diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..6a30257 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,39 @@ +--- +# .ansible-lint + +profile: production + +# exclude_paths included in this file are parsed relative to this file's location +# and not relative to the CWD of execution. CLI arguments passed to the --exclude +# option are parsed relative to the CWD of execution. +exclude_paths: + - .cache/ # implicit unless exclude_paths is defined in config + - .github + +# Mock modules or roles in order to pass ansible-playbook --syntax-check +# mock_modules: +# - zuul_return +# # note the foo.bar is invalid as being neither a module or a collection +# - fake_namespace.fake_collection.fake_module +# - fake_namespace.fake_collection.fake_module.fake_submodule +mock_roles: + - s1_agent_common + +# Ansible-lint is able to recognize and load skip rules stored inside +# `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files. +# To skip a rule just enter filename and tag, like "playbook.yml package-latest" +# on a new line. +# Optionally you can add comments after the tag, prefixed by "#". We discourage +# the use of skip_list below because that will hide violations from the output. +# When putting ignores inside the ignore file, they are marked as ignored, but +# still visible, making it easier to address later. +skip_list: + - var-naming[no-role-prefix] + +# Ansible-lint does not fail on warnings from the rules or tags listed below +warn_list: + - galaxy[version-incorrect] + +# Also recognize these versions of Ansible as supported: +supported_ansible_also: + - "2.16" diff --git a/.github/actions/ci-setup/action.yml b/.github/actions/ci-setup/action.yml index d6a8ad2..46aa2ec 100644 --- a/.github/actions/ci-setup/action.yml +++ b/.github/actions/ci-setup/action.yml @@ -3,17 +3,17 @@ description: Sets up Python and Ansible for jobs during CI workflow inputs: ansible-version: - description: 'Ansible Version' + description: "Ansible Version" required: true python-version: - description: 'Python Version' + description: "Python Version" required: true runs: using: composite steps: - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ inputs.python-version }} @@ -25,5 +25,6 @@ runs: - name: Install requirements for molecule tests shell: bash run: | - pip install molecule-vagrant yamllint ansible-lint flake8 pywinrm --disable-pip-version-check + pip uninstall molecule-vagrant --yes + pip install ansible-dev-tools pywinrm molecule molecule-plugins ansible-lint flake8 --disable-pip-version-check if [ -f requirements.txt ]; then pip install -r requirements.txt --disable-pip-version-check; fi diff --git a/.github/workflows/ci-lint.yml b/.github/workflows/ci-lint.yml index 4b5ef51..5d95280 100644 --- a/.github/workflows/ci-lint.yml +++ b/.github/workflows/ci-lint.yml @@ -3,13 +3,13 @@ on: workflow_call: inputs: role-path: - description: 'Relative path to the role to be linted' + description: "Relative path to the role to be linted" type: string required: true jobs: molecule-lint: - name: 'ansible-${{ matrix.versions.ansible }} (Python: ${{ matrix.versions.python }})' + name: "ansible-${{ matrix.versions.ansible }} (Python: ${{ matrix.versions.python }})" runs-on: [self-hosted, Linux, X64, ansible-collection] env: ANSIBLE_FORCE_COLOR: 1 # allows ansible colors to be passed to GitHub Actions @@ -20,15 +20,17 @@ jobs: versions: # ansible-core upstream development supports 3 releases at a time # https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html - - ansible: stable-2.12 # EOL 2023-05-23 - python: '3.10' - - ansible: stable-2.13 # EOL 2023-11-06 - python: '3.10' - - ansible: stable-2.14 # EOL 2024-05-20 - python: '3.10' + # - ansible: stable-2.12 # EOL 2023-05-23 + # python: '3.10' + # - ansible: stable-2.13 # EOL 2023-11-06 + # python: '3.10' + # - ansible: stable-2.14 # EOL 2024-05-20 + # python: '3.10' + - ansible: stable-2.16 + python: "3.12" steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up environment uses: ./.github/actions/ci-setup @@ -42,5 +44,5 @@ jobs: echo ${PWD} && molecule --version && ansible --version && - molecule lint + ansible-lint --profile production working-directory: ${{ inputs.role-path }} diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 597a77f..0805248 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -4,7 +4,7 @@ on: workflow_dispatch: push: tags: - - '*.*.*' + - "*.*.*" permissions: contents: write @@ -19,13 +19,12 @@ jobs: versions: # ansible-core upstream development supports 3 releases at a time # https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html - - ansible: stable-2.14 # EOL 2024-05-20 - python: '3.10' + - ansible: stable-2.16 + python: "3.12" steps: - name: Check out code - uses: actions/checkout@v3 - + uses: actions/checkout@v4 - name: Set up environment uses: ./.github/actions/ci-setup with: diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index b8683e0..20b819c 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -3,15 +3,15 @@ on: workflow_call: inputs: box-distribution: - description: 'Vagrant Box Operating System' + description: "Vagrant Box Operating System" type: string required: true box-repository: - description: 'Vagrant Box repository' + description: "Vagrant Box repository" type: string required: true ansible-connection: - description: 'Ansible connection type for connecting to the Box' + description: "Ansible connection type for connecting to the Box" type: string required: false default: ssh @@ -21,22 +21,23 @@ on: required: false default: Linux display-name: - description: 'OS Name to display in workflow steps' + description: "OS Name to display in workflow steps" type: string required: true scenario-name: - description: 'Name of the molecule scenario to execute' + description: "Name of the molecule scenario to execute" type: string - required: false - default: default + required: true + # default: default role-path: - description: 'Relative path to the role to be linted' + description: "Relative path to the role to be linted" type: string - required: true + required: false + default: extensions jobs: molecule-test: - name: 'ansible-${{ matrix.versions.ansible }} (Python: ${{ matrix.versions.python }})' + name: "ansible-${{ matrix.versions.ansible }} (Python: ${{ matrix.versions.python }})" runs-on: [self-hosted, Linux, X64, ansible-collection] strategy: fail-fast: false @@ -44,12 +45,14 @@ jobs: versions: # ansible-core upstream development supports 3 releases at a time # https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html - - ansible: stable-2.12 # EOL 2023-05-23 - python: '3.10' - - ansible: stable-2.13 # EOL 2023-11-06 - python: '3.10' - - ansible: stable-2.14 # EOL 2024-05-20 - python: '3.10' + # - ansible: stable-2.12 # EOL 2023-05-23 + # python: '3.10' + # - ansible: stable-2.13 # EOL 2023-11-06 + # python: '3.10' + # - ansible: stable-2.14 # EOL 2024-05-20 + # python: '3.10' + - ansible: stable-2.16 # EOL 2025-05 - last version to support Python <3.7 + python: "3.12" env: ANSIBLE_FORCE_COLOR: 1 # allows ansible colors to be passed to GitHub Actions PY_COLORS: 1 # allows molecule colors to be passed to GitHub Actions @@ -62,7 +65,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up environment uses: ./.github/actions/ci-setup diff --git a/.github/workflows/s1_agent_common.yml b/.github/workflows/s1_agent_common.yml index 60cdaa5..3edb4b9 100644 --- a/.github/workflows/s1_agent_common.yml +++ b/.github/workflows/s1_agent_common.yml @@ -2,33 +2,35 @@ name: S1 Agent Common on: push: branches: - - 'release/**' + - "release/**" paths: - - 'roles/s1_agent_common/**' - - '!roles/s1_agent_common/README.md' - - '!roles/s1_agent_common/makefile' - - '.github/workflows/s1_agent_common.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/action.yml' - - 'requirements.yml' + - "roles/s1_agent_common/**" + - "!roles/s1_agent_common/README.md" + - "!roles/s1_agent_common/makefile" + - "extensions/molecule/common" + - ".github/workflows/s1_agent_common.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/action.yml" + - "requirements.yml" pull_request: branches: - - 'main' + - "main" types: - opened - synchronize - ready_for_review paths: - - 'roles/s1_agent_common/**' - - '!roles/s1_agent_common/README.md' - - '!roles/s1_agent_common/makefile' - - '.github/workflows/s1_agent_common.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/actions.yml' - - 'requirements.yml' + - "roles/s1_agent_common/**" + - "!roles/s1_agent_common/README.md" + - "!roles/s1_agent_common/makefile" + - "extensions/molecule/common" + - ".github/workflows/s1_agent_common.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/actions.yml" + - "requirements.yml" workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -41,7 +43,7 @@ jobs: role-path: ./roles/s1_agent_common call-ci-test: - name: 'Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})' + name: "Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})" needs: call-ci-lint uses: ./.github/workflows/ci-test.yml strategy: @@ -61,20 +63,19 @@ jobs: display_name: Server 2022 connection: ssh group: Windows - - distribution: WindowsServer2012R2 - repository: jborean93 - display_name: Server 2012r2 - connection: winrm + # - distribution: WindowsServer2012R2 + # repository: jborean93 + # display_name: Server 2012r2 + # connection: winrm scenario-name: - - default - - winrm_default - exclude: - # OpenSSH is not supported on Windows Server 2012r2. We need to use - # custom scenarios configured for winrm connections. Exclude normal - # scenarios for winrm connections and winrm_* scenarios for ssh - # connections. - - { boxes: { connection: winrm }, scenario-name: default } - - { boxes: { connection: ssh }, scenario-name: winrm_default } + - common + # exclude: + # # OpenSSH is not supported on Windows Server 2012r2. We need to use + # # custom scenarios configured for winrm connections. Exclude normal + # # scenarios for winrm connections and winrm_* scenarios for ssh + # # connections. + # - { boxes: { connection: winrm }, scenario-name: default } + # - { boxes: { connection: ssh }, scenario-name: winrm_default } with: box-distribution: ${{ matrix.boxes.distribution }} box-repository: ${{ matrix.boxes.repository }} @@ -82,7 +83,7 @@ jobs: ansible-group: ${{ matrix.boxes.group }} display-name: ${{ matrix.boxes.display_name }} scenario-name: ${{ matrix.scenario-name }} - role-path: ./roles/s1_agent_common + # role-path: ./roles/s1_agent_common secrets: inherit call-ci-assert: diff --git a/.github/workflows/s1_agent_download.yml b/.github/workflows/s1_agent_download.yml index 9de1099..8daa8c3 100644 --- a/.github/workflows/s1_agent_download.yml +++ b/.github/workflows/s1_agent_download.yml @@ -2,32 +2,34 @@ name: S1 Agent Download on: push: branches: - - 'release/**' + - "release/**" paths: - - 'roles/s1_agent_download/**' - - '!roles/s1_agent_download/README.md' - - '!roles/s1_agent_download/makefile' - - '.github/workflows/s1_agent_download.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/action.yml' - - 'requirements.yml' + - "roles/s1_agent_download/**" + - "!roles/s1_agent_download/README.md" + - "!roles/s1_agent_download/makefile" + - "extensions/molecule/download" + - ".github/workflows/s1_agent_download.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/action.yml" + - "requirements.yml" pull_request: branches: - - 'main' + - "main" types: - opened - synchronize - ready_for_review paths: - - 'roles/s1_agent_download/**' - - '!roles/s1_agent_download/README.md' - - '!roles/s1_agent_download/makefile' - - '.github/workflows/s1_agent_download.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/actions.yml' - - 'requirements.yml' + - "roles/s1_agent_download/**" + - "!roles/s1_agent_download/README.md" + - "!roles/s1_agent_download/makefile" + - "extensions/molecule/download" + - ".github/workflows/s1_agent_download.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/actions.yml" + - "requirements.yml" workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -40,7 +42,7 @@ jobs: role-path: ./roles/s1_agent_download call-ci-test: - name: 'Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})' + name: "Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})" needs: call-ci-lint uses: ./.github/workflows/ci-test.yml strategy: @@ -60,20 +62,19 @@ jobs: display_name: Server 2022 connection: ssh group: Windows - - distribution: WindowsServer2012R2 - repository: jborean93 - display_name: Server 2012r2 - connection: winrm + # - distribution: WindowsServer2012R2 + # repository: jborean93 + # display_name: Server 2012r2 + # connection: winrm scenario-name: - - default - - winrm_default - exclude: - # OpenSSH is not supported on Windows Server 2012r2. We need to use - # custom scenarios configured for winrm connections. Exclude normal - # scenarios for winrm connections and winrm_* scenarios for ssh - # connections. - - { boxes: { connection: winrm }, scenario-name: default } - - { boxes: { connection: ssh }, scenario-name: winrm_default } + - download + # exclude: + # # OpenSSH is not supported on Windows Server 2012r2. We need to use + # # custom scenarios configured for winrm connections. Exclude normal + # # scenarios for winrm connections and winrm_* scenarios for ssh + # # connections. + # - { boxes: { connection: winrm }, scenario-name: default } + # - { boxes: { connection: ssh }, scenario-name: winrm_default } with: box-distribution: ${{ matrix.boxes.distribution }} box-repository: ${{ matrix.boxes.repository }} @@ -81,7 +82,7 @@ jobs: ansible-group: ${{ matrix.boxes.group }} display-name: ${{ matrix.boxes.display_name }} scenario-name: ${{ matrix.scenario-name }} - role-path: ./roles/s1_agent_download + # role-path: ./roles/s1_agent_download secrets: inherit call-ci-assert: diff --git a/.github/workflows/s1_agent_info.yml b/.github/workflows/s1_agent_info.yml index d36d363..5af8b8b 100644 --- a/.github/workflows/s1_agent_info.yml +++ b/.github/workflows/s1_agent_info.yml @@ -2,32 +2,36 @@ name: S1 Agent Info on: push: branches: - - 'release/**' + - "release/**" paths: - - 'roles/s1_agent_info/**' - - '!roles/s1_agent_info/README.md' - - '!roles/s1_agent_info/makefile' - - '.github/workflows/s1_agent_info.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/action.yml' - - 'requirements.yml' + - "roles/s1_agent_info/**" + - "!roles/s1_agent_info/README.md" + - "!roles/s1_agent_info/makefile" + - "extensions/molecule/info-installed" + - "extensions/molecule/info-missing" + - ".github/workflows/s1_agent_info.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/action.yml" + - "requirements.yml" pull_request: branches: - - 'main' + - "main" types: - opened - synchronize - ready_for_review paths: - - 'roles/s1_agent_info/**' - - '!roles/s1_agent_info/README.md' - - '!roles/s1_agent_info/makefile' - - '.github/workflows/s1_agent_info.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/actions.yml' - - 'requirements.yml' + - "roles/s1_agent_info/**" + - "!roles/s1_agent_info/README.md" + - "!roles/s1_agent_info/makefile" + - "extensions/molecule/info-installed" + - "extensions/molecule/info-missing" + - ".github/workflows/s1_agent_info.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/actions.yml" + - "requirements.yml" workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -40,7 +44,7 @@ jobs: role-path: ./roles/s1_agent_info call-ci-test: - name: 'Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})' + name: "Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})" needs: call-ci-lint uses: ./.github/workflows/ci-test.yml strategy: @@ -60,24 +64,22 @@ jobs: display_name: Server 2022 connection: ssh group: Windows - - distribution: WindowsServer2012R2 - repository: jborean93 - display_name: Server 2012r2 - connection: winrm + # - distribution: WindowsServer2012R2 + # repository: jborean93 + # display_name: Server 2012r2 + # connection: winrm scenario-name: - - default - - not_installed - - winrm_default - - winrm_not_installed - exclude: - # OpenSSH is not supported on Windows Server 2012r2. We need to use - # custom scenarios configured for winrm connections. Exclude normal - # scenarios for winrm connections and winrm_* scenarios for ssh - # connections. - - { boxes: { connection: winrm }, scenario-name: default } - - { boxes: { connection: winrm }, scenario-name: not_installed } - - { boxes: { connection: ssh }, scenario-name: winrm_default } - - { boxes: { connection: ssh }, scenario-name: winrm_not_installed } + - info-installed + - info-missing + # exclude: + # # OpenSSH is not supported on Windows Server 2012r2. We need to use + # # custom scenarios configured for winrm connections. Exclude normal + # # scenarios for winrm connections and winrm_* scenarios for ssh + # # connections. + # - { boxes: { connection: winrm }, scenario-name: default } + # - { boxes: { connection: winrm }, scenario-name: not_installed } + # - { boxes: { connection: ssh }, scenario-name: winrm_default } + # - { boxes: { connection: ssh }, scenario-name: winrm_not_installed } with: box-distribution: ${{ matrix.boxes.distribution }} box-repository: ${{ matrix.boxes.repository }} @@ -85,7 +87,7 @@ jobs: ansible-group: ${{ matrix.boxes.group }} display-name: ${{ matrix.boxes.display_name }} scenario-name: ${{ matrix.scenario-name }} - role-path: ./roles/s1_agent_info + # role-path: ./roles/s1_agent_info secrets: inherit call-ci-assert: diff --git a/.github/workflows/s1_agent_install.yml b/.github/workflows/s1_agent_install.yml index b91a922..77e9683 100644 --- a/.github/workflows/s1_agent_install.yml +++ b/.github/workflows/s1_agent_install.yml @@ -2,32 +2,34 @@ name: S1 Agent Install on: push: branches: - - 'release/**' + - "release/**" paths: - - 'roles/s1_agent_install/**' - - '!roles/s1_agent_install/README.md' - - '!roles/s1_agent_install/makefile' - - '.github/workflows/s1_agent_install.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/action.yml' - - 'requirements.yml' + - "roles/s1_agent_install/**" + - "!roles/s1_agent_install/README.md" + - "!roles/s1_agent_install/makefile" + - "extensions/molecule/default" + - ".github/workflows/s1_agent_install.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/action.yml" + - "requirements.yml" pull_request: branches: - - 'main' + - "main" types: - opened - synchronize - ready_for_review paths: - - 'roles/s1_agent_install/**' - - '!roles/s1_agent_install/README.md' - - '!roles/s1_agent_install/makefile' - - '.github/workflows/s1_agent_install.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/actions.yml' - - 'requirements.yml' + - "roles/s1_agent_install/**" + - "!roles/s1_agent_install/README.md" + - "!roles/s1_agent_install/makefile" + - "extensions/molecule/default" + - ".github/workflows/s1_agent_install.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/actions.yml" + - "requirements.yml" workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -40,7 +42,7 @@ jobs: role-path: ./roles/s1_agent_install call-ci-test: - name: 'Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})' + name: "Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})" needs: call-ci-lint uses: ./.github/workflows/ci-test.yml strategy: @@ -60,20 +62,19 @@ jobs: display_name: Server 2022 connection: ssh group: Windows - - distribution: WindowsServer2012R2 - repository: jborean93 - display_name: Server 2012r2 - connection: winrm + # - distribution: WindowsServer2012R2 + # repository: jborean93 + # display_name: Server 2012r2 + # connection: winrm scenario-name: - default - - winrm_default - exclude: - # OpenSSH is not supported on Windows Server 2012r2. We need to use - # custom scenarios configured for winrm connections. Exclude normal - # scenarios for winrm connections and winrm_* scenarios for ssh - # connections. - - { boxes: { connection: winrm }, scenario-name: default } - - { boxes: { connection: ssh }, scenario-name: winrm_default } + # exclude: + # # OpenSSH is not supported on Windows Server 2012r2. We need to use + # # custom scenarios configured for winrm connections. Exclude normal + # # scenarios for winrm connections and winrm_* scenarios for ssh + # # connections. + # - { boxes: { connection: winrm }, scenario-name: default } + # - { boxes: { connection: ssh }, scenario-name: winrm_default } with: box-distribution: ${{ matrix.boxes.distribution }} box-repository: ${{ matrix.boxes.repository }} @@ -81,7 +82,7 @@ jobs: ansible-group: ${{ matrix.boxes.group }} display-name: ${{ matrix.boxes.display_name }} scenario-name: ${{ matrix.scenario-name }} - role-path: ./roles/s1_agent_install + # role-path: ./roles/s1_agent_install secrets: inherit call-ci-assert: diff --git a/.github/workflows/s1_agent_uninstall.yml b/.github/workflows/s1_agent_uninstall.yml index 95fa36e..40bfb0e 100644 --- a/.github/workflows/s1_agent_uninstall.yml +++ b/.github/workflows/s1_agent_uninstall.yml @@ -2,32 +2,34 @@ name: S1 Agent Uninstall on: push: branches: - - 'release/**' + - "release/**" paths: - - 'roles/s1_agent_uninstall/**' - - '!roles/s1_agent_uninstall/README.md' - - '!roles/s1_agent_uninstall/makefile' - - '.github/workflows/s1_agent_uninstall.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/action.yml' - - 'requirements.yml' + - "roles/s1_agent_uninstall/**" + - "!roles/s1_agent_uninstall/README.md" + - "!roles/s1_agent_uninstall/makefile" + - "extensions/molecule/uninstall" + - ".github/workflows/s1_agent_uninstall.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/action.yml" + - "requirements.yml" pull_request: branches: - - 'main' + - "main" types: - opened - synchronize - ready_for_review paths: - - 'roles/s1_agent_uninstall/**' - - '!roles/s1_agent_uninstall/README.md' - - '!roles/s1_agent_uninstall/makefile' - - '.github/workflows/s1_agent_uninstall.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/actions.yml' - - 'requirements.yml' + - "roles/s1_agent_uninstall/**" + - "!roles/s1_agent_uninstall/README.md" + - "extensions/molecule/uninstall" + - "!roles/s1_agent_uninstall/makefile" + - ".github/workflows/s1_agent_uninstall.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/actions.yml" + - "requirements.yml" workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -40,7 +42,7 @@ jobs: role-path: ./roles/s1_agent_uninstall call-ci-test: - name: 'Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})' + name: "Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})" needs: call-ci-lint uses: ./.github/workflows/ci-test.yml strategy: @@ -60,24 +62,21 @@ jobs: display_name: Server 2022 connection: ssh group: Windows - - distribution: WindowsServer2012R2 - repository: jborean93 - display_name: Server 2012r2 - connection: winrm + # - distribution: WindowsServer2012R2 + # repository: jborean93 + # display_name: Server 2012r2 + # connection: winrm scenario-name: - - default - - forced_remove - - winrm_default - - winrm_forced_remove - exclude: - # OpenSSH is not supported on Windows Server 2012r2. We need to use - # custom scenarios configured for winrm connections. Exclude normal - # scenarios for winrm connections and winrm_* scenarios for ssh - # connections. - - { boxes: { connection: winrm }, scenario-name: default } - - { boxes: { connection: winrm }, scenario-name: forced_remove } - - { boxes: { connection: ssh }, scenario-name: winrm_default } - - { boxes: { connection: ssh }, scenario-name: winrm_forced_remove } + - uninstall + # exclude: + # # OpenSSH is not supported on Windows Server 2012r2. We need to use + # # custom scenarios configured for winrm connections. Exclude normal + # # scenarios for winrm connections and winrm_* scenarios for ssh + # # connections. + # - { boxes: { connection: winrm }, scenario-name: default } + # - { boxes: { connection: winrm }, scenario-name: forced_remove } + # - { boxes: { connection: ssh }, scenario-name: winrm_default } + # - { boxes: { connection: ssh }, scenario-name: winrm_forced_remove } with: box-distribution: ${{ matrix.boxes.distribution }} box-repository: ${{ matrix.boxes.repository }} @@ -85,7 +84,7 @@ jobs: ansible-group: ${{ matrix.boxes.group }} display-name: ${{ matrix.boxes.display_name }} scenario-name: ${{ matrix.scenario-name }} - role-path: ./roles/s1_agent_uninstall + # role-path: ./roles/s1_agent_uninstall secrets: inherit call-ci-assert: diff --git a/.github/workflows/s1_agent_upgrade.yml b/.github/workflows/s1_agent_upgrade.yml index 635a406..c0f7e46 100644 --- a/.github/workflows/s1_agent_upgrade.yml +++ b/.github/workflows/s1_agent_upgrade.yml @@ -2,32 +2,34 @@ name: S1 Agent Upgrade on: push: branches: - - 'release/**' + - "release/**" paths: - - 'roles/s1_agent_upgrade/**' - - '!roles/s1_agent_upgrade/README.md' - - '!roles/s1_agent_upgrade/makefile' - - '.github/workflows/s1_agent_upgrade.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/action.yml' - - 'requirements.yml' + - "roles/s1_agent_upgrade/**" + - "!roles/s1_agent_upgrade/README.md" + - "extensions/molecule/upgrade" + - "!roles/s1_agent_upgrade/makefile" + - ".github/workflows/s1_agent_upgrade.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/action.yml" + - "requirements.yml" pull_request: branches: - - 'main' + - "main" types: - opened - synchronize - ready_for_review paths: - - 'roles/s1_agent_upgrade/**' - - '!roles/s1_agent_upgrade/README.md' - - '!roles/s1_agent_upgrade/makefile' - - '.github/workflows/s1_agent_upgrade.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/actions.yml' - - 'requirements.yml' + - "roles/s1_agent_upgrade/**" + - "!roles/s1_agent_upgrade/README.md" + - "extensions/molecule/upgrade" + - "!roles/s1_agent_upgrade/makefile" + - ".github/workflows/s1_agent_upgrade.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/actions.yml" + - "requirements.yml" workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -40,7 +42,7 @@ jobs: role-path: ./roles/s1_agent_upgrade call-ci-test: - name: 'Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})' + name: "Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})" needs: call-ci-lint uses: ./.github/workflows/ci-test.yml strategy: @@ -60,28 +62,26 @@ jobs: display_name: Server 2022 connection: ssh group: Windows - - distribution: WindowsServer2012R2 - repository: jborean93 - display_name: Server 2012r2 - connection: winrm - group: Windows + # - distribution: WindowsServer2012R2 + # repository: jborean93 + # display_name: Server 2012r2 + # connection: winrm + # group: Windows scenario-name: - - default - - gpg_signed_rpm - - winrm_default - exclude: - # OpenSSH is not supported on Windows Server 2012r2. We need to use - # custom scenarios configured for winrm connections. Exclude normal - # scenarios for winrm connections and winrm_* scenarios for ssh - # connections. - - { boxes: { connection: winrm }, scenario-name: default } - - { boxes: { connection: ssh }, scenario-name: winrm_default } - # Ubuntu and Windows don't used GPG signed RPMs. - - { - scenario-name: gpg_signed_rpm, - boxes: { distribution: ubuntu2204 }, - } - - { boxes: { group: Windows }, scenario-name: gpg_signed_rpm } + - uninstall + # exclude: + # # OpenSSH is not supported on Windows Server 2012r2. We need to use + # # custom scenarios configured for winrm connections. Exclude normal + # # scenarios for winrm connections and winrm_* scenarios for ssh + # # connections. + # - { boxes: { connection: winrm }, scenario-name: default } + # - { boxes: { connection: ssh }, scenario-name: winrm_default } + # # Ubuntu and Windows don't used GPG signed RPMs. + # - { + # scenario-name: gpg_signed_rpm, + # boxes: { distribution: ubuntu2204 }, + # } + # - { boxes: { group: Windows }, scenario-name: gpg_signed_rpm } with: box-distribution: ${{ matrix.boxes.distribution }} box-repository: ${{ matrix.boxes.repository }} @@ -89,7 +89,7 @@ jobs: ansible-group: ${{ matrix.boxes.group }} display-name: ${{ matrix.boxes.display_name }} scenario-name: ${{ matrix.scenario-name }} - role-path: ./roles/s1_agent_upgrade + # role-path: ./roles/s1_agent_upgrade secrets: inherit call-ci-assert: diff --git a/.github/workflows/s1_agent_uuid.yml b/.github/workflows/s1_agent_uuid.yml index 8bb4aa9..98082b1 100644 --- a/.github/workflows/s1_agent_uuid.yml +++ b/.github/workflows/s1_agent_uuid.yml @@ -2,32 +2,34 @@ name: S1 Agent UUID on: push: branches: - - 'release/**' + - "release/**" paths: - - 'roles/s1_agent_uuid/**' - - '!roles/s1_agent_uuid/README.md' - - '!roles/s1_agent_uuid/makefile' - - '.github/workflows/s1_agent_uuid.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/action.yml' - - 'requirements.yml' + - "roles/s1_agent_uuid/**" + - "!roles/s1_agent_uuid/README.md" + - "!roles/s1_agent_uuid/makefile" + - "extensions/molecule/uuid" + - ".github/workflows/s1_agent_uuid.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/action.yml" + - "requirements.yml" pull_request: branches: - - 'main' + - "main" types: - opened - synchronize - ready_for_review paths: - - 'roles/s1_agent_uuid/**' - - '!roles/s1_agent_uuid/README.md' - - '!roles/s1_agent_uuid/makefile' - - '.github/workflows/s1_agent_uuid.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/actions.yml' - - 'requirements.yml' + - "roles/s1_agent_uuid/**" + - "!roles/s1_agent_uuid/README.md" + - "!roles/s1_agent_uuid/makefile" + - "extensions/molecule/uuid" + - ".github/workflows/s1_agent_uuid.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/actions.yml" + - "requirements.yml" workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -40,7 +42,7 @@ jobs: role-path: ./roles/s1_agent_uuid call-ci-test: - name: 'Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})' + name: "Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})" needs: call-ci-lint uses: ./.github/workflows/ci-test.yml strategy: @@ -63,7 +65,7 @@ jobs: # Explicitly testing Windows Server 2012r2 is redundant. It is fully # tested by the s1_agent_info role. scenario-name: - - default + - uuid with: box-distribution: ${{ matrix.boxes.distribution }} box-repository: ${{ matrix.boxes.repository }} @@ -71,7 +73,7 @@ jobs: ansible-group: ${{ matrix.boxes.group }} display-name: ${{ matrix.boxes.display_name }} scenario-name: ${{ matrix.scenario-name }} - role-path: ./roles/s1_agent_uuid + # role-path: ./roles/s1_agent_uuid secrets: inherit call-ci-assert: diff --git a/.github/workflows/s1_import_gpg_key.yml b/.github/workflows/s1_import_gpg_key.yml index f01e550..d54c4b8 100644 --- a/.github/workflows/s1_import_gpg_key.yml +++ b/.github/workflows/s1_import_gpg_key.yml @@ -2,32 +2,34 @@ name: S1 Import GPG Key on: push: branches: - - 'release/**' + - "release/**" paths: - - 'roles/s1_import_gpg_key/**' - - '!roles/s1_import_gpg_key/README.md' - - '!roles/s1_import_gpg_key/makefile' - - '.github/workflows/s1_import_gpg_key.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/action.yml' - - 'requirements.yml' + - "roles/s1_import_gpg_key/**" + - "!roles/s1_import_gpg_key/README.md" + - "!roles/s1_import_gpg_key/makefile" + - "extensions/molecule/gpgkey" + - ".github/workflows/s1_import_gpg_key.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/action.yml" + - "requirements.yml" pull_request: branches: - - 'main' + - "main" types: - opened - synchronize - ready_for_review paths: - - 'roles/s1_import_gpg_key/**' - - '!roles/s1_import_gpg_key/README.md' - - '!roles/s1_import_gpg_key/makefile' - - '.github/workflows/s1_import_gpg_key.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/actions.yml' - - 'requirements.yml' + - "roles/s1_import_gpg_key/**" + - "!roles/s1_import_gpg_key/README.md" + - "!roles/s1_import_gpg_key/makefile" + - "extensions/molecule/gpgkey" + - ".github/workflows/s1_import_gpg_key.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/actions.yml" + - "requirements.yml" workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -40,7 +42,7 @@ jobs: role-path: ./roles/s1_import_gpg_key call-ci-test: - name: 'Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})' + name: "Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})" needs: call-ci-lint uses: ./.github/workflows/ci-test.yml strategy: @@ -55,7 +57,7 @@ jobs: repository: roboxes display_name: Rocky 8 scenario-name: - - default + - gpgkey with: box-distribution: ${{ matrix.boxes.distribution }} box-repository: ${{ matrix.boxes.repository }} @@ -63,7 +65,7 @@ jobs: ansible-group: ${{ matrix.boxes.group }} display-name: ${{ matrix.boxes.display_name }} scenario-name: ${{ matrix.scenario-name }} - role-path: ./roles/s1_import_gpg_key + # role-path: ./roles/s1_import_gpg_key secrets: inherit call-ci-assert: diff --git a/.github/workflows/s1_mgmt_get_passphrase.yml b/.github/workflows/s1_mgmt_get_passphrase.yml index 04c18b7..0ca148c 100644 --- a/.github/workflows/s1_mgmt_get_passphrase.yml +++ b/.github/workflows/s1_mgmt_get_passphrase.yml @@ -2,40 +2,34 @@ name: S1 MGMT Get Passphrase on: push: branches: - - 'release/**' + - "release/**" paths: - - 'roles/s1_mgmt_get_passphrase/**' - - 'roles/s1_agent_uuid/**' - - '!roles/s1_mgmt_get_passphrase/README.md' - - '!roles/s1_agent_uuid/README.md' - - '!roles/s1_mgmt_get_passphrase/makefile' - - '!roles/s1_agent_uuid/makefile' - - '.github/workflows/s1_mgmt_get_passphrase.yml' - - '.github/workflows/s1_agent_uuid.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/action.yml' - - 'requirements.yml' + - "roles/s1_mgmt_get_passphrase/**" + - "!roles/s1_mgmt_get_passphrase/README.md" + - "!roles/s1_mgmt_get_passphrase/makefile" + - "extensions/molecule/passphrase" + - ".github/workflows/s1_mgmt_get_passphrase.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/action.yml" + - "requirements.yml" pull_request: branches: - - 'main' + - "main" types: - opened - synchronize - ready_for_review paths: - - 'roles/s1_mgmt_get_passphrase/**' - - 'roles/s1_agent_uuid/**' - - '!roles/s1_mgmt_get_passphrase/README.md' - - '!roles/s1_agent_uuid/README.md' - - '!roles/s1_mgmt_get_passphrase/makefile' - - '!roles/s1_agent_uuid/makefile' - - '.github/workflows/s1_mgmt_get_passphrase.yml' - - '.github/workflows/s1_agent_uuid.yml' - - '.github/workflows/ci-*.yml' - - '!.github/workflows/ci-release.yml' - - '.github/actions/ci-setup/actions.yml' - - 'requirements.yml' + - "roles/s1_mgmt_get_passphrase/**" + - "!roles/s1_mgmt_get_passphrase/README.md" + - "!roles/s1_mgmt_get_passphrase/makefile" + - "extensions/molecule/passphrase" + - ".github/workflows/s1_mgmt_get_passphrase.yml" + - ".github/workflows/ci-*.yml" + - "!.github/workflows/ci-release.yml" + - ".github/actions/ci-setup/actions.yml" + - "requirements.yml" workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -48,7 +42,7 @@ jobs: role-path: ./roles/s1_mgmt_get_passphrase call-ci-test: - name: 'Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})' + name: "Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})" needs: call-ci-lint uses: ./.github/workflows/ci-test.yml strategy: @@ -68,20 +62,19 @@ jobs: display_name: Server 2022 connection: ssh group: Windows - - distribution: WindowsServer2012R2 - repository: jborean93 - display_name: Server 2012r2 - connection: winrm + # - distribution: WindowsServer2012R2 + # repository: jborean93 + # display_name: Server 2012r2 + # connection: winrm scenario-name: - - default - - winrm_default - exclude: - # OpenSSH is not supported on Windows Server 2012r2. We need to use - # custom scenarios configured for winrm connections. Exclude normal - # scenarios for winrm connections and winrm_* scenarios for ssh - # connections. - - { boxes: { connection: winrm }, scenario-name: default } - - { boxes: { connection: ssh }, scenario-name: winrm_default } + - passphrase + # exclude: + # # OpenSSH is not supported on Windows Server 2012r2. We need to use + # # custom scenarios configured for winrm connections. Exclude normal + # # scenarios for winrm connections and winrm_* scenarios for ssh + # # connections. + # - { boxes: { connection: winrm }, scenario-name: default } + # - { boxes: { connection: ssh }, scenario-name: winrm_default } with: box-distribution: ${{ matrix.boxes.distribution }} box-repository: ${{ matrix.boxes.repository }} @@ -89,7 +82,7 @@ jobs: ansible-group: ${{ matrix.boxes.group }} display-name: ${{ matrix.boxes.display_name }} scenario-name: ${{ matrix.scenario-name }} - role-path: ./roles/s1_mgmt_get_passphrase + # role-path: ./roles/s1_mgmt_get_passphrase secrets: inherit call-ci-assert: diff --git a/.vscode/s1agents.code-workspace b/.vscode/s1agents.code-workspace index 77e341f..4c26f62 100644 --- a/.vscode/s1agents.code-workspace +++ b/.vscode/s1agents.code-workspace @@ -25,7 +25,7 @@ }, "[shellscript]": { "editor.insertSpaces": false, - "editor.tabSize": 4, + "editor.tabSize": 4 }, "[yaml]": { "editor.tabSize": 2, @@ -33,11 +33,9 @@ "editor.renderWhitespace": "all", "editor.renderControlCharacters": true, "editor.formatOnSave": true, - "editor.insertSpaces": true, + "editor.insertSpaces": true }, - "yaml.customTags": [ - "!vault" - ], + "yaml.customTags": ["!vault"], "yaml.format.singleQuote": true, "ansible.ansible.useFullyQualifiedCollectionNames": true, }, @@ -48,4 +46,4 @@ "streetsidesoftware.code-spell-checker" ] } -} \ No newline at end of file +} diff --git a/.yamllint b/.yamllint index 3887bb2..7b377ac 100644 --- a/.yamllint +++ b/.yamllint @@ -4,29 +4,26 @@ extends: default rules: braces: - max-spaces-inside: 1 - level: error + min-spaces-inside: 0 # yamllint defaults to 0 + max-spaces-inside: 1 # yamllint defaults to 0 brackets: + min-spaces-inside: 0 max-spaces-inside: 1 - level: error colons: max-spaces-after: -1 - level: error commas: max-spaces-after: -1 - level: error comments: min-spaces-from-content: 1 + comments-indentation: false document-start: enable empty-lines: max: 3 - level: error hyphens: level: error indentation: spaces: consistent indent-sequences: true - check-multi-line-strings: true key-duplicates: enable line-length: max: 160 @@ -36,5 +33,8 @@ rules: new-line-at-end-of-file: enable new-lines: type: unix - truthy: - allowed-values: ['true', 'false', 'yes', 'no'] + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true + # truthy: + # allowed-values: ["true", "false", "yes", "no"] diff --git a/roles/s1_agent_common/molecule/resources/converge.yml b/extensions/molecule/common/converge.yml similarity index 59% rename from roles/s1_agent_common/molecule/resources/converge.yml rename to extensions/molecule/common/converge.yml index 442945d..7feeb04 100644 --- a/roles/s1_agent_common/molecule/resources/converge.yml +++ b/extensions/molecule/common/converge.yml @@ -3,6 +3,6 @@ hosts: all gather_facts: false tasks: - - name: "Include s1_agent_common" + - name: Include s1_agent_common ansible.builtin.include_role: - name: "s1_agent_common" + name: s1_agent_common diff --git a/extensions/molecule/common/molecule.yml b/extensions/molecule/common/molecule.yml new file mode 100644 index 0000000..4280ff0 --- /dev/null +++ b/extensions/molecule/common/molecule.yml @@ -0,0 +1,74 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ../requirements.yml + +driver: + name: vagrant + provider: + name: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + options: + linked_clone: true + +platforms: + - name: ${S1_MOLECULE_HOSTNAME:-blue-firefly}-${S1_VAGRANT_DISTRO:-rocky8} + groups: + - all + children: + - ${S1_VAGRANT_GROUP:-Linux} + box: ${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8} + memory: 4096 + cpus: 2 + config_options: + synced_folder: false + provider_options: + linked_clone: true + +provisioner: + name: ansible + config_options: + defaults: + gathering: explicit + fact_caching: jsonfile + fact_caching_connection: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + fact_caching_timeout: 900 + retry_files_enabled: false + ssh_connection: + # Required for connecting to RHEL 6.x + ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa + env: + ANSIBLE_ROLES_PATH: ../../../roles + # ANSIBLE_VERBOSITY: 3 + VAGRANT_DEFAULT_PROVIDER: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + S1_MOLECULE_HOSTNAME: ${S1_MOLECULE_HOSTNAME:-blue-firefly} + inventory: + group_vars: + all: + s1_management_console: ${S1_MANAGEMENT_CONSOLE} + s1_agent_site_token: ${S1_AGENT_SITE_TOKEN} + s1_api_token: ${S1_API_TOKEN} + s1_agent_customer_id: ansible_collection_dev + s1_download_path: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + s1_forced_remove: false + # s1_force_reboot: false + Linux: + Windows: + ansible_become_method: runas + ansible_become_user: vagrant + ansible_become_password: vagrant + ansible_user: vagrant + ansible_connection: ssh + ansible_shell_type: cmd + ansible_win_async_startup_timeout: 60 + Darwin: + playbooks: + cleanup: templates/cleanup-basic.yml + prepare: templates/prepare-basic.yml + +verifier: + name: ansible +# lint: | +# yamllint . +# ansible-lint . +# flake8 diff --git a/extensions/molecule/common/templates/cleanup-basic.yml b/extensions/molecule/common/templates/cleanup-basic.yml new file mode 100644 index 0000000..77db33f --- /dev/null +++ b/extensions/molecule/common/templates/cleanup-basic.yml @@ -0,0 +1,8 @@ +--- +- name: Cleanup + hosts: all + gather_facts: false + tasks: + - name: Include tasks to remove work directory + ansible.builtin.include_tasks: + file: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/molecule/common/templates/tasks/remove_work_dir.yml" diff --git a/extensions/molecule/common/templates/cleanup-uninstall-agent.yml b/extensions/molecule/common/templates/cleanup-uninstall-agent.yml new file mode 100644 index 0000000..1637a16 --- /dev/null +++ b/extensions/molecule/common/templates/cleanup-uninstall-agent.yml @@ -0,0 +1,12 @@ +--- +- name: Cleanup + hosts: all + gather_facts: false + tasks: + - name: Include tasks to remove agent + ansible.builtin.include_tasks: + file: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/molecule/common/templates/tasks/remove_s1_agent.yml" + + - name: Include tasks to remove work directory + ansible.builtin.include_tasks: + file: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/molecule/common/templates/tasks/remove_work_dir.yml" diff --git a/extensions/molecule/common/templates/prepare-basic.yml b/extensions/molecule/common/templates/prepare-basic.yml new file mode 100644 index 0000000..37a65e1 --- /dev/null +++ b/extensions/molecule/common/templates/prepare-basic.yml @@ -0,0 +1,14 @@ +--- +- name: Prepare + hosts: all + gather_facts: yes + gather_subset: + - "!all" + - "!hardware" + - min + tasks: + - name: Include tasks to clean up package managers | Linux + ansible.builtin.include_tasks: + file: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/molecule/common/templates/tasks/prepare_package_manager.yml" + when: + - ansible_system == 'Linux' diff --git a/extensions/molecule/common/templates/prepare-install-agent.yml b/extensions/molecule/common/templates/prepare-install-agent.yml new file mode 100644 index 0000000..9cb71ff --- /dev/null +++ b/extensions/molecule/common/templates/prepare-install-agent.yml @@ -0,0 +1,18 @@ +--- +- name: Prepare + hosts: all + gather_facts: yes + gather_subset: + - "!all" + - "!hardware" + - min + tasks: + - name: Include tasks to clean up package managers | Linux + ansible.builtin.include_tasks: + file: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/molecule/common/templates/tasks/prepare_package_manager.yml" + when: + - ansible_system == 'Linux' + + - name: Include tasks to install agent + ansible.builtin.include_tasks: + file: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/molecule/common/templates/tasks/install_s1_agent.yml" diff --git a/extensions/molecule/common/templates/tasks/install_s1_agent.yml b/extensions/molecule/common/templates/tasks/install_s1_agent.yml new file mode 100644 index 0000000..83182be --- /dev/null +++ b/extensions/molecule/common/templates/tasks/install_s1_agent.yml @@ -0,0 +1,42 @@ +--- +- name: Install SentinelOne Agent + ansible.builtin.include_role: + name: s1_agent_install + vars: + s1_reboot_handler_name: Reboot Node | {{ ansible_os_family }} | Unit Testing + +- name: Flush handlers + ansible.builtin.meta: flush_handlers + +- name: Clear cached facts + ansible.builtin.meta: clear_facts + +- name: Get the agent's state + ansible.builtin.include_role: + name: "{{ item }}" + loop: + - s1_agent_common + - s1_agent_info + +- name: Persist facts for verify step + ansible.builtin.set_fact: + s1_molecule_installed_src: "{{ s1_agent_src }}" + # yamllint disable-line rule:line-length + s1_molecule_installed_version: "{{ s1_agent_version if ansible_os_family != 'Windows' else s1_agent_version | regex_replace('(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)', '\\1.\\2.\\4') }}" + cacheable: yes + +- name: Wait for agent to register with Management Console + ansible.builtin.uri: + url: "{{ s1_management_console }}/web/api/v2.1/agents?uuid={{ s1_agent_info.uuid }}&isActive=true" + return_content: false + headers: + Authorization: "ApiToken {{ s1_api_token }}" + validate_certs: "{{ s1_validate_certs | default('true') | bool }}" + register: s1_agent_registered + until: + - s1_agent_registered is not failed + - s1_agent_registered.json.pagination.totalItems == 1 + retries: 10 + delay: 10 + become: no + delegate_to: localhost diff --git a/roles/s1_agent_common/molecule/common_files/tasks/prepare_package_manager.yml b/extensions/molecule/common/templates/tasks/prepare_package_manager.yml similarity index 100% rename from roles/s1_agent_common/molecule/common_files/tasks/prepare_package_manager.yml rename to extensions/molecule/common/templates/tasks/prepare_package_manager.yml diff --git a/extensions/molecule/common/templates/tasks/remove_s1_agent.yml b/extensions/molecule/common/templates/tasks/remove_s1_agent.yml new file mode 100644 index 0000000..c8f6526 --- /dev/null +++ b/extensions/molecule/common/templates/tasks/remove_s1_agent.yml @@ -0,0 +1,30 @@ +--- +- name: Gather required facts + ansible.builtin.setup: + gather_subset: + - "!all" + - "min" + ignore_unreachable: true + +- name: Check Connectivity + when: ansible_facts['os_family'] is defined + block: + - name: Check Linux Connectivity + ansible.builtin.ping: + register: ping_result + ignore_unreachable: true + when: ansible_facts['os_family'] != "Windows" + + - name: Check Windows Connectivity + ansible.windows.win_ping: + register: win_ping_result + ignore_unreachable: true + when: ansible_facts['os_family'] == "Windows" + + - name: Uninstall S1 Agent + ansible.builtin.include_role: + name: s1_agent_uninstall + vars: + s1_reboot_handler_name: Reboot Node | {{ ansible_os_family }} | Unit Testing + s1_common_skip_reboot: true + when: (ping_result.ping is defined and ping_result.ping == "pong") or (win_ping_result.ping is defined and win_ping_result.ping == "pong") diff --git a/extensions/molecule/common/templates/tasks/remove_work_dir.yml b/extensions/molecule/common/templates/tasks/remove_work_dir.yml new file mode 100644 index 0000000..99abe50 --- /dev/null +++ b/extensions/molecule/common/templates/tasks/remove_work_dir.yml @@ -0,0 +1,8 @@ +--- +- name: Remove S1 work directory # noqa: run-once[task] + ansible.builtin.file: + path: "{{ s1_download_path }}" + state: absent + run_once: true + delegate_to: localhost + become: no diff --git a/roles/s1_agent_common/molecule/resources/verify.yml b/extensions/molecule/common/verify.yml similarity index 97% rename from roles/s1_agent_common/molecule/resources/verify.yml rename to extensions/molecule/common/verify.yml index 518aedf..b6f10e5 100644 --- a/roles/s1_agent_common/molecule/resources/verify.yml +++ b/extensions/molecule/common/verify.yml @@ -1,6 +1,4 @@ --- -# This is an example playbook to execute Ansible tests. - - name: Verify hosts: all gather_facts: false @@ -108,4 +106,4 @@ ansible.builtin.assert: that: - s1_product_id is defined - - s1_product_id | length >= 4 + - s1_product_id | length >= 6 diff --git a/roles/s1_agent_install/molecule/resources/converge.yml b/extensions/molecule/default/converge.yml similarity index 61% rename from roles/s1_agent_install/molecule/resources/converge.yml rename to extensions/molecule/default/converge.yml index 8685220..3064531 100644 --- a/roles/s1_agent_install/molecule/resources/converge.yml +++ b/extensions/molecule/default/converge.yml @@ -18,11 +18,11 @@ - name: Persist facts for verify step ansible.builtin.set_fact: - s1_molecule_agent_src: '{{ s1_agent_src }}' + s1_molecule_installed_src: "{{ s1_agent_src }}" # yamllint disable-line rule:line-length - s1_molecule_agent_version: "{{ s1_agent_version if ansible_os_family != 'Windows' else s1_agent_version | regex_replace('(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)', '\\1.\\2.\\4') }}" - cacheable: yes + s1_molecule_installed_version: "{{ s1_agent_version if ansible_os_family != 'Windows' else s1_agent_version | regex_replace('(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)', '\\1.\\2.\\4') }}" + cacheable: true - - name: Show s1_molecule_agent_version + - name: Show s1_molecule_installed_version ansible.builtin.debug: - var: s1_molecule_agent_version + var: s1_molecule_installed_version diff --git a/extensions/molecule/default/molecule.yml b/extensions/molecule/default/molecule.yml new file mode 100644 index 0000000..4b9bd5a --- /dev/null +++ b/extensions/molecule/default/molecule.yml @@ -0,0 +1,70 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ../requirements.yml + +driver: + name: vagrant + provider: + name: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + options: + linked_clone: true + +platforms: + - name: ${S1_MOLECULE_HOSTNAME:-blue-firefly}-${S1_VAGRANT_DISTRO:-rocky8} + groups: + - all + children: + - ${S1_VAGRANT_GROUP:-Linux} + box: ${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8} + memory: 4096 + cpus: 2 + config_options: + synced_folder: false + provider_options: + linked_clone: true + +provisioner: + name: ansible + config_options: + defaults: + gathering: explicit + fact_caching: jsonfile + fact_caching_connection: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + fact_caching_timeout: 900 + retry_files_enabled: false + ssh_connection: + # Required for connecting to RHEL 6.x + ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa + env: + ANSIBLE_ROLES_PATH: ../../../roles + # ANSIBLE_VERBOSITY: 3 + VAGRANT_DEFAULT_PROVIDER: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + S1_MOLECULE_HOSTNAME: ${S1_MOLECULE_HOSTNAME:-blue-firefly} + inventory: + group_vars: + all: + s1_management_console: ${S1_MANAGEMENT_CONSOLE} + s1_agent_site_token: ${S1_AGENT_SITE_TOKEN} + s1_api_token: ${S1_API_TOKEN} + s1_agent_customer_id: ansible_collection_dev + s1_download_path: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + s1_forced_remove: false + # s1_force_reboot: false + Linux: + Windows: + ansible_become_method: runas + ansible_become_user: vagrant + ansible_become_password: vagrant + ansible_user: vagrant + ansible_connection: ssh + ansible_shell_type: cmd + ansible_win_async_startup_timeout: 60 + Darwin: + playbooks: + cleanup: ../common/templates/cleanup-uninstall-agent.yml + prepare: ../common/templates/prepare-basic.yml + +verifier: + name: ansible diff --git a/extensions/molecule/default/verify.yml b/extensions/molecule/default/verify.yml new file mode 100644 index 0000000..77314a1 --- /dev/null +++ b/extensions/molecule/default/verify.yml @@ -0,0 +1,48 @@ +--- +# This is an example playbook to execute Ansible tests. + +- name: Verify + hosts: all + gather_facts: false + roles: + - s1_agent_common + - s1_agent_info + pre_tasks: + - name: Verify Agent Downloaded + block: + - name: Assert that s1_agent_src is defined + ansible.builtin.assert: + that: + - s1_molecule_installed_src is defined + - s1_molecule_installed_src is not none + - s1_molecule_installed_src | length > 0 + + - name: Get SentinelOne Agent + ansible.builtin.stat: + path: "{{ s1_molecule_installed_src }}" + register: s1_agent_stat + delegate_to: localhost + + - name: Assert that SentinelOne Agent was downloaded + ansible.builtin.assert: + that: s1_agent_stat.stat.exists + tasks: + - name: Verify Agent installed + block: + - name: Show agent info + ansible.builtin.debug: + var: s1_agent_info + + - name: Assert SentinelOne Agent is installed + ansible.builtin.assert: + that: + - s1_agent_info is defined + - s1_agent_info.installed | bool + - s1_agent_info.version == s1_molecule_installed_version + + - name: Assert SentinelOne service is running + ansible.builtin.assert: + that: + - s1_agent_info is defined + - s1_agent_info.service_status == ('running' if ansible_os_family != 'Windows' else 'started') + - s1_agent_info.agent_enabled == (true | bool) diff --git a/roles/s1_agent_download/molecule/resources/converge.yml b/extensions/molecule/download/converge.yml similarity index 69% rename from roles/s1_agent_download/molecule/resources/converge.yml rename to extensions/molecule/download/converge.yml index 260de5d..ad18bca 100644 --- a/roles/s1_agent_download/molecule/resources/converge.yml +++ b/extensions/molecule/download/converge.yml @@ -13,6 +13,6 @@ - name: Persist facts ansible.builtin.set_fact: - s1_molecule_agent_src: '{{ s1_agent_src }}' - s1_molecule_agent_version: '{{ s1_agent_version }}' - cacheable: yes + s1_molecule_installed_src: "{{ s1_agent_src }}" + s1_molecule_installed_version: "{{ s1_agent_version }}" + cacheable: true diff --git a/extensions/molecule/download/molecule.yml b/extensions/molecule/download/molecule.yml new file mode 100644 index 0000000..78b6655 --- /dev/null +++ b/extensions/molecule/download/molecule.yml @@ -0,0 +1,70 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ../requirements.yml + +driver: + name: vagrant + provider: + name: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + options: + linked_clone: true + +platforms: + - name: ${S1_MOLECULE_HOSTNAME:-blue-firefly}-${S1_VAGRANT_DISTRO:-rocky8} + groups: + - all + children: + - ${S1_VAGRANT_GROUP:-Linux} + box: ${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8} + memory: 4096 + cpus: 2 + config_options: + synced_folder: false + provider_options: + linked_clone: true + +provisioner: + name: ansible + config_options: + defaults: + gathering: explicit + fact_caching: jsonfile + fact_caching_connection: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + fact_caching_timeout: 900 + retry_files_enabled: false + ssh_connection: + # Required for connecting to RHEL 6.x + ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa + env: + ANSIBLE_ROLES_PATH: ../../../roles + # ANSIBLE_VERBOSITY: 3 + VAGRANT_DEFAULT_PROVIDER: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + S1_MOLECULE_HOSTNAME: ${S1_MOLECULE_HOSTNAME:-blue-firefly} + inventory: + group_vars: + all: + s1_management_console: ${S1_MANAGEMENT_CONSOLE} + s1_agent_site_token: ${S1_AGENT_SITE_TOKEN} + s1_api_token: ${S1_API_TOKEN} + s1_agent_customer_id: ansible_collection_dev + s1_download_path: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + s1_forced_remove: false + # s1_force_reboot: false + Linux: + Windows: + ansible_become_method: runas + ansible_become_user: vagrant + ansible_become_password: vagrant + ansible_user: vagrant + ansible_connection: ssh + ansible_shell_type: cmd + ansible_win_async_startup_timeout: 60 + Darwin: + playbooks: + cleanup: ../common/templates/cleanup-basic.yml + prepare: ../common/templates/prepare-basic.yml + +verifier: + name: ansible diff --git a/roles/s1_agent_download/molecule/resources/verify.yml b/extensions/molecule/download/verify.yml similarity index 62% rename from roles/s1_agent_download/molecule/resources/verify.yml rename to extensions/molecule/download/verify.yml index 1f681f9..a0428bd 100644 --- a/roles/s1_agent_download/molecule/resources/verify.yml +++ b/extensions/molecule/download/verify.yml @@ -1,6 +1,4 @@ --- -# This is an example playbook to execute Ansible tests. - - name: Verify hosts: all gather_facts: false @@ -8,13 +6,13 @@ - name: Assert that s1_agent_src is defined ansible.builtin.assert: that: - - s1_molecule_agent_src is defined - - s1_molecule_agent_src is not none - - s1_molecule_agent_src | length > 0 + - s1_molecule_installed_src is defined + - s1_molecule_installed_src is not none + - s1_molecule_installed_src | length > 0 - name: Get SentinelOne Agent ansible.builtin.stat: - path: '{{ s1_molecule_agent_src }}' + path: "{{ s1_molecule_installed_src }}" register: s1_agent_stat delegate_to: localhost diff --git a/roles/s1_import_gpg_key/molecule/default/converge.yml b/extensions/molecule/gpgkey/converge.yml similarity index 100% rename from roles/s1_import_gpg_key/molecule/default/converge.yml rename to extensions/molecule/gpgkey/converge.yml diff --git a/extensions/molecule/gpgkey/molecule.yml b/extensions/molecule/gpgkey/molecule.yml new file mode 100644 index 0000000..78b6655 --- /dev/null +++ b/extensions/molecule/gpgkey/molecule.yml @@ -0,0 +1,70 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ../requirements.yml + +driver: + name: vagrant + provider: + name: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + options: + linked_clone: true + +platforms: + - name: ${S1_MOLECULE_HOSTNAME:-blue-firefly}-${S1_VAGRANT_DISTRO:-rocky8} + groups: + - all + children: + - ${S1_VAGRANT_GROUP:-Linux} + box: ${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8} + memory: 4096 + cpus: 2 + config_options: + synced_folder: false + provider_options: + linked_clone: true + +provisioner: + name: ansible + config_options: + defaults: + gathering: explicit + fact_caching: jsonfile + fact_caching_connection: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + fact_caching_timeout: 900 + retry_files_enabled: false + ssh_connection: + # Required for connecting to RHEL 6.x + ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa + env: + ANSIBLE_ROLES_PATH: ../../../roles + # ANSIBLE_VERBOSITY: 3 + VAGRANT_DEFAULT_PROVIDER: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + S1_MOLECULE_HOSTNAME: ${S1_MOLECULE_HOSTNAME:-blue-firefly} + inventory: + group_vars: + all: + s1_management_console: ${S1_MANAGEMENT_CONSOLE} + s1_agent_site_token: ${S1_AGENT_SITE_TOKEN} + s1_api_token: ${S1_API_TOKEN} + s1_agent_customer_id: ansible_collection_dev + s1_download_path: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + s1_forced_remove: false + # s1_force_reboot: false + Linux: + Windows: + ansible_become_method: runas + ansible_become_user: vagrant + ansible_become_password: vagrant + ansible_user: vagrant + ansible_connection: ssh + ansible_shell_type: cmd + ansible_win_async_startup_timeout: 60 + Darwin: + playbooks: + cleanup: ../common/templates/cleanup-basic.yml + prepare: ../common/templates/prepare-basic.yml + +verifier: + name: ansible diff --git a/roles/s1_import_gpg_key/molecule/default/verify.yml b/extensions/molecule/gpgkey/verify.yml similarity index 85% rename from roles/s1_import_gpg_key/molecule/default/verify.yml rename to extensions/molecule/gpgkey/verify.yml index 700cf2e..c1b5c60 100644 --- a/roles/s1_import_gpg_key/molecule/default/verify.yml +++ b/extensions/molecule/gpgkey/verify.yml @@ -5,8 +5,8 @@ hosts: all gather_facts: true gather_subset: - - '!all' - - '!hardware' + - "!all" + - "!hardware" - min roles: - s1_agent_common @@ -20,8 +20,8 @@ - name: Get SentinelOne GPG key | Linux ansible.builtin.rpm_key: state: present - key: '{{ s1_tmp_linux }}/sentinel_one.gpg' - become: yes + key: "{{ s1_tmp_linux }}/sentinel_one.gpg" + become: true register: s1_molecule_rpm_key - name: Assert that SentinelOne GPG key is installed | Linux diff --git a/roles/s1_agent_info/molecule/resources/default/converge.yml b/extensions/molecule/info-installed/converge.yml similarity index 63% rename from roles/s1_agent_info/molecule/resources/default/converge.yml rename to extensions/molecule/info-installed/converge.yml index 475bc03..88320df 100644 --- a/roles/s1_agent_info/molecule/resources/default/converge.yml +++ b/extensions/molecule/info-installed/converge.yml @@ -3,9 +3,9 @@ hosts: all gather_facts: false tasks: - - name: 'Include s1_agent_info' + - name: Include s1_agent_info ansible.builtin.include_role: - name: 's1_agent_info' + name: s1_agent_info - name: Show agent info ansible.builtin.debug: @@ -13,5 +13,5 @@ - name: Persist facts ansible.builtin.set_fact: - s1_molecule_agent_info: '{{ s1_agent_info }}' - cacheable: yes + s1_molecule_agent_info: "{{ s1_agent_info }}" + cacheable: true diff --git a/extensions/molecule/info-installed/molecule.yml b/extensions/molecule/info-installed/molecule.yml new file mode 100644 index 0000000..c52f35e --- /dev/null +++ b/extensions/molecule/info-installed/molecule.yml @@ -0,0 +1,70 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ../requirements.yml + +driver: + name: vagrant + provider: + name: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + options: + linked_clone: true + +platforms: + - name: ${S1_MOLECULE_HOSTNAME:-blue-firefly}-${S1_VAGRANT_DISTRO:-rocky8} + groups: + - all + children: + - ${S1_VAGRANT_GROUP:-Linux} + box: ${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8} + memory: 4096 + cpus: 2 + config_options: + synced_folder: false + provider_options: + linked_clone: true + +provisioner: + name: ansible + config_options: + defaults: + gathering: explicit + fact_caching: jsonfile + fact_caching_connection: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + fact_caching_timeout: 900 + retry_files_enabled: false + ssh_connection: + # Required for connecting to RHEL 6.x + ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa + env: + ANSIBLE_ROLES_PATH: ../../../roles + # ANSIBLE_VERBOSITY: 3 + VAGRANT_DEFAULT_PROVIDER: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + S1_MOLECULE_HOSTNAME: ${S1_MOLECULE_HOSTNAME:-blue-firefly} + inventory: + group_vars: + all: + s1_management_console: ${S1_MANAGEMENT_CONSOLE} + s1_agent_site_token: ${S1_AGENT_SITE_TOKEN} + s1_api_token: ${S1_API_TOKEN} + s1_agent_customer_id: ansible_collection_dev + s1_download_path: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + s1_forced_remove: false + # s1_force_reboot: false + Linux: + Windows: + ansible_become_method: runas + ansible_become_user: vagrant + ansible_become_password: vagrant + ansible_user: vagrant + ansible_connection: ssh + ansible_shell_type: cmd + ansible_win_async_startup_timeout: 60 + Darwin: + playbooks: + cleanup: ../common/templates/cleanup-uninstall-agent.yml + prepare: ../common/templates/prepare-install-agent.yml + +verifier: + name: ansible diff --git a/roles/s1_agent_info/molecule/resources/default/verify.yml b/extensions/molecule/info-installed/verify.yml similarity index 98% rename from roles/s1_agent_info/molecule/resources/default/verify.yml rename to extensions/molecule/info-installed/verify.yml index 2d8b133..cdfdebc 100644 --- a/roles/s1_agent_info/molecule/resources/default/verify.yml +++ b/extensions/molecule/info-installed/verify.yml @@ -1,6 +1,4 @@ --- -# This is an example playbook to execute Ansible tests. - - name: Verify hosts: all gather_facts: true diff --git a/roles/s1_agent_info/molecule/resources/not_installed/converge.yml b/extensions/molecule/info-missing/converge.yml similarity index 63% rename from roles/s1_agent_info/molecule/resources/not_installed/converge.yml rename to extensions/molecule/info-missing/converge.yml index 475bc03..88320df 100644 --- a/roles/s1_agent_info/molecule/resources/not_installed/converge.yml +++ b/extensions/molecule/info-missing/converge.yml @@ -3,9 +3,9 @@ hosts: all gather_facts: false tasks: - - name: 'Include s1_agent_info' + - name: Include s1_agent_info ansible.builtin.include_role: - name: 's1_agent_info' + name: s1_agent_info - name: Show agent info ansible.builtin.debug: @@ -13,5 +13,5 @@ - name: Persist facts ansible.builtin.set_fact: - s1_molecule_agent_info: '{{ s1_agent_info }}' - cacheable: yes + s1_molecule_agent_info: "{{ s1_agent_info }}" + cacheable: true diff --git a/extensions/molecule/info-missing/molecule.yml b/extensions/molecule/info-missing/molecule.yml new file mode 100644 index 0000000..78b6655 --- /dev/null +++ b/extensions/molecule/info-missing/molecule.yml @@ -0,0 +1,70 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ../requirements.yml + +driver: + name: vagrant + provider: + name: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + options: + linked_clone: true + +platforms: + - name: ${S1_MOLECULE_HOSTNAME:-blue-firefly}-${S1_VAGRANT_DISTRO:-rocky8} + groups: + - all + children: + - ${S1_VAGRANT_GROUP:-Linux} + box: ${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8} + memory: 4096 + cpus: 2 + config_options: + synced_folder: false + provider_options: + linked_clone: true + +provisioner: + name: ansible + config_options: + defaults: + gathering: explicit + fact_caching: jsonfile + fact_caching_connection: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + fact_caching_timeout: 900 + retry_files_enabled: false + ssh_connection: + # Required for connecting to RHEL 6.x + ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa + env: + ANSIBLE_ROLES_PATH: ../../../roles + # ANSIBLE_VERBOSITY: 3 + VAGRANT_DEFAULT_PROVIDER: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + S1_MOLECULE_HOSTNAME: ${S1_MOLECULE_HOSTNAME:-blue-firefly} + inventory: + group_vars: + all: + s1_management_console: ${S1_MANAGEMENT_CONSOLE} + s1_agent_site_token: ${S1_AGENT_SITE_TOKEN} + s1_api_token: ${S1_API_TOKEN} + s1_agent_customer_id: ansible_collection_dev + s1_download_path: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + s1_forced_remove: false + # s1_force_reboot: false + Linux: + Windows: + ansible_become_method: runas + ansible_become_user: vagrant + ansible_become_password: vagrant + ansible_user: vagrant + ansible_connection: ssh + ansible_shell_type: cmd + ansible_win_async_startup_timeout: 60 + Darwin: + playbooks: + cleanup: ../common/templates/cleanup-basic.yml + prepare: ../common/templates/prepare-basic.yml + +verifier: + name: ansible diff --git a/roles/s1_agent_info/molecule/resources/not_installed/verify.yml b/extensions/molecule/info-missing/verify.yml similarity index 92% rename from roles/s1_agent_info/molecule/resources/not_installed/verify.yml rename to extensions/molecule/info-missing/verify.yml index 0a71d95..6f3d30b 100644 --- a/roles/s1_agent_info/molecule/resources/not_installed/verify.yml +++ b/extensions/molecule/info-missing/verify.yml @@ -1,6 +1,4 @@ --- -# This is an example playbook to execute Ansible tests. - - name: Verify hosts: all gather_facts: false diff --git a/roles/s1_mgmt_get_passphrase/molecule/resources/converge.yml b/extensions/molecule/passphrase/converge.yml similarity index 66% rename from roles/s1_mgmt_get_passphrase/molecule/resources/converge.yml rename to extensions/molecule/passphrase/converge.yml index 677ee09..24e9fb8 100644 --- a/roles/s1_mgmt_get_passphrase/molecule/resources/converge.yml +++ b/extensions/molecule/passphrase/converge.yml @@ -1,7 +1,7 @@ --- - name: Converge hosts: all - gather_facts: no + gather_facts: false tasks: - name: Include s1_mgmt_get_passphrase ansible.builtin.include_role: @@ -10,8 +10,11 @@ - name: Show agent passphrase ansible.builtin.debug: var: s1_agent_passphrase + tags: + - never + - debug - name: Persist facts ansible.builtin.set_fact: - s1_molecule_agent_passphrase: '{{ s1_agent_passphrase }}' - cacheable: yes + s1_molecule_agent_passphrase: "{{ s1_agent_passphrase }}" + cacheable: true diff --git a/extensions/molecule/passphrase/molecule.yml b/extensions/molecule/passphrase/molecule.yml new file mode 100644 index 0000000..5ee1c49 --- /dev/null +++ b/extensions/molecule/passphrase/molecule.yml @@ -0,0 +1,71 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ../requirements.yml + +driver: + name: vagrant + provider: + name: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + options: + linked_clone: true + +platforms: + - name: ${S1_MOLECULE_HOSTNAME:-blue-firefly}-${S1_VAGRANT_DISTRO:-rocky8} + groups: + - all + children: + - ${S1_VAGRANT_GROUP:-Linux} + box: ${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8} + memory: 4096 + cpus: 2 + config_options: + synced_folder: false + provider_options: + linked_clone: true + +provisioner: + name: ansible + config_options: + defaults: + gathering: explicit + fact_caching: jsonfile + fact_caching_connection: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + fact_caching_timeout: 900 + retry_files_enabled: false + ssh_connection: + # Required for connecting to RHEL 6.x + ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa + env: + ANSIBLE_ROLES_PATH: ../../../roles + # ANSIBLE_VERBOSITY: 3 + VAGRANT_DEFAULT_PROVIDER: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + S1_MOLECULE_HOSTNAME: ${S1_MOLECULE_HOSTNAME:-blue-firefly} + inventory: + group_vars: + all: + s1_management_console: ${S1_MANAGEMENT_CONSOLE} + s1_agent_site_token: ${S1_AGENT_SITE_TOKEN} + s1_api_token: ${S1_API_TOKEN} + s1_agent_customer_id: ansible_collection_dev + s1_download_path: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + s1_forced_remove: false + # s1_force_reboot: false + s1_agent_passphrase_report: "{{ s1_download_path }}/passphrase_report.csv" + Linux: + Windows: + ansible_become_method: runas + ansible_become_user: vagrant + ansible_become_password: vagrant + ansible_user: vagrant + ansible_connection: ssh + ansible_shell_type: cmd + ansible_win_async_startup_timeout: 60 + Darwin: + playbooks: + cleanup: ../common/templates/cleanup-uninstall-agent.yml + prepare: ../common/templates/prepare-install-agent.yml + +verifier: + name: ansible diff --git a/roles/s1_mgmt_get_passphrase/molecule/resources/verify.yml b/extensions/molecule/passphrase/verify.yml similarity index 88% rename from roles/s1_mgmt_get_passphrase/molecule/resources/verify.yml rename to extensions/molecule/passphrase/verify.yml index a0acbd9..4ccf50e 100644 --- a/roles/s1_mgmt_get_passphrase/molecule/resources/verify.yml +++ b/extensions/molecule/passphrase/verify.yml @@ -14,13 +14,13 @@ - name: Get passphrase report # noqa: run-once[task] ansible.builtin.stat: - path: '{{ s1_agent_passphrase_report }}' + path: "{{ s1_agent_passphrase_report }}" register: passphrase_report delegate_to: localhost - run_once: yes + run_once: true - name: Assert that passphrase report was created # noqa: run-once[task] ansible.builtin.assert: that: passphrase_report.stat.exists delegate_to: localhost - run_once: yes + run_once: true diff --git a/roles/s1_agent_uninstall/molecule/resources/converge.yml b/extensions/molecule/uninstall/converge.yml similarity index 100% rename from roles/s1_agent_uninstall/molecule/resources/converge.yml rename to extensions/molecule/uninstall/converge.yml diff --git a/extensions/molecule/uninstall/molecule.yml b/extensions/molecule/uninstall/molecule.yml new file mode 100644 index 0000000..c52f35e --- /dev/null +++ b/extensions/molecule/uninstall/molecule.yml @@ -0,0 +1,70 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ../requirements.yml + +driver: + name: vagrant + provider: + name: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + options: + linked_clone: true + +platforms: + - name: ${S1_MOLECULE_HOSTNAME:-blue-firefly}-${S1_VAGRANT_DISTRO:-rocky8} + groups: + - all + children: + - ${S1_VAGRANT_GROUP:-Linux} + box: ${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8} + memory: 4096 + cpus: 2 + config_options: + synced_folder: false + provider_options: + linked_clone: true + +provisioner: + name: ansible + config_options: + defaults: + gathering: explicit + fact_caching: jsonfile + fact_caching_connection: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + fact_caching_timeout: 900 + retry_files_enabled: false + ssh_connection: + # Required for connecting to RHEL 6.x + ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa + env: + ANSIBLE_ROLES_PATH: ../../../roles + # ANSIBLE_VERBOSITY: 3 + VAGRANT_DEFAULT_PROVIDER: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + S1_MOLECULE_HOSTNAME: ${S1_MOLECULE_HOSTNAME:-blue-firefly} + inventory: + group_vars: + all: + s1_management_console: ${S1_MANAGEMENT_CONSOLE} + s1_agent_site_token: ${S1_AGENT_SITE_TOKEN} + s1_api_token: ${S1_API_TOKEN} + s1_agent_customer_id: ansible_collection_dev + s1_download_path: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + s1_forced_remove: false + # s1_force_reboot: false + Linux: + Windows: + ansible_become_method: runas + ansible_become_user: vagrant + ansible_become_password: vagrant + ansible_user: vagrant + ansible_connection: ssh + ansible_shell_type: cmd + ansible_win_async_startup_timeout: 60 + Darwin: + playbooks: + cleanup: ../common/templates/cleanup-uninstall-agent.yml + prepare: ../common/templates/prepare-install-agent.yml + +verifier: + name: ansible diff --git a/roles/s1_agent_uninstall/molecule/resources/verify.yml b/extensions/molecule/uninstall/verify.yml similarity index 100% rename from roles/s1_agent_uninstall/molecule/resources/verify.yml rename to extensions/molecule/uninstall/verify.yml diff --git a/roles/s1_agent_upgrade/molecule/resources/converge.yml b/extensions/molecule/upgrade/converge.yml similarity index 90% rename from roles/s1_agent_upgrade/molecule/resources/converge.yml rename to extensions/molecule/upgrade/converge.yml index a81d795..e34bfd0 100644 --- a/roles/s1_agent_upgrade/molecule/resources/converge.yml +++ b/extensions/molecule/upgrade/converge.yml @@ -14,8 +14,8 @@ ansible.builtin.set_fact: # yamllint disable-line rule:line-length s1_molecule_upgraded_version: "{{ s1_agent_version if ansible_os_family != 'Windows' else s1_agent_version | regex_replace('(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)', '\\1.\\2.\\4') }}" - s1_molecule_upgrade_package: '{{ s1_agent_path | basename }}' - cacheable: yes + s1_molecule_upgrade_package: "{{ s1_agent_path | basename }}" + cacheable: true - name: Show s1_molecule_upgraded_version ansible.builtin.debug: diff --git a/extensions/molecule/upgrade/molecule.yml b/extensions/molecule/upgrade/molecule.yml new file mode 100644 index 0000000..61a5bd2 --- /dev/null +++ b/extensions/molecule/upgrade/molecule.yml @@ -0,0 +1,69 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ../requirements.yml + +driver: + name: vagrant + provider: + name: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + options: + linked_clone: true + +platforms: + - name: ${S1_MOLECULE_HOSTNAME:-blue-firefly}-${S1_VAGRANT_DISTRO:-rocky8} + groups: + - all + children: + - ${S1_VAGRANT_GROUP:-Linux} + box: ${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8} + memory: 4096 + cpus: 2 + config_options: + synced_folder: false + provider_options: + linked_clone: true + +provisioner: + name: ansible + config_options: + defaults: + gathering: explicit + fact_caching: jsonfile + fact_caching_connection: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + fact_caching_timeout: 900 + retry_files_enabled: false + ssh_connection: + # Required for connecting to RHEL 6.x + ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa + env: + ANSIBLE_ROLES_PATH: ../../../roles + # ANSIBLE_VERBOSITY: 3 + VAGRANT_DEFAULT_PROVIDER: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + S1_MOLECULE_HOSTNAME: ${S1_MOLECULE_HOSTNAME:-blue-firefly} + inventory: + group_vars: + all: + s1_management_console: ${S1_MANAGEMENT_CONSOLE} + s1_agent_site_token: ${S1_AGENT_SITE_TOKEN} + s1_api_token: ${S1_API_TOKEN} + s1_agent_customer_id: ansible_collection_dev + s1_download_path: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + s1_forced_remove: false + # s1_force_reboot: false + Linux: + Windows: + ansible_become_method: runas + ansible_become_user: vagrant + ansible_become_password: vagrant + ansible_user: vagrant + ansible_connection: ssh + ansible_shell_type: cmd + ansible_win_async_startup_timeout: 60 + Darwin: + playbooks: + cleanup: ../common/templates/cleanup-uninstall-agent.yml + +verifier: + name: ansible diff --git a/extensions/molecule/upgrade/prepare.yml b/extensions/molecule/upgrade/prepare.yml new file mode 100644 index 0000000..9354e88 --- /dev/null +++ b/extensions/molecule/upgrade/prepare.yml @@ -0,0 +1,20 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + gather_subset: + - "!all" + - "!hardware" + - min + vars: + s1_release_n_minus: 1 + tasks: + - name: Include tasks to clean up package managers | Linux + ansible.builtin.include_tasks: + file: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/molecule/common/templates/tasks/prepare_package_manager.yml" + when: + - ansible_system == 'Linux' + + - name: Include tasks to install agent + ansible.builtin.include_tasks: + file: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/molecule/common/templates/tasks/install_s1_agent.yml" diff --git a/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/verify.yml b/extensions/molecule/upgrade/verify.yml similarity index 67% rename from roles/s1_agent_upgrade/molecule/gpg_signed_rpm/verify.yml rename to extensions/molecule/upgrade/verify.yml index 2cf1656..65b4d46 100644 --- a/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/verify.yml +++ b/extensions/molecule/upgrade/verify.yml @@ -12,27 +12,21 @@ ansible.builtin.debug: var: s1_agent_info - - name: Show s1_molecule_prior_version + - name: Show pre-installed version ansible.builtin.debug: - var: s1_molecule_prior_version + var: s1_molecule_installed_version - - name: Show s1_molecule_upgraded_version + - name: Show upgraded version ansible.builtin.debug: var: s1_molecule_upgraded_version - - name: Assert SentinelOne Agent was upgraded with GPG signed package - ansible.builtin.assert: - that: - - s1_molecule_upgrade_package is regex('^Signed-Sentinel.*') - when: ansible_pkg_mgr in rpm_pkg_mgrs - - name: Assert SentinelOne Agent is upgraded ansible.builtin.assert: that: - s1_agent_info is defined - s1_agent_info.installed | bool - s1_agent_info.version == s1_molecule_upgraded_version - - s1_agent_info.version > s1_molecule_prior_version + - s1_agent_info.version > s1_molecule_installed_version - name: Assert SentinelOne service is running ansible.builtin.assert: diff --git a/roles/s1_agent_uuid/molecule/default/converge.yml b/extensions/molecule/uuid/converge.yml similarity index 82% rename from roles/s1_agent_uuid/molecule/default/converge.yml rename to extensions/molecule/uuid/converge.yml index c6e3b47..01de405 100644 --- a/roles/s1_agent_uuid/molecule/default/converge.yml +++ b/extensions/molecule/uuid/converge.yml @@ -16,5 +16,5 @@ - name: Persist facts ansible.builtin.set_fact: - s1_molecule_agent_uuid: '{{ s1_agent_uuid }}' - cacheable: yes + s1_molecule_agent_uuid: "{{ s1_agent_uuid }}" + cacheable: true diff --git a/extensions/molecule/uuid/molecule.yml b/extensions/molecule/uuid/molecule.yml new file mode 100644 index 0000000..67484b2 --- /dev/null +++ b/extensions/molecule/uuid/molecule.yml @@ -0,0 +1,71 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ../requirements.yml + +driver: + name: vagrant + provider: + name: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + options: + linked_clone: true + +platforms: + - name: ${S1_MOLECULE_HOSTNAME:-blue-firefly}-${S1_VAGRANT_DISTRO:-rocky8} + groups: + - all + children: + - ${S1_VAGRANT_GROUP:-Linux} + box: ${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8} + memory: 4096 + cpus: 2 + config_options: + synced_folder: false + provider_options: + linked_clone: true + +provisioner: + name: ansible + config_options: + defaults: + gathering: explicit + fact_caching: jsonfile + fact_caching_connection: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + fact_caching_timeout: 900 + retry_files_enabled: false + ssh_connection: + # Required for connecting to RHEL 6.x + ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa + env: + ANSIBLE_ROLES_PATH: ../../../roles + # ANSIBLE_VERBOSITY: 3 + VAGRANT_DEFAULT_PROVIDER: ${VAGRANT_DEFAULT_PROVIDER:-virtualbox} + S1_MOLECULE_HOSTNAME: ${S1_MOLECULE_HOSTNAME:-blue-firefly} + inventory: + group_vars: + all: + s1_management_console: ${S1_MANAGEMENT_CONSOLE} + s1_agent_site_token: ${S1_AGENT_SITE_TOKEN} + s1_api_token: ${S1_API_TOKEN} + s1_agent_customer_id: ansible_collection_dev + s1_download_path: ${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache} + s1_forced_remove: false + # s1_force_reboot: false + s1_agent_uuid_report: "{{ s1_download_path }}/uuid_report.csv" + Linux: + Windows: + ansible_become_method: runas + ansible_become_user: vagrant + ansible_become_password: vagrant + ansible_user: vagrant + ansible_connection: ssh + ansible_shell_type: cmd + ansible_win_async_startup_timeout: 60 + Darwin: + playbooks: + cleanup: ../common/templates/cleanup-uninstall-agent.yml + prepare: ../common/templates/prepare-install-agent.yml + +verifier: + name: ansible diff --git a/roles/s1_agent_uuid/molecule/default/verify.yml b/extensions/molecule/uuid/verify.yml similarity index 88% rename from roles/s1_agent_uuid/molecule/default/verify.yml rename to extensions/molecule/uuid/verify.yml index 24695c6..1b0c4dc 100644 --- a/roles/s1_agent_uuid/molecule/default/verify.yml +++ b/extensions/molecule/uuid/verify.yml @@ -14,12 +14,12 @@ - name: Get uuid report # noqa: run-once[task] ansible.builtin.stat: - path: '{{ s1_agent_uuid_report }}' + path: "{{ s1_agent_uuid_report }}" register: uuid_report delegate_to: localhost - run_once: yes + run_once: true - name: Assert that UUID report was created # noqa: run-once[task] ansible.builtin.assert: that: uuid_report.stat.exists - run_once: yes + run_once: true diff --git a/galaxy.yml b/galaxy.yml index 06d398a..38131c7 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -49,9 +49,9 @@ tags: # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version # range specifiers can be set and are separated by ',' dependencies: - 'ansible.windows': '>=1.13.0' - 'community.windows': '>=1.12.0' - 'ansible.posix': '>=1.5.1' + "ansible.windows": ">=1.13.0" + "community.windows": ">=1.12.0" + "ansible.posix": ">=1.5.1" # The URL of the originating SCM repository repository: https://github.com/Sentinel-One/ansible_collection_s1agents @@ -77,8 +77,9 @@ build_ignore: - .vscode - .git* - .yamllint - - '**/.yamllint' + - "**/.yamllint" - .env.yml - - '**/.env.yml' - - '**/makefile' - - '**/molecule' + - "**/.env.yml" + - "**/makefile" + - "**/molecule" + - "**/.ansible-lint" diff --git a/meta/runtime.yml b/meta/runtime.yml new file mode 100644 index 0000000..a2be23d --- /dev/null +++ b/meta/runtime.yml @@ -0,0 +1,2 @@ +--- +requires_ansible: "<=2.16" diff --git a/playbooks/Get-MSIProperties.ps1 b/playbooks/Get-MSIProperties.ps1 new file mode 100644 index 0000000..9b5e9a9 --- /dev/null +++ b/playbooks/Get-MSIProperties.ps1 @@ -0,0 +1,34 @@ +param ( + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.IO.FileInfo] $path, + + [string[]] $properties = @('ProductCode', 'ProductVersion', 'ProductName', 'Manufacturer', 'ProductLanguage') +) +begin { + $windowsInstaller = (New-Object -ComObject WindowsInstaller.Installer) +} +process { + $table = @{} + $msi = $windowsInstaller.GetType().InvokeMember('OpenDatabase', 'InvokeMethod', $null, $windowsInstaller, @($Path.FullName, 0)) + foreach ($property in $properties) { + try { + $view = $msi.GetType().InvokeMember('OpenView', 'InvokeMethod', $null, $msi, ("SELECT Value FROM Property WHERE Property = '$($property)'")) + $view.GetType().InvokeMember('Execute', 'InvokeMethod', $null, $view, $null) + $record = $view.GetType().InvokeMember('Fetch', 'InvokeMethod', $null, $view, $null) + $table.add($property, $record.GetType().InvokeMember('StringData', 'GetProperty', $null, $record, 1)) + } + catch { + $table.add($property, $null) + } + } + $msi.GetType().InvokeMember('Commit', 'InvokeMethod', $null, $msi, $null) + $view.GetType().InvokeMember('Close', 'InvokeMethod', $null, $view, $null) + $msi = $null + $view = $null + return $table +} +end { + [System.Runtime.Interopservices.Marshal]::ReleaseComObject($windowsInstaller) | Out-Null + [System.GC]::Collect() +} \ No newline at end of file diff --git a/playbooks/example_upgrade_linux_with_gpg_signed_package.yml b/playbooks/example_upgrade_linux_with_gpg_signed_package.yml index 9a7859f..8fa2dc0 100644 --- a/playbooks/example_upgrade_linux_with_gpg_signed_package.yml +++ b/playbooks/example_upgrade_linux_with_gpg_signed_package.yml @@ -1,7 +1,7 @@ --- - name: Example play to upgrade Linux agents older than 22.2 to a version newer than 22.2 with the GPG signed package hosts: all - gather_facts: no + gather_facts: false vars: s1_install_gpg_signed_rpm: true s1_management_console: @@ -28,4 +28,4 @@ # Applies to all agents - name: Upgrade agents to latest version ansible.builtin.include_role: - name: s1_agent_upgrade \ No newline at end of file + name: s1_agent_upgrade diff --git a/roles/s1_agent_common/.yamllint b/roles/s1_agent_common/.yamllint deleted file mode 120000 index 4a4652c..0000000 --- a/roles/s1_agent_common/.yamllint +++ /dev/null @@ -1 +0,0 @@ -../../.yamllint \ No newline at end of file diff --git a/roles/s1_agent_common/defaults/main.yml b/roles/s1_agent_common/defaults/main.yml index 1266e4f..d5f4304 100644 --- a/roles/s1_agent_common/defaults/main.yml +++ b/roles/s1_agent_common/defaults/main.yml @@ -12,3 +12,6 @@ s1_tmp_windows: "{{ ansible_env.TEMP }}\\s1_install" # Validate certificates. Set to false for management consoles with self-signed certificates s1_validate_certs: true + +# Skip running the reboot handler +s1_common_skip_reboot: false diff --git a/roles/s1_agent_common/handlers/main.yml b/roles/s1_agent_common/handlers/main.yml index eea1390..4a34135 100644 --- a/roles/s1_agent_common/handlers/main.yml +++ b/roles/s1_agent_common/handlers/main.yml @@ -3,10 +3,10 @@ - name: Start SentinelOne service | Linux ansible.builtin.service: - name: '{{ s1_service_name }}' + name: "{{ s1_service_name }}" state: started - enabled: yes - become: yes + enabled: true + become: true when: - (s1_agent_auto_start | default("yes")) | bool @@ -19,28 +19,30 @@ until: "'Error: receive failed: Connection reset by peer' not in s1_ctl_control.stdout" retries: 15 delay: 5 - become: yes + become: true when: - (s1_agent_auto_start | default("yes")) | bool - name: Reboot Endpoint | Windows ansible.windows.win_reboot: reboot_timeout: 3600 - become: yes + become: true listen: Reboot Node | Windows when: - - s1_force_reboot is defined - - s1_force_reboot | bool + - not s1_common_skip_reboot + # - s1_force_reboot is defined + # - s1_force_reboot | bool - name: Reboot Endpoint | Windows | Development Environment ansible.windows.win_shell: Start-Sleep -Seconds 5 ; Restart-Computer -Force async: 1 poll: 0 - changed_when: yes + changed_when: true listen: Reboot Node | Windows | Unit Testing when: - - s1_force_reboot is defined - - s1_force_reboot | bool + - not s1_common_skip_reboot + # - s1_force_reboot is defined + # - s1_force_reboot | bool - name: Wait for Endpoint to Reboot | Windows | Development Environment ansible.builtin.wait_for_connection: @@ -48,5 +50,6 @@ delay: 20 listen: Reboot Node | Windows | Unit Testing when: - - s1_force_reboot is defined - - s1_force_reboot | bool + - not s1_common_skip_reboot + # - s1_force_reboot is defined + # - s1_force_reboot | bool diff --git a/roles/s1_agent_common/meta/main.yml b/roles/s1_agent_common/meta/main.yml index 48405d3..0b8f378 100644 --- a/roles/s1_agent_common/meta/main.yml +++ b/roles/s1_agent_common/meta/main.yml @@ -19,7 +19,7 @@ galaxy_info: # - CC-BY-4.0 license: license (GPL-3.0-or-later) - min_ansible_version: '2.9' + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -33,9 +33,9 @@ galaxy_info: platforms: - name: EL versions: - - '6' - - '7' - - '8' + - "6" + - "7" + - "8" - name: Ubuntu versions: - trusty # 14.04 @@ -46,9 +46,9 @@ galaxy_info: - hirsute # 20.04 - name: Windows versions: - - '2016' - - '2019' - - '2022' + - "2016" + - "2019" + - "2022" galaxy_tags: - edr diff --git a/roles/s1_agent_common/molecule/default/INSTALL.rst b/roles/s1_agent_common/molecule/default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_common/molecule/default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_common/molecule/default/molecule.yml b/roles/s1_agent_common/molecule/default/molecule.yml deleted file mode 100644 index 5f6f18d..0000000 --- a/roles/s1_agent_common/molecule/default/molecule.yml +++ /dev/null @@ -1,114 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-rocky8}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - provider_options: - linked_clone: true - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - ssh_connection: - # Required for connecting to RHEL 6.x - ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa - # env: - # # # ANSIBLE_VERBOSITY: 3 - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: false - Linux: - Windows: - ansible_become_method: runas - ansible_become_user: vagrant - ansible_become_password: vagrant - ansible_user: vagrant - ansible_connection: ssh - ansible_shell_type: cmd - ansible_win_async_startup_timeout: 30 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_common/molecule/resources/prepare.yml b/roles/s1_agent_common/molecule/resources/prepare.yml deleted file mode 100644 index 2a2865d..0000000 --- a/roles/s1_agent_common/molecule/resources/prepare.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: yes - gather_subset: - - '!all' - - '!hardware' - - min - tasks: - - name: Include tasks to clean up package managers | Linux - ansible.builtin.include_tasks: - file: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/../../../s1_agent_common/molecule/common_files/tasks/prepare_package_manager.yml" - when: - - ansible_system == 'Linux' - - - name: Clear cached facts - ansible.builtin.meta: clear_facts diff --git a/roles/s1_agent_common/molecule/winrm_default/INSTALL.rst b/roles/s1_agent_common/molecule/winrm_default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_common/molecule/winrm_default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_common/molecule/winrm_default/molecule.yml b/roles/s1_agent_common/molecule/winrm_default/molecule.yml deleted file mode 100644 index c0c9a76..0000000 --- a/roles/s1_agent_common/molecule/winrm_default/molecule.yml +++ /dev/null @@ -1,123 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - groups: - - all - children: - - Windows - box: '${S1_VAGRANT_REPO:-jborean93}/${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - vm.communicator: winrm - provider_options: - linked_clone: true - instance_raw_configs: - - 'vm.boot_timeout = 600' - - 'vm.max_tries = 40' - - "winrm.password = 'vagrant'" - - "winrm.username = 'vagrant'" - - "vm.guest = 'windows'" - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - # env: - # # # ANSIBLE_VERBOSITY: 3 - connection_options: - ansible_become: false - ansible_user: vagrant - ansible_password: vagrant - ansible_port: 55986 - ansible_connection: winrm - ansible_winrm_transport: basic - ansible_winrm_server_cert_validation: ignore - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: false - Linux: - Windows: - ansible_win_async_startup_timeout: 30 - # Increase winrm timeouts https://access.redhat.com/solutions/6978358 - ansible_winrm_operation_timeout_sec: 200 - ansible_winrm_read_timeout_sec: 250 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_common/tasks/main.yml b/roles/s1_agent_common/tasks/main.yml index 3902115..9a9e80b 100644 --- a/roles/s1_agent_common/tasks/main.yml +++ b/roles/s1_agent_common/tasks/main.yml @@ -3,7 +3,7 @@ - name: Gather required facts ansible.builtin.setup: - gather_subset: '{{ default_gather_subset + (role_gather_subset | default([])) }}' + gather_subset: "{{ default_gather_subset + (role_gather_subset | default([])) }}" tags: - s1_gather_facts @@ -27,11 +27,11 @@ - name: Endpoint details ansible.builtin.debug: msg: - - 'Ansible Distribution: {{ ansible_distribution }}' - - 'Ansible Distribution Version: {{ ansible_distribution_version }}' - - 'Ansible Distribution Major Version: {{ ansible_distribution_major_version }}' - - 'Ansible OS Family: {{ ansible_os_family }}' - - 'Ansible System: {{ ansible_system }}' + - "Ansible Distribution: {{ ansible_distribution }}" + - "Ansible Distribution Version: {{ ansible_distribution_version }}" + - "Ansible Distribution Major Version: {{ ansible_distribution_major_version }}" + - "Ansible OS Family: {{ ansible_os_family }}" + - "Ansible System: {{ ansible_system }}" - name: Variables will be loaded from the first matching file in vars ansible.builtin.debug: @@ -44,7 +44,7 @@ - "{{ ansible_system | replace(' ', '_') | lower }}.yml" - name: Set distribution variables - ansible.builtin.include_vars: '{{ loop_vars }}' + ansible.builtin.include_vars: "{{ loop_vars }}" with_first_found: - files: - "{{ ansible_distribution | lower | replace(' ', '_') }}_{{ ansible_distribution_version }}.yml" @@ -53,11 +53,11 @@ - "{{ ansible_os_family | replace(' ', '_') | lower }}_{{ ansible_distribution_major_version }}.yml" - "{{ ansible_os_family | replace(' ', '_') | lower }}.yml" - "{{ ansible_system | replace(' ', '_') | lower }}.yml" - skip: yes + skip: true paths: - - 'vars' + - vars loop_control: loop_var: loop_vars - label: '{{ loop_vars | basename }}' + label: "{{ loop_vars | basename }}" tags: - always diff --git a/roles/s1_agent_common/vars/debian.yml b/roles/s1_agent_common/vars/debian.yml index 0741dbc..34112d6 100644 --- a/roles/s1_agent_common/vars/debian.yml +++ b/roles/s1_agent_common/vars/debian.yml @@ -6,4 +6,4 @@ s1_package_name: sentinelagent # OS service manager name for the SentinelOne service s1_service_name: sentinelone.service # Name of the handler task to start the SentinelOne service -s1_service_handler_name: 'Start SentinelOne service | {{ ansible_system }}' +s1_service_handler_name: Start SentinelOne service | {{ ansible_system }} diff --git a/roles/s1_agent_common/vars/main.yml b/roles/s1_agent_common/vars/main.yml index 26aa5bb..6a6f454 100644 --- a/roles/s1_agent_common/vars/main.yml +++ b/roles/s1_agent_common/vars/main.yml @@ -35,6 +35,6 @@ apt_pkg_mgrs: # Facts to gather for all roles default_gather_subset: - - '!all' - - '!hardware' + - "!all" + - "!hardware" - min diff --git a/roles/s1_agent_common/vars/redhat.yml b/roles/s1_agent_common/vars/redhat.yml index 46b8e5a..0caba88 100644 --- a/roles/s1_agent_common/vars/redhat.yml +++ b/roles/s1_agent_common/vars/redhat.yml @@ -6,4 +6,4 @@ s1_package_name: SentinelAgent # OS service manager name for the SentinelOne service s1_service_name: sentinelone.service # Name of the handler task to start the SentinelOne service -s1_service_handler_name: 'Start SentinelOne service | {{ ansible_system }}' +s1_service_handler_name: Start SentinelOne service | {{ ansible_system }} diff --git a/roles/s1_agent_common/vars/redhat_6.yml b/roles/s1_agent_common/vars/redhat_6.yml index b302118..0a68737 100644 --- a/roles/s1_agent_common/vars/redhat_6.yml +++ b/roles/s1_agent_common/vars/redhat_6.yml @@ -6,4 +6,4 @@ s1_package_name: SentinelAgent # OS service manager name for the SentinelOne service s1_service_name: sentineld # Name of the handler task to start the SentinelOne service -s1_service_handler_name: 'Start SentinelOne service | {{ ansible_os_family }} {{ ansible_distribution_major_version }}' +s1_service_handler_name: Start SentinelOne service | {{ ansible_os_family }} {{ ansible_distribution_major_version }} diff --git a/roles/s1_agent_common/vars/suse.yml b/roles/s1_agent_common/vars/suse.yml index 46b8e5a..0caba88 100644 --- a/roles/s1_agent_common/vars/suse.yml +++ b/roles/s1_agent_common/vars/suse.yml @@ -6,4 +6,4 @@ s1_package_name: SentinelAgent # OS service manager name for the SentinelOne service s1_service_name: sentinelone.service # Name of the handler task to start the SentinelOne service -s1_service_handler_name: 'Start SentinelOne service | {{ ansible_system }}' +s1_service_handler_name: Start SentinelOne service | {{ ansible_system }} diff --git a/roles/s1_agent_common/vars/windows.yml b/roles/s1_agent_common/vars/windows.yml index c69e96b..d6b718f 100644 --- a/roles/s1_agent_common/vars/windows.yml +++ b/roles/s1_agent_common/vars/windows.yml @@ -6,7 +6,7 @@ s1_package_name: Sentinel Agent # OS service manager name for the SentinelOne service s1_service_name: SentinelAgent # Name of the handler task to restart the endpoint -s1_reboot_handler_name: 'Reboot Node | {{ ansible_os_family }}' +s1_reboot_handler_name: Reboot Node | {{ ansible_os_family }} # Convert the package version to match the version reported by Windows s1_agent_win_file_ver: '{{ "v" + (s1_agent_version + "_" + ansible_facts.architecture) | regex_replace("[\.-]", "_") }}' @@ -25,21 +25,19 @@ s1_msi_return_codes: # The same Product ID is used for MSI and SentinelOneInstaller packages s1_product_id: - v22_3_4_612_32_bit: '{32D20419-EC91-40D6-8123-960370BD6D13}' - v22_3_4_612_64_bit: '{BAD89140-6B9C-480D-984E-24E6F121FF6B}' - v22_3_2_373_64_bit: '{FB984B57-DE66-4E8F-B51D-1B80B69F2054}' - v22_3_2_373_32_bit: '{B1D6E893-4C6E-4429-831D-6812B7B4CE3A}' - v22_3_1_185_64_bit: '{547BC474-095C-4BFF-9D4E-7B6D2805C890}' - v22_3_1_185_32_bit: '{5548CA13-E999-4066-8F6E-D31776C2143C}' - v22_2_5_806_64_bit: '{950D7697-EE20-4E40-88C2-41FEA8D7D1EB}' - v22_2_5_806_32_bit: '{15478096-E07D-4292-8651-2BA5E246491A}' - v22_2_4_558_64_bit: '{5A990909-DD22-48FA-BD8B-F564AFC81C4B}' - v22_2_4_558_32_bit: '{009923EA-54DD-4CF5-BF76-BE5C7EA048EE}' - v22_2_3_402_64_bit: '{1D00A4CC-6DBB-46E9-B513-E10F7A72CFCE}' - v22_2_3_402_32_bit: '{6598AC11-8766-4CFC-87DA-4ECA96E1B152}' - v22_2_2_394_64_bit: '{C62C88EC-7966-48A2-9C6F-CF7E2305CD24}' - v22_2_2_394_32_bit: '{779E7223-7849-402F-B5DF-46FD2220A450}' - v22_2_1_129_64_bit: '{D84C1739-5168-41BF-84F2-5D9D40BC2574}' - v22_2_1_129_32_bit: '{61E7B2E9-637D-405B-9596-078F73EB077E}' - v22_1_4_10010_64_bit: '{A699AEE8-B4E7-4474-A217-FDC1CC1C6784}' - v22_1_4_10010_32_bit: '{123AD714-A760-4FC9-A706-491A26970E2B}' + v23_4_4_223_64_bit: "{40CB8880-CA0E-416E-8C0D-9C3015E0EEA8}" + v23_4_4_223_32_bit: "{5EAD8636-B65F-469B-BB60-E1FB33B1C8DC}" + v23_3_4_320_64_bit: "{25F6C9CB-D50A-474B-9358-E94A6C444BAC}" + v23_3_4_320_32_bit: "{0C7028E3-C6E8-4AB7-A723-0A548E5763B9}" + v23_3_3_264_64_bit: "{4CE2629F-7EBF-4084-A629-571BC2FF21DF}" + v23_3_3_264_32_bit: "{98ADEBDC-1CBD-4EF3-B383-305DF4604ABB}" + v23_2_4_461_64_bit: "{DA778498-D4FD-467D-B667-BEF68029A9B8}" + v23_2_4_461_32_bit: "{0F86F45F-F947-44EF-A5C1-B206BACDE7AC}" + v23_2_3_358_64_bit: "{7FB164A1-FE42-497D-AB17-58D541120CCA}" + v23_2_3_358_32_bit: "{31E226ED-DF2C-4C7F-8978-03B79029CB49}" + v23_1_6_896_64_bit: "{42D347A1-0543-45E1-AD59-BF3EE513F940}" + v23_1_6_896_32_bit: "{D250E8AC-4182-4E53-B732-1E59B7E77004}" + v23_1_5_886_64_bit: "{742DECA0-E69B-43AA-9463-E979F1F9AA32}" + v23_1_5_886_32_bit: "{FB2912B4-1BA4-4A54-81CF-5591D5755A15}" + v23_1_4_650_64_bit: "{0DE10851-983F-4998-956B-D60931A3B986}" + v23_1_4_650_32_bit: "{A4D666AC-1D56-40A8-A751-5C5C62F80941}" diff --git a/roles/s1_agent_download/.yamllint b/roles/s1_agent_download/.yamllint deleted file mode 120000 index 4a4652c..0000000 --- a/roles/s1_agent_download/.yamllint +++ /dev/null @@ -1 +0,0 @@ -../../.yamllint \ No newline at end of file diff --git a/roles/s1_agent_download/meta/main.yml b/roles/s1_agent_download/meta/main.yml index 77bddb4..7de45d5 100644 --- a/roles/s1_agent_download/meta/main.yml +++ b/roles/s1_agent_download/meta/main.yml @@ -17,9 +17,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: 'license (GPL-3.0-or-later)' + license: license (GPL-3.0-or-later) - min_ansible_version: '2.9' + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -33,9 +33,9 @@ galaxy_info: platforms: - name: EL versions: - - '6' - - '7' - - '8' + - "6" + - "7" + - "8" - name: Ubuntu versions: - trusty # 14.04 @@ -46,9 +46,9 @@ galaxy_info: - hirsute # 20.04 - name: Windows versions: - - '2016' - - '2019' - - '2022' + - "2016" + - "2019" + - "2022" galaxy_tags: - edr diff --git a/roles/s1_agent_download/molecule/default/INSTALL.rst b/roles/s1_agent_download/molecule/default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_download/molecule/default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_download/molecule/default/molecule.yml b/roles/s1_agent_download/molecule/default/molecule.yml deleted file mode 100644 index 769be4b..0000000 --- a/roles/s1_agent_download/molecule/default/molecule.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-rocky8}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - provider_options: - linked_clone: true - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - ssh_connection: - # Required for connecting to RHEL 6.x - ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa - # env: - # ANSIBLE_VERBOSITY: 3 - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: false - Linux: - Windows: - ansible_become_method: runas - ansible_become_user: vagrant - ansible_become_password: vagrant - ansible_user: vagrant - ansible_connection: ssh - ansible_shell_type: cmd - ansible_win_async_startup_timeout: 30 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - cleanup: ../resources/cleanup.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_download/molecule/resources/cleanup.yml b/roles/s1_agent_download/molecule/resources/cleanup.yml deleted file mode 100644 index 000fd86..0000000 --- a/roles/s1_agent_download/molecule/resources/cleanup.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Cleanup - hosts: all - gather_facts: false - tasks: - - name: Remove S1 work directory # noqa: run-once[task] - ansible.builtin.file: - path: '{{ s1_download_path }}' - state: absent - run_once: true - delegate_to: localhost - become: no diff --git a/roles/s1_agent_download/molecule/resources/prepare.yml b/roles/s1_agent_download/molecule/resources/prepare.yml deleted file mode 100644 index 2a2865d..0000000 --- a/roles/s1_agent_download/molecule/resources/prepare.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: yes - gather_subset: - - '!all' - - '!hardware' - - min - tasks: - - name: Include tasks to clean up package managers | Linux - ansible.builtin.include_tasks: - file: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/../../../s1_agent_common/molecule/common_files/tasks/prepare_package_manager.yml" - when: - - ansible_system == 'Linux' - - - name: Clear cached facts - ansible.builtin.meta: clear_facts diff --git a/roles/s1_agent_download/molecule/winrm_default/INSTALL.rst b/roles/s1_agent_download/molecule/winrm_default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_download/molecule/winrm_default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_download/molecule/winrm_default/molecule.yml b/roles/s1_agent_download/molecule/winrm_default/molecule.yml deleted file mode 100644 index 7af1cfc..0000000 --- a/roles/s1_agent_download/molecule/winrm_default/molecule.yml +++ /dev/null @@ -1,124 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - groups: - - all - children: - - Windows - box: '${S1_VAGRANT_REPO:-jborean93}/${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - vm.communicator: winrm - provider_options: - linked_clone: true - instance_raw_configs: - - 'vm.boot_timeout = 600' - - 'vm.max_tries = 40' - - "winrm.password = 'vagrant'" - - "winrm.username = 'vagrant'" - - "vm.guest = 'windows'" - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - # env: - # ANSIBLE_VERBOSITY: 3 - connection_options: - ansible_become: false - ansible_user: vagrant - ansible_password: vagrant - ansible_port: 55986 - ansible_connection: winrm - ansible_winrm_transport: basic - ansible_winrm_server_cert_validation: ignore - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: false - Linux: - Windows: - ansible_win_async_startup_timeout: 30 - # Increase winrm timeouts https://access.redhat.com/solutions/6978358 - ansible_winrm_operation_timeout_sec: 200 - ansible_winrm_read_timeout_sec: 250 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - cleanup: ../resources/cleanup.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_download/tasks/main.yml b/roles/s1_agent_download/tasks/main.yml index 46d17d2..34dfdf8 100644 --- a/roles/s1_agent_download/tasks/main.yml +++ b/roles/s1_agent_download/tasks/main.yml @@ -48,7 +48,7 @@ url: '{{ lookup("template", "packages_url.j2") }}' return_content: false headers: - Authorization: 'ApiToken {{ s1_api_token }}' + Authorization: ApiToken {{ s1_api_token }} validate_certs: "{{ s1_validate_certs | default('true') | bool }}" register: s1_available_packages until: s1_available_packages is not failed @@ -56,7 +56,7 @@ delay: 10 delegate_to: localhost run_once: true - become: no + become: false - name: Show s1_agent_version ansible.builtin.debug: @@ -80,14 +80,14 @@ - name: Set download variables ansible.builtin.set_fact: - s1_agent_package_link: '{{ s1_download_src.link }}' - s1_agent_package_sha1: '{{ s1_download_src.sha1 }}' - s1_agent_package_name: '{{ s1_download_src.fileName }}' + s1_agent_package_link: "{{ s1_download_src.link }}" + s1_agent_package_sha1: "{{ s1_download_src.sha1 }}" + s1_agent_package_name: "{{ s1_download_src.fileName }}" - name: Set SentinelOne agent variables ansible.builtin.set_fact: - s1_agent_src: '{{ s1_download_path }}/{{ s1_agent_package_name }}' - s1_agent_version: '{{ s1_download_src.version }}' + s1_agent_src: "{{ s1_download_path }}/{{ s1_agent_package_name }}" + s1_agent_version: "{{ s1_download_src.version }}" - name: Show package details tags: @@ -116,25 +116,25 @@ - name: Create working directory ansible.builtin.file: - path: '{{ s1_download_path }}' + path: "{{ s1_download_path }}" state: directory - mode: '0755' + mode: "0755" delegate_to: localhost run_once: true - become: no + become: false - name: Download SentinelOne agent ansible.builtin.get_url: - url: '{{ s1_agent_package_link }}' - checksum: 'sha1:{{ s1_agent_package_sha1 }}' - dest: '{{ s1_agent_src }}' + url: "{{ s1_agent_package_link }}" + checksum: sha1:{{ s1_agent_package_sha1 }} + dest: "{{ s1_agent_src }}" mode: 440 headers: - Authorization: 'ApiToken {{ s1_api_token }}' + Authorization: ApiToken {{ s1_api_token }} validate_certs: "{{ s1_validate_certs | default('true') | bool }}" register: url_result until: url_result is not failed retries: 10 delay: 60 # Mgmt Console API is limited to 2 pkg downloads / 60 seconds delegate_to: localhost - become: no + become: false diff --git a/roles/s1_agent_info/.yamllint b/roles/s1_agent_info/.yamllint deleted file mode 120000 index 4a4652c..0000000 --- a/roles/s1_agent_info/.yamllint +++ /dev/null @@ -1 +0,0 @@ -../../.yamllint \ No newline at end of file diff --git a/roles/s1_agent_info/meta/main.yml b/roles/s1_agent_info/meta/main.yml index 790559e..65f7103 100644 --- a/roles/s1_agent_info/meta/main.yml +++ b/roles/s1_agent_info/meta/main.yml @@ -19,7 +19,7 @@ galaxy_info: # - CC-BY-4.0 license: license (GPL-3.0-or-later) - min_ansible_version: '2.9' + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -33,9 +33,9 @@ galaxy_info: platforms: - name: EL versions: - - '6' - - '7' - - '8' + - "6" + - "7" + - "8" - name: Ubuntu versions: - trusty # 14.04 @@ -46,9 +46,9 @@ galaxy_info: - hirsute # 20.04 - name: Windows versions: - - '2016' - - '2019' - - '2022' + - "2016" + - "2019" + - "2022" galaxy_tags: - edr diff --git a/roles/s1_agent_info/molecule/default/INSTALL.rst b/roles/s1_agent_info/molecule/default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_info/molecule/default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_info/molecule/default/molecule.yml b/roles/s1_agent_info/molecule/default/molecule.yml deleted file mode 100644 index 3659a3a..0000000 --- a/roles/s1_agent_info/molecule/default/molecule.yml +++ /dev/null @@ -1,113 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-rocky8}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - provider_options: - linked_clone: true - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - ssh_connection: - # Required for connecting to RHEL 6.x - ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa - # env: - # ANSIBLE_VERBOSITY: 3 - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - Linux: - Windows: - ansible_become_method: runas - ansible_become_user: vagrant - ansible_become_password: vagrant - ansible_user: vagrant - ansible_connection: ssh - ansible_shell_type: cmd - ansible_win_async_startup_timeout: 30 - Darwin: - playbooks: - prepare: ../resources/default/prepare.yml - converge: ../resources/default/converge.yml - cleanup: ../resources/default/cleanup.yml - verify: ../resources/default/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_info/molecule/not_installed/INSTALL.rst b/roles/s1_agent_info/molecule/not_installed/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_info/molecule/not_installed/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_info/molecule/not_installed/molecule.yml b/roles/s1_agent_info/molecule/not_installed/molecule.yml deleted file mode 100644 index 28b9ea8..0000000 --- a/roles/s1_agent_info/molecule/not_installed/molecule.yml +++ /dev/null @@ -1,113 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-rocky8}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - provider_options: - linked_clone: true - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - ssh_connection: - # Required for connecting to RHEL 6.x - ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa - # env: - # ANSIBLE_VERBOSITY: 3 - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - Linux: - Windows: - ansible_become_method: runas - ansible_become_user: vagrant - ansible_become_password: vagrant - ansible_user: vagrant - ansible_connection: ssh - ansible_shell_type: cmd - ansible_win_async_startup_timeout: 30 - Darwin: - playbooks: - prepare: ../resources/not_installed/prepare.yml - converge: ../resources/not_installed/converge.yml - cleanup: ../resources/not_installed/cleanup.yml - verify: ../resources/not_installed/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_info/molecule/resources/default/cleanup.yml b/roles/s1_agent_info/molecule/resources/default/cleanup.yml deleted file mode 100644 index 000fd86..0000000 --- a/roles/s1_agent_info/molecule/resources/default/cleanup.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Cleanup - hosts: all - gather_facts: false - tasks: - - name: Remove S1 work directory # noqa: run-once[task] - ansible.builtin.file: - path: '{{ s1_download_path }}' - state: absent - run_once: true - delegate_to: localhost - become: no diff --git a/roles/s1_agent_info/molecule/resources/default/prepare.yml b/roles/s1_agent_info/molecule/resources/default/prepare.yml deleted file mode 100644 index 86a4852..0000000 --- a/roles/s1_agent_info/molecule/resources/default/prepare.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: yes - gather_subset: - - '!all' - - '!hardware' - - min - tasks: - - name: Include tasks to clean up package managers | Linux - ansible.builtin.include_tasks: - file: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/../../../s1_agent_common/molecule/common_files/tasks/prepare_package_manager.yml" - when: - - ansible_system == 'Linux' - - - name: Install the SentinelOne Agent - ansible.builtin.include_role: - name: s1_agent_install - vars: - s1_reboot_handler_name: Reboot Node | {{ ansible_os_family }} | Unit Testing - - - name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/roles/s1_agent_info/molecule/resources/not_installed/cleanup.yml b/roles/s1_agent_info/molecule/resources/not_installed/cleanup.yml deleted file mode 100644 index 000fd86..0000000 --- a/roles/s1_agent_info/molecule/resources/not_installed/cleanup.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Cleanup - hosts: all - gather_facts: false - tasks: - - name: Remove S1 work directory # noqa: run-once[task] - ansible.builtin.file: - path: '{{ s1_download_path }}' - state: absent - run_once: true - delegate_to: localhost - become: no diff --git a/roles/s1_agent_info/molecule/resources/not_installed/prepare.yml b/roles/s1_agent_info/molecule/resources/not_installed/prepare.yml deleted file mode 100644 index 0bbddb8..0000000 --- a/roles/s1_agent_info/molecule/resources/not_installed/prepare.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: yes - gather_subset: - - '!all' - - '!hardware' - - min - tasks: - - name: Include tasks to clean up package managers | Linux - ansible.builtin.include_tasks: - file: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/../../../s1_agent_common/molecule/common_files/tasks/prepare_package_manager.yml" - when: - - ansible_system == 'Linux' - - - name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/roles/s1_agent_info/molecule/winrm_default/INSTALL.rst b/roles/s1_agent_info/molecule/winrm_default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_info/molecule/winrm_default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_info/molecule/winrm_default/molecule.yml b/roles/s1_agent_info/molecule/winrm_default/molecule.yml deleted file mode 100644 index 321db7b..0000000 --- a/roles/s1_agent_info/molecule/winrm_default/molecule.yml +++ /dev/null @@ -1,122 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - groups: - - all - children: - - Windows - box: '${S1_VAGRANT_REPO:-jborean93}/${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - vm.communicator: winrm - provider_options: - linked_clone: true - instance_raw_configs: - - 'vm.boot_timeout = 600' - - 'vm.max_tries = 40' - - "winrm.password = 'vagrant'" - - "winrm.username = 'vagrant'" - - "vm.guest = 'windows'" - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - # env: - # ANSIBLE_VERBOSITY: 3 - connection_options: - ansible_become: false - ansible_user: vagrant - ansible_password: vagrant - ansible_port: 55986 - ansible_connection: winrm - ansible_winrm_transport: basic - ansible_winrm_server_cert_validation: ignore - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - Linux: - Windows: - ansible_win_async_startup_timeout: 30 - # Increase winrm timeouts https://access.redhat.com/solutions/6978358 - ansible_winrm_operation_timeout_sec: 200 - ansible_winrm_read_timeout_sec: 250 - Darwin: - playbooks: - prepare: ../resources/default/prepare.yml - converge: ../resources/default/converge.yml - cleanup: ../resources/default/cleanup.yml - verify: ../resources/default/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_info/molecule/winrm_not_installed/INSTALL.rst b/roles/s1_agent_info/molecule/winrm_not_installed/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_info/molecule/winrm_not_installed/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_info/molecule/winrm_not_installed/molecule.yml b/roles/s1_agent_info/molecule/winrm_not_installed/molecule.yml deleted file mode 100644 index 86d27e8..0000000 --- a/roles/s1_agent_info/molecule/winrm_not_installed/molecule.yml +++ /dev/null @@ -1,122 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - groups: - - all - children: - - Windows - box: '${S1_VAGRANT_REPO:-jborean93}/${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - vm.communicator: winrm - provider_options: - linked_clone: true - instance_raw_configs: - - 'vm.boot_timeout = 600' - - 'vm.max_tries = 40' - - "winrm.password = 'vagrant'" - - "winrm.username = 'vagrant'" - - "vm.guest = 'windows'" - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - # env: - # ANSIBLE_VERBOSITY: 3 - connection_options: - ansible_become: false - ansible_user: vagrant - ansible_password: vagrant - ansible_port: 55986 - ansible_connection: winrm - ansible_winrm_transport: basic - ansible_winrm_server_cert_validation: ignore - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - Linux: - Windows: - ansible_win_async_startup_timeout: 30 - # Increase winrm timeouts https://access.redhat.com/solutions/6978358 - ansible_winrm_operation_timeout_sec: 200 - ansible_winrm_read_timeout_sec: 250 - Darwin: - playbooks: - prepare: ../resources/not_installed/prepare.yml - converge: ../resources/not_installed/converge.yml - cleanup: ../resources/not_installed/cleanup.yml - verify: ../resources/not_installed/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_info/tasks/linux.yml b/roles/s1_agent_info/tasks/linux.yml index 681179d..3ff658d 100644 --- a/roles/s1_agent_info/tasks/linux.yml +++ b/roles/s1_agent_info/tasks/linux.yml @@ -10,9 +10,9 @@ ansible.builtin.command: > /opt/sentinelone/bin/sentinelctl management status register: s1_mgmt_status - changed_when: no - check_mode: no - become: yes + changed_when: false + check_mode: false + become: true until: "'Error: receive failed: Connection reset by peer' not in s1_mgmt_status.stdout" retries: 3 delay: 10 @@ -25,19 +25,21 @@ - never - debug +# yamllint disable rule:line-length - name: Set package facts | Linux ansible.builtin.set_fact: s1_agent_info: - installed: '{{ ansible_facts.packages[s1_package_name] is defined | bool }}' + installed: "{{ ansible_facts.packages[s1_package_name] is defined | bool }}" version: "{{ ansible_facts.packages[s1_package_name] | map(attribute='version') | list | first | default(None) if ansible_facts.packages[s1_package_name] is defined else none }}" service_status: "{{ ansible_facts.services[s1_service_name]['state'] if ansible_facts.services[s1_service_name] is defined else none }}" product_id: "{{ '' | default(None) }}" uuid: "{{ s1_mgmt_status.stdout | regex_findall(reg_uuid, '\\1') | first | default(None) if s1_mgmt_status.stdout is defined else none }}" - reboot_required: '{{ ansible_facts.packages[s1_package_name] is defined | ternary(false, none) }}' + reboot_required: "{{ ansible_facts.packages[s1_package_name] is defined | ternary(false, none) }}" mgmt_url: "{{ s1_mgmt_status.stdout | regex_findall(reg_url, '\\1') | first | default(None) if s1_mgmt_status.stdout is defined else none }}" anti_tamper_enabled: "{{ (s1_mgmt_status.stdout | regex_findall(reg_tamper, '\\1') | first == 'On') | bool if s1_mgmt_status.stdout is defined else none }}" agent_enabled: "{{ (ansible_facts.services[s1_service_name]['status'] == 'enabled') | ternary(true, false) if ansible_facts.services[s1_service_name] is defined else none }}" vars: - reg_uuid: 'UUID\s+([0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12})' - reg_url: 'URL\s+(http.*)' - reg_tamper: 'Anti Tamper\s+(\w+)' + reg_uuid: UUID\s+([0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}) + reg_url: URL\s+(http.*) + reg_tamper: Anti Tamper\s+(\w+) +# yamllint enable rule:line-length diff --git a/roles/s1_agent_info/tasks/main.yml b/roles/s1_agent_info/tasks/main.yml index 6e9af77..016f4d3 100644 --- a/roles/s1_agent_info/tasks/main.yml +++ b/roles/s1_agent_info/tasks/main.yml @@ -3,7 +3,7 @@ - name: Include tasks to get the agent info ansible.builtin.include_tasks: - file: '{{ loop_family }}' + file: "{{ loop_family }}" with_first_found: - files: - "{{ ansible_distribution | lower | replace(' ', '_') }}_{{ ansible_distribution_version }}.yml" @@ -12,9 +12,9 @@ - "{{ ansible_os_family | replace(' ', '_') | lower }}_{{ ansible_distribution_major_version }}.yml" - "{{ ansible_os_family | replace(' ', '_') | lower }}.yml" - "{{ ansible_system | replace(' ', '_') | lower }}.yml" - - 'unsupported.yml' + - unsupported.yml loop_control: loop_var: loop_family - label: '{{ loop_family | basename }}' + label: "{{ loop_family | basename }}" tags: - always diff --git a/roles/s1_agent_info/tasks/redhat_6.yml b/roles/s1_agent_info/tasks/redhat_6.yml index c2b93d5..9581996 100644 --- a/roles/s1_agent_info/tasks/redhat_6.yml +++ b/roles/s1_agent_info/tasks/redhat_6.yml @@ -6,35 +6,37 @@ - name: Get service facts | Red Hat 6 ansible.builtin.command: service {{ s1_service_name }} status # noqa command-instead-of-module register: s1_rhel6_agent_status - changed_when: no - become: yes + changed_when: false + become: true when: ansible_facts.packages[s1_package_name] is defined - name: Get agent status | Red Hat 6 ansible.builtin.command: > /opt/sentinelone/bin/sentinelctl management status register: s1_mgmt_status - changed_when: no - check_mode: no - become: yes + changed_when: false + check_mode: false + become: true until: "'Error: receive failed: Connection reset by peer' not in s1_mgmt_status.stdout" retries: 3 delay: 10 when: ansible_facts.packages[s1_package_name] is defined +# yamllint disable rule:line-length - name: Set package facts | Red Hat 6 ansible.builtin.set_fact: s1_agent_info: - installed: '{{ ansible_facts.packages[s1_package_name] is defined | bool }}' + installed: "{{ ansible_facts.packages[s1_package_name] is defined | bool }}" version: "{{ ansible_facts.packages[s1_package_name] | map(attribute='version') | list | first | default(None) if ansible_facts.packages[s1_package_name] is defined else none }}" service_status: "{{ ('Agent state Enabled' in s1_rhel6_agent_status.stdout) | ternary('running', 'stopped', none) if s1_rhel6_agent_status.stdout is defined else none }}" product_id: "{{ '' | default(None) }}" uuid: "{{ s1_mgmt_status.stdout | regex_search(reg_uuid, '\\1') | first | default(None) if s1_mgmt_status.stdout is defined else none }}" - reboot_required: '{{ ansible_facts.packages[s1_package_name] is defined | ternary(false, none) }}' + reboot_required: "{{ ansible_facts.packages[s1_package_name] is defined | ternary(false, none) }}" mgmt_url: "{{ s1_mgmt_status.stdout | regex_search(reg_url, '\\1') | first | default(None) if s1_mgmt_status.stdout is defined else none }}" anti_tamper_enabled: "{{ (s1_mgmt_status.stdout | regex_search(reg_tamper, '\\1') | first == 'On') | bool if s1_mgmt_status.stdout is defined else none }}" agent_enabled: "{{ ('Agent state Enabled' in s1_rhel6_agent_status.stdout) | ternary(true, false, none) if s1_rhel6_agent_status.stdout is defined else none }}" vars: - reg_uuid: 'UUID\s+([0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12})' - reg_url: 'URL\s+(http.*)' - reg_tamper: 'Anti Tamper\s+(\w+)' + reg_uuid: UUID\s+([0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}) + reg_url: URL\s+(http.*) + reg_tamper: Anti Tamper\s+(\w+) +# yamllint enable rule:line-length diff --git a/roles/s1_agent_info/tasks/windows.yml b/roles/s1_agent_info/tasks/windows.yml index 79e58b3..c657ad6 100644 --- a/roles/s1_agent_info/tasks/windows.yml +++ b/roles/s1_agent_info/tasks/windows.yml @@ -1,18 +1,20 @@ --- - name: Gather package facts | Windows ansible.windows.win_powershell: + # yamllint disable rule:line-length script: | Get-ChildItem -Force -Recurse HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | Get-ItemProperty | Where-Object {$_.DisplayName -eq '{{ s1_package_name }}'} | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate, @{Name='ProductId'; Expression={$('{0}' -f $_.PSChildName)}} Get-ChildItem -Force -Recurse HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall | Get-ItemProperty | Where-Object {$_.DisplayName -eq '{{ s1_package_name }}'} | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate, @{Name='ProductId'; Expression={$('{0}' -f $_.PSChildName)}} + # yamllint enable rule:line-length register: s1_windows_software - become: yes - changed_when: no + become: true + changed_when: false tags: - skip_ansible_lint - name: Gather service facts | Windows ansible.windows.win_service_info: - name: '{{ s1_service_name }}' + name: "{{ s1_service_name }}" register: s1_windows_service - name: Get agent status | Windows @@ -21,9 +23,9 @@ $helper = New-Object -ComObject "SentinelHelper.1" $helper.GetAgentStatusJSON() register: s1_com_status - changed_when: no - check_mode: no - become: no + changed_when: false + check_mode: false + become: false until: s1_com_status.output != "" retries: 3 delay: 10 diff --git a/roles/s1_agent_install/.yamllint b/roles/s1_agent_install/.yamllint deleted file mode 120000 index 4a4652c..0000000 --- a/roles/s1_agent_install/.yamllint +++ /dev/null @@ -1 +0,0 @@ -../../.yamllint \ No newline at end of file diff --git a/roles/s1_agent_install/defaults/main.yml b/roles/s1_agent_install/defaults/main.yml index 4aa0905..0c1f725 100644 --- a/roles/s1_agent_install/defaults/main.yml +++ b/roles/s1_agent_install/defaults/main.yml @@ -58,13 +58,13 @@ s1_agent_site_token: "{{ undef(hint='You must specify your agent Site Token') }} # If there is a proxy server between the Agent and the Management, enter the proxy URL (or IP address) and the proxy port. # By default, proxy settings are taken from the default_* variables, if they are not defined they are ignored. -s1_agent_management_proxy: '{{ default_proxy | default(None) }}' +s1_agent_management_proxy: "{{ default_proxy | default(None) }}" # s1_agent_management_proxy_password: '{{ default_proxy_password | default(None) }}' # NOT IMPLEMENTED # s1_agent_management_proxy_username: '{{ default_proxy_username | default(None) }}' # NOT IMPLEMENTED # If there is a proxy server between the Agent and the Deep Visibility service, enter the proxy URL (or IP address) and the port. # By default, proxy settings are taken from the default_* variables, if they are not defined they are ignored. -s1_agent_dv_proxy: '{{ default_proxy | default(None) }}' +s1_agent_dv_proxy: "{{ default_proxy | default(None) }}" # s1_agent_dv_proxy_password: '{{ default_proxy_password | default(None) }}' # NOT IMPLEMENTED # s1_agent_dv_proxy_username: '{{ default_proxy_username | default(None) }}' # NOT IMPLEMENTED diff --git a/roles/s1_agent_install/meta/main.yml b/roles/s1_agent_install/meta/main.yml index 75df2dd..77d8b9c 100644 --- a/roles/s1_agent_install/meta/main.yml +++ b/roles/s1_agent_install/meta/main.yml @@ -17,9 +17,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: 'license (GPL-3.0-or-later)' + license: license (GPL-3.0-or-later) - min_ansible_version: '2.9' + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -33,9 +33,9 @@ galaxy_info: platforms: - name: EL versions: - - '6' - - '7' - - '8' + - "6" + - "7" + - "8" - name: Ubuntu versions: - trusty # 14.04 @@ -46,9 +46,9 @@ galaxy_info: - hirsute # 20.04 - name: Windows versions: - - '2016' - - '2019' - - '2022' + - "2016" + - "2019" + - "2022" galaxy_tags: - edr diff --git a/roles/s1_agent_install/molecule/default/INSTALL.rst b/roles/s1_agent_install/molecule/default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_install/molecule/default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_install/molecule/default/molecule.yml b/roles/s1_agent_install/molecule/default/molecule.yml deleted file mode 100644 index e5322a7..0000000 --- a/roles/s1_agent_install/molecule/default/molecule.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-rocky8}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - provider_options: - linked_clone: true - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - ssh_connection: - # Required for connecting to RHEL 6.x - ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa - # env: - # ANSIBLE_VERBOSITY: 3 - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: true - Linux: - Windows: - ansible_become_method: runas - ansible_become_user: vagrant - ansible_become_password: vagrant - ansible_user: vagrant - ansible_connection: ssh - ansible_shell_type: cmd - ansible_win_async_startup_timeout: 30 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - cleanup: ../resources/cleanup.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_install/molecule/resources/cleanup.yml b/roles/s1_agent_install/molecule/resources/cleanup.yml deleted file mode 100644 index 000fd86..0000000 --- a/roles/s1_agent_install/molecule/resources/cleanup.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Cleanup - hosts: all - gather_facts: false - tasks: - - name: Remove S1 work directory # noqa: run-once[task] - ansible.builtin.file: - path: '{{ s1_download_path }}' - state: absent - run_once: true - delegate_to: localhost - become: no diff --git a/roles/s1_agent_install/molecule/resources/prepare.yml b/roles/s1_agent_install/molecule/resources/prepare.yml deleted file mode 100644 index 2a2865d..0000000 --- a/roles/s1_agent_install/molecule/resources/prepare.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: yes - gather_subset: - - '!all' - - '!hardware' - - min - tasks: - - name: Include tasks to clean up package managers | Linux - ansible.builtin.include_tasks: - file: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/../../../s1_agent_common/molecule/common_files/tasks/prepare_package_manager.yml" - when: - - ansible_system == 'Linux' - - - name: Clear cached facts - ansible.builtin.meta: clear_facts diff --git a/roles/s1_agent_install/molecule/resources/verify.yml b/roles/s1_agent_install/molecule/resources/verify.yml deleted file mode 100644 index b36654f..0000000 --- a/roles/s1_agent_install/molecule/resources/verify.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - gather_facts: false - roles: - - s1_agent_common - - s1_agent_info - tasks: - - name: Show agent info - ansible.builtin.debug: - var: s1_agent_info - - - name: Assert SentinelOne Agent is installed - ansible.builtin.assert: - that: - - s1_agent_info is defined - - s1_agent_info.installed | bool - - s1_agent_info.version == s1_molecule_agent_version - - - name: Assert SentinelOne service is running - ansible.builtin.assert: - that: - - s1_agent_info is defined - - s1_agent_info.service_status == ('running' if ansible_os_family != 'Windows' else 'started') - - s1_agent_info.agent_enabled == (true | bool) diff --git a/roles/s1_agent_install/molecule/winrm_default/INSTALL.rst b/roles/s1_agent_install/molecule/winrm_default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_install/molecule/winrm_default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_install/molecule/winrm_default/molecule.yml b/roles/s1_agent_install/molecule/winrm_default/molecule.yml deleted file mode 100644 index ef38928..0000000 --- a/roles/s1_agent_install/molecule/winrm_default/molecule.yml +++ /dev/null @@ -1,124 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - groups: - - all - children: - - Windows - box: '${S1_VAGRANT_REPO:-jborean93}/${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - vm.communicator: winrm - provider_options: - linked_clone: true - instance_raw_configs: - - 'vm.boot_timeout = 600' - - 'vm.max_tries = 40' - - "winrm.password = 'vagrant'" - - "winrm.username = 'vagrant'" - - "vm.guest = 'windows'" - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - # env: - # ANSIBLE_VERBOSITY: 3 - connection_options: - ansible_become: false - ansible_user: vagrant - ansible_password: vagrant - ansible_port: 55986 - ansible_connection: winrm - ansible_winrm_transport: basic - ansible_winrm_server_cert_validation: ignore - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: true - Linux: - Windows: - ansible_win_async_startup_timeout: 30 - # Increase winrm timeouts https://access.redhat.com/solutions/6978358 - ansible_winrm_operation_timeout_sec: 200 - ansible_winrm_read_timeout_sec: 250 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - cleanup: ../resources/cleanup.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_install/tasks/linux.yml b/roles/s1_agent_install/tasks/linux.yml index a52dcf7..63941fb 100644 --- a/roles/s1_agent_install/tasks/linux.yml +++ b/roles/s1_agent_install/tasks/linux.yml @@ -4,19 +4,19 @@ ansible.builtin.command: dmesg register: s1_dmesg_raw changed_when: false - check_mode: no - become: yes + check_mode: false + become: true - name: Gather CPU Flags | Linux ansible.builtin.command: > awk -F: '/^flags/ {print $2; exit}' /proc/cpuinfo register: s1_cpu_flags_raw changed_when: false - check_mode: no + check_mode: false - name: Set CPU Flags | Linux ansible.builtin.set_fact: - s1_cpu_flags: '{{ s1_cpu_flags_raw.stdout.split() }}' + s1_cpu_flags: "{{ s1_cpu_flags_raw.stdout.split() }}" - name: Assert meets requirements | Linux ansible.builtin.assert: @@ -26,7 +26,7 @@ - "'popcnt' in s1_cpu_flags" - ansible_facts.architecture == 'x86_64' # yamllint disable-line rule:line-length - fail_msg: 'The SentinelOne Agent requires a 64-bit dual core processor to be installed. Review https://support.sentinelone.com/hc/en-us/articles/4410580891543.' + fail_msg: The SentinelOne Agent requires a 64-bit dual core processor to be installed. Review https://support.sentinelone.com/hc/en-us/articles/4410580891543. when: ansible_architecture != 'aarch64' - name: Assert disk meets requirements | Linux @@ -35,42 +35,42 @@ # yamllint disable-line rule:line-length - ((ansible_mounts | selectattr('mount', 'in', s1_agent_custom_install_path|default('/opt/sentinelone')) | list | sort(attribute='mount'))[-1]['size_available']) >= 2147483648 # yamllint disable-line rule:line-length - fail_msg: "The SentinelOne Agent requires 2GB of free space on the {{ s1_agent_custom_install_path | default('/opt') }} partition. Review https://support.sentinelone.com/hc/en-us/articles/4410580891543." + fail_msg: The SentinelOne Agent requires 2GB of free space on the {{ s1_agent_custom_install_path | default('/opt') }} partition. Review https://support.sentinelone.com/hc/en-us/articles/4410580891543. - name: Assert memory meets requirements | Linux ansible.builtin.assert: that: - ansible_memfree_mb >= 800 # yamllint disable-line rule:line-length - fail_msg: 'The SentinelOne Agent requires at least 800MB of free, non-cached, memory to be installed. Review https://support.sentinelone.com/hc/en-us/articles/4410580891543.' + fail_msg: The SentinelOne Agent requires at least 800MB of free, non-cached, memory to be installed. Review https://support.sentinelone.com/hc/en-us/articles/4410580891543. - name: Assert host is stable | Linux ansible.builtin.assert: that: - "'FUNCTION TRACING IS CORRUPTED' not in s1_dmesg_raw.stdout" - fail_msg: 'System Instability Detected' + fail_msg: System Instability Detected - name: Set SentinelOne agent path | Linux ansible.builtin.set_fact: - s1_agent_path: '{{ s1_tmp_linux }}/{{ s1_agent_src | basename }}' + s1_agent_path: "{{ s1_tmp_linux }}/{{ s1_agent_src | basename }}" - name: Create working directory | Linux ansible.builtin.file: - path: '{{ s1_tmp_linux }}' + path: "{{ s1_tmp_linux }}" state: directory - mode: '0755' + mode: "0755" - name: Copy SentinelOne agent | Linux ansible.builtin.copy: - src: '{{ s1_agent_src }}' - dest: '{{ s1_agent_path }}' - mode: '0755' + src: "{{ s1_agent_src }}" + dest: "{{ s1_agent_path }}" + mode: "0755" - name: Create configuration file | Linux ansible.builtin.template: src: linux_agent_config.cfg.j2 - dest: '{{ s1_tmp_linux }}/s1_config.cfg' - mode: '0744' + dest: "{{ s1_tmp_linux }}/s1_config.cfg" + mode: "0744" - name: Import the SentinelOne GPG Key | Red Hat Family ansible.builtin.include_role: @@ -82,13 +82,13 @@ - name: Install SentinelOne GPG signed RPM package | Linux ansible.builtin.yum: - name: '{{ s1_agent_path }}' + name: "{{ s1_agent_path }}" state: present use_backend: '{{ (ansible_pkg_mgr == "zypper") | ternary("yum4", "auto") }}' environment: - S1_AGENT_INSTALL_CONFIG_PATH: '{{ s1_tmp_linux }}/s1_config.cfg' - become: yes - notify: '{{ s1_service_handler_name }}' + S1_AGENT_INSTALL_CONFIG_PATH: "{{ s1_tmp_linux }}/s1_config.cfg" + become: true + notify: "{{ s1_service_handler_name }}" when: - ansible_pkg_mgr in rpm_pkg_mgrs - s1_install_gpg_signed_rpm | default('no') | bool @@ -104,7 +104,7 @@ failed_when: - s1_rpm_query is failed - '"package " ~ s1_package_name ~ " is not installed" not in s1_rpm_query.stdout' - changed_when: no + changed_when: false - name: Show s1_rpm_query ansible.builtin.debug: @@ -116,9 +116,9 @@ - name: Install SentinelOne RPM package | Linux ansible.builtin.command: rpm -i --nodigest '{{ s1_agent_path }}' # noqa command-instead-of-module environment: - S1_AGENT_INSTALL_CONFIG_PATH: '{{ s1_tmp_linux }}/s1_config.cfg' - become: yes - notify: '{{ s1_service_handler_name }}' + S1_AGENT_INSTALL_CONFIG_PATH: "{{ s1_tmp_linux }}/s1_config.cfg" + become: true + notify: "{{ s1_service_handler_name }}" register: s1_rpm_install_result changed_when: '"Registration token successfully set" in s1_rpm_install_result.stdout' when: '"package " ~ s1_package_name ~ " is not installed" in s1_rpm_query.stdout' @@ -132,17 +132,17 @@ - name: Install SentinelOne DEB package | Linux ansible.builtin.apt: - deb: '{{ s1_agent_path }}' + deb: "{{ s1_agent_path }}" state: present environment: - S1_AGENT_INSTALL_CONFIG_PATH: '{{ s1_tmp_linux }}/s1_config.cfg' - become: yes - notify: '{{ s1_service_handler_name }}' + S1_AGENT_INSTALL_CONFIG_PATH: "{{ s1_tmp_linux }}/s1_config.cfg" + become: true + notify: "{{ s1_service_handler_name }}" when: ansible_pkg_mgr in apt_pkg_mgrs - name: Remove working directory | Linux ansible.builtin.file: - path: '{{ s1_tmp_linux }}' + path: "{{ s1_tmp_linux }}" state: absent tags: - molecule-notest diff --git a/roles/s1_agent_install/tasks/main.yml b/roles/s1_agent_install/tasks/main.yml index 708c3a1..1097b38 100644 --- a/roles/s1_agent_install/tasks/main.yml +++ b/roles/s1_agent_install/tasks/main.yml @@ -4,26 +4,26 @@ - name: Assert that the operating system is supported ansible.builtin.assert: that: - - '(ansible_os_family in s1_supported_os_family) or (ansible_distribution in s1_supported_linux_distribution)' + - (ansible_os_family in s1_supported_os_family) or (ansible_distribution in s1_supported_linux_distribution) # yamllint disable-line rule:line-length - fail_msg: 'The {{ ansible_distribution }} operating system is not supported by the SentinelOne Agent. Please review the System Requirements Knowledge Base to confirm compatibility.' + fail_msg: The {{ ansible_distribution }} operating system is not supported by the SentinelOne Agent. Please review the System Requirements Knowledge Base to confirm compatibility. - name: Import OS specific variables - ansible.builtin.include_vars: '{{ loop_vars }}' + ansible.builtin.include_vars: "{{ loop_vars }}" with_first_found: - files: - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}.yml' - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_distribution | lower }}.yml' - - '{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_os_family | lower }}.yml' - - '{{ ansible_system | lower }}.yml' - skip: yes + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}.yml" + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_os_family | lower }}.yml" + - "{{ ansible_system | lower }}.yml" + skip: true paths: - - 'vars' + - vars loop_control: loop_var: loop_vars - label: '{{ loop_vars | basename }}' + label: "{{ loop_vars | basename }}" - name: Assert that s1_agent_site_token is valid ansible.builtin.assert: @@ -43,19 +43,19 @@ - name: Include OS specific tasks ansible.builtin.include_tasks: - file: '{{ loop_family }}' + file: "{{ loop_family }}" with_first_found: - files: - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}.yml' - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_distribution | lower }}.yml' - - '{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_os_family | lower }}.yml' - - '{{ ansible_system | lower }}.yml' - - 'unsupported.yml' + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}.yml" + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_os_family | lower }}.yml" + - "{{ ansible_system | lower }}.yml" + - unsupported.yml loop_control: loop_var: loop_family - label: '{{ loop_family | basename }}' + label: "{{ loop_family | basename }}" - name: SentinelOne agent version installed ansible.builtin.debug: diff --git a/roles/s1_agent_install/tasks/unsupported.yml b/roles/s1_agent_install/tasks/unsupported.yml index f61f702..423bb21 100644 --- a/roles/s1_agent_install/tasks/unsupported.yml +++ b/roles/s1_agent_install/tasks/unsupported.yml @@ -3,4 +3,4 @@ - name: Endpoint unsupported ansible.builtin.fail: - msg: '{{ ansible_distribution }} is not currently supported by the {{ role_name }} Ansible Role.' + msg: "{{ ansible_distribution }} is not currently supported by the {{ role_name }} Ansible Role." diff --git a/roles/s1_agent_install/tasks/windows.yml b/roles/s1_agent_install/tasks/windows.yml index 4d0f74e..d9fd132 100644 --- a/roles/s1_agent_install/tasks/windows.yml +++ b/roles/s1_agent_install/tasks/windows.yml @@ -12,7 +12,7 @@ that: - ansible_processor_vcpus >= 2 # yamllint disable-line rule:line-length - fail_msg: 'The SentinelOne Agent requires a 64-bit dual core processor to be installed. Review https://support.sentinelone.com/hc/en-us/articles/4410565200151.' + fail_msg: The SentinelOne Agent requires a 64-bit dual core processor to be installed. Review https://support.sentinelone.com/hc/en-us/articles/4410565200151. - name: Assert disk meets requirements | Windows ansible.builtin.assert: @@ -20,25 +20,25 @@ # yamllint disable-line rule:line-length - (((ansible_facts.disks|selectattr('system_disk') | first).partitions | selectattr('drive_letter') | first).volumes | list | sort(reverse=true, attribute='size') | first)['size_remaining'] >= 2147483648 # yamllint disable-line rule:line-length - fail_msg: 'The SentinelOne Agent requires 2GB of free space on the Windows partition. Review https://support.sentinelone.com/hc/en-us/articles/4410565200151.' + fail_msg: The SentinelOne Agent requires 2GB of free space on the Windows partition. Review https://support.sentinelone.com/hc/en-us/articles/4410565200151. - name: Assert memory meets requirements | Windows ansible.builtin.assert: that: - ansible_memfree_mb >= 1024 # yamllint disable-line rule:line-length - fail_msg: 'The SentinelOne Agent requires at least 1GB of free, non-cached, memory to be installed. Review https://support.sentinelone.com/hc/en-us/articles/4410565200151.' + fail_msg: The SentinelOne Agent requires at least 1GB of free, non-cached, memory to be installed. Review https://support.sentinelone.com/hc/en-us/articles/4410565200151. - name: Set SentinelOne agent product Id | Windows ansible.builtin.set_fact: - s1_agent_product_id: '{{ s1_product_id[s1_agent_win_file_ver] }}' + s1_agent_product_id: "{{ s1_product_id[s1_agent_win_file_ver] }}" when: - s1_product_id[s1_agent_win_file_ver] is defined - s1_agent_product_id is undefined - name: Set SentinelOne agent path | Windows ansible.builtin.set_fact: - s1_agent_path: '{{ s1_tmp_windows }}\{{ s1_agent_src | basename }}' + s1_agent_path: "{{ s1_tmp_windows }}\\{{ s1_agent_src | basename }}" - name: Set SentinelOne agent parameters | Windows ansible.builtin.set_fact: @@ -48,29 +48,29 @@ - name: Create working directory | Windows ansible.windows.win_file: - path: '{{ s1_tmp_windows }}' + path: "{{ s1_tmp_windows }}" state: directory - name: Copy SentinelOne agent | Windows ansible.windows.win_copy: - src: '{{ s1_agent_src }}' - dest: '{{ s1_agent_path }}' + src: "{{ s1_agent_src }}" + dest: "{{ s1_agent_path }}" # If this task fails molecule's idempotence step, check that s1_product_id contains the ProductID for the version of the agent being installed - name: Install SentinelOne | Windows ansible.windows.win_package: - path: '{{ s1_agent_path }}' + path: "{{ s1_agent_path }}" state: present - arguments: '{{ s1_agent_silent_cmd }}' - wait_for_children: yes - product_id: '{{ s1_agent_product_id | default(omit) }}' - expected_return_code: '{{ s1_agent_return_code }}' - become: yes - notify: '{{ s1_reboot_handler_name }}' + arguments: "{{ s1_agent_silent_cmd }}" + wait_for_children: true + product_id: "{{ s1_agent_product_id | default(omit) }}" + expected_return_code: "{{ s1_agent_return_code }}" + become: true + notify: "{{ s1_reboot_handler_name }}" register: s1_install_log - changed_when: - - s1_agent_product_id is undefined - - s1_install_log.rc != 1000 + # changed_when: + # - s1_agent_product_id is undefined + # - s1_install_log.rc != 1000 - name: Show install log | Windows ansible.builtin.debug: @@ -81,7 +81,7 @@ - name: Remove working directory | Windows ansible.windows.win_file: - path: '{{ s1_tmp_windows }}' + path: "{{ s1_tmp_windows }}" state: absent tags: - molecule-notest diff --git a/roles/s1_agent_uninstall/.yamllint b/roles/s1_agent_uninstall/.yamllint deleted file mode 120000 index 4a4652c..0000000 --- a/roles/s1_agent_uninstall/.yamllint +++ /dev/null @@ -1 +0,0 @@ -../../.yamllint \ No newline at end of file diff --git a/roles/s1_agent_uninstall/meta/main.yml b/roles/s1_agent_uninstall/meta/main.yml index f220565..1b7beaa 100644 --- a/roles/s1_agent_uninstall/meta/main.yml +++ b/roles/s1_agent_uninstall/meta/main.yml @@ -17,9 +17,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: 'license (GPL-3.0-or-later)' + license: license (GPL-3.0-or-later) - min_ansible_version: '2.9' + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -33,9 +33,9 @@ galaxy_info: platforms: - name: EL versions: - - '6' - - '7' - - '8' + - "6" + - "7" + - "8" - name: Ubuntu versions: - trusty # 14.04 @@ -46,9 +46,9 @@ galaxy_info: - hirsute # 20.04 - name: Windows versions: - - '2016' - - '2019' - - '2022' + - "2016" + - "2019" + - "2022" galaxy_tags: - edr diff --git a/roles/s1_agent_uninstall/molecule/default/INSTALL.rst b/roles/s1_agent_uninstall/molecule/default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_uninstall/molecule/default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_uninstall/molecule/default/molecule.yml b/roles/s1_agent_uninstall/molecule/default/molecule.yml deleted file mode 100644 index e5322a7..0000000 --- a/roles/s1_agent_uninstall/molecule/default/molecule.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-rocky8}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - provider_options: - linked_clone: true - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - ssh_connection: - # Required for connecting to RHEL 6.x - ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa - # env: - # ANSIBLE_VERBOSITY: 3 - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: true - Linux: - Windows: - ansible_become_method: runas - ansible_become_user: vagrant - ansible_become_password: vagrant - ansible_user: vagrant - ansible_connection: ssh - ansible_shell_type: cmd - ansible_win_async_startup_timeout: 30 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - cleanup: ../resources/cleanup.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_uninstall/molecule/forced_remove/INSTALL.rst b/roles/s1_agent_uninstall/molecule/forced_remove/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_uninstall/molecule/forced_remove/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_uninstall/molecule/forced_remove/molecule.yml b/roles/s1_agent_uninstall/molecule/forced_remove/molecule.yml deleted file mode 100644 index c5ff091..0000000 --- a/roles/s1_agent_uninstall/molecule/forced_remove/molecule.yml +++ /dev/null @@ -1,116 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-rocky8}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - provider_options: - linked_clone: true - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - ssh_connection: - # Required for connecting to RHEL 6.x - ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa - # env: - # ANSIBLE_VERBOSITY: 3 - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: true - s1_force_reboot: true - s1_no_config_failures: true - Linux: - Windows: - ansible_become_method: runas - ansible_become_user: vagrant - ansible_become_password: vagrant - ansible_user: vagrant - ansible_connection: ssh - ansible_shell_type: cmd - ansible_win_async_startup_timeout: 30 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - cleanup: ../resources/cleanup.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_uninstall/molecule/resources/cleanup.yml b/roles/s1_agent_uninstall/molecule/resources/cleanup.yml deleted file mode 100644 index 000fd86..0000000 --- a/roles/s1_agent_uninstall/molecule/resources/cleanup.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Cleanup - hosts: all - gather_facts: false - tasks: - - name: Remove S1 work directory # noqa: run-once[task] - ansible.builtin.file: - path: '{{ s1_download_path }}' - state: absent - run_once: true - delegate_to: localhost - become: no diff --git a/roles/s1_agent_uninstall/molecule/resources/prepare.yml b/roles/s1_agent_uninstall/molecule/resources/prepare.yml deleted file mode 100644 index 21efaef..0000000 --- a/roles/s1_agent_uninstall/molecule/resources/prepare.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Prepare - hosts: all - gather_facts: yes - gather_subset: - - '!all' - - '!hardware' - - min - - tasks: - - name: Include tasks to clean up package managers | Linux - ansible.builtin.include_tasks: - file: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/../../../s1_agent_common/molecule/common_files/tasks/prepare_package_manager.yml" - when: - - ansible_system == 'Linux' - - - name: Install SentinelOne Agent - ansible.builtin.include_role: - name: s1_agent_install - vars: - s1_reboot_handler_name: Reboot Node | {{ ansible_os_family }} | Unit Testing - - - name: Flush handlers - ansible.builtin.meta: flush_handlers - - - name: Clear cached facts - ansible.builtin.meta: clear_facts - - - name: Gather facts - ansible.builtin.setup: - - - name: Get the agent's state - ansible.builtin.include_role: - name: s1_agent_info - - - name: Persist facts for verify step - ansible.builtin.set_fact: - s1_molecule_installed_version: '{{ s1_agent_info.version }}' - cacheable: yes - - - name: Wait for agent to register with Management Console - ansible.builtin.uri: - url: '{{ s1_management_console }}/web/api/v2.1/agents?uuid={{ s1_agent_info.uuid }}&isActive=true' - return_content: false - headers: - Authorization: 'ApiToken {{ s1_api_token }}' - validate_certs: "{{ s1_validate_certs | default('true') | bool }}" - register: s1_agent_registered - until: - - s1_agent_registered is not failed - - s1_agent_registered.json.pagination.totalItems == 1 - retries: 10 - delay: 10 - become: no - delegate_to: localhost diff --git a/roles/s1_agent_uninstall/molecule/winrm_default/INSTALL.rst b/roles/s1_agent_uninstall/molecule/winrm_default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_uninstall/molecule/winrm_default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_uninstall/molecule/winrm_default/molecule.yml b/roles/s1_agent_uninstall/molecule/winrm_default/molecule.yml deleted file mode 100644 index ef38928..0000000 --- a/roles/s1_agent_uninstall/molecule/winrm_default/molecule.yml +++ /dev/null @@ -1,124 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - groups: - - all - children: - - Windows - box: '${S1_VAGRANT_REPO:-jborean93}/${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - vm.communicator: winrm - provider_options: - linked_clone: true - instance_raw_configs: - - 'vm.boot_timeout = 600' - - 'vm.max_tries = 40' - - "winrm.password = 'vagrant'" - - "winrm.username = 'vagrant'" - - "vm.guest = 'windows'" - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - # env: - # ANSIBLE_VERBOSITY: 3 - connection_options: - ansible_become: false - ansible_user: vagrant - ansible_password: vagrant - ansible_port: 55986 - ansible_connection: winrm - ansible_winrm_transport: basic - ansible_winrm_server_cert_validation: ignore - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: true - Linux: - Windows: - ansible_win_async_startup_timeout: 30 - # Increase winrm timeouts https://access.redhat.com/solutions/6978358 - ansible_winrm_operation_timeout_sec: 200 - ansible_winrm_read_timeout_sec: 250 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - cleanup: ../resources/cleanup.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_uninstall/molecule/winrm_forced_remove/INSTALL.rst b/roles/s1_agent_uninstall/molecule/winrm_forced_remove/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_uninstall/molecule/winrm_forced_remove/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_uninstall/molecule/winrm_forced_remove/molecule.yml b/roles/s1_agent_uninstall/molecule/winrm_forced_remove/molecule.yml deleted file mode 100644 index b754b5f..0000000 --- a/roles/s1_agent_uninstall/molecule/winrm_forced_remove/molecule.yml +++ /dev/null @@ -1,125 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - groups: - - all - children: - - Windows - box: '${S1_VAGRANT_REPO:-jborean93}/${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - vm.communicator: winrm - provider_options: - linked_clone: true - instance_raw_configs: - - 'vm.boot_timeout = 600' - - 'vm.max_tries = 40' - - "winrm.password = 'vagrant'" - - "winrm.username = 'vagrant'" - - "vm.guest = 'windows'" - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - # env: - # ANSIBLE_VERBOSITY: 3 - connection_options: - ansible_become: false - ansible_user: vagrant - ansible_password: vagrant - ansible_port: 55986 - ansible_connection: winrm - ansible_winrm_transport: basic - ansible_winrm_server_cert_validation: ignore - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: true - s1_force_reboot: true - s1_no_config_failures: true - Linux: - Windows: - ansible_win_async_startup_timeout: 30 - # Increase winrm timeouts https://access.redhat.com/solutions/6978358 - ansible_winrm_operation_timeout_sec: 200 - ansible_winrm_read_timeout_sec: 250 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - cleanup: ../resources/cleanup.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_uninstall/tasks/linux.yml b/roles/s1_agent_uninstall/tasks/linux.yml index 2e42db2..35ae96f 100644 --- a/roles/s1_agent_uninstall/tasks/linux.yml +++ b/roles/s1_agent_uninstall/tasks/linux.yml @@ -6,8 +6,8 @@ - not s1_forced_remove | default('false') | bool block: - name: Uninstall SentinelOne agent | Linux - ansible.builtin.command: '/opt/sentinelone/bin/sentinelctl control uninstall --passphrase "{{ s1_agent_passphrase }}"' - become: yes + ansible.builtin.command: /opt/sentinelone/bin/sentinelctl control uninstall --passphrase "{{ s1_agent_passphrase }}" + become: true register: s1_sentinelctl_uninstall retries: 3 delay: 30 @@ -16,31 +16,31 @@ rescue: - name: Include tasks to clean up a failed uninstall | Linux ansible.builtin.include_tasks: - file: '{{ loop_cleanup_failed }}' + file: "{{ loop_cleanup_failed }}" with_first_found: - files: - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}_forced_remove.yml' - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}_forced_remove.yml' - - '{{ ansible_distribution | lower }}_forced_remove.yml' - - '{{ ansible_os_family | lower }}_forced_remove.yml' - - '{{ ansible_system | lower }}_forced_remove.yml' - - 'unsupported.yml' + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}_forced_remove.yml" + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}_forced_remove.yml" + - "{{ ansible_distribution | lower }}_forced_remove.yml" + - "{{ ansible_os_family | lower }}_forced_remove.yml" + - "{{ ansible_system | lower }}_forced_remove.yml" + - unsupported.yml loop_control: loop_var: loop_cleanup_failed - label: '{{ loop_cleanup_failed | basename }}' + label: "{{ loop_cleanup_failed | basename }}" - name: Include tasks to forcibly remove the SeintinelOne agent | Linux ansible.builtin.include_tasks: - file: '{{ loop_forced_remove }}' + file: "{{ loop_forced_remove }}" with_first_found: - files: - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}_forced_remove.yml' - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}_forced_remove.yml' - - '{{ ansible_distribution | lower }}_forced_remove.yml' - - '{{ ansible_os_family | lower }}_forced_remove.yml' - - '{{ ansible_system | lower }}_forced_remove.yml' - - 'unsupported.yml' + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}_forced_remove.yml" + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}_forced_remove.yml" + - "{{ ansible_distribution | lower }}_forced_remove.yml" + - "{{ ansible_os_family | lower }}_forced_remove.yml" + - "{{ ansible_system | lower }}_forced_remove.yml" + - unsupported.yml loop_control: loop_var: loop_forced_remove - label: '{{ loop_forced_remove | basename }}' + label: "{{ loop_forced_remove | basename }}" when: s1_forced_remove | default('false') | bool diff --git a/roles/s1_agent_uninstall/tasks/linux_forced_remove.yml b/roles/s1_agent_uninstall/tasks/linux_forced_remove.yml index d18a2bc..f441f92 100644 --- a/roles/s1_agent_uninstall/tasks/linux_forced_remove.yml +++ b/roles/s1_agent_uninstall/tasks/linux_forced_remove.yml @@ -7,10 +7,10 @@ - name: Stop and disable the SentinelOne service | Linux ansible.builtin.service: - name: '{{ s1_service_name }}' + name: "{{ s1_service_name }}" state: stopped - enabled: no - become: yes + enabled: false + become: true when: - s1_agent_info.service_status is defined - s1_agent_info.service_status is not none @@ -18,9 +18,9 @@ - name: Remove the SentinelOne service files | Linux ansible.builtin.file: - path: '{{ item }}' + path: "{{ item }}" state: absent - become: yes + become: true with_items: - /usr/lib/systemd/system/sentinelone.service - /lib/systemd/system/sentinelone.service @@ -28,40 +28,40 @@ - name: Unmount SentinelOne directories | Linux ansible.posix.mount: - path: '{{ item }}' + path: "{{ item }}" state: unmounted - become: yes + become: true with_items: - - '{{ s1_agent_default_install_path }}/mount' - - '{{ s1_agent_default_install_path }}/cgroups/memory' - - '{{ s1_agent_default_install_path }}/rpm_mount' + - "{{ s1_agent_default_install_path }}/mount" + - "{{ s1_agent_default_install_path }}/cgroups/memory" + - "{{ s1_agent_default_install_path }}/rpm_mount" - name: Remove SentinelOne directory | Linux ansible.builtin.file: - path: '{{ item }}' + path: "{{ item }}" state: absent - become: yes + become: true with_items: - - '{{ s1_agent_custom_install_path | default(s1_agent_default_install_path) }}' - - '{{ s1_agent_default_install_path }}' + - "{{ s1_agent_custom_install_path | default(s1_agent_default_install_path) }}" + - "{{ s1_agent_default_install_path }}" - name: Remove the sentinelone user | Linux ansible.builtin.user: name: sentinelone state: absent - remove: yes - become: yes + remove: true + become: true - name: Remove SentinelOne apt package | Linux ansible.builtin.file: path: /var/lib/dpkg/info/{{ s1_package_name }}.* state: absent - become: yes + become: true when: ansible_pkg_mgr in apt_pkg_mgrs - name: Remove the SentinelOne package from dpkg | Linux ansible.builtin.command: dpkg --purge --force-all {{ s1_package_name }} # noqa command-instead-of-module - become: yes + become: true register: dpkg_remove changed_when: - '"Purging configuration files for " ~ s1_package_name ~ "" in dpkg_remove.stdout' @@ -70,7 +70,7 @@ - name: Remove the SentinelOne package from rpm | Linux ansible.builtin.command: rpm -ev --noscripts {{ s1_package_name }} # noqa command-instead-of-module - become: yes + become: true register: rpm_remove changed_when: - '"Preparing packages...\n" ~ s1_package_name ~ "" in rpm_remove.stdout' diff --git a/roles/s1_agent_uninstall/tasks/main.yml b/roles/s1_agent_uninstall/tasks/main.yml index 9596deb..339efd5 100644 --- a/roles/s1_agent_uninstall/tasks/main.yml +++ b/roles/s1_agent_uninstall/tasks/main.yml @@ -10,19 +10,19 @@ - name: Include OS specific tasks ansible.builtin.include_tasks: - file: '{{ loop_family }}' + file: "{{ loop_family }}" with_first_found: - files: - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}.yml' - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_distribution | lower }}.yml' - - '{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_os_family | lower }}.yml' - - '{{ ansible_system | lower }}.yml' - - 'unsupported.yml' + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}.yml" + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_os_family | lower }}.yml" + - "{{ ansible_system | lower }}.yml" + - unsupported.yml loop_control: loop_var: loop_family - label: '{{ loop_family | basename }}' + label: "{{ loop_family | basename }}" when: - s1_agent_info.installed - (s1_agent_passphrase is defined) or (s1_forced_remove | default('false') | bool) diff --git a/roles/s1_agent_uninstall/tasks/unsupported.yml b/roles/s1_agent_uninstall/tasks/unsupported.yml index c7d1b80..09c3e73 100644 --- a/roles/s1_agent_uninstall/tasks/unsupported.yml +++ b/roles/s1_agent_uninstall/tasks/unsupported.yml @@ -3,4 +3,4 @@ - name: Endpoint unsupported ansible.builtin.fail: - msg: '{{ ansible_distribution }} is not currently supported by the {{ role_name }} Ansible Role.' + msg: "{{ ansible_distribution }} is not currently supported by the {{ role_name }} Ansible Role." diff --git a/roles/s1_agent_uninstall/tasks/windows.yml b/roles/s1_agent_uninstall/tasks/windows.yml index 569dd56..a18b56d 100644 --- a/roles/s1_agent_uninstall/tasks/windows.yml +++ b/roles/s1_agent_uninstall/tasks/windows.yml @@ -7,40 +7,40 @@ - name: Uninstall SentinelOne agent | Windows ansible.windows.win_package: state: absent - arguments: 'UNINSTALL_KEY="{{ s1_agent_passphrase }}"' - wait_for_children: yes - product_id: '{{ s1_agent_info.product_id }}' - become: yes + arguments: UNINSTALL_KEY="{{ s1_agent_passphrase }}" + wait_for_children: true + product_id: "{{ s1_agent_info.product_id }}" + become: true register: s1_uninstall_log - notify: '{{ s1_reboot_handler_name }}' + notify: "{{ s1_reboot_handler_name }}" rescue: - name: Include tasks to retry a failed uninstall | Windows ansible.builtin.include_tasks: - file: '{{ loop_fallback_remove }}' + file: "{{ loop_fallback_remove }}" with_first_found: - files: - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}_fallback_remove.yml' - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}_fallback_remove.yml' - - '{{ ansible_distribution | lower }}_fallback_remove.yml' - - '{{ ansible_os_family | lower }}_fallback_remove.yml' - - '{{ ansible_system | lower }}_fallback_remove.yml' - - 'unsupported.yml' + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}_fallback_remove.yml" + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}_fallback_remove.yml" + - "{{ ansible_distribution | lower }}_fallback_remove.yml" + - "{{ ansible_os_family | lower }}_fallback_remove.yml" + - "{{ ansible_system | lower }}_fallback_remove.yml" + - unsupported.yml loop_control: loop_var: loop_fallback_remove - label: '{{ loop_fallback_remove | basename }}' + label: "{{ loop_fallback_remove | basename }}" - name: Include fallback tasks to remove the SeintinelOne agent | Windows ansible.builtin.include_tasks: - file: '{{ loop_fallback_remove }}' + file: "{{ loop_fallback_remove }}" with_first_found: - files: - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}_fallback_remove.yml' - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}_fallback_remove.yml' - - '{{ ansible_distribution | lower }}_fallback_remove.yml' - - '{{ ansible_os_family | lower }}_fallback_remove.yml' - - '{{ ansible_system | lower }}_fallback_remove.yml' - - 'unsupported.yml' + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}_fallback_remove.yml" + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}_fallback_remove.yml" + - "{{ ansible_distribution | lower }}_fallback_remove.yml" + - "{{ ansible_os_family | lower }}_fallback_remove.yml" + - "{{ ansible_system | lower }}_fallback_remove.yml" + - unsupported.yml loop_control: loop_var: loop_fallback_remove - label: '{{ loop_fallback_remove | basename }}' + label: "{{ loop_fallback_remove | basename }}" when: s1_forced_remove | default('false') | bool diff --git a/roles/s1_agent_uninstall/tasks/windows_fallback_remove.yml b/roles/s1_agent_uninstall/tasks/windows_fallback_remove.yml index b1ec7ea..b873fa6 100644 --- a/roles/s1_agent_uninstall/tasks/windows_fallback_remove.yml +++ b/roles/s1_agent_uninstall/tasks/windows_fallback_remove.yml @@ -9,17 +9,17 @@ - name: Uninstall SentinelOne agent | Windows ansible.windows.win_package: - creates_service: '{{ s1_service_name }}' + creates_service: "{{ s1_service_name }}" state: absent - path: '{{ s1_image_path.value | regex_replace(''"'', '''') | win_dirname }}\uninstall.exe' + path: "{{ s1_image_path.value | regex_replace('\"', '') | win_dirname }}\\uninstall.exe" arguments: - /uninstall - /norestart - /quiet - /k - - '{{ s1_agent_passphrase }}' - wait_for_children: yes - become: yes + - "{{ s1_agent_passphrase }}" + wait_for_children: true + become: true register: s1_uninstall_log when: s1_image_path.exists | bool - notify: '{{ s1_reboot_handler_name }}' + notify: "{{ s1_reboot_handler_name }}" diff --git a/roles/s1_agent_upgrade/.yamllint b/roles/s1_agent_upgrade/.yamllint deleted file mode 120000 index 4a4652c..0000000 --- a/roles/s1_agent_upgrade/.yamllint +++ /dev/null @@ -1 +0,0 @@ -../../.yamllint \ No newline at end of file diff --git a/roles/s1_agent_upgrade/meta/main.yml b/roles/s1_agent_upgrade/meta/main.yml index 0dda48b..c89ae13 100644 --- a/roles/s1_agent_upgrade/meta/main.yml +++ b/roles/s1_agent_upgrade/meta/main.yml @@ -17,9 +17,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: 'license (GPL-3.0-or-later)' + license: license (GPL-3.0-or-later) - min_ansible_version: '2.9' + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -33,9 +33,9 @@ galaxy_info: platforms: - name: EL versions: - - '6' - - '7' - - '8' + - "6" + - "7" + - "8" - name: Ubuntu versions: - trusty # 14.04 @@ -46,9 +46,9 @@ galaxy_info: - hirsute # 20.04 - name: Windows versions: - - '2016' - - '2019' - - '2022' + - "2016" + - "2019" + - "2022" galaxy_tags: - edr diff --git a/roles/s1_agent_upgrade/molecule/default/INSTALL.rst b/roles/s1_agent_upgrade/molecule/default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_upgrade/molecule/default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_upgrade/molecule/default/molecule.yml b/roles/s1_agent_upgrade/molecule/default/molecule.yml deleted file mode 100644 index e5322a7..0000000 --- a/roles/s1_agent_upgrade/molecule/default/molecule.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-rocky8}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - provider_options: - linked_clone: true - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - ssh_connection: - # Required for connecting to RHEL 6.x - ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa - # env: - # ANSIBLE_VERBOSITY: 3 - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: true - Linux: - Windows: - ansible_become_method: runas - ansible_become_user: vagrant - ansible_become_password: vagrant - ansible_user: vagrant - ansible_connection: ssh - ansible_shell_type: cmd - ansible_win_async_startup_timeout: 30 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - cleanup: ../resources/cleanup.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/INSTALL.rst b/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/converge.yml b/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/converge.yml deleted file mode 100644 index 89495c4..0000000 --- a/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Converge - hosts: all - gather_facts: false - tasks: - - name: Include s1_agent_upgrade - ansible.builtin.include_role: - name: s1_agent_upgrade - vars: - s1_install_gpg_signed_rpm: true - s1_reboot_handler_name: Reboot Node | {{ ansible_os_family }} | Unit Testing - - - name: Persist facts for verify step - ansible.builtin.set_fact: - # yamllint disable-line rule:line-length - s1_molecule_upgraded_version: "{{ s1_agent_version if ansible_os_family != 'Windows' else s1_agent_version | regex_replace('(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)', '\\1.\\2.\\4') }}" - s1_molecule_upgrade_package: '{{ s1_agent_path | basename }}' - cacheable: yes - - - name: Show s1_molecule_upgraded_version - ansible.builtin.debug: - var: s1_molecule_upgraded_version - - - name: Show s1_molecule_upgrade_package - ansible.builtin.debug: - var: s1_molecule_upgrade_package diff --git a/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/molecule.yml b/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/molecule.yml deleted file mode 100644 index a1f3853..0000000 --- a/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/molecule.yml +++ /dev/null @@ -1,114 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-rocky8}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - provider_options: - linked_clone: true - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - ssh_connection: - # Required for connecting to RHEL 6.x - ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa - # env: - # ANSIBLE_VERBOSITY: 3 - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - Linux: - Windows: - ansible_become_method: runas - ansible_become_user: vagrant - ansible_become_password: vagrant - ansible_user: vagrant - ansible_connection: ssh - ansible_shell_type: cmd - ansible_win_async_startup_timeout: 30 - Darwin: - playbooks: - prepare: prepare.yml - converge: converge.yml - cleanup: ../default/cleanup.yml - verify: verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/prepare.yml b/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/prepare.yml deleted file mode 100644 index 2520db2..0000000 --- a/roles/s1_agent_upgrade/molecule/gpg_signed_rpm/prepare.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: yes - gather_subset: - - '!all' - - '!hardware' - - min - tasks: - - name: Include tasks to clean up package managers | Linux - ansible.builtin.include_tasks: - file: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/../../../s1_agent_common/molecule/common_files/tasks/prepare_package_manager.yml" - when: - - ansible_system == 'Linux' - - - name: Install older SentinelOne Agent - ansible.builtin.include_role: - name: s1_agent_install - vars: - s1_release_n_minus: 1 - s1_install_gpg_signed_rpm: true - s1_reboot_handler_name: Reboot Node | {{ ansible_os_family }} | Unit Testing - - - name: Flush handlers - ansible.builtin.meta: flush_handlers - - - name: Clear cached facts - ansible.builtin.meta: clear_facts - - - name: Refresh facts - ansible.builtin.setup: - gather_subset: - - '!all' - - '!hardware' - - min - - - name: Include common vars - ansible.builtin.include_vars: - file: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/../../../s1_agent_common/vars/main.yml" - - - name: Get the agent's state - ansible.builtin.include_role: - name: s1_agent_info - - - name: Persist facts for verify step - ansible.builtin.set_fact: - # yamllint disable-line rule:line-length - s1_molecule_prior_version: "{{ s1_agent_version if ansible_os_family != 'Windows' else s1_agent_version | regex_replace('(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)', '\\1.\\2.\\4') }}" - s1_molecule_prior_package: '{{ s1_agent_path | basename }}' - cacheable: yes - - - name: Assert SentinelOne Agent was installed from GPG signed package - ansible.builtin.assert: - that: - - s1_molecule_prior_package is defined - - s1_molecule_prior_package is regex('^Signed-Sentinel.*') - when: ansible_pkg_mgr in rpm_pkg_mgrs - - - name: Wait for agent to register with Management Console - ansible.builtin.uri: - url: '{{ s1_management_console }}/web/api/v2.1/agents?uuid={{ s1_agent_info.uuid }}&isActive=true' - return_content: false - headers: - Authorization: 'ApiToken {{ s1_api_token }}' - validate_certs: "{{ s1_validate_certs | default('true') | bool }}" - register: s1_agent_registered - until: - - s1_agent_registered is not failed - - s1_agent_registered.json.pagination.totalItems == 1 - retries: 10 - delay: 10 - become: no - delegate_to: localhost - - - name: Show installer path - ansible.builtin.debug: - var: s1_molecule_prior_package diff --git a/roles/s1_agent_upgrade/molecule/resources/cleanup.yml b/roles/s1_agent_upgrade/molecule/resources/cleanup.yml deleted file mode 100644 index 000fd86..0000000 --- a/roles/s1_agent_upgrade/molecule/resources/cleanup.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Cleanup - hosts: all - gather_facts: false - tasks: - - name: Remove S1 work directory # noqa: run-once[task] - ansible.builtin.file: - path: '{{ s1_download_path }}' - state: absent - run_once: true - delegate_to: localhost - become: no diff --git a/roles/s1_agent_upgrade/molecule/resources/prepare.yml b/roles/s1_agent_upgrade/molecule/resources/prepare.yml deleted file mode 100644 index ebfaa82..0000000 --- a/roles/s1_agent_upgrade/molecule/resources/prepare.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: yes - gather_subset: - - '!all' - - '!hardware' - - min - tasks: - - name: Include tasks to clean up package managers | Linux - ansible.builtin.include_tasks: - file: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/../../../s1_agent_common/molecule/common_files/tasks/prepare_package_manager.yml" - when: - - ansible_system == 'Linux' - - - name: Install older SentinelOne Agent - ansible.builtin.include_role: - name: s1_agent_install - vars: - s1_release_n_minus: 1 - s1_install_gpg_signed_rpm: false - s1_reboot_handler_name: Reboot Node | {{ ansible_os_family }} | Unit Testing - - - name: Flush handlers - ansible.builtin.meta: flush_handlers - - - name: Clear cached facts - ansible.builtin.meta: clear_facts - - - name: Refresh facts - ansible.builtin.setup: - gather_subset: - - '!all' - - '!hardware' - - min - - - name: Include common vars - ansible.builtin.include_vars: - file: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/../../../s1_agent_common/vars/main.yml" - - - name: Get the agent's state - ansible.builtin.include_role: - name: s1_agent_info - - - name: Persist facts for verify step - ansible.builtin.set_fact: - # yamllint disable-line rule:line-length - s1_molecule_prior_version: "{{ s1_agent_version if ansible_os_family != 'Windows' else s1_agent_version | regex_replace('(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)', '\\1.\\2.\\4') }}" - s1_molecule_prior_package: '{{ s1_agent_path | basename }}' - cacheable: yes - - - name: Assert SentinelOne Agent was installed from non-GPG signed package - ansible.builtin.assert: - that: - - s1_molecule_prior_package is defined - - s1_molecule_prior_package is regex('^Sentinel.*') - when: - - ansible_pkg_mgr is defined - - ansible_pkg_mgr in rpm_pkg_mgrs - - - name: Wait for agent to register with Management Console - ansible.builtin.uri: - url: '{{ s1_management_console }}/web/api/v2.1/agents?uuid={{ s1_agent_info.uuid }}&isActive=true' - return_content: false - headers: - Authorization: 'ApiToken {{ s1_api_token }}' - validate_certs: "{{ s1_validate_certs | default('true') | bool }}" - register: s1_agent_registered - until: - - s1_agent_registered is not failed - - s1_agent_registered.json.pagination.totalItems == 1 - retries: 10 - delay: 10 - become: no - delegate_to: localhost - - - name: Show installer path - ansible.builtin.debug: - var: s1_molecule_prior_package diff --git a/roles/s1_agent_upgrade/molecule/resources/verify.yml b/roles/s1_agent_upgrade/molecule/resources/verify.yml deleted file mode 100644 index e6466e6..0000000 --- a/roles/s1_agent_upgrade/molecule/resources/verify.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - gather_facts: false - roles: - - s1_agent_common - - s1_agent_info - tasks: - - name: Show agent info - ansible.builtin.debug: - var: s1_agent_info - - - name: Show s1_molecule_prior_version - ansible.builtin.debug: - var: s1_molecule_prior_version - - - name: Show s1_molecule_upgraded_version - ansible.builtin.debug: - var: s1_molecule_upgraded_version - - - name: Assert SentinelOne Agent was upgraded with non-GPG signed package - ansible.builtin.assert: - that: - - s1_molecule_upgrade_package is regex('^Sentinel.*') - when: - - ansible_pkg_mgr is defined - - ansible_pkg_mgr in rpm_pkg_mgrs - - - name: Assert SentinelOne Agent is upgraded - ansible.builtin.assert: - that: - - s1_agent_info is defined - - s1_agent_info.installed | bool - - s1_agent_info.version == s1_molecule_upgraded_version - - s1_agent_info.version > s1_molecule_prior_version - - - name: Assert SentinelOne service is running - ansible.builtin.assert: - that: - - s1_agent_info is defined - - s1_agent_info.service_status == ('running' if ansible_os_family != 'Windows' else 'started') - - s1_agent_info.agent_enabled == (true | bool) diff --git a/roles/s1_agent_upgrade/molecule/winrm_default/INSTALL.rst b/roles/s1_agent_upgrade/molecule/winrm_default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_upgrade/molecule/winrm_default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_upgrade/molecule/winrm_default/molecule.yml b/roles/s1_agent_upgrade/molecule/winrm_default/molecule.yml deleted file mode 100644 index ef38928..0000000 --- a/roles/s1_agent_upgrade/molecule/winrm_default/molecule.yml +++ /dev/null @@ -1,124 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - groups: - - all - children: - - Windows - box: '${S1_VAGRANT_REPO:-jborean93}/${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - vm.communicator: winrm - provider_options: - linked_clone: true - instance_raw_configs: - - 'vm.boot_timeout = 600' - - 'vm.max_tries = 40' - - "winrm.password = 'vagrant'" - - "winrm.username = 'vagrant'" - - "vm.guest = 'windows'" - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - # env: - # ANSIBLE_VERBOSITY: 3 - connection_options: - ansible_become: false - ansible_user: vagrant - ansible_password: vagrant - ansible_port: 55986 - ansible_connection: winrm - ansible_winrm_transport: basic - ansible_winrm_server_cert_validation: ignore - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: true - Linux: - Windows: - ansible_win_async_startup_timeout: 30 - # Increase winrm timeouts https://access.redhat.com/solutions/6978358 - ansible_winrm_operation_timeout_sec: 200 - ansible_winrm_read_timeout_sec: 250 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - cleanup: ../resources/cleanup.