Patch: grunt-2.0.1-20, Date: 10/14/2025 |
Information Tab -> Cohesity Cluster |
| |
The page previously required over a minute to produce a basic list due to the influx of data, which most users prefer to have a quick turnaround time for web page requests. The page is now generated dynamically upon receiving a report from Cohesity and is stored in the database. The web page now retrieves the HTML from this table to display, rather than creating a dynamic output each time a user requests information. |
| |
| |
A database table has been added to gather the delta differences in daily activities. This table is filled when a new report is received from the Cohesity team and will be utilized to create a new column display on the list of master Cohesity servers. |
| |
Cohesity Emails |
| |
With the addition of another report being added, had to update code to support multiple subject lines that refer to a cohesity email that comes in. |
Patch: grunt-2.0.1-19, Date: 07/20/2025 |
Excel Attachment Emails |
| |
Resolved a problem where emails containing .xlsx files were not being detected and stored appropriately, leading to data loss. The command to locate and clip these files has now been accurately updated. |
| |
OVO Monitoring |
| |
Resolved an issue where, if the OVO master server failed to communicate on the REST call port, the return message would be marked as undefined. Now, in the event of a connection failure, the resulting error message is captured and included in the data return. |
| |
Configuration -> OVO Information |
| |
The default configuration for the rest server and account has been eliminated, reverting to an outdated production value. Their initialization has been adjusted to blank values to accommodate scenarios where they are not utilized in a new installation. |
Patch: grunt-2.0.1-18, Date: 07/14/2025 |
Proxy Server |
| |
Changed proxy servers used for PDSM to the new proxy servers infosec has provided. |
| |
OVO Monitoring |
| |
Added checks when OVO material is not configured right, to report on that issue, instead of throwing an error. |
| |
Monitoring Page |
| |
Fixed logic to provide debug for the developer when testing functionality to have the correct list of items to use, rather then having to remember it later, and type it in. |
| |
API -> Monitoring |
| |
Corrected the check on codes to make sure proper messages are returned when the grunt site is not configured properly for OVO or Splunk. |
Patch: grunt-2.0.1-17, Date: 07/08/2025 |
RPM Package |
| |
Added a missing library that is needed in rhel9 to support json/hash object support. Library is already a standard release rpm that red hat provides. |
| |
Configuration Setup |
| |
Removed all references to developer old email to their new email for default values if none are set. |
| |
Database Configuration Sync |
| |
Fixed an issue where a blank HTML marker value would result in a NULL value, which would throw an error in the setup script. Should now set to a blank value instead of null. |
| |
Monitoring Page |
| |
Will now compress messages more then 30 characters into a link, which will provide more information if the user is interested. This prevents the output from skewing itself in the columns when displaying. |
| |
| |
Added a border around the output information. Helps to make the output easier to read. |
| |
| |
When forking multiple processes, will now write it's information to the database, instead of a flat file in /tmp. Security in rhel8/9 does not like writing things to /tmp from the web user, so satisfied this security requirement. |
| |
| |
If the root mode user is using the page, and there is an OVO issue, the command and the result where the issue happened will now display along with the original message. This should help debugging issues in the future much easier. |
| |
Rest API -> monitoring.json |
| |
Fixed the checking of the action to read one of 3 values, query, enable, disable, instead of groupings of characters that would never match. |
| |
| |
Testing the node names for the OVO check was not checking for proper characters in its checks. Should now look for periods in the name, as well as report if an underscore is in the name as a bad check. This should now cause the API to return the proper response for the "ovo" message given. |
| |
Rest API Accounts |
| |
Password field will now show stars instead of password being entered when an account is created, or password is being updated. |
Patch: grunt-2.0.1-16, Date: 07/06/2025 |
Database Initialization |
| |
With the modifcation of the database setup core, did not get added back the piece that sets up the configuration table with default values the user can change. Should be added back now. |
| |
SSH Keys Configuration |
| |
The hard coded path of the grunt user should now be dynamic. Previously, the path /opt/fedex/grunt was used as the grunt user home directory, but that may not always be true, as is in the test level. Script will now determine grunt home directory, and use that for the path when doing SSH keygen work. |
Patch: grunt-2.0.1-15, Date: 06/30/2025 |
Cohesity Report |
| |
Removed Netbackup Report link in the report page, and replaced it with the COhesity report link. Worked with Charles Smith to produce the new report to match the data. |
| |
Server Search Page |
| |
Added Cohesity data from the new report, in parallel with the old report data, until there is enough data to turn off the old report information. |
Patch: grunt-2.0.1-14, Date: 06/29/2025 |
Server Search Page |
| |
Added in searching of the server catalog table after all other tables have been searched. This should handle cases where a server might not be found anywhere but in the backup table, which tracks which servers it has through the server catalog table, and not pdsm/account management tables. |
Patch: grunt-2.0.1-13, Date: 06/28/2025 |
Reports -> Cohesity Report |
| |
Added cohesity report to the list of reports in place of netbackup report, that can search on servers in cohesity, and show backups for them. |
| |
Reports -> Netbackup Report |
| |
Removed the report, as netbackup is bring retired, so no need to provide it anymore |
| |
Database Configuration |
| |
Reworked all the database template information to support the new security measures rhel8+ puts into running mysql by default. This should no longer require editing the global config file to turn off TRANS_STRICT checking to make sure column values are right. |
| |
New Cohesity Information |
| |
Cohesity team has provided a new report which should correct the date timestamp issues that are displaying on the old report. Added new table and display options to display this new data. Will turn off old data once the new data is in place properly. |
| |
New API -> monitoring.json |
| |
Call will allow an API user to check status, enable, and disable monitoring done through grunt to OVO/SPLUNK Applications. |
Patch: grunt-2.0.1-12, Date: 01/29/2025 |
RPM -> Admin Accounts |
| |
Fixed a bug where admin accounts upon configuration of a new grunt system, were not being installed after being provided. Should be now. |
| |
Service -> Start |
| |
Removed the database debug code, the database is starting as intended now. |
| |
MariaDB Config |
| |
Added the creation/update of a conf file for updates needed to have mariaDB sevices perform for larger scale tables that grunt needs. Previously, grunt was updating the /etc/my.cnf file, but will now instead drop a custom conf file in the /etc/my.cnf.d directory. |
Patch: grunt-2.0.1-11, Date: 01/28/2025 |
HCL -> Accenture |
| |
Updated the library that reports server CI Support group to use FXS_SA_HCL to now return FXS_SA_Server. |
| |
RPM -> /etc/my.cnf |
| |
RPM package will now NOT include a "^" character in its substitutions when adding lines to the file. |
| |
| |
Given weird situations when updating the file, made sure the file is written out with a blank line at the end. As it seems that modifying this file, and not providing a blank line at the end, causes mariadb services to error our with a blank config value message. |
| |
| |
Changed the default shell for the grunt account from nologin to bash shell. Since grunt interacts with other servers for services, it needs a shell to be able to perform these functions. |
| |
| |
preun library in the spec file has had the grunt removal calls corrected to chkconfig, instead of calling the grunt service command. This fixes an issue where removing grunt before turning it on would cause the preun library to abort when uninstalling. Should work as intended now. |
| |
service -> start grunt |
| |
Since security on mariadb has increased to only allow root user from the localhost to connect to it, changed the default admin login to the database to use localhost, instead of the value of the command 'hostname'. |
| |
| |
On initial install of grunt, the configuration of the /etc/my.cnf file will happen prior to starting up the database services. |
| |
| |
Random cases of losing the database connection when configuring grunt for the first time were happening, causing a "mysql server has gone away" messages. Added refresh of the database connection where this issue tends to happen. Usually a result of forking processes, and the database handle getting garbled in the process. |
| |
| |
Weird situation where the database is not starting up on initial install of grunt, prior to configuring it. To help diagnose this issue, debug output has been added to the spot to help disagnose what is happening. |
Patch: grunt-2.0.1-10, Date: 01/13/2025 |
Token Generation |
| |
Hervin provided an updated script, so it's added to this kit. |
| |
RPM Creation |
| |
Added Fedora 41 to the package distribution sets. |
Patch: grunt-2.0.1-9, Date: 01/12/2025 |
Daemon Process |
| |
Fixed the logging process for mail log to log PDSM messages properly now from a cut an paste error. SHould log to proper place now. |
| |
Package Creation |
| |
Added EL9 rpm package generation to creation script. |
Patch: grunt-2.0.1-8, Date: 11/06/2024 |
New API Call -> cohesity.json |
| |
Cathy had asked for a direct call to the table for information on a given server. This API call will return all database rows for a given server name. Refer to the API documentation for more information. |
| |
API Call -> supportGroup.json |
| |
Cathy pointed out all cohesity values returned would never show success. Fixed the if/else logic to calculate success numbers properly now. |
| |
API Call -> serverData.json |
| |
Scott pointed out the call was having issues. Added the missing cohesity library that was recently added, so cohesity calls to generate data will work once again. |
| |
PDSM Support Group Report |
| |
PDSM allows names to be entered into the LDAP ID field, which won't resolve email addresses in grunt. Grunt will now ignore entries that aren't valid from PDSM when generating the lists. |
| |
Grunt Mail Script |
| |
To handle situations where external emails grunt needs to process are getting blocked by firewall, the busapp_ci email address has been rewritten to handle generaic emails, and forward them to the proper script/library to process. As of this writting, the pdsm and cohesity reports are the only ones added to this new process for now. |
| |
Cron Job -> processMail.pl |
| |
To free up the mail program from doing all the work, the mail portion will now only deposit files and information into a staging area to be worked. A cron job has beed added to grunt to handle processing the information. This should stop mail program from reporting time out issues in the log. The timeout was not an error, but just annoying to see them in the log file. Cron is scheduled to run once every hour currently. |
| |
PDSM Work |
| |
Will not log to its own log file, instead of to the general log that updates log too. This should help sort out issues that are PDSM related easier to research. |
| |
OVO Monitoring |
| |
With the upgrade to new colo servers for OVO masters, was causing the page to throw internal erros using the old servers, which no longer worked. Added code to make sure if this situation happens again, the error message will report under the OVO column, rather then crashing the web page. |
| |
VE Notifications |
| |
Will now match from the very first to the very last server, when removing the list from the email, before preparing it to be sent out to users. Recently, saw an issue where automation apps were sending the list twice, and grunt was removing the first list from user view, but not the second list, which made for weird emails being sent out with html formatted list, and plain text list of ALL servers, most of which user was not interested in seeing. |
| |
DHCP Servers |
| |
Steve found an issue with the SQL call to add dhcp server to the UI was returning 500 error. SQL has been updated with the proper syntax now to add information correctly. |
| |
| |
SA Portal page will now show more information on a dhcp server cluster if there is config informaiton missing, about what is missing. Previously, user only saw "Missing Config Info", which was not helpful to figure out what was missing. |
Patch: grunt-2.0.1-7, Date: 09/30/2024 |
Cohesity Report |
| |
Added unique keys to the tables to make sure we don't get duplicates. Since the report doens't have any unique key identifiers(according to infosec), we assume the client name, and the start time of a backup are good, since we should never have more then 1 backup starting for a client at the same second. Count table also had an index added, in case the same report in the same day was run, we don't duplicate information. |
| |
Cohesity Master Page |
| |
Corrected naming conventions on the page to reflect cluster names instead of vcenter names. |
| |
| |
Disabled the remove checkboxes and button to submit updates. Will get back to these features later to add. |
| |
| |
The "Clients" column of the number of clients is now a link, which when clicked, will show a list of the client names tied to the cluster. |
| |
| |
Removed the graph links under history for now. With the changing of vcenter serverss into, to cluster names, the graph feature is no longer valid until updates can be made. |
| |
Server Search Page |
| |
Charles wanted the Finish date, cluster name, and protection group values to display in the table for cohesity report, so they show now. |
| |
Rest API -> supportGroup.json |
| |
Cathy pointed out the OS version and OS name columns were flipped backwards for recently added additional table to check. Flipped values to proper order, so they should display properly from that table now. |
| |
| |
Added Cohesity data to output. If there is any data, the most recent result will be shown in output, similair to netbackup. Since cohesity does not have backup types currently known to grunt, the field called "netbackup_type", for cohesity output, will show "cohesity_cluster" name insead. |
| |
Tab -> Information -> Cohesity Masters |
| |
Changed menu name from "Cohesity Masters" to "Cohesity Clusters" to fall in line with better naming conventions. |
Patch: grunt-2.0.1-6, Date: 09/28/2024 |
Cohesity Reports |
| |
Added a bunch of logic, as the report has quite a few empty/invalid client names, grunt will now ignore those rows in the csv file. |
| |
| |
Added a primary key of the last run backup time and the client name to make sure if script to load csv file is run multuple times, the same data is not inserted multiple times. |
| |
| |
Corrected some short cuts that were done to made things work quicker. Doing something right the first time makes it easier down the road, which was the way to go here, so now data tracking for clients and masters is done the proper way. |
Patch: grunt-2.0.1-5, Date: 09/27/2024 |
Configuration Page |
| |
Added a section to configure Cohesity material. |
Patch: grunt-2.0.1-4, Date: 09/27/2024 |
Decommission Page |
| |
Hervin has provided updated script that is used behind the scenes. |
| |
PDSM Support Group Members |
| |
Increased length of "ACTIVE_MEMBERS" column to 20 instead of 1. The value from PDSM comes in true/false words, so modified table to track the exact value given from PDSM. |
| |
| |
Shawn M noticed several LDAP accounts that are no longer active being used in notification emails, whcih should not be there. Now, any LDAP ID's that are no longer listed in a support group that PDSM sends, will now be removed from the tracking table in grunt, which should correct the issue. |
| |
OVO Portal |
| |
Dan B has provided a lot of help in getting OVO monitoring/enable/disabling back up to speed, so the page should now report accurately on all OVO servers that may have not shown up before when making queries. |
| |
| |
Script will now exit out properly if credentials cannot be established properly. Previously, the checks to report the issue were clobbered, and the query that should have returned lists, returned an empty set. Should now report in the logs when a token request is made unsuccessfully. |
| |
Cohesity |
| |
Chris C has provided daily cohesity report, so added database table to track Cohesity reports being sent now. |
| |
Seetsq |
| |
Added new cgi script to support the new seetsq rpm script, which has replaced the openssl functions from it, which are supported on newer openSSL packages, but not the older ones production uses. This should make the script universal on any server. |
| |
| |
Cohesity output has been added to the output variables. |
| |
Server Search Page |
| |
Will now show a "Show/Hide" row for Cohesity information for a server, if any exists. |
| |
Grunt Daemon |
| |
Removed the kicking off of old image/query scripts in the background which were causing grunt so consume all CPU's on the server after a few weeks of running. These processes should not be used anymore, so cleaned them up, and remove the startup from the daemon call. |
| |
Information -> New Menu Item |
| |
Added a new menu item called "Cohesity Masters", which similair to the netbackup, will show the masters and their counts. |
Patch: grunt-2.0.1-3, Date: 09/10/2024 |
OVO Monitoring Page |
| |
Robbie found an issue where the notifications to splunk to disable servers was not going through. Removed the loop exit that was happening after the ovo checks, which was setting the wrong values for splunk checks. |
| |
Token Generator |
| |
Added a token generator to grunt to create tokens. Started for the staging of the seetsq process rewrite. |
| |
Decommission Portal |
| |
Make updates to support checks on the server side, prior to submitting requests to Hervin's decomm script. |
| |
| |
Hervin has provided final release of his decomm script to use, so updated grunt's copy. |
| |
Tanium Scripts |
| |
Did final clean up to remove the Tanium script runs, which weren't able to get data anymore, so felt they weren't needed. |
| |
Load Balancing Script |
| |
Removed cron to get this data, as the URL to use to retrieve data no longer works, and no new URL was given. |
| |
Daemon Process |
| |
Commented out the fork/exec of ldap query lookup engines. These scripts cause grunt to hammer CPU on the server, and I suspect they aren't being used anymore, and will research to make sure when time permits. |
| |
ovo.pm file |
| |
This modules is still needed by seetsq, so have restored it for now until I can determine the next suitable time to try and clean up and remove it again. |
Patch: grunt-2.0.1-2, Date: 09/02/2024 |
RPM Build |
| |
Added %define _binary_payload w6.xzdio to the start of the spec file, as without it, will generate installation errors on servers trying to install the package. |
Patch: grunt-2.0.1-1, Date: 09/01/2024 |
Installation Script |
| |
Added a -d option to the installer. Using this flag will now prompt for all database updates/changes, and allow the installer user to determine if the updates are valid or not. This is handling an issue with mysql and mariadb versions that is being stingy about int columns needing values or not. Probably not needed in long run, but useful for seeing what database commands may get stuck/need assistance to complete. |
| |
| |
Corrected a few "default" values from first time load tables that have not been updated since changes to the tables were made, and column sizes increased. |
| |
Admin Tab |
| |
Added new menu item called "Decommission Servers". This tab is available to the root and admin modes in grunt. The selection will take user to the portal page, to request qhich servers they want to decomm. At the moment, this is for messaging servers only. |
| |
Information Tab |
| |
Added new menu item called "Messaging Requests". This page will show all decomm requests made against the messaging system servers. |
| |
Decommission Portal Page |
| |
Hervin has provided a script for turning off messaging information on servers, prior to performing a decommission process. This page will take a list of servers, and provide the user with an excel list of processed servers. |
| |
API Call -> serverEAI.json |
| |
Hervin asked to have a return of ONLY EAI numbers. Added a eaiOnly flag, which can be set to any value to just have the eai numbers returned now. |
Patch: grunt-2.0.0-1, Date: 07/01/2024 |
Database Configuration |
| |
Looks like newer mariadb versions do not follow the display value for int type columns in the database anymore. Added code to filter/check values without the display width value anymore, when trying to configure any new database changes. |
| |
Netbackup Token Generator |
| |
Hervin pointed out an issue with servers not being reported in netbackup, not being able to generate tokens.. Now, if grunt/netbackup don't know anything about the server in the database, the server will be passed through if it passes DNS checks regardless. |
| |
| |
Hervin provided an updated script with more netbackup masters in the list. |
| |
DHCP Portal Page |
| |
Turned code back on that checks for SOA server information, and the IP address related to a given hostname on the portal page. Hopefully SOA server is now a more reliable source being in Micetro, then the legacy SOA DNS servers used prior times. |
| |
RPM Packaging |
| |
Moved automation packaging to local lab to create fedora and el releases. Kicked version major release up to 2 to mark it, so it can be identified for new issues that have come from upgrading packaging/code to rhel8+ releases... |
| |
OVO ENable/Disable Page |
| |
Seperated out splunk and OVO to provide enable/disbale to both independently. Previously, OVO was used as the template, and if not found there, would fail to notify splunk it if was there. Now, 2 columns are outputted, one for splunk, and one for OVO. |
Patch: grunt-1.9.1-4, Date: 01/30/2024 |
ldapGroups.json ( dev - prod ) |
| |
Added in a failsafe check, if for any reason the call does not produce an appropriate response, the call will fail, and hopefully mkacct will abort it's Sane run/update of GRS files. |
| |
| |
Removed redundant library calls that were not needed to squeeze a little more performance from the call. |
| |
OVO Monitoring |
| |
Added in libraries and calls to notify Splunk team when a server has it's monitoring turned on or off, along with the OVO call to do the work. |
| |
Netbackup Tokens |
| |
Hervin has provided an updated script to handle running from various servers to generate needed tokens. |
Patch: grunt-1.9.1-3, Date: 12/15/2023 |
PDSM Support Groups |
| |
Sridhar has provided filter updates to provide CMDB more unique PDSM group support names to contact. Library has been added, and all calls to get the group have been modified to use this library now. |
| |
Netbackup Tokens |
| |
Removed the check to confirm server names given had any registration with netackup clients.. The check will now check DNS extensively for a match before giving up. |
| |
Patch: grunt-1.9.1-2, Date: 11/30/2023 |
Netbackup Reports |
| |
Corrected a code mismatch that was not causing the full report to not generate from the cron request. Report should now generate daily one again. |
| |
Load Balanced Information |
| |
The URL that was used to grab load balancer information no longer works(and no idea if there is another one or was moved), so removed the cron command that was gathering this information. |
| |
Netbackup Token Generator |
| |
Added menu item under Admin tab -> Netbackup Tokens Hervin has provided scripts that will takes a list of servers, and returns back the netbackup tokens used for them, if one can be found. |
Patch: grunt-1.9.1-1, Date: 11/04/2023 |
Search Page/Seetsq |
| |
Sridhar discovered that the cloud ops query returned for every server, even with blank values which wasn't he desired result. The data object has been fixed to make sure the section does not show up now if there is nothing in the master table for the server. |
| |
DHCP SA Portal |
| |
Steve helped testing the failover ability of the grunt page to work dhcp servers, made updates to libraries to fix minor issues in testing. |
| |
PDSM Emails |
| |
Sridhar pointed out the stage area gets lost when the server is rebooted. Emails are no longer processed in the /tmp directory, but instead in wherever the stage directory is defined. The pathing is automatically created now as well if it does not exist. This should prevent any further email parsing that fails because the security on /tmp changes with each release of RHEL, so this should finally clear this issue up. |
| |
Help -> Digicert Request |
| |
Renamed to "Sertigo Request". Any references to digicert have been replaced with sertigo. |
| |
SA DHCP Portal |
| |
Added border to make the dhcp server groupings stand out a little better. |
| |
DHCP Server Update Page |
| |
Added scrubbers to make sure spaces before/after values are removed. Previously, this was causing issues for cut and paste items that may put a space at the beginning or end of the string, which would cause the validation checks to fail. |
| |
Sertigo Request Emails |
| |
The email that was sent with the cert information would not render the HTML portion, making it a little difficult to read. Added lib to combine html and attachment combinations, so the email will now display as intended. |
| |
Tanium |
| |
Removed all final references to tanium since grunt no longer utilizes it in any way. |
| |
Mail Received Reports |
| |
The staging directory /tmp has been moved to the configured "stage" directory in the configuration file. As we move higher linux versions, the security restrictions on apache gets tighter, and does not like apache writing to /tmp anymore. Now, the reports will write to a configured grunt directory for processing. |
| |
seetsq |
| |
With the discovery of production openssl being an older version for security reasons, the seetsq cgi scripts have been separated into the older version, and a newer version (called seetsq2 in all respective scripts). This will allow mirroring of the 2 versions to run together until the newer version can run independent of the older version of openssl. |
| |
DNS Subnets |
| |
Grunt will no longer exit out on first sign of trouble when reaching out to micetro, but will instead log the issue in the dns log file, and move on. Previously, the script would stop as soon as it encountered the first issue with a domain or subnet. Now, should run through to completion, and log all issue items. |
| |
Rest API -> eaiServer.json |
| |
New rest API has been added, when given an EAI number, will return the list of servers linked to the EAI number. Flag added to included retired servers for the EAI number if they are needed. Refer to the rest API documentation for more info about it. |
| |
Netbackup Report |
| |
Added Decomm Status column to the report to indicate PDSM status name for decomm. |
| |
| |
Changed selected "Show All Rows" to "No Filter". This was misleading, and sounded like it would return all servers in netbackup. "No Filter" now applies to the hostnames entered in the box to search on. |
| |
| |
Added "(ALL)Show Hostnames, 7 Days" to the filter drop down. This page will show all clients/servers that were backed up in any way in the last 7 days. |
| |
| |
Added "(ALL)Show Failed Tries, 7 Days". to the filter drop down. This page will show all failures that happened with all clients netbackup is working with in the last 7 days. |
| |
| |
Crons have been added to make sure the "(ALL)" reports runs quickly to return a result. The crons have been set to run at around 5 in the afternoon, which is about the time all netbackup servers report in their information. |
| |
Report -> Server to EAI Mapping |
| |
Sridhar pointed out that the OS Name column was not populating in the Excel output, but was in the HTML dump. Should now show in the Excel dump. |
| |
| |
Corrected color code width to fill entire table row when there is an issue with a given server. Previously, the color code was 2 columns short of filling the row. |
Patch: grunt-1.9.0-14, Date: 09/20/2023 |
DHCP -> Add/Update DHCP Server |
| |
New items have been added to the page to configure. These include status, start, and stop scripts, and the status codes to determine the results of running the command. These can be left blank, and if so, will not show up in the portal page to manage dhcp process. |
| |
Menu -> DHCP -> SA DHCP Portal |
| |
Added a new menu item under DHCP tab called "SA DHCP Portal". This page shows the status of the DHCP servers. If the dhcp servers have their status/start/stop information updated, will allow for starting/stopping dhcp services on the dhcp server. This menu item is only available to root and DHCP Mode users on the site. |
| |
Rest API -> serverEAI.json |
| |
Hervin has asked for a rest call to pull EAI information for a given server name. This api has been added to the list. Refer to the rest api documentaion for its usage. |
| |
Configuration |
| |
Added new logging file for DHCP work done from the SA DHCP Portal listed above in the local environment area of the page. Made sense to start seperating logs out, so as to not clutter one with too much information. If no value is given, will default to /var/fedex/grunt/dhcpd.log |
Patch: grunt-1.9.0-13, Date: 09/12/2023 |
CloudOPS Data |
| |
Sridhar had cloud team updated the query to include way more servers then it was previously providing. |
| |
| |
New table has been added to collect much more information from the report, and should now display on the search page, as well as seetsq page when queried. |
| |
Seetsq Query Scripts |
| |
The openssl encryption/decryption being used was causing issues when running that would throw warning messages about deprecated usages. Those calls have been updated to current standards. |
| |
| |
In order to make debugging the encrypting and decrypting easier, all openssl calls that generated binary encrypted keys and data packs, now have that data converted to base64, and passed around. Previously, passing binary data between servers and databases was quite painful to debug, if not impossible. Now, base64 strings are a lot easier to debug, and make for better coding logic in the scripts. This will cause the old seetsq scripts being used to no longer work. seetsq rpm package has been updated with the new logic, so user just needs to update their seetsq package in order to match the grunt site. |
| |
DHCP Server Information |
| |
Added fields to include the starting and stopping scripts of the dhcp service, as well as the codes that tell grunt whether the command was successful or not. |
| |
RPM Package |
| |
Removed RHEL6 from the package maker AI material. |
Patch: grunt-1.9.0-12, Date: 07/24/2023 |
VE Notifications |
| |
Added a check to confirm that ldap accounts to get notified about ve notifications exist prior to sending the email. Since the support group list could have ldap accounts that are no longer in LDAP, this check will validate that first, and if exists, will add their email address, either defined in LDAP, or by their ldap ID + fedex.com. |
| |
mkacct Rest API |
| |
ldapGroups.json will now work for all test levels on the GRUNT development system: |
| |
| |
| |
| |
| |
| |
| |
| |
Access Controls |
| |
Grunt will now automatically remove folks that change managers from access list, instead of just sending a notification email about the change, and wait for an admin to make an update. The new change will send an email, but instead of waiting, will just automatically remove the user from the manager, and the access they had under the manager. |
Patch: grunt-1.9.0-11, Date: 06/16/2023 |
Netbackup Graphs |
| |
Fixed the filter that was crashing when selecting weeks/months/etc to point to the proper location now, which should no longer show page not found error message. |
| |
PDSM Emails |
| |
Added a missing exit code that was needed when a certain report was being sent. Without this, certain report parsing would bleed over into other report parsing, and return sparatic error messages. |
| |
Rest API -> netbackup.json |
| |
Fixed filter value of limit to reflect the proper number of results desired. Previously, 1 more than the desired count of matches was being returned. |
| |
Netbackup Master List |
| |
If in admin mode, will now title the checkbox column with "REM", to indicate a better hint at what the column does. |
| |
PXE Server Stanza's |
| |
Will now throw an error message if the PXE default stanza defines a TFTP Server in it to be substituted, but the next-server given by the user, or the defaulted one, is not listed in the next-server to tftp server mapping dictionary table in GRUNT. |
| |
| |
If a COLO server is entered, which has an address starting with 10.231.86, will default to c0027368.test.cloud.fedex.com now, instead of the default next-server as defined on the dhcp server itself. Previously, the next-server entry would be blank for these servers, and default to the default value, which would cause the user to have to go back to the record, and update again to get the right next-server they wanted specifically for COLO. |
| |
Atlas IPXE Dictionary |
| |
Removed the check for unique TFTP Server values to be entered. Now, the same TFTP entry can exist in the dictionary multiple times for different next-server values. |
| |
| |
Added "LAS" Zone Location to the drop down list. |
| |
Rest API -> ldapGroups.json |
| |
mkacct likes to test to make sure it gets resolution from the source by using the image group "invalid". The rest call will no longer try to look up the image role group called "invalid", but instead will just return the group with the standard message that it does not exist, rather than trying to do a look up on it every time. |
