OpenStack or Bust, Part 6: tink-stack.sh script

#!/bin/bash

#####################################################################
###
### tink-stack.sh
### -------------
###
### Script to run through a list of IPs and tinker.
### DESTRUCTIVE SCRIPT.... proceed cautiously
###
### The only argument required is an ip address, hostname, subnet, or
### any nmap target specification (e.g. 10.21.161.1-25, 10.21.161.1,3,5)
###
### Use option "-b" if you are logging into an Ubuntu system
###
#####################################################################


######################################################################
### CUSTOMIZE: write_script
### -----------------------
###    The script that is run on the remote host; it should provide
###    simple output that the process_output function can easily use.
######################################################################
function write_script () {
    cat <<EOF > $1
#!/bin/bash

ntp_host=\$(awk '\$1 == "server" {print \$2}' /etc/ntp.conf | head -1)
service ntp stop >/dev/null 2>&1
echo "$ ntpdate-debian \$ntp_host"
ntpdate-debian \$ntp_host
service ntp start >/dev/null 2>&1

if ! service ntp status >/dev/null 2>&1 ; then
  echo "[WARNING]: ntp is stopped"
fi
echo

echo "$ sysctl net.ipv4.ip_forward"
sysctl net.ipv4.ip_forward
echo

echo "$ ip addr show | egrep \"^([0-9]| *link| *inet \")"
ip addr show | egrep "^([0-9]| *link| *inet )"
echo

echo "$ netstat -rn"
netstat -rn
echo

echo "$ ip netns show"
ip netns show
echo

echo "$ ls -R /var/run/netns; ls -R /etc/netns"
ls -R /var/run/netns; ls -R /etc/netns
echo

if [ -x /sbin/brctl ] ; then
  echo "$ brctl show"
  brctl show
  echo
fi

if [ -x /usr/bin/ovs-vsctl ] ; then
  echo "$ ovs-vsctl show"
  ovs-vsctl show
  echo
fi

echo "$ ping 10.0.164.1"
ping -c2 10.0.164.1 >/dev/null 2>&1 && echo UP || echo DOWN
echo

echo "$ ping 192.168.241.1"
ping -c2 192.168.241.1 >/dev/null 2>&1 && echo UP || echo DOWN
echo

echo "$ ping 192.168.239.1"
ping -c2 192.168.239.1 >/dev/null 2>&1 && echo UP || echo DOWN
echo
echo

rm -f \$0   # self-destruct
EOF
}


######################################################################
### CUSTOMIZE: process_output
### -------------------------
###    If the script produces output, here's where you can tinker with
###    the presentation
######################################################################
function process_output () {
    local ip=$1; local hn=$2; local out="$3"

    len=$( echo | awk '{print length( a b )}' a=$ip b=$hn )

    for (( x=$((len + 1)) ; x > 0 ; x-- )) ; do echo -n "-"; done ; echo
    echo $ip $hn
    for (( x=$((len + 1)) ; x > 0 ; x-- )) ; do echo -n "-"; done ; echo

    if [[ -n "$out" ]] ; then
        echo "$out"
    else
        echo "script-FAILED"
    fi

    echo ; echo
}


######################################################################
######################################################################
#---------------CHANGE BELOW AT YOUR OWN RISK-------------------------
######################################################################
######################################################################


me=$(basename $0)
USAGE=$( cat <<-EOF

    USAGE: $me [-b] [-u <username>] [-s]

        -b  login to Ubuntu system as user ubuntu; -s is implied
        -u  login as user <username>
        -s  run remote script with sudo
    EOF
)


######################################################################
### VARIABLES
######################################################################
user=root; sudo=

tscr="/tmp/tink-$$.sh"  # payload script, copied to host targets
tscr_x="/tmp/tink-$$_x.sh"  # script name on taregt hosts
ssh_x="ssh -o StrictHostKeyChecking=no -o BatchMode=yes -o PasswordAuthentication=no"
scp_x="scp -q -o StrictHostKeyChecking=no -o BatchMode=yes -o PasswordAuthentication=no"

while getopts "hbu:s" opt ; do
    case $opt in
        h) echo "$USAGE"; echo; exit 1;;
        b) user='ubuntu'; sudo='sudo';;
        u) user=$OPTARG ;;
        s) sudo='sudo' ;;
    esac
done
shift $((OPTIND - 1))

me=$(basename $0)
nmap_range="$@"

declare -a IPS  # Array of IP targets


######################################################################
### SANITY CHECK
######################################################################

function USAGE () {
    echo
    echo "USAGE: $me <ip|hostname|subnet|nmap-target>"
    echo
    echo "Edit script to customize write_script() and process_output() functions"
    echo
    exit 1
}

if [[ -z "$nmap_range" ]] ; then
    echo "[ERROR]: argument missing"
    USAGE;
elif [[ ! $nmap_range =~ "^[0-9]+\.[0-9]+\.[0-9,-]+\.[0-9,-]+" ]] ; then
    echo "[ERROR]: invalid argument \"$nmap_range\""
    USAGE;
fi


######################################################################
### HELPER FUNCTIONS
######################################################################

function run_nmap () {
    local targ="$@"
    nmap -sP -oG - ${targ} |
        awk '/^Host:/ {print $2}'
}

function check_ssh () {
    local host=$1
    echo | nc -w 3 $host 22 > /dev/null 2>&1
    return $?
}


######################################################################
### MAIN
######################################################################

IPS=( $( run_nmap $nmap_range ) )

echo
echo "${#IPS[@]} pingable IPs discovered"
echo

write_script $tscr

for IP in ${IPS[@]} ; do

    search_dom=".$(awk '$1 == "search"{print $2}' /etc/resolv.conf)."
    HN=$(dig +short -x $IP)
    HN=${HN%$search_dom}

    if check_ssh $IP; then

        if $scp_x $tscr ${user}@${IP}:${tscr_x} >/dev/null 2>&1 ; then
            ssh_out="$( $ssh_x $user@$IP $sudo bash $tscr_x 2>/dev/null )"
            process_output $IP $HN "$ssh_out"
        else
            echo "$HN ($IP): scp-FAILED"
        fi

    else

        echo "$HN ($IP): ssh-FAILED"

    fi

done

### Axe the temporary tink script
rm -f $tscr