From da8bea688b827bb25b2dd8f537294e477d4e3a86 Mon Sep 17 00:00:00 2001 From: frsauvage Date: Thu, 20 May 2021 08:53:12 +0200 Subject: [PATCH] deliverable 2.1.7-devel --- Dockerfiles/Dockerfile-awx_task | 4 +- Dockerfiles/Dockerfile-awx_web | 5 +- Dockerfiles/Dockerfile-zabbix | 6 +- Dockerfiles/Dockerfile-zabbix-agent | 3 +- Dockerfiles/Dockerfile-zabbix-web | 6 +- Dockerfiles/ansible.env | 11 +- Dockerfiles/loginModal.partial.html | 2 +- Dockerfiles/zabbix.env | 11 +- add_awx_playbooks.sh | 2 +- .../inventory/get_ntp_server_ip_and_sync.yml | 70 +++++++ .../inventory/set_ntp_server_ip_and_sync.yml | 64 +++++++ ansible/playbooks/playbooks.yml | 18 +- ansible/readme.md | 54 +++--- build_awx.sh | 2 +- build_zabbix.sh | 2 +- docker_compose_awx_from_atos_dockerhub.yml | 12 +- install_awx.sh | 11 +- install_awx_from_atos_dockerhub.sh | 2 +- install_zabbix.sh | 12 +- install_zabbix_from_atos_dockerhub.sh | 2 +- remove_awx_containers_and_images.sh | 179 ++++++++++++++++++ remove_zabbix_containers_and_images.sh | 160 ++++++++++++++++ set_external_vars.py | 8 + uninstall.sh | 4 +- versions.sh | 2 +- zabbix/readme.md | 58 +++--- .../template-atos_openbmc-host-zbxv4.xml | 2 +- .../template-atos_openbmc-lld-zbxv4.xml | 2 +- .../template-atos_openbmc-rsyslog-zbxv4.xml | 2 +- 29 files changed, 611 insertions(+), 105 deletions(-) create mode 100644 ansible/playbooks/openbmc/inventory/get_ntp_server_ip_and_sync.yml create mode 100644 ansible/playbooks/openbmc/inventory/set_ntp_server_ip_and_sync.yml create mode 100755 remove_awx_containers_and_images.sh create mode 100755 remove_zabbix_containers_and_images.sh diff --git a/Dockerfiles/Dockerfile-awx_task b/Dockerfiles/Dockerfile-awx_task index f9b6e20..e4df8e5 100644 --- a/Dockerfiles/Dockerfile-awx_task +++ b/Dockerfiles/Dockerfile-awx_task @@ -4,12 +4,10 @@ ARG TAG_AWX=9.0.1 ARG MISM_BULLSEQUANA_EDGE_VERSION FROM $REGISTRY/$BASE_IMAGE_AWX_TASK:$TAG_AWX -#set base image -#FROM ansible/awx_task:9.0.1 USER root -ENV MISM_BULLSEQUANA_EDGE_VERSION=2.1.6 +ENV MISM_BULLSEQUANA_EDGE_VERSION=2.1.7-devel COPY ansible.credentials.py /etc/tower/conf.d/credentials.py COPY ansible.env /etc/tower/conf.d/environment.sh diff --git a/Dockerfiles/Dockerfile-awx_web b/Dockerfiles/Dockerfile-awx_web index e6c8651..ba4f3ab 100644 --- a/Dockerfiles/Dockerfile-awx_web +++ b/Dockerfiles/Dockerfile-awx_web @@ -5,12 +5,9 @@ ARG MISM_BULLSEQUANA_EDGE_VERSION FROM $REGISTRY/$BASE_IMAGE_AWX_WEB:$TAG_AWX -#set base image -#FROM ansible/awx_web:9.0.1 - USER root -ENV MISM_BULLSEQUANA_EDGE_VERSION=2.1.6 +ENV MISM_BULLSEQUANA_EDGE_VERSION=2.1.7-devel # security COPY ansible.credentials.py /etc/tower/conf.d/credentials.py diff --git a/Dockerfiles/Dockerfile-zabbix b/Dockerfiles/Dockerfile-zabbix index 99fa97c..1ef6fb0 100644 --- a/Dockerfiles/Dockerfile-zabbix +++ b/Dockerfiles/Dockerfile-zabbix @@ -1,15 +1,13 @@ ARG REGISTRY=zabbix ARG BASE_IMAGE_ZABBIX=zabbix-server-pgsql ARG TAG_ZABBIX=centos-4.4.1 +ARG MISM_BULLSEQUANA_EDGE_VERSION FROM $REGISTRY/$BASE_IMAGE_ZABBIX:$TAG_ZABBIX -#set base image -#FROM zabbix/zabbix-server-pgsql:centos-4.4.1 - USER root -ENV MISM_BULLSEQUANA_EDGE_VERSION=2.1.6 +ENV MISM_BULLSEQUANA_EDGE_VERSION=2.1.7-devel ENV PYTHONWARNINGS="ignore:Unverified HTTPS request" diff --git a/Dockerfiles/Dockerfile-zabbix-agent b/Dockerfiles/Dockerfile-zabbix-agent index 00e0d00..934a255 100644 --- a/Dockerfiles/Dockerfile-zabbix-agent +++ b/Dockerfiles/Dockerfile-zabbix-agent @@ -1,12 +1,13 @@ ARG REGISTRY=zabbix ARG BASE_IMAGE_ZABBIX_AGENT=zabbix-agent ARG TAG_ZABBIX=centos-4.4.1 +ARG MISM_BULLSEQUANA_EDGE_VERSION FROM $REGISTRY/$BASE_IMAGE_ZABBIX_AGENT:$TAG_ZABBIX USER root -ENV MISM_BULLSEQUANA_EDGE_VERSION=2.1.6 +ENV MISM_BULLSEQUANA_EDGE_VERSION=2.1.7-devel ENV PYTHONWARNINGS="ignore:Unverified HTTPS request" diff --git a/Dockerfiles/Dockerfile-zabbix-web b/Dockerfiles/Dockerfile-zabbix-web index 0df9429..fd1d4c4 100644 --- a/Dockerfiles/Dockerfile-zabbix-web +++ b/Dockerfiles/Dockerfile-zabbix-web @@ -1,13 +1,11 @@ ARG REGISTRY=zabbix ARG BASE_IMAGE_ZABBIX_WEB=zabbix-web-nginx-pgsql ARG TAG_ZABBIX=centos-4.4.1 +ARG MISM_BULLSEQUANA_EDGE_VERSION FROM $REGISTRY/$BASE_IMAGE_ZABBIX_WEB:$TAG_ZABBIX -#set base image -#FROM zabbix/zabbix-web-nginx-pgsql:centos-4.4.1 - -ENV MISM_BULLSEQUANA_EDGE_VERSION=2.1.6 +ENV MISM_BULLSEQUANA_EDGE_VERSION=2.1.7-devel COPY items.inc.php /usr/share/zabbix/include/ COPY logo-header.svg /usr/share/zabbix/assets/img/ diff --git a/Dockerfiles/ansible.env b/Dockerfiles/ansible.env index ea46908..6424795 100644 --- a/Dockerfiles/ansible.env +++ b/Dockerfiles/ansible.env @@ -22,9 +22,8 @@ POSTGRES_USER=mism POSTGRES_PASSWORD=mismpass POSTGRES_DB=mism -NO_PROXY=127.0.0.1,localhost,172.31.130.224,172.31.60.18,172.31.92.239,172.31.100.156,172.31.60.18,172.31.92.249,172.31.92.222,172.31.92.44,172.31.92.34,webserver,0.0.0.0:9090,0.0.0.0,ansible,awx,rabbitmq,postgres,memcached,elasticsearch,kibana,logstash,filebeat,metricbeat,heartbeat,auditbeat,grafana,prometheus,172.31.130.224,172.31.60.18,172.31.92.239,172.31.100.156,172.31.60.18,172.31.92.249,172.31.92.222,172.31.92.44,172.31.92.34,172.31.120.11,172.31.120.13,172.31.93.233,172.31.92.65,172.31.92.66,172.31.92.67,172.31.92.68,172.31.92.104,172.31.92.104,172.31.92.171,172.31.120.203,172.31.92.121,172.31.92.161 -no_proxy=127.0.0.1,localhost,172.31.130.224,172.31.60.18,172.31.92.239,172.31.100.156,172.31.60.18,172.31.92.249,172.31.92.222,172.31.92.44,172.31.92.34,webserver,0.0.0.0:9090,0.0.0.0,ansible,awx,rabbitmq,postgres,memcached,elasticsearch,kibana,logstash,filebeat,metricbeat,heartbeat,auditbeat,grafana,prometheus,172.31.130.224,172.31.60.18,172.31.92.239,172.31.100.156,172.31.60.18,172.31.92.249,172.31.92.222,172.31.92.44,172.31.92.34,172.31.120.11,172.31.120.13,172.31.93.233,172.31.92.65,172.31.92.66,172.31.92.67,172.31.92.68,172.31.92.104,172.31.92.104,172.31.92.171,172.31.120.203,172.31.92.121,172.31.92.161 -HTTP_PROXY=http://193.56.47.20:8080 -http_proxy=http://193.56.47.20:8080 -HTTPS_PROXY=http://193.56.47.20:8080 -https_proxy=http://193.56.47.20:8080 +NO_PROXY=127.0.0.1,localhost,172.31.130.224,172.31.60.18,172.31.92.239,172.31.100.156,172.31.60.18,172.31.92.249,172.31.92.222,172.31.92.44,172.31.92.34,webserver,0.0.0.0:9090,0.0.0.0,ansible,awx,rabbitmq,postgres,memcached,elasticsearch,kibana,logstash,filebeat,metricbeat,heartbeat,auditbeat,grafana,prometheus,172.31.130.224,172.31.60.18,172.31.92.239,172.31.100.156,172.31.60.18,172.31.92.249,172.31.92.222,172.31.92.44,172.31.92.34,172.31.120.11,172.31.120.13,172.31.93.233,172.31.92.65,172.31.92.66,172.31.92.67,172.31.92.68,172.31.92.104,172.31.92.104,172.31.92.171 +HTTP_PROXY=http://193.56.47.8:8080/ +http_proxy=http://193.56.47.8:8080/ +HTTPS_PROXY=http://193.56.47.8:8080/ +https_proxy=http://193.56.47.8:8080/ diff --git a/Dockerfiles/loginModal.partial.html b/Dockerfiles/loginModal.partial.html index a4ab71d..5febffa 100644 --- a/Dockerfiles/loginModal.partial.html +++ b/Dockerfiles/loginModal.partial.html @@ -110,7 +110,7 @@
- version: 2.1.6 + version: 2.1.7-devel
