diff --git a/HOWTOS.md b/HOWTOS.md index a80cc5a0480a012453bed2cf2293bb551d497ce1..a9090b5da4206c793d29aab58ccd8c353a9f2d56 100644 --- a/HOWTOS.md +++ b/HOWTOS.md @@ -20,6 +20,7 @@ To update configuration files for all docker containers together, run the follow To update configuration files only for specific services, run the following commands: ansible-playbook -i inventories soctools.yml -t update-keycloak-config ansible-playbook -i inventories soctools.yml -t update-thehive-config + ansible-playbook -i inventories soctools.yml -t update-cortex-config Restart services inside docker containers using Ansible @@ -29,6 +30,7 @@ To restart services for all docker containers together, run the following comman To restart services only for specific docker containers, run the following commands: ansible-playbook -i inventories soctools.yml -t restart-keycloak ansible-playbook -i inventories soctools.yml -t restart-thehive + ansible-playbook -i inventories soctools.yml -t restart-cortex Stop services inside docker containers using Ansible ---------------------------------------------------- @@ -37,6 +39,7 @@ To stop services for all docker containers together, run the following command: To stop services only for specific docker containers, run the following commands: ansible-playbook -i inventories soctools.yml -t stop-keycloak ansible-playbook -i inventories soctools.yml -t stop-thehive + ansible-playbook -i inventories soctools.yml -t stop-cortex Restart services inside docker containers manually -------------------------------------------------- diff --git a/roles/build/templates/cortex/Dockerfile.j2 b/roles/build/templates/cortex/Dockerfile.j2 index 76c60662c05675b61f7acfbde36ad46aa1351c44..ceeb6a59132f30e1ca21978a4ee873b97f05e2d3 100644 --- a/roles/build/templates/cortex/Dockerfile.j2 +++ b/roles/build/templates/cortex/Dockerfile.j2 @@ -10,7 +10,7 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \ yum install -y epel-release && \ rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \ rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \ - yum install -y cortex supervisor daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \ + yum install -y cortex supervisor rsync daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \ rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.13.rpm && \ chown -R elasticsearch:elasticsearch /etc/elasticsearch && \ mkdir -p /home/cortex && \ diff --git a/roles/cortex/tasks/main.yml b/roles/cortex/tasks/main.yml index 0c150c2d77aceeed67d702cd02f85b26ebff0504..42dbce24e023adb6f9fc4cda640ced5f3f8ef18f 100644 --- a/roles/cortex/tasks/main.yml +++ b/roles/cortex/tasks/main.yml @@ -1,96 +1,18 @@ --- -- name: Copy cacert to ca-trust dir - remote_user: root - copy: - src: "files/{{ca_cn}}.crt" - dest: /etc/pki/ca-trust/source/anchors/ca.crt +- include: start.yml tags: - - start - - startcortex - -- name: Install cacert to root truststore - remote_user: root - command: "update-ca-trust" - tags: - - start - - startcortex - -- name: Copy certificates in cortex conf dir - remote_user: cortex - copy: - src: "{{ item }}" - dest: "/etc/cortex/{{ item }}" - mode: 0600 - with_items: - - "{{ inventory_hostname }}.p12" - - "{{ inventory_hostname }}.crt" - - "{{ inventory_hostname }}.key" - - cacerts.jks - - "{{ca_cn}}.crt" - tags: - - start - - startcortex - -- name: Configure embedded Elasticsearch 6 - remote_user: root - template: - src: jvm.options.j2 - dest: /etc/elasticsearch/jvm.options - tags: - - start - - startcortex - -- name: Start embedded Elasticsearch 6 - remote_user: root - command: "supervisorctl start elasticsearch" - tags: - - start - - startcortex - -- name: Configure Cortex - remote_user: cortex - template: - src: application.conf.j2 - dest: /etc/cortex/application.conf + - start + - startcortex +- include: stop.yml tags: - - start - - startcortex - -- name: Start Cortex - remote_user: root - command: "supervisorctl start cortex" + - stop + - stop-cortex +- include: update-config.yml tags: - - start - - startcortex - -- name: Wait for Cortex - remote_user: root - wait_for: - host: "{{groups['cortex'][0]}}" - port: 9001 - state: started - delay: 5 + - update-config + - update-cortex-config +- include: restart.yml tags: - - start - - startcortex - -- name: Set Autostart for supervisord's services - shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf" - tags: - - start - -- name: Stop Elasticsearch - remote_user: root - command: "supervisorctl stop elasticsearch" - tags: - - stop - - stopelasticsearch - -- name: Stop Cortex - remote_user: root - command: "supervisorctl stop cortex" - tags: - - stop - - stopcortex - + - restart + - restart-cortex diff --git a/roles/cortex/tasks/restart.yml b/roles/cortex/tasks/restart.yml new file mode 100644 index 0000000000000000000000000000000000000000..2c4486b100ad437b8c5ed6ff0a9b9c0ba324ea7d --- /dev/null +++ b/roles/cortex/tasks/restart.yml @@ -0,0 +1,18 @@ +--- + +- name: Restart embedded Elasticsearch 6 + remote_user: root + command: "supervisorctl restart elasticsearch" + +- name: Restart Cortex + remote_user: root + command: "supervisorctl restart cortex" + +- name: Wait for Cortex + remote_user: root + wait_for: + host: "{{groups['cortex'][0]}}" + port: 9001 + state: started + delay: 5 + diff --git a/roles/cortex/tasks/start.yml b/roles/cortex/tasks/start.yml new file mode 100644 index 0000000000000000000000000000000000000000..b80b61c872310e478c0117c1fd6057e8a91844a2 --- /dev/null +++ b/roles/cortex/tasks/start.yml @@ -0,0 +1,56 @@ +--- + +- name: Copy cacert to ca-trust dir + remote_user: root + copy: + src: "files/{{ca_cn}}.crt" + dest: /etc/pki/ca-trust/source/anchors/ca.crt + +- name: Install cacert to root truststore + remote_user: root + command: "update-ca-trust" + +- name: Copy certificates in cortex conf dir + remote_user: cortex + copy: + src: "{{ item }}" + dest: "/etc/cortex/{{ item }}" + mode: 0600 + with_items: + - "{{ inventory_hostname }}.p12" + - "{{ inventory_hostname }}.crt" + - "{{ inventory_hostname }}.key" + - cacerts.jks + - "{{ca_cn}}.crt" + +- name: Configure embedded Elasticsearch 6 + remote_user: root + template: + src: jvm.options.j2 + dest: /etc/elasticsearch/jvm.options + +- name: Start embedded Elasticsearch 6 + remote_user: root + command: "supervisorctl start elasticsearch" + +- name: Configure Cortex + remote_user: cortex + template: + src: application.conf.j2 + dest: /etc/cortex/application.conf + +- name: Start Cortex + remote_user: root + command: "supervisorctl start cortex" + +- name: Wait for Cortex + remote_user: root + wait_for: + host: "{{groups['cortex'][0]}}" + port: 9001 + state: started + delay: 5 + +- name: Set Autostart for supervisord's services + shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf" + diff --git a/roles/cortex/tasks/stop.yml b/roles/cortex/tasks/stop.yml new file mode 100644 index 0000000000000000000000000000000000000000..97dd720756d347fe287cf401bd8f3af0ec395bab --- /dev/null +++ b/roles/cortex/tasks/stop.yml @@ -0,0 +1,9 @@ +--- + +- name: Stop Elasticsearch + remote_user: root + command: "supervisorctl stop elasticsearch" + +- name: Stop Cortex + remote_user: root + command: "supervisorctl stop cortex" diff --git a/roles/cortex/tasks/update-config.yml b/roles/cortex/tasks/update-config.yml new file mode 100644 index 0000000000000000000000000000000000000000..a49f24fe5e51ea8b1ab38ba4da00d4e6d8f9d853 --- /dev/null +++ b/roles/cortex/tasks/update-config.yml @@ -0,0 +1,14 @@ +--- + +- name: Configure embedded Elasticsearch 6 + remote_user: root + template: + src: jvm.options.j2 + dest: /etc/elasticsearch/jvm.options + +- name: Configure Cortex + remote_user: cortex + template: + src: application.conf.j2 + dest: /etc/cortex/application.conf + diff --git a/soctools.yml b/soctools.yml index 142b7e51d7771420c3e818ad90aef726683a9546..d89befdf6fcaeef42cdb5bc52acf75a875d5465b 100644 --- a/soctools.yml +++ b/soctools.yml @@ -2,16 +2,16 @@ - name: Start soctools cluster import_playbook: startsoctools.yml - when: "'start' in ansible_run_tags or 'config' in ansible_run_tags" + when: "'start' or 'config' in ansible_run_tags" - name: Stop soctools cluster import_playbook: stopsoctools.yml - when: "'stop' in ansible_run_tags or 'stop-thehive' in ansible_run_tags or 'stop-keycloak' in ansible_run_tags" + when: "'stop' or 'stop-thehive' or 'stop-keycloak' or 'stop-cortex' in ansible_run_tags" - name: Update soctools cluster configs import_playbook: update-config-soctools.yml - when: "'update-config' in ansible_run_tags or 'update-keycloak-config' in ansible_run_tags or 'update-thehive-config' in ansible_run_tags" + when: "'update-config' or 'update-keycloak-config' or 'update-thehive-config' or 'update-cortex-config' in ansible_run_tags" - name: restart soctools cluster servics import_playbook: restart-soctools.yml - when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags" + when: "'restart' or 'restart-thehive' or 'restart-keycloak' or 'restart-cortex' in ansible_run_tags"