antoine/zx_ansible_tools
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

readd directory

Browse Source
This commit is contained in:
Antoine Ouvrard
2023-03-09 17:29:50 +01:00
parent be5eb0822b
commit 3fe3b6e90a
23 changed files with 1016 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ansible-supervision/.gitignore
+1
View File
@@ -0,0 +1 @@
*vault*pass*
ansible-supervision/README.md
+18
View File
@@ -0,0 +1,18 @@
# Dépot de script ansible pour la supervision
Le but de ce dépot est de mettre a dispo toute la configuration de la supervision TIG (Telegraf-InfluxDB-Grafana)
## Mise en place
Installer le paquet `ansible` sur votre poste.
### Ansible Vault pour chiffrer les données sensibles (nécessaire que si vous manipuler des données chiffré)
Créer un fichier `vault_passwd` à la racine du projet et mettre le même mot de passe que le keepass interne dedans.
Pas d'inquiétude il est dans le gitignore.
## Éxecuter une action
Alors il vous faut 2 choses:
* le ROLE: qu'est ce que vous voulez faire.
Vous trouverez la liste des roles dispo dans le dossier `roles` et notez le tag lié au role que vous souhaitez éxecuter
* la machine sur laquelle tu souhaite lancer le role que tu trouvera dans le fichier inventory à la racine du projet
Après ca tu peu lancer la commande
`ansible-playbook playbook.yml -i inventory --tag nom-du-tag-dans-playbook -l nom-de-la-machine-dans-inventory`
ansible-supervision/ansible.cfg
+4
View File
@@ -0,0 +1,4 @@
[defaults]
vault_password_file = vault_passwd ;set l'emplacement du mot de pass principal
stdout_callback = yaml ;améliore la lisibilité des logs d'erreur ansible
host_key_checking = False
ansible-supervision/inventory
+19
View File
@@ -0,0 +1,19 @@
[telegraf]
zimbra-labs-antoine ansible_user=antoine ansible_host=192.168.73.63 ansible_become=true ansible_sudo_pass=tototititata
zimbra-labs-luis ansible_user=zimbraluis ansible_host=zimbraluis.zextras.lan ansible_become=true ansible_ssh_pass=zimbraluis ansible_sudo_pass=zimbraluis
[saas]
saas-zstore01 ansible_user=luis.millet ansible_host=zstore01.int.onzextras.fr ansible_become=true
saas-zstore02 ansible_user=luis.millet ansible_host=zstore02.int.onzextras.fr ansible_become=true
saas-zstore90 ansible_user=luis.millet ansible_host=zstore90.int.onzextras.fr ansible_become=true
saas-zldap01 ansible_user=luis.millet ansible_host=zldap01.int.onzextras.fr ansible_become=true
saas-zldap02 ansible_user=luis.millet ansible_host=zldap02.int.onzextras.fr ansible_become=true
saas-zmtain01 ansible_user=luis.millet ansible_host=zmtain01.int.onzextras.fr ansible_become=true
saas-zmtain02 ansible_user=luis.millet ansible_host=zmtain02.int.onzextras.fr ansible_become=true
saas-zmtaout01 ansible_user=luis.millet ansible_host=zmtaout01.int.onzextras.fr ansible_become=true
saas-zproxy01 ansible_user=luis.millet ansible_host=zproxy01.int.onzextras.fr ansible_become=true
saas-zproxy02 ansible_user=luis.millet ansible_host=zproxy02.int.onzextras.fr ansible_become=true
saas-zproxy09 ansible_user=luis.millet ansible_host=zproxy09.int.onzextras.fr ansible_become=true
ansible-supervision/inventory_artois
+30
View File
@@ -0,0 +1,30 @@
[univ_artois]
z-ldap ansible_host=z-lda-49-220.univ-artois.fr ansible_user=root
z-ldap01 ansible_host=z-ldap01.univ-artois.fr ansible_user=root
z-ldap02 ansible_host=z-ldap02.univ-artois.fr ansible_user=root
z-mta00 ansible_host=z-mta00.univ-artois.fr ansible_user=root
z-mta01 ansible_host=z-mta01.univ-artois.fr ansible_user=root
z-mta02 ansible_host=z-mta02.univ-artois.fr ansible_user=root
z-mta03 ansible_host=z-mta03.univ-artois.fr ansible_user=root
z-store-49-248 ansible_host=z-sto-49-208.univ-artois.fr ansible_user=root
z-store01 ansible_host=z-store01.univ-artois.fr ansible_user=root
z-store02 ansible_host=z-store02.univ-artois.fr ansible_user=root
z-store03 ansible_host=z-store03.univ-artois.fr ansible_user=root
z-store04 ansible_host=z-store04.univ-artois.fr ansible_user=root
z-store05 ansible_host=z-store05.univ-artois.fr ansible_user=root
z-store06 ansible_host=z-store06.univ-artois.fr ansible_user=root
z-store07 ansible_host=z-sto-49-227.univ-artois.fr ansible_user=root
z-store08 ansible_host=z-sto-49-229.univ-artois.fr ansible_user=root
z-store10 ansible_host=z-store10.univ-artois.fr ansible_user=root
