Narcissus/meshbook
2
0
Fork 0
mirror of https://github.com/DaanSelen/meshbook.git synced 2026-02-21 08:52:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Narcissus:v1.0.1
Branches Tags
Narcissus:main
Narcissus:v1.4.1 Narcissus:v1.4.0 Narcissus:v1.3.2 Narcissus:v1.3.1 Narcissus:v1.3 Narcissus:v1.2 Narcissus:v1.1 Narcissus:v1.0.1 Narcissus:v1 Narcissus:v0.1
...
compare: Narcissus:main
Branches Tags
Narcissus:main
Narcissus:v1.4.1 Narcissus:v1.4.0 Narcissus:v1.3.2 Narcissus:v1.3.1 Narcissus:v1.3 Narcissus:v1.2 Narcissus:v1.1 Narcissus:v1.0.1 Narcissus:v1 Narcissus:v0.1

82 Commits
v1.0.1 ... main

Author SHA1 Message Date
DaanSelen
e710dadfcd chore: bump libmeshctrl 2026-02-19 09:01:01 +01:00
Daan Selen
00e63e1a96 chore: remove old notice 2026-02-06 17:42:02 +01:00
Daan Selen
10057b5f91 correct text 2026-02-06 17:41:31 +01:00
Daan Selen
2cfd7ad06e chore: add caution notice 2026-02-06 17:40:35 +01:00
Daan Selen
6374ea50b7 docs: update README 2026-02-06 17:38:50 +01:00
DaanSelen
f58e06ddec chore: edit readme 2026-01-29 16:48:44 +01:00
DaanSelen
30026a18bd fix: KeyError due to previous commit 2026-01-15 13:40:21 +01:00
DaanSelen
ea77ea1904 chore: add del to groups and devices 2026-01-15 13:38:31 +01:00
DaanSelen
cc454dff40 chore: add more ends of sentences 2026-01-06 08:48:33 +01:00
DaanSelen
cd10645056 chore: catch wrong keywords better 2026-01-02 15:54:04 +01:00
DaanSelen
a652ea99d3 chore: fix apparent missing reference 2026-01-02 15:01:15 +01:00
DaanSelen
e2cc746517 chore: add newline after content of meshbook in file 2026-01-02 09:40:37 +01:00
DaanSelen
9716a2376c release version 1.4 (#21) 
* chore: init working on history functions
rename classes

* refac: remove raw-result option. I cannot find a use ( I have found it later on )

* chore: add basic history directory checking

* chore: further expansion on the code. Now its christmas

* chore: rework some code and make a logging/history feature workable

---------

Co-authored-by: DaanSelen <dselen@systemec.nl>
 2025-12-29 10:55:57 +01:00
DaanSelen
3a0fc215d7 fix: increase default timeout 2025-11-17 09:01:16 +01:00
DaanSelen
dd1c97c56c chore: add debian version 2025-11-17 08:57:58 +01:00
DaanSelen
9d49032857 fix: when not specifying any, grab all 2025-11-05 15:53:38 +01:00
dependabot[bot]
a7601a302a Bump libmeshctrl from 1.2.2 to 1.3.2 (#19) 
Bumps [libmeshctrl](https://github.com/HuFlungDu/pylibmeshctrl) from 1.2.2 to 1.3.2.
- [Release notes](https://github.com/HuFlungDu/pylibmeshctrl/releases)
- [Changelog](https://github.com/HuFlungDu/pylibmeshctrl/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/HuFlungDu/pylibmeshctrl/compare/1.2.2...1.3.2)

---
updated-dependencies:
- dependency-name: libmeshctrl
  dependency-version: 1.3.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-23 13:45:28 +02:00
Daan Selen
4a92eb986c fix: increase consistency due to regression 2025-10-15 15:27:07 +02:00
dependabot[bot]
d248f0bcbe Bump libmeshctrl from 1.2.2 to 1.3.1 (#16) 
Bumps [libmeshctrl](https://github.com/HuFlungDu/pylibmeshctrl) from 1.2.2 to 1.3.1.
- [Release notes](https://github.com/HuFlungDu/pylibmeshctrl/releases)
- [Changelog](https://github.com/HuFlungDu/pylibmeshctrl/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/HuFlungDu/pylibmeshctrl/compare/1.2.2...1.3.1)

---
updated-dependencies:
- dependency-name: libmeshctrl
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-30 15:56:17 +02:00
dependabot[bot]
2fae74d600 Bump pyyaml from 6.0.2 to 6.0.3 (#17) 
Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](https://github.com/yaml/pyyaml/compare/6.0.2...6.0.3)

---
updated-dependencies:
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-30 15:53:46 +02:00
Daan Selen
465905a6ec feat: enable dependabot 2025-09-30 15:51:26 +02:00
Daan Selen
80ad7f865a refac: remove seemingly unneeded function 2025-09-25 15:40:58 +02:00
Daan Selen
9d2999476d refac: added some type checking and fixed a duplicate bug (apparently) 2025-09-25 09:49:19 +02:00
DaanSelen
82cc31e0f6 Update executor.py 2025-09-16 10:37:13 +02:00
Daan Selen
f34d1dc7ae refac(meshbook): rework the targeting module to now be case insensitive 2025-09-10 16:26:52 +02:00
DaanSelen
f0e9e40cca chore(docs): README correction 2025-09-10 13:28:42 +02:00
Daan Selen
208e9c1223 chore(os-handling): added Debian 13 to the default Debian list 2025-08-26 13:51:18 +02:00
DaanSelen
a736a74af6 Added more robust code checking (#15) 
Co-authored-by: Daan Selen <dselen@systemec.nl>
 2025-08-07 13:56:38 +02:00
DaanSelen
733136c1ab Version 1.3.1 (#14) 
* Looks to be manual overriding, testing now.

* Working

* Added a nice way of handling it intern

---------

Co-authored-by: Daan Selen <dselen@systemec.nl>
 2025-08-07 11:14:36 +02:00
Daan Selen
7e10b98c3b Edited template for totp_secret 2025-07-21 23:10:00 +02:00
Daan Selen
615a438003 Changed compatibility 2025-07-21 22:42:16 +02:00
Daan Selen
07d0b99c47 added pyotp in requirements 2025-07-21 22:29:09 +02:00
Daan Selen
2447f65599 Changed Readme. (With the help of some AI) 2025-07-16 20:43:45 +02:00
Daan Selen
e729c72c6a added support for totp 2025-07-11 16:24:21 +02:00
Daan Selen
b20d56170e bumped libmeshctrl 2025-06-30 20:51:11 +02:00
Daan Selen
f52464909a bump libmeshctrl 2025-06-15 21:27:16 +02:00
Daan Selen
4b741c8089 badge addition 2025-06-05 15:49:21 +02:00
Daan Selen
89a57e0a1b Made it more json friendly by removing spaces. 2025-05-02 15:16:49 +02:00
Daan Selen
764ed1ef10 Minor indentation change 2025-04-30 16:58:48 +02:00
Daan Selen
f857b79d82 Added dedicated var 2025-04-25 16:09:36 +02:00
dselen
58598d8d17 Rewrote Meshbook with submodules with classes (#12) 
* Massive update, bringing a lot of QoL. RC

* 0.5 seconds delay between tasks.
    insignificant for humans.
    Like a thousand years for computers to get ready.

* Added new features such as ignore_categorisation.

* Version 1.3 RC

* Added defaults.
 2025-04-25 16:03:07 +02:00
Daan Selen
ac4dd8994c Removed more prints 2025-04-07 16:55:58 +02:00
Daan Selen
7a60cd7280 hotfix 2025-04-07 16:52:19 +02:00
Daan
e2eca57a0a bump libmeshctrl 2025-04-01 22:17:20 +02:00
dselen
a4b6062c0e Merge pull request #10 from DaanSelen/tag_test 
Added targeting tags.
 2025-03-27 11:23:00 +01:00
Daan Selen
de4fe0258c added doc note about target_tag 2025-03-27 11:20:51 +01:00
Daan Selen
1d4b89a2ed Targeting tags seems to work well. Needing doc update. 2025-03-27 11:19:04 +01:00
Daan Selen
b2bf899d42 Renamed config due to autocorrect. 2025-03-27 10:15:21 +01:00
Daan Selen
0a211da4d6 Slight modification. 2025-03-27 10:11:33 +01:00
Daan Selen
1450416d62 Test new filtering logic. 2025-03-27 10:01:49 +01:00
Daan Selen
b0f34e9ea0 add target_tag in function parameters. 2025-03-26 16:58:12 +01:00
Daan Selen
47eef4cfb0 Added 'all' option to the groups option. 2025-03-04 11:57:41 +01:00
Daan Selen
ba74e038f7 Renamed meshcentral.conf -> meshbook.conf 2025-03-03 14:01:41 +01:00
Daan Selen
f1df522f61 Modified dir name in gitignore and changed disk info example. 2025-02-28 15:18:57 +01:00
Daan Selen
f5453353fe +el 2025-02-28 14:52:16 +01:00
Daan Selen
898098105c Small logic change. Added extra check and error handling. 2025-02-28 14:19:40 +01:00
Daan
6f945d30d7 Hotfix in powershell checking code. 2025-02-27 21:58:09 +01:00
Daan
a722c024f5 Expansion of previous commit. 2025-02-27 21:47:55 +01:00
Daan
db7ff19bfb changed .gitignore 
Added examples directory back if you want to customize them: cp examples meshbooks (which is ignored).
Added powershell support into the yaml (for Windows).
Added extra check in console output segment.
Updated readme.md
updated os_categories with Windows examples
Added more examples.
 2025-02-27 21:45:47 +01:00
Daan Selen
9caa52f59e pb -> mb reference. (M)esh(B)ook 2025-02-27 14:52:56 +01:00
Daan Selen
d62d80fb16 Changed hostname value. 2025-02-27 14:52:25 +01:00
Daan Selen
ff6e1f6cb7 Added submodule to meshbook (public) 2025-02-27 09:46:30 +01:00
Daan Selen
a4335ce8ac Expanded logic in replace_placeholder() function so this is easier to work with. 2025-02-25 10:39:07 +01:00
Daan Selen
30d49059c5 Bumped libmeshctrl after: https://github.com/HuFlungDu/pylibmeshctrl/issues/35 2025-02-18 08:43:08 +01:00
dselen
50e413581a Freeze websockets at 14.2 due to breakage. 2025-02-17 16:53:43 +01:00
Daan Selen
64bf28c565 Freeze websockets at 14.2 due to breakage. 2025-02-17 16:53:01 +01:00
dselen
4359a40eb3 Added slight change to fix some Windows JSON formatting. 
Merge pull request #6 from DaanSelen/dev
 2025-02-14 13:54:51 +01:00
Daan Selen
193cb546f4 Added slight change to fix some Windows JSON formatting. 2025-02-14 13:30:44 +01:00
dselen
aa1d6a1a97 Fix Windows terminal outputs. 
Merge pull request #5 from DaanSelen/dev
 2025-02-14 13:13:45 +01:00
Daan Selen
e69ad445e2 Fix Windows terminal outputs. 2025-02-14 13:03:35 +01:00
dselen
bd833456d0 Merge pull request #4 from DaanSelen/dev 
Tidying up everything and adding slight QoL changes.
 2025-02-13 15:37:29 +01:00
Daan Selen
7f0159a8fa Tidying up everything and adding slight QoL changes. 2025-02-13 15:21:18 +01:00
dselen
03683976a8 Added targeting of multiple groups and devices through a new 'keyword' 
Through a new sorting method, all cool and logically formatted.
 2025-02-13 14:27:02 +01:00
Daan Selen
4f75969ed8 Added multiple group and device targeting with 'groups' and 'devices'. Also more error handling. 2025-02-13 14:22:03 +01:00
Daan Selen
77b1cfc73c Changed documentation according to feedback. 2025-02-13 13:44:23 +01:00
dselen
ad220e8c1a Update operating_system_filtering.md 
reformat sentence. (a whole commit for that yes.)
 2025-02-13 12:30:58 +01:00
Daan Selen
b7b9fdaea7 Added minor changes (documentation) and indentation for readability. 
Readme correct referencing to new docs directory its file.
    couple comments and indentations to improve readability.
    Added a dummy Ubuntu 22 and MacOS categories as an example.
 2025-02-13 12:29:06 +01:00
Daan Selen
ab1105b058 Added OS filtering doc and supported (1 level deep) nested definition. 2025-02-13 12:20:03 +01:00
Daan Selen
9494aa14c9 Changed logic in device filtering and made code a little more readable with newlines. 2025-02-13 11:44:53 +01:00
Daan Selen
6a7ec78fe9 Updated OS categorisation and bumped libmeshctrl to 1.1.1 2025-02-12 16:58:20 +01:00
dselen
1779025a97 Update README.md 2025-02-11 16:27:30 +01:00
dselen
e0de06c57e Update requirements.txt 2025-02-11 16:26:33 +01:00
23 changed files with 1163 additions and 299 deletions
Expand all files Collapse all files

11
.github/dependabot.yml vendored Normal file
View File

@@ -0,0 +1,11 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"

5
.gitignore vendored
View File

@@ -1,9 +1,8 @@
*.conf
venv
books
.vscode
# temporary or to prevent big commits
examples/
important/
# Byte-compiled / optimized / DLL files
__pycache__/

331
README.md
View File

@@ -1,178 +1,273 @@
> [!NOTE]
> *If you experience issues or have suggestions, submit an issue! https://github.com/DaanSelen/meshbook/issues I'll respond ASAP!*
# Meshbook
A way to programmatically manage MeshCentral-managed machines, inspired by applications like [Ansible](https://github.com/ansible/ansible).<br>
What problem does it solve? Well, what I wanted to be able to do is to automate system updates through [MeshCentral](https://github.com/ylianst/meshcentral). And some machines are behind unmanaged or 3rd party managed firewalls.<br>
And many people will be comfortable with YAML configurations! It's almost like JSON, but different!<br>
[![CodeQL Advanced](https://github.com/DaanSelen/meshbook/actions/workflows/codeql.yaml/badge.svg)](https://github.com/DaanSelen/meshbook/actions/workflows/codeql.yaml)
# Quick-start:
> [!NOTE]
> 💬 If you experience issues or have suggestions, [submit an issue](https://github.com/DaanSelen/meshbook/issues) — I'll respond ASAP!
The quickest way to start is to grab a template from the templates folder in this repository.<br>
Make sure to correctly pass the MeshCentral websocket API as `wss://<MeshCentral-Host>`.<br>
And make sure to fill in the credentails of an account which has `Remote Commands` permissions on the targeted devices or groups.<br>
Meshbook is a tool to **programmatically manage MeshCentral-managed machines**, inspired by tools like [Ansible](https://github.com/ansible/ansible).
> I did this through a "Global Service" group which I added the meshbook account to!
## What problem does it solve?
Then make a yaml with a target and some commands! See below examples as a guideline. And do not forget to look at the bottom's notice.<br>
To install, follow the following commands:<br>
Meshbook is designed to:
### Linux setup:
* Automate system updates or commands across multiple systems via [MeshCentral](https://github.com/Ylianst/MeshCentral), even behind third-party-managed firewalls.
* Allow configuration using simple and readable **YAML files** (like Ansible playbooks).
* Simplify the use of **group-based** or **tag-based** device targeting.
```shell
## 🏁 Quick Start
### ✅ Prerequisites
* Python 3
* Access to a MeshCentral instance and credentials with:
* `Remote Commands`
* `Details`
* `Agent Console` permissions
A service account with access to the relevant device groups is recommended.
### 🔧 Installation
#### Linux
```bash
git clone https://github.com/daanselen/meshbook
cd ./meshbook
python3 -m venv ./venv
source ./venv/bin/activate
pip3 install -r ./requirements.txt
pip install -r requirements.txt
cp ./templates/api.conf.template ./api.conf
```
### Windows setup:
Next, make sure to fill in the following file:
```shell
```
nano ./api.conf
```
#### Windows (PowerShell)
```powershell
git clone https://github.com/daanselen/meshbook
cd ./meshbook
python3 -m venv ./venv
.\venv\Scripts\activate # Make sure to check the terminal prefix.
pip3 install -r ./requirements.txt
cd .\meshbook
python -m venv .\venv
.\venv\Scripts\activate
pip install -r .\requirements.txt
cp .\templates\api.conf.template .\api.conf
```
Now copy the configuration template from ./templates and fill it in with the correct details. The url should start with `wss://`.<br>
After this you can use meshbook, for example:
Also here, make sure to fill in the `./api.conf` file.
### Linux run:
```shell
python3 .\meshbook.py -pb .\examples\echo.yaml
> [!CAUTION]
> Meshbook will not work without a properly filled in `api.conf` file.
## 🚀 Running Meshbook
Once installed and configured, run a playbook like this:
### Linux:
```bash
python3 meshbook.py -mb ./examples/echo_example.yaml
```
### Windows run:
### Windows:
```shell
.\venv\Scripts\python.exe .\meshbook.py -pb .\examples\echo.yaml
```powershell
.\venv\Scripts\python.exe .\meshbook.py -mb .\examples\echo_example.yaml
```
### How to check if everything is okay?
Use `--help` to explore available command-line options:
The python virtual environment can get messed up, therefore...<br>
To check if everything is in working order, make sure that the lists from the following commands are aligned:
```
python3 -m pip list
pip3 list
```bash
python3 meshbook.py --help
```
If not, perhaps you are using the wrong executable, the wrong environment and so on...
## 🛠️ Creating Configurations
# How to create a configuration?
Meshbook configurations are written in YAML. Below is an overview of supported fields.
This paragraph explains how the program interprets certain information.
### Targeting:
MeshCentral has `meshes` or `groups`, in this program they are called `group(s)`. Because of the way I designed this.<br>
So to target for example a mesh/group in MeshCentral called: "Nerthus" do:
> If your group has multiple words, then you need to use `"` to group the words.
### ▶️ Group Targeting (Primary*)
```yaml
---
name: example configuration
group: "Nerthus"
name: My Configuration
group: "Dev Machines"
powershell: true
variables:
- name: var1
value: "This is the first variable"
- name: message
value: "Hello from Meshbook"
tasks:
- name: echo the first variable!
command: 'echo "{{ var1 }}"'
- name: Echo a message
command: 'echo "{{ message }}"'
```
It is also possible to target a single device, as seen in: [here](./examples/apt_update_example.yaml).<br>
* `group`: MeshCentral group (aka "mesh"). Quotation marks required for multi-word names.
* `powershell`: Set `true` for PowerShell commands on Windows clients.
### Variables:
### ▶️ Device Targeting (Secondary*)
Variables are done by replacing the placeholders just before the runtime (the Python program does this, not you).<br>
So if you have var1 declared, then the value of that declaration is placed wherever it finds {{ var1 }}.<br>
This is done to imitate popular methods. See below [from the example](./examples/variable_usage_example.yaml).<br>
You can also target a **specific device** rather than a group. See [`apt_update_example.yaml`](./examples/linux/apt_update_example.yaml) for reference.
### Tasks:
### ▶️ Variables
The tasks you want to run should be contained under the `tasks:` with two fields, `name` and `command`.<br>
The name field is for the user of meshbook, to clarify what the following command does in a summary.<br>
The command field actually gets executed on the end-point.<br>
### Granual Operating System control:
I have made the program so it can have a basic filter with the Operating systems. If you have a mixed group, then you need to match the image below like this:
<img src="./assets/meshcentral_os.png" alt="MeshCentral Operating System Version" width="600"/><br>
<img src="./assets/meshbook_yaml_os.png" alt="MeshBook yaml example" width="600"/>
This will filter the nodes/machines in the MeshCentral group to the ones matching this. Very basic and open for feedback. This must match the full string, not case sensitive.
# Example:
For the example, I used the following yaml file (you can find more in [this directory](./examples/)):
The below group: `Dev` has three devices, of which one is offline, Meshbook checks if the device is reachable.<br>
You can expand the command chain as follows:<br>
Variables are replaced by Meshbook before execution. Syntax:
```yaml
---
name: Echo a string to the terminal through the meshbook example.
variables:
- name: example_var
value: "Example value"
tasks:
- name: Use the variable
command: 'echo "{{ example_var }}"'
```
* Primary and Secondary mark the order in which will take prescendence
### ▶️ Tasks
Define multiple tasks:
```yaml
tasks:
- name: Show OS info
command: "cat /etc/os-release"
```
Each task must include:
* `name`: Description for human readability.
* `command`: The actual shell or PowerShell command.
## 🪟 Windows Client Notes
* Keep your `os_categories.json` up to date for proper OS filtering.
* Ensure Windows commands are compatible (use `powershell: true` if needed).
* Examples are available in [`examples/windows`](./examples/windows).
## 🔎 OS & Tag Filtering
### Filter by OS
You can limit commands to specific OS types:
```yaml
target_os: "Linux" # As defined in os_categories.json
```
See [docs/operating\_system\_filtering.md](./docs/operating_system_filtering.md) for details.
### Filter by Tag
You can also filter using MeshCentral tags:
```yaml
target_tag: "Production"
```
> ⚠️ Tag values are **case-sensitive**.
## 📋 Example Playbook
```yaml
name: Echo OS Info
group: "Dev"
target_os: "Linux"
variables:
- name: file
value: "/etc/os-release"
tasks:
- name: Echo!
- name: Show contents of os-release
command: "echo $(cat {{ file }})"
```
The following response it received when executing the first yaml of the above files (without the `-s` parameters, which just outputs the below JSON).
Sample output:
```shell
python3 meshbook.py -pb examples/echo_example.yaml
----------------------------------------
Trying to load the MeshCentral account credential file...
Trying to load the Playbook yaml file and compile it into something workable...
Connecting to MeshCentral and establish a session using variables from previous credential file.
Generating group list with nodes and reference the targets from that.
----------------------------------------
Executing playbook on the targets.
1. Running: Echo!
----------------------------------------
```json
{
"Task 1": [
{
"complete": true,
"result": "PRETTY_NAME=\"Debian GNU/Linux 12 (bookworm)\" NAME=\"Debian GNU/Linux\" VERSION_ID=\"12\" VERSION=\"12 (bookworm)\" VERSION_CODENAME=bookworm ID=debian HOME_URL=\"https://www.debian.org/\" SUPPORT_URL=\"https://www.debian.org/support\" BUG_REPORT_URL=\"https://bugs.debian.org/\"\n",
"command": "echo $(cat /etc/os-release)",
"device_id": "<Node-Unique>",
"device_name": "raspberrypi5"
},
{
"complete": true,
"result": "PRETTY_NAME=\"Debian GNU/Linux 12 (bookworm)\" NAME=\"Debian GNU/Linux\" VERSION_ID=\"12\" VERSION=\"12 (bookworm)\" VERSION_CODENAME=bookworm ID=debian HOME_URL=\"https://www.debian.org/\" SUPPORT_URL=\"https://www.debian.org/support\" BUG_REPORT_URL=\"https://bugs.debian.org/\"\n",
"command": "echo $(cat /etc/os-release)",
"device_id": "<Node-Unique>",
"device_name": "Cubic"
}
"task 1": {
"task_name": "Show contents of os-release",
"data": [
{
"command": "echo $(cat /etc/os-release)",
"result": [
"NAME=\"Ubuntu\"",
"VERSION=\"22.04.4 LTS (Jammy Jellyfish)\""
],
"complete": true,
"device_name": "dev-host1"
}
]
}
}
```
The above without `-s` is quite verbose. use `--help` to read about parameters and getting a minimal response for example.
# Important Notice:
## ⚠ Blocking Commands Warning
If you want to use this, make sure to use `NON-BLOCKING` commands. MeshCentral does not work if you send it commands that wait.<br>
A couple examples of `BLOCKING COMMANDS` which will never get back to the main MeshCentral server, and Meshbook will quit after the timeout but the agent will not come back:
Avoid using commands that **block indefinitely** — MeshCentral requires **non-blocking** execution.
```shell
apt upgrade # without -y.
🚫 Examples of bad (blocking) commands:
sleep infinity
ping 1.1.1.1 # without a -c flag (because it pings forever).
```bash
apt upgrade # Without -y
sleep infinity # Will never return
ping 1.1.1.1 # Without -c
```
✅ Use instead:
```bash
apt upgrade -y
sleep 3s
ping 1.1.1.1 -c 1
```
## 🧪 Check Python Environment
Sometimes the wrong Python interpreter or environment is used. To verify:
```bash
python3 -m pip list
pip3 list
```
The lists should match. If not, make sure the correct environment is activated.
## 📂 Project Structure (excerpt)
```bash
meshbook/
├── books/
│ ├── apt-update.yaml
│ └── rdp.yaml
├── examples/
│ ├── linux/
│ │ ├── apt_update_example.yaml
│ │ └── ...
│ └── windows/
│ ├── get_sys_info.yaml
│ └── ...
├── modules/
│ ├── executor.py
│ └── utilities.py
├── meshbook.py
├── os_categories.json
├── requirements.txt
├── templates/
│ └── api.conf.template
```
## 📄 License
This project is licensed under the terms of the GPL3 License. See [LICENSE](./LICENSE).

BIN
assets/meshbook_yaml_os.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 14 KiB

BIN
assets/meshcentral_os.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 68 KiB

65
docs/operating_system_filtering.md Normal file
View File

@@ -0,0 +1,65 @@
# **Understanding the OS Filtering Mechanism**
## **Overview**
This function filters devices based on their **reachability** and an optional **OS category filter**. It supports:
- **Broad OS categories** (e.g., `"Linux"` includes all OS versions under `"Linux"`)
- **Specific OS categories** (e.g., `"Debian"` only includes OS versions under `"Linux" -> "Debian"`)
- **Single category selection** (Only `target_os="Linux"` OR `target_os="Debian"` is used, never both at once)
---
## **How It Works (Simplified)**
### **1. OS Category Expansion**
The function first expands the `target_os` category by retrieving all valid OS names under it.
#### **Example OS Category Structure:**
```json
{
"Linux": {
"Debian": [
"Debian GNU/Linux 12 (bookworm)",
"Debian GNU/Linux 11 (bullseye)"
],
"Ubuntu": [
"Ubuntu 24.04.1 LTS"
]
}
}
```
#### **Expanding Different `target_os` Values:**
| `target_os` | Expanded OS Versions |
|--------------|---------------------------------------------------|
| `"Linux"` | `{ "Debian GNU/Linux 12 (bookworm)", "Debian GNU/Linux 11 (bullseye)", "Ubuntu 24.04.1 LTS" }` |
| `"Debian"` | `{ "Debian GNU/Linux 12 (bookworm)", "Debian GNU/Linux 11 (bullseye)" }` |
---
### **2. Device Filtering**
Once the function has the allowed OS versions, it checks each device:
#### **Example Device List:**
```json
[
{"device_id": "A1", "device_os": "Debian GNU/Linux 12 (bookworm)", "reachable": true},
{"device_id": "A2", "device_os": "Ubuntu 24.04.1 LTS", "reachable": true},
{"device_id": "A3", "device_os": "Windows 11", "reachable": true},
{"device_id": "A4", "device_os": "Debian GNU/Linux 11 (bullseye)", "reachable": false}
]
```
#### **Filtering Behavior:**
| Device ID | Device OS | Reachable | Matches `target_os="Linux"` | Matches `target_os="Debian"` |
|-----------|----------------------------------|-----------|-------------------------------|-------------------------------|
| A1 | Debian GNU/Linux 12 (bookworm) | ✅ | ✅ | ✅ |
| A2 | Ubuntu 24.04.1 LTS | ✅ | ✅ | ❌ |
| A3 | Windows 11 | ✅ | ❌ | ❌ |
| A4 | Debian GNU/Linux 11 (bullseye) | ❌ | ❌ (Unreachable) | ❌ (Unreachable) |
#### **Final Output:**
- If `target_os="Linux"`: `["A1", "A2"]`
- If `target_os="Debian"`: `["A1"]`
- If `target_os=None` or `target_os` is undefined: `["A1", "A2", "A3"]`

1
examples/variable_usage_example.yaml → examples/all_variable_usage_example.yaml
View File

@@ -1,6 +1,7 @@
---
name: Ping Multiple Points
group: "Kubernetes"
#target_os: "Debian"
variables:
- name: host1
value: "1.1.1.1"

5
examples/aggregate_example.yaml → examples/linux/aggregate_example.yaml
View File

@@ -1,6 +1,7 @@
---
name: Echo some text in the terminal of the device
group: "Dev"
group: "Development"
target_os: "Linux" # <----
variables:
- name: package_manager
value: "apt"
@@ -28,4 +29,4 @@ tasks:
command: "ping {{ google_dns }} -c 4"
- name: Ping Quad9 DNS
command: "ping {{ quad9_dns }} -c 4"
command: "ping {{ quad9_dns }} -c 4"

7
examples/apt_update_example.yaml → examples/linux/apt_update_example.yaml
View File

@@ -1,12 +1,13 @@
---
name: Refresh the apt cache
device: Cubic
device: "<Device-Name>"
#target_os: "Linux"
variables:
- name: package_manager
value: "apt"
tasks:
- name: refresh the cache
- name: refresh the {{ package_manager }} cache
command: "{{ package_manager }} update"
- name: display available upgrades
- name: display available upgrades with {{ package_manager }}
command: "{{ package_manager }} list --upgradable"

1
examples/apt_upgrade_example.yaml → examples/linux/apt_upgrade_example.yaml
View File

@@ -1,6 +1,7 @@
---
name: Refresh the apt cache
group: "Dev"
#target_os: "Linux"
variables:
- name: package_manager
value: "apt"

8
examples/linux/disk_info.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
name: Use DF to get drive information in JSON.
group: Systemec Development
target_os: "Linux"
tasks:
- name: Get disk-info with df returning JSON.
command: >
df -Th -x overlay -x tmpfs -x devtmpfs | awk 'NR>1 {printf "%s{\"size\":\"%s\",\"used\":\"%s\",\"available\":\"%s\",\"mount_point\":\"%s\",\"type\":\"%s\"}", (NR==2?"[":","), $3, $4, $5, $7, $2} END {print "]"}'

4
examples/echo_example.yaml → examples/linux/echo_example.yaml
View File

@@ -1,7 +1,7 @@
---
name: Echo a string to the terminal through the meshbook example.
group: "Dev"
target_os: Debian GnU/Linux 12 (bookworm)
group: "Development"
target_os: "Linux"
variables:
- name: file
value: "/etc/os-release"

11
examples/windows/get_sys_info.yaml Normal file
View File

@@ -0,0 +1,11 @@
---
name: Echo a string to the terminal through the meshbook example.
group: "Endpoint"
target_os: "Windows"
powershell: True
