Document toolboxDocument toolbox

checkinvt.py - Deployment Inventory Checker Script

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 23, 2022
4 min read
[ 1 Overview ] [ 1.1 Prerequisites ] [ 1.2 How to use it ] [ 2 Deployment checks ] [ 3 Deployment summary ] [ 4 Example output ]

Overview

Since Endpoint Agent 1.2.1, the Deployment Inventory Checker Script is provided with the EA deployment package. The objective of this tool is to simplify and help the user understand how to properly use the inventory file, as well as to make sure that nothing unexpected occurs during the playbook run.

Prerequisites

The tool requires ansible to be installed on the system.

How to use it

Example syntax (from devo-ea-deployerfolder):

Output via screen

python3 tools/checkinvt.py -i inventories/<<inventory_name>>.yaml

Output to a file

python3 tools/checkinvt.py -i inventories/<<inventory_name>>.yaml

python3 tools/checkinvt.py -i inventories/<<inventory_name>> --no-color > /tmp/report.log

You can use python3 or python depending on the python version installed on your system. You can check what python version is associated with your ansible using ansible --version.

Deployment checks

The Deployment Inventory Checker Script performs the following checks:

  • YAML structure.

  • Existence of all, hosts, children and vars main sections.

  • Checks that main variables have the value of the correct type.

  • Default packs. Triggers a warning if no packs are enabled.

  • Checks user and passwords for WebUI and agent repository. Triggers a warning if the default users/pw are used.

  • Checks passwords for MySQL. Triggers a warning if the default password is used.

  • Checks passwords for REDIS. Triggers a warning if the default password is used (Redis does not use password by default).

  • Checks that all children host groups are defined correctly.

  • Checks that Devo certs are placed in the correct folder and with the correct name.

  • Checks SSH connectivity from the ansible host to every host defined in the inventory.

  • Checks hostname of every host and triggers a warning if the hostname is going to be changed.

  • Checks if firewalld / ufw automatic configuration is disabled and triggers a warning if so.

Deployment summary

The Deployment Inventory Checker Script provides the following summary:

  • Hosts summary: Configuration provided for each host.

  • Groups summary: Hosts included in each group, defining what is going to be installed in what host.

  • Internal Services connection properties: Shows connection string for MySQL and REDIS, username and database. In REDIS, it specifies if it runs with password or not.

  • Packs summary: Packs that are enabled and will be deployed.

  • Service URLs: URLs to access the service and the agent repository.

Example output

This is an example output of an inventory file where:

  • Default user/pw are in use for repo and WebUI.

  • Default MySQL password is in use.

  • REDIS is not using passwords.

[vagrant@rhel8 devo-ea-deployer]$ python3 tools/checkinvt.py -i inventories/py3-1host-example.yaml Parsing YAML inventory file... ok. Checking if "all" is a root key... ok. Checking if "hosts" key is under "all" root key... ok. Checking if "children" key is under "all" root key... ok. Checking if "vars" key is under "all" root key... ok. Checking "all.hosts" section... ok. Checking Devo packs enabled... ok. Checking "deam_relay_entrypoint" var... ok. Checking "set_deam_fqdnname_as_hostname" var... ok. Checking "deam_fqdnname" var... ok. Checking "devo_ea_manager_port" var... ok. Checking "dea_ap_repo_port" var... ok. Checking "deam_admin_username" var... warn: "deam_admin_username" not found in "all.vars". Using default value, probably "admin" Checking "deam_admin_passwd" var... warn: "deam_admin_passwd" defined in "all.vars" with default value ("Th3Adm1n!"). Please change it Checking "dea_ap_repo_user" var... warn: "dea_ap_repo_user" not found in "all.vars". Using default value, probably "dea-agent" Checking "dea_ap_repo_passwd" var... warn: "dea_ap_repo_passwd" defined in "all.vars" with default value ("Th3Ag3nt!"). Please change it Checking "dea_ap_overwrite_deam_fqdnname" var and dependencies... ok. Checking domain certs vars... ok. Checking "dea_ap_repo_fqdn_name" var... ok. Checking "dea_ap_repo_provided_certs" var... ok. Checking "dea_ap_repo_enable_ssl" var... ok. Checking "firewall_configuration_disabled" var... ok. Checking "deam_mysql_password" var... warn: "deam_mysql_password" not found in "all.vars". Using default value, probably "insecure" Checking "deam_mysql_address" var... ok. Checking "deam_mysql_username" var... ok. Checking "deam_mysql_database" var... ok. Checking "deam_redis_password" var... warn: "deam_redis_password" not found in "all.vars". Using default value, probably "" Checking "deam_redis_address" var... ok. Checking "deam_redis_db_number" var... ok. Checking excluded alternatives between "devoeamanagerserverone" and "devoeamanageraio" groups... ok. Checking excluded alternatives between "selfsigenedcertificates" and "providedcertificates" groups... ok. Checking excluded alternatives between "devoeamanageraio" and "devoeamanagerreplicas" groups... ok. Checking "devoeamanagerserverone" host group defined in "children" section... ok. Skipping "devoeamanageraio" tests because alternative was found... ok. Checking "selfsigenedcertificates" host group defined in "children" section... ok. Checking hosts defined in "selfsigenedcertificates"... ok. Skipping "providedcertificates" tests because alternative was found... ok. Skipping "devoeamanagerreplicas" tests because was not defined... ok. Checking "deaagentpackager" host group defined in "children" section... ok. Checking hosts defined in "deaagentpackager"... ok. Checking "devoeaagents" host group defined in "children" section... ok. Checking if "deamintsrvs" exists... ok. Checking "deamintsrvs" host group defined in "children" section... ok. Checking local domain-certs file associated to deam_devo_key var... ok. Checking local domain-certs file associated to deam_devo_cert var... ok. Checking local domain-certs file associated to deam_devo_chain var... ok. Skipping local provided-certs files needed by agent-repository... ok: because SSL server is disabled or selfigned-certs will be auto-generated Checking agent-repo provided certs alignment with host-group... ok. Checking connectivity to host "rhel8.localdomain"... ok. Checking hostname in "rhel8.localdomain" host... ok. Summarizing hosts... ok:         rhel8.localdomain -> ansible_host: "192.168.104.10", ansible_user: "vagrant", python: "/usr/bin/python3", hostname: "rhel8.localdomain" Summarizing groups... ok:         devoeamanagerserverone formed by rhel8.localdomain (192.168.104.10)         selfsigenedcertificates formed by rhel8.localdomain (192.168.104.10)         deaagentpackager formed by rhel8.localdomain (192.168.104.10)         devoeaagents formed by         deamintsrvs formed by rhel8.localdomain (192.168.104.10) Summarizing internal services connection properties... ok:         Mysql address: "localhost:3306", user: "devoea", database: "devoea"         Redis address: "localhost:6379", db number: 0, Auth with password: no Summarizing enabled packs... ok:         configuration.yaml         status.yaml Summarizing service urls... ok:         manager -> https://devo-ea-manager:8080         agent repository -> https://devo-ea-manager:8081 Total: 55, Ok: 49, Warning: 6, Errors: 0

Â