good night

2023-09-26 02:43:13 +02:00
parent 9e696a4cfd
commit d616fdbe55
5 changed files with 92 additions and 64 deletions
--- a/chisel.yml
+++ b/chisel.yml
@@ -9,7 +9,7 @@
  roles:
-    - { role: justin_p.chisel, tags: chisel-server }
+    - { role: justin_p.chisel, tags: chisel-server, when: "{{ chisel_server|default(false) }} is true" }
  tasks:
  # Need to install proxychains
@@ -30,64 +30,85 @@
      when: "{{ chisel_server|default(false) }} is true"
      tags: chisel-server
-
+    - name: Read fingerprint chisel server in log file
    - name: Lire le contenu du fichier
      ansible.builtin.slurp:
        src: "/var/log/chisel/{{ chisel_config_name }}_error.log"
-      register: contenu_fichier
+      register: fingerprint
-      tags: chisel-server-test
+      when: "{{ chisel_server|default(false) }} is true"
      tags: 
        - chisel-server
        - chisel-client
-    # - name: Debug log chisel-server and register it for fingerprint
+    - name: Setting fingerprint host facts
-    #   ansible.builtin.command: 
+      ansible.builtin.set_fact: 
-    #     cmd: 'cat "/var/log/chisel/"{{ chisel_config_name }}_error.log" | grep Fingerprint'
+        chisel_fingerprint: "{{ fingerprint['content'] | b64decode | regex_search('.*Fingerprint.*', multiline=True, ignorecase=True) | split(' ') }}"
-    #   register: chisel_fingerprint
+      tags: 
-    #   tags: chisel-server
+        - chisel-server
        - chisel-client
      when: "{{ chisel_server|default(false) }} is true"
-    - name: test
+    - name: Debug fingerprint for ALL hosts
      debug:
-        msg: "{{ contenu_fichier['content'] | b64decode }}"
+        msg: "{{ hostvars[groups['server'][0]].chisel_fingerprint }}"
-      tags: chisel-server-test
+      tags: 
        - chisel-server
        - chisel-client
-    # - name: Ensure gzip is installed | Client
+    - name: CHECK if binary chisel is already installed | Client
-    #   ansible.builtin.apt:
+      shell: which /usr/local/bin/chisel
-    #     name: gzip
+      changed_when: false
-    #     state: present
+      failed_when: false
-    #   when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+      register: chisel_installed
    # - name: "Download chisel {{ chisel_version }}"
    #   ansible.builtin.get_url:
    #     url: "{{ chisel_download_url_linux_amd64 }}"
    #     dest: "{{ chisel_download_destination }}"
    #     checksum: "sha256:{{ chisel_linux_amd64_sha256 }}"
    #     mode: '0600'
    #   when: not chisel.stat.exists or chisel_version != chisel_installed_version
    - name: Unarchive a file that needs to be downloaded (added in 2.0)
      ansible.builtin.unarchive:
        src: https://example.com/example.zip
        dest: /usr/local/bin
        remote_src: yes
      tags: chisel-client
-    # - name: Change the working directory to somedir/ and run the command as db_owner if /path/to/database does not exist
+    - name: install chisel from github source
-    #   ansible.builtin.command: /usr/bin/make_database.sh db_user db_name
+      block:
-    #   become: yes
+        - name: Ensure gzip is installed | Client
-    #   become_user: db_owner
+          ansible.builtin.apt:
-    #   args:
+            name: gzip
-    #     chdir: somedir/
+            state: present
-    #     creates: /path/to/database
+          when:
            - ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
            - chisel_server is false
-    # - name: "Unpack chisel to {{ chisel_install_destination }}"    # noqa: no-changed-when
+        - name: "Download chisel {{ chisel_version }}"
-    #   ansible.builtin.shell: "gunzip -c {{ chisel_download_destination }} > {{ chisel_install_destination }}"
+          ansible.builtin.get_url:
-    #   register: gunzip_output
+            url: "https://github.com/jpillora/chisel/releases/download/v{{ chisel_version }}/chisel_{{ chisel_version }}_linux_amd64.gz"
-    #   when: not chisel.stat.exists or chisel_version != chisel_installed_version
+            dest: "/tmp/"
            mode: '0600'
          when: "{{ chisel_server }} is false"
        - name: "Unpack chisel to {{ chisel_install_destination | default('/usr/local/bin/') }}"
