Work in progress

contrib/inventory-generation/inventory-generation

@@ -25,10 +25,18 @@ WIPE=false
 TEMPLATE=tml.ocs
 DEST_PATH=data
 
+DEST_INVENTORIES=inventories
+
 # detect if any option has been passed to the script
 ANY_OPTION_DEFINED=false
 
 
+#Definining list of inventory (short & long)
+DEF_LONG_OS_NAME=("Microsoft Windows Server 2019 Standard" "Debian GNU/Linux 9.1 (stretch)" "Debian GNU/Linux 9.2 (stretch)" "Debian GNU/Linux 8.6 (Jessie)" "CentOS Linux release 7.6.1810 (Core)" "CentOS Linux release 7.4.1810 (Core)" "CentOS Linux release 6.10 (Final)")
+DEF_SHORT_OS_NAME=(Windows Debian Debian Debian Centos Centos Centos)
+
+MAX_SOFT_VERSION=100
+
 # Output usage
 function usage()
 {
@@ -78,12 +86,17 @@ function generate_data {
     openssl genrsa -des3 -out ${DEST_PATH}/${UUID}/localhost.priv -passout "pass:Cfengine passphrase" 4096
     openssl rsa -in ${DEST_PATH}/${UUID}/localhost.priv -passin "pass:Cfengine passphrase" -RSAPublicKey_out -out ${DEST_PATH}/${UUID}/localhost.pub
 
+
+    openssl req -new -sha256 -key ${DEST_PATH}/${UUID}/localhost.priv -out ${DEST_PATH}/${UUID}/agent.cert -passin "pass:Cfengine passphrase" -x509 -days 3650 -extensions agent_cert -config openssl-agent.cnf -subj "/UID=${UUID}"
+
     echo "RUDDER_TEST_${i}" > ${DEST_PATH}/${UUID}/hostname
 
 
     IP4=$((IP4+1))
     validate_ip
 
+    echo "${UUID}" > ${DEST_PATH}/${UUID}/uuid
+
     echo "${IP1}.${IP2}.${IP3}.${IP4}" > ${DEST_PATH}/${UUID}/ip
 
     echo "d0:ab:d5:e5:90:e8" > ${DEST_PATH}/${UUID}/mac
@@ -98,7 +111,37 @@ function generate_data {
 
 }
 
+function create_inventory {
+  mkdir ${INVENTORIES}
+
+  echo "Creating inventories based on the folders in ${DEST_PATH}"
+
+  # compute numer of OSs
+  os_list_size=${#DEF_LONG_OS_NAME[@]}
+  echo $os_list_size
+
+  # List all data 
+  for d in ${DEST_PATH}/*; do
+    if [ -d "$d" ]; then
+      # read variables    
+      UUID=$(<$d/uuid)
+      IP=$(<$d/ip)
+      MAC=$(<$d/mac)
+      OS_NAME=$(<$d/osname)
+      FULL_OS_NAME=$(<$d/fullosname)
+      AGENT_VERSION=$(<$d/agent_version)
 
+
+      #Random value
+      RAND_OS_VAL=$((RANDOM%$os_list_size))
+      RAND_OS_NAME=${DEF_SHORT_OS_NAME[$RAND_OS_VAL]}
+      RAND_FULL_OS_NAME=${DEF_LONG_OS_NAME[$RAND_OS_VAL]}     
+
+      RAND_SOFT_VERSION=$(($RANDOM%$MAX_SOFT_VERSION))
+    fi
+  done
+
+}
 function wipe {
   echo "Wipping folder ${DEST_PATH}"
   echo "Type ctrl-c to abort now and return to continue."
@@ -109,7 +152,7 @@ function wipe {
 
 
 # Defines available options
-OPTIONS=d:g:wt:p:
+OPTIONS=d:gwt:p:
 #LONGOPTS=data:,generate,wipe,template:,DEST_PATH:
 LONGOPTS=data:
 
@@ -190,3 +233,9 @@ then
   generate_data
 fi
 
+
+# Generate the data
+if [ "${GENERATE}" = "true" ]
+then
+  create_inventory
+fi

contrib/inventory-generation/openssl-agent.cnf

@@ -0,0 +1,25 @@
+# mandatory for some openssl commands
+[ req ]
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+
+
+# DOC: https://superuser.com/questions/738612/openssl-ca-keyusage-extension/1248085#1248085
+# There is no real check on those features by openssl except basicConstraints
+# We don't use critical not pathlen to avoid incompatibilities with future checks
+
+# keyCertSign: certificate signature
+# cRLSign: crl signature
+# digitalSignature: file signature (not used for crl, may be used for DHE)
+# dataEncipherment: file encryption (usualy no used, we cipher a temporary key instead)
+# keyEncipherment: key exchange (for tls with RSA)
+# keyAgreement: key exchange (for tls with DHE)
+
+[ agent_cert ]
+# subject = /CN=hostname/UID=uuid
+basicConstraints        = CA:FALSE
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always, issuer:always
+keyUsage                = digitalSignature, dataEncipherment, keyEncipherment, keyAgreement 
+#extendedKeyUsage        = clientAuth