Update skydive to use TLS
This change implements TLS configurations for skydive. All servers will get their own certificates signed by the CA as setup on the `skydive_service_setup_host` node. > Documentation for TLS configuration can be found here: http://skydive.network/documentation/ Change-Id: I890b4a5d9076b0474ffe5649f9361cb6018c19fe Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
181edc376f
commit
6b92dba1d5
@ -139,5 +139,6 @@
|
|||||||
become: yes
|
become: yes
|
||||||
roles:
|
roles:
|
||||||
- role: skydive_agent
|
- role: skydive_agent
|
||||||
|
skydive_service_setup_host: "{{ openstack_service_setup_host | default(groups['skydive_analyzers'][0]) }}"
|
||||||
tags:
|
tags:
|
||||||
- skydive-agent-setup
|
- skydive-agent-setup
|
||||||
|
@ -58,7 +58,6 @@ skydive_elasticsearch_port: "9200"
|
|||||||
skydive_etcd_embedded: yes
|
skydive_etcd_embedded: yes
|
||||||
skydive_etcd_port: 12379
|
skydive_etcd_port: 12379
|
||||||
skydive_etcd_listen_uri: "0.0.0.0:{{ skydive_etcd_port }}"
|
skydive_etcd_listen_uri: "0.0.0.0:{{ skydive_etcd_port }}"
|
||||||
skydive_etcd_scheme: http
|
|
||||||
|
|
||||||
# If embedded etcd is disabled the etcd server must be defined.
|
# If embedded etcd is disabled the etcd server must be defined.
|
||||||
# skydive_etcd_servers:
|
# skydive_etcd_servers:
|
||||||
@ -137,3 +136,11 @@ skydive_os_service_insecure: true
|
|||||||
# `config_template` provides an interface that will inser any
|
# `config_template` provides an interface that will inser any
|
||||||
# option into the compatible configuration file using a deep merge.
|
# option into the compatible configuration file using a deep merge.
|
||||||
skydive_config_overrides: {}
|
skydive_config_overrides: {}
|
||||||
|
|
||||||
|
# Skydive SSL certificates will be generated when they do not exist. If the
|
||||||
|
# vertificates need to be regenerated set this option to true to force
|
||||||
|
# regenerate certificates.
|
||||||
|
skydive_ssl_regen: false
|
||||||
|
|
||||||
|
# Set the log level used by skydive
|
||||||
|
skydive_log_level: INFO
|
||||||
|
@ -70,6 +70,7 @@
|
|||||||
|
|
||||||
# NOTE(cloudnull): Locate a clouds.yaml file on the service setup host or localhost.
|
# NOTE(cloudnull): Locate a clouds.yaml file on the service setup host or localhost.
|
||||||
- name: Check for OpenStack deployment
|
- name: Check for OpenStack deployment
|
||||||
|
run_once: true
|
||||||
block:
|
block:
|
||||||
- name: Slurp clouds file
|
- name: Slurp clouds file
|
||||||
slurp:
|
slurp:
|
||||||
@ -82,7 +83,7 @@
|
|||||||
src: "{{ skydive_os_cloud_file }}"
|
src: "{{ skydive_os_cloud_file }}"
|
||||||
register: clouds_file
|
register: clouds_file
|
||||||
delegate_to: "localhost"
|
delegate_to: "localhost"
|
||||||
failed_when: false
|
ignore_errors: yes
|
||||||
when:
|
when:
|
||||||
- not (skydive_service_setup_host in ['localhost', '127.0.0.1'])
|
- not (skydive_service_setup_host in ['localhost', '127.0.0.1'])
|
||||||
|
|
||||||
@ -91,25 +92,26 @@
|
|||||||
msg: >-
|
msg: >-
|
||||||
No clouds file found, running without OpenStack integration.
|
No clouds file found, running without OpenStack integration.