          ansible.builtin.shell: "gunzip -c /tmp/chisel_{{ chisel_version }}_linux_amd64.gz > {{ chisel_install_destination }}"
          register: gunzip_output
          when: "{{ chisel_server }} is false"
-# Done chisel Server
+        - name: "Set correct rights for {{ chisel_install_destination }}"
-# TODO client (no role) remove-client remove-server
+          ansible.builtin.file:
            path: "{{ chisel_install_destination }}"
            owner: root
            group: root
            mode: 0775
          when: "{{ chisel_server }} is false"
        - name: "Run chisel to : {{ chisel_server_host }}:{{ chisel_server_port }}"
          ansible.builtin.shell: "{{ chisel_install_destination }} client --fingerprint {{ hostvars[groups['server'][0]].chisel_fingerprint[4] }} --auth {{ chisel_basic_auth }} {{ chisel_server_host }}:{{ chisel_server_port }} R:{{ chisel_server_host }}:socks"
          async: 60  # Le temps maximal en secondes d'attente apres deco (chisel tournera quand meme apres)
          poll: 0           
          #register: chisel_client_output
          when: "{{ chisel_server }} is false"
-# TODO chisel in traefik
+      when: chisel_installed.rc != 0
-# port 8080 and 1080 (socks)
+      tags:
-# docker run --rm -it jpillora/chisel client --auth "user:pass" --fingerprint dr5QNd5AIR9vFKATKQ/MYN441MF4av5Pipvg65camPo= 163.172.84.28:8080 R:163.172.84.28:socks
+        - chisel-client
-#  /usr/local/bin/chisel server --host 163.172.84.28 --port 8080 --auth user:pass --reverse --socks5 -v
+
    - name: "Run chisel to : {{ chisel_server_host }}:{{ chisel_server_port }} with auth {{ chisel_basic_auth }}"
      ansible.builtin.shell: "{{ chisel_install_destination }} client --fingerprint {{ hostvars[groups['server'][0]].chisel_fingerprint[4] }} --auth {{ chisel_basic_auth }} {{ chisel_server_host }}:{{ chisel_server_port }} R:{{ chisel_server_host }}:socks"
      when: "{{ chisel_server }} is false"
      async: 60  # Le temps maximal en secondes d'attente apres deco (chisel tournera quand meme apres)
      poll: 0 
      #register: chisel_client_output
      tags:
        - chisel-client
 # TODO remove tmp/chisel_1.8.1_linux_amd64.gz /usr/local/bin/chisel /tmp/ansible_ansible.legacy.command_payload_XXXX and stop chisel-server
--- a/group_vars/perso.yml
+++ b/group_vars/perso.yml
@@ -111,9 +111,3 @@ alert_list_server:
  - '"163.172.84.28"'
  - '"37.187.127.90"'
 alert_server_ssl: gitea.jingoh.fr
  ##########
  # CHISEL #
  ##########
 chisel_basic_auth: "user:pass"
--- a/host_vars/ovh_fr.yml
+++ b/host_vars/ovh_fr.yml
@@ -11,6 +11,12 @@ apt_repositories_sources:
  - deb http://security.ubuntu.com/ubuntu focal-security universe
  - deb http://security.ubuntu.com/ubuntu focal-security multiverse
  ##########
  # CHISEL #
  ##########
-
+chisel_server: false
-chisel_server: false
+chisel_basic_auth: user:pass
 chisel_version: 1.8.1
 chisel_server_host: 163.172.84.28
 chisel_server_port: 8080
--- a/host_vars/scaleway_fr.yml
+++ b/host_vars/scaleway_fr.yml
@@ -129,10 +129,13 @@ logrotate_scripts:
 # CHISEL #
 ##########
 # SHOULD BE IN [server] GROUP
 chisel_server: true
 chisel_version: 1.8.1
 chisel_basic_auth: "user:pass"
 chisel_service_name: chisel-server
 chisel_config_name: chisel-server
 chisel_server_host: 163.172.84.28
 chisel_config_name: chisel-server
 chisel_server_port: 8080
 chisel_proxychains_conf:
 # chisel enable socks5, reverse and basic auth
--- a/16
+++ b/16
@@ -2,11 +2,15 @@
 ovh_fr ansible_host=37.187.127.90 ansible_user=stephane
 scaleway_fr ansible_host=163.172.84.28 ansible_user=stephane
-[ovh]
+# TO KNOW WHOIS CHISEL SERVER
-ovh_fr ansible_host=37.187.127.90 ansible_user=stephane
+[server]
 [scaleway]
 scaleway_fr ansible_host=163.172.84.28 ansible_user=stephane
-[local]
+; [ovh]
-vagrant ansible_host=192.168.33.10 ansible_user=vagrant ansible_password=vagrant
+; ovh_fr ansible_host=37.187.127.90 ansible_user=stephane
 ; [scaleway]
 ; scaleway_fr ansible_host=163.172.84.28 ansible_user=stephane
 ; [local]
 ; vagrant ansible_host=192.168.33.10 ansible_user=vagrant ansible_password=vagrant