From de6735e30949190b0466c5828dafec97c5f771c3 Mon Sep 17 00:00:00 2001
From: Sebastian Haderecker <sebastian.haderecker@gmail.com>
Date: Fri, 12 Apr 2019 23:45:25 +0000
Subject: [PATCH] HPFEEDS: Switched to environment variables

- Define Settings in .hpfeeds_settings.sh
- Settings get exported as env vars
- Ansible looks them up and updates the values in the tpot.yml file
- ews.cfg: Switched to env vars
---
 cloud/.hpfeeds_settings.sh                    |  8 ++++++
 .../ansible/roles/custom_ews/tasks/main.yaml  | 27 +++++++++++++++++++
 .../roles/custom_ews/templates/ews.cfg        | 16 +++++------
 cloud/deploy_ansible_otc_t-pot.sh             | 13 +++++++++
 4 files changed, 56 insertions(+), 8 deletions(-)
 create mode 100644 cloud/.hpfeeds_settings.sh

diff --git a/cloud/.hpfeeds_settings.sh b/cloud/.hpfeeds_settings.sh
new file mode 100644
index 00000000..32c4b630
--- /dev/null
+++ b/cloud/.hpfeeds_settings.sh
@@ -0,0 +1,8 @@
+myENABLE="false"
+myHOST="host"
+myPORT="port"
+myCHANNEL="channels"
+myIDENT="user"
+mySECRET="secret"
+myCERT="false"
+myFORMAT="json"
diff --git a/cloud/ansible/roles/custom_ews/tasks/main.yaml b/cloud/ansible/roles/custom_ews/tasks/main.yaml
index 54e5afd4..4a4be5db 100644
--- a/cloud/ansible/roles/custom_ews/tasks/main.yaml
+++ b/cloud/ansible/roles/custom_ews/tasks/main.yaml
@@ -15,3 +15,30 @@
 
 - name: Patching tpot.yml
   raw: sed -i '/\/opt\/ewsposter\/ews.ip/a\\ \ \ \ \ - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg' /opt/tpot/etc/tpot.yml
+
+- name: Lookup HPFEED environment variables
+  set_fact:
+    myENABLE: "{{ lookup('env', 'myENABLE') }}"
+    myHOST: "{{ lookup('env', 'myHOST') }}"
+    myPORT: "{{ lookup('env', 'myPORT') }}"
+    myCHANNEL: "{{ lookup('env', 'myCHANNEL') }}"
+    myIDENT: "{{ lookup('env', 'myIDENT') }}"
+    mySECRET: "{{ lookup('env', 'mySECRET') }}"
+    myCERT: "{{ lookup('env', 'myCERT') }}"
+    myFORMAT: "{{ lookup('env', 'myFORMAT') }}"
+
+- name: Apply HPFEED settings in tpot.yml
+  lineinfile:
+    path: /opt/tpot/etc/tpot.yml
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    - { regexp: 'EWS_HPFEEDS_ENABLE.*', line: '     - EWS_HPFEEDS_ENABLE={{ myENABLE | lower }}' }
+    - { regexp: 'EWS_HPFEEDS_HOST.*', line: '     - EWS_HPFEEDS_HOST={{ myHOST }}' }
+    - { regexp: 'EWS_HPFEEDS_PORT.*', line: '     - EWS_HPFEEDS_PORT={{ myPORT }}' }
+    - { regexp: 'EWS_HPFEEDS_CHANNELS.*', line: '     - EWS_HPFEEDS_CHANNELS={{ myCHANNEL }}' }
+    - { regexp: 'EWS_HPFEEDS_IDENT.*', line: '     - EWS_HPFEEDS_IDENT={{ myIDENT }}' }
+    - { regexp: 'EWS_HPFEEDS_SECRET.*', line: '     - EWS_HPFEEDS_SECRET={{ mySECRET }}' }
+    - { regexp: 'EWS_HPFEEDS_TLSCERT.*', line: '     - EWS_HPFEEDS_TLSCERT={{ myCERT }}' }
+    - { regexp: 'EWS_HPFEEDS_TLSCERT.False', line: '     - EWS_HPFEEDS_TLSCERT={{ myCERT | lower }}' }
+    - { regexp: 'EWS_HPFEEDS_FORMAT.*', line: '     - EWS_HPFEEDS_FORMAT={{ myFORMAT }}' }
diff --git a/cloud/ansible/roles/custom_ews/templates/ews.cfg b/cloud/ansible/roles/custom_ews/templates/ews.cfg
index b153d2fc..2dfc89e6 100644
--- a/cloud/ansible/roles/custom_ews/templates/ews.cfg
+++ b/cloud/ansible/roles/custom_ews/templates/ews.cfg
@@ -18,16 +18,16 @@ rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMes
 ignorecert = false
 
 [HPFEED]
-hpfeed = false
-host = 0.0.0.0
-port = 0
-channels = 0
-ident = 0
-secret= 0
+hpfeed = %(EWS_HPFEEDS_ENABLE)s
+host = %(EWS_HPFEEDS_HOST)s
+port = %(EWS_HPFEEDS_PORT)s
+channels = %(EWS_HPFEEDS_CHANNELS)s
+ident = %(EWS_HPFEEDS_IDENT)s
+secret= %(EWS_HPFEEDS_SECRET)s
 # path/to/certificate for tls broker - or "false" for non-tls broker
-tlscert = false
+tlscert = %(EWS_HPFEEDS_TLSCERT)s
 # hpfeeds submission format: "ews" (xml) or "json"
-hpfformat = json
+hpfformat = %(EWS_HPFEEDS_FORMAT)s
 
 [EWSJSON]
 json = false
diff --git a/cloud/deploy_ansible_otc_t-pot.sh b/cloud/deploy_ansible_otc_t-pot.sh
index 6500b475..c22af498 100755
--- a/cloud/deploy_ansible_otc_t-pot.sh
+++ b/cloud/deploy_ansible_otc_t-pot.sh
@@ -6,9 +6,22 @@ source .ecs_settings.sh
 # Import OTC authentication credentials
 source .otc_env.sh
 
+# Import HPFEED settings
+source .hpfeeds_settings.sh
+
 # Password is later used by Ansible
 export LINUX_PASS=$linuxpass
 
+# HPFEED settings are later used by Ansible
+export myENABLE=$myENABLE
+export myHOST=$myHOST
+export myPORT=$myPORT
+export myCHANNEL=$myCHANNEL
+export myIDENT=$myIDENT
+export mySECRET=$mySECRET
+export myCERT=$myCERT
+export myFORMAT=$myFORMAT
+
 # Ignore ssh host keys as they are new anyway
 export ANSIBLE_HOST_KEY_CHECKING=False