|
||||||
when:
|
when:
|
||||||
- not (clouds_file is success)
|
- clouds_file['content'] is undefined
|
||||||
|
|
||||||
# NOTE(cloudnull): If a clouds file is found the facts for the clouds file will be delegated
|
# NOTE(cloudnull): If a clouds file is found the facts for the clouds file will be delegated
|
||||||
# to all hosts throughout the skydive deployment.
|
# to all hosts throughout the skydive deployment.
|
||||||
- name: Run OpenStack ingetration deployment
|
- name: Run OpenStack ingetration deployment
|
||||||
|
run_once: true
|
||||||
block:
|
block:
|
||||||
- name: Enable OpenStack integration
|
- name: Enable OpenStack integration
|
||||||
set_fact:
|
set_fact:
|
||||||
clouds_yaml: "{{ clouds_file['content'] | b64decode | from_yaml }}"
|
clouds_yaml: "{{ clouds_file['content'] | b64decode | from_yaml }}"
|
||||||
skydive_auth_type: mykeystone
|
skydive_auth_type: mykeystone
|
||||||
skydive_openstack_enabled: true
|
skydive_openstack_enabled: true
|
||||||
run_once: true
|
|
||||||
delegate_to: "{{ item }}"
|
delegate_to: "{{ item }}"
|
||||||
delegate_facts: true
|
delegate_facts: true
|
||||||
with_items: "{{ ansible_play_hosts }}"
|
with_items: "{{ ansible_play_hosts }}"
|
||||||
|
|
||||||
- include_tasks: skydive_keystone.yml
|
- include_tasks: skydive_keystone.yml
|
||||||
run_once: true
|
|
||||||
when:
|
when:
|
||||||
- clouds_file is success
|
- clouds_file['content'] is defined
|
||||||
|
|
||||||
- include_tasks: skydive_setup.yml
|
- include_tasks: skydive_setup.yml
|
||||||
|
|
||||||
|
- include_tasks: skydive_ssl.yml
|
||||||
|
@ -64,6 +64,18 @@
|
|||||||
vars:
|
vars:
|
||||||
ansible_python_interpreter: "{{ skydive_service_setup_host_python_interpreter }}"
|
ansible_python_interpreter: "{{ skydive_service_setup_host_python_interpreter }}"
|
||||||
block:
|
block:
|
||||||
|
- name: Ensure clouds file directory
|
||||||
|
file:
|
||||||
|
path: "{{ skydive_os_cloud_file | dirname }}"
|
||||||
|
state: directory
|
||||||
|
mode: "0750"
|
||||||
|
|
||||||
|
- name: Install binary skydive
|
||||||
|
copy:
|
||||||
|
content: "{{ clouds_yaml | to_nice_yaml }}"
|
||||||
|
dest: "{{ skydive_os_cloud_file }}"
|
||||||
|
mode: "0640"
|
||||||
|
|
||||||
- name: Add skydive project
|
- name: Add skydive project
|
||||||
os_project:
|
os_project:
|
||||||
cloud: "{{ skydive_os_cloud }}"
|
cloud: "{{ skydive_os_cloud }}"
|
||||||
|
@ -36,8 +36,19 @@
|
|||||||
group: "skydive"
|
group: "skydive"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
with_items:
|
with_items:
|
||||||
- "/var/lib/skydive"
|
|
||||||
- "/etc/skydive"
|
- "/etc/skydive"
|
||||||
|
- "/var/lib/skydive"
|
||||||
|
- "/var/lib/skydive/etcd"
|
||||||
|
|
||||||
|
- name: Create skydive ssl path
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: "skydive"
|
||||||
|
group: "skydive"
|
||||||
|
mode: "0700"
|
||||||
|
with_items:
|
||||||
|
- "/var/lib/skydive/ssl"
|
||||||
|
|
||||||
- name: Check for ovsdb
|
- name: Check for ovsdb
|
||||||
stat:
|
stat:
|
||||||
|
131
skydive/roles/skydive_common/tasks/skydive_ssl.yml
Normal file
131
skydive/roles/skydive_common/tasks/skydive_ssl.yml
Normal file
@ -0,0 +1,131 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2019, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Purge skydive ssl certificates
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: absent
|
||||||
|