z-store11 ansible_host=z-store11.univ-artois.fr ansible_user=root
z-pro-2-7 ansible_host=z-pro-2-7.univ-artois.fr ansible_user=root
z-pro-2-8 ansible_host=z-pro-2-8.univ-artois.fr ansible_user=root
zzextrasbcknfs ansible_host=zzextrasbcknfs.univ-artois.fr ansible_user=root
#zimbra-ldap ansible_host=zimbra-ldap.univ-artois.fr ansible_user=root #OpenSSH_5.3 #Offering RSA public key: /root/.ssh/id_rsa
#zimbra-proxy00 ansible_host=zimbra-proxy00.univ-artois.fr ansible_user=root #OpenSSH_5.3 #Offering RSA public key: /root/.ssh/id_rsa
#zimbra-web00 ansible_host=zimbra-web00.univ-artois.fr ansible_user=root #OpenSSH_5.3 #Offering RSA public key: /root/.ssh/id_rsa
zimbra-syndicats ansible_host=z-syndicats.univ-artois.fr ansible_user=root
#zimbra8.8 ansible_host=zimbra.univ-artois.fr ansible_user=root
[univ_artois:vars]
ansible_ssh_common_args='-J root@z-admin.univ-artois.fr'
ansible-supervision/playbook.yml
+20
View File
@@ -0,0 +1,20 @@
---
- name: Zimbra Lab Antoine
hosts: zimbra-labs-antoine
roles:
- role: set-config-telegraf
- name: Zimbra Lab Luis
hosts: zimbra-labs-luis
roles:
- role: set-config-telegraf
- name: Zimbra Univ Artois
hosts: univ_artois
roles:
- role: do-audit
- name: Saas FR
hosts: saas
roles:
- role: set-config-telegraf
ansible-supervision/recup_info_zimbra/go.mod
+12
View File
@@ -0,0 +1,12 @@
module recup_info_zimbra
go 1.18
require (
github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e // indirect
github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
github.com/go-ldap/ldap v3.0.3+incompatible // indirect
github.com/go-ldap/ldap/v3 v3.4.4 // indirect
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
)
ansible-supervision/recup_info_zimbra/go.sum
+25
View File
@@ -0,0 +1,25 @@
github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU=
github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A=
github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
github.com/go-ldap/ldap v3.0.3+incompatible h1:HTeSZO8hWMS1Rgb2Ziku6b8a7qRIZZMHjsvuZyatzwk=
github.com/go-ldap/ldap v3.0.3+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
github.com/go-ldap/ldap/v3 v3.4.4 h1:qPjipEpt+qDa6SI/h1fzuGWoRUY+qqQ9sOZq67/PYUs=
github.com/go-ldap/ldap/v3 v3.4.4/go.mod h1:fe1MsuN5eJJ1FeLT/LEBVdWfNWKh459R7aXgXtJC+aI=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
ansible-supervision/recup_info_zimbra/pkg/ldap/ldap.go
+78
View File
@@ -0,0 +1,78 @@
package ldap
import (
"fmt"
"log"
"github.com/go-ldap/ldap/v3"
)
type TypesearchCount struct {
ResultDest *int
SearchLdap string
LdapAttrs []string
}
type TypesearchLdapValues struct {
ResultDest *string
SearchLdap string
LdapAttrs []string
}
func SearchLdapVal(l *ldap.Conn, search TypesearchLdapValues, attrValue string) {
result, err := Search(l, search.SearchLdap, search.LdapAttrs)
if err != nil {
log.Fatal(err)
}
for _, entry := range result.Entries {
for _, cn := range entry.GetAttributeValues(attrValue) {
*search.ResultDest = cn
}
}
}
func SearchLdapCount(l *ldap.Conn, search TypesearchCount) {
result, err := Search(l, search.SearchLdap, search.LdapAttrs)
if err != nil {
log.Fatal(err)
}
*search.ResultDest = len(result.Entries)
}
// Ldap Connection without TLS
func Connect(FQDN string, BindUsername string, BindPassword string) (*ldap.Conn, error) {
// You can also use IP instead of FQDN
l, err := ldap.DialURL(fmt.Sprintf("ldap://%s:389", FQDN))
l.Bind(BindUsername, BindPassword)
if err != nil {
return nil, err
}
return l, nil
}
// Normal Search
func Search(l *ldap.Conn, filter string, ldapAttrs []string) (*ldap.SearchResult, error) {
searchReq := ldap.NewSearchRequest(
"",
ldap.ScopeWholeSubtree,
0,
0,
0,
false,
filter,
ldapAttrs,
nil,
)
result, err := l.Search(searchReq)
if err != nil {
return nil, fmt.Errorf("error: %s", err)
}
if len(result.Entries) >= 0 {
return result, nil
} else {
return nil, fmt.Errorf("couldn't fetch search entries")
}
}
ansible-supervision/recup_info_zimbra/pkg/zimbra/localconfig.go
+61
View File
@@ -0,0 +1,61 @@
package zimbra
import (
"bytes"
"encoding/xml"
"io"
"os"
"path/filepath"
)
type Localconfig struct {
XMLName xml.Name `xml:"localconfig"`
LocalconfigKeys []LocalconfigKey `xml:"key"`
}
type LocalconfigKey struct {
XMLName xml.Name `xml:"key"`
Name string `xml:"name,attr"`
