-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathansible_setup.sh
More file actions
327 lines (295 loc) · 10.7 KB
/
ansible_setup.sh
File metadata and controls
327 lines (295 loc) · 10.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
#!/bin/bash
# test
# Check if at least one host is provided
if [ "$#" -eq 0 ]; then
echo "Usage: $0 hostname1 [hostname2 ... hostnameN]"
exit 1
fi
# Define the variables
inventory_file="$(pwd)/inventory/hosts.yaml"
linux_file="linux.yaml"
bsd_file="bsd.yaml"
win_file="windows.yaml"
man_file="manager.yaml"
got_man=0
private_key=0
win=0
linux=0
bsd=0
os_input=0
# Read in use host file location and store it, otherwise create directory inventory if it doesn't exist
read -p "Where is your hosts file? (Blank for default: $inventory_file): " user_hosts
read -p "Are you using the same user? (y/n): " same_user
read -p "Are you using the same password? (y/n): " same_pass
if [ $same_user == "y" ]; then
read -p "Enter the default user: " user
fi
if [ $same_pass == "y" ]; then
read -p "Enter the default password: " password
fi
if [ ! "$user_hosts" = "" ]; then
inventory_file=$user_hosts
if [ ! -f $inventory_file ]; then
echo "File $inventory_file does not exist"
exit 1
fi
else
if [ ! -d inventory ]; then
mkdir inventory
fi
fi
# Create or overwrite the inventory file
echo -e "linux:" > "$linux_file"
echo -e " hosts:" >> "$linux_file"
echo -e "bsd:" > "$bsd_file"
echo -e " hosts:" >> "$bsd_file"
echo -e "windows:" > "$win_file"
echo -e " hosts:" >> "$win_file"
echo -e "manager:" > "$man_file"
echo -e " hosts:" >> "$man_file"
echo -e "" > $inventory_file
# Check if using private key log in
# Add each host to the inventory file with user-provided details
for host in "$@"; do
os_input=0
while [ $os_input -eq 0 ]; do
read -p "Is '$host' a Linux, Windows, or BSD host? (l/w/b): " os_type
os_type=$(echo "$os_type" | tr '[:upper:]' '[:lower:]') # Convert to lowercase
case "$os_type" in
l|linux)
os_input=1
linux=1
# Gets the ip, ssh username, and the password/private key
read -p "Enter ip address: " ip
if [ $same_user == "n" ]; then
read -p "Enter SSH username: " user
fi
if [ $same_pass == "n" ]; then
read -p "Enter SSH password: " password
fi
# Add that infor to file no matter what
echo -e " $host:" >> $linux_file
echo -e " ansible_host: $ip" >> $linux_file
echo -e " ansible_user: $user" >> $linux_file
read -p "Are you using private key login? (y/n): " priv
if [ "$priv" = "y" ]; then
private_key=1
while true; do
echo -e "Select a private key:\n"
for i in "${!used_priv_keys[@]}"; do
echo "$((i+1))) ${used_priv_keys[i]}"
done
echo -e "n) Enter a new private key path\n"
read -p "Your choice (number or 'n'): " choice
# Check if choice is a number and within the range of used keys
if [[ "$choice" =~ ^[0-9]+$ ]] && [ "$choice" -le "${#used_priv_keys[@]}" ] && [ "$choice" -gt 0 ]; then
priv_path="${used_priv_keys[$((choice-1))]}"
echo "Selected private key: $priv_path"
break
elif [ "$choice" = "n" ]; then
read -e -p "Enter new private key path: " priv_path
priv_path=$(realpath "$priv_path") # Convert to absolute path
if [ -z "$priv_path" ]; then
echo "Skipping private key configuration."
break
elif [ -f "$priv_path" ] && [ -r "$priv_path" ]; then
echo "Private key path is valid."
used_priv_keys+=("$priv_path") # Add the new key path to the array
break
else
echo "Invalid path or file not readable. Please try again."
fi
else
echo "Invalid choice. Please try again."
fi
done
if [ -n "$priv_path" ]; then
# Input information into linux yaml file
echo -e " ansible_private_key_file: $priv_path" >> $linux_file
fi
else
# Input information into linux yaml file
echo -e " ansible_password: $password" >> $linux_file
fi
# Check if the current host is the wazuh manager to add it to the manager group
if [ $got_man -eq 0 ]; then
read -p "Is this the Wazuh Manager? (y/n): " ans
if [ $ans = "y" ]; then
# Only have one wazuh manager
got_man=1
echo -e " $host:" >> $man_file
echo -e " ansible_host: $ip" >> $man_file
echo -e " ansible_user: $user" >> $man_file
# Check if using private key or password for login then input the corresponding info into manager yaml
if [ $private_key -eq "1" ]; then
echo -e " ansible_private_key_file: $priv_path" >> $man_file
else
echo -e " ansible_password: $password" >> $man_file
fi
fi
fi
echo
;;
b|bsd)
bsd=1
os_input=1
# Gets the ip, ssh username, and the password/private key
read -p "Enter ip address: " ip
if [ $same_user == "n" ]; then
read -p "Enter SSH username: " user
fi
if [ $same_pass == "n" ]; then
read -p "Enter SSH password: " password
fi
# Add that infor to file no matter what
echo -e " $host:" >> $bsd_file
echo -e " ansible_host: $ip" >> $bsd_file
echo -e " ansible_user: $user" >> $bsd_file
read -p "Are you using private key login? (y/n): " priv
if [ "$priv" = "y" ]; then
private_key=1
while true; do
echo -e "Select a private key:\n"
for i in "${!used_priv_keys[@]}"; do
echo "$((i+1))) ${used_priv_keys[i]}"
done
echo -e "n) Enter a new private key path\n"
read -p "Your choice (number or 'n'): " choice
# Check if choice is a number and within the range of used keys
if [[ "$choice" =~ ^[0-9]+$ ]] && [ "$choice" -le "${#used_priv_keys[@]}" ] && [ "$choice" -gt 0 ]; then
priv_path="${used_priv_keys[$((choice-1))]}"
echo "Selected private key: $priv_path"
break
elif [ "$choice" = "n" ]; then
read -e -p "Enter new private key path: " priv_path
priv_path=$(realpath "$priv_path") # Convert to absolute path
if [ -z "$priv_path" ]; then
echo "Skipping private key configuration."