with_items: "{{ skydive_ssl_bundle }}"
|
||||||
|
when:
|
||||||
|
- skydive_ssl_regen | bool
|
||||||
|
|
||||||
|
- name: SSL Block
|
||||||
|
run_once: true
|
||||||
|
delegate_to: "{{ skydive_service_setup_host }}"
|
||||||
|
block:
|
||||||
|
- name: Create CNF
|
||||||
|
template:
|
||||||
|
src: "skydive-openssl.cnf.j2"
|
||||||
|
dest: "{{ skydive_ssl_cnf }}"
|
||||||
|
owner: skydive
|
||||||
|
group: skydive
|
||||||
|
|
||||||
|
- name: Create CA cert
|
||||||
|
command: >-
|
||||||
|
openssl req
|
||||||
|
-new
|
||||||
|
-nodes
|
||||||
|
-x509
|
||||||
|
-subj "{{ skydive_ssl_ca_subject }}"
|
||||||
|
-days 3650
|
||||||
|
-keyout {{ skydive_ssl_ca_key }}
|
||||||
|
-out {{ skydive_ssl_ca_cert }}
|
||||||
|
args:
|
||||||
|
creates: "{{ skydive_ssl_ca_cert }}"
|
||||||
|
|
||||||
|
- name: Create CSR
|
||||||
|
command: >-
|
||||||
|
openssl req
|
||||||
|
-new
|
||||||
|
-nodes
|
||||||
|
-sha256
|
||||||
|
-subj "{{ skydive_ssl_signed_subject }}"
|
||||||
|
-days 3650
|
||||||
|
-keyout {{ skydive_ssl_key }}
|
||||||
|
-out {{ skydive_ssl_csr }}
|
||||||
|
-config {{ skydive_ssl_cnf }}
|
||||||
|
args:
|
||||||
|
creates: "{{ skydive_ssl_csr }}"
|
||||||
|
|
||||||
|
- name: Create SSL signed cert
|
||||||
|
command: >-
|
||||||
|
openssl x509
|
||||||
|
-req
|
||||||
|
-days 3650
|
||||||
|
-in {{ skydive_ssl_csr }}
|
||||||
|
-CA {{ skydive_ssl_ca_cert }}
|
||||||
|
-CAkey {{ skydive_ssl_ca_key }}
|
||||||
|
-out {{ skydive_ssl_cert }}
|
||||||
|
-set_serial 01
|
||||||
|
-extensions v3_req
|
||||||
|
-extfile {{ skydive_ssl_cnf }}
|
||||||
|
args:
|
||||||
|
creates: "{{ skydive_ssl_cert }}"
|
||||||
|
delegate_to: "{{ skydive_service_setup_host }}"
|
||||||
|
|
||||||
|
- name: Fetch skydive ssl csr
|
||||||
|
fetch:
|
||||||
|
src: "{{ skydive_ssl_csr }}"
|
||||||
|
dest: "/tmp/skydive/ssl/{{ skydive_ssl_csr | basename }}"
|
||||||
|
flat: true
|
||||||
|
run_once: true
|
||||||
|
delegate_to: "{{ skydive_service_setup_host }}"
|
||||||
|
|
||||||
|
- name: Fetch skydive ssl cert
|
||||||
|
fetch:
|
||||||
|
src: "{{ skydive_ssl_cert }}"
|
||||||
|
dest: "/tmp/skydive/ssl/{{ skydive_ssl_cert | basename }}"
|
||||||
|
flat: true
|
||||||
|
delegate_to: "{{ skydive_service_setup_host }}"
|
||||||
|
|
||||||
|
- name: Fetch skydive ssl key
|
||||||
|
fetch:
|
||||||
|
src: "{{ skydive_ssl_key }}"
|
||||||
|
dest: "/tmp/skydive/ssl/{{ skydive_ssl_key | basename }}"
|
||||||
|
flat: true
|
||||||
|
run_once: true
|
||||||
|
delegate_to: "{{ skydive_service_setup_host }}"
|
||||||
|
|
||||||
|
- name: Fetch skydive ca cert
|
||||||
|
fetch:
|
||||||
|
src: "{{ skydive_ssl_ca_cert }}"
|
||||||
|
dest: "/tmp/skydive/ssl/{{ skydive_ssl_ca_cert | basename }}"
|
||||||
|
flat: true
|
||||||
|
run_once: true
|
||||||
|
delegate_to: "{{ skydive_service_setup_host }}"
|
||||||
|
|
||||||
|
- name: Copy certifactes over
|
||||||
|
copy:
|
||||||
|
src: "/tmp/skydive/ssl/{{ item.path | basename }}"
|
||||||
|
dest: "{{ item.path }}"
|
||||||
|
owner: skydive
|
||||||
|
group: skydive
|
||||||
|
with_items: "{{ skydive_ssl_bundle }}"
|
||||||
|
|
||||||
|
- name: Cleanup system
|
||||||
|
delegate_to: "localhost"
|
||||||
|
run_once: true
|
||||||
|
block:
|
||||||
|
- name: Find temp skydive ssl certificates
|
||||||
|
find:
|
||||||
|
paths: "/tmp/skydive/ssl"
|
||||||
|
recurse: no
|
||||||
|
register: files_to_purge
|
||||||
|
|
||||||
|
