openstack/openstack-ansible-ops

History

Victor Palma d98fec1a54 add osquery * install osquery * add filebeat integration Change-Id: Ia93595482512460ebdd287cf091cb5fe51b00de4		2018-07-10 11:00:48 -05:00
..
installOsquery.yml	add osquery	2018-07-10 11:00:48 -05:00
inventory.example.yml	add osquery	2018-07-10 11:00:48 -05:00
readme.rst	add osquery	2018-07-10 11:00:48 -05:00

readme.rst

Install OSQuery

tags: openstack, ansible

About this repository

This set of playbooks will deploy osquery. If this is being deployed as part of an OpenStack all of the inventory needs will be provided for.

There multiple ways to aggregate the data. At this point this repo does not provide one of said methods. It is currently intended to be utilized with the elk_metrics_6x.

It is the intention that at a later point to the ability to configure osquery to report to a centralized place like (kolide/fleet)[https://github.com/kolide/fleet], (zentral)[https://github.com/zentralopensource/zentral], etc.

These playbooks require Ansible 2.4+.

Deployment Process

Clone the osa ops repo

cd /opt
git clone https://github.com/openstack/openstack-ansible-ops

Clone the osquery role

cd /opt
git clone https://github.com/devx/ansible-osquery.git /etc/ansible/roles/osquery

install osquery

cd /opt/openstack-ansible-ops/osquery
openstack-ansible installOsquery.yml