sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0a71da03ac38d79c20122464fccd6e00caa0cced
semaphore/chisel.yml
staffadmin 8f2eda318c last chisel
2023-09-26 15:24:06 +02:00

245 lines
6.8 KiB
YAML
Raw Blame History

---
- name: Chisel Client - Server playbook
hosts: all
become: true
# #
# # @author Stéphane Gratias (2023).
#
pre_tasks:
# HACK to bypass role
- name: create file service | HACK role to load service before
ansible.builtin.file:
path: "{{ chisel_service_destination }}"
state: touch
mode: 0644
tags:
- always
- name: reload daemon systemd | HACK role to load service before
ansible.builtin.systemd:
daemon_reload: true
tags:
- always
# HACK to bypass role
- name: CHECK if binary chisel is already installed
shell: which /usr/local/bin/chisel
changed_when: false
failed_when: false
register: chisel_installed
tags:
- chisel
- name: Check if chisel service is started
ansible.builtin.service:
name: "{{ chisel_service_name }}"
state: started
changed_when: false
failed_when: false
register: chisel_service
tags:
- chisel
- name: Debug service state for ALL hosts
debug:
msg: "{{ chisel_service }}"
tags:
- chisel
- name: Read fingerprint chisel server in log file
ansible.builtin.slurp:
src: "/var/log/chisel/{{ chisel_config_name }}_error.log"
register: fingerprint
when:
- chisel_service.state is defined
- chisel_service.state == 'started'
- chisel_server|default(false) is true
tags:
- chisel
- name: Setting fingerprint host facts
ansible.builtin.set_fact:
chisel_fingerprint: "{{ fingerprint['content'] | b64decode | regex_search('.*Fingerprint.*', multiline=True, ignorecase=True) | split(' ') }}"
tags:
- chisel
when:
- chisel_service.state is defined
- chisel_service.state == 'started'
- chisel_server|default(false) is true
- name: Debug fingerprint for ALL hosts
debug:
msg: "{{ hostvars[groups['server'][0]].chisel_fingerprint }}"
when: hostvars[groups['server'][0]].chisel_fingerprint is defined
tags:
- chisel
roles:
- { role: justin_p.chisel, tags: chisel, when: chisel_service.state is undefined }
tasks:
##########
# SERVER #
##########
# Need to install proxychains on server
- name: Change settings in proxychains conf files ONLY on server
ansible.builtin.lineinfile:
path: "{{ item.path }}"
regexp: "{{ item.regexp }}"
state: "{{ item.state }}"
line: "{{ item.line|default(omit) }}"
loop: "{{ chisel_proxychains_conf }}"
when:
- chisel_service.state is undefined
- "{{ chisel_server|default(false) }} is true"
tags:
- chisel
- name: Restart chisel-server to have new fingerprint ONLY on server
ansible.builtin.service:
name: "{{ chisel_service_name }}"
state: restarted
when:
- chisel_service.state is undefined
- "{{ chisel_server|default(false) }} is true"
tags:
- chisel
- name: Read fingerprint chisel server in log file
ansible.builtin.slurp:
src: "/var/log/chisel/{{ chisel_config_name }}_error.log"
register: fingerprint
when:
- chisel_service.state is undefined
- "{{ chisel_server|default(false) }} is true"
tags:
- chisel
- name: Setting fingerprint host facts
ansible.builtin.set_fact:
chisel_fingerprint: "{{ fingerprint['content'] | b64decode | regex_search('.*Fingerprint.*', multiline=True, ignorecase=True) | split(' ') }}"
tags:
- chisel
when:
- chisel_service.state is undefined
- "{{ chisel_server|default(false) }} is true"
- name: Debug fingerprint for ALL hosts
debug:
msg: "{{ hostvars[groups['server'][0]].chisel_fingerprint }}"
tags:
- chisel
##########
# CLIENT #
##########
- name: Change settings in chisel conf files ONLY on client
ansible.builtin.lineinfile:
path: "{{ item.path }}"
regexp: "{{ item.regexp }}"
state: "{{ item.state }}"
line: "{{ item.line|default(omit) }}"
when: "{{ chisel_server|default(false) }} is false"
loop: "{{ chisel_conf }}"
tags: chisel
- name: Restart chisel-client to have new fingerprint ONLY on client
ansible.builtin.service:
name: "{{ chisel_service_name }}"
state: restarted
when: "{{ chisel_server|default(false) }} is false"
tags: chisel
########################
# REMOVE CLIENT/SERVER #
########################
- name: Stop service {{ chisel_service_name }} on CLIENT
ansible.builtin.service:
name: "{{ chisel_service_name }}"
state: stopped
when: "{{ chisel_server|default(false) }} is false"
tags:
- chisel-remove-client
- chisel-remove
- name: Stop service {{ chisel_service_name }} on SERVER
ansible.builtin.service:
name: "{{ chisel_service_name }}"
state: stopped
when: "{{ chisel_server|default(false) }} is true"
tags:
- chisel-remove-server
- chisel-remove
- name: Find all ansible directories in tmp
find:
paths: /tmp/
patterns: 'ansible_*'
file_type: directory
register: ansible_files
tags:
- chisel-remove-client
- chisel-remove-server
- chisel-remove
# - name: Debug ansible files ALL hosts
# debug:
# msg: "{{ ansible_files.files }}"
# tags:
# - chisel-remove-client
# - chisel-remove
- name: Remove all files and directories ONLY on client
ansible.builtin.file:
path: "{{ item }}"
state: absent
notify: reload daemon systemd
loop: "{{ chisel_remove_all }}"
when: "{{ chisel_server|default(false) }} is false"
tags:
- chisel-remove-client
- chisel-remove
- name: Remove all files and directories ONLY on server
ansible.builtin.file:
path: "{{ item }}"
state: absent
notify: reload daemon systemd
loop: "{{ chisel_remove_all }}"
when: "{{ chisel_server|default(false) }} is true"
tags:
- chisel-remove-server
- chisel-remove
- name: Remove all ansible directories
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
notify: reload daemon systemd
loop: "{{ ansible_files.files }}"
tags:
- chisel-remove-client
- chisel-remove-server
- chisel-remove
handlers:
- name: reload daemon systemd
ansible.builtin.systemd:
daemon_reload: true
# /lib/systemd/system/chisel-client.service -> chisel_service_destination
# /var/log/chisel
# /etc/chisel -> chisel_config_folder
# /tmp/chisel -> chisel_download_destination
# /usr/local/bin/chisel -> chisel_install_destination
Reference in New Issue View Git Blame Copy Permalink