Skip to content

Commit

Permalink
Merge pull request #242 from juju4/devel-file
Browse files Browse the repository at this point in the history
add file install method
  • Loading branch information
redhatrises authored Sep 6, 2022
2 parents 2cd6bd7 + adca585 commit a593e76
Show file tree
Hide file tree
Showing 10 changed files with 57 additions and 32 deletions.
2 changes: 2 additions & 0 deletions changelogs/fragments/add-local-file-install-method.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
minor_changes:
- falcon_install - add the ability to install from a local file (https://github.com/CrowdStrike/ansible_collection_falcon/pull/242).
13 changes: 13 additions & 0 deletions roles/falcon_install/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ The following variables are currently supported:
* `falcon_download_url_password` - password for downloading the sensor (string, default: null)
* `falcon_retries` - Number of attempts to download the sensor (int, default: 3)
* `falcon_delay` - Number of seconds before trying another download attempt (int, default: 3)
* `falcon_localfile_path` - Absolute path to local falcon sensor package (string, default: null)
* `falcon_localfile_cleanup` - Allow removing the local file after install (bool, default: false)
* `falcon_windows_install_retries` - Number of times to retry sensor install on windows (int, default: 10)
* `falcon_windows_install_delay` - Number of seconds to wait to retry sensor install on windows in the event of a failure (int, default: 120)
* `falcon_windows_tmp_dir` - Temporary Windows download and installation directory for the Falson Sensor (string, default: `%SYSTEMROOT%\\Temp`)
Expand Down Expand Up @@ -108,6 +110,17 @@ This example installs the Falcon Sensor using a sensor update policy called "ACM
falcon_client_secret: <Falcon_UI_OAUTH_client_secret>
falcon_sensor_update_policy_name: "ACME Policy"
```
This example installs the Falcon Sensor from a local file, then removes it.
```yaml
---
- hosts: all
roles:
- role: crowdstrike.falcon.falcon_install
vars:
falcon_install_method: file
falcon_localfile_path: /tmp/falcon.deb
falcon_localfile_cleanup: yes
```
License
-------
Expand Down
11 changes: 11 additions & 0 deletions roles/falcon_install/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,20 @@ falcon_skip_kernel_compat_check: no
# api: Default: Fetch the latest installer directly from the CrowdStrike API.
# url: Fetch installer from a URL
# repo: Install from a package repository like APT, DNF, or YUM
# file: Install from a local file
#
falcon_install_method: api

# If the installation method is 'file', provide the absolute path to the installer file.
#
falcon_localfile_path:

# If the installation method is 'file', specify whether to remove the local file after installation.
# By default, this is disabled in the event the falcon_localfile_path is set to a shared file
# system location.
#
falcon_localfile_cleanup: no

# Specify whether or not to verify the Falcon sensor Linux based packages.
# By default, this is enabled - which will handle the installation and importing
# of the CrowdStrike Falcon sensor GPG Key.
Expand Down
2 changes: 1 addition & 1 deletion roles/falcon_install/tasks/api.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
falcon_cloud: "{{ falcon_cloud_urls[falcon_api_oauth2_token.x_cs_region] }}"
when:
- falcon_cloud_autodiscover
- falcon_api_oauth2_token.x_cs_region|length > 0
- falcon_api_oauth2_token.x_cs_region | length > 0

# Block when falcon_sensor_update_policy_name is supplied
- name: Sensor Update Policy Block
Expand Down
6 changes: 6 additions & 0 deletions roles/falcon_install/tasks/file.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
- name: CrowdStrike Falcon | Set full file path
ansible.builtin.set_fact:
falcon_sensor_pkg: "{{ falcon_localfile_path }}"
when:
- falcon_localfile_path | length > 0
26 changes: 14 additions & 12 deletions roles/falcon_install/tasks/install.yml
