initial import v3

.gitignore

@@ -0,0 +1,4 @@
+.DS_Store
+ansible.cfg
+hosts
+*.retry

.travis.yml

@@ -0,0 +1,20 @@
+language: python
+python: '2.7'
+before_install:
+- sudo apt-get update -qq
+- sudo apt-get install -y curl
+install:
+- pip install ansible
+- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
+script:
+- ansible-playbook -i tests/inventory tests/test.yml --syntax-check
+- ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo
+- 'ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo |
+  grep -q ''changed=0.*failed=0'' && (echo ''Idempotence test: pass'' && exit 0) ||
+  (echo ''Idempotence test: fail'' && exit 1)
+
+'
+env:
+  secure: BURenN8IIFFnvi5aRy8KSG3H+qZPalGaXJL06lSQF3/6UvWUIPWtY6MOl1YyzaZHFZFWhzct+yHglhEm9zPjzWU+/mmiBypE8Tsh8Uh43ululDP9SPKRMfz3nLBFm3EwqygPRVve7NJ1vXkWDBtjfTMwUK2QPD22A3cya7o4kYk=
+notifications:
+  email: false

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Threat Stack
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,51 @@
+Threat Stack Ansible Role
+=========
+
+[![Build Status](https://travis-ci.org/threatstack/threatstack-ansible.svg?branch=master)][travis]
+
+[travis]: https://travis-ci.org/threatstack/threatstack-ansible
+
+Ansible Role to deploy the Threat Stack server agent
+
+Requirements
+------------
+
+None at this time.
+
+Platforms
+---------
+
+* Amazon Linux
+* CentOS
+* RedHat
+* Ubuntu
+
+Role Variables
+--------------
+
+Required:
+
+* `threatstack_deploy_key` - Set the deploy key for registering the agent
+
+Optional:
+
+* `threatstack_policy` - Set the policy the node will be added to (Defaults to 'Default Policy')
+* `threatstack_hostname` - Set the hostname if you would like the hostname disolated be displayed on Threat Stack to be different than the machine's actual hostname
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: threatstack-ansible, threatstack_deploy_key: XXXXXX,  threatstack_policy: My Secure Policy, threatstack_hostname: SparkServer1}
+
+License
+-------
+
+Apache 2.0
+
+Author Information
+------------------
+Apollo Catlin <[email protected]>

defaults/main.yml

@@ -0,0 +1,7 @@
+---
+# defaults file for threatstack
+
+threatstack_pkg_url: 'https://pkg.threatstack.com/'
+threatstack_policy: 'Default Policy'
+threatstack_hostname: '{{ ansible_hostname }}'
+cert_check: yes

files/APT-GPG-KEY-THREATSTACK

@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFR17aUBEACvSd5aGdH1AoaO1QiNaR4xEaFaAa20IJ7P35cfuMouYxHYZsPb
+aAheCGge7qEAIvr3V61vnoLiEws3fVieVYGrJheTngIhX3sttOetokoFqkCKLI9u
+npOT13E1pE5Czq+NCZkAB78a5ugVin++vbqvrWlbqwGPpKkOju0IRpVX5u3arHPJ
+RlS34v7YoQNsbMQHbcin3mpgiPd6COlfoNxtm7zlWyaeAp9MtMtDJxyISaT8OfsM
+Mmgc5z1PwGWEFBns2lRRTSbB02gc6hPF3FaRRX7wp7zGIa7ksXDw5jAg3hSxZQoL
+CMGMpJ6GBzKaPIkH2bvFwzkI22XabgOQO8LgN0qx6YbPjS/vGKeUWZDlbqtF5Qe4
+dILfxRN9SbjibP3aj0Qk0wn+/ECdc4RuiA7sjehml2LPP5vHyobMl6WN5Fd1I7/R
+t/TjyMOUOXTFv/JL+IHJaNxmm0ksRb+gSAM5gkn4fmBkNhs8I39+7jg2pMa/6coZ
+Wy1vBJ9WcVjLII/Y/RxVDfm+1gzGTUCmXjeiuqSC3vznp6fOvkYaCK0jFRpwYU3A
+kun4Pr88o0OCdKvWZ+5pizDYI4UJenKtFKsXvNVAKny6dEXcNxh6oJpdd+FC05hx
+5X2TQBQqQpmc939G/ufFqNc3jXrda6TlEWgp8gI1ETQeDSqw1hGzy0R93wARAQAB
+tDZUaHJlYXQgU3RhY2sgUGFja2FnZSBTaWduaW5nIDxzdXBwb3J0QHRocmVhdHN0
+YWNrLmNvbT6JAjcEEwEKACEFAlR17aUCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC
+F4AACgkQkbs7PG7gS9RlsBAArRFnO2s/wgHI2EgUDtBHMgBopB05xg7vATs/dl3d
+xXaX0l/NgegOPy2NsxbH9GPMidTAXoXJLSHwonBswUJkxiCJRaXe3YsIP/h2KVf8
+IFW2Sja6Lp1gciK8S8uoO1OVKADfqIZ0c9oCHj3EfMyZnyGpvZ4kMc/be0EnRr81
+ki4bQX2Ifdc/e5B3E/ngV/CZHN+K3iICPXmgs3ZaQo5SCbTMt9f/+VKpEa+M5+xe
+fhR64kiGCsiYkAKQ8r/5FpXs9a2+rHZHP2i/OkQoI0lw6R0MQ/I+HOnoEvWOOHLz
+3LGhrzsYxWlAkmRrlmtLpeUMiCupOuZ/7zBGd/JeKaSTkIu1zMdQUEKkZ9ULHskA
+vrfK25P/W16JuaZT3oOpdrmeVmR9bSeWf9/dj1TiIEDFHVzd+ZuFZf/VfPN/d2fl
+pRfBeu1n6BlwXdn6xHGgaAxodgq3Dy5+rfIs2cCYfw5k6F44AQ7fqzHsFLIYwcCr
+C01JQCSpsaiQHxtLMYQZWmamlhnDVNgrnk40nW1Yy/DK7MdKL9GPRAM3L1M8z0VD
+ar9WTmHMNtQKtvDZr/iPhz+VT+3smWS/Tl876eIK93iqGfXV9tbWjghG+YUV2pJf
+afFW4ZwSlzf9gt2EcSNFUf7Z2QEIp6raAEWkFNDc+AMUAWgKhIbrYSScoBD13U99
+pyA=
+=lB5H
+-----END PGP PUBLIC KEY BLOCK-----

files/RPM-GPG-KEY-THREATSTACK

@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFR17aUBEACvSd5aGdH1AoaO1QiNaR4xEaFaAa20IJ7P35cfuMouYxHYZsPb
+aAheCGge7qEAIvr3V61vnoLiEws3fVieVYGrJheTngIhX3sttOetokoFqkCKLI9u
+npOT13E1pE5Czq+NCZkAB78a5ugVin++vbqvrWlbqwGPpKkOju0IRpVX5u3arHPJ
+RlS34v7YoQNsbMQHbcin3mpgiPd6COlfoNxtm7zlWyaeAp9MtMtDJxyISaT8OfsM
+Mmgc5z1PwGWEFBns2lRRTSbB02gc6hPF3FaRRX7wp7zGIa7ksXDw5jAg3hSxZQoL
+CMGMpJ6GBzKaPIkH2bvFwzkI22XabgOQO8LgN0qx6YbPjS/vGKeUWZDlbqtF5Qe4
+dILfxRN9SbjibP3aj0Qk0wn+/ECdc4RuiA7sjehml2LPP5vHyobMl6WN5Fd1I7/R
+t/TjyMOUOXTFv/JL+IHJaNxmm0ksRb+gSAM5gkn4fmBkNhs8I39+7jg2pMa/6coZ
+Wy1vBJ9WcVjLII/Y/RxVDfm+1gzGTUCmXjeiuqSC3vznp6fOvkYaCK0jFRpwYU3A
+kun4Pr88o0OCdKvWZ+5pizDYI4UJenKtFKsXvNVAKny6dEXcNxh6oJpdd+FC05hx
+5X2TQBQqQpmc939G/ufFqNc3jXrda6TlEWgp8gI1ETQeDSqw1hGzy0R93wARAQAB
+tDZUaHJlYXQgU3RhY2sgUGFja2FnZSBTaWduaW5nIDxzdXBwb3J0QHRocmVhdHN0
+YWNrLmNvbT6JAjcEEwEKACEFAlR17aUCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC
+F4AACgkQkbs7PG7gS9RlsBAArRFnO2s/wgHI2EgUDtBHMgBopB05xg7vATs/dl3d
+xXaX0l/NgegOPy2NsxbH9GPMidTAXoXJLSHwonBswUJkxiCJRaXe3YsIP/h2KVf8
+IFW2Sja6Lp1gciK8S8uoO1OVKADfqIZ0c9oCHj3EfMyZnyGpvZ4kMc/be0EnRr81
+ki4bQX2Ifdc/e5B3E/ngV/CZHN+K3iICPXmgs3ZaQo5SCbTMt9f/+VKpEa+M5+xe
+fhR64kiGCsiYkAKQ8r/5FpXs9a2+rHZHP2i/OkQoI0lw6R0MQ/I+HOnoEvWOOHLz
+3LGhrzsYxWlAkmRrlmtLpeUMiCupOuZ/7zBGd/JeKaSTkIu1zMdQUEKkZ9ULHskA
+vrfK25P/W16JuaZT3oOpdrmeVmR9bSeWf9/dj1TiIEDFHVzd+ZuFZf/VfPN/d2fl
+pRfBeu1n6BlwXdn6xHGgaAxodgq3Dy5+rfIs2cCYfw5k6F44AQ7fqzHsFLIYwcCr
+C01JQCSpsaiQHxtLMYQZWmamlhnDVNgrnk40nW1Yy/DK7MdKL9GPRAM3L1M8z0VD
+ar9WTmHMNtQKtvDZr/iPhz+VT+3smWS/Tl876eIK93iqGfXV9tbWjghG+YUV2pJf
+afFW4ZwSlzf9gt2EcSNFUf7Z2QEIp6raAEWkFNDc+AMUAWgKhIbrYSScoBD13U99
+pyA=
+=lB5H
+-----END PGP PUBLIC KEY BLOCK-----

