Playbook-blueteam

1. ---
2. - hosts: all
3.   sudo: true
4.   vars:
5.     tomcat_port: 9010
6.     gitlab_int_port: 9021
7.     gitlab_ext_port: 9020
8.     gitlab_admin_login: root
9.     gitlab_admin_password: 5iveL!fe
10.     gitlab_user_login: blueteam
11.     gitlab_user_password: blueteam
12.     gitlab_user_email: blueteamesiee@gmail.com
13.     gitlab_user_name: blueteam
14.     gitlab_group_name: blueteam_group
15.  
16.   tasks:
17.    # REPOSITORIES
18.     - name: Ajout du repository Java8
19.       apt_repository: repo='ppa:webupd8team/java' state=present
20.  
21.     - name: Mise à jour de l'apt cache
22.       apt: update_cache=yes
23.  
24.  
25.     # UTILITAIRES
26.     - debug: msg='# UTILITAIRES'
27.     - name: Installation des outils nécessaires à la configuration de la VM
28.       apt: name="{{item}}" state=present
29.       with_items:
30.       - git
31.        - jq
32.        - mailutils
33.        - libsasl2-2
34.        - ca-certificates
35.        - libsasl2-modules
36.        - unzip
37.        - dos2unix
38.  
39.     # APACHE2 + REVERSE PROXY
40.     - debug: msg='# APACHE2 + REVERSE PROXY'
41.     - name: Installation apache2
42.       apt: name={{item}} state=present
43.       with_items:
44.       - apache2
45.        - libapache2-mod-proxy-html
46.        - libxml2-dev
47.        - libxslt-dev
48.        - apache2-prefork-dev
49.  
50.     - name: Creation du dossier temporaire de compilation de mod_xml2enc
51.       file: path=/tmp/modbuild state=directory
52.  
53.     - name: Téléchargement de mod_xml2enc.c
54.       get_url: url=http://apache.webthing.com/svn/apache/filters/mod_xml2enc.c dest=/tmp/modbuild
55.     - name: Téléchargement de mod_xml2enc.h
56.       get_url: url=http://apache.webthing.com/svn/apache/filters/mod_xml2enc.h dest=/tmp/modbuild
57.  
58.     - name: Compilation de mod_xml2enc
59.       shell: apxs2 -aic -I/usr/include/libxml2 /tmp/modbuild/mod_xml2enc.c
60.  
61.     #- name: Suppression du dossier temporaire de compilation de mod_xml2enc
62.     #  file: path=/tmp/modbuild state=absent
63.  
64.     - name: Activation des modules apache2
65.       shell: a2enmod proxy proxy_http proxy_ajp rewrite deflate headers proxy_balancer proxy_connect proxy_html
66.  
67.     - name: Redemarrage du service apache2
68.       service: name=apache2 state=restarted
69.  
70.     # JAVA 8
71.     - debug: msg='# JAVA 8'
72.     - name: Acceptation de la License oracle
73.       debconf: name="oracle-java8-installer"
74.        question='shared/accepted-oracle-license-v1-1' value='true' vtype='select'
75.  
76.     - name: Installation java 8
77.       apt: name=oracle-java8-installer state=present
78.  
79.     # TOMCAT 7
80.     - debug: msg='# TOMCAT 7'
81.     - name: Installation  tomcat 7
82.       apt: name={{item}} state=present
83.       with_items:
84.        - tomcat7
85.         - tomcat7-admin
86.  
87.     - name: Téléchargement du fichier de configuration des utilisateurs tomcat 7
88.       get_url: url=http://pastebin.com/raw.php?i=b31xZmyt dest=/etc/tomcat7/tomcat-users.xml force=yes
89.  
90.     - name: Modification du port par defaut de tomcat
91.       replace: dest=/var/lib/tomcat7/conf/server.xml regexp='<Connector port="8080"'
92.        replace='<Connector port="{{tomcat_port}}"'
93.  
94.     - name: Definition de la variable HAVA_HOME
95.       lineinfile: dest=/etc/default/tomcat7 regexp='JAVA_HOME'
96.        line='JAVA_HOME=/usr/lib/jvm/java-8-oracle'
97.  
98.     - name: Redemarrage du service tomcat
99.       service: name=tomcat7 state=restarted
100.  
101.     # MAVEN
102.     - debug: msg='# MAVEN'
103.     - name: Installation maven
104.       apt: name=maven state=present
105.  
106.     # POSTFIX
107.     - debug: msg='# POSTFIX'
108.  
109.     - name: Configuration du type de mail
110.       debconf: name='postfix' question='postfix/main_mailer_type' vtype='select' value='Internet Site'
111.  
112.     - name: Configuration nom de domaine mail
113.       debconf: name='postfix' question='postfix/mailname' vtype='string' value='mail.blueteam.com'
114.  
115.     - name: Installation de postfix
116.       apt: name=postfix state=present
117.  
118.     - name: Configuration du relai
119.       lineinfile: dest=/etc/postfix/main.cf regexp='relayhost'
120.        line='relayhost = [smtp.gmail.com]:587'
121.  
122.     - name: Activation de l'authentification sasl
123.       lineinfile: dest=/etc/postfix/main.cf regexp='smtp_sasl_auth_enable'
124.        line='smtp_sasl_auth_enable = yes'
125.  
126.     - name: Definition du fichier password sasl
127.       lineinfile: dest=/etc/postfix/main.cf regexp='smtp_sasl_password_maps'
128.        line='smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd'
129.  
130.     - name: Definition de l'option de sécurité sasl
131.       lineinfile: dest=/etc/postfix/main.cf regexp='smtp_sasl_security_options'
132.        line='smtp_sasl_security_options = noanonymous'
133.  
134.     - name: Activation de tls
135.       lineinfile: dest=/etc/postfix/main.cf regexp='smtp_use_tls'
136.        line='smtp_use_tls = yes'
137.  
138.     - name: Definition de l'emplacement du certificat tls
139.       lineinfile: dest=/etc/postfix/main.cf regexp='smtp_tls_CAfile'
140.        line='smtp_tls_CAfile = /etc/postfix/cacert.pem'
141.  
142.     - name: Validation du certificat
143.       shell: cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem
144.  
145.     - name: Definition du compte gmail
146.       lineinfile: dest=/etc/postfix/sasl/sasl_passwd create=true state=present line='[smtp.gmail.com]:587 blueteamesiee@gmail.com:oBjCdDmhJhL'
147.  
148.     - name: Modification des autorisations du fichier des mot de passe
149.       file: path=/etc/postfix/sasl/sasl_passwd state=touch mode="u=r"
150.  
151.     - name: Mapping password
152.       shell: postmap /etc/postfix/sasl/sasl_passwd
153.  
154.     - name: Rechargement de la configuration
155.       shell: /usr/sbin/postfix reload
156.  
157.     - name: Changement du nom d'utilisateur
158.       shell: usermod vagrant -c "Postfix"
159.  
160.     # GITLAB
161.     - debug: msg='# GITLAB'
162.     - name: Téléchargement du package gitlab ominbus
163.       #get_url: url=https://downloads-packages.s3.amazonaws.com/ubuntu-14.04/gitlab_7.6.0-omnibus.5.3.0.ci-1_amd64.deb
164.        #dest=/home/vagrant/gitlab.deb
165.       get_url: url=https://downloads-packages.s3.amazonaws.com/ubuntu-14.04/gitlab_7.8.4-omnibus.1-1_amd64.deb
166.        dest=/home/vagrant/gitlab.deb
167.  
168.     - name: Installation de gitlab
169.       apt: deb=/home/vagrant/gitlab.deb
170.  
171.     - name: Modification du port par defaut de gitlab
172.       lineinfile: dest=/etc/gitlab/gitlab.rb regexp='external_url'
173.        line='external_url "http://localhost:{{gitlab_ext_port}}"'
174.  
175.     #- name: Modification du paramètre gitlab_email_from
176.     #  lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['gitlab_email_from'\]"
177.     #   line="gitlab_rails['gitlab_email_from'] = 'blueteamesiee@gmail.com'"
178.  
