Add opendistro_common for OpenDistro repository

hosts

@@ -38,6 +38,7 @@ prometheus-aurore.adm.auro.re
 portail.adm.auro.re
 jitsi-aurore.adm.auro.re
 log.adm.auro.re
+elastic.adm.auro.re
 
 [aurore_testing_vm]
 pendragon.adm.auro.re

roles/apt_common/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+- name: Install GnuPG (to manage the APT keystore)
+  become: true
+  apt:
+    name: gnupg2
+    state: latest
+
+- name: Install common CA certificates
+  become: true
+  apt:
+    name: ca-certificates
+    state: latest
+
+- name: Ensure that APT can use HTTPS repositories
+  become: true
+  apt:
+    name: apt-transport-https
+    state: latest
+...

roles/elastic_common/files/elastic.gpg

@@ -0,0 +1,31 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.14 (GNU/Linux)
+
+mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBD
+A+bGFOwyhbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9
+CUliQe324qvObU2QRtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZ
+j3SF1SPO+TB5QrHkrQHBsmX+Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd
+1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD
+2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEBAAG0RUVsYXN0aWNzZWFyY2gg
+KEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3BzQGVsYXN0aWNzZWFy
+Y2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
+F4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
+nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/
+7C2GuGCOlbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKm
+TxcDTFrV7SmVPxCBcQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe
+8d7sw+XvxB2aN4gnTlRzjL1nTRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/
+eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUl
+zcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNMKGTABFG1yRx9r+wa/fvqP6OT
+RzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hplnpU+PBQZJ5XJ2I+
+1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA07xx7Bj+
+Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
+KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0Kww
+EwSk/UDuToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0
+c3MIAIE9hAR20mqJWLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12J
+TavnJ5MLaETlggXY+zDef9syTPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j
+6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZEyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7
+vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWgR7U2r+a210W6vnUxU4oN0PmM
+cursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNtfllxIu9XYmiBERQ/
+qPDlGRlOgVTd9xUfHFkzB52c70E=
+=92oX
+-----END PGP PUBLIC KEY BLOCK-----

roles/elastic_common/meta/main.yml

@@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: apt_common
+...

roles/elastic_common/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Trust Elastic GPG key
+  become: true
+  apt_key:
+    data: "{{ lookup('file', 'elastic.gpg') }}"
+    state: present
+
+- name: Install Elastic OSS repository
+  become: true
+  apt_repository:
+    repo: deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main
+    state: present
+    filename: elastic-oss-7
+
+- name: Install default JRE
+  become: true
+  apt:
+    name: default-jre-headless
+    state: latest
+...

