foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

routeros: Don't run mqtt publish script as root

Browse source
This commit is contained in:
Timo Makinen 2025-04-26 20:33:23 +00:00
parent 894f69f82f
commit 3a21dbfa35
3 changed files with 19 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/routeros/files/README.md
View file

@ -14,3 +14,9 @@
``` ```
/interface/bridge/port/set [find where bridge=bridge and interface=ether1] pvid=30 /interface/bridge/port/set [find where bridge=bridge and interface=ether1] pvid=30
``` ```
## Add name to port
```
/interface/ethernet/set [ find default-name=ether20 ] comment="name"
```

18
roles/routeros/files/routeros-poe-mqtt-publish.sh
View file

@ -4,16 +4,19 @@ set -eu
umask 077 umask 077
community="public" community="public"
tlsdir="$(openssl version -d | sed -e 's/^OPENSSLDIR: "\(.\+\)"$/\1/')"
cafile="${tlsdir}/certs/ca.crt"
keyfile="${tlsdir}/private/$(hostname -f).key"
certfile="${tlsdir}/certs/$(hostname -f).crt"
export LDAPTLS_KEY="$keyfile"
export LDAPTLS_CERT="$certfile"
mqtt_send() { mqtt_send() {
topic="$1" topic="$1"
value="$2" value="$2"
tlsdir="$(openssl version -d | sed -e 's/^OPENSSLDIR: "\(.\+\)"$/\1/')"
mosquitto_pub -h mqtt02.home.foo.sh -t "$topic" -m "$value" \ mosquitto_pub -h mqtt02.home.foo.sh -t "$topic" -m "$value" \
--cafile "${tlsdir}/certs/ca.crt" \ --cafile "$cafile" --key "$keyfile" --cert "$certfile"
--key "${tlsdir}/private/$(hostname -f).key" \
--cert "${tlsdir}/certs/$(hostname -f).crt"
} }
snmp_get() { snmp_get() {
@ -32,7 +35,7 @@ if [ "${1:-}" != "-f" ]; then
done done
fi fi
ldapsearch -Q -LLL "(&(objectClass=device)(description=MikroTik *))" cn | \ ldapsearch -Q -LLL -Y EXTERNAL "(&(objectClass=device)(description=MikroTik *))" cn | \
awk '{ if ($1 == "cn:") print $2 }' | while read -r name awk '{ if ($1 == "cn:") print $2 }' | while read -r name
do do
snmpwalk -v 1 -c "$community" "$name" -Oq -m MIKROTIK-MIB \ snmpwalk -v 1 -c "$community" "$name" -Oq -m MIKROTIK-MIB \
@ -43,7 +46,8 @@ do
device="$(snmp_get "$name" "SNMPv2-SMI::mib-2.31.1.1.1.18.${port}")" device="$(snmp_get "$name" "SNMPv2-SMI::mib-2.31.1.1.1.18.${port}")"
[ -z "$device" ] && continue [ -z "$device" ] && continue
location="$(ldapsearch -Q -LLL "(&(objectClass=device)(cn=${device}))" l | \ location="$(ldapsearch -Q -LLL -Y EXTERNAL \
"(&(objectClass=device)(cn=${device}))" l | \
sed -n 's/^l: \(.\+\)/\1/p' | tr '[:upper:]' '[:lower:]' | tr ' ' '_')" sed -n 's/^l: \(.\+\)/\1/p' | tr '[:upper:]' '[:lower:]' | tr ' ' '_')"
[ -z "$location" ] && continue [ -z "$location" ] && continue

2
roles/routeros/tasks/main.yml
View file

@ -25,6 +25,7 @@
name: routeros name: routeros
comment: RouterOS Downloader comment: RouterOS Downloader
group: routeros group: routeros
groups: hostkey
create_home: false create_home: false
home: /var/empty home: /var/empty
shell: /sbin/nologin shell: /sbin/nologin
@ -74,4 +75,5 @@
ansible.builtin.cron: ansible.builtin.cron:
name: routeros-poe-mqtt-publish name: routeros-poe-mqtt-publish
job: /usr/local/bin/routeros-poe-mqtt-publish job: /usr/local/bin/routeros-poe-mqtt-publish
user: routeros
minute: "*/5" minute: "*/5"