Value string `xml:"value"`
}
var localConfigData map[string]string
func ReadLocalConfig(basePath string) error {
filePath := filepath.Join(basePath, "conf/localconfig.xml")
xmlFile, errOpen := os.Open(filePath)
if errOpen != nil {
return errOpen
}
defer xmlFile.Close()
var buf bytes.Buffer
_, errCopy := io.Copy(&buf, xmlFile)
if errCopy != nil {
return errCopy
}
var data Localconfig
errXml := xml.Unmarshal(buf.Bytes(), &data)
if errXml != nil {
return errXml
}
localConfigData = make(map[string]string)
for _, key := range data.LocalconfigKeys {
localConfigData[key.Name] = key.Value
}
return nil
}
func Get(param string) (string, bool) {
value, ok := localConfigData[param]
return value, ok
}
ansible-supervision/recup_info_zimbra/pkg/zxsuite/zxsuite.go
+22
View File
@@ -0,0 +1,22 @@
package zxsuite
import (
"log"
"os/exec"
)
func CmdZxSuite(module string, cmd string) ([]byte, error) {
outputZx, err := exec.Command("sudo", "-u", "zimbra", "/opt/zimbra/bin/zxsuite", "--json", module, cmd).Output()
if err != nil {
log.Fatal(err)
}
return outputZx, nil
}
func CmdZmcontrol(cmd string) ([]byte, error) {
outputZmcontrol, err := exec.Command("sudo", "-u", "zimbra", "/opt/zimbra/bin/zmcontrol", cmd).Output()
if err != nil {
log.Fatal(err)
}
return outputZmcontrol, nil
}
ansible-supervision/recup_info_zimbra/recup_info_zimbra
Executable
BIN
View File
Binary file not shown.
ansible-supervision/recup_info_zimbra/recup_info_zimbra.go
+355
View File
@@ -0,0 +1,355 @@
package main
import (
"encoding/json"
"flag"
"fmt"
"log"
"os"
"strings"
"recup_info_zimbra/pkg/ldap"
"recup_info_zimbra/pkg/zimbra"
"recup_info_zimbra/pkg/zxsuite"
)
const (
BindUsername = "uid=zimbra,cn=admins,cn=zimbra"
PathZimbra = "/opt/zimbra"
BaseDN = "uid=zimbra,cn=admins,cn=zimbra"
)
type TemplateJsonInfluxDaily struct {
FluxZimbra struct {
FluxZimbraStore TypeFluxZimbraVersion `json:"flux_zimbra_store"`
FluxZimbraZextras TypeResponse `json:"flux_zimbra_zextras"`
} `json:"flux_zimbra"`
}
type TemplateJsonInfluxHourly struct {
FluxZimbra struct {
FluxZimbraLdap TypeFluxZimbraLdap `json:"flux_zimbra_ldap"`
FluxZimbraProxy TypeFluxZimbraProxy `json:"flux_zimbra_proxy"`
FluxZimbraMta TypeFluxZimbraMta `json:"flux_zimbra_mta"`
FluxZimbraStore TypeFluxZimbraStore `json:"flux_zimbra_store"`
} `json:"flux_zimbra"`
}
// STRUCT LDAP
type TypeFluxZimbraLdap struct {
NumberCos int `json:"number_cos"`
NumberDomain int `json:"number_domain"`
NumberAliasDomain int `json:"number_alias_domain"`
NumberLdapServer int `json:"number_ldap_server"`
NameLdapServer string `json:"name_ldap_server"`
}
// STRUCT PROXY
type TypeFluxZimbraProxy struct {
NumberProxyServer int `json:"number_proxy_server"`
NameProxyServer string `json:"name_proxy_server"`
}
// STRUCT MTA
type TypeFluxZimbraMta struct {
NumberMtaServer int `json:"number_mta_server"`
NameMtaServer string `json:"name_mta_server"`
}
// STRUCT STORE
type TypeFluxZimbraStore struct {
NumberDl int `json:"number_dl"`
NumberAccount int `json:"number_account"`
NumberAdminAccount int `json:"number_admin_account"`
NumberResourceEquipment int `json:"number_resource_equipment"`
NumberResourceLocation int `json:"number_resource_location"`
NumberActiveAccount int `json:"number_active_account"`
NumberMaintenanceAccount int `json:"number_maintenance_account"`
NumberLockedAccount int `json:"number_locked_account"`
NumberClosedAccount int `json:"number_closed_account"`
NumberLockoutAccount int `json:"number_lockout_account"`
NumberPendingAccount int `json:"number_pending_account"`
NumberStoreServer int `json:"number_store_server"`
NameStoreServer string `json:"name_store_server"`
}
type TypeFluxZimbraVersion struct {
System string `json:"system"`
Version string `json:"version"`
Edition string `json:"edition"`
Patch string `json:"patch"`
}
type TypeResponse struct {
ZextrasVersion string `json:"zextras_version"`
ZextrasCommit string `json:"zextras_commit"`
ZalVersion string `json:"zal_version"`
ZalCommit string `json:"zal_commit"`
DateStart int64 `json:"dateStart"`
DateEnd int64 `json:"dateEnd"`
Expired bool `json:"expired"`
Type string `json:"type"`
Customer string `json:"customer"`
Reseller string `json:"reseller"`
Company string `json:"company"`
OrderID string `json:"order_id"`
AccountCount int `json:"accountCount"`