diff --git a/Dockerfiles/zabbix.env b/Dockerfiles/zabbix.env index f9b2a6b..d22158b 100644 --- a/Dockerfiles/zabbix.env +++ b/Dockerfiles/zabbix.env @@ -18,9 +18,8 @@ ZBX_TIMEOUT=9 # ZBX_UNAVAILABLEDELAY=60 # ZBX_UNREACHABLEDELAY=15 -NO_PROXY=127.0.0.1,localhost,172.31.130.224,172.31.60.18,172.31.92.239,172.31.100.156,172.31.60.18,172.31.92.249,172.31.92.222,172.31.92.44,172.31.92.34,webserver,0.0.0.0:9090,0.0.0.0,ansible,awx,rabbitmq,postgres,memcached,elasticsearch,kibana,logstash,filebeat,metricbeat,heartbeat,auditbeat,grafana,prometheus,172.31.130.224,172.31.60.18,172.31.92.239,172.31.100.156,172.31.60.18,172.31.92.249,172.31.92.222,172.31.92.44,172.31.92.34,172.31.120.11,172.31.120.13,172.31.93.233,172.31.92.65,172.31.92.66,172.31.92.67,172.31.92.68,172.31.92.104,172.31.92.104,172.31.92.171,172.31.120.203,172.31.92.121,172.31.92.161 -no_proxy=127.0.0.1,localhost,172.31.130.224,172.31.60.18,172.31.92.239,172.31.100.156,172.31.60.18,172.31.92.249,172.31.92.222,172.31.92.44,172.31.92.34,webserver,0.0.0.0:9090,0.0.0.0,ansible,awx,rabbitmq,postgres,memcached,elasticsearch,kibana,logstash,filebeat,metricbeat,heartbeat,auditbeat,grafana,prometheus,172.31.130.224,172.31.60.18,172.31.92.239,172.31.100.156,172.31.60.18,172.31.92.249,172.31.92.222,172.31.92.44,172.31.92.34,172.31.120.11,172.31.120.13,172.31.93.233,172.31.92.65,172.31.92.66,172.31.92.67,172.31.92.68,172.31.92.104,172.31.92.104,172.31.92.171,172.31.120.203,172.31.92.121,172.31.92.161 -HTTP_PROXY=http://193.56.47.20:8080 -http_proxy=http://193.56.47.20:8080 -HTTPS_PROXY=http://193.56.47.20:8080 -https_proxy=http://193.56.47.20:8080 +NO_PROXY=127.0.0.1,localhost,172.31.130.224,172.31.60.18,172.31.92.239,172.31.100.156,172.31.60.18,172.31.92.249,172.31.92.222,172.31.92.44,172.31.92.34,webserver,0.0.0.0:9090,0.0.0.0,ansible,awx,rabbitmq,postgres,memcached,elasticsearch,kibana,logstash,filebeat,metricbeat,heartbeat,auditbeat,grafana,prometheus,172.31.130.224,172.31.60.18,172.31.92.239,172.31.100.156,172.31.60.18,172.31.92.249,172.31.92.222,172.31.92.44,172.31.92.34,172.31.120.11,172.31.120.13,172.31.93.233,172.31.92.65,172.31.92.66,172.31.92.67,172.31.92.68,172.31.92.104,172.31.92.104,172.31.92.171 +HTTP_PROXY=http://193.56.47.8:8080/ +http_proxy=http://193.56.47.8:8080/ +HTTPS_PROXY=http://193.56.47.8:8080/ +https_proxy=http://193.56.47.8:8080/ diff --git a/add_awx_playbooks.sh b/add_awx_playbooks.sh index 5d83a00..5b92828 100755 --- a/add_awx_playbooks.sh +++ b/add_awx_playbooks.sh @@ -1,6 +1,6 @@ #!/bin/sh -export MISM_BULLSEQUANA_EDGE_PLAYBOOKS_VERSION=2.1.6 +export MISM_BULLSEQUANA_EDGE_PLAYBOOKS_VERSION=2.1.7-devel ################################################################################################################### # passwords.yml diff --git a/ansible/playbooks/openbmc/inventory/get_ntp_server_ip_and_sync.yml b/ansible/playbooks/openbmc/inventory/get_ntp_server_ip_and_sync.yml new file mode 100644 index 0000000..e8a397f --- /dev/null +++ b/ansible/playbooks/openbmc/inventory/get_ntp_server_ip_and_sync.yml @@ -0,0 +1,70 @@ +--- +- hosts: all + connection: local + name: Get NTP Server IP and Sync Method + gather_facts: False + vars_files: + - "{{ ANSIBLE_EXTERNAL_VARS }}" + - "{{ ANSIBLE_PASSWORDS }}" + + tasks: + + - name: validate ntp_server_ip variable + assert: + that: + - ntp_server_ip is defined + - ntp_server_ip |default(None) + fail_msg: "The variable ntp_server_ip is NOT defined in inventory (AWX) or vars/external_vars file (Ansible). See readme.md for more details." + success_msg: "The variable ntp_server_ip is defined" + run_once: true + + - name: validate ntp_server_sync variable + assert: + that: + - ntp_server_sync is defined + - ntp_server_sync |default(None) + fail_msg: "The variable ntp_server_sync is NOT defined in inventory (AWX) or vars/external_vars file (Ansible). See readme.md for more details." + success_msg: "The variable ntp_server_sync is defined" + run_once: true + + - debug: + msg: "ntp server ip in vars file = {{ ntp_server_ip }}" + when: ntp_server_ip is defined + run_once: true + + - debug: + msg: "ntp server sync in vars file = {{ ntp_server_sync }}" + when: ntp_server_sync is defined + run_once: true + + - include_tasks: ../utils/utils_create_token.yml + + - name: get NTP Server IP + uri: + url: https://{{ baseuri }}/xyz/openbmc_project/network/eth0/attr/NTPServers + method: GET + validate_certs: no + headers: + X-Auth-Token: "{{ x_token }}" + register: result_ntp_server_ip + + - name: get NTP Server Sync + uri: + url: https://{{ baseuri }}/xyz/openbmc_project/time/sync_method/attr/TimeSyncMethod + method: GET + validate_certs: no + headers: + X-Auth-Token: "{{ x_token }}" + register: result_ntp_server_sync + + - set_fact: + address_ip: "{{ result_ntp_server_ip.json.data }}" + + - set_fact: + sync: "{{ result_ntp_server_sync.json.data }}" + + - name: debug NTP Server Ip and Sync + debug: + msg: "NTP Ip = {{address_ip}} / Sync method = {{sync}}" + when: address_ip is defined and sync is defined + diff --git a/ansible/playbooks/openbmc/inventory/set_ntp_server_ip_and_sync.yml b/ansible/playbooks/openbmc/inventory/set_ntp_server_ip_and_sync.yml new file mode 100644 index 0000000..8f4858e --- /dev/null +++ b/ansible/playbooks/openbmc/inventory/set_ntp_server_ip_and_sync.yml @@ -0,0 +1,64 @@ +--- +- hosts: all + connection: local + name: Set NTP Server Ip and Sync + gather_facts: False + vars_files: + - "{{ ANSIBLE_EXTERNAL_VARS }}" + - "{{ ANSIBLE_PASSWORDS }}" + + tasks: + + - name: validate ntp_server_ip variable + assert: + that: + - ntp_server_ip is defined + - ntp_server_ip |default(None) + fail_msg: "The variable ntp_server_ip is NOT defined in inventory (AWX) or vars/external_vars file (Ansible). See readme.md for more details." + success_msg: "The variable ntp_server_ip is defined" + run_once: true + + - debug: + msg: "NTP server ip = {{ ntp_server_ip }}" + when: ntp_server_ip is defined + run_once: true + + - name: validate ntp_server_sync variable + assert: + that: + - ntp_server_sync is defined + - ntp_server_sync |default(None) + fail_msg: "The variable ntp_server_sync is NOT defined in inventory (AWX) or vars/external_vars file (Ansible). See readme.md for more details." + success_msg: "The variable ntp_server_sync is defined" + run_once: true + + - debug: + msg: "ntp server sync in vars file = {{ ntp_server_sync }}" + when: ntp_server_sync is defined + run_once: true + + - include_tasks: ../utils/utils_create_token.yml + + - name: set NTP Server Ip + uri: + url: https://{{ baseuri }}/xyz/openbmc_project/network/eth0/attr/NTPServers + method: PUT + validate_certs: no + headers: + X-Auth-Token: "{{ x_token }}" + body_format: json + body: + data: "{{ ntp_server_ip }}" + register: result_ntp_server_ip + + - name: set NTP Server Sync + uri: + url: https://{{ baseuri }}/xyz/openbmc_project/time/sync_method/attr/TimeSyncMethod + method: PUT + validate_certs: no + headers: + X-Auth-Token: "{{ x_token }}" + body_format: json + body: + data: "{{ ntp_server_sync }}" + register: result_ntp_server_sync diff --git a/ansible/playbooks/playbooks.yml b/ansible/playbooks/playbooks.yml index f46ea75..e78941a 100644 --- a/ansible/playbooks/playbooks.yml +++ b/ansible/playbooks/playbooks.yml @@ -12,7 +12,7 @@ inventories: hosts: - name: variables: '{ "baseuri": "{{inventory_hostname}}", "username": "", "password": "{{ here_your_encryted_password_variable }}" }' - variables: '{ "ANSIBLE_PASSWORDS": "/etc/ansible/vars/passwords.yml", "technical_state_path": "/host/mnt", "forceoff": True, "reboot": True, "rsyslog_server_ip": "0.0.0.0", "rsyslog_server_port": 514, "reboot_countdown": "2", "poweron_countdown": "5", "activating_countdown": "30", "poweroff_countdown": "5" , "reboot_maxretries": "10", "poweron_maxretries": "10", "activating_maxretries": "10", "poweroff_maxretries": "10", token_timeout: "5" }' + variables: '{ "ANSIBLE_PASSWORDS": "/etc/ansible/vars/passwords.yml", "technical_state_path": "/host/mnt", "forceoff": True, "reboot": True, "ntp_server_ip": "127.0.0.1", "ntp_server_sync": 604800, "rsyslog_server_ip": "0.0.0.0", "rsyslog_server_port": 514, "reboot_countdown": "2", "poweron_countdown": "5", "activating_countdown": "30", "poweroff_countdown": "5" , "reboot_maxretries": "10", "poweron_maxretries": "10", "activating_maxretries": "10", "poweroff_maxretries": "10", token_timeout: "5" }' credentials: - name: Bull Sequana Edge Vault @@ -207,6 +207,22 @@ job_templates: playbook: inventory/get_sensors.yml job-type: run verbosity: 0 + - name: NTP Server IP and Sync Method + description: Get NTP Server IP and Sync Method + inventory: BullSequana Edge Inventory + project: BullSequana Edge Playbooks + playbook: inventory/get_ntp_server_ip_and_sync.yml + job-type: run + verbosity: 0 + - name: Set Server IP and Sync Method + description: Set Server IP and Sync Method + inventory: BullSequana Edge Inventory + project: BullSequana Edge Playbooks + playbook: inventory/set_ntp_server_ip_and_sync.yml + job-type: run + verbosity: 0 + extra_vars: ["ntp_server_ip:, ntp_server_sync:604800"] + ask_variables_on_launch: 1 - name: System description: Get System inventory: BullSequana Edge Inventory diff --git a/ansible/readme.md b/ansible/readme.md index 2fdd0b0..cae4b70 100644 --- a/ansible/readme.md +++ b/ansible/readme.md @@ -67,8 +67,10 @@ Optionaly, 2 ready-to-go AWX-Ansible images are available on Dockerhub - `Get System`: Get BullSequana Edge System information - `Check Rsyslog Server IP and Port`: Compare Rsyslog Server IP and Port to variables defined in inventory - `Rsyslog Server IP and Port`: Get BullSequana Edge Rsyslog IP and Port +- `NTP Server Ip and Sync`: NTP Server Ip and Sync - `Set Rsyslog Server IP`: Set Rsyslog BullSequana Edge IP - `Set Rsyslog Server Port: `Set Rsyslog BullSequana Edge Port +- `Set NTP Server Ip and Sync`: Set BullSequana Edge Server Ip and Sync - `Immediate Shutdown`: Request an Immediate Shutdown - `Check BMC alive`: Check if BullSequana Edge device is alive - `Check Power Off`: Check if BullSequana Edge host is powered off @@ -124,9 +126,9 @@ Just choose your favorite installation for your environment For more information about dockerhub installation Visit https://hub.docker.com/repository/docker/atosorigin/bull-sequana-edge-awx-web -![#9ECBFF](https://placehold.it/15/9ECBFF/000000?text=+) Best Practice: remove useless install, stop and start scripts -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning: atosorigin dockerhub images have no warranty, do not use in production -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) Info: if tar files are not present, images are loaded from internet +:thumbsup: Best Practice: remove useless install, stop and start scripts +:warning: Warning: atosorigin dockerhub images have no warranty, do not use in production +:earth_americas: Info: if tar files are not present, images are loaded from internet ### access your dashboard run a browser with: ` https://` @@ -159,7 +161,7 @@ You should have now: ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/awx_inventory.png) -*Don't forget to copy/paste baseuri in every host as is `baseuri: {{inventory_hostname}}` +**Don't forget to copy/paste baseuri in every host as is** `baseuri: {{inventory_hostname}}` Optionally, your can import hosts from ansible: [See how to export ansible inventory hosts file to awx inventory section](#howto_export_inventory) Optionally, your can detect hosts with nmap inventory script: [See nmap in Command line section](#howto_nmap) @@ -260,7 +262,7 @@ The *add_awx_playbooks.sh* script already creates a vault for you and associates The default *Bull Sequana Edge Vault* has intentionaly NO password, so you should define your own password -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning : You should remember your vault password +:warning: Warning : You should remember your vault password 1. go to AWX Credentials 2. select *Bull Sequana Edge Vault* @@ -270,10 +272,10 @@ The default *Bull Sequana Edge Vault* has intentionaly NO password, so you shoul 4. save your change ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/vault_id.png) -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) Info: The vault-id can be used in ansible command line +:lock: Info: The vault-id can be used in ansible command line ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/vault_ansible_id.png) -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) Info: If you forget to change vault AWX vault credential, you have the following run error +:lock: Info: If you forget to change vault AWX vault credential, you have the following run error ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/awx_credential_vault_failed.png) #### - generate your passwords @@ -331,7 +333,7 @@ If you already have an Ansible installation, you can just install ansible playbo `pip3 install pycryptodome` `pip3 install ansible-vault` -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning: If you already changed default ansible directories, you should adapt the target directories of the install_playbooks_and_plugins.sh scrit as needed +:warning: Warning: If you already changed default ansible directories, you should adapt the target directories of the install_playbooks_and_plugins.sh scrit as needed Check your ansible python version: `ansible --version` @@ -345,7 +347,7 @@ Bull Sequana Edge Ansible Extensions has three docker installers: Just choose yo 2. `/install_awx.sh` build and run from local Dockerfile that you can adapt => use stop_awx.sh and start_awx.sh after 3. `/install_awx_from_dockerhub.sh` download and run atosorigin dockerhub images => use stop_awx.sh and start_awx.sh after -![#9ECBFF](https://placehold.it/15/9ECBFF/000000?text=+) Best Practice: remove useless install, stop and start scripts +:thumbsup: Best Practice: remove useless install, stop and start scripts ### how to change ansible configuration Here is the basic configuration for ansible: @@ -354,7 +356,7 @@ inventory = /etc/ansible/inventory/hosts file variables = /ansible/vars/external_vars.yml file encrypted passwords = /ansible/vars/passwords.yml file -![#9ECBFF](https://placehold.it/15/9ECBFF/000000?text=+) With docker installation, for all CLI commands like *ansible* or *ansible-playbook*, you should be logged on a docker awx_web container: [See How to log on a docker container](#howto_docker_logon) +:computer: Info: With docker installation, for all CLI commands like *ansible* or *ansible-playbook*, you should be logged on a docker awx_web container: [See How to log on a docker container](#howto_docker_logon) ### how to add a host in ansible inventory 1. edit /ansible/inventory/hosts file @@ -382,7 +384,7 @@ For test purpose, you can always use a clear password in your *hosts* file 2. go to your playbook directory 3. execute ansible-playbook command with appropriate parameters and desired playbook -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning : --vault-id bullsequana_edge_password@ is mandatory if you use vault credentials +:warning: Warning : --vault-id bullsequana_edge_password@ is mandatory if you use