start.yml 4.77 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
---

#- name: Create config directory
#  file:
#    name: config
#    state: directory
#    mode: 0700

- name: Copy cacert to ca-trust dir
  remote_user: root
  copy:
    src: "{{playbook_dir}}/secrets/CA/ca.crt"
    dest: /etc/pki/ca-trust/source/anchors/ca.crt

- name: Install cacert to root truststore
  remote_user: root
  command: "update-ca-trust"

- name: Copy certificates in odfe kibana conf dir
  remote_user: kibana
  copy:
    src:  "{{ item }}"
    dest: "config/"
    mode: 0600
  with_items:
    - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
    - "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
    - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
    - "{{playbook_dir}}/secrets/CA/cacerts.jks"
    - "{{playbook_dir}}/secrets/CA/ca.crt"
    - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"

- name: Get openid authkey
  remote_user: kibana
  set_fact:
    kibanasecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/kibanasecret',convert_data=False) | from_json }}"

#- name: Configure sysconfig
#  template:
#    src: sysconfig_elasticsearch.j2
#    dest: sysconfig_elasticsearch
#
#- name: Copy sysconfig to /etc
#  command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"

#  lineinfile:
#    path: /etc/sysconfig/elasticsearch
#    regexp: '^ES_PATH_CONF='
#    line: ES_PATH_CONF=/usr/share/elasticsearch/config

- name: Configure odfe kibana properties
  remote_user: kibana
  template:
    src: "{{item}}.j2"
    dest: "config/{{item}}"
  with_items:
    - kibana.yml

- name: Configure odfe kibana start script
  remote_user: kibana
  template:
    src: "{{item}}.j2"
    dest: "{{item}}"
    mode: 0750
  with_items:
    - startkibana.sh

#- name: Exit here to test ODFE
#  meta: end_play


- name: Generate configuration for thehive_button plugin
  remote_user: kibana
  template:
    src: files/env.js.j2
    dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
    owner: kibana
    group: kibana


- name: Start Kibana
  remote_user: root
  shell: "supervisorctl start kibana"

- name: Wait for Kibana
  remote_user: kibana
  wait_for:
    host: "{{groups['odfekibanacontainers'][0]}}"
    port: 5601
    state: started
    delay: 5

- name: Check Kibana health
  remote_user: kibana
  shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
              | egrep status....overall....state...green'
  register: result
  until: result.rc == 0
  retries: 90
  delay: 2
  ignore_errors: yes

#- name: Copy tenant.json to container
#  remote_user: kibana
#  copy:
#    src: "files/tenant.json"
#    dest: /tmp/tenant.json
#
#- name: change tenant to global
#  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/multitenancy/tenant" \
#         -b /tmp/cookie.txt -c /tmp/cookie.txt \
#         -k --user admin:{{ odfees_adminpass }} \
#         -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
#         -d @/tmp/tenant.json'

- name: Copy kibana_graphs.ndjson to container
  remote_user: kibana
Arne Øslebø's avatar
Arne Øslebø committed
118
119
  template:
    src: "kibana_graphs.ndjson.j2"
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
    dest: /tmp/kibana_graphs.ndjson

- name: Import graphs to kibana
  remote_user: kibana
  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
          -b /tmp/cookie.txt -c /tmp/cookie.txt \
          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
          -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
          -F "file=@/tmp/kibana_graphs.ndjson"'

- name: Copy role modification json to container
  remote_user: kibana
  template:
    src: "role.json.j2"
    dest: /tmp/role.json

- name: Grant admin permissions to users
  remote_user: kibana
  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \
          -b /tmp/cookie.txt -c /tmp/cookie.txt \
          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
          -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
          -d @/tmp/role.json'

#- name: cleanup temporary files for kibana_graph import
#  shell: '/bin/rm -rf /tmp/cookie.txt /tmp/kibana_graphs.ndjson /tmp/tenant.json'
#  ignore_errors: true

#- name: check reachable hosts
#  gather_facts: no
#  tasks:
#    - command: ping -c1 {{ inventory_hostname }}
#      delegate_to: localhost
#      register: ping_result
#      ignore_errors: yes
#    - group_by: key=reachable
#      when: ping_result|success

#- name: Stop OpenDistro Kibana for Elasticsearch
#  command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"

- name: Set Autostart for supervisord's services
  replace:
    path: /etc/supervisord.conf
    regexp: '^autostart=false$'
    replace: 'autostart=true'