--- - name: Chisel Client - Server playbook hosts: all become: true # # # # @author Stéphane Gratias (2023). # pre_tasks: # HACK to bypass role - name: create file service | HACK role to load service before ansible.builtin.file: path: "{{ chisel_service_destination }}" state: touch mode: 0644 tags: - always - name: reload daemon systemd | HACK role to load service before ansible.builtin.systemd: daemon_reload: true tags: - always # HACK to bypass role - name: CHECK if binary chisel is already installed shell: which /usr/local/bin/chisel changed_when: false failed_when: false register: chisel_installed tags: - chisel - name: Check if chisel service is started ansible.builtin.service: name: "{{ chisel_service_name }}" state: started changed_when: false failed_when: false register: chisel_service tags: - chisel - name: Debug service state for ALL hosts debug: msg: "{{ chisel_service }}" tags: - chisel - name: Read fingerprint chisel server in log file ansible.builtin.slurp: src: "/var/log/chisel/{{ chisel_config_name }}_error.log" register: fingerprint when: - chisel_service.state is defined - chisel_service.state == 'started' - chisel_server|default(false) is true tags: - chisel - name: Setting fingerprint host facts ansible.builtin.set_fact: chisel_fingerprint: "{{ fingerprint['content'] | b64decode | regex_search('.*Fingerprint.*', multiline=True, ignorecase=True) | split(' ') }}" tags: - chisel when: - chisel_service.state is defined - chisel_service.state == 'started' - chisel_server|default(false) is true - name: Debug fingerprint for ALL hosts debug: msg: "{{ hostvars[groups['server'][0]].chisel_fingerprint }}" when: hostvars[groups['server'][0]].chisel_fingerprint is defined tags: - chisel roles: - { role: justin_p.chisel, tags: chisel, when: chisel_service.state is undefined } tasks: ########## # SERVER # ########## # Need to install proxychains on server - name: Change settings in proxychains conf files ONLY on server ansible.builtin.lineinfile: path: "{{ item.path }}" regexp: "{{ item.regexp }}" state: "{{ item.state }}" line: "{{ item.line|default(omit) }}" loop: "{{ chisel_proxychains_conf }}" when: - chisel_service.state is undefined - "{{ chisel_server|default(false) }} is true" tags: - chisel - name: Restart chisel-server to have new fingerprint ONLY on server ansible.builtin.service: name: "{{ chisel_service_name }}" state: restarted when: - chisel_service.state is undefined - "{{ chisel_server|default(false) }} is true" tags: - chisel - name: Read fingerprint chisel server in log file ansible.builtin.slurp: src: "/var/log/chisel/{{ chisel_config_name }}_error.log" register: fingerprint when: - chisel_service.state is undefined - "{{ chisel_server|default(false) }} is true" tags: - chisel - name: Setting fingerprint host facts ansible.builtin.set_fact: chisel_fingerprint: "{{ fingerprint['content'] | b64decode | regex_search('.*Fingerprint.*', multiline=True, ignorecase=True) | split(' ') }}" tags: - chisel when: - chisel_service.state is undefined - "{{ chisel_server|default(false) }} is true" - name: Debug fingerprint for ALL hosts debug: msg: "{{ hostvars[groups['server'][0]].chisel_fingerprint }}" tags: - chisel ########## # CLIENT # ########## - name: Change settings in chisel conf files ONLY on client ansible.builtin.lineinfile: path: "{{ item.path }}" regexp: "{{ item.regexp }}" state: "{{ item.state }}" line: "{{ item.line|default(omit) }}" when: "{{ chisel_server|default(false) }} is false" loop: "{{ chisel_conf }}" tags: chisel - name: Restart chisel-client to have new fingerprint ONLY on client ansible.builtin.service: name: "{{ chisel_service_name }}" state: restarted when: "{{ chisel_server|default(false) }} is false" tags: chisel ######################## # REMOVE CLIENT/SERVER # ######################## - name: Stop service {{ chisel_service_name }} on CLIENT ansible.builtin.service: name: "{{ chisel_service_name }}" state: stopped when: "{{ chisel_server|default(false) }} is false" tags: - chisel-remove-client - chisel-remove - name: Stop service {{ chisel_service_name }} on SERVER ansible.builtin.service: name: "{{ chisel_service_name }}" state: stopped when: "{{ chisel_server|default(false) }} is true" tags: - chisel-remove-server - chisel-remove - name: Find all ansible directories in tmp find: paths: /tmp/ patterns: 'ansible_*' file_type: directory register: ansible_files tags: - chisel-remove-client - chisel-remove-server - chisel-remove # - name: Debug ansible files ALL hosts # debug: # msg: "{{ ansible_files.files }}" # tags: # - chisel-remove-client # - chisel-remove - name: Remove all files and directories ONLY on client ansible.builtin.file: path: "{{ item }}" state: absent notify: reload daemon systemd loop: "{{ chisel_remove_all }}" when: "{{ chisel_server|default(false) }} is false" tags: - chisel-remove-client - chisel-remove - name: Remove all files and directories ONLY on server ansible.builtin.file: path: "{{ item }}" state: absent notify: reload daemon systemd loop: "{{ chisel_remove_all }}" when: "{{ chisel_server|default(false) }} is true" tags: - chisel-remove-server - chisel-remove - name: Remove all ansible directories ansible.builtin.file: path: "{{ item.path }}" state: absent notify: reload daemon systemd loop: "{{ ansible_files.files }}" tags: - chisel-remove-client - chisel-remove-server - chisel-remove handlers: - name: reload daemon systemd ansible.builtin.systemd: daemon_reload: true # /lib/systemd/system/chisel-client.service -> chisel_service_destination # /var/log/chisel # /etc/chisel -> chisel_config_folder # /tmp/chisel -> chisel_download_destination # /usr/local/bin/chisel -> chisel_install_destination