Update install script for agent version 2.x (#43)

* update install script for 2.x

* fix RedHat-specific syntax

* fix 1.x syntax

* account for different repos

* fix idempotence

Author: Greg Malkov

.travis.yml

@@ -1,3 +1,4 @@
+dist: xenial
 language: python
 python: '2.7'
 sudo: required
@@ -10,13 +11,12 @@ install:
   - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
 script:
   - ansible-playbook -v -i tests/inventory tests/test.yml --syntax-check
-  - ansible-playbook -v -i tests/inventory tests/test.yml --connection=local --sudo
+  - ansible-playbook -v -i tests/inventory tests/test.yml --connection=local --sudo --skip-tags "checkstate"
   - ansible-playbook -v -i tests/inventory tests/test.yml --check --diff --connection=local --sudo
   - "echo 'Sleeping 60 while agent checks in initially and creates .audit.'; sleep 60"
   - "ansible-playbook -v -i tests/inventory tests/test.yml --connection=local --sudo |
     tee /tmp/output.txt; grep -q 'changed=0.*failed=0' /tmp/output.txt && (echo 'Idempotence test: pass' && exit 0) ||
     (echo 'Idempotence test: fail' && exit 1)"
-
 env:
   global:
-    secure: "iCi7Uja9PDxhtJHBSHHxZi8Awj0b/mfdlRdIHLDx51iONQlV4YLfPn/aTx4nD8a91V0WZqg11APIjZZxW/ViuU23qwgUB4MQ80QAn2mL3jRkXzmc9gQR3OZZd9KsPHTFUAOYMbenNFSTYS/PIZykkU6PsAydIe9dZTvLOrozD3I="
+    secure: "iCi7Uja9PDxhtJHBSHHxZi8Awj0b/mfdlRdIHLDx51iONQlV4YLfPn/aTx4nD8a91V0WZqg11APIjZZxW/ViuU23qwgUB4MQ80QAn2mL3jRkXzmc9gQR3OZZd9KsPHTFUAOYMbenNFSTYS/PIZykkU6PsAydIe9dZTvLOrozD3I="

README.md

@@ -16,22 +16,29 @@ Platforms
 * CentOS
 * RedHat
 * Ubuntu
+* Debian
 
 Role Variables
 --------------
 The following variables are available for override.
 ```
 threatstack_deploy_key:         # Required. Your Cloud Sight API Key
-threatstack_feature_plan:       # Set value to reflect your feature plan. https://www.threatstack.com/plans
-                                # * 'agent_type="i"' - Investigate or Legacy (Basic, Advanced, Pro)
-                                # * 'agent_type="m"' - Monitor
-threatstack_ruleset:            # The Agent's rule set, will default to "Default Rule Set".
+threatstack_feature_plan:       # AGENT 1.x ONLY!
+                                #   Required. Set value to reflect your feature plan. https://www.threatstack.com/plans
+                                #   * 'agent_type="i"' - Investigate or Legacy (Basic, Advanced, Pro)
+                                #   * 'agent_type="m"' - Monitor
+threatstack_ruleset:            # Array of agent rule sets, will default to ["Base Rule Set"].
                                 # Define multiple rule sets using a comma seperated list.
 threatstack_pkg_url:            # Location of package repo. Only change if you mirror your own.
-threatstack_pkg:                # name of package. Specify package version using "threatstack-agent=X.Y.Z"
-threatstack_hostname:           # The display hostname in the Threat Stack UI
+threatstack_pkg:                # Name of package. Specify package version using
+                                #  "threatstack-agent=X.Y.Z" (Debian/Ubuntu)
+                                #  "threatstack-agent-X.Y.Z" (RedHat/CentOS/Amazon)
+                                # Defaults to latest available version.
+threatstack_url:                # The URL of the Threat Stack webapp. Defaults to https://app.threatstack.com
+threatstack_hostname:           # The display hostname in the Threat Stack UI. Defaults to hostname.
 threatstack_configure_agent:    # Optionally do not configure the host, just install package
-threatstack_agent_config_args:  # Pass optional configuration arguments during agent registration.
+threatstack_agent_extra_args:   # Pass optional arguments during agent registration.
+threatstack_agent_config_args:  # Pass optional configuration arguments after agent registration.
 ```
 
