_name'])) {
$imagedata = file_get_contents($_FILES['imagedata']['tmp_name']);
}
else {
error_log("No image data?");
return;
}
$filename = hash("sha512", $imagedata);
move_uploaded_file($_FILES['imagedata']['tmp_name'], "{$path}{$filename}.png");
syslog(LOG_NOTICE, "gyazo {$filename} from {$_SERVER['HTTP_X_FORWARDED_FOR']}");
echo "{$filename}.png";
?>
#!/bin/bash
# credit to /u/fattylewis for the inital script
# takes hostname of ipmi (DRAC/iLO/IPMI) as first param
# Improvments
# - Multiple Hosts
# - Support for influxdb
# As this will be running as a cronjob we need to set the PATH's
GRAPHITE_HOST="localhost"
GRAPHITE_PORT=2003
INFLUX_HOST=""
INFLUX_PORT=8086
INFLUX_DB=""
PREFIX="ipmi"
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=`echo $1 | sed 's/\./\\_/g'`
# Pull the data we want from the HP machine, Via IPMITOOL
OUT=$(/usr/bin/ipmitool -I lanplus -H "$1" -U ipmitool -P ipmitool sensor)
# Select what we are sending to Graphite
echo "$OUT" | while read LINE;
do
NAME=$(echo $LINE | cut -d "|" -f 1 | xargs | sed 's/ /\_/g' | sed 's/\./\_/g')
VALUE=$(echo $LINE | cut -d "|" -f 2 | xargs)
if [ "$VALUE" != "na" ]; then
if [[ ! -z "$GRAPHITE_HOST" ]]; then
# Write to graphite if $GRAPHITE_HOST is set
echo "$PREFIX.$HOSTNAME.$NAME ${VALUE} `date +%s`" | nc -q0 "$GRAPHITE_HOST" $GRAPHITE_PORT
elif [[ ! -z "$INFLUX_HOST" ]]; then
# Rewrite Hex to dec if $VALUE is hex
if [[ $VALUE == *x* ]]; then
VALUE=$((16#${VALUE:2}))
fi
# Write to influxdb if $INFLUX_HOST is set
curl -i -XPOST "http://$INFLUX_HOST:$INFLUX_PORT/write?db=$INFLUX_DB" --data-binary "$PREFIX,HOSTNAME=$HOSTNAME,NAME=$NAME value=$VALUE"
fi
fi
done
Write-Host "This script will change the Syslog Server on all hosts within a vCenter, restart Syslog, and open any required ports."
Write-Host
$syslogServer = Read-Host "Enter new Syslog Server. e.g. udp://10.0.0.1:514"
Write-Host
foreach ($vmHost in get-VMHost) {
#Display the ESXi Host being modified
Write-Host 'host = ' $vmHost
#Set the Syslog Server
Set-VMHostSysLogServer -SysLogServer $syslogServer -VMHost $vmHost
#Restart the syslog service
$esxcli = Get-EsxCli -VMHost $vmHost
$esxcli.system.syslog.reload()
#Open firewall ports
Get-VMHostFirewallException -Name "syslog" -VMHost $vmHost | set-VMHostFirewallException -Enabled:$true
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment