mirror of https://github.com/MISP/ansible
Allow user to choose MISP data location at installation + backup management in separate file
parent
9f60beff00
commit
d837c82cf0
|
@ -1,2 +1,3 @@
|
||||||
---
|
---
|
||||||
# default lower priority variables for this role
|
# default lower priority variables for this role
|
||||||
|
data_location: /opt/misp-server/misp/app
|
||||||
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
############################################
|
||||||
|
##### BACKUP ####
|
||||||
|
############################################
|
||||||
|
|
||||||
|
- name: Create MISP server directory
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
owner: misp
|
||||||
|
group: misp-server
|
||||||
|
mode: 02775
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- "{{data_location}}/backup"
|
||||||
|
|
||||||
|
- name: Copy backup script
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
src: misp/{{item}}
|
||||||
|
dest: /bin/{{item}}
|
||||||
|
mode: 0755
|
||||||
|
with_items:
|
||||||
|
- misp_backup
|
||||||
|
|
||||||
|
- name: Copy restore script
|
||||||
|
template:
|
||||||
|
src: misp/{{item}}
|
||||||
|
dest: "{{data_location}}/backup/{{item}}"
|
||||||
|
mode: 0755
|
||||||
|
owner: misp
|
||||||
|
group: misp
|
||||||
|
with_items:
|
||||||
|
- misp_restore
|
||||||
|
|
||||||
|
- name: Create backup cronjob
|
||||||
|
become: true
|
||||||
|
become_user: misp
|
||||||
|
cron:
|
||||||
|
name: "misp backup cronjob"
|
||||||
|
minute: "0"
|
||||||
|
hour: "4"
|
||||||
|
job: "sh /bin/misp_backup"
|
|
@ -72,7 +72,6 @@
|
||||||
- "/opt/misp-server"
|
- "/opt/misp-server"
|
||||||
- "/opt/misp-server/misp"
|
- "/opt/misp-server/misp"
|
||||||
- "/opt/misp-server/tmp"
|
- "/opt/misp-server/tmp"
|
||||||
- "/opt/misp-server/backup"
|
|
||||||
|
|
||||||
######### PEAR: CRYPTPGP #########
|
######### PEAR: CRYPTPGP #########
|
||||||
- name: Configure PEAR proxy
|
- name: Configure PEAR proxy
|
||||||
|
@ -317,7 +316,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- mysql -D misp < /opt/misp-server/misp/INSTALL/MYSQL.sql
|
- mysql -D misp < /opt/misp-server/misp/INSTALL/MYSQL.sql
|
||||||
when: mysql_init.changed
|
when: mysql_init.changed
|
||||||
|
|
||||||
######### PERMISSIONS #########
|
######### PERMISSIONS #########
|
||||||
|
|
||||||
- name: Fix all files permissions
|
- name: Fix all files permissions
|
||||||
|
@ -327,38 +326,14 @@
|
||||||
state: directory
|
state: directory
|
||||||
mode: "g=u"
|
mode: "g=u"
|
||||||
|
|
||||||
############################################
|
############ BACKUP ###########
|
||||||
##### BACKUP ####
|
|
||||||
############################################
|
|
||||||
|
|
||||||
- name: Copy backup script
|
- name: Configure and enable MISP backup
|
||||||
become: true
|
include: backup.yml
|
||||||
template:
|
|
||||||
src: misp/{{item}}
|
|
||||||
dest: /bin/{{item}}
|
|
||||||
mode: 0755
|
|
||||||
with_items:
|
|
||||||
- misp_backup
|
|
||||||
when: enable_auto_backup == 'y'
|
when: enable_auto_backup == 'y'
|
||||||
|
|
||||||
- name: Copy restore script
|
####### NEW DATA LOCATION #####
|
||||||
template:
|
|
||||||
src: misp/{{item}}
|
|
||||||
dest: /opt/misp-server/backup/{{item}}
|
|
||||||
mode: 0755
|
|
||||||
owner: misp
|
|
||||||
group: misp
|
|
||||||
with_items:
|
|
||||||
- misp_backup
|
|
||||||
when: enable_auto_backup == 'y'
|
|
||||||
|
|
||||||
- name: Create backup cronjob
|
|
||||||
become: true
|
|
||||||
become_user: misp
|
|
||||||
cron:
|
|
||||||
name: "misp backup cronjob"
|
|
||||||
minute: "0"
|
|
||||||
hour: "4"
|
|
||||||
job: "sh /bin/misp_backup"
|
|
||||||
when: enable_auto_backup == 'y'
|
|
||||||
|
|
||||||
|
- name: Change DATA location of MISP
|
||||||
|
include: new_data_location.yml
|
||||||
|
when: data_location != '/opt/misp-server/misp/app'
|
||||||
|
|
|
@ -0,0 +1,115 @@
|
||||||
|
############################################
|
||||||
|
##### NEW DATA LOCATION ####
|
||||||
|
############################################
|
||||||
|
|
||||||
|
- name: Create MISP backup and data directories
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
owner: misp
|
||||||
|
group: misp-server
|
||||||
|
mode: 0775
