HPFEEDS: Switched to environment variables

- Define Settings in .hpfeeds_settings.sh - Settings get exported as env vars - Ansible looks them up and updates the values in the tpot.yml file - ews.cfg: Switched to env vars
2025-05-10 10:21:56 +00:00 · 2019-04-12 23:45:25 +00:00 · 2019-04-12 23:45:25 +00:00 · de6735e309
commit de6735e309
parent fbf4ca00a3
4 changed files with 56 additions and 8 deletions
--- a/cloud/.hpfeeds_settings.sh
+++ b/cloud/.hpfeeds_settings.sh
@ -0,0 +1,8 @@
+myENABLE="false"
+myHOST="host"
+myPORT="port"
+myCHANNEL="channels"
+myIDENT="user"
+mySECRET="secret"
+myCERT="false"
+myFORMAT="json"
--- a/cloud/ansible/roles/custom_ews/tasks/main.yaml
+++ b/cloud/ansible/roles/custom_ews/tasks/main.yaml
@ -15,3 +15,30 @@

 - name: Patching tpot.yml
  raw: sed -i '/\/opt\/ewsposter\/ews.ip/a\\ \ \ \ \ - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg' /opt/tpot/etc/tpot.yml
+
+- name: Lookup HPFEED environment variables
+  set_fact:
+    myENABLE: "{{ lookup('env', 'myENABLE') }}"
+    myHOST: "{{ lookup('env', 'myHOST') }}"
+    myPORT: "{{ lookup('env', 'myPORT') }}"
+    myCHANNEL: "{{ lookup('env', 'myCHANNEL') }}"
+    myIDENT: "{{ lookup('env', 'myIDENT') }}"
+    mySECRET: "{{ lookup('env', 'mySECRET') }}"
+    myCERT: "{{ lookup('env', 'myCERT') }}"
+    myFORMAT: "{{ lookup('env', 'myFORMAT') }}"
+
+- name: Apply HPFEED settings in tpot.yml
+  lineinfile:
+    path: /opt/tpot/etc/tpot.yml
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    - { regexp: 'EWS_HPFEEDS_ENABLE.*', line: '     - EWS_HPFEEDS_ENABLE={{ myENABLE | lower }}' }
+    - { regexp: 'EWS_HPFEEDS_HOST.*', line: '     - EWS_HPFEEDS_HOST={{ myHOST }}' }
+    - { regexp: 'EWS_HPFEEDS_PORT.*', line: '     - EWS_HPFEEDS_PORT={{ myPORT }}' }
+    - { regexp: 'EWS_HPFEEDS_CHANNELS.*', line: '     - EWS_HPFEEDS_CHANNELS={{ myCHANNEL }}' }
+    - { regexp: 'EWS_HPFEEDS_IDENT.*', line: '     - EWS_HPFEEDS_IDENT={{ myIDENT }}' }
+    - { regexp: 'EWS_HPFEEDS_SECRET.*', line: '     - EWS_HPFEEDS_SECRET={{ mySECRET }}' }
+    - { regexp: 'EWS_HPFEEDS_TLSCERT.*', line: '     - EWS_HPFEEDS_TLSCERT={{ myCERT }}' }
+    - { regexp: 'EWS_HPFEEDS_TLSCERT.False', line: '     - EWS_HPFEEDS_TLSCERT={{ myCERT | lower }}' }
+    - { regexp: 'EWS_HPFEEDS_FORMAT.*', line: '     - EWS_HPFEEDS_FORMAT={{ myFORMAT }}' }
--- a/cloud/ansible/roles/custom_ews/templates/ews.cfg
+++ b/cloud/ansible/roles/custom_ews/templates/ews.cfg
@ -18,16 +18,16 @@ rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMes
 ignorecert = false

 [HPFEED]
-hpfeed = false
-host = 0.0.0.0
-port = 0
-channels = 0
-ident = 0
-secret= 0
+hpfeed = %(EWS_HPFEEDS_ENABLE)s
+host = %(EWS_HPFEEDS_HOST)s
+port = %(EWS_HPFEEDS_PORT)s
+channels = %(EWS_HPFEEDS_CHANNELS)s
+ident = %(EWS_HPFEEDS_IDENT)s
+secret= %(EWS_HPFEEDS_SECRET)s
 # path/to/certificate for tls broker - or "false" for non-tls broker
-tlscert = false
+tlscert = %(EWS_HPFEEDS_TLSCERT)s
 # hpfeeds submission format: "ews" (xml) or "json"
-hpfformat = json
+hpfformat = %(EWS_HPFEEDS_FORMAT)s

 [EWSJSON]
 json = false
--- a/cloud/deploy_ansible_otc_t-pot.sh
+++ b/cloud/deploy_ansible_otc_t-pot.sh
@ -6,9 +6,22 @@ source .ecs_settings.sh
 # Import OTC authentication credentials
 source .otc_env.sh

+# Import HPFEED settings
+source .hpfeeds_settings.sh
+
 # Password is later used by Ansible
 export LINUX_PASS=$linuxpass

+# HPFEED settings are later used by Ansible
+export myENABLE=$myENABLE
+export myHOST=$myHOST
+export myPORT=$myPORT
+export myCHANNEL=$myCHANNEL
+export myIDENT=$myIDENT
+export mySECRET=$mySECRET
+export myCERT=$myCERT
+export myFORMAT=$myFORMAT
+
 # Ignore ssh host keys as they are new anyway
 export ANSIBLE_HOST_KEY_CHECKING=False