diff --git a/config.yaml b/config.yaml
index be77b82710b48a84c8eb857dae02f7e4a4d9b1de..c1ab35fdabbb7734cb80de55c7450b9ec64fa5b1 100644
--- a/config.yaml
+++ b/config.yaml
@@ -1,7 +1,7 @@
---
iac:
- terraform
-- piacere_monitoring
-- piacere_security
+- performance_monitoring
+- security_monitoring
- nginx
...
\ No newline at end of file
diff --git a/performance_monitoring/.gitignore b/performance_monitoring/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..2eea525d885d5148108f6f3a9a8613863f783d36
--- /dev/null
+++ b/performance_monitoring/.gitignore
@@ -0,0 +1 @@
+.env
\ No newline at end of file
diff --git a/performance_monitoring/LICENSE b/performance_monitoring/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..d4f1283cebb9debd5ad8e4aeed29f7edcb96f455
--- /dev/null
+++ b/performance_monitoring/LICENSE
@@ -0,0 +1,201 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright 2023 PIACERE / public / agents
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/performance_monitoring/README.md b/performance_monitoring/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..96f678bfc42841685480c62cc916e869903d1880
--- /dev/null
+++ b/performance_monitoring/README.md
@@ -0,0 +1,31 @@
+# pma playbook
+
+This is an ansible playbook that install telegraf and cofigure to the needs of the performance monitoring component of piacere
+
+## How to use
+
+This playbook is automatically embeeded as iac by yhe ICG, the iac is then run by the IEM
+
+
+## How to test
+There are may ways to test a playbook here we document the procedure followed in our case.
+* Obtain a ssh docker image of some platform
+* instantiate the ssh docker
+* install the playbook requirements
+* launch the playbook against it
+
+i.e. Providing we have already an ssh docker image ... i.e. ubuntu-ssh https://git.code.tecnalia.com/smartdatalab/libraries/docker/ubuntu-ssh.git
+
+```
+docker rm -f ubuntu-ssh
+docker network rm -f ubuntu-ssh
+docker network create --driver=bridge --subnet=10.0.55.0/24 --driver=bridge ubuntu-ssh
+docker run -d --name ubuntu-ssh --network ubuntu-ssh --ip 10.0.55.5 --env PUB_SSH_CERT_0="$(cat ~/.ssh/id_rsa.pub)" ubuntu-ssh
+./ansible/playbooks/pma/install_playbook_requirements.sh
+./ansible/playbooks/pma/run-playbook.sh '{"pma_deployment_id": "123e4567-e89b-12d3-a456-426614174001", "pma_influxdb_bucket": "bucket", "pma_influxdb_token": "piacerePassword", "pma_influxdb_org": "piacere", "pma_influxdb_addr": "https://influxdb.pm.ci.piacere.digital.tecnalia.dev" }'
+ssh -o StrictHostKeyChecking=no root@10.0.55.5 service telegraf status
+```
+
+the output shoud be that the "telegraf Process is running `[[ OK ]]"
+
+## Notes
diff --git a/piacere_monitoring/ansible_requirements.yml b/performance_monitoring/ansible_requirements.yml
similarity index 78%
rename from piacere_monitoring/ansible_requirements.yml
rename to performance_monitoring/ansible_requirements.yml
index 47808cf1de00ffc1a13ff9c7ee26043954cfb6d1..b09ccc3773e1558390fddc09110a08ce447335fe 100644
--- a/piacere_monitoring/ansible_requirements.yml
+++ b/performance_monitoring/ansible_requirements.yml
@@ -1,8 +1,8 @@
-roles:
-# - name: dj-wasabi.telegraf
-# version: 0.13.3
-# source: https://galaxy.ansible.com
- - name: dj-wasabi.telegraf
- src: https://github.com/dj-wasabi/ansible-telegraf.git
- scm: git
- version: 0.13.3
+roles:
+# - name: dj-wasabi.telegraf
+# version: 0.13.2
+# source: https://galaxy.ansible.com
+ - name: dj-wasabi.telegraf
