diff --git a/tasks/01-elasticsearch.yml b/tasks/01-elasticsearch.yml index 0ff6e79e2d6e0e1f8c9b63676d0c46beb1bbaccc..71d219ea5abba8dc0f88108a470a25b6e0bfe8fe 100644 --- a/tasks/01-elasticsearch.yml +++ b/tasks/01-elasticsearch.yml @@ -2,7 +2,7 @@ remote_user: root gather_facts: yes vars_files: - - vars/main.yml + - ../vars/main.yml vars: ansible_python_interpreter: /usr/bin/python3 tasks: @@ -27,15 +27,25 @@ fail: msg="Elasticsearch/kibana version you defined in var/main.yml is not higher than 7.16.1 and lower than 8.0." when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) + - name: Update apt cache + apt: + update_cache: yes + + - name: Gather the package facts + package_facts: + manager: auto + - name: Ensure dig and gpg are installed apt: - update_cache: true - name: - - dnsutils - - gpg + update_cache: false + name: "{{ item }}" state: present - register: dnsutils_install_result - until: dnsutils_install_result is not failed + when: 'item not in ansible_facts.packages' + with_items: + - dnsutils + - gpg + register: dnsutils_gpg_install_result + until: dnsutils_gpg_install_result is not failed retries: 30 delay: 20 @@ -56,6 +66,7 @@ apt_key: url: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present + keyring: /etc/apt/trusted.gpg.d/elasticsearch.gpg - name: Add elasticsearch 7.x apt repo apt_repository: @@ -65,6 +76,7 @@ - name: Install system updates apt: + update_cache: true upgrade: dist dpkg_options: 'force-confold,force-confdef' @@ -128,9 +140,9 @@ group: '{{ item.group }}' mode: '{{ item.mode }}' loop: - - { src: 'elastic-proxy.conf.j2', dest: '/etc/nginx/sites-available/elastic-proxy.conf', owner: 'root', group: 'root', mode: '0664' } - - { src: 'elasticsearch.yml.j2', dest: '/etc/elasticsearch/elasticsearch.yml', owner: 'root', group: 'elasticsearch', mode: '0660' } - - { src: 'instances.yml.j2', dest: '/usr/share/elasticsearch/instances.yml', owner: 'root', group: 'elasticsearch', mode: '0660' } + - { src: '../templates/elastic-proxy.conf.j2', dest: '/etc/nginx/sites-available/elastic-proxy.conf', owner: 'root', group: 'root', mode: '0664' } + - { src: '../templates/elasticsearch.yml.j2', dest: '/etc/elasticsearch/elasticsearch.yml', owner: 'root', group: 'elasticsearch', mode: '0660' } + - { src: '../templates/instances.yml.j2', dest: '/usr/share/elasticsearch/instances.yml', owner: 'root', group: 'elasticsearch', mode: '0660' } - name: Enable nginx configuration files file: @@ -176,6 +188,10 @@ name: elasticsearch enabled: yes state: started + register: elastic_service_status + until: elastic_service_status is not failed + delay: 30 + retries: 2 - name: Wait for elasticsearch service to become up and running uri: diff --git a/tasks/02-kibana.yml b/tasks/02-kibana.yml index 53598a82305bfbc7e04d298d477d4044d361765e..fe56727bb8ec3744e88f6789b47c65ea2f278e99 100644 --- a/tasks/02-kibana.yml +++ b/tasks/02-kibana.yml @@ -2,7 +2,7 @@ remote_user: root gather_facts: yes vars_files: - - vars/main.yml + - ../vars/main.yml vars: ansible_python_interpreter: /usr/bin/python3 tasks: @@ -19,15 +19,25 @@ fail: msg="Elasticsearch/kibana version you defined in var/main.yml is not higher than 7.16.1 and lower than 8.0." when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) - - name: Ensure dig and gpg installed + - name: Update apt cache apt: - update_cache: true - name: - - dnsutils - - gpg + update_cache: yes + + - name: Gather the package facts + package_facts: + manager: auto + + - name: Ensure dig and gpg are installed + apt: + update_cache: false + name: "{{ item }}" state: present - register: dnsutils_install_result - until: dnsutils_install_result is not failed + when: 'item not in ansible_facts.packages' + with_items: + - dnsutils + - gpg + register: dnsutils_gpg_install_result + until: dnsutils_gpg_install_result is not failed retries: 30 