From 10256905b698b4e01868863d7feaeca6004a5e71 Mon Sep 17 00:00:00 2001 From: Maksim Totmin Date: Tue, 4 Jun 2024 18:52:08 +0700 Subject: [PATCH] add scripts --- get_users | 39 ++++++++++++++++++++++++++++++ remove_users | 45 +++++++++++++++++++++++++++++++++++ rocketsend | 39 ++++++++++++++++++++++++++++++ sync_users | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 190 insertions(+) create mode 100644 get_users create mode 100644 remove_users create mode 100644 rocketsend create mode 100644 sync_users diff --git a/get_users b/get_users new file mode 100644 index 0000000..5588806 --- /dev/null +++ b/get_users @@ -0,0 +1,39 @@ +#!/bin/bash + +AUTHUSERDN=n2400_svc_ldap +AUTHPASSDN='secretpass' +MYDOMAIN=regions.tax.nalog.ru +MYDC=n2400-dc01.regions.tax.nalog.ru +GG=n2400-Internet + +FUNC_AD_USERS(){ +USER_AD_LIST=$(ldapsearch -H ldap://$MYDC \ +-D n2400_svc_ldap \ +-w $AUTHPASSDN \ +-b OU=Departments,OU=Users,OU=CU,OU=UNS24,OU=UNS,DC=regions,DC=tax,DC=nalog,DC=ru \ +-a always "(&(cn=*)(memberOf=CN=$GG,OU=Universal,OU=Groups,OU=CU,OU=UNS24,OU=UNS,DC=regions,DC=tax,DC=nalog,DC=ru))" \ +sAMAccountName | grep -e "sAMAccountName:" | cut -d " " -f 2 \ +) +echo $USER_AD_LIST +} + +FUNC_PROXY_USERS(){ +USER_PROXY_LIST=$(ssh n2400-svc-admin@10.197.240.84 \ +cat /etc/squid/users | grep "n2400-00-" | \ +cut -d: -f 1 +) +echo $USER_PROXY_LIST +} + +FUNC_LINUX_USERS(){ +USER_LINUX_USERS=$(ssh n2400-svc-admin@10.197.240.85 \ +cat /etc/passwd | cut -d: -f 1 | grep n2400-00- \ +) +echo $USER_LINUX_USERS +} + +case "$1" in + proxy) shift; FUNC_PROXY_USERS ;; + linux) shift; FUNC_LINUX_USERS ;; + *) FUNC_AD_USERS ;; +esac diff --git a/remove_users b/remove_users new file mode 100644 index 0000000..8e44125 --- /dev/null +++ b/remove_users @@ -0,0 +1,45 @@ +#!/bin/bash + +USERS_AD=$(get_users ad) +USERS_LINUX=$(get_users linux) +USERS_PROXY=$(get_users proxy) + +SEND_TO_CHAT(){ +ROCKETTEXT="User *"$ONEUSER"* was removed on *"$SERVER"*" +ROCKETHOOK="https://chat24.regions.tax.nalog.ru/hooks/65e0171a7763a60325f455b0/dr2ZWdtcMPdYz6zCouz3BevQe6xr95ZqMYZgFb3BxFLKEXjA" +rocketsend -b "$ROCKETTEXT" -u "$ROCKETHOOK" +} + +REMOVE_ON_LINUX(){ +SERVER="LINUX SERVER" +if [[ $USERS_AD == *$ONEUSER* ]]; then +echo "$SERVER:$ONEUSER EBABLE, RUN EXIT" > /dev/null +else +ansible-playbook /home/n2400-svc-admin/playbooks/remove_user_on_app100.yml -e username=$ONEUSER +SEND_TO_CHAT +fi +} + +REMOVE_ON_SQUID(){ +SERVER="PROXY SERVER" +if [[ $USERS_AD == *$ONEUSER* ]]; then +echo "$SERVER:$ONEUSER EBABLE, RUN EXIT" > /dev/null +else +ansible-playbook /home/n2400-svc-admin/playbooks/remove_user_on_squid.yml -e username=$ONEUSER +SEND_TO_CHAT +fi +} + +for XUSER in $USERS_LINUX +do +ONEUSER=$XUSER +REMOVE_ON_LINUX +done + +for SUSER in $USERS_PROXY +do +ONEUSER=$SUSER +REMOVE_ON_SQUID +done + +exit 0 diff --git a/rocketsend b/rocketsend new file mode 100644 index 0000000..84b3eef --- /dev/null +++ b/rocketsend @@ -0,0 +1,39 @@ +#!