vault credentials ** ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/ansible_playbook_vault_id.png) @@ -432,7 +434,7 @@ To summarize, two main possibilities: 2. In the appropriate external_vars file /ansible/vars/external_vars.yml, uncomment and set the desired variable : `your_variable: your_value` -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning : You can set extra variables differently but care the precedence order +:warning: Warning : You can set extra variables differently but care the precedence order ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/precedence_order.png) Best site that explain variable orders and conflicts: Visit https://subscription.packtpub.com/book/networking_and_servers/9781787125681/1/ch01lvl1sec13/variable-precedence @@ -508,7 +510,7 @@ ansible-playbook set_rsyslog_server_port.yml ex: [root@awx logs]# ansible-playbook set_rsyslog_server_port.yml -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning : default rsyslog IP address is a fake +:warning: Warning : default rsyslog IP address is a fake - rsyslog_server_ip: 0.0.0.0 - rsyslog_server_port: 514 @@ -688,7 +690,7 @@ You can see your PROXY environment while starting up your AWX: ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/proxy.png) -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) If your bullsequana edge IP address is not declared in proxy: You may need to add your bullsequana edge IP address in your NO_PROXY configuration to bypass the proxy +:computer: Info: If your bullsequana edge IP address is not declared in proxy: You may need to add your bullsequana edge IP address in your NO_PROXY configuration to bypass the proxy ``` export NO_PROXY=",$NO_PROXY" @@ -711,7 +713,7 @@ If you don't want to use the host configuration for XX_PROXY environment variabl ... ``` -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Info: If you change a XXX_PROXY env variable, you should restart the containers : +:computer: Info: If you change a XXX_PROXY env variable, you should restart the containers : ``` ./stop.sh or ./stop_awx.sh @@ -743,7 +745,7 @@ For any reason, if you really need to adapt the 'volumes' mapping, follow the in /tmp:/tmp => do NOT map /tmp directory => it change AWX behavior /:/ => NO sens ``` -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Info: Be careful to change both awx_web and awx_task docker containers and to adapt the technical_state_path variable of your inventory +:no_entry: Warning: Be careful to change both awx_web and awx_task docker containers and to adapt the technical_state_path variable of your inventory `technical_state_path: /mnt` @@ -783,7 +785,7 @@ awx_postgres memcached rabbitmq -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) Info: tower-cli is installed on awx_web. You can use any tower-cli command. For more info Visit https://docs.ansible.com/ansible-tower/latest/html/towerapi/index.html +:computer: Info: tower-cli is installed on awx_web. You can use any tower-cli command. For more info Visit https://docs.ansible.com/ansible-tower/latest/html/towerapi/index.html examples ``` @@ -801,7 +803,7 @@ If you need to adapt a Dockerfile in Dockerfiles directory: ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/dockerfiles_tag_latest.png) -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning: if you change MISM_TAG_BULLSEQUANA_EDGE_VERSION=**tag** to MISM_TAG_BULLSEQUANA_EDGE_VERSION=**latest**, you should use Dockerfile-xxx.**latest** files +:warning: Warning: if you change MISM_TAG_BULLSEQUANA_EDGE_VERSION=**tag** to MISM_TAG_BULLSEQUANA_EDGE_VERSION=**latest**, you should use Dockerfile-xxx.**latest** files if you need to adapt the versions: 1. edit versions.sh and adapt it @@ -815,7 +817,7 @@ if you need to adapt the versions: - versions **latest** ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/versions_latest.png) -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning: do *NOT* forget to comment the remove-xxx-containers.sh line at the beginning of the install-xxx script +:warning: Warning: do *NOT* forget to comment the remove-xxx-containers.sh line at the beginning of the install-xxx script ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/comment_remove.png) @@ -850,7 +852,7 @@ You should replace " password= " in your hosts file ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/your_ansible_password_in_host.png) -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) Info: you should run your playbooks with *--ask-vault-pass* or *--vault-id* in command line (alternatively you can indicate a vault_password_file in your ansible.cfg : See next section) +:lock: Info: you should run your playbooks with *--ask-vault-pass* or *--vault-id* in command line (alternatively you can indicate a vault_password_file in your ansible.cfg : See next section) *--ask-vault-pass* @@ -860,11 +862,11 @@ or alternatively *--vault-id* ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/ansible_prompt_vault_id.png) -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning: If you do *NOT* add --vault-id followed by bull_sequana_edge_password vault identifier, you will have the following error: *no vault secrets found* +:warning: Warning: If you do *NOT* add --vault-id followed by bull_sequana_edge_password vault identifier, you will have the following error: *no vault secrets found* ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/error_secure_password.png) -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) Info: you should install optional prerequisites => See [install ansible locally](#install_locally) +:lock: Info: you should install optional prerequisites => See [install ansible locally](#install_locally) ### add a Ansible vault password file The previous chapter create only encrypted variables in a vault-id named *bullsequana_edge_password*. @@ -878,7 +880,7 @@ The following steps is an example of how to create a file that contains the vaul ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/protected_secret_file.png) -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning: If you want to be compatible with AWX vault-id, you need to name the vault password file with the vault password id : *bullsequana_edge_password* +:warning: Warning: If you want to be compatible with AWX vault-id, you need to name the vault password file with the vault password id : *bullsequana_edge_password* 2. edit your *ansible.cfg* file 3. uncomment the vault_password_file section @@ -891,9 +893,9 @@ The following steps is an example of how to create a file that contains the vaul you can now generate as many encrypted password variables as needed and play your playbooks without been prompted to the vault password -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning: Vault password is in clear inside, care to protect strongly the file or prefer python script to provide vault password +:warning: Warning: Vault password is in clear inside, care to protect strongly the file or prefer python script to provide vault password -![#9ECBFF](https://placehold.it/15/9ECBFF/000000?text=+) Best Practice: Vault passwords could be retrieved from python script. For more information See https://docs.ansible.com/ansible/latest/user_guide/vault.html +:thumbsup: Best Practice: Vault passwords could be retrieved from python script. For more information See https://docs.ansible.com/ansible/latest/user_guide/vault.html ### remove an encrypted password 1. edit the file /ansible/vars/passwords.yml @@ -942,7 +944,7 @@ You should replace your " password:" in your inventory / hosts VARIABLES part: ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/ansible/doc/your_awx_password_in_host.png) ## Warning for updates -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Never change original playbooks => duplicate playbooks +:warning: Never change original playbooks => duplicate playbooks You can use the directory ansible/playbooks to add your own playbooks. diff --git a/build_awx.sh b/build_awx.sh index e943f59..04f3bf0 100755 --- a/build_awx.sh +++ b/build_awx.sh @@ -24,7 +24,7 @@ while true; do done #. ./check_prerequisites.sh -#. ./remove_awx_containers.sh +#. ./remove_awx_containers_and_images.sh . ./versions.sh echo "building BullSequana Edge Ansible AWX containers and images ...." diff --git a/build_zabbix.sh b/build_zabbix.sh index b0bdd89..77343c7 100755 --- a/build_zabbix.sh +++ b/build_zabbix.sh @@ -22,7 +22,7 @@ while true; do done #. ./check_prerequisites.sh -#. ./remove_zabbix_containers.sh +#. ./remove_zabbix_containers_and_images.sh . ./versions.sh echo "building BullSequana Edge Zabbix containers and images ...." diff --git a/docker_compose_awx_from_atos_dockerhub.yml b/docker_compose_awx_from_atos_dockerhub.yml index aba6980..8f5eae1 100644 --- a/docker_compose_awx_from_atos_dockerhub.yml +++ b/docker_compose_awx_from_atos_dockerhub.yml @@ -20,11 +20,11 @@ services: - ./ansible/vars:/etc/ansible/vars:rw # - ./ansible/plugins/inventory/redfish_plugin_ansible_inventory.yml:/usr/lib/python2.7/site-packages/ansible/plugins/inventory/redfish_plugin_ansible_inventory.yml - ./ansible/plugins/inventory/redfish_plugin_ansible_inventory.yml:/usr/share/ansible/plugins/inventory/redfish_plugin_ansible_inventory.yml - - ./ansible/plugins/inventory/redfish_plugin_ansible_inventory.py:/usr/lib/python2.7/site-packages/ansible/plugins/inventory/redfish_plugin_ansible_inventory.py + - ./ansible/plugins/inventory/redfish_plugin_ansible_inventory.py:/usr/lib/python3.6/site-packages/ansible/plugins/inventory/redfish_plugin_ansible_inventory.py # - ./ansible/plugins/inventory/:/usr/share/ansible/plugins/inventory - ./ansible/plugins/callback/ansible_stdout_compact_logger:/usr/share/ansible/plugins/callback/ansible_stdout_compact_logger - - ./ansible/plugins/modules/remote_management/openbmc/atos_openbmc.py:/usr/lib/python2.7/site-packages/ansible/modules/remote_management/openbmc/atos_openbmc.py:ro - - ./ansible/plugins/modules/remote_management/openbmc/atos_openbmc_utils.py:/usr/lib/python2.7/site-packages/ansible/module_utils/atos_openbmc_utils.py:ro + - ./ansible/plugins/modules/remote_management/openbmc/atos_openbmc.py:/usr/lib/python3.6/site-packages/ansible/modules/remote_management/openbmc/atos_openbmc.py:ro + - ./ansible/plugins/modules/remote_management/openbmc/atos_openbmc_utils.py:/usr/lib/python3.6/site-packages/ansible/module_utils/atos_openbmc_utils.py:ro - ./ansible/awx-ssl:/var/lib/awx-ssl:rw - /:/host:ro env_file: @@ -48,11 +48,11 @@ services: - ./ansible/inventory:/etc/ansible:rw - ./ansible/vars:/etc/ansible/vars:rw - ./ansible/plugins/inventory/redfish_plugin_ansible_inventory.yml:/usr/share/ansible/plugins/inventory/redfish_plugin_ansible_inventory.yml - - ./ansible/plugins/inventory/redfish_plugin_ansible_inventory.py:/usr/lib/python2.7/site-packages/ansible/plugins/inventory/redfish_plugin_ansible_inventory.py + - ./ansible/plugins/inventory/redfish_plugin_ansible_inventory.py:/usr/lib/python3.6/site-packages/ansible/plugins/inventory/redfish_plugin_ansible_inventory.py # - ./ansible/plugins/inventory/:/usr/share/ansible/plugins/inventory - ./ansible/plugins/callback/ansible_stdout_compact_logger:/usr/share/ansible/plugins/callback/ansible_stdout_compact_logger - - ./ansible/plugins/modules/remote_management/openbmc/atos_openbmc.py:/usr/lib/python2.7/site-packages/ansible/modules/remote_management/openbmc/atos_openbmc.py:ro - - ./ansible/plugins/modules/remote_management/openbmc/atos_openbmc_utils.py:/usr/lib/python2.7/site-packages/ansible/module_utils/atos_openbmc_utils.py:ro + - ./ansible/plugins/modules/remote_management/openbmc/atos_openbmc.py:/usr/lib/python3.6/site-packages/ansible/modules/remote_management/openbmc/atos_openbmc.py:ro + - ./ansible/plugins/modules/remote_management/openbmc/atos_openbmc_utils.py:/usr/lib/python3.6/site-packages/ansible/module_utils/atos_openbmc_utils.py:ro - ./ansible/awx-ssl:/var/lib/awx-ssl:rw - /:/host:ro env_file: diff --git a/install_awx.sh b/install_awx.sh index 450f106..7bb80bb 100755 --- a/install_awx.sh +++ b/install_awx.sh @@ -4,7 +4,7 @@ export old_mism_version=$MISM_BULLSEQUANA_EDGE_VERSION . ./check_prerequisites.sh # comment the next line if you build from your own Dockerfiles with build_awx.sh -. ./remove_awx_containers.sh +. ./remove_awx_containers_and_images.sh . ./proxy.sh . ./versions.sh @@ -112,6 +112,15 @@ then touch ansible/vars/passwords.yml fi +echo "building BullSequana Edge Ansible AWX containers ...." +export REGISTRY=ansible +docker-compose -f docker_compose_awx.yml build \ + --build-arg MISM_BULLSEQUANA_EDGE_VERSION=$VERSION \ + --build-arg REGISTRY=$REGISTRY \ + --build-arg BASE_IMAGE_AWX_TASK=$BASE_IMAGE_AWX_TASK \ + --build-arg TAG_AWX=$AWX_BULLSEQUANA_EDGE_VERSION \ + --build-arg BASE_IMAGE_AWX_WEB=$BASE_IMAGE_AWX_WEB + echo "starting BullSequana Edge Ansible AWX containers ...." docker-compose -f docker_compose_awx.yml up -d diff --git a/install_awx_from_atos_dockerhub.sh b/install_awx_from_atos_dockerhub.sh index 5cf3719..7a751a6 100755 --- a/install_awx_from_atos_dockerhub.sh +++ b/install_awx_from_atos_dockerhub.sh @@ -1,7 +1,7 @@ #!/bin/sh . ./check_prerequisites.sh -. ./remove_awx_containers.sh +. ./remove_awx_containers_and_images.sh . ./proxy.sh . ./versions.sh diff --git a/install_zabbix.sh b/install_zabbix.sh index 15856c5..f6c4b83 100755 --- a/install_zabbix.sh +++ b/install_zabbix.sh @@ -4,7 +4,7 @@ export old_mism_version=$MISM_BULLSEQUANA_EDGE_VERSION . ./check_prerequisites.sh # comment the next line if you build from your own Dockerfiles with build_zabbix.sh -. ./remove_zabbix_containers.sh +. ./remove_zabbix_containers_and_images.sh if [ ! -z $MISM_BULLSEQUANA_EDGE_VERSION ] then @@ -115,6 +115,16 @@ then fi fi +echo "building BullSequana Edge Zabbix containers ...." +export REGISTRY=zabbix +docker-compose -f docker_compose_zabbix.yml build \ + --build-arg MISM_BULLSEQUANA_EDGE_VERSION=$MISM_BULLSEQUANA_EDGE_VERSION \ + --build-arg REGISTRY=$REGISTRY \ + --build-arg BASE_IMAGE_ZABBIX=$BASE_IMAGE_ZABBIX \ + --build-arg TAG_ZABBIX=$ZABBIX_BULLSEQUANA_EDGE_VERSION \ + --build-arg BASE_IMAGE_ZABBIX_WEB=$BASE_IMAGE_ZABBIX_WEB \ + --build-arg BASE_IMAGE_ZABBIX_AGENT=$BASE_IMAGE_ZABBIX_AGENT + echo "starting BullSequana Edge Zabbix containers ...." docker-compose -f docker_compose_zabbix.yml up -d diff --git a/install_zabbix_from_atos_dockerhub.sh b/install_zabbix_from_atos_dockerhub.sh index db548ac..46b62db 100755 --- a/install_zabbix_from_atos_dockerhub.sh +++ b/install_zabbix_from_atos_dockerhub.sh @@ -1,7 +1,7 @@ #!/bin/sh . ./check_prerequisites.sh -. ./remove_awx_containers.sh +. ./remove_zabbix_containers_and_images.sh chmod ugo+w zabbix/server/externalscripts/openbmc diff --git a/remove_awx_containers_and_images.sh b/remove_awx_containers_and_images.sh new file mode 100755 index 0000000..dc9cf80 --- /dev/null +++ b/remove_awx_containers_and_images.sh @@ -0,0 +1,179 @@ +#!