From 3b6980c699e9a4b05e481659cc5a71e11ac9a293 Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Fri, 26 Jan 2018 16:43:54 +0100 Subject: [PATCH 01/19] partially working FreeBSD version --- CHANGELOG | 116 -------- Dockerfile | 21 -- FEATURES.md | 21 -- LICENSE | 21 -- README.md | 294 -------------------- ansible.cfg | 17 -- circle.yml | 21 -- defaults/main.yml | 8 + defaults/main.yml~ | 343 ++++++++++++++++++++++++ meta/.galaxy_install_info | 1 + meta/main.yml | 5 +- meta/main.yml~ | 198 ++++++++++++++ molecule.yml | 119 -------- playbook.yml | 10 - requirements.yml | 4 - tasks/build-burp.yml | 10 +- tasks/build-burp.yml~ | 106 ++++++++ tasks/clean.yml | 10 +- tasks/clean.yml~ | 29 ++ tasks/config_agent.yml | 37 ++- tasks/config_agent.yml~ | 93 +++++++ tasks/config_burp.yml | 2 +- tasks/config_restore.yml | 2 +- tasks/install_burp.yml | 11 +- tasks/install_burp.yml~ | 7 + tasks/local_client.yml | 4 +- tasks/local_client.yml~ | 17 ++ tasks/manual_delete.yml | 6 +- tasks/manual_delete.yml~ | 40 +++ tasks/manual_delete_disabled.yml | 2 +- tasks/manual_delete_disabled.yml~ | 21 ++ tasks/remove_client.yml | 4 +- tasks/repositories.yml | 4 +- tasks/repositories.yml~ | 16 ++ tasks/supervisor.yml | 33 ++- tasks/supervisor.yml~ | 144 ++++++++++ tasks/tests/test_client.yml | 20 +- tasks/tests/test_client.yml~ | 84 ++++++ templates/buiagent.cfg.j2 | 6 +- templates/build/CA.cnf.j2 | 2 +- templates/burp-restore.conf.j2 | 6 +- templates/burp-server.conf.j2 | 4 +- templates/freebsd_supervisord.conf.j2 | 129 +++++++++ templates/orig/freebsd_supervisord.conf | 129 +++++++++ templates/tests/test_client.conf.j2 | 10 +- vars/FreeBSD-11.yml | 35 +++ vars/FreeBSD-11.yml~ | 32 +++ 47 files changed, 1552 insertions(+), 702 deletions(-) delete mode 100644 CHANGELOG delete mode 100644 Dockerfile delete mode 100644 FEATURES.md delete mode 100644 LICENSE delete mode 100644 README.md delete mode 100644 ansible.cfg delete mode 100644 circle.yml create mode 100644 defaults/main.yml~ create mode 100644 meta/.galaxy_install_info create mode 100644 meta/main.yml~ delete mode 100644 molecule.yml delete mode 100644 playbook.yml delete mode 100644 requirements.yml create mode 100644 tasks/build-burp.yml~ create mode 100644 tasks/clean.yml~ create mode 100644 tasks/config_agent.yml~ create mode 100644 tasks/install_burp.yml~ create mode 100644 tasks/local_client.yml~ create mode 100644 tasks/manual_delete.yml~ create mode 100644 tasks/manual_delete_disabled.yml~ create mode 100644 tasks/repositories.yml~ create mode 100644 tasks/supervisor.yml~ create mode 100644 tasks/tests/test_client.yml~ create mode 100644 templates/freebsd_supervisord.conf.j2 create mode 100644 templates/orig/freebsd_supervisord.conf create mode 100644 vars/FreeBSD-11.yml create mode 100644 vars/FreeBSD-11.yml~ diff --git a/CHANGELOG b/CHANGELOG deleted file mode 100644 index 065605c..0000000 --- a/CHANGELOG +++ /dev/null @@ -1,116 +0,0 @@ -current -======= -* updated lnxsrv_global_exclusions - -v1.10 -===== - -* #16 Install python3 to centos or Redhat when using pip3 as executable for burpui-agent (default) -* Added fedora tests with molecule -* Install cron/cronie if it is not installed -* use crond as service name when it is on Redhat based systemd -* #15 change defaults based on https://github.com/grke/burp/wiki/Performance-Tips -* burp_manual_delete_enabled: true by default based on #15 (saves lot of time for phase4 on big backups or when having hundred of services) - -v1.9.3 -====== - -* change to python3 for buiagent to fix https://git.ziirish.me/ziirish/burp-ui/issues/233 - -v1.9.2 -====== - -Some idempotence fix for supervisor - -v1.9.1 -====== - -Small lint fixes - -v1.9 -==== - -* Clean files and tasks when disabled manual_delete -* Improve idempotence tasks for supervisor -* Added support for debian9 (vars/Debian-9.yml added) some change in libssl dependency -* Molecule tests for debian8, debian9, centos7, ubuntu latest, ubuntu trusty -* Improved check for new install, it will ensure certificates required for burp are created: - - name: supervisor | wait for burpca to get all server certificates - wait_for: - path: "{{ item }}" - state: present - with_items: - - '/etc/burp/ssl_cert_ca-server.pem' - - '/etc/burp/ssl_cert-server.key' - - '/etc/burp/ssl_cert-server.pem' - -v1.8 -==== - -* Add notify failure by email - Modify these variables in you host/group vars - to allow notification when a failure occurs - burp_notify_failure: false - burp_notify_failure_email_to: root@localhost - burp_notify_failure_email_from: "burp_{{ ansible_nodename }}@domain.net" - - You will need some setup done in your sendmail command, like local postfix/sendmail. - It's easy for linux sysadmin or those using ansible like automation. - -v1.7 -==== - -* Since version 2.1.10 - + Add the ability for the client to connect to different server ports - burp_server_port_per_operation_bool: true - -v1.6 -==== - -* Update burpui-agent to 0.5.1 - -v1.5 -==== - -* Update burpui-agent to 0.5.0 - -v1.4 -==== - -* Added burp_remove_clients as an option to remove clients from a list - -v1.3 -==== - -* fixed idempotence, ansible-lint, centos7/systemd docker test to pass all tests with molecule. -* Passing all tests with molecule test for: centos7/systemd, Ubuntu/latest, Debian/8. -* Added travis test with molecule -** Tests master branch of burp when run with debian/8 (ansible_burp_server-master2 name in molecule.yml) -* Molecule tests forced to be in serial: 1 to avoid performance issues with travisci -* Added automated travis import to galaxy - -v1.2 -==== - -* Add librsync option to burp-server.conf template -* Add burp_server_custom_lines var -* Added profile_lnxsrv_medium on defaults -* Added cross_all_filesystems=1 on defaults profiles -* Fixed testing centos7 with docker when running `molecule test` -* Fixed testing master branch (not test burp version in this case) - -v1.0 -==== - -* Configure Burp UI Agent -* Configure burp restore service -* Configure Burp manual delete -* Configure Burp Autoupgrade -* Activate clients from git repository -* have tests automatic for restore, backup with test client -* modify all setting for burp_server.conf -* build burp from source and have option to choose which burp version build -* Upgrade from source -* profiles_templates from defaults, so anyone can set their own, and also with good defaults profiles: profile_lnxsrv, profile_win6x, profile_win6x_drp -* burp2_add_manual_clients to have possibility to add clients from a list, also from command line - diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 21a1e85..0000000 --- a/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -FROM ubuntu:trusty - -MAINTAINER Rob McQueen - -# Install Python -RUN apt-get update && apt-get install -y \ - python-dev \ - python-virtualenv \ - sudo - -# Install Ansible -RUN mkdir /opt/ansible && virtualenv /opt/ansible/venv && \ - /opt/ansible/venv/bin/pip install ansible - -ADD . /build -COPY .ansible-test /build -WORKDIR /build - -CMD /opt/ansible/venv/bin/ansible-playbook -i inventory.yml \ - -c local -s -e testing=true -e role=$DOCKER_TEST_ROLE \ - playbook.yml; /bin/bash \ No newline at end of file diff --git a/FEATURES.md b/FEATURES.md deleted file mode 100644 index 677093e..0000000 --- a/FEATURES.md +++ /dev/null @@ -1,21 +0,0 @@ - -v1.3 - -* Configure Burp UI Agent -* Configure burp restore service -* Configure Burp manual delete -* Configure Burp Autoupgrade -* Activate clients from git repository -* have tests automatic for restore, backup with test client -* modify all setting for burp_server.conf -* build burp from source and have option to choose which burp version build -* Upgrade from source -* profiles_templates from defaults, so anyone can set their own, and also with good defaults profiles: profile_lnxsrv, profile_win6x, profile_win6x_drp -* burp2_add_manual_clients to have possibility to add clients from a list, also from command line -* Automated travis import, with molecule test passed (ansible-lint, idempotence, etc) for centos/systemd, ubuntu/latest, debian/8 -** Tests master branch of burp when run with debian/8 (ansible_burp_server-master2 name in molecule.yml) -* burp_server_custom_lines var (to manage your own lines in burp-server.conf) -* Good defaults profiles with option to have your own profiles only copying profiles_templates var -* Remove a client from a list burp_remove_clients -* Ability to setup new port per operation (available since burp 2.1.10) -* Use notify failure by email diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 34e1e7c..0000000 --- a/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2016 CoffeeITWorks group - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/README.md b/README.md deleted file mode 100644 index 3a837c2..0000000 --- a/README.md +++ /dev/null @@ -1,294 +0,0 @@ -[![CircleCI](https://circleci.com/gh/CoffeeITWorks/ansible_burp2_server.svg?style=svg)](https://circleci.com/gh/CoffeeITWorks/ansible_burp2_server) - -[![Build Status](https://travis-ci.org/CoffeeITWorks/ansible_burp2_server.svg?branch=master)](https://travis-ci.org/CoffeeITWorks/ansible_burp2_server) - -Getting Started -================ - -Check the documentation added in: - -https://github.com/CoffeeITWorks/ansible-generic-help#getting-started - - -Role Name -========= - -ansible burp2_server deploy and maintenance role. - -This roles builds burp version specified on defaults/main.yml. -Also configures it to get it working and maintained in a centralized way. - -See [FEATURES.md](FEATURES.md) - -Installing this role --------------------- - ---- - -Install the role on the system: - - $ ansible-galaxy install CoffeeITWorks.burp2_server - -Checkout more info at: https://github.com/CoffeeITWorks/ansible-generic-help#installing-roles - -Requirements ------------- - - -Preparing the variables ------------------------ - ---- - -We have an **inventory** and a **playbook** to call the roles, but we must customize the [variables](http://docs.ansible.com/ansible/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable) before running - the playbook. - -Here we will organize the variables files into the `group_vars` directory: - - mkdir -p group_vars/burp2_servers - -Inside it you can add a file with the name of the group or the host where you want to add specific options of this role. - -example file `group_vars/burp2_servers/burp2_server_vars` - -*Options vars:* - -```yaml -burp_module_agent: true # Will add buiagent and configure it properly to use on burpui-multiagent mode. -burp_module_restore: true # Will configure a second burp server with same spool, useful to configure one restore_client to get restores faster on large deployments. -``` - -Check also all vars in `defaults/main.yml` you can override any default using your host/group_vars - - - -Role Variables: Complete list of modules: ------------------------------------------ - -### Modules - ---- - -#### Configure Burp UI Agent - ---- - - burp_module_agent: true - # You can also change the password: - burp_agent_global_password: "password" - # For centos use pip2 or add role to install pip3 with pyton3 (very recommended) - python_pip_executable: "pip2" # options pip3 / pip2 - -It's very recommended to use burpui-agent with python3, if you know role to add python3/pip3 on centos please contact me to update this information. - -#### Configure burp restore service - ---- - - Burp Restore is another burp daemon with the unique purpose - to have possibility to restore when backups reach max_children - This was created before 2.1.10 added port per operation support - and will be deprecated once burp 2.1 becomes stable - - burp_module_restore: true - -#### Configure Burp manual delete - ---- - - burp_manual_delete_enabled: true - -#### Configure Burp Autoupgrade - ---- - - burp_server_autoupgrade_enabled: true - -#### Port per operation - ---- - -Since version 2.1.10 - + Add the ability for the client to connect to different server ports - - according to whether it is doing backup/restore/verify/list/delete. - These ports are based on: https://github.com/CoffeeITWorks/ansible_burp2_server/issues/11 - Compatible since burp 2.1.10 - -```yaml -burp_server_port_per_operation_bool: true - -# Default optional vars to change: -# These are not needed to be changed, but showing here the -# defaults that we have in defaults/main.yml -burp_server_port_operation_restore: 4975 -burp_server_port_operation_verify: 4976 -burp_server_port_operation_list: 4977 -burp_server_port_operation_delete: 4978 -``` - -This option **will setup** `/etc/burp/burp.conf` for `burp-ui-agent` when used with `burp_module_agent: true` to benefit the performance of `burp-ui` - -Check also `burp_server_ports_per_operation:` on `defaults/main.yml` to change -max_children per operation - -#### Activate clients from git repository - ---- - -Example: - -```yaml - burp_repos: - - { repo: "http://host/group/repo.git", version: "master", dir: "linux_clients"} -``` - -You just need files per client, example: - -* client1 file content: - - password = clientpassword - dedup_group = trusty - . incexc/profile_lnxsrv - -#### Add clients from a list - ---- - - Optional list of clients to add on specific execution - -```yaml -burp2_add_manual_clients: - - name: client_name - profile: profile name to use (optional), default: profile_lnxsrv (these files are in incexc/ dir). - password: client_password (optional), default: burp_client_password var - - name: second_client -``` - -You can use it as a fixed list or a dinamic specifying it during `ansible-playbook` command execution: - -http://docs.ansible.com/ansible/playbooks_variables.html#passing-variables-on-the-command-line - -Example using json like var in command line: - - --extra-vars '{ "burp2_add_manual_clients": [ { "name": "test_manual" }, { "name": "test_manual2", "profile": "profile_win6x" } ] }' - -It will create the files: - -```bash - -ansible@ubuntuburp2:~$ cat /etc/burp/clientconfdir/test_manual2 -# Ansible managed - -password = password - -# More configuration files can be read, using syntax like the following -# (without the leading '# '). -. incexc/profile_win6x -ansible@ubuntuburp2:~$ cat /etc/burp/clientconfdir/test_manual -# Ansible managed - -password = password - -# More configuration files can be read, using syntax like the following -# (without the leading '# '). -. incexc/profile_lnxsrv - -``` - -#### Configure your own profiles - ---- - -Check `defaults/main.yml` file, to copy the content and create your own profiles with `profiles_templates var` - -#### Add your own lines to burp-server.conf - ---- - - burp_server_custom_lines: - - "someextra=line" - -#### Remove clients from a list - ---- - -There is now a feature to allow you to remove a client from a list, variable used is: - -```yaml -burp_remove_clients: - - name: client_to_remove - - name: other_client_to_remove -``` - -You can use this variable in a static var file like: `group_vars`, or at runtime. Example: - - ansible-playbook --extra-vars '{ "burp_remove_clients": [ { "name": "test_manual" }, { "name": "test_manual2" } ] }' -i inventory roles.burp_servers.yml -u user -k - -Dependencies ------------- - - -Installed services ------------------- - ---- - -It uses http://supervisord.org/ for better management of third-party services on the system and to be compatible with most systems (ubuntu trusty+, debian, centos, fedora, etc). - -To restart installed services/daemons you should use: - - sudo supervisorctl restart buiagent/burp-server/burp-restore (depends on the service you want to restart) - -you can also use supervisorctl shell: - - sudo supervisorctl - -And then interactively use all options. - -*Logs:* - -Also supervisord allow proper stdout and stderror to logs redirection, so all logs are under `/var/logs/supervisor` - -Logs are also rotated by logrotate automatically. - -Upgrading your OS ------------------ - -Please note when using compiled version of burp with this role, after you upgrade your linux distribution is very recommended to run recompile and install of burp. - -Example to run it once: - - ansible-playbook -i production burp-servers.yml -l client -e "burp_force_reinstall=yes" - -The variable `burp_force_reinstall: yes` will do it for you. - -License -------- - -MIT - -Author Information ------------------- - -This role was created by Diego Daguerre with collaboration of Pablo Estigarribia (pablodav at gmail) -Actually main developer is Pablo Estigarribia. - -Burp backup and restore ------------------------ - -Main page: http://burp.grke.org/ - -Burpui ------- - -Main page: https://git.ziirish.me/ziirish/burp-ui - - -Testing master branch: ----------------------- - -Now there is only need to modify these to group/host vars: - - burpsrcext: "zip" - burp_version: "master" diff --git a/ansible.cfg b/ansible.cfg deleted file mode 100644 index d5a2d33..0000000 --- a/ansible.cfg +++ /dev/null @@ -1,17 +0,0 @@ -# config file for ansible -- http://ansible.com/ -# ============================================== - -# nearly all parameters can be overridden in ansible-playbook -# or with command line flags. ansible will read ANSIBLE_CONFIG, -# ansible.cfg in the current working directory, .ansible.cfg in -# the home directory or /etc/ansible/ansible.cfg, whichever it -# finds first - -[defaults] -roles_path = ../:/etc/ansible/roles -host_key_checking = False - -retry_files_enabled = False - -[ssh_connection] -pipelining = False diff --git a/circle.yml b/circle.yml deleted file mode 100644 index 1ee32c4..0000000 --- a/circle.yml +++ /dev/null @@ -1,21 +0,0 @@ -machine: - python: - version: 2.7.10 - -dependencies: - pre: - - sudo apt-get install software-properties-common - - sudo apt-add-repository ppa:ansible/ansible -y - - sudo apt-get update - - sudo apt-get install ansible - -test: - override: - # Check the role/playbook's syntax - - ansible-playbook -i tests/inventory tests/test.yml --syntax-check - # Check with ansible-lint - # - ansible-lint playbook.yml - # Run the basic role - - sudo ansible-playbook -i tests/inventory tests/test.yml --connection=local --become - # Test client to test restores - - sudo ansible-playbook -i tests/inventory tests/test.yml --connection=local --become -e burp_module_test_client=True diff --git a/defaults/main.yml b/defaults/main.yml index 8ec38a0..6859893 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,6 +2,10 @@ # file: defaults/main.yml # New default options based on: https://github.com/grke/burp/wiki/Performance-Tips +### General +# used for eg FreeBSD which has a deviating path +etc_dir: "/etc" + ### Modules # Configure Burp UI Agent burp_module_agent: false @@ -337,3 +341,7 @@ burp_client_ports_per_operation: - 'port_verify = {{ burp_server_port_operation_verify }}' - 'port_list = {{ burp_server_port_operation_list }}' - 'port_delete = {{ burp_server_port_operation_delete }}' + +# use the 'portinstall' module on FreeBSD to compile packages instead of 'package' +burp_freebsd_use_portinstall: False + diff --git a/defaults/main.yml~ b/defaults/main.yml~ new file mode 100644 index 0000000..43378e6 --- /dev/null +++ b/defaults/main.yml~ @@ -0,0 +1,343 @@ +--- +# file: defaults/main.yml +# New default options based on: https://github.com/grke/burp/wiki/Performance-Tips + +### Modules +# Configure Burp UI Agent +burp_module_agent: false +# Configure burp restore service +burp_module_restore: false +# Configure Burp manual delete +burp_manual_delete_enabled: true +# Configure Burp Autoupgrade +burp_server_autoupgrade_enabled: false +# Activate clients from git repository +burp_repos: false +#burpsrv_repos: +# - { repo: "url", version: "branch", dir: "dest dir"} +# Example: +# burp_repos: +# - { repo: "http://host/group/repo.git", version: "master", dir: "linux_clients"} +# You just need files per client, example: +# client1 file content: +# +# password = password +# dedup_group = trusty +# . incexc/profile_lnxsrv + +burp_module_test_client: false + +### --- + +burp_home: "/var/spool/burp" + +## Build vars: + +# Add these vars to your hosts/groups to change version/tag (archive to download and compile) +burpsrcext: "zip" # must be tar.gz or zip +autoupgrade_version: "2.0.54" # master version is not compiled so added separately +burp_version: "2.0.54" # branch or tag, example: "master" , example: "2.0.46" + +burp_force_reinstall: false + +# previously: burpsrc: "burp-2.0.46" +burpsrc: "burp-{{ burp_version }}" +# previously: burpurl: "https://github.com/grke/burp/archive/2.0.46.tar.gz" +burpurl: "https://github.com/grke/burp/archive/{{ burp_version }}.{{ burpsrcext }}" +# Directory that will be used as the location for the downloads§ +download_dir: "{{ ansible_env.HOME }}/burp" + +### Burp Server +### http://burp.grke.org/docs/manpage.html +burp_server_data: "{{ burp_home }}/data" +burp_server_clientconfdir: "/etc/burp/clientconfdir" +burp_server_autoupgrade_dir: "/etc/burp/autoupgrade/server" +burp_server_address: "0.0.0.0" +burp_server_port: "4971" +burp_server_status_address: "127.0.0.1" +burp_server_status_port: "4972" +burp_server_dedup_group: "global" +burp_server_protocol: "1" +burp_server_pidfile: "/var/run/burp.server.pid" +burp_server_hardlinked_archive: "0" +burp_server_librsync: "1" +burp_server_working_dir_recovery_method: "delete" +burp_server_max_children: "2" # See https://github.com/grke/burp/wiki/Performance-Tips +burp_server_max_status_children: "10000" +burp_server_umask: "0022" +burp_server_syslog: "0" +burp_server_stdout: "1" +burp_server_client_can_delete: "1" +burp_server_client_can_force_backup: "1" +burp_server_client_can_list: "1" +burp_server_client_can_restore: "1" +burp_server_client_can_verify: "1" +burp_server_ratelimit: false +burp_server_network_timeout: false +# Changing default compression to lower level better for large deployments +# due to less CPU usage and fasters backups +burp_server_compression: zlib5 +burp_server_version_warn: "1" +burp_server_ca_conf: "/etc/burp/CA.cnf" +burp_server_ca_name: "burpCA" +burp_server_ca_burp_ca: "/usr/sbin/burp_ca" +burp_server_ca_crl_check: "1" +burp_server_ssl_cert_ca: "/etc/burp/ssl_cert_ca-server.pem" +burp_server_ssl_cert: "/etc/burp/ssl_cert-server.pem" +burp_server_ssl_key: "/etc/burp/ssl_cert-server.key" +burp_server_ssl_dhfile: "/etc/burp/dhfile.pem" +burp_server_ssl_key_password: "password" +burp_server_script_pre: false +burp_server_scripts_pre_args: [] +burp_server_script_post: false +burp_server_script_post_args: [] +burp_server_monitor_cache: "1" +burp_server_timer_script: "/usr/share/burp/scripts/timer_script" +burp_server_timer_args: + - 20h + - Mon,Tue,Wed,Thu,Fri,00,01,02,03,04,05,19,20,21,22,23 + - Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23 +burp_server_keep: + - 7 + +# Modify these variables in you host/group vars +# to allow notification when a failure occurs +# You will need some setup done in your sendmail command, like local postfix/sendmail. +# It's easy for linux sysadmin or those using ansible like automation. +burp_notify_failure: false +burp_notify_failure_email_to: root@localhost +burp_notify_failure_email_from: "burp_{{ ansible_nodename }}@domain.net" + +burp_server_custom_lines: [] +# - "someextra=line" +### --- + +## burp_server incexc profiles + +profiles_templates: + + - name: profile_lnxsrv + content: + - "#hard_quota No permitir backups a clientes con mas de xxGb en el backup total" + - "#hard_quota Do not allow to backup clients with more than xxGb in the whole backup" + - "hard_quota=65Gb" + - "" + - "#soft_quota enviar WARNING backups a de clientes con mas de xxGb en el backup total" + - "#soft_quota send WARNING to backups clients with more than xxGb in the whole backup" + - "soft_quota=50Gb" + - "" + - ". lnxsrv_global_inclusions" + - ". lnxsrv_global_exclusions" + - "" + - "cross_all_filesystems=1" + - "dedup_group = lnxsrv" + + - name: profile_lnxsrv_medium + content: + - "#hard_quota No permitir backups a clientes con mas de xxGb en el backup total" + - "#hard_quota Do not allow to backup clients with more than xxGb in the whole backup" + - "hard_quota=150Gb" + - "" + - "#soft_quota enviar WARNING backups a de clientes con mas de xxGb en el backup total" + - "#soft_quota send WARNING to backups clients with more than xxGb in the whole backup" + - "soft_quota=120Gb" + - "" + - ". lnxsrv_global_inclusions" + - ". lnxsrv_global_exclusions" + - "" + - "cross_all_filesystems=1" + - "dedup_group = lnxsrv" + + - name: profile_win6x + content: + - "#hard_quota No permitir backups a clientes con mas de xxGb en el backup total" + - "#hard_quota Do not allow to backup clients with more than xxGb in the whole backup" + - "hard_quota=65Gb" + - "" + - "#soft_quota enviar WARNING backups a de clientes con mas de xxGb en el backup total" + - "#soft_quota send WARNING to backups clients with more than xxGb in the whole backup" + - "soft_quota=50Gb" + - "" + - "# Due to issue: https://github.com/grke/burp/issues/501" + - "# I'm moving some inclusions and reducing the way I'm using nested files and also not including anything that is not" + - "# on all clients." + - "# . win6x_global_inclusions" + - "include_glob=C:/Users/*/Contacts" + - "include_glob=C:/Users/*/Documents" + - "include_glob=C:/Users/*/Favorites" + - "include_glob=C:/Users/*/Links" + - "include_glob=C:/Users/*/Desktop" + - "" + - ". win6x_global_exclusions" + - ". video_exclusions" + - ". audio_exclusions" + - "" + - "dedup_group = win6x" + + - name: profile_win6x_drp + content: + - 'include = C:/' + - '' + - '# temp stuff' + - 'exclude_regex = "[A-Z]:/Users/[^/]+/AppData/Local/Temp"' + - 'exclude_regex = "[A-Z]:/Users/[^/]+/AppData/Local/Microsoft/Windows/Temporary Internet Files"' + - 'exclude_regex = "[A-Z]:/Users/[^/]+/AppData/Local/Microsoft/Office/15.0/OfficeFileCache"' + - 'exclude_regex = "[A-Z]:/Users/[^/]+/Onedrive[^/]+"' + - 'exclude_regex = "[A-Z]:/Documents and Settings/[^/]+/Cookies"' + - 'exclude_regex = "[A-Z]:/Documents and Settings/[^/]+/Recent"' + - 'exclude_regex = "[A-Z]:/Documents and Settings/[^/]+/Local Settings/Temp"' + - '# iometer test file' + - 'exclude_regex = "[A-Z]:/iobw.tst"' + - '' + - '# system stuff that is not important in a restored system' + - 'exclude_regex = "[A-Z]:/RECYCLER"' + - '# swap file (Windows XP, 7, 8)' + - 'exclude_regex = "[A-Z]:/pagefile.sys"' + - '# swap file?? (Windows 8)' + - 'exclude_regex = "[A-Z]:/swapfile.sys"' + - '# system temp files' + - 'exclude_regex = "[A-Z]:/Windows/Temp"' + - 'exclude_regex = "[A-Z]:/Programdata/Microsoft/Search"' + - 'exclude_regex = "[A-Z]:/Programdata/Microsoft/ClickToRun"' + - '' + - '# note that we are backing up C:/System Volume Information"' + + +# See file tasks/manual_client.yml +burp2_add_manual_clients: [] + +# See file tasks/remove_client.yml +burp_remove_clients: [] + +# if burpsrv_agent: true +### Burp UI Agent +#[Global] +burp_agent_global_port: "5001" +burp_agent_global_bind: "0.0.0.0" +burp_agent_global_ssl: "false" +burp_agent_global_version: "2" +burp_agent_global_password: "password" +#[Security] +burp_agent_security_includes: "/etc/burp" +burp_agent_security_enforce: "false" +burp_agent_security_revoke: "true" +#[Experimental] +burp_agent_experimental_zip64: "false" +#[Backend] +burp_agent_backend_burpbin: "/usr/sbin/burp" +burp_agent_backend_stripbin: "/usr/bin/vss_strip" +burp_agent_backend_tmpdir: "/tmp" +burp_agent_backend_timeout: "60" +# Burp UI pip packages +# Install burpui from a different source +# ex: burpsrv_pip_burpui: "https://burpui.ziirish.me/builds/burp-ui.dev.tar.gz" +burp_agent_pip_burpui: "burp-ui-agent" +burpui_pip_packages: + - { name: "{{ burp_agent_pip_burpui }}", version: 0.5.1 } +python_pip_executable: "pip3" # options pip3 / pip2 +burp_agent_pip_present: + - "pip>=9" + - "cffi>=1.7" + - "gevent>=1.2" + - "ujson>=1.35" + - "urllib3>=1.19" # required to avoid issues with get_url module + # - "ndg-httpsclient>=0.4.2" # required to avoid issues with get_url module + - "pyasn1" + - "requests[security]>=2.12" # required to avoid issues with get_url module +### --- + +### Supervisor +# Burp Agent +burp_sv_agent_priority: "40" +burp_sv_agent_directory: "/tmp" +burp_sv_agent_command: "{{ pip_installed_exe_bin_path }}/bui-agent -v -c /etc/burp/buiagent.cfg" +burp_sv_agent_user: "root" +burp_sv_agent_autostart: "true" +burp_sv_agent_autorestart: "true" +burp_sv_agent_stdout_logfile: "/var/log/supervisor/%(program_name)s.log" +burp_sv_agent_stderr_logfile: "/var/log/supervisor/%(program_name)s.log" +# Burp Restore +burp_sv_restore_priority: "30" +burp_sv_restore_directory: "/tmp" +burp_sv_restore_command: "/usr/sbin/burp -F -c /etc/burp/burp-restore.conf" +burp_sv_restore_user: "root" +burp_sv_restore_autostart: "true" +burp_sv_restore_autorestart: "true" +burp_sv_restore_stdout_logfile: "/var/log/supervisor/%(program_name)s.log" +burp_sv_restore_stderr_logfile: "/var/log/supervisor/%(program_name)s.log" +# Burp Server +burp_sv_server_priority: "20" +burp_sv_server_directory: "/tmp" +burp_sv_server_command: "/usr/sbin/burp -F -c /etc/burp/burp-server.conf" +burp_sv_server_user: "root" +burp_sv_server_autostart: "true" +burp_sv_server_autorestart: "true" +burp_sv_server_stdout_logfile: "/var/log/supervisor/%(program_name)s.log" +burp_sv_server_stderr_logfile: "/var/log/supervisor/%(program_name)s.log" +### --- + +# if burp_manual_delete_enabled: true +### Manual Delete +burp_trash: "{{ burp_home }}/trash" +burp_logs: "/var/log/burp" +burp_cron_delete: + - { minute: "00", hour: "03", dow: "*" } +### --- + +# if burpsrv_local_client: true +### Burp Client +burp_client_pidfile: "/var/run/burp.pid" +burp_client_password: "password" +burp_client_ca_csr_dir: "/etc/burp/CA-client" +burp_client_ssl_cert_ca: "/etc/burp/ssl_cert_ca-monitor.pem" +burp_client_ssl_cert: "/etc/burp/ssl_cert-monitor.pem" +burp_client_ssl_key: "/etc/burp/ssl_cert-monitor.key" +### --- + +# if burp_module_restore: true +# Burp Restore is another burp daemon with the unique purpose +# to have possibility to restore when backups reach max_children +# This was created before 2.1.10 added port per operation support +# and will be deprecated once burp 2.1 becomes stable +### Burp Restore +burp_restore_address: "0.0.0.0" +burp_restore_port: "4973" +burp_restore_status_address: "127.0.0.1" +burp_restore_status_port: "4974" +burp_restore_pidfile: "/var/run/burp.restore.pid" +burp_restore_clients: + - monitor +### --- + +#Since version 2.1.10 +# + Add the ability for the client to connect to different server ports +# according to whether it is doing backup/restore/verify/list/delete. +# These ports are based on: https://github.com/CoffeeITWorks/ansible_burp2_server/issues/11 +# Compatible since burp 2.1.10 +burp_server_port_per_operation_bool: false +burp_server_port_operation_restore: 4975 +burp_server_port_operation_verify: 4976 +burp_server_port_operation_list: 4977 +burp_server_port_operation_delete: 4978 +burp_server_ports_per_operation: + - '# port for restore' + - "port = {{ burp_server_port_operation_restore }}" + - 'max_children = 2' + - '# port for verify' + - "port = {{ burp_server_port_operation_verify }}" + - 'max_children = 1' + - '# port for list' + - "port = {{ burp_server_port_operation_list }}" + - 'max_children = 15' + - '# port for delete' + - "port = {{ burp_server_port_operation_delete }}" + - 'max_children = 2' +burp_client_ports_per_operation: + - 'port_restore = {{ burp_server_port_operation_restore }}' + - 'port_verify = {{ burp_server_port_operation_verify }}' + - 'port_list = {{ burp_server_port_operation_list }}' + - 'port_delete = {{ burp_server_port_operation_delete }}' + +# use the 'portinstall' module on FreeBSD to compile packages instead of 'package' +burp_freebsd_use_portinstall: False + diff --git a/meta/.galaxy_install_info b/meta/.galaxy_install_info new file mode 100644 index 0000000..1668921 --- /dev/null +++ b/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Thu Jan 25 14:39:13 2018', version: master} diff --git a/meta/main.yml b/meta/main.yml index 0cc209a..2ab4694 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -116,9 +116,10 @@ galaxy_info: # versions: # - all # - any - #- name: FreeBSD - # versions: + - name: FreeBSD + versions: # - all + - 11.4 # - 10.0 # - 10.1 # - 10.2 diff --git a/meta/main.yml~ b/meta/main.yml~ new file mode 100644 index 0000000..0cc209a --- /dev/null +++ b/meta/main.yml~ @@ -0,0 +1,198 @@ +--- +galaxy_info: + author: "Diego Daguerre / Pablo Estigarribia" + company: coffeeITWorks + description: ansible role to deploy and maintain burp backup + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: MIT + + min_ansible_version: 2.0 + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If travis integration is cofigured, only notification for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + platforms: + - name: EL + versions: + - all + # - 5 + # - 6 + # - 7 + #- name: GenericUNIX + # versions: + # - all + # - any + #- name: OpenBSD + # versions: + # - all + # - 5.6 + # - 5.7 + # - 5.8 + # - 5.9 + # - 6.0 + - name: Fedora + versions: + - all + # - 16 + # - 17 + # - 18 + # - 19 + # - 20 + # - 21 + # - 22 + # - 23 + - name: opensuse + versions: + - all + # - 12.1 + # - 12.2 + # - 12.3 + # - 13.1 + # - 13.2 + #- name: MacOSX + # versions: + # - all + # - 10.10 + # - 10.11 + # - 10.12 + # - 10.7 + # - 10.8 + # - 10.9 + #- name: IOS + # versions: + # - all + # - any + #- name: Solaris + # versions: + # - all + # - 10 + # - 11.0 + # - 11.1 + # - 11.2 + # - 11.3 + #- name: SmartOS + # versions: + # - all + # - any + #- name: eos + # versions: + # - all + # - Any + #- name: Windows + # versions: + # - all + # - 2012R2 + #- name: Amazon + # versions: + # - all + # - 2013.03 + # - 2013.09 + #- name: GenericBSD + # versions: + # - all + # - any + #- name: Junos + # versions: + # - all + # - any + #- name: FreeBSD + # versions: + # - all + # - 10.0 + # - 10.1 + # - 10.2 + # - 10.3 + # - 8.0 + # - 8.1 + # - 8.2 + # - 8.3 + # - 8.4 + # - 9.0 + # - 9.1 + # - 9.1 + # - 9.2 + # - 9.3 + - name: Ubuntu + versions: + - all + # - lucid + # - maverick + # - natty + # - oneiric + # - precise + # - quantal + # - raring + # - saucy + # - trusty + # - utopic + # - vivid + # - wily + # - xenial + #- name: SLES + # versions: + # - all + # - 10SP3 + # - 10SP4 + # - 11 + # - 11SP1 + # - 11SP2 + # - 11SP3 + # - 11SP4 + # - 12 + # - 12SP1 + - name: GenericLinux + versions: + - all + # - any + #- name: NXOS + # versions: + # - all + # - any + - name: Debian + versions: + - all + # - etch + # - jessie + # - lenny + # - sid + # - squeeze + # - stretch + # - wheezy + + galaxy_tags: + - sysadmin + - backup + # List tags for your role here, one per line. A tag is + # a keyword that describes and categorizes the role. + # Users find roles by searching for tags. Be sure to + # remove the '[]' above if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of + # alphanumeric characters. Maximum 20 tags per role. + +dependencies: + #- { role: supervisord } + # List your role dependencies here, one per line. + # Be sure to remove the '[]' above if you add dependencies + # to this list. diff --git a/molecule.yml b/molecule.yml deleted file mode 100644 index e72ac06..0000000 --- a/molecule.yml +++ /dev/null @@ -1,119 +0,0 @@ ---- -# Use docker to test on travis -# Use vagrant to create vms and access full OS on local testing -driver: - name: docker - #name: vagrant - -vagrant: - raw_config_args: - - "ssh.insert_key = false" - - "vm.network 'forwarded_port', guest: 80, host: 8080" - - platforms: - - name: debian64 - box: debian/jessie64 - - name: centos7 - box: centos/7 - - name: ubuntuxenial64 - box: nrclark/xenial64-minimal-libvirt - -# The tests with vagrant are done with libvirt, you can also use virtualbox -# You need to prepare vagrant, vagrant-libvirt, nfs-kernel-server, and libvirt-bin. -# https://wiki.debian.org/libvirt -# https://github.com/vagrant-libvirt/vagrant-libvirt -# sudo apt-get install libxslt-dev libxml2-dev libvirt-dev zlib1g-dev ruby-dev -# sudo apt-get install nfs-kernel-server # required to mount local dir to vm -# http://molecule.readthedocs.io/en/stable-1.9/provider/index.html#providers -# You must have latest vagrant and reinsall plugins if upgraded, see: -# https://github.com/vagrant-libvirt/vagrant-libvirt/issues/618 - providers: - - name: libvirt - type: libvirt - options: - memory: 1024 - cpus: 2 - # There are two available drivers: kvm and qemu. - # Refer to the vagrant-libvirt docs for more info. - driver: kvm - video_type: vga - volume_cache: writeback - - instances: - - name: vagrant-master-01 - ansible_groups: - - group_master - options: - append_platform_to_hostname: no - raw_config_args: - - "vm.box = 'debian/jessie64'" - - name: vagrant-master-02 - ansible_groups: - - group_master - options: - append_platform_to_hostname: no - raw_config_args: - - "vm.box = 'centos/7'" - - name: vagrant-master-03 - ansible_groups: - - group_master - options: - append_platform_to_hostname: no - raw_config_args: - - "vm.box = 'nrclark/xenial64-minimal-libvirt'" - -# It will not be used if you don't specify the driver: name: docker (see the beginning of the file) -docker: - containers: - - - name: ansible_burp2_ubuntu_latest - image: ubuntu - image_version: latest - ansible_groups: - - group1 - - - name: ansible_burp2_ubuntu_trusty - image: ubuntu - image_version: trusty - ansible_groups: - - group1 - - - name: ansible_test-master2 - image: dramaturg/debian-systemd - image_version: 'latest' - volume_mounts: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" - privileged: False - ansible_groups: - - group_master - - # In docker cannot be tested with centos 7 due to https://github.com/ansible/ansible-modules-core/issues/593 - - name: ansible_burp2_centos_7 - image: centos/systemd - image_version: latest - volume_mounts: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" - privileged: True - ansible_groups: - - group1 - - - name: ansible_test-04 - image: fedora/systemd-systemd - image_version: latest - volume_mounts: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" - privileged: True - -verifier: - name: testinfra - -ansible: - playbook: playbook.yml - group_vars: - group_master: - burpsrcext: "zip" - burp_version: "master" - burp_remove_clients: - - name: client_to_remove - - name: other_client_to_remove - burp_server_port_per_operation_bool: true diff --git a/playbook.yml b/playbook.yml deleted file mode 100644 index 856a2d4..0000000 --- a/playbook.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- hosts: all - #serial: 1 - #strategy: free # improve parallelism but pause module doesn't works with it. - #accelerate: true - vars: - burp_module_test_client: true - burp_module_agent: true - roles: - - role: ansible_burp2_server diff --git a/requirements.yml b/requirements.yml deleted file mode 100644 index de30f65..0000000 --- a/requirements.yml +++ /dev/null @@ -1,4 +0,0 @@ -# from GitHub, overriding the name and specifying a specific tag -- src: https://github.com/lcacciagioni/supervisord - version: master - name: supervisord diff --git a/tasks/build-burp.yml b/tasks/build-burp.yml index e5d65e4..4af0d04 100644 --- a/tasks/build-burp.yml +++ b/tasks/build-burp.yml @@ -52,7 +52,7 @@ shell: cd {{ download_dir }}/{{ burpsrc }} && autoreconf -vif creates={{ download_dir }}/{{ burpsrc }}/configure - name: ./configure - shell: cd {{ download_dir }}/{{ burpsrc }} && ./configure --prefix=/usr --sysconfdir=/etc/burp --localstatedir=/var creates={{ download_dir }}/{{ burpsrc }}/Makefile + shell: cd {{ download_dir }}/{{ burpsrc }} && ./configure --prefix=/usr --sysconfdir={{ etc_dir }}/burp --localstatedir=/var creates={{ download_dir }}/{{ burpsrc }}/Makefile - name: Make shell: cd {{ download_dir }}/{{ burpsrc }} && make creates={{ download_dir }}/{{ burpsrc }}/burp @@ -89,14 +89,14 @@ when: burp_version != "master" -# Ensure to not create /etc/bur/CA manually because it will break auto generated certificate +# Ensure to not create {{ etc_dir }}/bur/CA manually because it will break auto generated certificate - name: create etc directories file: path={{ item }} recurse=yes state=directory with_items: - - '/etc/burp/autoupgrade' + - '{{ etc_dir }}/burp/autoupgrade' - '{{ burp_client_ca_csr_dir }}' - - '/etc/burp/clientconfdir/incexc' - - '/etc/burp/clientconfdir/profiles' + - '{{ etc_dir }}/burp/clientconfdir/incexc' + - '{{ etc_dir }}/burp/clientconfdir/profiles' - name: copy etc file template: diff --git a/tasks/build-burp.yml~ b/tasks/build-burp.yml~ new file mode 100644 index 0000000..9332dd7 --- /dev/null +++ b/tasks/build-burp.yml~ @@ -0,0 +1,106 @@ +--- + +- name: ensure chache for apt is updated + apt: + update_cache: yes + cache_valid_time: 43200 + changed_when: false + when: ansible_os_family == 'Debian' + +- name: install build dependencies + package: + name: "{{ build_dependencies | join(',') }}" + state: present + +- name: Uninstall old burp + package: + name: "{{ item }}" + state: absent + with_items: + - burp + - burp-client + - burp-server + - burp-core + +- name: force reinstall burp + file: + path: "{{ download_dir }}" + state: absent + when: burp_force_reinstall | bool + +- name: Ensure download directory is present + file: path={{ download_dir }} state=directory + +- name: GET burp backup and restore + get_url: + url: "{{ burpurl }}" + dest: "{{ download_dir }}/{{ burpsrc }}.{{ burpsrcext }}" + timeout: 30 + validate_certs: no + +- name: Unpack Burp source files tar.gz + shell: cd {{ download_dir }} && tar -xzvf {{ burpsrc }}.{{ burpsrcext }} creates={{ download_dir }}/{{ burpsrc }} + register: unpack_src_tar + when: burpsrcext == 'tar.gz' + +- name: Unpack Burp source files zip + shell: cd {{ download_dir }} && unzip {{ burpsrc }}.{{ burpsrcext }} creates={{ download_dir }}/{{ burpsrc }} + register: unpack_src_zip + when: burpsrcext == 'zip' + +- name: Autoreconf Burp source files + shell: cd {{ download_dir }}/{{ burpsrc }} && autoreconf -vif creates={{ download_dir }}/{{ burpsrc }}/configure + +- name: ./configure + shell: cd {{ download_dir }}/{{ burpsrc }} && ./configure --prefix=/usr --sysconfdir="{{ etc_dir }}/burp --localstatedir=/var creates={{ download_dir }}/{{ burpsrc }}/Makefile + +- name: Make + shell: cd {{ download_dir }}/{{ burpsrc }} && make creates={{ download_dir }}/{{ burpsrc }}/burp + +- name: check if burp is installed + stat: path=/usr/sbin/burp + register: stb + +- name: Uninstall burp + shell: cd {{ download_dir }}/{{ burpsrc }} && make uninstall removes=/usr/sbin/burp + when: stb.stat.exists and ( unpack_src_tar.changed or unpack_src_zip.changed ) + tags: + - skip_ansible_lint + +- name: Make install + shell: cd {{ download_dir }}/{{ burpsrc }} && make install creates=/usr/sbin/burp + notify: restart burp server + +- block: + # Verify burp version if the burp_version is not master + + # Run this task always to register the burp version + - name: read burp installed version + shell: burp -v + changed_when: false + register: cmd_burp_version + tags: + - skip_ansible_lint + check_mode: no + + - name: failed when burp version is different than the one that must be installed + fail: msg="burp version is different than the one that must be installed" + when: cmd_burp_version.stdout != "burp-{{ burp_version }}" + + when: burp_version != "master" + +# Ensure to not create "{{ etc_dir }}/bur/CA manually because it will break auto generated certificate +- name: create etc directories + file: path={{ item }} recurse=yes state=directory + with_items: + - '"{{ etc_dir }}/burp/autoupgrade' + - '{{ burp_client_ca_csr_dir }}' + - '"{{ etc_dir }}/burp/clientconfdir/incexc' + - '"{{ etc_dir }}/burp/clientconfdir/profiles' + +- name: copy etc file + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "build/CA.cnf.j2", dest: "{{ burp_server_ca_conf }}" } diff --git a/tasks/clean.yml b/tasks/clean.yml index 8441c28..76f07f2 100644 --- a/tasks/clean.yml +++ b/tasks/clean.yml @@ -10,20 +10,20 @@ - name: remove old burp server service file: - path: /etc/init.d/burp-server + path: "{{ etc_dir }}/init.d/burp-server" state: absent - name: remove old burp restore service file: - path: /etc/init.d/burp-restore + path: "{{ etc_dir }}/init.d/burp-restore" state: absent - name: remove old default burp server service file: - path: /etc/default/burp + path: "{{ etc_dir }}/default/burp" state: absent - name: remove old default burp restore service file: - path: /etc/default/burp-restore - state: absent \ No newline at end of file + path: "{{ etc_dir }}/default/burp-restore" + state: absent diff --git a/tasks/clean.yml~ b/tasks/clean.yml~ new file mode 100644 index 0000000..f9aa49c --- /dev/null +++ b/tasks/clean.yml~ @@ -0,0 +1,29 @@ +- name: uninstall old burp package + package: + name: burp + state: absent + +- name: uninstall old burp package + package: + name: burp-server + state: absent + +- name: remove old burp server service + file: + path: {{ etc_dir }}/init.d/burp-server + state: absent + +- name: remove old burp restore service + file: + path: {{ etc_dir }}/init.d/burp-restore + state: absent + +- name: remove old default burp server service + file: + path: {{ etc_dir }}/default/burp + state: absent + +- name: remove old default burp restore service + file: + path: {{ etc_dir }}/default/burp-restore + state: absent \ No newline at end of file diff --git a/tasks/config_agent.yml b/tasks/config_agent.yml index cfa9264..98aad51 100644 --- a/tasks/config_agent.yml +++ b/tasks/config_agent.yml @@ -5,6 +5,21 @@ package: name: "{{ burp_agent_packages| join(',') }}" state: present + when: ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) + +- name: install buiagent packages + portinstall: + name: "{{ item }}" + state: present + use_packages: no + with_items: "{{ burp_agent_packages}}" + when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) + +- name: install pip on FreeBSD with pythonic solution as ports are only pip2 ... + command: python3.6 -m ensurepip + args: + creates: "{{python_pip_executable }}" + when: ansible_os_family == "FreeBSD" # workaround for ubuntu 14.04 with missing pip3 executable - block: @@ -26,15 +41,24 @@ package: name: "{{ burp_agent_py3_packages| join(',') }}" state: present - when: python_pip_executable == "pip3" + when: python_pip_executable == "pip3" and ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) +- name: install buiagent packages for pip3 + portinstall: + name: "{{ burp_agent_py3_packages| join(',') }}" + state: present + use_packages: no + when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) + - name: Uninstall buiagent pip2 packages when using pip3 as pip executable pip: name: "{{ burp_agent_pip_burpui }}" state: absent executable: "pip2" when: python_pip_executable == "pip3" - + # ports for py-pip are built for current python version + when: ansible_os_family != "FreeBSD" + - name: install buiagent pip packages pip: name: "{{ item }}" @@ -57,9 +81,16 @@ src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - - { src: "buiagent.cfg.j2", dest: "/etc/burp/buiagent.cfg" } + - { src: "buiagent.cfg.j2", dest: "{{ etc_dir }}/burp/buiagent.cfg" } notify: restart buiagent +# On FreeBSD 11 there is no /var/log/supervisor directory by default +- name: supervisor | create /var/log/supervisor on FreeBSD + file: + path: "{{ burp_sv_server_stdout_logfile | basename }}" + state: directory + when: ansible_os_family == "FreeBSD" + - name: ensure supervisor is restarted service: name: "{{ supervisor_service }}" diff --git a/tasks/config_agent.yml~ b/tasks/config_agent.yml~ new file mode 100644 index 0000000..efe8fa7 --- /dev/null +++ b/tasks/config_agent.yml~ @@ -0,0 +1,93 @@ +--- +# file defaults/config_agent.yml + +- name: install buiagent packages + package: + name: "{{ burp_agent_packages| join(',') }}" + state: present + when: ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) + +- name: install buiagent packages + portinstall: + name: "{{ item }}" + state: present + use_packages: no + with_items: "{{ burp_agent_packages}}" + when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) + +- name: install pip on FreeBSD with pythonic solution as ports are only pip2 ... + command: python3.6 -m ensurepip + args: + creates: "{{python_pip_executable }}" + when: ansible_os_family == "FreeBSD" + +# workaround for ubuntu 14.04 with missing pip3 executable +- block: + + - name: stat to see if pip3 executable is present + stat: + path: '/usr/bin/pip3' + register: pip3_executable_stat + + - name: Absent python3-pip if /usr/bin/pip3 is not present + package: + name: 'python3-pip' + state: absent + when: not pip3_executable_stat.stat.exists + + when: ansible_distribution_release == 'trusty' + +- name: install buiagent packages for pip3 + package: + name: "{{ burp_agent_py3_packages| join(',') }}" + state: present + when: python_pip_executable == "pip3" and ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) + +- name: install buiagent packages for pip3 + portinstall: + name: "{{ burp_agent_py3_packages| join(',') }}" + state: present + use_packages: no + when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) + +- name: Uninstall buiagent pip2 packages when using pip3 as pip executable + pip: + name: "{{ burp_agent_pip_burpui }}" + state: absent + executable: "pip2" + when: python_pip_executable == "pip3" + # ports for py-pip are built for current python version + when: ansible_os_family != "FreeBSD" + +- name: install buiagent pip packages + pip: + name: "{{ item }}" + state: present + executable: "{{ python_pip_executable }}" + with_items: "{{ burp_agent_pip_present }}" + +- name: Install buiagent pip + pip: + name: "{{ item.name }}" + state: present + version: "{{ item.version}}" + executable: "{{ python_pip_executable }}" + with_items: "{{ burpui_pip_packages }}" + notify: restart buiagent + + +- name: configure buiagent + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "buiagent.cfg.j2", dest: "{{ etc_dir }}/burp/buiagent.cfg" } + notify: restart buiagent + +- name: ensure supervisor is restarted + service: + name: "{{ supervisor_service }}" + state: restarted + sleep: 5 + enabled: True + changed_when: false diff --git a/tasks/config_burp.yml b/tasks/config_burp.yml index bd2e3b8..872cfea 100644 --- a/tasks/config_burp.yml +++ b/tasks/config_burp.yml @@ -25,7 +25,7 @@ src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - - { src: "burp-server.conf.j2", dest: "/etc/burp/burp-server.conf"} + - { src: "burp-server.conf.j2", dest: "{{ etc_dir }}/burp/burp-server.conf"} notify: restart burp server - name: config_burp | configure profiles configured in profiles_templates diff --git a/tasks/config_restore.yml b/tasks/config_restore.yml index 1a2d685..5e72229 100644 --- a/tasks/config_restore.yml +++ b/tasks/config_restore.yml @@ -6,5 +6,5 @@ src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - - { src: "burp-restore.conf.j2", dest: "/etc/burp/burp-restore.conf"} + - { src: "burp-restore.conf.j2", dest: "{{ etc_dir }}/burp/burp-restore.conf"} notify: restart burp restore \ No newline at end of file diff --git a/tasks/install_burp.yml b/tasks/install_burp.yml index 997ace7..bfd970a 100644 --- a/tasks/install_burp.yml +++ b/tasks/install_burp.yml @@ -4,4 +4,13 @@ - name: install burp packages package: name: "{{ burp_server_packages| join(',') }}" - state: latest \ No newline at end of file + state: latest + when: ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) + +- name: install burp packages + portinstall: + name: "{{ item }}" + state: present + use_packages: no + with_items: "{{ burp_server_packages }}" + when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) diff --git a/tasks/install_burp.yml~ b/tasks/install_burp.yml~ new file mode 100644 index 0000000..997ace7 --- /dev/null +++ b/tasks/install_burp.yml~ @@ -0,0 +1,7 @@ +--- +# file tasks/install_burp.yml + +- name: install burp packages + package: + name: "{{ burp_server_packages| join(',') }}" + state: latest \ No newline at end of file diff --git a/tasks/local_client.yml b/tasks/local_client.yml index bc847f8..c4fd0b3 100644 --- a/tasks/local_client.yml +++ b/tasks/local_client.yml @@ -9,9 +9,9 @@ - name: configure burp client template: src: burp.conf.j2 - dest: /etc/burp/burp.conf + dest: "{{ etc_dir }}/burp/burp.conf" - name: add local client template: src: monitor.j2 - dest: "{{ burp_server_clientconfdir }}/monitor" \ No newline at end of file + dest: "{{ burp_server_clientconfdir }}/monitor" diff --git a/tasks/local_client.yml~ b/tasks/local_client.yml~ new file mode 100644 index 0000000..9e30e94 --- /dev/null +++ b/tasks/local_client.yml~ @@ -0,0 +1,17 @@ +--- +# file tasks/local_client.yml + +- name: create CA-monitor folder + file: + path: "{{ burp_client_ca_csr_dir }}" + state: directory + +- name: configure burp client + template: + src: burp.conf.j2 + dest: {{ etc_dir }}/burp/burp.conf + +- name: add local client + template: + src: monitor.j2 + dest: "{{ burp_server_clientconfdir }}/monitor" \ No newline at end of file diff --git a/tasks/manual_delete.yml b/tasks/manual_delete.yml index 32c6090..a0ea734 100644 --- a/tasks/manual_delete.yml +++ b/tasks/manual_delete.yml @@ -5,7 +5,7 @@ package: name: "{{ cron_packages | join(',') }}" state: present - + - name: create burp folders file: path: "{{ item }}" @@ -13,7 +13,7 @@ with_items: - "{{ burp_trash }}" - "{{ burp_logs }}" - - /etc/cron.d + - "{{ etc_dir }}/cron.d" - name: Cron task to delete files in burp trash cron: @@ -31,7 +31,7 @@ - name: configure burp logrotate template: src: burp_logrotate.j2 - dest: /etc/logrotate.d/burp + dest: "{{ etc_dir }}/logrotate.d/burp" - name: Enable crond service service: diff --git a/tasks/manual_delete.yml~ b/tasks/manual_delete.yml~ new file mode 100644 index 0000000..d380843 --- /dev/null +++ b/tasks/manual_delete.yml~ @@ -0,0 +1,40 @@ +--- +# file tasks/manual_delete.yml + +- name: install cron packages + package: + name: "{{ cron_packages | join(',') }}" + state: present + +- name: create burp folders + file: + path: "{{ item }}" + state: directory + with_items: + - "{{ burp_trash }}" + - "{{ burp_logs }}" + - {{ etc_dir }}/cron.d + +- name: Cron task to delete files in burp trash + cron: + name: delete files in burp trash + job: 'rm -rfv {{ burp_trash }}/* >> {{ burp_logs }}/manual_delete.log' + user: root + cron_file: manual_delete + minute: "{{ item.minute }}" + hour: "{{ item.hour }}" + weekday: "{{ item.dow }}" + state: present + with_items: "{{ burp_cron_delete }}" + notify: restart cron server + +- name: configure burp logrotate + template: + src: burp_logrotate.j2 + dest: "{{ etc_dir }}/logrotate.d/burp" + +- name: Enable crond service + service: + name: "{{ cron_service }}" + state: started + enabled: yes diff --git a/tasks/manual_delete_disabled.yml b/tasks/manual_delete_disabled.yml index e34de23..609d8eb 100644 --- a/tasks/manual_delete_disabled.yml +++ b/tasks/manual_delete_disabled.yml @@ -18,4 +18,4 @@ - name: remove burp logrotate file: state: absent - path: /etc/logrotate.d/burp + path: "{{ etc_dir }}/logrotate.d/burp" diff --git a/tasks/manual_delete_disabled.yml~ b/tasks/manual_delete_disabled.yml~ new file mode 100644 index 0000000..3bb2cec --- /dev/null +++ b/tasks/manual_delete_disabled.yml~ @@ -0,0 +1,21 @@ +--- +# file tasks/manual_delete.yml + +- name: remove burp trash + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ burp_trash }}" + +- name: remove Cron task to delete files in burp trash + cron: + name: delete files in burp trash + cron_file: manual_delete + state: absent + notify: restart cron server + +- name: remove burp logrotate + file: + state: absent + path: {{ etc_dir }}/logrotate.d/burp diff --git a/tasks/remove_client.yml b/tasks/remove_client.yml index b745ea8..47a76c6 100644 --- a/tasks/remove_client.yml +++ b/tasks/remove_client.yml @@ -18,12 +18,12 @@ - name: "Delete client's certificates .crt" file: - path: "/etc/burp/CA/{{ item.name }}.crt" + path: "{{ etc_dir }}/burp/CA/{{ item.name }}.crt" state: absent with_items: "{{ burp_remove_clients }}" - name: "Delete client's certificates .csr" file: - path: "/etc/burp/CA/{{ item.name }}.csr" + path: "{{ etc_dir }}/burp/CA/{{ item.name }}.csr" state: absent with_items: "{{ burp_remove_clients }}" diff --git a/tasks/repositories.yml b/tasks/repositories.yml index dce5e5f..8da76fe 100644 --- a/tasks/repositories.yml +++ b/tasks/repositories.yml @@ -3,7 +3,7 @@ - name: Configure DEB sources for burp template: src: sources_burp.list.j2 - dest: /etc/apt/sources.list.d/sources_burp.list + dest: "{{ etc_dir }}/apt/sources.list.d/sources_burp.list" notify: update cache register: add_burp_repo @@ -13,4 +13,4 @@ when: add_burp_repo.changed - name: ensure handlers runs before continue - meta: flush_handlers \ No newline at end of file + meta: flush_handlers diff --git a/tasks/repositories.yml~ b/tasks/repositories.yml~ new file mode 100644 index 0000000..0e28b0f --- /dev/null +++ b/tasks/repositories.yml~ @@ -0,0 +1,16 @@ +--- + +- name: Configure DEB sources for burp + template: + src: sources_burp.list.j2 + dest: {{ etc_dir }}/apt/sources.list.d/sources_burp.list + notify: update cache + register: add_burp_repo + +# Add an Apt signing key, uses key URL +- name: Install gpg key for burp repository + shell: 'wget -q "http://ziirish.info/repos/{{ ansible_distribution | lower }}.gpg" -O - | sudo apt-key add -' + when: add_burp_repo.changed + +- name: ensure handlers runs before continue + meta: flush_handlers \ No newline at end of file diff --git a/tasks/supervisor.yml b/tasks/supervisor.yml index 21d2327..16955fb 100644 --- a/tasks/supervisor.yml +++ b/tasks/supervisor.yml @@ -15,24 +15,45 @@ package: name: supervisor state: present + when: ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) +- name: supervisor | Install supervisor + portinstall: + name: sysutils/py-supervisor + state: present + use_packages: no + when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) + - name: supervisor | configure supervisor logrotate template: src: supervisor_logrotate.j2 - dest: /etc/logrotate.d/supervisor + dest: "{{ etc_dir}}/logrotate.d/supervisor" -# On centos 6 there is no include section by default +# On centos 6 and FreeBSD there is no include section by default - name: supervisor | configure supervisor logrotate template: src: redhat_supervisord.conf.j2 - dest: /etc/supervisord.conf + dest: "{{ etc_dir }}/supervisord.conf" when: ansible_os_family == "RedHat" +# On FreeBSD 11 there is no include section by default +- name: supervisor | configure supervisor logrotate + template: + src: freebsd_supervisord.conf.j2 + dest: "{{ etc_dir }}/supervisord.conf" + when: ansible_os_family == "FreeBSD" + # On centos 6 this directory is not created by rpm package - name: supervisor | Ensure "{{ supervisoretc_dir }}" dir exists file: path: "{{ supervisoretc_dir }}" state: "directory" + +# On FreeBSD 11 the supervisor log directory us not created by the port +- name: supervisor | Ensure "burp_sv_server_stdout_logfile" dir exists + file: + path: "{{ burp_sv_server_stdout_logfile |basename }}" + state: "directory" - name: supervisor | check bui-agent path stat: @@ -109,9 +130,9 @@ path: "{{ item }}" state: present with_items: - - '/etc/burp/ssl_cert_ca-server.pem' - - '/etc/burp/ssl_cert-server.key' - - '/etc/burp/ssl_cert-server.pem' + - "{{ etc_dir }}/burp/ssl_cert_ca-server.pem" + - "{{ etc_dir }}/burp/ssl_cert-server.key" + - "{{ etc_dir }}/burp/ssl_cert-server.pem" # state: present uses supervisorctl add which is not available on centos 6 # Supervisor must be restarted first diff --git a/tasks/supervisor.yml~ b/tasks/supervisor.yml~ new file mode 100644 index 0000000..2820e51 --- /dev/null +++ b/tasks/supervisor.yml~ @@ -0,0 +1,144 @@ +--- + +- name: supervisor | Add supervisor ppa for Ubuntu + apt_repository: + repo: ppa:iacobs/supervisor + when: ansible_distribution_release == 'trusty' + register: ppa_supervisor + +- name: supervisor | update cache + apt: update-cache=yes cache_valid_time=43200 + changed_when: false + when: ansible_os_family == 'Debian' + +- name: supervisor | Install supervisor + package: + name: supervisor + state: present + when: ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) + +- name: supervisor | Install supervisor + portinstall: + name: sysutils/py-supervisor + state: present + use_packages: no + when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) + +- name: supervisor | configure supervisor logrotate + template: + src: supervisor_logrotate.j2 + dest: "{{ etc_dir}}/logrotate.d/supervisor" + +# On centos 6 there is no include section by default +- name: supervisor | configure supervisor logrotate + template: + src: redhat_supervisord.conf.j2 + dest: {{ etc_dir }}/supervisord.conf + when: ansible_os_family == "RedHat" + +# On centos 6 this directory is not created by rpm package +- name: supervisor | Ensure "{{ supervisoretc_dir }}" dir exists + file: + path: "{{ supervisoretc_dir }}" + state: "directory" + +- name: supervisor | check bui-agent path + stat: + path: /usr/local/bin/bui-agent + register: bui_agent_local_bin + +- name: change pip_installed_exe_bin_path when using local bin + set_fact: + pip_installed_exe_bin_path: /usr/local/bin + when: bui_agent_local_bin.stat.exists + +- name: supervisor | configure supervisor service for burp-server + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "burp-server.conf_supervisor.j2", dest: "{{ supervisoretc_dir }}/burp-server.