179.     #- name: Modification du paramètre smtp_enable
180.     #  lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_enable'\]"
181.     #   line="gitlab_rails['smtp_enable'] = true"
182.  
183.     # - name: Modification du paramètre smtp_address
184.     #   lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_address'\]"
185.     #    line="gitlab_rails['smtp_address'] = 'smtp.gmail.com'"
186.  
187.     # - name: Modification du paramètre smtp_port
188.     #   lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_port'\]"
189.     #    line="gitlab_rails['smtp_port'] = 587"
190.  
191.     # - name: Modification du paramètre smtp_user_name
192.     #   lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_user_name'\]"
193.     #    line="gitlab_rails['smtp_user_name'] = 'blueteamesiee@gmail.com'"
194.  
195.     # - name: Modification du paramètre smtp_password
196.     #   lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_password'\]"
197.     #    line="gitlab_rails['smtp_password'] = 'oBjCdDmhJhL'"
198.  
199.     # - name: Modification du paramètre smtp_domain
200.     #   lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_domain'\]"
201.     #    line="gitlab_rails['smtp_domain'] = 'smtp.gmail.com'"
202.  
203.     # - name: Modification du paramètre smtp_authentication
204.     #   lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_authentication'\]"
205.     #    line="gitlab_rails['smtp_authentication'] = 'login'"
206.  
207.     # - name: Modification du paramètre smtp_enable_starttls_auto
208.     #   lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_enable_starttls_auto'\]"
209.     #    line="gitlab_rails['smtp_enable_starttls_auto'] = true"
210.  
211.     # - name: Modification du paramètre smtp_tls
212.     #   lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_tls'\]"
213.     #    line="gitlab_rails['smtp_tls'] = false"
214.  
215.     # - name: Modification du paramètre smtp_openssl_verify_mode
216.     #   lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_openssl_verify_mode'\]"
217.     #    line="gitlab_rails['smtp_openssl_verify_mode'] = 'peer'"
218.  
219.     - name: Lancement du script de reconfiguration de gitlab
220.       shell: gitlab-ctl reconfigure
221.  
222.     - name: Identification de l'admin par session sur l'API gitlab
223.       uri: url=http://localhost:{{gitlab_ext_port}}/api/v3/session
224.        method=POST body='login={{ gitlab_admin_login }}&password={{ gitlab_admin_password }}' dest=/tmp/gitlab_api_root_session.json
225.        status_code=201
226.  
227.     - name: Récupération du token admin
228.       shell: cat /tmp/gitlab_api_root_session.json | jq '.private_token' -r
229.       register: gitlab_api_root_session
230.  
231.     #- name: Envoi de la requete de création de l'utilisateur de base sur l'API gitlab
232.       #uri: url=http://localhost:{{gitlab_ext_port}}/api/v3/users
233.        #method=POST HEADER_PRIVATE-TOKEN={{ gitlab_api_root_session.stdout }} body='username={{ gitlab_user_login }}&password={{ gitlab_user_password }}&email={{ gitlab_user_email }}&name={{ gitlab_user_name}}&confirm=false&can_create_group=false'
234.         #dest=/tmp/gitlab_api_create_user.json
235.         #status_code=201
236.  
237.     #- name: Envoi de la requete de création du groupe via l'API gitlab
238.       #uri: url=http://localhost:{{gitlab_ext_port}}/api/v3/groups
239.        #method=POST HEADER_PRIVATE-TOKEN={{ gitlab_api_root_session.stdout }} body='name={{ gitlab_group_name }}&path={{ gitlab_group_name }}'
240.         #dest=/tmp/gitlab_api_create_group.json
241.         #status_code=201
242.  
243.     - name: Envoi de la requete de creation du projet api via l'API gitlab
244.       uri: url=http://localhost:{{gitlab_ext_port}}/api/v3/projects
245.        method=POST HEADER_PRIVATE-TOKEN={{ gitlab_api_root_session.stdout }} body='name=JCalculator_api&visibility_level=10'
246.         dest=/tmp/gitlab_api_add_group_member.json
247.         status_code=201
248.  
