search

rocknsm / rock

Automated deployment scripts for the RockNSM network hunting distribution.
http://rocknsm.io
Apache License 2.0
447 stars 96 forks source link

Update lighttpd role #571

Open spartan782 opened 3 years ago

spartan782 commented 3 years ago

Each role needs to be checked and update any ansible modules or tasks that are deprecated, failing or giving warnings.

koelslaw commented 3 years ago

Online Deploy LGTM

PLAY [docket,kibana] *******************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [Include user-override vars] ******************************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Install packages] *****************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [Install ROCK lighttpd configuration] *********************************************************************
changed: [simplerockbuild.simplerock.lan] => (item=10-rock-auth.conf)
changed: [simplerockbuild.simplerock.lan] => (item=10-tls.conf)
changed: [simplerockbuild.simplerock.lan] => (item=20-rock-vars.conf)
changed: [simplerockbuild.simplerock.lan] => (item=50-rockproxy.conf)

TASK [Enable lighttpd vhosts] **********************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [Disable lighttpd ipv6] ***********************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [Enable lighttpd to perform proxy connect] ****************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Generate sensor private key] ******************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Generate sensor public key] *******************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Generate sensor CSR] **************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Generate sensor certificate] ******************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Combine sensor cert and key] ******************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Generate DH parameters] ***********************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Configure firewall ports] *********************************************************************
changed: [simplerockbuild.simplerock.lan] => (item=443)

TASK [lighttpd : Check if initial user has already been created] ***********************************************
ok: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Determine initial username] *******************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Determine initial password] *******************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Set initial credentials] **********************************************************************
included: /usr/share/rock/roles/lighttpd/tasks/add-user.yml for simplerockbuild.simplerock.lan

TASK [lighttpd : Ensure passwd file exists] ********************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Hash password] ********************************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [Add a new user to lighttpd] ******************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [lighttpd : Output initial credentials] *******************************************************************
changed: [simplerockbuild.simplerock.lan]

RUNNING HANDLER [Enable and restart lighttpd] ******************************************************************
changed: [simplerockbuild.simplerock.lan]

PLAY [docket,stenographer] *************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [Include user-override vars] ******************************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [Check for docket and stenographer hosts] *****************************************************************
ok: [simplerockbuild.simplerock.lan] => {
    "changed": false, 
    "msg": "All assertions passed"
}

TASK [docket : Configure RockNSM online repos] *****************************************************************
ok: [simplerockbuild.simplerock.lan] => (item={u'gpgcheck': True, u'name': u'rocknsm_2_5', u'baseurl': u'https://packagecloud.io/rocknsm/2_5/el/7/$basearch'})
ok: [simplerockbuild.simplerock.lan] => (item={u'gpgcheck': False, u'name': u'rocknsm_2_5-source', u'baseurl': u'https://packagecloud.io/rocknsm/2_5/el/7/SRPMS'})

TASK [docket : Install packages] *******************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [docket : Ensure ansible_cache dir exists] ****************************************************************
ok: [simplerockbuild.simplerock.lan -> localhost]

TASK [docket : Set ansible_cache fact] *************************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [docket : Ensure rock nsm conf dir exists] ****************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [Ensure docket x509 user exists] **************************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [Ensure docket x509 group exists] *************************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [Ensure docket x509 dir exists] ***************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [Create docket private key] *******************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [docket : Set perms on private key] ***********************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [docket : Check for certificate] **************************************************************************
ok: [simplerockbuild.simplerock.lan] => (item=simplerockbuild.simplerock.lan)

TASK [docket : Debug cert output] ******************************************************************************
ok: [simplerockbuild.simplerock.lan] => {
    "docket_cert.results": [
        {
            "ansible_loop_var": "item", 
            "changed": false, 
            "failed": false, 
            "invocation": {
                "module_args": {
                    "checksum_algorithm": "sha1", 
                    "follow": false, 
                    "get_attributes": true, 
                    "get_checksum": true, 
                    "get_md5": false, 
                    "get_mime": true, 
                    "path": "/etc/pki/docket/docket-simplerockbuild_sensor-simplerockbuild.simplerock.lan_cert.pem"
                }
            }, 
            "item": "simplerockbuild.simplerock.lan", 
            "stat": {
                "exists": false
            }
        }
    ]
}

