HPFEEDS: Switched to environment variables

- Define Settings in .hpfeeds_settings.sh
- Settings get exported as env vars
- Ansible looks them up and updates the values in the tpot.yml file
- ews.cfg: Switched to env vars

cloud/.hpfeeds_settings.sh

@@ -0,0 +1,8 @@
+myENABLE="false"
+myHOST="host"
+myPORT="port"
+myCHANNEL="channels"
+myIDENT="user"
+mySECRET="secret"
+myCERT="false"
+myFORMAT="json"

cloud/ansible/roles/custom_ews/tasks/main.yaml

@@ -15,3 +15,30 @@
 
 - name: Patching tpot.yml
   raw: sed -i '/\/opt\/ewsposter\/ews.ip/a\\ \ \ \ \ - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg' /opt/tpot/etc/tpot.yml
+
+- name: Lookup HPFEED environment variables
+  set_fact:
+    myENABLE: "{{ lookup('env', 'myENABLE') }}"
+    myHOST: "{{ lookup('env', 'myHOST') }}"
+    myPORT: "{{ lookup('env', 'myPORT') }}"
+    myCHANNEL: "{{ lookup('env', 'myCHANNEL') }}"
+    myIDENT: "{{ lookup('env', 'myIDENT') }}"
+    mySECRET: "{{ lookup('env', 'mySECRET') }}"
+    myCERT: "{{ lookup('env', 'myCERT') }}"
+    myFORMAT: "{{ lookup('env', 'myFORMAT') }}"
+
+- name: Apply HPFEED settings in tpot.yml
+  lineinfile:
+    path: /opt/tpot/etc/tpot.yml
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    - { regexp: 'EWS_HPFEEDS_ENABLE.*', line: '     - EWS_HPFEEDS_ENABLE={{ myENABLE | lower }}' }
+    - { regexp: 'EWS_HPFEEDS_HOST.*', line: '     - EWS_HPFEEDS_HOST={{ myHOST }}' }
+    - { regexp: 'EWS_HPFEEDS_PORT.*', line: '     - EWS_HPFEEDS_PORT={{ myPORT }}' }
+    - { regexp: 'EWS_HPFEEDS_CHANNELS.*', line: '     - EWS_HPFEEDS_CHANNELS={{ myCHANNEL }}' }
+    - { regexp: 'EWS_HPFEEDS_IDENT.*', line: '     - EWS_HPFEEDS_IDENT={{ myIDENT }}' }
+    - { regexp: 'EWS_HPFEEDS_SECRET.*', line: '     - EWS_HPFEEDS_SECRET={{ mySECRET }}' }
+    - { regexp: 'EWS_HPFEEDS_TLSCERT.*', line: '     - EWS_HPFEEDS_TLSCERT={{ myCERT }}' }
+    - { regexp: 'EWS_HPFEEDS_TLSCERT.False', line: '     - EWS_HPFEEDS_TLSCERT={{ myCERT | lower }}' }
+    - { regexp: 'EWS_HPFEEDS_FORMAT.*', line: '     - EWS_HPFEEDS_FORMAT={{ myFORMAT }}' }

cloud/ansible/roles/custom_ews/templates/ews.cfg

@@ -18,16 +18,16 @@ rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMes
 ignorecert = false
 
 [HPFEED]
-hpfeed = false
+hpfeed = %(EWS_HPFEEDS_ENABLE)s
-host = 0.0.0.0
+host = %(EWS_HPFEEDS_HOST)s
-port = 0
+port = %(EWS_HPFEEDS_PORT)s
-channels = 0
+channels = %(EWS_HPFEEDS_CHANNELS)s
-ident = 0
+ident = %(EWS_HPFEEDS_IDENT)s
-secret= 0
+secret= %(EWS_HPFEEDS_SECRET)s
 # path/to/certificate for tls broker - or "false" for non-tls broker
-tlscert = false
+tlscert = %(EWS_HPFEEDS_TLSCERT)s
 # hpfeeds submission format: "ews" (xml) or "json"
-hpfformat = json
+hpfformat = %(EWS_HPFEEDS_FORMAT)s
 
 [EWSJSON]
 json = false

cloud/deploy_ansible_otc_t-pot.sh

@@ -6,9 +6,22 @@ source .ecs_settings.sh
 # Import OTC authentication credentials
 source .otc_env.sh
 
+# Import HPFEED settings
+source .hpfeeds_settings.sh
+
 # Password is later used by Ansible
 export LINUX_PASS=$linuxpass
 
+# HPFEED settings are later used by Ansible
+export myENABLE=$myENABLE
+export myHOST=$myHOST
+export myPORT=$myPORT
+export myCHANNEL=$myCHANNEL
+export myIDENT=$myIDENT
+export mySECRET=$mySECRET
+export myCERT=$myCERT
+export myFORMAT=$myFORMAT
+
 # Ignore ssh host keys as they are new anyway
 export ANSIBLE_HOST_KEY_CHECKING=False