- name: Purge temp skydive host ssl
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: absent
|
||||||
|
with_items: "{{ files_to_purge.files }}"
|
@ -0,0 +1,43 @@
|
|||||||
|
[req]
|
||||||
|
distinguished_name = req_distinguished_name
|
||||||
|
req_extensions = v3_req
|
||||||
|
|
||||||
|
[req_distinguished_name]
|
||||||
|
countryName = Country Name (2 letter code)
|
||||||
|
countryName_default = XX
|
||||||
|
stateOrProvinceName = State or Province Name (full name)
|
||||||
|
stateOrProvinceName_default = XX
|
||||||
|
localityName = Locality Name (eg, city)
|
||||||
|
localityName_default = XX
|
||||||
|
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||||
|
organizationalUnitName_default = OpenStack-Ansible
|
||||||
|
commonName = {{ ((ansible_domain | length) > 0) | ternary(ansible_domain, ansible_hostname) }}
|
||||||
|
commonName_max = 64
|
||||||
|
|
||||||
|
[v3_req]
|
||||||
|
basicConstraints = CA:TRUE
|
||||||
|
keyUsage = digitalSignature, keyEncipherment, keyCertSign
|
||||||
|
extendedKeyUsage = serverAuth,clientAuth
|
||||||
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
|
[alt_names]
|
||||||
|
{% set ips = [] %}
|
||||||
|
{% set hostnames = [] %}
|
||||||
|
{% for node in groups['skydive_all'] %}
|
||||||
|
{% set _ansible_interface_name = hostvars[node]['skydive_network_device'] | default(hostvars[node]['ansible_default_ipv4']['interface']) | replace('-', '_') %}
|
||||||
|
{% set _skydive_ip = hostvars[node]['skydive_bind_address'] | default(hostvars[node]["ansible_" ~ _ansible_interface_name]['ipv4']['address']) %}
|
||||||
|
{% set _skydive_ansible_domain = hostvars[node]['ansible_domain'] | default(hostvars[node]['ansible_hostname'] ) %}
|
||||||
|
{% set _skydive_dns_name = ((_skydive_ansible_domain | length) > 0) | ternary(_skydive_ansible_domain, hostvars[node]['ansible_hostname']) %}
|
||||||
|
{% set _ = ips.append(_skydive_ip) %}
|
||||||
|
{% set _ = hostnames.append(_skydive_dns_name) %}
|
||||||
|
IP.{{ loop.index }} = {{ _skydive_ip }}
|
||||||
|
DNS.{{ loop.index }} = {{ _skydive_dns_name }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{% set localhost_index = (groups['skydive_all'] | length) + 1 %}
|
||||||
|
{% if '127.0.0.1' not in ips %}
|
||||||
|
IP.{{ localhost_index }} = 127.0.0.1
|
||||||
|
{% endif %}
|
||||||
|
{% if 'localhost' not in hostnames %}
|
||||||
|
DNS.{{ localhost_index }} = localhost
|
||||||
|
{% endif %}
|
@ -8,13 +8,17 @@ host_id: {{ ansible_hostname }}
|
|||||||
tls:
|
tls:
|
||||||
# File path to X509 Certificate and Private Key to enable TLS communication
|
# File path to X509 Certificate and Private Key to enable TLS communication
|
||||||
# Unique certificate per agent is recommended
|
# Unique certificate per agent is recommended
|
||||||
# client_cert: /etc/ssl/certs/agent.domain.com.crt
|
{% if inventory_hostname in groups['skydive_agents'] %}
|
||||||
# client_key: /etc/ssl/certs/agent.domain.com.key
|
client_cert: {{ skydive_ssl_cert }}
|
||||||
|
client_key: {{ skydive_ssl_key }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# server_cert: /etc/ssl/certs/analyzer.domain.com.crt
|
{% if inventory_hostname in groups['skydive_analyzers'] %}
|
||||||
# server_key: /etc/ssl/certs/analyzer.domain.com.key
|
server_cert: {{ skydive_ssl_cert }}
|
||||||
|
server_key: {{ skydive_ssl_key }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# ca_cert: /etc/ssl/certs/ca.domain.com.crt
