From e0e85797852a59ba74d7d94c17f966ec6c51282d Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Thu, 18 Oct 2018 10:47:41 -0500
Subject: [PATCH] Additional playbook cleanup and use stable release
The stable release of the kolide has been cut. This change sets our used
version of kolide to "2.0.0".
Change-Id: Ie488fe42e98bd96f5777c1c893fc79e50a2eddee
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
osquery/README.rst | 25 ++++----------------
osquery/roles/fleet/defaults/main.yml | 19 +--------------
osquery/roles/fleet/tasks/createFleetDB.yml | 17 +++++++------
osquery/roles/fleet/tasks/fleetMigrateDB.yml | 1 -
4 files changed, 13 insertions(+), 49 deletions(-)
diff --git a/osquery/README.rst b/osquery/README.rst
index 29f3a03a..8ab246bb 100644
--- a/osquery/README.rst
+++ b/osquery/README.rst
@@ -2,19 +2,11 @@ Install OSQuery and Kolide fleet
################################
:tags: openstack, ansible
-Table of Contents
-=================
-
- * [About this repository](#about-this-repository)
- * [OpenStack-Ansible Integration](#openstack-ansible-integration)
- * [TODO](#todo)
-
-
About this repository
---------------------
-This set of playbooks will deploy osquery. If this is being deployed as part of
-an OpenStack all of the inventory needs will be provided for.
+This set of playbooks will deploy osquery and kolide-fleet. If this is being
+deployed as part of an OpenStack all of the inventory needs will be provided for.
**These playbooks require Ansible 2.4+.**
@@ -27,6 +19,7 @@ build and operate against.
:alt: Osquery & Kolide Fleet Architecture Diagram
:align: center
+
OpenStack-Ansible Integration
-----------------------------
@@ -34,6 +27,7 @@ These playbooks can be used as standalone inventory or as an integrated part of
an OpenStack-Ansible deployment. For a simple example of standalone inventory
see ``inventory.example.yml``.
+
Setup | system configuration
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -243,14 +237,3 @@ This diagram outlines the data flow from within an osquery deployment.
:scale: 50 %
:alt: Kolide & Osquery Data Flow Diagram
:align: center
-
-
-TODO
-----
-The following is a list of open items.
- - [x] Test Redhat familly Operating Systems
- - [x] missing mariadb cluster (should all work needs additional vars)
- - [x] use haproxy instead of the kolide fleet server ip
- - [ ] add/update tags
- - [x] convert to roles
- - [x] add testing
diff --git a/osquery/roles/fleet/defaults/main.yml b/osquery/roles/fleet/defaults/main.yml
index 76e49980..fb639750 100644
--- a/osquery/roles/fleet/defaults/main.yml
+++ b/osquery/roles/fleet/defaults/main.yml
@@ -21,11 +21,10 @@ kolide_fleet_db_user: fleet
kolide_fleet_port: "8443"
kolide_fleet_address: "127.0.0.1:{{ kolide_fleet_port }}"
-kolide_fleet_version: "2.0.0-rc5"
+kolide_fleet_version: "2.0.0"
kolide_fleet_url: "https://github.com/kolide/fleet/releases/download"
kolide_fleet_admin_email: admin@openstack.org
-#kolide_fleet_admin_password: AdminSecrete
kolide_fleet_ssl_cert: /etc/ssl/certs/fleet.cert
kolide_fleet_ssl_key: /etc/ssl/private/fleet.key
@@ -35,19 +34,3 @@ kolide_fleet_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
kolide_fleet_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
kolide_fleet_ssl_key_purge: false
-
-#kolide_fleet_osquery_enroll_secret: "{{ kolide_fleet_enroll_secret }}"
-
-
-# MariaDB/Gallera Variables
-mariadb_bind_address: "0.0.0.0"
-mariadb_root_remote: 1
-mariadb_root_user: root
-mariadb_databases:
- - name: "{{ kolide_fleet_db_name }}"
-
-mariadb_users:
- - name: "{{ kolide_fleet_db_user }}"
- password: "{{ kolide_fleet_db_password }}"
- priv: " {{ kolide_fleet_db_name }}.*:ALL"
- host: "%"
diff --git a/osquery/roles/fleet/tasks/createFleetDB.yml b/osquery/roles/fleet/tasks/createFleetDB.yml
index 3c2a740a..2220e035 100644
--- a/osquery/roles/fleet/tasks/createFleetDB.yml
+++ b/osquery/roles/fleet/tasks/createFleetDB.yml
@@ -15,22 +15,20 @@
- name: Create DB for service
mysql_db:
- login_user: "{{ mariadb_root_user }}"
+ login_user: "root"
login_password: "{{ galera_root_password }}"
- login_host: "{{ mariadb_login_host | default('localhost') }}"
+ login_host: "127.0.0.1"
name: "{{ kolide_fleet_db_name }}"
state: "present"
delegate_to: "{{ groups['mariadb_all'][0] }}"
no_log: False
run_once: true
- tags:
- - fleet_db_install
- name: Grant access to the DB for the service
mysql_user:
- login_user: "{{ mariadb_root_user }}"
+ login_user: "root"
login_password: "{{ galera_root_password }}"
- login_host: "{{ mariadb_login_host | default('localhost') }}"
+ login_host: "127.0.0.1"
name: "{{ kolide_fleet_db_user }}"
password: "{{ kolide_fleet_db_password }}"
host: "{{ item }}"
@@ -38,8 +36,9 @@
priv: "{{ kolide_fleet_db_name }}.*:ALL"
append_privs: "{{ kolide_fleet_db_append_privs | default(omit) }}"
delegate_to: "{{ groups['mariadb_all'][0] }}"
- with_items: "{{ grant_list | default(['localhost', '%']) }}"
+ with_items:
+ - 'localhost'
+ - '127.0.0.1'
+ - '%'
no_log: False
run_once: true
- tags:
- - fleet_db_install
diff --git a/osquery/roles/fleet/tasks/fleetMigrateDB.yml b/osquery/roles/fleet/tasks/fleetMigrateDB.yml
index 447d32c3..4994f44f 100644
--- a/osquery/roles/fleet/tasks/fleetMigrateDB.yml
+++ b/osquery/roles/fleet/tasks/fleetMigrateDB.yml
@@ -13,7 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-
- name: Migrate the fleet database
command: /usr/local/bin/fleet prepare db --config=/etc/fleet/fleet_config.yml --no-prompt
changed_when: false