{{ supervisor_ext }}" } + notify: + - restart supervisor + register: supervisor_burp_service_config_status + +# only run if burp_module_restore: true +- name: supervisor | configure supervisor services for burp-restore + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "burp-restore.conf_supervisor.j2", dest: "{{ supervisoretc_dir }}/burp-restore.{{ supervisor_ext }}" } + notify: + - restart supervisor + when: burp_module_restore + +# only run if burp_module_agent: true +- name: supervisor | configure supervisor services for buiagent + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "buiagent.conf_supervisor.j2", dest: "{{ supervisoretc_dir }}/buiagent.{{ supervisor_ext }}" } + notify: + - restart supervisor + when: burp_module_agent + +- name: supervisor | ensure supervisor is started + service: + name: "{{ supervisor_service }}" + state: started + register: supervisor_started + +- name: supervisor | ensure supervisor is restarted + service: + name: "{{ supervisor_service }}" + state: restarted + register: supervisor_restarted + when: supervisor_started.changed == False and supervisor_burp_service_config_status.changed + tags: + - skip-ansible-lint + +- name: supervisor | pause 10 seconds when supervisor started + pause: + seconds: 10 + when: supervisor_started.changed or supervisor_restarted.changed + +- name: supervisor | start burp server + supervisorctl: + name: burp-server + state: started + +- name: supervisor | wait for burp_server port + wait_for: port={{ burp_server_port }} delay=5 timeout=30 + +- name: supervisor | wait for burpca to get all server certificates + wait_for: + path: "{{ item }}" + state: present + with_items: + - '{{ etc_dir }}/burp/ssl_cert_ca-server.pem' + - '{{ etc_dir }}/burp/ssl_cert-server.key' + - '{{ etc_dir }}/burp/ssl_cert-server.pem' + +# state: present uses supervisorctl add which is not available on centos 6 +# Supervisor must be restarted first +#- name: Read supervisor config burp-server +# supervisorctl: +# name: burp-server +# state: present + +# Only run if burp_module_restore: true +#- name: Read supervisor config burp_restore +# supervisorctl: +# name: burp-restore +# state: present +# when: burp_module_restore + +# Only run if burp_module_agent: true +#- name: Read supervisor config buiagent +# supervisorctl: +# name: buiagent +# state: present +# when: burp_module_agent + diff --git a/tasks/tests/test_client.yml b/tasks/tests/test_client.yml index c97e5b6..9f161a7 100644 --- a/tasks/tests/test_client.yml +++ b/tasks/tests/test_client.yml @@ -6,13 +6,13 @@ # If folder is not created the test-client will fail - name: test_client | create CA-test folder file: - path: "/etc/burp/CA-test" + path: "{{ etc_dir }}/burp/CA-test" state: directory - name: test_client | configure test client template: src: tests/test_client.conf.j2 - dest: /etc/burp/test_client.conf + dest: "{{ etc_dir }}/burp/test_client.conf" - name: test_client | add local test_client template: @@ -24,7 +24,7 @@ seconds: 10 - name: test_client | test backup for test_client - command: /usr/sbin/burp -c /etc/burp/test_client.conf -a b + command: /usr/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a b args: creates: '{{ burp_server_data }}/test_client/current' changed_when: false @@ -33,11 +33,11 @@ wait_for: path='{{ burp_server_data }}/test_client/lockfile' state=absent - name: test_client | test list backups from test_client - command: /usr/sbin/burp -c /etc/burp/test_client.conf -a l + command: /usr/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a l changed_when: false - name: test_client | test restore backup 1 from test_client - command: /usr/sbin/burp -c /etc/burp/test_client.conf -a r -b 1 -d /tmp/test_restore + command: /usr/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a r -b 1 -d /tmp/test_restore args: creates: /tmp/test_restore @@ -50,11 +50,11 @@ - name: test_client | check if restore exists file: - path: /tmp/test_restore/etc/burp/burp.conf + path: "/tmp/test_restore/{{ etc_dir }}/burp/burp.conf" state: file - name: test_client | test restore from different client - command: /usr/sbin/burp -c /etc/burp/burp.conf -a r -b 1 -d /tmp/test_restore2 -C test_client -r "/etc/burp/burp.conf" + command: /usr/sbin/burp -c {{ etc_dir }}/burp/burp.conf -a r -b 1 -d /tmp/test_restore2 -C test_client -r "{{ etc_dir }}/burp/burp.conf" args: creates: /tmp/test_restore2 @@ -67,7 +67,7 @@ - name: test_client | check if restore exists file: - path: /tmp/test_restore2/etc/burp/burp.conf + path: "/tmp/test_restore2/{{ etc_dir }}/burp/burp.conf" state: file - name: test_client | template server initiated restore from different client @@ -79,6 +79,6 @@ - skip_ansible_lint - name: test_client | Test restore server initiated - command: burp -c /etc/burp/burp.conf -a t + command: burp -c {{ etc_dir }}/burp/burp.conf -a t args: - creates: /tmp/restore3/etc/burp/burp.conf + creates: /tmp/restore3/{{ etc_dir }}/burp/burp.conf diff --git a/tasks/tests/test_client.yml~ b/tasks/tests/test_client.yml~ new file mode 100644 index 0000000..c0cdd3e --- /dev/null +++ b/tasks/tests/test_client.yml~ @@ -0,0 +1,84 @@ +--- +# file tasks/tests/test.yml + +- meta: flush_handlers + +# If folder is not created the test-client will fail +- name: test_client | create CA-test folder + file: + path: "{{ etc_dir }}/burp/CA-test" + state: directory + +- name: test_client | configure test client + template: + src: tests/test_client.conf.j2 + dest: {{ etc_dir }}/burp/test_client.conf + +- name: test_client | add local test_client + template: + src: tests/test_client.j2 + dest: "{{ burp_server_clientconfdir }}/test_client" + +- name: test_client | pause 10 seconds after add local client + pause: + seconds: 10 + +- name: test_client | test backup for test_client + command: /usr/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a b + args: + creates: '{{ burp_server_data }}/test_client/current' + changed_when: false + +- name: test_client | wait for client process backup finish + wait_for: path='{{ burp_server_data }}/test_client/lockfile' state=absent + +- name: test_client | test list backups from test_client + command: /usr/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a l + changed_when: false + +- name: test_client | test restore backup 1 from test_client + command: /usr/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a r -b 1 -d /tmp/test_restore + args: + creates: /tmp/test_restore + +- name: test_client | wait for client process restore finish + wait_for: path='{{ burp_server_data }}/test_client/restorelog' state=absent + +- name: test_client | pause 15 seconds after test restore client + pause: + seconds: 15 + +- name: test_client | check if restore exists + file: + path: /tmp/test_restore{{ etc_dir }}/burp/burp.conf + state: file + +- name: test_client | test restore from different client + command: /usr/sbin/burp -c {{ etc_dir }}/burp/burp.conf -a r -b 1 -d /tmp/test_restore2 -C test_client -r "{{ etc_dir }}/burp/burp.conf" + args: + creates: /tmp/test_restore2 + +- name: test_client | wait for client process restore finish + wait_for: path='{{ burp_server_data }}/test_client/restorelog' state=absent + +- name: test_client | pause 5 seconds after test restore client + pause: + seconds: 5 + +- name: test_client | check if restore exists + file: + path: /tmp/test_restore2{{ etc_dir }}/burp/burp.conf + state: file + +- name: test_client | template server initiated restore from different client + template: + src: tests/restore + dest: "{{ burp_server_data }}/monitor/restore" + changed_when: false + tags: + - skip_ansible_lint + +- name: test_client | Test restore server initiated + command: burp -c {{ etc_dir }}/burp/burp.conf -a t + args: + creates: /tmp/restore3{{ etc_dir }}/burp/burp.conf diff --git a/templates/buiagent.cfg.j2 b/templates/buiagent.cfg.j2 index 2fc31cb..ba1e0cc 100644 --- a/templates/buiagent.cfg.j2 +++ b/templates/buiagent.cfg.j2 @@ -49,13 +49,13 @@ burpbin = {{ burp_agent_backend_burpbin }} ## vss_strip binary stripbin = {{ burp_agent_backend_stripbin }} ## burp client configuration file used for the restoration (Default: None) -bconfcli = /etc/burp/burp.conf +bconfcli = "{{ etc_dir }}/burp/burp.conf" ## burp server configuration file used for the setting page ## -## bconfsrv = /etc/burp/burp-restore.conf +## bconfsrv = "{{ etc_dir }}/burp/burp-restore.conf" ## ## I have fixed the client to be on burp-server because the status showns better on burpui -bconfsrv = /etc/burp/burp-server.conf +bconfsrv = "{{ etc_dir }}/burp/burp-server.conf" ## ## temporary directory to use for restoration tmpdir = {{ burp_agent_backend_tmpdir }} diff --git a/templates/build/CA.cnf.j2 b/templates/build/CA.cnf.j2 index 608cbce..1c0800d 100644 --- a/templates/build/CA.cnf.j2 +++ b/templates/build/CA.cnf.j2 @@ -1,7 +1,7 @@ # simple config for burp_ca RANDFILE = /dev/urandom -CA_DIR = /etc/burp/CA +CA_DIR = {{ etc_dir }}/etc/burp/CA [ ca ] diff --git a/templates/burp-restore.conf.j2 b/templates/burp-restore.conf.j2 index 709e12f..4e096ba 100644 --- a/templates/burp-restore.conf.j2 +++ b/templates/burp-restore.conf.j2 @@ -58,7 +58,7 @@ version_warn = 0 # Location of autoupgrade files to serve to clients. Leave it commented out # to not autoupgrade clients. -#autoupgrade_dir = /etc/burp/autoupgrade/server +#autoupgrade_dir = "{{ etc_dir }}/burp/autoupgrade/server" # You can have as many 'keep' lines as you like. # For example, if running backups daily, setting 7, 4, 6 will keep @@ -151,8 +151,8 @@ timer_script = /usr/share/burp/scripts/timer_script # The server can run scripts on each connection after authentication and before # disconnecting. #server_script_pre = /usr/share/burp/scripts/ssl_extra_checks_script -#server_script_pre_arg = /etc/burp/crl -#server_script_pre_arg = /etc/burp/burp-server.conf +#server_script_pre_arg = "{{ etc_dir }}/burp/crl" +#server_script_pre_arg = "{{ etc_dir }}/burp/burp-server.conf" #server_script_pre_arg = /usr/share/burp/scripts/server-pre-script.local # Set server_script_pre_notify to 1 to have notifications on server_script_pre # returning non-zero. Most people will want to leave this off - it could diff --git a/templates/burp-server.conf.j2 b/templates/burp-server.conf.j2 index 587e2a2..6dc6eb8 100644 --- a/templates/burp-server.conf.j2 +++ b/templates/burp-server.conf.j2 @@ -167,8 +167,8 @@ notify_failure_arg = Subject: %b failed: %c %w # The server can run scripts on each connection after authentication and before # disconnecting. #server_script_pre = /usr/share/burp/scripts/ssl_extra_checks_script -#server_script_pre_arg = /etc/burp/crl -#server_script_pre_arg = /etc/burp/burp-server.conf +#server_script_pre_arg = "{{ etc_dir }}/burp/crl" +#server_script_pre_arg = "{{ etc_dir }}/burp/burp-server.conf" #server_script_pre_arg = /usr/share/burp/scripts/server-pre-script.local # Set server_script_pre_notify to 1 to have notifications on server_script_pre # returning non-zero. Most people will want to leave this off - it could diff --git a/templates/freebsd_supervisord.conf.j2 b/templates/freebsd_supervisord.conf.j2 new file mode 100644 index 0000000..a8251f1 --- /dev/null +++ b/templates/freebsd_supervisord.conf.j2 @@ -0,0 +1,129 @@ +; Sample supervisor config file. + +[unix_http_server] +file=/var/run/supervisor/supervisor.sock ; (the path to the socket file) +;chmod=0700 ; sockef file mode (default 0700) +;chown=nobody:nogroup ; socket file uid:gid owner +;username=user ; (default is no username (open server)) +;password=123 ; (default is no password (open server)) + +;[inet_http_server] ; inet (TCP) server disabled by default +;port=127.0.0.1:9001 ; (ip_address:port specifier, *:port for all iface) +;username=user ; (default is no username (open server)) +;password=123 ; (default is no password (open server)) + +[supervisord] +logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log) +logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) +logfile_backups=10 ; (num of main logfile rotation backups;default 10) +loglevel=info ; (log level;default info; others: debug,warn,trace) +pidfile=/var/run/supervisor/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +nodaemon=false ; (start in foreground if true;default false) +minfds=1024 ; (min. avail startup file descriptors;default 1024) +minprocs=200 ; (min. avail process descriptors;default 200) +;umask=022 ; (process file creation umask;default 022) +;user=chrism ; (default is current user, required if root) +;identifier=supervisor ; (supervisord identifier, default is 'supervisor') +;directory=/tmp ; (default is not to cd during start) +;nocleanup=true ; (don't clean up tempfiles at start;default false) +;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP) +;environment=KEY=value ; (key value pairs to add to environment) +;strip_ansi=false ; (strip ansi escape codes in logs; def. false) + +; the below section must remain in the config file for RPC +; (supervisorctl/web interface) to work, additional interfaces may be +; added by defining them in separate rpcinterface: sections +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL for a unix socket +;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket +;username=chris ; should be same as http_username if set +;password=123 ; should be same as http_password if set +;prompt=mysupervisor ; cmd line prompt (default "supervisor") +;history_file=~/.sc_history ; use readline history if available + +; The below sample program section shows all possible program subsection values, +; create one or more 'real' program: sections to be able to control them under +; supervisor. + +;[program:theprogramname] +;command=/bin/cat ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=999 ; the relative start priority (default 999) +;autostart=true ; start at supervisord start (default: true) +;autorestart=true ; retstart at unexpected quit (default: true) +;startsecs=10 ; number of secs prog must stay running (def. 1) +;startretries=3 ; max # of serial start failures (default 3) +;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) +;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10) +;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A=1,B=2 ; process environment additions (def no adds) +;serverurl=AUTO ; override serverurl computation (childutils) + +; The below sample eventlistener section shows all possible +; eventlistener subsection values, create one or more 'real' +; eventlistener: sections to be able to handle event notifications +; sent by supervisor. + +;[eventlistener:theeventlistenername] +;command=/bin/eventlistener ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;events=EVENT ; event notif. types to subscribe to (req'd) +;buffer_size=10 ; event buffer queue size (default 10) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=-1 ; the relative start priority (default -1) +;autostart=true ; start at supervisord start (default: true) +;autorestart=unexpected ; restart at unexpected quit (default: unexpected) +;startsecs=10 ; number of secs prog must stay running (def. 1) +;startretries=3 ; max # of serial start failures (default 3) +;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups ; # of stderr logfile backups (default 10) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A=1,B=2 ; process environment additions +;serverurl=AUTO ; override serverurl computation (childutils) + +; The below sample group section shows all possible group values, +; create one or more 'real' group: sections to create "heterogeneous" +; process groups. + +;[group:thegroupname] +;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions +;priority=999 ; the relative start priority (default 999) + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. + +[include] +files = {{ supervisoretc_dir }}/*.{{ supervisor_ext }} diff --git a/templates/orig/freebsd_supervisord.conf b/templates/orig/freebsd_supervisord.conf new file mode 100644 index 0000000..c1ad119 --- /dev/null +++ b/templates/orig/freebsd_supervisord.conf @@ -0,0 +1,129 @@ +; Sample supervisor config file. + +[unix_http_server] +file=/var/run/supervisor/supervisor.sock ; (the path to the socket file) +;chmod=0700 ; sockef file mode (default 0700) +;chown=nobody:nogroup ; socket file uid:gid owner +;username=user ; (default is no username (open server)) +;password=123 ; (default is no password (open server)) + +;[inet_http_server] ; inet (TCP) server disabled by default +;port=127.0.0.1:9001 ; (ip_address:port specifier, *:port for all iface) +;username=user ; (default is no username (open server)) +;password=123 ; (default is no password (open server)) + +[supervisord] +logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log) +logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) +logfile_backups=10 ; (num of main logfile rotation backups;default 10) +loglevel=info ; (log level;default info; others: debug,warn,trace) +pidfile=/var/run/supervisor/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +nodaemon=false ; (start in foreground if true;default false) +minfds=1024 ; (min. avail startup file descriptors;default 1024) +minprocs=200 ; (min. avail process descriptors;default 200) +;umask=022 ; (process file creation umask;default 022) +;user=chrism ; (default is current user, required if root) +;identifier=supervisor ; (supervisord identifier, default is 'supervisor') +;directory=/tmp ; (default is not to cd during start) +;nocleanup=true ; (don't clean up tempfiles at start;default false) +;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP) +;environment=KEY=value ; (key value pairs to add to environment) +;strip_ansi=false ; (strip ansi escape codes in logs; def. false) + +; the below section must remain in the config file for RPC +; (supervisorctl/web interface) to work, additional interfaces may be +; added by defining them in separate rpcinterface: sections +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL for a unix socket +;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket +;username=chris ; should be same as http_username if set +;password=123 ; should be same as http_password if set +;prompt=mysupervisor ; cmd line prompt (default "supervisor") +;history_file=~/.sc_history ; use readline history if available + +; The below sample program section shows all possible program subsection values, +; create one or more 'real' program: sections to be able to control them under +; supervisor. + +;[program:theprogramname] +;command=/bin/cat ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=999 ; the relative start priority (default 999) +;autostart=true ; start at supervisord start (default: true) +;autorestart=true ; retstart at unexpected quit (default: true) +;startsecs=10 ; number of secs prog must stay running (def. 1) +;startretries=3 ; max # of serial start failures (default 3) +;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) +;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10) +;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A=1,B=2 ; process environment additions (def no adds) +;serverurl=AUTO ; override serverurl computation (childutils) + +; The below sample eventlistener section shows all possible +; eventlistener subsection values, create one or more 'real' +; eventlistener: sections to be able to handle event notifications +; sent by supervisor. + +;[eventlistener:theeventlistenername] +;command=/bin/eventlistener ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;events=EVENT ; event notif. types to subscribe to (req'd) +;buffer_size=10 ; event buffer queue size (default 10) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=-1 ; the relative start priority (default -1) +;autostart=true ; start at supervisord start (default: true) +;autorestart=unexpected ; restart at unexpected quit (default: unexpected) +;startsecs=10 ; number of secs prog must stay running (def. 1) +;startretries=3 ; max # of serial start failures (default 3) +;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups ; # of stderr logfile backups (default 10) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A=1,B=2 ; process environment additions +;serverurl=AUTO ; override serverurl computation (childutils) + +; The below sample group section shows all possible group values, +; create one or more 'real' group: sections to create "heterogeneous" +; process groups. + +;[group:thegroupname] +;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions +;priority=999 ; the relative start priority (default 999) + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. + +;[include] +;files = relative/directory/*.ini diff --git a/templates/tests/test_client.conf.j2 b/templates/tests/test_client.conf.j2 index c9bdfde..4a564f9 100644 --- a/templates/tests/test_client.conf.j2 +++ b/templates/tests/test_client.conf.j2 @@ -21,12 +21,12 @@ syslog = 0 stdout = 1 ca_burp_ca = {{ burp_server_ca_burp_ca }} -ca_csr_dir = /etc/burp/CA-test -ssl_cert_ca = /etc/burp/ssl_cert_ca-test.pem -ssl_cert = /etc/burp/ssl_cert-test.pem -ssl_key = /etc/burp/ssl_cert-test.key +ca_csr_dir = "{{ etc_dir }}/burp/CA-test" +ssl_cert_ca = "{{ etc_dir }}/burp/ssl_cert_ca-test.pem" +ssl_cert = "{{ etc_dir }}/burp/ssl_cert-test.pem" +ssl_key = "{{ etc_dir }}/burp/ssl_cert-test.key" ssl_key_password = {{ burp_server_ssl_key_password }} ssl_peer_cn = {{ ansible_hostname }} # Backup /etc/burp -include = /etc/burp +include = "{{ etc_dir }}/burp" diff --git a/vars/FreeBSD-11.yml b/vars/FreeBSD-11.yml new file mode 100644 index 0000000..46ea174 --- /dev/null +++ b/vars/FreeBSD-11.yml @@ -0,0 +1,35 @@ +--- +# file: vars/FreeBSD-11.yml + +# etc - different path for all additional sw +etc_dir: "/usr/local/etc" + +burp_server_packages: + - py-supervisor + - logrotate +build_dependencies: + - uthash + - librsync2 +burp_agent_packages: + - python27 + - devel/py-pip + - py27-supervisor +burp_agent_py3_packages: + - python36 + - devel/py-pip + +supervisoretc_dir: "{{ etc_dir }}/supervisor/conf.d" +supervisor_ext: "conf" +supervisor_service: supervisord + +burp_sv_server_stdout_logfile: "/var/log/supervisord/%(program_name)s.log" +burp_sv_server_stderr_logfile: "/var/log/supervisord/%(program_name)s.log" + +pip_installed_exe_bin_path: '/usr/local/bin' + +cron_packages: + - logrotate +cron_service: cron + +autoupgrade_version: "2.0.54" # master version is not compiled so added separately +burp_version: "2.0.54" # branch or tag, example: "master" , example: "2.0.46" diff --git a/vars/FreeBSD-11.yml~ b/vars/FreeBSD-11.yml~ new file mode 100644 index 0000000..2b66505 --- /dev/null +++ b/vars/FreeBSD-11.yml~ @@ -0,0 +1,32 @@ +--- +# file: vars/FreeBSD-11.yml + +# etc - different path for all userinstalled sw +etc_dir: "/usr/local/etc" + +burp_server_packages: + - py-supervisor + - logrotate + +build_dependencies: + - uthash + - librsync2 + +burp_agent_packages: + - python27 + - devel/py-pip + - py27-supervisor + +burp_agent_py3_packages: + - python36 + - devel/py-pip + +supervisoretc_dir: "/usr/local/etc/supervisor/conf.d" +supervisor_ext: "conf" +supervisor_service: supervisor +pip_installed_exe_bin_path: '/usr/local/bin' + +cron_packages: + - logrotate + +cron_service: cron From f15634692c163cff078f472f22d9015328013e40 Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Fri, 26 Jan 2018 16:51:43 +0100 Subject: [PATCH 02/19] added missing molecule.yml --- molecule.yml | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 molecule.yml diff --git a/molecule.yml b/molecule.yml new file mode 100644 index 0000000..e72ac06 --- /dev/null +++ b/molecule.yml @@ -0,0 +1,119 @@ +--- +# Use docker to test on travis +# Use vagrant to create vms and access full OS on local testing +driver: + name: docker + #name: vagrant + +vagrant: + raw_config_args: + - "ssh.insert_key = false" + - "vm.network 'forwarded_port', guest: 80, host: 8080" + + platforms: + - name: debian64 + box: debian/jessie64 + - name: centos7 + box: centos/7 + - name: ubuntuxenial64 + box: nrclark/xenial64-minimal-libvirt + +# The tests with vagrant are done with libvirt, you can also use virtualbox +# You need to prepare vagrant, vagrant-libvirt, nfs-kernel-server, and libvirt-bin. +# https://wiki.debian.org/libvirt +# https://github.com/vagrant-libvirt/vagrant-libvirt +# sudo apt-get install libxslt-dev libxml2-dev libvirt-dev zlib1g-dev ruby-dev +# sudo apt-get install nfs-kernel-server # required to mount local dir to vm +# http://molecule.readthedocs.io/en/stable-1.9/provider/index.html#providers +# You must have latest vagrant and reinsall plugins if upgraded, see: +# https://github.com/vagrant-libvirt/vagrant-libvirt/issues/618 + providers: + - name: libvirt + type: libvirt + options: + memory: 1024 + cpus: 2 + # There are two available drivers: kvm and qemu. + # Refer to the vagrant-libvirt docs for more info. + driver: kvm + video_type: vga + volume_cache: writeback + + instances: + - name: vagrant-master-01 + ansible_groups: + - group_master + options: + append_platform_to_hostname: no + raw_config_args: + - "vm.box = 'debian/jessie64'" + - name: vagrant-master-02 + ansible_groups: + - group_master + options: + append_platform_to_hostname: no + raw_config_args: + - "vm.box = 'centos/7'" + - name: vagrant-master-03 + ansible_groups: + - group_master + options: + append_platform_to_hostname: no + raw_config_args: + - "vm.box = 'nrclark/xenial64-minimal-libvirt'" + +# It will not be used if you don't specify the driver: name: docker (see the beginning of the file) +docker: + containers: + + - name: ansible_burp2_ubuntu_latest + image: ubuntu + image_version: latest + ansible_groups: + - group1 + + - name: ansible_burp2_ubuntu_trusty + image: ubuntu + image_version: trusty + ansible_groups: + - group1 + + - name: ansible_test-master2 + image: dramaturg/debian-systemd + image_version: 'latest' + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + privileged: False + ansible_groups: + - group_master + + # In docker cannot be tested with centos 7 due to https://github.com/ansible/ansible-modules-core/issues/593 + - name: ansible_burp2_centos_7 + image: centos/systemd + image_version: latest + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + privileged: True + ansible_groups: + - group1 + + - name: ansible_test-04 + image: fedora/systemd-systemd + image_version: latest + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + privileged: True + +verifier: + name: testinfra + +ansible: + playbook: playbook.yml + group_vars: + group_master: + burpsrcext: "zip" + burp_version: "master" + burp_remove_clients: + - name: client_to_remove + - name: other_client_to_remove + burp_server_port_per_operation_bool: true From cafc17c91ea0b8e08ddcddf807c8f217ce638d71 Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Mon, 29 Jan 2018 12:09:00 +0100 Subject: [PATCH 03/19] emacs ignores --- .gitignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.gitignore b/.gitignore index 2aac6aa..230de54 100644 --- a/.gitignore +++ b/.gitignore @@ -57,3 +57,8 @@ fabric.properties # kdevelop *.kdev4 .kdev4 + +# emacs tmp files +.