Skip to content

Commit a0c166c

Browse files
reidmvreidmv
authored
Merge pull request #89 from nwops/audit
Adds ability to audit bolt files
2 parents e05562f + d131597 commit a0c166c

17 files changed

+93
-63
lines changed

Diff for: spec/docker/.dockerignore

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
*.tar.gz

Diff for: spec/docker/Dockerfile

+12-6
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,14 @@ EXPOSE 22
77
ENV LC_ALL="en_US.UTF-8" LANG="en_US.UTF-8" LANGUAGE="en_US.UTF-8"
88
RUN echo "LANG=en_US.UTF-8" > /etc/locale.conf
99
STOPSIGNAL SIGRTMIN+3
10-
RUN yum -y install systemd openssh openssh-server openssh-clients anacron sudo curl openssl; yum clean all;
10+
ADD live_audit.sh /usr/bin/live_audit.sh
11+
ADD live_audit.service /etc/systemd/system/live_audit.service
12+
RUN chmod 644 /etc/systemd/system/live_audit.service && chmod 755 /usr/bin/live_audit.sh && \
13+
echo "root:test" | chpasswd; \
14+
useradd -m -s /bin/bash centos && echo "centos:test" | chpasswd;
15+
RUN yum -y install epel-release systemd rsync tree vim openssh openssh-server openssh-clients anacron sudo curl openssl
16+
RUN yum -y install inotify-tools && mkdir /root/bolt_scripts && yum clean all
17+
# remove any scripts that don't need to be run
1118
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
1219
rm -f /lib/systemd/system/multi-user.target.wants/*; \
1320
rm -f /etc/systemd/system/*.wants/*; \
@@ -17,9 +24,8 @@ RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == system
1724
rm -f /lib/systemd/system/basic.target.wants/*; \
1825
rm -f /lib/systemd/system/anaconda.target.wants/*; \
1926
rm -rf /var/cache/yum; \
20-
echo "root:test" | chpasswd; \
21-
useradd -m -s /bin/bash centos && echo "centos:test" | chpasswd; \
22-
ln -s '/usr/lib/systemd/system/sshd.service' '/etc/systemd/system/multi-user.target.wants/sshd.service'
27+
ln -s '/usr/lib/systemd/system/sshd.service' '/etc/systemd/system/multi-user.target.wants/sshd.service' && \
28+
ln -s '/etc/systemd/system/live_audit.service' '/etc/systemd/system/multi-user.target.wants/live_audit.service'
2329
VOLUME [ “/sys/fs/cgroup” ]
24-
CMD /sbin/init
25-
# ENTRYPOINT [ "/sbin/init" ]
30+
#CMD /bin/bash
31+
ENTRYPOINT [ "/sbin/init" ]

Diff for: spec/docker/extra-large-ha/docker-compose.yaml

+12-12
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ version: "3"
22
services:
33
bolt:
44
build:
5-
dockerfile: '../Dockerfile_bolt'
6-
context: .
5+
dockerfile: 'Dockerfile_bolt'
6+
context: ../
77
image: pe-bolt
88
hostname: bolter.puppet.vm
99
container_name: bolter.puppet.vm
@@ -16,8 +16,8 @@ services:
1616
depends_on:
1717
- pe_xl_core_0
1818
build:
19-
dockerfile: '../Dockerfile'
20-
context: .
19+
dockerfile: 'Dockerfile'
20+
context: ../
2121
entrypoint: /sbin/init
2222
image: pe-base
2323
privileged: true # required for systemd
@@ -36,8 +36,8 @@ services:
3636
depends_on:
3737
- pe_xl_core_0
3838
build:
39-
dockerfile: '../Dockerfile'
40-
context: .
39+
dockerfile: 'Dockerfile'
40+
context: ../
4141
entrypoint: /sbin/init
4242
image: pe-base
4343
privileged: true # required for systemd
@@ -55,8 +55,8 @@ services:
5555
depends_on:
5656
- pe_xl_core_0
5757
build:
58-
dockerfile: '../Dockerfile'
59-
context: .
58+
dockerfile: 'Dockerfile'
59+
context: ../
6060
entrypoint: /sbin/init
6161
image: pe-base
6262
privileged: true # required for systemd
@@ -74,8 +74,8 @@ services:
7474
depends_on:
7575
- pe_xl_core_0
7676
build:
77-
dockerfile: '../Dockerfile'
78-
context: .
77+
dockerfile: 'Dockerfile'
78+
context: ../
7979
entrypoint: /sbin/init
8080
image: pe-base
8181
privileged: true # required for systemd
@@ -97,8 +97,8 @@ services:
9797
- '/sys/fs/cgroup:/sys/fs/cgroup:ro'
9898
pe_xl_core_0:
9999
build:
100-
dockerfile: '../Dockerfile'
101-
context: .
100+
dockerfile: 'Dockerfile'
101+
context: ../
102102
entrypoint: /sbin/init
103103
image: pe-base
104104
privileged: true # required for systemd

