--- # Copyright 2018, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Get osquery facts hosts: kolide-fleet_all[0] become: true vars_files: - vars/variables.yml tags: - always environment: "{{ deployment_environment_variables | default({}) }}" gather_facts: "{{ osa_gather_facts | default(True) }}" tasks: - name: Fetch Certificates fetch: flat: yes src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - src: "{{ kolide_fleet_ssl_cert }}" dest: "/tmp/{{ kolide_fleet_ssl_cert | basename }}" - src: "{{ kolide_fleet_ssl_key }}" dest: "/tmp/{{ kolide_fleet_ssl_key | basename }}" - name: Retrieve Enrollment Token command: /usr/local/bin/fleetctl get enroll-secret changed_when: false register: _enrollment_token - name: Set kolide fleet enrollment token fact set_fact: kolide_fleet_enroll_secret: "{{ _enrollment_token.stdout }}" - name: Write enroll secret copy: dest: "/tmp/{{ osquery_enroll_secret_file | basename }}" content: "{{ kolide_fleet_enroll_secret }}" mode: "0640" - name: Install osquery hosts: "hosts:all_containers" become: true vars_files: - vars/variables.yml environment: "{{ deployment_environment_variables | default({}) }}" gather_facts: "{{ osa_gather_facts | default(True) }}" pre_tasks: - name: create osquery dir file: path: "{{ item }}" state: directory with_items: - /etc/osquery - /etc/osquery/ssl - name: Copy certifactes over copy: src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - dest: "{{ kolide_fleet_ssl_cert }}" src: "/tmp/{{ kolide_fleet_ssl_cert | basename }}" - dest: "{{ kolide_fleet_ssl_key }}" src: "/tmp/{{ kolide_fleet_ssl_key | basename }}" - dest: "{{ osquery_enroll_secret_file }}" src: "/tmp/{{ osquery_enroll_secret_file | basename }}" post_tasks: - name: Cleanup certifactes file: dest: "{{ item }}" state: "absent" delegate_to: localhost with_items: - "/tmp/{{ kolide_fleet_ssl_cert | basename }}" - "/tmp/{{ kolide_fleet_ssl_key | basename }}" - "/tmp/{{ osquery_enroll_secret_file | basename }}" roles: - role: "osquery"