LicensedUsers string `json:"licensedUsers"`
NotYetValid bool `json:"notYetValid"`
IsWithinGraceInterval bool `json:"isWithinGraceInterval"`
TeamchatActiveCount int `json:"teamchatActiveCount"`
TeamchatBasicActive bool `json:"teamchatBasicActive"`
Modules struct {
ZxBackup struct {
Quantity string `json:"quantity"`
Licensed bool `json:"licensed"`
} `json:"ZxBackup"`
ZxMobile struct {
Quantity string `json:"quantity"`
Licensed bool `json:"licensed"`
} `json:"ZxMobile"`
ZxAdmin struct {
Quantity string `json:"quantity"`
Licensed bool `json:"licensed"`
} `json:"ZxAdmin"`
ZxPowerstore struct {
Quantity string `json:"quantity"`
Licensed bool `json:"licensed"`
EnabledOnNE bool `json:"enabledOnNE"`
} `json:"ZxPowerstore"`
SproxyD struct {
Quantity string `json:"quantity"`
Licensed bool `json:"licensed"`
EnabledOnNE bool `json:"enabledOnNE"`
} `json:"SproxyD"`
ZxDrive struct {
Quantity string `json:"quantity"`
Licensed bool `json:"licensed"`
} `json:"ZxDrive"`
ZxDocs struct {
Quantity string `json:"quantity"`
Licensed bool `json:"licensed"`
} `json:"ZxDocs"`
ZxChat struct {
Quantity string `json:"quantity"`
Licensed bool `json:"licensed"`
} `json:"ZxChat"`
ZxHA struct {
Quantity string `json:"quantity"`
Licensed bool `json:"licensed"`
} `json:"ZxHA"`
} `json:"modules"`
ServerID string `json:"serverID"`
CanRemoveChatBrand bool `json:"canRemoveChatBrand"`
Exists bool `json:"exists"`
Readable bool `json:"readable"`
Valid bool `json:"valid"`
Empty bool `json:"empty"`
Lockok bool `json:"lockok"`
Writable bool `json:"writable"`
AvailableSpaceForBlobs int `json:"availableSpaceForBlobs"`
AvailableSpaceForMetadata int `json:"availableSpaceForMetadata"`
CaseSensitive bool `json:"caseSensitive"`
BackupStat struct {
Scan struct {
FirstScan int `json:"firstScan"`
FirstZeXtrasBuild string `json:"firstZeXtrasBuild"`
FirstZimbraVersion string `json:"firstZimbraVersion"`
NumNewAccounts int `json:"numNewAccounts"`
NumBackupedItems int `json:"numBackupedItems"`
NumSkippedAccounts int `json:"numSkippedAccounts"`
NumCheckedItems int `json:"numCheckedItems"`
FirstZeXtrasVersion string `json:"firstZeXtrasVersion"`
LastZimbraVersion string `json:"lastZimbraVersion"`
NumActiveBackupedAccounts int `json:"numActiveBackupedAccounts"`
NumContentFiles int `json:"numContentFiles"`
NumUpAccounts int `json:"numUpAccounts"`
LastScan int `json:"lastScan"`
LastZeXtrasBuild string `json:"lastZeXtrasBuild"`
NumNewItems int `json:"numNewItems"`
LastDeepScan int `json:"lastDeepScan"`
NumDeletedAccounts int `json:"numDeletedAccounts"`
NumCheckedAccounts int `json:"numCheckedAccounts"`
ItemsPerSecond int `json:"itemsPerSecond"`
NumDeletedItems int `json:"numDeletedItems"`
LastZeXtrasVersion string `json:"lastZeXtrasVersion"`
NumUpItems int `json:"numUpItems"`
} `json:"scan"`
Purge struct {
NumTotalAccounts int `json:"numTotalAccounts"`
NumPurgedItems int `json:"numPurgedItems"`
NumPurgedAccounts int `json:"numPurgedAccounts"`
NumCheckedItems int `json:"numCheckedItems"`
NumPurgedServerConf int `json:"numPurgedServerConf"`
NumCheckedAccounts int `json:"numCheckedAccounts"`
ItemsPerSecond int `json:"itemsPerSecond"`
NumPurgedDigests int `json:"numPurgedDigests"`
} `json:"purge"`
} `json:"backupStat"`
DataPath string `json:"dataPath"`
}
type TemplateGetVersion struct {
Ok bool `json:"ok"`
Response TypeResponse `json:"response"`
}
func main() {
error := zimbra.ReadLocalConfig(PathZimbra)
if error != nil {
log.Fatal(error)
}
FQDN, _ := zimbra.Get("zimbra_server_hostname")
ldapHost, _ := zimbra.Get("ldap_host")
BindPassword, _ := zimbra.Get("zimbra_ldap_password")
var outputJsonDaily TemplateJsonInfluxDaily
var outputJsonHourly TemplateJsonInfluxHourly
SearchAccount := "(&(objectClass=zimbraAccount)(!(zimbraIsSystemAccount=TRUE))(!(zimbraIsSystemResource=TRUE))(zimbraMailHost=" + FQDN + ")"
AccountFilter := SearchAccount + ")"
SearchServer := "(&(objectClass=zimbraServer)(cn=" + FQDN + ")"
typesearchldap := []ldap.TypesearchCount{
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraLdap.NumberCos,
SearchLdap: "(&(objectClass=zimbraCos))",
LdapAttrs: []string{"cn"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraLdap.NumberDomain,
SearchLdap: "(&(objectClass=zimbraDomain)(zimbraDomainType=local))",
