Update ansible code

2022-08-16 17:09:58 +02:00 · 2022-08-16 17:09:58 +02:00 · 18e86f8687
commit 18e86f8687
parent 156561e633
5 changed files with 120 additions and 118 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,10 +1,10 @@
 ---
 - name: restart crowdsec
-  systemd:
+  ansible.builtin.systemd:
    name: crowdsec
    state: restarted
 - name: restart crowdsec-firewall-bouncer
-  systemd:
+  ansible.builtin.systemd:
    name: crowdsec-firewall-bouncer
-    state: restarted
+    state: restarted
--- a/meta/main.yml
+++ b/meta/main.yml
@ -6,11 +6,13 @@ galaxy_info:
  galaxy_tags: []
  license: GPL2
  platforms:
-  - name: CentOS
+    - name: CentOS
-    version:
+      version:
-    - 7
+        - 7
-    - 8
+        - 8
-  - name: RedHat
+        - 9
-    version:
+    - name: RedHat
-    - 7
+      version:
-    - 8
+        - 7
        - 8
        - 9
--- a/tasks/add_bouncer.yml
+++ b/tasks/add_bouncer.yml
@ -14,23 +14,23 @@
  when:
    - ansible_os_family == "RedHat"
-#- name: Register new bouncer
+# - name: Register new bouncer
-#  command: cscli bouncers add {{ inventory_hostname }} -o raw
+#   ansible.builtin.command: cscli bouncers add {{ inventory_hostname }} -o raw
-#  register: _csbouncer
+#   register: _csbouncer
-#  delegate_to: "{{ crowdsec_delegate_server_hostname }}"
+#   delegate_to: "{{ crowdsec_delegate_server_hostname }}"
-#  changed_when: _csbouncer.stderr is not search("already exists")
+#   changed_when: _csbouncer.stderr is not search("already exists")
-#
+# 
-#- name: Deploy bouncer config
+# - name: Deploy bouncer config
-#  lineinfile:
+#   ansible.builtin.lineinfile:
-#    regex: "{{ item.regex }}"
+#     regex: "{{ item.regex }}"
-#    line: "{{ item.line }}"
+#     line: "{{ item.line }}"
-#    dest: /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
+#     dest: /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
-#  with_items:
+#   with_items:
-#    - regex: "^api_url"
+#     - regex: "^api_url"
-#      line: "api_url: {{ crowdsec_lapi_url }}"
+#       line: "api_url: {{ crowdsec_lapi_url }}"
-#    - regex: "^api_key"
+#     - regex: "^api_key"
-#      line: "api_key: {{ _csbouncer.stdout }}"
+#       line: "api_key: {{ _csbouncer.stdout }}"
-#  when: _csbouncer.changed
+#   when: _csbouncer.changed
-#  notify: restart crowdsec-firewall-bouncer
+#   notify: restart crowdsec-firewall-bouncer
-#  loop_control:
+#   loop_control:
-#    label: "{{ item.regex }}"
+#     label: "{{ item.regex }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,99 +1,99 @@
 ---
 - name: Crowdsec setup
  block:
-#  - name: Include vars for {{ ansible_os_family }}
+#    - name: Include vars for {{ ansible_os_family }}
-#    include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
+#      ansible.builtin.include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
-  - name: Debian family configuration
+    - name: Debian family configuration
-    block:
+      block:
-    - name: Install required packages
+        - name: Install required packages
          ansible.builtin.package:
            name:
              - apt-transport-https
              - gnupg
            state: present
            update_cache: true
        - name: add crowdsec apt key
          ansible.builtin.apt_key:
            url: https://packagecloud.io/crowdsec/crowdsec/gpgkey
            state: present
        - name: add crowdsec repository
          ansible.builtin.apt_repository:
            repo: 'deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} main'
            state: present
            update_cache: true
      when:
        - ansible_os_family == "Debian"
    - name: RedHat family configuration
      block:
        - name: Import CrowdSec RPM key
          ansible.builtin.rpm_key:
            state: present
            key: "{{ item }}"
          with_items:
            - https://packagecloud.io/crowdsec/crowdsec/gpgkey
            - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
            - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
        - name: Add Official crowdsec's repo
          ansible.builtin.yum_repository:
            name: crowdsec_crowdsec
            description: crowdsec_crowdsec
            baseurl: https://packagecloud.io/crowdsec/crowdsec/el/$releasever/$basearch
            enabled: true
            gpgcheck: true
            repo_gpgcheck: true
            gpgkey:
              - https://packagecloud.io/crowdsec/crowdsec/gpgkey
              - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
              - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
            metadata_expire: "300"
            file: crowdsec
      when:
