|
|
|
@ -19,34 +19,20 @@ |
|
|
|
- db_pass: "{{ crowdsec_db_pass }}" |
|
|
|
- db_pass: "{{ crowdsec_db_pass }}" |
|
|
|
tags: crowdsec |
|
|
|
tags: crowdsec |
|
|
|
|
|
|
|
|
|
|
|
- name: Declare on the local API |
|
|
|
- when: crowdsec_lapi_pass is not defined |
|
|
|
command: cscli machines add {{ crowdsec_lapi_user }} --auto |
|
|
|
|
|
|
|
register: crowdsec_lapi_add |
|
|
|
|
|
|
|
when: inventory_hostname == crowdsec_lapi_server |
|
|
|
|
|
|
|
changed_when: crowdsec_lapi_add.rc == 0 |
|
|
|
|
|
|
|
failed_when: crowdsec_lapi_add.rc not in [0,1] |
|
|
|
|
|
|
|
tags: crowdsec |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- when: inventory_hostname != crowdsec_lapi_server |
|
|
|
|
|
|
|
block: |
|
|
|
block: |
|
|
|
- name: Register against the Local API |
|
|
|
- name: Declare on the local API |
|
|
|
command: cscli lapi register --machine {{ crowdsec_lapi_user }} --url {{ crowdsec_lapi_url }} |
|
|
|
command: cscli machines add {{ crowdsec_lapi_user }} --auto --force --file /dev/stdout --output raw |
|
|
|
register: crowdsec_lapi_registration |
|
|
|
register: crowdsec_lapi_credentials |
|
|
|
changed_when: crowdsec_lapi_registration.rc == 0 |
|
|
|
|
|
|
|
failed_when: crowdsec_lapi_registration.rc not in [0,1] # RC 1 when machine already exists |
|
|
|
|
|
|
|
notify: reload crowdsec |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Validate crowdsec registration on the Local API server |
|
|
|
|
|
|
|
command: cscli machines validate {{ crowdsec_lapi_user }} |
|
|
|
|
|
|
|
delegate_to: "{{ crowdsec_lapi_server }}" |
|
|
|
delegate_to: "{{ crowdsec_lapi_server }}" |
|
|
|
when: crowdsec_lapi_registration.rc == 0 |
|
|
|
- set_fact: crowdsec_lapi_credentials_yaml={{ crowdsec_lapi_credentials.stdout | from_yaml }} |
|
|
|
|
|
|
|
- copy: content={{ crowdsec_lapi_credentials_yaml.password }} dest=/etc/crowdsec/meta/lapi_pass mode=600 |
|
|
|
|
|
|
|
- set_fact: crowdsec_lapi_pass={{ crowdsec_lapi_credentials_yaml.password }} |
|
|
|
tags: crowdsec |
|
|
|
tags: crowdsec |
|
|
|
|
|
|
|
|
|
|
|
- when: |
|
|
|
- when: |
|
|
|
- crowdsec_capi_enabled |
|
|
|
- crowdsec_capi_enabled |
|
|
|
- crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined |
|
|
|
- crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined |
|
|
|
- not crowdsec_capi_user_file.stat.exists or not crowdsec_capi_pass_file.stat.exists |
|
|
|
|
|
|
|
block: |
|
|
|
block: |
|
|
|
- name: Register on the central API |
|
|
|
- name: Register on the central API |
|
|
|
command: cscli capi register -o raw -f /dev/stdout |
|
|
|
command: cscli capi register -o raw -f /dev/stdout |
|
|
|
@ -58,21 +44,10 @@ |
|
|
|
- set_fact: crowdsec_capi_pass={{ crowdsec_capi_credentials_yaml.password }} |
|
|
|
- set_fact: crowdsec_capi_pass={{ crowdsec_capi_credentials_yaml.password }} |
|
|
|
tags: crowdsec |
|
|
|
tags: crowdsec |
|
|
|
|
|
|
|
|
|
|
|
- when: |
|
|
|
- name: Deploy credentials config |
|
|
|
- crowdsec_capi_enabled |
|
|
|
template: src={{ item }}_api_credentials.yaml.j2 dest=/etc/crowdsec/{{ item }}_api_credentials.yaml mode=600 |
|
|
|
- crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined |
|
|
|
loop: |
|
|
|
- crowdsec_capi_user_file.stat.exists |
|
|
|
- online |
|
|
|
- crowdsec_capi_pass_file.stat.exists |
|
|
|
- local |
|
|
|
block: |
|
|
|
notify: restart crowdsec |
|
|
|
- slurp: src=/etc/crowdsec/meta/capi_user |
|
|
|
|
|
|
|
register: crowdsec_capi_user_meta |
|
|
|
|
|
|
|
- set_fact: crowdsec_capi_user={{ crowdsec_capi_user_meta.content | b64decode | trim }} |
|
|
|
|
|
|
|
- slurp: src=/etc/crowdsec/meta/capi_pass |
|
|
|
|
|
|
|
register: crowdsec_capi_pass_meta |
|
|
|
|
|
|
|
- set_fact: crowdsec_capi_pass={{ crowdsec_capi_pass_meta.content | b64decode | trim }} |
|
|
|
|
|
|
|
tags: crowdsec |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Deploy online credentials config |
|
|
|
|
|
|
|
template: src=online_api_credentials.yaml.j2 dest=/etc/crowdsec/online_api_credentials.yaml mode=600 |
|
|
|
|
|
|
|
notify: reload crowdsec |
|
|
|
|
|
|
|
tags: crowdsec |
|
|
|
tags: crowdsec |
|
|
|
|
Daniel Berteaud
4 years ago