| |
GRS Calls |
| |
Cloud reported slow speed using grunt to do GRS resolutions. To speed up performance of queries of a lot of image roles, sub web servers have been brought up, and only purpose is to service these GRS requests. All 4 levels of IMAGE(dev/test/stage/prod) had been added as sub web servers, and speed has been greatly improved. |
| |
Configuration |
| |
Added item called "Image Role TTL" under the "Image Role Configuration" section. This value defines how long grunt will cache image roles before making a fresh request to IMAGE for member roles. Defaults to 60 minutes. |
Patch: grunt-1.9.0-10, Date: 04/21/2023 |
Access Modes |
| |
Added NB to the list of access controls. Anyone in this group has access to change Netbackup Information in the grunt tool. |
| |
Netbackup Masters |
| |
Added checkbox to remove netbackup masters listed in Grunt. This feature is only visible to root/admin and netbackup defined users on the grunt site. |
| |
Rest API Added -> netbackup.json |
| |
rest api call will return information for a given server name that is being backed up, either short name, or fully qualified, if it exists. Rest API documentation updated with further information if needed. |
| |
Rest API Added -> ldapGroups.json |
| |
Effort to replace GRS system, added this rest call so mkacct's could have their configuration changed to point to a GRS replacement server, while waiting to decoom the project. Rest call works off ports and cname references for the different test levels. |
| |
Digi Cert Page |
| |
Updated notes on how to request certificate through the new Sertigo process. |
Patch: grunt-1.9.0-9, Date: 11/26/2022 |
PDSM General Server Information |
| |
Sridhar has removed the "Last System Update" column from the report, so changed the database and code in grunt to not use it anymore. |
| |
Netbackup Graphs |
| |
Will no longer include the current date as part of the graph. As normally, this data is not known yet, will default the graphs to look like there has been a cutoff back to zero, which means data has not yet been collected for today's date, which makes the graph look weird. Now, the graph will ignore the current date by default for displaying information. |
| |
PDSM Support and Contact Info |
| |
Added check to make sure header fields are what we expect for the report. Previously, this check was ignore, and when multiple reports came in, could cause weird things to happen. |
| |
Email Processing |
| |
Changed the staging directory form the PID number, to a date and a 10 digit number for a place to process email information. Looks like the child PID number could sometimes process multiple emails, which was causing some reports to mix with others. This should prevent that from happening anymore. |
| |
| |
Added a command at the end of the email processing to clean up any stage directories older than 3 days. The reports were too big to keep any longer then a week time frame about. Only reason to keep them was for debugging purposes if needed. This should cut down on the data consumption. |
| |
| |
Fixed a flag that was set the opposite of what it should have been, which was causing reports to be processed by the wrong script, which was resulting in weird error emails being generated about bad column matches for reports it shouldn't have been processing in the first place. |
Patch: grunt-1.9.0-8, Date: 11/22/2022 |
New Report |
| |
Added Sridhar report to track pdsm support groups and their member ID's to the database. |
| |
General PDSM Report |
| |
Sridhar added environment column to the report, so updated database to also track that value for the reports. |
| |
Search Page/Seetsq |
| |
Missing data for additional fields in physical/virtual information, when blank from the EAI report, will now populate with data from the PDSM General support information. Previously, the fields would only populate if there was an EAI number association to the server. |
| |
| |
Added "Last Updated" column value to the pages, to indicate the last time auto discovery was done on the server. |
| |
| |
Search page will now create links for support groups that have a member listing, which will present the user the list of ldap name/ID's associated to the group, if needed. |
| |
Grunt Email Notifications |
| |
Emails now sent to folks about servers(VE notifications, etc) will now include the app support group emails, along with the IT lead and IT Manager for the server. Sridhar report includes the pdsm app support group ldap accounts, which are used in the email distro list to notify of updates/changes. |
| |
Netbackup Graph Pages |
| |
Will now also include a table, below the graph, with exact values of the daily server count changes, and their delta counts. |
Patch: grunt-1.9.0-7, Date: 11/04/2022 |
PDSM Report |
| |
Hervin asked to have last discovery date tracked for servers. Added new table to collect information from a report Sridhar provides on these discovery dates and information. |
| |
Report Page |
| |
Added report "Last Discovered". This report will provides an excel file of all servers(valid named servers), and their last discovered date, broken into multiple columns. |
| |
Links Page |
| |
Added the SAG Server list link to the list. |
| |
Colo Server Additions |
| |
Fixed an issue that was causing new colo server additions to not add properly to the colo tables. |
| |
OCI Data |
| |
Fixed the json query to add the new array wrapper to make queries to get OCI fact data. |
| |
SSL Certificate Page |
| |
Updated email information to include requesting SHA-384 instead of SHA-512. Digicert will now only make SHA-384 certs, unless a 32 bit app still uses the older certs(SHA-512/SHA-256). |
| |
Tanium Reports |
| |
Commented out the report, not sure this functionality is being used anymore, so removing the link to them to find out. |
| |
Account Mgmt -> Password Hash Generator |
| |
Shawn Mc had pointed out infosec wanted the hash generator to enforce the rules of generating password hashes. The page will now return error messages if the password does not meet the minimum requirements. |
| |
Netbackup Master Page |
| |
Added a cron job to populate a new table with counts of all netbackup master servers per day. This table will start tracking data going forward from day of this load. |
| |
| |
Added a new column with links to a "Graph" page. The graph pages will now start to show data moving forward of clients added/removed on a daily bases. |
Patch: grunt-1.9.0-6, Date: 08/18/2022 |
Stage Table |
| |
Found a dhcp server had more than 16 meg of data in lease/pxe file data, which was causing the data file to be corrupt that was being transferred. Increased size from medium text to long text, which should handle a ton more information. |
| |
COLO Server List |
| |
Sridhar had added the Atlanta COLO account tool to grunt. Modified the cron script to collect those servers, and add it to the list. |
| |
Server Search Page |
| |
Any server that is in COLO, will now show CA PAM server as production one. Previously, certain COLO account tools did not have a master server to map to CAPAM, so the value for the CAPAM UI for prod or test was showing "Unknown". Should show test/production CAPAM now depending on PDSM setting. |
| |
Report -> Server to EAI Mapping |
| |
Sridhar pointed out that sometimes a fully qualified name could be the wrong fully qualified name for another fully qualified name for the server, which would result in no matched. i.e c0008400.prod.cloud.fedex.com wasn't found, but c0008400 and c0008400.corp.ds.fedex.com would both match. Now, Grunt will ALWAYS assume the short name (even if FQDN is given), and look for matches against the short name version, and return back the fully qualified name in the table output, if there is one. |
| |
| |
Sridhar asked to have the "OS Name" value added to the table output, so it's added. |
Patch: grunt-1.9.0-5, Date: 07/19/2022 |
Service Configuration |
| |
Fixed an issue where modifying existing cron entries for a package, would not modify the values on the installation system. This would cause old crons to remain, or time/desc values to not update, when a modification was made to the source cron data in the configuration script. Now, the script, times, description should update when a cron is modified in the master settings on the remote system. |
| |
CAPAM FAQ Page |
| |
David W has provided updated information on opening tickets in PDSM for help with CAPAM issues. Replaced the information on the page with what David gave. |
| |
Mkacct Processing Script |
| |
Removed debug comment of the process to digest mkacct data. This was causing mkacct data to not get processed. |
| |
| |
Changed the processing of mkacct information grunt receives from them. Looks like there is an issue where the connection between mkacct and grunt would stay open until grunt finished processing the data. This is not desirable, and looks like if the connection is killed early, could cause grunt to not get all accounts updated for all servers. Now, the function that processes the data is forked into a child solo process, and the command the remote mkacct called will no longer hang waiting for grunt to finish, nor will grunt show a defunct process while waiting for the command to finish. Found one of the mkacct's needs 9+ hours to finish processing, which looks to be causing the issue folks were seeing with grunt search page/seetsq not showing accounts on certain servers, when in fact they were there. |
| |
Netbackup Master List Page |
| |
Counters have been added to the total number of masters, and the count of clients for the masters, shown at the top in the header section. |
| |
Netbackup Report Page |
| |
Added more options to the drop down for pulling specific items in the report. |
| |
| |
Added a note about increments representing a backup of the system, but in a way that conserves space better in netbackup. |
| |
Netbackup Processing |
| |
John and Charles have provided update to the filtering methods. Grunt will now ignore snapshots that come from the vmware directly, when logging information in the database. Previously, this information is logged into the database, but since these are "master" records for the sub snapshots, we do not need to track these. Display Method will also now correctly reflect a correct snapshot method type now, instead of duplicating the value. |
| |
SSSD Image Processing |
| |
Added email processing for sssd.conf files on servers that are mkacct supported. Using a cron command as such: |
| |
| |
| |
| |
Patch: grunt-1.9.0-4, Date: 06/20/2022 |
Graph Pages |
| |
Fixed an issue where the dates being displayed to show were not being shown, but instead, all the date ranges were being shown. The graph should now ONLY show what is defined in the date range boxes. |
| |
| |
Dates are now checked to be sure they are valid. |
| |
VE Cycle Page |
| |
Hervin found a glitch with test.cloud.fedex.com and other domains, the filter was not filtering properly. Should be now for servers in that, and other related domains. |
| |
| |
Hervin noted duplicates would cause an internal error to happen when submitting. Function to process the work has been rewritten and should now handle duplicates, as well as better error/message handling to return proper output. |
| |
Main Page |
| |
Added a red "NOTE" to the default information specifying the tool is for reference, and not authorative. Hopefully this will stop the requests coming in, to modify the data in grunt, when user is relying too heavily on grunt for information, doubtful, but at the very least, at least note it on the site for folks not familiar with the tool. |
| |
Netbackup Data |
| |
Aded capture of the Policy Type Text to the database. Should be available to seetsq and active filters, once the database is populated from the date of the load moving forward. |
| |
Netbackup Filters |
| |
Adjusted netbackup filters for backup methods according to the definition John Graco gave. Sure it will be a work in progress as we figure it out how to define the methods. |
| |
VE Self Service |
| |
Scott Graves has provided an updated script to help identify when a VE server is not found, vs. a message saying that the call failed, or access denied, which made it hard to determine if the problem was the VE client was not found, or something was wrong with the access controls. Message should now state "VM not found" if that is the case now. The script is added to the rpm package of grunt, so it can be moved automatically when updates to the package are made. |
| |
| |
Added debugging to the commands being sent to VE for all runs. This should help make it easier to debug in the future when there is a problem running the powershell scripts which can be forwarded onto the VE team to diagnose when something does go wrong. |
| |
CAPAM Client Support Link |
| |
With the retirement of esso websites, updated the links to show how to install the CAPAM client to the new reference. |
| |
Password Hash Check Page |
| |
Updated the 1st step message that was pointing to the old WSSO site, to the new purple ID site, and the information on how to complete the first of 2 steps to complete setting a users hash for linux consumption in the account tools. |
Patch: grunt-1.9.0-3, Date: 03/08/2022 |
Account Mgmt Tab -> Mkacct Deploys |
| |
The page now includes partial/full backups of the mkacct servers if they are found in netbackup. Reduced some column heading names to try to get more data to fit in the row more cleanly. |
| |
Seetsq -> ldap -> phone |
| |
Fixed an issue where phone number values were not getting passed through, which was causing no results to be displayed for valid phone numbers. |
| |
PXE Portal |
| |
Hervin found an issue where resolutions that fell down to grunt trying to resolve to locate the proper dhcp server would fail. Corrected pattern matching of the dig/host command to not include the leading space in front of the IP address, when used to search database to locate dhcp server. |
| |
Configuration Page -> Netbackup Settings |
| |
Removed the config option for defining netbackup masters and their ports. The process has moved to emails, and this is no longer needed. |
| |
| |
Added configuration item "Retain Days". This value says how long grunt should keep record of backups before they are removed from the database. Default is set to 30 days. |
| |
| |
Added configuration item "Display Days". Setting this value to anything other than 0 will show the number of days, from most recent, of incremental/full backups performed on a server. Default is 7 days. |
| |
Search Page |
| |
Netbackup list of backups, if more than the configured number to display, provides a link to "Hide/Show More" entries if it exceeds the limit. Clicking this link will show all remaining backups done if clicked. Clicking again will shorten the list back up. |
| |
Netbackup Information |
| |
Grunt will now ignore any entries the netbackup masters provide that have an end time of 1970. These entries seem to indicate either the backup is on going, or some other issue, but not a record grunt should track, as it is incomplete. |
| |
Cron Entries |
| |
Removed cron to talk to netbackup servers( syncNetbackupServers.pl ), and replaced it with script( purgeOldNetbackupClientSnapshots.pl ) to keep the database cleaned from building up too many backups over the course of time. |
| |
Report Page |
| |
Added new report called "Netbackup Clients". This report will generate HTML output, or an excel file, for a given list of short/long name servers, netbackup information, and the EAI information(if there is any) for the given list. Drop down provides ability to show all records, or only full backups. |
| |
Information Tab -> Netbackup Masters |
| |
Resolution of the netbackup masters will not strictly look at the "A" records in DNS, and not matching CNAME records. This was causing duplicate netbackup master names to show in the list, which made things look a little confusing. Now, list should have purely "A" record names showing. |
| |
Help Tab -> FAQ - Mkacct |
| |
Created an additional page for performing DR( Disaster Recovery), added a link at the bottom of the mklacct FAQ page to take user to the page, if they need more information about how to recover. |
Patch: grunt-1.9.0-2, Date: 02/07/2022 |
PDSM Inventory Report |
| |
Sridhar has added Tier level to the report. Database has been updated to hold the tier value now from it. |
| |
Server Search Page |
| |
Added tier level to the information provided in the EAI expandable boxes. |
| |
Reports -> Server to EAI Mapping |
| |
Will now include the tier level in it's excel/html output. |
| |
Rest API Call -> serverData.json |
| |
Output values now also include the Application Support Group from PDSM, if there is one. If there is not one, the value is shown, but with "No Matches Found" given for the value. Each project found, will add the eai number and the support group name from pdsm together, separated by a colon, and each additional eai number found, will be separated by a comma. |
| |
Tabs -> Help |
| |
Added new menu item called "Digicert Request". This page takes the name of a server running web services, and will return an email to the logged in user, of the .key file, the .csr file, and instructions on how to make the request through the infosec/pdsm web site to receive the .crt file. |
Patch: grunt-1.9.0-1, Date: 01/27/2022 |
Netbackup Introduction |
| |
Added database tables and mail parsing script to receive netback emails, process them into grunt database, to provide reporting to the SA's and Netbackup folks for needed information. The grunt search page will show a "Netbackup" expandable tab now if it applies to the server searched on. |
| |
Information Tab |
| |
Added new menu item called "Netbackup Masters". This page will show the list of netbackup masters that are reporting in, how many servers they support, and the last time stamp they checked in at, in UTC time. |
| |
DNS Creation/Removal |
| |
Couple touch-up items to identify ping checks more easy, as well as making a unique error message to help identify code issue in the future. |
| |
Hash Check Page |
| |
Shawn Mc. caught my english illiteracy, and corrected my spelling of ( congra "g" ulations ) to ( congra "t" ulations ). Not a word I type very often, obviously. |
| |
SSSD FAQ page |
| |
corrected a few typos |
| |
Links page linked to the old tool, now in Grunt |
| |
DNS Portal Page |
| |
Hervin noted an issue where passing in record names with a period would not match removal records requested. Now, the values in the fields will have the "period" removed, whether it is there or not from the end of each item given. |
| |
| |
The Subnet filter page will now auto assign the next IP value that is free, if the user specifies DNS record names in the bulk box, but fails to give an IP address. The request items should stack, meaning if 5 dns names are given without 5 IP addresses, each dns name should get assigned the next free IP address. If the subnet is emptied of the remaining free IP's, user will now get a message saying the request will not succeed for the remaining dns records that can't get an IP assigned. |
| |
PDSM Hardware Report |
| |
Sridhar noticed an issue where duplicate server names in PDSM were causing some server lookups not to report on physical/virtual tab. Added a check if the host/serial combo already exists, ignore any duplicates if they don't have an IP address. |
| |
Server Search Page |
| |
Steven found an issue where searching on a server in grunt, that pdsm decomm'd, but then used again, would cause the physical/virtual tab to not show up for the newer system. Check is done now for the obsolete flag, and will ignore it in the search if so. |
| |
| |
David W pointed out that servers NOT under an account tool, would not show the "NOTES" section when looking up a server. Now, any server, as long as it exists in ANY sense in Grunt, will display/show the notes section. |
| |
DHCP/ILO Info |
| |
| |
DHCP ILO Queries |
| |
Added a sync check flag to the code that now causes grunt to NOT lookup dhcp ILO information from each dhcp server, as "on demand". Now, the server search page and seetsq should no longer query the dhcp server every time a client server is looked up to find its information. Instead, the dhcp cron script now logs lease information into the database as a "temp cache" information, which causes grunt to look at that table information, instead of going out to the dhcp server every time. The Serial lookup page will continue to do real time query against the dhcp lease files for information as it always has. This should solve an issue where seetsq of a large set of servers, would eventually time out, as each server has it's ilo information queried, one at a time, which had performance issues. |
Patch: grunt-1.8.0-1, Date: 10/10/2021 |
menAndMice -> micetro |
| |
Renamed references to men and mice to the new naming convention of micetro. |
| |
service command -> restore |
| |
Added option to the service command called "restore". This option allows the user to perform a "reinstall" of the grunt application should it be migrated to another system. Once the grunt tool is "yum install grunt", running "service grunt restore" will reload the web, database, and cron with all information grunt had prior to the upgrade/rebuild of the server. |
| |
DNS Tab |
| |
DNS tab should be active, and show to the root/admin/dns modes on the site. The portal, subnet, and domain menu items should be functional. These tabs provide the ability for folks to perform DNS requests for UTE subnets/domain. |
Patch: grunt-1.7.3-3, Date: 08/12/2021 |
OVO Queue Page |
| |
Items that are no longer listed in an OVO Master server for removal will now be flagged removed in the database when discovered. Previously, the removal process would always assume the disabled request identifier would remain on the OVO master servers, but this has been proven to be a false assumption. Now, then a removal is requested for an ID grunt is tracking, the ID is checked in the list of ID's in the OVO master list, and if it is not in the lilst OVO master's provide, the task will be cleared in Grunt, without performing any OVO master work, and a log message indicating the ID value was no longer found in the OVO master servers. |
| |
OVO Auto Cleanup. |
| |
Same check as above was added, when a removal timestamp has been reached, grunt will query the list of ID's available from the OVO masters to determine if the remove request is valid or not. If the request ID is not found on OVO master servers, grunt will clear the requested item in the database, log a message about it, and call it a day. |
| |
Server Search Page |
| |
Chong pointed out a problem when looking up a server like r2.domain.fedex.com causes a seriously long wait time, and would return sporadic results for dhcp information. Upon review, the search through ILO records tried to match any serial or short hostname string to any output it could find from an ilo sweep of servers. "r2" matches quite a few short hostname strings, which would cause a sweep of all the dhcp servers. This wasn't the desired behavior. Now, the check will only look for hostnames "STARTING" with r2(example item), and not look for any hostname having "r2" in it in the entire string. |
Patch: grunt-1.7.3-2, Date: 08/07/2021 |
OVO Cleanup |
| |
| |
Fixed a typo in the SQL request to flag items in the SQL table as completed removed. |
| |
Reports -> Server to OS Version List |
| |
| |
Fixed a bug where the list that was being returned was showing more than it should. The list was showing obsoleted items, as well as active items. The list should now only show active servers in the list. |
Patch: grunt-1.7.3-1, Date: 08/06/2021 |
DHCP Sync Script |
| |
Steve G. has finished the sync script process for the production DHCP servers. I have checked the code into grunt to keep a copy of it in prod if we need it for more servers. |
| |
Rest API -> serverData.json |
| |
Sridhar wanted the environment value added to the output list, so it's there. |
| |
OVO Enable/Disable |
| |
Requests are now tracked in a local database table in Grunt. This was done to code up a clean up mechanism in Grunt for expired downtime/disable requests. Previously, the only way to know if there were expired requests, was to do a full request of downtimes of the OVO Master servers, which is done on a "per minute" basis. It did not make sense to bother the OVO masters if grunt knows there are no expired requests every cycle. Now, grunt only bothers the OVO masters if it knows it has an expired downtime request grunt created. This database table provides that function, which speeds up processing for the user to see/know which requests are currently in Grunt, as well as the review/history information. |
| |
Menu -> OVO -> Daemon Log |
| |
Removed this menu item, there is no longer a daemon log process that works all the interactions with OVO Master Nodes, as the requests are all now Rest API calls. |
| |
Menu -> OVO -> Audit Log |
| |
Has been renamed to "Review History". With the conversion of the OVO requests converted to a database tracker, the naming made better sense to review items that had been disabled/enabled by grunt over time. |
| |
Menu -> OVO -> Current Requests |
| |
Mike W. has converted the page to use the database table for showing active/completed requests. Checkbox has been added which will query OVO master servers in real time to show all downtime requests, BOTH from Grunt and other requests(not from Grunt). The default is to show the grunt only requests. |
| |
Menu -> Account Mgmt -> Mkacct Hash Generator |
| |
Menu item has been renamed to "Password Hash Generator". Sridhar pointed out this is not limited to mkacct, and was a hash creation of a given password, which wasn't a mkacct specific task. |
| |
Seetsq -> ldap -> -a |
| |
Option will no longer show the hashes for the account to any user. Now, the --authenticate option has been added, which can be used to authenticate the requestor of the seetsq command, and if the user is valid in Grunt, seetsq will show those values as normal. If the user doesn't authenticate, or does not have root/admin privileges in grunt, the user will see a message saying "Use --authenticate to view values". |
Patch: grunt-1.7.2-2, Date: 07/19/2021 |
OVO Material |
| |
Dan had a few things I spaced on to fix. Adjustments to the code to finish the initial kit here. |
Patch: grunt-1.7.2-1, Date: 07/19/2021 |
Seetsq -> ldap module |
| |
Sridhar had the "-f" option for a file added to the output. This option will only work in conjunction with the -c option now when providing multiple ldap accounts in a file. |
| |
| |
Sridhar noted that any LDAP account that is not found in LDAPthe output would just show blank values on both sides of the colon, which wasn't helpful. Now the account will be shown, and a message saying account is no longer in LDAP. This applies to the -c option. |
| |
OVO Libraries |
| |
Art A has provided grunt with the calls needed to once again perform service calls to OVO/OTG services. These calls have been added to grunt's lilbrary collection. |
| |
Configuration -> OVO Configuration |
| |
Section has been added to configure the OVO rest credentials used in the OVO pages, along with the logging path for all work done on the OVO pages. |
| |
OVO Tab |
| |
The Tab is once again active. Here are the key notes/points about it. |
| |
| |
The "Queue'd Items" menu item has been renamed to "Current Requests". Since items are no longer "queue'd" in grunt, this didn't make much sense anymore. |
| |
| |
Mike W. has modified the "Current Requests" page for the new OVO modules that were written for grunt. The page will show all items that the OVO Master servers have in their list of items that have monitoring turned off. The page is split into 2 sections, the first is the list of Grunt specific disabled servers. The second, is all other disabled requests that were not performed by GRUNT. Whether nodes are turned off or not, the page will show the time left, or if the request is already expired, but still in the list. Root, Admin, and OVO groups have the ability to remove Grunt(not other disables) disabled rows in the list if something need to be cleaned up. By default, the page will show everything. There is a search box in the upper left to search for a specific server name if the list needs to be filtered. |
| |
| |
The Enable/Disable Page has had the backend code replaced to use the new OVO modules. The number of server requirements has been removed, and the outage window allowed is from 1 to 24 hours now. There are no longer any extensions to a disabled server. New disable requests can be added, which will stack on the original request. This means if an outage is done for 4 hours, and 3 hours into the outage, more time is needed, a new request can be added, to ask for however many more hours are needed for the outage before monitoring is turned back on. Short host names are now allowed on the page. |
| |
CLI - OVO Scripts |
| |
Stedman has provided the CLI scripts to perform OVO tasks on the command line, rather than having to use the UI. These scripts are labeled starting with "gruntOVO" to help find them easier if "/opt/fedex/grunt/bin" is in your $PATH env variable on the grunt server. |
| |
OVO Logging |
| |
Logging of the OVO actions has been moved to its own log file. The default log file is /var/fedex/grunt/ovo.log. This can be configured in the configuration page if a different location is desired. |
| |
Audit Logging |
| |
All work/audit log files will now log their times in UTC format. Previously, it was being logged to whatever the default date of the server was using. Now, UTC Is forced for all logging. |
Patch: grunt-1.7.1-2, Date: 07/06/2021 |
Check Password Hash Page |
| |
Shawn M saw that the shadow 3rd field/password changed on value was not changing for accounts, and was always showing a date from 2018... Developer was lame, and did a cut and paste, but forgot to switch out the static values for the variables that were holding the proper values. Should show the correct values now. |
| |
REST API -> serverData.json |
| |
Will include "location_desc" key to physicals output now, so user can see what the location(key value) information is marked as. |
| |
| |
Example, added server name to example, so someone can just plug in a different server name. |
| |
Report -> Physicals without ILO's |
| |
Will now test DNS entries prior to showing report for the server name attached to the serial number. If the server entry does not exist in DNS, the entry it not shown. |
| |
| |
Ignores(does not report) any servers that are in pending decomm, or retired, "state" in PDSM. |
| |
| |
Note has been updated to fix ILO/IDRAC to run as root when trying to fix. |
| |
Retrieve Password Page |
| |
COLO servers password will now redirect to the CAPAM output, instead of the password being tracked in grunt(old one). Moved the check the page was doing to the API call being used in the server search page/seetsq, so the output matches the other pages, rather than using its own checks. |
| |
| |
Spaces are now allowed before/after the name of the server being looked up. |
Patch: grunt-1.7.1-1, Date: 07/03/2021 |
Search Page |
| |
Sridhar noted that the DNS Name for some ILO records was showing not available, when there was a DNS entry. Found an issue where some ILO client-hostname values actually included the letters "ILO" in front of the serial number, which caused matches not to happen. Also added a filter to the ILO hostname checks to include with and WITHOUT the "ILO" in front of the serial for hostname checks. |
| |
| |
Sridhar added "POD system name" to the PDSM report, database table, search page, and seetsq have been updated with the included value now. |
| |
| |
Dick H. found an issue where some physicals servers might not show the proper ILO DNS record. There was code to strip leading "ILO" from a dns record found in the dhcp lease file, which I don't think we should do, but I think we put it there for some reason. I currently don't see why it was there, so commented it out, and left a note in the comment above it why I commented it out, so if this comes up again, will have some reference material. |
| |
| |
Added the ESX location information to the "Virtual Data" tab, when a virtual server is looked up. |
| |
CGI - updatePassword.cgi |
| |
Removed the newline that was being included in the return output, as it was not needed to return messages, and caused the caller to include the newline in its output as well. |
| |
Report -> Physicals Without ILO's |
| |
Report will now generate a list of 50 items, instead of 100. |
| |
| |
Report now includes the physical location of the serial/physical in the column list, which is why the list was reduced from 100 to 50, to accommodate the extra data in the ticket. |
| |
DNS Tab |
| |
Removed the CIDR listing page. This page is not needed in the new layout structure, was just more confusing than anything else. |
| |
| |
DNS Portal Page(Add/Remove DNS) has been revamped. Page now shows a selection of possible action types to perform(similar to darth). Portal page is not functional yet, but in case anyone who knows about it tries to use it right now. |
| |
| |
"Subnet Dictionary" menu item should be fully functional now. All UTE data has been copied down to the page. |
| |
Serial Search Page |
| |
David W found an issue where searching on some serial numbers would result in a non-matching page listing multiple serial numbers in mixed cases, but never getting to a final answer for the information. The multiple match from multiple database tables will now check the "matching" value given, and if found, return THAT specific value, and no longer continue to return both the upper case and the lower case values as 2 different values every time. |
| |
Seetsq Output |
| |
When looking up a server that has been decomm'd, no information was showing, except for the account tool stanza. The Decomm notes should now show in the seetsq ouptut. |
| |
NEW Rest API -> serverData.json |
| |
Sridhar asked to add a rest call for folks that can't use seetsq, and are app based. This call takes a server as an argument, and returns the basic details about the server. Information on that is documented on the rest api site on the grunt page of api calls for further info. |
Patch: grunt-1.7.0-4, Date: 06/18/2021 |
PDSM Tickets |
