start stop restart and update scripts for cortex

205afeac · Temur Maisuradze · 65f7076c · 205afeac · 205afeac · 205afeac
Commit 205afeac authored 4 years ago by Temur Maisuradze
--- a/roles/build/templates/cortex/Dockerfile.j2
+++ b/roles/build/templates/cortex/Dockerfile.j2
@@ -10,7 +10,7 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
    yum install -y epel-release && \
    rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
    rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
-    yum install -y cortex supervisor daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch  gcc-c++ whois && \
+    yum install -y cortex supervisor rsync daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch  gcc-c++ whois && \
    rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.13.rpm && \
    chown -R elasticsearch:elasticsearch /etc/elasticsearch && \
    mkdir -p /home/cortex && \

--- a/roles/cortex/tasks/main.yml
+++ b/roles/cortex/tasks/main.yml
 ---
- name: Copy cacert to ca-trust dir
+- include: start.yml
-  remote_user: root
-  copy:
-    src: "files/{{ca_cn}}.crt"
-    dest: /etc/pki/ca-trust/source/anchors/ca.crt
  tags:
-    - start
+   - start
-    - startcortex
+- include: stop.yml
- name: Install cacert to root truststore
-  remote_user: root
-  command: "update-ca-trust"
-  tags:
-    - start
-    - startcortex
- name: Copy certificates in cortex conf dir
-  remote_user: cortex
-  copy:
-    src:  "{{ item }}"
-    dest: "/etc/cortex/{{ item }}"
-    mode: 0600
-  with_items:
-    - "{{ inventory_hostname }}.p12"
-    - "{{ inventory_hostname }}.crt"
-    - "{{ inventory_hostname }}.key"
-    - cacerts.jks
-    - "{{ca_cn}}.crt"
-  tags:
-    - start
-    - startcortex
- name: Configure embedded Elasticsearch 6
-  remote_user: root
-  template:
-    src: jvm.options.j2
-    dest: /etc/elasticsearch/jvm.options
-  tags:
-    - start
-    - startcortex
- name: Start embedded Elasticsearch 6
-  remote_user: root
-  command: "supervisorctl start elasticsearch"
-  tags:
-    - start
-    - startcortex
- name: Configure Cortex
-  remote_user: cortex
-  template:
-    src: application.conf.j2
-    dest: /etc/cortex/application.conf
  tags:
-    - start
+   - stop
-    - startcortex
+   - stop-cortex
+- include: update-config.yml
- name: Start Cortex
-  remote_user: root
-  command: "supervisorctl start cortex"
  tags:
-    - start
+   - update-config
-    - startcortex
+   - update-cortex-config
+- include: restart.yml
- name: Wait for Cortex
-  remote_user: root
-  wait_for:
-    host: "{{groups['cortex'][0]}}"
-    port: 9001
-    state: started
-    delay: 5
  tags:
-    - start
+   - restart
-    - startcortex
+   - restart-cortex
- name: Set Autostart for supervisord's services
-  shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
-  tags:
-    - start
- name: Stop Elasticsearch
-  remote_user: root
-  command: "supervisorctl stop elasticsearch"
-  tags:
-    - stop
-    - stopelasticsearch
- name: Stop Cortex
-  remote_user: root
-  command: "supervisorctl stop cortex"
-  tags:
-    - stop
-    - stopcortex
--- a/roles/cortex/tasks/restart.yml
+++ b/roles/cortex/tasks/restart.yml
 ---
- name: Restart embedded Elasticsearch 6
+- name: Restart Elasticsearch
  remote_user: root
  command: "supervisorctl restart elasticsearch"

--- a/roles/cortex/tasks/stop.yml
+++ b/roles/cortex/tasks/stop.yml
@@ -7,3 +7,4 @@
 - name: Stop Cortex
  remote_user: root
  command: "supervisorctl stop cortex"