Merge pull request #1092 from unfetter-discover/v0.3.7

V0.3.7

Author: j987987

.gitignore

@@ -2,8 +2,9 @@ certs/
 .idea/
 *.iml
 gateway/dist
-
+test-certs/output/*
+!test-certs/output/.gitkeep
 # keep the data/db folder but not the files
 data/db/*
 # need at least one file in the folder
-!data/db/.gitkeep
+!data/db/.gitkeep

ansible/.gitignore

@@ -0,0 +1,4 @@
+virtualenv
+data
+*.retry
+

ansible/ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+hostfile = hosts

ansible/discover-build-local-source.yml

@@ -0,0 +1,20 @@
+---
+- hosts: localhost
+  vars:
+    tag: "0.3.6"
+    prepath: "../../"
+
+    # For building from local source
+    build_action: "local" 
+    registry: ""
+    run_mode: "dev"
+    
+    # for running in UAC mode
+    run_action: true
+    use_unfetter_ui: true
+    use_uac: true
+    use_taxii: true        
+    use_taxii_tls: false        
+
+  tasks:
+  - import_tasks: discover-tasks.yml

ansible/discover-build-repository.yml

@@ -0,0 +1,25 @@
+---
+- hosts: localhost
+  vars:
+    tag: "0.3.6"
+    prepath: "../../"    
+
+    # For building from a repository 
+    build_action: "pull" 
+    registry: "unfetter/"
+    run_mode: "production"
+
+    # For running in demo mode
+    use_unfetter_ui: false
+    run_action: false
+    use_uac: false
+    use_taxii: false
+    use_taxii_tls: false
+    #prepath: "../../"
+    #build_action: "local" 
+    #build_action: ""
+    #run_action: ""
+    #registry: ""    
+
+  tasks:
+  - import_tasks: discover-tasks.yml

ansible/discover-run-dev.yml

@@ -0,0 +1,21 @@
+---
+- hosts: localhost
+  vars:
+    tag: "0.3.6"
+    prepath: "../../"
+    #build_action: "local" 
+    #build_action: "pull" 
+    build_action: "local"
+    #run_action: "demo"
+    run_action: true
+    use_unfetter_ui: true
+    use_uac: true
+    use_taxii: false
+    use_taxii_tls: false
+    run_mode: "dev"
+    #run_mode: prod
+    #registry: "unfetter/"
+    registry: ""
+
+  tasks:
+  - import_tasks: discover-tasks.yml

ansible/discover-run-prod.yml

@@ -0,0 +1,18 @@
+---
+- hosts: localhost
+  vars:
+    tag: "0.3.6"
+    prepath: "../../"
+    # For building from a repository 
+    build_action: "pull" 
+    registry: "unfetter/"
+    run_mode: "production"
+    # For running in demo mode
+    use_unfetter_ui: false
+    run_action: true
+    use_uac: false
+    use_taxii: false
+    use_taxii_tls: false
+
+  tasks:
+  - import_tasks: discover-tasks.yml

ansible/discover-tasks.yml

@@ -0,0 +1,29 @@
+---
+  - include_role:
+        name: common
+  - include_role:
+        name: openssl
+  - include_role:
+        name: pattern-handler
+  - include_role:
+        name: socket-server
+  - include_role:
+        name: api
+  - include_role:
+        name: explorer
+  - include_role:
+        name: processor
+  - include_role:
+        name: ui
+  - include_role:
+        name: ingest        
+  - include_role:
+        name: gateway
+    vars:
+        image_name: "nginx:1.13.5-alpine"
+    when:
+     - run_mode == 'dev'
+  - include_role:
+        name: gateway
+    when:
+     - run_mode != 'dev'

ansible/discover.yml

@@ -0,0 +1,6 @@
+---
+- hosts: localhost
+  roles:
+  - common
+  - gateway
+  

ansible/hosts

@@ -0,0 +1,4 @@
+[localhost]
+localhost ansible_connection=local
+localhost ansible_python_interpreter=python
+