#variables:
# - name: file
# value: "/etc/os-release"
tasks:
- name: Echo!
command: "Get-ComputerInfo | Select-Object CsName, OsName, OsArchitecture, OsLastBootUpTime | Write-Output"

8
examples/windows/get_update_info.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
name: Echo a string to the terminal through the meshbook example.
group: "Endpoint"
target_os: "Windows"
powershell: True
tasks:
- name: Get some update information
command: "Get-HotFix | Select-Object PSComputerName, HotFixID, InstalledOn"

16
examples/windows/multiline_example.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
name: Echo a string to the terminal through the meshbook example.
group: "Endpoint"
target_os: "Windows"
powershell: True
#variables:
# - name: file
# value: "/etc/os-release"
tasks:
- name: Echo!
command: >
$systemInfo = Get-ComputerInfo | Select-Object CsName, OsName, OsArchitecture, OsLastBootUpTime;
$systemInfo | Format-Table -AutoSize;
Write-Output "I like monkeys.";
Get-SystemLanguage | Write-Output;
Get-ComputerInfo | Format-List;

419
meshbook.py
View File

@@ -1,197 +1,286 @@
#!/bin/python3
# Public Python libraries
import argparse
import asyncio
from base64 import b64encode
from configparser import ConfigParser
from colorama import just_fix_windows_console
import pyotp
import json
import math
import meshctrl
import os
import yaml
'''
Script utilities are handled in the following section.
'''
# Local Python libraries/modules
from modules.console import Console
from modules.executor import Executor
from modules.history import History
from modules.utilities import Transform, Utilities
class ScriptEndTrigger(Exception):
pass
meshbook_version = "1.3.2"
grace_period = 3 # Grace period will last for x (by default 3) second(s).
def output_text(message: str, required=False):
if required:
print(message)
elif not args.silent:
print(message)
def define_cmdargs() -> argparse.ArgumentParser:
parser = argparse.ArgumentParser(description="Process command-line arguments")
async def load_config(conf_file: str = './api.conf', segment: str = 'meshcentral-account') -> ConfigParser:
if not os.path.exists(conf_file):
raise ScriptEndTrigger(f'Missing config file {conf_file}. Provide an alternative path.')
parser.add_argument("-mb", "--meshbook", type=str, help="Path to the meshbook yaml file.")
config = ConfigParser()
try:
config.read(conf_file)
except Exception as err:
raise ScriptEndTrigger(f"Error reading configuration file '{conf_file}': {err}")
if segment not in config:
raise ScriptEndTrigger(f'Segment "{segment}" not found in config file {conf_file}.')
parser.add_argument("--historydir", type=str, help="Define a custom history log directory (default: ./history).", default="./history")
parser.add_argument("--nohistory", action="store_true", help="Disable the logging of the history into a local log (text) file inside './history'.")
parser.add_argument("--flushhistory", action="store_true", help="Clear old history logs before running the Meshbook.")
return config[segment]
parser.add_argument("-oc", "--oscategories", type=str, help="Path to the Operating System categories JSON file.", default="./os_categories.json")
parser.add_argument("--conf", type=str, help="Path for the API configuration file (default: ./config.conf).", default="./api.conf")
parser.add_argument("--nograce", action="store_true", help="Disable the grace 3 seconds before running the meshbook.")
parser.add_argument("-g", "--group", type=str, help="Specify a manual override for the group.", default="")
parser.add_argument("-d", "--device", type=str, help="Specify a manual override for a device.", default="")
parser.add_argument("-i", "--indent", action="store_true", help="Use an JSON indentation of 4 when this flag is passed.", default=False)
parser.add_argument("-s", "--silent", action="store_true", help="Suppress terminal output.", default=False)
parser.add_argument("--shlex", action="store_true", help="Shlex the lines. (SHell LEXical Analysis)", default=False)
parser.add_argument("--version", action="store_true", help="Show the Meshbook version.")
return parser
async def init_connection(credentials: dict) -> meshctrl.Session:
session = meshctrl.Session(
credentials['websocket_url'],
user=credentials['username'],
password=credentials['password']
)
'''
Use the libmeshctrl library to initiate a Secure Websocket (wss) connection to the MeshCentral instance.
'''
if "totp_secret" in credentials:
totp = pyotp.TOTP(credentials["totp_secret"])
otp = totp.now()
session = meshctrl.Session(
credentials['hostname'],
user=credentials['username'],
password=credentials['password'],
token=otp
)
else:
session = meshctrl.Session(
credentials['hostname'],
user=credentials['username'],
password=credentials['password']
)
await session.initialized.wait()
return session
async def translate_id_to_name(target_id: str, group_list: dict) -> str:
for group in group_list:
for device in group_list[group]:
if device["device_id"] == target_id:
return device["device_name"]
'''
Creation and compilation happends in the following section, where the yaml gets read in, and edited accordingly.
'''
async def compile_book(playbook_file: dict) -> dict:
playbook = open(playbook_file, 'r')
playbook = await replace_placeholders(yaml.safe_load(playbook))
return playbook
async def replace_placeholders(playbook: dict) -> dict:
variables = {var["name"]: var["value"] for var in playbook.get("variables", [])}
for task in playbook.get("tasks", []):
command = task.get("command", "")
for var_name, var_value in variables.items():
placeholder = f"{{{{ {var_name} }}}}" # Create the placeholder string like "{{ host1 }}"
command = command.replace(placeholder, var_value)
task["command"] = command
return playbook
'''
Creation and compilation of the MeshCentral nodes list (list of all nodes available to the user in the configuration) is handled in the following section.
'''
async def compile_group_list(session: meshctrl.Session) -> dict:
devices_response = await session.list_devices(details=False, timeout=10)
local_device_list = {}
for device in devices_response:
if device.meshname not in local_device_list:
local_device_list[device.meshname] = []
local_device_list[device.meshname].append({
"device_id": device.nodeid,
"device_name": device.name,
"device_os": device.os_description,
"device_tags": device.tags,
"reachable": device.connected
})
return local_device_list
async def gather_targets(playbook: dict, group_list: dict) -> dict:
target_list = []
if "device" in playbook and "group" not in playbook:
pseudo_target = playbook["device"]
for group in group_list:
for device in group_list[group]:
if device["reachable"] and pseudo_target == device["device_name"]:
if "target_os" in playbook and str(playbook["target_os"]).lower() == str(device["device_os"]).lower():
target_list.append(device["device_id"])
elif "target_os" not in playbook:
target_list.append(device["device_id"])
elif "group" in playbook and "device" not in playbook:
pseudo_target = playbook["group"]
for group in group_list:
if pseudo_target == group:
for device in group_list[group]:
if device["reachable"]:
if "target_os" in playbook and str(playbook["target_os"]).lower() == str(device["device_os"]).lower():
target_list.append(device["device_id"])
elif "target_os" not in playbook:
target_list.append(device["device_id"])
return target_list
async def execute_playbook(session: meshctrl.Session, targets: dict, playbook: dict, group_list: dict) -> None:
responses_list = {}
round = 1
for task in playbook["tasks"]:
output_text(("\033[1m\033[92m" + str(round) + ". Running: " + task["name"] + "\033[0m"), False)
response = await session.run_command(nodeids=targets, command=task["command"], ignore_output=False, timeout=900)
task_batch = []
for device in response:
device_result = response[device]["result"]
response[device]["result"] = device_result.replace("Run commands completed.", "")
response[device]["device_id"] = device
response[device]["device_name"] = await translate_id_to_name(device, group_list)
task_batch.append(response[device])
responses_list["Task " + str(round)] = {
"task_name": task["name"],
"data": task_batch
}
round += 1
output_text(("-" * 40), False)
output_text((json.dumps(responses_list,indent=4)), True)
async def main():
parser = argparse.ArgumentParser(description="Process command-line arguments")
parser.add_argument("-pb", "--playbook", type=str, help="Path to the playbook file.", required=True)