/bin/bash + +function usage { + programName=$0 + echo "description: use this program to post messages to Rocket.chat channel" + echo "usage: $programName [-b \"message body\"] [-u \"rocket.chat url\"]" + echo " -b The message body" + echo " -u The rocket.chat hook url to post to" + exit 1 + } + while getopts ":b:u:h" opt; do + case ${opt} in + u) rocketUrl="$OPTARG" + ;; + b) msgBody="$OPTARG" + ;; + h) usage + ;; + \?) echo "Invalid option -$OPTARG" >&2 + ;; + esac + done + if [[ ! "${rocketUrl}" || ! "${msgBody}" ]]; then + echo "all arguments are required" + usage + fi +read -d '' payLoad << EOF +{"text": "${msgBody}"} +EOF +echo $payLoad +statusCode=$(curl \ + --insecure \ + --write-out %{http_code} \ + --silent \ + --output /dev/null \ + -X POST \ + -H 'Content-type: application/json' \ + --data "${payLoad}" ${rocketUrl}) +echo ${statusCode} diff --git a/sync_users b/sync_users new file mode 100644 index 0000000..29cdefb --- /dev/null +++ b/sync_users @@ -0,0 +1,67 @@ +#!/bin/bash + +USERS_AD=$(get_users ad) +USERS_LINUX=$(get_users linux) +USERS_PROXY=$(get_users proxy) + +SEND_TO_CHAT(){ +ROCKETTEXT="User *"$ONEUSER"* was created with password *"$NORMPASS"* on *"$SERVER"*" +ROCKETHOOK="https://chat24.regions.tax.nalog.ru/hooks/65e0171a7763a60325f455b0/dr2ZWdtcMPdYz6zCouz3BevQe6xr95ZqMYZgFb3BxFLKEXjA" +rocketsend -b "$ROCKETTEXT" -u "$ROCKETHOOK" +} + +GEN_PASS(){ +SIMPLEPASS=$(openssl rand -base64 8) +NORMPASS=$(echo $SIMPLEPASS | sed 's/$/\*/') +} + +CREATE_ON_LINUX(){ +if [ -z $NORMPASS ]; then +GEN_PASS +fi + +ansible-playbook /home/n2400-svc-admin/playbooks/create_user_on_app100.yml \ +-e username=$ONEUSER -e passw=$NORMPASS +SERVER="Terminal Server" +SEND_TO_CHAT +} + +CREATE_ON_PROXY(){ +if [ -z $NORMPASS ]; then +GEN_PASS +fi +ansible-playbook /home/n2400-svc-admin/playbooks/create_user_on_squid.yml \ +-e username=$ONEUSER -e passw=$NORMPASS +SERVER="Proxy Server" +SEND_TO_CHAT "$@" +} + +CHECKING_ON_LINUX(){ +if [[ $USERS_LINUX == *$ONEUSER* ]]; then + echo "EXIT from LINUX" > /dev/null +else + echo "CREATE NEW USER $ONEUSER ON LINUX" > /dev/null + CREATE_ON_LINUX +fi +} + +CHECKING_ON_PROXY(){ +if [[ $USERS_PROXY == *$ONEUSER* ]]; then + echo "EXIT from PROXY" > /dev/null +else + echo "CREATE NEW USER $ONEUSER ON PROXY" > /dev/null + CREATE_ON_PROXY +fi +} + +for XUSER in $USERS_AD +do +ONEUSER=$XUSER +CHECKING_ON_LINUX && CHECKING_ON_PROXY +unset SIMPLEPASS +unset NORMPASS +done + +remove_users + +exit 0