From 6361c790e90131c2eb032fcd6ea70b9b898a57d6 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 30 Sep 2020 17:02:02 -0400 Subject: [PATCH] Move automation user create to separate script to run after playbook state --- salt/playbook/automation_user_create.sls | 14 ++++++ salt/playbook/files/create_automation_user.sh | 46 +++++++++++++++++++ salt/playbook/files/playbook_db_init.sh | 33 ------------- setup/so-setup | 5 ++ 4 files changed, 65 insertions(+), 33 deletions(-) create mode 100644 salt/playbook/automation_user_create.sls create mode 100644 salt/playbook/files/create_automation_user.sh diff --git a/salt/playbook/automation_user_create.sls b/salt/playbook/automation_user_create.sls new file mode 100644 index 000000000..ea0fb5c23 --- /dev/null +++ b/salt/playbook/automation_user_create.sls @@ -0,0 +1,14 @@ + +# This state will import the initial default playbook database. +# If there is an existing playbook database, it will be overwritten - no backups are made. + +include: + - playbook + +salt://playbook/files/create_automation_user.sh: + cmd.script: + - cwd: /root + - template: jinja + +'sleep 5': + cmd.run \ No newline at end of file diff --git a/salt/playbook/files/create_automation_user.sh b/salt/playbook/files/create_automation_user.sh new file mode 100644 index 000000000..3bd83fddb --- /dev/null +++ b/salt/playbook/files/create_automation_user.sh @@ -0,0 +1,46 @@ +#!/bin/bash +# {%- set admin_pass = salt['pillar.get']('secrets:playbook_admin', None) -%} +# {%- set automation_pass = salt['pillar.get']('secrets:playbook_automation', None) %} + +local_salt_dir=/opt/so/saltstack/local + +try_count=6 +interval=10 + +while [[ $try_count -le 6 ]]; do + if docker top "so-playbook"; then + #Create Automation user + automation_group=6 + + mapfile -t automation_res < <( + curl -s --location --request POST 'http://127.0.0.1:3200/playbook/users.json' --user "admin:{{ admin_pass }}" --header 'Content-Type: application/json' --data '{ + "user" : { + "login" : "Automation", + "password": "{{ automation_pass }}", + "firstname": "SecOps", + "lastname": "Automation", + "mail": "automation2@localhost.local" + } + }' | jq -r '.user.api_key, .user.id' + ) + + automation_api_key=${automation_res[0]} + automation_user_id=${automation_res[1]} + + curl --location --request POST "http://127.0.0.1:3200/playbook/groups/${automation_group}/users.json" \ + --user "admin:{{ admin_pass }}" \ + --header 'Content-Type: application/json' \ + --data "{ + \"user_id\" : ${automation_user_id} + }" + + if (grep -qi "playbook_api_key" $local_salt_dir/pillar/global.sls); then + sed -i "/s/playbook_api_key:.*/playbook_api_key: ${automation_api_key}/g" $local_salt_dir/pillar/global.sls + else + echo " playbook_api_key: ${automation_api_key}" >> $local_salt_dir/pillar/global.sls + fi + fi + ((try_count++)) + sleep "${interval}s" +done + diff --git a/salt/playbook/files/playbook_db_init.sh b/salt/playbook/files/playbook_db_init.sh index 732febff7..9c6766466 100644 --- a/salt/playbook/files/playbook_db_init.sh +++ b/salt/playbook/files/playbook_db_init.sh @@ -1,10 +1,8 @@ #!/bin/bash # {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%} # {%- set admin_pass = salt['pillar.get']('secrets:playbook_admin', None) -%} -# {%- set automation_pass = salt['pillar.get']('secrets:playbook_automation', None) %} default_salt_dir=/opt/so/saltstack/default -local_salt_dir=/opt/so/saltstack/local # Generate salt + hash for admin user admin_salt=$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 32 | head -n 1) @@ -16,34 +14,3 @@ sed -i "s/ADMIN_SALT/${admin_salt}/g" $default_salt_dir/salt/playbook/files/play # Copy file to destination + execute SQL docker cp $default_salt_dir/salt/playbook/files/playbook_db_init.sql so-mysql:/tmp/playbook_db_init.sql docker exec so-mysql /bin/bash -c "/usr/bin/mysql -b -uroot -p{{MYSQLPASS}} < /tmp/playbook_db_init.sql" - -#Create Automation user -automation_group=6 - -mapfile -t automation_res < <( - curl -s --location --request POST 'http://127.0.0.1:3200/playbook/users.json' --user "admin:{{ admin_pass }}" --header 'Content-Type: application/json' --data '{ - "user" : { - "login" : "Automation", - "password": "{{ automation_pass }}", - "firstname": "SecOps", - "lastname": "Automation", - "mail": "automation2@localhost.local" - } - }' | jq -r '.user.api_key, .user.id' -) - -automation_api_key=${automation_res[0]} -automation_user_id=${automation_res[1]} - -curl --location --request POST "http://127.0.0.1:3200/playbook/groups/${automation_group}/users.json" \ - --user "admin:{{ admin_pass }}" \ - --header 'Content-Type: application/json' \ - --data "{ - \"user_id\" : ${automation_user_id} - }" - -if (grep -qi "playbook_api_key" $local_salt_dir/pillar/global.sls); then - sed -i "/s/playbook_api_key:.*/playbook_api_key: ${automation_api_key}/g" $local_salt_dir/pillar/global.sls -else - echo " playbook_api_key: ${automation_api_key}" >> $local_salt_dir/pillar/global.sls -fi \ No newline at end of file diff --git a/setup/so-setup b/setup/so-setup index 9139bcc58..c61da1b1b 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -654,6 +654,11 @@ fi set_progress_str 73 "$(print_salt_state_apply 'playbook')" salt-call state.apply -l info playbook >> $setup_log 2>&1 + + set_progress_str 73 "$(print_salt_state_apply 'playbook.automation_user_create')" + salt-call state.apply -l info playbook.automation_user_create >> $setup_log 2>&1 + + set_progress_str 73 "Update playbook rules" so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 & fi