        - ansible_os_family == "RedHat"
    - name: Install crowdsec
      ansible.builtin.package:
        name:
-          - apt-transport-https
+          - crowdsec
          - gnupg
        state: present
-        update_cache: yes
+        update_cache: true
-    - name: add crowdsec apt key
+    - name: Deploy main config
-      ansible.builtin.apt_key:
+      ansible.builtin.template:
-        url: https://packagecloud.io/crowdsec/crowdsec/gpgkey
+        src: etc/crowdsec/config.yaml.j2
-        state: present
+        dest: /etc/crowdsec/config.yaml
        owner: root
        group: root
        mode: 0644
      notify: restart crowdsec
-    - name: add crowdsec repository
+    - name: Deploy whitelist
-      ansible.builtin.apt_repository:
+      ansible.builtin.template:
-        repo: 'deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} main'
+        src: etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml.j2
-        state: present
+        dest: /etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml
-        update_cache: yes
+        owner: root
        group: root
        mode: 0644
      when: crowdsec_whitelist.enabled
      notify: restart crowdsec
-    when:
+    - name: Flush handlers to apply config
-      - ansible_os_family == "Debian"
+      ansible.builtin.meta: flush_handlers
-  - name: RedHat family configuration
+#    - name: Register agent(s)
-    block:
+#      ansible.builtin.include_tasks: register_agent.yml
-    - name: Import CrowdSec RPM key
+#      when:
-      ansible.builtin.rpm_key:
+#        - crowdsec_delegate_server_hostname != inventory_hostname
        state: present
        key: "{{ item }}"
      with_items:
          - https://packagecloud.io/crowdsec/crowdsec/gpgkey
          - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
          - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
    - name: Add Official crowdsec's repo
      ansible.builtin.yum_repository:
        name: crowdsec_crowdsec
        description: crowdsec_crowdsec
        baseurl: https://packagecloud.io/crowdsec/crowdsec/el/$releasever/$basearch
        enabled: true
        gpgcheck: true
        repo_gpgcheck: true
        gpgkey:
          - https://packagecloud.io/crowdsec/crowdsec/gpgkey
          - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg
          - https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
        metadata_expire: "300"
        file: crowdsec
    when:
      - ansible_os_family == "RedHat"
  - name: Install crowdsec
    ansible.builtin.package:
      name:
        - crowdsec
      state: present
      update_cache: yes
  - name: Deploy main config
    template:
      src: etc/crowdsec/config.yaml.j2
      dest: /etc/crowdsec/config.yaml
      owner: root
      group: root
      mode: 0644
    notify: restart crowdsec
  - name: Deploy whitelist
    template:
      src: etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml.j2
      dest: /etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml
      owner: root
      group: root
      mode: 0644
    when: crowdsec_whitelist.enabled
    notify: restart crowdsec
  - name: Flush handlers to apply config
    meta: flush_handlers
 #  - name: Register agent(s)
 #    include_tasks: register_agent.yml
 #    when:
 #      - crowdsec_delegate_server_hostname != inventory_hostname
 #
-  - name: Register distributed bouncers(s)
+    - name: Register distributed bouncers(s)
-    include_tasks: add_bouncer.yml
+      ansible.builtin.include_tasks: add_bouncer.yml
-    when:
+      when:
-      - crowdsec_bouncer.enabled
+        - crowdsec_bouncer.enabled
  tags:
    - crowdsec
--- a/tasks/register_agent.yml
+++ b/tasks/register_agent.yml
@ -1,17 +1,17 @@
 ---
 - name: Check if agent is already registered
-  shell: cscli machines list -o raw | grep {{ inventory_hostname }} | grep true || echo "Not found"
+  ansible.builtin.shell: cscli machines list -o raw | grep {{ inventory_hostname }} | grep true || echo "Not found"
  register: _csmachines
  delegate_to: "{{ crowdsec_delegate_server_hostname }}"
  changed_when: false
 - block:
    - name: Register agent to server
-      command: cscli lapi register -u {{ crowdsec_lapi_url }} --machine {{ inventory_hostname }}
+      ansible.builtin.command: cscli lapi register -u {{ crowdsec_lapi_url }} --machine {{ inventory_hostname }}
      notify: restart crowdsec
    - name: Validate agent on server
-      command: cscli machines validate {{ inventory_hostname }}
+      ansible.builtin.command: cscli machines validate {{ inventory_hostname }}
      delegate_to: "{{ crowdsec_delegate_server_hostname }}"
  when:
    - _csmachines.rc == 0