| |
Removed the HTML tags from the additional comments section. PDSM does not allow html code in the information sections when creating a ticket. |
| |
| |
Model Number will now be included in the list of serial/server list of physicals without ilo report. |
| |
updatePassword.cgi |
| |
will now take customized servers for an account tool, and update the password for that specific server. Previously, only the master password for the entire account tool was accepted. Now, should also allow for customized passwords for a server. |
| |
retrievePassword.cgi |
| |
Will now look for customized server passwords before moving to a global password to display. |
| |
Access Controls |
| |
Previous patch would auto clear any ldap account flag fix that went inactive in LDAP, but did not remove the ldap account from the access list controls, so emails would spam daily, as well as the user continues to show in the access list. Now, the user is removed from the access controls when they go inactive. |
Patch: grunt-1.7.0-3, Date: 06/16/2021 |
DHCP Portal Page |
| |
Hervin found that some hostnames would return a "No DHCP Server Found" message for valid records. Found an issue in the VE data information that set the value of their IP address field to the word "null". Portal page will now check VE column values, and ignore anything that does not look like an IP address. |
| |
New Cron -> generateReportOfPhysicalsWithoutIlos.pl |
| |
Report will create PDSM ticket for each PDSM SA Support group for physical servers found in WTC/EDC in PDSM, but we do not find a corresponding serial/IP for them in DHCP. |
| |
New Cron -> generateReportOfIlosWithoutDNS.pl |
| |
Report will send out an email to the Alert distro team defined in grunt of the list of ILO records that are not showing a forward/A record for them. |
| |
Report Page -> DHCP -> Ilo's Without A records |
| |
Now has a action drop down, and a comment box for each row. This allows user to ignore the row if the item cannot be fixed. |
| |
Report Page -> DHCP -> Physicals Without an ILO |
| |
Report was updated with an action drop down box, and a comment box. The report now generates a PDSM ticket for new items, and groups them by PDSM group roles. The list will contain a maximum of 100 servers at a time. |
| |
Configuration Page |
| |
Added "PDSM Ticket Creation Credentials" to the configuration sections. |
| |
Mail - PDSM Report |
| |
Sridhar added a report that provides the list of VE master servers, and their model, vendor and storage names that belong to them. |
| |
Server Search Page |
| |
Under the "Virtual Data", information will now include Server, Cluster Name, Version, and Model of the "host server" in the output table. The table also includes a link to list the total number of storage arrays, and clicking on the link will pop up the list of storage names. |
| |
VE Notifications Email Script |
| |
Will now include the original email at the bottom of the receipt email that is sent out. |
| |
ILO Search/Matches |
| |
Dick H. found an issue where a DHCP server might have multiple IP addresses with a Reverse record pointing to an IP address that is no longer valid. Grunt will now sweep the lease file looking for serial number dns records first, and then move to hostname matches, and finally, known filter matches for ilo name records for final check, in that order. Previously, order was random, which could result in any match being returned. |
| |
Password Hash Check Page |
| |
Message about what to do when the second step is not working has been updated to reflect the new PDSM place to open a ticket. Sridhar pointed out this queue should be what the IDM team/group should be checking when a user has a problem on this step. |
Patch: grunt-1.7.0-2, Date: 06/08/2021 |
VE Notifications |
| |
Emails will now process through the rest API, the same way the web page to send email notifications work. |
| |
Server Search Page |
| |
Will no longer show decomm if the server is listed in the virtual table. Fixed an issue with case sensitivity of the status of "installed"... |
| |
Seetsq Output |
| |
Shawn M noticed the server name being searched on was no longer showing in the output. Should be now. |
Patch: grunt-1.7.0-1, Date: 06/05/2021 |
OVO Enable/Disable Page |
| |
Has been disabled, OTG has moved to a new system, and grunt does not currently have a way to talk to it anymore. We are waiting for a solution from the vendor for rest api access to turn this feature back on. |
| |
Server Search Page |
| |
Search Spinner should no longer "keep spinning" as a match is found. Previously, the spinner would continue to spin, even when an exact server match was listed, and no others were found, leading the user to believe the page was still searching for matches. |
| |
| |
Physical Data Section -> When there is no password found for the RemCon(ILO access), the "info" link will now continue to show, which has information on how to help the user get the password to show up for future references. Previously, this link would only show up for passwords that were found. |
| |
Access Control Email Alerts |
| |
Any account that goes inactive will automatically be cleared in the database for the account. Previously, when an account went inactive, it needed to be checked off in the database. Now, it will be done automatically, but still noted in the email. |
| |
| |
The from address did not show which server the report was coming from. Instead of NO_REPLY@fedex.com, email will now show NO_REPLY@[HOSTNAME], to help identify which grunt system the email is coming from. |
| |
Web Page Counters |
| |
Corrected an indexing problem in the database that was not properly tally'ing the count numbers correctly on the display. Should increment now correctly. |
| |
DHCP Page |
| |
Hervin found an issue where if a hostname given was not yet in PDSM, would result in an error message saying the "ip location" was not found. The search in PDSM is now checked for a value, before resetting the server variable to that value, so if the value is blank, the value won't be cleared in the processing tests. |
| |
| |
Corrected the "ip location" message to something that makes more sense "could not find IP address from DNS test", and included the server name used in the test, as well as the output from the command used to locate it. |
| |
DHCP ILO Password Update |
| |
Fixed a quoting issue of the password string that would cause a database error when trying to update. Should work as intended now. |
| |
| |
Updating current passwords to new passwords would not show any completed message when finished, just an empty table. Should show a message now. |
| |
Server Data Collection API |
| |
Mike W found the Hardware PDSM group was not being populated, and it was found the parent key had a typo in it. Typo is fixed, and hardware pdsm support group now shows as intended. |
| |
Seetsq |
| |
"The "server" parent key output has been revamped, and will now fall more in line with the output that is seen on the search page in the Grunt UI. New options have been added, and more access controls on what is displayed have been improved. The column/key values have gone through a change as well, so be warned if you have an alias set to do server lookup columns, they might need adjusting. |
| |
| |
Fixed an issue where passing parameters in to the call in a specific order could cause them to be dropped before being used, or could work. Now, order does not matter in seetsq how arguments are passed. |
| |
| |
When searching the "server" option, and passing a short host name to search on, the account tool information as well as the unix ID lookup sections would show blank/not found messages. Those library calls have been updated to look for the long host name prior to any queries it does now. Previously, it |
| |
TESLA/COLO Upload |
| |
Script was starting to take longer than 3 minutes to process, which was causing timeouts, which in turn, would cause unix account lookups in grunt to show improper information for unix accounts on servers in tesla/colo area. The API has been adjusted to fork a child, continue running, and tell the parent to let the caller know it is done, and it can move on to next item, while the grunt script continues to process until completed now. |
Patch: grunt-1.6.2-6, Date: 04/28/2021 |
Server Search Page |
| |
Sridhar found an instance where a server might show a decomm tab, with no information in it. Corrected the location check code, to NOT create a decomm data object, if one doesn't already exist, which should not show a decomm tab anymore if the server is not listed there anymore. |
| |
VE Inventory List |
| |
Sridhar noted the report was not "re-activating" servers that for whatever reason did not come from one report, but then showed up in another report. Obsolete column should now be updated when no other column values have changed, which was the bug. |
| |
| |
Moved from the perl api library for www-lib to a curl call instead, just been more reliable to use curl then have a perl library dependency. |
| |
Tab -> DHCP -> DHCP Reports |
| |
Added menu under DHCP tab called DHCP Reports. This page should provide links to reports about issues with dhcp/ilo information. |
| |
DHCP Sweeps |
| |
Script and associated database table columns have been added to track DHCP server ilo IP addresses, and whether something HP or Dell answers on them with ILO information or not. |
Patch: grunt-1.6.2-5, Date: 04/19/2021 |
Server Search Page |
| |
A server that shows decommission information will now show the serial number, but ONLY if the serial number does not look like a vmware serial number. This should help make identifying serial information in the ilo/oobm table easier if a user needs to find more information about it during its decomm process. A note has also been added "Click for ILO Information" to help note to the user if they want to try and find ilo information(if available), they can click the serial number to dig into that info, if they need it. |
| |
| |
Found again an issue with ilo passwords that were numeric, would cause a space to be picked up when highlighting it into the buffer, and carrying over. The field should now be a table inside of a table, which should stop microsoft from cloning the space character that separated the link from the password. |
| |
| |
EAI expandable boxes will now show the SA PSDM Support group, the Operating system, and the location, if any/all are available to show. |
| |
| |
Modified the help message for resetting ILO for specific instructions Sridhar gave for both Dell and HP. |
| |
PDSM Hardware Report |
| |
Sridhar spotted an issue where records that were removed out of PDSM, but then added back later, were not being updated back to active status in grunt database table. Should be now. |
| |
DHCP Lease Scan |
| |
Sridhar noticed not all the lease files have the DNS_A_RECORD attribute defined for ILO connections. Code will now first check for the DNS_A_RECORD, and if it can't find, will then try to look for the client-hostname value, and use it instead. |
| |
| |
Parsing of the stanza files will now account for the "set ddns-dhcid" value having a "}" in it, which would throw the pattern matching off, causing the hostname/A records to not be captured. Should now. |
| |
DHCP Portal Page |
| |
Hervin had me add kate and local host resolution to the lookup of hostnames given in the portal. The connection to the SOA servers from grunt no longer works for some reason, so switching back to using host lookup commands to find IP addresses again. |
| |
Cron Job -> getOCIInformation.pl |
| |
Added cron job to pull the OCI server list into grunt to match to account management tool. |
| |
DHCP Validation Cron |
| |
The report of duplicates was not working correctly, found the data object had the wrong value in it for generating the keys. Should be fixed now. |
Patch: grunt-1.6.2-4, Date: 03/18/2021 |
DHCP Server Page |
| |
Added a "special" note when the user gets an error like: "bash: /tmp/scanDHCP.1000040.pl: No such file or directory". Steve found this was a result when the DHCP server changed IP address to an IP address that another server had previously used, which would cause scp/ssh commands to fail host verification checks. The message will help point out the issue for automation in grunt for these servers in the future, instead of that crude message which took hours to track down what was happening. |
| |
Web Page Graphing |
| |
Stedman added graphing tool to web pages to track the number of hits, as well as history of hits, with the ability to track by days/weeks/months/years, as well as specific date ranges. Clicking on the counter on the bottom right will take you to the graphing page. |
Patch: grunt-1.6.2-3, Date: 03/15/2021 |
Report - EAI Mappings |
| |
Will now show the room, floor, grid coordinates, and pod name in the report for all matches found, if they have values. |
| |
Web Counter Tables |
| |
Removed the use of the script name for the key, migrated values over to a numerical ID. |
Patch: grunt-1.6.2-2, Date: 03/09/2021 |
Server EAI Notification |
| |
The receipt email will now show the EAI numbers that were found for the server, instead of messages saying "1|2|3 EAI numbers found". |
| |
| |
Grunt will now log a record of who triggered the email in the log file with the subject line used. |
| |
| |
"Folks to Notify" will now remove the "blank" look/feel when seeing comma's without values. This was the result of PDSM providing LDAP accounts that are no longer in ldap, and the code was resolving their email addresses to blank values, along with their names. |
| |
mkacct Processing |
| |
Added missing library that was needed to resolve AD image group roles found on mkacct systems. |
| |
| |
Sridhar discovered final bug with SA accounts not being resolved in grunt when checked on. Removed the GRS checker that would hand over resolution to AD for grs groups, instead of using the mkacct grs files which had the resolution done already. Code snippets that did that have been removed, and will now rely 100% on the mkacct files providing the list of accounts mapping to image roles. |
| |
DHCP Cleanup Email |
| |
Fixed an issue that was not showing the include file, and the status message of what happened. Should show up now in the emails that are sent out. |
| |
Server Search Page |
| |
Sridhar noted an issue where trying to click on the ILO password to put into buffer would capture a space value at the end of it in certain browsers. The HTML code now provides a "nbsp;" character instead of a space character. This should stop the space from getting selected in a select/copy mouse function. |
| |
| |
The "more info" for the user/password for ilo has been updated with extra information to contact Sridhar, David, or Frank in the event that an ILO password needs to be changed, if the user is having issues with the password that is given not working, but has the working one. |
| |
DHCP Update Server Page |
| |
Developer was retarded, and only performed a lookup of the "real" DHCP servers, when 1 was selected, and ONLY the one that was selected, which is not how a drop down of options is supposed to work. Drop down is fixed, and should now show ALL servers associated to each DHCP description in the server drop down. |
| |
DHCP Tab -> Find DHCP Server |
| |
Added this menu item, which when provided a list of Server/IP entries, will return the dhcp server used for PXE records, if one is found. |
Patch: grunt-1.6.2-1, Date: 02/24/2021 |
Server Search Page |
| |
Fixed an SQL typo issue that would cause certain servers to show a "Internal Server Error" message on the web page. The SQL to query for OTHER account tool migrations had this bug, so would only affect those servers. Should now properly query the table for information. |
| |
| |
Blanked out OS information columns/rows will no longer show under the "Virtual Data" tab if there is no virtual data found for it. |
| |
mkacct Processing |
| |
mkacct's that submit their data for grunt to process now drop their files into a stage directory and exit. The processing now happens from the daemon process, which serializes the processing in grunt. Previously, the processing was done as files were received, which could cause grunt performance to suffer, and possibly lose data in the process. This also made where if that were the case, mkacct cron's would need adjusting, which is not another favorable condition. Now, grunt checks every minute for files to process, and if it finds one or more, will process them one at a time, instead of all of them at once(if they all come in at the same time). Logging has been updated to reflect when grunt processes a mkacct system, success or failure. |
| |
Menu -> Information -> EAI Notifications |
| |
Added menu item called "EAI Notifications". This page allows a user to provide email information, and a list of servers, and will translate the servers into EAI owners, and send an email out, with ONLY the servers each user cares about in the list to that person. The page can be filled in, and then the "Generate Preview/Validate Email Contents" button will trigger a validation page to show the user what will happen, along with a sample email from one server/eai combo to show the user how the email will be sent out. The user can then click the "Send Email(s)" button to complete the process. |
Patch: grunt-1.6.1-1, Date: 02/17/2021 |
DHCP Server Update Page |
| |
Select Server drop down will now include the "real" server names along with the already displayed zone/area description. This should make it easier to find the correct DHCP server in the list when trying to update. If multiple servers, they should also show, comma delimited. |
| |
Cron -> loadPXEServerInformation.pl |
| |
DHCP Include cleanup report table has been reformatted to make it look more easy to read. Previously, table only had 2 columns for both error and successful items. Now, the success table will have 4 columns instead, each one showing a different part. The table used to show "Include File Cleanup" as one of the columns, when then report already indicated dhcp records were being cleaned up. Now, shows the record in first column, dhcp server in second, the include file in the 3rd, and the action in the 4th. |
| |
| |
DHCP Include file issues will now show the DHCP server name, and not the name(the description name), as defined in grunt, for the dhcp server. |
| |
Help - FAQ EAI Notifications |
| |
Added menu item "FAQ - EAI Notification" to the Help menu button. This page explains what/how the Email Notification Email process works, for anyone that needs a reference. |
| |
Grunt EAI Notification Email |
| |
The process has been revamped, and will not process emails through a data mapping, rather than trying to use "reference points" to find server. CSV and Excel file attachments can now be sent as well. Refer to the "FAQ EAI Notification" page for more detailed information on this. |
| |
| |
Increased font size of the note about how to fix EAI to server mappings to 3 instead of 2. Section should have an extra line creak to help separate it now as well. |
| |
| |
DEBUG mode has been added to the mailing process, to help developers determine issues when they arise. |
| |
| |
Email receipt should now show fully resolved short name servers that were given in the email. Previously, only the full name, or whatever was matched would only show, which wasn't helpful. Receipt should also include the servers matcted/incomplete from the CSV and Excel files, if included, along with the embedded email as well. |
| |
| |
Email receipt should now reply back to the sender with the receipt information as well. Previously, the sender would not receive anything, so they would not know if the email translated/forwarded to anyone or not. Now, they should be included with the list of folks who get a receipt of the email process. |
| |
| |
Email receipt table should now also include the LDAP names of the folks who received an email. Previously, the table would only show the number of EAI's that were notified, but no folks to know if it got sent to certain folks or not. |
| |
Admin -> Configuration |
| |
Added "OOBM ILO/IDRAC" configuration section into the page. This allows for tweaking the OOBM/ILO material, if needed. |
| |
OOBM Vendor EMails |
| |
Cloned the OOBM/ILO site mail script over to Grunt. This will allow sync'ing the 2 sites database tables at the same time, and provide an easy method for decomm'ing one of them, if the time comes. Added 2 new email addresses to the email address the vendors use send email notifications to support this parallel effort. |
| |
Server Search Page |
| |
"VE Data" section has been renamed to "Virtual Data". This falls more in line with a physical data box vs. virtual data box. Source has been renamed from "VE Query" to "VE/PDSM" to reflect more accurately what data is in it. |
| |
| |
The OS information that was displayed under "EAI Number" boxes has been removed. If the server queried on is a virtual, that information will now show in the "Virtual Data" block. |
| |
| |
"EAI Number" boxes will now show the LDAP id's of the IT lead and the Owning Manager. |
| |
| |
"EAI Number" boxes will now show the PCI Scope definition for the app, as well as the description of what the app is doing on the server. |
| |
| |
The "Unix Account for ldap ID" will now ONLY show when the server being searched on is listed in an account tool GRUNT knows about. |
| |
| |
The "Unix Account for ldap ID" has had the green color fizzled out a little more to make it not scream out so much on the page. The table has been expanded to fill the width of the page, and columns inside of it adjusted to look more lined up properly. |
| |
| |
The "Unix Account for ldap ID" will now show the query result info on the far right side of the row now which tells how Grunt resolved/looked for info. |
| |
| |
Re-arranged the "Physical Data" page columns. All ILO/RemCom items should now show at the top of the page. Jump server column should show below the User/Password field now. Serial Number has been moved to right below the list. This makes grouping the ILO material easier to spot/read. |
| |
| |
Added "Fedex Company" to the list of data items |
| |
| |
"Jump Servers" column should now show the reason it cannot find jump servers, if it can't. Previously, would just display a link of "0" servers provided. |
| |
| |
All "RemCon" fields will now show "Unknown" if they cannot find a value. Previously, some fields would not show any value, which looks a little weird. |
| |
| |
Filter for finding jump servers has been rewritten to try and resolve as much information as it can, to determine the best matches it can for possible jump servers. Any jump server that was confirmed by ipconfig/ifconfig on the server, has a red star after the jump server name to indicate it was validated as having the IP address in it's list of network interfaces it can talk too. |
| |
| |
Removed the entire row for the "DHCP Server (Client)" and "DHCP Server(RemCon)". These fields did not make a lot of sense, when the assumption at the time was to show both the ILO and the Client host DHCP information, when only the ILO one was wanted. |
| |
| |
When looking for ILO connection information, the filter has been adjusted to look at 3 special exception cases for ground and marketing servers(when the original name cannot be found in DHCP server), and if it finds a record in DNS, will use it for the record/IP to display for ilo connection. |
| |
| |
Fixed an issue where server search to serial number would not show ILO connection information, but would show it if the user traversed down through the serial number. The "removed" flag is now checked to make sure duplicate serial numbers in the hardware table are ignored. |
| |
| |
| |
| |
| |
| |
| |
| |
Patch: grunt-1.6.0-4, Date: 02/09/2021 |
PDSM Hardware Report |
| |
Added columns to track rack building room number and floor. |
| |
Server Search Page -> Physical Data |
| |
"Location" field has been changed to "Loc -> Room -> Floor" to indicate key fields about the physical server location. |
| |
| |
"Model Info" now has a filter to turn down the "hewlett package enterprise" value to "HP" instead. This helps cut down on the width of the output data so table is not so skewed. |
| |
| |
"Rack Location - U" column name has been altered to "Rack Location -> Unit" |
| |
| |
"DNS Name (RemCon)" column will now show a "Not Available" as a link if the DNS name cannot be found. The link will show what the DNS value should be, and instruct the user how to try and correct the DNS to DHCP issue if they want to followup getting it working using the DNS name, instead of the IP address to connect. |
| |
| |
Jump Servers Link will now match against RDC servers that match the floor number. If the physical device has a floor number, and the RDC has the same number, the result will be shown. Otherwise, if one or the other value is missing, or they don't match, the rdc entry will be ignored. This should cut down on the larger list of jump servers to only the ones specific to the floor, and not to the building. |
| |
Email Report -> DHCP DNS Resolution Issues |
| |
Emailing of the report has been turned off. The report does not seem important enough to send out nightly issues list, when grunt is tracking the IP for the ILO system, so this should no longer spam on a daily basis the same report. |
| |
All Web Pages |
| |
Stedman has added a counter to the pages to keep track of the number of times the web page is requested. This counter will show on the bottom right of the pages, and show "Page Counter". We will determine how to move forward with the counter moving forward with it as we go along. |
| |
Perl Libraries |
| |
Added the GD libraries to allow graphing charts to be made in Grunt web pages. |
Patch: grunt-1.6.0-3, Date: 01/28/2021 |
Serial/ILO DHCP Report |
| |
Will no longer email out a list of all IP addresses in ILO that are active on the network, but no longer have a DNS entry, This report was deemed not useful. |
| |
DNS/DHCP Report |
| |
Will now filter out any ILO IP record that has the hostname-ilo as the reported "client-hostname" value, but ONLY has a "PTR" record, but no "A" record for it. These records usually indicate an incomplete decomm'd process, and are deemed not worth reporting on. |
| |
PDSM Hardware Table |
| |
Added PO Number, Rack Column, Rack Row, Rack Unit, and Pod Cabinet Identifier values to the table. |
| |
Server Search Page |
| |
OOBM Tab has been renamed to "Physical Data". |
| |
| |
Added Rack Location to output information. |
| |
| |
Added PO Number to output information. |
| |
| |
Added POD Label ID to output information. |
| |
| |
Popup for More info on the ilo password has been updated to the information Sridhar provided. |
| |
DHCP Server Night Scan |
| |
Will now be case insensitive when looking for subnet/netmask lines in the dhcpd.conf file. Apparently the dhcp binary is not case sensitive to these stanza's when it reads the conf file. |
| |
Grunt Email EAI Notifications |
| |
Grunt will now assume short name values as keys from the email with the list of servers. Each server is broken down into its short name and the domain. If the short name can be matched against PDSM tracking, it is used. If not, the full name is used, and matched against PDSM and used, if possible. Otherwise, it is assumed there is no match in PDSM for the server to EAI relationship. This fixes an issue where a fully qualified server name might have a different domain extension, and cause for improper mappings in the database. Now, the short name is used first for matches, before resorting to full names. |
Patch: grunt-1.6.0-2, Date: 01/23/2021 |
DHCP Alerts - Missing DNS Entries |
| |
Will now include the DHCP server hosting the IP address in the table output for each IP. |
| |
| |
Updates/Changes to DHCP servers should now ALWAYS log the "real" server name being used, and no longer logging the "name descriptor" given to the DHCP server. Name descriptor not always helpful when someone needs to go log onto the dhcp server to investigate, and the name isn't always helpful. |
| |
| |
Added "idrac-[hostname]" to the pattern matching to determine if a reported ilo IP address is sending a hostname, or a serial number to DHCP server, to determine where the report for the item should go. |
| |
CAPAM Password Retrieval Verbiage |
| |
Fixed the keyword "assitme" -> "assistme" in the output page. |
| |
Server Search Page -> Live Data |
| |
The timeout value for the amount of time the curl command takes to wait for the request to complete is in the configuration section under the "SBVT Timeout" configuration value. Previously, this value was hard coded in. |
| |
| |
Added error message when the curl/rest call fails, to help knowing what the issue was (timeout, wide character print, internal errror, etc). |
| |
| |
Removed the UTF8 encoding function call. It would cause the json parser to throw a "wide character" error message. While not entirely sure if this is the right solution, as I think this was added a while ago for the reason of utf8 encoding issues. Possible in rhel7, or the json library, this has been adjusted. |
| |
Server Search Page -> Tool Tracking Information |
| |
SA PDSM on-Call/Assignment Group value will now take the one defined for the account tool as the default value to use. If no PDSM group is defined for the account tool, the "custom" value defined for the server is assigned instead. |
| |
Server Search Page -> OOBM Section |
| |
The "Password (RemCon)" column has been replaced with "User/Password (RemCon)". This should make it easier to identify the login credentials based on whether the server searched on is Dell, HP, or something else. If the server doesn't match either of those, the user is displayed as "?????". |
| |
| |
A "info" link has been added to the end of the "User/Password (RemCon)" data. This link provides information about potential default passwords that might work, in the event the password grunt has given. Also at the bottom of that popup, it highlights the user should change password back to what grunt has listed, rather than leaving the password in the crude/default state it was found in, using one of the generic passwords. |
| |
OoBM -> Serial Password Update |
| |
Added a checkbox, which is only visible to the "root" mode admins. This allows all given serial/ilo passwords to "overwrite" the ilo password with the one given from the user. |
| |
OoBM -> RDC Server Dictionary |
| |
Column Added to end of table called "Auto Server". This field will populate when the jump server itself has reported in on what IP's it is managing. This includes windows systems as well. If a server reports in, and there is no entry in this table, one will be created. If the entry exists, then this column's date field value will be updated. If the server stops reporting after 24 hours, the column will highlight in red. If it has reported in within last 24 hours, will show in green. If the server is not reporting in at all, this column will show blank. |
| |
New Report -> Server to Build Type Description |
| |
Report will either take a list of user given servers(or all servers if none given), and returns back which type of build system support the server has. If the server is not in the account management table, will return the message "Unknown/Not in Grunt Database". |
| |
Reports - Server to EAI Assications |
| |
David noticed the typo in the report name title(as shown above). Typo has been corrected. |
| |
| |
HTML Output should now list the same order of items as what the user provided in the search field. Previously, the output was random, and the return rows were not in sync with the order the user provided the list. |
| |
| |
HTML Color coding output for each row returned should now line up correctly(white for one row, gray for the next, back to white for the next, etc). |
| |
| |
Indexes have been added to the EAI/Hardware table to the short name and IP columns. This should make the report super fast, so even queries of 500+ should only take a few seconds, instead of the minute or 2 it was originally taking. |
| |
Report -> EAI to Server Mapping |
| |
HTML output now has a border defined for the table. This should solve issues of text slamming up against each other making it difficult to read. |
| |
| |
The HTML output header columns had had a lot of the "pdsm" label information stripped, which should make the output table smaller in width so columns don't span such a large range, with no data to show for them(if applicable). |
| |
VE -> Power Cycle |
| |
Page will now support COLO servers by converting their long names into short names that VE recognizes. Previously, VE would respond with "VM Not Found" if submitting fully qualified names. Grunt will now convert COLO matching fully qualified server names to their short hostnames prior to submitting to VE. |
Patch: grunt-1.6.0-1, Date: 01/18/2021 |
Mail Script |
| |
Added new mail script "grunttasks". This email will be able to receive/process random emails that come to the grunt site. Initializing this script, it currently only supports emails coming from Windows servers submitting their ipconfig output results for now. |
| |
Logging Area |
| |
Added a new log file, default ( mail.log ) to /var/fedex/grunt directory. This file contains the result of an email that was processed. If something goes wrong, the item that went wrong is logged. If everything works, only a success message is logged at the end. |
| |
Configuration -> Local Environment |
| |
Added configuration item "Mail Logging". This defines where the mail output of information will go. If left blank, or is invalid, will default to /var/fedex/grunt/mail.log. |
| |
Configuration -> Logging Section |
| |
Removed "Mail Log Directory" from the section. No reason to have separate logging files in a directory when the email all comes from the same place. Makes it easier to debug issues if they are all reported in one log file. |
| |
Configuration -> Men & Mice |
| |
Added a configuration section for Men & Mice items. |
| |
Database |
| |
Tables added to support the IP addresses the windows ilo jump servers support. |
| |
OOBM Menu |
| |
Admin mode can now see the Serial/Password update page. |
| |
Cron -> loadPXEServerInformation.pl |
| |
Report for duplicate subnets/ips on dhcp servers has been modified to report on specific IP's, instead of trying to calculate subnet responses. Since IP's can range/overlap individually, or in a subnet, changed logic to report on each one, instead of trying to make consolidated lists. The list should not be very large to cause outlook to hang up, unless a large scale of subnet definitions overlap, which should not be the case on the dhcp servers anymore. |
| |
| |
Report has been split into 2 reports now. Any serial numbers that cannot be resolved to a hostname will now be sent to the OOBM email alert group, while ones that can be resolved are sent to the DHCP alert group. This should make isolating the issues go to their more respective places. |
| |
Reports -> EAI to Server Associations |
| |
Now is a web page that can take a list of EAI numbers to match against. If no numbers are given, then all mappings are returned. |
| |
Seetsq -> eai key |
| |
Now accepts a "-f" option. This allows a user to pass a file with a list of EAI numbers in it. |
| |
| |
Now accepts a "-a" option. This will dump all key items for the eai number given, a user can parse through for values |
| |
| |
Providing only 1 or more EAI numbers, and no options will now display a quick summary of information for each EAI number. This report can show "active", as well as "retired" EAI numbers, including a list of servers what are "active" and "retired" as well, for past history. |
| |
| |
The PDSM Inventory/EAI table has been added to the list of items that can be retrieved. |
| |
| |
Keys CURRENT_SVR_NAMES and RETIRED_SVR_NAMES have been added, which is the collection off all servers found in the PDSM inventory table, that match this EAI number, and depending on the key, whether in current status, or has been retired from the EAI number. |
| |
DNS Tab |
| |
Will no fully add/remove CNAME records, based off UTE service account credentials, or the user credentials, if provided. |
| |
DHCP Portal Page |
| |
David found an issue what was causing certain PXE records to fail with a bad IP address. Found the code issue where this was happening, and fixed to capture the correct value. Previously, the value was checked(which was blank), but in test, would proceed to the other test sources, found it, and worked it(which was why not caught in dev/test). |
| |
| |
Updates to existing records should now show the appropriate OS platform the PXE record belongs too. Previously, while the platform was tracked behind the scene, the display to the user was showing "choose value" when there was a value already. Should show correctly now. |
Patch: grunt-1.5.0-7, Date: 01/13/2021 |
RDC Jump Server Page |
| |
Added "sbe" as a new data center location. |
| |
| |
Any server that reports a location of WTC-90 will now resolve the data center match to "sbe". |
| |
OOBM -> Serial Password Update |
| |
Will now insert the serial number all lowercase. Previously, the original value was being inserted, which was not the intent, when the lower case value was already set/checked, just not being used for the insert. |
| |
DHCP Portal Page |
| |
Todd noticed DNS entries could get stale in the portal site when giving a hostname record, and could possibly be TTL cache'd, but the rest of the world had the updated IP value. The portal site will now resolve given hostnames against their SOA Master DNS server, to get the "real time" value to use for the IP address, instead of relying on the local environment. |
| |
| |
Page should be a little more smart about the arguments passed in from the initial page, if there are more options initially passed in. Previously, passing extra arguments would cause weird results to be listed in the validation page, which didn't look very easy to decipher. |
| |
| |
OS Platform value on initial page should pass through now on "add" records. Previously, this value would not carry through into the validation page when it was generated. |
| |
DHCP DNS Records |
| |
The email has been moved to a html file report, instead of flooding the admin emails with a large email of information. Email now provides a count of the issues, and a link to the web page report. |
| |
| |
The email report page will now show the client hostname of the offending DNS record issue(if tool can match one). Subject has also been changed to reflect DNS issues in DHCP, rather than DHCP Alert about an issue with the DHCP server working, which wasn't really the reason for this report. The reports have been separated out now. |
| |
Server Search Page |
| |
Popup for list of jump servers now also includes the AD image role needed to access the windows servers. In case an SA that cannot get access to a jump server, this is a quick note reference on which AD role is needed in order to get access. |
| |
| |
The Note information at the bottom has now been wrapped into a show/hide row. If there are no notes, the box will be collapsed by default. If there are notes, the box should be expanded whenever a server is searched on. |
| |
| |
Servers that were in the hardware table from pdsm, that moved to virtual will no longer result in a internal server error message when searched on. If there is no entry that is "active" in the hardrware table, the library will return a status code of 4 to indicate there are no "active" matches. |
| |
| |
Jump Server page has had its height increased to 400 instead of 300. This handles servers that have more than 10 or so jump servers, from pushing the bottom of the box below the visible space. |
| |
| |
Removed "Jump Server" title from the popup. |
Patch: grunt-1.5.0-6, Date: 01/08/2021 |
Server Search Page |
| |
Search system will now sweep the PDSM hardware table for hostnames. Previously, only the PDSM inventory table(EAI items) was being swept, which missed a lot of servers that were not mapped to an EAI number, should get both now, in the search text box, as well as results when looking. |
| |
| |
Jump server listing filter was not accounting for case sensitivity in words like "Customer Facing" and "Back Office" zones. Should now, and produce the proper jump server list. |
| |
OoBM - Serial Password Update |
| |
Will no longer change current password for an existing serial number. The page will now ONLY add new entries into the database. If an existing entry exists, user will get an error message about the serial number already existing. |
| |
Lease File Scans |
| |
Not includes tracking the remove DNS records being created in the database table. This includes both the "A" record, and the "PTR" record. |
| |
Cron -> loadPXEServerInformation.pl |
| |
Will now validate the DNS entries(A/PTR), if exists for an IP in the lease file, exists in DNS. If they do not, they are added to the DHCP Server report to alert records do not resolve. |
Patch: grunt-1.5.0-5, Date: 01/07/2021 |
DHCP Lease File Scan |
| |
WIll now ignore leases that are in a "free" state, and clean up any records that were being tracked that way. We are only interested in "active" states from the file to map IP addresses too. |
| |
Server Search Page |
| |
OOBM Show/Hide title has been changed from OOBM / ILO to OOBM ( IDRAC / ILO ) to help with confusion about the name. |
| |
| |
The "RemCon" items under the OOBM expandable box now have information values in "BOLD" to make those fields easier to distinguish. |
| |
| |
Clicking on the "Show List" for Jump Servers will now show the jump server, and the comment in a larger font, to help folks with small font be able to read those items easier. |
| |
Serial Search Page |
| |
PO Number searches should now show the total list of serial numbers found for the PO number. Each match can be expanded to see the OOBM and PDSM tables, with links on them to jump around to the different search areas. Depending on how the data matches up, the title of each expandable area will show server and the source/sources used to generate the expandable area. |
| |
Cron -> syncOOBMtoGrunt.pl |
| |
Will now be installed and set to run every hour to keep grunt table tracking in sync with the OOBM/ILO table site. This will prevent having to keep things in sync manually. |
| |
RPM Package Creation |
| |
Will no longer include the database connection file for the OOBM/ILO Web site in the package. This was overwriting the production file every time the package was installed, putting the test connection information into production, which wasn't desired. |
| |
OOBM Tab |
| |
New menu item added called "Serial Password Update". This menu item only shows to root mode and oobm mode users. Page allows a user to set ilo passwords for given serial numbers in bulk. The page accepts a list of serial number(s), and their associated password. When submitted, the values are added, or updated to the OOBM database. |
Patch: grunt-1.5.0-4, Date: 01/05/2021 |
ILO Filter |
| |
Added ILO filter to handle ground and marketing servers, as ground and marketing dhcp servers are not managed in grunt to figure out the ILO jump server, so if one cannot be found in the lease files/dhcp information, extra filter check will be added to try and figure out if DNS has a record or not with specific matches. |
| |
Admin Tab - Configuration |
| |
Added "AD COnfiguration" section. This allows configuration of the access controls to query active directory for image role information. |
| |
Server Search Page |
| |
Serial number value should always show uppercase now in the OOBM tab. |
Patch: grunt-1.5.0-3, Date: 01/05/2021 |
PDSM Hardware Report |
| |
Will now lowercase the serial number prior to inserting/updating database table. Previously, the value was lower cased, but the final check to do work would use the original value, and not the cleaned up value. Should now. |
| |
Serial Searches |
| |
Any references to the serial number should always lowercase the value before pushing it through database queries and code checks. Applies to user entering an uppercased value, any behind the scenes work should always work it lowercased. |
| |
Server Search Page |
| |
If the RemCom DNS name has a period on the end of it, will be stripped now. |
| |
Cron - loadPXEServerInformation.pl |
| |
Added in a check to compare DHCP servers from Grunt to Darth to find any duplicate IP's that are supported between the 2. Previously, grunt and darth didn't share information between them if 2 DHCP servers are supporting the same subnet. Now, the IP's being tracked from both tools is checked, and if the IP is found on more then one DHCP server from BOTH systems, they are added to the dhcp alert report. |
Patch: grunt-1.5.0-2, Date: 01/04/2021 |
Server Search Page - OOBM/ILO Tab |
| |
Added missing "Environment" value. SQL query was missing the column name in its list of columns to get information from. |
| |
| |
DHCP Server has been added to the list of items displayed. An entire row has been added to show both the ILO dhcp server, as well as the client IP address dhcp server, if one can be found. Otherwise, will display "Unknown". |
| |
| |
Last Update Date of the OOBM Table(Emails from HP/DELL) has been added to bottom of the list, to know when the last update for the record came from the vendor. |
| |
| |
Jump Server list link will now show the row of data that makes up a RDC server information, including platform, location, data center, etc. This replaces showing just the jump server name, and whether it was windows or linux. All that should now be displayed in the popup. |
| |
Mail Lists - New Email List |
| |
Added mail distro "OOBM RDC Alerts". This email list will receive all emails whenever anything in the RDC(Remove Desktop Connection) jump servers list has changed, including someone adding, modify, or removing entries.. And also if the automation determines any jump server is no longer in DNS, the removal information. |
| |
OoBM Tab -> RDC Server Dictionary |
| |
Any changes to this page will now email the OOBM Email distro. Previously, was sending update messages to the DHCP Alert email, which isn't quite the exact thing for "alert" items. |
| |
Cron -> loadPXEServerInformation.pl |
| |
Will now validate the jump servers listed in the "RDC Server Dictionary" page exist in DNS, and if a server does not exist, will remove it from the list, and send an alert to the OOBM email distro about the removal. |
| |
Access Controls |
| |
Added mode "DNS Mode". |
| |
DHCP -> DHCP Server Changes |
| |
Added custom fields for the /etc/dhcpd.conf file and the lease directory location. If not specified, will default to what it currently is defaulting. Steve G pointed out that in rhel7+, the location has changed from /etc/dhcpd.conf, so now this value is customizable for a dhcp server. Lease directory is used for mapping ilo/pxe record information. |
Patch: grunt-1.5.0-1, Date: 01/01/2021 |
Mail - VE Notifications |
| |
Some more adjustments to distinguish between incoming html emails, and normal text emails, and output the display properly between the 2. |
| |
| |
Mail script should now handle VE output sections that are using short hostnames in their list. Script should now handle short and full hostnames, and resolve them into any matching records against PDSM/EAI, using their fully qualified hostname. |
| |
Help Tab - FAQ SSSD |
| |
Added a page for SSSD information for anyone seeking to know a little more about SSSD material. |
| |
Configuration Menu |
| |
Added "VE Receipt Emails" to the General Configuration section. This allows specifying which email addresses will receive a receipt of any distributions of emails received through the script email, that are processed and sent out. |
| |
Server Search Page |
| |
David noticed IE browser would not move the decommission section of the output onto a line by itself( slammed up against the unix account check). IE apparently gets a small enough table width, will append the next table to the end of the previous table, which modern browsers will wrap by default to the next line on the page. Anything that appears after the Unix account lookup should now write itself on the next line. |
| |
| |
OOBM/ILO Section will now show for any server that has a matching serial number in the PDSM hardware table. This section will show to the root, admin, and oobm mode groups, and provide information on HP/DELL information, ILO tracking information, lease information, and possible passwords to access. |
| |
| |
Revamped the functioning of the search box with the following items: |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
New Mode -> OOBM |
| |
New access mode, OoBM. Folks in this mode can see the OoBM tab on grunt, and have ability to see ilo passwords, as well as updating rdc servers. |
| |
New Tab - OoBM |
| |
This tab will only show to the root, admin, and oobm mode account sessions. |
| |
| |
Serial Number/PO Number lookup/search has been added under this tab. The information should show hostname/ilo matches for either given value. |
| |
| |
Jump Server Page has been added, which allows review, add, update, and removes of jump server definitions. |
| |
Cron -> LOAD_BALANCER.pl |
| |
Added missing module to send alert emails. |
| |
| |
Revamped how the information is parsed, looks like the data json object is a hash of an array of one array item with 1000 of hashes, which is hard to break down, so just pulled array items of hashes into a parse object and load table with instead. |
| |
Account Tool Upload |
| |
Fixed an issue where servers/accounts that are no longer being reported were not getting cleaned up in the custom table. Should be now. |
| |
| |
Added the logic to handle groups being parsed in, apparently was forgotten to get done, should process group add/update/removes now. |
| |
Database Auto Configuration |
| |
When tables have "custom" install data when the table is installed, the start of numbers the app can use should now start at 100,000. Previously, if a table had 10 custom rows to use, but then the app allowed a user to make a new entry, but the app/tool was designed to support a new option/row, that value the user had pushed into the table would be truncated with the value of the default installer. This should provide a big enough gap that defaults vs. custom user values should not overlap each other. |
| |
| |
Patch: grunt-1.4.5-1, Date: 12/09/2020 |
Rest CGI - receiveAccountToolData.cgi |
| |
Added missing logging module that was causing the script to abort before finishing. |
| |
| |
Corrected a duplicate naming data object that was trumping another value of the initial values, which would cause the account tool to load a different set of data then what was really being loaded. |
| |
Seetsq -> Parent Key -> server |
| |
Sridhar suggested seetsq to now attempt to resolve a given short/full server name against a few more checks. First check will see if it can resolve it in its own local DNS(if a cname value is given). If it can't resolve, next check will look at account tool server lists. If it can't resolve there, it will attempt to resolve against the list of DNS records grunt tracks from the darth tools to match whatever its name is. |
| |
ve-notifications Function Mail |
| |
Sridhar found where emails being sent from some automation scripts were not being parsed. Found an issue where if emails were sent in "Content-type: text/html", would get ignored and tossed, which was not the desired result. Script should now process both test and html email messages now. |
| |
| |
To handle HTML and text version emails, the script will do it's best to escape all html break characters while processing, and then assemble both the newlines and the html break tags back into proper usage for the email. |
| |
Rest Call - receiveAccountToolData.cgi |
| |
Fixed hopefully final bug with the code, where updates being made to the custom table were trying to use the "global id" value, and should have been using the "custom id" value. This should fix and get the correct updates to the custom table in grunt now. |
| |
PDSM Table Added |
| |
New table added to grunt to track serial number to hostname combinations. Used in conjunction with the ILO tracking table to be able to map serial numbers in PDSM to ILO passwords from HP/Dell vendors. |
Patch: grunt-1.4.4-7, Date: 12/06/2020 |
RPM Package |
| |
Sridhar noticed an issue where permissions on production did not match dev/test. Configure package will now make sure /var/fedex/grunt is created, and owned/group by grunt/grunt. |
| |
Server Search Page |
| |
David noted an issue when using IE to view the search page, the search box overlaps the "GO" button. Shouldn't do that anymore. |
| |
Seetsq Material |
| |
LDAP query now accepts a "-phone" option. This option takes a piece of a phone number, and matches against any matches in LDAP for the work number, or the cell phone number. Example has been added to Seetsq FAQ page. |
| |
| |
Finished documenting help/command examples into the parent key options. |
Patch: grunt-1.4.4-6, Date: 12/02/2020 |
PDSM Report |
| |
Sridhar has updated report to provide serial numbers for the hostnames. Database/Script has been updated to support it. |
Patch: grunt-1.4.4-5, Date: 12/01/2020 |
Server Search Page |
| |
"Basic Mode" users will no longer see the comment field for the account tool. |
| |
Account Mgmt -> Account Tool |
| |
Will no longer show to the "Basic Mode" user group. |
| |
Cron - cloudInformation.pl |
| |
Sridhar noted that servers that were once in the cloudops query call, are no longer in the report, but Grunt still showed a record reflecting a reference to legacy/cloud account management. Flags are now checked after all updates are made, and any servers still reporting a flag from the cloudops tool, that are no longer in the report, have their flag cleared, and a log message reporting it. |
Patch: grunt-1.4.4-4, Date: 11/30/2020 |
Seetsq System |
| |
Revamped the seetsq json call to a cgi call. Attempts to move ldap credentials through the basic call proved fruitless to try and secure passwords. Now, the request from seetsq is put into the users home directory seetsq directory, after it has been locked down, then secured with a "one time" run encryption key, and then secured the key using the grunt users public ssh key. This file is then transferred to grunt, where grunt uses both keys in an effort to get back at the data to be able to use it. This is the best I can think of to secure account credentials as best as possible, unless someone comes along with a better thought down the road. The old seetsq json call is still available, and the old seetsq module will work with it for a while until folks get upgraded to the newest seetsq package. |
| |
OVO Enable/Disable Page |
| |
Nate D noticed adding a list of multiple servers, the list output was missing output or had weird types of output for the combinations. Page has been updated to work all the items properly, and show information about ALL items now that are used. This means duplicate names should report back that an entry is a duplicate in orange color, servers not supported should show up in purple. Previously, the tracking counter was not getting incremented on all servers passed in, which would cause some results to overlap other server results, which is not the desired result. |
| |
Account System Page |
| |
Sridhar found an issue with multiple account tools having the same server, removing the server from one may fail with a message saying it doesn't below in the account tool. The removal now checks for its own record instead of the global database for a value before it commits to removing it. Previously, it was random chance which account tool the removal found first in its check, which made it work "sometimes". |
| |
Report - Server to EAI Mapping |
| |
Sridhar noticed the report says hostname or IP address, but IP addresses were not mapping to anything, whether they were valid or not. Should be now. |
| |
Rest API - receiveAccountToolData.cgi |
| |
Added missing library that was causing the script to abort when it got a change in the server list, and couldn't log it. Should be working correctly now. |
| |
Rest Library |
| |
Added initial work on the men & mice library calls for seetsq. |
Patch: grunt-1.4.4-3, Date: 11/20/2020 |
Server Search Page |
| |
Sridhar mentioned adding a "More Info" link un the "Password" section under the "Tool Information" expandable box for CAPAM password managed systems, which would take the user to the password retrieve page, that shows the CAPAM information about how to connect... So, added. |
| |
Seetsq Libraries |
| |
Sridhar gave me the recipe for how to determine decomm/active status of a server. The api lib for this is complete, and will now show for the "PDSM_DECOMM_STATUS" column in seetsq queries for servers. |
| |
| |
Searching for an LDAP id will no longer show the manager with blank fields, but now once again show the correct manager information. A fluke from converting the manager key column bled over into the full display of a user set of information that was not supposed too. |
| |
| |
Logging into short named server given should now try to resolve the server name prior to passing it through the filter checks. Sridhar found that short name matches would not work for certain filter checks, while fqdn items would. The short hostname is now resolved prior to passing it through the domain name checker for rules. |
| |
| |
Sridhar asked for the unix ID login to be a column to search on. Added a search key "UNIX_LOGIN_ID". This, used in conjunction with the "-l" option(noted in the usage message for this key), will show the unix login for the ldap account on the given server(s). |
| |
Reports - VP Server Report |
| |
Removed the report. Sridhar suggested this report is no longer used, and was one of the first reports in Grunt I don't believe is being used anymore. If someone asks about it later, will add it back. |
| |
Reports - Server to EAI Mapping |
| |
Report has been revamped to use pure PDSM data, and not a combination of PX data and PDSM data. |
| |
| |
Added columns "Application Support PDSM Group" and "SA PDSM Group" to report. |
| |
| |
Fixed a bug that was causing multiple EAI numbers to not show for a given server. |
| |
| |
Will now show "No Matches Found" for any servers given that no data can be found for. On the HTML table output, this should highlight in red. |
| |
Reports - Server/EAI Report |
| |
Renamed this report to "Server/EAI History". Sridhar had a good point this report shows entire history of server to eai associations over time, and not just current mappings, as the "Server to EAI Mapping" shows. |
| |
Rest API Call |
| |
Added "receiveAccountToolData.cgi" which will now take a file of information from an account tool, and parse it into the grunt database. This is the mkacct brother of "receiveMkacctData.cgi" and processes everything else but mkacct. |
Patch: grunt-1.4.4-2, Date: 11/15/2020 |
Server Search Page |
| |
Reformatted the "Tool Tracking Information" section to show 2 columns of data instead of only one for root and admin modes. A new row has been added with password information for the root account. This information should show where to go to get root password if needed. This row ONLY shows for root and admin mode users. Font size of the information has been decreased as well to make the data fit better into the page. |
| |
Darth Duplicate Detection |
| |
Turned off the email alerts about duplications, this function is no longer needed. |
Patch: grunt-1.4.4-1, Date: 11/14/2020 |
Server Search Page/Misc Pages |
| |
Sridhar noted the pages were hugging the upper border too tight on some pages from a recent adjustment. Those pages should look more cosmetically pleasing now. |
| |
| |
Sridhar pointed out the search results were showing "short" name hostnames with a period at the end, and should be showing a fully qualified name. Updated database query search to track hostnames as a unique key, and to loop through the keys of domains when showing results, ignoring blank domains. This should no longer blank out fully qualified names. |
| |
| |
Sridhar noted the list of servers showing up could show a "HASHx02323" or something to that effect. Servers with multiple domain matches, usually from short hostname only values, will not set the data object correctly, and not show these hash pointer reference values. |
| |
HostDB Site |
| |
Added missing pieces EBC's reported were missing. |
| |
| |
Removed the menu item from DNS tab, upper management not happy. |
| |
New Cron Job - getIAASInformation.pl |
| |
Sridhar and Paula have provided an interface call to retrieve the list of servers used in COLO IAAS. This script retrieves that list, and adds it to the account tool defined for it. |
| |
New Cron Job - cleanHostDBTable.pl |
| |
Cron job to remove any reservations that have gone past the expired date. |
| |
Cron Job - cloudInformation.pl |
| |
The cloudops query to get the list of servers was not updating its "Server List" timestamp on the account management page for the tool supporting it, should be updating now. |
| |
| |
Apparently cloud group changed the URL being used to perform a redirect, which was causing the URL call to fail on retrieving data. Updated the URL reference to the new location the old URL redirects too. |
| |
Login Web Page |
| |
Added title to the page to indicate it's the login page, duhhh. Just makes it look a little more uniform with the other pages. |
| |
PDSM Inventory Report |
| |
Sridhar added the it lead and owner's ldap id/email address to the report. Parse script and database tables have been adjusted accordingly. |
| |
Mail Alias - ve_grunt_information |
| |
This mail alias will take an email, and convert the list of servers in it to EAI specific owners, and redeploy the email to the EAI owners with ONLY the list of servers that are flagged to them. This helps in cases where a user has 100 servers, and wants to notify the right folks about something. This email address will figure that out, and alert the right leads for ONLY the servers they are tracked to own from the cmdb. |
| |
DHCP Portal Page |
| |
David W found an issue with PXE records with bad IP addresses were not displaying when trying to update. This would happen when addressing darth site PXE updates. The right parameter is now pulled from the darth site. |
| |
| |
When changing the portal page to handle a one time submission event, broke the logic to handle bad ip/mac addresses, and wouldn't update the record when asked. Should now. |
| |
Seetsq - Server Information |
| |
Sridhar noticed the list of EAI numbers would only show one EAI number, even if the server had multiple EAI numbers, while grunt search page would show multiple matches. Seetsq script is updated to concatenate the initial query results now, which should make multiple EAI matches found, show on the seetsq output. |
| |
| |
Added key of PSDM_DECOMM_STATUS, which will return either a "t" if the server is found in pdsm as in decomm status, or "f" if active. |
| |
Seetsq - Ldap Information |
| |
Sridhar pointed out looking up a manager key column value was returning the LDAP OU object, instead of the manager. The manager key has been swapped out, and now 2 keys will work. MANAGER key will show the manager name, and MANAGER_ID will show the LDAP ID of the manager. |
| |
Seetsq - New Parent Key - report |
| |
New report parent key has been added to seetsq. This will allow seetsq to start outputting report information. First report added is "-multipleAccountTools", which will show any servers that have multiple account tools. |
| |
Menu Tab - Information |
| |
Removed the "Tools Oncall/Calendar" menu item from the tab. |
| |
Help Tab - Contact |
| |
Removed the section for Production issues pointing to the tools team for help. The tools team is absolved, and is no longer relevant. |
| |
Help Tab - FAQ - TESLA |
| |
David pointed out the tools distro email is no longer valid, so removed reference to EAI-ToolSupport@corp.ds.fedex.com email address, and replaced it with Frank Thompson's email address. The status of tesla is unknown at this time, and until something changes, figured the best way to address it for now. |
| |
Help Tab - FAQ - CA PAM |
| |
Also updated this page to convert the tools team email to a different address. Changed to Frank Thompsons email address for now, til we figure out a new contact address |
| |
mkacct Parsing |
| |
Mike W found that the stage files of the mkacct information were not cleaning up after grunt parsed everything. Uncommented the line to do cleanup again, so stage directory should no longer fill up again. |
| |
Report - Account Tool Servers |
| |
Report now takes user to page, where they can enter a list of servers, or click another button to get the entire list(the way the original link worked). Servers entered can be short, partially completed, or fully qualified, the script will find all matches to it. |
| |
| |
Added the cloud/legacy account management flag to the output columns. |
Patch: grunt-1.4.3-1, Date: 10/28/2020 |
DHCP Server Cleanup |
| |
Log files were showing a blank value for the user that was cleaning up records on DHCP include files. Should now show the GRUNT user, as a cron job is responsible for the cleanup work. |
| |
DHCP IP Search |
| |
Fixed an issue where a user gave a hostname, if it couldn't match in DNS or account tools, but then tried to match against the VE spreadsheet, would fail with an error. The new VE table name and column name have been adjusted, so this should not happen anymore. |
| |
DHCP Portal Page |
| |
Removing a DHCP entry, when clicking the checkbox will no longer result in a "cannot find a dhcp server" if the dhcp record is in a darth tracked site. Should now properly show the proper "scrub" message when removing a record found on the darth site. Added login on the removal code condition statement to not ONLY track grunt prod dhcp servers, but then turn around and try darth sites for a match if not found on dhcp prod. |
| |
| |
Drop down boxes for the Platform should now work properly, as intended. When selecting a platform for a dhcp production server, the "Next Server" box should adjust to the default next-server defined for it. If the pxe record is on a darth site, the work "undefined" should not show up in the next server box anymore, but rather the field should disable itself. |
| |
VE Inventory List |
| |
Sridhar noticed the time stamp wasn't updating for uploads. Should be updating the tracker value now. |
| |
HOST DB Site |
| |
The hostdb.inf.fedex.com site code has been migrated into the grunt code. Under the DNS menu, has an option called "Host DB". This page performs pretty much as the original site, with just a few modifications. This is just the prototype site, so should not be considered fully functional yet as testing is started. |
| |
Server Search Page/Seetsq Module |
| |
Looking up a "iaas" server for unix account login will now display the ldap account with an "f" in front of it for the login ID. |
Patch: grunt-1.4.2-1, Date: 10/24/2020 |
Server Search Page |
| |
Stedman has provided jquery mechanism to make the search page render/refresh much faster than previously coded. Now, the page should pull up without waiting for the entire server list to load into the user's browser to search through. |
| |
| |
The Unix Account shown for login to a server now is an input field. If the user is logged in, they will see their ldap id in the search box by default, with the lookup complete. If the logged in user wants to change the field to look up another user, they can do that as well. If the user is not logged in, they can add the LDAP id they want to search for the server result, and see if there is an account for the user on the server. |
| |
| |
Atlas Data page(Brigadoon data), will no longer time out and report messages to the web log files about time issues. A 30 second timeout has been added, and parsed, and if found, will report a code 28(curl status code) to the page output. This should help cut down on the amount of information logging in the web log files. |
| |
DHCP Portal Page |
| |
Will now properly read all 3 arguments from the first page if passed properly, and make updates. Previously, the OS platform value was expected to be a numeric value, which the user probably has no clue about. Now, any case of the os platform(atlas, windows, sun, esx) can be passed, and the script will know that should be an immediate update. |
| |
| |
On an ADD item results query, the "Next Server" input field will be disabled on initial load. When the user selects a platform, the next server field will become active, and default to the next-server value that will be used. The user can then change the value if they so choose. If the user has an "update" record, and they select no OS platform, the next server field will become disabled again until the user selects an OS platform, at which time, the default value will load back in. |
| |
| |
Error messages when grunt cannot get a lock on a DHCP server will now show the DHCP server the lock is failing on. Previously, the message would just complain that it couldn't get a lock in the backups directory, but wouldn't say which server. |
| |
| |
Should now make an effort to work with short hostnames. If the hostname cannot be resolved directly against DNS, it is tried against the Account Management list of servers. If it cannot be found there, it is tried against the VE tables. If not found, will tell user error that it could not find an IP address for the record given. |
| |
| |
The name of the PXE server the DARTH system(when using DARTH) to make PXE updates, should now show in the validation page of information, similar to how the DHCP production servers do now. |
| |
OVO Work Page |
| |
Clayton found an issue where inputting a server(to check status) that did not exist in OVO returned a useless OVO_STATUS message with no information in it. The function now returns the correct data object back to the called, and not the last data object line(which usually ended up setting blank values). |
| |
Cron Job - loadPXEServerInformation.pl |
| |
Now performs a sweep of the include files on the dhcp servers and cleans them up of any bad DNS names, any dns names that don't exist in DNS, and any record that is not supported by the DHCP server itself. The item is logged in the audit log, and an email is sent out to the DHCP alert admins about the cleanup effort. |
| |
Cron Job - loadVEInformation.pl |
| |
Script has been updated to handle the new VE json call of data that has been provided. Hopefully this one stays around for a little longer now. |
| |
| |
The list of servers the VE report provides, grunt will now strip out any entries that say the IP address for the hostname is the loopback interface ip(127.0.0.1). This should avoid issues with systems that are not in DNS, but are being used locally by the client. Shawn M discovered an issue with hostnames that reported different names in different sections of the report output when querying on hosts. |
| |
mkacct Updates |
| |
Grunt will now process the grs directory/esc roles found on certain mkacct's. Previously, this was preventing lookup of accounts on some mkacct's report the account was not there, when in fact it was. |
| |
| |
Fixed a race condition where if the list of servers was processed faster than the timeout time allowed, could generate a 500 error message from the web server. Moved the header output to the start of the script, which will now handle all events, regardless what happens. |
| |
OVO Synchronization |
| |
Updated the calls grunt was making to map OVO nodes to their master to the rest api call Dan has provided. The previous call looked to be out of date, and this new call has the correct list of servers. |
| |
Seetsq Modules |
| |
Fixed an issue where looking up a server that was in tesla, and the short hostname was given, would not match the rule set for a tesla server. Should now, the match now looks for the short name version match in the cluster name to know whether it is mkacct or tesla. |
| |
| |
Shawn M noticed if a server being looked up is in multiple account tools, only one was being shown in seetsq output. The output will now show the list of account tools the server is on( similar to the Grunt server search page ). |
| |
| |
The EAI section under the PDSM search will now indent over 6 spaces to help make it stand out as a sub category to the PDSM information. |
| |
| |
The EAI section, column "EAI IT Lead" has been changed to "IT Lead", which cuts down the redundancy of "EAI". |
| |
| |
The EAI section, column "EAI Owner" has been changed to "MGR Owner", as this is what the column accurately reflects. |
| |
| |
The EAI "IT Lead" and "MGR Owner" will now only show the first 10 characters of the name, and now include the LDAP ID, in parenthesis if further info is needed for the lead/manager. |
Patch: grunt-1.4.1-13, Date: 10/15/2020 |
Rest API Test Page |
| |
Should now show invalid JSON input if user doesn't provide a proper json string. Previously, the page would return an internal server error, while is correct, a simple error message saying invalid json string looks more pretty to the eyes. |
| |
DHCP Portal Updates |
| |
Will now check for sudo pathing for rhel5 systems, as well as the service command pathing, and use what it finds from the grunt users' environment. If the sudo path cannot be found, or the service command cannot be found(along with /sbin/service check), the dhcp admins will receive an email with the issue about the server right away. |
| |
VE Spreadsheet |
| |
The load of VE information will now remove any servers that the hostname starts with a numerical value. |
| |
Mkacct Uploads |
| |
Added in a echo statement to keep large mkacct systems from timing out the updateGrunt command, and having grunt kill off the process that is working the data while keeping the CGI/Rest call pipe open. |
| |
COLO Match Unix Accounts |
| |
Fixed a lame typo of a "+" to a "." to make sure the "f" shows up in front of an LDAP ID to show for the unix login account name. |
| |
Atlas Data Display |
| |
Added utf8 decoding into the code that generates the brigadoon output. Apparently these is mime information coming from their rest call that perl can't handle without telling it to include it. |
| |
Gateway Timeouts |
| |
Apparently sending output to /dev/null doesn't keep the web services from timing out. Now, a "." is outputted ot STDOUT, which seems to work, and since the rest call is not looking for output, this does not create an issue. |
| |
Seetsq Module |
| |
When used to log into a server, if the server is supporting [LAM] or [CAM], will display above the login line to the server to let user know what account management is being used. |
| |
| |
Querying on a server, in the Account Management section, will now show the [LAM] or [CAM] as the first line, if it applied to the server. Otherwise, the default output is shown. |
Patch: grunt-1.4.1-12, Date: 10/06/2020 |
DHCP Portal Page |
| |
When providing a list of servers, the resulting validation page will now include the DHCP Server name being used below the record name being provided in the same row. |
| |
| |
If the IP address found on the DHCP server include file is out of date, or the MAC address can be pulled from the VE system for the given name, the row will now highlight the old value in a red text color, and provide the "proper" value below that value in the same row to indicate the row needs an update. This will allow the user to update the record without getting a message that there is no changes in the record, even though the IP or MAC might be out of sync to what the value should be. |
| |
updateGrunt Mkacct Parsing |
| |
Fixed the security issue in rhel7 where using /tmp is now not allowed between 2 processes. Processing ok mkacct files now happens in the staging area of the grunt user. |
| |
| |
Upon completion of the parsing, the stage files will now be cleaned up properly, instead of building up. This includes converting all files in the stage area to 777 permissions, as 444 would not allow scripting to remove the non writeable files. |
Patch: grunt-1.4.1-11, Date: 10/05/2020 |
DHCP Portal Page |
| |
Reduced the extreme reddish color for error issues so something a little lighter on the red, so it doesn't scream out so much, as some users pointed out... |
| |
| |
Page should now reflect accurate error checking messages prior to scanning/updating record information. Previously, if there was a problem, the record would show as an "Add" record, which wasn't true, and no error message. |
| |
DHCP Server Work |
| |
Locking mechanism has been updated to run 5 tries, at 3 second sleep intervals. Meaning if grunt cannot work a server in 15 seconds, will return back an error stating it was unable to obtain a lock and finish. Previously, there was no limit on the number of tries grunt would try to make to get the lock, which would cause deadlock states between grunt and the DHCP server, which would result in a daemon hang, and it got ugly fast. |
| |
| |
The script that does the checks has been upgraded to use perl built in file operator tests to confirm the dhcp include directory has all the proper permissions. Previously, the script would check for darth/grunt owner/group, and the permissions, and try to make a determination of combinations. This could be quite confusing, when the ultimate check should be, can grunt write/update files where it needs too. Check now just looks to see if it can write to the places it needs too, regardless of owners/permissions. If something isn't writable by grunt, it will be reflected in the error output. |
| |
Cron - loadPXEServerInformation.pl |
| |
Has been revamped, and will now only check on the status of all DHCP servers in the database. Previously, was checking for duplcate hostname records across DHCP systems. |
| |
| |
Now has a check to confirm the user is running the script as grunt, as it requires grunt's keys to make the connections to the DHCP servers. |
Patch: grunt-1.4.1-10, Date: 10/02/2020 |
DHCP Server Updates |
| |
Removed the block to prevent most users from using the portal site. Should be usable by root, admin, and dhcp mode accounts now. |
| |
| |
Removing a DHCP Server will now show the button in an active mode to remove the entry. Previously, the jquery would disable this button on initial load, which was not the desired result. |
| |
| |
Updating a DHCP entry will no longer result in a internal error if the name is changed. Fixed the escaping of the name, prior to putting it in the database to handle a blank dhcpd binary entry(which is usually the case). |
| |
| |
When performing a dhcp server check, if an include file fails the test, will now indicate which include file is failing. Previously, the failed test message would just indicate one of the include files needed adjusting, but not which one in particular. |
| |
| |
Will now show which include file doesn't exist on the dhcp server when a test is performed to validate it is set up correctly. |
| |
| |
Fixed a critical issue that was causing the testing of a dhcp server to get stuck on the first server it tested again, which would cause other servers to throw "cache/weird" errors about paths/files that existed in the first server that was tested. |
| |
| |
Staged script files for the dhcp servers will now cleanup after themselves, instead of lingering in the staging area when work is completed. |
| |
Mkacct Data |
| |
Updated mkacct parser to handle esc/grs roles defined in the mkacct system. Previously, accounts that were pulled from esc/image were not being found when grunt parsed the data, which meant folks in an esc role would not show in seetsq/unix id on server search page. They should now. |
| |
DHCP Server Cron Check |
| |
Removed the unique flag for DNS records in DHCP servers. It is possible for multiple dhcp systems to have the same hostname record in them. While not valid in multiple DHCP systems, they are tracked none the less. |
| |
| |
Will no longer spam hostname records that don't belong on a DHCP server for now. Will give the tool some time to prove it is capable of making changes without issues, and then address this at a later time. |
| |
DHCP Portal Page |
| |
Will now show items that had no changes made in yellow color instead of light red. Message has been updated to read "record found - no changes made". |
| |
MySQL Database |
| |
To allow for the consumption of larger data dumps from remote systems into a database storage area, the start up will warn of a configuration value called "max_allowed_packet" that needs to be set to at least 20M or higher. |
Patch: grunt-1.4.1-9, Date: 09/29/2020 |
Server Search/Seetsq |
| |
Modified the code duplication into a single lib call for determining user login account and full server name, so now both request tools now use the same function. |
| |
Server Search |
| |
Sridhar has provided the information on whether cloud server was built with legacy account tool or not. This information will display in the "Tool Tracking Information" in the middle of the gray bar in blue font if so. |
Patch: grunt-1.4.1-8, Date: 09/28/2020 |
DHCP Rest Calls |
| |
For some reason, wget commands time out when running from prod site, but curl commands work as intended, so switched out calls for curl commands instead. |
| |
| |
Success/Fail messages will now also include the DHCP Server that was used in the PXE update method, in case it is needed if user has problem with a DHCP entry they made, to help the admins determine where to go to analyze/correct. |
| |
DHCP Server Page |
| |
Buttons for testing and reloading the database table will no longer show for a blank dhcp server selection. |
| |
| |
The buttons for updating, testing, and sync'ing will now automatically enable/disable based off user interaction. This is to prevent a user from making a change, and then clicking on the test or reload button, not realizing they need to update the changes first before doing the test/sync. Now, changing a value, to a new value, or back the way it was, will toggle the appropriate buttons to active/inactive state. |
| |
VE Information |
| |
Because VE has gotten too large to provide information in less then 5 minutes, they now provide an SQL dump of their data, instead of trying to generate in on demand... Grunt code has been adjusted to take this dump, and transform it into the existing table structure. |
| |
Server Search Page |
| |
Will now show the Unix Login on the server searched for, if the account is found on the server the user is searching on. If a COLO server is searched, will show the standard account login ID for the user. The value is shown at top of the search results, highlighted in green. |
Patch: grunt-1.4.1-7, Date: 09/19/2020 |
Rest API Calls - pxeUpdates.json |
| |
Added the missing "GET" method to be able to retrieve DHCP/PXE information for a given hostname. |
| |
PXE Updates |
| |
Reversed the order of searches to search the grunt database first, and darth second for finding DHCP update systems. |
| |
| |
FIxed an issue that was causing the ending comments to drop off the "group" stanza of information. Any remaining information should be kept, including commented lines. |
Patch: grunt-1.4.1-6, Date: 09/18/2020 |
Rest API - query.json |
| |
Will now allow parameters and command options to be passed to the -l flag option. |
| |
| |
Will no translate ldap queries on ldap names once again. The module to do this was missing, so was added back in. |
| |
DHCP Portal |
| |
Writing out stanzas to the include file will now add a blank line between the next-server and the filename definitions. Previously, these lines were next to each other, which makes it slighlty more difficult when reading through it with human eyes to distinguish, so this should help make it more legible. |
| |
DHCP Admin Page |
| |
If the site is running on the test system, will no longer validate the dhcpd process is running on the remote test server when making updates to the include file. This allows testing to happen without having to start/stop the dhcpd services for each test, so the network does not get messed up. |
Patch: grunt-1.4.1-5, Date: 09/14/2020 |
DHCP Sync'ing |
| |
Fixed an issue where DHCP scans would not track the right key value for record names/IP addresses when a new sweep was performed. Should be able to read the data object correctly now and update missing/removed items, as intended. |
| |
DHCP Portal Page |
| |
Reversed the order of lookup. Site will now check DHCP defined servers in the database first, and if not there, will check darth second. |
| |
| |
Found a new security item introduced into RHEL7 called PrivateTmp. This was preventing production site(rhel7) from utilizing the /tmp directory properly. Code has been updated to use the database to store file information from the running application user, which can then be shared. |
| |
| |
Rewrote the analysis of the DHCP server into a single script to move onto the DHCP server and run, rather than running each individual check on the server one at a time. This should speed up performance on DHCP servers where logins are slow. |
Patch: grunt-1.4.1-4, Date: 09/04/2020 |
Server Search Page |
| |
When a server is found in multiple account tools, the table that displays the account tools and locations will now show a "Status" column. This column will indicate whether the server is active or disabled in the account tool. Several instances are found where a server is being migrated between 2 account tools, which can very likely cause it to show up in 2 tools, but only active in 1. |
| |
CGI/Rest Script |
| |
Added new script to parse in the updateGrunt.pl script mkacct is being updated with. This script does a more efficient job of processing all the mkacct data, rather than making the mkacct server do the work prior to transmitting all the resulting data to grunt. |
| |
Unix Accounts on Servers |
| |
Increased the database size for the password hash field received from mkacct/tesla systems from 100 to 120. Apparently some of the hashes pushed over the limit in the mkacct field with the combination of the filter name preceding it. This was causing update flips to happen on a regular basis. |
| |
Install Script |
| |
Fixed an issue where the wrong hostname/alias was being set in the apache configuration file for the ssl port. Should be dynamic now to match the configured information in the database, and not hard coded. |
Patch: grunt-1.4.1-3, Date: 08/25/2020 |
Help Tab |
| |
Added new menu item called "FAQ - RT". This page will only show to the root and admin mode users, and has the information Shawn McMahon provided for updating the SSL certificate for the RT system, if needed again in the future. |
| |
OVO enabling/disabling |
| |
Added a "Bad LDAP" list of accounts in the script itself to track SA accounts that are using this feature to disable monitoring before decomm'ing a server. This feature should not be used for this purpose, and will now tell the user they have been flagged as such. At this time, not sure how big of an issue this is, so it is hard coded for now. If we deem this to be dynamic, will integrate a web page to control the list. |
| |
seetsq - Server |
| |
Added a "-l" option. This allows the user, only knowing the short or full server name, and only their LDAP id, to ask grunt to find all related information, and provide the user a login prompt to the server/account they are asking for. If anything does not match up for whatever reason, the appropriate message is returned. |
Patch: grunt-1.4.1-2, Date: 08/11/2020 |
Help Tab - New Menu Item |
| |
Added the Seetsq Faq Page to the menu list. |
| |
Seetsq Options |
| |
Added EAI and DHCP to the list of parent options the script can perform. |
Patch: grunt-1.4.1-1, Date: 08/06/2020 |
OVO Requests |
| |
If for any reason, any server grunt is requesting OVO to turn on/off or status check, and grunt is already in the middle of performing an action on the server, grunt will now immediately return a message saying the server is "Grunt working previous request, try back later.". If for whatever reason, grunt is rebooted, request killed in progress, the tracking table will perform a check whenever a request is made. Before the request completes, it checks to make sure grunt is waiting on OVO master to return responses for servers. If no process is found, grunt will reset the process tracking table to say nothing is being tracked any longer. |
| |
Server Search |
| |
Flipped the notes show at the bottom of the search page on a server to show the server notes first, and then the cluster notes second. |
| |
| |
If the user is not logged into grunt, the bottom of a search result page will now show further information about EAI to Server Mapping. Sridhar has provided the steps on how to resolve issues when a server is linked to an EAI number, and shouldn't be. |
| |
Admin Menu |
| |
Added new menu item called "Bulk Server Notes". This page allows root mode and admin mode users the ability to add/remove a note to multiple servers at once. |
| |
Seetsq Information |
| |
Multiple updates to the output the seetsq rpm package receives for data information. |
| |
CAPAM FAQ Page |
| |
Updated email address to infosec support to the new address they provided. |
| |
DHCP Portal Page |
| |
Fixed an issue where selecting OS values would not always show selected when selecting a new platform. Should now. |
| |
VE Menu Item |
| |
New menu item added called "NIC Controls". This menu item should allow a user to enable/disable NIC items on a virtual system. As of this patch note writing, this menu item will only show to Sridhar and Frank to complete testing interfaces on the production site. |
| |
COLO Server Discovery |
| |
Updated URL call to the new path the cloud folks provided. |
Patch: grunt-1.4.0-5, Date: 07/02/2020 |
Server Search Page |
| |
Missed the change to not show decomm information for a server if it was in the pdsm inventory table from the last patch notes, so adding it to this kit. |
Patch: grunt-1.4.0-4, Date: 07/02/2020 |
Server Search Page |
| |
Will no longer show a decomm record if the server is found in the inventory report from PDSM with a child status of "Installed". This fixes a problem where a host/IP could be re-used/repurposed, and folks would be confused on the status of either being active or in decomm. Now, if there is an "active" entry in the inventory report, any decomm records are ignored. |
| |
PDSM Decomm Report |
| |
Will now ignore any entries that had "-dead" in them, in any pattern matching case. Any existing rows that matched this standard are now purged out of the table on this kit. |
| |
| |
Now purges the database table for any entry older than 6 months completely out of the table. The entry will be logged as being purged in the logging file as a reference if needed, but only tracks the hostname and the IP address that was purged. |
Patch: grunt-1.4.0-3, Date: 06/29/2020 |
Server Search Page |
| |
Will now trim spaces before and after the entry. Previously, the entry would complain the server typed was not found if it had a space before or after, which was quite annoying. Now, the entry is cleaned of all while space before and after the value, before being tested. |
| |
| |
If invalid characters are passed(usually Microsoft "special" characters) in the field, the page will now complain there are invalid characters in the given server name, rather than saying the server was not found, when to the human eye, the entry looked correct, but to the machine code, the string had these weird characters in it. |
| |
| |
If the value to search has a period on the end of it, the period will automatically be stripped off. Sometimes DNS entries would be pasted into the field, which sometimes have a period at the end of the value. Now, this is removed prior to finding a match. |
Patch: grunt-1.4.0-2, Date: 06/15/2020 |
PDSM Inventory/Decomm Reports |
| |
PDSM sends old decomm information for systems that have been decomm'd, even when the server/IP is brought back up. Now, the decomm report, when received, will look to the inventory report/database table, and if it finds an active entry in the inventory table, will flag the entry in the decomm table as obsolete, which starts a date to track how long it has been in an obsolete state for. |
| |
My Settings Tab |
| |
The "Reset My Privileges" button will now correctly reset all values back to their defaults for the account logged in. Previously, this was not resetting properly, but did not impact the user, as relogging back out and back in would reset these values properly. Now, the user can use the button as it was intended, to change their settings without have to reset their login session. |
| |
| |
The "Reset My Privileges" will no longer take 30-40 seconds to complete. Previously, this call was LDAP sorting all accounts that had access looking for matches. However, the new database table structure has already done this prior, and does not need to be performed again. Now, the call looks directly at the data table that has everything already broken down, and page is under a second to render now. |
Patch: grunt-1.4.0-1, Date: 06/15/2020 |
DHCP Tab |
| |
Moved the IPXE Dictionary menu item under the DHCP tab now. Previously, this menu item was under the DNS tab, but this is a functionality for DHCP, now that Grunt has a configuration for DHCP material. |
| |
| |
The OS Platforms web page has been converted into a drop down select of OS level platforms to pick from, rather than a global display of all available OS platforms. This is due to added in a "Default Stanza Block", which allows an admin to configure specific "filename" information for a given host, to write into the DHCP include files. |
| |
| |
All functionality that supported a default filename has been removed, as that information is now defined in the OS Platforms Page. |
| |
Rest Call - queryAtlasIPXE.json |
| |
Takes a new optional argument "dictionary_id", which can be gotten from the dhcpPlatform.json call, for corresponding OS platform selection. Passing this value will return a value for the field of "fileStanza", which DARTH systems will be interested in this information when they perform a DHCP server update for a host stanza. |
| |
New Rest Call - dhcpPlatforms.json |
| |
Rest call provides the platform names, and their unique identifiers. Mostly used by the DARTH sites, but allows a user to get the default PXE filename stanzas to use in their include files, having this value. |
| |
New Access Mode - DHCP Mode |
| |
Anyone in this access group can access the DHCP information/settings and perform any root/admin work in these menu items. |
| |
New Access Mode - GDI Mode |
| |
Anyone in this access group can modify the global dictionary information for an account. This allows the user to change the default uid, group, gid, home, etc of an account being tracked at the top level in the dictionary/catalog table. |
| |
Cron Job - sortGlobalAccounts |
| |
Has had all "AI" removed from it to try and juggle dominate UID to account matches. Since most account tools are now reporting up their information, this feature isn't really needed anymore, and when an account is removed/added to one server, this could cause the script to toggle the uid value for the account, which shouldn't really be done for a plus or minus 1 server add/remove. Now, the script primary role is to clean up accounts that are no longer found on any server. |
| |
| |
Added a function to remove any account that has any non standard characters in it the same day it is discovered the account no longer is found on any server. This solves a problem where an account tool could have a garbled account on it, and is reported to grunt, but then the account name is fixed a few days later. Grunt will now check for alpha/numeric/underscore/dashes/periods in the account name, anything else will be immediately removed upon determining it is not on any servers. |
| |
OVO Queue Items |
| |
If a server is removed from OVO Master, or from account tools reporting to grunt, while an item is queue'd in grunt to turn back on, the entry will now be removed, and a note made in the database table, as well as the log file, indicating why the item was removed from the active queue. Previously, items would forever remain in the queue, with a negative time value building up until someone manually cleaned it up from the table. This was usually because the server was decomm'd, and someone used the grunt/ovo tool to disable monitoring, when they should not be using Grunt for this type of work. |
| |
OVO Enabling Servers |
| |
Cleaned up the email alert to the OVO admins when a node is turned back on for monitoring. While the node would be turned back on, or should have been, the alert email indicating there was a problem, was very unclear about what happened. Almost all cases, the node did not bring the OVO client back up before the monitoring was turned on. Now, the alert email will only be sent if grunt is unable to move the node out of the outage group for any reason. The SA/Grunt will receive the message about what was wrong with the node(which usually reports the Node client is unreachable), but no alert email will go out if it was successfully moved back into its normal ovo group. The SA will be told of the failure, and the entry logged for reference if needed in the future. |
Patch: grunt-1.3.3-1, Date: 05/25/2020 |
Password Retrieval |
| |
Sridhar has provided a better set of information to display for when a server is using CAPAM for password. |
| |
CARDS Site |
| |
All references to the CARDS site has been either migrated to the GRUNT site, or completely removed. The Cards site(drh00046.ute.fedex.com) is being decomm'd for being rhel5, and is not worth the effort to clean up/migrate. |
| |
DHCP Portal |
| |
Fixed an issue where trying to update a record would result in a failed ssh message. The function has been moved to its correct file, so the right user will actually run the check, and not the web user. |
Patch: grunt-1.3.2-6, Date: 05/06/2020 |
DHCP Servers |
| |
Scan report will now report on duplicate subnets it finds in the /etc/dhcpd.conf files on the DHCP servers it has defined. |
| |
| |
Removed the "No Server" option from the list of available DHCP server list. That option made no sense to have in the list. |
| |
CRON - Account Tool Vaulting |
| |
Removed this cron job. This was an old attempt to backup mkacct data files on Grunt server, using root account to capture the information. It is felt this is no longer needed, and hope to clear up concerns about grunt logging into mkacct servers as root. |
| |
Menu Tab - Account Mgmt - Server Status |
| |
Removed the ability for Grunt to determine server status, disable, and enable for mkacct servers. Since Grunt no longer has the right root password to connect to make the updates automatically, this feature will not report back that it has been disabled if a user tries. This solves a potential issue where this is triggering alerts to HCL about why grunt is trying to connect to certain servers as root. |
Patch: grunt-1.3.2-5, Date: 04/10/2020 |
Account Mgmt Tab |
| |
Added menu item "Validate Unix GIDs" to show all matches for a given list of GID values to show the groups and servers it is on. Mirrors the "Validate Unix UID's" menu item in the same sense. |
| |
| |
Moved the validate menu items below the search ones, to make the menu selection look a little more pleasing to the eyes. |
Patch: grunt-1.3.2-4, Date: 04/08/2020 |
DHCP Process Check |
| |
Fixed an issue that would sometimes match the grep command itself when checking for the dhcp daemon running, which would result in the wrong server being parsed in. Using instead the service command should now be used to check status to know whether the process is running or not. |
| |
DHCP /etc/dhcpd.conf Parse |
| |
Will now ignore any records in the include files that does not have a valid IP in the dhcpd.conf file. This handles tracking ONLY the correct DHCP server that should be servicing the record, and ignore any other DHCP server that claims to be supporting the record. |
Patch: grunt-1.3.2-3, Date: 04/08/2020 |
Parsing DHCP /etc/dhcpd.conf file |
| |
Will now ignore servers defined in the DHCP host list that do not have the grunt account installed on it. The testing does not consider whether it can read the conf file or not, but it caused the cron to report bad issues when ran, which is not needed. The returned file is now checked, and if no file was pulled, the work to parse it is ignored. |
| |
Configuration - DHCP Portal Configuration |
| |
Added configuration item "DHCP Timeout". This value allows adjusting how much time Grunt will wait on a DHCP remote server response before giving up on waiting for answer. If let blank, or invalid, will default to 5 seconds. |
| |
DHCP Menu |
| |
DHCP Server section now has a "Real Servers" section added. This allows configuring multiple "real" servers that handle the DHCP include files that can be supported across multiple servers, but only one server at a time. Testing now checks all servers listed in this entry instead, and confirms that ONLY one server runs the DHCP daemon process, and will work that specific server. |
| |
| |
Checks have been removed to confirm the Server selected can now be a descriptive field, and not a server value. This makes identifying the DHCP grouping easier to spot. |
Patch: grunt-1.3.2-2, Date: 04/07/2020 |
DHCP Include File Parse |
| |
Fixed an issue where the files would not be parsed right for multiple items in the same line vs. multiple lines. This was causing short hostnames to be tracked as the key/value pair, which was not desired, as we always want to track the full qualified name. Library should now parse the lines accurately. |
| |
DHCP Include File Table |
| |
Increased default size to make addition of dhcp servers, which has no templates ready for OS values to fit the width of the page. This makes it so it doesn't look mashed up to one side before any are added. |
| |
DHCP Menu Item |
| |
Will only show to account 418997 (Frank Thompson) for the moment while debugging on production site is completed. |
Patch: grunt-1.3.2-1, Date: 04/06/2020 |
DHCP Portal Code |
| |
A new tab has been added to Grunt called "DHCP". This tab is only visible to Admin and Root mode users. This is the initial replacement for the dhcp portal site on the inf server, which is running on rhel5, and needs to be migrated. This new page combines both the DARTH sites, and the dhcp servers in production into one place. All menu items refer to usage/information about how it works. |
| |
Service Command |
| |
Will not check before running to make sure the root account runs this service start/stop. Previously, the script would try to work as a non privilege user, which would cause all kind of error messages to show up about permissions. Now, a simple one liner is returned asking to run as root account. |
| |
Add Cron Script - loadPXEServerInformation.pl |
| |
This script sweeps all configured servers in the DHCP configuration section, and tracks all host stanzas in the linux, windows, and sun files. Time can be configured in the cron settings page. Default install is set to once an hour at 45 minutes into the hour. |
