--- - name: Chisel Client - Server playbook hosts: all become: true # # # # @author Stéphane Gratias (2021). # roles: - { role: justin_p.chisel, tags: chisel-server, when: "{{ chisel_server|default(false) }} is true" } tasks: # Need to install proxychains - name: Change settings in chisel-server and proxychains conf files | Server ansible.builtin.lineinfile: path: "{{ item.path }}" regexp: "{{ item.regexp }}" state: "{{ item.state }}" line: "{{ item.line|default(omit) }}" loop: "{{ chisel_proxychains_conf }}" when: "{{ chisel_server|default(false) }} is true" tags: chisel-server - name: Reload service chisel-server | Server ansible.builtin.service: name: chisel-server state: restarted when: "{{ chisel_server|default(false) }} is true" tags: chisel-server - name: Read fingerprint chisel server in log file ansible.builtin.slurp: src: "/var/log/chisel/{{ chisel_config_name }}_error.log" register: fingerprint when: "{{ chisel_server|default(false) }} is true" tags: - chisel-server - chisel-client - name: Setting fingerprint host facts ansible.builtin.set_fact: chisel_fingerprint: "{{ fingerprint['content'] | b64decode | regex_search('.*Fingerprint.*', multiline=True, ignorecase=True) | split(' ') }}" tags: - chisel-server - chisel-client when: "{{ chisel_server|default(false) }} is true" - name: Debug fingerprint for ALL hosts debug: msg: "{{ hostvars[groups['server'][0]].chisel_fingerprint }}" tags: - chisel-server - chisel-client - name: CHECK if binary chisel is already installed | Client shell: which /usr/local/bin/chisel changed_when: false failed_when: false register: chisel_installed tags: chisel-client - name: install chisel from github source block: - name: Ensure gzip is installed | Client ansible.builtin.apt: name: gzip state: present when: - ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - chisel_server is false - name: "Download chisel {{ chisel_version }}" ansible.builtin.get_url: url: "https://github.com/jpillora/chisel/releases/download/v{{ chisel_version }}/chisel_{{ chisel_version }}_linux_amd64.gz" dest: "/tmp/" mode: '0600' when: "{{ chisel_server }} is false" - name: "Unpack chisel to {{ chisel_install_destination | default('/usr/local/bin/') }}" ansible.builtin.shell: "gunzip -c /tmp/chisel_{{ chisel_version }}_linux_amd64.gz > {{ chisel_install_destination }}" register: gunzip_output when: "{{ chisel_server }} is false" - name: "Set correct rights for {{ chisel_install_destination }}" ansible.builtin.file: path: "{{ chisel_install_destination }}" owner: root group: root mode: 0775 when: "{{ chisel_server }} is false" - name: "Run chisel to : {{ chisel_server_host }}:{{ chisel_server_port }}" ansible.builtin.shell: "{{ chisel_install_destination }} client --fingerprint {{ hostvars[groups['server'][0]].chisel_fingerprint[4] }} --auth {{ chisel_basic_auth }} {{ chisel_server_host }}:{{ chisel_server_port }} R:{{ chisel_server_host }}:socks" async: 60 # Le temps maximal en secondes d'attente apres deco (chisel tournera quand meme apres) poll: 0 #register: chisel_client_output when: "{{ chisel_server }} is false" when: chisel_installed.rc != 0 tags: - chisel-client - name: "Run chisel to : {{ chisel_server_host }}:{{ chisel_server_port }} with auth {{ chisel_basic_auth }}" ansible.builtin.shell: "{{ chisel_install_destination }} client --fingerprint {{ hostvars[groups['server'][0]].chisel_fingerprint[4] }} --auth {{ chisel_basic_auth }} {{ chisel_server_host }}:{{ chisel_server_port }} R:{{ chisel_server_host }}:socks" when: "{{ chisel_server }} is false" async: 60 # Le temps maximal en secondes d'attente apres deco (chisel tournera quand meme apres) poll: 0 #register: chisel_client_output tags: - chisel-client # TODO remove tmp/chisel_1.8.1_linux_amd64.gz /usr/local/bin/chisel /tmp/ansible_ansible.legacy.command_payload_XXXX and stop chisel-server