diff --git a/roles/build/templates/odfekibana/Dockerfile-kibana.j2 b/roles/build/templates/odfekibana/Dockerfile-kibana.j2 index ef2a4768f809d02b8320cb90963ea701cbddec16..05a1c40b3ac3cb718e524cef5225102e7ece1e55 100644 --- a/roles/build/templates/odfekibana/Dockerfile-kibana.j2 +++ b/roles/build/templates/odfekibana/Dockerfile-kibana.j2 @@ -1,6 +1,6 @@ FROM {{repo}}/centos:{{version}}{{suffix}} -RUN yum install -y supervisor +RUN yum install -y supervisor rsync RUN yum clean all ENV PATH="/usr/share/kibana/bin:${PATH}" diff --git a/roles/odfekibana/tasks/main.yml b/roles/odfekibana/tasks/main.yml index 2ff94161ae43e6bd3a7e7ccaee3cbe1098995eff..1662efd600ad1a43e47bc3c40acb09fe69599dda 100644 --- a/roles/odfekibana/tasks/main.yml +++ b/roles/odfekibana/tasks/main.yml @@ -1,215 +1,17 @@ --- -#- name: Create config directory -# file: -# name: config -# state: directory -# mode: 0700 -# tags: -# - start - -- name: Copy cacert to ca-trust dir - remote_user: root - copy: - src: "{{playbook_dir}}/secrets/CA/ca.crt" - dest: /etc/pki/ca-trust/source/anchors/ca.crt - tags: - - start - -- name: Install cacert to root truststore - remote_user: root - command: "update-ca-trust" - tags: - - start - -- name: Copy certificates in odfe kibana conf dir - remote_user: kibana - copy: - src: "{{ item }}" - dest: "config/" - mode: 0600 - with_items: - - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12" - - "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt" - - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key" - - "{{playbook_dir}}/secrets/CA/cacerts.jks" - - "{{playbook_dir}}/secrets/CA/ca.crt" - - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12" - tags: - - start - -- name: Get openid authkey - remote_user: kibana - set_fact: - kibanasecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/kibanasecret',convert_data=False) | from_json }}" - tags: - - start - -#- name: Configure sysconfig -# template: -# src: sysconfig_elasticsearch.j2 -# dest: sysconfig_elasticsearch -# tags: -# - start -# -#- name: Copy sysconfig to /etc -# command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch" -# tags: -# - start - -# lineinfile: -# path: /etc/sysconfig/elasticsearch -# regexp: '^ES_PATH_CONF=' -# line: ES_PATH_CONF=/usr/share/elasticsearch/config -# tags: -# - start -- name: Configure odfe kibana properties - remote_user: kibana - template: - src: "{{item}}.j2" - dest: "config/{{item}}" - with_items: - - kibana.yml - tags: - - start - -- name: Configure odfe kibana start script - remote_user: kibana - template: - src: "{{item}}.j2" - dest: "{{item}}" - mode: 0750 - with_items: - - startkibana.sh - tags: - - start - -#- name: Exit here to test ODFE -# meta: end_play -# tags: -# - start - - -- name: Generate configuration for thehive_button plugin - remote_user: kibana - template: - src: files/env.js.j2 - dest: "/usr/share/kibana/plugins/thehive_button/public/env.js" - owner: kibana - group: kibana - tags: - - start - - -- name: Start Kibana - remote_user: root - shell: "supervisorctl start kibana" - tags: - - start - -- name: Wait for Kibana - remote_user: kibana - wait_for: - host: "{{groups['odfekibanacontainers'][0]}}" - port: 5601 - state: started - delay: 5 - tags: - - start - -- name: Check Kibana health - remote_user: kibana - shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \ - | egrep status....overall....state...green' - register: result - until: result.rc == 0 - retries: 90 - delay: 2 - ignore_errors: yes - tags: - - start - -#- name: Copy tenant.json to container -# remote_user: kibana -# copy: -# src: "files/tenant.json" -# dest: /tmp/tenant.json -# tags: -# - start -# -#- name: change tenant to global -# shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/multitenancy/tenant" \ -# -b /tmp/cookie.txt -c /tmp/cookie.txt \ -# -k --user admin:{{ odfees_adminpass }} \ -# -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \ -# -d @/tmp/tenant.json' -# tags: -# - start - -- name: Copy kibana_graphs.ndjson to container - remote_user: kibana - copy: - src: "files/kibana_graphs.ndjson" - dest: /tmp/kibana_graphs.ndjson - tags: - - start - -- name: Import graphs to kibana - remote_user: kibana - shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \ - -b /tmp/cookie.txt -c /tmp/cookie.txt \ - -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \ - -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \ - -F "file=@/tmp/kibana_graphs.ndjson"' +- include: start.yml tags: - - start - -- name: Copy role modification json to container - remote_user: kibana - template: - src: "role.json.j2" - dest: /tmp/role.json + - start +- include: stop.yml tags: - - start - -- name: Grant admin permissions to users - remote_user: kibana - shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \ - -b /tmp/cookie.txt -c /tmp/cookie.txt \ - -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \ - -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \ - -d @/tmp/role.json' + - stop + - stop-odfekibana +- include: update-config.yml tags: - - start - -#- name: cleanup temporary files for kibana_graph import -# shell: '/bin/rm -rf /tmp/cookie.txt /tmp/kibana_graphs.ndjson /tmp/tenant.json' -# ignore_errors: true -# tags: -# - start - -#- name: check reachable hosts -# gather_facts: no -# tasks: -# - command: ping -c1 {{ inventory_hostname }} -# delegate_to: localhost -# register: ping_result -# ignore_errors: yes -# - group_by: key=reachable -# when: ping_result|success - -#- name: Stop OpenDistro Kibana for Elasticsearch -# command: "pkill -SIGTERM -F {{inventory_hostname}}.pid" -# tags: -# - stop - -- name: Set Autostart for supervisord's services - shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf" - tags: - - start - -- name: Stop OpenDistro Kibana for Elasticsearch - remote_user: root - command: "supervisorctl stop kibana" + - update-config + - update-odfekibana-config +- include: restart.yml tags: - - stop + - restart + - restart-odfekibana diff --git a/roles/odfekibana/tasks/restart.yml b/roles/odfekibana/tasks/restart.yml new file mode 100644 index 0000000000000000000000000000000000000000..7ef339035ddb769ec70ffad981b8a36959f735e1 --- /dev/null +++ b/roles/odfekibana/tasks/restart.yml @@ -0,0 +1,32 @@ +--- + +- name: Restart Kibana + remote_user: root + shell: "supervisorctl restart kibana" + +- name: Wait for Kibana + remote_user: kibana + wait_for: + host: "{{groups['odfekibanacontainers'][0]}}" + port: 5601 + state: started + delay: 5 + +- name: Check Kibana health + remote_user: kibana + shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \ + | egrep status....overall....state...green' + register: result + until: result.rc == 0 + retries: 90 + delay: 2 + ignore_errors: yes + +- name: Import graphs to kibana + remote_user: kibana + shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \ + -b /tmp/cookie.txt -c /tmp/cookie.txt \ + -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \ + -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \ + -F "file=@/tmp/kibana_graphs.ndjson"' + diff --git a/roles/odfekibana/tasks/start.yml b/roles/odfekibana/tasks/start.yml new file mode 100644 index 0000000000000000000000000000000000000000..186a6a6c8effc0664dba8b6f72090aa932a7681a --- /dev/null +++ b/roles/odfekibana/tasks/start.yml @@ -0,0 +1,166 @@ +--- + +#- name: Create config directory +# file: +# name: config +# state: directory +# mode: 0700 + +- name: Copy cacert to ca-trust dir + remote_user: root + copy: + src: "{{playbook_dir}}/secrets/CA/ca.crt" + dest: /etc/pki/ca-trust/source/anchors/ca.crt + +- name: Install cacert to root truststore + remote_user: root + command: "update-ca-trust" + +- name: Copy certificates in odfe kibana conf dir + remote_user: kibana + copy: + src: "{{ item }}" + dest: "config/" + mode: 0600 + with_items: + - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12" + - "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt" + - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key" + - "{{playbook_dir}}/secrets/CA/cacerts.jks" + - "{{playbook_dir}}/secrets/CA/ca.crt" + - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12" + +- name: Get openid authkey + remote_user: kibana + set_fact: + kibanasecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/kibanasecret',convert_data=False) | from_json }}" + +#- name: Configure sysconfig +# template: +# src: sysconfig_elasticsearch.j2 +# dest: sysconfig_elasticsearch +# +#- name: Copy sysconfig to /etc +# command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch" + +# lineinfile: +# path: /etc/sysconfig/elasticsearch +# regexp: '^ES_PATH_CONF=' +# line: ES_PATH_CONF=/usr/share/elasticsearch/config + +- name: Configure odfe kibana properties + remote_user: kibana + template: + src: "{{item}}.j2" + dest: "config/{{item}}" + with_items: + - kibana.yml + +- name: Configure odfe kibana start script + remote_user: kibana + template: + src: "{{item}}.j2" + dest: "{{item}}" + mode: 0750 + with_items: + - startkibana.sh + +#- name: Exit here to test ODFE +# meta: end_play + + +- name: Generate configuration for thehive_button plugin + remote_user: kibana + template: + src: files/env.js.j2 + dest: "/usr/share/kibana/plugins/thehive_button/public/env.js" + owner: kibana + group: kibana + + +- name: Start Kibana + remote_user: root + shell: "supervisorctl start kibana" + +- name: Wait for Kibana + remote_user: kibana + wait_for: + host: "{{groups['odfekibanacontainers'][0]}}" + port: 5601 + state: started + delay: 5 + +- name: Check Kibana health + remote_user: kibana + shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \ + | egrep status....overall....state...green' + register: result + until: result.rc == 0 + retries: 90 + delay: 2 + ignore_errors: yes + +#- name: Copy tenant.json to container +# remote_user: kibana +# copy: +# src: "files/tenant.json" +# dest: /tmp/tenant.json +# +#- name: change tenant to global +# shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/multitenancy/tenant" \ +# -b /tmp/cookie.txt -c /tmp/cookie.txt \ +# -k --user admin:{{ odfees_adminpass }} \ +# -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \ +# -d @/tmp/tenant.json' + +- name: Copy kibana_graphs.ndjson to container + remote_user: kibana + copy: + src: "files/kibana_graphs.ndjson" + dest: /tmp/kibana_graphs.ndjson + +- name: Import graphs to kibana + remote_user: kibana + shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \ + -b /tmp/cookie.txt -c /tmp/cookie.txt \ + -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \ + -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \ + -F "file=@/tmp/kibana_graphs.ndjson"' + +- name: Copy role modification json to container + remote_user: kibana + template: + src: "role.json.j2" + dest: /tmp/role.json + +- name: Grant admin permissions to users + remote_user: kibana + shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \ + -b /tmp/cookie.txt -c /tmp/cookie.txt \ + -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \ + -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \ + -d @/tmp/role.json' + +#- name: cleanup temporary files for kibana_graph import +# shell: '/bin/rm -rf /tmp/cookie.txt /tmp/kibana_graphs.ndjson /tmp/tenant.json' +# ignore_errors: true + +#- name: check reachable hosts +# gather_facts: no +# tasks: +# - command: ping -c1 {{ inventory_hostname }} +# delegate_to: localhost +# register: ping_result +# ignore_errors: yes +# - group_by: key=reachable +# when: ping_result|success + +#- name: Stop OpenDistro Kibana for Elasticsearch +# command: "pkill -SIGTERM -F {{inventory_hostname}}.pid" + +- name: Set Autostart for supervisord's services + replace: + path: /etc/supervisord.conf + regexp: '^autostart=false$' + replace: 'autostart=true' + diff --git a/roles/odfekibana/tasks/stop.yml b/roles/odfekibana/tasks/stop.yml new file mode 100644 index 0000000000000000000000000000000000000000..2ab354a31339c1ee47c5d287277b9e25c6afa377 --- /dev/null +++ b/roles/odfekibana/tasks/stop.yml @@ -0,0 +1,5 @@ +--- + +- name: Stop OpenDistro Kibana for Elasticsearch + remote_user: root + command: "supervisorctl stop kibana" diff --git a/roles/odfekibana/tasks/update-config.yml b/roles/odfekibana/tasks/update-config.yml new file mode 100644 index 0000000000000000000000000000000000000000..779d95f971090d8575e3216bc1aa1179bee5eaae --- /dev/null +++ b/roles/odfekibana/tasks/update-config.yml @@ -0,0 +1,34 @@ +--- + +- name: Configure odfe kibana properties + remote_user: kibana + template: + src: "{{item}}.j2" + dest: "config/{{item}}" + with_items: + - kibana.yml + +- name: Configure odfe kibana start script + remote_user: kibana + template: + src: "{{item}}.j2" + dest: "{{item}}" + mode: 0750 + with_items: + - startkibana.sh + +- name: Generate configuration for thehive_button plugin + remote_user: kibana + template: + src: files/env.js.j2 + dest: "/usr/share/kibana/plugins/thehive_button/public/env.js" + owner: kibana + group: kibana + + +- name: Copy kibana_graphs.ndjson to container + remote_user: kibana + copy: + src: "files/kibana_graphs.ndjson" + dest: /tmp/kibana_graphs.ndjson +