├── files ├── contrast.lic ├── contrast.new.lic ├── encrypted │ ├── ad.properties │ ├── avatar.properties │ ├── ldap.properties │ ├── saml.properties │ ├── servo.properties │ └── database.properties ├── role-saml-keystore.jks ├── rds-ca-2015-root.pem └── rds-ca-2019-root.pem ├── tests ├── inventory └── test.yml ├── templates ├── contrast_conf_head.js ├── contrast_conf_footer.html ├── contrast_conf_agent.properties ├── contrast_conf_telemetry.properties ├── contrast_conf_support.properties ├── contrast_conf_activemq_connection.properties ├── contrast_conf_agent_discovery.properties ├── contrast_conf_avatar.properties ├── contrast_esapi_validation.properties ├── contrast_conf_ad.properties ├── contrast_conf_metrics.properties ├── contrast_conf_ardy.properties ├── contrast_conf_security.properties ├── contrast_conf_saml.properties ├── contrast_conf_database.properties ├── contrast_conf_hub.properties ├── contrast_esapi_ValidationMessages.properties ├── contrast_conf_mail.properties ├── contrast_esapi_ValidationMessages_es.properties ├── contrast_conf_auth.properties ├── contrast_logrotate ├── contrast_conf_servo.properties ├── contrast_conf_ldap.properties ├── contrast_conf_general.properties ├── autoscale_script.sh ├── contrast_esapi_ESAPI.properties └── contrast_conf_log4j2.xml ├── vars └── main.yml ├── handlers └── main.yml ├── .github └── workflows │ └── test.yml ├── Vagrantfile ├── tasks ├── install.yml └── main.yml ├── LICENSE ├── README.md ├── meta └── main.yml └── defaults └── main.yml /files/contrast.lic: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/contrast.new.lic: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/encrypted/ad.properties: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/encrypted/avatar.properties: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/encrypted/ldap.properties: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/encrypted/saml.properties: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/encrypted/servo.properties: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/encrypted/database.properties: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /templates/contrast_conf_head.js: -------------------------------------------------------------------------------- 1 | {{ teamserver_head_js }} 2 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-role-teamserver -------------------------------------------------------------------------------- /templates/contrast_conf_footer.html: -------------------------------------------------------------------------------- 1 | {{ teamserver_footer_html }} 2 | -------------------------------------------------------------------------------- /templates/contrast_conf_agent.properties: -------------------------------------------------------------------------------- 1 | agent.discovery.mode={{ teamserver_agent_discovery_mode }} 2 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart tomcat 3 | systemd: 4 | name: tomcat 5 | state: restarted -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - ansible-role-teamserver -------------------------------------------------------------------------------- /templates/contrast_conf_telemetry.properties: -------------------------------------------------------------------------------- 1 | telemetry.bucket={{ product }}-{{ env }}-telemetry 2 | telemetry.enabled=true -------------------------------------------------------------------------------- /files/role-saml-keystore.jks: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Contrast-Security-OSS/ansible-role-teamserver/master/files/role-saml-keystore.jks -------------------------------------------------------------------------------- /templates/contrast_conf_support.properties: -------------------------------------------------------------------------------- 1 | zendesk.user=undefined 2 | zendesk.api.host=undefined 3 | zendesk.token=undefined 4 | try.zendesk=false 5 | -------------------------------------------------------------------------------- /templates/contrast_conf_activemq_connection.properties: -------------------------------------------------------------------------------- 1 | jms.broker.url={{ amazonmq_broker_failover_url }} 2 | jms.broker.username={{ amazonmq_username }} 3 | jms.broker.password={{ amazonmq_password }} -------------------------------------------------------------------------------- /templates/contrast_conf_agent_discovery.properties: -------------------------------------------------------------------------------- 1 | agent.discovery.s3.secretAccessKey= 2 | agent.discovery.s3.accessKeyId= 3 | agent.discovery.s3.bucket={{ agent_s3_bucket }} 4 | agent.discovery.s3.environment={{ agent_s3_env }} 5 | -------------------------------------------------------------------------------- /templates/contrast_conf_avatar.properties: -------------------------------------------------------------------------------- 1 | avatar.cloudfrontUrl={{ avatar_cloudfront_url }} 2 | avatar.accessKeyId={{ avatar_s3_access_key_id }} 3 | avatar.secretAccessKey={{ avatar_s3_secret_access_key }} 4 | avatar.bucket={{ avatar_s3_bucket }} 5 | -------------------------------------------------------------------------------- /templates/contrast_esapi_validation.properties: -------------------------------------------------------------------------------- 1 | Validator.SafeString=^[A-Za-z0-9 \\(\\)\\-.,:;]*$ 2 | Validator.Email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$ 3 | Validator.SafeVulnDetail=^[A-Za-z0-9 \\(\\)\\-.,:;\\\\/]*$ 4 | 5 | Validator.TraceBucket.Name=^[A-Za-z0-9\\[\\]\\{\\}\\(\\)\\-_.,\"\\':]*$ -------------------------------------------------------------------------------- /templates/contrast_conf_ad.properties: -------------------------------------------------------------------------------- 1 | ad.userDn={{ teamserver_ad_userDn }} 2 | ad.identity.attribute.name={{ teamserver_ad_identity_attribute_name }} 3 | ad.password={{ teamserver_ad_password }} 4 | ad.group.users={{ teamserver_ad_group_users }} 5 | ad.group.admin={{ teamserver_ad_group_admin }} 6 | ad.url={{ teamserver_ad_url }} 7 | ad.base={{ teamserver_ad_base }} 8 | -------------------------------------------------------------------------------- /templates/contrast_conf_metrics.properties: -------------------------------------------------------------------------------- 1 | {% if metrics_enabled is defined %} 2 | metrics.enabled=true 3 | metrics.graphite.enabled=true 4 | metrics.graphite.host=localhost 5 | metrics.graphite.port=2003 6 | metrics.graphite.server=UDP 7 | metrics.graphite.protocol=UDP 8 | metrics.hostname={{ env }} 9 | metrics.collect.garbage=true 10 | metrics.collect.memory=true 11 | metrics.collect.threads=true 12 | {% endif %} 13 | -------------------------------------------------------------------------------- /templates/contrast_conf_ardy.properties: -------------------------------------------------------------------------------- 1 | ardy.java.enabled={{ teamserver_ardy_java_enabled }} 2 | ardy.timeout.secs=120 3 | ardy.python.enabled={{ teamserver_ardy_python_enabled }} 4 | ardy.api.url={{ teamserver_ardy_api_url }} 5 | ardy.ruby.enabled={{ teamserver_ardy_ruby_enabled }} 6 | ardy.dotnet.enabled={{ teamserver_ardy_dotnet_enabled }} 7 | ardy.node.enabled={{ teamserver_ardy_node_enabled }} 8 | ardy.proxy.enabled={{ teamserver_ardy_proxy_enabled }} -------------------------------------------------------------------------------- /templates/contrast_conf_security.properties: -------------------------------------------------------------------------------- 1 | expression.web.handler.mode={{ teamserver_security_expression_web_handler_mode }} 2 | superadmin.check.cert={{ teamserver_security_superadmin_check_cert }} 3 | superadmin.check.ip={{ teamserver_security_superadmin_check_ip }} 4 | expression.method.handler.mode={{ teamserver_security_expression_method_handler_mode }} 5 | superadmin.ip={{ teamserver_security_superadmin_ip }} 6 | csrf.enforcement={{ teamserver_security_csrf_enforcement }} 7 | -------------------------------------------------------------------------------- /templates/contrast_conf_saml.properties: -------------------------------------------------------------------------------- 1 | authenticator.saml.keystore.path={{ teamserver_authenticator_saml_keystore_path }} 2 | authenticator.saml.keystore.default.key={{ teamserver_authenticator_saml_keystore_default_key }} 3 | authenticator.saml.keystore.passwordMap={{ teamserver_authenticator_saml_keystore_passwordMap }} 4 | authenticator.saml.keystore.password={{ teamserver_authenticator_saml_keystore_password }} 5 | authenticator.saml.url={{ teamserver_authenticator_saml_url }} 6 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: test 2 | on: 3 | push: 4 | 5 | jobs: 6 | test: 7 | runs-on: ubuntu-latest 8 | steps: 9 | - uses: actions/checkout@v2 10 | - name: setup 11 | run: | 12 | apt-get install python-pip 13 | pip install ansible 14 | printf '[defaults]\nroles_path=../' >ansible.cfg 15 | - name: Basic role syntax check 16 | run: 17 | - ansible-playbook tests/test.yml -i tests/inventory --syntax-check 18 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure('2') do |config| 5 | config.vm.define 'ansible-role-teamserver' do |c| 6 | c.vm.box = 'ubuntu/trusty64' 7 | c.vm.hostname = 'ansible-role-teamserver' 8 | c.vm.provision 'ansible' do |ansible| 9 | ansible.playbook = 'test.yml' 10 | ansible.verbose = 'v' 11 | #ansible.tags = 'update_teamserver_property_files' 12 | #ansible.extra_vars = 'tests/test.yml' 13 | #ansible.inventory_path = 'tests/inventory' 14 | ansible.host_key_checking = false 15 | end 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /templates/contrast_conf_database.properties: -------------------------------------------------------------------------------- 1 | jdbc.url={{ teamserver_jdbc_url }} 2 | jdbc.driver={{ teamserver_jdbc_driver }} 3 | jdbc.user={{ teamserver_jdbc_user }} 4 | jdbc.debug={{ teamserver_jdbc_debug }} 5 | jdbc.type={{ teamserver_jdbc_type }} 6 | jdbc.dialect={{ teamserver_jdbc_dialect }} 7 | jdbc.pass={{ teamserver_jdbc_pass }} 8 | jdbc.maxPoolSize={{ teamserver_jdbc_max_pool_size }} 9 | jdbc.minPoolSize={{ teamserver_jdbc_min_pool_size }} 10 | jdbc.initialPoolSize={{ teamserver_jdbc_min_pool_size }} 11 | database.enabled={{ teamserver_jdbc_database_enabled }} 12 | database.bk.time={{ teamserver_jdbc_database_bk_time }} 13 | database.bk.dir={{ teamserver_jdbc_database_bk_time }} 14 | database.type={{ teamserver_jdbc_database_type }} -------------------------------------------------------------------------------- /templates/contrast_conf_hub.properties: -------------------------------------------------------------------------------- 1 | hub.getall.url={{ teanserver_hub_getall_url }} 2 | hub.getlatest.url={{ teamserver_hub_getlatest_url }} 3 | hub.apiKey=demo 4 | hub.host={{ teamserver_hub_host }} 5 | hub.port={{ teamserver_hub_port }} 6 | hub.protocol={{ teamserver_hub_protocol }} 7 | try.hub={{ teamserver_try_hub }} 8 | hub.task.populatelibcache.sleep.millis={{ teamserver_hub_task_populatelibcache_sleep_millis }} 9 | http.proxyHost={{ teamserver_hub_http_proxyHost }} 10 | proxySet={{ teamserver_hub_proxySet }} 11 | http.proxyPassword={{ teamserver_hub_http_proxyPassword }} 12 | http.proxyPort={{ teamserver_hub_http_proxyPort }} 13 | hub.task.populatelibcache.bulk.size={{ teamserver_hub_task_populatelibcache_bulk_size }} 14 | http.proxyUser={{ teamserver_hub_http_proxyUser }} 15 | -------------------------------------------------------------------------------- /tasks/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Get latest version 3 | uri: 4 | url: https://{{ teamserver_hub_host }}/h/api/artifacts/war 5 | headers: 6 | Authorization: "Bearer {{ hub_api_key }}" 7 | status_code: 302 8 | follow_redirects: false 9 | register: output 10 | 11 | - name: Get File Name 12 | set_fact: 13 | file_name: "{{ (output.location | urlsplit('path')).split('/war/')[1] }}" 14 | 15 | - name: Download TS {{ file_name }} 16 | get_url: 17 | url: https://{{ teamserver_hub_host }}/h/api/artifacts/war 18 | headers: 19 | Authorization: "Bearer {{ hub_api_key }}" 20 | dest: /var/lib/tomcat/webapps/Contrast.war 21 | follow: True 22 | owner: "{{ tomcat_user }}" 23 | group: "{{ tomcat_group }}" 24 | notify: 25 | - restart tomcat -------------------------------------------------------------------------------- /templates/contrast_esapi_ValidationMessages.properties: -------------------------------------------------------------------------------- 1 | Validator.SafeString.message = Invalid Field 2 | Validator.Pattern.message = Pattern for this field does not match 3 | Validator.Empty.message = Cannot be empty 4 | Validator.Length.message = Must be less than {max} characters 5 | 6 | Validator.RequestData.message = Invalid data in the request 7 | Validator.TraceBucket.Name = Trace Bucket Name must not be empty and must contain only Alpha-Numeric characters and any of '[]{}()-_.,"':' 8 | Validator.TraceBucket.Trace = At least one trace should be selected 9 | 10 | org.hibernate.validator.constraints.NotEmpty.message = Field required 11 | javax.validation.constraints.NotNull.message = Field required 12 | 13 | Validator.invalidvalue.message = Invalid value 14 | Validator.serviceLevel.message = Invalid ServiceLevel value -------------------------------------------------------------------------------- /templates/contrast_conf_mail.properties: -------------------------------------------------------------------------------- 1 | jira.report.to={{ teamserver_jira_report_to }} 2 | mail.enabled={{ teamserver_mail_enabled }} 3 | mail.username={{ teamserver_mail_username }} 4 | mail.debug={{ teamserver_mail_debug}} 5 | alert.subject={{ teamserver_alert_subject }} 6 | mail.smtp.starttls={{ teamserver_mail_smtp_starttls }} 7 | jira.report.sender={{ teamserver_jira_report_sender }} 8 | mail.exchange.auth.required={{ teamserver_mail_exchange_auth_required }} 9 | mail.host={{ teamserver_mail_host }} 10 | mail.smtp.auth={{ teamserver_mail_smtp_auth }} 11 | alert.sender={{ teamserver_alert_sender }} 12 | mail.password={{ teamserver_mail_password }} 13 | mail.port={{ teamserver_mail_port }} 14 | mail.protocol={{ teamserver_mail_protocol }} 15 | {% if teamserver_mail_sender is defined %} 16 | mail.from={{ teamserver_mail_sender }} 17 | {% endif %} -------------------------------------------------------------------------------- /templates/contrast_esapi_ValidationMessages_es.properties: -------------------------------------------------------------------------------- 1 | Validator.SafeString.message = Campo no válido 2 | Validator.Pattern.message = Formato para este campo no es válido 3 | Validator.Empty.message = Campo no puede ser vacío 4 | Validator.Length.message = Debe tener menos de {max} caracteres 5 | 6 | Validator.RequestData.message = Datos enviados en la petición no son válidos 7 | Validator.TraceBucket.Name = Nombre de Bucket debe contener s\u00F3lo catacteres alfan\u00FAmericos y alguno de estos catacteres '[]{}()-_.,"'\:' 8 | Validator.TraceBucket.Trace = Por lo menos una traza debe ser seleccionada 9 | 10 | org.hibernate.validator.constraints.NotEmpty.message = Campo obligatorio 11 | javax.validation.constraints.NotNull.message = Campo obligatorio 12 | 13 | Validator.invalidvalue.message = Valor invalido 14 | Validator.serviceLevel.message = Valor invalido del ServiceLevel -------------------------------------------------------------------------------- /templates/contrast_conf_auth.properties: -------------------------------------------------------------------------------- 1 | password.diffchars.min=4 2 | password.min.symbols=0 3 | password.diffchars.max=25 4 | token.length=20 5 | password.changetime.min=8 6 | password.changetime.max=48 7 | password.history.retained.min=1 8 | token.expiration.days=1 9 | password.diffchars.check=false 10 | password.default.size=8 11 | password.history.retained.max=10 12 | password.min.size=8 13 | password.changetime.check=false 14 | password.min.numbers=1 15 | auth.max_failed_attempts=3 16 | password.history.retained=5 17 | password.expiration.days.min=30 18 | password.changetime.default=24 19 | password.expiration.days.max=365 20 | password.lock.unused.accounts=180 21 | password.min.upper=1 22 | password.lock.unused.accounts.min=30 23 | password.expiration.days=365 24 | password.lock.unused.accounts.max=180 25 | password.history=false 26 | password.diffchars.default=4 27 | authentication.mode={{ teamserver_auth_authentication_mode }} 28 | password.min.lower=1 29 | -------------------------------------------------------------------------------- /templates/contrast_logrotate: -------------------------------------------------------------------------------- 1 | {{ teamserver_contrast_datadir }}/logs/audit.log { 2 | copytruncate 3 | daily 4 | rotate 7 5 | compress 6 | missingok 7 | size 25M 8 | } 9 | 10 | {{ teamserver_contrast_datadir }}/logs/console.log { 11 | copytruncate 12 | daily 13 | rotate 7 14 | compress 15 | missingok 16 | size 25M 17 | } 18 | 19 | {{ teamserver_contrast_datadir }}/logs/contrast.log { 20 | copytruncate 21 | daily 22 | rotate 7 23 | compress 24 | missingok 25 | size 25M 26 | } 27 | 28 | {{ teamserver_contrast_datadir }}/logs/migration.log { 29 | copytruncate 30 | daily 31 | rotate 7 32 | compress 33 | missingok 34 | size 25M 35 | } 36 | 37 | {{ teamserver_contrast_datadir }}/logs/security-events.log { 38 | copytruncate 39 | daily 40 | rotate 7 41 | compress 42 | missingok 43 | size 25M 44 | } 45 | 46 | {{ teamserver_contrast_datadir }}/logs/windward.log { 47 | copytruncate 48 | daily 49 | rotate 7 50 | compress 51 | missingok 52 | size 25M 53 | } 54 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Contrast Security OSS 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /files/rds-ca-2015-root.