/bin/sh + +echo "stopping AWX bullsequana edge system management container" +docker-compose -f docker_compose_awx.yml down &>/dev/null +docker-compose -f docker_compose_awx_from_atos_dockerhub.yml down &>/dev/null + +echo "removing dangling MISM containers (containers without images" +docker container prune --force &>/dev/null +echo "removing dangling MISM images (images without containers)" +docker image prune --force &>/dev/null +docker volume prune --force &>/dev/null + +echo "removing docker containers" + +docker_container=$(docker container list |grep 'bullsequana-edge-system-management_awx_web') +if [ ! -z "$docker_container" ] +then + docker_container=$(echo $docker_container |awk '{ print $1; }') + if [ ! -z "$docker_container" ] + then + docker container stop "$docker_container" + docker container rm -f "$docker_container" + fi +fi +docker_container=$(docker container list |grep 'bullsequana-edge-system-management_awx_task') +if [ ! -z "$docker_container" ] +then + docker_container=$(echo $docker_container |awk '{ print $1; }') + if [ ! -z "$docker_container" ] + then + docker container stop "$docker_container" + docker container rm -f "$docker_container" + fi +fi +docker_container=$(docker container list |grep 'memcached') +if [ ! -z "$docker_container" ] +then + docker_container=$(echo $docker_container |awk '{ print $1; }') + if [ ! -z "$docker_container" ] + then + docker container stop "$docker_container" + docker container rm -f "$docker_container" + fi +fi +docker_container=$(docker container list |grep 'rabbitmq') +if [ ! -z "$docker_container" ] +then + docker_container=$(echo $docker_container |awk '{ print $1; }') + if [ ! -z "$docker_container" ] + then + docker container stop "$docker_container" + docker container rm -f "$docker_container" + fi +fi +docker_container=$(docker container list |grep 'dpage/pgadmin4') +if [ ! -z "$docker_container" ] +then + docker_container=$(echo $docker_container |awk '{ print $1; }') + if [ ! -z "$docker_container" ] + then + docker container stop "$docker_container" + docker container rm -f "$docker_container" + fi +fi +docker_container=$(docker container list |grep -m 1 'awx_postgres') +if [ ! -z "$docker_container" ] +then + docker_container=$(echo $docker_container |awk '{ print $1; }') + if [ ! -z "$docker_container" ] + then + docker container stop "$docker_container" + docker container rm -f "$docker_container" + fi +fi + +echo "removing docker images" + +docker_image=$(docker images |grep 'bullsequana-edge-system-management_awx_web') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'bullsequana-edge-system-management_awx_task') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'atosorigin/bull-sequana-edge-awx-web') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'atosorigin/bull-sequana-edge-awx-task') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'memcached') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'rabbitmq') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'postgres') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'ansible/awx_web') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + + +docker_image=$(docker images |grep 'ansible/awx_task') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'page/pgadmin4') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +echo "docker containers and images removed" diff --git a/remove_zabbix_containers_and_images.sh b/remove_zabbix_containers_and_images.sh new file mode 100755 index 0000000..fcd5883 --- /dev/null +++ b/remove_zabbix_containers_and_images.sh @@ -0,0 +1,160 @@ +#!/bin/sh + +echo "stopping Zabbix bullsequana edge system management containers" +docker-compose -f docker_compose_zabbix.yml down &>/dev/null +docker-compose -f docker_compose_zabbix_from_atos_dockerhub.yml down &>/dev/null + +echo "removing dangling MISM containers (containers without images)" +docker container prune --force &>/dev/null +echo "removing dangling MISM images (images without containers)" +docker image prune --force &>/dev/null +docker volume prune --force &>/dev/null + +echo "removing docker containers" +docker_container=$(docker container list |grep 'bullsequana-edge-system-management_zabbix-server') +if [ ! -z "$docker_container" ] +then + docker_container=$(echo $docker_container |awk '{ print $1; }') + if [ ! -z "$docker_container" ] + then + docker container stop "$docker_container" + docker container rm -f "$docker_container" + fi +fi + +docker_container=$(docker container list |grep 'bullsequana-edge-system-management_zabbix-agent') +if [ ! -z "$docker_container" ] +then + docker_container=$(echo $docker_container |awk '{ print $1; }') + if [ ! -z "$docker_container" ] + then + docker container stop "$docker_container" + docker container rm -f "$docker_container" + fi +fi + +docker_container=$(docker container list |grep 'bullsequana-edge-system-management_zabbix-web') +if [ ! -z "$docker_container" ] +then + docker_container=$(echo $docker_container |awk '{ print $1; }') + if [ ! -z "$docker_container" ] + then + docker container stop "$docker_container" + docker container rm -f "$docker_container" + fi +fi + +docker_container=$(docker container list |grep -m 1 'zabbix-postgres') +if [ ! -z "$docker_container" ] +then + docker_container=$(echo $docker_container |awk '{ print $1; }') + if [ ! -z "$docker_container" ] + then + docker container stop "$docker_container" + docker container rm -f "$docker_container" + fi +fi + +echo "removing docker images" + +docker_image=$(docker images |grep 'bullsequana-edge-system-management_zabbix-server') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'bullsequana-edge-system-management_zabbix-agent') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'bullsequana-edge-system-management_zabbix-web') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'atosorigin/bull-sequana-edge-zabbix-server') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'atosorigin/bull-sequana-edge-zabbix-agent') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'atosorigin/bull-sequana-edge-zabbix-web') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'zabbix/zabbix-web-nginx-pgsql') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'zabbix/zabbix-server-pgsql') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'zabbix/zabbix-agent') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +docker_image=$(docker images |grep 'postgres') +if [ ! -z "$docker_image" ] +then + docker_image=$(echo $docker_image |awk '{ print $3; }') + if [ ! -z "$docker_image" ] + then + docker image rmi -f "$docker_image" + fi +fi + +echo "docker containers and images removed" diff --git a/set_external_vars.py b/set_external_vars.py index a89e11b..327aa33 100755 --- a/set_external_vars.py +++ b/set_external_vars.py @@ -81,4 +81,12 @@ print("Adding activating_maxretries: 10 times") f.write("# Number of retries while activating firmwares before failure\n") f.write("activating_maxretries: 10\n") +if(not external_vars.get('ntp_server_ip')): + print("Adding default NTP server ip: 127.0.0.1") + f.write("# Define the NTP server IP\n") + f.write("power_cap: 500\n") +if(not external_vars.get('ntp_server_sync')): + print("Adding default NTP server Sync time: 604800") + f.write("# Define