LdapAttrs: []string{"zimbraDomainName"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraLdap.NumberAliasDomain,
SearchLdap: "(&(objectClass=zimbraDomain)(zimbraDomainType=alias))",
LdapAttrs: []string{"zimbraDomainName"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraLdap.NumberLdapServer,
SearchLdap: SearchServer + "(zimbraServiceEnabled=ldap))",
LdapAttrs: []string{"cn"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraProxy.NumberProxyServer,
SearchLdap: SearchServer + "(zimbraServiceEnabled=proxy))",
LdapAttrs: []string{"cn"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraMta.NumberMtaServer,
SearchLdap: SearchServer + "(zimbraServiceEnabled=mta))",
LdapAttrs: []string{"cn"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NumberDl,
SearchLdap: "(&(objectclass=zimbradistributionlist)(zimbramailhost=" + FQDN + "))",
LdapAttrs: []string{"zimbraMailAlias"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NumberAccount,
SearchLdap: AccountFilter,
LdapAttrs: []string{"zimbraMailDeliveryAddress"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NumberAdminAccount,
SearchLdap: "(&(objectClass=zimbraAccount)(zimbraIsAdminAccount=TRUE)(zimbraMailHost=" + FQDN + "))",
LdapAttrs: []string{"zimbraMailDeliveryAddress"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NumberResourceEquipment,
SearchLdap: SearchAccount + "(zimbraCalResType=Equipment))",
LdapAttrs: []string{"zimbraMailDeliveryAddress"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NumberResourceLocation,
SearchLdap: SearchAccount + "(zimbraCalResType=Location))",
LdapAttrs: []string{"zimbraMailDeliveryAddress"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NumberActiveAccount,
SearchLdap: SearchAccount + "(zimbraAccountStatus=active))",
LdapAttrs: []string{"zimbraMailDeliveryAddress"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NumberMaintenanceAccount,
SearchLdap: SearchAccount + "(zimbraAccountStatus=maintenance))",
LdapAttrs: []string{"zimbraMailDeliveryAddress"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NumberLockedAccount,
SearchLdap: SearchAccount + "(zimbraAccountStatus=locked))",
LdapAttrs: []string{"zimbraMailDeliveryAddress"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NumberClosedAccount,
SearchLdap: SearchAccount + "(zimbraAccountStatus=closed))",
LdapAttrs: []string{"zimbraMailDeliveryAddress"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NumberLockoutAccount,
SearchLdap: SearchAccount + "(zimbraAccountStatus=lockout))",
LdapAttrs: []string{"zimbraMailDeliveryAddress"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NumberPendingAccount,
SearchLdap: SearchAccount + "(zimbraAccountStatus=pending))",
LdapAttrs: []string{"zimbraMailDeliveryAddress"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NumberStoreServer,
SearchLdap: SearchServer + "(zimbraServiceEnabled=mailbox))",
LdapAttrs: []string{"cn"}},
}
typesearchldapval := []ldap.TypesearchLdapValues{
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraLdap.NameLdapServer,
SearchLdap: SearchServer + "(zimbraServiceEnabled=ldap))",
LdapAttrs: []string{"cn"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraProxy.NameProxyServer,
SearchLdap: SearchServer + "(zimbraServiceEnabled=proxy))",
LdapAttrs: []string{"cn"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraMta.NameMtaServer,
SearchLdap: SearchServer + "(zimbraServiceEnabled=mta))",
LdapAttrs: []string{"cn"}},
{
ResultDest: &outputJsonHourly.FluxZimbra.FluxZimbraStore.NameStoreServer,
SearchLdap: SearchServer + "(zimbraServiceEnabled=mailbox))",
LdapAttrs: []string{"cn"}},
}
// Non-TLS Connection
l, err := ldap.Connect(ldapHost, BindUsername, BindPassword)
if err != nil {
log.Fatal(err)
}
defer l.Close()
daily := flag.Bool("daily", false, "Daily excecution")
hourly := flag.Bool("hourly", false, "Hourly excecution")
flag.Parse()
if *daily {
outputZxVers, _ := zxsuite.CmdZxSuite("core", "getVersion")
outputZxLicense, _ := zxsuite.CmdZxSuite("core", "getLicenseInfo")
outputZxBackup, _ := zxsuite.CmdZxSuite("backup", "getBackupInfo")
outputZmVers, _ := zxsuite.CmdZmcontrol("-v")
rOut := strings.Split(strings.Replace(string(outputZmVers), "\n", "", -1), " ")
version := strings.Split(string(rOut[6]), "_")
patch := strings.Split(string(version[1]), ".")
