- Добиться авторизации без пароля с биллинга и выполнения команд.
- В скрипте events_inc.sh настраивается отправка событий.
- Можно целиком передавать событие в качестве аргументов доп. скрипту на стороне Carbon Reductor.
Примеры скриптов
Редуктор - 10.0.0.1
Carbon Billing 4: /var/lib/event/event_inc.sh
#!/bin/bash /usr/bin/selfkiller -30:TERM -50:KILL & disown -a LOG_LEVEL=ALL SENDER=$1; shift EVENT=$1; shift DATA=$@ for VAR in $DATA; do [[ "$VAR" = *"="* ]] && eval ${VAR%%=*}=\'${VAR#*=}\' done LOG INFO "$SENDER $EVENT $DATA" ssh root@10.0.0.1 /app/reductor/cfg/userinfo/hooks/negbalset $SENDER $EVENT $DATA >/var/log/ssh10.0.0.1.log 2>&1
Reductor: /app/reductor/cfg/userinfo/hooks/negbalset
#!/bin/bash # Логика выставления negbal зависит от переданных переменных # по правильному это должно быть на стороне биллинга. LOGFILE=/var/log/negbalset.log PROG=negbalset Exit() { local rc=$? [ -z "$1" ] || rc="$1" CATCHED=1 exit $rc } Warning() { echo "$PROG: warning: $*" >&2 } Fatal() { echo "$PROG: $*" >&2 Exit 1 } exit_handler() { local rc=$? trap - EXIT [ -n "$CATCHED" -o $rc -eq 0 ] || echo "$PROG: unhandled error, exiting..." exit $rc } signal_handler() { echo 'Interrupted!' >&2 Exit 1 } Log() { echo $(date +'%_d %b %T') " " $@ } __ipset() { Log "$@" timeout -s 15 10s chroot /app/reductor/ ipset "$@" } trap exit_handler EXIT trap signal_handler SIGHUP SIGPIPE SIGINT SIGTERM SIGQUIT SENDER=$1; shift EVENT=$1; shift DATA=$@ for VAR in $DATA; do [[ "$VAR" = *"="* ]] && eval ${VAR%%=*}=\'${VAR#*=}\' done # LOG INFO "$SENDER $EVENT $DATA" case "$EVENT" in "balance_negative") Log "Negative balance for $ip - add from base negbal" __ipset add negbal $ip ;; "icsd_balance_negative") Log "Negative balance for $ip - add from base negbal" __ipset add negbal $ip ;; "balance_positive") if [ "$ceil_in" == "-1" ];then Log "ignored $ip" exit 0 fi Log "Positive balance for $ip - del from base negbal" __ipset del negbal $ip ;; "user_data_changed") if [ "$over_limit" == "1" ];then Log "Data changed for blocked $ip - add from base negbal" __ipset add negbal $ip exit 0 fi if [ "$ceil_in" == "-1" ];then Log "ignored $ip" exit 0 fi Log "Data changed for $ip - del from base negbal" __ipset del negbal $ip ;; "rate_set") if [ "$over_limit" == "1" ];then Log "Data changed for blocked $ip - add from base negbal" __ipset add negbal $ip exit 0 fi if [ "$ceil_in" == "-1" ];then Log "ignored $ip" exit 0 fi Log "Rate set for $ip - del from base negbal" __ipset del negbal $ip ;; "login") if [ "$over_limit" == "1" ];then Log "Data changed for blocked $ip - add from base negbal" __ipset add negbal $ip exit 0 fi if [ "$ceil_in" == "-1" ];then Log "ignored $ip" exit 0 fi Log "Rate set for $ip - - del from base negbal" __ipset del negbal $ip ;; *) : ;; esac