parser.add_argument("--conf", type=str, help="Path for the API configuration file (default: ./api.conf).", required=False)
parser.add_argument("--nograce", action="store_true", help="Disable the grace 3 seconds before running the playbook.", required=False)
parser.add_argument("-s", "--silent", action="store_true", help="Suppress terminal output", required=False)
local_categories_file = "./os_categories.json"
global args
just_fix_windows_console()
'''
Main function where the program starts. Place from which all comands originate (eventually).
'''
# Define the cmd arguments
parser = define_cmdargs()
args = parser.parse_args()
try:
output_text(("-" * 40), False)
output_text(("\x1B[3mTrying to load the MeshCentral account credential file...\x1B[0m"), False)
output_text(("\x1B[3mTrying to load the Playbook yaml file and compile it into something workable...\x1B[0m"), False)
if args.version:
Console.print_text(args.silent,
Console.text_color.reset + "MeshBook Version: " + Console.text_color.yellow + str(meshbook_version))
return
credentials, playbook = await asyncio.gather(
(load_config() if args.conf is None else load_config(args.conf)),
(compile_book(args.playbook))
if not args.meshbook:
parser.print_help()
return
try:
with open(local_categories_file, "r") as file:
os_categories = json.load(file)
if not Utilities.path_exist(args.meshbook) or Utilities.path_type(args.meshbook) != "File":
Console.print_text(args.silent,
Console.text_color.red + "The given meshbook path is either not present on the filesystem or not a file.")
return
credentials, meshbook = await asyncio.gather(
(Utilities.load_config(args)),
(Utilities.compile_book(args.meshbook))
)
output_text(("\x1B[3mConnecting to MeshCentral and establish a session using variables from previous credential file.\x1B[0m"), False)
session = await init_connection(credentials)
output_text(("\x1B[3mGenerating group list with nodes and reference the targets from that.\x1B[0m"), False)
group_list = await compile_group_list(session)
targets_list = await gather_targets(playbook, group_list)
if args.group != "":
meshbook["group"] = args.group
if "device" in meshbook:
del meshbook["device"]
if "devices" in meshbook:
del meshbook["devices"]
elif args.device != "":
meshbook["device"] = args.device
if "group" in meshbook:
del meshbook["group"]
if "groups" in meshbook:
del meshbook["groups"]
if len(targets_list) == 0:
output_text(("\033[91mNo targets found or targets unreachable, quitting.\x1B[0m"), True)
'''
The following section mainly displays used variables and first steps of the program to the Console.
'''
# INIT ARGUMENTS PRINTING
Console.print_line(args.silent)
Console.print_text(args.silent,
"meshbook: " + Console.text_color.yellow + args.meshbook + Console.text_color.reset + ".")
Console.print_text(args.silent,
"Operating System Categorisation file: " + Console.text_color.yellow + args.oscategories + Console.text_color.reset + ".")
Console.print_text(args.silent,
"Configuration file: " + Console.text_color.yellow + args.conf + Console.text_color.reset + ".")
# TARGET OS PRINTING
if "target_os" in meshbook:
Console.print_text(args.silent,
"Target Operating System category given: " + Console.text_color.yellow + meshbook["target_os"] + Console.text_color.reset + ".")
else:
output_text(("-" * 40), False)
target_name = playbook["group"] if "group" in playbook else playbook["device"] # Quickly get the name.
output_text(("\033[91mExecuting playbook on the target(s): " + target_name + ".\x1B[0m"), False)
if not args.nograce:
output_text(("\033[91mInitiating grace-period...\x1B[0m"), False)
for x in range(3):
output_text(("\033[91m{}...\x1B[0m".format(x+1)), False)
await asyncio.sleep(1)
output_text(("-" * 40), False)
await execute_playbook(session, targets_list, playbook, group_list)
Console.print_text(args.silent,
"Target Operating System category given: " + Console.text_color.yellow + "All" + Console.text_color.reset + ".")
await session.close()
# Should Meshbook ignore categorisation?
if "ignore_categorisation" in meshbook:
Console.print_text(args.silent,
"Ignore the OS Categorisation file: " + Console.text_color.yellow + str(meshbook["ignore_categorisation"]) + Console.text_color.reset + ".")
if meshbook["ignore_categorisation"]:
Console.print_text(args.silent,
Console.text_color.red + "!!!!\n" +
Console.text_color.yellow +
"Ignore categorisation is True.\nThis means that the program checks if the target Operating System is somewhere in the reported device Operating System." +
Console.text_color.red + "\n!!!!")
else:
Console.print_text(args.silent,
"Ignore the OS Categorisation file: " + Console.text_color.yellow + "False" + Console.text_color.reset + ".")
# TARGET TAG PRINTING
if "target_tag" in meshbook:
Console.print_text(args.silent,
"Target Device tag given: " + Console.text_color.yellow + meshbook["target_tag"] + Console.text_color.reset + ".")
else:
Console.print_text(args.silent,
"Target Device tag given: " + Console.text_color.yellow + "All" + Console.text_color.reset + ".")
# TARGET PRINTING
if "device" in meshbook:
Console.print_text(args.silent,
"Target device: " + Console.text_color.yellow + str(meshbook["device"]) + Console.text_color.reset + ".")
elif "devices" in meshbook:
Console.print_text(args.silent,
"Target devices: " + Console.text_color.yellow + str(meshbook["devices"]) + Console.text_color.reset + ".")
elif "group" in meshbook:
Console.print_text(args.silent,
"Target group: " + Console.text_color.yellow + str(meshbook["group"]) + Console.text_color.reset + ".")
elif "groups" in meshbook:
Console.print_text(args.silent,
"Target groups: " + Console.text_color.yellow + str(meshbook["groups"]) + Console.text_color.reset + ".")
# RUNNING PARAMETERS PRINTING
Console.print_text(args.silent, "Grace: " + Console.text_color.yellow + str(not args.nograce) + Console.text_color.reset + ".") # Negation of bool for correct explanation
Console.print_text(args.silent, "Silent: " + Console.text_color.yellow + "False" + Console.text_color.reset + ".") # Can be pre-defined because if silent flag was passed then none of this would be printed.
session = await init_connection(credentials)
# PROCESS PRINTING aka what its doing in the moment...
Console.print_line(args.silent)
Console.print_text(args.silent,
Console.text_color.italic + "Trying to load the MeshCentral account credential file...")
Console.print_text(args.silent,
Console.text_color.italic + "Trying to load the meshbook yaml file and compile it into something workable...")
Console.print_text(args.silent,
Console.text_color.italic + "Trying to load the Operating System categorisation JSON file...")
Console.print_text(args.silent,
Console.text_color.italic + "Connecting to MeshCentral and establish a session using variables from previous credential file.")
Console.print_text(args.silent,
Console.text_color.italic + "Generating group list with nodes and reference the targets from that.")
'''
End of the main information displaying section.
'''
group_list = await Transform.compile_group_list(session)
compiled_device_list = await Utilities.gather_targets(args.silent, meshbook, group_list, os_categories)
# Check if we have reachable targets on the MeshCentral host
if "target_list" not in compiled_device_list or len(compiled_device_list["target_list"]) == 0:
Console.print_text(args.silent,
Console.text_color.red + "No targets found or targets unreachable, quitting.")
Console.print_line(args.silent)
return
Console.print_line(args.silent)
match meshbook:
case {"group": candidate_target_name}:
target_name = candidate_target_name
case {"groups": candidate_target_name}:
target_name = str(candidate_target_name)
case {"device": candidate_target_name}:
target_name = candidate_target_name
case {"devices": candidate_target_name}:
target_name = str(candidate_target_name)
case _:
target_name = ""
# Initialize the history / logging functions class (whatever you want to name it)
history = History(args.silent, args.historydir, args.flushhistory)
# Conclude history initlialization
Console.print_line(args.silent)
# From here on the actual exection happens
Console.print_text(args.silent,
Console.text_color.yellow + "Executing meshbook on the target(s): " + Console.text_color.green + target_name + Console.text_color.yellow + ".")
if not args.nograce:
Console.print_text(args.silent,
Console.text_color.yellow + "Initiating grace-period...")
for x in range(grace_period):
Console.print_text(args.silent,
Console.text_color.yellow + "{}...".format(x+1)) # Countdown!
await asyncio.sleep(1)
Console.print_line(args.silent)
complete_log = await Executor.execute_meshbook(args.silent,
args.shlex,
session,
compiled_device_list,
meshbook,
group_list)
Console.print_line(args.silent)
indent = None
if args.indent: indent = 4
formatted_history = json.dumps(complete_log,indent=indent)
Console.print_text(args.silent, formatted_history, 9)
# Pass the output of the whole program to the history class
if args.nohistory:
Console.print_text(args.silent, "Not writing to file.")
else:
Console.print_text(args.silent, "Writing to file...")
history.write_history(formatted_history)
except OSError as message:
output_text(message, True)
Console.print_text(
args.silent,
Console.text_color.red + f'{message}'
)
except asyncio.CancelledError:
Console.print_text(
args.silent,
Console.text_color.red + "Received SIGINT, Aborting - (Tasks may still be running on targets)."
)
raise
finally:
await session.close()
if __name__ == "__main__":
asyncio.run(main())
try:
asyncio.run(main())
except KeyboardInterrupt:
Console.print_text(False, Console.text_color.red + "Cancelled execution.")

54
modules/console.py Normal file
View File

@@ -0,0 +1,54 @@
# Public Python libraries
import argparse
from datetime import datetime
class Console:
class text_color:
black = "\033[30m"
red = "\033[31m"
green = "\033[32m"
yellow = "\033[33m"
blue = "\033[34m"
magenta = "\033[35m"
cyan = "\033[36m"
white = "\033[37m"
italic = "\x1B[3m"
reset = "\x1B[0m"
@staticmethod
def print_text(silent: bool, message: str, prefix_select: int = 0) -> None:
'''
Helper function for terminal output, with a couple variables for the silent flag. Also clears terminal color each time.
int tag_select legend:
0 / default = timestamp
1 = info
2 = warn
3 = err
4 = fatal
9 = nothing
'''
match prefix_select:
case 1:
tag_prefix = "[INFO] "
case 2:
tag_prefix = "[WARN] "
case 3:
tag_prefix = "[ERROR] "
case 4:
tag_prefix = "[FATAL] "
case 9:
tag_prefix = ""
case _:
tag_prefix = f"{datetime.now().strftime('%Y-%m-%d %H:%M:%S')} "
if not silent:
print(tag_prefix + message + Console.text_color.reset)
@staticmethod
def print_line(silent: bool, special: bool = False) -> None:
if not silent:
if special:
print("-=-" * 40)
else:
print(("-" * 40))

55
modules/executor.py Normal file
View File

@@ -0,0 +1,55 @@
# Public Python libraries
import argparse
import json
import meshctrl
from time import sleep
# Local Python libraries/modules
from modules.console import Console
from modules.utilities import Transform
intertask_delay = 1
class Executor:
@staticmethod
async def execute_meshbook(silent: bool, enable_shlex: bool, session: meshctrl.Session, compiled_device_list: dict, meshbook: dict, group_list: dict) -> dict:
'''
Actual function that handles meshbook execution, also responsible for formatting the resulting JSON.
'''
complete_log = {}
targets = compiled_device_list["target_list"]
offline = compiled_device_list["offline_list"]
round = 1
for task in meshbook["tasks"]:
Console.print_text(silent,
Console.text_color.green + str(round) + ". Running: " + task["name"])
if "powershell" in meshbook and meshbook["powershell"]:
response = await session.run_command(nodeids=targets, command=task["command"],powershell=True,ignore_output=False,timeout=1800)
else:
response = await session.run_command(nodeids=targets, command=task["command"],powershell=False,ignore_output=False,timeout=1800)
task_batch = []
for device in response:
device_result = response[device]["result"]
response[device]["result"] = device_result.replace("Run commands completed.", "")
response[device]["device_id"] = device
response[device]["device_name"] = await Transform.translate_nodeid_to_name(device, group_list)
task_batch.append(response[device])
complete_log["task_" + str(round)] = {
"task_name": task["name"],
"data": task_batch
}
round += 1
sleep(intertask_delay) # Sleep for x amount of time.
for index, device in enumerate(offline): # Replace Device_id with actual human readable name
device_name = await Transform.translate_nodeid_to_name(device, group_list)
offline[index] = device_name
complete_log["Offline"] = offline
# Return the result
return Transform.process_shell_response(enable_shlex, complete_log)

48
modules/history.py Normal file
View File

@@ -0,0 +1,48 @@
import os
from datetime import datetime
from modules.console import Console
class History():
def __init__(self, silent: bool, history_directory: str, flush_history: bool) -> None:
'''
Init function to declare some stuff and make sure we are good to go, mostly the directory.
'''
self.silent = silent
self.history_directory = history_directory
if not os.path.exists(history_directory):
Console.print_text(silent, "Directory absent, trying to create it now...")
try:
os.mkdir(history_directory)
except PermissionError:
Console.print_text(silent, Console.text_color.red + f"Failed to create directory, permission error.")
return
history_items = os.listdir(history_directory)
if len(history_items) == 1:
Console.print_text(silent, f"There is {len(history_items)} history item.")
else:
Console.print_text(silent, f"There are {len(history_items)} history items.")
if flush_history:
self.remove_history(history_items)
def remove_history(self, history_items: list[str]) -> None:
if not os.access(self.history_directory, os.W_OK):
Console.print_text(self.silent, Console.text_color.red + "Unable to flush history logs, no write access.")
return
for item in history_items:
stitched_path = f"{self.history_directory}/{item}"
Console.print_text(self.silent, f"Removing: {item}.")
os.remove(stitched_path)
def write_history(self, history: dict) -> bool:
stitched_file = f"{self.history_directory}/meshbook_run_{datetime.now().strftime('%Y_%m_%d_%H_%M_%S')}.log"
with open(stitched_file, "x") as f:
f.write(history + "\n")

373
modules/utilities.py Normal file
View File

@@ -0,0 +1,373 @@
# Public Python libraries
import argparse
from configparser import ConfigParser
import meshctrl
import os
import shlex
import yaml
from modules.console import Console
'''
Creation and compilation of the MeshCentral nodes list (list of all nodes available to the user in the configuration) is handled in the following section.
'''
class Utilities:
@staticmethod
async def load_config(args: argparse.Namespace,
segment: str = 'meshcentral-account') -> dict:
'''
Function that loads the segment from the config.conf (by default) file and returns the it in a dict.
'''
conf_file = args.conf
if not os.path.exists(conf_file):
print(f'Missing config file {conf_file}. Provide an alternative path.')
os._exit(1)
config = ConfigParser()
try:
config.read(conf_file)
except Exception as err:
print(f"Error reading configuration file '{conf_file}': {err}")
os._exit(1)
if segment not in config:
print(f'Segment "{segment}" not found in config file {conf_file}.')
os._exit(1)
return dict(config[segment])
@staticmethod
async def compile_book(meshbook_file: str) -> dict:
'''
Simple function that opens the file and replaces placeholders through the next function. After that just return it.
'''
with open(meshbook_file, 'r') as f:
meshbook = f.read()
meshbook = await Transform.replace_placeholders(yaml.safe_load(meshbook))
return meshbook
@staticmethod
async def gather_targets(silent: bool,
meshbook: dict,
group_list: dict[str, list[dict]],
os_categories: dict) -> dict:
"""
Finds target devices based on meshbook criteria (device, devices, group or groups).
"""
group_list = {k.lower(): v for k, v in group_list.items()} # Normalize keys
target_list = []
offline_list = []
target_os = meshbook.get("target_os")
target_tag = meshbook.get("target_tag")
ignore_categorisation = meshbook.get("ignore_categorisation", False)
async def add_processed_devices(processed):
"""Helper to update target and offline lists."""
if processed:
target_list.extend(processed.get("valid_devices", []))
offline_list.extend(processed.get("offline_devices", []))
async def process_device_helper(device):
processed = await Utilities.process_device(
device,
group_list,
os_categories,
target_os,
ignore_categorisation,
target_tag
)
await add_processed_devices(processed)
async def process_group_helper(group):
processed = await Utilities.filter_targets(
group, os_categories, target_os, ignore_categorisation, target_tag
)
await add_processed_devices(processed)
'''
Groups receive the first priority, then device targets.
'''
match meshbook:
case {"group": pseudo_target}:
if isinstance(pseudo_target, str):
pseudo_target = pseudo_target.lower()
if pseudo_target in group_list:
await process_group_helper(group_list[pseudo_target])
elif pseudo_target not in group_list:
Console.print_text(
silent,
Console.text_color.yellow + "Targeted group not found on the MeshCentral server."
)
elif isinstance(pseudo_target, list):
Console.print_text(
silent,
Console.text_color.yellow + "Please use groups (Notice the plural with 'S') for multiple groups."
)
else:
Console.print_text(
silent,
Console.text_color.yellow + "The 'group' key is being used, but an unknown data type was found, please check your values."
)
case {"groups": pseudo_target}:
if isinstance(pseudo_target, str) or (isinstance(pseudo_target, list) and len(pseudo_target) == 1):
Console.print_text(
silent,
Console.text_color.yellow + "The 'groups' key is being used, but only one group seems to be given. Did you mean 'group'?"
)
elif isinstance(pseudo_target, list):
for sub_group in pseudo_target:
sub_group = sub_group.lower()
if sub_group in group_list:
await process_group_helper(group_list[sub_group])
elif isinstance(pseudo_target, str) and pseudo_target.lower() == "all":
for group in group_list.values():
await process_group_helper(group)
else:
Console.print_text(
silent,
Console.text_color.yellow + "The 'groups' key is being used, but an unknown data type was found, please check your values."
)
case {"device": pseudo_target}:
if isinstance(pseudo_target, str):
await process_device_helper(pseudo_target)
elif isinstance(pseudo_target, list):
Console.print_text(
silent,
Console.text_color.yellow + "Please use devices (Notice the plural with 'S') for multiple devices."
)
else:
Console.print_text(
silent,
Console.text_color.yellow + "The 'device' key is being used, but an unknown data type was found, please check your values."
)
case {"devices": pseudo_target}:
if isinstance(pseudo_target, str) or (isinstance(pseudo_target, list) and len(pseudo_target) == 1):
Console.print_text(
silent,
Console.text_color.yellow + "The 'devices' key is being used, but only one device seems to be given. Did you mean 'device'?"
)
elif isinstance(pseudo_target, list):
for sub_device in pseudo_target:
await process_device_helper(sub_device)
else:
Console.print_text(
silent,
Console.text_color.yellow + "The 'devices' key is being used, but an unknown data type was found, please check your values."
)
return {"target_list": target_list, "offline_list": offline_list}
@staticmethod
def get_os_variants(target_category: str,
os_map: dict) -> set:
'''
Extracts all OS names under a given category if it exists.
'''
for key, value in os_map.items():
if key == target_category:
if isinstance(value, dict): # Expand nested categories
os_set = set()
for sub_target_cat in value:
os_set.update(Utilities.get_os_variants(sub_target_cat, value))
return os_set
elif isinstance(value, list): # Direct OS list
return set(value)
return set()
@staticmethod
async def filter_targets(devices: list[dict],
os_categories: dict,
target_os: str = "",
ignore_categorisation: bool = False,
target_tag: str = "") -> dict:
'''
Filters devices based on reachability and optional OS criteria, supporting nested OS categories.
'''
valid_devices = []
offline_devices = []
allowed_os = set()
# Identify correct OS filtering scope
for key in os_categories:
if key == target_os:
allowed_os = Utilities.get_os_variants(target_os, os_categories)
break # Stop searching once a match is found
if isinstance(os_categories[key], dict) and target_os in os_categories[key]:
allowed_os = Utilities.get_os_variants(target_os, os_categories[key])
break # Stop searching once a match is found
for device in devices: # Filter out unwanted or unreachable devices.
if target_tag and target_tag not in device["device_tags"]:
continue
if not ignore_categorisation:
if device["device_os"] not in allowed_os:
continue
else:
if target_os not in device["device_os"]:
continue
if not device["reachable"]:
offline_devices.append(device["device_id"])
continue
valid_devices.append(device["device_id"])
return {
"valid_devices": valid_devices,
"offline_devices": offline_devices
}
@staticmethod
async def process_device(device: str,
group_list: dict,
os_categories: dict,
target_os: str,
ignore_categorisation: bool,
target_tag: str) -> dict:
"""
Processes a single device or pseudo-target against group_list,
filters matches by OS and tags, and adds processed devices.
"""
matched_devices = []
pseudo_target = device.lower()
# Find devices that match the pseudo_target
for group in group_list:
for dev in group_list[group]:
if dev["device_name"].lower() == pseudo_target:
matched_devices.append(dev)
# If matches found, filter them and add processed devices
if matched_devices:
processed = await Utilities.filter_targets(
matched_devices, os_categories, target_os, ignore_categorisation, target_tag
)
return processed
# No matches found
return {"valid_devices": [], "offline_devices": []}
@staticmethod
def path_exist(path: str) -> bool:
return os.path.exists(path)
@staticmethod
def path_type(path: str) -> str:
if os.path.isfile(path):
return "File"
if os.path.isdir(path):
return "Dir"
if os.path.islink(path):
return "Link"
return "Undefined"
class Transform:
@staticmethod
def process_shell_response(enable_shlex: bool, meshbook_result: dict) -> dict:
for task_name, task_data in meshbook_result.items():
if task_name == "Offline": # Failsafe do not parse Offline section, its simple
continue
for node_responses in task_data["data"]:
task_result = node_responses["result"].splitlines()
if enable_shlex:
for index, line in enumerate(task_result):
line = shlex.split(line)
task_result[index] = line
clean_output = []
for line in task_result:
if len(line) > 0:
clean_output.append(line)
node_responses["result"] = clean_output
return meshbook_result
@staticmethod
async def translate_nodeid_to_name(target_id: str, group_list: dict) -> str:
'''
Simple function that looks up nodeid to the human-readable name if existent - otherwise return None.
'''
for group in group_list:
for device in group_list[group]:
if device["device_id"] == target_id:
return device["device_name"]
return ""
@staticmethod
async def replace_placeholders(meshbook: dict) -> dict:
'''
Replace the placeholders in both name and command fields of the tasks. According to the variables defined in the variables list.
'''
variables = {}
if "variables" in meshbook and isinstance(meshbook["variables"], list):
for var in meshbook["variables"]:
var_name = var["name"]
var_value = var["value"]
variables[var_name] = var_value
else:
return meshbook
for task in meshbook.get("tasks", []):
task_name = task.get("name")
for var_name, var_value in variables.items():
placeholder = f"{{{{ {var_name} }}}}"
task_name = task_name.replace(placeholder, var_value)
task["name"] = task_name
command = task.get("command")
for var_name, var_value in variables.items():
placeholder = f"{{{{ {var_name} }}}}" # Create the placeholder string like "{{ host1 }}"
command = command.replace(placeholder, var_value)
task["command"] = command
return meshbook
@staticmethod
async def compile_group_list(session: meshctrl.Session) -> dict:
'''
Function that retrieves the devices from MeshCentral and compiles it into a efficient list.
'''
devices_response = await session.list_devices(details=False, timeout=10)
local_device_list = {}
for device in devices_response:
if device.meshname not in local_device_list:
local_device_list[device.meshname] = []
local_device_list[device.meshname].append({
"device_id": device.nodeid,
"device_name": device.name,
"device_os": device.os_description,
"device_tags": device.tags,
"reachable": device.connected
})
return local_device_list

27
os_categories.json Normal file
View File

@@ -0,0 +1,27 @@
{
"Linux": {
"Debian": [
"Debian GNU/Linux 13 (trixie)",
"Debian GNU/Linux 12 (bookworm)",
"Debian GNU/Linux 11 (bullseye)",
"Debian GNU/Linux 10 (buster)"
],
"Ubuntu": [
"Ubuntu 24.04.3 LTS",
"Ubuntu 22.04.5 LTS",
"Ubuntu 20.04.6 LTS"
]
},
"MacOS": {
"Sequoia": [
"macOS 15.0.1"
]
},
"Windows": {
"11": [
"Microsoft Windows 11 Home - 24H2/26100",
"Microsoft Windows 11 Pro - 24H2/26100"
]
}
}

8
requirements.txt
View File

@@ -1,4 +1,4 @@
asyncio==3.4.3
configparser==7.1.0
pyyaml==6.0.2
libmeshctrl==1.1.0
colorama==0.4.6
pyyaml==6.0.3
libmeshctrl==1.3.3
pyotp==2.9.0

5
templates/api.conf.template
View File

@@ -1,4 +1,5 @@
[meshcentral-account]
websocket_url =
hostname =
username =
password =
password =
totp_secret =