| |
Admin -> Darth Rest API |
| |
Revamped page to not depend on CARDS site, and now reads it's own database. |
| |
Darth Uploads |
| |
Grunt will now track the OS version the DARTH site that is reporting in is using. |
| |
Colo Server Matches |
| |
Report script now filters COLO servers by their saTeam flag, and if matches the SSA flag, will track them. All other servers will be removed/cleaned up from grunt tracking tables. |
Patch: grunt-1.3.1-9, Date: 02/12/2020 |
COLO Servers |
| |
Fixed a bug that would cause servers to be removed from other account management tools listed in grunt, if they were not in the COLO list from the master list in the database. |
Patch: grunt-1.3.1-8, Date: 02/11/2020 |
Colo Servers |
| |
Colo servers found in the cloud ops query will now be linked to account system tool 51. This makes it possible to pull up COLO servers in Grunt now. |
| |
Darth Information |
| |
Added Chong and Hervin to receive emails about duplicate subnets, as the larger list has been cleaned up, and now there are rare messages about duplicates. |
| |
Report - Server/EAI Lookup & Server to OS Version List |
| |
Added in location column to the output result set. |
Patch: grunt-1.3.1-7, Date: 02/04/2020 |
Rest API - servers.json |
| |
Will no longer require authentication, if performing a query on the status of a server(active, verboten, removed). This solves a problem where an SA might want to know the status in a server, but this information isn't considered sensitive to protect. |
| |
Report - OS Version Server List |
| |
New report has been added to the "Get Report" menu under the "Information" tab. This web page will allow a user to select a list of OS version values to use, and return a list of the servers that match, and the account tool that supports it, if there is one. This page should provide a list of what PDSM has for OS versions of servers. |
Patch: grunt-1.3.1-6, Date: 01/23/2020 |
VE Power Cycle Page |
| |
Any servers listed with ground.fedex.com as their FQDN, will not strip this from the request prior to submitting it to VE scripts. This is because the ground systems are referened by short names, and not fully qualified, which would cause the page to return the clients were not found. Now, they should be found when the fully qualified name is given, even though the short name is all that is in the final submission to VE script. |
| |
Report - serverToEAIMapping |
| |
Input values will all be lowercased prior to working through the filter system. This fixes an issue where mixed case DNS names would cause the perl filter buffer to be very case specific, and throw out potential matches. Now, this should no longer be the case, as all values in the database are tracked lowercase. |
| |
New Report - Unix Account List |
| |
This report provides a CSV file list of all unix accounts. If an account is an LDAP account(mkacct filter, or matches 1-4 numeric with a preceding alpha will also match), will list the LDAP ID in a second column. |
Patch: grunt-1.3.1-5, Date: 12/24/2019 |
mkacct/tesla uploads |
| |
Uploading account information will now ignore and lines that have a UID value that "starts" with a 0. Noticed ground servers are starting to send UID values that have padded 0's, which don't work in Unix, but do not hinder mkacct from deploying. |
| |
| |
Updated database table that tracks global uid values to use "varchar" instead of "int", as we are not interested in arithmetic values for this column. This solves a problem for account tools that may try to use padded 0's in the UID value. |
| |
PDSM/CMDB Report |
| |
Fixed an issue that was not "re-activating" associations that were once there, and then removed. Now, entries that go missing, and then come back in a later report will be restored in the database to an active state. Previously, entries that were flagged as removed would no longer show up in the server search page as a eai to server association. They should now. |
Patch: grunt-1.3.1-4, Date: 12/03/2019 |
VE Power Cycle |
| |
Change the parsed of the output to use a ";" as the delimiter instead of a space. This allows for the exact message being returned from vsphere to be used, instead of the script "trying" to guess what was returned. |
| |
Search Server Page - Decommission Record Output |
| |
Will no longer display both the "in progress" and "retired" sections as 2 different sections in the output display. The flag to track when a row was flagged as removed was not being reported to the conditional check correctly. Should be now. |
| |
CAPAM - Infosec Help Email Address |
| |
Updated information pages about root password management done through CAPAM. The email address was pointing to Infosec old RT system, which is no longer valid. Sridhar has provided correct email address, which has been updated, Marty and David provided additional information that was added to the password retrieval page for additional help/information. |
Patch: grunt-1.3.1-3, Date: 11/15/2019 |
OVO Queue List |
| |
If a user tries to turn off more than 20 servers, the automation to turn it back on will no longer try to process all requests at the same time. Previously, this would cause the queue to start filling up with the user requests, and always encounter an error saying only 20 servers at a time. Throttle has been added when polling all listed servers to be turned back on, to only allow 20 at a time per call. |
| |
VE Page |
| |
Merged in missing titles for the VE Self Service to Power Cycle text strings. |
| |
Root Password Lookup |
| |
When root password is found in CAPAM, return message will now show normal business hours, as well as immediate support hours. This corrects an issue where Infosec was getting pages on their 24/7 support number, rather than their normal business hours, when an account lockout happens during normal hours. |
Patch: grunt-1.3.1-2, Date: 11/10/2019 |
Help - FAQ - CAPAM |
| |
Added in Table of Contents item "CAPAM Client Issues". Sridhar/Marty have provided this information in emails, and think it was better to put it into the documentation page to be easier to reference in the future. For now, the only item under this tab is how to set the proxy if getting up an update error message. I'm sure it will have some more items added down the road. |
| |
VE Power Cycle |
| |
Now passed the -norunasync option. This makes it so grunt can track whether certain servers given, have the right access controls to perform the operation. Otherwise, access denied is returned. |
| |
| |
Daemon process will no longer leave it's children in a defunct state, and clean them up as soon as they are finished. |
| |
| |
If the daemon process is not running, a message will be returned about this issue. Previously, clicking an action would return an immediate result page, with no information about what happened, and leave the request in a "processing" state forever, which wasn't useful. In case of this event, the request is now removed from the tracking tables, rather than reporting on a daemon listening issue. |
| |
| |
Removed the closing down of the stdin/stdout/stderr file handles for the child process. Apparently, this causes powershell to abort prematurely on some user input/output when running a command through the powershell interpreter. |
Patch: grunt-1.3.1-1, Date: 11/08/2019 |
Account Tool Updates |
| |
When mkacct/tesla report in their list of servers, and REMOVED servers noted from the account tool will now be tracked in a new table. This provides the ability for an SA to retrieve a server that may have been in an account tool at some point in the past, but is no longer there now. The SA can determine if server needs to be activated again or not in the tool. |
| |
Configuration |
| |
Added configuration item under "VE Self Service" configuration section called "Show Audit Lines". This value determines how many previous requests were submitted via the page. If there are too many requests that slow down page generation, this value can be adjusted. Otherwise, if left blank or value of 0, page will continue to show last 7 days, as it was previously doing. |
| |
Server Search - Account Mgmt -> Search for Server |
| |
If the server isn't found in an active account tool, page will now do a final check to confirm in the "REMOVED" table list to see if the server had been in an account tool previously, and if so, will report on that account tool, and when it was removed. |
| |
| |
The Brigadoon Source page will now return a "No Data Found for Server" if the returning json call does not produce a valid json response. This fixes an issue where a user could query on something brigadoon account does not have access, or cannot return the proper response code, leaving the section saying "Querying for data, please wait..." on the page. Now, that message is replaced to let user know that this query section has completed its attempt. |
| |
Rest API Call - toolList.json |
| |
Will now search the Obsolete server table if it cannot find the server specified in the active table list. This solves an issue where someone might try to lookup a server that has been recently removed from mkacct/tesla, and user is trying to get more information to reload/restore the server in the account tool is was removed from. In order to know that the call has pulled a "removed" server from the account tool, an additional field has been added to the output called "removed", which will indicate the date the server was removed from that account tool. |
| |
Account Mgmt -> Validate Unix UIDs |
| |
Added menu item that allows users to enter a list of UID values, and see if any are taken or not, and if they are, what and how many servers the account is on. Page returns HTML output, or a Excel File, both options are available as buttons on the page. |
Patch: grunt-1.3.0-1, Date: 11/05/2019 |
New Report - SBVT |
| |
Reports page has a new link added called "Server Build Validation Tool". This page takes a list of servers and an email address, and will email a report with the list of servers, and all discovered information about them. Report can be in either csv of excel format. |
| |
Help - Links |
| |
Fixed an issue where I cut and pasted the link to the ILO site outside of the html code base, which was causing the page to error out. Should now show both links as intended. |
| |
New Tab - VE |
| |
Tab only visible to root/admin modes |
| |
| |
Added "Self Service" menu item. |
| |
| |
Added "Audit/History" menu item. |
| |
Reports - Tanium Puppet Report |
| |
Has had a "Download CSV File" button added to the page. |
| |
Rest API Call - servers.json |
| |
When performing a query request, if the server is listed in "Pending Decommision" or "Retired", that status will now show instead. Previously, the value would only show a status if in an active account tool managing it. Now, if the server is in CMDB/PDSM, will be reported in a pending decomm, or retired status, before checking anything else. |
Patch: grunt-1.2.6-9, Date: 10/01/2019 |
Check Hash Page |
| |
Will now check for the Unix Flag setting case insensitive. Previously, this field was checked case sensitive, but recently, have seen all lowercase flags of this value set. Site will now check for any case of the entire string for a match. |
| |
Brigadoon Server Data |
| |
Corrected filter to meta match the beginning of the list of items to ignore. Also fixed the "*" character to be ".*" to match new characters instead of the existing character in the filter match. |
| |
| |
Load Balancer section will now format information to fit inside the page. |
Patch: grunt-1.2.6-8, Date: 09/20/2019 |
Tab Removed - Decommission |
| |
This tab has been removed, and the functionality in it moved to the server lookup page. |
| |
Tab Added - Server Search |
| |
This tab refers to the same page as the "Account Mgmt" -> "Search for Server" page. Eventually will remove the entry from the "Account Mgmt" tab, but for now does the same thing. |
| |
Menu Item Removed - Admin -> Bulk Execute |
| |
Removed feature, since it was a proto-type that was never completed, and not being used. |
| |
New Menu Item - Admin -> Ignore RPM List |
| |
Page has been added to allow a root admin person to add RPM packages that should be ignored in the brigadoon output of installed RPM's that an SA would not be interested in knowing about. |
| |
Access Controls |
| |
Fixed a key "matching" issue with the management level ID in LDAP, which was preventing newly added managers from showing up as managers. All references to the bad key have been updated. |
| |
Links Page |
| |
Added the ILO information link to the page. Prior to this patch, the URL address was added outside the HTML block, which was causing the webpage to return internal server error. Everything should be corrected now. |
| |
OVO Monitor Page |
| |
Changed the default value for the number of hours to turn monitoring back on automatically from 1 to 8. Seems like 1 hour was being accepted for the time, but was not quite a long enough window for the ovo agents to come back online before problem reporting was happening. |
| |
New Configuration Item |
| |
Added "Debug Email" to configuration section. If this value is set, emails that would normally go out to other folks will ONLY go to this address. Used on the test system, which mimic's production, to stop spam from 2 sites sending the same information to configured accounts to receive them. |
| |
Global Dictionary |
| |
Will now handle the "givenName" value in LDAP, if manager uses a quote character in it. |
| |
Server Lookup Page |
| |
Now includes a call to ATLAS url(BRIGADOON) to get information found from a scan using the brigadoon account. Content is loaded into a frame instead of the normal window, as this call takes roughly 12 seconds to complete, so to not hold up the search page, this expandable area will show "loading" if user tries to look at it before it has fully loaded. Once loaded, the loading message will be removed with the content in its place. |
| |
| |
Now dumps out decommission information if it is available. |
| |
Report Page |
| |
Bottom of the page now shows mail/cron jobs that process data sources to populate tables in Grunt. If any item fails to get information within 24 hours, the time stamp will highlight in red. |
| |
New Report - Server to EAI Mapping |
| |
New report added to the Report page under the "Information -> Get Report" page called "Server to EAI Mapping". This page takes a list of short or fully qualified host names, and matches all EAI numbers associated to them from PDSM. |
| |
New Report - Decommission Server List |
| |
Report that dumps the contents of what is being tracked in a decommissioned state, or staging level in Grunt. |
Patch: grunt-1.2.6-7, Date: 07/30/2019 |
Global Dictionary Cron |
| |
Corrected issue with Group GID values causing conflicts in the database inserts when it was already there. As GID"s are moved, they are now tracked in the data object, where previously, they were not, which was what was causing this. |
| |
Server Search Page |
| |
Will now handle the short hostnames provided by the VE data dump, and will now show VE information if searched on, if there is no other information. |
| |
| |
The memory column under the VE information will now show (GB) identifier next to the memory size. |
| |
| |
EAI to Server associations that are removed in PDSM/CMDB will no longer show on the page, but are continued to be tracked in the background. |
| |
Account Tool Page |
| |
Cordell suggested moving the remove button to the top of the page to help avoid confusion where it was near the remove servers input box, making it look like the right button to click. Now, the remove box shows to the far right of the selected account tool, instead of buried in the data input fields. |
| |
| |
Adding a new account tool will now provide a button saying "Add Account Tool". Previously, button would ALWAYS say "Update Account Tool". |
Patch: grunt-1.2.6-6, Date: 07/17/2019 |
Server Search Page |
| |
VE information will no longer show on the page if the account is not logged in. |
| |
| |
Sridhar added Security Zone information from the PDSM report. EAI information boxes will now show the security zone for the server, if there is a match in the PDSM report. |
Patch: grunt-1.2.6-5, Date: 07/17/2019 |
Mkacct System Tracking Page |
| |
Column has been added to show the number of servers that mkacct supports. |
| |
Cron Job - sortGlobalAccounts |
| |
Fixed a database key constraint issue that would cause the script to bomb out before completion. Now, when switching the UID value for an account to another value, that switch is now tracked in the global array, meaning the next item that might be sharing that UID does not think the UID is still open, and tries to use it. |
Patch: grunt-1.2.6-4, Date: 07/17/2019 |
Cron Job - sortGlobalAccounts |
| |
Added an argument option to take an account name. This allows for checking/testing how the global dictionary updates the master account information for an account, if needed, rather than processing everything. |
| |
| |
Fixed a bug that was causing the master account to not update the UID value if the new UID value found did not already exist in the master table. Now, if the UID value an account is using instead, is not found in the master table, and it's the only UID being used, the master table will change its entry to that value. Previously, this value would not be updated if everything looked correct. |
| |
Server Search Page |
| |
VE Center name is now made into a link that should take user to the vcenter page |
| |
| |
The EAI information blocks have had their Status identifier changed from "Status:" to "EAI Status:" to help cut down on some of the confusion on whether the EAI line is referencing the server, or the EAI number. |
Patch: grunt-1.2.6-3, Date: 07/16/2019 |
VE Tracking Table |
| |
Added table that tracks VE information for servers to Grunt. This is migrated code from the CARDS site to allow the seetsq and server search page easy access to the information to present now. |
| |
Server Search Page |
| |
Added VE information expandable box when VE information is matched against the hostname. |
| |
Rest API - dnsRecords.json |
| |
Modified code to pull from the Grunt database, rather than query each DARTH for information. This makes the query perform MUCH faster. It is assumed no one will be looking for new records in less than the 24 hours it takes DARTH sites to update Grunt with new information, so there was no need for on demand queries to get up to date information. Meaning data will be up to 24 hours in sync for the result output. |
| |
CAPAM Help Page |
| |
Sridhar provided updates to adjust the information. |
| |
Retrieve Password Page |
| |
If server is managed by CAPAM, the display message will add trouble-shooting help message at the bottom of the log file in mkacct to visit for possible reason password updates are not working. |
| |
Decomm Web Page |
| |
Should no longer match "unknown" IP addresses when it cannot find a server name. Instead, it will try to match against the random data around the IP address for a hostname value. This solves an issue where sometimes decomm'd IP addressed get re-used, but then match against the new name, for an already decomm'd server, which wasn't helpful. |
| |
OVO Request Queue |
| |
database auto increment value works ok on some databases, and not others. Here, fixed a case where the queue table tracking requests to be automatically turned back on, did not like having entries permanently removed from the table. Doing this caused the prod system to sometimes not increment the tracking ID number, which would cause duplicates between the queue item, and the master table, which would crash the database updates of the master table. Now, the queue table no longer has entries removed from it, but a flag has been added to track whether a queue item is completed or not. |
| |
| |
When queue items are completed, the output is recorded into the queue table to track final results. |
| |
| |
service command has had code added to make sure the 2 database tables are in sync with each other, and if they are not in sync, to make them sync up properly. |
| |
OVO Enable/Disable Page |
| |
When clicking on the "Turn ON Monitoring", and then clicking "Cancel", server list will no longer double in size every time the cancel button is hit, making the list of already disabled servers multiple. |
| |
seetsq |
| |
seetsq rest api call target code has been added to GRUNT. This is the first initial step/implementation to move it off of drh00045/drh00046, and get it better supported. While not fully functional, it provides simple basic functions, and will evolve back to its original form over next few weeks. |
| |
Access Controls |
| |
Fixed an issue where removing an employee under a manager who was disabled, would cause the re-scan to set a "blank" value for indicating the employee was not found in the database, and checks were looking for a "NO" value. Now, the value is checked for blank or "NO" value to determine skipping the employee all together in its checks. |
| |
DNS Search Page |
| |
The single input field has been replaced with a comment box. This allows for multiple searches to be done at the same time, instead of 1 individual search at a time. |
| |
Report Page |
| |
Added report "Accounts that Share UID". This report shows all accounts that use the same UID value. Report addresses LDAP accounts that have different leading alpha characters and "0" padding. |
| |
| |
Added report "Accounts that have Multiple UIDs". Report that shows how many unix accounts have different UID values across servers/clusters. Filter is applied to merge unix accounts that look like LDAP accounts into a single entity. |
Patch: grunt-1.2.5-2, Date: 06/27/2019 |
PDSM Inventory Data |
| |
Added column Parent Install Status for the status of the EAI number. |
| |
Server Search Page |
| |
When EAI matches are found from PDSM data, the EAI status will now display in the header bar, with corresponding color. |
Patch: grunt-1.2.5-1, Date: 06/27/2019 |
PDSM Inventory Report |
| |
Several enhancements Sridhar has made to get the data looking correct and presentable. Database table should now be loaded with clean values to be queried on when searching on a server. |
| |
Report Page |
| |
Added report called "EAI to Server Associations". This report dumps the database table of PDSM information into either csv or excel format. |
Patch: grunt-1.2.4-3, Date: 06/25/2019 |
Server Search Page |
| |
Grunt information will now be displayed in an expandable box, like the other sources are. |
| |
| |
Non logged in users will no longer be able to see any "grunt" provided information when looking up a server. They can only see EAI information matched from PDSM/CMDB. |
Patch: grunt-1.2.4-2, Date: 06/21/2019 |
Menu - "Account Mgmt" -> "Search for Server" |
| |
Sridhar has provided a feed from PDSM/CMDB, which can now be incorporated into the lookup page. When searching on a server, if there is information from the feed, it will display at the bottom of the page as expandable boxes, which should show all information received from the feed. The EAI number, name, and the source information are shown in the header row that can be expanded to show details. |
Patch: grunt-1.2.4-1, Date: 06/20/2019 |
Access Page |
| |
Fixed an issue where updating an account under a manager would change the name to the mode name they were set too, and not to their LDAP name. Should set name correctly now. |
| |
Configuration |
| |
Added config item under the "Logging Section" called "Mail Log Directory". This location hold log files generated from sendmail when receiving emails that are script processed. |
| |
New Table |
| |
Added table to track when emails are received to capture their date/time they were processed. This will be useful to know when updates have been made from remote sites that are sending emails with data in them. |
| |
Mail Script - pdsmInventoryDate.pl |
| |
Any issues the script runs into that we can capture, are written to the log file, instead of causing sendmail to die and log to the mail log. Script will also log start and endtime process pid numbers to the log file, so user can be sure email has come to the site and was processed. |
Patch: grunt-1.2.3-1, Date: 06/15/2019 |
Logging In |
| |
Removed the library call that sweeps LDAP for information about the account before confirming a login attempt, and now reference the access table directly. This should greatly increase the time from providing login credentials, to being returned to the home page being logged in. Previously, a sweep of the ldap managers was being done, to confirm account settings were included via the managers. Since the update of the tracking table, this is no longer needed, and the references are not kept directly in the table, rather than referencing LDAP every time a user logged in, which would add additional time to the validation piece. |
| |
Home Page |
| |
Removed the blocky expansion boxes on the home page, as they didn't seem to be helpful/useful, and replaced with a few paragraphs about what Grunt is, and what kinds of support it provides. |
| |
Configuration Item - Automation Configuration - Keep Accounts |
| |
Removed this option, as removals for access controls is no longer an automated process, but now alerts the root admins to address the issue. This should solve the issue of folks switching groups/managers leaving and folks seeing immediate loss of access "issues". |
| |
Cron - RefreshLDAPList.pl |
| |
For every run this script performs, will now send an email to the root admins should any access controls change in a way that would "change" someone's access. Any "added" access will work as it has and just note it in the logs. Removals or switching managers will note in the log file, and when this script runs, also send the email alert. The frequency of this cron job determines how often emails are sent with add/issues. |
| |
Admin Tab - Access Lists |
| |
Removed the large "blue" separator lines, and replaced them with a single thin line, as the large block blue made the page look cluttered. |
| |
| |
Extra column has been added to the end of the right side of the table called "Have Issue?". |
| |
| |
Table has been widened to accommodate the new column addition. |
| |
| |
Any account item with an issue will now highlight in red on the page, under the "Have Issue?" column. |
| |
| |
Any account with an issue under a manager, a checkbox will show up next to the "LDAP Name", allowing the root admin to remove the entry from the table once they determine the correct action has been taken to go ahead and remove the issue account/item. |
| |
| |
With the re-write, this page should load much faster now, not having to go to LDAP every time to resolve LDAP names. |
| |
Rest Call - uploadHostList.cgi |
| |
Will now process verboten/disabled servers provided by mkacct/tesla systems, updateGrunt.pl scripts. These servers are tracked by time stamp when they are taken out of play, and logged in the audit log when they change their statuses. |
| |
Retrieving Password Page |
| |
If 2 account tools are using a server that is looked up, the page will now attempt to look at the verboten/disable settings for the server on all account tools it is found on. If it finds the server is listed only once as active, and NOT active on the others, the page will return the password for the account tool that shows it active. If not, will return a list of all the account tools it is on, and the status of each account tool for the server. Clicking on that account tool will take the user to the password on that specific account tool. |
Patch: grunt-1.2.2-9, Date: 05/27/2019 |
Server Search Page |
| |
When searching on a server that is managed by multiple account tools, the input field would show 2 entries. Having a server in 2 account tools is not desired behavior, so to help with the situation, whenever a server on 2 or more account tools is looked up, a page that highlights in red will say "Multiple Account Tools Managing Server". Below this will display the list of the account tools, the server that is managing them, and the account area information, and allow user to select which account tool they way to reference for the server. |
| |
OVO Node List Retrieval |
| |
Updated command to retrieve entire list timeout from 2 minutes to 3 minutes. Should hopefully fix an issue where not all records are retrieved for some reason, which is hopefully the delay in the command run. |
| |
| |
Updated error message to show the output of what was retrieved if not enough servers were found, in the failsafe error message. |
| |
Cron Commands |
| |
Configure(start) will now check for any cron jobs that are no longer defined, and removed them. Previously, any cron jobs that were no longer needed would never get cleaned up. Should now. |
| |
RPM Publishing |
| |
Added auto email notify, via grunt, list of code changes. |
Patch: grunt-1.2.2-8, Date: 04/07/2019 |
Database Backups |
| |
Will no longer spam the gpg encryption output to stdout. Output has been suppressed. |
| |
Global Dictionary Master Table |
| |
Removed debug line that was causing the loop of all the global account items to focus on one item. Should now work each individual account, as intended. |
| |
| |
Sync script will no longer match on the exact starting sequence number that the database search says not to match on, when searching for existing UID and GID values. This solves an issue where in a chance in 2000 tries, the unique value matched would be the only value that may or may not have already been taken. |
| |
| |
Clean up portion of the automation will now account for instances where the script could be killed off in mid processing, for whatever reason(reboot, user kills process, remote database crashes, etc). Now, after initial checks are done, an extra "sweep" is done one last time to loop for any dependencies that may have been left over, and removes them. |
| |
| |
When a bad shell is defined, the returning error message will state which shells are acceptable. Previously, the error would just state it was an invalid shell, and there was no where to find the list of what the valid shells were, unless you were allowed to configure Grunt site. |
| |
UID Lookup Page |
| |
Will now show matches for anything not defined in the global table. This means custom values that are used, but not matched to what the global definition has set should now show. Previously, searching on a UID that didn't have a global value, would not show custom values, even when there were custom values. Now, a message shows in red at the top after a search is done, to show there is no global value set, and the custom values will now show. |
| |
Mail Material |
| |
Now that puppet/firewall material has been configured to allow Grunt to use mail services, Grunt will now start performing automation parses of emails. This means grunt will configure sendmail to receive emails, and forward them to the right areas in grunt script directories. A "mail" folder has been added to the parent directory(/opt/fedex/grunt/mail), which is where Grunt will configure sendmail to run scripts out of. Also, with this, the mail aliases being used in the mail list page should start working. When Grunt is started/restarted, it will make sure sendmail services are running, and configured with Grunt material, and report if there is any issues. |
| |
PDSM Inventory Tracking |
| |
New database table and script have been added to track inventory information sent from PDSM to mail alias as defined in the /mail directory of information. |
| |
Sudo Tracking |
| |
When account tools send their sudo information, they now send their files directly as part of the rest call. This replaces sending the information in the json call body, which will speed up performance, and also help alleviate a "deadlock" condition in the database with multiple updates at the same time. A directory of files is now parsed into the database from a single script, so there is no possibility of 2 scripts updating the exact same value in the database at the same time. |
| |
Mkacct Mkcrypt Hash Generator Page |
| |
Leonard has asked to put infosec requirements on password creation on the page for users to follow when creating passwords using the page. The bullet points are added above the input box for putting in a password now. |
| |
New Cron Script - Sudo Recording |
| |
While not complete, it will suffice to allow this package to load. Cron script will just remove files from the stage directory that is getting all sudo files from each account tool. Will parse and add to database later, but for now, will just remove the files. |
| |
Account Tool Tracking |
| |
Will now track whether account tool supports dev/test or production. This is provided the account tool is updated with the latest software to report that information yet. If not, will report an "UNKNOWN" value if the root password is looked up, and account tool has not yet identified itself as dev/test or production. |
| |
Root Password Lookups |
| |
With the new process CAPAM/Infosec is going with using CAPAM, modifications have been made when retrieving a root password that is found to be in CAPAM. Now, the site will display the CA PAM Address, and which server to look for when logging into CAPAM to retrieve the root password for. The server to search for is the name of the mkacct server as defined in the grunt site under "Account Mgmt", under "Account Tools", defined in the "Master Server" entry. |
| |
Cron Page |
| |
Fixed the "Day" and "Month" column to line up properly with their respective columns. |
| |
| |
Month days will now show as their alpha names, and not their numeric names. |
| |
| |
The "ALL" option under week will now show "All Week Days", and not "All Months", which could be confusing to some folks. |
Patch: grunt-1.2.2-7, Date: 03/21/2019 |
servers.json |
| |
Added a missing library that was needed for sending removal commands to an account tool. Somehow, the reference got lost to it after testing was completed. |
| |
Darth Subnet Removals |
| |
Will now remove subnets from the database the darth site is no longer reporting. Was a bug in the removal piece that would NEVER match a removal subnet passed to it, which kept the subnets in the table forever. Should be cleaned up now when a DARTH site reports it no longer manages it. |
