diff --git a/restart-soctools.yml b/restart-soctools.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5aa1c94116243ecdf120c17813677b9c59643630
--- /dev/null
+++ b/restart-soctools.yml
@@ -0,0 +1,52 @@
+---
+
+- name: Restart services for haproxy
+ hosts: haproxy
+ roles:
+ - haproxy
+
+- name: Restart services for mysql
+ hosts: mysql
+ roles:
+ - mysql
+
+- name: Restart services for Cassandra
+ hosts: cassandra
+ roles:
+ - cassandra
+
+- name: Restart services for Keycloak
+ hosts: keycloakcontainers
+ roles:
+ - keycloak
+
+- name: Restart services for NiFi
+ hosts: nificontainers
+ roles:
+ - nifi
+
+- name: Restart services for OpenDistro for Elasticsearch
+ hosts: odfeescontainers
+ roles:
+ - odfees
+
+- name: Restart services for OpenDistro Kibana for Elasticsearch
+ hosts: odfekibanacontainers
+ roles:
+ - odfekibana
+
+- name: Restart services for MISP
+ hosts: mispcontainers
+ roles:
+ - misp
+
+- name: Restart services for TheHive
+ hosts: thehive
+ roles:
+ - thehive
+
+- name: Restart services for Cortex
+ hosts: cortex
+ roles:
+ - cortex
+
diff --git a/roles/build/templates/keycloak/Dockerfile.j2 b/roles/build/templates/keycloak/Dockerfile.j2
index 951493a9935de4bf5702aea4b791d8b6df7d3ba4..f6c1206d5fc3579a7cd43f976feed6f4e0b60f59 100644
--- a/roles/build/templates/keycloak/Dockerfile.j2
+++ b/roles/build/templates/keycloak/Dockerfile.j2
@@ -11,7 +11,7 @@ USER root
#ADD /{{role_path}}/templates/keycloak/keycloak-tools /opt/jboss/tools
ADD keycloak-tools /opt/jboss/tools
#ADD ../templates/keycloak/keycloak-tools /opt/jboss/tools
-RUN yum -y install openssl supervisor && yum -y clean all && \
+RUN yum -y install openssl supervisor rsync && yum -y clean all && \
mkdir -p /opt/jboss/ && cd /opt/jboss/ && \
curl -L $KEYCLOAK_DIST | tar zx && \
mv /opt/jboss/keycloak-* /opt/jboss/keycloak && \
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index f061ebc61bdf19b413828fcce4aa0d2e83f71973..644476353f7990ee09a414340cfe70aecaadb67d 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -1,125 +1,14 @@
---
-- name: Copy certificates in keycloak x509 conf dir
- remote_user: jboss
- copy:
- src: "{{ item.local }}"
- dest: "{{ item.remote }}"
- mode: "{{ item.mode}}"
- with_items:
- - local: "files/{{ inventory_hostname }}.crt"
- remote: /etc/x509/https/tls.crt
- mode: '0644'
- - local: "files/{{ inventory_hostname }}.key"
- remote: /etc/x509/https/tls.key
- mode: '0600'
- - local: "files/{{ ca_cn }}.crt"
- remote: /etc/x509/ca/ca.crt
- mode: '0644'
- - local: "files/cacerts.jks"
- remote: /opt/jboss/keycloak/cacerts.jks
- mode: '0644'
- tags:
- - start
-
-- name: Generate Keycloak secure config
- remote_user: jboss
- command: "/opt/jboss/tools/x509.sh"
- environment:
- X509_CA_BUNDLE: "/etc/x509/ca/ca.crt"
- tags:
- - start
-
-- name: Set admin password
- remote_user: jboss
- command: /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "admin" --password "{{keycloak_adminpass}}"
- tags:
- - start
-
-- name: Configure logging format
- remote_user: jboss
- lineinfile: #TODO: Change to community.general.xml
- path: /opt/jboss/keycloak/standalone/configuration/standalone.xml
- regexp: '.*<formatter name="PATTERN">.*'
- line: "<formatter name=\"JSON\"><json-formatter date-format=\"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'\" pretty-print=\"false\" print-details=\"true\" zone-id=\"UTC\"/></formatter><formatter name=\"PATTERN\">"
+- include: start.yml
tags:
- start
-
-- name: Enable event logging
- remote_user: jboss
- lineinfile:
- path: /opt/jboss/keycloak/standalone/configuration/standalone.xml
- regexp: '.*<spi name="eventsStore">.*'
- line: '<spi name="eventsListener"><provider name="jboss-logging" enabled="true"><properties><property name="success-level" value="INFO"/><property name="error-level" value="WARN"/></properties></provider></spi><spi name="eventsStore">'
- tags:
- - start
-
-- name: Specify logging format
- remote_user: jboss
- lineinfile:
- path: /opt/jboss/keycloak/standalone/configuration/standalone.xml
- regexp: ".*<named-formatter name=.*"
- line: '<named-formatter name="JSON"/>'
- tags:
- - start
-