meta/main.yml

@@ -0,0 +1,45 @@
+---
+galaxy_info:
+  author: Apollo Catlin
+  description: Ansible role to install the threatstack agent
+  company: Threat Stack
+  license: license (Apache)
+  min_ansible_version: 1.3
+  platforms:
+  - name: EL
+    versions:
+    - all
+    - 5
+    - 6
+    - 7
+  - name: Fedora
+    versions:
+    - all
+    - 16
+    - 17
+    - 18
+    - 19
+    - 20
+  - name: Amazon
+    versions:
+    - all
+    - 2013.03
+    - 2013.09
+  - name: Ubuntu
+    versions:
+    - all
+    - lucid
+    - maverick
+    - natty
+    - oneiric
+    - precise
+    - quantal
+    - raring
+    - saucy
+    - trusty
+  categories:
+  - cloud
+  - cloud:ec2
+  - monitoring
+  - system
+dependencies: []

tasks/apt_install.yml

@@ -0,0 +1,24 @@
+---
+- name: Install setup dependency.
+  apt:
+    name: python-apt
+    update_cache: yes
+    state: installed
+
+- copy: src=APT-GPG-KEY-THREATSTACK dest=/APT-GPG-KEY-THREATSTACK owner=root group=root mode=0644
+
+- name: Add Threat Stack apt repository key.
+  apt_key:
+    file: /APT-GPG-KEY-THREATSTACK
+    state: present
+
+- name: Add Threat Stack apt repository.
+  apt_repository:
+    repo: "deb {{ threatstack_pkg_url }}Ubuntu {{ ansible_distribution_release }} main"
+    state: present
+    update_cache: yes
+
+- name: Ensure Threat Stack is installed.
+  apt:
+    name: threatstack-agent
+    state: installed

tasks/cloudsight_setup.yml

@@ -0,0 +1,30 @@
+---
+# Cloudsight Setup
+
+- name: Cloudsight setup
+  command: cloudsight setup --deploy-key={{ threatstack_deploy_key | mandatory }} #--policy={{ threatstack_policy | regex_replace(' ', '%20') }} --hostname={{ threatstack_hostname }}
+  register: setup_result
+  creates: /opt/threatstack/cloudsight/config/.secret
+
+- debug: var=setup_result.stdout_lines
+
+- name: fail the play if the previous command did not succeed
+  fail: msg="Cloudsight Install Failed"
+  when: "'FAILED' in setup_result.stderr"
+
+# Test
+- name: Test cloudsight state
+  service:
+    name: cloudsight
+    enabled: yes
+    state: started
+
+# - name: Test tsfim state
+#   service:
+#     name: tsfim
+#     state: started
+#
+# - name: Test tsauditd state
+#   service:
+#     name: tsauditd
+#     state: started

tasks/main.yml

@@ -0,0 +1,17 @@
+---
+# Setup tasks
+
+- name: Fail if non-Ubuntu debian
+  fail: msg="We do not currently support your distribution"
+  when: ansible_os_family == 'Debian' and ansible_distribution != "Ubuntu"
+
+- name: Run Apt configure and install Threat Stack
+  include: apt_install.yml
+  when: ansible_os_family == 'Debian' and ansible_distribution == 'Ubuntu'
+
+- name: Run Yum Configure and install Threat Stack
+  include: yum_install.yml
+  when: ansible_os_family == 'RedHat'
+
+- name: Fire cloudsight setup
+  include: cloudsight_setup.yml

tasks/yum_install.yml

@@ -0,0 +1,21 @@
+---
+- name: Ensure ThreatStack repo is installed.
+  template:
+    src: threatstack.j2
+    dest: /etc/yum.repos.d/threatstack.repo
+    owner: root
+    group: root
+    mode: 0644
+
+- copy: src=RPM-GPG-KEY-THREATSTACK dest=/APT-GPG-KEY-THREATSTACK owner=root group=root mode=0644
+
+- name: Add ThreatStack repo GPG key.
+  rpm_key:
+    state: present
+    key: /RPM-GPG-KEY-THREATSTACK
+
+- name: Ensure Agent is installed.
+  yum:
+    name: threatstack-agent
+    state: latest
+    update_cache: yes

templates/threatstack.j2

@@ -0,0 +1,9 @@
+[threatstack]
+name=Threat Stack Package Repository
+{% if ansible_distribution == 'Amazon' %}
+baseurl={{threatstack_pkg_url}}/Amazon
+{% else %}
+baseurl={{threatstack_pkg_url}}/CentOS
+{% endif %}
+enabled=1
+gpgcheck=1

tests/inventory

@@ -0,0 +1 @@
+localhost

tests/test.yml

@@ -0,0 +1,8 @@
+---
+- hosts: localhost
+  remote_user: root
+  vars:
+    threatstack_deploy_key: "{{ lookup('env','API_KEY') }}"
+    threatstack_policy: 'TravisPolicy'
+  roles:
+    - threatstack-ansible