Registarium, a Go API server, saves client registrations to SQLite, and produces an Ansible-compatible inventory file from that data.
Imagine we have a bunch of Linux boxes. We want to know where they are on our network. We're content for them to self-report.
The clients can report to the server as simply as:
curl --header "Content-Type: applicaton/json" \
--request POST \
--header "Authorization: ApiKey 123mysupersecretkey" \
--data '{"hostGroup":"workstations","ip":"192.0.1.222","machineID":"x201ab23cd45ef67"}'
http://localhost:9753/api/v1/hello
The only required data is machineID
.
See example-client.sh
.
Registarium leaves TLS termination to whatever reverse proxy sits in front of it.
When using a reverse proxy, remember to set the client's original IP in a header like Forwarded
or X-Real-IP
to keep logging and debug messages helpful.
If you have not already set up a Go build environment, follow the Go getting started instructions.
Get the Registarium source and its one dependency:
$ cd $GOPATH/src
$ go get github.com/pgorman/registarium
$ go get github.com/bvinc/go-sqlite-lite/sqlite3
Note that the sqlite3 package uses CGO, so it needs a minimal C toolchain.
On Debian-based systems, this should be sufficient to pull in gcc
and libc6-dev
:
# apt install build-essential
Build and test Registarium:
$ cd $GOPATH/src/github.com/pgorman/registarium
$ go build
$ readKey=secret1234readkey writeKey=secret1234writekey ./registarium --debug
$ ./populate-test-data.sh
$ ./example-inventory-ini.sh
Build a binary for your target deployment platform.
If that matches your build workstation, go build
should be enough to produce a registarium
binary.
If, for example, you're building on amd64 for deployment on 386, cross-compile like:
$ cd $GOPATH/src/github.com/pgorman/registarium
$ CGO_ENABLED=1 GOOS=linux GOARCH=386 go build
$ scp ./registarium myserver:
If using systemd to supervise Registarium, customize the API keys in registarium.service
and copy that file to the deployment server too.
Decide where to install the binary and save the inventory data. For example:
myserver# chown root:staff registarium
myserver# chmod 555 registarium
myserver# mv registarium /usr/local/bin/
myserver# chown root:root registarium.service
myserver# chmod 600 registarium.service
myserver# mv registarium.service /etc/systemd/system/
myserver# sudo mkdir -p /var/local/registarium
myserver# chown root:staff /var/local/registarium
myserver# systemctl daemon-reload
myserver# systemctl enable registarium.service
myserver# systemctl start registarium.service
Finally, configure your reverse proxy (e.g., HAProxy, Nginx, Apache) to do TLS termination and proxying to Rregistarium.
A reverse proxy configuration for Apache, with the proxy
and proxy_http
modules loaded, looks something like:
<VirtualHost *:443>
ServerName inventory.example.com
SSLEngine ON
SSLVerifyClient optional
SSLCertificateKeyFile /etc/ssl/private/STAR_example_com.key
SSLCertificateFile /etc/ssl/certs/STAR_example_com.crt
SSLCertificateChainFile /etc/ssl/certs/STAR_example_com.ca-bundle
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:9753/"
ProxyPassReverse "/" "http://127.0.0.1:9753/"
</VirtualHost>
Copyright 2019 Paul Gorman, and licensed under the 2-clause BSD license.
See LICENSE.md
.