diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..35406f2 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,14 @@ +#exclude_paths: +# - ./my/excluded/directory/ +# - ./my/other/excluded/directory/ +# - ./last/excluded/directory/ +parseable: true +quiet: true +#rulesdir: +# - ./rule/directory/ +skip_list: + - trailing-spaces +#tags: +# - run_this_tag +use_default_rules: true +verbosity: 1 \ No newline at end of file diff --git a/.gitignore b/.gitignore index 2aac6aa..29c130e 100644 --- a/.gitignore +++ b/.gitignore @@ -57,3 +57,8 @@ fabric.properties # kdevelop *.kdev4 .kdev4 + +# emacs and zile tmp files +.#* +*# +*~ diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..e0f908d --- /dev/null +++ b/.yamllint @@ -0,0 +1,32 @@ +--- + +extends: default + +rules: + braces: + level: warning + max-spaces-inside: 1 + brackets: + level: warning + max-spaces-inside: 1 + colons: + level: warning + commas: + level: warning + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + level: warning + hyphens: + level: warning + indentation: + level: warning + indent-sequences: consistent + line-length: + level: warning + allow-non-breakable-inline-mappings: true + new-line-at-end-of-file: + level: warning + truthy: disable + trailing-spaces: disable diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 21a1e85..0000000 --- a/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -FROM ubuntu:trusty - -MAINTAINER Rob McQueen - -# Install Python -RUN apt-get update && apt-get install -y \ - python-dev \ - python-virtualenv \ - sudo - -# Install Ansible -RUN mkdir /opt/ansible && virtualenv /opt/ansible/venv && \ - /opt/ansible/venv/bin/pip install ansible - -ADD . /build -COPY .ansible-test /build -WORKDIR /build - -CMD /opt/ansible/venv/bin/ansible-playbook -i inventory.yml \ - -c local -s -e testing=true -e role=$DOCKER_TEST_ROLE \ - playbook.yml; /bin/bash \ No newline at end of file diff --git a/FEATURES.md b/FEATURES.md deleted file mode 100644 index 677093e..0000000 --- a/FEATURES.md +++ /dev/null @@ -1,21 +0,0 @@ - -v1.3 - -* Configure Burp UI Agent -* Configure burp restore service -* Configure Burp manual delete -* Configure Burp Autoupgrade -* Activate clients from git repository -* have tests automatic for restore, backup with test client -* modify all setting for burp_server.conf -* build burp from source and have option to choose which burp version build -* Upgrade from source -* profiles_templates from defaults, so anyone can set their own, and also with good defaults profiles: profile_lnxsrv, profile_win6x, profile_win6x_drp -* burp2_add_manual_clients to have possibility to add clients from a list, also from command line -* Automated travis import, with molecule test passed (ansible-lint, idempotence, etc) for centos/systemd, ubuntu/latest, debian/8 -** Tests master branch of burp when run with debian/8 (ansible_burp_server-master2 name in molecule.yml) -* burp_server_custom_lines var (to manage your own lines in burp-server.conf) -* Good defaults profiles with option to have your own profiles only copying profiles_templates var -* Remove a client from a list burp_remove_clients -* Ability to setup new port per operation (available since burp 2.1.10) -* Use notify failure by email diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 34e1e7c..0000000 --- a/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2016 CoffeeITWorks group - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/circle.yml b/circle.yml deleted file mode 100644 index 1ee32c4..0000000 --- a/circle.yml +++ /dev/null @@ -1,21 +0,0 @@ -machine: - python: - version: 2.7.10 - -dependencies: - pre: - - sudo apt-get install software-properties-common - - sudo apt-add-repository ppa:ansible/ansible -y - - sudo apt-get update - - sudo apt-get install ansible - -test: - override: - # Check the role/playbook's syntax - - ansible-playbook -i tests/inventory tests/test.yml --syntax-check - # Check with ansible-lint - # - ansible-lint playbook.yml - # Run the basic role - - sudo ansible-playbook -i tests/inventory tests/test.yml --connection=local --become - # Test client to test restores - - sudo ansible-playbook -i tests/inventory tests/test.yml --connection=local --become -e burp_module_test_client=True