Up to 1.2.1 for Galaxy action

Merge pull request #4 from claranet/remove_banner
Remove banner reference
2022-06-29 15:46:05 +02:00 · 2022-06-29 11:29:16 +02:00 · 2022-06-29 11:22:50 +02:00 · 2022-06-29 10:55:26 +02:00 · 2021-10-05 11:46:18 +02:00 · 2021-10-04 09:47:04 +02:00
13 changed files with 79 additions and 192 deletions
--- a/.github/workflows/galaxy.yml
+++ b/.github/workflows/galaxy.yml
@ -10,6 +10,6 @@ jobs:
    runs-on: ubuntu-20.04
    steps:
      - name: galaxy
-        uses: robertdebock/galaxy-action@1.1.1
+        uses: robertdebock/galaxy-action@1.2.1
        with:
          galaxy_api_key: ${{ secrets.galaxy_api_key }}
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@ -30,8 +30,8 @@ jobs:
        config:
          - image: "amazonlinux"
            tag: "latest"
-          - image: "centos"
+          - image: "fedora"
-            tag: "8"
+            tag: "28"
          - image: "debian"
            tag: "11"
          - image: "debian"
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,5 @@
 ###VSCode###
 .vscode
 ###MacOS###
 .DS_Store
--- a/README.md
+++ b/README.md
@ -11,12 +11,13 @@
 Install and configure dynamic MOTD and SSH banner
 This role uses [https://github.com/claranet/motd](https://github.com/claranet/motd) by default to get the banner and the MOTD
 ```
 System info:
  Hostname·········: claranet_motd_ubuntu-20.04
  Distro···········: Ubuntu 20.04.3 LTS
  Kernel···········: Linux 5.10.47-linuxkit
  Updates available: 6 (2 security)
  Uptime···········: up 2 days, 23 hours, 18 minutes
  Load·············: 1.33 (1m), 0.43 (5m), 0.20 (15m)
  Processes········: 13 (root), 3 (user), 16 (total)
@ -44,11 +45,19 @@ ansible-galaxy install claranet.motd
 ## :gear: Role variables
-Variable                  | Default value         | Description
+Variable                     | Default value                                                          | Description
--------------------------|-----------------------|----------------------------------------
+-----------------------------|------------------------------------------------------------------------|----------------------------------------------------------------
-motd_disable_default_motd | true                  | Disable system default MOTD (/etc/motd)
+motd_disable_default_motd    | true                                                                   | Disable system default MOTD (/etc/motd)
-motd_banner_template      | etc/banner            | SSH banner template
+motd_banner_template         | https://raw.githubusercontent.com/claranet/motd/master/banner          | SSH banner template<br>Can be a URL, a local template or `null`
-motd_template             | usr/local/bin/dynmotd | Dynmaic MOTD template
+motd_banner_template_prepend | ""                                                                     | Prepend raw content to `motd_banner_template`
 motd_banner_template_append  | ""                                                                     | Append raw content to `motd_banner_template`
 motd_banner_template_username| {{ motd_template_username }}                                           | Used when `motd_banner_template` is an URL
 motd_banner_template_password| {{ motd_template_password }}                                           | Used when `motd_banner_template` is an URL
 motd_template                | https://raw.githubusercontent.com/claranet/motd/master/scripts/00-basic| Dynmaic MOTD template<br>Can be a URL or a local template
 motd_template_prepend        | ""                                                                     | Prepend raw content to `motd_template`
 motd_template_append         | See [defaults/main.yml](defaults/main.yml)                             | Append raw content to `motd_template`
 motd_template_username       | ""                                                                     | Used when `motd_template` is an URL