TASK [Create docket csr] ***************************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [docket : Fetch csr] **************************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [docket : Dump number of missing certs] *******************************************************************
ok: [simplerockbuild.simplerock.lan] => (item=simplerockbuild.simplerock.lan) => {
    "msg": "Number of missing certs: 1"
}

TASK [docket : Dump the cert info for] *************************************************************************
ok: [simplerockbuild.simplerock.lan] => (item=simplerockbuild.simplerock.lan) => {
    "ansible_loop_var": "item", 
    "hostvars[item].docket_cert|json_query('results[?item==inventory_hostname_short]')": [], 
    "item": "simplerockbuild.simplerock.lan"
}

TASK [docket : Push csr to stenographer hosts] *****************************************************************
changed: [simplerockbuild.simplerock.lan] => (item=simplerockbuild.simplerock.lan)

TASK [docket : Sign certificate signing requests] **************************************************************
changed: [simplerockbuild.simplerock.lan] => (item=simplerockbuild.simplerock.lan)

TASK [docket : Pull certificates back] *************************************************************************
changed: [simplerockbuild.simplerock.lan] => (item=simplerockbuild.simplerock.lan)

TASK [docket : Pull back ca certificates] **********************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [Push certificates to docket hosts] ***********************************************************************
changed: [simplerockbuild.simplerock.lan] => (item=simplerockbuild.simplerock.lan)

TASK [docket : Push stenographer ca certs] *********************************************************************
changed: [simplerockbuild.simplerock.lan] => (item=simplerockbuild.simplerock.lan)

TASK [docket : Cleanup /tmp/ansible.pdYxt9 dir] ****************************************************************
ok: [simplerockbuild.simplerock.lan -> localhost]

TASK [docket : Check existing secret_key] **********************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [docket : debug] ******************************************************************************************
ok: [simplerockbuild.simplerock.lan] => {
    "msg": {
        "changed": false, 
        "cmd": "awk '/^SECRET_KEY/ {print $2}' /etc/docket/prod.yaml", 
        "delta": "0:00:00.005365", 
        "end": "2021-10-29 01:26:11.270622", 
        "failed": false, 
        "rc": 0, 
        "start": "2021-10-29 01:26:11.265257", 
        "stderr": "", 
        "stderr_lines": [], 
        "stdout": "CHANGE_THIS_SECRET_KEY_TO_ANY_RANDOM_VALUE", 
        "stdout_lines": [
            "CHANGE_THIS_SECRET_KEY_TO_ANY_RANDOM_VALUE"
        ]
    }
}

TASK [docket : Keep existing secret_key] ***********************************************************************
skipping: [simplerockbuild.simplerock.lan]

TASK [Set production docket config] ****************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [docket : Set uwsgi config] *******************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [docket : Enable redis] ***********************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [Enable docket celery services] ***************************************************************************
changed: [simplerockbuild.simplerock.lan] => (item=docket-celery-io)
changed: [simplerockbuild.simplerock.lan] => (item=docket-celery-query)

TASK [Enable docket uwsgi service] *****************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [docket : Create lighttpd + uwsgi config] *****************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [docket : Create vhost logdir] ****************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [docket : Enable lighttpd vhosts] *************************************************************************
ok: [simplerockbuild.simplerock.lan]

TASK [Add lighttpd into docket group] **************************************************************************
changed: [simplerockbuild.simplerock.lan]

TASK [docket : Enable lighttpd service] ************************************************************************
ok: [simplerockbuild.simplerock.lan]

RUNNING HANDLER [docket : Restart redis] ***********************************************************************
changed: [simplerockbuild.simplerock.lan]

RUNNING HANDLER [Restart docket celery services] ***************************************************************
changed: [simplerockbuild.simplerock.lan] => (item=docket-celery-io)
changed: [simplerockbuild.simplerock.lan] => (item=docket-celery-query)

RUNNING HANDLER [Restart docket uwsgi] *************************************************************************
changed: [simplerockbuild.simplerock.lan]

RUNNING HANDLER [docket : Restart lighttpd] ********************************************************************
changed: [simplerockbuild.simplerock.lan]