+ src: https://github.com/dj-wasabi/ansible-telegraf.git
+ scm: git
+ version: 0.14.0
diff --git a/piacere_monitoring/config.yaml b/performance_monitoring/config.yaml
similarity index 100%
rename from piacere_monitoring/config.yaml
rename to performance_monitoring/config.yaml
diff --git a/piacere_monitoring/inventory.j2 b/performance_monitoring/inventory.j2
similarity index 58%
rename from piacere_monitoring/inventory.j2
rename to performance_monitoring/inventory.j2
index 0625bd198aa8667cebb100bac7b4e3d25c7ad80a..63e08d7f48bae3a5ea00a759c3ef9bd8702880c1 100644
--- a/piacere_monitoring/inventory.j2
+++ b/performance_monitoring/inventory.j2
@@ -1,9 +1,9 @@
-[servers_for_piacere_monitoring]
+[servers_for_performance_monitoring]
{{ instance_ip_nginx_vm }}
-[servers_for_piacere_monitoring:vars]
+[servers_for_performance_monitoring:vars]
ansible_connection=ssh
ansible_user=ubuntu
ansible_ssh_private_key_file=ssh_key
diff --git a/performance_monitoring/inventory.txt b/performance_monitoring/inventory.txt
new file mode 100644
index 0000000000000000000000000000000000000000..4c1b112e08c95d840d4ba11a285f7a94f0bcd0ab
--- /dev/null
+++ b/performance_monitoring/inventory.txt
@@ -0,0 +1,2 @@
+[docker]
+localhost
\ No newline at end of file
diff --git a/piacere_monitoring/main.yml b/performance_monitoring/main.yml
similarity index 51%
rename from piacere_monitoring/main.yml
rename to performance_monitoring/main.yml
index d42d5c3c7f619539d21220741747aad85c7a280d..3761180ff7460d2fb9fdde3e50f7ae55b2482017 100644
--- a/piacere_monitoring/main.yml
+++ b/performance_monitoring/main.yml
@@ -9,8 +9,26 @@
type: role
requirements_file: ansible_requirements.yml
-- hosts: all
+- hosts: servers_for_piacere_monitoring
pre_tasks:
+ - name: Check parameters
+ fail:
+ msg: 'variable not defined'
+ when: item is not defined
+ with_items:
+ - pma_deployment_id
+ - pma_influxdb_bucket
+ - pma_influxdb_token
+ - pma_influxdb_org
+ - pma_influxdb_addr
+ - name: Print parameters
+ debug:
+ msg:
+ - "pma_deployment_id: "
+ - "pma_influxdb_bucket: "
+ - "pma_influxdb_token: "
+ - "pma_influxdb_org: "
+ - "pma_influxdb_addr: "
- name: Ensure gnupg package
package:
name: gnupg
diff --git a/piacere_monitoring/ssh_key.j2 b/performance_monitoring/ssh_key.j2
similarity index 100%
rename from piacere_monitoring/ssh_key.j2
rename to performance_monitoring/ssh_key.j2
diff --git a/piacere_monitoring/vars/main.yaml b/performance_monitoring/vars/main.yaml
similarity index 59%
rename from piacere_monitoring/vars/main.yaml
rename to performance_monitoring/vars/main.yaml
index 861faf3e8413d8a708702083d34c7ecd6f9a1fb1..cef9f653e0eb30c0e8ca75a4fcc85ee76ee897c1 100644
--- a/piacere_monitoring/vars/main.yaml
+++ b/performance_monitoring/vars/main.yaml
@@ -1,27 +1,27 @@
-pma_deployment_id: "123e4567-e89b-12d3-a456-426614174002"
-pma_influxdb_bucket: "bucket"
-pma_influxdb_token: "piacerePassword"
-pma_influxdb_org: "piacere"
-pma_influxdb_addr: "https://influxdb.pm.ci.piacere.digital.tecnalia.dev"
-
-telegraf_agent_package_state: latest
-
-telegraf_agent_output:
- - type: influxdb_v2
- config:
- - urls = ["{{ pma_influxdb_addr }}"]
- - token = "{{ pma_influxdb_token }}"
- - organization = "{{ pma_influxdb_org }}"
- - bucket = "{{ pma_influxdb_bucket }}"
- - insecure_skip_verify = true
-
-telegraf_global_tags:
- - tag_name: deployment_id
- tag_value: "{{ pma_deployment_id }}"
-
-telegraf_plugins_default:
- - plugin: cpu
- - plugin: mem
- - plugin: processes
- - plugin: disk
- - plugin: net
\ No newline at end of file
+pma_deployment_id: "{{ lookup('env', 'DEPLOYMENT_ID' ) }}"
+pma_influxdb_bucket: "{{ lookup('env', 'INFLUXDB_BUCKET' ) }}"
+pma_influxdb_token: "{{ lookup('env', 'INFLUXDB_TOKEN' ) }}"
+pma_influxdb_org: "{{ lookup('env', 'INFLUXDB_ORG' ) }}"
+pma_influxdb_addr: "{{ lookup('env', 'INFLUXDB_ADDR' ) }}"
+
+telegraf_agent_package_state: latest
+
+telegraf_agent_output:
+ - type: influxdb_v2
+ config:
+ - urls = ["{{ pma_influxdb_addr }}"]
+ - token = "{{ pma_influxdb_token }}"
+ - organization = "{{ pma_influxdb_org }}"
+ - bucket = "{{ pma_influxdb_bucket }}"
+ - insecure_skip_verify = true
+
+telegraf_global_tags:
+ - tag_name: deployment_id
+ tag_value: "{{ pma_deployment_id }}"
+
+telegraf_plugins_default:
+ - plugin: cpu
+ - plugin: mem
+ - plugin: processes
+ - plugin: disk
+ - plugin: net
diff --git a/piacere_monitoring/ansible.cfg b/piacere_monitoring/ansible.cfg
deleted file mode 100644
index 660a5ebcbecd0307307b5c2d2d61083e315c4e45..0000000000000000000000000000000000000000
--- a/piacere_monitoring/ansible.cfg
+++ /dev/null
@@ -1,7 +0,0 @@
-# https://docs.ansible.com/ansible/latest/reference_appendices/config.html
-[defaults]
-host_key_checking = False
-inventory = {{CWD}}/hosts.yaml ; This points to the file that lists your hosts
-remote_user = esilab
-deprecation_warnings=False ; to remove the python version depretation warning
-display_skipped_hosts = no
\ No newline at end of file
diff --git a/piacere_monitoring/hosts.yaml b/piacere_monitoring/hosts.yaml
deleted file mode 100644
index b9cbfc6d1be7e249a1f6813793dd228083d669fe..0000000000000000000000000000000000000000
--- a/piacere_monitoring/hosts.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-all:
- hosts:
- localhost:
- ansible_connection: local
diff --git a/piacere_monitoring/install_playbook_requirements.sh b/piacere_monitoring/install_playbook_requirements.sh
deleted file mode 100644
index 843bf3b6e0c4dfb6d6157ae22687cd7585ef3a02..0000000000000000000000000000000000000000
--- a/piacere_monitoring/install_playbook_requirements.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-set -e
-
-SCRIPT_DIR=$(dirname "$0")
-
-# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable
-if [[ -f ./ansible.cfg ]]
-then
- export ANSIBLE_CONFIG=./ansible.cfg
-else
- if [[ -f $SCRIPT_DIR/ansible.cfg ]]
- then
- export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
- fi
-fi
-
-if [[ -z "$ANSIBLE_CONFIG" ]]
-then
- echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
-else
- echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
-fi
-
-if [[ -z "$1" ]]
-then
- # echo without params
- echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml
- ansible-playbook $SCRIPT_DIR/site_requirements.yaml
-else
- # echo with params
- echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
- ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
-fi
diff --git a/piacere_monitoring/run-playbook.sh b/piacere_monitoring/run-playbook.sh
deleted file mode 100644
index f2bba22bc6dcae68d78545cc6b130677bc5083ef..0000000000000000000000000000000000000000
--- a/piacere_monitoring/run-playbook.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-set -e
-
-SCRIPT_DIR=$(dirname "$0")
-
-# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable
-if [[ -f ./ansible.cfg ]]
-then
- export ANSIBLE_CONFIG=./ansible.cfg
-else
- if [[ -f $SCRIPT_DIR/ansible.cfg ]]
- then
- export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
- fi
-fi
-
-if [[ -z "$ANSIBLE_CONFIG" ]]
-then
- echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
-else
- echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
-fi
-
-if [[ -z "$1" ]]
-then
- # echo without params
- echo ansible-playbook $SCRIPT_DIR/site.yaml
- ansible-playbook $SCRIPT_DIR/site.yaml
-else
- # echo with params
- echo ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
- ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
-fi
diff --git a/piacere_monitoring/site.yaml b/piacere_monitoring/site.yaml
deleted file mode 100644
index 531dbf50d5ca852802196de7eafe0c238b9beb85..0000000000000000000000000000000000000000
--- a/piacere_monitoring/site.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-- hosts: all
- pre_tasks:
- - name: Check parameters
- fail:
- msg: 'variable {{item}} not defined'
- when: item is not defined
- with_items:
- - pma_deployment_id
- - pma_influxdb_bucket
- - pma_influxdb_token
- - pma_influxdb_org
- - pma_influxdb_addr
- - name: Print parameters
- debug:
- msg:
- - "pma_deployment_id: {{ pma_deployment_id }}"
- - "pma_influxdb_bucket: {{ pma_influxdb_bucket }}"
- - "pma_influxdb_token: {{ pma_influxdb_token }}"
- - "pma_influxdb_org: {{ pma_influxdb_org }}"
- - "pma_influxdb_addr: {{ pma_influxdb_addr }}"
- - name: Ensure gnupg package
- package:
- name: gnupg
- state: present
- become: true
-
- vars_files:
- - vars/main.yaml
- roles:
- - dj-wasabi.telegraf
diff --git a/piacere_monitoring/site_requirements.yaml b/piacere_monitoring/site_requirements.yaml
deleted file mode 100644
index 3e7665dce4e17365bfd08f90425e9408d0f83045..0000000000000000000000000000000000000000
--- a/piacere_monitoring/site_requirements.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-- hosts: localhost
- tasks:
- - name: print disclamer
- debug:
- msg: this can also be done with "ansible-galaxy install -r requirements"
- - name: install telegraf from galaxy
- community.general.ansible_galaxy_install:
- type: role
- requirements_file: ansible_requirements.yml
diff --git a/piacere_security/main.yml b/piacere_security/main.yml
deleted file mode 100644
index 609b429e37fbc4b9d2ec02307abf2957eca36bf6..0000000000000000000000000000000000000000
--- a/piacere_security/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Build agent image
- import_playbook: build-wazuh-agent.yml
-
-- name: Deploy agent image
- import_playbook: deploy-wazuh-agent.yml
diff --git a/security_monitoring/README.md b/security_monitoring/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..16225ff9a690c47d3fd8b60d9ac46085619fd275
--- /dev/null
+++ b/security_monitoring/README.md
@@ -0,0 +1,88 @@
+# sma-playbook
+
+Security Monitoring Agent (Wazuh agent) deployment as a docker
+
+## Usage - "baremetal"
+
+### Configuration
+
+`vars.yml` include:
+
+```
+---
+wazuh_manager_hostname: "wazuh-manager"
+wazuh_manager_port: "1514"
+
+piacere_deployment_id: "123e4567-e89b-12d3-a456-demo-PIACERE"
+```
+
+All these variables can be overriden via environemnt.
+
+### Run the playbook
+
+To run the playbook:
+
+```
+ansible-playbook main.yml -i inventory.txt
+```
+
+## Usage - Docker
+
+To build the agent's docker image on `docker` host from the `inventory`, run this command:
+
+```
+ansible-playbook build-wazuh-agent.yml -i inventory.txt
+```
+
+You could also build the image manually and push it to some other docker registry. In this case you should change the variable for the image name within `vars.yml`.