roles/opendistro_common/files/opendistro.gpg

@@ -0,0 +1,53 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFxxbjoBEACzaNq4JNShPtxbESNK4Ihtj83FOJFPxZmr4v3OQY7YRxGeIuyT
+KeC1Epx5qOgWZ+H8EBpRp+QBZ80cQq5nbDmrEXHYSJzek8w4PxMlD1lQ2foarHOz
+tJ0DzsJyZHvHgpyKSV8K6Hp/Wt3ceL328TSxKZfKf55YS82oMofSqTDF+77NhB8o
+S90XQCJc8QSJnVyXExeL+h0c2VC+QUoYlgVGU+lLyBxVvPGU1Va21u1uuOqBnoY3
+ZsH2c8v5/GMDKnuXfiLfHrPS00e1x7H45m0EEr6T4cFzkylMlf+QhtPhvmK7XjQJ
+YMHlj801ORUyjukb8mrgiP56HvNoYILSzukppb7aZrqAaONC0el74AAvCygj0OZf
+Hnro2im0wFGrZ1cl+qO05M5yqxhMUX1SiVTlPum53NHADs5w2F+Bl+AiOPxJdq3I
+w7B+bHKE9pJTP6H8elbiEmjJ4ITPrk3j+nqqpOH9wPFUhLUu2V70/QtgrmJrseR3
+mxG+t8rXC0/0V4Gekf7+S28TpQfGg+ktmacSiIs76RnamUs8IyI2gnRX6LiW/AfQ
+Ipqg8wF1fYlh6BDo8TJC/Xce1/WU7LCDfJ3HHlPQXDXmTiumwad4n+clpzuTgH7P
+E+rv/9jxiFlJ6CIpaIVFBkmk5w1dFqiZBw/KBS4ltUriH/81Gyr7jzTr5QARAQAB
+tIBPcGVuRGlzdHJvRm9yRWxhc3RpY3NlYXJjaCAoS2V5IEZvciBzaWduaW5nIE9w
+ZW5EaXN0cm9Gb3JFbGFzdGljc2VhcmNoIGFydGlmYWN0cy4pIDxvcGVuZGlzdHJv
+Zm9yZWxhc3RpY3NlYXJjaC1pbmZyYUBhbWF6b24uY29tPokCOQQTAQgAIwUCXHFu
+OgIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEEcs/fzjcDJeM5YP/34g
+sPhSQvcQOclLpMYxULrRE9z/mz2syw4ODOafA1bff2x6viNDNInMa7/iLsg6mkyK
+wqpt+Ckz5MgWpAU109K/1+LDTj19NBwKpDUvgvnNSH96Rt6hMLa2SsjGkyfdCqtb
+cZVAKJhu8AgrjL/2IoHU+GWgRUZVv4w6VTJt2GM3By11ykxOmg6DEqkaXq8rJ+zy
+3+ZdjBmxtkiBkax3Z1DTZaLMcAQBX4iaizbDlkY9B3/vqC3Ue3cmW+Zl4XkRCpV4
+WQUPgeS4s2um44VWyzd4+zMUc1sxLaw/jm1bWbIzAhty2iB6SdNDWBVbdFO/Turx
+xLBhL4nmqGw7w6ZwTF/h4xUMCV0EZ93JtaGX6hokd+a0Rj3INzr24FbIOzTJHmjn
+QbZqKT77j5IJcCYLNTopnOF/NmzoyhUC9UFtyEiXxTeZxpj27PgqVez9xWfU9bXD
+y0jhQDILR4tnkNa+QK1/5zFL5+0iE9tLgEL+Bb117fZ1kc1SySUcXZcm791+mzA7
+l5dumLSlIR8cKotVMIj7VXqhOOIP8lV8cHXPcJ/O/bBwXSHN3cWA8/2OoN9Fcu1L
+NSH9dNpM3BzkP6rEkNRje/Jx/wUWAySA9LQ9Kt5XNMNx93rF4en2TolQ4Z7mRaW9
+bBVcczRtB+GHxiGSVYmYHRbP/jQyJUmPhuRbPlATuQINBFxxbjoBEADAhGsAwLPl
+poq4O+8RBciUVzBtIAEEyJ8lrDJJ4IlxTKM4glOKhDWnIcY1BWP9x81/8F84ecwC
+oDq2PrrppWlMD2Km26yEgJbPKsA/7OLJtOPdWKyY9Smm3+V0fi8LMruwKgtwcK+7
+0boa8DL/r31PB75f/GrOywuLbxZxwzpCajIvYUR4R3qvdqkU6XDsshooAgZPsDG+
+gDLkNeFUE92rR7+B5Px2+8b1/hiZh4x+L9ElqYdSqoHkIrI76fELQvjxCKPBQJo+
+PBmTji79Agt1J7F+Br5Jjn+PWHiiIuNz1pX5OU5p2W0zoPTMwTk3ln/gra5yUIJ4
+qItTPUK9Od14e2QGo5H8zTNDqotNyt13zkv6q1HKIj7QtMC9nY/wnxGNMVSxqfWo
+LiDjJ2CzhGWGm5aN5T0Y/l+I89Lnce6fOCKzymoT86NYcd3A6QOlh7cGnhstD9tt
+dD6vxedj44ElFaNY63POzuq9BVH+X/rnD84Srnmac/xVRA+l/5Wt5k17nOwxUPRc
+wGOYGTh0+dX0i8WmTZGXkjL5R5APeijzQKAARvV9PEaY0eoqJbNf8CT04h5b7J6I
+YtCgQaDJ+MqFjNbopfCGLrPNceasMx9YKpLjgsXoQ5TZeaeidP3GgIr1zts4xJgx
+ty7wLMnZmDjr1PgUqvobzoPmpjSpMDC10QARAQABiQIfBBgBCAAJBQJccW46AhsM
+AAoJEEcs/fzjcDJee6IP/iDtziBwxGhq2hKxdZMZghwCy6xX2x3l/4P5hSQuYiru
+ThJZVcxMCZxuKk2thysnFp0gRHHr6S8X3rddc+Km80e3Dq0onMVHbbnFA7kSwjCx
+92J16KwbVp5VQL/VpLJ9ggsAgrJc0B6GIud6wKQYpwByh0fJ8jSHz+PKbSjhpTDR
+GJXKhpl8vWdKTxbJuUwW+MdeKS5+Llnnb3izAH2HvMbmJxTwPBmPqml05RovvfNT
+KdyQ8rYPnq4ejbN3tDk28/iwg+qUDfMi8KztHbSzoHgRUkCNwMVjm+Qo5vbETjTx
+20h52a+vJs9RhSmUndJYdFAEw5dIo3vsPplU1iWE9TDXIIYwwEufYHoAGTAgoZId
+0PR2Y+KrvwxhjvjVObrydFbSeWUQzuibp7ipKiCy/jFKxglfiEb7lIWYBC0YbKnL
+xJpBNEUBBe4ZkpX9pmBmdFfhONUtLRKe730izWiuPWPbzPR2QHjUScywVWdUt9HF
+Nje2jUkK4Djt4dDlvqInFDSP+7fM5AOpvyry3XWtsEVcOOYV35RA20PQQ5pG7Tys
+qfEtsS5L0Btq1VY2i0v9ozPnraMLJQeC8Hdm1MP+5v7PKksREakEyLRyPUB13zva
+gPbaYazA6I5xRQgkPrHhMJLVllXUQC5CldKOHUUUhiBn6eEzBldiznarng92tmnd
+=l21b
+-----END PGP PUBLIC KEY BLOCK-----