249.     - name: Envoi de la requete de creation du projet client via l'API gitlab
250.       uri: url=http://localhost:{{gitlab_ext_port}}/api/v3/projects
251.        method=POST HEADER_PRIVATE-TOKEN={{ gitlab_api_root_session.stdout }} body='name=JCalculator_client&visibility_level=10'
252.         dest=/tmp/gitlab_api_add_group_member.json
253.         status_code=201
254.  
255.     - name: Téléchargement de jcalculator_api
256.       get_url: validate_certs=no url=http://download1651.mediafire.com/sxd69savpuag/ndn1c2kf9jf4gzu/jcalculator_api.tar.gz dest=~/jcalculator_api.tar.gz
257.  
258.     - name: Téléchargement de jcalculator_client
259.       get_url: validate_certs=no url=http://download1510.mediafire.com/daqk7282qukg/gjergjytw8jgrjl/jcalculator_client.tar.gz dest=~/jcalculator_client.tar.gz
260.  
261.     - file: state=directory path=~/jcalculator_api
262.     - file: state=directory path=~/jcalculator_client
263.  
264.     - name: Création de la clé ssh blueteam
265.       shell: ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''
266.  
267.     - file: path=~/.ssh/id_rsa owner=vagrant group=vagrant mode=0600
268.     - file: path=~/.ssh/id_rsa.pub owner=vagrant group=vagrant mode=0600
269.  
270.     - name: Récupération du token admin
271.       shell: cat ~/.ssh/id_rsa.pub
272.       register: id_rsa_blueteam
273.  
274.     - name: Envoi de la requete d'upload de la clé ssh via l'API gitlab
275.       shell: "curl -X POST -H 'PRIVATE-TOKEN: {{ gitlab_api_root_session.stdout }}' http://localhost:{{gitlab_ext_port}}/api/v3/user/keys --form-string 'title=blueteam_ssh_key' --form-string 'key={{ id_rsa_blueteam.stdout }}'"
276.  
277.     #- name: Envoi de la requetel'upload de la clé ssh via l'API gitlab
278.     #  uri: url=http://localhost:{{gitlab_ext_port}}/api/v3/user/keys
279.     #   method=POST HEADER_PRIVATE-TOKEN={{ gitlab_api_root_session.stdout }} body="title=blueteam_ssh_key&key={{ id_rsa_blueteam.stdout }}"
280.     #    dest=/tmp/gitlab_api_add_sshkey.json
281.     #    status_code=201
282.  
283.     - name: Config ssh
284.       get_url: url=http://pastebin.com/raw.php?i=jix0GghF dest=~/.ssh/config
285.  
286.     - name: Git user name
287.       shell: git config --global user.name "Administrator"
288.  
289.     - name: Git email
290.       shell: git config --global user.email "admin@example.com"
291.  
292.     - name: Téléchargement du script git
293.       get_url: url=http://pastebin.com/raw.php?i=edpMpbuT dest=~/git_bash.sh
294.  
295.     - name: Modification des droits du script git
296.       file: path=~/git_bash.sh state=touch mode="u+x,g+x,o+x"
297.  
298.     - name: Conversion des lignes du script git api
299.       command: dos2unix ~/git_bash.sh
300.  
301.     - name: Clonage du projet JCalculator-api
302.       #git: repo=git@localhost:root/jcalculator_api.git accept_hostkey=true
303.        #dest=~/jcalculator_api
304.       shell: git clone git@localhost:root/jcalculator_api.git ~/jcalculator_api
305.  
306.     - name: Dézippage de jcalculator_api
307.       shell: tar -xzf ~/jcalculator_api.tar.gz -C ~/jcalculator_api
308.  
309.     - name: Exécution de script git api
310.       shell: ~/git_bash.sh ~/jcalculator_api/.git ~/jcalculator_api
311.  