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_upgrade/tasks/linux.yml b/roles/s1_agent_upgrade/tasks/linux.yml index 2137b91..9ef9e43 100644 --- a/roles/s1_agent_upgrade/tasks/linux.yml +++ b/roles/s1_agent_upgrade/tasks/linux.yml @@ -5,7 +5,7 @@ ansible.builtin.assert: that: - s1_prior_version is version('22.2.2.2', '>=') - fail_msg: 'You must upgrade to agent version 22.2.2.2 before you can upgrade to {{ s1_agent_version }}' + fail_msg: You must upgrade to agent version 22.2.2.2 before you can upgrade to {{ s1_agent_version }} success_msg: Agent can be upgraded in-place when: - s1_agent_version is version('22.3', '>=') @@ -29,7 +29,7 @@ - name: Set SentinelOne agent path | Linux ansible.builtin.set_fact: - s1_agent_path: '{{ s1_tmp_linux }}/{{ s1_agent_src | basename }}' + s1_agent_path: "{{ s1_tmp_linux }}/{{ s1_agent_src | basename }}" - name: Upgrade Linux Agent when: @@ -37,21 +37,21 @@ block: - name: Create working directory | Linux ansible.builtin.file: - path: '{{ s1_tmp_linux }}' + path: "{{ s1_tmp_linux }}" state: directory - mode: '0755' + mode: "0755" - name: Copy SentinelOne agent | Linux ansible.builtin.copy: - src: '{{ s1_agent_src }}' - dest: '{{ s1_agent_path }}' - mode: '0755' + src: "{{ s1_agent_src }}" + dest: "{{ s1_agent_path }}" + mode: "0755" - name: Upgrade SentinelOne agent with passphrase | Linux - ansible.builtin.command: '/opt/sentinelone/bin/sentinelctl control upgrade {{ s1_agent_path }} --passphrase "{{ s1_agent_passphrase }}"' - notify: '{{ s1_service_handler_name }}' - become: yes - no_log: '{{ ansible_verbosity < 3 }}' + ansible.builtin.command: /opt/sentinelone/bin/sentinelctl control upgrade {{ s1_agent_path }} --passphrase "{{ s1_agent_passphrase }}" + notify: "{{ s1_service_handler_name }}" + become: true + no_log: "{{ ansible_verbosity < 3 }}" register: s1_upgrade_pass_result changed_when: - '"Agent upgrade successful" in s1_upgrade_pass_result.stdout' @@ -67,9 +67,9 @@ - debug - name: Upgrade SentinelOne agent without passphrase | Linux - ansible.builtin.command: '/opt/sentinelone/bin/sentinelctl control upgrade {{ s1_agent_path }}' - notify: '{{ s1_service_handler_name }}' - become: yes + ansible.builtin.command: /opt/sentinelone/bin/sentinelctl control upgrade {{ s1_agent_path }} + notify: "{{ s1_service_handler_name }}" + become: true register: s1_upgrade_results changed_when: - '"Agent upgrade successful" in s1_upgrade_results.stdout' @@ -85,7 +85,7 @@ - name: Remove working directory | Linux ansible.builtin.file: - path: '{{ s1_tmp_linux }}' + path: "{{ s1_tmp_linux }}" state: absent tags: - molecule-notest diff --git a/roles/s1_agent_upgrade/tasks/main.yml b/roles/s1_agent_upgrade/tasks/main.yml index 1668f5f..bb6a4bb 100644 --- a/roles/s1_agent_upgrade/tasks/main.yml +++ b/roles/s1_agent_upgrade/tasks/main.yml @@ -5,7 +5,7 @@ ansible.builtin.assert: that: - ansible_os_family in s1_supported_os_family or ansible_distribution in s1_supported_linux_distribution - fail_msg: 'The {{ ansible_distribution }} operating system is not supported by the SentinelOne Agent. Please review the System Requirements Knowledge Base.' + fail_msg: The {{ ansible_distribution }} operating system is not supported by the SentinelOne Agent. Please review the System Requirements Knowledge Base. - name: Download Agent from Management Console ansible.builtin.include_role: @@ -31,23 +31,23 @@ - name: Set s1_prior_version ansible.builtin.set_fact: - s1_prior_version: '{{ s1_agent_info.version }}' + s1_prior_version: "{{ s1_agent_info.version }}" - name: Include OS specific tasks ansible.builtin.include_tasks: - file: '{{ loop_family }}' + file: "{{ loop_family }}" with_first_found: - files: - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}.yml' - - '{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_distribution | lower }}.yml' - - '{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_os_family | lower }}.yml' - - '{{ ansible_system | lower }}.yml' - - 'unsupported.yml' + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_version }}.yml" + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_os_family | lower }}.yml" + - "{{ ansible_system | lower }}.yml" + - unsupported.yml loop_control: loop_var: loop_family - label: '{{ loop_family | basename }}' + label: "{{ loop_family | basename }}" - name: SentinelOne agent version installed ansible.builtin.debug: diff --git a/roles/s1_agent_upgrade/tasks/unsupported.yml b/roles/s1_agent_upgrade/tasks/unsupported.yml index f61f702..423bb21 100644 --- a/roles/s1_agent_upgrade/tasks/unsupported.yml +++ b/roles/s1_agent_upgrade/tasks/unsupported.yml @@ -3,4 +3,4 @@ - name: Endpoint unsupported ansible.builtin.fail: - msg: '{{ ansible_distribution }} is not currently supported by the {{ role_name }} Ansible Role.' + msg: "{{ ansible_distribution }} is not currently supported by the {{ role_name }} Ansible Role." diff --git a/roles/s1_agent_upgrade/tasks/windows.yml b/roles/s1_agent_upgrade/tasks/windows.yml index 5f9536e..219a443 100644 --- a/roles/s1_agent_upgrade/tasks/windows.yml +++ b/roles/s1_agent_upgrade/tasks/windows.yml @@ -3,13 +3,14 @@ - name: Set SentinelOne agent path | Windows ansible.builtin.set_fact: - s1_agent_path: '{{ s1_tmp_windows }}\{{ s1_agent_src | basename }}' + s1_agent_path: "{{ s1_tmp_windows }}\\{{ s1_agent_src | basename }}" s1_agent_version: "{{ s1_agent_version | regex_replace('(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)', '\\1.\\2.\\4') }}" - name: Set SentinelOne agent parameters | Windows ansible.builtin.set_fact: # yamllint disable-line rule:line-length - s1_agent_silent_cmd: "{{ lookup('ansible.builtin.template', (s1_install_msi | default('no') | bool | ternary('windows_agent_msi.j2', 'windows_agent_new_exe.j2'))) }}" + s1_agent_silent_cmd: "{{ lookup('ansible.builtin.template', (s1_install_msi | default('no') | bool | ternary('windows_agent_msi.j2', 'windows_agent_new_exe.j2'))) + }}" s1_agent_return_code: "{{ s1_install_msi | default('no') | bool | ternary(s1_msi_return_codes, s1_new_exe_return_codes) }}" - name: Upgrade Windows Agent @@ -18,14 +19,14 @@ block: - name: Approve Local Upgrade | Windows ansible.builtin.uri: - url: '{{ s1_management_console }}/web/api/v2.1/agents/actions/approve-stateless-upgrade' + url: "{{ s1_management_console }}/web/api/v2.1/agents/actions/approve-stateless-upgrade" return_content: false headers: - Authorization: 'ApiToken {{ s1_api_token }}' + Authorization: ApiToken {{ s1_api_token }} validate_certs: "{{ s1_validate_certs | default('true') | bool }}" body: filter: - uuid: '{{ s1_agent_info.uuid }}' + uuid: "{{ s1_agent_info.uuid }}" data: expiration: 1 body_format: json @@ -34,9 +35,9 @@ until: s1_local_upgrade_result is not failed and s1_local_upgrade_result.json.data | length retries: 10 delay: 10 - become: no - check_mode: no - no_log: '{{ ansible_verbosity < 3 }}' + become: false + check_mode: false + no_log: "{{ ansible_verbosity < 3 }}" delegate_to: localhost - name: Show Approve Local Upgrade results | Windows @@ -49,24 +50,24 @@ - name: Create working directory | Windows ansible.windows.win_file: - path: '{{ s1_tmp_windows }}' + path: "{{ s1_tmp_windows }}" state: directory - name: Copy SentinelOne agent | Windows ansible.windows.win_copy: - src: '{{ s1_agent_src }}' - dest: '{{ s1_agent_path }}' + src: "{{ s1_agent_src }}" + dest: "{{ s1_agent_path }}" # If this task fails molecule's idempotence step, check that s1_product_id contains the ProductID for the version of the agent being installed - name: Upgrade SentinelOne | Windows ansible.windows.win_package: - path: '{{ s1_agent_path }}' + path: "{{ s1_agent_path }}" state: present - arguments: '{{ s1_agent_silent_cmd }}' - wait_for_children: yes - product_id: '{{ s1_agent_product_id | default(omit) }}' - expected_return_code: '{{ s1_agent_return_code }}' - become: yes - notify: '{{ s1_reboot_handler_name }}' + arguments: "{{ s1_agent_silent_cmd }}" + wait_for_children: true + product_id: "{{ s1_agent_product_id | default(omit) }}" + expected_return_code: "{{ s1_agent_return_code }}" + become: true + notify: "{{ s1_reboot_handler_name }}" register: s1_upgrade_log - name: Show s1_upgrade_log log | Windows @@ -78,7 +79,7 @@ - name: Remove working directory | Windows ansible.windows.win_file: - path: '{{ s1_tmp_windows }}' + path: "{{ s1_tmp_windows }}" state: absent tags: - molecule-notest diff --git a/roles/s1_agent_uuid/.yamllint b/roles/s1_agent_uuid/.yamllint deleted file mode 120000 index 4a4652c..0000000 --- a/roles/s1_agent_uuid/.yamllint +++ /dev/null @@ -1 +0,0 @@ -../../.yamllint \ No newline at end of file diff --git a/roles/s1_agent_uuid/meta/main.yml b/roles/s1_agent_uuid/meta/main.yml index 3cca0f4..e360d8b 100644 --- a/roles/s1_agent_uuid/meta/main.yml +++ b/roles/s1_agent_uuid/meta/main.yml @@ -19,7 +19,7 @@ galaxy_info: # - CC-BY-4.0 license: license (GPL-3.0-or-later) - min_ansible_version: '2.9' + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -33,9 +33,9 @@ galaxy_info: platforms: - name: EL versions: - - '6' - - '7' - - '8' + - "6" + - "7" + - "8" - name: Ubuntu versions: - trusty # 14.04 @@ -46,9 +46,9 @@ galaxy_info: - hirsute # 20.04 - name: Windows versions: - - '2016' - - '2019' - - '2022' + - "2016" + - "2019" + - "2022" galaxy_tags: - edr diff --git a/roles/s1_agent_uuid/molecule/default/INSTALL.rst b/roles/s1_agent_uuid/molecule/default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_agent_uuid/molecule/default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_agent_uuid/molecule/default/cleanup.yml b/roles/s1_agent_uuid/molecule/default/cleanup.yml deleted file mode 100644 index 000fd86..0000000 --- a/roles/s1_agent_uuid/molecule/default/cleanup.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Cleanup - hosts: all - gather_facts: false - tasks: - - name: Remove S1 work directory # noqa: run-once[task] - ansible.builtin.file: - path: '{{ s1_download_path }}' - state: absent - run_once: true - delegate_to: localhost - become: no diff --git a/roles/s1_agent_uuid/molecule/default/molecule.yml b/roles/s1_agent_uuid/molecule/default/molecule.yml deleted file mode 100644 index cecce4e..0000000 --- a/roles/s1_agent_uuid/molecule/default/molecule.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-rocky8}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - provider_options: - linked_clone: true - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - ssh_connection: - # Required for connecting to RHEL 6.x - ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa - # env: - # ANSIBLE_VERBOSITY: 3 - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: true - s1_agent_uuid_report: '{{ s1_download_path }}/uuid_report.csv' - Linux: - Windows: - ansible_become_method: runas - ansible_become_user: vagrant - ansible_become_password: vagrant - ansible_user: vagrant - ansible_connection: ssh - ansible_shell_type: cmd - ansible_win_async_startup_timeout: 30 - Darwin: - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_agent_uuid/molecule/default/prepare.yml b/roles/s1_agent_uuid/molecule/default/prepare.yml deleted file mode 100644 index 86a4852..0000000 --- a/roles/s1_agent_uuid/molecule/default/prepare.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: yes - gather_subset: - - '!all' - - '!hardware' - - min - tasks: - - name: Include tasks to clean up package managers | Linux - ansible.builtin.include_tasks: - file: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/../../../s1_agent_common/molecule/common_files/tasks/prepare_package_manager.yml" - when: - - ansible_system == 'Linux' - - - name: Install the SentinelOne Agent - ansible.builtin.include_role: - name: s1_agent_install - vars: - s1_reboot_handler_name: Reboot Node | {{ ansible_os_family }} | Unit Testing - - - name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/roles/s1_agent_uuid/tasks/main.yml b/roles/s1_agent_uuid/tasks/main.yml index 7e14fa3..6a1c1d8 100644 --- a/roles/s1_agent_uuid/tasks/main.yml +++ b/roles/s1_agent_uuid/tasks/main.yml @@ -3,7 +3,7 @@ - name: Set the agent's UUID ansible.builtin.set_fact: - s1_agent_uuid: '{{ s1_agent_info.uuid }}' + s1_agent_uuid: "{{ s1_agent_info.uuid }}" - name: Gather network facts when: @@ -14,8 +14,8 @@ - name: Gather network facts ansible.builtin.setup: gather_subset: - - '!all' - - '!min' + - "!all" + - "!min" - dns - all_ipv4_addresses tags: diff --git a/roles/s1_agent_uuid/tasks/uuid_report.yml b/roles/s1_agent_uuid/tasks/uuid_report.yml index 824d613..7681f96 100644 --- a/roles/s1_agent_uuid/tasks/uuid_report.yml +++ b/roles/s1_agent_uuid/tasks/uuid_report.yml @@ -2,15 +2,15 @@ - name: Create UUID CSV report ansible.builtin.template: src: uuid_report.csv.j2 - dest: '{{ s1_agent_uuid_report }}' - mode: 0644 + dest: "{{ s1_agent_uuid_report }}" + mode: "0644" vars: - regexp: '^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$' + regexp: ^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$ delegate_to: localhost - run_once: yes + run_once: true - name: Agent UUID report path ansible.builtin.debug: var: s1_agent_uuid_report delegate_to: localhost - run_once: yes + run_once: true diff --git a/roles/s1_import_gpg_key/.yamllint b/roles/s1_import_gpg_key/.yamllint deleted file mode 120000 index 4a4652c..0000000 --- a/roles/s1_import_gpg_key/.yamllint +++ /dev/null @@ -1 +0,0 @@ -../../.yamllint \ No newline at end of file diff --git a/roles/s1_import_gpg_key/meta/main.yml b/roles/s1_import_gpg_key/meta/main.yml index 6ecddf5..7c682b0 100644 --- a/roles/s1_import_gpg_key/meta/main.yml +++ b/roles/s1_import_gpg_key/meta/main.yml @@ -17,9 +17,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: 'license (GPL-3.0-or-later)' + license: license (GPL-3.0-or-later) - min_ansible_version: '2.9' + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -33,9 +33,9 @@ galaxy_info: platforms: - name: EL versions: - - '6' - - '7' - - '8' + - "6" + - "7" + - "8" - name: Ubuntu versions: - trusty # 14.04 @@ -46,9 +46,9 @@ galaxy_info: - hirsute # 20.04 - name: Windows versions: - - '2016' - - '2019' - - '2022' + - "2016" + - "2019" + - "2022" galaxy_tags: - edr diff --git a/roles/s1_import_gpg_key/molecule/default/INSTALL.rst b/roles/s1_import_gpg_key/molecule/default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_import_gpg_key/molecule/default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_import_gpg_key/molecule/default/cleanup.yml b/roles/s1_import_gpg_key/molecule/default/cleanup.yml deleted file mode 100644 index 000fd86..0000000 --- a/roles/s1_import_gpg_key/molecule/default/cleanup.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Cleanup - hosts: all - gather_facts: false - tasks: - - name: Remove S1 work directory # noqa: run-once[task] - ansible.builtin.file: - path: '{{ s1_download_path }}' - state: absent - run_once: true - delegate_to: localhost - become: no diff --git a/roles/s1_import_gpg_key/molecule/default/molecule.yml b/roles/s1_import_gpg_key/molecule/default/molecule.yml deleted file mode 100644 index 418d7bc..0000000 --- a/roles/s1_import_gpg_key/molecule/default/molecule.yml +++ /dev/null @@ -1,110 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-rocky8}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - provider_options: - linked_clone: true - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - ssh_connection: - # Required for connecting to RHEL 6.x - ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa - # env: - # ANSIBLE_VERBOSITY: 3 - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: true - Linux: - Windows: - ansible_become_method: runas - ansible_become_user: vagrant - ansible_become_password: vagrant - ansible_user: vagrant - ansible_connection: ssh - ansible_shell_type: cmd - ansible_win_async_startup_timeout: 30 - Darwin: - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_import_gpg_key/tasks/main.yml b/roles/s1_import_gpg_key/tasks/main.yml index 76dbffc..c81f919 100644 --- a/roles/s1_import_gpg_key/tasks/main.yml +++ b/roles/s1_import_gpg_key/tasks/main.yml @@ -5,18 +5,18 @@ block: - name: Create working directory | Linux ansible.builtin.file: - path: '{{ s1_tmp_linux }}' + path: "{{ s1_tmp_linux }}" state: directory - mode: '0755' + mode: "0755" - name: Copy SentinelOne GPG key | Linux ansible.builtin.copy: src: sentinel_one.gpg - dest: '{{ s1_tmp_linux }}' - mode: '0755' + dest: "{{ s1_tmp_linux }}" + mode: "0755" - name: Import SentinelOne GPG key | Linux ansible.builtin.rpm_key: state: '{{ s1_s1_rpm_key_state | default("present") }}' - key: '{{ s1_tmp_linux }}/sentinel_one.gpg' - become: yes + key: "{{ s1_tmp_linux }}/sentinel_one.gpg" + become: true diff --git a/roles/s1_mgmt_get_passphrase/.yamllint b/roles/s1_mgmt_get_passphrase/.yamllint deleted file mode 120000 index 4a4652c..0000000 --- a/roles/s1_mgmt_get_passphrase/.yamllint +++ /dev/null @@ -1 +0,0 @@ -../../.yamllint \ No newline at end of file diff --git a/roles/s1_mgmt_get_passphrase/meta/main.yml b/roles/s1_mgmt_get_passphrase/meta/main.yml index a249f6f..9556abe 100644 --- a/roles/s1_mgmt_get_passphrase/meta/main.yml +++ b/roles/s1_mgmt_get_passphrase/meta/main.yml @@ -19,7 +19,7 @@ galaxy_info: # - CC-BY-4.0 license: license (GPL-3.0-or-later) - min_ansible_version: '2.9' + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -33,9 +33,9 @@ galaxy_info: platforms: - name: EL versions: - - '6' - - '7' - - '8' + - "6" + - "7" + - "8" - name: Ubuntu versions: - trusty # 14.04 @@ -46,9 +46,9 @@ galaxy_info: - hirsute # 20.04 - name: Windows versions: - - '2016' - - '2019' - - '2022' + - "2016" + - "2019" + - "2022" galaxy_tags: - edr diff --git a/roles/s1_mgmt_get_passphrase/molecule/default/INSTALL.rst b/roles/s1_mgmt_get_passphrase/molecule/default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_mgmt_get_passphrase/molecule/default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_mgmt_get_passphrase/molecule/default/molecule.yml b/roles/s1_mgmt_get_passphrase/molecule/default/molecule.yml deleted file mode 100644 index e43199d..0000000 --- a/roles/s1_mgmt_get_passphrase/molecule/default/molecule.yml +++ /dev/null @@ -1,116 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-rocky8}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-roboxes}/${S1_VAGRANT_DISTRO:-rocky8}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - provider_options: - linked_clone: true - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - ssh_connection: - # Required for connecting to RHEL 6.x - ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa - # env: - # ANSIBLE_VERBOSITY: 3 - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: true - s1_agent_passphrase_report: '{{ s1_download_path }}/passphrase_report.csv' - Linux: - Windows: - ansible_become_method: runas - ansible_become_user: vagrant - ansible_become_password: vagrant - ansible_user: vagrant - ansible_connection: ssh - ansible_shell_type: cmd - ansible_win_async_startup_timeout: 30 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - cleanup: ../resources/cleanup.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_mgmt_get_passphrase/molecule/resources/cleanup.yml b/roles/s1_mgmt_get_passphrase/molecule/resources/cleanup.yml deleted file mode 100644 index 000fd86..0000000 --- a/roles/s1_mgmt_get_passphrase/molecule/resources/cleanup.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Cleanup - hosts: all - gather_facts: false - tasks: - - name: Remove S1 work directory # noqa: run-once[task] - ansible.builtin.file: - path: '{{ s1_download_path }}' - state: absent - run_once: true - delegate_to: localhost - become: no diff --git a/roles/s1_mgmt_get_passphrase/molecule/resources/prepare.yml b/roles/s1_mgmt_get_passphrase/molecule/resources/prepare.yml deleted file mode 100644 index 7993274..0000000 --- a/roles/s1_mgmt_get_passphrase/molecule/resources/prepare.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: yes - gather_subset: - - '!all' - - '!hardware' - - min - tasks: - - name: Include tasks to clean up package managers | Linux - ansible.builtin.include_tasks: - file: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/../../../s1_agent_common/molecule/common_files/tasks/prepare_package_manager.yml" - when: - - ansible_system == 'Linux' - - - name: Install the SentinelOne Agent - ansible.builtin.include_role: - name: s1_agent_install - vars: - s1_reboot_handler_name: Reboot Node | {{ ansible_os_family }} | Unit Testing - - - name: Flush handlers - ansible.builtin.meta: flush_handlers - - - name: Get the agent's uuid - ansible.builtin.include_role: - name: s1_agent_uuid - - - name: Wait for agent to register with Management Console - ansible.builtin.uri: - url: '{{ s1_management_console }}/web/api/v2.1/agents?uuid={{ s1_agent_uuid }}&isActive=true' - return_content: false - headers: - Authorization: 'ApiToken {{ s1_api_token }}' - validate_certs: "{{ s1_validate_certs | default('true') | bool }}" - register: s1_agent_registered - until: - - s1_agent_registered is not failed - - s1_agent_registered.json.pagination.totalItems == 1 - retries: 10 - delay: 10 - become: no - delegate_to: localhost diff --git a/roles/s1_mgmt_get_passphrase/molecule/winrm_default/INSTALL.rst b/roles/s1_mgmt_get_passphrase/molecule/winrm_default/INSTALL.rst deleted file mode 100644 index 0c4bf5c..0000000 --- a/roles/s1_mgmt_get_passphrase/molecule/winrm_default/INSTALL.rst +++ /dev/null @@ -1,23 +0,0 @@ -********************************* -Vagrant driver installation guide -********************************* - -Requirements -============ - -* Vagrant -* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule_vagrant' diff --git a/roles/s1_mgmt_get_passphrase/molecule/winrm_default/molecule.yml b/roles/s1_mgmt_get_passphrase/molecule/winrm_default/molecule.yml deleted file mode 100644 index 1b44736..0000000 --- a/roles/s1_mgmt_get_passphrase/molecule/winrm_default/molecule.yml +++ /dev/null @@ -1,125 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: ../../requirements.yml - -driver: - name: vagrant - provider: - name: '${VAGRANT_DEFAULT_PROVIDER:-virtualbox}' - options: - linked_clone: true - -lint: | - set -e - echo "Checking yaml syntax with yamllint" - yamllint . - echo "Checking Ansible syntax with ansible-lint" - ANSIBLE_ROLES_PATH="${MOLECULE_PROJECT_DIRECTORY}/.." ansible-lint . - -platforms: - - name: '${S1_MOLECULE_HOSTNAME}-${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - groups: - - all - children: - - '${S1_VAGRANT_GROUP:-Linux}' - box: '${S1_VAGRANT_REPO:-jborean93}/${S1_VAGRANT_DISTRO:-WindowsServer2012R2}' - memory: 4096 - cpus: 2 - config_options: - synced_folder: false - vm.communicator: winrm - provider_options: - linked_clone: true - instance_raw_configs: - - 'vm.boot_timeout = 600' - - 'vm.max_tries = 40' - - "winrm.password = 'vagrant'" - - "winrm.username = 'vagrant'" - - "vm.guest = 'windows'" - -provisioner: - name: ansible - config_options: - defaults: - gathering: explicit - fact_caching: jsonfile - fact_caching_connection: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - fact_caching_timeout: 900 - retry_files_enabled: false - # env: - # ANSIBLE_VERBOSITY: 3 - connection_options: - ansible_become: false - ansible_user: vagrant - ansible_password: vagrant - ansible_port: 55986 - ansible_connection: winrm - ansible_winrm_transport: basic - ansible_winrm_server_cert_validation: ignore - inventory: - group_vars: - all: - s1_management_console: '${S1_MANAGEMENT_CONSOLE}' - s1_agent_site_token: '${S1_AGENT_SITE_TOKEN}' - s1_api_token: '${S1_API_TOKEN}' - s1_agent_customer_id: ansible_collection_dev - s1_download_path: '${S1_DOWNLOAD_PATH:-/tmp/s1_agent_cache}' - s1_forced_remove: false - s1_force_reboot: true - s1_agent_passphrase_report: '{{ s1_download_path }}/passphrase_report.csv' - Linux: - Windows: - ansible_win_async_startup_timeout: 30 - # Increase winrm timeouts https://access.redhat.com/solutions/6978358 - ansible_winrm_operation_timeout_sec: 200 - ansible_winrm_read_timeout_sec: 250 - Darwin: - playbooks: - prepare: ../resources/prepare.yml - converge: ../resources/converge.yml - cleanup: ../resources/cleanup.yml - verify: ../resources/verify.yml - -verifier: - name: ansible - -scenario: - create_sequence: - - dependency - - create - - prepare - check_sequence: - - dependency - - cleanup - - destroy - - create - - prepare - - converge - - check - - destroy - converge_sequence: - - dependency - - create - - prepare - - converge - # - verify - destroy_sequence: - # - dependency - - cleanup - - destroy - test_sequence: - - dependency - # - lint - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/s1_mgmt_get_passphrase/tasks/main.yml b/roles/s1_mgmt_get_passphrase/tasks/main.yml index 8cf6517..bb1c04d 100644 --- a/roles/s1_mgmt_get_passphrase/tasks/main.yml +++ b/roles/s1_mgmt_get_passphrase/tasks/main.yml @@ -7,7 +7,7 @@ block: - name: Set the agent's UUID ansible.builtin.set_fact: - s1_agent_uuid: '{{ s1_agent_info.uuid }}' + s1_agent_uuid: "{{ s1_agent_info.uuid }}" when: - s1_agent_uuid is undefined or s1_agent_uuid is none or s1_agent_uuid | length == 0 @@ -44,15 +44,15 @@ url: '{{ lookup("template", "passphrase_url.j2") }}' return_content: false headers: - Authorization: 'ApiToken {{ s1_api_token }}' + Authorization: ApiToken {{ s1_api_token }} validate_certs: "{{ s1_validate_certs | default('true') | bool }}" register: s1_passphrase_result until: s1_passphrase_result is not failed and s1_passphrase_result.json.data | length retries: 10 delay: 10 - become: no - check_mode: no - no_log: '{{ ansible_verbosity < 3 }}' + become: false + check_mode: false + no_log: "{{ ansible_verbosity < 3 }}" - name: Show API results ansible.builtin.debug: @@ -63,8 +63,8 @@ - name: Set agent passphrase ansible.builtin.set_fact: - s1_agent_passphrase: '{{ (s1_passphrase_result.json.data | list | first).passphrase }}' - no_log: '{{ ansible_verbosity < 3 }}' + s1_agent_passphrase: "{{ (s1_passphrase_result.json.data | list | first).passphrase }}" + no_log: "{{ ansible_verbosity < 3 }}" - name: Gather network facts when: @@ -75,8 +75,8 @@ - name: Gather network facts ansible.builtin.setup: gather_subset: - - '!all' - - '!min' + - "!all" + - "!min" - dns - all_ipv4_addresses tags: diff --git a/roles/s1_mgmt_get_passphrase/tasks/passphrase_report.yml b/roles/s1_mgmt_get_passphrase/tasks/passphrase_report.yml index f6dfadf..263eece 100644 --- a/roles/s1_mgmt_get_passphrase/tasks/passphrase_report.yml +++ b/roles/s1_mgmt_get_passphrase/tasks/passphrase_report.yml @@ -2,15 +2,15 @@ - name: Create passhprase CSV report ansible.builtin.template: src: passphrase_report.csv.j2 - dest: '{{ s1_agent_passphrase_report }}' - mode: 0644 + dest: "{{ s1_agent_passphrase_report }}" + mode: "0644" vars: - regexp: '^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$' + regexp: ^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$ delegate_to: localhost - run_once: yes + run_once: true - name: Agent passphrase report path ansible.builtin.debug: var: s1_agent_passphrase_report delegate_to: localhost - run_once: yes + run_once: true