Initial public release

LICENSE

@@ -1,3 +1,4 @@
+
                                  Apache License
                            Version 2.0, January 2004
                         http://www.apache.org/licenses/
@@ -178,15 +179,15 @@
    APPENDIX: How to apply the Apache License to your work.
 
       To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
+      boilerplate notice, with the fields enclosed by brackets "[]"
       replaced with your own identifying information. (Don't include
       the brackets!)  The text should be enclosed in the appropriate
       comment syntax for the file format. We also recommend that a
       file or class name and description of purpose be included on the
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright {yyyy} {name of copyright owner}
+   Copyright [yyyy] [name of copyright owner]
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

NOTICE

@@ -0,0 +1,3 @@
+Ansible role - Tripwire.te_agent
+
+Copyright 2017 Tripwire, Inc.

README.md

@@ -1,2 +1,94 @@
-# ansible-te_agent
-Ansible Role for installing the Tripwire Enterprise Agent
+Role Name
+=========
+
+The te_agent role installs, configures, and manages the services of the
+Tripwire Enterprise Agent.
+
+Requirements
+------------
+
+The Tripwire Enterprise Agent needs a Tripwire Enterprise Console server
+to connect to. The server hostname and services passphrase are needed
+to configure the Agent.
+
+The installer file for the Agent must also be available on the Ansible
+control machine, for copying to the remote host for installation.
+
+Role Variables
+--------------
+
+```yaml
+# REQUIRED variables (no default defined)
+#########################################
+
+# Must be set to the path to the agent installer. Is copied to a
+# temporary directory on the remote host for installation
+te_agent_package_source: ~
+# Must be set to the hostname or IP address of the Tripwire Enterprise console
+te_agent_te_server_host: ~
+# Must be set to the service passphrase for the Tripwire Enterprise console
+te_agent_te_services_passphrase: ~
+
+# OPTIONAL variables (no default)
+#################################
+
+# If set, used to determine if the package needs to be upgraded
+te_agent_package_version: ~
+# If set, is written to the agent tags file for initial registration
+te_agent_tags: ~
+
+
+# from defaults/main.yml
+te_agent_package_state: present
+te_agent_package_install_path: '/usr/local/tripwire/te/agent'
+te_agent_te_services_port: 9898
+te_agent_te_server_http_port: 8080
+te_agent_local_port: 9898
+te_agent_install_rtm: true
+te_agent_proxy_port: 1080
+te_agent_rtm_port: 1169
+te_agent_enable_fips: false
+te_agent_service_state: started
+te_agent_service_enabled: true
+# only makes sense if te_agent_install_rtm = true
+te_agent_service_rtm_state: started
+te_agent_service_rtm_enabled: true
+
+# from vars/defaults.yml (should not be changed)
+te_agent_package_name: te_agent
+te_agent_service_name: twdaemon
+te_agent_service_rtm_name: twrtmd
+
+# from vars/Windows.yml (should not be changed)
+te_agent_package_name: '{CBE84CA6-F8E9-4D79-B8CE-CF936013DA82}'
+te_agent_service_name: teagent
+te_agent_service_rtm_name: tesvc
+```
+
+Example Playbook
+----------------
+
+```yaml
+- hosts: servers
+  roles:
+    - role: te_agent
+      te_agent_package_source: /mnt/data/te_agent/linux/x86_64/te_agent.bin
+      te_agent_te_server_host: tw-testcon.example.com
+      te_agent_te_services_passphrase: correct horse battery staple
+      te_agent_package_version: 8.5.6
+      te_agent_tags:
+        foo: bar
+        tags2: [taga, tagb]
+```
+
+License
+-------
+
+Licensed under the Apache 2.0 license. See the LICENSE and NOTICE files for details.
+
+Author Information
+------------------
+
+Copyright 2017 Tripwire, Inc.
+
+https://www.tripwire.com/

defaults/main.yml

@@ -0,0 +1,15 @@
+---
+te_agent_package_state: present
+te_agent_package_install_path: '/usr/local/tripwire/te/agent'
+te_agent_te_services_port: 9898
+te_agent_te_server_http_port: 8080
+te_agent_local_port: 9898
+te_agent_install_rtm: true
+te_agent_proxy_port: 1080
+te_agent_rtm_port: 1169
+te_agent_enable_fips: false
+te_agent_service_state: started
+te_agent_service_enabled: true
+# only makes sense if te_agent_install_rtm = true
+te_agent_service_rtm_state: started
+te_agent_service_rtm_enabled: true

handlers/main.yml

@@ -0,0 +1,5 @@
+---
+
+- include: service.yml
+
+- include: win_service.yml

handlers/service.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Restart agent service
+  service:
+    name: "{{ te_agent_service_name }}"
+    state: restarted
+
+- name: Restart event generator service
+  service:
+    name: "{{ te_agent_service_rtm_name }}"
+    state: restarted
+  when: te_agent_install_rtm

handlers/win_service.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Restart Windows agent service
+  win_service:
+    name: "{{ te_agent_service_name }}"
+    state: restarted
+
+- name: Restart Windows event generator service
+  win_service:
+    name: "{{ te_agent_service_rtm_name }}"
+    state: restarted
+  when: te_agent_install_rtm