#* +*# + From 6246a63383149d7a4b6cce4557ec0b15c9baddc8 Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Mon, 29 Jan 2018 12:09:15 +0100 Subject: [PATCH 04/19] ansible working on freebsd --- defaults/main.yml | 12 ++++++------ tasks/config_agent.yml | 7 +++---- tasks/config_burp.yml | 11 +++++++++++ tasks/supervisor.yml | 4 ++-- templates/build/CA.cnf.j2 | 2 +- templates/freebsd_supervisord.conf.j2 | 2 +- templates/supervisor_logrotate.j2 | 2 +- vars/FreeBSD-11.yml | 9 ++++++--- 8 files changed, 31 insertions(+), 18 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 6859893..2e8cd88 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -258,8 +258,8 @@ burp_sv_agent_command: "{{ pip_installed_exe_bin_path }}/bui-agent -v -c /etc/bu burp_sv_agent_user: "root" burp_sv_agent_autostart: "true" burp_sv_agent_autorestart: "true" -burp_sv_agent_stdout_logfile: "/var/log/supervisor/%(program_name)s.log" -burp_sv_agent_stderr_logfile: "/var/log/supervisor/%(program_name)s.log" +burp_sv_agent_stdout_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.log" +burp_sv_agent_stderr_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.log" # Burp Restore burp_sv_restore_priority: "30" burp_sv_restore_directory: "/tmp" @@ -267,8 +267,8 @@ burp_sv_restore_command: "/usr/sbin/burp -F -c /etc/burp/burp-restore.conf" burp_sv_restore_user: "root" burp_sv_restore_autostart: "true" burp_sv_restore_autorestart: "true" -burp_sv_restore_stdout_logfile: "/var/log/supervisor/%(program_name)s.log" -burp_sv_restore_stderr_logfile: "/var/log/supervisor/%(program_name)s.log" +burp_sv_restore_stdout_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.log" +burp_sv_restore_stderr_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.log" # Burp Server burp_sv_server_priority: "20" burp_sv_server_directory: "/tmp" @@ -276,8 +276,8 @@ burp_sv_server_command: "/usr/sbin/burp -F -c /etc/burp/burp-server.conf" burp_sv_server_user: "root" burp_sv_server_autostart: "true" burp_sv_server_autorestart: "true" -burp_sv_server_stdout_logfile: "/var/log/supervisor/%(program_name)s.log" -burp_sv_server_stderr_logfile: "/var/log/supervisor/%(program_name)s.log" +burp_sv_server_stdout_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.log" +burp_sv_server_stderr_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.log" ### --- # if burp_manual_delete_enabled: true diff --git a/tasks/config_agent.yml b/tasks/config_agent.yml index 98aad51..6f0b324 100644 --- a/tasks/config_agent.yml +++ b/tasks/config_agent.yml @@ -75,7 +75,6 @@ with_items: "{{ burpui_pip_packages }}" notify: restart buiagent - - name: configure buiagent template: src: "{{ item.src }}" @@ -84,10 +83,10 @@ - { src: "buiagent.cfg.j2", dest: "{{ etc_dir }}/burp/buiagent.cfg" } notify: restart buiagent -# On FreeBSD 11 there is no /var/log/supervisor directory by default -- name: supervisor | create /var/log/supervisor on FreeBSD +# On FreeBSD 11 there is no /var/log/supervisord directory by default +- name: supervisor | create /var/log/supervisord on FreeBSD file: - path: "{{ burp_sv_server_stdout_logfile | basename }}" + path: "{{ burp_sv_server_log_dir }}" state: directory when: ansible_os_family == "FreeBSD" diff --git a/tasks/config_burp.yml b/tasks/config_burp.yml index 872cfea..0013257 100644 --- a/tasks/config_burp.yml +++ b/tasks/config_burp.yml @@ -27,6 +27,17 @@ with_items: - { src: "burp-server.conf.j2", dest: "{{ etc_dir }}/burp/burp-server.conf"} notify: restart burp server + +- name: symlink ssl server certificates on FreeBSD + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: link + with_items: + - { src: "CA/CA_burpCA.crt", dest: "{{ etc_dir }}/burp/ssl_cert_ca-server.pem" } + - { src: "CA/{{ ansible_hostname }}.key", dest: "{{ etc_dir }}/burp/ssl_cert-server.key" } + - { src: "CA/{{ ansible_hostname }}.crt", dest: "{{ etc_dir }}/burp/ssl_cert-server.pem" } + when: ansible_os_family == "FreeBSD" - name: config_burp | configure profiles configured in profiles_templates template: diff --git a/tasks/supervisor.yml b/tasks/supervisor.yml index 16955fb..c5872a0 100644 --- a/tasks/supervisor.yml +++ b/tasks/supervisor.yml @@ -52,7 +52,7 @@ # On FreeBSD 11 the supervisor log directory us not created by the port - name: supervisor | Ensure "burp_sv_server_stdout_logfile" dir exists file: - path: "{{ burp_sv_server_stdout_logfile |basename }}" + path: "{{ burp_sv_server_log_dir }}" state: "directory" - name: supervisor | check bui-agent path @@ -124,7 +124,7 @@ - name: supervisor | wait for burp_server port wait_for: port={{ burp_server_port }} delay=5 timeout=30 - + - name: supervisor | wait for burpca to get all server certificates wait_for: path: "{{ item }}" diff --git a/templates/build/CA.cnf.j2 b/templates/build/CA.cnf.j2 index 1c0800d..9ed5fa2 100644 --- a/templates/build/CA.cnf.j2 +++ b/templates/build/CA.cnf.j2 @@ -1,7 +1,7 @@ # simple config for burp_ca RANDFILE = /dev/urandom -CA_DIR = {{ etc_dir }}/etc/burp/CA +CA_DIR = {{ etc_dir }}/burp/CA [ ca ] diff --git a/templates/freebsd_supervisord.conf.j2 b/templates/freebsd_supervisord.conf.j2 index a8251f1..04a42c7 100644 --- a/templates/freebsd_supervisord.conf.j2 +++ b/templates/freebsd_supervisord.conf.j2 @@ -13,7 +13,7 @@ file=/var/run/supervisor/supervisor.sock ; (the path to the socket file) ;password=123 ; (default is no password (open server)) [supervisord] -logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log) +logfile={{ burp_sv_server_log_dir }}/supervisord.log ; (main log file;default $CWD/supervisord.log) logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) logfile_backups=10 ; (num of main logfile rotation backups;default 10) loglevel=info ; (log level;default info; others: debug,warn,trace) diff --git a/templates/supervisor_logrotate.j2 b/templates/supervisor_logrotate.j2 index 72fcef6..0b88f06 100644 --- a/templates/supervisor_logrotate.j2 +++ b/templates/supervisor_logrotate.j2 @@ -1,4 +1,4 @@ -/var/log/supervisor/*.log { +{{ burp_sv_server_log_dir }}/*.log { weekly missingok rotate 52 diff --git a/vars/FreeBSD-11.yml b/vars/FreeBSD-11.yml index 46ea174..2fafec9 100644 --- a/vars/FreeBSD-11.yml +++ b/vars/FreeBSD-11.yml @@ -21,9 +21,7 @@ burp_agent_py3_packages: supervisoretc_dir: "{{ etc_dir }}/supervisor/conf.d" supervisor_ext: "conf" supervisor_service: supervisord - -burp_sv_server_stdout_logfile: "/var/log/supervisord/%(program_name)s.log" -burp_sv_server_stderr_logfile: "/var/log/supervisord/%(program_name)s.log" +burp_sv_server_log_dir: "/var/log/supervisor" pip_installed_exe_bin_path: '/usr/local/bin' @@ -33,3 +31,8 @@ cron_service: cron autoupgrade_version: "2.0.54" # master version is not compiled so added separately burp_version: "2.0.54" # branch or tag, example: "master" , example: "2.0.46" + +# ssl cert locations +burp_server_ssl_cert_ca: "{{ etc_dir }}/burp/CA/CA_burpCA.crt" +burp_server_ssl_cert: "{{ etc_dir }}/burp/CA/{{ ansible_hostname }}.crt" +burp_server_ssl_key: "{{ etc_dir }}/burp/CA/{{ ansible_hostname }}.key" From a3aa799207f54d5fcf8fc2339dfc92c13ecd8a99 Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Mon, 29 Jan 2018 13:16:35 +0100 Subject: [PATCH 05/19] updated gitignores --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 230de54..29c130e 100644 --- a/.gitignore +++ b/.gitignore @@ -58,7 +58,7 @@ fabric.properties *.kdev4 .kdev4 -# emacs tmp files +# emacs and zile tmp files .#* *# - +*~ From bfb4ecb7784310ff9462aa59ba7a931edda1fd17 Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Mon, 29 Jan 2018 15:15:47 +0100 Subject: [PATCH 06/19] fix and starterd with molecule v2 tests --- .ansible-lint | 15 +++++++ .yamllint | 32 ++++++++++++++ molecule/default/INSTALL.rst | 17 +++++++ molecule/default/create.yml | 56 ++++++++++++++++++++++++ molecule/default/destroy.yml | 35 +++++++++++++++ molecule/default/molecule.yml | 34 ++++++++++++++ molecule/default/playbook.yml | 6 +++ molecule/default/prepare.yml | 9 ++++ molecule/default/tests/test_default.py | 6 +++ molecule/default/tests/test_default.pyc | Bin 0 -> 1021 bytes tasks/config_agent.yml | 3 +- 11 files changed, 211 insertions(+), 2 deletions(-) create mode 100644 .ansible-lint create mode 100644 .yamllint create mode 100644 molecule/default/INSTALL.rst create mode 100644 molecule/default/create.yml create mode 100644 molecule/default/destroy.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/playbook.yml create mode 100644 molecule/default/prepare.yml create mode 100644 molecule/default/tests/test_default.py create mode 100644 molecule/default/tests/test_default.pyc diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..d458291 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,15 @@ +#exclude_paths: +# - ./my/excluded/directory/ +# - ./my/other/excluded/directory/ +# - ./last/excluded/directory/ +parseable: true +quiet: true +#rulesdir: +# - ./rule/directory/ +#skip_list: +# - skip_this_tag +# - and_this_one_too +#tags: +# - run_this_tag +use_default_rules: true +verbosity: 1 \ No newline at end of file diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..7345f33 --- /dev/null +++ b/.yamllint @@ -0,0 +1,32 @@ +--- + +extends: default + +rules: + braces: + level: warning + max-spaces-inside: 1 + brackets: + level: warning + max-spaces-inside: 1 + colons: + level: warning + commas: + level: warning + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + level: warning + hyphens: + level: warning + indentation: + level: warning + indent-sequences: consistent + line-length: + level: warning + allow-non-breakable-inline-mappings: true + truthy: disable + trailing-spaces: disable + new-line-at-end-of-file: + level: warning diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst new file mode 100644 index 0000000..44c26af --- /dev/null +++ b/molecule/default/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Install +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/molecule/default/create.yml b/molecule/default/create.yml new file mode 100644 index 0000000..f8eb37c --- /dev/null +++ b/molecule/default/create.yml @@ -0,0 +1,56 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: False + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_instance_config: "{{ lookup('env', 'MOLECULE_INSTANCE_CONFIG') }}" + molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" + tasks: + - name: Create molecule instance(s) + molecule_vagrant: + instance_name: "{{ item.name }}" + instance_interfaces: "{{ item.interfaces | default(omit) }}" + instance_raw_config_args: "{{ item.instance_raw_config_args | default(omit) }}" + + platform_box: "{{ item.box }}" + platform_box_version: "{{ item.box_version | default(omit) }}" + platform_box_url: "{{ item.box_url | default(omit) }}" + + provider_name: "{{ molecule_yml.driver.provider.name }}" + provider_memory: "{{ item.memory | default(omit) }}" + provider_cpus: "{{ item.cpus | default(omit) }}" + provider_raw_config_args: "{{ item.raw_config_args | default(omit) }}" + + state: up + register: server + with_items: "{{ molecule_yml.platforms }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.Host }}", + 'address': "{{ item.HostName }}", + 'user': "{{ item.User }}", + 'port': "{{ item.Port }}", + 'identity_file': "{{ item.IdentityFile }}", } + with_items: "{{ server.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + # NOTE(retr0h): Workaround for Ansible 2.2. + # https://github.com/ansible/ansible/issues/20885 + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml new file mode 100644 index 0000000..b74f4d8 --- /dev/null +++ b/molecule/default/destroy.yml @@ -0,0 +1,35 @@ +--- + +- name: Destroy + hosts: localhost + connection: local + gather_facts: False + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_instance_config: "{{ lookup('env',' MOLECULE_INSTANCE_CONFIG') }}" + molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" + tasks: + - name: Destroy molecule instance(s) + molecule_vagrant: + instance_name: "{{ item.name }}" + platform_box: "{{ item.box }}" + provider_name: "{{ molecule_yml.driver.provider.name }}" + force_stop: "{{ item.force_stop | default(True) }}" + state: destroy + register: server + with_items: "{{ molecule_yml.platforms }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + # NOTE(retr0h): Workaround for Ansible 2.2. + # https://github.com/ansible/ansible/issues/20885 + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..835a73b --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,34 @@ +--- + +provisioner: + name: ansible + lint: + name: ansible-lint + enabled: False + inventory: + links: + # include global variables as well for testing + group_vars: ../../../../../../group_vars/ + host_vars: ../../../../../../host_vars/ + env: + # dont let molecule guess + ANSIBLE_ROLES_PATH: ../../../../internal:../../../../external/ + ANSIBLE_LIBRARY: ../../../../../library/ + ANSIBLE_FILTER_PLUGINS: ../../../../../plugins + # if not set wants to use libvirt on my box + VAGRANT_DEFAULT_PROVIDER: virtualbox +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: freebsd11 + box: ../../../../../testboxes/vagrant-freebsd11.1-ansibletarget.box + memory: 4096 + cpus: 4 + # https://www.vagrantup.com/docs/synced-folders/basic_usage.html + instance_raw_config_args: + - "vm.synced_folder '.', '/vagrant', disabled: true" +verifier: + name: testinfra + diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml new file mode 100644 index 0000000..13a6cd2 --- /dev/null +++ b/molecule/default/playbook.yml @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: all + roles: + # force becoming root as molecule doesnt do it anymore + - { role: ansible_burp2_server, become: yes } diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml new file mode 100644 index 0000000..b0e0aa6 --- /dev/null +++ b/molecule/default/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: False + tasks: + - name: Install python for Ansible + raw: test -e /usr/bin/python || (pkg update && pkg install -y python27 sudo && ln -s /usr/local/bin/python2.7 /usr/bin/python) + become: True + changed_when: False diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py new file mode 100644 index 0000000..72ac55d --- /dev/null +++ b/molecule/default/tests/test_default.py @@ -0,0 +1,6 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') diff --git a/molecule/default/tests/test_default.pyc b/molecule/default/tests/test_default.pyc new file mode 100644 index 0000000000000000000000000000000000000000..f82890823332135a707e7956802121597ec0f446 GIT binary patch literal 1021 zcmdr~&2H2%5FRJnUs3h~LcR2y1Kk|BB1BcCqG;KoEk7ccC`~5CyWTjmClyt@7vM#B z8XkxTfU&b_OL+s5cs%|x{$~7*!(ThwKb}5H3s^lN&o6n{*KA7u1So*?#utzVfC0=x zm%xx(Vd~zVps4M{ydhF`fL)&xD?^`{rbv9KIhX+41B< zGI@70{gfRYj}vm~bEOKwbFdnRJlipwYfj}W;si?p*PKs)-2)2XYqtztA@cz2vpe9R z2Vbo~KGtdEGEM9@+Zd^cKWj^t2D~&{lP}k=Dyfjx8OATtMLcBpz*;mUb)6WajSp)b z;?8((blXI(bdNh)a)+rRHsFo@$zDv0CT?W2f7VJ>?!UE|&OgQrt*~en-a3WWbIBMH zn%EXt=SJ%I0*$OBBZQV@U70+-y1E-W>Y1`q8Z1bg%jNQZOi!29`2zp_-6#2r!X?Z~ ztnyaTsJWyepT%Qdz|6_D#gN@(17a8q#bXgUmAOd(tj3=6`>IDRNo7ZQZRMH5%(QjQ zIy!=z5U;8a^V;7F-Qm!KZuhj?yuk?87t-k36P+VvU32?Vy Date: Tue, 30 Jan 2018 17:49:54 +0100 Subject: [PATCH 07/19] mass commit --- defaults/main.yml | 39 ++++++++++++++++++++------------------- tasks/build-burp.yml | 8 ++++++++ tasks/config_burp.yml | 15 ++++++++------- tasks/main.yml | 9 ++++++--- tasks/manual_client.yml | 2 ++ vars/Debian-9.yml | 4 ++-- vars/Debian.yml | 4 ++-- vars/FreeBSD-11.yml | 3 ++- vars/RedHat.yml | 4 ++-- 9 files changed, 52 insertions(+), 36 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 2e8cd88..1544350 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,6 +5,7 @@ ### General # used for eg FreeBSD which has a deviating path etc_dir: "/etc" +usr_dir: "/usr" ### Modules # Configure Burp UI Agent @@ -54,8 +55,8 @@ download_dir: "{{ ansible_env.HOME }}/burp" ### Burp Server ### http://burp.grke.org/docs/manpage.html burp_server_data: "{{ burp_home }}/data" -burp_server_clientconfdir: "/etc/burp/clientconfdir" -burp_server_autoupgrade_dir: "/etc/burp/autoupgrade/server" +burp_server_clientconfdir: "{{ etc_dir }}/burp/clientconfdir" +burp_server_autoupgrade_dir: "{{ etc_dir }}/burp/autoupgrade/server" burp_server_address: "0.0.0.0" burp_server_port: "4971" burp_server_status_address: "127.0.0.1" @@ -82,21 +83,21 @@ burp_server_network_timeout: false # due to less CPU usage and fasters backups burp_server_compression: zlib5 burp_server_version_warn: "1" -burp_server_ca_conf: "/etc/burp/CA.cnf" +burp_server_ca_conf: "{{ etc_dir }}/burp/CA.cnf" burp_server_ca_name: "burpCA" -burp_server_ca_burp_ca: "/usr/sbin/burp_ca" +burp_server_ca_burp_ca: "{{ usr_dir }}/sbin/burp_ca" burp_server_ca_crl_check: "1" -burp_server_ssl_cert_ca: "/etc/burp/ssl_cert_ca-server.pem" -burp_server_ssl_cert: "/etc/burp/ssl_cert-server.pem" -burp_server_ssl_key: "/etc/burp/ssl_cert-server.key" -burp_server_ssl_dhfile: "/etc/burp/dhfile.pem" +burp_server_ssl_cert_ca: "{{ etc_dir }}/burp/ssl_cert_ca-server.pem" +burp_server_ssl_cert: "{{ etc_dir }}/burp/ssl_cert-server.pem" +burp_server_ssl_key: "{{ etc_dir }}/burp/ssl_cert-server.key" +burp_server_ssl_dhfile: "{{ etc_dir }}/burp/dhfile.pem" burp_server_ssl_key_password: "password" burp_server_script_pre: false burp_server_scripts_pre_args: [] burp_server_script_post: false burp_server_script_post_args: [] burp_server_monitor_cache: "1" -burp_server_timer_script: "/usr/share/burp/scripts/timer_script" +burp_server_timer_script: "{{ usr_dir }}/share/burp/scripts/timer_script" burp_server_timer_args: - 20h - Mon,Tue,Wed,Thu,Fri,00,01,02,03,04,05,19,20,21,22,23 @@ -222,14 +223,14 @@ burp_agent_global_ssl: "false" burp_agent_global_version: "2" burp_agent_global_password: "password" #[Security] -burp_agent_security_includes: "/etc/burp" +burp_agent_security_includes: "{{ etc_dir }}/burp" burp_agent_security_enforce: "false" burp_agent_security_revoke: "true" #[Experimental] burp_agent_experimental_zip64: "false" #[Backend] -burp_agent_backend_burpbin: "/usr/sbin/burp" -burp_agent_backend_stripbin: "/usr/bin/vss_strip" +burp_agent_backend_burpbin: "{{ usr_dir }}/sbin/burp" +burp_agent_backend_stripbin: "{{ usr_dir }}/bin/vss_strip" burp_agent_backend_tmpdir: "/tmp" burp_agent_backend_timeout: "60" # Burp UI pip packages @@ -254,7 +255,7 @@ burp_agent_pip_present: # Burp Agent burp_sv_agent_priority: "40" burp_sv_agent_directory: "/tmp" -burp_sv_agent_command: "{{ pip_installed_exe_bin_path }}/bui-agent -v -c /etc/burp/buiagent.cfg" +burp_sv_agent_command: "{{ pip_installed_exe_bin_path }}/bui-agent -v -c {{ etc_dir }}/burp/buiagent.cfg" burp_sv_agent_user: "root" burp_sv_agent_autostart: "true" burp_sv_agent_autorestart: "true" @@ -263,7 +264,7 @@ burp_sv_agent_stderr_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.log # Burp Restore burp_sv_restore_priority: "30" burp_sv_restore_directory: "/tmp" -burp_sv_restore_command: "/usr/sbin/burp -F -c /etc/burp/burp-restore.conf" +burp_sv_restore_command: "/usr/sbin/burp -F -c {{ etc_dir }}/burp/burp-restore.conf" burp_sv_restore_user: "root" burp_sv_restore_autostart: "true" burp_sv_restore_autorestart: "true" @@ -292,10 +293,10 @@ burp_cron_delete: ### Burp Client burp_client_pidfile: "/var/run/burp.pid" burp_client_password: "password" -burp_client_ca_csr_dir: "/etc/burp/CA-client" -burp_client_ssl_cert_ca: "/etc/burp/ssl_cert_ca-monitor.pem" -burp_client_ssl_cert: "/etc/burp/ssl_cert-monitor.pem" -burp_client_ssl_key: "/etc/burp/ssl_cert-monitor.key" +burp_client_ca_csr_dir: "{{ etc_dir }}/burp/CA-client" +burp_client_ssl_cert_ca: "{{ etc_dir }}/burp/ssl_cert_ca-monitor.pem" +burp_client_ssl_cert: "{{ etc_dir }}/burp/ssl_cert-monitor.pem" +burp_client_ssl_key: "{{ etc_dir }}/burp/ssl_cert-monitor.key" ### --- # if burp_module_restore: true @@ -343,5 +344,5 @@ burp_client_ports_per_operation: - 'port_delete = {{ burp_server_port_operation_delete }}' # use the 'portinstall' module on FreeBSD to compile packages instead of 'package' -burp_freebsd_use_portinstall: False +burp_freebsd_use_portinstall: True diff --git a/tasks/build-burp.yml b/tasks/build-burp.yml index 4af0d04..6c2ce45 100644 --- a/tasks/build-burp.yml +++ b/tasks/build-burp.yml @@ -11,6 +11,14 @@ package: name: "{{ build_dependencies | join(',') }}" state: present + when: ( ansible_os_family != "FreeBSD" and not burp_freebsd_use_portinstall ) + +- name: install build dependencies on FreeBSD + portinstall: + name: "{{ item }}" + state: present + with_items: "{{ build_dependencies }}" + when: ansible_os_family == "FreeBSD" - name: Uninstall old burp package: diff --git a/tasks/config_burp.yml b/tasks/config_burp.yml index 0013257..8c99315 100644 --- a/tasks/config_burp.yml +++ b/tasks/config_burp.yml @@ -33,16 +33,17 @@ src: "{{ item.src }}" dest: "{{ item.dest }}" state: link + force: yes with_items: - - { src: "CA/CA_burpCA.crt", dest: "{{ etc_dir }}/burp/ssl_cert_ca-server.pem" } - - { src: "CA/{{ ansible_hostname }}.key", dest: "{{ etc_dir }}/burp/ssl_cert-server.key" } - - { src: "CA/{{ ansible_hostname }}.crt", dest: "{{ etc_dir }}/burp/ssl_cert-server.pem" } + - { src: "{{ etc_dir }}/burp/CA/CA_burpCA.crt", dest: "{{ etc_dir }}/burp/ssl_cert_ca-server.pem" } + - { src: "{{ etc_dir }}/burp/CA/{{ ansible_hostname }}.key", dest: "{{ etc_dir }}/burp/ssl_cert-server.key" } + - { src: "{{ etc_dir }}/burp/CA/{{ ansible_hostname }}.crt", dest: "{{ etc_dir }}/burp/ssl_cert-server.pem" } when: ansible_os_family == "FreeBSD" - name: config_burp | configure profiles configured in profiles_templates template: src: profiles/profile_template.j2 - dest: "{{burp_server_clientconfdir}}/incexc/{{ item.name }}" + dest: "{{ burp_server_clientconfdir }}/incexc/{{ item.name }}" with_items: "{{ profiles_templates }}" - name: copy clients configuration files @@ -57,15 +58,15 @@ - name: configure profile lnxsrv to create new client template: src: profiles/lnxsrv.j2 - dest: "{{burp_server_clientconfdir}}/profiles/lnxsrv" + dest: "{{ burp_server_clientconfdir }}/profiles/lnxsrv" - name: configure profile win6x to create new client template: src: profiles/win6x.j2 - dest: "{{burp_server_clientconfdir}}/profiles/win6x" + dest: "{{ burp_server_clientconfdir }}/profiles/win6x" # This task ensures we can create restore file for server initiated restores -- name: create restore client's dir in spool dir +- name: create restore client\'s dir in spool dir file: path: "{{ burp_server_data }}/{{ item }}" state: directory diff --git a/tasks/main.yml b/tasks/main.yml index f7c7af1..4abfaea 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -10,7 +10,7 @@ # - include: install_burp.yml -# Clean any package distribution before start + # Clean any package distribution before start - include: clean.yml - include: build-burp.yml @@ -18,8 +18,11 @@ - include: config_burp.yml - include: manual_client.yml - -# Only for monitor and status purpose + # tags should be declared at include level see https://www.ansible.com/blog/ansible-2.0-launchb + tags: + - add_manual_clients + + # Only for monitor and status purpose - include: manual_delete.yml when: burp_manual_delete_enabled diff --git a/tasks/manual_client.yml b/tasks/manual_client.yml index c3320c1..ba4212b 100644 --- a/tasks/manual_client.yml +++ b/tasks/manual_client.yml @@ -12,3 +12,5 @@ dest: "{{ burp_server_clientconfdir }}/{{ item.name }}" with_items: "{{ burp2_add_manual_clients | default([]) }}" # Ansible will not run the task if the var is empty + tags: + - add_manual_clients diff --git a/vars/Debian-9.yml b/vars/Debian-9.yml index 9e1bd36..b71fbf6 100644 --- a/vars/Debian-9.yml +++ b/vars/Debian-9.yml @@ -48,10 +48,10 @@ burp_agent_py3_packages: # burp_apt_sources: # - "deb http://ziirish.info/repos/ubuntu/{{ ansible_distribution_release }} zi-latest main" -supervisoretc_dir: "/etc/supervisor/conf.d" +supervisoretc_dir: "{{ etc_dir }}/supervisor/conf.d" supervisor_ext: "conf" supervisor_service: supervisor -pip_installed_exe_bin_path: '/usr/local/bin' +pip_installed_exe_bin_path: '{{ usr_dir }}/local/bin' cron_packages: - cron # To enable crontab jobs diff --git a/vars/Debian.yml b/vars/Debian.yml index 4be7122..dbd4992 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -45,10 +45,10 @@ burp_agent_py3_packages: # burp_apt_sources: # - "deb http://ziirish.info/repos/ubuntu/{{ ansible_distribution_release }} zi-latest main" -supervisoretc_dir: "/etc/supervisor/conf.d" +supervisoretc_dir: "{{ etc_dir }}/supervisor/conf.d" supervisor_ext: "conf" supervisor_service: supervisor -pip_installed_exe_bin_path: '/usr/local/bin' +pip_installed_exe_bin_path: '{{ usr_dir }}/local/bin' cron_packages: - cron # To enable crontab jobs diff --git a/vars/FreeBSD-11.yml b/vars/FreeBSD-11.yml index 2fafec9..d983524 100644 --- a/vars/FreeBSD-11.yml +++ b/vars/FreeBSD-11.yml @@ -3,6 +3,7 @@ # etc - different path for all additional sw etc_dir: "/usr/local/etc" +usr_dir: "/usr/local/" burp_server_packages: - py-supervisor @@ -23,7 +24,7 @@ supervisor_ext: "conf" supervisor_service: supervisord burp_sv_server_log_dir: "/var/log/supervisor" -pip_installed_exe_bin_path: '/usr/local/bin' +pip_installed_exe_bin_path: "{{ usr_dir }}/bin" cron_packages: - logrotate diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 1cb7e84..9e7bb3d 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -34,10 +34,10 @@ burp_agent_py3_packages: - python3-pip - redhat-rpm-config -supervisoretc_dir: "/etc/supervisor/conf.d" +supervisoretc_dir: "{{ etc_dir}}/supervisor/conf.d" supervisor_ext: "conf" supervisor_service: supervisord -pip_installed_exe_bin_path: '/usr/bin' +pip_installed_exe_bin_path: '{{ usr_dir }}/bin' cron_packages: - cronie # To enable crontab jobs From a8b84629d3856c4c67624695a24da5d342965d50 Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Mon, 5 Feb 2018 15:37:36 +0100 Subject: [PATCH 08/19] molecule default scenario --- ansible_burp2_server/.yamllint | 13 ++++ ansible_burp2_server/README.md | 38 +++++++++++ ansible_burp2_server/defaults/main.yml | 2 + ansible_burp2_server/handlers/main.yml | 2 + ansible_burp2_server/meta/main.yml | 58 +++++++++++++++++ .../molecule/default/Dockerfile.j2 | 9 +++ .../molecule/default/INSTALL.rst | 16 +++++ .../molecule/default/create.yml | 60 ++++++++++++++++++ .../molecule/default/destroy.yml | 27 ++++++++ .../molecule/default/molecule.yml | 20 ++++++ .../molecule/default/playbook.yml | 5 ++ .../molecule/default/prepare.yml | 5 ++ .../molecule/default/tests/test_default.py | 14 ++++ .../molecule/default/tests/test_default.pyc | Bin 0 -> 1021 bytes ansible_burp2_server/tasks/main.yml | 2 + ansible_burp2_server/vars/main.yml | 2 + 16 files changed, 273 insertions(+) create mode 100644 ansible_burp2_server/.yamllint create mode 100644 ansible_burp2_server/README.md create mode 100644 ansible_burp2_server/defaults/main.yml create mode 100644 ansible_burp2_server/handlers/main.yml create mode 100644 ansible_burp2_server/meta/main.yml create mode 100644 ansible_burp2_server/molecule/default/Dockerfile.j2 create mode 100644 ansible_burp2_server/molecule/default/INSTALL.rst create mode 100644 ansible_burp2_server/molecule/default/create.yml create mode 100644 ansible_burp2_server/molecule/default/destroy.yml create mode 100644 ansible_burp2_server/molecule/default/molecule.yml create mode 100644 ansible_burp2_server/molecule/default/playbook.yml create mode 100644 ansible_burp2_server/molecule/default/prepare.yml create mode 100644 ansible_burp2_server/molecule/default/tests/test_default.py create mode 100644 ansible_burp2_server/molecule/default/tests/test_default.pyc create mode 100644 ansible_burp2_server/tasks/main.yml create mode 100644 ansible_burp2_server/vars/main.yml diff --git a/ansible_burp2_server/.yamllint b/ansible_burp2_server/.yamllint new file mode 100644 index 0000000..3a2255e --- /dev/null +++ b/ansible_burp2_server/.yamllint @@ -0,0 +1,13 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + # NOTE(retr0h): Templates no longer fail this lint rule. + # Uncomment if running old Molecule templates. + # truthy: disable diff --git a/ansible_burp2_server/README.md b/ansible_burp2_server/README.md new file mode 100644 index 0000000..c560111 --- /dev/null +++ b/ansible_burp2_server/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: ansible_burp2_server, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/ansible_burp2_server/defaults/main.yml b/ansible_burp2_server/defaults/main.yml new file mode 100644 index 0000000..9578bd2 --- /dev/null +++ b/ansible_burp2_server/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for ansible_burp2_server diff --git a/ansible_burp2_server/handlers/main.yml b/ansible_burp2_server/handlers/main.yml new file mode 100644 index 0000000..62bfe3a --- /dev/null +++ b/ansible_burp2_server/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for ansible_burp2_server diff --git a/ansible_burp2_server/meta/main.yml b/ansible_burp2_server/meta/main.yml new file mode 100644 index 0000000..ba43fdd --- /dev/null +++ b/ansible_burp2_server/meta/main.yml @@ -0,0 +1,58 @@ +--- +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 1.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + # github_branch: + + # + # platforms is a list of platforms, and each platform has a name and a list of versions. + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/ansible_burp2_server/molecule/default/Dockerfile.j2 b/ansible_burp2_server/molecule/default/Dockerfile.j2 new file mode 100644 index 0000000..f8b4e75 --- /dev/null +++ b/ansible_burp2_server/molecule/default/Dockerfile.j2 @@ -0,0 +1,9 @@ +# Molecule managed + +FROM {{ item.image }} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi diff --git a/ansible_burp2_server/molecule/default/INSTALL.rst b/ansible_burp2_server/molecule/default/INSTALL.rst new file mode 100644 index 0000000..e26493b --- /dev/null +++ b/ansible_burp2_server/molecule/default/INSTALL.rst @@ -0,0 +1,16 @@ +******* +Install +******* + +Requirements +============ + +* Docker Engine +* docker-py + +Install +======= + +.. code-block:: bash + + $ sudo pip install docker-py diff --git a/ansible_burp2_server/molecule/default/create.yml b/ansible_burp2_server/molecule/default/create.yml new file mode 100644 index 0000000..10fac31 --- /dev/null +++ b/ansible_burp2_server/molecule/default/create.yml @@ -0,0 +1,60 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}" + molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}" + molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" + tasks: + - name: Create Dockerfiles from image names + template: + src: "{{ molecule_scenario_directory }}/Dockerfile.j2" + dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" + with_items: "{{ molecule_yml.platforms }}" + register: platforms + + - name: Discover local Docker images + docker_image_facts: + name: "molecule_local/{{ item.item.name }}" + with_items: "{{ platforms.results }}" + register: docker_images + + - name: Build an Ansible compatible image + docker_image: + path: "{{ molecule_ephemeral_directory }}" + name: "molecule_local/{{ item.item.image }}" + dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" + force: "{{ item.item.force | default(true) }}" + with_items: "{{ platforms.results }}" + when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 + + - name: Create molecule instance(s) + docker_container: + name: "{{ item.name }}" + hostname: "{{ item.name }}" + image: "molecule_local/{{ item.image }}" + state: started + recreate: false + log_driver: json-file + command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" + privileged: "{{ item.privileged | default(omit) }}" + volumes: "{{ item.volumes | default(omit) }}" + capabilities: "{{ item.capabilities | default(omit) }}" + ports: "{{ item.exposed_ports | default(omit) }}" + ulimits: "{{ item.ulimits | default(omit) }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" diff --git a/ansible_burp2_server/molecule/default/destroy.yml b/ansible_burp2_server/molecule/default/destroy.yml new file mode 100644 index 0000000..3ce7478 --- /dev/null +++ b/ansible_burp2_server/molecule/default/destroy.yml @@ -0,0 +1,27 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" + tasks: + - name: Destroy molecule instance(s) + docker_container: + name: "{{ item.name }}" + state: absent + force_kill: "{{ item.force_kill | default(true) }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" diff --git a/ansible_burp2_server/molecule/default/molecule.yml b/ansible_burp2_server/molecule/default/molecule.yml new file mode 100644 index 0000000..f5e3b11 --- /dev/null +++ b/ansible_burp2_server/molecule/default/molecule.yml @@ -0,0 +1,20 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: instance + image: centos:7 +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: default +verifier: + name: testinfra + lint: + name: flake8 diff --git a/ansible_burp2_server/molecule/default/playbook.yml b/ansible_burp2_server/molecule/default/playbook.yml new file mode 100644 index 0000000..8499f3e --- /dev/null +++ b/ansible_burp2_server/molecule/default/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: ansible_burp2_server_dummy diff --git a/ansible_burp2_server/molecule/default/prepare.yml b/ansible_burp2_server/molecule/default/prepare.yml new file mode 100644 index 0000000..5358b3b --- /dev/null +++ b/ansible_burp2_server/molecule/default/prepare.yml @@ -0,0 +1,5 @@ +--- +- name: Prepare + hosts: all + gather_facts: false + tasks: [] diff --git a/ansible_burp2_server/molecule/default/tests/test_default.py b/ansible_burp2_server/molecule/default/tests/test_default.py new file mode 100644 index 0000000..eedd64a --- /dev/null +++ b/ansible_burp2_server/molecule/default/tests/test_default.py @@ -0,0 +1,14 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_hosts_file(host): + f = host.file('/etc/hosts') + + assert f.exists + assert f.user == 'root' + assert f.group == 'root' diff --git a/ansible_burp2_server/molecule/default/tests/test_default.pyc b/ansible_burp2_server/molecule/default/tests/test_default.pyc new file mode 100644 index 0000000000000000000000000000000000000000..ac2fc45662198b1c5e6b09e8aa1c8163715ccbac GIT binary patch literal 1021 zcmdr~&2H2%5FRJnUs3jiP%k~AT)H`M;DQiK6-3dpm9~IHE>Sjdic_y0>`6t{?uGW< zc%VK&89SS{ls6!W$Kx;KZ^qv^yxG~FztCv`t0$!SEe-pTOi3RD36S3T4AKC20CfoU z0O~d10QEYQ0qkBes5hVtft+*`$^l%{&MilA9IX+ZxTR-`&&mCCG)WG=Op@$y`Zbw; zKAL^Y-XBg9bm?;`3r2IW8V5An37Jbu6JyTW+!wb~re7Sra)6-=tU+{l__euVua0#=L zS9vRO)STmx&f+mIVCLl7BFJu%0X7VV>=}!k%G4wPQe)5gebu8Dg|wqwSuvM9Gp$mj zqa(Nr@v8bTul=LY9SR+HyJy|z4MMm&6Gkgfbiy&~n%kG^_3E&htL(lr|6hAt8(uGT SNq6dvyN13mPXc<`ZukfKiz5>N literal 0 HcmV?d00001 diff --git a/ansible_burp2_server/tasks/main.yml b/ansible_burp2_server/tasks/main.yml new file mode 100644 index 0000000..571a8d4 --- /dev/null +++ b/ansible_burp2_server/tasks/main.yml @@ -0,0 +1,2 @@ +--- +# tasks file for ansible_burp2_server diff --git a/ansible_burp2_server/vars/main.yml b/ansible_burp2_server/vars/main.yml new file mode 100644 index 0000000..6fdbe26 --- /dev/null +++ b/ansible_burp2_server/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ansible_burp2_server From 95bd9cfd85c619c7a6e1abf5ec1fc502cf9ffbd8 Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Tue, 6 Feb 2018 16:44:07 +0100 Subject: [PATCH 09/19] added molecule v2 freebsd scenario --- .ansible-lint | 5 +- .yamllint | 4 +- molecule/default/Dockerfile.j2 | 9 +++ molecule/default/INSTALL.rst | 7 +- molecule/default/create.yml | 84 +++++++++++++----------- molecule/default/destroy.yml | 36 ++++------ molecule/default/molecule.yml | 40 ++++------- molecule/default/playbook.yml | 3 +- molecule/default/prepare.yml | 8 +-- molecule/default/tests/test_default.py | 8 +++ molecule/default/tests/test_default.pyc | Bin 1021 -> 1021 bytes molecule/freebsd/INSTALL.rst | 17 +++++ molecule/freebsd/create.yml | 56 ++++++++++++++++ molecule/freebsd/destroy.yml | 36 ++++++++++ molecule/freebsd/molecule.yml | 28 ++++++++ molecule/freebsd/playbook.yml | 6 ++ molecule/freebsd/prepare.yml | 9 +++ molecule/freebsd/tests/test_default.py | 14 ++++ molecule/freebsd/tests/test_default.pyc | Bin 0 -> 1021 bytes 19 files changed, 264 insertions(+), 106 deletions(-) create mode 100644 molecule/default/Dockerfile.j2 create mode 100644 molecule/freebsd/INSTALL.rst create mode 100644 molecule/freebsd/create.yml create mode 100644 molecule/freebsd/destroy.yml create mode 100644 molecule/freebsd/molecule.yml create mode 100644 molecule/freebsd/playbook.yml create mode 100644 molecule/freebsd/prepare.yml create mode 100644 molecule/freebsd/tests/test_default.py create mode 100644 molecule/freebsd/tests/test_default.pyc diff --git a/.ansible-lint b/.ansible-lint index d458291..35406f2 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -6,9 +6,8 @@ parseable: true quiet: true #rulesdir: # - ./rule/directory/ -#skip_list: -# - skip_this_tag -# - and_this_one_too +skip_list: + - trailing-spaces #tags: # - run_this_tag use_default_rules: true diff --git a/.yamllint b/.yamllint index 7345f33..e0f908d 100644 --- a/.yamllint +++ b/.yamllint @@ -26,7 +26,7 @@ rules: line-length: level: warning allow-non-breakable-inline-mappings: true - truthy: disable - trailing-spaces: disable new-line-at-end-of-file: level: warning + truthy: disable + trailing-spaces: disable diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 new file mode 100644 index 0000000..f8b4e75 --- /dev/null +++ b/molecule/default/Dockerfile.j2 @@ -0,0 +1,9 @@ +# Molecule managed + +FROM {{ item.image }} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst index 44c26af..e26493b 100644 --- a/molecule/default/INSTALL.rst +++ b/molecule/default/INSTALL.rst @@ -5,13 +5,12 @@ Install Requirements ============ -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop -* python-vagrant +* Docker Engine +* docker-py Install ======= .. code-block:: bash - $ sudo pip install python-vagrant + $ sudo pip install docker-py diff --git a/molecule/default/create.yml b/molecule/default/create.yml index f8eb37c..10fac31 100644 --- a/molecule/default/create.yml +++ b/molecule/default/create.yml @@ -2,55 +2,59 @@ - name: Create hosts: localhost connection: local - gather_facts: False + gather_facts: false no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" vars: molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" - molecule_instance_config: "{{ lookup('env', 'MOLECULE_INSTANCE_CONFIG') }}" + molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}" + molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}" molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" tasks: - - name: Create molecule instance(s) - molecule_vagrant: - instance_name: "{{ item.name }}" - instance_interfaces: "{{ item.interfaces | default(omit) }}" - instance_raw_config_args: "{{ item.instance_raw_config_args | default(omit) }}" + - name: Create Dockerfiles from image names + template: + src: "{{ molecule_scenario_directory }}/Dockerfile.j2" + dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" + with_items: "{{ molecule_yml.platforms }}" + register: platforms - platform_box: "{{ item.box }}" - platform_box_version: "{{ item.box_version | default(omit) }}" - platform_box_url: "{{ item.box_url | default(omit) }}" + - name: Discover local Docker images + docker_image_facts: + name: "molecule_local/{{ item.item.name }}" + with_items: "{{ platforms.results }}" + register: docker_images - provider_name: "{{ molecule_yml.driver.provider.name }}" - provider_memory: "{{ item.memory | default(omit) }}" - provider_cpus: "{{ item.cpus | default(omit) }}" - provider_raw_config_args: "{{ item.raw_config_args | default(omit) }}" + - name: Build an Ansible compatible image + docker_image: + path: "{{ molecule_ephemeral_directory }}" + name: "molecule_local/{{ item.item.image }}" + dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" + force: "{{ item.item.force | default(true) }}" + with_items: "{{ platforms.results }}" + when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 - state: up + - name: Create molecule instance(s) + docker_container: + name: "{{ item.name }}" + hostname: "{{ item.name }}" + image: "molecule_local/{{ item.image }}" + state: started + recreate: false + log_driver: json-file + command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" + privileged: "{{ item.privileged | default(omit) }}" + volumes: "{{ item.volumes | default(omit) }}" + capabilities: "{{ item.capabilities | default(omit) }}" + ports: "{{ item.exposed_ports | default(omit) }}" + ulimits: "{{ item.ulimits | default(omit) }}" register: server with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 - # Mandatory configuration for Molecule to function. - - - name: Populate instance config dict - set_fact: - instance_conf_dict: { - 'instance': "{{ item.Host }}", - 'address': "{{ item.HostName }}", - 'user': "{{ item.User }}", - 'port': "{{ item.Port }}", - 'identity_file': "{{ item.IdentityFile }}", } + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 with_items: "{{ server.results }}" - register: instance_config_dict - when: server.changed | bool - - - name: Convert instance config dict to a list - set_fact: - instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" - when: server.changed | bool - - - name: Dump instance config - copy: - # NOTE(retr0h): Workaround for Ansible 2.2. - # https://github.com/ansible/ansible/issues/20885 - content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" - dest: "{{ molecule_instance_config }}" - when: server.changed | bool diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml index b74f4d8..3ce7478 100644 --- a/molecule/default/destroy.yml +++ b/molecule/default/destroy.yml @@ -1,35 +1,27 @@ --- - - name: Destroy hosts: localhost connection: local - gather_facts: False + gather_facts: false no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" vars: molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" - molecule_instance_config: "{{ lookup('env',' MOLECULE_INSTANCE_CONFIG') }}" molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" tasks: - name: Destroy molecule instance(s) - molecule_vagrant: - instance_name: "{{ item.name }}" - platform_box: "{{ item.box }}" - provider_name: "{{ molecule_yml.driver.provider.name }}" - force_stop: "{{ item.force_stop | default(True) }}" - state: destroy + docker_container: + name: "{{ item.name }}" + state: absent + force_kill: "{{ item.force_kill | default(true) }}" register: server with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 - # Mandatory configuration for Molecule to function. - - - name: Populate instance config - set_fact: - instance_conf: {} - - - name: Dump instance config - copy: - # NOTE(retr0h): Workaround for Ansible 2.2. - # https://github.com/ansible/ansible/issues/20885 - content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" - dest: "{{ molecule_instance_config }}" - when: server.changed | bool + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 835a73b..f5e3b11 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,34 +1,20 @@ --- - +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: instance + image: centos:7 provisioner: name: ansible lint: name: ansible-lint - enabled: False - inventory: - links: - # include global variables as well for testing - group_vars: ../../../../../../group_vars/ - host_vars: ../../../../../../host_vars/ - env: - # dont let molecule guess - ANSIBLE_ROLES_PATH: ../../../../internal:../../../../external/ - ANSIBLE_LIBRARY: ../../../../../library/ - ANSIBLE_FILTER_PLUGINS: ../../../../../plugins - # if not set wants to use libvirt on my box - VAGRANT_DEFAULT_PROVIDER: virtualbox -driver: - name: vagrant - provider: - name: virtualbox -platforms: - - name: freebsd11 - box: ../../../../../testboxes/vagrant-freebsd11.1-ansibletarget.box - memory: 4096 - cpus: 4 - # https://www.vagrantup.com/docs/synced-folders/basic_usage.html - instance_raw_config_args: - - "vm.synced_folder '.', '/vagrant', disabled: true" +scenario: + name: default verifier: name: testinfra - + lint: + name: flake8 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 13a6cd2..7c1d376 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,5 +2,4 @@ - name: Converge hosts: all roles: - # force becoming root as molecule doesnt do it anymore - - { role: ansible_burp2_server, become: yes } + - role: ansible_burp2_server diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index b0e0aa6..5358b3b 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,9 +1,5 @@ --- - name: Prepare hosts: all - gather_facts: False - tasks: - - name: Install python for Ansible - raw: test -e /usr/bin/python || (pkg update && pkg install -y python27 sudo && ln -s /usr/local/bin/python2.7 /usr/bin/python) - become: True - changed_when: False + gather_facts: false + tasks: [] diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 72ac55d..eedd64a 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -4,3 +4,11 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_hosts_file(host): + f = host.file('/etc/hosts') + + assert f.exists + assert f.user == 'root' + assert f.group == 'root' diff --git a/molecule/default/tests/test_default.pyc b/molecule/default/tests/test_default.pyc index f82890823332135a707e7956802121597ec0f446..ac2fc45662198b1c5e6b09e8aa1c8163715ccbac 100644 GIT binary patch delta 43 tcmey%{+FGd`7Sjdic_y0>`6t{?uGW< zc%VK&89SS{ls6!W$Kx;KZ^qv^yxG~FztCv`t0$!SEe-pTOi3RD36S3T4AKC20CfoU z0O~d10QEYQ0qkBes5hVtft+*`$^l%{&MilA9IX+ZxTR-`&&mCCG)WG=Op@$y`Zbw; zKAL^Y-XBg9bm?;`3r2IW8V5An37Jbu6JyTW+!wb~re7Sra)6-=tU+{l__euVua0#=L zS9vRO)STmx&f+mIVCLl7BFJu%0X7VV>=}!k%G4wPQe)5gebu8Dg|wqwSuvM9Gp$mj zqa(Nr@v8bTul=LY9SR+HyJy|z4MMm&6Gkgfbiy&~n%kG^_3E&htL(lr|6hAt8(uGT SNq6dvyN13mPXc<`ZukfKiz5>N literal 0 HcmV?d00001 From 0feaca6412c3e0adf2d8d72e071d5badbf084d0e Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Tue, 6 Feb 2018 16:44:48 +0100 Subject: [PATCH 10/19] working version mass commit --- ansible_burp2_server/.yamllint | 13 - ansible_burp2_server/README.md | 38 -- ansible_burp2_server/defaults/main.yml | 2 - ansible_burp2_server/handlers/main.yml | 2 - ansible_burp2_server/meta/main.yml | 58 --- .../molecule/default/Dockerfile.j2 | 9 - .../molecule/default/INSTALL.rst | 16 - .../molecule/default/create.yml | 60 --- .../molecule/default/destroy.yml | 27 -- .../molecule/default/molecule.yml | 20 - .../molecule/default/playbook.yml | 5 - .../molecule/default/prepare.yml | 5 - .../molecule/default/tests/test_default.py | 14 - .../molecule/default/tests/test_default.pyc | Bin 1021 -> 0 bytes ansible_burp2_server/tasks/main.yml | 2 - ansible_burp2_server/vars/main.yml | 2 - defaults/main.yml | 9 +- defaults/main.yml~ | 343 ------------------ molecule.yml | 119 ------ tasks/build-burp.yml | 12 +- tasks/build-burp.yml~ | 106 ------ tasks/config_agent.yml | 8 +- tasks/supervisor.yml | 8 +- tasks/tests/test_client.yml | 8 +- tasks/tests/test_client.yml~ | 84 ----- templates/burp-server.conf_supervisor.j2 | 2 +- vars/Debian-9.yml | 4 + vars/Debian.yml | 5 + vars/FreeBSD-11.yml | 2 +- vars/RedHat.yml | 4 + 30 files changed, 37 insertions(+), 950 deletions(-) delete mode 100644 ansible_burp2_server/.yamllint delete mode 100644 ansible_burp2_server/README.md delete mode 100644 ansible_burp2_server/defaults/main.yml delete mode 100644 ansible_burp2_server/handlers/main.yml delete mode 100644 ansible_burp2_server/meta/main.yml delete mode 100644 ansible_burp2_server/molecule/default/Dockerfile.j2 delete mode 100644 ansible_burp2_server/molecule/default/INSTALL.rst delete mode 100644 ansible_burp2_server/molecule/default/create.yml delete mode 100644 ansible_burp2_server/molecule/default/destroy.yml delete mode 100644 ansible_burp2_server/molecule/default/molecule.yml delete mode 100644 ansible_burp2_server/molecule/default/playbook.yml delete mode 100644 ansible_burp2_server/molecule/default/prepare.yml delete mode 100644 ansible_burp2_server/molecule/default/tests/test_default.py delete mode 100644 ansible_burp2_server/molecule/default/tests/test_default.pyc delete mode 100644 ansible_burp2_server/tasks/main.yml delete mode 100644 ansible_burp2_server/vars/main.yml delete mode 100644 defaults/main.yml~ delete mode 100644 molecule.yml delete mode 100644 tasks/build-burp.yml~ delete mode 100644 tasks/tests/test_client.yml~ diff --git a/ansible_burp2_server/.yamllint b/ansible_burp2_server/.yamllint deleted file mode 100644 index 3a2255e..0000000 --- a/ansible_burp2_server/.yamllint +++ /dev/null @@ -1,13 +0,0 @@ -extends: default - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - line-length: disable - # NOTE(retr0h): Templates no longer fail this lint rule. - # Uncomment if running old Molecule templates. - # truthy: disable diff --git a/ansible_burp2_server/README.md b/ansible_burp2_server/README.md deleted file mode 100644 index c560111..0000000 --- a/ansible_burp2_server/README.md +++ /dev/null @@ -1,38 +0,0 @@ -Role Name -========= - -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: ansible_burp2_server, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/ansible_burp2_server/defaults/main.yml b/ansible_burp2_server/defaults/main.yml deleted file mode 100644 index 9578bd2..0000000 --- a/ansible_burp2_server/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for ansible_burp2_server diff --git a/ansible_burp2_server/handlers/main.yml b/ansible_burp2_server/handlers/main.yml deleted file mode 100644 index 62bfe3a..0000000 --- a/ansible_burp2_server/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for ansible_burp2_server diff --git a/ansible_burp2_server/meta/main.yml b/ansible_burp2_server/meta/main.yml deleted file mode 100644 index ba43fdd..0000000 --- a/ansible_burp2_server/meta/main.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -galaxy_info: - author: your name - description: your description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY - license: license (GPLv2, CC-BY, etc) - - min_ansible_version: 1.2 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # Optionally specify the branch Galaxy will use when accessing the GitHub - # repo for this role. During role install, if no tags are available, - # Galaxy will use this branch. During import Galaxy will access files on - # this branch. If Travis integration is configured, only notifications for this - # branch will be accepted. Otherwise, in all cases, the repo's default branch - # (usually master) will be used. - # github_branch: - - # - # platforms is a list of platforms, and each platform has a name and a list of versions. - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. diff --git a/ansible_burp2_server/molecule/default/Dockerfile.j2 b/ansible_burp2_server/molecule/default/Dockerfile.j2 deleted file mode 100644 index f8b4e75..0000000 --- a/ansible_burp2_server/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,9 +0,0 @@ -# Molecule managed - -FROM {{ item.image }} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi diff --git a/ansible_burp2_server/molecule/default/INSTALL.rst b/ansible_burp2_server/molecule/default/INSTALL.rst deleted file mode 100644 index e26493b..0000000 --- a/ansible_burp2_server/molecule/default/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Install -******* - -Requirements -============ - -* Docker Engine -* docker-py - -Install -======= - -.. code-block:: bash - - $ sudo pip install docker-py diff --git a/ansible_burp2_server/molecule/default/create.yml b/ansible_burp2_server/molecule/default/create.yml deleted file mode 100644 index 10fac31..0000000 --- a/ansible_burp2_server/molecule/default/create.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -- name: Create - hosts: localhost - connection: local - gather_facts: false - no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" - vars: - molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" - molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}" - molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}" - molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" - tasks: - - name: Create Dockerfiles from image names - template: - src: "{{ molecule_scenario_directory }}/Dockerfile.j2" - dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" - with_items: "{{ molecule_yml.platforms }}" - register: platforms - - - name: Discover local Docker images - docker_image_facts: - name: "molecule_local/{{ item.item.name }}" - with_items: "{{ platforms.results }}" - register: docker_images - - - name: Build an Ansible compatible image - docker_image: - path: "{{ molecule_ephemeral_directory }}" - name: "molecule_local/{{ item.item.image }}" - dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" - force: "{{ item.item.force | default(true) }}" - with_items: "{{ platforms.results }}" - when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 - - - name: Create molecule instance(s) - docker_container: - name: "{{ item.name }}" - hostname: "{{ item.name }}" - image: "molecule_local/{{ item.image }}" - state: started - recreate: false - log_driver: json-file - command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" - privileged: "{{ item.privileged | default(omit) }}" - volumes: "{{ item.volumes | default(omit) }}" - capabilities: "{{ item.capabilities | default(omit) }}" - ports: "{{ item.exposed_ports | default(omit) }}" - ulimits: "{{ item.ulimits | default(omit) }}" - register: server - with_items: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) creation to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" diff --git a/ansible_burp2_server/molecule/default/destroy.yml b/ansible_burp2_server/molecule/default/destroy.yml deleted file mode 100644 index 3ce7478..0000000 --- a/ansible_burp2_server/molecule/default/destroy.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Destroy - hosts: localhost - connection: local - gather_facts: false - no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" - vars: - molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" - molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" - tasks: - - name: Destroy molecule instance(s) - docker_container: - name: "{{ item.name }}" - state: absent - force_kill: "{{ item.force_kill | default(true) }}" - register: server - with_items: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) deletion to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" diff --git a/ansible_burp2_server/molecule/default/molecule.yml b/ansible_burp2_server/molecule/default/molecule.yml deleted file mode 100644 index f5e3b11..0000000 --- a/ansible_burp2_server/molecule/default/molecule.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint -platforms: - - name: instance - image: centos:7 -provisioner: - name: ansible - lint: - name: ansible-lint -scenario: - name: default -verifier: - name: testinfra - lint: - name: flake8 diff --git a/ansible_burp2_server/molecule/default/playbook.yml b/ansible_burp2_server/molecule/default/playbook.yml deleted file mode 100644 index 8499f3e..0000000 --- a/ansible_burp2_server/molecule/default/playbook.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: ansible_burp2_server_dummy diff --git a/ansible_burp2_server/molecule/default/prepare.yml b/ansible_burp2_server/molecule/default/prepare.yml deleted file mode 100644 index 5358b3b..0000000 --- a/ansible_burp2_server/molecule/default/prepare.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: false - tasks: [] diff --git a/ansible_burp2_server/molecule/default/tests/test_default.py b/ansible_burp2_server/molecule/default/tests/test_default.py deleted file mode 100644 index eedd64a..0000000 --- a/ansible_burp2_server/molecule/default/tests/test_default.py +++ /dev/null @@ -1,14 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_hosts_file(host): - f = host.file('/etc/hosts') - - assert f.exists - assert f.user == 'root' - assert f.group == 'root' diff --git a/ansible_burp2_server/molecule/default/tests/test_default.pyc b/ansible_burp2_server/molecule/default/tests/test_default.pyc deleted file mode 100644 index ac2fc45662198b1c5e6b09e8aa1c8163715ccbac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1021 zcmdr~&2H2%5FRJnUs3jiP%k~AT)H`M;DQiK6-3dpm9~IHE>Sjdic_y0>`6t{?uGW< zc%VK&89SS{ls6!W$Kx;KZ^qv^yxG~FztCv`t0$!SEe-pTOi3RD36S3T4AKC20CfoU z0O~d10QEYQ0qkBes5hVtft+*`$^l%{&MilA9IX+ZxTR-`&&mCCG)WG=Op@$y`Zbw; zKAL^Y-XBg9bm?;`3r2IW8V5An37Jbu6JyTW+!wb~re7Sra)6-=tU+{l__euVua0#=L zS9vRO)STmx&f+mIVCLl7BFJu%0X7VV>=}!k%G4wPQe)5gebu8Dg|wqwSuvM9Gp$mj zqa(Nr@v8bTul=LY9SR+HyJy|z4MMm&6Gkgfbiy&~n%kG^_3E&htL(lr|6hAt8(uGT SNq6dvyN13mPXc<`ZukfKiz5>N diff --git a/ansible_burp2_server/tasks/main.yml b/ansible_burp2_server/tasks/main.yml deleted file mode 100644 index 571a8d4..0000000 --- a/ansible_burp2_server/tasks/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# tasks file for ansible_burp2_server diff --git a/ansible_burp2_server/vars/main.yml b/ansible_burp2_server/vars/main.yml deleted file mode 100644 index 6fdbe26..0000000 --- a/ansible_burp2_server/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for ansible_burp2_server diff --git a/defaults/main.yml b/defaults/main.yml index 1544350..256a095 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,10 +2,6 @@ # file: defaults/main.yml # New default options based on: https://github.com/grke/burp/wiki/Performance-Tips -### General -# used for eg FreeBSD which has a deviating path -etc_dir: "/etc" -usr_dir: "/usr" ### Modules # Configure Burp UI Agent @@ -264,7 +260,7 @@ burp_sv_agent_stderr_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.log # Burp Restore burp_sv_restore_priority: "30" burp_sv_restore_directory: "/tmp" -burp_sv_restore_command: "/usr/sbin/burp -F -c {{ etc_dir }}/burp/burp-restore.conf" +burp_sv_restore_command: "{{ usr_dir }}/sbin/burp -F -c {{ etc_dir }}/burp/burp-restore.conf" burp_sv_restore_user: "root" burp_sv_restore_autostart: "true" burp_sv_restore_autorestart: "true" @@ -273,10 +269,11 @@ burp_sv_restore_stderr_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.l # Burp Server burp_sv_server_priority: "20" burp_sv_server_directory: "/tmp" -burp_sv_server_command: "/usr/sbin/burp -F -c /etc/burp/burp-server.conf" +burp_sv_server_command: "{{ usr_dir }}/sbin/burp -F -c {{ etc_dir }}/burp/burp-server.conf" burp_sv_server_user: "root" burp_sv_server_autostart: "true" burp_sv_server_autorestart: "true" +burp_sv_server_startretries: "5" burp_sv_server_stdout_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.log" burp_sv_server_stderr_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.log" ### --- diff --git a/defaults/main.yml~ b/defaults/main.yml~ deleted file mode 100644 index 43378e6..0000000 --- a/defaults/main.yml~ +++ /dev/null @@ -1,343 +0,0 @@ ---- -# file: defaults/main.yml -# New default options based on: https://github.com/grke/burp/wiki/Performance-Tips - -### Modules -# Configure Burp UI Agent -burp_module_agent: false -# Configure burp restore service -burp_module_restore: false -# Configure Burp manual delete -burp_manual_delete_enabled: true -# Configure Burp Autoupgrade -burp_server_autoupgrade_enabled: false -# Activate clients from git repository -burp_repos: false -#burpsrv_repos: -# - { repo: "url", version: "branch", dir: "dest dir"} -# Example: -# burp_repos: -# - { repo: "http://host/group/repo.git", version: "master", dir: "linux_clients"} -# You just need files per client, example: -# client1 file content: -# -# password = password -# dedup_group = trusty -# . incexc/profile_lnxsrv - -burp_module_test_client: false - -### --- - -burp_home: "/var/spool/burp" - -## Build vars: - -# Add these vars to your hosts/groups to change version/tag (archive to download and compile) -burpsrcext: "zip" # must be tar.gz or zip -autoupgrade_version: "2.0.54" # master version is not compiled so added separately -burp_version: "2.0.54" # branch or tag, example: "master" , example: "2.0.46" - -burp_force_reinstall: false - -# previously: burpsrc: "burp-2.0.46" -burpsrc: "burp-{{ burp_version }}" -# previously: burpurl: "https://github.com/grke/burp/archive/2.0.46.tar.gz" -burpurl: "https://github.com/grke/burp/archive/{{ burp_version }}.{{ burpsrcext }}" -# Directory that will be used as the location for the downloads§ -download_dir: "{{ ansible_env.HOME }}/burp" - -### Burp Server -### http://burp.grke.org/docs/manpage.html -burp_server_data: "{{ burp_home }}/data" -burp_server_clientconfdir: "/etc/burp/clientconfdir" -burp_server_autoupgrade_dir: "/etc/burp/autoupgrade/server" -burp_server_address: "0.0.0.0" -burp_server_port: "4971" -burp_server_status_address: "127.0.0.1" -burp_server_status_port: "4972" -burp_server_dedup_group: "global" -burp_server_protocol: "1" -burp_server_pidfile: "/var/run/burp.server.pid" -burp_server_hardlinked_archive: "0" -burp_server_librsync: "1" -burp_server_working_dir_recovery_method: "delete" -burp_server_max_children: "2" # See https://github.com/grke/burp/wiki/Performance-Tips -burp_server_max_status_children: "10000" -burp_server_umask: "0022" -burp_server_syslog: "0" -burp_server_stdout: "1" -burp_server_client_can_delete: "1" -burp_server_client_can_force_backup: "1" -burp_server_client_can_list: "1" -burp_server_client_can_restore: "1" -burp_server_client_can_verify: "1" -burp_server_ratelimit: false -burp_server_network_timeout: false -# Changing default compression to lower level better for large deployments -# due to less CPU usage and fasters backups -burp_server_compression: zlib5 -burp_server_version_warn: "1" -burp_server_ca_conf: "/etc/burp/CA.cnf" -burp_server_ca_name: "burpCA" -burp_server_ca_burp_ca: "/usr/sbin/burp_ca" -burp_server_ca_crl_check: "1" -burp_server_ssl_cert_ca: "/etc/burp/ssl_cert_ca-server.pem" -burp_server_ssl_cert: "/etc/burp/ssl_cert-server.pem" -burp_server_ssl_key: "/etc/burp/ssl_cert-server.key" -burp_server_ssl_dhfile: "/etc/burp/dhfile.pem" -burp_server_ssl_key_password: "password" -burp_server_script_pre: false -burp_server_scripts_pre_args: [] -burp_server_script_post: false -burp_server_script_post_args: [] -burp_server_monitor_cache: "1" -burp_server_timer_script: "/usr/share/burp/scripts/timer_script" -burp_server_timer_args: - - 20h - - Mon,Tue,Wed,Thu,Fri,00,01,02,03,04,05,19,20,21,22,23 - - Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23 -burp_server_keep: - - 7 - -# Modify these variables in you host/group vars -# to allow notification when a failure occurs -# You will need some setup done in your sendmail command, like local postfix/sendmail. -# It's easy for linux sysadmin or those using ansible like automation. -burp_notify_failure: false -burp_notify_failure_email_to: root@localhost -burp_notify_failure_email_from: "burp_{{ ansible_nodename }}@domain.net" - -burp_server_custom_lines: [] -# - "someextra=line" -### --- - -## burp_server incexc profiles - -profiles_templates: - - - name: profile_lnxsrv - content: - - "#hard_quota No permitir backups a clientes con mas de xxGb en el backup total" - - "#hard_quota Do not allow to backup clients with more than xxGb in the whole backup" - - "hard_quota=65Gb" - - "" - - "#soft_quota enviar WARNING backups a de clientes con mas de xxGb en el backup total" - - "#soft_quota send WARNING to backups clients with more than xxGb in the whole backup" - - "soft_quota=50Gb" - - "" - - ". lnxsrv_global_inclusions" - - ". lnxsrv_global_exclusions" - - "" - - "cross_all_filesystems=1" - - "dedup_group = lnxsrv" - - - name: profile_lnxsrv_medium - content: - - "#hard_quota No permitir backups a clientes con mas de xxGb en el backup total" - - "#hard_quota Do not allow to backup clients with more than xxGb in the whole backup" - - "hard_quota=150Gb" - - "" - - "#soft_quota enviar WARNING backups a de clientes con mas de xxGb en el backup total" - - "#soft_quota send WARNING to backups clients with more than xxGb in the whole backup" - - "soft_quota=120Gb" - - "" - - ". lnxsrv_global_inclusions" - - ". lnxsrv_global_exclusions" - - "" - - "cross_all_filesystems=1" - - "dedup_group = lnxsrv" - - - name: profile_win6x - content: - - "#hard_quota No permitir backups a clientes con mas de xxGb en el backup total" - - "#hard_quota Do not allow to backup clients with more than xxGb in the whole backup" - - "hard_quota=65Gb" - - "" - - "#soft_quota enviar WARNING backups a de clientes con mas de xxGb en el backup total" - - "#soft_quota send WARNING to backups clients with more than xxGb in the whole backup" - - "soft_quota=50Gb" - - "" - - "# Due to issue: https://github.com/grke/burp/issues/501" - - "# I'm moving some inclusions and reducing the way I'm using nested files and also not including anything that is not" - - "# on all clients." - - "# . win6x_global_inclusions" - - "include_glob=C:/Users/*/Contacts" - - "include_glob=C:/Users/*/Documents" - - "include_glob=C:/Users/*/Favorites" - - "include_glob=C:/Users/*/Links" - - "include_glob=C:/Users/*/Desktop" - - "" - - ". win6x_global_exclusions" - - ". video_exclusions" - - ". audio_exclusions" - - "" - - "dedup_group = win6x" - - - name: profile_win6x_drp - content: - - 'include = C:/' - - '' - - '# temp stuff' - - 'exclude_regex = "[A-Z]:/Users/[^/]+/AppData/Local/Temp"' - - 'exclude_regex = "[A-Z]:/Users/[^/]+/AppData/Local/Microsoft/Windows/Temporary Internet Files"' - - 'exclude_regex = "[A-Z]:/Users/[^/]+/AppData/Local/Microsoft/Office/15.0/OfficeFileCache"' - - 'exclude_regex = "[A-Z]:/Users/[^/]+/Onedrive[^/]+"' - - 'exclude_regex = "[A-Z]:/Documents and Settings/[^/]+/Cookies"' - - 'exclude_regex = "[A-Z]:/Documents and Settings/[^/]+/Recent"' - - 'exclude_regex = "[A-Z]:/Documents and Settings/[^/]+/Local Settings/Temp"' - - '# iometer test file' - - 'exclude_regex = "[A-Z]:/iobw.tst"' - - '' - - '# system stuff that is not important in a restored system' - - 'exclude_regex = "[A-Z]:/RECYCLER"' - - '# swap file (Windows XP, 7, 8)' - - 'exclude_regex = "[A-Z]:/pagefile.sys"' - - '# swap file?? (Windows 8)' - - 'exclude_regex = "[A-Z]:/swapfile.sys"' - - '# system temp files' - - 'exclude_regex = "[A-Z]:/Windows/Temp"' - - 'exclude_regex = "[A-Z]:/Programdata/Microsoft/Search"' - - 'exclude_regex = "[A-Z]:/Programdata/Microsoft/ClickToRun"' - - '' - - '# note that we are backing up C:/System Volume Information"' - - -# See file tasks/manual_client.yml -burp2_add_manual_clients: [] - -# See file tasks/remove_client.yml -burp_remove_clients: [] - -# if burpsrv_agent: true -### Burp UI Agent -#[Global] -burp_agent_global_port: "5001" -burp_agent_global_bind: "0.0.0.0" -burp_agent_global_ssl: "false" -burp_agent_global_version: "2" -burp_agent_global_password: "password" -#[Security] -burp_agent_security_includes: "/etc/burp" -burp_agent_security_enforce: "false" -burp_agent_security_revoke: "true" -#[Experimental] -burp_agent_experimental_zip64: "false" -#[Backend] -burp_agent_backend_burpbin: "/usr/sbin/burp" -burp_agent_backend_stripbin: "/usr/bin/vss_strip" -burp_agent_backend_tmpdir: "/tmp" -burp_agent_backend_timeout: "60" -# Burp UI pip packages -# Install burpui from a different source -# ex: burpsrv_pip_burpui: "https://burpui.ziirish.me/builds/burp-ui.dev.tar.gz" -burp_agent_pip_burpui: "burp-ui-agent" -burpui_pip_packages: - - { name: "{{ burp_agent_pip_burpui }}", version: 0.5.1 } -python_pip_executable: "pip3" # options pip3 / pip2 -burp_agent_pip_present: - - "pip>=9" - - "cffi>=1.7" - - "gevent>=1.2" - - "ujson>=1.35" - - "urllib3>=1.19" # required to avoid issues with get_url module - # - "ndg-httpsclient>=0.4.2" # required to avoid issues with get_url module - - "pyasn1" - - "requests[security]>=2.12" # required to avoid issues with get_url module -### --- - -### Supervisor -# Burp Agent -burp_sv_agent_priority: "40" -burp_sv_agent_directory: "/tmp" -burp_sv_agent_command: "{{ pip_installed_exe_bin_path }}/bui-agent -v -c /etc/burp/buiagent.cfg" -burp_sv_agent_user: "root" -burp_sv_agent_autostart: "true" -burp_sv_agent_autorestart: "true" -burp_sv_agent_stdout_logfile: "/var/log/supervisor/%(program_name)s.log" -burp_sv_agent_stderr_logfile: "/var/log/supervisor/%(program_name)s.log" -# Burp Restore -burp_sv_restore_priority: "30" -burp_sv_restore_directory: "/tmp" -burp_sv_restore_command: "/usr/sbin/burp -F -c /etc/burp/burp-restore.conf" -burp_sv_restore_user: "root" -burp_sv_restore_autostart: "true" -burp_sv_restore_autorestart: "true" -burp_sv_restore_stdout_logfile: "/var/log/supervisor/%(program_name)s.log" -burp_sv_restore_stderr_logfile: "/var/log/supervisor/%(program_name)s.log" -# Burp Server -burp_sv_server_priority: "20" -burp_sv_server_directory: "/tmp" -burp_sv_server_command: "/usr/sbin/burp -F -c /etc/burp/burp-server.conf" -burp_sv_server_user: "root" -burp_sv_server_autostart: "true" -burp_sv_server_autorestart: "true" -burp_sv_server_stdout_logfile: "/var/log/supervisor/%(program_name)s.log" -burp_sv_server_stderr_logfile: "/var/log/supervisor/%(program_name)s.log" -### --- - -# if burp_manual_delete_enabled: true -### Manual Delete -burp_trash: "{{ burp_home }}/trash" -burp_logs: "/var/log/burp" -burp_cron_delete: - - { minute: "00", hour: "03", dow: "*" } -### --- - -# if burpsrv_local_client: true -### Burp Client -burp_client_pidfile: "/var/run/burp.pid" -burp_client_password: "password" -burp_client_ca_csr_dir: "/etc/burp/CA-client" -burp_client_ssl_cert_ca: "/etc/burp/ssl_cert_ca-monitor.pem" -burp_client_ssl_cert: "/etc/burp/ssl_cert-monitor.pem" -burp_client_ssl_key: "/etc/burp/ssl_cert-monitor.key" -### --- - -# if burp_module_restore: true -# Burp Restore is another burp daemon with the unique purpose -# to have possibility to restore when backups reach max_children -# This was created before 2.1.10 added port per operation support -# and will be deprecated once burp 2.1 becomes stable -### Burp Restore -burp_restore_address: "0.0.0.0" -burp_restore_port: "4973" -burp_restore_status_address: "127.0.0.1" -burp_restore_status_port: "4974" -burp_restore_pidfile: "/var/run/burp.restore.pid" -burp_restore_clients: - - monitor -### --- - -#Since version 2.1.10 -# + Add the ability for the client to connect to different server ports -# according to whether it is doing backup/restore/verify/list/delete. -# These ports are based on: https://github.com/CoffeeITWorks/ansible_burp2_server/issues/11 -# Compatible since burp 2.1.10 -burp_server_port_per_operation_bool: false -burp_server_port_operation_restore: 4975 -burp_server_port_operation_verify: 4976 -burp_server_port_operation_list: 4977 -burp_server_port_operation_delete: 4978 -burp_server_ports_per_operation: - - '# port for restore' - - "port = {{ burp_server_port_operation_restore }}" - - 'max_children = 2' - - '# port for verify' - - "port = {{ burp_server_port_operation_verify }}" - - 'max_children = 1' - - '# port for list' - - "port = {{ burp_server_port_operation_list }}" - - 'max_children = 15' - - '# port for delete' - - "port = {{ burp_server_port_operation_delete }}" - - 'max_children = 2' -burp_client_ports_per_operation: - - 'port_restore = {{ burp_server_port_operation_restore }}' - - 'port_verify = {{ burp_server_port_operation_verify }}' - - 'port_list = {{ burp_server_port_operation_list }}' - - 'port_delete = {{ burp_server_port_operation_delete }}' - -# use the 'portinstall' module on FreeBSD to compile packages instead of 'package' -burp_freebsd_use_portinstall: False - diff --git a/molecule.yml b/molecule.yml deleted file mode 100644 index e72ac06..0000000 --- a/molecule.yml +++ /dev/null @@ -1,119 +0,0 @@ ---- -# Use docker to test on travis -# Use vagrant to create vms and access full OS on local testing -driver: - name: docker - #name: vagrant - -vagrant: - raw_config_args: - - "ssh.insert_key = false" - - "vm.network 'forwarded_port', guest: 80, host: 8080" - - platforms: - - name: debian64 - box: debian/jessie64 - - name: centos7 - box: centos/7 - - name: ubuntuxenial64 - box: nrclark/xenial64-minimal-libvirt - -# The tests with vagrant are done with libvirt, you can also use virtualbox -# You need to prepare vagrant, vagrant-libvirt, nfs-kernel-server, and libvirt-bin. -# https://wiki.debian.org/libvirt -# https://github.com/vagrant-libvirt/vagrant-libvirt -# sudo apt-get install libxslt-dev libxml2-dev libvirt-dev zlib1g-dev ruby-dev -# sudo apt-get install nfs-kernel-server # required to mount local dir to vm -# http://molecule.readthedocs.io/en/stable-1.9/provider/index.html#providers -# You must have latest vagrant and reinsall plugins if upgraded, see: -# https://github.com/vagrant-libvirt/vagrant-libvirt/issues/618 - providers: - - name: libvirt - type: libvirt - options: - memory: 1024 - cpus: 2 - # There are two available drivers: kvm and qemu. - # Refer to the vagrant-libvirt docs for more info. - driver: kvm - video_type: vga - volume_cache: writeback - - instances: - - name: vagrant-master-01 - ansible_groups: - - group_master - options: - append_platform_to_hostname: no - raw_config_args: - - "vm.box = 'debian/jessie64'" - - name: vagrant-master-02 - ansible_groups: - - group_master - options: - append_platform_to_hostname: no - raw_config_args: - - "vm.box = 'centos/7'" - - name: vagrant-master-03 - ansible_groups: - - group_master - options: - append_platform_to_hostname: no - raw_config_args: - - "vm.box = 'nrclark/xenial64-minimal-libvirt'" - -# It will not be used if you don't specify the driver: name: docker (see the beginning of the file) -docker: - containers: - - - name: ansible_burp2_ubuntu_latest - image: ubuntu - image_version: latest - ansible_groups: - - group1 - - - name: ansible_burp2_ubuntu_trusty - image: ubuntu - image_version: trusty - ansible_groups: - - group1 - - - name: ansible_test-master2 - image: dramaturg/debian-systemd - image_version: 'latest' - volume_mounts: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" - privileged: False - ansible_groups: - - group_master - - # In docker cannot be tested with centos 7 due to https://github.com/ansible/ansible-modules-core/issues/593 - - name: ansible_burp2_centos_7 - image: centos/systemd - image_version: latest - volume_mounts: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" - privileged: True - ansible_groups: - - group1 - - - name: ansible_test-04 - image: fedora/systemd-systemd - image_version: latest - volume_mounts: - - "/sys/fs/cgroup:/sys/fs/cgroup:ro" - privileged: True - -verifier: - name: testinfra - -ansible: - playbook: playbook.yml - group_vars: - group_master: - burpsrcext: "zip" - burp_version: "master" - burp_remove_clients: - - name: client_to_remove - - name: other_client_to_remove - burp_server_port_per_operation_bool: true diff --git a/tasks/build-burp.yml b/tasks/build-burp.yml index 6c2ce45..80aa7d55 100644 --- a/tasks/build-burp.yml +++ b/tasks/build-burp.yml @@ -11,14 +11,14 @@ package: name: "{{ build_dependencies | join(',') }}" state: present - when: ( ansible_os_family != "FreeBSD" and not burp_freebsd_use_portinstall ) + when: ansible_os_family != "FreeBSD" - name: install build dependencies on FreeBSD portinstall: name: "{{ item }}" state: present with_items: "{{ build_dependencies }}" - when: ansible_os_family == "FreeBSD" + when: ( ansible_os_family == "FreeBSD" and burp_freebsd_use_portinstall ) - name: Uninstall old burp package: @@ -60,23 +60,23 @@ shell: cd {{ download_dir }}/{{ burpsrc }} && autoreconf -vif creates={{ download_dir }}/{{ burpsrc }}/configure - name: ./configure - shell: cd {{ download_dir }}/{{ burpsrc }} && ./configure --prefix=/usr --sysconfdir={{ etc_dir }}/burp --localstatedir=/var creates={{ download_dir }}/{{ burpsrc }}/Makefile + shell: cd {{ download_dir }}/{{ burpsrc }} && ./configure --prefix={{ usr_dir }} --sysconfdir={{ etc_dir }}/burp --localstatedir=/var creates={{ download_dir }}/{{ burpsrc }}/Makefile - name: Make shell: cd {{ download_dir }}/{{ burpsrc }} && make creates={{ download_dir }}/{{ burpsrc }}/burp - name: check if burp is installed - stat: path=/usr/sbin/burp + stat: path="{{ usr_dir }}/sbin/burp" register: stb - name: Uninstall burp - shell: cd {{ download_dir }}/{{ burpsrc }} && make uninstall removes=/usr/sbin/burp + shell: cd {{ download_dir }}/{{ burpsrc }} && make uninstall removes={{ usr_dir }}/sbin/burp when: stb.stat.exists and ( unpack_src_tar.changed or unpack_src_zip.changed ) tags: - skip_ansible_lint - name: Make install - shell: cd {{ download_dir }}/{{ burpsrc }} && make install creates=/usr/sbin/burp + shell: cd {{ download_dir }}/{{ burpsrc }} && make install creates={{ usr_dir }}/sbin/burp notify: restart burp server - block: diff --git a/tasks/build-burp.yml~ b/tasks/build-burp.yml~ deleted file mode 100644 index 9332dd7..0000000 --- a/tasks/build-burp.yml~ +++ /dev/null @@ -1,106 +0,0 @@ ---- - -- name: ensure chache for apt is updated - apt: - update_cache: yes - cache_valid_time: 43200 - changed_when: false - when: ansible_os_family == 'Debian' - -- name: install build dependencies - package: - name: "{{ build_dependencies | join(',') }}" - state: present - -- name: Uninstall old burp - package: - name: "{{ item }}" - state: absent - with_items: - - burp - - burp-client - - burp-server - - burp-core - -- name: force reinstall burp - file: - path: "{{ download_dir }}" - state: absent - when: burp_force_reinstall | bool - -- name: Ensure download directory is present - file: path={{ download_dir }} state=directory - -- name: GET burp backup and restore - get_url: - url: "{{ burpurl }}" - dest: "{{ download_dir }}/{{ burpsrc }}.{{ burpsrcext }}" - timeout: 30 - validate_certs: no - -- name: Unpack Burp source files tar.gz - shell: cd {{ download_dir }} && tar -xzvf {{ burpsrc }}.{{ burpsrcext }} creates={{ download_dir }}/{{ burpsrc }} - register: unpack_src_tar - when: burpsrcext == 'tar.gz' - -- name: Unpack Burp source files zip - shell: cd {{ download_dir }} && unzip {{ burpsrc }}.{{ burpsrcext }} creates={{ download_dir }}/{{ burpsrc }} - register: unpack_src_zip - when: burpsrcext == 'zip' - -- name: Autoreconf Burp source files - shell: cd {{ download_dir }}/{{ burpsrc }} && autoreconf -vif creates={{ download_dir }}/{{ burpsrc }}/configure - -- name: ./configure - shell: cd {{ download_dir }}/{{ burpsrc }} && ./configure --prefix=/usr --sysconfdir="{{ etc_dir }}/burp --localstatedir=/var creates={{ download_dir }}/{{ burpsrc }}/Makefile - -- name: Make - shell: cd {{ download_dir }}/{{ burpsrc }} && make creates={{ download_dir }}/{{ burpsrc }}/burp - -- name: check if burp is installed - stat: path=/usr/sbin/burp - register: stb - -- name: Uninstall burp - shell: cd {{ download_dir }}/{{ burpsrc }} && make uninstall removes=/usr/sbin/burp - when: stb.stat.exists and ( unpack_src_tar.changed or unpack_src_zip.changed ) - tags: - - skip_ansible_lint - -- name: Make install - shell: cd {{ download_dir }}/{{ burpsrc }} && make install creates=/usr/sbin/burp - notify: restart burp server - -- block: - # Verify burp version if the burp_version is not master - - # Run this task always to register the burp version - - name: read burp installed version - shell: burp -v - changed_when: false - register: cmd_burp_version - tags: - - skip_ansible_lint - check_mode: no - - - name: failed when burp version is different than the one that must be installed - fail: msg="burp version is different than the one that must be installed" - when: cmd_burp_version.stdout != "burp-{{ burp_version }}" - - when: burp_version != "master" - -# Ensure to not create "{{ etc_dir }}/bur/CA manually because it will break auto generated certificate -- name: create etc directories - file: path={{ item }} recurse=yes state=directory - with_items: - - '"{{ etc_dir }}/burp/autoupgrade' - - '{{ burp_client_ca_csr_dir }}' - - '"{{ etc_dir }}/burp/clientconfdir/incexc' - - '"{{ etc_dir }}/burp/clientconfdir/profiles' - -- name: copy etc file - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: "build/CA.cnf.j2", dest: "{{ burp_server_ca_conf }}" } diff --git a/tasks/config_agent.yml b/tasks/config_agent.yml index 1a18ff8..ef10ed9 100644 --- a/tasks/config_agent.yml +++ b/tasks/config_agent.yml @@ -5,7 +5,7 @@ package: name: "{{ burp_agent_packages| join(',') }}" state: present - when: ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) + when: ( ansible_os_family != "FreeBSD" or burp_freebsd_use_portinstall == False ) - name: install buiagent packages portinstall: @@ -13,7 +13,7 @@ state: present use_packages: no with_items: "{{ burp_agent_packages}}" - when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) + when: ( ansible_os_family == "FreeBSD" and burp_freebsd_use_portinstall == True ) - name: install pip on FreeBSD with pythonic solution as ports are only pip2 ... command: python3.6 -m ensurepip @@ -41,14 +41,14 @@ package: name: "{{ burp_agent_py3_packages| join(',') }}" state: present - when: python_pip_executable == "pip3" and ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) + when: python_pip_executable == "pip3" and ( ansible_os_family != "FreeBSD" or burp_freebsd_use_portinstall == False ) - name: install buiagent packages for pip3 portinstall: name: "{{ burp_agent_py3_packages| join(',') }}" state: present use_packages: no - when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) + when: ( ansible_os_family == "FreeBSD" and burp_freebsd_use_portinstall == True ) - name: Uninstall buiagent pip2 packages when using pip3 as pip executable pip: diff --git a/tasks/supervisor.yml b/tasks/supervisor.yml index c5872a0..b1627ce 100644 --- a/tasks/supervisor.yml +++ b/tasks/supervisor.yml @@ -15,14 +15,14 @@ package: name: supervisor state: present - when: ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) + when: ( ansible_os_family != "FreeBSD" or burp_freebsd_use_portinstall == False ) - name: supervisor | Install supervisor portinstall: name: sysutils/py-supervisor state: present use_packages: no - when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) + when: ( ansible_os_family == "FreeBSD" and burp_freebsd_use_portinstall == True ) - name: supervisor | configure supervisor logrotate template: @@ -121,7 +121,9 @@ supervisorctl: name: burp-server state: started - + # bad solution to ERROR (already started) + ignore_errors: yes + - name: supervisor | wait for burp_server port wait_for: port={{ burp_server_port }} delay=5 timeout=30 diff --git a/tasks/tests/test_client.yml b/tasks/tests/test_client.yml index 9f161a7..3d9d5b6 100644 --- a/tasks/tests/test_client.yml +++ b/tasks/tests/test_client.yml @@ -24,7 +24,7 @@ seconds: 10 - name: test_client | test backup for test_client - command: /usr/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a b + command: "{{ usr_dir }}sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a b" args: creates: '{{ burp_server_data }}/test_client/current' changed_when: false @@ -33,11 +33,11 @@ wait_for: path='{{ burp_server_data }}/test_client/lockfile' state=absent - name: test_client | test list backups from test_client - command: /usr/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a l + command: "{{ usr_dir }}/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a l" changed_when: false - name: test_client | test restore backup 1 from test_client - command: /usr/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a r -b 1 -d /tmp/test_restore + command: "{{ usr_dir }}/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a r -b 1 -d /tmp/test_restore" args: creates: /tmp/test_restore @@ -54,7 +54,7 @@ state: file - name: test_client | test restore from different client - command: /usr/sbin/burp -c {{ etc_dir }}/burp/burp.conf -a r -b 1 -d /tmp/test_restore2 -C test_client -r "{{ etc_dir }}/burp/burp.conf" + command: '{{ usr_dir }}/sbin/burp -c {{ etc_dir }}/burp/burp.conf -a r -b 1 -d /tmp/test_restore2 -C test_client -r "{{ etc_dir }}/burp/burp.conf"' args: creates: /tmp/test_restore2 diff --git a/tasks/tests/test_client.yml~ b/tasks/tests/test_client.yml~ deleted file mode 100644 index c0cdd3e..0000000 --- a/tasks/tests/test_client.yml~ +++ /dev/null @@ -1,84 +0,0 @@ ---- -# file tasks/tests/test.yml - -- meta: flush_handlers - -# If folder is not created the test-client will fail -- name: test_client | create CA-test folder - file: - path: "{{ etc_dir }}/burp/CA-test" - state: directory - -- name: test_client | configure test client - template: - src: tests/test_client.conf.j2 - dest: {{ etc_dir }}/burp/test_client.conf - -- name: test_client | add local test_client - template: - src: tests/test_client.j2 - dest: "{{ burp_server_clientconfdir }}/test_client" - -- name: test_client | pause 10 seconds after add local client - pause: - seconds: 10 - -- name: test_client | test backup for test_client - command: /usr/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a b - args: - creates: '{{ burp_server_data }}/test_client/current' - changed_when: false - -- name: test_client | wait for client process backup finish - wait_for: path='{{ burp_server_data }}/test_client/lockfile' state=absent - -- name: test_client | test list backups from test_client - command: /usr/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a l - changed_when: false - -- name: test_client | test restore backup 1 from test_client - command: /usr/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a r -b 1 -d /tmp/test_restore - args: - creates: /tmp/test_restore - -- name: test_client | wait for client process restore finish - wait_for: path='{{ burp_server_data }}/test_client/restorelog' state=absent - -- name: test_client | pause 15 seconds after test restore client - pause: - seconds: 15 - -- name: test_client | check if restore exists - file: - path: /tmp/test_restore{{ etc_dir }}/burp/burp.conf - state: file - -- name: test_client | test restore from different client - command: /usr/sbin/burp -c {{ etc_dir }}/burp/burp.conf -a r -b 1 -d /tmp/test_restore2 -C test_client -r "{{ etc_dir }}/burp/burp.conf" - args: - creates: /tmp/test_restore2 - -- name: test_client | wait for client process restore finish - wait_for: path='{{ burp_server_data }}/test_client/restorelog' state=absent - -- name: test_client | pause 5 seconds after test restore client - pause: - seconds: 5 - -- name: test_client | check if restore exists - file: - path: /tmp/test_restore2{{ etc_dir }}/burp/burp.conf - state: file - -- name: test_client | template server initiated restore from different client - template: - src: tests/restore - dest: "{{ burp_server_data }}/monitor/restore" - changed_when: false - tags: - - skip_ansible_lint - -- name: test_client | Test restore server initiated - command: burp -c {{ etc_dir }}/burp/burp.conf -a t - args: - creates: /tmp/restore3{{ etc_dir }}/burp/burp.conf diff --git a/templates/burp-server.conf_supervisor.j2 b/templates/burp-server.conf_supervisor.j2 index 76f6b37..6e6b84b 100644 --- a/templates/burp-server.conf_supervisor.j2 +++ b/templates/burp-server.conf_supervisor.j2 @@ -7,4 +7,4 @@ autostart={{ burp_sv_server_autostart }} autorestart={{ burp_sv_server_autorestart }} stdout_logfile={{ burp_sv_server_stdout_logfile }} stderr_logfile={{ burp_sv_server_stderr_logfile }} - +startretries=10 \ No newline at end of file diff --git a/vars/Debian-9.yml b/vars/Debian-9.yml index b71fbf6..c41b27a 100644 --- a/vars/Debian-9.yml +++ b/vars/Debian-9.yml @@ -1,6 +1,10 @@ --- # file: vars/Ubuntu.yml +# different path on different OS +etc_dir: "/etc" +usr_dir: "/usr" + # burp_server_packages: # - libssl-dev # - burp-core diff --git a/vars/Debian.yml b/vars/Debian.yml index dbd4992..d22feec 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,6 +1,11 @@ --- # file: vars/Ubuntu.yml +# different path on different OS +etc_dir: "/etc" +usr_dir: "/usr" + + # burp_server_packages: # - libssl-dev # - burp-core diff --git a/vars/FreeBSD-11.yml b/vars/FreeBSD-11.yml index d983524..1dd43ce 100644 --- a/vars/FreeBSD-11.yml +++ b/vars/FreeBSD-11.yml @@ -3,7 +3,7 @@ # etc - different path for all additional sw etc_dir: "/usr/local/etc" -usr_dir: "/usr/local/" +usr_dir: "/usr/local" burp_server_packages: - py-supervisor diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 9e7bb3d..bc9408c 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,6 +1,10 @@ --- # file: vars/Redhat.yml +# different path on different OS +etc_dir: "/etc" +usr_dir: "/usr" + build_dependencies: - make #- pkg-config From 661d789e9ce55723ebc3a96b7f67cc94a4190b92 Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Thu, 8 Feb 2018 14:29:19 +0100 Subject: [PATCH 11/19] fixed freebsd scenario and moved templates from test to parent folder --- molecule/default/Dockerfile.j2 | 9 ---- molecule/default/INSTALL.rst | 16 ------ molecule/default/create.yml | 60 ---------------------- molecule/default/destroy.yml | 27 ---------- molecule/default/molecule.yml | 20 -------- molecule/default/playbook.yml | 5 -- molecule/default/prepare.yml | 5 -- molecule/default/tests/test_default.py | 14 ----- molecule/default/tests/test_default.pyc | Bin 1021 -> 0 bytes molecule/freebsd/playbook.yml | 4 +- tasks/build-burp.yml | 2 +- tasks/manual_delete.yml | 8 ++- tasks/tests/test_client.yml | 6 +-- templates/burp-server.conf_supervisor.j2 | 4 +- templates/{tests => }/restore | 0 templates/{tests => }/test_client.conf.j2 | 0 templates/{tests => }/test_client.j2 | 0 17 files changed, 17 insertions(+), 163 deletions(-) delete mode 100644 molecule/default/Dockerfile.j2 delete mode 100644 molecule/default/INSTALL.rst delete mode 100644 molecule/default/create.yml delete mode 100644 molecule/default/destroy.yml delete mode 100644 molecule/default/molecule.yml delete mode 100644 molecule/default/playbook.yml delete mode 100644 molecule/default/prepare.yml delete mode 100644 molecule/default/tests/test_default.py delete mode 100644 molecule/default/tests/test_default.pyc rename templates/{tests => }/restore (100%) rename templates/{tests => }/test_client.conf.j2 (100%) rename templates/{tests => }/test_client.j2 (100%) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 deleted file mode 100644 index f8b4e75..0000000 --- a/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,9 +0,0 @@ -# Molecule managed - -FROM {{ item.image }} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst deleted file mode 100644 index e26493b..0000000 --- a/molecule/default/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Install -******* - -Requirements -============ - -* Docker Engine -* docker-py - -Install -======= - -.. code-block:: bash - - $ sudo pip install docker-py diff --git a/molecule/default/create.yml b/molecule/default/create.yml deleted file mode 100644 index 10fac31..0000000 --- a/molecule/default/create.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -- name: Create - hosts: localhost - connection: local - gather_facts: false - no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" - vars: - molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" - molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}" - molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}" - molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" - tasks: - - name: Create Dockerfiles from image names - template: - src: "{{ molecule_scenario_directory }}/Dockerfile.j2" - dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" - with_items: "{{ molecule_yml.platforms }}" - register: platforms - - - name: Discover local Docker images - docker_image_facts: - name: "molecule_local/{{ item.item.name }}" - with_items: "{{ platforms.results }}" - register: docker_images - - - name: Build an Ansible compatible image - docker_image: - path: "{{ molecule_ephemeral_directory }}" - name: "molecule_local/{{ item.item.image }}" - dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" - force: "{{ item.item.force | default(true) }}" - with_items: "{{ platforms.results }}" - when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 - - - name: Create molecule instance(s) - docker_container: - name: "{{ item.name }}" - hostname: "{{ item.name }}" - image: "molecule_local/{{ item.image }}" - state: started - recreate: false - log_driver: json-file - command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" - privileged: "{{ item.privileged | default(omit) }}" - volumes: "{{ item.volumes | default(omit) }}" - capabilities: "{{ item.capabilities | default(omit) }}" - ports: "{{ item.exposed_ports | default(omit) }}" - ulimits: "{{ item.ulimits | default(omit) }}" - register: server - with_items: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) creation to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml deleted file mode 100644 index 3ce7478..0000000 --- a/molecule/default/destroy.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Destroy - hosts: localhost - connection: local - gather_facts: false - no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" - vars: - molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" - molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" - tasks: - - name: Destroy molecule instance(s) - docker_container: - name: "{{ item.name }}" - state: absent - force_kill: "{{ item.force_kill | default(true) }}" - register: server - with_items: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) deletion to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml deleted file mode 100644 index f5e3b11..0000000 --- a/molecule/default/molecule.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint -platforms: - - name: instance - image: centos:7 -provisioner: - name: ansible - lint: - name: ansible-lint -scenario: - name: default -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml deleted file mode 100644 index 7c1d376..0000000 --- a/molecule/default/playbook.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: ansible_burp2_server diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml deleted file mode 100644 index 5358b3b..0000000 --- a/molecule/default/prepare.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: false - tasks: [] diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py deleted file mode 100644 index eedd64a..0000000 --- a/molecule/default/tests/test_default.py +++ /dev/null @@ -1,14 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_hosts_file(host): - f = host.file('/etc/hosts') - - assert f.exists - assert f.user == 'root' - assert f.group == 'root' diff --git a/molecule/default/tests/test_default.pyc b/molecule/default/tests/test_default.pyc deleted file mode 100644 index ac2fc45662198b1c5e6b09e8aa1c8163715ccbac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1021 zcmdr~&2H2%5FRJnUs3jiP%k~AT)H`M;DQiK6-3dpm9~IHE>Sjdic_y0>`6t{?uGW< zc%VK&89SS{ls6!W$Kx;KZ^qv^yxG~FztCv`t0$!SEe-pTOi3RD36S3T4AKC20CfoU z0O~d10QEYQ0qkBes5hVtft+*`$^l%{&MilA9IX+ZxTR-`&&mCCG)WG=Op@$y`Zbw; zKAL^Y-XBg9bm?;`3r2IW8V5An37Jbu6JyTW+!wb~re7Sra)6-=tU+{l__euVua0#=L zS9vRO)STmx&f+mIVCLl7BFJu%0X7VV>=}!k%G4wPQe)5gebu8Dg|wqwSuvM9Gp$mj zqa(Nr@v8bTul=LY9SR+HyJy|z4MMm&6Gkgfbiy&~n%kG^_3E&htL(lr|6hAt8(uGT SNq6dvyN13mPXc<`ZukfKiz5>N diff --git a/molecule/freebsd/playbook.yml b/molecule/freebsd/playbook.yml index 13a6cd2..3308bc1 100644 --- a/molecule/freebsd/playbook.yml +++ b/molecule/freebsd/playbook.yml @@ -1,6 +1,8 @@ --- - name: Converge hosts: all + vars: + burp_module_test_client: yes roles: - # force becoming root as molecule doesnt do it anymore + # force becoming root as molecule doesn't do it anymore - { role: ansible_burp2_server, become: yes } diff --git a/tasks/build-burp.yml b/tasks/build-burp.yml index 80aa7d55..ac7ee2e 100644 --- a/tasks/build-burp.yml +++ b/tasks/build-burp.yml @@ -97,7 +97,7 @@ when: burp_version != "master" -# Ensure to not create {{ etc_dir }}/bur/CA manually because it will break auto generated certificate +# Ensure to not create {{ etc_dir }}/burp/CA manually because it will break auto generated certificate - name: create etc directories file: path={{ item }} recurse=yes state=directory with_items: diff --git a/tasks/manual_delete.yml b/tasks/manual_delete.yml index a0ea734..3ead00d 100644 --- a/tasks/manual_delete.yml +++ b/tasks/manual_delete.yml @@ -5,7 +5,8 @@ package: name: "{{ cron_packages | join(',') }}" state: present - + when: ( ansible_os_family != "FreeBSD" or burp_freebsd_use_portinstall == False ) + - name: create burp folders file: path: "{{ item }}" @@ -28,6 +29,11 @@ with_items: "{{ burp_cron_delete }}" notify: restart cron server +- name: create logrotate.d folder + file: + path: "{{ etc_dir }}/logrotate.d" + state: directory + - name: configure burp logrotate template: src: burp_logrotate.j2 diff --git a/tasks/tests/test_client.yml b/tasks/tests/test_client.yml index 3d9d5b6..4f3caed 100644 --- a/tasks/tests/test_client.yml +++ b/tasks/tests/test_client.yml @@ -11,12 +11,12 @@ - name: test_client | configure test client template: - src: tests/test_client.conf.j2 + src: test_client.conf.j2 dest: "{{ etc_dir }}/burp/test_client.conf" - name: test_client | add local test_client template: - src: tests/test_client.j2 + src: test_client.j2 dest: "{{ burp_server_clientconfdir }}/test_client" - name: test_client | pause 10 seconds after add local client @@ -24,7 +24,7 @@ seconds: 10 - name: test_client | test backup for test_client - command: "{{ usr_dir }}sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a b" + command: "{{ usr_dir }}/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a b" args: creates: '{{ burp_server_data }}/test_client/current' changed_when: false diff --git a/templates/burp-server.conf_supervisor.j2 b/templates/burp-server.conf_supervisor.j2 index 6e6b84b..69b4322 100644 --- a/templates/burp-server.conf_supervisor.j2 +++ b/templates/burp-server.conf_supervisor.j2 @@ -5,6 +5,8 @@ command={{ burp_sv_server_command }} user={{ burp_sv_server_user }} autostart={{ burp_sv_server_autostart }} autorestart={{ burp_sv_server_autorestart }} +# allow some time to start up and generate CA on first run +startsecs = 30 +startretries={{ burp_sv_server_startretries }} stdout_logfile={{ burp_sv_server_stdout_logfile }} stderr_logfile={{ burp_sv_server_stderr_logfile }} -startretries=10 \ No newline at end of file diff --git a/templates/tests/restore b/templates/restore similarity index 100% rename from templates/tests/restore rename to templates/restore diff --git a/templates/tests/test_client.conf.j2 b/templates/test_client.conf.j2 similarity index 100% rename from templates/tests/test_client.conf.j2 rename to templates/test_client.conf.j2 diff --git a/templates/tests/test_client.j2 b/templates/test_client.j2 similarity index 100% rename from templates/tests/test_client.j2 rename to templates/test_client.j2 From b02769c5572b37f6e71dcf06db68dfefd160d63f Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Fri, 9 Feb 2018 17:20:28 +0100 Subject: [PATCH 12/19] removed temp files --- meta/main.yml~ | 198 ------------------------------ tasks/clean.yml~ | 29 ----- tasks/config_agent.yml~ | 93 -------------- tasks/config_burp.yml | 22 ++-- tasks/install_burp.yml~ | 7 -- tasks/local_client.yml~ | 17 --- tasks/manual_delete.yml~ | 40 ------ tasks/manual_delete_disabled.yml~ | 21 ---- tasks/repositories.yml~ | 16 --- tasks/supervisor.yml | 8 +- tasks/supervisor.yml~ | 144 ---------------------- vars/FreeBSD-11.yml~ | 32 ----- 12 files changed, 18 insertions(+), 609 deletions(-) delete mode 100644 meta/main.yml~ delete mode 100644 tasks/clean.yml~ delete mode 100644 tasks/config_agent.yml~ delete mode 100644 tasks/install_burp.yml~ delete mode 100644 tasks/local_client.yml~ delete mode 100644 tasks/manual_delete.yml~ delete mode 100644 tasks/manual_delete_disabled.yml~ delete mode 100644 tasks/repositories.yml~ delete mode 100644 tasks/supervisor.yml~ delete mode 100644 vars/FreeBSD-11.yml~ diff --git a/meta/main.yml~ b/meta/main.yml~ deleted file mode 100644 index 0cc209a..0000000 --- a/meta/main.yml~ +++ /dev/null @@ -1,198 +0,0 @@ ---- -galaxy_info: - author: "Diego Daguerre / Pablo Estigarribia" - company: coffeeITWorks - description: ansible role to deploy and maintain burp backup - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY - license: MIT - - min_ansible_version: 2.0 - - # Optionally specify the branch Galaxy will use when accessing the GitHub - # repo for this role. During role install, if no tags are available, - # Galaxy will use this branch. During import Galaxy will access files on - # this branch. If travis integration is cofigured, only notification for this - # branch will be accepted. Otherwise, in all cases, the repo's default branch - # (usually master) will be used. - #github_branch: - - # - # Below are all platforms currently available. Just uncomment - # the ones that apply to your role. If you don't see your - # platform on this list, let us know and we'll get it added! - # - platforms: - - name: EL - versions: - - all - # - 5 - # - 6 - # - 7 - #- name: GenericUNIX - # versions: - # - all - # - any - #- name: OpenBSD - # versions: - # - all - # - 5.6 - # - 5.7 - # - 5.8 - # - 5.9 - # - 6.0 - - name: Fedora - versions: - - all - # - 16 - # - 17 - # - 18 - # - 19 - # - 20 - # - 21 - # - 22 - # - 23 - - name: opensuse - versions: - - all - # - 12.1 - # - 12.2 - # - 12.3 - # - 13.1 - # - 13.2 - #- name: MacOSX - # versions: - # - all - # - 10.10 - # - 10.11 - # - 10.12 - # - 10.7 - # - 10.8 - # - 10.9 - #- name: IOS - # versions: - # - all - # - any - #- name: Solaris - # versions: - # - all - # - 10 - # - 11.0 - # - 11.1 - # - 11.2 - # - 11.3 - #- name: SmartOS - # versions: - # - all - # - any - #- name: eos - # versions: - # - all - # - Any - #- name: Windows - # versions: - # - all - # - 2012R2 - #- name: Amazon - # versions: - # - all - # - 2013.03 - # - 2013.09 - #- name: GenericBSD - # versions: - # - all - # - any - #- name: Junos - # versions: - # - all - # - any - #- name: FreeBSD - # versions: - # - all - # - 10.0 - # - 10.1 - # - 10.2 - # - 10.3 - # - 8.0 - # - 8.1 - # - 8.2 - # - 8.3 - # - 8.4 - # - 9.0 - # - 9.1 - # - 9.1 - # - 9.2 - # - 9.3 - - name: Ubuntu - versions: - - all - # - lucid - # - maverick - # - natty - # - oneiric - # - precise - # - quantal - # - raring - # - saucy - # - trusty - # - utopic - # - vivid - # - wily - # - xenial - #- name: SLES - # versions: - # - all - # - 10SP3 - # - 10SP4 - # - 11 - # - 11SP1 - # - 11SP2 - # - 11SP3 - # - 11SP4 - # - 12 - # - 12SP1 - - name: GenericLinux - versions: - - all - # - any - #- name: NXOS - # versions: - # - all - # - any - - name: Debian - versions: - - all - # - etch - # - jessie - # - lenny - # - sid - # - squeeze - # - stretch - # - wheezy - - galaxy_tags: - - sysadmin - - backup - # List tags for your role here, one per line. A tag is - # a keyword that describes and categorizes the role. - # Users find roles by searching for tags. Be sure to - # remove the '[]' above if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of - # alphanumeric characters. Maximum 20 tags per role. - -dependencies: - #- { role: supervisord } - # List your role dependencies here, one per line. - # Be sure to remove the '[]' above if you add dependencies - # to this list. diff --git a/tasks/clean.yml~ b/tasks/clean.yml~ deleted file mode 100644 index f9aa49c..0000000 --- a/tasks/clean.yml~ +++ /dev/null @@ -1,29 +0,0 @@ -- name: uninstall old burp package - package: - name: burp - state: absent - -- name: uninstall old burp package - package: - name: burp-server - state: absent - -- name: remove old burp server service - file: - path: {{ etc_dir }}/init.d/burp-server - state: absent - -- name: remove old burp restore service - file: - path: {{ etc_dir }}/init.d/burp-restore - state: absent - -- name: remove old default burp server service - file: - path: {{ etc_dir }}/default/burp - state: absent - -- name: remove old default burp restore service - file: - path: {{ etc_dir }}/default/burp-restore - state: absent \ No newline at end of file diff --git a/tasks/config_agent.yml~ b/tasks/config_agent.yml~ deleted file mode 100644 index efe8fa7..0000000 --- a/tasks/config_agent.yml~ +++ /dev/null @@ -1,93 +0,0 @@ ---- -# file defaults/config_agent.yml - -- name: install buiagent packages - package: - name: "{{ burp_agent_packages| join(',') }}" - state: present - when: ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) - -- name: install buiagent packages - portinstall: - name: "{{ item }}" - state: present - use_packages: no - with_items: "{{ burp_agent_packages}}" - when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) - -- name: install pip on FreeBSD with pythonic solution as ports are only pip2 ... - command: python3.6 -m ensurepip - args: - creates: "{{python_pip_executable }}" - when: ansible_os_family == "FreeBSD" - -# workaround for ubuntu 14.04 with missing pip3 executable -- block: - - - name: stat to see if pip3 executable is present - stat: - path: '/usr/bin/pip3' - register: pip3_executable_stat - - - name: Absent python3-pip if /usr/bin/pip3 is not present - package: - name: 'python3-pip' - state: absent - when: not pip3_executable_stat.stat.exists - - when: ansible_distribution_release == 'trusty' - -- name: install buiagent packages for pip3 - package: - name: "{{ burp_agent_py3_packages| join(',') }}" - state: present - when: python_pip_executable == "pip3" and ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) - -- name: install buiagent packages for pip3 - portinstall: - name: "{{ burp_agent_py3_packages| join(',') }}" - state: present - use_packages: no - when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) - -- name: Uninstall buiagent pip2 packages when using pip3 as pip executable - pip: - name: "{{ burp_agent_pip_burpui }}" - state: absent - executable: "pip2" - when: python_pip_executable == "pip3" - # ports for py-pip are built for current python version - when: ansible_os_family != "FreeBSD" - -- name: install buiagent pip packages - pip: - name: "{{ item }}" - state: present - executable: "{{ python_pip_executable }}" - with_items: "{{ burp_agent_pip_present }}" - -- name: Install buiagent pip - pip: - name: "{{ item.name }}" - state: present - version: "{{ item.version}}" - executable: "{{ python_pip_executable }}" - with_items: "{{ burpui_pip_packages }}" - notify: restart buiagent - - -- name: configure buiagent - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: "buiagent.cfg.j2", dest: "{{ etc_dir }}/burp/buiagent.cfg" } - notify: restart buiagent - -- name: ensure supervisor is restarted - service: - name: "{{ supervisor_service }}" - state: restarted - sleep: 5 - enabled: True - changed_when: false diff --git a/tasks/config_burp.yml b/tasks/config_burp.yml index 8c99315..c2bc82b 100644 --- a/tasks/config_burp.yml +++ b/tasks/config_burp.yml @@ -28,17 +28,17 @@ - { src: "burp-server.conf.j2", dest: "{{ etc_dir }}/burp/burp-server.conf"} notify: restart burp server -- name: symlink ssl server certificates on FreeBSD - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: link - force: yes - with_items: - - { src: "{{ etc_dir }}/burp/CA/CA_burpCA.crt", dest: "{{ etc_dir }}/burp/ssl_cert_ca-server.pem" } - - { src: "{{ etc_dir }}/burp/CA/{{ ansible_hostname }}.key", dest: "{{ etc_dir }}/burp/ssl_cert-server.key" } - - { src: "{{ etc_dir }}/burp/CA/{{ ansible_hostname }}.crt", dest: "{{ etc_dir }}/burp/ssl_cert-server.pem" } - when: ansible_os_family == "FreeBSD" +# - name: symlink ssl server certificates on FreeBSD +# file: +# src: "{{ item.src }}" +# dest: "{{ item.dest }}" +# state: link +# force: yes +# with_items: +# - { src: "{{ etc_dir }}/burp/CA/CA_burpCA.crt", dest: "{{ etc_dir }}/burp/ssl_cert_ca-server.pem" } +# - { src: "{{ etc_dir }}/burp/CA/{{ ansible_hostname }}.key", dest: "{{ etc_dir }}/burp/ssl_cert-server.key" } +# - { src: "{{ etc_dir }}/burp/CA/{{ ansible_hostname }}.crt", dest: "{{ etc_dir }}/burp/ssl_cert-server.pem" } +# when: ansible_os_family == "FreeBSD" - name: config_burp | configure profiles configured in profiles_templates template: diff --git a/tasks/install_burp.yml~ b/tasks/install_burp.yml~ deleted file mode 100644 index 997ace7..0000000 --- a/tasks/install_burp.yml~ +++ /dev/null @@ -1,7 +0,0 @@ ---- -# file tasks/install_burp.yml - -- name: install burp packages - package: - name: "{{ burp_server_packages| join(',') }}" - state: latest \ No newline at end of file diff --git a/tasks/local_client.yml~ b/tasks/local_client.yml~ deleted file mode 100644 index 9e30e94..0000000 --- a/tasks/local_client.yml~ +++ /dev/null @@ -1,17 +0,0 @@ ---- -# file tasks/local_client.yml - -- name: create CA-monitor folder - file: - path: "{{ burp_client_ca_csr_dir }}" - state: directory - -- name: configure burp client - template: - src: burp.conf.j2 - dest: {{ etc_dir }}/burp/burp.conf - -- name: add local client - template: - src: monitor.j2 - dest: "{{ burp_server_clientconfdir }}/monitor" \ No newline at end of file diff --git a/tasks/manual_delete.yml~ b/tasks/manual_delete.yml~ deleted file mode 100644 index d380843..0000000 --- a/tasks/manual_delete.yml~ +++ /dev/null @@ -1,40 +0,0 @@ ---- -# file tasks/manual_delete.yml - -- name: install cron packages - package: - name: "{{ cron_packages | join(',') }}" - state: present - -- name: create burp folders - file: - path: "{{ item }}" - state: directory - with_items: - - "{{ burp_trash }}" - - "{{ burp_logs }}" - - {{ etc_dir }}/cron.d - -- name: Cron task to delete files in burp trash - cron: - name: delete files in burp trash - job: 'rm -rfv {{ burp_trash }}/* >> {{ burp_logs }}/manual_delete.log' - user: root - cron_file: manual_delete - minute: "{{ item.minute }}" - hour: "{{ item.hour }}" - weekday: "{{ item.dow }}" - state: present - with_items: "{{ burp_cron_delete }}" - notify: restart cron server - -- name: configure burp logrotate - template: - src: burp_logrotate.j2 - dest: "{{ etc_dir }}/logrotate.d/burp" - -- name: Enable crond service - service: - name: "{{ cron_service }}" - state: started - enabled: yes diff --git a/tasks/manual_delete_disabled.yml~ b/tasks/manual_delete_disabled.yml~ deleted file mode 100644 index 3bb2cec..0000000 --- a/tasks/manual_delete_disabled.yml~ +++ /dev/null @@ -1,21 +0,0 @@ ---- -# file tasks/manual_delete.yml - -- name: remove burp trash - file: - path: "{{ item }}" - state: absent - with_items: - - "{{ burp_trash }}" - -- name: remove Cron task to delete files in burp trash - cron: - name: delete files in burp trash - cron_file: manual_delete - state: absent - notify: restart cron server - -- name: remove burp logrotate - file: - state: absent - path: {{ etc_dir }}/logrotate.d/burp diff --git a/tasks/repositories.yml~ b/tasks/repositories.yml~ deleted file mode 100644 index 0e28b0f..0000000 --- a/tasks/repositories.yml~ +++ /dev/null @@ -1,16 +0,0 @@ ---- - -- name: Configure DEB sources for burp - template: - src: sources_burp.list.j2 - dest: {{ etc_dir }}/apt/sources.list.d/sources_burp.list - notify: update cache - register: add_burp_repo - -# Add an Apt signing key, uses key URL -- name: Install gpg key for burp repository - shell: 'wget -q "http://ziirish.info/repos/{{ ansible_distribution | lower }}.gpg" -O - | sudo apt-key add -' - when: add_burp_repo.changed - -- name: ensure handlers runs before continue - meta: flush_handlers \ No newline at end of file diff --git a/tasks/supervisor.yml b/tasks/supervisor.yml index b1627ce..95a1160 100644 --- a/tasks/supervisor.yml +++ b/tasks/supervisor.yml @@ -117,11 +117,17 @@ seconds: 10 when: supervisor_started.changed or supervisor_restarted.changed +- name: supervisor | burp generate CA upfront as it somehow breaks supervisor startup on first run on FreeBSD11 + command: "{{ burp_sv_server_cagen_command }}" + args: + creates: "{{ burp_server_ssl_dhfile }}" + when: ansible_os_family == "FreeBSD" + - name: supervisor | start burp server supervisorctl: name: burp-server state: started - # bad solution to ERROR (already started) + # bad solution to ERROR (already started)... at least on FreeBSD ignore_errors: yes - name: supervisor | wait for burp_server port diff --git a/tasks/supervisor.yml~ b/tasks/supervisor.yml~ deleted file mode 100644 index 2820e51..0000000 --- a/tasks/supervisor.yml~ +++ /dev/null @@ -1,144 +0,0 @@ ---- - -- name: supervisor | Add supervisor ppa for Ubuntu - apt_repository: - repo: ppa:iacobs/supervisor - when: ansible_distribution_release == 'trusty' - register: ppa_supervisor - -- name: supervisor | update cache - apt: update-cache=yes cache_valid_time=43200 - changed_when: false - when: ansible_os_family == 'Debian' - -- name: supervisor | Install supervisor - package: - name: supervisor - state: present - when: ( ansible_os_family != "FreeBSD" or burp_use_portinstall == False ) - -- name: supervisor | Install supervisor - portinstall: - name: sysutils/py-supervisor - state: present - use_packages: no - when: ( ansible_os_family == "FreeBSD" and burp_use_portinstall == True ) - -- name: supervisor | configure supervisor logrotate - template: - src: supervisor_logrotate.j2 - dest: "{{ etc_dir}}/logrotate.d/supervisor" - -# On centos 6 there is no include section by default -- name: supervisor | configure supervisor logrotate - template: - src: redhat_supervisord.conf.j2 - dest: {{ etc_dir }}/supervisord.conf - when: ansible_os_family == "RedHat" - -# On centos 6 this directory is not created by rpm package -- name: supervisor | Ensure "{{ supervisoretc_dir }}" dir exists - file: - path: "{{ supervisoretc_dir }}" - state: "directory" - -- name: supervisor | check bui-agent path - stat: - path: /usr/local/bin/bui-agent - register: bui_agent_local_bin - -- name: change pip_installed_exe_bin_path when using local bin - set_fact: - pip_installed_exe_bin_path: /usr/local/bin - when: bui_agent_local_bin.stat.exists - -- name: supervisor | configure supervisor service for burp-server - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: "burp-server.conf_supervisor.j2", dest: "{{ supervisoretc_dir }}/burp-server.