Add JumpCloud Agent (#6)

Co-authored-by: ChrisJL <[email protected]>
Co-authored-by: Chris Lovering <[email protected]>

8 files changed, 46 insertions, 0 deletions

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index a9946b2..b9b5795 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -65,6 +65,11 @@ jobs:
           ${{ steps.python.outputs.python-version }}-\
           ${{ hashFiles('./.pre-commit-config.yaml') }}"
 
+      - name: Fetch vault password
+        run: 'echo "$VAULT_PASSWORD" > vault_passwords'
+        env:
+          VAULT_PASSWORD: "${{ secrets.ANSIBLE_VAULT_PASSWORD }}"
+
       # As pre-commit does not support user installs, we set
       # PIP_USER=0 to not do a user install.
       - name: Run pre-commit hooks
diff --git a/.gitignore b/.gitignore
index 5ceb386..3f51a80 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,3 @@
+vault_passwords
 venv
+.cache/
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index f316f3b..67f6541 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -12,6 +12,7 @@ repos:
     hooks:
       - id: ansible-lint
         name: ansible-lint
+        args: [--offline]
         description: This hook runs ansible-lint within our project's environment.
         entry: ansible-lint
         language: system
diff --git a/ansible.cfg b/ansible.cfg
index 88181a1..3440f18 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,6 @@
 [defaults]
 remote_user=root
+vault_password_file = ./vault_passwords
 
 [privilege_escalation]
 become = yes
diff --git a/playbook.yml b/playbook.yml
index e11791b..115450a 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -3,3 +3,9 @@
     - common
   tags:
     - common
+
+- hosts: all
+  roles:
+    - jumpcloud
+  tags:
+    - jumpcloud
diff --git a/roles/jumpcloud/defaults/main/vars.yml b/roles/jumpcloud/defaults/main/vars.yml
new file mode 100644
index 0000000..e7ca319
--- /dev/null
+++ b/roles/jumpcloud/defaults/main/vars.yml
@@ -0,0 +1 @@
+jumpcloud_key: '{{ encrypted_jumpcloud_key }}'
diff --git a/roles/jumpcloud/defaults/main/vault.yml b/roles/jumpcloud/defaults/main/vault.yml
new file mode 100644
index 0000000..38708cd
--- /dev/null
+++ b/roles/jumpcloud/defaults/main/vault.yml
@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+36346334376434303630653535336231356666626163386430326262383361386661386330373633
+3830666466383333353663626666386234383038343839620a643662613439663839623535326230
+32366634656133323931346266363537313962346534633666306463663237323564336430336632
+3361353862383231310a656532396333633362616636373430306436636633353434653561646234
+65313632633865333765346132383761393564326262333232303037333866383862306532343362
+65666565643833656532646561666162636538346464616638613338383466336238363236646636
+66666261313333633461626432336262346137643461343664336639376330306437323632323862
+37363234363834386565
diff --git a/roles/jumpcloud/tasks/main.yml b/roles/jumpcloud/tasks/main.yml
new file mode 100644
index 0000000..6dda981
--- /dev/null
+++ b/roles/jumpcloud/tasks/main.yml
@@ -0,0 +1,21 @@
+- name: Fetch service facts
+  service_facts:
+
+- name: Check if JumpCloud service is installed
+  set_fact:
+    jumpcloud_installed: "{{ 'jcagent.service' in ansible_facts.services }}"
+
+- name: Grab copy of JumpCloud install script
+  uri:
+    url: "https://kickstart.jumpcloud.com/Kickstart"
+    headers:
+      x-connect-key: "{{ jumpcloud_key }}"
+    return_content: true
+  register: jc_install_script
+  when: not jumpcloud_installed
+
+- name: Execute JumpCloud install script
+  command: sh -s -- -y
+  args:
+    stdin: "{{ jc_install_script.content }}"
+  when: not jumpcloud_installed