meta/main.yml

@@ -0,0 +1,31 @@
+galaxy_info:
+  author: Bob Thomas
+  description: Role to install and configure the Tripwire Enterprise agent
+  company: Tripwire, Inc
+
+  license: Apache 2.0
+
+  # this is mainly for Windows support. the Linux portion likely works on
+  # (untested) older versions
+  min_ansible_version: 2.3
+
+  #
+  # platforms is a list of platforms, and each platform has a name and a list of versions.
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags:
+  - security
+  - monitoring
+
+dependencies: []

tasks/check_vars.yml

@@ -0,0 +1,13 @@
+---
+
+- name: Check for te_agent_package_source
+  fail: msg='te_agent_package_source is not defined'
+  when: te_agent_package_source is not defined
+
+- name: Check for te_agent_te_server_host
+  fail: msg='te_agent_te_server_host is not defined'
+  when: te_agent_te_server_host is not defined
+
+- name: Check for te_agent_te_services_passphrase
+  fail: msg='te_agent_te_services_passphrase is not defined'
+  when: te_agent_te_services_passphrase is not defined

tasks/config.yml

@@ -0,0 +1,66 @@
+---
+
+- name: Write agent.tags.conf
+  template:
+    src: agent.tags.conf.j2
+    dest: "{{ te_agent_package_install_path }}/data/config/agent.tags.conf"
+  when: te_agent_tags is defined
+
+- name: webserver.http.port
+  lineinfile:
+    path: "{{ te_agent_package_install_path }}/data/config/agent.properties"
+    regexp: '^webserver\.http\.port='
+    line: 'webserver.http.port={{ te_agent_te_server_http_port }}'
+  notify:
+    - Restart agent service
+
+- name: tw.server.host
+  lineinfile:
+    path: "{{ te_agent_package_install_path }}/data/config/agent.properties"
+    regexp: '^tw\.server\.host='
+    line: 'tw.server.host={{ te_agent_te_server_host }}'
+  notify:
+    - Restart agent service
+
+- name: tw.server.port
+  lineinfile:
+    path: "{{ te_agent_package_install_path }}/data/config/agent.properties"
+    regexp: '^tw\.server\.port='
+    line: 'tw.server.port={{ te_agent_te_services_port }}'
+  notify:
+    - Restart agent service
+
+- name: tw.agent.generator.port
+  lineinfile:
+    path: "{{ te_agent_package_install_path }}/data/config/agent.properties"
+    regexp: '^tw\.agent\.generator\.port='
+    line: 'tw.agent.generator.port={{ te_agent_rtm_port }}'
+  notify:
+    - Restart agent service
+    - Restart event generator service
+
+- name: tw.local.port
+  lineinfile:
+    path: "{{ te_agent_package_install_path }}/data/config/agent.properties"
+    regexp: '^tw\.local\.port='
+    line: 'tw.local.port={{ te_agent_local_port }}'
+  notify:
+    - Restart agent service
+
+- name: tw.proxy.host
+  lineinfile:
+    path: "{{ te_agent_package_install_path }}/data/config/agent.properties"
+    regexp: '^tw\.proxy\.host='
+    line: 'tw.proxy.host={{ te_agent_proxy_host }}'
+  when: te_agent_proxy_host is defined
+  notify:
+    - Restart agent service
+
+- name: tw.proxy.port
+  lineinfile:
+    path: "{{ te_agent_package_install_path }}/data/config/agent.properties"
+    regexp: '^tw\.proxy\.port='
+    line: 'tw.proxy.port={{ te_agent_proxy_port }}'
+  when: te_agent_proxy_host is defined
+  notify:
+    - Restart agent service

tasks/install.yml

@@ -0,0 +1,52 @@
+---
+
+- name: Create staging path
+  tempfile:
+    state: directory
+    suffix: te_agent
+  register: staging
+
+- name: Stage te_agent.bin
+  copy:
+    src: "{{ te_agent_package_source }}"
+    dest: "{{ staging.path }}/te_agent.bin"
+    mode: 0700
+
+- name: Run agent installer .bin
+  command: >-
+    {{ staging.path }}/te_agent.bin --silent --eula accept
+    --server-host "{{ te_agent_te_server_host }}"
+    --server-port "{{ te_agent_te_services_port }}"
+    --passphrase "{{ te_agent_te_services_passphrase }}"
+    --install-rtm "{{ te_agent_install_rtm }}"
+    --install-dir "{{ te_agent_package_install_path }}"
+    {% if te_agent_proxy_host|default('') %}
+    --proxy-host "{{ te_agent_proxy_host }}"
+    --proxy-port "{{ te_agent_proxy_port }}"
+    {% endif %}
+    {% if te_agent_install_rtm %}
+    --rtmport "{{ te_agent_rtm_port }}"
+    {% endif %}
+    {% if te_agent_enable_fips %}
+    --enable-fips
+    --http-port "{{ te_agent_te_server_http_port }}"
+    {% endif %}
+  args:
+    creates: "{{ te_agent_package_install_path }}/bin/twdaemon"
+
+- name: Cleanup staging path
+  file:
+    path: "{{ staging.path }}"
+    state: absent
+
+- name: Create Ansible custom facts directory
+  file:
+    path: /etc/ansible/facts.d
+    state: directory
+    recurse: yes
+
+- name: Write custom fact
+  template:
+    src: te_agent.fact.j2
+    dest: /etc/ansible/facts.d/te_agent.fact
+    mode: 0700