From e0e85797852a59ba74d7d94c17f966ec6c51282d Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Thu, 18 Oct 2018 10:47:41 -0500 Subject: [PATCH] Additional playbook cleanup and use stable release The stable release of the kolide has been cut. This change sets our used version of kolide to "2.0.0". Change-Id: Ie488fe42e98bd96f5777c1c893fc79e50a2eddee Signed-off-by: Kevin Carter --- osquery/README.rst | 25 ++++---------------- osquery/roles/fleet/defaults/main.yml | 19 +-------------- osquery/roles/fleet/tasks/createFleetDB.yml | 17 +++++++------ osquery/roles/fleet/tasks/fleetMigrateDB.yml | 1 - 4 files changed, 13 insertions(+), 49 deletions(-) diff --git a/osquery/README.rst b/osquery/README.rst index 29f3a03a..8ab246bb 100644 --- a/osquery/README.rst +++ b/osquery/README.rst @@ -2,19 +2,11 @@ Install OSQuery and Kolide fleet ################################ :tags: openstack, ansible -Table of Contents -================= - - * [About this repository](#about-this-repository) - * [OpenStack-Ansible Integration](#openstack-ansible-integration) - * [TODO](#todo) - - About this repository --------------------- -This set of playbooks will deploy osquery. If this is being deployed as part of -an OpenStack all of the inventory needs will be provided for. +This set of playbooks will deploy osquery and kolide-fleet. If this is being +deployed as part of an OpenStack all of the inventory needs will be provided for. **These playbooks require Ansible 2.4+.** @@ -27,6 +19,7 @@ build and operate against. :alt: Osquery & Kolide Fleet Architecture Diagram :align: center + OpenStack-Ansible Integration ----------------------------- @@ -34,6 +27,7 @@ These playbooks can be used as standalone inventory or as an integrated part of an OpenStack-Ansible deployment. For a simple example of standalone inventory see ``inventory.example.yml``. + Setup | system configuration ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -243,14 +237,3 @@ This diagram outlines the data flow from within an osquery deployment. :scale: 50 % :alt: Kolide & Osquery Data Flow Diagram :align: center - - -TODO ----- -The following is a list of open items. - - [x] Test Redhat familly Operating Systems - - [x] missing mariadb cluster (should all work needs additional vars) - - [x] use haproxy instead of the kolide fleet server ip - - [ ] add/update tags - - [x] convert to roles - - [x] add testing diff --git a/osquery/roles/fleet/defaults/main.yml b/osquery/roles/fleet/defaults/main.yml index 76e49980..fb639750 100644 --- a/osquery/roles/fleet/defaults/main.yml +++ b/osquery/roles/fleet/defaults/main.yml @@ -21,11 +21,10 @@ kolide_fleet_db_user: fleet kolide_fleet_port: "8443" kolide_fleet_address: "127.0.0.1:{{ kolide_fleet_port }}" -kolide_fleet_version: "2.0.0-rc5" +kolide_fleet_version: "2.0.0" kolide_fleet_url: "https://github.com/kolide/fleet/releases/download" kolide_fleet_admin_email: admin@openstack.org -#kolide_fleet_admin_password: AdminSecrete kolide_fleet_ssl_cert: /etc/ssl/certs/fleet.cert kolide_fleet_ssl_key: /etc/ssl/private/fleet.key @@ -35,19 +34,3 @@ kolide_fleet_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}" kolide_fleet_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}" kolide_fleet_ssl_key_purge: false - -#kolide_fleet_osquery_enroll_secret: "{{ kolide_fleet_enroll_secret }}" - - -# MariaDB/Gallera Variables -mariadb_bind_address: "0.0.0.0" -mariadb_root_remote: 1 -mariadb_root_user: root -mariadb_databases: - - name: "{{ kolide_fleet_db_name }}" - -mariadb_users: - - name: "{{ kolide_fleet_db_user }}" - password: "{{ kolide_fleet_db_password }}" - priv: " {{ kolide_fleet_db_name }}.*:ALL" - host: "%" diff --git a/osquery/roles/fleet/tasks/createFleetDB.yml b/osquery/roles/fleet/tasks/createFleetDB.yml index 3c2a740a..2220e035 100644 --- a/osquery/roles/fleet/tasks/createFleetDB.yml +++ b/osquery/roles/fleet/tasks/createFleetDB.yml @@ -15,22 +15,20 @@ - name: Create DB for service mysql_db: - login_user: "{{ mariadb_root_user }}" + login_user: "root" login_password: "{{ galera_root_password }}" - login_host: "{{ mariadb_login_host | default('localhost') }}" + login_host: "127.0.0.1" name: "{{ kolide_fleet_db_name }}" state: "present" delegate_to: "{{ groups['mariadb_all'][0] }}" no_log: False run_once: true - tags: - - fleet_db_install - name: Grant access to the DB for the service mysql_user: - login_user: "{{ mariadb_root_user }}" + login_user: "root" login_password: "{{ galera_root_password }}" - login_host: "{{ mariadb_login_host | default('localhost') }}" + login_host: "127.0.0.1" name: "{{ kolide_fleet_db_user }}" password: "{{ kolide_fleet_db_password }}" host: "{{ item }}" @@ -38,8 +36,9 @@ priv: "{{ kolide_fleet_db_name }}.*:ALL" append_privs: "{{ kolide_fleet_db_append_privs | default(omit) }}" delegate_to: "{{ groups['mariadb_all'][0] }}" - with_items: "{{ grant_list | default(['localhost', '%']) }}" + with_items: + - 'localhost' + - '127.0.0.1' + - '%' no_log: False run_once: true - tags: - - fleet_db_install diff --git a/osquery/roles/fleet/tasks/fleetMigrateDB.yml b/osquery/roles/fleet/tasks/fleetMigrateDB.yml index 447d32c3..4994f44f 100644 --- a/osquery/roles/fleet/tasks/fleetMigrateDB.yml +++ b/osquery/roles/fleet/tasks/fleetMigrateDB.yml @@ -13,7 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. - - name: Migrate the fleet database command: /usr/local/bin/fleet prepare db --config=/etc/fleet/fleet_config.yml --no-prompt changed_when: false