Additional playbook cleanup and use stable release

The stable release of the kolide has been cut. This change sets our used version of kolide to "2.0.0". Change-Id: Ie488fe42e98bd96f5777c1c893fc79e50a2eddee Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-10-18 10:47:41 -05:00 · 2018-10-18 10:47:41 -05:00 · e0e8579785
commit e0e8579785
parent 6ee136fea9
4 changed files with 13 additions and 49 deletions
--- a/osquery/README.rst
+++ b/osquery/README.rst
@ -2,19 +2,11 @@ Install OSQuery and Kolide fleet
 ################################
 :tags: openstack, ansible

-Table of Contents
-=================
-
-      * [About this repository](#about-this-repository)
-      * [OpenStack-Ansible Integration](#openstack-ansible-integration)
-      * [TODO](#todo)
-
-
 About this repository
 ---------------------

-This set of playbooks will deploy osquery. If this is being deployed as part of
-an OpenStack all of the inventory needs will be provided for.
+This set of playbooks will deploy osquery and kolide-fleet. If this is being
+deployed as part of an OpenStack all of the inventory needs will be provided for.


 **These playbooks require Ansible 2.4+.**
@ -27,6 +19,7 @@ build and operate against.
    :alt: Osquery & Kolide Fleet Architecture Diagram
    :align: center

+
 OpenStack-Ansible Integration
 -----------------------------

@ -34,6 +27,7 @@ These playbooks can be used as standalone inventory or as an integrated part of
 an OpenStack-Ansible deployment. For a simple example of standalone inventory
 see ``inventory.example.yml``.

+
 Setup | system configuration
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

@ -243,14 +237,3 @@ This diagram outlines the data flow from within an osquery deployment.
    :scale: 50 %
    :alt: Kolide & Osquery Data Flow Diagram
    :align: center
-
-
-TODO
----
-The following is a list of open items.
- - [x] Test Redhat familly Operating Systems
- - [x] missing mariadb cluster (should all work needs additional vars)
- - [x] use haproxy instead of the kolide fleet server ip
- - [ ] add/update tags
- - [x] convert to roles
- - [x] add testing
--- a/osquery/roles/fleet/defaults/main.yml
+++ b/osquery/roles/fleet/defaults/main.yml
@ -21,11 +21,10 @@ kolide_fleet_db_user: fleet

 kolide_fleet_port: "8443"
 kolide_fleet_address: "127.0.0.1:{{ kolide_fleet_port }}"
-kolide_fleet_version: "2.0.0-rc5"
+kolide_fleet_version: "2.0.0"
 kolide_fleet_url: "https://github.com/kolide/fleet/releases/download"

 kolide_fleet_admin_email: admin@openstack.org
-#kolide_fleet_admin_password: AdminSecrete

 kolide_fleet_ssl_cert: /etc/ssl/certs/fleet.cert
 kolide_fleet_ssl_key: /etc/ssl/private/fleet.key
@ -35,19 +34,3 @@ kolide_fleet_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
 kolide_fleet_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"

 kolide_fleet_ssl_key_purge: false
-
-#kolide_fleet_osquery_enroll_secret: "{{ kolide_fleet_enroll_secret }}"
-
-
-# MariaDB/Gallera Variables
-mariadb_bind_address: "0.0.0.0"
-mariadb_root_remote: 1
-mariadb_root_user: root
-mariadb_databases:
-  - name: "{{ kolide_fleet_db_name }}"
-
-mariadb_users:
-  - name: "{{ kolide_fleet_db_user }}"
-    password: "{{ kolide_fleet_db_password }}"
-    priv: " {{ kolide_fleet_db_name }}.*:ALL"
-    host: "%"
--- a/osquery/roles/fleet/tasks/createFleetDB.yml
+++ b/osquery/roles/fleet/tasks/createFleetDB.yml
@ -15,22 +15,20 @@

 - name: Create DB for service
  mysql_db:
-    login_user: "{{ mariadb_root_user }}"
+    login_user: "root"
    login_password: "{{ galera_root_password }}"
-    login_host: "{{ mariadb_login_host | default('localhost') }}"
+    login_host: "127.0.0.1"
    name: "{{ kolide_fleet_db_name }}"
    state: "present"
  delegate_to: "{{ groups['mariadb_all'][0] }}"
  no_log: False
  run_once: true
-  tags:
-    - fleet_db_install

 - name: Grant access to the DB for the service
  mysql_user:
-    login_user: "{{ mariadb_root_user }}"
+    login_user: "root"
    login_password: "{{ galera_root_password }}"
-    login_host: "{{ mariadb_login_host | default('localhost') }}"
+    login_host: "127.0.0.1"
    name: "{{ kolide_fleet_db_user }}"
    password: "{{ kolide_fleet_db_password }}"
    host: "{{ item }}"
@ -38,8 +36,9 @@
    priv: "{{ kolide_fleet_db_name }}.*:ALL"
    append_privs: "{{ kolide_fleet_db_append_privs | default(omit) }}"
  delegate_to: "{{ groups['mariadb_all'][0] }}"
-  with_items: "{{ grant_list | default(['localhost', '%']) }}"
+  with_items:
+    - 'localhost'
+    - '127.0.0.1'
+    - '%'
  no_log: False
  run_once: true
-  tags:
-    - fleet_db_install
--- a/osquery/roles/fleet/tasks/fleetMigrateDB.yml
+++ b/osquery/roles/fleet/tasks/fleetMigrateDB.yml
@ -13,7 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-
 - name: Migrate the fleet database
  command: /usr/local/bin/fleet prepare db --config=/etc/fleet/fleet_config.yml  --no-prompt
  changed_when: false