From 93b2dc566cfac5aab83d050ed8eec7def15181e9 Mon Sep 17 00:00:00 2001 From: Naomi Kramer Date: Tue, 20 Aug 2024 10:23:04 -0400 Subject: [PATCH 1/3] Update sshprep Co-Authored-By: William Stearns <3538265+william-stearns@users.noreply.github.com> --- installer/install_scripts/sshprep | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/installer/install_scripts/sshprep b/installer/install_scripts/sshprep index 66197c6..1fc53cb 100755 --- a/installer/install_scripts/sshprep +++ b/installer/install_scripts/sshprep @@ -2,7 +2,7 @@ #Performs all the setup steps needed to connect to one or more hosts listed on the command line #Copyright 2022 William Stearns #Released under the GPL 3.0 -#Version 0.1.6 +#Version 0.1.7 @@ -230,8 +230,8 @@ check_config_block() { prepend_config_block "\nHost ${2} ${local_ip}\n\tHostname\t\t${local_ip}\n\tHostKeyAlias\t\t${2}\n${user_line}\n" else status "No user-supplied target IP or hostname for $2, look one up" - ip4=$(dig +short ${2} A) - ip6=$(dig +short ${2} AAAA) + ip4=$(dig +nocomment +short ${2} A 2>/dev/null | sed -e 's/;;.*//' | grep -v '^$') + ip6=$(dig +nocomment +short ${2} AAAA 2>/dev/null | sed -e 's/;;.*//' | grep -v '^$') if [ -n "$ip4" ]; then if [ -n "$ip6" ]; then @@ -246,8 +246,13 @@ check_config_block() { status "Have an ipv6 address only for $2" prepend_config_block "\nHost ${2} ${2}-v6 ${ip6}\n\tHostname\t\t${ip6}\n\tHostKeyAlias\t\t${2}\n${user_line}\n" else - status "No ipv4 or ipv6 address found for ${2}. Please enter an IP address to use:" - read ip_or_hostname + #echo "== No ipv4 or ipv6 address found for ${2}. Please enter an IP address to use:" >&2 + #read ip_or_hostname <&2 + #if [ -z "$ip_or_hostname" ]; then + # ip_or_hostname="$2" + #fi + status "We could not lookup a DNS address for $2 so we will just use $2 in the ssh Hostname field." + ip_or_hostname="$2" prepend_config_block "\nHost ${2} ${ip_or_hostname}\n\tHostname\t\t${ip_or_hostname}\n\tHostKeyAlias\t\t${2}\n${user_line}\n" fi fi From bf74e0d5a8be66abef554f63840c23ac18384b67 Mon Sep 17 00:00:00 2001 From: William Stearns Date: Wed, 9 Apr 2025 13:48:43 -0400 Subject: [PATCH 2/3] Add support for a required proxy on install target system. --- installer/install_scripts/install_pre.yml | 27 +++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/installer/install_scripts/install_pre.yml b/installer/install_scripts/install_pre.yml index 1cd0713..e211081 100644 --- a/installer/install_scripts/install_pre.yml +++ b/installer/install_scripts/install_pre.yml @@ -1,6 +1,6 @@ --- # ansible install playbook that does the prep work for rita V2. -# Version: 202408061413 +# Version: 202504081445 # sample runs: # Optional: Add the following block, without #'s to /etc/ansible/hosts (or /opt/local/etc/ansible/hosts if using ansible on mac with mac ports). # The hosts must each be on their own line. These can be full or short hostnames or a name following "Host" in ~/.ssh/config . @@ -24,6 +24,15 @@ vars: ansible_python_interpreter: /bin/python3 # Centos 7 defaults to using python2, so we force python 3. This change does not break any other distros + #The following variables are populated by adding these variables and their values after "-e" on the ansible-playbook command line. Example: + #ansible-playbook -K -i "ro810,ub2404," -e "ANS_HTTP_PROXY=http://yourproxy:port ANS_HTTPS_PROXY=http://yourproxy:port NO_PROXY=localhost,127.0.0.1,db,logger install_hosts=ro810,ub2404," install_pre.yml + environment: + HTTP_PROXY: "{{ ANS_HTTP_PROXY }}" + HTTPS_PROXY: "{{ ANS_HTTPS_PROXY }}" + http_proxy: "{{ ANS_HTTP_PROXY }}" + https_proxy: "{{ ANS_HTTPS_PROXY }}" + NO_PROXY: "{{ NO_PROXY }}" + #Early tasks needed to support the rest of the install pre_tasks: #Known distribution? @@ -75,6 +84,20 @@ tags: - linux +#Teach apt how to use a proxy + #Must precede "name: Start AC-Hunter" + - name: Add proxy environment variable to /etc/apt/apt.conf file + lineinfile: + path: /etc/apt/apt.conf + line: 'Acquire::http::Proxy "{{ ANS_HTTP_PROXY }}";' + insertafter: EOF + create: yes + tags: + - linux + - linuxdeb + when: ( ansible_distribution == 'Debian' or ansible_distribution == 'Kali' or ansible_distribution == 'Pop!_OS' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Zorin OS' ) + + #Add tools needed by later stages # Provides "needs-restarting" for ansible's ability to manage rebooting after patching - name: "RITA Pre: Check for yum-utils before proceeding." @@ -439,7 +462,7 @@ - name: "RITA Pre: replace python3-requests with a new version installed by pip." block: - - name: "RITA Pre: Uninstall unofficial docker packages on rpm-based distributions." + - name: "RITA Pre: Uninstall python3-requests on rpm-based distributions." yum: name: - python3-requests #As of 20240618, issue with requests code: "Error connecting: Error while fetching server API version: Not supported URL scheme http+docker". Installing requests with pip appears to install a newer version that handles the issue. From 490c554d895b170a618f06bb4f8166020f943764 Mon Sep 17 00:00:00 2001 From: William Stearns Date: Fri, 11 Apr 2025 15:50:49 -0400 Subject: [PATCH 3/3] Add support for yum/dnf proxy too. --- installer/install_scripts/install_pre.yml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/installer/install_scripts/install_pre.yml b/installer/install_scripts/install_pre.yml index e211081..a6ec775 100644 --- a/installer/install_scripts/install_pre.yml +++ b/installer/install_scripts/install_pre.yml @@ -84,7 +84,7 @@ tags: - linux -#Teach apt how to use a proxy +#Teach package managers how to use a proxy #Must precede "name: Start AC-Hunter" - name: Add proxy environment variable to /etc/apt/apt.conf file lineinfile: @@ -97,6 +97,24 @@ - linuxdeb when: ( ansible_distribution == 'Debian' or ansible_distribution == 'Kali' or ansible_distribution == 'Pop!_OS' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Zorin OS' ) +#Note: following configuration honors neither an embedded username nor password. These would have to be specified as proxy_username=U and proxy_password=P lines as well. +#This configuration works for rhel 8.0 and above. It should work for Alma/Centos/Oracle/Rocky 8.0 and above too, as well as Fedora 22 and above. +#Ref: https://linuxiac.com/how-to-use-yum-dnf-command-with-a-proxy-server/ +#Note: for centos 7 (no longer supported), one needs to add the proxy line to /etc/yum.conf instead (and see above note about proxy_username=U and proxy_password=P lines needed too.) +#Ref: https://www.rosehosting.com/blog/how-to-enable-proxy-settings-for-yum-command-on-centos-7/ + - name: Add proxy configuration to dnf and yum + lineinfile: + path: /etc/dnf/dnf.conf + line: "{{ item }}" + insertafter: EOF + create: yes + loop: + - "proxy={{ ANS_HTTP_PROXY }}" + tags: + - linux + - linuxrpm + when: ( ansible_distribution == 'AlmaLinux' or ansible_distribution == 'CentOS' or ansible_distribution == 'Fedora' or ansible_distribution == 'OracleLinux' or ansible_distribution == 'RedHat' or ansible_distribution == 'Rocky' ) + #Add tools needed by later stages # Provides "needs-restarting" for ansible's ability to manage rebooting after patching