|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
- name: Deploy configuration
|
|
|
|
|
template: src={{ item }}.j2 dest=/etc/crowdsec/{{ item }}
|
|
|
|
|
loop:
|
|
|
|
|
- config.yaml
|
|
|
|
|
- acquis.yaml
|
|
|
|
|
- simulation.yaml
|
|
|
|
|
- profile.yaml
|
|
|
|
|
notify: reload crowdsec
|
|
|
|
|
tags: crowdsec
|
|
|
|
|
|
|
|
|
|
# Create the database
|
|
|
|
|
- import_tasks: ../includes/webapps_create_mysql_db.yml
|
|
|
|
|
vars:
|
|
|
|
|
- db_name: "{{ crowdsec_db_name }}"
|
|
|
|
|
- db_user: "{{ crowdsec_db_user }}"
|
|
|
|
|
- db_server: "{{ crowdsec_db_server }}"
|
|
|
|
|
- db_pass: "{{ crowdsec_db_pass }}"
|
|
|
|
|
tags: crowdsec
|
|
|
|
|
|
|
|
|
|
- name: Declare on the local API
|
|
|
|
|
command: cscli machines add {{ crowdsec_lapi_user }} --auto
|
|
|
|
|
register: crowdsec_lapi_add
|
|
|
|
|
when: inventory_hostname == crowdsec_lapi_server
|
|
|
|
|
changed_when: crowdsec_lapi_add.rc == 0
|
|
|
|
|
failed_when: crowdsec_lapi_add.rc not in [0,1]
|
|
|
|
|
tags: crowdsec
|
|
|
|
|
|
|
|
|
|
- when: inventory_hostname != crowdsec_lapi_server
|
|
|
|
|
block:
|
|
|
|
|
- name: Register against the Local API
|
|
|
|
|
command: cscli lapi register --machine {{ crowdsec_lapi_user }} --url {{ crowdsec_lapi_url }}
|
|
|
|
|
register: crowdsec_lapi_registration
|
|
|
|
|
changed_when: crowdsec_lapi_registration.rc == 0
|
|
|
|
|
failed_when: crowdsec_lapi_registration.rc not in [0,1] # RC 1 when machine already exists
|
|
|
|
|
notify: reload crowdsec
|
|
|
|
|
|
|
|
|
|
- name: Validate crowdsec registration on the Local API server
|
|
|
|
|
command: cscli machines validate {{ crowdsec_lapi_user }}
|
|
|
|
|
delegate_to: "{{ crowdsec_lapi_server }}"
|
|
|
|
|
when: crowdsec_lapi_registration.rc == 0
|
|
|
|
|
|
|
|
|
|
tags: crowdsec
|
|
|
|
|
|
|
|
|
|
- when:
|
|
|
|
|
- crowdsec_capi_enabled
|
|
|
|
|
- crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined
|
|
|
|
|
- not crowdsec_capi_user_file.stat.exists or not crowdsec_capi_pass_file.stat.exists
|
|
|
|
|
block:
|
|
|
|
|
- name: Register on the central API
|
|
|
|
|
command: cscli capi register -o raw -f /dev/stdout
|
|
|
|
|
register: crowdsec_capi_credentials
|
|
|
|
|
- set_fact: crowdsec_capi_credentials_yaml={{ crowdsec_capi_credentials.stdout | from_yaml }}
|
|
|
|
|
- copy: content={{ crowdsec_capi_credentials_yaml.login }} dest=/etc/crowdsec/meta/capi_user mode=600
|
|
|
|
|
- copy: content={{ crowdsec_capi_credentials_yaml.password }} dest=/etc/crowdsec/meta/capi_pass mode=600
|
|
|
|
|
- set_fact: crowdsec_capi_user={{ crowdsec_capi_credentials_yaml.login }}
|
|
|
|
|
- set_fact: crowdsec_capi_pass={{ crowdsec_capi_credentials_yaml.password }}
|
|
|
|
|
tags: crowdsec
|
|
|
|
|
|
|
|
|
|
- when:
|
|
|
|
|
- crowdsec_capi_enabled
|
|
|
|
|
- crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined
|
|
|
|
|
- crowdsec_capi_user_file.stat.exists
|
|
|
|
|
- crowdsec_capi_pass_file.stat.exists
|
|
|
|
|
block:
|
|
|
|
|
- slurp: src=/etc/crowdsec/meta/capi_user
|
|
|
|
|
register: crowdsec_capi_user_meta
|
|
|
|
|
- set_fact: crowdsec_capi_user={{ crowdsec_capi_user_meta.content | b64decode | trim }}
|
|
|
|
|
- slurp: src=/etc/crowdsec/meta/capi_pass
|
|
|
|
|
register: crowdsec_capi_pass_meta
|
|
|
|
|
- set_fact: crowdsec_capi_pass={{ crowdsec_capi_pass_meta.content | b64decode | trim }}
|
|
|
|
|
tags: crowdsec
|
|
|
|
|
|
|
|
|
|
- name: Deploy online credentials config
|
|
|
|
|
template: src=online_api_credentials.yaml.j2 dest=/etc/crowdsec/online_api_credentials.yaml mode=600
|
|
|
|
|
notify: reload crowdsec
|
|
|
|
|
tags: crowdsec
|