 motd_template_password       | ""                                                                     | Used when `motd_template` is an URL
 ## :pencil2: Example Playbook
@ -56,7 +65,8 @@ motd_template             | usr/local/bin/dynmotd | Dynmaic MOTD template
 ---
 - hosts: all
  roles:
-    - claranet.motd
+    - role: claranet.motd
      motd_template: "{{ playbook_dir }}/templates/dynmotd.j2"
 ```
 ## :closed_lock_with_key: [Hardening](HARDENING.md)
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,4 +1,12 @@
 ---
 motd_disable_default_motd: true
-motd_banner_template: etc/banner
+motd_template: https://raw.githubusercontent.com/claranet/motd/master/scripts/00-basic
-motd_template: usr/local/bin/dynmotd
+motd_template_prepend: ""
 motd_template_append: |
  echo -e "\e[0;39mAnsible:
    Last deployment\e[2m···\e[0m: {{ ansible_date_time.iso8601_micro }}
  "
 motd_template_username: ""
 motd_template_password: ""
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@ -3,7 +3,6 @@
  hosts: all
  roles:
    - role: claranet.motd
      motd_banner_template: null
  pre_tasks:
    - name: "Update APT cache"
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@ -12,11 +12,6 @@ motd_file_path = "/usr/local/bin/dynmotd"
 pam_line = f"session optional pam_exec.so type=open_session stdout {motd_file_path}"
 def test_banner_file(host):
    file = host.file("/etc/banner")
    assert not file.exists
 def test_motd_file(host):
    file = host.file(motd_file_path)
    assert file.exists
--- a/tasks/configure_motd.yml
+++ b/tasks/configure_motd.yml
@ -0,0 +1,19 @@
 ---
 - name: configure_motd | Apply template {{ motd_template }} on {{ _motd_file_path }}
  copy:
    content: "{{ motd_template_prepend + _motd_template_content + motd_template_append }}"
    dest: "{{ _motd_file_path }}"
    owner: root
    group: root
    mode: '0755'
  tags:
    - molecule-idempotence-notest
 - name: configure_motd | Add pam_exec {{ _motd_file_path }} in pam
  lineinfile:
    path: "{{ item }}"
    line: session optional pam_exec.so type=open_session stdout {{ _motd_file_path }}
  loop:
    - "{{ _motd_pam_login_file_path }}"
    - "{{ _motd_pam_sshd_file_path }}"
 ...
--- a/tasks/disable_default_motd.yml
+++ b/tasks/disable_default_motd.yml
@ -0,0 +1,22 @@
 ---
 - name: disable_default_motd | Get stats of {{ _motd_sshd_config_file_path }}
  stat:
    path: "{{ _motd_sshd_config_file_path }}"
  register: _motd_sshd_config_file_stat
 - name: disable_default_motd | Ensure PrintMotd is set to "no" in {{ _motd_sshd_config_file_path }}
  lineinfile:
    path: "{{ _motd_sshd_config_file_path }}"
    regexp: "^PrintMotd "
    line: PrintMotd no
  when: _motd_sshd_config_file_stat.stat.exists
 - name: disable_default_motd | Comment out pam_motd in pam
  replace:
    path: "{{ item }}"
    regexp: '^(session\s+optional\s+pam_motd.so\s+.*)'
    replace: '# \1'
  loop:
    - "{{ _motd_pam_login_file_path }}"
    - "{{ _motd_pam_sshd_file_path }}"
 ...
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,58 +1,7 @@
 ---
- block:
+- name: include_tasks disable_default_motd.yml if motd_disable_default_motd is True
-    - name: Get stats of {{ _motd_sshd_config_file_path }}
+  include_tasks: disable_default_motd.yml
      stat:
        path: "{{ _motd_sshd_config_file_path }}"
      register: _motd_sshd_config_file_stat
    - name: Ensure PrintMotd is set to "no" in {{ _motd_sshd_config_file_path }}
      lineinfile:
        path: "{{ _motd_sshd_config_file_path }}"
        regexp: "^PrintMotd "
        line: PrintMotd no
      when: _motd_sshd_config_file_stat.stat.exists
    - name: Comment out pam_motd in pam
      replace:
        path: "{{ item }}"
        regexp: '^(session\s+optional\s+pam_motd.so\s+.*)'
        replace: '# \1'
      loop:
        - "{{ _motd_pam_login_file_path }}"
        - "{{ _motd_pam_sshd_file_path }}"
  when: motd_disable_default_motd|bool
- name: Apply template {{ motd_banner_template }} on {{ _motd_banner_file_path }}
+- include_tasks: configure_motd.yml
-  template:
+...