break
elif [ -f "$priv_path" ] && [ -r "$priv_path" ]; then
echo "Private key path is valid."
used_priv_keys+=("$priv_path") # Add the new key path to the array
break
else
echo "Invalid path or file not readable. Please try again."
fi
else
echo "Invalid choice. Please try again."
fi
done
if [ -n "$priv_path" ]; then
# Input information into bsd yaml file
echo -e " ansible_private_key_file: $priv_path" >> $bsd_file
fi
else
# Input information into bsd yaml file
echo -e " ansible_password: $password" >> $bsd_file
fi
# Check if the current host is the wazuh manager to add it to the manager group
if [ $got_man -eq 0 ]; then
read -p "Is this the Wazuh Manager? (y/n): " ans
if [ $ans = "y" ]; then
# Only have one wazuh manager
got_man=1
echo -e " $host:" >> $man_file
echo -e " ansible_host: $ip" >> $man_file
echo -e " ansible_user: $user" >> $man_file
# Check if using private key or password for login then input the corresponding info into manager yaml
if [ $private_key -eq "1" ]; then
echo -e " ansible_private_key_file: $priv_path" >> $man_file
else
echo -e " ansible_password: $password" >> $man_file
fi
fi
fi
echo
;;
w|windows)
win=1
os_input=1
# Get the winrm username and password and the ip address to connect to
read -p "Enter ip address: " ip
if [ $same_user == "n" ]; then
read -p "Enter winrm username: " user
fi
if [ $same_pass == "n" ]; then
read -p "Enter winrm password: " password
fi
read -p "Domain cotroller? (true or false): " controller
echo -e " $host:" >> $win_file
echo -e " ansible_host: $ip" >> $win_file
echo -e " ansible_user: $user" >> $win_file
echo -e " ansible_password: $password" >> $win_file
echo -e ' ansible_connection: "winrm"' >> $win_file
echo -e ' ansible_winrm_scheme: "http"' >> $win_file
echo -e ' ansible_port: "5985"' >> $win_file
echo -e ' ansible_winrm_transport: "ntlm"' >> $win_file
echo -e " domain_controller: $controller" >> $win_file
if [ "$controller" == "true" ]; then
sed -i s/dc_ips:/"dc_ips:\n - $ip"/g playbooks/firewall/group_vars/all.yaml
fi
sed -i s/domain_hosts:/"domain_hosts:\n - $host"/g playbooks/firewall/group_vars/all.yaml
echo
;;
*)
echo "Invalid input. Specify 'l' for Linux or 'w' for Windows."
;;
esac
done
done
if [ $win -eq 0 ]; then
cat /dev/null > $win_file
fi
if [ $linux -eq 0 ]; then
cat /dev/null > $linux_file
fi
if [ $bsd -eq 0 ]; then
cat /dev/null > $bsd_file
fi
if [ $got_man -eq 0 ]; then
cat /dev/null > $man_file
fi
# Update/Append the host info into the inventory/hosts file
# yq ea '. as $item ireduce ({}; . * $item )' $inventory_file $linux_file $man_file $win_file > $inventory_file
cat $linux_file >> $inventory_file
cat $bsd_file >> $inventory_file
cat $win_file >> $inventory_file
cat $man_file >> $inventory_file
# Remove intermediate files
rm "$linux_file" "$win_file" "$man_file" "$bsd_file"
echo "Ansible inventory file '$inventory_file' updated successfully."
echo
echo "Installing Ansible Packages..."
echo
# Make sure community.general is installed with ansible
if [ $(ansible-galaxy collection list | grep community\\\.general | wc -l) -eq "0" ]; then
ansible-galaxy collection install community.general
fi
# Make sure ansible.windows is installed with ansible
if [ $(ansible-galaxy collection list | grep ansible\\\.windows | wc -l) -eq "0" ]; then
ansible-galaxy collection install ansible.windows
fi
# Make sure ansible.posix is installed with ansible
if [ $(ansible-galaxy collection list | grep ansible\\\.posix | wc -l) -eq "0" ]; then
ansible-galaxy collection install ansible.posix
fi
echo "Creating ansible.cfg"
echo "[defaults]" > ~/.ansible.cfg
echo "gathering = smart" >> ~/.ansible.cfg
echo "fact_caching = jsonfile" >> ~/.ansible.cfg
echo "fact_caching_connection = /tmp" >> ~/.ansible.cfg
echo "inventory = $inventory_file" >> ~/.ansible.cfg
echo "forks=20" >> ~/.ansible.cfg
echo "" >> ~/.ansible.cfg
echo "" >> ~/.ansible.cfg
echo "[ssh_connection]" >> ~/.ansible.cfg
echo "ssh_args = -o ControlMaster=auto -o ControlPersist=600s" >> ~/.ansible.cfg
echo "host_key_checking = False" >> ~/.ansible.cfg
while true; do
read -p "Enter team ip (blank for done): " ip
if [ ! $ip == "" ]; then
sed -i s/team_ips:/"team_ips:\n - $ip"/g playbooks/firewall/group_vars/all.yaml
else
break
fi
done