Add ansible provisioning (#122)

* first ansible skeleton * first commit of ansible installation of vulnwhisperer outside docker * first ansible skeleton * first commit of ansible installation of vulnwhisperer outside docker * refactor the ansible role a bit * update readme, add fail validation step to provision.yml and fix typo when calling a logging funciton
2018-11-14 10:14:12 +01:00
parent a8671a7303
commit 3a09f60543
95 changed files with 4459 additions and 1 deletions
--- a/ansible/roles/elastic.elasticsearch/tasks/elasticsearch-Debian.yml
+++ b/ansible/roles/elastic.elasticsearch/tasks/elasticsearch-Debian.yml
@ -0,0 +1,80 @@
+---
+
+- name: set fact force_install to no
+  set_fact: force_install=no
+
+- name: set fact force_install to yes
+  set_fact: force_install=yes
+  when: es_allow_downgrades
+
+- name: Debian - Install apt-transport-https to support https APT downloads
+  become: yes
+  apt: name=apt-transport-https state=present
+  when: es_use_repository
+
+- name: Debian - Add Elasticsearch repository key
+  become: yes
+  apt_key: url="{{ es_apt_key }}" state=present
+  when: es_use_repository and es_apt_key
+
+- name: Debian - Add elasticsearch repository
+  become: yes
+  apt_repository: repo={{ item.repo }} state={{ item.state}}
+  with_items:
+    - { repo: "{{ es_apt_url_old }}", state: "absent" }
+    - { repo: "{{ es_apt_url }}", state: "present" }
+  when: es_use_repository
+
+
+- name: Gracefully stop and remove elasticsearch if we are switching to the oss version
+  when:
+    - es_package_name == 'elasticsearch-oss'
+  block:
+  - name: Check if the elasticsearch package is installed
+    shell: dpkg-query -W -f'${Status}' elasticsearch
+    register: elasticsearch_package
+    failed_when: False
+    changed_when: False
+
+  - name: stop elasticsearch
+    become: yes
+    service:
+      name: '{{ instance_init_script | basename }}'
+      state: stopped
+    when: elasticsearch_package.stdout == 'install ok installed'
+
+  - name: Debian - Remove elasticsearch package if we are installing the oss package
+    become: yes
+    apt:
+      name: 'elasticsearch'
+      state: absent
+    when: elasticsearch_package.stdout == 'install ok installed'
+
+- name: Debian - Ensure elasticsearch is installed
+  become: yes
+  apt:
+    name: '{{ es_package_name }}{% if es_version is defined and es_version != "" %}={{ es_version }}{% endif %}'
+    state: present
+    force: '{{ force_install }}'
+    allow_unauthenticated: "{{ 'no' if es_apt_key else 'yes' }}"
+    cache_valid_time: 86400
+  when: es_use_repository
+  register: debian_elasticsearch_install_from_repo
+  notify: restart elasticsearch
+  environment:
+    ES_PATH_CONF: "/etc/elasticsearch"
+
+- name: Debian - Include versionlock
+  include: elasticsearch-Debian-version-lock.yml
+  when: es_version_lock
+
+- name: Debian - Download elasticsearch from url
+  get_url: url={% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_package_url }}-{{ es_version }}.deb{% endif %} dest=/tmp/elasticsearch-{{ es_version }}.deb validate_certs=no
+  when: not es_use_repository
+
+- name: Debian - Ensure elasticsearch is installed from downloaded package
+  become: yes
+  apt: deb=/tmp/elasticsearch-{{ es_version }}.deb
+  when: not es_use_repository
+  register: elasticsearch_install_from_package
+  notify: restart elasticsearch