Ansible Playbooks ( automating certain tasks )

tasks/main.yml

---
 - name: copying file with content matching
   copy:
    src: {{ item.name }}
    dest: {{ item.destination }}
   with_items: '{{ fileover }}'
 
 - name: insert string
   lineinfile:
    path: /etc/openvpn/{{ item }}
    regexp: 'remote vpn.eyemagnet.net 1194'
    line: 'remote 202.160.117.202 1194'
    backrefs: yes
   with_items: '{{ vpnpaths }}'

 - name: replace string
   replace:
    path: /etc/openvpn/{{ item }}
    regexp: '1197'
    replace: "1194"
   with_items: '{{ vpnpaths }}'

 - name: Installing packages
   apt:
    name: eyemagnet-rpi-splashscreen
    update_cache: yes
    allow_unauthenticated: yes
    force: yes

vars/main.yml

---
fileover:
  - name: desktop-items-0.conf
    destination: /home/pi/.config/pcmanfm/LXDE-pi
  - name: splash.jpg
    destination: /etc
  - name: config.txt
    destination: /boot
  - name: default.mpegts
    destination: /home/pi
  - name: select-committee
    destination: /var/www
  - name: cmdline.txt
    destination: /boot
  - name: 93eyemagnet_media
    destination: /etc/cron.d
  - name: fstab
    destination: /etc
  - name: rc.local
    destination: /etc

vpnpaths:
  - client-nz.conf
  - client-nz.conf.aws
  - client-nz.conf.nz.vpn

OpenVpn key generation

#!/bin/bash

function buildkey {
cd /etc/openvpn/easy-rsa
./eyemagnet-build-key $file
}

function ipselect {
read -e -p "Enter IP series P.N. (10.161) is all ready there - only enter 3rd octet: " ip
ip2="10.161.$ip"
grep -rnw '/etc/openvpn/ccd/' -e $ip2 | awk '{print $(NF-1)}' | sort -V
}

function setip {
read -e -p "Enter Ip value (Last octet) - New selection is done automatically: " ipslt
ipslteven=$(($ipslt + 2))
ipsltodd=$(($ipslt + 3))
ipslt2="$ip2.$ipslteven"
ipslt3="$ip2.$ipsltodd"
cd /etc/openvpn/ccd
cat <<- EOF > /etc/openvpn/ccd/$file
ifconfig-push $ipslt2 $ipslt3
EOF
cat /etc/openvpn/ccd/$file
}

cd /etc/openvpn/easy-rsa/keys
echo ""
read -e -p "Enter proposed Client FDQN: " file
echo ""

file2="$file.crt"
path=/etc/openvpn/keys/

if [ ! -f "$file2" ]
then
echo "$file file not found"
buildkey
ipselect
setip
/usr/local/sbin/add_client_to_domain $file $ipslt2
cd /etc/openvpn/easy-rsa/keys
sshpass -p 'mypassword' rsync -zavP $file.* root@lite-builder.office.wellington.nz.vpn:/home/lite_builder/svn/raspberry_pi/sd_installer/vpnkeys/
read -e -p "Enter the Host FQDN or IP Address: " hostaddr
echo ""
sshpass -p 'mypassword' rsync -e "ssh -o StrictHostKeyChecking=no" -zavP $file.* pi@$hostaddr:/home/pi
sshpass -p 'mypassword' ssh -t -t -o StrictHostKeyChecking=no pi@$hostaddr sudo -i "bash -s" -- < /home/em_naveed/domainer.sh "$file" "$path"
sshpass -p 'mypassword' ssh -t -t -o StrictHostKeyChecking=no pi@$hostaddr 'sudo reboot'
echo ""
echo "Job Complete"
exit
else
echo "$file2 exist or empty."
        echo ""
fi

--------------------------------------------------------------------------------------------------------------------------

./domainer.sh:

cd /home/pi
yes | mv $1.* $2
rm -fr $1.*
cd $2
rm -fr default.*
cd /etc/openvpn/
sed -i 99s/.*/"cert    \/etc\/openvpn\/keys\/"$1".crt"/ client-*.conf
sed -i 100s/.*/"key     \/etc\/openvpn\/keys\/"$1".key"/ client-*.conf
sed -i "1s/.*/$1/" /etc/hostname
grep -q '127.0.1.2.*' /etc/hosts && sed -i "s/127.0.1.2.*/127.0.1.2       $1/" /etc/hosts || echo "127.0.1.2       $1" >> /etc/hosts
exit 0
exit 0

More smaller source code packaging

#!/bin/bash
cd raspbian-stretch/eyemagnet-monitoring-nagios-naveed
var1=$(awk 'NR==1{print $2}' debian/changelog | head -c 4 | tail -c 1)
var2=$(awk 'NR==1{print $2}' debian/changelog | head -c 2 | tail -c 1)
var3=$(($var1 + 1))
if [ $var3 -gt 9 ]
then
  var2=$(($var2 + 1))
  var3=0
fi
version="$var2.$var3"
echo "New version is $version"
echo
echo "Preparing package release eyemagnet-monitoring-nagios-$version"
echo
> debian/changelog

cat>>debian/changelog <<EOF
eyemagnet-monitoring-nagios ($version) unstable; urgency=medium

  * Initial Release.