the NTP server Sync time in SECONDS\n") + f.write("ntp_server_sync: 604800\n") f.close() diff --git a/uninstall.sh b/uninstall.sh index 516b14e..83b6c86 100755 --- a/uninstall.sh +++ b/uninstall.sh @@ -8,8 +8,8 @@ docker-compose -f docker_compose_zabbix.yml down --remove-orphans &>/dev/null docker-compose -f docker_compose_awx_from_atos_dockerhub.yml down --remove-orphans &>/dev/null docker-compose -f docker_compose_zabbix_from_atos_dockerhub.yml down --remove-orphans &>/dev/null -. ./remove_awx_containers.sh -. ./remove_zabbix_containers.sh +. ./remove_awx_containers_and_images.sh +. ./remove_zabbix_containers_and_images.sh docker container list docker images diff --git a/versions.sh b/versions.sh index c3d1d30..d56f475 100755 --- a/versions.sh +++ b/versions.sh @@ -1,4 +1,4 @@ -export MISM_BULLSEQUANA_EDGE_VERSION=2.1.6 +export MISM_BULLSEQUANA_EDGE_VERSION= export AWX_BULLSEQUANA_EDGE_VERSION=9.0.1 export RABBITMQ_AWX_BULLSEQUANA_EDGE_VERSION=3.8.1-management export POSTGRES_AWX_BULLSEQUANA_EDGE_VERSION=12.0-alpine diff --git a/zabbix/readme.md b/zabbix/readme.md index 759870c..f5620f0 100644 --- a/zabbix/readme.md +++ b/zabbix/readme.md @@ -79,9 +79,9 @@ Just choose your favorite installation for your environment `try it: /install_zabbix_from_dockerhub.sh` mainly dedicated to try bullsequana edge system management tool, it will install dockerhub atosorigin images, you cannot adapt the local Dockerfiles => use **stop_zabbix.sh*** and **start_zabbix.sh** after For more information about dockerhub installation Visit https://hub.docker.com/repository/docker/atosorigin/bull-sequana-edge-zabbix-server -![#9ECBFF](https://placehold.it/15/9ECBFF/000000?text=+) Best Practice: remove useless install, stop and start scripts -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning: atosorigin dockerhub images have no warranty, do not use in production -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) Info: if tar files are not present, images are loaded from internet +:thumbsup: Best Practice: remove useless install, stop and start scripts +:warning: Warning: atosorigin dockerhub images have no warranty, do not use in production +:earth_americas: Info: if tar files are not present, images are loaded from internet ### log on to zabbix - default url: `https://:4443` @@ -95,7 +95,7 @@ For more information about dockerhub installation Visit https://hub.docker.com/r ### rename Zabbix Server -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) !!! VERY IMPORTANT !!! ![#f03c15](https://placehold.it/15/f03c15/000000?text=+) +:no_entry: !!! VERY IMPORTANT !!! :no_entry: You should first rename your Zabbix Server => It is highly recommanded to have a hostname without space (by default Zabbix Server hostname has a blank space) @@ -106,9 +106,9 @@ Visible name : Zabbix Server 4. Enter name with a minus '-' Host Name : zabbix-server -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Be careful: The "Visible name" is used by Zabbix Dashboards, so let "Zabbix server" persist as a Visible name. +:no_entry: Be careful: The "Visible name" is used by Zabbix Dashboards, so let "Zabbix server" persist as a Visible name. -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) => stop and start zabbix docker containers +:no_entry: => stop and start zabbix docker containers ![alt text](https://github.com/atosorigin/bullsequana-edge-system-management/blob/master/zabbix/doc/Zabbix_Server_Configuration.png) @@ -127,14 +127,14 @@ Available Atos templates: ### add your host #### add your hosts from host template -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning: You should import lld Bull Sequana Edge template BEFORE +:warning: Warning: You should import lld Bull Sequana Edge template BEFORE When you import the host template, you will have a host "BullSequana Edge" automatically configured as your first example - Zabbix agent is configured to zabbix-agen:10050 - Automatic Inventory is configured - Macros are prepared - Atos Bull Sequana Edge LLD Template is linked -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) Info: All you need is to complete empty Macros : go to" Fill Atos template macros" below +:pen: Info: All you need is to complete empty Macros : go to" Fill Atos template macros" below #### add your hosts manually 1. Go to Configuration / Hosts @@ -168,7 +168,7 @@ Optionaly, you can use the Zabbix discovery service to add your hosts. ![alt text](https://github.com/atosorigin/bullsequana-edge-system-management/blob/master/zabbix/doc/operations_discovery_rule.png) 3. Go to section **Fill Atos template macros** to complete your host with {$OPENBMC},{$USER}, {$PASSWORD} -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning: after Discovery complete, you may disable the Action to stop discovering hosts all the time and do some changes on you discovered hosts. +:warning: Warning: after Discovery complete, you may disable the Action to stop discovering hosts all the time and do some changes on you discovered hosts. #### link Atos template to your host 1. Go to Configuration/Hosts @@ -296,9 +296,9 @@ Volt: * ![alt text](https://github.com/atosorigin/bullsequana-edge-system-management/blob/master/zabbix/doc/plain_text.png) 1. Select "Plain text" -2. Select whatever items you want +2. Select whatever items you want: -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) items are prefixed with application names like "Control:" "Network:" "State:" ... +:briefcase: Tips: items are prefixed with application names like "Control:" "Network:" "State:" ... ![alt text](https://github.com/atosorigin/bullsequana-edge-system-management/blob/master/zabbix/doc/select_items.png) @@ -313,7 +313,7 @@ This template should be the **second** imported template. ### template content - 1 host as an example ### prerequisite -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) Info: You should install LLD and Sysmap Bull Sequana Edge templates before: [How to install BullSequana Edge template](#edge_template) +:warning: Warning : You should install LLD and Sysmap Bull Sequana Edge templates before: [How to install BullSequana Edge template](#edge_template) ### import 1. Copy the templates from \zabbix\server\externalscripts\ to a **local path on you client computer running the browser** 2. Open a browser and go to Configuration / **Hosts** @@ -331,7 +331,7 @@ A unique item is detecting rsyslog file change - 1 trigger A unique trigger is triggering on BullSequana Edge device error events -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) The rsyslog should be activated BEFORE loading rsyslog template +:stop_sign: The rsyslog should be activated BEFORE loading rsyslog template ### import 1. Copy the templates from \zabbix\server\externalscripts\ to a **local path on you client computer running the browser** @@ -371,11 +371,11 @@ example: - chmod ugo+rw /var/log/rsyslog ``` -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) The rsyslog should have read / write rights all along the **path** +:stop_sign: Be careful: The rsyslog should have read / write rights all along the **path** ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/zabbix/doc/rsyslog_rights.png) -The **rsyslog* file is monitored after the import of the template, so the collect will be triggered by the next line written in the rsyslog file. +The **rsyslog** file is monitored after the import of the template, so the collect will be triggered by the next line written in the rsyslog file. ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/zabbix/doc/rsyslog_key.png) @@ -453,9 +453,9 @@ You should add 2 firewall rules [root@server ~]# firewall-cmd --permanent --zone=public --add-port=514/udp [root@server ~]# firewall-cmd --reload ``` -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Be careful to reload it after changes +:stop_sign: Be careful to reload it after changes -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) More information: Visit https://www.itzgeek.com/how-tos/linux/centos-how-tos/setup-syslog-server-on-centos-7-rhel-7.html +:earth_america: More information: Visit https://www.itzgeek.com/how-tos/linux/centos-how-tos/setup-syslog-server-on-centos-7-rhel-7.html ![alt text](https://github.com/atosorigin/bullsequana-edge-system-management/blob/master/zabbix/doc/sysLog_firewall_add_exception.png) @@ -463,7 +463,7 @@ You should add 2 firewall rules If telnet is not working but the ping is working: iptables rules could be the issue You can flush the iptables rules -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Be careful to be able to recreate iptables rules after this command ` iptables -F ` +:stop_sign: Be careful to be able to recreate iptables rules after this command ` iptables -F ` ## BullSequanaEdgeMap template installation ### template order @@ -471,10 +471,10 @@ This template should be the **third** imported template. ### template content - 1 Map template -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) WARNING: The BullSequanaEdgeIconMapping should be created BEFORE importing BullSequanaEdgeMap template [Create BullSequanaEdge icons](#create_icons) and [Create BullSequanaEdge icon mapping](#create_icon_mapping) +:warning: Warning: The BullSequanaEdgeIconMapping should be created BEFORE importing BullSequanaEdgeMap template [Create BullSequanaEdge icons](#create_icons) and [Create BullSequanaEdge icon mapping](#create_icon_mapping) ### prerequisite -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) Info: You should install Host Bull Sequana Edge BEFORE: [How to install Host BullSequana Edge template](#host_template) +:no_entry: Info: You should install Host Bull Sequana Edge **before**: See [How to install Host BullSequana Edge template](#host_template) ### import 1. Copy the templates from \zabbix\server\externalscripts\ to a **local path on you client computer running the browser** @@ -506,7 +506,7 @@ This template should be the **third** imported template. ![alt text](https://github.com/atosorigin/bullsequana-edge-system-management/blob/master/zabbix/doc/BullSequanaEdge_icon_mapping.png) -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) WARNING: Inventory should be "Automatic" for your BullSequana Edge (Model field should be filled) +:warning: Warning: Inventory should be **Automatic** for your BullSequana Edge (Model field should be filled) ### Import BullSequanaEdge Map 1. Copy the templates from \zabbix\server\externalscripts\ to a **local path on you client computer running the browser** @@ -515,7 +515,7 @@ This template should be the **third** imported template. 4. Check Maps and Images checkboxes only for Create New 5. Import **template-atos_openbmc-sysmaps-zbxv4.xml** -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) INFO: Your icons will be automatically detected for BullSequana Edge while creating your maps +:computer: Your icons will be automatically detected for BullSequana Edge while creating your maps ### Create a map 1. Go to Monitoring / Maps @@ -544,7 +544,7 @@ You can check your PROXY environment while starting up your AWX: ![alt text](https://github.com/atosorigin/bullsequana-edge-system-management/blob/master/zabbix/doc/proxy.png) -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) If your bullsequana edge IP address is not declared in proxy: You may need to add your bullsequana edge IP address in your NO_PROXY configuration to bypass the proxy +:stop_sign: Be careful: If your bullsequana edge IP address is not declared in proxy: You may need to add your bullsequana edge IP address in your **NO_PROXY** configuration to bypass the proxy ``` export NO_PROXY=",$NO_PROXY" @@ -567,7 +567,7 @@ If you don't want to use the host configuration for XX_PROXY environment variabl ... ``` -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) INFO: If you change a XXX_PROXY env variable, you should restart the containers : +:no_entry: Be Careful: If you change a XXX_PROXY env variable, you should restart the containers ``` ./stop.sh or ./stop_zabbix.sh @@ -622,7 +622,7 @@ echo PSK: ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/zabbix/doc/BullSequanaEdge_Zabbix_vault_generate_steps.png) -![#c5f015](https://placehold.it/15/c5f015/000000?text=+) you should restart docker containers +:stop_sign: you should restart docker containers *more info on https://www.zabbix.com/documentation/4.0/fr/manual/encryption/using_pre_shared_keys* @@ -654,8 +654,6 @@ See https://ui.smsmode.com 4. You can consult your SMS list to check SMS traffic ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/zabbix/doc/BullSequanaEdge_SMS_smsMode_SMSList.png) -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) INFO: - ### Configure SMS 1. Go to Administration / Media types 2. Click on right button "Create Mediatype" @@ -752,7 +750,7 @@ If you need to adapt a Dockerfile in Dockerfiles directory: ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/zabbix/doc/dockerfiles_tag_latest.png) -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning: if you change MISM_TAG_BULLSEQUANA_EDGE_VERSION=**tag** to MISM_TAG_BULLSEQUANA_EDGE_VERSION=**latest**, you should use Dockerfile-xxx.**latest** files +:warning: Warning: if you change MISM_TAG_BULLSEQUANA_EDGE_VERSION=**tag** to MISM_TAG_BULLSEQUANA_EDGE_VERSION=**latest**, you should use Dockerfile-xxx.**latest** files if you need to adapt the versions: 1. edit versions.sh and adapt it @@ -766,7 +764,7 @@ if you need to adapt the versions: - versions **latest** ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/zabbix/doc/versions_latest.png) -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Warning: do *NOT* forget to comment the remove-xxx-containers.sh line at the beginning of the install-xxx script +:warning: Warning: do *NOT* forget to comment the remove-xxx-containers.sh line at the beginning of the install-xxx script ![alt text](https://raw.githubusercontent.com/atosorigin/bullsequana-edge-system-management/master/zabbix/doc/comment_remove.png) @@ -775,7 +773,7 @@ After a build and install process, the result should be: ## Warning for updates -![#f03c15](https://placehold.it/15/f03c15/000000?text=+) Never change original templates => duplicate or create your own template +:no_entry: Never change original templates => duplicate or create your own template ## Support * This branch corresponds to the release actively under development. diff --git a/zabbix/server/externalscripts/template-atos_openbmc-host-zbxv4.xml b/zabbix/server/externalscripts/template-atos_openbmc-host-zbxv4.xml index b358a2a..6b874dd 100644 --- a/zabbix/server/externalscripts/template-atos_openbmc-host-zbxv4.xml +++ b/zabbix/server/externalscripts/template-atos_openbmc-host-zbxv4.xml @@ -11,7 +11,7 @@ BullSequanaEdge Bull Sequana Edge - 2.1.6 + 2.1.7-devel