From c470a6b145fbeb0d347db8d87b2c53d12e323f23 Mon Sep 17 00:00:00 2001 From: Lucas Date: Fri, 15 Dec 2023 12:54:12 +0100 Subject: [PATCH] quick and dirty check if ansible works --- ansible/build-fb-suse/playbook.yml | 22 +++++++++++++++++++ ansible/build-fb-suse/requirements.yml | 5 ++++- terraform/ec2-instances-creator/main.tf | 2 ++ .../user_data_script.tftpl | 22 +++++++++---------- 4 files changed, 39 insertions(+), 12 deletions(-) diff --git a/ansible/build-fb-suse/playbook.yml b/ansible/build-fb-suse/playbook.yml index 793f59cda..2b7a6acbd 100644 --- a/ansible/build-fb-suse/playbook.yml +++ b/ansible/build-fb-suse/playbook.yml @@ -33,6 +33,28 @@ - name: Gather facts for first time ansible.builtin.setup: + - name: GET falcon sensor + amazon.aws.s3_object: + bucket: "{{ tags.crowdstrike_bucket }}" + object: "{{ tags.crowdstrike_package_name }}" + dest: /tmp/falcon-sensor.rpm + mode: get + + - name: Install falcon + ansible.builtin.command: + cmd: "zypper --no-gpg-checks install -y /tmp/{{ tags.crowdstrike_package_name }}" + creates: /opt/CrowdStrike/falconctl + + - name: Configure falcon + ansible.builtin.command: + cmd: "/opt/CrowdStrike/falconctl -s -f --cid={{ lookup('ansible.builtin.env', 'CROWDSTRIKE_CCID') }}" + + - name: Enable and start falcon + ansible.builtin.service: + state: started + enabled: true + name: falcon-sensor + - name: Install dependencies community.general.zypper: name: "{{ item }}" diff --git a/ansible/build-fb-suse/requirements.yml b/ansible/build-fb-suse/requirements.yml index 4a19c0f56..2ec307d35 100644 --- a/ansible/build-fb-suse/requirements.yml +++ b/ansible/build-fb-suse/requirements.yml @@ -1,4 +1,7 @@ -collections: [] +collections: + - name: community.aws + # Fixes https://github.com/ansible-collections/community.aws/pull/558 + version: 6.3.0 roles: - name: andrewrothstein.gh diff --git a/terraform/ec2-instances-creator/main.tf b/terraform/ec2-instances-creator/main.tf index 945623909..4f30eb832 100644 --- a/terraform/ec2-instances-creator/main.tf +++ b/terraform/ec2-instances-creator/main.tf @@ -59,6 +59,8 @@ module "ec2_instance" { fb_version = each.value.fbVersion instance_type = var.instance_type fb_package_name = each.value.targetPackageName + crowdstrike_bucket = var.crowdstrike_bucket + crowdstrike_package_name = each.value.crowdstrikePackageName }) volume_tags = merge(local.default_tags, { diff --git a/terraform/ec2-instances-creator/user_data_script.tftpl b/terraform/ec2-instances-creator/user_data_script.tftpl index 1947ee620..c783e9205 100644 --- a/terraform/ec2-instances-creator/user_data_script.tftpl +++ b/terraform/ec2-instances-creator/user_data_script.tftpl @@ -23,17 +23,17 @@ sudo /opt/CrowdStrike/falconctl -s -f --cid=${crowdstrike_ccid} sudo systemctl enable falcon-sensor sudo systemctl start falcon-sensor %{endif} -%{if package_manager_type == "zypp"} -cd /tmp -curl %{if arch == "x86_64"}"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"%{else}"https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"%{endif} -o "awscliv2.zip" -unzip awscliv2.zip -sudo ./aws/install -sudo aws s3 cp ${crowdstrike_bucket}/${crowdstrike_package_name} ./ -sudo zypper --no-gpg-checks install -y ./${crowdstrike_package_name} -sudo /opt/CrowdStrike/falconctl -s -f --cid=${crowdstrike_ccid} -sudo systemctl enable falcon-sensor -sudo systemctl start falcon-sensor -%{endif} +#%{if package_manager_type == "zypp"} +#cd /tmp +#curl %{if arch == "x86_64"}"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"%{else}"https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"%{endif} -o "awscliv2.zip" +#unzip awscliv2.zip +#sudo ./aws/install +#sudo aws s3 cp ${crowdstrike_bucket}/${crowdstrike_package_name} ./ +#sudo zypper --no-gpg-checks install -y ./${crowdstrike_package_name} +#sudo /opt/CrowdStrike/falconctl -s -f --cid=${crowdstrike_ccid} +#sudo systemctl enable falcon-sensor +#sudo systemctl start falcon-sensor +#%{endif} %{if package_manager_type == "exe"} msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi /qn aws s3 cp ${crowdstrike_bucket}/${crowdstrike_package_name} C:\Temp\