 -- Naveed Sheikh <naveed.sheikh@eyemagnet.com>  $(date -R)
EOF

dpkg-buildpackage -uc -us
rm -fr debian/eyemagnet-monitoring-nagios
exit 0

Apt Indexer

#!/bin/bash

dpkg-scanpackages -m pool >  dists/trusty/main/binary-armhf/Packages
cat dists/trusty/main/binary-armhf/Packages | gzip -9c > dists/trusty/main/binary-armhf/Packages.gz

PKGS=$(wc -c dists/trusty/main/binary-armhf/Packages)
PKGS_GZ=$(wc -c  dists/trusty/main/binary-armhf/Packages.gz)
cat > dists/trusty/Release << EOF
Suite: trusty
Architectures: all
Date: $(date -Ru)
MD5Sum:
 $(md5sum dists/trusty/main/binary-armhf/Packages  | cut -d" " -f1) $PKGS
 $(md5sum dists/trusty/main/binary-armhf/Packages.gz  | cut -d" " -f1) $PKGS_GZ
SHA256:
 $(sha256sum dists/trusty/main/binary-armhf/Packages | cut -d" " -f1) $PKGS
 $(sha256sum dists/trusty/main/binary-armhf/Packages.gz | cut -d" " -f1) $PKGS_GZ
EOF

sleep 3s

cd dists/trusty

gpg --yes -abs -o Release.gpg Release

# Sign!
gpg --yes --batch --passphrase mypassword --digest-algo SHA256 --armor --output Release.gpg --detach-sign Release
gpg --yes --batch --passphrase mypasword --digest-algo SHA256 --clearsign --output InRelease Release

cd -

Automating the repo signing:

#!/bin/sh

dir1="/var/www/raspbian-stretch/staging/"
dir2="/var/www/raspbian-stretch/unstable/"
dir3="/var/www/raspbian-stretch/legacy/"
dir4="/var/www/raspbian-stretch/stable/"

monitor() {
while inotifywait -qqe modify,move,create,delete,delete_self "$1"; do
    cd "$1"
    ./indexer.sh 2>&1>/dev/null
    cd -
done 2>&1>/dev/null
}

monitor "$dir1" &
monitor "$dir2" &
monitor "$dir3" &
monitor "$dir4" &

Apt repo on Centos 7

rsync -zavP raspbian-stretch nash@naveed2.user.nz.vpn:/home/nash/webrepos/

yum install httpd -y

chmod -R 755 /var/www

gpg --gen-key

gpg -k

gpg --edit-key CE123456

showpref

setpref AES256 AES192 AES CAST5 3DES IDEA SHA256 SHA384 SHA512 SHA224 ZLIB BZIP2 ZIP Uncompressed

gpg --export -a CE123456 > /home/repo.key

gpg --no-default-keyring --keyring /var/www/apt/myrepo.gpg --import /home/repo.key

cp /home/repo.key /var/www/html/

mkdir -p /var/www/html/apt-repo/

touch /var/www/html/apt-repo/indexer.sh

cat > /var/www/html/apt-repo/indexer.sh << EOFSH

#!/bin/bash

dpkg-scanpackages -m . > Packages
cat Packages | gzip -9c > Packages.gz

PKGS=$(wc -c Packages)
PKGS_GZ=$(wc -c Packages.gz)
cat > Release << EOF
Architectures: all
Date: $(date -Ru)
MD5Sum:
$(md5sum Packages  | cut -d" " -f1) $PKGS
$(md5sum Packages.gz  | cut -d" " -f1) $PKGS_GZ
SHA256:
$(sha256sum Packages | cut -d" " -f1) $PKGS
$(sha256sum Packages.gz | cut -d" " -f1) $PKGS_GZ
EOF

sleep 3

gpg --yes --digest-algo SHA256 --armor --output Release.gpg --detach-sign Release
gpg --yes --digest-algo SHA256 --clearsign --output InRelease Release
EOFSH

chmod 755 /var/www/html/apt-repo/indexer.sh

cp /tmp/deb/stable/*.deb /var/www/html/apt-repo/

./var/www/html/apt-repo/indexer.sh

apt-key adv --keyserver http://192.168.201.121/repo.key --recv-keys CE123456

Or:

wget -qO - http://192.168.201.121/myrepo.gpg | sudo apt-key add -

Or

cd /etc/apt/trusted.gpg.d/

wget http://192.168.201.121/myrepo.gpg

apt install software-properties-common

add-apt-repository "deb http://192.168.201.121/raspbian stretch-stable main"

Or:

echo "deb http://192.168.201.121/apt-repo/ / " > /etc/apt/sources.list.d/new-repo.list

apt-get update

Shorter Method of re-packaging debian build

#!/bin/bash

var1=$(awk 'NR==2{print $2}' raspbian-stretch/eyemagnet-monitoring-nagios-naveed2/DEBIAN/control | head -c 3 | tail -c 1)
var2=$(awk 'NR==2{print $2}' raspbian-stretch/eyemagnet-monitoring-nagios-naveed2/DEBIAN/control | head -c 1)
var3=$(($var1 + 1))
if [ $var3 -gt 9 ]
then
  var2=$(($var2 + 1))
  var3=0
fi
version="$var2.$var3"
echo
echo "New version is $version"
sed -i "2s/.*/Version: $version/" raspbian-stretch/eyemagnet-monitoring-nagios-naveed2/DEBIAN/control
echo
dpkg-deb -Z xz -b raspbian-stretch/eyemagnet-monitoring-nagios-naveed2/ .
echo
exit 0