diff --git a/defaults/main.yml b/defaults/main.yml index 3c221a7..5af8edd 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,7 +2,17 @@ # file: defaults/main.yml # New default options based on: https://github.com/grke/burp/wiki/Performance-Tips +# default paths for non FreeBSD systems +etc_dir: "/etc" +usr_dir: "/usr" +# use the pkg tool to use binaries and be faster +burp_freebsd_use_portinstall: false + ### Modules --- +# Configure Burp UI Agent +burp_module_agent: false +# Configure burp restore service +burp_module_restore: false # Configure Burp manual delete burp_manual_delete_enabled: true # Configure Burp Autoupgrade @@ -10,7 +20,7 @@ burp_server_autoupgrade_enabled: true # Activate clients from git repository burp_repos: false #burpsrv_repos: -# - { repo: "url", version: "branch", dir: "dest dir"} +# - { repo: "url", versiong: "branch", dir: "dest dir"} # Example: # burp_repos: # - { repo: "http://host/group/repo.git", version: "master", dir: "linux_clients"} @@ -26,14 +36,15 @@ burp_repos: false burp_home: "/var/spool/burp" ## Build vars: - +# freeBSD need gmake +make: "make" # Add these vars to your hosts/groups to change version/tag (archive to download and compile) burpsrcext: "zip" # must be tar.gz or zip autoupgrade_version: "2.2.18" # master version is not compiled so added separately burp_version: "2.2.18" # branch or tag, example: "master" , example: "2.0.46" burp_configure_line: "CFLAGS='-O2 -march=native -mtune=native -mfpmath=sse -floop-parallelize-all -ftree-parallelize-loops=4' ./configure " # For CFLAGS see: https://github.com/grke/burp/wiki/Performance-Tips#optional-compile-time-improvements -burp_usr_path: '/usr/local' +burp_usr_path: "{{ usr_dir }}" burp_bin_path: "{{ burp_usr_path }}/sbin/burp" burp_force_reinstall: false @@ -45,7 +56,7 @@ burpurl: "https://github.com/grke/burp/archive/{{ burp_version }}.{{ burpsrcext # Directory that will be used as the location for the downloads§ download_dir: "{{ ansible_env.HOME }}/burp" -burp_server_etc: '/etc/burp' +burp_server_etc: "{{ etc_dir }}/burp" ## Additional autoupgrade vars: #autoupgrade_url_win64: "https://sourceforge.net/projects/burp/files/burp-{{ autoupgrade_version }}/burp-win64-installer-{{ autoupgrade_version }}.exe/download" #autoupgrade_url_win32: "https://sourceforge.net/projects/burp/files/burp-{{ autoupgrade_version }}/burp-win32-installer-{{ autoupgrade_version }}.exe/download" @@ -125,7 +136,7 @@ burp_server_custom_lines: [] # See also files/incexc, those in this repo are copied to /etc/burp/clientconfdir/incexc # This template create each template in: /etc/burp/clientconfdir/incexc/name profiles_templates: - + - name: profile_lnxsrv content: - "#hard_quota No permitir backups a clientes con mas de xxGb en el backup total" @@ -284,8 +295,9 @@ burp_sv_server_command: "{{ burp_bin_path }} -c {{ burp_server_etc }}/burp-serve burp_sv_server_user: "root" burp_sv_server_autostart: "true" burp_sv_server_autorestart: "true" -burp_sv_server_stdout_logfile: "/var/log/supervisor/%(program_name)s.log" -burp_sv_server_stderr_logfile: "/var/log/supervisor/%(program_name)s.log" +burp_sv_server_startretries: "5" +burp_sv_server_stdout_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.log" +burp_sv_server_stderr_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.log" ### --- # if burp_manual_delete_enabled: true @@ -342,3 +354,7 @@ backup_tool_script_url: 'https://github.com/grke/burp/blob/master/configs/server backup_tool_script_dir: '{{ burp_usr_path }}/share/burp/scripts' backup_tool_script_path: "{{ backup_tool_script_dir }}/backup_tool_script" install_backup_tool_script: false + +# use the 'portinstall' module on FreeBSD to compile packages instead of 'package' +burp_freebsd_use_portinstall: True + diff --git a/meta/.galaxy_install_info b/meta/.galaxy_install_info new file mode 100644 index 0000000..1668921 --- /dev/null +++ b/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Thu Jan 25 14:39:13 2018', version: master} diff --git a/meta/main.yml b/meta/main.yml index ce56e4d..e76e335 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -116,9 +116,10 @@ galaxy_info: # versions: # - all # - any - #- name: FreeBSD - # versions: + - name: FreeBSD + versions: # - all + - 11.4 # - 10.0 # - 10.1 # - 10.2 diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 new file mode 100644 index 0000000..491096f --- /dev/null +++ b/molecule/default/Dockerfile.j2 @@ -0,0 +1,24 @@ +# Molecule managed + +FROM {{ item.image }} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi + +RUN if [ $(command -v dnf) ]; then dnf -y update && dnf clean all; fi + +RUN if [ $(command -v dnf) ]; then dnf -y install systemd hostname && dnf clean all && \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*;\ +rm -f /etc/systemd/system/*.wants/*;\ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*;\ +rm -f /lib/systemd/system/anaconda.target.wants/*; fi + +# VOLUME [ "/sys/fs/cgroup" ] +# CMD ["/usr/sbin/init"] diff --git a/molecule/default/create.yml b/molecule/default/create.yml new file mode 100644 index 0000000..bfb2149 --- /dev/null +++ b/molecule/default/create.yml @@ -0,0 +1,59 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}" + molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}" + molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" + tasks: + - name: Create Dockerfiles from image names + template: + src: "{{ molecule_scenario_directory }}/Dockerfile.j2" + dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" + with_items: "{{ molecule_yml.platforms }}" + register: platforms + + - name: Discover local Docker images + docker_image_facts: + name: "molecule_local/{{ item.item.name }}" + with_items: "{{ platforms.results }}" + register: docker_images + + - name: Build an Ansible compatible image + docker_image: + path: "{{ molecule_ephemeral_directory }}" + name: "molecule_local/{{ item.item.image }}" + dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" + force: "{{ item.item.force | default(true) }}" + with_items: "{{ platforms.results }}" + when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 + + - name: Create molecule instance(s) + docker_container: + name: "{{ item.name }}" + hostname: "{{ item.name }}" + image: "molecule_local/{{ item.image }}" + state: started + recreate: false + log_driver: syslog + command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" + privileged: "{{ item.privileged | default(omit) }}" + volumes: "{{ item.volumes | default(omit) }}" + capabilities: "{{ item.capabilities | default(omit) }}" + ports: "{{ item.exposed_ports | default(omit) }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml new file mode 100644 index 0000000..3ce7478 --- /dev/null +++ b/molecule/default/destroy.yml @@ -0,0 +1,27 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" + tasks: + - name: Destroy molecule instance(s) + docker_container: + name: "{{ item.name }}" + state: absent + force_kill: "{{ item.force_kill | default(true) }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 09db0a6..7203f29 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,3 +1,4 @@ +--- dependency: name: galaxy options: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml new file mode 100644 index 0000000..53d1648 --- /dev/null +++ b/molecule/default/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + vars: + burp_module_test_client: true + burp_module_agent: true + roles: + - role: ansible_burp2_server diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml new file mode 100644 index 0000000..5358b3b --- /dev/null +++ b/molecule/default/prepare.yml @@ -0,0 +1,5 @@ +--- +- name: Prepare + hosts: all + gather_facts: false + tasks: [] diff --git a/molecule/freebsd/INSTALL.rst b/molecule/freebsd/INSTALL.rst new file mode 100644 index 0000000..44c26af --- /dev/null +++ b/molecule/freebsd/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Install +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/molecule/freebsd/create.yml b/molecule/freebsd/create.yml new file mode 100644 index 0000000..f8eb37c --- /dev/null +++ b/molecule/freebsd/create.yml @@ -0,0 +1,56 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: False + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_instance_config: "{{ lookup('env', 'MOLECULE_INSTANCE_CONFIG') }}" + molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" + tasks: + - name: Create molecule instance(s) + molecule_vagrant: + instance_name: "{{ item.name }}" + instance_interfaces: "{{ item.interfaces | default(omit) }}" + instance_raw_config_args: "{{ item.instance_raw_config_args | default(omit) }}" + + platform_box: "{{ item.box }}" + platform_box_version: "{{ item.box_version | default(omit) }}" + platform_box_url: "{{ item.box_url | default(omit) }}" + + provider_name: "{{ molecule_yml.driver.provider.name }}" + provider_memory: "{{ item.memory | default(omit) }}" + provider_cpus: "{{ item.cpus | default(omit) }}" + provider_raw_config_args: "{{ item.raw_config_args | default(omit) }}" + + state: up + register: server + with_items: "{{ molecule_yml.platforms }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.Host }}", + 'address': "{{ item.HostName }}", + 'user': "{{ item.User }}", + 'port': "{{ item.Port }}", + 'identity_file': "{{ item.IdentityFile }}", } + with_items: "{{ server.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + # NOTE(retr0h): Workaround for Ansible 2.2. + # https://github.com/ansible/ansible/issues/20885 + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/molecule/freebsd/destroy.yml b/molecule/freebsd/destroy.yml new file mode 100644 index 0000000..3972a2d --- /dev/null +++ b/molecule/freebsd/destroy.yml @@ -0,0 +1,36 @@ +--- + +- name: Destroy + hosts: localhost + connection: local + gather_facts: False + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_instance_config: "{{ lookup('env',' MOLECULE_INSTANCE_CONFIG') }}" + molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" + tasks: + - name: Destroy molecule instance(s) + molecule_vagrant: + instance_name: "{{ item.name }}" + platform_box: "{{ item.box }}" + provider_name: "{{ molecule_yml.driver.provider.name }}" + force_stop: "{{ item.force_stop | default(True) }}" + + state: destroy + register: server + with_items: "{{ molecule_yml.platforms }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + # NOTE(retr0h): Workaround for Ansible 2.2. + # https://github.com/ansible/ansible/issues/20885 + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/molecule/freebsd/molecule.yml b/molecule/freebsd/molecule.yml new file mode 100644 index 0000000..c69b134 --- /dev/null +++ b/molecule/freebsd/molecule.yml @@ -0,0 +1,28 @@ +--- + +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: False + env: + # if not set wants to use libvirt on my box + VAGRANT_DEFAULT_PROVIDER: virtualbox +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: freebsd11 + box: ../../../../../testboxes/vagrant-freebsd11.1-ansibletarget.box + memory: 4096 + cpus: 4 + # https://www.vagrantup.com/docs/synced-folders/basic_usage.html + instance_raw_config_args: + - "vm.synced_folder '.', '/vagrant', disabled: true" +scenario: + name: freebsd +verifier: + name: testinfra + options: + verbose: true diff --git a/molecule/freebsd/playbook.yml b/molecule/freebsd/playbook.yml new file mode 100644 index 0000000..783ce62 --- /dev/null +++ b/molecule/freebsd/playbook.yml @@ -0,0 +1,9 @@ +--- +- name: Converge + hosts: all + vars: + burp_module_test_client: yes + burp_force_reinstall: True + roles: + # force becoming root + - { role: ansible_burp2_server, become: yes } diff --git a/molecule/freebsd/prepare.yml b/molecule/freebsd/prepare.yml new file mode 100644 index 0000000..b0e0aa6 --- /dev/null +++ b/molecule/freebsd/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: False + tasks: + - name: Install python for Ansible + raw: test -e /usr/bin/python || (pkg update && pkg install -y python27 sudo && ln -s /usr/local/bin/python2.7 /usr/bin/python) + become: True + changed_when: False diff --git a/molecule/freebsd/tests/test_default.py b/molecule/freebsd/tests/test_default.py new file mode 100644 index 0000000..eedd64a --- /dev/null +++ b/molecule/freebsd/tests/test_default.py @@ -0,0 +1,14 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_hosts_file(host): + f = host.file('/etc/hosts') + + assert f.exists + assert f.user == 'root' + assert f.group == 'root' diff --git a/molecule/freebsd/tests/test_default.pyc b/molecule/freebsd/tests/test_default.pyc new file mode 100644 index 0000000..ac2fc45 Binary files /dev/null and b/molecule/freebsd/tests/test_default.pyc differ diff --git a/requirements.yml b/requirements.yml deleted file mode 100644 index de30f65..0000000 --- a/requirements.yml +++ /dev/null @@ -1,4 +0,0 @@ -# from GitHub, overriding the name and specifying a specific tag -- src: https://github.com/lcacciagioni/supervisord - version: master - name: supervisord diff --git a/tasks/1_1_multi_os.yml b/tasks/1_1_multi_os.yml index 7921608..c8a8129 100644 --- a/tasks/1_1_multi_os.yml +++ b/tasks/1_1_multi_os.yml @@ -14,3 +14,6 @@ - include: 1_2_redhat.yml when: ansible_os_family == "RedHat" + +- include: 1_3_debian.yml + when: ansible_os_family == "Debian" and ansible_distribution_major_version <= 9 diff --git a/tasks/1_3_debian.yml b/tasks/1_3_debian.yml new file mode 100644 index 0000000..8da76fe --- /dev/null +++ b/tasks/1_3_debian.yml @@ -0,0 +1,16 @@ +--- + +- name: Configure DEB sources for burp + template: + src: sources_burp.list.j2 + dest: "{{ etc_dir }}/apt/sources.list.d/sources_burp.list" + notify: update cache + register: add_burp_repo + +# Add an Apt signing key, uses key URL +- name: Install gpg key for burp repository + shell: 'wget -q "http://ziirish.info/repos/{{ ansible_distribution | lower }}.gpg" -O - | sudo apt-key add -' + when: add_burp_repo.changed + +- name: ensure handlers runs before continue + meta: flush_handlers diff --git a/tasks/6_manual_client.yml b/tasks/6_manual_client.yml index a010363..eb85a1b 100644 --- a/tasks/6_manual_client.yml +++ b/tasks/6_manual_client.yml @@ -14,3 +14,5 @@ group: "{{ burp_sv_server_user }}" with_items: "{{ burp2_add_manual_clients | default([]) }}" # Ansible will not run the task if the var is empty + tags: + - add_manual_clients diff --git a/tasks/7_1_manual_delete.yml b/tasks/7_1_manual_delete.yml index b4cdd63..3249307 100644 --- a/tasks/7_1_manual_delete.yml +++ b/tasks/7_1_manual_delete.yml @@ -5,7 +5,8 @@ package: name: "{{ cron_packages | join(',') }}" state: present - + when: ( ansible_os_family != "FreeBSD" or burp_freebsd_use_portinstall == False ) + - name: manual_delete | create burp folders file: path: "{{ item }}" @@ -16,7 +17,7 @@ with_items: - "{{ burp_trash }}" - "{{ burp_logs }}" - - /etc/cron.d + - "{{ etc_dir }}/cron.d" - name: manual_delete | Cron task to delete files in burp trash cron: @@ -31,10 +32,15 @@ with_items: "{{ burp_cron_delete }}" notify: restart cron server +- name: create logrotate.d folder + file: + path: "{{ etc_dir }}/logrotate.d" + state: directory + - name: manual_delete | configure burp logrotate template: src: burp_logrotate.j2 - dest: /etc/logrotate.d/burp + dest: "{{ etc_dir }}/logrotate.d/burp" - name: manual_delete | Enable crond service service: diff --git a/tasks/7_2_manual_delete_disabled.yml b/tasks/7_2_manual_delete_disabled.yml index de0b927..e379d59 100644 --- a/tasks/7_2_manual_delete_disabled.yml +++ b/tasks/7_2_manual_delete_disabled.yml @@ -18,4 +18,4 @@ - name: manual_delete_disabled | remove burp logrotate file: state: absent - path: /etc/logrotate.d/burp + path: "{{ etc_dir }}/logrotate.d/burp" diff --git a/tasks/not_in_use/install_burp.yml b/tasks/not_in_use/install_burp.yml index 59da006..ba03823 100644 --- a/tasks/not_in_use/install_burp.yml +++ b/tasks/not_in_use/install_burp.yml @@ -5,3 +5,12 @@ package: name: "{{ burp_server_packages| join(',') }}" state: present + when: ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) + +- name: install burp packages + portinstall: + name: "{{ item }}" + state: present + use_packages: no + with_items: "{{ burp_server_packages }}" + when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) diff --git a/templates/build/CA.cnf.j2 b/templates/build/CA.cnf.j2 index 478c0d1..b9f00c2 100644 --- a/templates/build/CA.cnf.j2 +++ b/templates/build/CA.cnf.j2 @@ -3,7 +3,6 @@ RANDFILE = /dev/urandom CA_DIR = {{ burp_server_etc }}/CA - [ ca ] dir = $ENV::CA_DIR database = $dir/index.txt diff --git a/templates/burp-server.conf_supervisor.j2 b/templates/burp-server.conf_supervisor.j2 index 76f6b37..81d8420 100644 --- a/templates/burp-server.conf_supervisor.j2 +++ b/templates/burp-server.conf_supervisor.j2 @@ -5,6 +5,8 @@ command={{ burp_sv_server_command }} user={{ burp_sv_server_user }} autostart={{ burp_sv_server_autostart }} autorestart={{ burp_sv_server_autorestart }} +# ignore fast exit - do not know howto solve this better +startsecs = 0 +startretries={{ burp_sv_server_startretries }} stdout_logfile={{ burp_sv_server_stdout_logfile }} stderr_logfile={{ burp_sv_server_stderr_logfile }} - diff --git a/templates/freebsd_supervisord.conf.j2 b/templates/freebsd_supervisord.conf.j2 new file mode 100644 index 0000000..04a42c7 --- /dev/null +++ b/templates/freebsd_supervisord.conf.j2 @@ -0,0 +1,129 @@ +; Sample supervisor config file. + +[unix_http_server] +file=/var/run/supervisor/supervisor.sock ; (the path to the socket file) +;chmod=0700 ; sockef file mode (default 0700) +;chown=nobody:nogroup ; socket file uid:gid owner +;username=user ; (default is no username (open server)) +;password=123 ; (default is no password (open server)) + +;[inet_http_server] ; inet (TCP) server disabled by default +;port=127.0.0.1:9001 ; (ip_address:port specifier, *:port for all iface) +;username=user ; (default is no username (open server)) +;password=123 ; (default is no password (open server)) + +[supervisord] +logfile={{ burp_sv_server_log_dir }}/supervisord.log ; (main log file;default $CWD/supervisord.log) +logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) +logfile_backups=10 ; (num of main logfile rotation backups;default 10) +loglevel=info ; (log level;default info; others: debug,warn,trace) +pidfile=/var/run/supervisor/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +nodaemon=false ; (start in foreground if true;default false) +minfds=1024 ; (min. avail startup file descriptors;default 1024) +minprocs=200 ; (min. avail process descriptors;default 200) +;umask=022 ; (process file creation umask;default 022) +;user=chrism ; (default is current user, required if root) +;identifier=supervisor ; (supervisord identifier, default is 'supervisor') +;directory=/tmp ; (default is not to cd during start) +;nocleanup=true ; (don't clean up tempfiles at start;default false) +;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP) +;environment=KEY=value ; (key value pairs to add to environment) +;strip_ansi=false ; (strip ansi escape codes in logs; def. false) + +; the below section must remain in the config file for RPC +; (supervisorctl/web interface) to work, additional interfaces may be +; added by defining them in separate rpcinterface: sections +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL for a unix socket +;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket +;username=chris ; should be same as http_username if set +;password=123 ; should be same as http_password if set +;prompt=mysupervisor ; cmd line prompt (default "supervisor") +;history_file=~/.sc_history ; use readline history if available + +; The below sample program section shows all possible program subsection values, +; create one or more 'real' program: sections to be able to control them under +; supervisor. + +;[program:theprogramname] +;command=/bin/cat ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=999 ; the relative start priority (default 999) +;autostart=true ; start at supervisord start (default: true) +;autorestart=true ; retstart at unexpected quit (default: true) +;startsecs=10 ; number of secs prog must stay running (def. 1) +;startretries=3 ; max # of serial start failures (default 3) +;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) +;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10) +;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A=1,B=2 ; process environment additions (def no adds) +;serverurl=AUTO ; override serverurl computation (childutils) + +; The below sample eventlistener section shows all possible +; eventlistener subsection values, create one or more 'real' +; eventlistener: sections to be able to handle event notifications +; sent by supervisor. + +;[eventlistener:theeventlistenername] +;command=/bin/eventlistener ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;events=EVENT ; event notif. types to subscribe to (req'd) +;buffer_size=10 ; event buffer queue size (default 10) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=-1 ; the relative start priority (default -1) +;autostart=true ; start at supervisord start (default: true) +;autorestart=unexpected ; restart at unexpected quit (default: unexpected) +;startsecs=10 ; number of secs prog must stay running (def. 1) +;startretries=3 ; max # of serial start failures (default 