This commit is contained in:
parent
2d8a504780
commit
21a784cc63
GPG key ID:
DA7B27055C66D6DE
7 changed files with 180 additions and 1 deletions
37
tasks/add_bouncer.yml
Normal file
37
tasks/add_bouncer.yml
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
- name: Install bouncer (currently only firewall)
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- crowdsec-firewall-bouncer
|
||||
- crowdsec-firewall-bouncer-iptables
|
||||
when:
|
||||
- ansible_os_family == "Debian"
|
||||
|
||||
- name: Install crowdsec
|
||||
ansible.builtin.dnf:
|
||||
name:
|
||||
- crowdsec-firewall-bouncer-nftables
|
||||
state: present
|
||||
when:
|
||||
- ansible_os_family == "RedHat"
|
||||
|
||||
#- name: Register new bouncer
|
||||
# command: cscli bouncers add {{ inventory_hostname }} -o raw
|
||||
# register: _csbouncer
|
||||
# delegate_to: "{{ crowdsec_delegate_server_hostname }}"
|
||||
# changed_when: _csbouncer.stderr is not search("already exists")
|
||||
#
|
||||
#- name: Deploy bouncer config
|
||||
# lineinfile:
|
||||
# regex: "{{ item.regex }}"
|
||||
# line: "{{ item.line }}"
|
||||
# dest: /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
|
||||
# with_items:
|
||||
# - regex: "^api_url"
|
||||
# line: "api_url: {{ crowdsec_lapi_url }}"
|
||||
# - regex: "^api_key"
|
||||
# line: "api_key: {{ _csbouncer.stdout }}"
|
||||
# when: _csbouncer.changed
|
||||
# notify: restart crowdsec-firewall-bouncer
|
||||
# loop_control:
|
||||
# label: "{{ item.regex }}"
|
||||
|
|
@ -20,7 +20,7 @@
|
|||
state: present
|
||||
|
||||
- name: add crowdsec repository
|
||||
aansible.builtin.pt_repository:
|
||||
ansible.builtin.apt_repository:
|
||||
repo: 'deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} main'
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
|
@ -63,5 +63,37 @@
|
|||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Deploy main config
|
||||
template:
|
||||
src: etc/crowdsec/config.yaml.j2
|
||||
dest: /etc/crowdsec/config.yaml
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: restart crowdsec
|
||||
|
||||
- name: Deploy whitelist
|
||||
template:
|
||||
src: etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml.j2
|
||||
dest: /etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
when: crowdsec_whitelist.enabled
|
||||
notify: restart crowdsec
|
||||
|
||||
- name: Flush handlers to apply config
|
||||
meta: flush_handlers
|
||||
|
||||
# - name: Register agent(s)
|
||||
# include_tasks: register_agent.yml
|
||||
# when:
|
||||
# - crowdsec_delegate_server_hostname != inventory_hostname
|
||||
#
|
||||
- name: Register distributed bouncers(s)
|
||||
include_tasks: add_bouncer.yml
|
||||
when:
|
||||
- crowdsec_bouncer.enabled
|
||||
|
||||
tags:
|
||||
- crowdsec
|
||||
|
|
|
|||
18
tasks/register_agent.yml
Normal file
18
tasks/register_agent.yml
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
- name: Check if agent is already registered
|
||||
shell: cscli machines list -o raw | grep {{ inventory_hostname }} | grep true || echo "Not found"
|
||||
register: _csmachines
|
||||
delegate_to: "{{ crowdsec_delegate_server_hostname }}"
|
||||
changed_when: false
|
||||
|
||||
- block:
|
||||
- name: Register agent to server
|
||||
command: cscli lapi register -u {{ crowdsec_lapi_url }} --machine {{ inventory_hostname }}
|
||||
notify: restart crowdsec
|
||||
|
||||
- name: Validate agent on server
|
||||
command: cscli machines validate {{ inventory_hostname }}
|
||||
delegate_to: "{{ crowdsec_delegate_server_hostname }}"
|
||||
when:
|
||||
- _csmachines.rc == 0
|
||||
- _csmachines.stdout is search("Not found")
|
||||
Loading…
Add table
Add a link
Reference in a new issue