 Install

defaults/main.yml

@@ -1,11 +1,12 @@
 ---
 # defaults file for threatstack
 
-threatstack_pkg_url: 'https://pkg.threatstack.com'
+threatstack_v1_pkg_url: 'https://pkg.threatstack.com'
+threatstack_v2_pkg_url: 'https://pkg.threatstack.com/v2'
 threatstack_pkg_state: installed
-# to set a version of the agent use threatstack-agent=X.Y.Z
+# to set a version of the agent use threatstack-agent=X.Y.Z (Debian) or threatstack-agent-X.Y.Z (RedHat)
 threatstack_pkg:  threatstack-agent
-#threatstack_hostname:
+threatstack_url: https://app.threatstack.com
 threatstack_ruleset:
   - 'Base Rule Set'
 threatstack_config_dir: '/etc/threatstack'
@@ -17,4 +18,4 @@ threatstack_agent_config_args:
 # Set according to feature plan. https://www.threatstack.com/plans
 # * agent_type="i" - Investigate, Legacy (Basic, Pro, Advanced)
 # * agent_type="m" - Monitor
-agent_type: "{{ threatstack_feature_plan | mandatory }}"
+agent_type: "{{ threatstack_feature_plan | default('') }}"

handlers/main.yml

@@ -1,2 +1,5 @@
 - name: restart cloudsight
   service: name=cloudsight state=restarted
+
+- name: restart tsagent
+  service: name=threatstack state=restarted

meta/main.yml

@@ -4,32 +4,29 @@ galaxy_info:
   description: Ansible role to install the threatstack agent
   company: Threat Stack
   license: license (Apache)
-  min_ansible_version: 1.3
+  min_ansible_version: 1.6
   platforms:
   - name: EL
     versions:
     - all
-    - 6
     - 7
   - name: Debian
     versions:
     - all
-    - 7
     - 8
-  - name: Fedora
-    versions:
-    - 25
+    - 9
   - name: Amazon
     versions:
     - all
-    - 2013.03
-    - 2013.09
+    - 2017.09
+    - 2018.03
+    - 2
   - name: Ubuntu
     versions:
     - all
-    - precise
     - trusty
     - xenial
+    - bionic
   categories:
   - cloud
   - cloud:ec2

tasks/cloudsight_setup.yml

@@ -1,6 +1,7 @@
 ---
 
-# Cloudsight Setup
+# 1.x agent setup
+
 - name: Create Threat Stack Config Directory
   file:
     path: "{{ threatstack_config_dir }}"
@@ -18,8 +19,8 @@
     group: root
     mode: 0644
 
-- name: Cloudsight - setup default
-  command: cloudsight setup --config={{ threatstack_config }} --agent_type={{ agent_type }} {{ threatstack_agent_extra_args }}
+- name: Agent setup
+  command: cloudsight setup --url={{ threatstack_url }} --config={{ threatstack_config }} --agent_type={{ agent_type }} {{ threatstack_agent_extra_args }}
   register: setup_result
   args:
     creates: /opt/threatstack/cloudsight/config/.audit
@@ -41,7 +42,7 @@
   when: config_args.changed
   notify: restart cloudsight
 