Diff for: spec/docker/extra-large-ha/inventory.yaml

+1-2
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,7 @@ groups:
44
config:
55
transport: ssh
66
ssh:
7-
tmpdir: /root
8-
script-dir: test123
7+
tmpdir: /root/bolt_scripts
98
host-key-check: false
109
user: root
1110
password: test

Diff for: spec/docker/extra-large/docker-compose.yaml

+8-8
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ version: "3"
22
services:
33
bolt:
44
build:
5-
dockerfile: '../Dockerfile_bolt'
6-
context: .
5+
dockerfile: 'Dockerfile_bolt'
6+
context: ../
77
image: pe-build
88
hostname: bolter.puppet.vm
99
container_name: bolter.puppet.vm
@@ -16,8 +16,8 @@ services:
1616
depends_on:
1717
- pe_xl_core
1818
build:
19-
dockerfile: '../Dockerfile'
20-
context: .
19+
dockerfile: 'Dockerfile'
20+
context: ../
2121
entrypoint: /sbin/init
2222
image: pe-base
2323
privileged: true # required for systemd
@@ -36,8 +36,8 @@ services:
3636
depends_on:
3737
- pe_xl_core
3838
build:
39-
dockerfile: '../Dockerfile'
40-
context: .
39+
dockerfile: 'Dockerfile'
40+
context: ../
4141
entrypoint: /sbin/init
4242
image: pe-base
4343
privileged: true # required for systemd
@@ -53,8 +53,8 @@ services:
5353
- '/sys/fs/cgroup:/sys/fs/cgroup:ro'
5454
pe_xl_core:
5555
build:
56-
dockerfile: '../Dockerfile'
57-
context: .
56+
dockerfile: 'Dockerfile'
57+
context: ../
5858
entrypoint: /sbin/init
5959
image: pe-base
6060
privileged: true # required for systemd

Diff for: spec/docker/extra-large/inventory.yaml

+1-2
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,7 @@ groups:
44
config:
55
transport: ssh
66
ssh:
7-
tmpdir: /root
8-
script-dir: test123
7+
tmpdir: /root/bolt_scripts
98
host-key-check: false
109
user: root
1110
password: test

Diff for: spec/docker/large-ha/docker-compose.yaml

+8-8
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ version: "3"
22
services:
33
bolt:
44
build:
5-
dockerfile: '../Dockerfile_bolt'
6-
context: .
5+
dockerfile: 'Dockerfile_bolt'
6+
context: ../
77
image: pe-build
88
hostname: bolter.puppet.vm
99
container_name: bolter.puppet.vm
@@ -16,8 +16,8 @@ services:
1616
depends_on:
1717
- large_aio
1818
build:
19-
dockerfile: '../Dockerfile'
20-
context: .
19+
dockerfile: 'Dockerfile'
20+
context: ../
2121
entrypoint: /sbin/init
2222
image: pe-base
2323
privileged: true # required for systemd
@@ -36,8 +36,8 @@ services:
3636
depends_on:
3737
- large_aio
3838
build:
39-
dockerfile: '../Dockerfile'
40-
context: .
39+
dockerfile: 'Dockerfile'
40+
context: ../
4141
entrypoint: /sbin/init
4242
image: pe-base
4343
privileged: true # required for systemd
@@ -59,8 +59,8 @@ services:
5959
- '/sys/fs/cgroup:/sys/fs/cgroup:ro'
6060
large_aio:
6161
build:
62-
dockerfile: '../Dockerfile'
63-
context: .
62+
dockerfile: 'Dockerfile'
63+
context: ../
6464
entrypoint: /sbin/init
6565
image: pe-base
6666
privileged: true # required for systemd

Diff for: spec/docker/large-ha/inventory.yaml

+1-2
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,7 @@ groups:
44
config:
55
transport: ssh
66
ssh:
7-
tmpdir: /root
8-
script-dir: test123
7+
tmpdir: /root/bolt_scripts
98
host-key-check: false
109
user: root
1110
password: test

Diff for: spec/docker/large/docker-compose.yaml

+6-6
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ version: "3"
22
services:
33
bolt:
44
build:
5-
dockerfile: '../Dockerfile_bolt'
6-
context: .
5+
dockerfile: 'Dockerfile_bolt'
6+
context: ../
77
image: pe-build
88
hostname: bolter-lg.puppet.vm
99
container_name: bolter.puppet.vm
@@ -16,8 +16,8 @@ services:
1616
depends_on:
1717
- large_aio
1818
build:
19-
dockerfile: '../Dockerfile'
20-
context: .
19+
dockerfile: 'Dockerfile'
20+
context: ../
2121
entrypoint: /sbin/init
2222
image: pe-base
2323
privileged: true # required for systemd
@@ -34,8 +34,8 @@ services:
3434
- '/sys/fs/cgroup:/sys/fs/cgroup:ro'
3535
large_aio:
3636
build:
37-
dockerfile: '../Dockerfile'
38-
context: .
37+
dockerfile: 'Dockerfile'
38+
context: ../
3939
entrypoint: /sbin/init
4040
image: pe-base
4141
privileged: true # required for systemd