-- name: Configure Keycloak start script
- remote_user: jboss
- template:
- src: "{{item}}.j2"
- dest: "/opt/jboss/tools/{{item}}"
- mode: 0750
- with_items:
- - startkeycloak.sh
- - initkeycloakrealm.sh
- tags:
- - start
-
-- name: Start Keycloak IdP
- remote_user: root
- command: "supervisorctl start keycloak"
- tags:
- - start
-
-- name: Wait for Keycloak
- remote_user: jboss
- wait_for:
- host: "{{groups['keycloakcontainers'][0]}}"
- port: 8443
- state: started
- delay: 5
- tags:
- - start
-
-- name: Initialize Keycloak realm
- remote_user: jboss
- command: /opt/jboss/tools/initkeycloakrealm.sh
- tags:
- - start
-
-- name: Copy secrets from Keycloak
- remote_user: jboss
- fetch:
- src: "{{ item.remote }}"
- dest: "{{ item.local }}"
- flat: yes
- with_items:
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/nifisecret"
- local: "roles/nifi/files/nifisecret"
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/kibanasecret"
- local: "roles/odfekibana/files/kibanasecret"
- - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/mispsecret"
- local: "roles/misp/files/mispsecret"
- tags:
- - start
-
-- name: Set Autostart for supervisord's services
- shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
- tags:
- - start
-
-- name: Stop Keycloak
- remote_user: root
- command: "supervisorctl stop keycloak"
- tags:
- - stop
+- include: stop.yml
+ tags:
+ - stop
+- include: update-config.yml
+ tags:
+ - update-config
+- include: restart.yml
+ tags:
+ - restart
diff --git a/roles/keycloak/tasks/restart.yml b/roles/keycloak/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4ea5519d0060b1f287c908e54b021b53c104e588
--- /dev/null
+++ b/roles/keycloak/tasks/restart.yml
@@ -0,0 +1,13 @@
+---
+
+- name: Restart Keycloak
+ remote_user: root
+ command: "supervisorctl restart keycloak"
+
+- name: Wait for Keycloak
+ remote_user: jboss
+ wait_for:
+ host: "{{groups['keycloakcontainers'][0]}}"
+ port: 8443
+ state: started
+ delay: 5
diff --git a/roles/keycloak/tasks/start.yml b/roles/keycloak/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e691b26e100217bfdd9f02390fc57767356b4364
--- /dev/null
+++ b/roles/keycloak/tasks/start.yml
@@ -0,0 +1,95 @@
+---
+
+- name: Copy certificates in keycloak x509 conf dir
+ remote_user: jboss
+ copy:
+ src: "{{ item.local }}"
+ dest: "{{ item.remote }}"
+ mode: "{{ item.mode}}"
+ with_items:
+ - local: "files/{{ inventory_hostname }}.crt"
+ remote: /etc/x509/https/tls.crt
+ mode: '0644'
+ - local: "files/{{ inventory_hostname }}.key"
+ remote: /etc/x509/https/tls.key
+ mode: '0600'
+ - local: "files/{{ ca_cn }}.crt"
+ remote: /etc/x509/ca/ca.crt
+ mode: '0644'
+ - local: "files/cacerts.jks"
+ remote: /opt/jboss/keycloak/cacerts.jks
+ mode: '0644'
+
+- name: Generate Keycloak secure config
+ remote_user: jboss
+ command: "/opt/jboss/tools/x509.sh"
+ environment:
+ X509_CA_BUNDLE: "/etc/x509/ca/ca.crt"
+
+- name: Set admin password
+ remote_user: jboss
+ command: /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "admin" --password "{{keycloak_adminpass}}"
+
+- name: Configure logging format
+ remote_user: jboss
+ lineinfile: #TODO: Change to community.general.xml
+ path: /opt/jboss/keycloak/standalone/configuration/standalone.xml
+ regexp: '.*<formatter name="PATTERN">.*'
+ line: "<formatter name=\"JSON\"><json-formatter date-format=\"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'\" pretty-print=\"false\" print-details=\"true\" zone-id=\"UTC\"/></formatter><formatter name=\"PATTERN\">"
+
+- name: Enable event logging
+ remote_user: jboss
+ lineinfile:
+ path: /opt/jboss/keycloak/standalone/configuration/standalone.xml
+ regexp: '.*<spi name="eventsStore">.*'
+ line: '<spi name="eventsListener"><provider name="jboss-logging" enabled="true"><properties><property name="success-level" value="INFO"/><property name="error-level" value="WARN"/></properties></provider></spi><spi name="eventsStore">'
+
+- name: Specify logging format
+ remote_user: jboss
+ lineinfile:
+ path: /opt/jboss/keycloak/standalone/configuration/standalone.xml
+ regexp: ".*<named-formatter name=.*"
+ line: '<named-formatter name="JSON"/>'
+
