This repository has been archived by the owner on Aug 19, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
deploy_endpoints.yml
149 lines (133 loc) · 4.38 KB
/
deploy_endpoints.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
---
# #####################################################################
# Deploy Endpoints / Servers
# #####################################################################
# #####################################################################
# Query some private ips
# #####################################################################
- hosts: tag_role_jumphost:&tag_user_{{ user }}
tasks:
- name: Get ipaddr of Jumphost
set_fact:
remote_ip: "{{ inventory_hostname | ipaddr}}"
- name: Get ipaddr of Jumphost
set_fact:
remote_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
when: not remote_ip
- name: Store external ip address of Jumphost
add_host:
name: "{{ remote_ip }}"
groups: "moadsd_ng_jumphost_instance_public"
- hosts: localhost
gather_facts: false
tasks:
- name: Include vars
include: site_vars.yml
- name: Listing Jumphost Environment
debug:
msg:
- "Jumphost : {{ jumphost_ip }}"
when: site_deploy_jumphost == True
- name: Listing Kubernetes Environment
debug:
msg:
- "Kubernetes Master : {{ k8smaster_ip }}"
- "Kubernetes Worker 1 : {{ k8sworker1_ip }}"
when: site_deploy_kubernetes == True
- name: Listing OpenShift Environment
debug:
msg:
- "OpenShift Master : {{ openshift_ip }}"
when: site_deploy_openshift == True
- name: Listing Deep Security Environment
debug:
msg:
- "Deep Security : {{ dsm_ip }}"
- "PostgreSQL : {{ dsmdb_ip }}"
when:
- site_deploy_deepsecurity == True
- deepsecurity_variant == 'dsm'
# #####################################################################
# Deploy Endpoints / Servers
# #####################################################################
- name: Deploy Endpoints
hosts: tag_role_linuxep:tag_role_windowsep:&tag_user_{{ user }}
tasks:
- name: Include vars
include: site_vars.yml
- name: Deploy DSA with DSaaS
include_role:
name: deepsecurity-agent
vars:
operation: deploy
tenant_id: "{{ deepsecurity_tenant_id }}"
tenant_password: "{{ deepsecurity_administrator_password }}"
token: "{{ deepsecurity_token }}"
force_reactivation: False
when:
# - site_deploy_endpoints == True
- deepsecurity_variant == 'dsaas'
- name: Deploy DSA with DSM on MOADSD-NG
include_role:
name: deepsecurity-agent
vars:
operation: deploy
dsm_agent_download_hostname: "{{ dsm_ip }}"
dsm_agent_download_port: 4119
dsm_agent_activation_hostname: "{{ dsm_ip }}"
dsm_agent_activation_port: 4120
force_reactivation: False
when:
# - site_deploy_endpoints == True
- deepsecurity_variant == 'dsm'
- name: Set Linux Server policy
hosts: tag_role_linuxep:&tag_user_{{ user }}
tasks:
- name: Set Policy
include_role:
name: deepsecurity-agent
vars:
operation: set-policy-by-name
policy_name: Linux Server
- name: Set Windows Server policy
hosts: tag_role_windowsep:&tag_user_{{ user }}
tasks:
- name: Set Policy
include_role:
name: deepsecurity-agent
vars:
operation: set-policy-by-name
policy_name: Windows Server
- name: Update Configuration
hosts: tag_role_linuxep:&tag_user_{{ user }}, tag_role_windowsep:&tag_user_{{ user }}
tasks:
- name: Update Configuration
include_role:
name: deepsecurity-agent
vars:
operation: update-configuration
- name: Initiate Recommendation Scan
include_role:
name: deepsecurity-agent
vars:
operation: run-recommendation-scans
- name: Prepare Facter for Deep Security
hosts: tag_role_linuxep:&tag_user_{{ user }}
become: yes
tasks:
- name: Update APT cache
yum:
update_cache: yes
- name: Install the latest version of "facter"
yum:
name: facter
state: present
- name: "Create custom fact directory"
file:
path: "/etc/ansible/facts.d"
state: "directory"
- name: "Insert custom fact file"
copy:
src: ./files/dsa_status.fact
dest: /etc/ansible/facts.d/dsa_status.fact
mode: 0755