roles/opendistro_common/meta/main.yml

@@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: apt_common
+...

roles/opendistro_common/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Trust OpenDistro GPG key
+  become: true
+  apt_key:
+    data: "{{ lookup('file', 'opendistro.gpg') }}"
+    state: present
+
+- name: Install OpenDistro repository
+  become: true
+  apt_repository:
+    repo: deb https://d3g5vo6xdbdb9a.cloudfront.net/apt stable main
+    state: present
+    filename: opendistro
+
+- name: Install default JRE
+  become: true
+  apt:
+    name: default-jre-headless
+    state: latest
+...

roles/ulogd2/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+ulogd2_plugins_dir: /usr/lib/x86_64-linux-gnu/ulogd
+...

roles/ulogd2/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart ulogd2
+  systemd:
+    name: ulogd.service
+    state: reloaded
+...

roles/ulogd2/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: Install ulogd2
+  become: true
+  apt:
+    name: ulogd2
+    state: latest
+
+- name: Configure ulogd2
+  become: true
+  template:
+    src: ulogd.conf.j2
+    dest: /etc/ulogd.conf
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
+  notify: Restart ulogd2
+
+- name: Enable ulogd2
+  become: true
+  systemd:
+    name: ulogd.service
+    enabled: true
+    state: started
+...

roles/ulogd2/templates/ulogd.conf.j2

@@ -0,0 +1,47 @@
+{{ ansible_managed | comment }}
+
+# HWADDR, PRINTFLOW, MARK, NFACCT (pour ct) ?
+{%
+    set plugins = [
+        "ulogd2_inppkt_NFLOG.so",
+        "ulogd2_filter_IFINDEX.so",
+        "ulogd2_filter_IP2STR.so",
+        "ulogd2_filter_PRINTPKT.so",
+        "ulogd2_filter_PRINTPKT.so",
+        "ulogd2_output_SYSLOG.so",
+        "ulogd2_raw2packet_BASE.so",
+    ]
+%}
+
+[global]
+logfile="syslog"
+loglevel=3
+
+{% for plugin in plugins %}
+plugin="{{ ulogd2_plugins_dir }}/{{ plugin }}"
+{% endfor %}
+
+stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
+#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT
+
+[ct1]
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+#netlink_resync_timeout=60 # seconds to wait to perform resynchronization
+#pollinterval=10 # use poll-based logging instead of event-driven
+# If pollinterval is not set, NFCT plugin will work in event mode
+# In this case, you can use the following filters on events:
+#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks
+#accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks
+#accept_proto_filter=tcp,sctp # layer 4 proto of connections
+
+[log1]
+group=10
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+#netlink_qthreshold=1
+# set the delay before flushing packet in the queue inside kernel (in 10ms)
+#netlink_qtimeout=100
+
+[sys1]
+facility=LOG_LOCAL2