3) +;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups ; # of stderr logfile backups (default 10) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A=1,B=2 ; process environment additions +;serverurl=AUTO ; override serverurl computation (childutils) + +; The below sample group section shows all possible group values, +; create one or more 'real' group: sections to create "heterogeneous" +; process groups. + +;[group:thegroupname] +;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions +;priority=999 ; the relative start priority (default 999) + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. + +[include] +files = {{ supervisoretc_dir }}/*.{{ supervisor_ext }} diff --git a/templates/orig/freebsd_supervisord.conf b/templates/orig/freebsd_supervisord.conf new file mode 100644 index 0000000..c1ad119 --- /dev/null +++ b/templates/orig/freebsd_supervisord.conf @@ -0,0 +1,129 @@ +; Sample supervisor config file. + +[unix_http_server] +file=/var/run/supervisor/supervisor.sock ; (the path to the socket file) +;chmod=0700 ; sockef file mode (default 0700) +;chown=nobody:nogroup ; socket file uid:gid owner +;username=user ; (default is no username (open server)) +;password=123 ; (default is no password (open server)) + +;[inet_http_server] ; inet (TCP) server disabled by default +;port=127.0.0.1:9001 ; (ip_address:port specifier, *:port for all iface) +;username=user ; (default is no username (open server)) +;password=123 ; (default is no password (open server)) + +[supervisord] +logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log) +logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) +logfile_backups=10 ; (num of main logfile rotation backups;default 10) +loglevel=info ; (log level;default info; others: debug,warn,trace) +pidfile=/var/run/supervisor/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +nodaemon=false ; (start in foreground if true;default false) +minfds=1024 ; (min. avail startup file descriptors;default 1024) +minprocs=200 ; (min. avail process descriptors;default 200) +;umask=022 ; (process file creation umask;default 022) +;user=chrism ; (default is current user, required if root) +;identifier=supervisor ; (supervisord identifier, default is 'supervisor') +;directory=/tmp ; (default is not to cd during start) +;nocleanup=true ; (don't clean up tempfiles at start;default false) +;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP) +;environment=KEY=value ; (key value pairs to add to environment) +;strip_ansi=false ; (strip ansi escape codes in logs; def. false) + +; the below section must remain in the config file for RPC +; (supervisorctl/web interface) to work, additional interfaces may be +; added by defining them in separate rpcinterface: sections +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL for a unix socket +;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket +;username=chris ; should be same as http_username if set +;password=123 ; should be same as http_password if set +;prompt=mysupervisor ; cmd line prompt (default "supervisor") +;history_file=~/.sc_history ; use readline history if available + +; The below sample program section shows all possible program subsection values, +; create one or more 'real' program: sections to be able to control them under +; supervisor. + +;[program:theprogramname] +;command=/bin/cat ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=999 ; the relative start priority (default 999) +;autostart=true ; start at supervisord start (default: true) +;autorestart=true ; retstart at unexpected quit (default: true) +;startsecs=10 ; number of secs prog must stay running (def. 1) +;startretries=3 ; max # of serial start failures (default 3) +;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) +;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10) +;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A=1,B=2 ; process environment additions (def no adds) +;serverurl=AUTO ; override serverurl computation (childutils) + +; The below sample eventlistener section shows all possible +; eventlistener subsection values, create one or more 'real' +; eventlistener: sections to be able to handle event notifications +; sent by supervisor. + +;[eventlistener:theeventlistenername] +;command=/bin/eventlistener ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;events=EVENT ; event notif. types to subscribe to (req'd) +;buffer_size=10 ; event buffer queue size (default 10) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=-1 ; the relative start priority (default -1) +;autostart=true ; start at supervisord start (default: true) +;autorestart=unexpected ; restart at unexpected quit (default: unexpected) +;startsecs=10 ; number of secs prog must stay running (def. 1) +;startretries=3 ; max # of serial start failures (default 3) +;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups ; # of stderr logfile backups (default 10) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A=1,B=2 ; process environment additions +;serverurl=AUTO ; override serverurl computation (childutils) + +; The below sample group section shows all possible group values, +; create one or more 'real' group: sections to create "heterogeneous" +; process groups. + +;[group:thegroupname] +;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions +;priority=999 ; the relative start priority (default 999) + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. + +;[include] +;files = relative/directory/*.ini diff --git a/templates/supervisor_logrotate.j2 b/templates/supervisor_logrotate.j2 index 72fcef6..0b88f06 100644 --- a/templates/supervisor_logrotate.j2 +++ b/templates/supervisor_logrotate.j2 @@ -1,4 +1,4 @@ -/var/log/supervisor/*.log { +{{ burp_sv_server_log_dir }}/*.log { weekly missingok rotate 52 diff --git a/vars/Debian-8.yml b/vars/Debian-8.yml index 9aa2265..6e8d188 100644 --- a/vars/Debian-8.yml +++ b/vars/Debian-8.yml @@ -1,5 +1,5 @@ --- -# file: vars/Ubuntu.yml +# file: vars/Debian-9.yml # burp_server_packages: # - libssl-dev @@ -41,7 +41,7 @@ ansible_burp_config_dependencies: supervisoretc_dir: "/etc/supervisor/conf.d" supervisor_ext: "conf" supervisor_service: supervisor -pip_installed_exe_bin_path: '/usr/local/bin' +pip_installed_exe_bin_path: '{{ usr_dir }}/local/bin' cron_packages: - cron # To enable crontab jobs diff --git a/vars/Debian.yml b/vars/Debian.yml index 01f1e94..cbadcec 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -35,13 +35,13 @@ build_dependencies: # burp_apt_sources: # - "deb http://ziirish.info/repos/ubuntu/{{ ansible_distribution_release }} zi-latest main" +supervisoretc_dir: "{{ etc_dir }}/supervisor/conf.d" ansible_burp_config_dependencies: - rsync -supervisoretc_dir: "/etc/supervisor/conf.d" supervisor_ext: "conf" supervisor_service: supervisor -pip_installed_exe_bin_path: '/usr/local/bin' +pip_installed_exe_bin_path: '{{ usr_dir }}/local/bin' cron_packages: - cron # To enable crontab jobs diff --git a/vars/FreeBSD-11.yml b/vars/FreeBSD-11.yml new file mode 100644 index 0000000..7b95331 --- /dev/null +++ b/vars/FreeBSD-11.yml @@ -0,0 +1,42 @@ +--- +# file: vars/FreeBSD-11.yml + +# etc - different path for all additional sw +etc_dir: "/usr/local/etc" +usr_dir: "/usr/local" + +make: "gmake" + +burp_server_packages: + - py-supervisor + - logrotate + - bash +build_dependencies: + - uthash + - librsync2 + - autotools + - yajl + - gmake + - openssl + # enables svn co + - ca_root_nss +burp_agent_packages: + - python27 + - devel/py-pip + - py27-supervisor +burp_agent_py3_packages: + - python36 + - py-pip + +supervisoretc_dir: "{{ etc_dir }}/supervisor/conf.d" +supervisor_ext: "conf" +supervisor_service: supervisord + +pip_installed_exe_bin_path: "{{ usr_dir }}/bin" + +cron_packages: + - logrotate +cron_service: cron + +autoupgrade_version: "2.0.54" # master version is not compiled so added separately +burp_version: "2.0.54" # branch or tag, example: "master" , example: "2.0.46" diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 45319bb..55bcb53 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,6 +1,7 @@ --- # file: vars/Redhat.yml + build_dependencies: - make #- pkg-config @@ -24,10 +25,10 @@ build_dependencies: ansible_burp_config_dependencies: - rsync -supervisoretc_dir: "/etc/supervisor/conf.d" +supervisoretc_dir: "{{ etc_dir}}/supervisor/conf.d" supervisor_ext: "conf" supervisor_service: supervisord -pip_installed_exe_bin_path: '/usr/bin' +pip_installed_exe_bin_path: '{{ usr_dir }}/bin' cron_packages: - cronie # To enable crontab jobs