Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

79 lines
3.0 KiB

---
- name: Deploy configuration
template: src={{ item }}.j2 dest=/etc/crowdsec/{{ item }}
loop:
- config.yaml
- acquis.yaml
- simulation.yaml
- profile.yaml
notify: reload crowdsec
tags: crowdsec
# Create the database
- import_tasks: ../includes/webapps_create_mysql_db.yml
vars:
- db_name: "{{ crowdsec_db_name }}"
- db_user: "{{ crowdsec_db_user }}"
- db_server: "{{ crowdsec_db_server }}"
- db_pass: "{{ crowdsec_db_pass }}"
tags: crowdsec
- name: Declare on the local API
command: cscli machines add {{ crowdsec_lapi_user }} --auto
register: crowdsec_lapi_add
when: inventory_hostname == crowdsec_lapi_server
changed_when: crowdsec_lapi_add.rc == 0
failed_when: crowdsec_lapi_add.rc not in [0,1]
tags: crowdsec
- when: inventory_hostname != crowdsec_lapi_server
block:
- name: Register against the Local API
command: cscli lapi register --machine {{ crowdsec_lapi_user }} --url {{ crowdsec_lapi_url }}
register: crowdsec_lapi_registration
changed_when: crowdsec_lapi_registration.rc == 0
failed_when: crowdsec_lapi_registration.rc not in [0,1] # RC 1 when machine already exists
notify: reload crowdsec
- name: Validate crowdsec registration on the Local API server
command: cscli machines validate {{ crowdsec_lapi_user }}
delegate_to: "{{ crowdsec_lapi_server }}"
when: crowdsec_lapi_registration.rc == 0
tags: crowdsec
- when:
- crowdsec_capi_enabled
- crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined
- not crowdsec_capi_user_file.stat.exists or not crowdsec_capi_pass_file.stat.exists
block:
- name: Register on the central API
command: cscli capi register -o raw -f /dev/stdout
register: crowdsec_capi_credentials
- set_fact: crowdsec_capi_credentials_yaml={{ crowdsec_capi_credentials.stdout | from_yaml }}
- copy: content={{ crowdsec_capi_credentials_yaml.login }} dest=/etc/crowdsec/meta/capi_user mode=600
- copy: content={{ crowdsec_capi_credentials_yaml.password }} dest=/etc/crowdsec/meta/capi_pass mode=600
- set_fact: crowdsec_capi_user={{ crowdsec_capi_credentials_yaml.login }}
- set_fact: crowdsec_capi_pass={{ crowdsec_capi_credentials_yaml.password }}
tags: crowdsec
- when:
- crowdsec_capi_enabled
- crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined
- crowdsec_capi_user_file.stat.exists
- crowdsec_capi_pass_file.stat.exists
block:
- slurp: src=/etc/crowdsec/meta/capi_user
register: crowdsec_capi_user_meta
- set_fact: crowdsec_capi_user={{ crowdsec_capi_user_meta.content | b64decode | trim }}
- slurp: src=/etc/crowdsec/meta/capi_pass
register: crowdsec_capi_pass_meta
- set_fact: crowdsec_capi_pass={{ crowdsec_capi_pass_meta.content | b64decode | trim }}
tags: crowdsec
- name: Deploy online credentials config
template: src=online_api_credentials.yaml.j2 dest=/etc/crowdsec/online_api_credentials.yaml mode=600
notify: reload crowdsec
tags: crowdsec