| |
Account Tool Cluster Tracking |
| |
Fixed an issue where removing a cluster from an account tool would not clean up any account/group entries that were being tracked for it. This would cause old accounts/groups to show on clusters that were removed previously, which isn't helpful output. |
| |
accounts/groups json |
| |
Added more check logic up front to check passed in values to make sure they are what the user expects to be passed in, and if not, return the error message, and not a URI error message. |
| |
OVO Monitoring Script |
| |
Commented out a remove a line that was cleaning up the OVO node group record that was created when someone turned off monitoring for a server. While there is probably a better solution to this, it does not hurt to leave the last "known" ovo node group the server was a part of in a flat file for retrieval if needed. If the server is moved to another node group, the next time the server has it's monitoring disabled, will write the new node group out. The problem was found when multiple servers were asked to have monitoring turned off, but this change doesn't impact anything now or later, but not the most perfect solution either. |
Patch: grunt-1.2.2-6, Date: 02/24/2019 |
DARTH Rest Call |
| |
Added rest call to allow DARTH sites to notify Grunt when they remove a Domain from their databases. |
| |
Mail Lists |
| |
Fixed a cleanup issue when reading values entered that was causing new entries to not get loaded into the database properly. Now, the value is cleaned of spaces before and after, and the final entry is worked on. |
| |
Help Tab - FAQ - CA PAM |
| |
Sridhar gave notes about some items being missing/incomplete. Those sections are updated, and moved to their own section called "Prepping Mkacct Cluster to Add". This should make the section a little easier to understand for someone completely new to the process. |
| |
Menu Item - Account Mgmt - Server Status |
| |
Underlying logic has been replaced with function call that is now shared with REST API call. This has considerably reduced the code logic in the web page code itself. |
| |
New Rest Call - servers.json |
| |
Rest API added to allow an account the ability to either disable, enable, or remove a server from an account tool(mkacct/tesla). The menu under the "Admin" -> "Grunt Rest API" has had the ability to grant the rest account the ability to use this feature or not added to it. |
Patch: grunt-1.2.2-5, Date: 02/22/2019 |
Account Mgmt Tab |
| |
New menu item called "Sync LDAP Password". This page allows any "logged" in user to push a password update out for their account. If an "Admin Mode" or "Root Mode" user goes to the page, they will be presented with the option to push any account they want. Otherwise, a button appears allowing the user to sync their own account. |
| |
Atlas IPXE Page |
| |
Added PA Lab as Zone Location, Zone Type, and Zone Level select items. This provides a feature to Todd Lasher to build systems without needing DNS admin manual support to update PXE records for IPXE and PA. |
Patch: grunt-1.2.2-4, Date: 02/21/2019 |
CAPAM FAQ Page |
| |
Added in Firewall information for folks that might have their mkacct firewall'd, to be able to request rules for external servers/ports. |
| |
| |
Slide Deck has had all "testute" references replaced with "sac". |
| |
Root Password Search |
| |
When a server is in CAPAM, note has been updated to say if any issues to also note an issue with being able to log into CAPAM UI(in case account is revoked), to contact 24/7 support. |
| |
Database |
| |
Increased column size for the group name all mkacct's report in from 30 characters to 50 characters. |
| |
Information Tab |
| |
Added new menu item "Tools Oncall/Calendar". This is to help show who the oncall for the tools team is in case any help is needed for the Grunt, or tools the tool team supports. |
Patch: grunt-1.2.2-3, Date: 02/11/2019 |
CAPAM Job Aid |
| |
Updated the Job Aid with Sridhar's updates. |
Patch: grunt-1.2.2-2, Date: 02/09/2019 |
Account Tool Lookup |
| |
Added "Contact" to the configuration information. Will take any value up to 100 characters in it, so a contact can be specified. |
Patch: grunt-1.2.2-1, Date: 02/08/2019 |
RPM Publisher |
| |
Removed rhel5 from the build, no longer supported on rhel5. |
| |
| |
Corrected labeling issue on files to now label with the sub kit number, and not just the master number, which would keep clobbering pervious release labels. |
Patch: grunt-1.2.1-4, Date: 02/08/2019 |
Database |
| |
Added tables to track all sudo rules for all account/groups. |
| |
Modules |
| |
Added TESLA sudo parsing API to libraries. |
| |
Rest Script - uploadSudoRules.cgi |
| |
Grunt will now parse/process sudo rules submitted by account tools into grunt database to track/report on. |
| |
Rest Script - updateServerList.cgi |
| |
Will now note a message in the log file if an unknown account tool server tries to submit data into Grunt that Grunt is not tracking. Entries can be found by searching for "UNKNOWN" in the log file. |
Patch: grunt-1.2.1-3, Date: 02/06/2019 |
Help Menu |
| |
Added selectable item FAQ - TESLA. This page was migrated from a legacy server that was hosting the information on how to find the TESLA self services page. Since the rmtc.fedex.com domain is being retired in a few months, and the server it is currently running on are not supported, made sense to move it here. |
| |
Mkacct Deployments Page |
| |
Is now visible to the "Admin" mode folks, as it was originally intended, as it shows up in the menu list, but is not accessible. There should be no reason why SA's should not be able to see the list. |
Patch: grunt-1.2.1-2, Date: 01/29/2019 |
Access Control List |
| |
Fixed an issue where accounts that were removed in LDAP were not being cleaned up in the access control list. Should be now. |
Patch: grunt-1.2.1-1, Date: 01/26/2019 |
Help Menu - CA PAM FAQ's Page |
| |
Added the Power Point slide deck for the SA Mkacct to CAPAM integration as a link in the Table of Content. |
| |
| |
Added the uid/gid values for the pama2a in the example/output section. |
| |
Admin - Configuration |
| |
New section added called "Global Dictionary". This section allows for configurations on how the global dictionary behaves for requests. |
| |
Rest API Calls - gdi.json |
| |
Added new json call gdi.json(Global Dictionary Information). This rest call is used for requesting new and existing accounts and groups on unix servers. Tied to the database that is already tracking account tool specifics, this rest call is able to return unique values for new items, as well as custom values for a given set of information. Refer to the rest call page for further information. |
| |
Menu - Account Mgmt -> Search Unix Accounts |
| |
When searching for accounts that don't exist, the button that says "Create This Account" has been modified to say "Configure This Account". |
| |
| |
When clicking the "Configure This Account" button, a validate page will pop up with all the fields for the account pre-populated. The user can then verify or modify the selected values, and submit for a final creation process. |
| |
| |
When an account is created, the results will now be displayed. Previously, a message would show saying the account was created, but wouldn't show the data, making the user have to query on the account again to see the results. |
| |
Menu - Account Mgmt -> Search Unix Groups |
| |
There was no button that appeared when searching on a group that doesn't exist. There is now. Even though there is only a GID value to configure, still provides the ability to tailor it. |
| |
Menu - Help -> FAQ - CA PAM |
| |
Replaced example code information/output with Sridhar's latest run of following the steps. |
| |
UID/GID Dictionary |
| |
Added new configuration item called "Valid Shell Paths". This item allows the setting of what shell values are acceptable if user it trying to force a shell for the creation of the account currently. |
| |
| |
Web page for setting default configuration has had the shell value updated to a drop down list of selection. |
| |
| |
Rest API call gdi.json will now validate the value passed(if one is passed) for the shell is valid to the list in the configuration section. The valid list is included in the documentation. |
| |
| |
Web page will now return a message saying an LDAP account does not exist when a recognized LDAP ID is used in the search box. Previously, the site would prompt for configuration values for a non-existent LDAP account, and then error out after filling in the values that the LDAP ID is not valid. Now, the page stops the user before proceeding to try and configure something that does not exist. |
| |
Retrieve Root Password Page |
| |
Added information when retrieving root password for a server that is managed by CAPAM to include the 24/7 emergency contact for InfoSec if immediate help is needed to retrieve the password. |
Patch: grunt-1.1.1-26, Date: 01/05/2019 |
Cron - cloneTestMkacctTable.pl |
| |
Script has now been removed, since now the server can be reached via mysql connections from the build server. |
| |
Mkacct Page |
| |
Patch note information has now been updated to reflect the new version/release numbering scheme automation. |
Patch: grunt-1.1.1-25, Date: 12/13/2018 |
Check Hash Password Page |
| |
Will now display the hashes and the date the password was changed for the account being searched on "IF" the user using Grunt is a root or admin mode user. Otherwise, page will work as it always has. The 2 boxes must be green in order for this feature to show up. |
| |
| |
Updated information for step 1 to the new link, and the PDSM contact link to use for more information. |
| |
Admin Menu |
| |
Added a new page called "Bulk Execute". This page will allow a root or admin mode user to enter 1 to multiple servers, login credentials, and a command/file to run/upload. Clicking the "Update Servers" button will submit the request to all servers, capture all results, and provide an excel spreadsheet of the data returned. The default setting is 100 servers, but can be adjusted in the Configuration section under "Bulk Server Cap" if it is too much/little. |
| |
DARTH Updates |
| |
Fixed an issue that was not receiving the list of IP's from the DARTH sites properly. Now, IP's should be tracked in Grunt for each DARTH site, as was originally intended. |
| |
Mkacct Deployment Page |
| |
Menu item will now show one again on the menu listed under "Account Mgmt". Fixed a concatenation issue that would not make the selection appear on the web page menu list. |
| |
Tanium Reports |
| |
Added 2 new links under the Information -> Get Report page called Tanium Puppet and Tanium Disk. There reports generate excel files based on a list of servers given. If no servers are given, all servers are returned. If part of the server is given, all servers that match the string given are returned. |
Patch: grunt-1.1.1-24, Date: 11/12/2018 |
OVO Master Tab |
| |
Added new menu item under the OVO tab called "Daemon Log". This page allows reviews of the transactions that happen between Grunt and the OVO Master servers. While not useful to most folks, this page will allow debug/trace information to determine when an issue happens, where the user debugging should focus their attention. |
| |
OVO Masters Client Script |
| |
Major enhancements have been made to help support rules needed by OVO folks to help support the automation. |
| |
| |
When a request to turn monitoring back on, whether or not all the steps can be completed, the script will now put the node/server back into monitoring status, whether it succeeded with all the steps or not. This solves an issue where a node could be left in a group that is not monitored, whether the agent wasn't reachable, grunt couldn't connect, etc. |
| |
| |
The different approaches/processes to turning on/off monitoring for a node/server has been combined into one process now. Should make it easier to debug/analyze the process used. |
| |
OVO Page |
| |
Will now report an error if a server is attempted to be turned off that is already queue'd turn off in Grunt. Previously, would generate an internal server error message if it existed in the queue already because of a constraint error issue. |
| |
Decomm Web Page - Excel Report |
| |
Will no longer time out. The check against DNS is now ONLY done if the last check returned a valid record. A flag was added to the database to track records that were already checked, so the same check was not constantly running against DNS over and over to validate records that are no longer there, and eventually time out the web page. |
| |
Report - Account Tool Servers |
| |
Report is now outputted as .xlsx instead of .xls. |
| |
| |
Any PDSM group reported as "FXS_SA_Server" is now converted to "FXS_SA_HCL". |
| |
| |
Cloud servers should now show the appropriate PDSM group as found in the opsquery web page provided by cloud. |
| |
Cron Job |
| |
Added new cron job for pulling down the OPS Query report from cloudOPS, set the default to run every 12 hours. This should populate the appropriate PDSM group for all cloudOPS servers in Grunt. |
| |
Account Mgmt Tab |
| |
Removed menu item "Add Server to Redhat IDM". This item was staging for automation, but with the migration away from it, is no longer needed. |
| |
| |
"Mkacct Mcrypt Hash Generator" has been renamed to "Mkacct Hash Generator". This makes the menu more "neat" as lines are not wrapped around, making the menu selection look cluttered. |
| |
| |
Added new menu item "Server Status". This menu item allows a root/admin mode use to see what status a server is in on an account tool, as well as the ability to disable the server, enable it, remove it, or add it. Adding means adding it "back", it does not mean adding a new server, unless it is to TESLA. |
Patch: grunt-1.1.1-23, Date: 10/14/2018 |
Check Hash Page |
| |
Have updated the information displayed when a user has not started the process on the new "special" step users need to perform to account for the wsso issue in IDM. Also updated other notes on the page to hopefully help new users with the information we have been providing lately. Added IDM contacts in case the extra steps do not help the user complete the steps. |
Patch: grunt-1.1.1-22, Date: 10/09/2018 |
Configure Script |
| |
Added new readonly user for PDSM to pull the PDSM support group to server associations from the 2 associated tables. |
| |
All Servers Report |
| |
PDSM Support Group column has been added to the excel spreadsheet. |
| |
Decomm Report Page |
| |
Has been adjusted to properly parse the new ePDSM decomm report email database values. |
| |
Upload Darth Information |
| |
Script has been modified to track duplicates and return an email with the list when encountered. Previously, script would just bomb out because of duplicate entries in the database. Key in the database has also been modified to include the CIDR notation. |
Patch: grunt-1.1.1-21, Date: 08/24/2018 |
Check Hash Page |
| |
Updated email that is sent out from the hash check page that references "checkhash.rmtc.fedex.com" to point to grunt page for checking hashes. |
Patch: grunt-1.1.1-20, Date: 08/18/2018 |
Decommission Page |
| |
Has now had a "Last Update" timestamp added to the top of the page. This will tell the last time Grunt received a report from PDSM that is was able to parse a data set. |
Patch: grunt-1.1.1-19, Date: 08/08/2018 |
Contacts Page |
| |
Added in the ePDSM queue for making access requests to the site. |
| |
Server Lookup |
| |
Custom field has been added for servers to indicate "custom" PDSM On-call/Assignment Group values. If the server has this value set, it will override the setting set for the account tool global value. If not set, the global value the account tool has defined will be used. This is to support the cloud download of EAI to Server information. All search results have been updated to return the proper value. |
Patch: grunt-1.1.1-18, Date: 08/01/2018 |
Contacts Page |
| |
Added at the top a section for "Access Requests/Issues". This should provide a list of the folks with root admin privileges to change access in Grunt that a user can click on/contact for getting further help on Grunt Access. |
| |
Check Hash Page |
| |
Updated the message that is shown when step 1 is completed, but not step 2. Message now states that you need to wait 1 hour after completing step 1, before changing your password. Previously, the message was to wait 1 hour after setting Unix Hash flag, which could confuse some users. |
| |
IPXE Page |
| |
Found an issue where cutting and pasting next servers from the atlas/puppet page of zones and IPXE servers was pulling in UTF8 characters. The scrub function has been updated, and will now clean the string of any UTF8 encoding prior to using. This only seems to come from the Atlas page that lists the next server, and http systems for puppet when folks cut and paste from it. |
| |
| |
Page is now editable by Admin mode users. Previously, only the root mode users could edit this page. Since this page is used to populate DARTH sites, admin's can now maintain any IPXE record changes ATLAS has. |
| |
| |
HRO has been added to the list of “Zone Locations” in the drop down section. |
| |
OVO Page |
| |
Configuration item has been added to tell GRUNT how long to wait retrying to activate monitoring on a server it has disabled until it should give up, and alert the OVO admins of an issue. Default is 30 minutes. Previously, GRUNT would keep trying forever to activate, which most of the time would never be successful until a user actually discovered a problem with the OVO agent, and corrected it there. |
Patch: grunt-1.1.1-17, Date: 07/22/2018 |
Darth Upload Script |
| |
Will no longer check the string for the version number for invalid characters. Since this information is displayed as user readable, there is no reason to enforce any sanity checking on the rpm package name(s). |
| |
Mkacct Upload Script |
| |
Will now parse the 8 or 9 field string of information sent by a mkacct, and update database accordingly. Since all mkacct's will not have the update at once, this supports the current mkacct systems while in transition, as well as the mkacct's that have the latest patch, which now sends the 2nd field in the master/passwd and clients/*.users files. |
| |
Root Password Retrieval |
| |
Will now report that a password is in CAPAM, if the mkacct has indicated the password is maintained by CAPAM. The message will also provide the link to the instructions on how to install/use CAPAM to retrieve it, if needed. |
| |
Cluster Notes |
| |
Under the Root password retrieval page, and the Server Search page, information will now be displayed about any extra information being tracked on a cluster, if the server belongs to a cluster. This information is ONLY visible to folks who can retrieve passwords, and is not visible to anyone else. Information can be added/updated/removed as needed to the admins. |
| |
Server Notes |
| |
Under the Root password retrieval page, and the Server Search page, information will now be displayed about any extra information being tracked on a server. This information is ONLY visible to folks who can retrieve passwords, and is not visible to anyone else. Information can be added/updated/removed as needed to the admins. |
Patch: grunt-1.1.1-16, Date: 06/16/2018 |
OS Patching Material |
| |
Was moved to it's own site, so cleaned up any residue left on the Grunt site of it. |
Patch: grunt-1.1.1-15, Date: 06/16/2018 |
Admin Tab |
| |
Removed items that were visible to the Admin mode, but not usable if selected. Now, only admin available items will show under the Admin tab when an Admin Mode user is logged on. |
| |
Reachable Servers Page |
| |
Added time tracking table, and provided output information under the excel link about times of the run. |
Patch: grunt-1.1.1-14, Date: 06/01/2018 |
DARTH Upload Script |
| |
Will now track all existing subnets, and do a final check to make sure another DARTH tool is not managing the same subnet. If it is, the subnet will be ignored, and a message logged to the work log about the issue. No longer will it generate an internal server error message in the log. |
Patch: grunt-1.1.1-13, Date: 06/01/2018 |
Cron Jobs |
| |
Added cron to purge DARTH sites that no longer communicate their values to GRUNT. This value, in days, can be configured in the admin tab, under the configuration selection. |
Patch: grunt-1.1.1-12, Date: 05/28/2018 |
Rest API - Accounts.json |
| |
Will now allow custom searches for an LDAP ID to a server to retrieve specific GECOS values of the account on the server. |
| |
Web Queries |
| |
Increased timeout from 1 minute to 5 minutes. This should prevent the ovo page from timing out should it encounter servers that need slightly over a minute to complete ovo enabling/disabling. |
| |
Access Accounts |
| |
Corrected an issue that was not removing accounts under managers. Now, any employee that is no longer under a manager will not show up in the library call that checks. The configured number of days to remove accounts once they have been detected as removed in LDAP still applies. |
Patch: grunt-1.1.1-11, Date: 05/03/2018 |
Mail Lists |
| |
Fixed a bug when creating a new mail list that was causing an error inserting a blank "alias" name. Now, the name is generated as a place holder when the list is created from the mail list name. User can refine it later if they want. |
| |
Ping Daily Checks |
| |
The night scan will now look at port 22 on all sevrers, and report back whether the server is reachable on port 22(SSH port), firewalled, but running port 22, or closed port 22. If none of these determinations can be made, an "unknown" status is check. |
| |
| |
The "Reachable Servers" menu item has been updated to add the new column to reflect the connection status to the SSH port. |
| |
OS Patching Menu |
| |
Has been hidden for now until the patching site comes online. |
Patch: grunt-1.1.1-10, Date: 04/27/2018 |
Menu Changes |
| |
Moved the OS Patching/Reboot functions out of the "Admin" tab, to their own master tab "OS Patching". This menu item will present itself to a user that is logged into the site. |
Patch: grunt-1.1.1-9, Date: 04/27/2018 |
Update/Patch Server |
| |
Added new menu item under "Admin" tab called "Patch/Reboot Audit". This page will allow reviewing of requests to reboot a server at present, whether it was successful, or was already done, or ran into an error. The output is viewed in HTML, with an option to download an Excel Spreadsheet. |
| |
| |
The main menu item has been updated to handle timeout situations, and whether or not the command exists in the script prior to trying to execute. |
| |
| |
Return codes have been modified to match 1 or 0, to fall in line with Unix codes. |
| |
OVO Changes |
| |
Add Dan Bolling permanently to receive any email alerts the come from GRUNT about ovo changes. |
Patch: grunt-1.1.1-8, Date: 04/24/2018 |
Patching/Rebooting Servers |
| |
… Logging is added, the database table to track reboots(only action that could do anything on a server) and future reporting they wanted has been created, failed login attempts are now reported, and the messages for different areas should now display on the page. |
Patch: grunt-1.1.1-7, Date: 04/23/2018 |
CheckHash Page |
| |
Cordell noted the page was not in sync with the checkhash.rmtc.fedex.com web page. Should be in sync now. |
| |
| |
IE should now left justify the information instead of centering it. |
| |
| |
Sridhar pointed out the link has changed from identity.web.fedex.com to sso.secure.fedex.com, so updated the link to new place. |
| |
Mkacct Page |
| |
Corrected a massive amount of formatting issues for IE that was causing text to center justify, which looked awful. Should now left justify as it does in all other browsers. |
| |
| |
Fixed an issue where version numbers over 99 were displaying at the bottom of the patch list, rather than at the top. Newest version should now ALWAYS show at the top. |
| |
UID/GID Lookups |
| |
Will now show the "total" number of clusters across all systems the account/group is in. |
| |
CAPAM Page |
| |
Updated information to match more current information updates. |
| |
Admin Menu Tab |
| |
Will now show for Admin users now. Previously, this tab only showed for root admins. Now, the Admin tab has a "Patch/Reboot Servers". This page allows the patching and rebooting of a list of servers, along with a user account and password. |
| |
| |
Added new selection item "Reachable Servers". This menu item only shows for Root Mode users on GRUNT. This page will provide a link to download an excel file of all servers in GRUNT, and whether the GRUNT server can reach these servers across the network. |
| |
My Settings Tab |
| |
Fixed an issue that was causing a internal server error when trying to reset privileges back to original settings. |
| |
Remote Account Queries |
| |
Will now return the html header content tag. Previously, this was causing the call to fail, which would not provide updates to downstream systems. |
| |
Ping Checking |
| |
Cron has been created to perform ping/nmap scans of all servers listed in GRUNT to determine whether GRUNT can reach them or not. |
Patch: grunt-1.1.1-6, Date: 03/10/2018 |
Cron Support |
| |
Menu item added under "Admin" menu called "Cron Settings". This page allows better management control over the cron settings for the GRUNT application. |
| |
Mail Lists |
| |
Mail list pages for a selected mail list will now provide a "Email Distro Name" entry box. This box allows the creation of an email address used to reference the email list. Emails sent to this defined email address will be forwarded to all email addresses defined in the email distro. |
Patch: grunt-1.1.1-5, Date: 03/09/2018 |
Installation Setup |
| |
Fixed the rhel7 installs to not indent the required stanza too far to the right anymore. |
| |
| |
If the configuration already has certificate paths in place, the installation will no longer over write them with default settings. Static values have been changed to dynamic, as they were originally intended to be. |
Patch: grunt-1.1.1-4, Date: 03/08/2018 |
Mkacct Home Page |
| |
Updated version number from 3.0.0 to 4.0.0, and make the variable dynamic, so it only needs to be changed in one place instead of several. |
Patch: grunt-1.1.1-3, Date: 03/05/2018 |
Hash Page Checker |
| |
Fixed an issue that was causing the page to NOT retrieve hashes from LDAP. The UID value used for login purposes was not being passed corrected to authenticate with. |
| |
TLSv1.2 Support |
| |
Removed all material that allowed switching between ssl3 and tlsv1.2. GRUNT will now ONLY work with tlsv1.2, and nothing else. LDAP has already adjusted their server, so this should be a seamless transaction. |
| |
Apache Configuration |
| |
GRUNT will now write out its own conf.d configuration file instead of referring to a file from the repo. |
| |
| |
Added support to run multiple sites on a server using SSL, GRUNT adjusted to support the feature. |
| |
Mkacct Home Page |
| |
Updated verbiage based on what Scott gave me for PDSM support of issues. |
| |
Account Mgmt Tab |
| |
Added "Mkacct Home Page" to the bottom of the selection list, so users can navigate to it quickly. |
| |
| |
Added "Mkacct Deploys" to the drop down, which is visible only to the root and admin folks. This page shows all mkacct tools that are reporting in, what version they are using, the OS version, CPU and memory counts. |
| |
Cron Job |
| |
Due to firewall issues, the mkacct automation tool cannot connect to the grunt database on the prod site to make updates. This cron job allows the production site to get the mkacct publish information from the test database, and update its local database. |
Patch: grunt-1.1.1-2, Date: 02/21/2018 |
Account Tool Tracking |
| |
Scripts will now collect OS version, physical or virtual, processor count, and memory size from servers. Database has been adjusted accordingly. |
| |
Help Menu |
| |
Added "FAQ - mkacct" to the list. This menu item goes to the same place the keyword "mkacct" goes too now. This page should be a consolidation of mkacct related web material, and replaces where mkacct keyword previously went too. |
Patch: grunt-1.1.1-1, Date: 02/07/2018 |
Access Control Structure |
| |
Changed access methodology to use a new control system to allow defining manager level, and specific tailor control of individual accounts under the manager, as well as the manager themself. All scripts and code have been adjusted to support this structure, and installation script knows how to migrate the old tables to the new tables when migrating. |
Patch: grunt-1.0.1-2, Date: 01/09/2018 |
Password Hash Generator |
| |
Removed the perl-Crypt::XS library, since it seems to be obsolete in redhat 7. Now used default libraries to generate encrypted hashes. |
Patch: grunt-1.0.1-1, Date: 01/09/2018 |
Redhat 7 Support |
| |
Initial attempt at building redhat 7 rpm package along with 5 and 6 packages. Also moved the RPM publishing to the Atlas repo. |
Patch: grunt-1.0.0-59, Date: 12/30/2017 |
DARTH Reports |
| |
Corrected code logic when 2 DARTH tools report the same subnet/domain to NOT drop out of the updates if this is found. Now, the discrepency is noted, and the code that allows cleanup of the duplicate item can complete. Previously, when the issue was reported, when fixed, the code would never update the database to show the duplicate was removed, but would always just complain. |
Patch: grunt-1.0.0-58, Date: 12/02/2017 |
DARTH Report Collector |
| |
Added an email to the DNS root admins whenever 2 DARTH sites report they are managing the same subnet. |
| |
Admin -> Access List Page |
| |
Fixed an issue in IE that was causing more "blank/bogus" color rows to show at the top of the page. IE is incapable of understanding a hidden tag properly, so it was showing hidden rows with a color background. Moved the hidden code into the table row tag, and now looks proper in IE. |
| |
| |
Checkboxes for employee's under a manager are now available to use. Meaning if you want to tailor someone under a manager with more privileges then what the manager has, you can now assign folks under the manager to more rolls. If the manager is removed, all roles extra that were assigned to their employee are also lost. Previously, these checkboxes were greyed out, and the employees could ONLY inherit the settings of their manager. |
| |
| |
An update complete message will now show on the top of the page when add/updates/removes are made. |
| |
| |
Disabling and Enabling employees under a manager will now trigger audit logging. |
| |
OVO Material |
| |
Revamp the way OVO supports servers. A new database table has been added to track all servers OVO is reporting on, independent of what GRUNT has for server lists. Now, this table is checked for performing status/monitoring work on user given servers or not, instead of requiring the server to be tracked in GRUNT. |
| |
| |
Cron job has been updated to audit log all servers found/removed when sweeping OVO server for nodes. |
| |
Audit Logging |
| |
Added missing png files that would spam log files with broken links. Should keep junk information from spamming the log files now. |
Patch: grunt-1.0.0-57, Date: 10/22/2017 |
CAPAM FAQ Page |
| |
Added additional information for configuring CAPAM with mkacct/tesla. |
Patch: grunt-1.0.0-56, Date: 09/28/2017 |
ovoRequest.pl Script |
| |
Added additional servers provided by Dan to treat as OVO Master Servers |
| |
OVO Sync Script |
| |
Has been modified to retrieve list of servers to OVO Masters from the new file Dan provided, instead of through the opcnode command. Cron has been updated to run at 35 minutes into each hour, as the first 10 minutes of the hour, the file is empty. Failsafe trigger prevents the script from finding a list of anything under 1000 servers, in case for some reason the file is incomplete, or 0 size from updating current list of servers in GRUNT. |
| |
Account Mgmt - Server Search Page |
| |
Added a note that server entries MUST be fully qualified names when entered. |
| |
uDeploy Script |
| |
Not really relevant to GRUNT, but to keep a copy of the script somewhere, added the uDeploy script to query on a app name, env name, and a date range, using LDAP credentials to retrieve a list of tar packages. |
| |
DNS Create/Remove Records |
| |
Fixed an issue with the filter command that would cause lines matching a tab character, to remove more then it should have been. Now, the filter replaces tab characters with a space, prior to running the filter on it for special characters. |
Patch: grunt-1.0.0-55, Date: 08/27/2017 |
OVO Status Page |
| |
Fixed an issue where getting status on a server that was not in GRUNT would show a message saying the server was not in OVO. This was not always true, as the first check would see if it was in grunt, and whether it was or not, the second check, to see if it had an OVO server, would always clobber that first message, whether it was in GRUNT or not, which is not helpful to the user. |
| |
ovoRequest.pl script |
| |
On the test site, will now work like it is running through Ground commands instead of services commands. This was at the request of Dan who noted it would make testing/debugging easier to follow this process then the services process. |
| |
| |
Added Dan Bolling email address to receive notifications for the time being to help debug/follow up from time to time that things are working as they should be. |
| |
| |
Will no longer disable/enable monitoring on the OVO master servers themselves. A dictionary has been built in to define the OVO Master servers, and if any of these servers are specified, they will be skipped. This does not affect status check, just disabling and enabling of the servers. |
| |
| |
Script has been moved to a ".tmplt" script, so codes, messages, and server names can be built into the script as it is generated and pushed from one source, rather than having to maintain the list in 2 places. |
Patch: grunt-1.0.0-54, Date: 08/16/2017 |
Access Page |
| |
Fixed an issue with the way the columns lined up representing access. Now, the columns should line up properly with the specific type of access label being used. Previously, clicking on OVO Mode, might have registered in the database as Basic Mode, or some mix, or sometimes work right, which is not desired behavior. |