outputJsonDaily.FluxZimbra.FluxZimbraStore.System = rOut[2]
outputJsonDaily.FluxZimbra.FluxZimbraStore.Version = version[0]
outputJsonDaily.FluxZimbra.FluxZimbraStore.Edition = rOut[3]
outputJsonDaily.FluxZimbra.FluxZimbraStore.Patch = patch[0]
var templategetversion TemplateGetVersion
json.Unmarshal([]byte(outputZxVers), &templategetversion)
json.Unmarshal([]byte(outputZxLicense), &templategetversion)
json.Unmarshal([]byte(outputZxBackup), &templategetversion)
outputJsonDaily.FluxZimbra.FluxZimbraZextras = templategetversion.Response
out, _ := json.Marshal(outputJsonDaily)
fmt.Println(string(out))
} else if *hourly {
for _, s := range typesearchldap {
ldap.SearchLdapCount(l, s)
}
for _, s := range typesearchldapval {
ldap.SearchLdapVal(l, s, "cn")
}
out, _ := json.Marshal(outputJsonHourly)
fmt.Println(string(out))
} else {
flag.Usage()
os.Exit(1)
}
}
ansible-supervision/roles/do-audit/files/get_info.sh
+19
View File
@@ -0,0 +1,19 @@
#!/bin/bash
echo "====Informations générales===="
echo "Nombre de CPU: " $(grep processor /proc/cpuinfo | wc -l)
echo 'Mémoire RAM en Go: ' $(echo "scale=2; $(grep MemTotal /proc/meminfo |awk '{print $2}') / 1024^2" | bc)
echo "OS: " $(cat /etc/redhat-release)
echo "Noyau: " $(uname -r)
echo "Zimbra: " $(sudo -u zimbra /opt/zimbra/bin/zmcontrol -v)
echo ""
echo "====Arborescence des périphérique de stockage===="
lsblk -fe7
echo ""
echo "====Utilisation du système de fichier===="
df -H
echo ""
echo "====Information concernant les cartes réseau===="
ip a
echo ""
echo "====Liste des zimlets installées sur ce serveur===="
awk '/Installed Zimlets in LDAP:/{exit}1' < <(sudo -u zimbra /opt/zimbra/bin/zmzimletctl listzimlets)
ansible-supervision/roles/do-audit/tasks/main.yml
+11
View File
@@ -0,0 +1,11 @@
---
#- name: set script
# ansible.builtin.copy:
# src: get_info.sh
# dest: /root/tmp.sh
# mode: 0700
- name: delete script
ansible.builtin.file:
path: /root/tmp.sh
state: absent
ansible-supervision/roles/set-config-telegraf/files/recup_info_zimbra
Executable
BIN
View File
Binary file not shown.
ansible-supervision/roles/set-config-telegraf/files/zimbra_one_per_day.sh
+71
View File
@@ -0,0 +1,71 @@
#!/bin/bash
# Script qui met en forme des données d'un serveur zimbra au format influxdb
# Ce script est éxecuté une fois par jour
OUTPUT_LINE="zimbra_one_per_day "
##############################################################
## Info de Version
##############################################################
version_install_full=$(dpkg -s zimbra-patch | egrep '^Version:' | sed -e 's/Version: //')
version_install_array=(${version_install_full//./ })
release=${version_install_array[0]}.${version_install_array[1]}.${version_install_array[2]}
patch=${version_install_array[4]}
edition=$([ -e "/opt/zimbra/bin/zmbackupquery" ] && echo NETWORK || echo FOSS)
OUTPUT_LINE+="release=\"$release\",edition=\"$edition\",patch=\"$patch\","
##############################################################
## Récup les 5 plus gros compte
##############################################################
top5_biggest_account=$(echo "select comment,size_checkpoint from mailbox order by size_checkpoint desc limit 5;" | /opt/zimbra/bin/mysql zimbra)
OUTPUT_LINE+="top5_biggest_account=\"$top5_biggest_account\","
##############################################################
## Le nombre de serveurs
##############################################################
zimbra_number_of_servers=$(sh -c "/opt/zimbra/bin/zmprov gas |wc -l")
OUTPUT_LINE+="zimbra_number_of_servers=\"$zimbra_number_of_servers\","
##############################################################
## Le nombre de domaines
##############################################################
zimbra_number_of_domain=$(sh -c "/opt/zimbra/bin/zmprov gad |wc -l")
OUTPUT_LINE+="zimbra_number_of_domain=\"$zimbra_number_of_domain\","
##############################################################
## Total de compte admin
##############################################################
nb_admin_total=$(sh -c "/opt/zimbra/bin/zmprov gaaa |wc -l")
OUTPUT_LINE+="zimbra_number_of_administrator=\"$nb_admin_total\","
##############################################################
