From c6cbf75e925b023654f89f5f9f670bb2703b71aa Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Mon, 22 Jul 2013 11:59:11 +0200 Subject: [PATCH 1/4] Add playbook to remove someone from denyhosts --- playbooks/denyhosts.yml | 45 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 playbooks/denyhosts.yml diff --git a/playbooks/denyhosts.yml b/playbooks/denyhosts.yml new file mode 100644 index 0000000000..acd80e7ae4 --- /dev/null +++ b/playbooks/denyhosts.yml @@ -0,0 +1,45 @@ +# requires --extra-vars="target=somevhost ip=10.0.0.1 test={True,False}" + +#General overview: +# host provided via ``target`` argument on the CLI +# IP provided via ``ip`` argument on the CLI +# test provided via ``test`` argument on the CLI + +# Log onto $target +# if test is True: +# grep on /etc/hosts.deny for the provided $ip +# else: +# escape the '.' in the $ip +# remove $ip from /var/lib/denyhosts/* +# remove $ip from /etc/hosts.deny +# restart denyhosts + +# sop: http://infrastructure.fedoraproject.org/infra/docs/denyhosts.txt + +- name: Unban an IP from denyhosts + hosts: $target + user: root + gather_facts: False + + tasks: + - name: Grep for the IP in the files + action: command grep $ip /etc/hosts.deny + only_if: '$test or not is_set($test)' + + - name: Escape the '.' in the IP + action: command ${$ip//\./\\.} + register: ip + only_if: '$test or not is_set($test)' + + - name: Remove IP from /var/lib/denyhosts/* + action: command sed -si "/^$ip$/d" /var/lib/denyhosts/* + notify: + - restart denyhosts + only_if: 'is_set($test) and $test == False' + + - name: Remove IP from /etc/hosts.deny + action: command sed -si "/^$ip$/d" /etc/hosts.deny + notify: + - restart denyhosts + only_if: 'is_set($test) and $test == False' + From 755e5e81ae9e1f1e3627968eb2aff70b5c29a51c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Toshio=20=E3=81=8F=E3=82=89=E3=81=A8=E3=81=BF?= Date: Mon, 19 Aug 2013 21:43:15 +0000 Subject: [PATCH 2/4] Move some things common to all staging hosts into the staging group_vars --- inventory/group_vars/staging | 6 ++++++ .../host_vars/badges-backend01.stg.phx2.fedoraproject.org | 6 ------ inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org | 6 ------ 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/inventory/group_vars/staging b/inventory/group_vars/staging index 1a6791e044..c6d0c1e1a1 100644 --- a/inventory/group_vars/staging +++ b/inventory/group_vars/staging @@ -1,3 +1,9 @@ --- freezes: false env: staging +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +datacenter: phx2 diff --git a/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org index 16fa76ef47..76e3a07c38 100644 --- a/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org @@ -1,10 +1,4 @@ --- -nm: 255.255.255.0 -gw: 10.5.126.254 -dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 -ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ volgroup: /dev/vg_guests eth0_ip: 10.5.126.68 vmhost: virthost12.phx2.fedoraproject.org -datacenter: phx2 diff --git a/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org b/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org index cd4036c443..1ca3e7e43d 100644 --- a/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org @@ -1,10 +1,4 @@ --- -nm: 255.255.255.0 -gw: 10.5.126.254 -dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 -ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ volgroup: /dev/vg_guests eth0_ip: 10.5.126.69 vmhost: virthost12.phx2.fedoraproject.org -datacenter: phx2 From f458aec69e94abdcef0f23db4b41c6eb00c72e91 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Tue, 11 Feb 2014 14:30:24 +0100 Subject: [PATCH 3/4] Update the denyhosts plugin to a newer syntax and bug fix it --- playbooks/denyhosts.yml | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/playbooks/denyhosts.yml b/playbooks/denyhosts.yml index acd80e7ae4..5a8c9cb399 100644 --- a/playbooks/denyhosts.yml +++ b/playbooks/denyhosts.yml @@ -1,45 +1,51 @@ # requires --extra-vars="target=somevhost ip=10.0.0.1 test={True,False}" -#General overview: -# host provided via ``target`` argument on the CLI -# IP provided via ``ip`` argument on the CLI -# test provided via ``test`` argument on the CLI +# General overview: +# host provided via ``target`` argument on the CLI +# IP provided via ``ip`` argument on the CLI +# test provided via ``test`` argument on the CLI + +# Command: +# ansible-playbook .../playbook/denyhosts.yml --extra-vars="target=host ip=10.0.0.1 test=True" # Log onto $target # if test is True: -# grep on /etc/hosts.deny for the provided $ip +# grep on /etc/hosts.deny for the provided {{ ip }} # else: -# escape the '.' in the $ip -# remove $ip from /var/lib/denyhosts/* -# remove $ip from /etc/hosts.deny +# escape the '.' in the {{ ip }} +# remove {{ ip }} from /var/lib/denyhosts/* +# remove {{ ip }} from /etc/hosts.deny # restart denyhosts # sop: http://infrastructure.fedoraproject.org/infra/docs/denyhosts.txt - name: Unban an IP from denyhosts - hosts: $target + hosts: "{{ target }}" user: root gather_facts: False + vars: + - test: True + tasks: - name: Grep for the IP in the files - action: command grep $ip /etc/hosts.deny - only_if: '$test or not is_set($test)' + action: command grep {{ ip }} /etc/hosts.deny + when: not test - name: Escape the '.' in the IP - action: command ${$ip//\./\\.} + action: command "IP='{{ ip }}' && echo ${IP//\./\\.}" register: ip - only_if: '$test or not is_set($test)' + when: test - name: Remove IP from /var/lib/denyhosts/* - action: command sed -si "/^$ip$/d" /var/lib/denyhosts/* + action: command sed -si "/^{{ ip }}$/d" /var/lib/denyhosts/* notify: - restart denyhosts - only_if: 'is_set($test) and $test == False' + when: test - name: Remove IP from /etc/hosts.deny - action: command sed -si "/^$ip$/d" /etc/hosts.deny + action: command sed -si "/^{{ ip }}$/d" /etc/hosts.deny notify: - restart denyhosts - only_if: 'is_set($test) and $test == False' + when: test From d8f01f8b08dc2d93d6f96c70d7697c5d79a162e6 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Tue, 11 Feb 2014 13:39:38 +0000 Subject: [PATCH 4/4] Fix escaping the '.' in the IPs using jinja2 directly and fix when to run what --- playbooks/denyhosts.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/playbooks/denyhosts.yml b/playbooks/denyhosts.yml index 5a8c9cb399..e033032228 100644 --- a/playbooks/denyhosts.yml +++ b/playbooks/denyhosts.yml @@ -26,26 +26,22 @@ vars: - test: True + - ip: "{{ ip |replace('.', '\\.') }}" tasks: - name: Grep for the IP in the files action: command grep {{ ip }} /etc/hosts.deny - when: not test - - - name: Escape the '.' in the IP - action: command "IP='{{ ip }}' && echo ${IP//\./\\.}" - register: ip when: test - name: Remove IP from /var/lib/denyhosts/* action: command sed -si "/^{{ ip }}$/d" /var/lib/denyhosts/* notify: - restart denyhosts - when: test + when: not test - name: Remove IP from /etc/hosts.deny action: command sed -si "/^{{ ip }}$/d" /etc/hosts.deny notify: - restart denyhosts - when: test + when: not test