From d837c82cf009a90ed0f416bf7fe514aca6e637ab Mon Sep 17 00:00:00 2001
From: Mathieu Deloitte <mathieu.deloitte@gmail.com>
Date: Wed, 24 Aug 2016 14:35:57 +0200
Subject: [PATCH] Allow user to choose MISP data location at installation +
 backup management in separate file

---
 roles/misp/defaults/main.yml           |   1 +
 roles/misp/tasks/backup.yml            |  41 +++++++++
 roles/misp/tasks/main.yml              |  41 ++-------
 roles/misp/tasks/new_data_location.yml | 115 +++++++++++++++++++++++++
 roles/misp/templates/misp/misp_backup  |   4 +-
 5 files changed, 167 insertions(+), 35 deletions(-)
 create mode 100644 roles/misp/tasks/backup.yml
 create mode 100644 roles/misp/tasks/new_data_location.yml

diff --git a/roles/misp/defaults/main.yml b/roles/misp/defaults/main.yml
index e0f3215..4bbb9d9 100644
--- a/roles/misp/defaults/main.yml
+++ b/roles/misp/defaults/main.yml
@@ -1,2 +1,3 @@
 ---
 # default lower priority variables for this role
+data_location: /opt/misp-server/misp/app
diff --git a/roles/misp/tasks/backup.yml b/roles/misp/tasks/backup.yml
new file mode 100644
index 0000000..189b1c5
--- /dev/null
+++ b/roles/misp/tasks/backup.yml
@@ -0,0 +1,41 @@
+############################################
+#####           BACKUP                  ####
+############################################
+
+- name: Create MISP server directory
+  file:
+    path: "{{ item }}"
+    owner: misp
+    group: misp-server
+    mode: 02775
+    state: directory
+  with_items: 
+    - "{{data_location}}/backup"
+
+- name: Copy backup script
+  become: true
+  template:
+    src: misp/{{item}}
+    dest: /bin/{{item}}
+    mode: 0755
+  with_items:
+    - misp_backup
+
+- name: Copy restore script
+  template:
+    src: misp/{{item}}
+    dest: "{{data_location}}/backup/{{item}}"
+    mode: 0755
+    owner: misp
+    group: misp
+  with_items:
+    - misp_restore
+
+- name: Create backup cronjob
+  become: true
+  become_user: misp
+  cron:
+    name: "misp backup cronjob"
+    minute: "0"
+    hour: "4"
+    job: "sh /bin/misp_backup"
diff --git a/roles/misp/tasks/main.yml b/roles/misp/tasks/main.yml
index b6114e6..f2a56df 100644
--- a/roles/misp/tasks/main.yml
+++ b/roles/misp/tasks/main.yml
@@ -72,7 +72,6 @@
     - "/opt/misp-server"
     - "/opt/misp-server/misp"
     - "/opt/misp-server/tmp"
-    - "/opt/misp-server/backup"
 
 ######### PEAR: CRYPTPGP #########
 - name: Configure PEAR proxy
@@ -317,7 +316,7 @@
   with_items:
     - mysql -D misp < /opt/misp-server/misp/INSTALL/MYSQL.sql
   when: mysql_init.changed
-  
+
 ######### PERMISSIONS #########
 
 - name: Fix all files permissions
@@ -327,38 +326,14 @@
     state: directory
     mode: "g=u"
 
-############################################
-#####           BACKUP                  ####
-############################################
+############ BACKUP ###########
 
-- name: Copy backup script
-  become: true
-  template: 
-    src: misp/{{item}}
-    dest: /bin/{{item}}
-    mode: 0755
-  with_items:
-    - misp_backup
+- name: Configure and enable MISP backup
+  include: backup.yml
   when: enable_auto_backup == 'y'
 
-- name: Copy restore script
-  template: 
-    src: misp/{{item}}
-    dest: /opt/misp-server/backup/{{item}}
-    mode: 0755
-    owner: misp
-    group: misp
-  with_items:
-    - misp_backup
-  when: enable_auto_backup == 'y'
-
-- name: Create backup cronjob
-  become: true
-  become_user: misp
-  cron:
-    name: "misp backup cronjob"
-    minute: "0"
-    hour: "4"
-    job: "sh /bin/misp_backup"
-  when: enable_auto_backup == 'y'
+####### NEW DATA LOCATION #####
 
