christiangda.amazon_inspector_agent
Ansible 角色: christiangda.amazon_inspector_agent
特点:
- 从 AWS 发布包中下载并安装 AWS Inspector Agent
- 轮换代理日志文件
需求
此角色适用于 RedHat、CentOS、Amazon Linux、Debian 和 Ubuntu 发行版
- RedHat- 6
- 7
 
- CentOS- 6
- 7
 
- Amazon Linux- 1
- 2
 
- Ubuntu- 14.*
- 16.*
- 18.*
 
- Debian- jessie
- stretch
 
查看 Python 与 Ansible 的兼容矩阵,请参见项目 Travis-CI 构建矩阵
角色变量
# 可能的值:
# - true
# - false
# 默认值: true
# 注意:
# * 当你不想启用代理的自动更新时,将值设为 false
# 参考: https://docs.aws.amazon.com/inspector/latest/userguide/inspector_agents.html#agent-updates
ia_auto_update: true
# 可能的值:
# - https://docs.aws.amazon.com/inspector/latest/userguide/inspector_agents-on-linux.html
# 默认值: ""
ia_http_proxy: ""
# 可能的值:
# - https://docs.aws.amazon.com/inspector/latest/userguide/inspector_agents-on-linux.html
# 默认值: ""
ia_https_proxy: ""
# 可能的值:
# - https://docs.aws.amazon.com/inspector/latest/userguide/inspector_agents-on-linux.html
# 默认值: "169.254.169.254"
# 注意:
# * 始终为 AWS 元数据 IP (169.254.169.254) 禁用代理
ia_no_proxy: "169.254.169.254"
依赖关系
无
示例剧本
RedHat/CentOS、Ubuntu 和 Debian
使用默认变量值
- hosts: servers
    gather_facts: True
    roles:
    - role: christiangda.amazon_inspector_agent
禁用自动更新并使用代理配置
- hosts: servers
    gather_facts: True
    roles:
    - role: christiangda.amazon_inspector_agent
        vars:
            ia_auto_update: false
            ia_http_proxy: "192.168.2.253:3128"
            ia_https_proxy: "192.168.2.253:3128"
            ia_no_proxy: "169.254.169.254,192.168.2.1"
Amazon Linux 1/2 (my-playbook.yml)
- hosts: all
    gather_facts: True
    become: true
    become_user: root
    become_method: sudo
    remote_user: ec2-user
    roles:
    - role: christiangda.amazon_inspector_agent
库存文件示例 (inventory)
[all]
10.14.x.y
10.14.v.z
[amazon-1]
10.14.x.y
[amazon-2]
10.14.v.z
如何使用它
ansible-playbook my-playbook.yml \
    --inventory inventory \
    --private-key [~/我的 key.pem 的位置] \
    --become \
    --become-user=ec2-user \
    --user ec2-user
开发 / 贡献
此角色使用 Molecule 进行测试,并使用 Python 虚拟环境 开发
准备你的环境
Python 3
mkdir ansible-roles
cd ansible-roles/
python3 -m venv venv
source venv/bin/activate
pip install pip --upgrade
pip install ansible
pip install molecule">=2.22rc1"
pip install selinux
pip install docker
pip install pytest
pip install pytest-mock
pip install pylint
pip install rope
pip install autopep8
pip install yamllint
pip install flake8
Python 2.7
依赖关系
sudo dnf install redhat-rpm-config
sudo dnf install python-devel
sudo dnf install libselinux-python
mkdir ansible-roles
cd ansible-roles/
python2.7 -m virtualenv venv
source venv/bin/activate
pip install pip --upgrade
pip install ansible
pip install molecule">=2.22rc1"
pip install selinux
pip install docker
pip install pytest
pip install pytest-mock
pip install pylint
pip install rope
pip install autopep8
pip install yamllint
pip install flake8
克隆角色库并创建符号链接
git clone https://github.com/christiangda/ansible-role-amazon-inspector-agent.git
ln -s ansible-role-amazon-inspector-agent christiangda.amazon_inspector_agent
cd christiangda.amazon_inspector_agent
执行测试
使用本地 Docker
molecule test [--scenario-name default]
使用本地 Vagrant
molecule create --scenario-name vagrant
molecule converge --scenario-name vagrant
molecule verify --scenario-name vagrant
或
molecule test --scenario-name vagrant
此外,如果你想使用虚拟机进行测试,我有一个很好的 ansible-playground 项目,它使用 Vagrant 和 VirtualBox,试试看!
许可证
该模块按照 GNU 通用公共许可证版本 3 发布:
