-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Role install_agent #25
Conversation
- Added Linux installation part - Added Windows installation part - Removed unnecessary string convertion in modules - Increased collection version - Optimized Code in download agent module to be better compatible with the role
- Refactored SentinelOne modules examples to use the new namespace 'sva.sentinelone' instead of 'sentinelone' - Updated the 'install_agent' role to use the new modules - Added functionality to get the registration token from the API - Included tasks based on the OS family - Added a check to verify if the new client appears in the management console - Removed the local agent install package after installation
- Updated error message for unsupported OS in preflight check. - Replaced `ansible_facts.os_family` with `os_family` for OS type determination. - Modified Authorization header to include "APIToken" prefix. - Adjusted conditions for successful API calls. - Changed `reg_token_uri` to use explicit group and site IDs. - Split task execution into separate Linux and Windows tasks. - Added `os_family` variable to determine OS based on package format.
- Updated README.md with new license information from Apache License, Version 2.0 to GNU General Public License v3.0+. - Updated galaxy.yml with new license file location and added a new tag 'install_agent'. - Expanded the install_agent role README.md with detailed information about supported operating systems, requirements, role variables, dependencies, and author information. - Updated install_agent role default variables including enabling signed packages and added new variables 'hide_sensitive' and 'lx_force_new_token'. - Enhanced install_agent role metadata in meta/main.yml, including author details, issue tracker URL, minimum ansible version, supported platforms, and tags. - Included new tasks in Linux.yml for the install_agent role to handle function tracing issues, import GPG keys, install signed/unsigned packages, and conditionally register agents. - Included new tasks in Windows.yml for the install_agent role to remove Windows Defender on servers, manage the SentinelOne service, and handle system reboots. - Updated main.yml for the install_agent role to handle registration tokens, site and group IDs, and added conditional no_log for sensitive tasks. - Added variables to vars/main.yml to determine package formats, architectures, and set the API base URL. - General improvements to install_agent role tasks for better readability, reliability, and security.
…thon versions - Removed support for Ansible stable-2.13 from the GitHub Actions CI workflow. - Updated the ansible-test matrix to match the currently supported Ansible versions - Bumped the minimum required Ansible version from 2.13 to 2.14 in README. - Increased the minimum Python version requirement from 3.6 to 3.9 in README. - Added galaxy dependencies. - Expanded the supported operating systems list in `roles/install_agent/README.md`. - Added new role variables `hide_sensitive` and `lx_force_new_token` to `roles/install_agent/README.md`. - Set default value of `lx_force_new_token` to false in `roles/install_agent/defaults/main.yml`. - Corrected quoting of `min_ansible_version` in `roles/install_agent/meta/main.yml`. - Added new platforms and updated versions in `roles/install_agent/meta/main.yml`. - Changed task name to include quotes for consistency in `roles/install_agent/tasks/Linux.yml`. - Fixed the module name typo from `ansible.windos.win_service` to `ansible.windows.win_service` in `roles/install_agent/tasks/Windows.yml`. - Removed the `tests/sanity/ignore-2.13.txt` file as support for Ansible stable-2.13 is dropped.
- signed packages option is not neccessary since all packages are now signed - Added `ansible.windows` dependency to `galaxy.yml`. - Updated `install_agent` role to support flexibility in GPG key handling for RPM package verification. - Replaced static console URL with a placeholder in `install_agent` README. - Reorganized supported operating systems list in `install_agent` README for better readability. - Added and fixed logic to enable gpg_key signature checks for packages - Streamlined the `install_agent` meta info, fixing tag consistency and trimming unnecessary comments. - Added pre-installation checks to ensure the agent is not already installed. - Adjusted `install_agent` main task to skip download if the agent is already installed.
- Added `no_log` directive to sensitive tasks to prevent logging of secure information. - Fixed some statements in tasks: Windows.yml and vars/Windows.yml - Modified reboot condition to check for changes rather than relying on `reboot_required` - Implemented a pause after installation before checking service status - Included a conditional task to install Python bindings for package managers on Linux - Gather package facts conditionally based on OS family. - Implemented a check for SentinelOne agent installation on Windows - Set `agent_installed` fact based on package facts or service information (os_dependant) - Adjusted agent architecture mapping - Set `run_once` directive for the block that gets the registration token to prevent unnecessary repeated tasks - Defined `exe_parameters` and `msi_parameters` for Windows package installation. - Refined `pkg_arch` and `os_family` variable definitions using regex and conditional logic.
- Update collection and role Readme.md - renamed variable win_download_exe to win_use_exe
- Updated CHANGELOG.rst
Docs Build 📝Thank you for contribution!✨ This PR has been merged and the docs are now incorporated into |
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks very good!
Besides the nitpicking comment:
I checked the Docs Site that was build for this PR and sadly couldn't find the documentation for the role. Maybe we have to tweak the pipeline or see if antsibull docs is even capable of rendering documentation for the role.
when: pkg_format == "msi" or pkg_format == "exe" | ||
|
||
- name: "Windows: Wait for 15 seconds" | ||
ansible.builtin.pause: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could lead to problems depending on the Windows System to be configured.
2 ideas to improve this:
a. set time duration to wait not fixed but variable (leave 15 sec as default)
b. Would be ideal, but I'm not sure regarding implementability: Use win_wait_for or win_service_info module to check if desired sentinel one service is running after installation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've seen that you are checking with "win_service_info" for the availability of the Service shortly after.
Maybe instead of having a fixed wait it would be better to just work with "retries / until" the service is available and maybe timeout after a given period of time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Compromise with @mwester117: Fix this in a follow up release
This PR contains the new install_agent role which uses the recently introduces sentinelone_download_agent module and adds a new release v1.1.0 to the sva.sentinelone collection.
With this role you can download and install the SentinelAgent on Windows and Linux hosts. Just provide the API URL, API token and site.
For more Details see: README.md
Fixes: #1 and #13