Diff for: spec/docker/large/inventory.yaml

+1-2
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,7 @@ groups:
44
config:
55
transport: ssh
66
ssh:
7-
tmpdir: /root
8-
script-dir: test123
7+
tmpdir: /root/bolt_scripts
98
host-key-check: false
109
user: root
1110
password: test

Diff for: spec/docker/live_audit.service

+8
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
[Unit]
2+
After=network.service
3+
4+
[Service]
5+
ExecStart=/bin/bash /usr/bin/live_audit.sh /root/bolt_scripts /tmp/backup
6+
7+
[Install]
8+
WantedBy=default.target

Diff for: spec/docker/live_audit.sh

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
#!/usr/bin/env bash
2+
# must install inotify-tools from epel or self hosted repo
3+
# live_audit.sh /watch_dir /tmp/backup
4+
src=$1
5+
dst=$2
6+
logfile=${2}/watcher.log
7+
script_file=${0##*/}
8+
mkdir -p $dst
9+
if [[ ! -d $src || ! -d $dst ]]; then
10+
echo "Source or destanation directory does not exist"
11+
exit 1
12+
fi
13+
#ps -af -ww |grep [l]ive_backup
14+
while true
15+
do
16+
while inotifywait --outfile=${logfile} -r -e modify,move,close_write,create $src
17+
do
18+
rsync -avz $src/ $dst
19+
done
20+
done

Diff for: spec/docker/provision.sh

+2-1
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,8 @@ fi
1616
select opt in */
1717
do
1818
cd $opt
19-
docker-compose up -d --build
19+
docker-compose up -d --build
20+
# nohup /usr/bin/live_audit.sh /root/bolt_scripts /tmp/backup &
2021
docker-compose run -v ${downloads}:/downloads -v ${fixtures_path}:/modules -v ${base_repo}:/mods/peadm bolt plan run peadm::provision \
2122
--concurrency 2 \
2223
--inventory inventory.yaml \

Diff for: spec/docker/standard-ha/docker-compose.yaml

+6-6
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ version: "3"
22
services:
33
bolt:
44
build:
5-
dockerfile: '../Dockerfile_bolt'
6-
context: .
5+
dockerfile: 'Dockerfile_bolt'
6+
context: ../
77
image: pe-build
88
hostname: bolter-std.puppet.vm
99
container_name: bolter-std.puppet.vm
@@ -16,8 +16,8 @@ services:
1616
depends_on:
1717
- standard_aio
1818
build:
19-
dockerfile: '../Dockerfile'
20-
context: .
19+
dockerfile: 'Dockerfile'
20+
context: ../
2121
entrypoint: /sbin/init
2222
image: pe-base
2323
privileged: true # required for systemd
@@ -39,8 +39,8 @@ services:
3939
- '/sys/fs/cgroup:/sys/fs/cgroup:ro'
4040
standard_aio:
4141
build:
42-
dockerfile: '../Dockerfile'
43-
context: .
42+
dockerfile: 'Dockerfile'
43+
context: ../
4444
entrypoint: /sbin/init
4545
image: pe-base
4646
privileged: true # required for systemd

Diff for: spec/docker/standard-ha/inventory.yaml

+1-2
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,7 @@ groups:
44
config:
55
transport: ssh
66
ssh:
7-
tmpdir: /root
8-
script-dir: test123
7+
tmpdir: /root/bolt_scripts
98
host-key-check: false
109
user: root
1110
password: test

Diff for: spec/docker/standard/docker-compose.yaml

+4-4
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ version: "3"
22
services:
33
bolt:
44
build:
5-
dockerfile: '../Dockerfile_bolt'
6-
context: .
5+
dockerfile: 'Dockerfile_bolt'
6+
context: ../
77
image: pe-build
88
hostname: bolter-std.puppet.vm
99
container_name: bolter-std.puppet.vm
@@ -18,8 +18,8 @@ services:
1818
LANG: "en_US.utf8"
1919
LANGUAGE: "en_US.utf8"
2020
build:
21-
dockerfile: '../Dockerfile'
22-
context: .
21+
dockerfile: 'Dockerfile'
22+
context: ../
2323
entrypoint: /sbin/init
2424
image: pe-base
2525
privileged: true # required for systemd

Diff for: spec/docker/standard/inventory.yaml

+1-2
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,7 @@ groups:
44
config:
55
transport: ssh
66
ssh:
7-
tmpdir: /root
8-
script-dir: test123
7+
tmpdir: /root/bolt_scripts
98
host-key-check: false
109
user: root
1110
password: test

0 commit comments

Comments
 (0)