+
+To start the deployment, run this command:
+
+```
+ansible-playbook deploy-wazuh-docker-agent.yml -i inventory.txt
+```
+
+Example of the configuration (`vars.yml`):
+
+```
+---
+service_config_dir: "{{ ansible_env.HOME }}/piacere-wazuh-agent"
+docker_image_build_dir: "{{ ansible_env.HOME }}/piacere-wazuh-agent/image"
+wazuh_manager_hostname: "wazuh-manager"
+wazuh_manager_port: "1514"
+
+wazuh_agent_network: "security-monitoring-deployment_default"
+wazuh_agent_name: "wazuh-agent-container-2"
+wazuh_agent_group: "default"
+wazuh_agent_config_volume: "{{ service_config_dir }}/ossec.conf:/var/ossec/etc/ossec.conf"
+wazuh_agent_image_name: "wazuh-agent-image"
+
+piacere_deployment_id: "123e4567-e89b-12d3-a456-426614174002"
+```
+
+All these variables can be overriden via environemnt.
+
+### `Build Wazuh Agent` playbook
+
+It uses `community.docker.docker_image` module. It copies `docker-deploy` dir to the target and then it builds the agent's image with the name from the `vars.yml` on the target machine from the inventory.
+
+### `Deploy Wazuh Docker Agent` playbook
+
+It uses `community.docker.docker_container` module. The module runs the image with a name of `wazuh-agent-deploy:latest` by default (configurable within `vars.yml`), using the network `security-monitoring-deployment_default`, on the target machine. It is very important that the Wazuh Manager runs on the same network, otherwise the agent will not be able to contact the manager. `hostname` of the Agent will be set accordingly and visible in the Manager. ENV variable `WAZUH_MANAGER` sets the hostname of the Manager running on the network mentioned above. `WAZUH_AGENT_GROUP` will also to be taken into account by the Agent deployment. `ossec.conf` from the `docker-deploy` directory will be copied to the container's `/var/ossec/` directory.
+
+## Run the agent as a docker instance manually, not advisable
+
+Consider this section as a backup in the case you can not use the playbooks above.
+
+Build the image
+
+```
+cd docker-deploy
+docker build -t docker-wazuh-agent:latest .
+```
+
+Run the agent attached to network `security-monitoring-deployment_default` where Wazuh Manager should be already running.
+
+```
+docker run -d --name wazuh-agent --network=security-monitoring-deployment_default --hostname localhost -e WAZUH_MANAGER=wazuh-manager -e WAZUH_AGENT_GROUP=default -v ${PWD}/ossec.conf:/var/ossec/etc/ossec.conf docker-wazuh-agent:latest
+```
\ No newline at end of file
diff --git a/piacere_security/build-wazuh-agent.yml b/security_monitoring/build-wazuh-agent.yml
similarity index 96%
rename from piacere_security/build-wazuh-agent.yml
rename to security_monitoring/build-wazuh-agent.yml
index 74c135a2fef4910f2c2543c8a26b878fd5af0831..93693cf02f047e5ca4b8fe33686e6ed9d411a3e6 100644
--- a/piacere_security/build-wazuh-agent.yml
+++ b/security_monitoring/build-wazuh-agent.yml
@@ -1,5 +1,5 @@
---
-- hosts: all
+- hosts: docker
tasks:
- name: include vars
diff --git a/piacere_security/config.yaml b/security_monitoring/config.yaml
similarity index 100%
rename from piacere_security/config.yaml
rename to security_monitoring/config.yaml
diff --git a/piacere_security/config/ossec.conf.j2 b/security_monitoring/config/ossec.conf.j2
similarity index 100%
rename from piacere_security/config/ossec.conf.j2
rename to security_monitoring/config/ossec.conf.j2
diff --git a/security_monitoring/deploy-wazuh-agent.yml b/security_monitoring/deploy-wazuh-agent.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1e9e417ab1a8c5d1dfda632534651a06e358eb18
--- /dev/null
+++ b/security_monitoring/deploy-wazuh-agent.yml
@@ -0,0 +1,110 @@
+- hosts: servers_for_piacere_monitoring
+ gather_facts: yes
+
+ pre_tasks:
+ - name: Check parameters
+ fail:
+ msg: 'variable {{item}} not defined'
+ when: item is not defined
+ with_items:
+ - piacere_deployment_id
+ - wazuh_manager_hostname
+ - wazuh_manager_port
+ - name: Print parameters
+ debug:
+ msg:
+ - "piacere_deployment_id: {{ piacere_deployment_id }}"
+ - "wazuh_manager_hostname: {{ wazuh_manager_hostname }}"
+ - "wazuh_manager_port: {{ wazuh_manager_port }}"
+ - name: Ensure gnupg package
+ package:
+ name: gnupg
+ state: present
+ become: true
+ vars_files:
+ - vars.yml
+
+ tasks:
+
+ - name: System details
+ ansible.builtin.debug: msg="{{ item }}"
+ with_items:
+ - "{{ ansible_distribution }}"
+ - "{{ ansible_distribution_version }}"
+ - "{{ ansible_distribution_major_version }}"
+
+ - name: Other distributions not supported
+ ansible.builtin.shell: echo "only on Ubuntu or Debian"
+ when: ansible_distribution != 'Debian' and ansible_distribution != 'Ubuntu'
+
+ - name: System upgrade
+ ansible.builtin.apt:
+ name: "*"
+ state: latest
+ update_cache: yes
+ force_apt_get: True
+ cache_valid_time: 3600
+ become: yes
+ register: apt_action
+ retries: 100
+ until: apt_action is success
+ when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+ - name: APT install required packages
+ become: yes
+ ansible.builtin.apt:
+ name:
+ - curl
+ - python3
+ state: present
+ when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+ - name: Add wazuh apt repository and install wazuh-agent
+ become: yes
+ block:
+ - name: Get wazuh apt-key
+ ansible.builtin.apt_key:
+ url: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+ state: present
+ - name: Add wazuh apt repository
+ ansible.builtin.apt_repository:
+ repo: "deb https://packages.wazuh.com/4.x/apt/ stable main"
+ state: present
+ filename: wazuh
+ update_cache: yes
+ - name: Install wazuh-agent
+ register: updatesys
+ apt:
+ name: wazuh-agent
+ when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+ - name: Create config path
+ ansible.builtin.file:
+ path: "{{ service_config_dir }}"
+ state: directory
+ mode: 0755
+ when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+ - name: Copy config template to remote host
+ become: yes
+ ansible.builtin.template:
+ src: "{{ playbook_dir }}/config/ossec.conf.j2"
+ dest: "/var/ossec/etc/ossec.conf"
+ mode: 0644
+ register: config_changed
+ when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+ - name: Start wazuh agent service
+ become: yes
+ block:
+ - name: Make sure wazuh-agent service is enabled and not masked
+ ansible.builtin.systemd:
+ daemon_reload: yes
+ name: wazuh-agent
+ enabled: yes
+ masked: no
+ - name: Start the service
+ ansible.builtin.systemd:
+ name: wazuh-agent
+ state: started
+ when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
\ No newline at end of file
diff --git a/piacere_security/deploy-wazuh-agent.yml b/security_monitoring/deploy-wazuh-docker-agent.yml
similarity index 98%
rename from piacere_security/deploy-wazuh-agent.yml
rename to security_monitoring/deploy-wazuh-docker-agent.yml
index d1421f2f94a1ba8be1d3e7e90bc4405aa36ad382..2f5029673ac777dd2091da87a26c3e87b456a837 100644
--- a/piacere_security/deploy-wazuh-agent.yml
+++ b/security_monitoring/deploy-wazuh-docker-agent.yml
@@ -1,5 +1,5 @@
---
-- hosts: all
+- hosts: docker
tasks:
- name: include vars
diff --git a/piacere_security/docker-deploy/Dockerfile b/security_monitoring/docker-deploy/Dockerfile
similarity index 100%
rename from piacere_security/docker-deploy/Dockerfile
rename to security_monitoring/docker-deploy/Dockerfile
diff --git a/piacere_security/docker-deploy/entrypoint.sh b/security_monitoring/docker-deploy/entrypoint.sh
similarity index 85%
rename from piacere_security/docker-deploy/entrypoint.sh
rename to security_monitoring/docker-deploy/entrypoint.sh
index 6a820773373e45abcd25be03b48a8be752a2b7d8..dbd7d2b5a69028dd0fe74f7bd7cc41b406b40e9a 100644
--- a/piacere_security/docker-deploy/entrypoint.sh
+++ b/security_monitoring/docker-deploy/entrypoint.sh
@@ -1,9 +1,5 @@
#!/bin/bash
-# !