312.     - name: Clonage du projet JCalculator-client
313.       #git: repo=git@localhost:root/jcalculator_client.git
314.        #dest=~/jcalculator_client
315.       shell: git clone git@localhost:root/jcalculator_client.git ~/jcalculator_client
316.  
317.     - name: Dézippage de jcalculator_client
318.       shell: tar -xzf ~/jcalculator_client.tar.gz -C ~/jcalculator_client
319.  
320.     - name: Exécution de script git client
321.       shell: ~/git_bash.sh ~/jcalculator_client/.git ~/jcalculator_client
322.  
323. # JENKINS
324. - name: Ajout du dépot jenkins
325.   apt_repository: repo='deb http://pkg.jenkins-ci.org/debian binary/' state=present
326.  
327. - name: Récupération de la clé  jenkins
328.   get_url: url=http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key dest=/tmp/jenkins.key
329.  
330. - name: Intégration de la clé
331.   apt_key: file=/tmp/jenkins.key state=present
332.  
333. - name: Mise à jour de l'apt cache
334.   apt: update_cache=yes
335.  
336. - name: Installation jenkins
337.   apt: name=jenkins state=present
338.  
339. - name: Definition du port jenkins
340.   lineinfile: dest=/etc/default/jenkins regexp='HTTP_PORT='
341.    line='HTTP_PORT={{jenkins_port}}'
342.  
343. - name: Definition du context root jenkins
344.   lineinfile: dest=/etc/default/jenkins regexp='JENKINS_ARGS'
345.    line='JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT --prefix=$PREFIX"'
346.  
347. - name: Redemarrage du service jenkins
348.   service: name=jenkins state=restarted
349.  
350. - pause: minutes=1
351.  
352. - name: Installation du plugin gitlab
353.   command: java -jar /var/cache/jenkins/war/WEB-INF/jenkins-cli.jar -s http://localhost:{{jenkins_port}}/jenkins install-plugin gitlab-plugin
354.  
355. - name: Redemarrage de jenkins
356.   command: java -jar /var/cache/jenkins/war/WEB-INF/jenkins-cli.jar -s http://localhost:{{jenkins_port}}/jenkins safe-restart
357.  
358. - name: Creation du dossier ssh de l'utilisateur jenkins
359.   file: path=/var/lib/jenkins/.ssh state=directory owner=jenkins group=jenkins
360.  
361. - name: Copie clé privée root
362.   command: cp /root/.ssh/id_rsa /var/lib/jenkins/.ssh/id_rsa
363.  
364. - name: Copie clé publique root
365.   command: cp /root/.ssh/id_rsa.pub /var/lib/jenkins/.ssh/id_rsa.pub
366.  
367. - file: path=/var/lib/jenkins/.ssh/id_rsa owner=jenkins group=jenkins mode=0600
368. - file: path=/var/lib/jenkins/.ssh/id_rsa.pub owner=jenkins group=jenkins mode=0600
369.  
370. - name: Installation de python jenkins api
371.   pip: name=python-jenkins
372.  
373. - name: Téléchargement du fichier de credentials
374.   get_url: url=http://pastebin.com/raw.php?i=qSzq54Ta dest=/var/lib/jenkins/credentials.xml
375.  
376. - name: Téléchargement du fichier de configuration générale
377.   get_url: url=http://pastebin.com/raw.php?i=VUqc8VXJ dest=/var/lib/jenkins/config.xml
378.  
379. - name: Téléchargement du fichier de configuration jcalculator_api
380.   get_url: url=http://pastebin.com/raw.php?i=jLBd81En dest=/tmp/jcalculator-api-config.xml
381.  
382. - name: Téléchargement du fichier de configuration jcalculator_client
383.   get_url: url=http://pastebin.com/raw.php?i=ykc4mY7e dest=/tmp/jcalculator-client-config.xml
384.  
385. - name: Téléchargement du script python de creation des jobs
386.   get_url: url=http://pastebin.com/raw.php?i=fjGTsuSb dest=/tmp/jenkins_jobs.py
387.  
388. - pause: minutes=1
389.  
390. - name: Creation des jobs via l'API python
391.   command: python /tmp/jenkins_jobs.py