| |
OVO Page |
| |
PDSM value will no longer pass the value off to the OVO tool as is. Now, if the value has anything other than alpha/numeric/underscores, those values will be removed prior to passing them to OVO. Previously, this would cause the OVO script to think values with spaces were servers being passed, but would ignore them and report back an issue. Now, the report that comes back is clean of these issues. |
| |
| |
When a server/node does not have OVO client running on it when an SA tries to turn monitoring back on, they will now be presented with a yellow popup box explaining what has happened on those servers. The SA can either close the popup and try to turn the monitoring back on again. If the SA believes the Agent is running, there is another button the can click on to "Create Incident", which will commit the changes to OVO, and open a ticket. The attempt to turn on the node can be repeated as many times as the SA would like to try. Any nodes that did activate will just repeat a message saying they are monitored until all nodes report that way, or the SA clicks the incident button. |
| |
| |
If the SA takes no action, and GRUNT has reached the queue time to activate monitoring on a server again, it will commit the work whether the server's OVO agent is running or not. |
| |
OVO Script |
| |
New flag added to script called "-try". When this value is used, if a node that does not have its OVO agent running yet, this flag will revert back the disabled state, and allow the command to be run again to try and turn monitoring back on. |
| |
| |
When performing the final commit(without the -try option), nodes/servers will be places back into production mode regardless of the outcome. Previously, the node would not be restored to its primary group, and left in the outage group. The node should be put back into full notification mode regardless what happened previously. |
Patch: grunt-1.0.0-53, Date: 07/27/2017 |
Menu Update |
| |
Added selection item "MKacct Mkcrypt Hash Generator" under the "Account Mgmt" tab. |
| |
Mkacct Mkcrypt Hash Generator page |
| |
Steve provided the Mkcrypt generator scripts for generating hash password and now can be used through GRUNT as well. |
Patch: grunt-1.0.0-52, Date: 07/25/2017 |
DNS Add/Removal Page |
| |
Fixed a critical issue where removal/addition of a record could include possible other records as matches. This was due to the case where the search filter was being used to find all records prior to an add or removal, and since the search filters finds all matches that match(i.e. 199.10.10.10 would also match 199.10.10.100, 199.10.10.101, etc), which is NOT the desired behavior. The search filter has been adjusted to now take a flag to tell it to match explicitly on the values given, and NOT any value that matches the string being searched on. The regular search page is not impacted, and will continue to match on all records based on the search string provided. |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
Patch: grunt-1.0.0-51, Date: 07/24/2017 |
Menu Items |
| |
| |
Removed the "FAQ" menu item from under the Help menu item. It had under construction image, and there was no plans to update it with any direct information. |
| |
| |
Moved the OVO FAQ page from the OVO menu to the Help menu selection. |
| |
| |
Moved the CA PAM FAQ page from the Account Mgmt to the Help menu selection. |
| |
| |
Renamed "Web Sites" to "DARTH Web Sites" to make it a little more clear WHAT "Web Sites" was. |
| |
| |
Information -> Get Report: Information has been updated saying to wait a few seconds for the report to generate when clicking on the link. |
| |
| |
Atlas IPXE Dictionary has been added to the "DNS" tab menu. |
| |
Atlas IPXE Dictionary |
| |
| |
Added a page to define the atlas PXE servers for doing redhat 7 server builds. This page should allow automation tools to determine which next-server and HTTP url reference when requesting PXE records for ATLAS servers. If the user logged in is a ROOT user, they have the ability to update the dictionary. All other users will see the page as a basic HTML table. |
| |
Rest API Call |
| |
Added rest call under the "Rest API Calls" menu item, called "queryAtlasIPXE.json". This rest call will allow queries to be made based on security zone, location, and level to determine the next-server and http_url server to use when adding a PXE record to dhcp. Documentation is on the rest page for more information about how to use it. |
| |
LDAP Password Hashes |
| |
When a ROOT or ADMIN mode user checks an LDAP hash for a user, if the hashes are not set, a link will appear at the bottom of the page called "Send Email to User, and CC Myself". If this link is clicked, an email is sent to the LDAP account being checked on, as well as the logged in user(SA/Amin) to the page, to know that the email was sent out. If the "Employee ID" entered is "TEST", this will cause the page to assume no hashes are set, and if the link is clicked, will ONLY send an email to the logged in user. This is useful if debugging is needed to see how this works. |
Patch: grunt-1.0.0-50, Date: 07/17/2017 |
Server Search Information |
| |
Patch: grunt-1.0.0-49, Date: 06/05/2017 |
Access Page |
| |
Will no longer display employees under the manager in real time. Found an issue where employees that retired would continue to show up in the list, which was not desired. Now, the page should show what is being tracked in the database. |
| |
| |
Cron script has been updated now to keep a more accurate list of employees. Now, if new FTE's show under a manager, they will have access the same as the manager has for settings. if the employee is a contractor, they will show, but with access turned off by default. |
| |
| |
Cron script has been updated to run once an hour to stay more current throughout the day. |
| |
Remote Account List Script |
| |
Fixed an issue that was exporting accounts that were turned off in GRUNT down to sub tools. Now, accounts that are flagged as "off" in the access list will no longer get pushed down with the accounts that do have access. |
Patch: grunt-1.0.0-48, Date: 05/08/2017 |
OVO Page |
| |
Updated the ngrep command to point to the new location provided by Dan Bolling. |
Patch: grunt-1.0.0-47, Date: 05/01/2017 |
OVO Monitoring |
| |
Updated message when an OVO Agent is offline to now show that information instead of OVO Not managing the Node. |
| |
| |
If the OVO Agent is offline, will no longer affect the Disabling of a node through GRUNT. |
| |
| |
Added the word "GRUNT" to the end of the subject line for the Email sent to the RT system when there is a problem. |
Patch: grunt-1.0.0-46, Date: 04/25/2017 |
OVO Work Page |
| |
Fixed a scope creep variable that was showing the page for OVO status checks to all users that were logged in. Now, OVO menu should only show up to those who have their access flag set correctly. |
Patch: grunt-1.0.0-45, Date: 04/22/2017 |
OVO Work Script |
| |
Has had all command interactions now logged to a log file to help track down questionable issues when they happen. The log file is created anew every time grunt interacts with OVO on the OVO Master servers themselves. These files can be found under /opt/fedex/grunt/temp, and labeled by the date they were initiated. |
Patch: grunt-1.0.0-44, Date: 04/15/2017 |
CA PAM FAQ Page |
| |
Added CA PAM FAQ page under the "Account Mgmt" tab. This page explains how to install/use the CA PAM client, as well as how CA PAM interacts with mkacct, and how to use. |
| |
Server Search |
| |
Will now show the OVO Master server that is monitoring it(if there is one). If no server is monitoring it, message will show "No OVO Admin Server found.". |
| |
| |
Corrected a formatting issue(typo) to space out the rows of information returned to make it a little more pleasing to the eyes. |
| |
Hash Password Check Page |
| |
Added page(same code as the checkhash.rmtc.fedex.com webpage) to GRUNT under the "Account Mgmt" tab, called "LDAP Password Hashes". This page performs the same functionality as the current checkhash website, just easier to find on the GRUNT side this way. |
Patch: grunt-1.0.0-43, Date: 04/04/2017 |
DARTH Uploads |
| |
Fixed an issue that was causing the uploads to break when submitting mac addresses in their information. Now, mac addresses are lower cased when being worked in GRUNT, regardless if they are tracked upper or lower case in the DARTH tools. |
| |
OVO Alert Messages |
| |
When GRUNT turns back on OVO monitoring automatically, it will now pass the user who requested the server to be turned off. This solves an issue where if there is a problem with turning back on a server, the requestor will now receive a copy of the alert email, which should also include a cc from the RT system. |
Patch: grunt-1.0.0-42, Date: 03/28/2017 |
OVO FAQ Page |
| |
Added information about the time GRUNT allows and will turn monitoring back on for servers in GRUNT that were turned off. |
| |
DNS Search Page |
| |
Will now look up IP addresses that have not yet been assigned and report which DARTH tool it is in. The pattern search was previously looking ONLY at 3 octect searches, and not for the 4th. |
| |
OVO Notification |
| |
Corrected both a bad concatination of the LDAP ID email address, and a backwards operator check to now correctly include the requestor in the email notification when monitoring is about to be turned back on. |
Patch: grunt-1.0.0-41, Date: 03/26/2017 |
OVO Email Alerts |
| |
Will now send an email to the original requestor as well as configured alert emails when monitoring is about to be turned back on. |
| |
OVO FAQ Page |
| |
Fixed formatting issues. |
Patch: grunt-1.0.0-40, Date: 03/24/2017 |
OVO Menu |
| |
Added selection to the menu list called "FAQ Page". This page explains how to use the OVO menu items, with screenshots and list of commands used. |
| |
DNS Menu |
| |
Added selection to the menu list called "Web Sites". This page shows all DNS tools, and also the links to the installation/usage pages for the DNS tools GRUNT is using. Very similair to the page on the DARTH sites showing the DARTH tools. |
| |
Contact Page |
| |
Added OVO support information. |
| |
updatepw.cgi |
| |
Updated script info Jeramy provided from IDM for mkacct updates to initially just receive requests for now. Eventually this will be the “LDAP Sync” flag available on the Account Tools page underlying process. |
Patch: grunt-1.0.0-39, Date: 03/19/2017 |
LDAP Queries |
| |
Removed the clear text password to connect to LDAP for extra information. Updated LDAP calls to retrieve information from database now. |
| |
Configuration Changes |
| |
Removed logging of password changes, both old and the new ones into the log file. |
Patch: grunt-1.0.0-38, Date: 03/19/2017 |
OVO Turn On Function |
| |
Fixed an issue in the scripts to not abort immediately when sending alerts, but to continue on to return the information back to it's caller before it exists out. |
| |
| |
Status codes that are not "proper" codes are now reported correctly so queue'd items that fail, but produce "some" status code, will now properly clean the queue after it's run. Previously, items would remain in the queue if they didn't have the "proper" status code returned. |
Patch: grunt-1.0.0-37, Date: 03/18/2017 |
OVO Queue List |
| |
Added configuration item for the number of hours a request can be increased before reaching cap. 24 hours is the default, and a "0" value says there is no cap. This means a server that has had monitoring disabled cannot be disabled for more hours then this value is set too. If that is the case, the user needs to enable, and then disable monitoring once again. |
Patch: grunt-1.0.0-36, Date: 03/16/2017 |
Looking up GID |
| |
Fixed a bug that was causing GID values that did not match the master table to not resolve properly. Now, only the custom table is swept for all matching values, and does not depend on the master table to match, prior to sweeping it. |
| |
DARTH Upload Information |
| |
Will now correctly insert non pingable dates correctly, and not insert 0000-00-00 entries for blank values. |
| |
DNS Query Page |
| |
Has been enhanced to show more information with expandable boxes, and default search information has been reduced to the record type, name, value, and TTL used. The row can be expanded to show extra information, if more is needed. |
| |
| |
Searching on a domain, subnet, or a partial "IP" address(the first 3 octets), will now match the DARTH tool that can support that item. If the first 3 octets are entered, then all subnets and IP addresses that match will be displayed. |
| |
DNS Add/Remove Page |
| |
Reversed the status codes, as they were now backwards with the last patch to the DARTH tools. Now, creation/removal messages should display when the work is completed on the page, as they should. Previously, no messages would show when work was done, which wasn't helpful. |
| |
Rest API Call |
| |
Added rest api call "workDNSRecord.json. This script will allow an LDAP user, or a REST API created user to add/remove A,PTR, and CNAME records through GRUNT for any supporting DARTH system. |
| |
Account Tool Query Page |
| |
Page has been slightly modify to "fit" more items at the top into something easier on the eyes. |
| |
| |
Added new option "Vault System". If this option is set to "Yes", GRUNT will try to sweep the server listed under "Master Server" for all mkacct information and store it locally on GRUNT. The help message has been updated to reflect that, to use this feature, a ssh public key needs to be installed under the root user authorized_keys file, and gives the public key to use in the help message. |
| |
| |
"Sync to LDAP" option has been checked from a checkbox to a yes/no drop down selection. |
| |
Cron Entry |
| |
Added cron entry to sweep through vault flagged account tools, to try gather information on them. |
| |
OVO Monitoring |
| |
Added push out script to now update dev/test and production OVO servers with new patches/changes to the status/on/off script. This should make it easier for the developer to propagate the changes out without knowing all the servers to push too(pushes out dev/test systems on test grunt, and all production systems on prod grunt). The current script will be moved to the same file name, with the word “.backup” added to it, in case the old copy is needed for whatever reason. |
| |
| |
Added in all secondary OVO master servers the OVO group has provided into the script, so the script should work across all OVO masters now. |
Patch: grunt-1.0.0-35, Date: 02/24/2017 |
DNS Lookup Page |
| |
No longer queries against all DARTH systems. Now that the DARTH systems sync their data to GRUNT, this information is sent from the DARTH systems to GRUNT nightly, so the query now queries the local database for information. |
| |
| |
Added title to the page to know that the page performs a search on DNS records. |
Patch: grunt-1.0.0-34, Date: 02/21/2017 |
Home Page |
| |
Removed all information stating that GRUNT is just a password management tool, and now reflect help options for the menu items the user/visitor has when coming to the site. Once user logs in, the page will change to show more information about the options available to them. |
| |
DARTH Reports |
| |
GRUNT will now screen the version number, and remove any darth's that report a ".noarch" or a ".el5|6|7" extension from the version number before inserting it into the database. |
| |
GRUNT Reports |
| |
Added a "Get Report" under the "Information" tab. This page has 2 reports to start with, and is not currently locked down. |
| |
OVO Group Mode |
| |
New mode added to Grunt for access called "OVO Mode". Anyone in this mode can use the OVO utilities page to stop/start monitoring of servers in OVO. This also includes the status ability. |
Patch: grunt-1.0.0-33, Date: 02/16/2017 |
Rest API Call |
| |
Added rest API call "darthList.json". This call will dump DNS information about DARTH systems that have registered with the GRUNT site. |
| |
OVO Page |
| |
Added more debugging code to the ovoRequest.pl script that is run on the OVO servers for more helpful debugging. |
| |
| |
Changed order of how the ovoRequest.pl script checks to make sure it doesn't run multiple instances of itself. Now, it first checks for the PID to already be running, and then if the server in the list matches the current request being submitted. Previously, the lock would check for server first, which would hold true if the previous PID was left around(not cleaned up properly), which would cause the script to always fail, and continue failing. |
| |
| |
When sending an Emergency alert, script will now clean up it's lockfiles/pid files before completely exiting. |
| |
| |
Email functionality has now been added the script, but will only email Frank Thompson(418997) for the time being. |
| |
| |
Cleaned up problem messages that are happening to make them more easy to understand in the future if they happen again. |
| |
Decomm Web Page |
| |
Will no longer cap every search result, and all excel downloads at 100 RFC numbers. Limit has been removed when something is being searched on, or an excel dump file is requested. |
| |
| |
Reg exp match has been corrected to properly identify other scenario's that are successful, and mark them as completed. |
Patch: grunt-1.0.0-32, Date: 02/09/2017 |
DARTH Database Tables |
| |
Added remaining tables needs to track DARTH information. |
| |
Rest Call |
| |
Added rest api call for DARTH systems to send their information through. |
Patch: grunt-1.0.0-31, Date: 02/09/2017 |
Account Tools Menu |
| |
Will no longer show 2 Root Password Retrieval menu items. |
| |
Rest API Calls |
| |
Corrected an issue for systems that multiple DNS reference ites(mail records info), to ONLY parse out the IP from a "host" command call, and not all the extra information that can come from a host command. This fixes an issue where resolution may sometimes cause a mismatch with valid mkacct systems in GRUNT. |
Patch: grunt-1.0.0-30, Date: 02/07/2017 |
OVO Audit Page |
| |
Should no longer wrap the search criteria for user/server on 2 different lines when displaying in Chrome. |
| |
Account Tool Lookup |
| |
Will now show the version number(if available) of the account tool if it sent that data in. |
Patch: grunt-1.0.0-29, Date: 01/20/2017 |
OVO Seeding |
| |
cron script has been added to query OVO Masters to gather list of servers they are monitoring. |
| |
| |
Added menu item under the "Admin" tab called "OVO Master Servers". This page allows the configuration of OVO servers that contain a list of servers they are monitoring GRUNT can search through to find which servers GRUNT also supports. Page is only useable/viewable by root admins. |
| |
| |
Added New Tab item called "OVO" This tab has 3 items under it to either status/start/stop servers in ovo(root and admin only), review audit logs of who/what servers were stop/started(anyone logged in), and to review currently queue’d items that GRUNT will turn monitoring back on for automatically(root and admins can modify, basic mode has read only). |
| |
Daily Backups |
| |
Will no longer backup the tracking of UID/GID on server values. These tables were too large to backup, and are dynamically built once a day, and are not mission critical for anything. |
| |
Restarting Grunt |
| |
Will no longer display messages about re-adding cron entries when restarting GRUNT. Restart script now checks for a database entry prior to assessing what is in cron prior to it's work of what it thinks or doesn't think it should add. |
| |
API Documentation |
| |
Fixed a bug for all "POST" items in the list, to actually have their test example section working again. Previously, this option only worked on the "GET" calls. POST now makes a slightly different call to get it to work the same as the GET methods now. |
| |
Enable/Disable(OVO) |
| |
Fixed an issue where short hostnames, or invalid hostnames would show a really horrible message. Should now show with the rest of the servers, the issue/problem, along with successes now. |
| |
Audit Review(OVO) |
| |
Now can search on server name and now on the requestor ID as well. Drop-down has been added to switch between what the user wishes to search on. |
| |
Remote OVO Script |
| |
Should now have all changes to make the proto-type into a working version, and is ready to deploy on production. |
| |
Mail List Page |
| |
Will now accept email addresses that have "-" in their names. Previously, any email address like "ITO-Support@corp.ds.fedex.com, etc, would not be accepted. They should be now. |
| |
| |
LDAP Names will now show next to the LDAP ID that is entered. Previously, only the LDAP ID would show in the list, which wasn't helpful if someone was researching whether someone was in the distro or not. |
| |
Rest API |
| |
New rest api called “toolList.json” has been added. This should allow for making requests to GRUNT for information. |
Patch: grunt-1.0.0-28, Date: 12/23/2016 |
Account Master Page |
| |
| |
Server Search Page |
| |
Is now open to users that are not logged in. If the user is not logged in, or does not have any "privileges" in GRUNT, they will only see the PDSM Group and the Area Name associated for the server they looked up. No changes for users who have any access in GRUNT, will continue to see the page as it has been. |
| |
My Settings Tab |
| |
Added a paragraph at the top explaining how the page works. Previously, root admin's have been worried they might be revoking their access by using the page. The paragraph explains how it works, and why their real access is never changed. |
Patch: grunt-1.0.0-27, Date: 11/03/2016 |
Account Tools Page |
| |
Basic mode can now see this page, but cannot change anything on it. |
| |
Menu Items |
| |
Acct Mgmt will no longer show to the world, but only to a user who is logged in, and has at least Basic mode access rights. |
| |
Search UID and GID pages. |
| |
Will no longer concatinate the account tools per item matched, and end up reporting the same tools over and over for extra matches. Now, only account tools servicing the value will display in their respective boxes. |
| |
| |
Added the count per each account tool of how many times it supports the UID/GID on the cluster/server. |
| |
| |
Corrected a DIsplay issue, where selecting Cluster/Server would show file entry values, and File entry value would show the Cluster/Server values. Flags have been flipped appropriately now and will display their intended values. |
Patch: grunt-1.0.0-26, Date: 11/03/2016 |
Menu Changes |
| |
All Account management menu items have been moved to one menu item called "Account Mgmt". This included the Search, Masters, and Retrieve menu tabs that used to exist, which are now under this one menu tab. |
| |
| |
Added Search Unix Accounts and Search Unix Groups menu items under the "Acct Mgmt" tab. These features allow a user to lookup UID, GID, Unix account, and Group account matches to research information. |
| |
Unix Group Update Script |
| |
Corrected a hash key typo/cut and paste. GID values should now be unique in the database table for global values. Also corrected the database table to make the GID value in the global table unique, so this should not be possible moving forward. This requires a wipe of the group table. |
| |
Group Database Table |
| |
Index has been added to the suggested gid column to make searching for duplicate issues faster. |
Patch: grunt-1.0.0-25, Date: 10/19/2016 |
Mail Distro |
| |
Added "Mail Lists" under the Information tab. This allows creation of mail distro lists that can be managed by anyone who logs into GRUNT to add/adjust/remove items from it. |
| |
Rest API |
| |
Added rest API call to query for the list of email addresses for a given mail ID of a distro. This is useful for automation scripts that need to send out notifications for whatever reason. For this initial release, this is used for mkacct publishing notifications. |
| |
Session Information |
| |
Removed residue of copied over code to remove the PING flag, and change the REVERSE flag to BASIC flag. Authentication will now work for any user, but flag settings will still be applied based off the access list settings. In other words, and user can log into GRUNT now, but will not have access to any features(as they did before, minus the login information. |
Patch: grunt-1.0.0-24, Date: 10/12/2016 |
Cron (Update Servers) |
| |
Has been removed. Since mkacct-utils now publishes servers to grunt from account tools, this is no longer needed. |
| |
| |
Added cron script to keep global table updated with global values. |
| |
Uploading Accounts |
| |
Fixed a bug that was not pattern matching LDAP accounts correctly, which was causing duplicate master entries to be made. Should pick up a single account now. |
| |
| |
Corrected another bug that would not match up ldap vs. application accounts, and got confused, which would cause application accounts to match LDAP accounts. Database table should no longer mix & match values for each entry it processes. |
Patch: grunt-1.0.0-23, Date: 09/28/2016 |
Account Management Listings |
| |
Will now show update dates when the account tools report in their records, and if it is over 24 hours, will show the last update in red. Otherwise, the date will show in green to show it has been reported in the last 24 hours. |
Patch: grunt-1.0.0-22, Date: 09/28/2016 |
createPXE API |
| |
Fixed an issue where updating pxe records was not returning a successful code on completion, and was returning the opposite code. Should return a "0" now for successes, and not a 1. |
| |
Report Table |
| |
Added in a database table to track when automation scripts report into GRUNT their information. |
Patch: grunt-1.0.0-21, Date: 09/19/2016 |
LDAP Cron Job |
| |
Added the missing cron job to do LDAP cleanup of all accounts that are listed in GRUNT to have access, but are no longer found in LDAP. |
Patch: grunt-1.0.0-20, Date: 09/15/2016 |
Remote Group Update |
| |
Fixed another type in the database table to clear obsolete entries properly. |
Patch: grunt-1.0.0-19, Date: 09/15/2016 |
Remote Group Update |
| |
Fixed a typo in the database table to reset GID values. |
| |
REST API Help Pages |
| |
Added a "Test" section on the pages to run the commands and sample what the output is. |
Patch: grunt-1.0.0-18, Date: 09/12/2016 |
New REST API |
| |
Added accounts.json to the list of REST API's. This call will return query information on a given account value. |
| |
| |
Added dnsRecords.json to the list of REST API's. This call should return DNS information for DNS records that exist in any known DARTH system GRUNT talks too. |
| |
Account Utility Scripts |
| |
CGI scripts to process account tool information have been updated to handle large scale data requests into smaller requests. Found issue where 7K + servers would be too much data for a database client handle to work. Now, work is processed by a certain number of clusters at a time. |
| |
Account/Group Database Tables |
| |
Several keys have been added to help search through the large amount of data being maintained in them. |
Patch: grunt-1.0.0-17, Date: 08/29/2016 |
Remote URL Updates |
| |
Moved the check for the remote server IP matching to a function call. Added a check to see if a valid Hostname or IP address is used for the Master Server, and if not, it's skipped. |
Patch: grunt-1.0.0-16, Date: 08/29/2016 |
Grunt Update Script |
| |
Code fix so the first unique value chosen does not match an existing used value. |
Patch: grunt-1.0.0-15, Date: 08/29/2016 |
Server/Account/Group URL Call |
| |
Fixed an issue where hostnames were not being resolved to their proper IP address matched properly. Now, regardless of CNAME used, the name should always resolve to IP addresses from the database list in GRUNT. |
| |
| |
Updated error messages generated when there is a conflict issue between the server requesting vs. the Grunt listing of the server, to be more clear about what it is saying. |
Patch: grunt-1.0.0-14, Date: 08/28/2016 |
Mkacct Server/Account/Group Tracking |
| |
Added database table and web url scripts to allow mkacct systems to relay their information to GRUNT. |
Patch: grunt-1.0.0-13, Date: 08/17/2016 |
REST API Calls |
| |
Added REST API Calls to create and remove CNAMES, and update PXE records on DARTH systems |
| |
Password Encryption |
| |
Added another level of security to the password tracking. |
Patch: grunt-1.0.0-12, Date: 06/27/2016 |
Remote URL Call |
| |
Added new remote script: accountToolLookupRequest.cgi which when invoked with an argument of "SVR_NAME", will return the account tool used for that server. |
Patch: grunt-1.0.0-11, Date: 06/27/2016 |
Decommission Tab |
| |
Has been added to the top menu items. Item added under the menu called "Search Records". This page reads from the CARDS database, a table that is populated by a report Sridhar emails to the CARDS site with the list of decommission servers, and their information on what status they are in. |
| |
DNS Tab |
| |
Records being searched on will no longer match on anything preceding the domain name. For example, frankute.fedex.com will no longer match ute.fedex.com domain and search through it, as the domain isn't valid. |
Patch: grunt-1.0.0-10, Date: 06/10/2016 |
DNS Tab |
| |
Added tab called "DNS" to the site. This feature is only available to root user or admin users. This tab allows SA's to create/modify/remove DNS records from DARTH sites without having to go to a DARTH site to remove them. In summary, it is a one stop shop to work DNS records, instead of having to know which DARTH to go to, to make DNS changes. |
Patch: grunt-1.0.0-9, Date: 05/04/2016 |
New Remote Script |
| |
Added script to allow mkacct/server to upload it's list of servers to GRUNT through a URL call. Now, a mkacct/server that calls this URL: https://grunt.sac.fedex.com/uploadServerList.cgi?SERVERS=server1,server2,server3,etc will update the list of servers grunt has for the server automatically. The server uploading the list MUST be the same server listed in GRUNT as the supporting server for that account tool. |
Patch: grunt-1.0.0-8, Date: 04/28/2016 |
REST API Account Script |
| |
Fixed an issue when querying for the list of accounts would not return folks under a manager that were listed for access to other remote tools following the same access needed. Now, the manager is treated like an employee account, but only after it has been evaluated at a manager level for all employees who are included or not. |
Patch: grunt-1.0.0-7, Date: 02/25/2016 |
Query Page |
| |
URL call has been added to get the list of accounts that GRUNT allows access to root passwords. Query to call is https://[GRUNT_SERVER_NAME]/remoteAccountRequestList.cgi This will provide a list of LDAP account id's sorted, which can be used by other tools to know who should have root access and the ability to use features. |
Patch: grunt-1.0.0-6, Date: 01/30/2016 |
Masters Tab |
| |
Button has been added to remove the account tool. This button will prompt the user that clicking ok will remove the account tool, the servers, and all root passwords for that account tool will be lost if they proceed. |
| |
| |
Remove Server box has been added next to the Add Server box. Now servers can be removed as well as added to the account tool. |
| |
MCO Sync |
| |
TEST/DEV system has been renamed to match naming convention with "MkAccount System" on it. This should match the sync mechanism used to auto populate servers. |
| |
| |
Production MkAccount System has been added to the sync mechanism. |
| |
Configuration |
| |
Added "Countdown Time" configuration value. This value sets the countdown timer when a root password is displayed on a browser before it is automatically cleared. Default is "60" seconds. |
Patch: grunt-1.0.0-5, Date: 01/27/2016 |
RPM Package |
| |
Will no longer remove the grunt account/group from the server when an update is performed. Commented out the lines in the rpm spec file that was causing this to happen. Will worry about uninstalling options later. |
| |
Access Page |
| |
Now has a column called "Active" added to the table. This column, which shows values under an expanded manager, will allow more fine tuning of access for the manager, and the employees under that manager. This ONLY applies to managers. Now, when a manager is listed, if someone under the manager, or even the manager them self does not need the access, un-checking the box under this column will remove that person's access from the tool. If an account is added in the process that the Admin does not notice, and email will get sent to the admin alert distro notifying of the addition in the process. |
| |
| |
When a person under a manager is either added or removed, an email will now go out to the "Notify Admin" emails defined in the configuration section to alert them of the change. |
| |
Backups |
| |
Backups are now made, encrypted, and the password to decrypt the backup file is sent to the email addresses specified under "Backup Keys" configuration item. Night Sync |
| |
| |
Script has been installed to keep account tools in sync with servers they specify they manage. |
| |
Cron Additions |
| |
Cron added to run backups once a night. |
| |
| |
Cron added to run Sync script to keep account tools with their server list up to date. |
| |
Configuration Page |
| |
Added Configuration item "Notify Admin". |
| |
| |
Added configuration item "Backup Keys". |
Patch: grunt-1.0.0-4, Date: 01/26/2016 |
Masters Tab |
| |
Adding servers will no longer validate they exist in DNS prior to inserting. Now, the page trusts entries to be valid and will insert them as long as they don't already exist in another account tool. |
Patch: grunt-1.0.0-3, Date: 01/24/2016 |
HTTP requests |
| |
Should now redirect to the secure site if used. |
| |
Remote Update |
| |
DEBUG flag has been added. If this is added to the URL, set to any value, will cause the script to work the same way, except when it comes time to commit to the work, in which case, that step is skipped. This is useful to debug whether a remote update will work or not from the remote server itself before actually committing any work to the grunt server system. |
| |
Patch Notes |
| |
Should now display the dates next to each patch version properly. |
Patch: grunt-1.0.0-2, Date: 01/22/2016 |
Installer Package |
| |
More corrections to installer to remove DNS items and perform full automation. |
Patch: grunt-1.0.0-1, Date: 01/20/2016 |
Initial Creation of GRUNT project. |
|
