diff --git a/inventory/group_vars/bastion b/inventory/group_vars/bastion index 61790307e5..3501931a47 100644 --- a/inventory/group_vars/bastion +++ b/inventory/group_vars/bastion @@ -51,6 +51,11 @@ postfix_transport_filename: transports.gateway # fas_aliases: true +# +# Set this to get fasjson-client cron to make the aliases file +# +fasjson_aliases: false + # # Sometimes there are lots of postfix processes # diff --git a/inventory/group_vars/bastion_stg b/inventory/group_vars/bastion_stg index 46cc09e6a9..5676c4310e 100644 --- a/inventory/group_vars/bastion_stg +++ b/inventory/group_vars/bastion_stg @@ -39,6 +39,11 @@ bastion_ipa_client_shell_groups: ipa_client_shell_groups: "{{ (bastion_ipa_client_shell_groups + batcave_ipa_client_shell_groups) | sort | unique }}" +# +# Set this to get fasjson-client cron to make the aliases file +# +fasjson_aliases: true + # # Sometimes there are lots of postfix processes # diff --git a/roles/fasjson/files/aliases.static b/roles/fasjson/files/aliases.static new file mode 100644 index 0000000000..7c2cb4f149 --- /dev/null +++ b/roles/fasjson/files/aliases.static @@ -0,0 +1,359 @@ +# +# Aliases in this file will NOT be expanded in the header from +# Mail, but WILL be visible over networks or from /bin/mail. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to sendmail. +# + +# Basic system aliases -- these MUST be present. +mailer-daemon: postmaster +postmaster: sysadmin-main + +# General redirections for pseudo accounts. +bin: root +daemon: root +adm: root +lp: root +sync: root +shutdown: root +halt: root +mail: root +#news: root +uucp: root +operator: root +games: root +gopher: root +ftp: root +#nobody: root +radiusd: root +nut: root +dbus: root +vcsa: root +canna: root +wnn: root +rpm: root +nscd: root +pcap: root +apache: root +webalizer: root +dovecot: root +fax: root +quagga: root +radvd: root +pvm: root +amanda: root +privoxy: root +ident: root +named: root +xfs: root +gdm: root +mailnull: root +postgres: root +sshd: root +smmsp: root +postfix: root +netdump: root +ldap: root +squid: root +ntp: root +mysql: root +desktop: root +rpcuser: root +rpc: root +nfsnobody: root + +ingres: root +system: root +toor: root +manager: root +dumper: root +abuse: root +nagios: root + +newsadm: news +newsadmin: news +usenet: news +ftpadm: ftp +ftpadmin: ftp +ftp-adm: ftp +ftp-admin: ftp + +# trap decode to catch security attacks +decode: root + +# Person who should get root's mail +root: sysadmin-main + +# Mail blackholes for various services +nobody: /dev/null +fedorawiki-noreply: /dev/null +extras-orphan: /dev/null +orphan: /dev/null +retired-packages: /dev/null +control-center-maint: /dev/null +gecko-bugs-nobody: /dev/null +ftbfs: /dev/null +trac: /dev/null +taskotron: /dev/null +# Fedora Scholarship +scholarship: /dev/null +# Asterisk +asterisk: /dev/null +# Old stuff +fedoraextras-qa: /dev/null +extras-qa: /dev/null +notifications: /dev/null +# Bodhi & pkgdb aliases +updates: /dev/null +pkgdb: /dev/null +fudcon-cfp: /dev/null +download-logs: /dev/null + + +# Administrative & Management Aliases +accounts: sysadmin-main +admin: sysadmin-main +s3-mirror: sysadmin-main +fedora-admin-xmlrpc: kevin + +hostmaster: admin,sysadmin-dns-members +sysadmin-main: sysadmin-main-members +# For vendors to email us +vendor-support: vendor-support-members + +cpe-managers: pfrields@redhat.com,lgriffin@redhat.com,jperrin@redhat.com + + +## Cruft aliases because we used cvs +cvsextras: scm-commits@lists.fedoraproject.org +cvsdirsec: 389-commits@lists.fedoraproject.org +cvseclipse: eclipse-commits@lists.fedoraproject.org +cvsfont: lohit-devel-list@redhat.com +cvs-sysadmin: fedora-sysadmin-list@redhat.com + + +# GDK is the human who suggested this redirection +legal-cla-archive: fedora-lit@redhat.com + +vendors: distribution-members + +# Fedora Council +legal: spot@redhat.com +fpl: chair +board: council-private@lists.fedoraproject.org +chairman: chair +directors: board + +## Fedora Project