+- name: Change DATA location of MISP
+  include: new_data_location.yml
+  when: data_location != '/opt/misp-server/misp/app'
diff --git a/roles/misp/tasks/new_data_location.yml b/roles/misp/tasks/new_data_location.yml
new file mode 100644
index 0000000..93f8170
--- /dev/null
+++ b/roles/misp/tasks/new_data_location.yml
@@ -0,0 +1,115 @@
+############################################
+#####        NEW DATA LOCATION          ####
+############################################
+
+- name: Create MISP backup and data directories
+  file:
+    path: "{{ item }}"
+    owner: misp
+    group: misp-server
+    mode: 0775
+    state: directory
+  with_items:
+    - "{{data_location}}/backup"
+
+######### MOVE MYSQL DATA #########
+
+- name: MySQL | Stop service to move data
+  service:
+    name: mysql
+    state: stopped
+    enabled: yes
+  when: mysql_init.changed
+
+- name: MySQL | Copy data
+  shell: "{{ item }}"
+  with_items:
+    - "cp -R -p /var/lib/mysql {{data_location}} "
+  sudo: yes
+  when: mysql_init.changed
+
+- name: MySQL | Update MySQL configuration
+  replace:
+    dest: /etc/mysql/my.cnf
+    regexp: '/var/lib/mysql'
+    replace: '{{data_location}}/mysql'
+  when: mysql_init.changed
+
+- name: MySQL | Update AppArmor configuration
+  replace:
+    dest: /etc/apparmor.d/usr.sbin.mysqld
+    regexp: '/var/lib/mysql/'
+    replace: '{{data_location}}/mysql/'
+  when: mysql_init.changed
+
+- name: MySQL | Reload service AppArmor
+  service:
+    name: apparmor
+    state: reloaded
+    enabled: yes
+  when: mysql_init.changed
+
+- name: MySQL | Start service after moving data
+  service:
+    name: mysql
+    state: restarted
+    enabled: yes
+  when: mysql_init.changed
+
+- name: MySQL | Check if old data directory is removed
+  file:
+    path: /var/lib/mysql
+    state: absent
+  sudo: yes
+
+#### MISP DATA MOVE ####
+
+# Copy with SHELL since Ansible does not currently support recursive remote copying
+- name: Copy tmp data
+  shell: "{{ item }}"
+  with_items:
+    - "cp -rp /opt/misp-server/misp/app/tmp {{data_location}}/ "
+  sudo: yes
+  when: mysql_init.changed
+
+- name: Remove old MISP tmp data directory
+  file:
+    path: /opt/misp-server/misp/app/tmp
+    state: absent
+  sudo: yes
+  when: mysql_init.changed
+
+- name: Link MISP tmp data directory to new data location
+  file:
+    src: "{{data_location}}/tmp"
+    dest: /opt/misp-server/misp/app/tmp
+    state: link
+    force: yes
+    owner: misp
+    group: misp-server
+    mode: 777
+
+# Copy with SHELL since Ansible does not currently support recursive remote copying
+- name: Copy MISP file data directory to /DATA
+  shell: "{{ item }}"
+  with_items:
+    - "cp -rp /opt/misp-server/misp/app/files {{data_location}}/ "
+  sudo: yes
+  when: mysql_init.changed
+
+- name: Remove old MISP files data directory
+  file:
+    path: /opt/misp-server/misp/app/files
+    state: absent
+  sudo: yes
+  when: mysql_init.changed
+
+- name: Link MISP file data directory to /DATA
+  file:
+    src: "{{data_location}}/files"
+    dest: /opt/misp-server/misp/app/files
+    state: link
+    force: yes
+    owner: misp
+    group: misp-server
+    mode: 777
diff --git a/roles/misp/templates/misp/misp_backup b/roles/misp/templates/misp/misp_backup
index 48aed50..88cc867 100644
--- a/roles/misp/templates/misp/misp_backup
+++ b/roles/misp/templates/misp/misp_backup
@@ -5,13 +5,13 @@
 ###########################################
 
 TIMESTAMP=`date +%m%d%Y%H%M`
-BACKUP_PATH='/opt/misp-server/backup'
+BACKUP_PATH='{{data_location}}/backup'
 BACKUP_DIR="$BACKUP_PATH/$TIMESTAMP"
 
 BACKUP_MYSQL_DIR="$BACKUP_DIR/mysql"
 BACKUP_FILES_DIR="$BACKUP_DIR/misp"
 
-MISP_FILES="/opt/misp-server/misp/app/files"
+MISP_FILES="{{data_location}}/files"
 MISP_CONF="/opt/misp-server/misp/app/Config"
 
 mkdir "$BACKUP_DIR"