Open mrwacky42 opened 3 years ago
Since it's been over a year, I forked this project and published an alternative to Galaxy. https://github.com/deekayen/al-agents-ansible-playbooks has a kludge, some updates, and Molecule testing until I can get Alert Logic to publish the GPG key so we can do a proper key import and/or validation task.
Something like this would probably be sufficient for RHEL 8/9:
In tasks/install_agent.yml:
- name: Import Alert Logic Atlas GPG key.
ansible.builtin.rpm_key:
key: "{{ al_agent_gpg_key }}"
fingerprint: "{{ al_agent_gpg_fingerprint }}"
state: present
when:
- ansible_os_family == "RedHat"
In vars/RedHat.yml:
al_agent_gpg_key: "{{ al_agent_base_url }}/software/al-agent-pkg-key.asc"
al_agent_gpg_fingerprint: '9a2a3e9a817127b121b2b2fb00802f0e0186cc36'
Public contributions are welcome! Anyone can submit a Pull Request for features and further OS support. We will review them and publish them once approved. Please follow the guidelines in the Readme and we will happily review and test them on our end. https://github.com/alertlogic/al-agents-ansible-playbooks#contributing
This ansible role fails on Amazon Linux 2 instances due to an unsigned package. Amazon Linux 2 instances have
gpgcheck=1
configured by default.As implemented, this role does not work on Amazon Linux 2, or any system with
gpgcheck=1
enabled. Workaround: switch frompackage
toyum
for RedHat and explicitly setdisable_gpg_check: true
It seems that a security product should expect to be installed on a securely configured instance. Given the recent debacle with Solarwinds, it is somewhat scary to install vendors unsigned packages.