Closed UDilhan closed 8 months ago
Hello,
Thank you for your answer. I understand why it could not work.
I will post another PR with a system that tracks if each kind of binary (windows/linux/macos) has been downloaded to prevent them to be downladed multiple times.. With something like an array that says "linux_already_downloaded=false, macos_already_downloaded=true,...".
BR, Ulutas Dilhan
Have you tried setting: falcon_api_sensor_download_path
? The sensor_download module will only download it if it doesn't already exist.
You can check out the module docs for crowdstrike.falcon.sensor_download to get more information, but essentially what is happening in the falcon_install
role is that if you don't set that variable, a default directory essentially gets created for each host you run against.
Now there are a couple ways to do this depending on however you would like to implement it, but here are some ideas:
Most basic - set the variable to an existing local directory you want to the files to download to:
- hosts: all
vars:
falcon_client_id: <FALCON_CLIENT_ID>
falcon_client_secret: <FALCON_CLIENT_SECRET>
roles:
- role: crowdstrike.falcon.falcon_install
vars:
falcon_api_sensor_download_path: /tmp/linux
Use hostgroup vars:
[windows_hosts]
win_host1
[linux_hosts]
linux_host1
linux_host2
[mac_hosts]
mac_host1
[windows_hosts:vars]
falcon_api_sensor_download_path=/tmp/windows
[linux_hosts:vars]
falcon_api_sensor_download_path=/tmp/linux
[mac_hosts:vars]
falcon_api_sensor_download_path=/tmp/mac
Try it out and let me know if it's working for you.
Hello - thanks for opening up a PR, but unfortunately this won't be acceptable as this situation would only apply to a homogenous environment. If you had a mix of OS' you were running against, then you would not be able to capture the proper sensors for those OS' using this approach.
If you want to discuss more, feel free to open up an issue and we can talk about your situation.