{{ supervisor_ext }}" } - notify: - - restart supervisor - register: supervisor_burp_service_config_status - -# only run if burp_module_restore: true -- name: supervisor | configure supervisor services for burp-restore - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: "burp-restore.conf_supervisor.j2", dest: "{{ supervisoretc_dir }}/burp-restore.{{ supervisor_ext }}" } - notify: - - restart supervisor - when: burp_module_restore - -# only run if burp_module_agent: true -- name: supervisor | configure supervisor services for buiagent - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: "buiagent.conf_supervisor.j2", dest: "{{ supervisoretc_dir }}/buiagent.{{ supervisor_ext }}" } - notify: - - restart supervisor - when: burp_module_agent - -- name: supervisor | ensure supervisor is started - service: - name: "{{ supervisor_service }}" - state: started - register: supervisor_started - -- name: supervisor | ensure supervisor is restarted - service: - name: "{{ supervisor_service }}" - state: restarted - register: supervisor_restarted - when: supervisor_started.changed == False and supervisor_burp_service_config_status.changed - tags: - - skip-ansible-lint - -- name: supervisor | pause 10 seconds when supervisor started - pause: - seconds: 10 - when: supervisor_started.changed or supervisor_restarted.changed - -- name: supervisor | start burp server - supervisorctl: - name: burp-server - state: started - -- name: supervisor | wait for burp_server port - wait_for: port={{ burp_server_port }} delay=5 timeout=30 - -- name: supervisor | wait for burpca to get all server certificates - wait_for: - path: "{{ item }}" - state: present - with_items: - - '{{ etc_dir }}/burp/ssl_cert_ca-server.pem' - - '{{ etc_dir }}/burp/ssl_cert-server.key' - - '{{ etc_dir }}/burp/ssl_cert-server.pem' - -# state: present uses supervisorctl add which is not available on centos 6 -# Supervisor must be restarted first -#- name: Read supervisor config burp-server -# supervisorctl: -# name: burp-server -# state: present - -# Only run if burp_module_restore: true -#- name: Read supervisor config burp_restore -# supervisorctl: -# name: burp-restore -# state: present -# when: burp_module_restore - -# Only run if burp_module_agent: true -#- name: Read supervisor config buiagent -# supervisorctl: -# name: buiagent -# state: present -# when: burp_module_agent - diff --git a/vars/FreeBSD-11.yml~ b/vars/FreeBSD-11.yml~ deleted file mode 100644 index 2b66505..0000000 --- a/vars/FreeBSD-11.yml~ +++ /dev/null @@ -1,32 +0,0 @@ ---- -# file: vars/FreeBSD-11.yml - -# etc - different path for all userinstalled sw -etc_dir: "/usr/local/etc" - -burp_server_packages: - - py-supervisor - - logrotate - -build_dependencies: - - uthash - - librsync2 - -burp_agent_packages: - - python27 - - devel/py-pip - - py27-supervisor - -burp_agent_py3_packages: - - python36 - - devel/py-pip - -supervisoretc_dir: "/usr/local/etc/supervisor/conf.d" -supervisor_ext: "conf" -supervisor_service: supervisor -pip_installed_exe_bin_path: '/usr/local/bin' - -cron_packages: - - logrotate - -cron_service: cron From b88533edcdb9b6ebb9e1fa32c83b555f85f4877c Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Fri, 9 Feb 2018 17:21:40 +0100 Subject: [PATCH 13/19] removed unnecessary etc and usr path vars in os specific files --- defaults/main.yml | 8 +++++++- vars/Debian-9.yml | 4 ---- vars/Debian.yml | 5 ----- vars/FreeBSD-11.yml | 5 ----- vars/RedHat.yml | 3 --- 5 files changed, 7 insertions(+), 18 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 256a095..3247b70 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,11 @@ # New default options based on: https://github.com/grke/burp/wiki/Performance-Tips +# default paths for non FreeBSD systems +etc_dir: "/etc" +usr_dir: "/usr" + + ### Modules # Configure Burp UI Agent burp_module_agent: false @@ -15,7 +20,7 @@ burp_server_autoupgrade_enabled: false # Activate clients from git repository burp_repos: false #burpsrv_repos: -# - { repo: "url", version: "branch", dir: "dest dir"} +# - { repo: "url", versiong: "branch", dir: "dest dir"} # Example: # burp_repos: # - { repo: "http://host/group/repo.git", version: "master", dir: "linux_clients"} @@ -270,6 +275,7 @@ burp_sv_restore_stderr_logfile: "{{ burp_sv_server_log_dir }}/%(program_name)s.l burp_sv_server_priority: "20" burp_sv_server_directory: "/tmp" burp_sv_server_command: "{{ usr_dir }}/sbin/burp -F -c {{ etc_dir }}/burp/burp-server.conf" +burp_sv_server_cagen_command: "{{ usr_dir }}/sbin/burp -g -c {{ etc_dir }}/burp/burp-server.conf" burp_sv_server_user: "root" burp_sv_server_autostart: "true" burp_sv_server_autorestart: "true" diff --git a/vars/Debian-9.yml b/vars/Debian-9.yml index c41b27a..b71fbf6 100644 --- a/vars/Debian-9.yml +++ b/vars/Debian-9.yml @@ -1,10 +1,6 @@ --- # file: vars/Ubuntu.yml -# different path on different OS -etc_dir: "/etc" -usr_dir: "/usr" - # burp_server_packages: # - libssl-dev # - burp-core diff --git a/vars/Debian.yml b/vars/Debian.yml index d22feec..dbd4992 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,11 +1,6 @@ --- # file: vars/Ubuntu.yml -# different path on different OS -etc_dir: "/etc" -usr_dir: "/usr" - - # burp_server_packages: # - libssl-dev # - burp-core diff --git a/vars/FreeBSD-11.yml b/vars/FreeBSD-11.yml index 1dd43ce..460e431 100644 --- a/vars/FreeBSD-11.yml +++ b/vars/FreeBSD-11.yml @@ -32,8 +32,3 @@ cron_service: cron autoupgrade_version: "2.0.54" # master version is not compiled so added separately burp_version: "2.0.54" # branch or tag, example: "master" , example: "2.0.46" - -# ssl cert locations -burp_server_ssl_cert_ca: "{{ etc_dir }}/burp/CA/CA_burpCA.crt" -burp_server_ssl_cert: "{{ etc_dir }}/burp/CA/{{ ansible_hostname }}.crt" -burp_server_ssl_key: "{{ etc_dir }}/burp/CA/{{ ansible_hostname }}.key" diff --git a/vars/RedHat.yml b/vars/RedHat.yml index bc9408c..b48ecd6 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,9 +1,6 @@ --- # file: vars/Redhat.yml -# different path on different OS -etc_dir: "/etc" -usr_dir: "/usr" build_dependencies: - make From 1b5c982037992a29731bc6a45e0e4cb9c301737a Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Tue, 13 Feb 2018 15:29:53 +0100 Subject: [PATCH 14/19] updated settings for testing --- tasks/supervisor.yml | 10 +++++----- tasks/tests/test_client.yml | 7 ++++++- templates/burp-server.conf_supervisor.j2 | 4 ++-- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/tasks/supervisor.yml b/tasks/supervisor.yml index 95a1160..3f9157e 100644 --- a/tasks/supervisor.yml +++ b/tasks/supervisor.yml @@ -117,11 +117,11 @@ seconds: 10 when: supervisor_started.changed or supervisor_restarted.changed -- name: supervisor | burp generate CA upfront as it somehow breaks supervisor startup on first run on FreeBSD11 - command: "{{ burp_sv_server_cagen_command }}" - args: - creates: "{{ burp_server_ssl_dhfile }}" - when: ansible_os_family == "FreeBSD" +#- name: supervisor | burp generate CA upfront as it somehow breaks supervisor startup on first run on #FreeBSD11 +# command: "{{ burp_sv_server_cagen_command }}" +# args: +# creates: "{{ burp_server_ssl_dhfile }}" +# when: ansible_os_family == "FreeBSD" - name: supervisor | start burp server supervisorctl: diff --git a/tasks/tests/test_client.yml b/tasks/tests/test_client.yml index 4f3caed..8b6ecf6 100644 --- a/tasks/tests/test_client.yml +++ b/tasks/tests/test_client.yml @@ -23,6 +23,11 @@ pause: seconds: 10 +#- name: test_client | generate CA for test_client +# command: "{{ usr_dir }}/sbin/burp -g -c {{ etc_dir }}/burp/test_client.conf" +# args: +# creates: "{{ etc_dir }}/burp/ssl_cert-test.pem" + - name: test_client | test backup for test_client command: "{{ usr_dir }}/sbin/burp -c {{ etc_dir }}/burp/test_client.conf -a b" args: @@ -54,7 +59,7 @@ state: file - name: test_client | test restore from different client - command: '{{ usr_dir }}/sbin/burp -c {{ etc_dir }}/burp/burp.conf -a r -b 1 -d /tmp/test_restore2 -C test_client -r "{{ etc_dir }}/burp/burp.conf"' + command: "{{ usr_dir }}/sbin/burp -c {{ etc_dir }}/burp/burp.conf -a r -b 1 -d /tmp/test_restore2 -C test_client -r {{ etc_dir }}/burp/burp.conf" args: creates: /tmp/test_restore2 diff --git a/templates/burp-server.conf_supervisor.j2 b/templates/burp-server.conf_supervisor.j2 index 69b4322..81d8420 100644 --- a/templates/burp-server.conf_supervisor.j2 +++ b/templates/burp-server.conf_supervisor.j2 @@ -5,8 +5,8 @@ command={{ burp_sv_server_command }} user={{ burp_sv_server_user }} autostart={{ burp_sv_server_autostart }} autorestart={{ burp_sv_server_autorestart }} -# allow some time to start up and generate CA on first run -startsecs = 30 +# ignore fast exit - do not know howto solve this better +startsecs = 0 startretries={{ burp_sv_server_startretries }} stdout_logfile={{ burp_sv_server_stdout_logfile }} stderr_logfile={{ burp_sv_server_stderr_logfile }} From 299ec2765e23bf8787b5d63db13b14d86a7a6e4c Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Tue, 13 Feb 2018 15:30:36 +0100 Subject: [PATCH 15/19] copied molecule tests from origin --- molecule/default/Dockerfile.j2 | 24 ++++++++ molecule/default/INSTALL.rst | 16 ++++++ molecule/default/create.yml | 59 ++++++++++++++++++++ molecule/default/destroy.yml | 27 +++++++++ molecule/default/fedorar/Dockerfile | 27 +++++++++ molecule/default/molecule.yml | 71 ++++++++++++++++++++++++ molecule/default/playbook.yml | 8 +++ molecule/default/prepare.yml | 5 ++ molecule/default/tests/test_default.py | 14 +++++ molecule/default/tests/test_default.pyc | Bin 0 -> 1021 bytes molecule/freebsd/playbook.yml | 2 + 11 files changed, 253 insertions(+) create mode 100644 molecule/default/Dockerfile.j2 create mode 100644 molecule/default/INSTALL.rst create mode 100644 molecule/default/create.yml create mode 100644 molecule/default/destroy.yml create mode 100644 molecule/default/fedorar/Dockerfile create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/playbook.yml create mode 100644 molecule/default/prepare.yml create mode 100644 molecule/default/tests/test_default.py create mode 100644 molecule/default/tests/test_default.pyc diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 new file mode 100644 index 0000000..491096f --- /dev/null +++ b/molecule/default/Dockerfile.j2 @@ -0,0 +1,24 @@ +# Molecule managed + +FROM {{ item.image }} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi + +RUN if [ $(command -v dnf) ]; then dnf -y update && dnf clean all; fi + +RUN if [ $(command -v dnf) ]; then dnf -y install systemd hostname && dnf clean all && \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*;\ +rm -f /etc/systemd/system/*.wants/*;\ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*;\ +rm -f /lib/systemd/system/anaconda.target.wants/*; fi + +# VOLUME [ "/sys/fs/cgroup" ] +# CMD ["/usr/sbin/init"] diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst new file mode 100644 index 0000000..e26493b --- /dev/null +++ b/molecule/default/INSTALL.rst @@ -0,0 +1,16 @@ +******* +Install +******* + +Requirements +============ + +* Docker Engine +* docker-py + +Install +======= + +.. code-block:: bash + + $ sudo pip install docker-py diff --git a/molecule/default/create.yml b/molecule/default/create.yml new file mode 100644 index 0000000..bfb2149 --- /dev/null +++ b/molecule/default/create.yml @@ -0,0 +1,59 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}" + molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}" + molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" + tasks: + - name: Create Dockerfiles from image names + template: + src: "{{ molecule_scenario_directory }}/Dockerfile.j2" + dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" + with_items: "{{ molecule_yml.platforms }}" + register: platforms + + - name: Discover local Docker images + docker_image_facts: + name: "molecule_local/{{ item.item.name }}" + with_items: "{{ platforms.results }}" + register: docker_images + + - name: Build an Ansible compatible image + docker_image: + path: "{{ molecule_ephemeral_directory }}" + name: "molecule_local/{{ item.item.image }}" + dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" + force: "{{ item.item.force | default(true) }}" + with_items: "{{ platforms.results }}" + when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 + + - name: Create molecule instance(s) + docker_container: + name: "{{ item.name }}" + hostname: "{{ item.name }}" + image: "molecule_local/{{ item.image }}" + state: started + recreate: false + log_driver: syslog + command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" + privileged: "{{ item.privileged | default(omit) }}" + volumes: "{{ item.volumes | default(omit) }}" + capabilities: "{{ item.capabilities | default(omit) }}" + ports: "{{ item.exposed_ports | default(omit) }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml new file mode 100644 index 0000000..3ce7478 --- /dev/null +++ b/molecule/default/destroy.yml @@ -0,0 +1,27 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" + tasks: + - name: Destroy molecule instance(s) + docker_container: + name: "{{ item.name }}" + state: absent + force_kill: "{{ item.force_kill | default(true) }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" diff --git a/molecule/default/fedorar/Dockerfile b/molecule/default/fedorar/Dockerfile new file mode 100644 index 0000000..1a25c65 --- /dev/null +++ b/molecule/default/fedorar/Dockerfile @@ -0,0 +1,27 @@ +FROM fedora:rawhide +MAINTAINER http://fedoraproject.org/wiki/Cloud + +ENV container docker + +# Add commands from molecule template +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi + +RUN dnf -y update && dnf clean all + +RUN dnf -y install systemd && dnf clean all && \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*;\ +rm -f /etc/systemd/system/*.wants/*;\ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*;\ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +VOLUME [ "/sys/fs/cgroup" ] +CMD ["/usr/sbin/init"] + diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..7393c81 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,71 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + + - name: ansible_test-01 + image: solita/ubuntu-systemd:16.04 + privileged: True + command: /sbin/init + capabilities: + - SYS_ADMIN + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + groups: + - group1 + + - name: ansible_test-02 + image: ubuntu:trusty + groups: + - groupold + + - name: ansible_test-03 + image: centos/systemd + command: /sbin/init + capabilities: + - SYS_ADMIN + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + privileged: True + groups: + - group1 + + - name: ansible_test-04 + image: fedora:rawhide + privileged: True + command: /sbin/init + capabilities: + - SYS_ADMIN + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + groups: + - group1 + +provisioner: + name: ansible + config_options: + defaults: + callback_whitelist: profile_tasks + inventory: + group_vars: + master: + burpsrcext: "zip" + burp_version: "master" + burp_remove_clients: + - name: client_to_remove + - name: other_client_to_remove + burp_server_port_per_operation_bool: true + lint: + name: ansible-lint + +scenario: + name: default + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml new file mode 100644 index 0000000..53d1648 --- /dev/null +++ b/molecule/default/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + vars: + burp_module_test_client: true + burp_module_agent: true + roles: + - role: ansible_burp2_server diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml new file mode 100644 index 0000000..5358b3b --- /dev/null +++ b/molecule/default/prepare.yml @@ -0,0 +1,5 @@ +--- +- name: Prepare + hosts: all + gather_facts: false + tasks: [] diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py new file mode 100644 index 0000000..eedd64a --- /dev/null +++ b/molecule/default/tests/test_default.py @@ -0,0 +1,14 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_hosts_file(host): + f = host.file('/etc/hosts') + + assert f.exists + assert f.user == 'root' + assert f.group == 'root' diff --git a/molecule/default/tests/test_default.pyc b/molecule/default/tests/test_default.pyc new file mode 100644 index 0000000000000000000000000000000000000000..6cb13885d34eb737362538b4b6e3c4c2a62a8450 GIT binary patch literal 1021 zcmdr~&2H2%5FRJnUs3i{pW5|#i`eh>`6t{?ge-! z9)XA9$OFLG*|ep+0ZBX_e;I!>{>I_2t#~}n&e06 zha`P>Jo}ixI+`Zv(ic*ejOJiD4r#ViGS`&KS40UG46Z331G@_tz?Xg*x Date: Thu, 15 Feb 2018 13:40:57 +0100 Subject: [PATCH 16/19] added supervisor log dir var to defaults --- defaults/main.yml | 2 ++ vars/Debian-9.yml | 2 +- vars/FreeBSD-11.yml | 1 - 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 3247b70..220651c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -253,6 +253,8 @@ burp_agent_pip_present: ### --- ### Supervisor +# General +burp_sv_server_log_dir: "/var/log/supervisor" # Burp Agent burp_sv_agent_priority: "40" burp_sv_agent_directory: "/tmp" diff --git a/vars/Debian-9.yml b/vars/Debian-9.yml index b71fbf6..1066d94 100644 --- a/vars/Debian-9.yml +++ b/vars/Debian-9.yml @@ -1,5 +1,5 @@ --- -# file: vars/Ubuntu.yml +# file: vars/Debian-9.yml # burp_server_packages: # - libssl-dev diff --git a/vars/FreeBSD-11.yml b/vars/FreeBSD-11.yml index 460e431..f6a5e04 100644 --- a/vars/FreeBSD-11.yml +++ b/vars/FreeBSD-11.yml @@ -22,7 +22,6 @@ burp_agent_py3_packages: supervisoretc_dir: "{{ etc_dir }}/supervisor/conf.d" supervisor_ext: "conf" supervisor_service: supervisord -burp_sv_server_log_dir: "/var/log/supervisor" pip_installed_exe_bin_path: "{{ usr_dir }}/bin" From 4de96c55f6ea88add7ff3033e089e92871f60982 Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Mon, 19 Feb 2018 13:55:00 +0100 Subject: [PATCH 17/19] still ltrying to get burp with supervisorctl working on freebsd --- defaults/main.yml | 6 ++++-- molecule/freebsd/playbook.yml | 3 +-- tasks/build-burp.yml | 16 +++++++++++----- tasks/config_burp.yml | 12 ------------ tasks/supervisor.yml | 25 +++++++++++++++++++------ vars/FreeBSD-11.yml | 10 +++++++++- 6 files changed, 44 insertions(+), 28 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 220651c..f4232a9 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,7 +6,8 @@ # default paths for non FreeBSD systems etc_dir: "/etc" usr_dir: "/usr" - +# use the pkg tool to use binaries and be faster +burp_freebsd_use_portinstall: false ### Modules # Configure Burp UI Agent @@ -38,7 +39,8 @@ burp_module_test_client: false burp_home: "/var/spool/burp" ## Build vars: - +# freeBSD need gmake +make: "make" # Add these vars to your hosts/groups to change version/tag (archive to download and compile) burpsrcext: "zip" # must be tar.gz or zip autoupgrade_version: "2.0.54" # master version is not compiled so added separately diff --git a/molecule/freebsd/playbook.yml b/molecule/freebsd/playbook.yml index 7379bfc..783ce62 100644 --- a/molecule/freebsd/playbook.yml +++ b/molecule/freebsd/playbook.yml @@ -4,7 +4,6 @@ vars: burp_module_test_client: yes burp_force_reinstall: True - burp_version: 2.1.28 roles: - # force becoming root as molecule doesn't do it anymore + # force becoming root - { role: ansible_burp2_server, become: yes } diff --git a/tasks/build-burp.yml b/tasks/build-burp.yml index ac7ee2e..b4f45cc 100644 --- a/tasks/build-burp.yml +++ b/tasks/build-burp.yml @@ -1,6 +1,6 @@ --- -- name: ensure chache for apt is updated +- name: ensure cache for apt is updated apt: update_cache: yes cache_valid_time: 43200 @@ -11,7 +11,7 @@ package: name: "{{ build_dependencies | join(',') }}" state: present - when: ansible_os_family != "FreeBSD" + when: ansible_os_family != "FreeBSD" or burp_freebsd_use_portinstall == True - name: install build dependencies on FreeBSD portinstall: @@ -20,6 +20,12 @@ with_items: "{{ build_dependencies }}" when: ( ansible_os_family == "FreeBSD" and burp_freebsd_use_portinstall ) +- name: download base system sources on FreeBSD to compile burp and use the systems openssl + shell: svnlite checkout https://svn.freebsd.org/base/releng/`uname -r | cut -d'-' -f1,1` /usr/src + args: + creates: /usr/src/.svn + when: ansible_os_family == "FreeBSD" + - name: Uninstall old burp package: name: "{{ item }}" @@ -63,20 +69,20 @@ shell: cd {{ download_dir }}/{{ burpsrc }} && ./configure --prefix={{ usr_dir }} --sysconfdir={{ etc_dir }}/burp --localstatedir=/var creates={{ download_dir }}/{{ burpsrc }}/Makefile - name: Make - shell: cd {{ download_dir }}/{{ burpsrc }} && make creates={{ download_dir }}/{{ burpsrc }}/burp + shell: cd {{ download_dir }}/{{ burpsrc }} && {{ make }} creates={{ download_dir }}/{{ burpsrc }}/burp - name: check if burp is installed stat: path="{{ usr_dir }}/sbin/burp" register: stb - name: Uninstall burp - shell: cd {{ download_dir }}/{{ burpsrc }} && make uninstall removes={{ usr_dir }}/sbin/burp + shell: cd {{ download_dir }}/{{ burpsrc }} && {{ make }} uninstall removes={{ usr_dir }}/sbin/burp when: stb.stat.exists and ( unpack_src_tar.changed or unpack_src_zip.changed ) tags: - skip_ansible_lint - name: Make install - shell: cd {{ download_dir }}/{{ burpsrc }} && make install creates={{ usr_dir }}/sbin/burp + shell: cd {{ download_dir }}/{{ burpsrc }} && {{ make }} install creates={{ usr_dir }}/sbin/burp notify: restart burp server - block: diff --git a/tasks/config_burp.yml b/tasks/config_burp.yml index c2bc82b..bea2b14 100644 --- a/tasks/config_burp.yml +++ b/tasks/config_burp.yml @@ -28,18 +28,6 @@ - { src: "burp-server.conf.j2", dest: "{{ etc_dir }}/burp/burp-server.conf"} notify: restart burp server -# - name: symlink ssl server certificates on FreeBSD -# file: -# src: "{{ item.src }}" -# dest: "{{ item.dest }}" -# state: link -# force: yes -# with_items: -# - { src: "{{ etc_dir }}/burp/CA/CA_burpCA.crt", dest: "{{ etc_dir }}/burp/ssl_cert_ca-server.pem" } -# - { src: "{{ etc_dir }}/burp/CA/{{ ansible_hostname }}.key", dest: "{{ etc_dir }}/burp/ssl_cert-server.key" } -# - { src: "{{ etc_dir }}/burp/CA/{{ ansible_hostname }}.crt", dest: "{{ etc_dir }}/burp/ssl_cert-server.pem" } -# when: ansible_os_family == "FreeBSD" - - name: config_burp | configure profiles configured in profiles_templates template: src: profiles/profile_template.j2 diff --git a/tasks/supervisor.yml b/tasks/supervisor.yml index 3f9157e..a14f041 100644 --- a/tasks/supervisor.yml +++ b/tasks/supervisor.yml @@ -97,10 +97,11 @@ - restart supervisor when: burp_module_agent -- name: supervisor | ensure supervisor is started +- name: supervisor | ensure supervisor is started and enabled service: name: "{{ supervisor_service }}" state: started + enabled: yes register: supervisor_started - name: supervisor | ensure supervisor is restarted @@ -117,12 +118,24 @@ seconds: 10 when: supervisor_started.changed or supervisor_restarted.changed -#- name: supervisor | burp generate CA upfront as it somehow breaks supervisor startup on first run on #FreeBSD11 -# command: "{{ burp_sv_server_cagen_command }}" -# args: -# creates: "{{ burp_server_ssl_dhfile }}" -# when: ansible_os_family == "FreeBSD" +- name: supervisor | check if dhparams have already been generated + stat: + path: "{{ burp_server_ssl_dhfile }}" + register: burp_dhfile_stat + when: ansible_os_family == "FreeBSD" + +- name: supervisor | stop burp-server to genereate CA - idempotency + supervisorctl: + name: burp-server + state: stopped + when: ( ansible_os_family == "FreeBSD" and burp_dhfile_stat.stat.exists == False ) +- name: supervisor | burp generate CA upfront as it somehow breaks supervisor startup on first run on FreeBSD11 + command: "{{ burp_sv_server_cagen_command }}" + args: + creates: "{{ burp_server_ssl_dhfile }}" + when: ( ansible_os_family == "FreeBSD" and burp_dhfile_stat.stat.exists == False ) + - name: supervisor | start burp server supervisorctl: name: burp-server diff --git a/vars/FreeBSD-11.yml b/vars/FreeBSD-11.yml index f6a5e04..61c8352 100644 --- a/vars/FreeBSD-11.yml +++ b/vars/FreeBSD-11.yml @@ -5,19 +5,27 @@ etc_dir: "/usr/local/etc" usr_dir: "/usr/local" +make: "gmake" + burp_server_packages: - py-supervisor - logrotate + - bash build_dependencies: - uthash - librsync2 + - autotools + - yajl + - gmake + # enables svn co + - ca_root_nss burp_agent_packages: - python27 - devel/py-pip - py27-supervisor burp_agent_py3_packages: - python36 - - devel/py-pip + - py-pip supervisoretc_dir: "{{ etc_dir }}/supervisor/conf.d" supervisor_ext: "conf" From 86037821b93979b153344ccd61b4b45ef5884292 Mon Sep 17 00:00:00 2001 From: Daniel Winter Date: Thu, 8 Mar 2018 14:56:46 +0100 Subject: [PATCH 18/19] minor fixes and tag add_manual_clients to add clients from thje burp client playbook --- defaults/main.yml | 2 +- tasks/main.yml | 10 ++++++++-- vars/FreeBSD-11.yml | 1 + 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index f4232a9..244cec2 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -123,7 +123,7 @@ burp_server_custom_lines: [] ## burp_server incexc profiles profiles_templates: - + - name: profile_lnxsrv content: - "#hard_quota No permitir backups a clientes con mas de xxGb en el backup total" diff --git a/tasks/main.yml b/tasks/main.yml index 4abfaea..4a6b1a8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,6 +2,8 @@ # file: tasks/main.yml - include: multi_os.yml + tags: + - add_manual_clients - include: redhat.yml when: ansible_os_family == "RedHat" @@ -25,10 +27,14 @@ # Only for monitor and status purpose - include: manual_delete.yml when: burp_manual_delete_enabled - + tags: + - add_manual_clients + - include: manual_delete_disabled.yml when: not burp_manual_delete_enabled - + tags: + - add_manual_clients + - include: autoupgrade.yml when: burp_server_autoupgrade_enabled diff --git a/vars/FreeBSD-11.yml b/vars/FreeBSD-11.yml index 61c8352..7b95331 100644 --- a/vars/FreeBSD-11.yml +++ b/vars/FreeBSD-11.yml @@ -17,6 +17,7 @@ build_dependencies: - autotools - yajl - gmake + - openssl # enables svn co - ca_root_nss burp_agent_packages: From 3d81c5cb4997bf2db254b6ee934d0071a6e4bb5b Mon Sep 17 00:00:00 2001 From: planet-winter Date: Thu, 23 Jul 2020 14:43:48 +0200 Subject: [PATCH 19/19] fix for burp path --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index e7a74a2..5af8edd 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -44,7 +44,7 @@ autoupgrade_version: "2.2.18" # master version is not compiled so added separat burp_version: "2.2.18" # branch or tag, example: "master" , example: "2.0.46" burp_configure_line: "CFLAGS='-O2 -march=native -mtune=native -mfpmath=sse -floop-parallelize-all -ftree-parallelize-loops=4' ./configure " # For CFLAGS see: https://github.com/grke/burp/wiki/Performance-Tips#optional-compile-time-improvements -burp_usr_path: "{{ usr_dir }}/local" +burp_usr_path: "{{ usr_dir }}" burp_bin_path: "{{ burp_usr_path }}/sbin/burp" burp_force_reinstall: false