blob: f95d9df6147946cf60bb6869915710b95aa2e1f7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
---
- name: create base directory
file:
path: "/var/lib/greenbone/{{ greenbone_server_hostname }}"
state: directory
- name: copy docker compose file
template:
src: "docker-compose-{{ greenbone_server_version }}.yml.j2"
dest: "/var/lib/greenbone/{{ greenbone_server_hostname }}/docker-compose.yml"
## TODO: replace this with proper ansible modules once the v2 modules get released
- name: get list of running compose projects
check_mode: no
command: "docker compose ls --format json --filter 'name=^{{ greenbone_server_hostname | replace('.', '_') }}$'"
changed_when: False
register: greenbone_server_compose_list
- name: initial compose setup
when: (greenbone_server_compose_list.stdout | from_json | length) == 0
block:
- name: pull greenbone images
command: docker compose -f "/var/lib/greenbone/{{ greenbone_server_hostname }}/docker-compose.yml" -p "{{ greenbone_server_hostname | replace('.', '_') }}" pull
- name: start greenbone
command: docker compose -f "/var/lib/greenbone/{{ greenbone_server_hostname }}/docker-compose.yml" -p "{{ greenbone_server_hostname | replace('.', '_') }}" up -d
- name: set admin password
command: docker compose -f "/var/lib/greenbone/{{ greenbone_server_hostname }}/docker-compose.yml" -p "{{ greenbone_server_hostname | replace('.', '_') }}" exec -u gvmd gvmd gvmd --user=admin --new-password="{{ greenbone_server_admin_password }}"
register: greenbone_server_set_admin_password
until: "greenbone_server_set_admin_password is not failed"
retries: 15
delay: 5
- name: compute nginx vhost config
vars:
greenbone_server_vhost_base:
name: greenbone
mode: "0600"
template: generic
hostnames:
- "{{ greenbone_server_hostname }}"
locations:
'/':
proxy_pass: "http://127.0.0.1:9392"
greenbone_server_vhost_override__yaml: |
{% if greenbone_server_tls is defined %}
tls:
{{ greenbone_server_tls | to_nice_yaml(indent=2) | indent(2) }}
{% endif %}
set_fact:
greenbone_server_vhost: "{{ greenbone_server_vhost_base | combine(greenbone_server_vhost_override__yaml | from_yaml, recursive=True) }}"
- name: configure nginx vhost
vars:
nginx_vhost:
"{{ greenbone_server_vhost }}"
include_role:
name: nginx/vhost
- name: install update script
copy:
content: |
#!/bin/bash
set -e
docker compose -f "/var/lib/greenbone/{{ greenbone_server_hostname }}/docker-compose.yml" -p "{{ greenbone_server_hostname | replace('.', '_') }}" pull notus-data vulnerability-tests scap-data dfn-cert-data cert-bund-data report-formats data-objects
docker compose -f "/var/lib/greenbone/{{ greenbone_server_hostname }}/docker-compose.yml" -p "{{ greenbone_server_hostname | replace('.', '_') }}" up -d notus-data vulnerability-tests scap-data dfn-cert-data cert-bund-data report-formats data-objects
echo "update queued successfully."
echo "Please also read: https://greenbone.github.io/docs/latest/22.4/container/workflows.html#performing-a-feed-synchronization"
echo ""
echo "cleaning up unused/old containers and images ..."
docker system prune -f
exit 0
dest: "/usr/local/bin/update-greenbone.{{ greenbone_server_hostname }}"
mode: 0755
- name: install systemd units for feed updates
when: greenbone_feed_update_schedule is defined
loop:
- service
- timer
template:
src: "systemd.{{ item }}.j2"
dest: "/etc/systemd/system/update-greenbone_{{ greenbone_server_hostname }}.{{ item }}"
- name: make sure systemd is started and enabled
when: greenbone_feed_update_schedule is defined
systemd:
daemon_reload: yes
name: "update-greenbone_{{ greenbone_server_hostname }}.timer"
enabled: yes
state: started
|