    src: "{{ motd_banner_template }}"
    dest: "{{ _motd_banner_file_path }}"
    owner: root
    group: root
    mode: '0644'
  when: motd_banner_template
 - name: Ensure line "Banner {{ _motd_banner_file_path }}" is {{ _motd_banner_state }} in {{ _motd_sshd_config_file_path }}
  lineinfile:
    path: "{{ _motd_sshd_config_file_path }}"
    regexp: "^(#?)Banner "
    line: Banner {{ _motd_banner_file_path }}
    state: "{{ _motd_banner_state }}"
  notify: Restart sshd
 - name: Apply template {{ motd_template }} on {{ _motd_file_path }}
  template:
    src: "{{ motd_template }}"
    dest: "{{ _motd_file_path }}"
    owner: root
    group: root
    mode: '0755'
  tags:
    - molecule-idempotence-notest
 - name: Add pam_exec {{ _motd_file_path }} in pam
  lineinfile:
    path: "{{ item }}"
    line: session optional pam_exec.so type=open_session stdout {{ _motd_file_path }}
  loop:
    - "{{ _motd_pam_login_file_path }}"
    - "{{ _motd_pam_sshd_file_path }}"
--- a/templates/etc/banner
+++ b/templates/etc/banner
@ -1,32 +0,0 @@
                                     ,╓╗╖æææææ╖╖,
                                 ,╗╣╬╬╣╝╜╙╙"╙╙╜╝╣Ñ╬æ╖
                               ╓╣╬╝╜              "╙╣╬╣µ
                             ╓╬╬M                    "╢╬╣,
                            ╣╬╝           ╣Ñæ          ╙╬╬╖╖╖╖╖╓,
                        ,,╓╣╬M        ,╗  ╬╬╬ ╓╖,        ╝╜╜╜╜╝╣╬╬╣╖
                    ╓æ╣Ñ╬╣╝╝╝       ╓╣╬╝  ╬╬╬ ²╣╬╣µ              `╙╣╬æ,
                  ╓╣╬╝^            ╣╬╝    ╬╬╬   `╣╬æ                ╙╬╬φ
                 ╣╬M              ║╬╬     ╢╣M     ╬╬U                 ╢╬φ
                ╬╬M               ║╬╬             ╬╬M                  ╬╬∩
               ║╬╬                "╬Ñµ           ╓Ñ╬                   ╟╬┼
               ╟╬┼                 `╣╬╖,       ,╢╬╣                    ╟╬┼
               ║╬╬                   ╙╢╬╬╣ææ╬╣╬╬╝`                     ╬╬M
                ╬╬µ                      `"""`                        ╣╬M
                `╬╬φ                                                ╓╬╬M
                  ╚╬╬╖,                                          ,╗╣╬╝
                    ╙╣Ñ╬╣æ╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖╖æ╣╬╬╝╜ 
                       `"╙╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╙"     ® 
                  ╖╖┬                                                       ╓╖╖
                  ╬╬M                                                       ╓╬╬
        ,╗╣╬╬╣æ,  ╬╬M  ,æ╣╬╬╬æ╖   ß╣ß╓æ╣  ╓æ╣╬╬╣æ,  -╣╣╓æ╣╬╣╖    ,╖╣╬╬╣╖,  ╢╣╬╬╣╣
       ║╬╬"  `╝╜* ╬╬M  ╝╝┘   ╟╬φ  ╬╬╬M"` ª╝╝   ╙╬Ñ  "╬╬M   ║╬╬  ╢╬M    ╢╬φ  ╓╬╬
      -╬╬H        ╬╬M  ╓æ╣╬╬╣╬╬M  ╬╬╬     ╗╢╣╬╣╣╬╬⌐ "╬╬    ╓╬╬  ╬╬╬╬╬╬╬╬╬╬  ╓╬╬
       ╢╬φ    ╓,, ╬╬M ╢╬M    ╟╬M  ╬╬╪    ╬╬M   ,╬╬⌐ "╬╬    ╓╬╬  ╬╬φ     ╓   ╓╬╬
        ╚╬╬╣╣╣╬╝  ╬╬M ╙╣╬╣æ╣╬╬╬M  ╬╬╪    ║╬╬ææ╣╣╬╬⌐ "╬╬    ╓╬╬   ╚╬╬╣╣╣╬╣╜  '╬╬╣æ
           ``            ``                ```                      ```       ```
 WARNING : Unauthorized access to this system is forbidden and will be
 prosecuted by law. By accessing this system, you agree that your actions
 may be monitored if unauthorized usage is suspected.
