init.yml 5.32 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
---

- name: Copy cacert to ca-trust dir
  remote_user: root
  copy:
    src: "{{playbook_dir}}/secrets/CA/ca.crt"
    dest: /etc/pki/ca-trust/source/anchors/ca.crt

- name: Install cacert to root truststore
  remote_user: root
  command: "update-ca-trust"

- name: Copy certificates in NiFi conf dir
  remote_user: nifi
  copy:
    src:  "{{ item }}"
    dest: "conf/"
  with_items:
    - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
    - "{{playbook_dir}}/secrets/CA/cacerts.jks"
    - common-cacerts.jks

- name: Check if flow.xml already exists
  remote_user: nifi
  stat:
    path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
  register: flowfile

- name: Configure flow.xml
  remote_user: nifi
  template:
    src:  "flow.xml.j2"
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
  when: not flowfile.stat.exists

- name: Gzip flow.xml
  remote_user: nifi
  archive:
    path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
    format: gz
  when: not flowfile.stat.exists

- name: Get openid authkey
  remote_user: nifi
  set_fact:
    nifisecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/nifisecret',convert_data=False)}}"

- name: Configure NiFi boostrap properties
  remote_user: nifi
  template:
    src: bootstrap.conf.j2
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/bootstrap.conf"

- name: Configure NiFi properties for secure servers
  remote_user: nifi
  template:
    src: nifi.properties.j2
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/nifi.properties"

61
62
63
64
65
66
67
68
69
- name: Configure compression of NiFi log files
  # NiFi log files can consume ~3GB (on each node) in default configuration.
  # Add ".gz" to the filename pattern, which enables compression of rolled log files
  remote_user: nifi
  replace:
    path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/logback.xml"
    regexp: '\.log</fileNamePattern>'
    replace: '.log.gz</fileNamePattern>'

70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
- name: Copy authorizations.xml
  remote_user: nifi
  copy:
    src: "authorizations.xml"
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizations.xml"

- name: Configure users
  remote_user: nifi
  template:
    src: users.xml.j2
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/users.xml"

- name: Configure NiFi authorizers for secure servers
  remote_user: nifi
  template:
    src: authorizers.xml.j2
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/authorizers.xml"

- name: Create conf/enrich dir
  remote_user: nifi
  file: path={{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich state=directory

- name: Create conf/enrich/freq dir
  remote_user: nifi
  file: path={{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/freq state=directory

- name: Download freq processor
  remote_user: nifi
  get_url:
    url: 'https://gitlab.geant.org/gn4-3-wp8-t3.1-soc/nifi-processors/-/raw/master/scripts/freq/{{ item }}'
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/freq/"
  with_items:
   - alexa.json
   - freq.py
   - freqProcessor.py

- name: Copy empty GeoLite2-City database
  remote_user: nifi
  copy:
    src: GeoLite2-City.mmdb
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/GeoLite2-City.mmdb"

- name: Copy CountriesWithRegionalCodes.csv
  remote_user: nifi
  copy:
    src: CountriesWithRegionalCodes.csv
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/CountriesWithRegionalCodes.csv"

- name: Copy grok libraries
  copy:
   src: haproxy.groklib
   dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/haproxy.groklib"

- name: Create empty list of Tor nodes
  remote_user: nifi
  copy:
    content: "ip_addr,value"
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/tornodes.csv"
    force: no

- name: Download umbrella-top-1m.csv.zip
  remote_user: nifi
  local_action:
    module: get_url
    url: http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip
    dest: "/tmp/umbrella-top-1m.csv.zip"
  run_once: True

- name: Unzip umbrella-top-1m.csv.zip
  remote_user: nifi
  local_action:
    module: unarchive
    src: "/tmp/umbrella-top-1m.csv.zip"
    dest: "/tmp"
  run_once: True

- name: Copy umbrella-top-1m.csv
  remote_user: nifi
  copy:
    src: "/tmp/top-1m.csv"
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/umbrella-top-1m.csv"

- name: Add header to umbrella-top-1m.csv
  remote_user: nifi
  lineinfile:
    path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/umbrella-top-1m.csv"
    line: 'index,domain'
    insertbefore: BOF

- name: Download alexa-top-1m.csv.zip
  remote_user: nifi
  local_action:
    module: get_url
    url: http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
    dest: "/tmp/alexa-top-1m.csv.zip"
  run_once: True

- name: Unzip alexa-top-1m.csv.zip
  remote_user: nifi
  local_action:
    module: unarchive
    src: "/tmp/alexa-top-1m.csv.zip"
    dest: "/tmp"
  run_once: True

- name: Copy alexa-top-1m.csv
  remote_user: nifi
  copy:
    src: "/tmp/top-1m.csv"
    dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/alexa-top-1m.csv"

- name: Add header to alexa-top-1m.csv
  remote_user: nifi
  lineinfile:
    path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/enrich/alexa-top-1m.csv"
    line: 'index,domain'
    insertbefore: BOF

- name: Set Autostart for supervisord's services
  replace:
    path: /etc/supervisord.conf
    regexp: '^autostart=false$'
    replace: 'autostart=true'