+- name: Configure Keycloak start script
+ remote_user: jboss
+ template:
+ src: "{{item}}.j2"
+ dest: "/opt/jboss/tools/{{item}}"
+ mode: 0750
+ with_items:
+ - startkeycloak.sh
+ - initkeycloakrealm.sh
+
+- name: Start Keycloak IdP
+ remote_user: root
+ command: "supervisorctl start keycloak"
+
+- name: Wait for Keycloak
+ remote_user: jboss
+ wait_for:
+ host: "{{groups['keycloakcontainers'][0]}}"
+ port: 8443
+ state: started
+ delay: 5
+
+- name: Initialize Keycloak realm
+ remote_user: jboss
+ command: /opt/jboss/tools/initkeycloakrealm.sh
+
+- name: Copy secrets from Keycloak
+ remote_user: jboss
+ fetch:
+ src: "{{ item.remote }}"
+ dest: "{{ item.local }}"
+ flat: yes
+ with_items:
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/nifisecret"
+ local: "roles/nifi/files/nifisecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/kibanasecret"
+ local: "roles/odfekibana/files/kibanasecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/mispsecret"
+ local: "roles/misp/files/mispsecret"
+
+- name: Set Autostart for supervisord's services
+ shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
diff --git a/roles/keycloak/tasks/stop.yml b/roles/keycloak/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0f9c490c2263352235441f32f3674282d06e7fe0
--- /dev/null
+++ b/roles/keycloak/tasks/stop.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Stop Keycloak
+ remote_user: root
+ command: "supervisorctl stop keycloak"
diff --git a/roles/keycloak/tasks/update-config.yml b/roles/keycloak/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1178e33a8714944ccd9f172c2890f0e892f04de9
--- /dev/null
+++ b/roles/keycloak/tasks/update-config.yml
@@ -0,0 +1,32 @@
+---
+
+- name: Configure Keycloak start script
+ remote_user: jboss
+ template:
+ src: "{{item}}.j2"
+ dest: "/opt/jboss/tools/{{item}}"
+ mode: 0750
+ with_items:
+ - startkeycloak.sh
+ - initkeycloakrealm.sh
+
+- name: Copy keycloak-tools
+ remote_user: jboss
+ synchronize:
+ src: roles/build/templates/keycloak/keycloak-tools/
+ dest: /opt/jboss/tools/
+
+- name: Copy secrets from Keycloak
+ remote_user: jboss
+ fetch:
+ src: "{{ item.remote }}"
+ dest: "{{ item.local }}"
+ flat: yes
+ with_items:
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/nifisecret"
+ local: "roles/nifi/files/nifisecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/kibanasecret"
+ local: "roles/odfekibana/files/kibanasecret"
+ - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/mispsecret"
+ local: "roles/misp/files/mispsecret"
+
diff --git a/soctools.yml b/soctools.yml
index d5e037443b84ef3f188e038af1490a1ec8d36abe..b798d970dce03e6edda46f5a489dfcf466eb1e23 100644
--- a/soctools.yml
+++ b/soctools.yml
@@ -8,3 +8,10 @@
import_playbook: stopsoctools.yml
when: "'stop' in ansible_run_tags"
+- name: Update soctools cluster configs
+ import_playbook: update-config-soctools.yml
+ when: "'update-config' in ansible_run_tags"
+
+- name: restart soctools cluster servics
+ import_playbook: restart-soctools.yml
+ when: "'restart' in ansible_run_tags"
diff --git a/update-config-soctools.yml b/update-config-soctools.yml
new file mode 100644
index 0000000000000000000000000000000000000000..138f664fee2eb1a9d882a7ebf0b8f9e390bb1e72
--- /dev/null
+++ b/update-config-soctools.yml
@@ -0,0 +1,52 @@
+---
+
+- name: Update Configs for haproxy
+ hosts: haproxy
+ roles:
+ - haproxy
+
+- name: Update Configs for mysql
+ hosts: mysql
+ roles:
+ - mysql
+
+- name: Update Configs for Cassandra
+ hosts: cassandra
+ roles:
+ - cassandra
+
+- name: Update Configs for Keycloak
+ hosts: keycloakcontainers
+ roles:
+ - keycloak
+
+- name: Update Configs for NiFi
+ hosts: nificontainers
+ roles:
+ - nifi
+
+- name: Update Configs for OpenDistro for Elasticsearch
+ hosts: odfeescontainers
+ roles:
+ - odfees
+
+- name: Update Configs for OpenDistro Kibana for Elasticsearch
+ hosts: odfekibanacontainers
+ roles:
+ - odfekibana
+
+- name: Update Configs for MISP
+ hosts: mispcontainers
+ roles:
+ - misp
+
+- name: Update Configs for TheHive
+ hosts: thehive
+ roles:
+ - thehive
+
+- name: Update Configs for Cortex
+ hosts: cortex
+ roles:
+ - cortex
+