ansible/roles/api/handlers/main.yml

@@ -0,0 +1,66 @@
+
+- name: "Create {{ container_name }}"
+  docker_image:
+    name: "{{ image_name }}"
+    state: present
+    path: "{{ path }}"
+  when: "build_action == 'local'"
+
+- name: "Pull {{ container_name }}"
+  docker_image:
+    name: "{{ image_name }}"
+    state: present
+    pull: yes
+  when: "build_action == 'pull'"
+
+
+- name: dev volume
+  set_fact:
+    volume_list: "{{ volume_list }} + {{ dev_volume_list }}"
+  when: run_mode=='dev'
+
+- name: uac volume and link list
+  set_fact:
+    volume_list: "{{ volume_list }} + {{ uac_volume_list }}"
+    api_link_list: "{{ api_link_list }} + {{ api_uac_link_list }}"
+  when: use_uac
+
+- debug:
+      msg: "This is the volume list {{ volume_list }}"
+
+- debug:
+      msg: "This is the link list {{ api_link_list }}"
+
+- name: Create API
+  docker_container:
+    name: "{{ container_name }}"
+    image: "{{ image_name }}"
+    state: started
+    links: "{{ api_link_list }}"
+    volumes: "{{ volume_list }}"
+    env:
+      CTF_PARSE_HOST: http://unfetter-ctf-ingest
+      STIX_API_PROTOCOL: http
+      STIX_API_HOST: cti-stix-store
+      STIX_API_PORT: 3000
+      STIX_API_PATH: cti-stix-store-api
+      MONGO_REPOSITORY: cti-stix-store-repository
+      MONGO_PORT: 27017
+      MONGO_DBNAME: stix
+      ENV: dev
+    # Options: UAC, TEST, DEMO
+      RUN_MODE: "{{ 'UAC' if use_uac else 'DEMO' }}"
+    # If deployed in a proxy, add the proxy's URL here
+      HTTPS_PROXY_URL: ""
+      PATTERN_HANDLER_DOMAIN: unfetter-pattern-handler
+      PATTERN_HANDLER_PORT: 5000
+      SOCKET_SERVER_DOMAIN: "{{ 'socketserver' if use_uac else '' }}"
+      SOCKET_SERVER_PORT: "{{ '3333' if use_uac else '' }}"
+      #MONGO_DEBUG: "{{ 'false' if use_uac else '' }}"
+      MONGO_DEBUG: "true"
+    entrypoint:
+      - npm
+#    - run 
+      - start
+      #- "{{ 'start' if run_mode != 'dev' else 'run debugdev' }}" 
+  when: run_action     

ansible/roles/api/meta/main.yml

@@ -0,0 +1,27 @@
+---
+
+dir: "unfetter-store/unfetter-discover-api"
+path: "{{ prepath + dir}}"
+container_name: unfetter-discover-api
+image_name: "{{registry}}{{ container_name }}:{{tag}}"
+
+    
+volume_list:
+  - "{{ prepath }}unfetter/certs/:/etc/pki/tls/certs"
+
+dev_volume_list:
+    # If we are in dev, and thus we are linking in code
+  - "{{ prepath+'unfetter-store/unfetter-discover-api/test:/usr/share/unfetter-discover-api/test'}}"
+  - "{{ prepath+'unfetter-store/unfetter-discover-api/api:/usr/share/unfetter-discover-api/api'}}"
+  - "{{ prepath+'unfetter-store/unfetter-discover-api/app.js:/usr/share/unfetter-discover-api/app.js'}}"
+
+uac_volume_list:
+    # If we are in UAC, and thus need the private-config.json
+  - "{{ prepath+'unfetter-store/unfetter-discover-api/config/private-config.json:/usr/share/unfetter-discover-api/config/private-config.json' }}"
+
+api_link_list:
+  - "cti-stix-store-repository:cti-stix-store-repository"
+  - "unfetter-pattern-handler:unfetter-pattern-handler"
+
+api_uac_link_list:
+  - "unfetter-socket-server:socketserver"