delay: 20 @@ -48,6 +58,7 @@ apt_key: url: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present + keyring: /etc/apt/trusted.gpg.d/elasticsearch.gpg - name: Add elasticsearch 7.x apt repo apt_repository: @@ -77,7 +88,7 @@ cmd: | apt-cache madison kibana | grep {{ elasticsearch_kibana_version }} | head -n1 | awk -F"|" '{print $2}' | tr -d ' ' register: elasticsearch_kibana_version_latest - when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) + when: elasticsearch_kibana_version is defined - name: Install kibana specific versions if elasticsearch_kibana_version variable is set apt: @@ -86,7 +97,7 @@ - kibana={{ elasticsearch_kibana_version_latest.stdout }} state: present dpkg_options: 'force-confold,force-confdef' - when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) + when: elasticsearch_kibana_version is defined - name: Prevent kibana packages from being upgraded if elasticsearch_kibana_version variable is set dpkg_selections: @@ -94,7 +105,7 @@ selection: hold with_items: - kibana - when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) + when: elasticsearch_kibana_version is defined - name: Install latest kibana 7.x versions if elasticsearch_kibana_version variable is not set apt: @@ -121,8 +132,8 @@ group: '{{ item.group }}' mode: '{{ item.mode }}' loop: - - { src: 'kibana-proxy.conf.j2', dest: '/etc/nginx/sites-available/kibana-proxy.conf', owner: 'root', group: 'root', mode: '0664' } - - { src: 'kibana.yml.j2', dest: '/etc/kibana/kibana.yml', owner: 'root', group: 'kibana', mode: '0660' } + - { src: '../templates/kibana-proxy.conf.j2', dest: '/etc/nginx/sites-available/kibana-proxy.conf', owner: 'root', group: 'root', mode: '0664' } + - { src: '../templates/kibana.yml.j2', dest: '/etc/kibana/kibana.yml', owner: 'root', group: 'kibana', mode: '0660' } - name: Enable nginx configuration files file: @@ -168,6 +179,10 @@ name: kibana enabled: yes state: started + register: kibana_service_status + until: kibana_service_status is not failed + delay: 30 + retries: 2 - name: Wait for kibana service to become up and running uri: diff --git a/tasks/03-postgresql.yml b/tasks/03-postgresql.yml index cefbc3fed69a2feaa67a7859b847009ac33846c5..05f1731379874e1b9e6c41dc940116e889ccc19a 100644 --- a/tasks/03-postgresql.yml +++ b/tasks/03-postgresql.yml @@ -2,7 +2,7 @@ remote_user: root gather_facts: yes vars_files: - - vars/main.yml + - ../vars/main.yml vars: ansible_python_interpreter: /usr/bin/python3 tasks: @@ -15,14 +15,25 @@ - ansible_distribution_release != 'buster' - ansible_distribution_release != 'bullseye' - - name: Ensure gpg is installed + - name: Update apt cache apt: - update_cache: true - name: - - gpg + update_cache: yes + + - name: Gather the package facts + package_facts: + manager: auto + + - name: Ensure dig and gpg are installed + apt: + update_cache: false + name: "{{ item }}" state: present - register: dnsutils_install_result - until: dnsutils_install_result is not failed + when: 'item not in ansible_facts.packages' + with_items: + - dnsutils + - gpg + register: dnsutils_gpg_install_result + until: dnsutils_gpg_install_result is not failed retries: 30 delay: 20 @@ -30,6 +41,7 @@ apt_key: url: https://www.postgresql.org/media/keys/ACCC4CF8.asc state: present + keyring: /etc/apt/trusted.gpg.d/pgdg.gpg - name: Add PostgreSQL apt repo apt_repository: @@ -43,10 +55,6 @@ update_cache: true upgrade: dist dpkg_options: 'force-confold,force-confdef' - register: system_update_result - until: system_update_result is not failed - retries: 30 - delay: 20 - name: Ensure all required packages are installed apt: diff --git a/tasks/04-wifimon-agent.yml b/tasks/04-wifimon-agent.yml index 7d03ee8ea10d947bd76304dcf14c7eb947cc6eaf..0ea0735a07f292d954dac64bafd442fccc653e17 100644 --- a/tasks/04-wifimon-agent.yml +++ b/tasks/04-wifimon-agent.yml @@ -2,7 +2,7 @@ remote_user: root gather_facts: yes vars_files: - - vars/main.yml + - ../vars/main.yml vars: ansible_python_interpreter: /usr/bin/python3 tasks: @@ -15,15 +15,25 @@ - ansible_distribution_release != 'buster' - ansible_distribution_release != 'bullseye' + - name: Update apt cache + apt: + update_cache: yes + + - name: Gather the package facts + package_facts: + manager: auto + - name: Ensure dig and gpg are installed apt: - update_cache: true - name: - - dnsutils - - gpg + update_cache: false + name: "{{ item }}" state: present - register: dnsutils_install_result - until: dnsutils_install_result is not failed + when: 'item not in ansible_facts.packages' + with_items: + - dnsutils + - gpg + register: dnsutils_gpg_install_result + until: dnsutils_gpg_install_result is not failed retries: 30 delay: 20 @@ -91,16 +101,9 @@ - name: Install wifimon-agent package apt: - #deb: https://bitbucket.software.geant.org/projects/WFMON/repos/agent/raw/packages/wifimon-agent-{{ wifimon_agent_version }}.deb deb: https://s3.grena.ge/wifimon-agent/wifimon-agent-{{ wifimon_agent_version }}.deb dpkg_options: 'force-confold,force-confdef' - #- name: Create wifimon system user - # user: - # name: wifimon - # shell: /usr/sbin/nologin - # system: yes - - name: Remove useless packages from the cache apt: autoclean: yes @@ -123,11 +126,11 @@ group: '{{ item.group }}' mode: '{{ item.mode }}' loop: - - { src: 'was-proxy.conf.j2', dest: '/etc/nginx/sites-available/was-proxy.conf', owner: 'root', group: 'root', mode: '0664' } - - { src: 'was-ui-proxy.conf.j2', dest: '/etc/nginx/sites-available/was-ui-proxy.conf', owner: 'root', group: 'root', mode: '0664' } - - { src: 'hosts.j2', dest: '/etc/hosts', owner: 'root', group: 'root', mode: '0664' } - - { src: 'ui.properties.j2', dest: '/usr/lib/wifimon/config/ui.properties', owner: 'wifimon', group: 'root', mode: '0640' } - - { src: 'secure-processor.properties.j2', dest: '/usr/lib/wifimon/config/secure-processor.properties', owner: 'wifimon', group: 'root', mode: '0640' } + - { src: '../templates/was-proxy.conf.j2', dest: '/etc/nginx/sites-available/was-proxy.conf', owner: 'root', group: 'root', mode: '0664' } + - { src: '../templates/was-ui-proxy.conf.j2', dest: '/etc/nginx/sites-available/was-ui-proxy.conf', owner: 'root', group: 'root', mode: '0664' } + - { src: '../templates/hosts.j2', dest: '/etc/hosts', owner: 'root', group: 'root', mode: '0664' } + - { src: '../templates/ui.properties.j2', dest: '/usr/lib/wifimon/config/ui.properties', owner: 'wifimon', group: 'root', mode: '0640' } + - { src: '../templates/secure-processor.properties.j2', dest: '/usr/lib/wifimon/config/secure-processor.properties', owner: 'wifimon', group: 'root', mode: '0640' } - name: Enable nginx configuration files file: @@ -157,14 +160,6 @@ certbot --nginx --non-interactive --agree-tos --redirect -m "{{ letsencrypt_admin_email }}" -d "{{ was_server_hostname }}"."{{ was_server_domainname }}" -d "{{ was_server_hostname }}"-ui."{{ was_server_domainname }}" warn: no - #- name: Copy wifimon systemd service unit file to target server - # copy: - # src: files/wifimon.service - # dest: /etc/systemd/system/wifimon.service - # owner: root - # group: root - # mode: '0644' - - name: Modify wifimon/elasticsearch.sh script for x-pack replace: path: /usr/lib/wifimon/elasticsearch.sh diff --git a/tasks/05-logstash.yml b/tasks/05-logstash.yml index b05f577c0c8498c878e3c87b6d565cc3285ea5d2..f4f97bc9c363bfcac7df02e062f4f0b3783647b5 100644 --- a/tasks/05-logstash.yml +++ b/tasks/05-logstash.yml @@ -2,7 +2,7 @@ remote_user: root gather_facts: yes vars_files: - - vars/main.yml + - ../vars/main.yml vars: ansible_python_interpreter: /usr/bin/python3 tasks: @@ -19,15 +19,25 @@ fail: msg="Elasticsearch/kibana version you defined in var/main.yml is not higher than 7.16.1 and lower than 8.0." when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) + - name: Update apt cache + apt: + update_cache: yes + + - name: Gather the package facts + package_facts: + manager: auto + - name: Ensure dig and gpg are installed apt: - update_cache: true - name: - - dnsutils - - gpg + update_cache: false + name: "{{ item }}" state: present - register: dnsutils_install_result - until: dnsutils_install_result is not failed + when: 'item not in ansible_facts.packages' + with_items: + - dnsutils + - gpg + register: dnsutils_gpg_install_result + until: dnsutils_gpg_install_result is not failed retries: 30 delay: 20 @@ -48,6 +58,7 @@ apt_key: url: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present + keyring: /etc/apt/trusted.gpg.d/elasticsearch.gpg - name: Add elasticsearch 7.x apt repo apt_repository: @@ -78,7 +89,7 @@ cmd: | apt-cache madison logstash | grep {{ elasticsearch_kibana_version }} | head -n1 | awk -F"|" '{print $2}' | tr -d ' ' register: elasticsearch_kibana_version_latest - when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) + when: elasticsearch_kibana_version is defined - name: Install logstash specific version if elasticsearch_kibana_version variable is set apt: @@ -87,7 +98,7 @@ - logstash={{ elasticsearch_kibana_version_latest.stdout }} state: present dpkg_options: 'force-confold,force-confdef' - when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) + when: elasticsearch_kibana_version is defined - name: Prevent logstash packages from being upgraded if elasticsearch_kibana_version variable is set dpkg_selections: @@ -95,7 +106,7 @@ selection: hold with_items: - logstash - when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) + when: elasticsearch_kibana_version is defined - name: Install latest logstash 7.x version if elasticsearch_kibana_version variable is not set apt: @@ -122,13 +133,13 @@ group: '{{ item.group }}' mode: '{{ item.mode }}' loop: - - { src: 'logstash-proxy.conf.j2', dest: '/etc/nginx/sites-available/logstash-proxy.conf', owner: 'root', group: 'root', mode: '0664' } - - { src: 'logstash-stream-proxy-dedicated.conf.j2', dest: '/etc/nginx/sites-available/logstash-stream-proxy.conf', owner: 'root', group: 'root', mode: '0664' } - - { src: 'logstash.yml.j2', dest: '/etc/logstash/logstash.yml', owner: 'root', group: 'root', mode: '0664' } - - { src: 'pipelines.yml.j2', dest: '/etc/logstash/pipelines.yml', owner: 'root', group: 'root', mode: '0664' } - - { src: 'beats-pipeline.conf.j2', dest: '/etc/logstash/conf.d/beats-pipeline.conf', owner: 'root', group: 'logstash', mode: '0660' } - - { src: 'radius-pipeline.conf.j2', dest: '/etc/logstash/conf.d/radius-pipeline.conf', owner: 'root', group: 'logstash', mode: '0660' } - - { src: 'dhcp-pipeline.conf.j2', dest: '/etc/logstash/conf.d/dhcp-pipeline.conf', owner: 'root', group: 'logstash', mode: '0660' } + - { src: '../templates/logstash-proxy.conf.j2', dest: '/etc/nginx/sites-available/logstash-proxy.conf', owner: 'root', group: 'root', mode: '0664' } + - { src: '../templates/logstash-stream-proxy-dedicated.conf.j2', dest: '/etc/nginx/sites-available/logstash-stream-proxy.conf', owner: 'root', group: 'root', mode: '0664' } + - { src: '../templates/logstash.yml.j2', dest: '/etc/logstash/logstash.yml', owner: 'root', group: 'root', mode: '0664' } + - { src: '../templates/pipelines.yml.j2', dest: '/etc/logstash/pipelines.yml', owner: 'root', group: 'root', mode: '0664' } + - { src: '../templates/beats-pipeline.conf.j2', dest: '/etc/logstash/conf.d/beats-pipeline.conf', owner: 'root', group: 'logstash', mode: '0660' } + - { src: '../templates/radius-pipeline.conf.j2', dest: '/etc/logstash/conf.d/radius-pipeline.conf', owner: 'root', group: 'logstash', mode: '0660' } + - { src: '../templates/dhcp-pipeline.conf.j2', dest: '/etc/logstash/conf.d/dhcp-pipeline.conf', owner: 