more users with this ansible role

[pablodav]

Hi @deajan ,

I have noticed you are one of those users that contribute a lot to burp, and also use burp in production.

Do you think it is feasible for you to use this ansible role? Also the other roles?

What this role needs to have added for you?

I'm looking for more people using it as it could benefit all of use when more users are using same method of deployment.

Also it could benefit all having a nice defaults.

[deajan]

To be perfectly honest, although I use ansible for other usages,, my burp servers are way too specific for being setup as an ansible role so I won't be of good help here. I usually setup a burp server with both protocols on the same server, depending on the port used, but sharing one single installation plus one single burp-ui. Sorry for not being helpful here.

Of course I could fire up a VM and try the role, since I currently am working on some burp benchmarks.

[pablodav]

Hi @deajan Thanks for taking time answering.

For protocols, you don't need different server on different port to set different protocol. Based on burp manpage, you can set on same client two client config files with different client_cname and certs, and set in client or clientconf server side different protocol and get same effect. This option can be overridden by the client configuration files in clientconfdir on the server.

But if you want to set two different servers with same setup I can help managing that, as I already do it for "restore server" https://github.com/CoffeeITWorks/ansible_burp2_server/blob/master/defaults/main.yml#L8 https://github.com/CoffeeITWorks/ansible_burp2_server/blob/ab515a86dfddbdd39de75bd9f05616a2948614f9/README.md#configure-burp-restore-service https://github.com/CoffeeITWorks/ansible_burp2_server/blob/c357051b04593e618dbbfab8a02bf1163b1e4085/tasks/config_restore.yml

But I don't think it is really necessary.

Ofcourse you can setup your own server config after getting all the steps done by this role too, it will not conflict if you don't use same files as this role. (you can do it manually or adding your own playbook)

burpui ansible role also supports standalone installation sharing same server as burp, and it is the way I test the burpui role. https://github.com/CoffeeITWorks/ansible_burpui_server/blob/master/molecule/default/playbook.yml

So no issues from burpui side I think.

I'm will be please to address any challenge you give me with these roles. I want more people using it so if there is something I can resolve for you, I think it will make more chances for you and any other person to use the role.

Ofcourse it has great advantages for testing and benchmarks, as with automatic setup you can do more with less manual work. There is a test playbook: https://github.com/CoffeeITWorks/ansible_burp2_server/blob/master/defaults/main.yml#L28

https://github.com/CoffeeITWorks/ansible_burp2_server/blob/master/tasks/tests/test_client.yml

I can try adding a benchmark playbook? probably it could need help from you too.

Creating and maintaining profiles with this role is quiet easy too: https://github.com/CoffeeITWorks/ansible_burp2_server/blob/master/defaults/main.yml#L117

So it already has lot of flexibility to address many issues (like having different protocols for different profiles, etc).

[deajan]

I know for the protocol override in the clientconfdir, but it's way easier keeping track of different clients this way for me.

I just setup my latest burp servers (identical 2.2.4 versions, one with librsync 2.0.2 and one other with librsync 1.0.0) for my benchmarks. Once my testings are over, I'll use your ansible role to see how the burp deployments go with it.

Btw, I invite you to do me the same favor by testing my backup_tool_script which is included in burp since 2.2.0 series.

[pablodav]

ofcourse @deajan ,

will start adding that in this role and test in my servers after deployment.

[deajan]

I'm still messing around with librsync settings for speed measures (just found out latest burp versions have an issue with hash algorith selection). It'll take a while before I'm ready to test your role, but it's definitly on my TODO for the next server I'll setup. Do you have any quickstart guide ready ?

[pablodav]

backup_script_tools is added now in pull #27

[pablodav]

Added optimizations documented in issue #24

Thinking in creating an issue to discuss the next roadmap, or continue on this one, just to spread what I'm planning / doing / thinking and to open possibility to receive some feedback too.

[pablodav]

@deajan I'm preparing a big number of updates on burp roles, hope it will be useful some time for you too.

[deajan]

@pablodav At least for my personal servers, yes ;) The prod servers I run are configured far from standards ;) I'll definitly need to try the new roles so my own setups become automated.

[pablodav]

good to know you have used it in some way.

I need to finish the latest tests and changes, but the idea of the roles is to be adaptable on all scenarios.

So you can manage the settings using simple variables on your host_vars or group_vars as per host or per group of hosts. And any thing not yet ready could be a new issue to create on this repo :)

[deajan]

As much as I do enjoy your prop, my prod setups involve source code changes on the fly, recompilations, naming changes, etc... so I'd probably end taking more time to adapt the role than using my basic bash installer script that does my mods.

But I'll definitly try your roles with my personal servers as said. I know I've asked this before, but last time I tried, it wasn't really straightforward for me and I ended up trying various ansible roles and setups. You have many ansible burp repos and it's not easy to find stuff I must say. Do you have any quickstarter guide to install burp + burp-ui + burp-ui-agents ? (Something from the beginning like yum install ansible; ansible-role [blablabla]...; in a couple of commands for CentOS 7)

[pablodav]

Once I finish all the work I have been doing, I will prepare a better quickstart guide.

[pablodav]

Hi @deajan @ziirish @grke

Please comment me what you think about it:

https://github.com/CoffeeITWorks/ansible_burp2_server/blob/develop/resources/quickstart/Quickstart.md

I'm preparing to be added as link then in: https://github.com/grke/burp/wiki/Automated-deploy-and-maintenance

If all is right, I will merge into master and add the link, then close this issue?