Original file line number Diff line number Diff line change
@@ -1,16 +1,9 @@
---
- name: CrowdStrike Falcon | Set default sensor name
ansible.builtin.set_fact:
installed_sensor: falcon-sensor
falcon_sensor_pkg: 'falcon-sensor'
when:
- ansible_pkg_mgr in linux_packagers

- name: CrowdStrike Falcon | Set default sensor name for non-Windows installations
ansible.builtin.set_fact:
falcon_sensor_pkg: "{{ installed_sensor }}"
when:
- ansible_pkg_mgr in linux_packagers
- falcon_sensor_download is not defined
- falcon_sensor_pkg is not defined

- name: CrowdStrike Falcon | Transfer CrowdStrike Falcon RPM GPG key file
ansible.builtin.copy:
Expand Down Expand Up @@ -65,7 +58,7 @@
patterns: "ansible.*falcon"
file_type: directory
register: falcon_tmp_dir_objects
when: falcon_install_tmp_dir|length > 0
when: falcon_install_tmp_dir | length > 0
changed_when: no

- name: CrowdStrike Falcon | Remove tmp install directories
Expand All @@ -74,6 +67,15 @@
state: absent
loop: "{{ falcon_tmp_dir_objects.files }}"
when:
- falcon_install_tmp_dir|length > 0
- falcon_tmp_dir_objects is defined and falcon_tmp_dir_objects.files|length > 0
- falcon_install_tmp_dir | length > 0
- falcon_tmp_dir_objects is defined and falcon_tmp_dir_objects.files | length > 0
changed_when: no

- name: CrowdStrike Falcon | Remove Falcon Sensor Package (local file)
ansible.builtin.file:
path: "{{ falcon_localfile_path }}"
state: absent
when:
- falcon_install_method == "file"
- falcon_localfile_cleanup
changed_when: no
6 changes: 6 additions & 0 deletions roles/falcon_install/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,12 @@
- falcon_install_method == "api"
- ansible_os_family != "Windows"

- block:
- ansible.builtin.include_tasks: file.yml
# noqa unnamed-task 502
when:
- falcon_install_method == "file"

- block:
- ansible.builtin.include_tasks: win_api.yml
# noqa unnamed-task 502
Expand Down
15 changes: 0 additions & 15 deletions roles/falcon_install/tasks/preinstall.yml
Original file line number Diff line number Diff line change
Expand Up @@ -64,21 +64,6 @@
falcon_sensor_update_policy_platform: "{{ ansible_os_family }}"
when: ansible_os_family == "Windows"

- name: CrowdStrike Falcon | Set default sensor name
ansible.builtin.set_fact:
installed_sensor: falcon-sensor
when:
- ansible_pkg_mgr is defined
- ansible_pkg_mgr in linux_packagers

- name: CrowdStrike Falcon | Set default sensor name for non-Windows installations
ansible.builtin.set_fact:
falcon_sensor_pkg: "{{ installed_sensor }}"
when:
- ansible_pkg_mgr is defined
- ansible_pkg_mgr in linux_packagers
- falcon_sensor_download is not defined

- name: CrowdStrike Falcon | Verify Temporary Install Directory Exists (non-Windows)
ansible.builtin.tempfile:
path: "{{ falcon_install_tmp_dir }}"
Expand Down
2 changes: 1 addition & 1 deletion roles/falcon_install/tasks/win_api.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
falcon_cloud: "{{ falcon_cloud_urls[falcon_api_oauth2_token.x_cs_region] }}"
when:
- falcon_cloud_autodiscover
- falcon_api_oauth2_token.x_cs_region|length > 0
- falcon_api_oauth2_token.x_cs_region | length > 0

- name: CrowdStrike Falcon | Detect Target CID Based on Credentials
ansible.windows.win_uri:
Expand Down
6 changes: 3 additions & 3 deletions roles/falcon_install/tasks/win_install.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
patterns: "ansible.*falcon"
file_type: directory
register: falcon_tmp_dir_objects
when: falcon_windows_tmp_dir|length > 0
when: falcon_windows_tmp_dir | length > 0
changed_when: no

- name: CrowdStrike Falcon | Remove tmp install directory (Windows)
Expand All @@ -32,6 +32,6 @@
state: absent
loop: "{{ falcon_tmp_dir_objects.files }}"
when:
- falcon_windows_tmp_dir|length > 0
- falcon_tmp_dir_objects is defined and falcon_tmp_dir_objects.files|length > 0
- falcon_windows_tmp_dir | length > 0
- falcon_tmp_dir_objects is defined and falcon_tmp_dir_objects.files | length > 0
changed_when: no

0 comments on commit a593e76

Please sign in to comment.