openstack/openstack-ansible-ops
Code Issues Proposed changes
aa26271ee5
openstack-ansible-ops/osquery/vars/variables.yml
Victor Palma 5ddbde3310 adding kolide fleet 
* adds kolide fleet
  * integrates osquery to kolide fleet server

Change-Id: I646364c44bb99d4397bb35068600c49b7bfd62c2
2018-07-17 18:45:56 -05:00

62 lines
2.4 KiB
YAML
Raw Blame History

kolide_fleet_enable: true
kolide_fleet_cluster: false
# Kolide Fleet vars
kolide_fleet_db_name: fleet
kolide_fleet_db_user: fleet
kolide_fleet_db_password: fleetSecrete
kolide_fleet_port: "443"
kolide_fleet_address: "0.0.0.0:{{ kolide_fleet_port }}"
kolide_fleet_version: "2.0.0-rc3"
kolide_fleet_url: "https://github.com/kolide/fleet/releases/download"
kolide_fleet_admin_email: admin@openstack.org
kolide_fleet_admin_password: AdminSecrete
kolide_fleet_ssl_cert: /etc/ssl/certs/fleet.cert
kolide_fleet_ssl_key: /etc/ssl/private/fleet.key
kolide_fleet_ssl_pem: /etc/ssl/private/fleet.pem
kolide_fleet_ssl_ca_cert: /etc/ssl/certs/fleet-ca.pem
kolide_fleet_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ external_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}/subjectAltName=IP.2={{ ansible_host }}}/subjectAltName=IP.3=localhost"
kolide_fleet_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
kolide_fleet_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
#kolide_fleet_osquery_enroll_secret: "{{ kolide_fleet_enroll_secret }}"
# Osquery vars
osquery_enroll_secret_dir: /etc/osquery/osquery_enroll_secret
osquery_flags:
- "--tls_server_certs={{ kolide_fleet_ssl_cert }}"
- "--tls_hostname={{ hostvars[groups['fleet'][0]]['ansible_host'] }}:{{ kolide_fleet_port }}"
- "--host_identifier=hostname"
- "--enroll_tls_endpoint=/api/v1/osquery/enroll"
- "--config_plugin=tls"
- "--config_tls_endpoint=/api/v1/osquery/config"
- "--config_tls_refresh=10"
- "--disable_distributed=false"
- "--distributed_plugin=tls"
- "--distributed_interval=10"
- "--distributed_tls_max_attempts=3"
- "--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read"
- "--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write"
- "--logger_plugin=tls"
- "--logger_tls_endpoint=/api/v1/osquery/log"
- "--logger_tls_period=10"
- "--enroll_secret_path={{ osquery_enroll_secret_dir }}"
# MariaDB/Gallera Variables
mariadb_root_password: fleetSecrete
mariadb_bind_address: "0.0.0.0"
mariadb_root_remote: 1
mariadb_databases:
- name: "{{ kolide_fleet_db_name }}"
mariadb_users:
- name: "{{ kolide_fleet_db_user }}"
password: "{{ kolide_fleet_db_password }}"
priv: " {{ kolide_fleet_db_name }}.*:ALL"
host: "%"
View Git Blame Copy Permalink