Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cyberark/psmp-deploy-ansible-role
Ansible role to deploy Cyberark Privileged Session Manager SSH Proxy (PSM-SSH)
https://github.com/cyberark/psmp-deploy-ansible-role
ansible-role automation conjbot-skip-stalepr cyberark
Last synced: 7 days ago
JSON representation
Ansible role to deploy Cyberark Privileged Session Manager SSH Proxy (PSM-SSH)
- Host: GitHub
- URL: https://github.com/cyberark/psmp-deploy-ansible-role
- Owner: cyberark
- License: other
- Created: 2021-07-16T14:25:51.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2023-08-01T23:44:59.000Z (over 1 year ago)
- Last Synced: 2024-07-13T12:59:28.519Z (4 months ago)
- Topics: ansible-role, automation, conjbot-skip-stalepr, cyberark
- Language: Shell
- Homepage: https://www.cyberark.com/products/privileged-access/
- Size: 27.3 KB
- Stars: 5
- Watchers: 5
- Forks: 3
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: CODEOWNERS
Awesome Lists containing this project
README
# PSMP-Deploy Ansible Role
This Ansible Role will deploy and install CyberArk Privileged Session Manager PSM-SSH including the pre-requisites, application, hardening and selinux## Requirements
------------- CentOS / RHEL installed on the remote host
- SSH open on port 22
- The workstation running the playbook must have network connectivity to the remote host
- Administrator access to the remote host
- PSM-SSH CD image### Flow Variables
Variable | Required | Default | Comments
:--------------------------------|:-------------|:------------------------------------------|:---------
psmp_extract_install | no | false | Run the pre install PSMP phase
psmp_pre_install | no | false | Run the pre install PSMP phase
psmp_install | no | false | Run the install PSMP phase
psmp_post_install | no | false | Run the post install PSMP phase
psmp_validate_install | no | false | Run the validate install PSMP phase
psmp_clean_install | no | false | Run the clean PSMP phase### Deployment Variables
Variable | Required | Default | Comments
:--------------------------------|:-------------|:-----------------------------------------------------|:---------
accept_eula | yes | **No** | Accepting EULA condition (Yes/No)
psmp_zip_file_path | yes | None | CyberArk PSM-SSH installation Zip file package path
psmp_ignore_checksum | no | **false** | Whether to ignore checksum check for the installation
psmp_install_mode | no | **Integrated** | Installation mode, accepted values are (Integrated, CustomizedSSHD)
psmp_install_adbridge | no | **true** | Whether to also install ADBridge service
psmp_harden_machine | no | **false** | Whether to harden the machine during the installation or not
psmp_with_selinux | no | **false** | Whether to enforce PSMP with selinux, will also try to install selinux itself
psmp_configure_maintanance_users | no | **false** | Whether to configure maintenance users and groups for PSMP
psmp_maintanance_users | no | root | List of maintenance users seperated by space
psmp_maintanance_groups | no | root | List of maintenance groups seperated by space, only valid for integrated mode
psmp_allow_sftp | no | **true** | Whether to enable SFTP to the machine after installation
psmp_fetch_install_logs | no | **true** | Whether to fetch the installation logs back to the host, will be fetched to either current logs dir or DEFAULT_LOG_PATH env var## Dependencies
Yum dependencies:
- unzip (For the zip un-archive)## Usage
The role consists of a number of different tasks which can be enabled or disabled for the particular
run.`psmp_validate_params`
This task will validate parameters and whether psmp already exists on the machine for upgrade
`psmp_pre_install`
This task will run the PSMP pre install steps.
`psmp_install`
This task will deploy the PSMP to required folder and deploy it
`psmp_validate_install`
This task will validate that the deployment was successful
`psmp_post_install`
This task will run the PSMP post installation steps.
`psmp_clean`
This task will clean PSMP and any related users / groups
## Example Playbook
Below is an example of how you can incorporate this role into an Ansible playbook
to call the PSMP Deploy role with several parameters:```
---
- include_role:
name: psmp-deploy
vars:
- psmp_extract_install: true
- psmp_pre_install: true
- psmp_install: true
- psmp_post_install: true
- psmp_validate_install: true
- psmp_clean_install: false
- psmp_install_mode: "Integrated"
- psmp_install_adbridge: true
- psmp_harden_machine: true
- psmp_ignore_checksum: true
- psmp_with_selinux: false
- accept_eula: "Yes"
- psmp_zip_file_path: "/tmp/psmp.zip"
- psmp_fetch_install_logs: true
```## Running the playbook:
For an example of how to incorporate this role into a complete playbook, please see the
**[pas-orchestrator](https://github.com/cyberark/pas-orchestrator)** example.## License
Apache License, Version 2.0