|
ca_cert: {{ skydive_ssl_ca_cert }}
|
||||||
|
|
||||||
http:
|
http:
|
||||||
# define the Cookie HTTP Request Header
|
# define the Cookie HTTP Request Header
|
||||||
@ -358,7 +362,7 @@ storage:
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
logging:
|
logging:
|
||||||
# level: INFO
|
level: {{ skydive_log_level }}
|
||||||
|
|
||||||
# Default backend used: stderr
|
# Default backend used: stderr
|
||||||
backends:
|
backends:
|
||||||
@ -368,8 +372,15 @@ logging:
|
|||||||
# - syslog
|
# - syslog
|
||||||
|
|
||||||
# configuration of the 'file' backend
|
# configuration of the 'file' backend
|
||||||
|
{% if (inventory_hostname in groups['skydive_analyzers']) and (inventory_hostname in groups['skydive_agents']) %}
|
||||||
|
{% set _log_segment = 'aio' %}
|
||||||
|
{% elif (inventory_hostname in groups['skydive_analyzers']) %}
|
||||||
|
{% set _log_segment = 'analyzer' %}
|
||||||
|
{% else %}
|
||||||
|
{% set _log_segment = 'agent' %}
|
||||||
|
{% endif %}
|
||||||
file:
|
file:
|
||||||
path: /var/log/skydive.log
|
path: /var/log/skydive-{{ _log_segment }}.log
|
||||||
|
|
||||||
# configuration encoder could be for all backends or for specific one
|
# configuration encoder could be for all backends or for specific one
|
||||||
# encoder: json
|
# encoder: json
|
||||||
@ -415,7 +426,7 @@ etcd:
|
|||||||
# max_snap_files: 0
|
# max_snap_files: 0
|
||||||
|
|
||||||
# path where the etcd files will be stored.
|
# path where the etcd files will be stored.
|
||||||
# data_dir: /var/lib/skydive/etcd
|
data_dir: /var/lib/skydive/etcd
|
||||||
|
|
||||||
# client parameters
|
# client parameters
|
||||||
{% if skydive_etcd_servers %}
|
{% if skydive_etcd_servers %}
|
||||||
@ -467,13 +478,14 @@ flow:
|
|||||||
# 1194: OPENVPN
|
# 1194: OPENVPN
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if inventory_hostname in groups['skydive_analyzers'] %}
|
||||||
ui:
|
ui:
|
||||||
# Specify the extra assets folder. Javascript and CSS files present in this
|
# Specify the extra assets folder. Javascript and CSS files present in this
|
||||||
# folder will be added to the WebUI.
|
# folder will be added to the WebUI.
|
||||||
# extra_assets: /usr/share/skydive/assets
|
# extra_assets: /usr/share/skydive/assets
|
||||||
|
|
||||||
# select between light, dark themes
|
# select between light, dark themes
|
||||||
# theme: dark
|
theme: light
|
||||||
|
|
||||||
# Settings specific to the topology view
|
# Settings specific to the topology view
|
||||||
topology:
|
topology:
|
||||||
@ -530,3 +542,4 @@ rbac:
|
|||||||
# additional RBAC policy:
|
# additional RBAC policy:
|
||||||
# - p, myuser, capture, write, deny
|
# - p, myuser, capture, write, deny
|
||||||
# - g, myuser, myrole
|
# - g, myuser, myrole
|
||||||
|
{% endif %}
|
||||||
|
@ -14,4 +14,7 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
sykdive_distro_packages:
|
sykdive_distro_packages:
|
||||||
|
- openssl
|
||||||
|
- python3-openssl
|
||||||
|
- python-openssl
|
||||||
- python-passlib
|
- python-passlib
|
@ -45,3 +45,19 @@ skydive_fabric: |-
|
|||||||
# Inject the required basic authentication information
|
# Inject the required basic authentication information
|
||||||
_skydive_basic_auth_users:
|
_skydive_basic_auth_users:
|
||||||
"{{ skydive_username }}": "{{ skydive_password }}"
|
"{{ skydive_username }}": "{{ skydive_password }}"