-# !CONVERT THIS CODE INTO ANSIBLE PLAYBOOK IF POSSIBLE
-# !
-
# Start the agent
/var/ossec/bin/wazuh-control start
diff --git a/piacere_security/docker-deploy/ossec.conf b/security_monitoring/docker-deploy/ossec.conf
similarity index 100%
rename from piacere_security/docker-deploy/ossec.conf
rename to security_monitoring/docker-deploy/ossec.conf
diff --git a/piacere_security/inventory.j2 b/security_monitoring/inventory.j2
similarity index 60%
rename from piacere_security/inventory.j2
rename to security_monitoring/inventory.j2
index 6adae86d8603cd7b1752777c0fb270d9d38002e9..7b95272f7ae344eba19886a199f5a436f6888c7f 100644
--- a/piacere_security/inventory.j2
+++ b/security_monitoring/inventory.j2
@@ -1,9 +1,9 @@
-[servers_for_piacere_security]
+[servers_for_security_monitoring]
{{ instance_ip_nginx_vm }}
-[servers_for_piacere_security:vars]
+[servers_for_security_monitoring:vars]
ansible_connection=ssh
ansible_user=ubuntu
ansible_ssh_private_key_file=ssh_key
diff --git a/security_monitoring/inventory.txt b/security_monitoring/inventory.txt
new file mode 100644
index 0000000000000000000000000000000000000000..eac7201b349f07399d900be4f0c724bd30219c5f
--- /dev/null
+++ b/security_monitoring/inventory.txt
@@ -0,0 +1,5 @@
+[docker]
+localhost
+
+[sma_host]
+localhost ansible_user=vagrant ansible_password=vagrant ansible_port=2222
\ No newline at end of file
diff --git a/security_monitoring/main.yml b/security_monitoring/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7c97efb47907969174e2ade9fe115e7f28368c8b
--- /dev/null
+++ b/security_monitoring/main.yml
@@ -0,0 +1,2 @@
+---
+- import_playbook: deploy-wazuh-agent.yml
diff --git a/piacere_security/ssh_key.j2 b/security_monitoring/ssh_key.j2
similarity index 100%
rename from piacere_security/ssh_key.j2
rename to security_monitoring/ssh_key.j2
diff --git a/piacere_security/vars.yml b/security_monitoring/vars.yml
similarity index 67%
rename from piacere_security/vars.yml
rename to security_monitoring/vars.yml
index e47f279315203205a828f6c6b9f911a98397ca7e..339a384631888c62ac3c2eb7ac35bc9c408a766b 100644
--- a/piacere_security/vars.yml
+++ b/security_monitoring/vars.yml
@@ -1,8 +1,8 @@
---
service_config_dir: "{{ ansible_env.HOME }}/piacere-wazuh-agent"
docker_image_build_dir: "{{ ansible_env.HOME }}/piacere-wazuh-agent/image"
-wazuh_manager_hostname: "wazuh-manager"
-wazuh_manager_port: "1514"
+wazuh_manager_hostname: "{{ lookup('env', 'WAZUH_MANAGER_HOST' ) }}"
+wazuh_manager_port: "{{ lookup('env', 'WAZUH_MANAGER_PORT' ) }}"
wazuh_agent_network: "security-monitoring-deployment_default"
wazuh_agent_name: "wazuh-agent-container-2"
@@ -10,4 +10,4 @@ wazuh_agent_group: "default"
wazuh_agent_config_volume: "{{ service_config_dir }}/ossec.conf:/var/ossec/etc/ossec.conf"
wazuh_agent_image_name: "wazuh-agent-image"
-piacere_deployment_id: "123e4567-e89b-12d3-a456-426614174002"
\ No newline at end of file
+piacere_deployment_id: "{{ lookup('env', 'DEPLOYMENT_ID' ) }}"