diff --git a/HOWTOS.md b/HOWTOS.md index a80cc5a0480a012453bed2cf2293bb551d497ce1..3a9aac098a143fe8e0544f68aedf8c0140bc193c 100644 --- a/HOWTOS.md +++ b/HOWTOS.md @@ -20,6 +20,9 @@ To update configuration files for all docker containers together, run the follow To update configuration files only for specific services, run the following commands: ansible-playbook -i inventories soctools.yml -t update-keycloak-config ansible-playbook -i inventories soctools.yml -t update-thehive-config + ansible-playbook -i inventories soctools.yml -t update-cortex-config + ansible-playbook -i inventories soctools.yml -t update-cassandra-config + ansible-playbook -i inventories soctools.yml -t update-haproxy-config Restart services inside docker containers using Ansible @@ -29,6 +32,9 @@ To restart services for all docker containers together, run the following comman To restart services only for specific docker containers, run the following commands: ansible-playbook -i inventories soctools.yml -t restart-keycloak ansible-playbook -i inventories soctools.yml -t restart-thehive + ansible-playbook -i inventories soctools.yml -t restart-cortex + ansible-playbook -i inventories soctools.yml -t restart-cassandra + ansible-playbook -i inventories soctools.yml -t restart-haproxy Stop services inside docker containers using Ansible ---------------------------------------------------- @@ -37,6 +43,9 @@ To stop services for all docker containers together, run the following command: To stop services only for specific docker containers, run the following commands: ansible-playbook -i inventories soctools.yml -t stop-keycloak ansible-playbook -i inventories soctools.yml -t stop-thehive + ansible-playbook -i inventories soctools.yml -t stop-cortex + ansible-playbook -i inventories soctools.yml -t stop-cassandra + ansible-playbook -i inventories soctools.yml -t stop-haproxy Restart services inside docker containers manually -------------------------------------------------- diff --git a/roles/build/templates/haproxy/Dockerfile.j2 b/roles/build/templates/haproxy/Dockerfile.j2 index a4d5e94aa6390579a41a62affb7b1adf4eea0799..6c34d74ce038ef6feaa1bde99b2d823a30a830a9 100644 --- a/roles/build/templates/haproxy/Dockerfile.j2 +++ b/roles/build/templates/haproxy/Dockerfile.j2 @@ -25,6 +25,7 @@ RUN \ pcre2-devel \ daemonize \ supervisor \ + rsync \ pth-devel && \ `# Install newest openssl...` \ wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \ diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index 73debe19f69d0a0281fde3029ea80d2008dd26ba..00ff3573b0523cbc4c0f71d1514bc862117d7e6e 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -1,74 +1,17 @@ --- -# tasks file for haproxy -- name: Copy haproxy configuration file - template: - src: haproxy.cfg.j2 - dest: /usr/local/etc/haproxy/haproxy.cfg +- include: start.yml tags: - - start - -- name: Create required directories - file: - path: "{{ item }}" - state: directory - mode: 0755 - owner: root - group: root - with_items: - - /opt/haproxy - - /etc/ssl/haproxy - tags: - - start - -- name: Generate dhparam file for haproxy - shell: "openssl dhparam -out /usr/local/etc/haproxy/dhparam.pem 2048" - tags: - - start - -- name: Copy haproxy certificates - copy: - src: "{{ item }}" - dest: "/opt/haproxy/{{ item }}" - mode: 0600 - with_items: - - "{{ inventory_hostname }}.crt" - - "{{ inventory_hostname }}.key" - tags: - - start - -- name: Combine crt and key for haproxy - assemble: - src: /opt/haproxy - dest: /etc/ssl/haproxy/{{ inventory_hostname }}.crt - owner: root - mode: 0600 + - start +- include: stop.yml tags: - - start - -- name: Delete temporary files and directory - file: - path: "{{ item }}" - state: absent - with_items: - - /opt/haproxy/{{ inventory_hostname }}.crt - - /opt/haproxy/{{ inventory_hostname }}.key - - /opt/haproxy - tags: - - start - -- name: Start haproxy - shell: "supervisorctl start haproxy" + - stop + - stop-haproxy +- include: update-config.yml tags: - - start - -- name: Set Autostart for supervisord's services - shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf" + - update-config + - update-haproxy-config +- include: restart.yml tags: - - start - -- name: Stop haproxy - command: "supervisorctl stop haproxy" - tags: - - stop - + - restart + - restart-haproxy diff --git a/roles/haproxy/tasks/restart.yml b/roles/haproxy/tasks/restart.yml new file mode 100644 index 0000000000000000000000000000000000000000..30c56b2caf98df9471bf019b08a636043290d946 --- /dev/null +++ b/roles/haproxy/tasks/restart.yml @@ -0,0 +1,6 @@ +--- +# tasks file for haproxy + +- name: Restart haproxy + shell: "supervisorctl restart haproxy" + diff --git a/roles/haproxy/tasks/start.yml b/roles/haproxy/tasks/start.yml new file mode 100644 index 0000000000000000000000000000000000000000..9c06c74acd303463b8d00b31e70ab4a851f8cad5 --- /dev/null +++ b/roles/haproxy/tasks/start.yml @@ -0,0 +1,55 @@ +--- +# tasks file for haproxy + +- name: Copy haproxy configuration file + template: + src: haproxy.cfg.j2 + dest: /usr/local/etc/haproxy/haproxy.cfg + +- name: Create required directories + file: + path: "{{ item }}" + state: directory + mode: 0755 + owner: root + group: root + with_items: + - /opt/haproxy + - /etc/ssl/haproxy + +- name: Generate dhparam file for haproxy + shell: "openssl dhparam -out /usr/local/etc/haproxy/dhparam.pem 2048" + +- name: Copy haproxy certificates + copy: + src: "{{ item }}" + dest: "/opt/haproxy/{{ item }}" + mode: 0600 + with_items: + - "{{ inventory_hostname }}.crt" + - "{{ inventory_hostname }}.key" + +- name: Combine crt and key for haproxy + assemble: + src: /opt/haproxy + dest: /etc/ssl/haproxy/{{ inventory_hostname }}.crt + owner: root + mode: 0600 + +- name: Delete temporary files and directory + file: + path: "{{ item }}" + state: absent + with_items: + - /opt/haproxy/{{ inventory_hostname }}.crt + - /opt/haproxy/{{ inventory_hostname }}.key + - /opt/haproxy + +- name: Start haproxy + shell: "supervisorctl start haproxy" + +- name: Set Autostart for supervisord's services + replace: + path: /etc/supervisord.conf + regexp: '^autostart=false$' + replace: 'autostart=true' diff --git a/roles/haproxy/tasks/stop.yml b/roles/haproxy/tasks/stop.yml new file mode 100644 index 0000000000000000000000000000000000000000..60f875fa3abae9f31a38e3e70b303ceb81ccd4b6 --- /dev/null +++ b/roles/haproxy/tasks/stop.yml @@ -0,0 +1,6 @@ +--- +# tasks file for haproxy + +- name: Stop haproxy + command: "supervisorctl stop haproxy" + diff --git a/roles/haproxy/tasks/update-config.yml b/roles/haproxy/tasks/update-config.yml new file mode 100644 index 0000000000000000000000000000000000000000..dc5cb8b945b946e99703bae873010e836317fa33 --- /dev/null +++ b/roles/haproxy/tasks/update-config.yml @@ -0,0 +1,8 @@ +--- +# tasks file for haproxy + +- name: Copy haproxy configuration file + template: + src: haproxy.cfg.j2 + dest: /usr/local/etc/haproxy/haproxy.cfg + diff --git a/soctools.yml b/soctools.yml index 142b7e51d7771420c3e818ad90aef726683a9546..d344ee7c4c638a7800053cadb764eec6171389d5 100644 --- a/soctools.yml +++ b/soctools.yml @@ -6,12 +6,12 @@ - name: Stop soctools cluster import_playbook: stopsoctools.yml - when: "'stop' in ansible_run_tags or 'stop-thehive' in ansible_run_tags or 'stop-keycloak' in ansible_run_tags" + when: "'stop' in ansible_run_tags or 'stop-thehive' in ansible_run_tags or 'stop-keycloak' in ansible_run_tags or 'stop-cortex' in ansible_run_tags or 'stop-haproxy' in ansible_run_tags or 'stop-cassandra' in ansible_run_tags" - name: Update soctools cluster configs import_playbook: update-config-soctools.yml - when: "'update-config' in ansible_run_tags or 'update-keycloak-config' in ansible_run_tags or 'update-thehive-config' in ansible_run_tags" + when: "'update-config' in ansible_run_tags or 'update-keycloak-config' in ansible_run_tags or 'update-thehive-config' in ansible_run_tags or 'update-cortex-config' in ansible_run_tags or 'update-haproxy-config' in ansible_run_tags or 'update-cassandra-config' in ansible_run_tags" - name: restart soctools cluster servics import_playbook: restart-soctools.yml - when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags" + when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags or 'restart-cortex' in ansible_run_tags or 'restart-haproxy' in ansible_run_tags or 'restart-cassandra' in ansible_run_tags"