'root', group: 'logstash', mode: '0660' } - name: Enable nginx proxy configuration file file: @@ -279,6 +290,10 @@ name: logstash enabled: yes state: started + register: logstash_service_status + until: logstash_service_status is not failed + delay: 30 + retries: 2 - name: Wait for logstash service to become up and running uri: diff --git a/tasks/main.yml b/tasks/main.yml index 4b67593db7d8c0ecdcbd12f57de695be7ffa8e35..e868a26af37429944fcbf3f67581e9998a9d5205 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -20,15 +20,25 @@ fail: msg="Elasticsearch/kibana version you defined in var/main.yml is not higher than 7.16.1 and lower than 8.0." when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) +- name: Update apt cache + apt: + update_cache: yes + +- name: Gather the package facts + package_facts: + manager: auto + - name: Ensure dig and gpg are installed apt: - update_cache: true - name: - - dnsutils - - gpg + update_cache: false + name: "{{ item }}" state: present - register: dnsutils_install_result - until: dnsutils_install_result is not failed + when: 'item not in ansible_facts.packages' + with_items: + - dnsutils + - gpg + register: dnsutils_gpg_install_result + until: dnsutils_gpg_install_result is not failed retries: 30 delay: 20 @@ -100,6 +110,7 @@ apt_key: url: https://www.postgresql.org/media/keys/ACCC4CF8.asc state: present + keyring: /etc/apt/trusted.gpg.d/pgdg.gpg - name: Add PostgreSQL apt repo apt_repository: @@ -112,6 +123,7 @@ apt_key: url: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present + keyring: /etc/apt/trusted.gpg.d/elasticsearch.gpg - name: Add elasticsearch 7.x apt repo apt_repository: @@ -148,14 +160,14 @@ cmd: | apt-cache madison elasticsearch | grep {{ elasticsearch_kibana_version }} | head -n1 | awk -F"|" '{print $2}' | tr -d ' ' register: elasticsearch_kibana_version_latest - when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) + when: elasticsearch_kibana_version is defined - name: Find latest minor verions of logstash if elasticsearch_kibana_version variable is set and no minor version specified shell: cmd: | apt-cache madison logstash | grep {{ elasticsearch_kibana_version }} | head -n1 | awk -F"|" '{print $2}' | tr -d ' ' register: logstash_version_latest - when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) + when: elasticsearch_kibana_version is defined - name: Install elasticsearch/kibana/logstash specific versions if elasticsearch_kibana_version variable is set apt: @@ -166,7 +178,7 @@ - logstash={{ logstash_version_latest.stdout }} state: present dpkg_options: 'force-confold,force-confdef' - when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) + when: elasticsearch_kibana_version is defined - name: Prevent elasticsearch/kibana packages from being upgraded if elasticsearch_kibana_version variable is set dpkg_selections: @@ -176,7 +188,7 @@ - elasticsearch - kibana - logstash - when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True)) + when: elasticsearch_kibana_version is defined - name: Install latest elasticsearch/kibana 7.x versions if elasticsearch_kibana_version variable is not set apt: @@ -339,6 +351,10 @@ name: elasticsearch enabled: yes state: started + register: elastic_service_status + until: elastic_service_status is not failed + delay: 30 + retries: 2 - name: Wait for elasticsearch service to become up and running uri: @@ -459,6 +475,10 @@ name: kibana enabled: yes state: started + register: kibana_service_status + until: kibana_service_status is not failed + delay: 30 + retries: 2 - name: Wait for kibana service to become up and running uri: @@ -480,6 +500,10 @@ name: logstash enabled: yes state: started + register: logstash_service_status + until: logstash_service_status is not failed + delay: 30 + retries: 2 - name: Wait for logstash service to become up and running uri: