shortstack · May 24, 2018 14:06
diff --git a/enroll-kolide-agent.yml b/enroll-kolide-agent.yml
 ---
 - hosts: localhost
  vars:
    kolide_url_cmd: "{{ kolide_url }}"
    kolide_user_cmd: "{{ kolide_user }}"
    kolide_pw_cmd: "{{ kolide_pw }}"
  tasks:

    - name: Login and get bearer token
      uri:
        url: "https://{{ kolide_url_cmd }}/api/v1/kolide/login"
        method: POST
        body: "{\"password\":\"{{ kolide_pw_cmd }}\",\"username\":\"{{ kolide_user_cmd }}\"}"
        body_format: json
        headers:
          Content-Type: application/json
          DNT: 1
        validate_certs: yes
        return_content: yes
      register: response

    - name: Get token
      set_fact:
        bearer_token: "{{ response['json']['token'] }}"

    - name: Get Kolide config
      uri:
        url: "https://{{ kolide_url_cmd }}/api/v1/kolide/config"
        method: GET
        headers:
          Content-Type: application/json
          DNT: 1
          Authorization: Bearer {{ bearer_token }}
        validate_certs: yes
        return_content: yes
      register: config

    - name: Get Kolide certificate
      uri:
        url: "https://{{ kolide_url_cmd }}/api/v1/kolide/config/certificate"
        method: GET
        headers:
          Content-Type: application/json
          DNT: 1
          Authorization: Bearer {{ bearer_token }}
        validate_certs: yes
        return_content: yes
      register: certificate

    - name: Save Kolide certificate
      set_fact:
        osquery_certificate: "{{ certificate['json']['certificate_chain']|b64decode }}"

    - name: Copy certificate
      copy:
        content: "{{ osquery_certificate }}"
        dest: "/etc/osquery/certificate.crt"
        owner: root
        group: root
        mode: '0600'

    - name: Save enroll secret
      set_fact:
        osquery_enroll_secret: "{{ config['json']['server_settings']['osquery_enroll_secret'] }}"

    - name: Copy key
      template:
        src: files/agents/osquery.key
        dest: "/etc/osquery/osquery.key"
        owner: root
        group: root
        mode: '0600'

    - name: Copy OSQuery flags file
      template:
        src: files/agents/osquery.flags
        dest: "/etc/osquery/osquery.flags"
        owner: root
        group: root
        mode: '0600'

    - name: Enable OSQuery service
      service:
        name: osqueryd
        state: restarted
        enabled: yes
	---
	- hosts: localhost
	vars:
	kolide_url_cmd: "{{ kolide_url }}"
	kolide_user_cmd: "{{ kolide_user }}"
	kolide_pw_cmd: "{{ kolide_pw }}"
	tasks:

	- name: Login and get bearer token
	uri:
	url: "https://{{ kolide_url_cmd }}/api/v1/kolide/login"
	method: POST
	body: "{\"password\":\"{{ kolide_pw_cmd }}\",\"username\":\"{{ kolide_user_cmd }}\"}"
	body_format: json
	headers:
	Content-Type: application/json
	DNT: 1
	validate_certs: yes
	return_content: yes
	register: response

	- name: Get token
	set_fact:
	bearer_token: "{{ response['json']['token'] }}"

	- name: Get Kolide config
	uri:
	url: "https://{{ kolide_url_cmd }}/api/v1/kolide/config"
	method: GET
	headers:
	Content-Type: application/json
	DNT: 1
	Authorization: Bearer {{ bearer_token }}
	validate_certs: yes
	return_content: yes
	register: config

	- name: Get Kolide certificate
	uri:
	url: "https://{{ kolide_url_cmd }}/api/v1/kolide/config/certificate"
	method: GET
	headers:
	Content-Type: application/json
	DNT: 1
	Authorization: Bearer {{ bearer_token }}
	validate_certs: yes
	return_content: yes
	register: certificate

	- name: Save Kolide certificate
	set_fact:
	osquery_certificate: "{{ certificate['json']['certificate_chain']\|b64decode }}"

	- name: Copy certificate
	copy:
	content: "{{ osquery_certificate }}"
	dest: "/etc/osquery/certificate.crt"
	owner: root
	group: root
	mode: '0600'

	- name: Save enroll secret
	set_fact:
	osquery_enroll_secret: "{{ config['json']['server_settings']['osquery_enroll_secret'] }}"

	- name: Copy key
	template:
	src: files/agents/osquery.key
	dest: "/etc/osquery/osquery.key"
	owner: root
	group: root
	mode: '0600'

	- name: Copy OSQuery flags file
	template:
	src: files/agents/osquery.flags
	dest: "/etc/osquery/osquery.flags"
	owner: root
	group: root
	mode: '0600'

	- name: Enable OSQuery service
	service:
	name: osqueryd
	state: restarted
	enabled: yes