-
Notifications
You must be signed in to change notification settings - Fork 3
/
linux_login.yml
65 lines (57 loc) · 2 KB
/
linux_login.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
---
- name: Create mondoo config directory
ansible.builtin.file:
dest: /etc/opt/mondoo
state: directory
mode: '0644'
become: "{{ use_become }}"
when: not ansible_check_mode
- name: Logout cnquery and cnspec from Mondoo platform
ansible.builtin.command: cnspec logout --force --config /etc/opt/mondoo/mondoo.yml
args:
# only run the command if no config file exists
creates: /etc/opt/mondoo/mondoo.yml
when: force_registration
# if the credentials are already invalid, the command will throw an error
ignore_errors: true
- name: Remove existing credentials
# ensure no configuration file exists if force mode was activated
ansible.builtin.file:
state: absent
path: /etc/opt/mondoo/mondoo.yml
mode: '0644'
when: force_registration
- name: Login cnquery and cnspec with Mondoo platform
ansible.builtin.command: cnspec login --config /etc/opt/mondoo/mondoo.yml --token {{ registration_token }}
args:
# only run the command if no config file exists (was not deleted in non-force mode)
creates: /etc/opt/mondoo/mondoo.yml
become: "{{ use_become }}"
when: not ansible_check_mode
notify: Restart cnspec-service
- name: Create cnspec systemd service file
ansible.builtin.template:
src: templates/cnspec.service.j2
dest: /etc/systemd/system/cnspec.service
mode: '0644'
become: "{{ use_become }}"
- name: Ensure cnspec service is enabled and running
ansible.builtin.systemd:
name: cnspec.service
state: started
daemon_reload: yes
enabled: yes
become: "{{ use_become }}"
when: not ansible_check_mode
- name: Ensure deprecated mondoo service is removed
ansible.builtin.systemd:
name: mondoo.service
state: stopped
daemon_reload: yes
enabled: false
become: "{{ use_become }}"
when: not ansible_check_mode
- name: Ensure cnquery and cnspec are managed
ansible.builtin.command: cnspec login
become: "{{ use_become }}"
when: (ensure_managed_client is not undefined and ensure_managed_client) and not ansible_check_mode