|
||||||
|
|
||||||
|
skydive_ssl_cnf: "/var/lib/skydive/ssl/skydive-openssl.cnf"
|
||||||
|
skydive_ssl_key: "/var/lib/skydive/ssl/skydive.key"
|
||||||
|
skydive_ssl_csr: "/var/lib/skydive/ssl/skydive.csr"
|
||||||
|
skydive_ssl_cert: "/var/lib/skydive/ssl/skydive-{{ inventory_hostname | replace('_', '-') | replace(' ', '-') }}.crt"
|
||||||
|
skydive_ssl_signed_subject: "/C=XX/L=OpenStack-Cloud/O=OpenStack/OU=IT/CN={{ ((ansible_domain | length) > 0) | ternary(ansible_domain, ansible_hostname) }}"
|
||||||
|
|
||||||
|
skydive_ssl_ca_key: "/var/lib/skydive/ssl/skydive-ca.key"
|
||||||
|
skydive_ssl_ca_cert: "/var/lib/skydive/ssl/skydive-ca.crt"
|
||||||
|
skydive_ssl_ca_subject: "/C=XX/L=OpenStack-Cloud/O=OpenStack"
|
||||||
|
|
||||||
|
skydive_ssl_bundle:
|
||||||
|
- path: "{{ skydive_ssl_csr }}"
|
||||||
|
- path: "{{ skydive_ssl_cert }}"
|
||||||
|
- path: "{{ skydive_ssl_key }}"
|
||||||
|
- path: "{{ skydive_ssl_ca_cert }}"
|
@ -14,4 +14,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
sykdive_distro_packages:
|
sykdive_distro_packages:
|
||||||
|
- openssl
|
||||||
- python2-passlib
|
- python2-passlib
|
||||||
|
- pyOpenSSL
|
||||||
|
@ -14,4 +14,7 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
sykdive_distro_packages:
|
sykdive_distro_packages:
|
||||||
|
- openssl
|
||||||
|
- python2-pyOpenSSL
|
||||||
|
- python3-pyOpenSSL
|
||||||
- python-passlib
|
- python-passlib
|
||||||
|
@ -17,40 +17,14 @@
|
|||||||
hosts: skydive_analyzers[0]
|
hosts: skydive_analyzers[0]
|
||||||
vars:
|
vars:
|
||||||
skydive_username: skydive
|
skydive_username: skydive
|
||||||
skydive_analyzer_port: 8082
|
|
||||||
skydive_network_device: "{{ ansible_default_ipv4['interface'] | replace('-', '_') }}"
|
|
||||||
skydive_analyzer_uri: "{{ (skydive_bind_address | default(hostvars[inventory_hostname]['ansible_' ~ skydive_network_device]['ipv4']['address'])) ~ ':' ~ skydive_analyzer_port }}"
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Check API login
|
- name: Check client status
|
||||||
uri:
|
command: skydive client status --username {{ skydive_username }} --password {{ skydive_password }}
|
||||||
url: "http://{{ skydive_analyzer_uri }}/login"
|
register: skydive_client
|
||||||
status_code: "200"
|
|
||||||
method: POST
|
|
||||||
body: "username={{ skydive_username }}&password={{ skydive_password }}"
|
|
||||||
headers:
|
|
||||||
Content-Type: "application/x-www-form-urlencoded"
|
|
||||||
register: skydive_login
|
|
||||||
until:
|
until:
|
||||||
- skydive_login is success
|
- skydive_client is success
|
||||||
retries: 10
|
retries: 10
|
||||||
delay: 10
|
delay: 10
|
||||||
|
|
||||||
- name: Check API status
|
- name: Show Skydive client
|
||||||
uri:
|
debug: var=skydive_client
|
||||||
url: "http://{{ skydive_analyzer_uri }}/api/status"
|
|
||||||
method: GET
|
|
||||||
return_content: true
|
|
||||||
headers:
|
|
||||||
Cookie: "{{ skydive_login.set_cookie | regex_replace(',', ';') }}"
|
|
||||||
register: skydive_response
|
|
||||||
changed_when: false
|
|
||||||
until:
|
|
||||||
- skydive_response is success
|
|
||||||
- skydive_response.json is defined
|
|
||||||
retries: 10
|
|
||||||
delay: 5
|
|
||||||
run_once: true
|
|
||||||
|
|
||||||
- name: Show Skydive agents
|
|
||||||
debug:
|
|
||||||
var: "{{ skydive_response.json | to_json }}"
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user