Leader (FPL) +## https://docs.fedoraproject.org/fedora-project/council/fpl.html +chair: mattdm + +## Fedora Community Action and Impact Coordinator +## https://docs.fedoraproject.org/fedora-project/council/fcaic.html +fcaic: bex + +# FESCo +fesco-chair: kevin +fesco: fesco@lists.fedoraproject.org +sponsors-feedback: packager-sponsors@fedoraproject.org,fesco@lists.fedoraproject.org + +# Fedora Hosted Inquiries +#hosted-issues: mmcgrath,lmacken,pfrields,spot + +# Fedora Mentors +rave-review: mentors@lists.fedoraproject.org + +# FUDCon +fudcon-register: flock-admin +fudcon-paper: flock-admin + +# Fudcon regional aliases - point to point person before that fudcon +fudcon-emea: flock-admin +# fudcon-apac: +# fudcon-na: +fudcon-latam: flock-admin + +# flock +flockpress: fcaic,fpl +flockinfo: fcaic,fpl +flock-staff: fcaic,fpl,jmadriag@redhat.com +flock-admin: fcaic,fpl,jmadriag@redhat.com +flock-coc: fcaic,fpl +flock-access: flock-admin + +# gnome backups +gnomebackup: backups@gnome.org + +# News +#news: nman64,pfrields,sundaram,tchung,kwade +news: news-members@fedoraproject.org +askfedora: sysadmin-ask-members + +security: security-private@lists.fedoraproject.org +secalert: security-private@lists.fedoraproject.org + +# Infrastructure security officer +infra-security: puiterwijk,kevin,smooge,codeblock + +webmaster: websites@lists.fedoraproject.org +logo: rlerch@redhat.com,duffy@redhat.com +ham-radio-exams: nb,jbwillia + +# Misc Aliases +cvs-access: accounts +ftpsync: kevin,smooge +# Used for openshift census instance +census: npmccallum,kevin,ianweller,tflink +# User for openshift fedora-status instance +fedora-status: kevin,codeblock +# User for openshift fedora magazine wordpress instance. +fedora-mag-admin: kevin,duffy,chrisroberts,mitzie,jzb,nb +endoflife: triage@lists.fedoraproject.org +fas: admin@fedoraproject.org + +# Fedora server working group. ticket 4093 +server-wg: sgallagh,jperrin,davidstrauss,tuanta,duffy,mitr,simo,johannbg + +# Amazon cloud account, ticket #1903 +community-cloud: mattdm@redhat.com,cpe-managers,dustymabe + +# People always confuse things this is a special case +dgilmore: ausil +gregdek: gdk +keys: pnasrat@redhat.com +relnotes: relnotes-content@lists.fedoraproject.org +jaboutboul: jack +kwade: quaid +stickster: pfrields +spevack: mspevack +rsc: robert +patrick: puiterwijk +masta: parasense +relrod: codeblock +rbergeron: rbergero +jwf: jflory7 +axk4545: abkahrs +bexelbie: bex + +# Mirror admin alias +mirror-admin: mirror-admin@lists.fedoraproject.org + +# Fedora Marketing and Fedora Ambassadors +famsco: famsco-members@fedoraproject.org +fedora-marketing: famsco +info: marketing@lists.fedoraproject.org +fedorarewards: famsco@lists.fedoraproject.org +openvideo: tchung +freemedia: tchung,susmit +fama: robyduck,nb + + +# Firstname.lastname exceptions (preferrably only for people with a good reason) +# History: these are people wishing to keep their firstname.lastname email +# We offered it once but no longer do. Exceptions should be rare. +johan.cwiklinski: trashy +maxime.carron: mxcarron +bart.de.soete: badeso +david.nalley: ke4qqq +guillaume.kulakowski: llaumgui +thierry.delmonte: titax +fabian.affolter: fab +nick.bebout: nb +dan.mashal: vicodan + +# Wiki +wikiadmin: wikiadmin-members + +# torrent +opentracker: admin + +# DNS +dnsadmin: sysadmin-dns-members + +# docker trusted email +fedora-docker-trusted: scollier,lsm5,mattdm + +# Fedora-qa-devel alias +fedoraqa-devel-admin: tflink,kparal,frantisekz + +# fedora kernel aliases +kernel-team: jwboyer@redhat.com,jforbes@redhat.com,labbott@redhat.com,jcline@redhat.com +kernel-maint: kernel-maint@redhat.com +lvm-team: lvm-team@redhat.com +fedora-kernel-acpi: acpi@linux.intel.com,len.brown@intel.com,mjg59@srcf.ucam.org +fedora-kernel-audit: rgb@redhat.com,eparis@redhat.com +fedora-kernel-block: jmoyer@redhat.com +fedora-kernel-dmar: dwmw2@infradead.org +fedora-kernel-ethernet: nhorman@redhat.com +fedora-kernel-ethernet-ath: jogreene@redhat.com,linville@redhat.com +fedora-kernel-ethernet-broadcom: mcarlson@broadcom.com +fedora-kernel-ethernet-realtek: romieu@fr.zoreil.com +fedora-kernel-aio: jmoyer@redhat.com +fedora-kernel-directio: jmoyer@redhat.com +fedora-kernel-fsbuffer: jmoyer@redhat.com +fedora-kernel-btrfs: fs-maint@redhat.com,josef@toxicpanda.com,bugzilla@colorremedies.com +fedora-kernel-extfs: fs-maint@redhat.com,tytso@mit.edu +fedora-kernel-xfs: fs-maint@redhat.com +fedora-kernel-firewire: fenlason@redhat.com,stefan-r-rhbz@s5r6.in-berlin.de +fedora-kernel-drm: airlied@redhat.com +fedora-kernel-input: benjamin.tissoires@redhat.com +fedora-kernel-intelpstate: dirk.brandewie@gmail.com +fedora-kernel-ata: dmilburn@redhat.com +fedora-kernel-networking: nhorman@redhat.com +fedora-kernel-nfc: sameo@linux.intel.com,linville@redhat.com +fedora-kernel-openvswitch: tgraf@redhat.com +fedora-kernel-ptrace: oleg@redhat.com +fedora-kernel-pci: bhelgaas@google.com +fedora-kernel-raid: Jes.Sorensen@redhat.com +fedora-kernel-scsi: dmilburn@redhat.com +fedora-kernel-selinux: dwalsh@redhat.com,eparis@redhat.com +fedora-kernel-uefi: mjg59@srcf.ucam.org +fedora-kernel-usb-cameras: hdegoede@redhat.com +fedora-kernel-v4l: mchehab@redhat.com +fedora-kernel-kvm: mtosatti@redhat.com,fedora-virt-maint@redhat.com +fedora-kernel-xen: ketuzsezr@darnok.org +fedora-kernel-wireless: linville@redhat.com,sgruszka@redhat.com,jogreene@redhat.com +fedora-kernel-wireless-ath: jogreene@redhat.com,linville@redhat.com +fedora-kernel-wireless-b43: larry.finger@lwfinger.net +fedora-kernel-wireless-brcm80211: jogreene@redhat.com,linville@redhat.com,brcm80211-dev-list@broadcom.com +fedora-kernel-wireless-iwl: sgruszka@redhat.com,linville@redhat.com +fedora-kernel-wireless-ralink: sgruszka@redhat.com,linville@redhat.com +fedora-kernel-wireless-realtek: larry.finger@lwfinger.net,jogreene@redhat.com + +anaconda-maint: anaconda-maint-list@redhat.com +xen-maint: xen-maint@redhat.com +xgl-maint: xgl-maint@redhat.com +perl-sig: perl-devel@lists.fedoraproject.org +retired: retired-packages@fedoraproject.org +ctrl-center-team: control-center-maint@fedoraproject.org +fonts-sig: fonts-bugs@lists.fedoraproject.org +gecko-maint: gecko-bugs-nobody@fedoraproject.org +astronomy-sig: astronomy@lists.fedoraproject.org +systems: admin+systems@fedoraproject.org +hams-sig: fedora-hams@fedoraunity.org +i18n-team: i18n-bugs@lists.fedoraproject.org +haskell-sig: haskell-devel@lists.fedoraproject.org +mono-sig: mono@lists.fedoraproject.org +virtmaint: virt-maint@lists.fedoraproject.org +fcommunity: johnp@fedoraproject.org +ocamlmaint: ocaml-devel@lists.fedoraproject.org +mingwmaint: mingw@lists.fedoraproject.org +java-sig: java-devel@lists.fedoraproject.org +upstream-release-monitoring: pingou,ralph +aws: aws-members +awsci: kevin@scrye.com +msftazure: msftazure-members +relicensing: relicensing@lists.fedoraproject.org +abrt-bot: jmoskovc@redhat.com,kklic@redhat.com,mtoman@redhat.com,mlichvar@redhat.com +packaging-team: ffesti,james,pmatilai,timlau,zpavlas,jnovy,jbowes,lmacken +blockerbugs: tflink+blockerbugs@redhat.com +epel: /dev/null + +# fedora release engineering +releng-team: mohanboddu,parasense,kellin +containerbuild: cverna + +#### The rest of this file is automatically generated - edit using the accounts system! + diff --git a/roles/fasjson/files/fasjson-aliases.cron b/roles/fasjson/files/fasjson-aliases.cron new file mode 100644 index 0000000000..359d51a029 --- /dev/null +++ b/roles/fasjson/files/fasjson-aliases.cron @@ -0,0 +1 @@ +00 19 * * * root /usr/local/bin/lock-wrapper fasjson-aliases "/usr/local/bin/fasjson-aliases.py 2>&1" diff --git a/roles/fasjson/tasks/main.yml b/roles/fasjson/tasks/main.yml new file mode 100644 index 0000000000..c7a2c7ab54 --- /dev/null +++ b/roles/fasjson/tasks/main.yml @@ -0,0 +1,36 @@ +--- +# +# This task sets up fasjson-client on a machine. +# It installs the fasjson-client package and a cron job update. +# + +- name: install fasjson-client + package: + state: present + name: + - fasjson-client + tags: + - packages + - fasjson + +- name: fasjson-aliases script + copy: src=fasjson-aliases.j2 dest=/usr/local/bin/fasjson-aliases owner=root mode=0755 + tags: + - config + - fasjson + when: fasjson_aliases is defined + +- name: fasjson-aliases cron job + copy: src=fasjson-aliases.cron dest=/etc/cron.d/fasjson-aliases owner=root mode=0644 + tags: + - config + - fasjson + when: fasjson_aliases is defined + +- name: fasjson-aliases base static file + copy: src=aliases.static dest=/etc/aliases.static owner=root mode=0644 + tags: + - config + - fasjson + when: fasjson_aliases is defined + diff --git a/roles/fasjson/templates/fasjson-aliases.j2 b/roles/fasjson/templates/fasjson-aliases.j2 new file mode 100644 index 0000000000..822f20e205 --- /dev/null +++ b/roles/fasjson/templates/fasjson-aliases.j2 @@ -0,0 +1,128 @@ +#!/usr/bin/python3 +import os +import sys +import tempfile + +from fasjson_client import Client, errors + +fasjson_url = "{{ fasjson_url }}" +aliases_static_file = "/etc/aliases.static" +aliases_file = "/etc/aliases" + + +def gen_all_aliases(): + + # API query + try: + client = Client(url=fasjson_url) + + try: + users = client.list_users().result + groups = client.list_groups().result + temporary_file = tempfile.NamedTemporaryFile( + "w+", delete=False, dir=os.getcwd() + ) + + with open(temporary_file.name, "w+") as temp: + with open(aliases_static_file, "r") as aliases_static: + for line in aliases_static: + temp.write(line) + for user in users: + username = user['username'] + email = user['emails'][0] + + temp.write(f'{username}: {email} \n') + + for group in groups: + groupname = group['groupname'] + + # even though there are no admins of groups anymore + # we should probably leave this here and just + # link to the sponsors list + temp.write( + f'{groupname}-administrators: {groupname}-sponsors \n' + ) + + sponsor_list = ','.join( + sponsor['username'] + for sponsor in client.list_group_sponsors( + groupname=groupname).result + ) + temp.write(f"{groupname}-sponsors: {sponsor_list} \n") + + member_list = ','.join( + member['username'] + for member in client.list_group_members( + groupname=groupname).result + ) + + temp.write(f"{groupname}-members: {member_list} \n") + rename(temporary_file.name, aliases_file) + except errors.APIError as e: + print(f"Something went wrong querying the fasjson API. {e}", file=sys.stderr) + raise + except IOError as e: + print(e, file=sys.stderr) + raise + except errors.ClientSetupError as e: + print(f"Something went wrong creating the fasjson client: {e}", file=sys.stderr) + raise + + +def update_user(username): + try: + client = Client(url=fasjson_url) + user = client.get_user(username=username).result + email = user['emails'][0] + + try: + # get the user and their new email address + temporary_file = tempfile.NamedTemporaryFile( + "w+", delete=False, dir=os.getcwd() + ) + + with open(aliases_file, 'r') as aliases: + with open(temporary_file.name, 'w+') as temp: + for line in aliases: + if not line.startswith(f"{username}: "): + temp.write(line) + else: + temp.write(f"{username}: {email} \n") + rename(temporary_file.name, aliases_file) + + except IOError as e: + print(e, file=sys.stderr) + raise + except errors.ClientError as e: + print(f"Something went wrong contacting fasjson {e}", file=sys.stderr) + raise + + +def rename(filename, aliases_file): + try: + os.rename(filename, aliases_file) + if (os.path.exists(filename)): + os.remove(filename) + else: + print("Aliases updated. Temporary files removed.") + except IOError as e: + print(f"Error updating aliases file {e}", file=sys.stderr) + raise + + +def main(): + args = sys.argv[1:] + + try: + if not args: + gen_all_aliases() + elif len(args) == 2 and args[0] == "update": + update_user(args[1]) + else: + print(f"Usage: {sys.argv[0]} [update ]", file=sys.stderr) + raise RuntimeError() + except Exception: + sys.exit(1) + +if __name__ == "__main__": + main()