def test_save_inventory(self): """ Test save process """ # Copy real data into temp_file temp_inventory_file = mktemp(prefix='test_inventory') temp_bkp_inventory_file = mktemp(prefix='test_bkp_inventory') try: copyfile(TEST_FILES_PATH + "hosts3", temp_inventory_file) ansible_file = AnsibleInventoryManager( inventory_file=temp_inventory_file) ansible_file.save_inventory(backup_file=temp_bkp_inventory_file) bk_ansible_file = AnsibleInventoryManager( inventory_file=temp_bkp_inventory_file) self.assertEqual(ansible_file.get_hosts(), bk_ansible_file.get_hosts()) self.assertEqual( [group.name for group in ansible_file.get_groups()], [group.name for group in bk_ansible_file.get_groups()]) ansible_file.add_host("host7") ansible_file.save_inventory(backup_file=temp_bkp_inventory_file) bk_ansible_file = AnsibleInventoryManager( inventory_file=temp_bkp_inventory_file) self.assertNotEqual(ansible_file.get_hosts(), bk_ansible_file.get_hosts()) self.assertEqual( [group.name for group in ansible_file.get_groups()], [group.name for group in bk_ansible_file.get_groups()]) finally: os.unlink(temp_inventory_file) os.unlink(temp_bkp_inventory_file)
def ansible_add_ip_to_inventory(system_ip): try: from ansiblemethods.ansibleinventory import AnsibleInventoryManager aim = AnsibleInventoryManager() aim.add_host(system_ip) aim.save_inventory() except Exception, msg: api_log.error(str(msg)) return False, 'Error adding ip to ansible inventory'
def ansible_add_system(local_system_id, remote_system_ip, password): """ Add a new system. Create and set the crypto files and update the ansible inventory manager """ from ansiblemethods.ansibleinventory import AnsibleInventoryManager result = False response = None # sanity check if not os.path.isfile('/var/ossim/ssl/local/ssh_capubkey.pem'): response = "Cannot access public key file" return (result, response) success, message = ansible_remove_key_from_known_host_file( "127.0.0.1", remote_system_ip) if not success: return success, message evars = { "remote_system_ip": "%s" % remote_system_ip, "local_system_id": "%s" % local_system_id } response = ansible.run_playbook(playbook=PLAYBOOKS['SET_CRYPTO_FILES'], host_list=[remote_system_ip], extra_vars=evars, ans_remote_user="******", ans_remote_pass=password, use_sudo=True) if response[remote_system_ip]['unreachable'] == 0 and \ response[remote_system_ip]['failures'] == 0: result = True response = "System with IP %s added correctly" % (remote_system_ip) else: result = False api_log.error(str(response)) response = "Cannot add system with IP %s. " % (remote_system_ip) + \ "Please verify that the system is reachable " + \ "and the password is correct." # Add the system to the Ansible Inventory aim = AnsibleInventoryManager() aim.add_host(remote_system_ip) aim.save_inventory() return (result, response)
def apimethod_delete_system(system_id): success, local_system_id = get_system_id_from_local() if not success: return success, "Error: Can not retrieve the local system id. %s" %str(local_system_id) if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id): return False, "Error: You're trying to remove the local system, which it's not allowed" (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: return success, "Error retrieving the system ip for the system id %s -> %s" % (system_ip, str(system_ip)) # 1 - Remove it from the database success, msg = db_remove_system(system_id) if not success: return success, "Error while removing the system from the database: %s" % str(msg) # 2 - Remove the remote certificates # success, msg = ansible_remove_certificates(system_ip) # if not success: # return success, "Error while removing the remote certificates: %s" % str(msg) # 3 - Remove the local certificates and keys success, local_ip = get_system_ip_from_local() if not success: return success, "Error while getting the local ip: %s" % str(local_ip) success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id) if not success: return success, "Error while removing the local certificates: %s" % str(msg) # 4 - Remove it from the ansible inventory. try: aim = AnsibleInventoryManager() aim.delete_host(system_ip) aim.save_inventory() del aim except Exception as aim_error: return False, "An error occurred while removing the system from the ansible inventory file: %s" % str(aim_error) # 5 - Try to connect to the child and remove the parent using it's server_id success, own_server_id = get_server_id_from_local() if not success: return success, "Error while retrieving server_id from local: %s" % str(msg) success, msg = ansible_delete_parent_server(system_ip, own_server_id) if not success: return success, "Error while deleting parent server in child: %s" % str(msg) return True, ""
def apimethod_delete_system(system_id): success, local_system_id = get_system_id_from_local() if not success: error_msg = "Cannot retrieve the " + \ "local system id. %s" % str(local_system_id) return success, error_msg if system_id == 'local' or get_hex_string_from_uuid( local_system_id) == get_hex_string_from_uuid(system_id): error_msg = "You're trying to remove the local system, " + \ "which it's not allowed" return False, error_msg (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: error_msg = "Cannot retrieve the system ip " + \ "for the given system-id %s" % (str(system_ip)) return success, error_msg # Check whether the remote system is reachable or not: try: remote_system_is_reachable = ping_system(system_id, no_cache=True) except APIException: remote_system_is_reachable = False # We need to take the sensor_id from the database before removing it from the db (success_f, sensor_id) = get_sensor_id_from_system_id(system_id) # 1 - Remove it from the database success, msg = db_remove_system(system_id) if not success: error_msg = "Cannot remove the system " + \ "from the database <%s>" % str(msg) return success, error_msg # 2 - Remove the firewall rules. if success_f: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-sensor") if not trigger_success: api_log.error(msg) else: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-server") if not trigger_success: api_log.error(msg) # 3 - Remove the remote certificates # success, msg = ansible_remove_certificates(system_ip) # if not success: # return (success, # "Error while removing the remote certificates: %s" % str(msg)) # 4 - Remove the local certificates and keys success, local_ip = get_system_ip_from_local() if not success: error_msg = "Cannot retrieve the local ip " + \ "<%s>" % str(local_ip) return success, error_msg #Remove remote system certificates on the local system success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id) if not success: return success, "Cannot remove the local certificates <%s>" % str(msg) # 5 - Remove it from the ansible inventory. try: aim = AnsibleInventoryManager() aim.delete_host(system_ip) aim.save_inventory() del aim except Exception as aim_error: error_msg = "Cannot remove the system from the " + \ "ansible inventory file " + \ "<%s>" % str(aim_error) return False, error_msg # 6 - Try to connect to the child and remove the parent # using it's server_id success, own_server_id = get_server_id_from_local() if not success: error_msg = "Cannot retrieve the server-id " + \ "from local <%s>" % str(msg) return success, error_msg if remote_system_is_reachable: success, msg = ansible_delete_parent_server(system_ip, own_server_id) if not success: error_msg = "Cannot delete parent server in child <%s>" % str(msg) return success, error_msg return True, "" msg = "The remote system is not reachable. " + \ "We had not been able to remove the parent configuration" return True, msg
def _get_inventory_from_test_file(self, file_name): return AnsibleInventoryManager(inventory_file=TEST_FILES_PATH + file_name)