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- "{{data_location}}/backup"
|
||||||
|
|
||||||
|
######### MOVE MYSQL DATA #########
|
||||||
|
|
||||||
|
- name: MySQL | Stop service to move data
|
||||||
|
service:
|
||||||
|
name: mysql
|
||||||
|
state: stopped
|
||||||
|
enabled: yes
|
||||||
|
when: mysql_init.changed
|
||||||
|
|
||||||
|
- name: MySQL | Copy data
|
||||||
|
shell: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- "cp -R -p /var/lib/mysql {{data_location}} "
|
||||||
|
sudo: yes
|
||||||
|
when: mysql_init.changed
|
||||||
|
|
||||||
|
- name: MySQL | Update MySQL configuration
|
||||||
|
replace:
|
||||||
|
dest: /etc/mysql/my.cnf
|
||||||
|
regexp: '/var/lib/mysql'
|
||||||
|
replace: '{{data_location}}/mysql'
|
||||||
|
when: mysql_init.changed
|
||||||
|
|
||||||
|
- name: MySQL | Update AppArmor configuration
|
||||||
|
replace:
|
||||||
|
dest: /etc/apparmor.d/usr.sbin.mysqld
|
||||||
|
regexp: '/var/lib/mysql/'
|
||||||
|
replace: '{{data_location}}/mysql/'
|
||||||
|
when: mysql_init.changed
|
||||||
|
|
||||||
|
- name: MySQL | Reload service AppArmor
|
||||||
|
service:
|
||||||
|
name: apparmor
|
||||||
|
state: reloaded
|
||||||
|
enabled: yes
|
||||||
|
when: mysql_init.changed
|
||||||
|
|
||||||
|
- name: MySQL | Start service after moving data
|
||||||
|
service:
|
||||||
|
name: mysql
|
||||||
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
|
when: mysql_init.changed
|
||||||
|
|
||||||
|
- name: MySQL | Check if old data directory is removed
|
||||||
|
file:
|
||||||
|
path: /var/lib/mysql
|
||||||
|
state: absent
|
||||||
|
sudo: yes
|
||||||
|
|
||||||
|
#### MISP DATA MOVE ####
|
||||||
|
|
||||||
|
# Copy with SHELL since Ansible does not currently support recursive remote copying
|
||||||
|
- name: Copy tmp data
|
||||||
|
shell: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- "cp -rp /opt/misp-server/misp/app/tmp {{data_location}}/ "
|
||||||
|
sudo: yes
|
||||||
|
when: mysql_init.changed
|
||||||
|
|
||||||
|
- name: Remove old MISP tmp data directory
|
||||||
|
file:
|
||||||
|
path: /opt/misp-server/misp/app/tmp
|
||||||
|
state: absent
|
||||||
|
sudo: yes
|
||||||
|
when: mysql_init.changed
|
||||||
|
|
||||||
|
- name: Link MISP tmp data directory to new data location
|
||||||
|
file:
|
||||||
|
src: "{{data_location}}/tmp"
|
||||||
|
dest: /opt/misp-server/misp/app/tmp
|
||||||
|
state: link
|
||||||
|
force: yes
|
||||||
|
owner: misp
|
||||||
|
group: misp-server
|
||||||
|
mode: 777
|
||||||
|
|
||||||
|
# Copy with SHELL since Ansible does not currently support recursive remote copying
|
||||||
|
- name: Copy MISP file data directory to /DATA
|
||||||
|
shell: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- "cp -rp /opt/misp-server/misp/app/files {{data_location}}/ "
|
||||||
|
sudo: yes
|
||||||
|
when: mysql_init.changed
|
||||||
|
|
||||||
|
- name: Remove old MISP files data directory
|
||||||
|
file:
|
||||||
|
path: /opt/misp-server/misp/app/files
|
||||||
|
state: absent
|
||||||
|
sudo: yes
|
||||||
|
when: mysql_init.changed
|
||||||
|
|
||||||
|
- name: Link MISP file data directory to /DATA
|
||||||
|
file:
|
||||||
|
src: "{{data_location}}/files"
|
||||||
|
dest: /opt/misp-server/misp/app/files
|
||||||
|
state: link
|
||||||
|
force: yes
|
||||||
|
owner: misp
|
||||||
|
group: misp-server
|
||||||
|
mode: 777
|
|
@ -5,13 +5,13 @@
|
||||||
###########################################
|
###########################################
|
||||||
|
|
||||||
TIMESTAMP=`date +%m%d%Y%H%M`
|
TIMESTAMP=`date +%m%d%Y%H%M`
|
||||||
BACKUP_PATH='/opt/misp-server/backup'
|
BACKUP_PATH='{{data_location}}/backup'
|
||||||
BACKUP_DIR="$BACKUP_PATH/$TIMESTAMP"
|
BACKUP_DIR="$BACKUP_PATH/$TIMESTAMP"
|
||||||
|
|
||||||
BACKUP_MYSQL_DIR="$BACKUP_DIR/mysql"
|
BACKUP_MYSQL_DIR="$BACKUP_DIR/mysql"
|
||||||
BACKUP_FILES_DIR="$BACKUP_DIR/misp"
|
BACKUP_FILES_DIR="$BACKUP_DIR/misp"
|
||||||
|
|
||||||
MISP_FILES="/opt/misp-server/misp/app/files"
|
MISP_FILES="{{data_location}}/files"
|
||||||
MISP_CONF="/opt/misp-server/misp/app/Config"
|
MISP_CONF="/opt/misp-server/misp/app/Config"
|
||||||
|
|
||||||
mkdir "$BACKUP_DIR"
|
mkdir "$BACKUP_DIR"
|
||||||
|
|
Loading…
Reference in New Issue