use more variables, more consistant task naming, use updated ansible …

…module options
threatstack · Jun 7, 2019 · 03464ca · 03464ca
1 parent 1ab754e
commit 03464ca
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 26 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,12 +1,12 @@
 ---
 # defaults file for threatstack
 
+threatstack_url: https://app.threatstack.com
 threatstack_v1_pkg_url: 'https://pkg.threatstack.com'
 threatstack_v2_pkg_url: 'https://pkg.threatstack.com/v2'
-threatstack_pkg_state: installed
+threatstack_pkg_state: present
 # to set a version of the agent use threatstack-agent=X.Y.Z (Debian) or threatstack-agent-X.Y.Z (RedHat)
-threatstack_pkg:  threatstack-agent
-threatstack_url: https://app.threatstack.com
+threatstack_pkg: threatstack-agent
 threatstack_ruleset:
   - 'Base Rule Set'
 threatstack_config_dir: '/etc/threatstack'

diff --git a/tasks/apt_install.yml b/tasks/apt_install.yml
@@ -1,21 +1,19 @@
 ---
-- name: python-apt dependency.
+- name: Ensure ThreatStack dependencies are installed
   apt:
-    name: python-apt
-    state: installed
-
-- name: apt-transport-https dependency.
-  apt:
-    name: apt-transport-https
-    state: installed
+    name: "{{ item }}"
+    state: present
+    loop:
+      - python-apt
+      - apt-transport-https
 
-- name: Add Threat Stack apt repository key.
+- name: Add ThreatStack apt repository key
   apt_key:
-    url: https://app.threatstack.com/APT-GPG-KEY-THREATSTACK
+    url: "{{ threatstack_url }}/APT-GPG-KEY-THREATSTACK"
     id: 6EE04BD4
     validate_certs: no
 
-- name: Add Threat Stack apt repository.
+- name: Add ThreatStack apt repository
   apt_repository:
     repo: "deb {{ threatstack_pkg_url }}/Ubuntu {{ ansible_distribution_release }} main"
     state: present
@@ -28,7 +26,7 @@
     - not threatstack_v1
     - threatstack_pkg == 'threatstack-agent'
 
-- name: Ensure Threat Stack is installed.
+- name: Ensure ThreatStack is installed
   apt:
     name: "{{ threatstack_pkg }}"
     state: "{{ threatstack_pkg_state }}"
diff --git a/tasks/cloudsight_setup.yml b/tasks/cloudsight_setup.yml
@@ -2,7 +2,7 @@
 
 # 1.x agent setup
 
-- name: Create Threat Stack Config Directory
+- name: Create ThreatStack config directory
   file:
     path: "{{ threatstack_config_dir }}"
     state: directory
@@ -11,7 +11,7 @@
     mode: 0644
     recurse: yes
 
-- name: Create ThreatStack Config File
+- name: Create ThreatStack config file
   template:
     src: config.j2
     dest: "{{ threatstack_config }}"
@@ -25,7 +25,7 @@
   args:
     creates: /opt/threatstack/cloudsight/config/.audit
 
-- name: Create file to track extra Cloudsight config
+- name: Create file to track extra cloudsight config
   copy:
     content: "{{ threatstack_agent_config_args }} {{ agent_type }}"
     dest: /opt/threatstack/cloudsight/config/.config_args

diff --git a/tasks/disable_auditd.yml b/tasks/disable_auditd.yml
@@ -1,5 +1,5 @@
 ---
-- name: check auditd status
+- name: Check auditd status
   command: service auditd status
   register: auditd_status
   ignore_errors: true

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,5 +1,5 @@
 ---
-- name: Define some facts based on variables
+- name: Define facts based on variables
   include: facts.yml
 
 - name: Ensure package URL is defined
@@ -12,11 +12,11 @@
     - ansible_os_family == 'RedHat'
     - (ansible_distribution != 'Amazon' or ansible_kernel is search("\.amzn2\."))
 
-- name: Run Apt configure and install Threat Stack
+- name: Run apt configure and install ThreatStack
   include: apt_install.yml
   when: ansible_os_family == 'Debian'
 
-- name: Run Yum Configure and install Threat Stack
+- name: Run yum configure and install ThreatStack
   include: yum_install.yml
   when: ansible_os_family == 'RedHat'
 

diff --git a/tasks/yum_install.yml b/tasks/yum_install.yml
@@ -1,16 +1,16 @@
 ---
-- name: Ensure ThreatStack repo is installed.
+- name: Ensure ThreatStack repo is installed
   template:
     src: threatstack.j2
     dest: /etc/yum.repos.d/threatstack.repo
     owner: root
     group: root
     mode: 0644
 
-- name: Add ThreatStack repo GPG key.
+- name: Add ThreatStack repo GPG key
   rpm_key:
+    key: "{{ threatstack_url }}/RPM-GPG-KEY-THREATSTACK"
     state: present
-    key: https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK
     validate_certs: no
 
 - name: Ensure 2.x is installed when no version specified
@@ -20,7 +20,7 @@
     - not threatstack_v1
     - threatstack_pkg == 'threatstack-agent'
 
-- name: Ensure Agent is installed.
+- name: Ensure Agent is installed
   yum:
     name: "{{ threatstack_pkg }}"
     state: "{{ threatstack_pkg_state }}"