## Total de liste de diffusion
##############################################################
zimbra_number_of_list=$(sh -c "/opt/zimbra/bin/zmprov gadl |wc -l")
OUTPUT_LINE+="zimbra_number_of_list=\"$zimbra_number_of_list\","
##############################################################
## Nombre de compte supprimé
##############################################################
zimbra_account_closed=$(sh -c "/opt/zimbra/bin/zmprov searchAccounts zimbraAccountStatus=*closed* | wc -l")
OUTPUT_LINE+="zimbra_account_closed=\"$zimbra_account_closed\","
##############################################################
## Info certificat ssl
##############################################################
zimbra_crt_info=$(sh -c "sudo -u telegraf sudo -u zimbra /opt/zimbra/bin/zmcertmgr viewdeployedcrt")
OUTPUT_LINE+="zimbra_crt_info=\"$zimbra_crt_info\""
##############################################################
## Fin du script
##############################################################
echo "$OUTPUT_LINE"
ansible-supervision/roles/set-config-telegraf/files/zimbra_one_per_hour.sh
+67
View File
@@ -0,0 +1,67 @@
#!/bin/bash
# Script qui met en forme des données d'un serveur zimbra au format influxdb
# Ce script est éxecuté une fois par heure
OUTPUT_LINE="zimbra_one_per_hour "
##############################################################
## Nombre total de compte
##############################################################
nb_total=$(echo 'select count(id) from mailbox;' | /opt/zimbra/bin/mysql zimbra | sed -n 2p)
OUTPUT_LINE+="zimbra_number_of_account=\"$nb_total\","
##############################################################
## Quota des comptes sur la license zxsuite
##############################################################
ZXS=/opt/zimbra/bin/zxsuite
if [ -f "$ZXS" ]; then
zxsuite_licensed_users=$(sudo -u zimbra $ZXS core getLicenseInfo | grep licensedUsers | awk '{print $2}')
else
zxsuite_licensed_users="No Zxsuite"
fi
OUTPUT_LINE+="zxsuite_licensed_users=\"$zxsuite_licensed_users\","
##############################################################
## Quota des comptes mobile sur la license zxsuite
##############################################################
ZXS=/opt/zimbra/bin/zxsuite
if [ -f "$ZXS" ]; then
zxsuite_licensed_mobile_users=$(sudo -u zimbra $ZXS core getLicenseInfo | grep ZxMobile -A 1 | tail -n1 | awk '{print $2}')
else
zxsuite_licensed_mobile_users="No Zxsuite"
fi
OUTPUT_LINE+="zxsuite_licensed_mobile_users=\"$zxsuite_licensed_mobile_users\","
##############################################################
## Date d'expiration de la license zxsuite
##############################################################
ZXS=/opt/zimbra/bin/zxsuite
if [ -f "$ZXS" ]; then
zxsuite_expirate_date=$(sudo -u zimbra $ZXS core getLicenseInfo | grep dateEnd | awk '{print $2,$3,$4}')
else
zxsuite_expirate_date="No Zxsuite"
fi
OUTPUT_LINE+="zxsuite_expirate_date=\"$zxsuite_expirate_date\","
##############################################################
## Date du dernier backup zxsuite
##############################################################
ZXS=/opt/zimbra/bin/zxsuite
if [ -f "$ZXS" ]; then
zxsuite_backup_lastScan=$(sudo -u zimbra $ZXS backup getBackupInfo |grep lastScan | awk '{print $2,$3,$4}')
else
zxsuite_backup_lastScan="No Zxsuite"
fi
OUTPUT_LINE+="zxsuite_backup_lastScan=\"$zxsuite_backup_lastScan\""
##############################################################
## Fin du script
##############################################################
echo "$OUTPUT_LINE"
ansible-supervision/roles/set-config-telegraf/handlers/main.yml
+5
View File
@@ -0,0 +1,5 @@
---
- name: Reload Telegraf
ansible.builtin.systemd:
name: telegraf
state: reloaded
ansible-supervision/roles/set-config-telegraf/tasks/main.yml
+92
View File
@@ -0,0 +1,92 @@
---
- name: Telegraf repository key
ansible.builtin.apt_key:
url: https://repos.influxdata.com/influxdata-archive_compat.key
state: present
- name: Telegraf repository
ansible.builtin.apt_repository:
repo: "deb https://repos.influxdata.com/ubuntu {{ ansible_distribution_release }} stable"
state: present
filename: telegraf
register: repo_telegraf
- name: Update cache
ansible.builtin.apt:
update_cache: true
when: repo_telegraf.changed