-- name: Test cloudsight state
+- name: Test agent state
   service:
     name: cloudsight
     enabled: yes

tasks/facts.yml

@@ -0,0 +1,15 @@
+---
+- name: Check if agent is v1.x
+  set_fact:
+    threatstack_v1_string: "{{ threatstack_pkg | regex_search('agent[=-]1\\.') }}"
+
+- name: Define v1 variable
+  set_fact:
+    threatstack_v1: "{{ threatstack_v1_string != '' }}"
+
+- name: Ensure agent_type is defined
+  fail:
+    msg: "threatstack_feature_plan is mandatory for 1.x agents!"
+  when:
+    - threatstack_v1
+    - agent_type == ''

tasks/main.yml

@@ -1,5 +1,11 @@
 ---
-# Setup tasks
+- name: Define some facts based on variables
+  include: facts.yml
+
+- name: Ensure package URL is defined
+  include: pkg_url.yml
+  when: threatstack_pkg_url is undefined
+
 - name: Run Apt configure and install Threat Stack
   include: apt_install.yml
   when: ansible_os_family == 'Debian'
@@ -8,6 +14,14 @@
   include: yum_install.yml
   when: ansible_os_family == 'RedHat'
 
-- name: Fire cloudsight setup
+- name: 1.x agent setup
   include: cloudsight_setup.yml
-  when: threatstack_configure_agent == true
+  when:
+    - threatstack_configure_agent == true
+    - threatstack_v1
+
+- name: 2.x agent setup
+  include: tsagent_setup.yml
+  when:
+    - threatstack_configure_agent == true
+    - not threatstack_v1

tasks/pkg_url.yml

@@ -0,0 +1,10 @@
+---
+- name: Define v1 package URL variable
+  set_fact:
+    threatstack_pkg_url: "{{ threatstack_v1_pkg_url }}"
+  when: threatstack_v1
+
+- name: Define v2 package URL variable
+  set_fact:
+    threatstack_pkg_url: "{{ threatstack_v2_pkg_url }}"
+  when: not threatstack_v1

tasks/tsagent_setup.yml

@@ -0,0 +1,76 @@
+---
+
+# 2.x agent setup
+
+- name: Get setup string
+  set_fact:
+    setup_string: tsagent setup -url {{ threatstack_url }} -deploy-key {{ threatstack_deploy_key }} -ruleset "{{ threatstack_ruleset | join(",") }}" {{ threatstack_agent_extra_args }}
+
+- name: Get checksum of setup string
+  set_fact:
+    setup_checksum: "{{ setup_string | checksum }}"
+
+- name: Create file to track checksum of setup string
+  copy:
+    content: "{{ setup_checksum }}"
+    dest: /opt/threatstack/etc/.setup_checksum
+    owner: root
+    group: root
+    mode: 0644
+  register: setup_file
+
+- name: Get config string
+  set_fact:
+    config_string: tsagent config -set {{ threatstack_agent_config_args }}
+
+- name: Get checksum of config string
+  set_fact:
+    config_checksum: "{{ config_string | checksum }}"
+
+- debug:
+    msg: "{{ threatstack_agent_config_args }}"
+
+- name: Create file to track checksum of config string
+  copy:
+    content: "{{ config_checksum }}"
+    dest: /opt/threatstack/etc/.config_checksum
+    owner: root
+    group: root
+    mode: 0644
+  register: config_file
+  when: threatstack_agent_config_args != None
+
+- name: Agent setup
+  command: "{{ setup_string }}"
+  register: setup_result
+  changed_when: False
+
+- name: Wait 5 seconds
+  pause:
+    seconds: 5
+
+- name: Agent config
+  command: "{{ config_string }}"
+  when: config_file.changed
+
+- name: Restart tsagent
+  service: name=threatstack state=restarted
+  when: setup_file.changed or config_file.changed
+
+- name: Wait 5 seconds
+  pause:
+    seconds: 5
+  when: setup_file.changed or config_file.changed
+
+- name: Test agent state
+  command: tsagent status
+  register: tsagent_status
+  retries: 5
+  delay: 2
+  until: tsagent_status.rc == 0
+  when: setup_file.changed or config_file.changed
+  tags:
+    - checkstate
+
+- name: Ensure agent is running
+  service: name=threatstack state=started