--- a/templates/usr/local/bin/dynmotd
+++ b/templates/usr/local/bin/dynmotd
@ -1,85 +0,0 @@
 #!/bin/bash
 # get load averages
 IFS=" " read LOAD1 LOAD5 LOAD15 <<<$(awk '{ print $1,$2,$3 }' /proc/loadavg)
 # get free memory
 IFS=" " read USED AVAIL TOTAL <<<$(free -htm | grep "Mem" | awk {'print $3,$7,$2'})
 # get processes
 PROCESS=$(ps -eo user=|sort|uniq -c | awk '{ print $2 " " $1 }')
 PROCESS_ALL=$(echo "$PROCESS"| awk {'print $2'} | awk '{ SUM += $1} END { print SUM }')
 PROCESS_ROOT=$(echo "$PROCESS"| grep root | awk {'print $2'})
 PROCESS_USER=$(echo "$PROCESS"| grep -v root | awk {'print $2'} | awk '{ SUM += $1} END { print SUM }')
 # get processors
 PROCESSOR_NAME=$(grep "model name" /proc/cpuinfo | cut -d ' ' -f3- | awk {'print $0'} | head -1)
 PROCESSOR_COUNT=$(grep -ioP 'processor\t:' /proc/cpuinfo | wc -l)
 LOCAL_IP_ADDRESSES=$(hostname -I | sed 's/ /\n\                     /g' | sed '/^[[:space:]]*$/d')
 # Processing available updates with yum is too long
 {% if ansible_pkg_mgr == "apt" %}
 UPDATES_AVAILABLE=$(apt list --upgradable 2>/dev/null)
 UPDATES_AVAILABLE_NB=$(echo -e "$UPDATES_AVAILABLE" | wc -l)
 SECURITY_UPDATES_AVAILABLE_NB=$(echo -e "$UPDATES_AVAILABLE" | grep "\-security" | wc -l)
 {% endif %}
 # colors
 W="\e[0;39m"
 G="\e[1;32m"
 R="\e[1;31m"
 dim="\e[2m"
 undim="\e[0m"
 echo -e "${W}System info:
 $W  Hostname$dim·········$undim: $W${HOSTNAME}
 $W  Distro$dim···········$undim: $W$(grep "PRETTY_NAME" /etc/*release | cut -d "=" -f 2- | sed 's/"//g')
 $W  Kernel$dim···········$undim: $W$(uname -sr)
 {% if ansible_pkg_mgr == "apt" %}
 $W  Updates available: $W$UPDATES_AVAILABLE_NB ($SECURITY_UPDATES_AVAILABLE_NB security)
 {% endif %}
 $W  Uptime$dim···········$undim: $W$(uptime -p)
 $W  Load$dim·············$undim: $G$LOAD1$W (1m), $G$LOAD5$W (5m), $G$LOAD15$W (15m)
 $W  Processes$dim········$undim: $G$PROCESS_ROOT$W (root), $G$PROCESS_USER$W (user), $G$PROCESS_ALL$W (total)
 $W  CPU$dim··············$undim: $W$PROCESSOR_NAME ($G$PROCESSOR_COUNT$W vCPU)
 $W  Memory$dim···········$undim: $G$USED$W used, $G$AVAIL$W avail, $G$TOTAL$W total
 $W  Local IPs$dim········$undim: $LOCAL_IP_ADDRESSES$W"
 # config
 max_usage=90
 bar_width=50
 # disk usage: ignore zfs, squashfs & tmpfs
 mapfile -t dfs < <(df -H -x zfs -x squashfs -x tmpfs -x devtmpfs -x overlay --output=target,pcent,size | tail -n+2)
 printf "\nDisk usage:\n"
 for line in "${dfs[@]}"; do
    # get disk usage
    usage=$(echo "$line" | awk '{print $2}' | sed 's/%//')
    used_width=$((($usage*$bar_width)/100))
    # color is green if usage < max_usage, else red
    if [ "${usage}" -ge "${max_usage}" ]; then
        color=$R
    else
        color=$G
    fi
    # print green/red bar until used_width
    bar="[${color}"
    for ((i=0; i<$used_width; i++)); do
        bar+="="
    done
    # print dimmmed bar until end
    bar+="${W}${dim}"
    for ((i=$used_width; i<$bar_width; i++)); do
        bar+="·"
    done
    bar+="${undim}]"
    # print usage line & bar
    echo "${line}" | awk '{ printf("%-31s%+3s used out of %+4s\n", $1, $2, $3); }' | sed -e 's/^/  /'
    echo -e "${bar}" | sed -e 's/^/  /'
 done
 printf "\n"
 echo -e "${W}Ansible:
 ${W}  Last deployment$dim···$undim: {{ ansible_date_time.iso8601_micro }}
 "
--- a/vars/main.yml
+++ b/vars/main.yml
@ -2,6 +2,6 @@
 _motd_sshd_config_file_path: /etc/ssh/sshd_config
 _motd_pam_login_file_path: /etc/pam.d/login
 _motd_pam_sshd_file_path: /etc/pam.d/sshd
 _motd_banner_file_path: /etc/banner
 _motd_banner_state: "{{ 'present' if motd_banner_template else 'absent' }}"
 _motd_file_path: /usr/local/bin/dynmotd
 _motd_lookup_method: "{{ 'url' if motd_template is match('http(s)?:\/\/') else 'template' }}"
 _motd_template_content: "{{ lookup(_motd_lookup_method, motd_template, split_lines=False, username=motd_template_username, password=motd_template_password) }}"
Author	SHA1	Message	Date
Théo Le Peltier	e797037846	Up to 1.2.1 for Galaxy action	2022-06-29 15:46:05 +02:00
Théo Le Peltier	92cb5bf55e	Merge pull request #4 from claranet/remove_banner Remove banner reference	2022-06-29 11:29:16 +02:00
Theo Le Peltier	9770e5d43c	Change Centos to fedora for molecule test	2022-06-29 11:22:50 +02:00
Theo Le Peltier	cf7e3da48e	Remove banner reference	2022-06-29 10:55:26 +02:00
Élie Deloumeau-Prigent	dbf4d327cf	split tasks	2021-10-05 11:46:18 +02:00
Élie Deloumeau-Prigent	6a42daba46	update readme	2021-10-04 09:47:04 +02:00
Élie Deloumeau-Prigent	86a0ea5917	update motd url	2021-09-30 11:51:27 +02:00
Élie Deloumeau-Prigent	e3144338e6	remove default values	2021-09-29 17:21:52 +02:00
Élie Deloumeau-Prigent	53faa7d96b	fix motd template	2021-09-29 17:04:04 +02:00
Élie Deloumeau-Prigent	ea56ef6c69	Remote MOTD	2021-09-29 16:57:02 +02:00