- name: Telegraf packages
ansible.builtin.apt:
name: telegraf
state: present
- name: Cherche si postfix est présent
ansible.builtin.stat:
path: /opt/zimbra/common/sbin/mailq
register: postfix
- name: Ajoute les groupes nécessaire à l'utilisateur telegraf
ansible.builtin.user:
name: telegraf
groups: zimbra,sudo,postfix,postdrop
when: postfix.stat.exists
- name: Ajoute les groupes nécessaire à l'utilisateur telegraf
ansible.builtin.user:
name: telegraf
groups: zimbra,sudo
when: not postfix.stat.exists
- name: Donne le droit a telegraf d'éxecuter les commandes zimbra sans pass
community.general.sudoers:
name: zxsuite-telegraf
user: telegraf
runas: zimbra
commands:
- /opt/zimbra/bin/*
- name: Récupération du secret de LDAP
ansible.builtin.shell: |
/opt/zimbra/bin/zmlocalconfig -s zimbra_ldap_password | awk '{ print $3}'
register: zimbra_ldap_password
- name: Set fact
ansible.builtin.set_fact:
zimbra_ldap_password: "{{ zimbra_ldap_password.stdout }}"
- name: Installation des scripts de récupération des données zimbra
ansible.builtin.copy:
src: files/{{ item }}
dest: /etc/telegraf/scripts/
mode: '0755'
owner: root
group: root
loop:
# - zimbra_one_per_day.sh
# - zimbra_one_per_hour.sh
- recup_info_zimbra
notify: Reload Telegraf
tags:
- shscript
- name: Installation de la configuration générale de telegraf
ansible.builtin.template:
src: templates/telegraf.conf.j2
dest: /etc/telegraf/telegraf.conf
mode: '0755'
owner: root
group: root
notify: Reload Telegraf
- name: Installation de la configuration spécific zimbra pour telegraf
ansible.builtin.template:
src: templates/{{ item }}.j2
dest: /etc/telegraf/telegraf.d/{{ item }}
mode: '0644'
owner: root
group: root
loop:
- zimbra_general.conf
- zimbra_specific.conf
notify: Reload Telegraf
ansible-supervision/roles/set-config-telegraf/templates/telegraf.conf.j2
+16
View File
@@ -0,0 +1,16 @@
# /!\ NE PAS MODIFIER /!\ DON'T TOUCH THIS FILE /!\
# Fichier géré par zextras déposé via ansible
# Global Agent Configuration
[agent]
hostname = "{{ ansible_fqdn }}"
flush_interval = "15s"
interval = "15s"
collection_jitter = "1m"
# Output Plugin InfluxDB
[[outputs.influxdb]]
database = "telegraf"
urls = [ "https://fluxsup.zextras.fr" ]
username = "zextras"
password = "syj4HGGLAgON4XfjbP4u"
ansible-supervision/roles/set-config-telegraf/templates/zimbra_general.conf.j2
+43
View File
@@ -0,0 +1,43 @@
# Read metrics about cpu usage
[[inputs.cpu]]
percpu = true
totalcpu = true
fielddrop = ["time_*"]
# Read metrics about disk usage by mount point
[[inputs.disk]]
ignore_fs = ["tmpfs", "devtmpfs", "squashfs"]
[[inputs.diskio]]
[[inputs.kernel]]
[[inputs.mem]]
[[inputs.processes]]
[[inputs.swap]]
[[inputs.system]]
[[inputs.procstat]]
exe = "memcached"
prefix = "memcached"
[[inputs.procstat]]
exe = "java"
prefix = "java"
[[inputs.procstat]]
exe = "mysqld"
prefix = "mysqld"
[[inputs.procstat]]
exe = "slapd"
prefix = "slapd"
[[inputs.procstat]]
exe = "nginx"
prefix = "nginx"
[[inputs.net]]
ansible-supervision/roles/set-config-telegraf/templates/zimbra_specific.conf.j2
+47
View File
@@ -0,0 +1,47 @@
# OpenLDAP cn=Monitor plugin
[[inputs.openldap]]
host = "{{ ansible_fqdn }}"
port = 389
insecure_skip_verify = true
bind_dn = "uid=zimbra,cn=admins,cn=zimbra"
bind_password = "{{ zimbra_ldap_password }}"
reverse_metric_names = true
## Postfix plugin
#[[inputs.postfix]]
# queue_directory = "/opt/zimbra/data/postfix/spool"
# interval = "1s"
## Zimbra metric hourly
#[[inputs.exec]]
# commands = ["/etc/telegraf/scripts/zimbra_one_per_hour.sh"]
# data_format = "influx"
# interval = "1h"
# timeout = "15s"
#
## Zimbra metric daily
#[[inputs.exec]]
# commands = ["/etc/telegraf/scripts/zimbra_one_per_day.sh"]
# data_format = "influx"
# interval = "24h"
# timeout = "90s"
[[inputs.exec]]
commands = ["/etc/telegraf/scripts/recup_info_zimbra -daily"]
interval = "24h"
timeout = "30s"
data_format = "json_v2"
[[inputs.exec.json_v2]]
measurement_name = "flux_zimbra"
[[inputs.exec.json_v2.object]]
path = "flux_zimbra"
[[inputs.exec]]
commands = ["/etc/telegraf/scripts/recup_info_zimbra -hourly"]
interval = "1h"
timeout = "30s"
data_format = "json_v2"
[[inputs.exec.json_v2]]
measurement_name = "flux_zimbra"
[[inputs.exec.json_v2.object]]
path = "flux_zimbra"