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMx 3 | EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIjAgBgNVBAoM 4 | GUFtYXpvbiBXZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMx 5 | GzAZBgNVBAMMEkFtYXpvbiBSRFMgUm9vdCBDQTAeFw0xNTAyMDUwOTExMzFaFw0y 6 | MDAzMDUwOTExMzFaMIGKMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv 7 | bjEQMA4GA1UEBwwHU2VhdHRsZTEiMCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNl 8 | cywgSW5jLjETMBEGA1UECwwKQW1hem9uIFJEUzEbMBkGA1UEAwwSQW1hem9uIFJE 9 | UyBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuD8nrZ8V 10 | u+VA8yVlUipCZIKPTDcOILYpUe8Tct0YeQQr0uyl018StdBsa3CjBgvwpDRq1HgF 11 | Ji2N3+39+shCNspQeE6aYU+BHXhKhIIStt3r7gl/4NqYiDDMWKHxHq0nsGDFfArf 12 | AOcjZdJagOMqb3fF46flc8k2E7THTm9Sz4L7RY1WdABMuurpICLFE3oHcGdapOb9 13 | T53pQR+xpHW9atkcf3pf7gbO0rlKVSIoUenBlZipUlp1VZl/OD/E+TtRhDDNdI2J 14 | P/DSMM3aEsq6ZQkfbz/Ilml+Lx3tJYXUDmp+ZjzMPLk/+3beT8EhrwtcG3VPpvwp 15 | BIOqsqVVTvw/CwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw 16 | AwEB/zAdBgNVHQ4EFgQUTgLurD72FchM7Sz1BcGPnIQISYMwHwYDVR0jBBgwFoAU 17 | TgLurD72FchM7Sz1BcGPnIQISYMwDQYJKoZIhvcNAQEFBQADggEBAHZcgIio8pAm 18 | MjHD5cl6wKjXxScXKtXygWH2BoDMYBJF9yfyKO2jEFxYKbHePpnXB1R04zJSWAw5 19 | 2EUuDI1pSBh9BA82/5PkuNlNeSTB3dXDD2PEPdzVWbSKvUB8ZdooV+2vngL0Zm4r 20 | 47QPyd18yPHrRIbtBtHR/6CwKevLZ394zgExqhnekYKIqqEX41xsUV0Gm6x4vpjf 21 | 2u6O/+YE2U+qyyxHE5Wd5oqde0oo9UUpFETJPVb6Q2cEeQib8PBAyi0i6KnF+kIV 22 | A9dY7IHSubtCK/i8wxMVqfd5GtbA8mmpeJFwnDvm9rBEsHybl08qlax9syEwsUYr 23 | /40NawZfTUU= 24 | -----END CERTIFICATE----- 25 | -------------------------------------------------------------------------------- /files/rds-ca-2019-root.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEBjCCAu6gAwIBAgIJAMc0ZzaSUK51MA0GCSqGSIb3DQEBCwUAMIGPMQswCQYD 3 | VQQGEwJVUzEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECAwKV2FzaGluZ3RvbjEi 4 | MCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjETMBEGA1UECwwKQW1h 5 | em9uIFJEUzEgMB4GA1UEAwwXQW1hem9uIFJEUyBSb290IDIwMTkgQ0EwHhcNMTkw 6 | ODIyMTcwODUwWhcNMjQwODIyMTcwODUwWjCBjzELMAkGA1UEBhMCVVMxEDAOBgNV 7 | BAcMB1NlYXR0bGUxEzARBgNVBAgMCldhc2hpbmd0b24xIjAgBgNVBAoMGUFtYXpv 8 | biBXZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxIDAeBgNV 9 | BAMMF0FtYXpvbiBSRFMgUm9vdCAyMDE5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC 10 | AQ8AMIIBCgKCAQEArXnF/E6/Qh+ku3hQTSKPMhQQlCpoWvnIthzX6MK3p5a0eXKZ 11 | oWIjYcNNG6UwJjp4fUXl6glp53Jobn+tWNX88dNH2n8DVbppSwScVE2LpuL+94vY 12 | 0EYE/XxN7svKea8YvlrqkUBKyxLxTjh+U/KrGOaHxz9v0l6ZNlDbuaZw3qIWdD/I 13 | 6aNbGeRUVtpM6P+bWIoxVl/caQylQS6CEYUk+CpVyJSkopwJlzXT07tMoDL5WgX9 14 | O08KVgDNz9qP/IGtAcRduRcNioH3E9v981QO1zt/Gpb2f8NqAjUUCUZzOnij6mx9 15 | McZ+9cWX88CRzR0vQODWuZscgI08NvM69Fn2SQIDAQABo2MwYTAOBgNVHQ8BAf8E 16 | BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUc19g2LzLA5j0Kxc0LjZa 17 | pmD/vB8wHwYDVR0jBBgwFoAUc19g2LzLA5j0Kxc0LjZapmD/vB8wDQYJKoZIhvcN 18 | AQELBQADggEBAHAG7WTmyjzPRIM85rVj+fWHsLIvqpw6DObIjMWokpliCeMINZFV 19 | ynfgBKsf1ExwbvJNzYFXW6dihnguDG9VMPpi2up/ctQTN8tm9nDKOy08uNZoofMc 20 | NUZxKCEkVKZv+IL4oHoeayt8egtv3ujJM6V14AstMQ6SwvwvA93EP/Ug2e4WAXHu 21 | cbI1NAbUgVDqp+DRdfvZkgYKryjTWd/0+1fS8X1bBZVWzl7eirNVnHbSH2ZDpNuY 22 | 0SBd8dj5F6ld3t58ydZbrTHze7JJOd8ijySAp4/kiu9UfZWuTPABzDa/DSdz9Dk/ 23 | zPW4CXXvhLmE02TA9/HeCw3KEHIwicNuEfw= 24 | -----END CERTIFICATE----- 25 | -------------------------------------------------------------------------------- /templates/contrast_conf_servo.properties: -------------------------------------------------------------------------------- 1 | servo.activemq.observers={{ teamserver_servo_activemq_observers }} 2 | servo.activemq.file.zerovaluemetrics={{ teamserver_servo_activemq_file_zerovaluemetrics }} 3 | servo.activemq.file.metrics={{ teamserver_servo_activemq_file_metrics }} 4 | servo.activemq.file.objects={{ teamserver_servo_activemq_file_objects }} 5 | servo.activemq.cloudwatch.metrics={{ teamserver_servo_activemq_cloudwatch_metrics }} 6 | servo.activemq.cloudwatch.objects={{ teamserver_servo_activemq_cloudwatch_objects }} 7 | 8 | servo.spring.observers={{ teamserver_servo_spring_observers }} 9 | servo.spring.file.zerovaluemetrics={{ teamserver_servo_spring_file_zerovaluemetrics }} 10 | servo.spring.file.metrics={{ teamserver_servo_spring_file_metrics }} 11 | servo.spring.file.objects={{ teamserver_servo_spring_file_objects }} 12 | servo.spring.cloudwatch.metrics={{ teamserver_servo_spring_cloudwatch_metrics }} 13 | servo.spring.cloudwatch.objects={{ teamserver_servo_spring_cloudwatch_objects }} 14 | 15 | servo.bg.observers={{ teamserver_servo_bg_observers }} 16 | servo.bg.file.zerovaluemetrics={{ teamserver_servo_bg_file_zerovaluemetrics }} 17 | servo.bg.file.metrics={{ teamserver_servo_bg_file_metrics }} 18 | servo.bg.file.objects={{ teamserver_servo_bg_file_objects }} 19 | servo.bg.cloudwatch.metrics={{ teamserver_bg_cloudwatch_metrics }} 20 | servo.bg.cloudwatch.objects={{ teamserver_bg_cloudwatch_objects }} 21 | 22 | servo.refresh={{ teamserver_servo_refresh }} 23 | servo.activemq.file.zerovaluemetrics={{ teamserver_servo_activemq_file_zerovaluemetrics }} 24 | servo.cloudwatch.accesskey={{ teamserver_servo_cloudwatch_accesskey }} 25 | servo.cloudwatch.secretkey={{ teamserver_servo_cloudwatch_secretkey }} 26 | servo.cloudwatch.namespace.prefix={{ teamserver_servo_cloudwatch_namespace_prefix }} 27 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your role description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Choose a valid license ID from https://spdx.org - some suggested licenses: 11 | # - BSD-3-Clause (default) 12 | # - MIT 13 | # - GPL-2.0-or-later 14 | # - GPL-3.0-only 15 | # - Apache-2.0 16 | # - CC-BY-4.0 17 | license: license (GPL-2.0-or-later, MIT, etc) 18 | 19 | min_ansible_version: 1.9 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # 25 | # Provide a list of supported platforms, and for each platform a list of versions. 26 | # If you don't wish to enumerate all versions for a particular platform, use 'all'. 27 | # To view available platforms and versions (or releases), visit: 28 | # https://galaxy.ansible.com/api/v1/platforms/ 29 | # 30 | # platforms: 31 | # - name: Fedora 32 | # versions: 33 | # - all 34 | # - 25 35 | # - name: SomePlatform 36 | # versions: 37 | # - all 38 | # - 1.0 39 | # - 7 40 | # - 99.99 41 | 42 | galaxy_tags: [] 43 | # List tags for your role here, one per line. A tag is a keyword that describes 44 | # and categorizes the role. Users find roles by searching for tags. Be sure to 45 | # remove the '[]' above, if you add tags to this list. 46 | # 47 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 48 | # Maximum 20 tags per role. 49 | 50 | dependencies: [] 51 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 52 | # if you add dependencies to this list. 53 | -------------------------------------------------------------------------------- /templates/contrast_conf_ldap.properties: -------------------------------------------------------------------------------- 1 | ldap.server.port={{ teamserver_ldap_server_port }} 2 | ldap.bind.method={{ teamserver_ldap_bind_method }} 3 | ldap.group.users={{ teamserver_ldap_group_users }} 4 | ldap.user.objectclass={{ teamserver_ldap_user_objectclass }} 5 | ldap.user.use.password.attribute={{ teamserver_ldap_user_use_password_attribute }} 6 | ldap.user.password.attribute={{ teamserver_ldap_user_password_attribute }} 7 | ldap.bind.username={{ teamserver_ldap_bind_username }} 8 | ldap.group.member.attribute={{ teamserver_ldap_group_member_attribute }} 9 | ldap.bind.realm={{ teamserver_ldap_bind_realm }} 10 | ldap.group.use.subtrees={{ teamserver_ldap_group_use_subtrees }} 11 | ldap.group.objectclass={{ teamserver_ldap_group_objectclass }} 12 | ldap.user.objectClass={{ teamserver_ldap_user_objectClass }} 13 | ldap.user.management={{ teamserver_ldap_user_management }} 14 | ldap.user.baseDN={{ teamserver_ldap_user_baseDN }} 15 | ldap.user.firstname.attribute={{ teamserver_ldap_user_firstname_attribute }} 16 | ldap.user.use.subtrees={{ teamserver_ldap_user_use_subtrees }} 17 | ldap.baseDN={{ teamserver_ldap_baseDN }} 18 | ldap.server.protocol={{ teamserver_ldap_server_protocol }} 19 | ldap.group.baseDN={{ teamserver_ldap_group_baseDN }} 20 | ldap.identity.attribute.name={{ teamserver_ldap_identity_attribute_name }} 21 | ldap.group.lookup.strategy={{ teamserver_ldap_group_lookup_strategy }} 22 | ldap.user.mail.attribute={{ teamserver_ldap_user_mail_attribute }} 23 | ldap.user.group.attribute={{ teamserver_ldap_user_group_attribute }} 24 | ldap.user.username.attribute={{ teamserver_ldap_user_username_attribute }} 25 | ldap.user.lastname.attribute={{ teamserver_ldap_user_lastname_attribute }} 26 | ldap.group.admin={{ teamserver_ldap_group_admin }} 27 | ldap.server.address={{ teamserver_ldap_server_address }} 28 | ldap.bind.password={{ teamserver_ldap_bind_password }} 29 | -------------------------------------------------------------------------------- /templates/contrast_conf_general.properties: -------------------------------------------------------------------------------- 1 | audit.use.forwardedfor={{ teamserver_general_audit_use_forwardedfor }} 2 | dotnet.name={{ teamserver_general_dotnet_name }} 3 | jar.name={{ teamserver_general_jar_name }} 4 | jms.channel.concurrency.serverActivity={{ teamserver_general_jms_channel_concurrency_serverActivity }} 5 | jms.channel.concurrency.applicationUpdate={{ teamserver_general_jms_channel_concurrency_appUpdate }} 6 | jms.channel.concurrency.routeCoverage={{ teamserver_general_jms_channel_concurrency_routeCoverage }} 7 | jms.channel.concurrency.routeCoverageVulns={{ teamserver_general_jms_channel_concurrency_routeCoverageVulns }} 8 | jms.channel.concurrency.attackAlerts={{ teamserver_general_jms_channel_concurrency_attackAlerts }} 9 | jms.channel.concurrency.applicationActivity={{ teamserver_general_jms_channel_concurrency_applicationActivity }} 10 | jms.channel.concurrency.engineTraces={{ teamserver_general_jms_channel_concurrency_engineTraces }} 11 | jms.channel.concurrency.notificationServerOffline={{ teamserver_general_jms_channel_concurrency_notificationServerOffline }} 12 | jms.channel.concurrency.notificationNewServer={{ teamserver_general_jms_channel_concurrency_notificationNewServer }} 13 | jms.channel.explicit-qos-enabled={{ teamserver_general_jms_channel_explicit_qos_enabled }} 14 | jms.channel.time-to-live={{ teamserver_general_jms_channel_time_to_live }} 15 | jms.database.delete-on-startup.once={{ teamserver_general_jms_database_delete_on_startup_once }} 16 | jms.connection.factory.session.cache.size={{ teamserver_general_jms_connection_factory_session_cache_size }} 17 | jms.connection.pool.maxConnections={{ teamserver_general_jms_max_connections }} 18 | lang.default={{ teamserver_general_lang_default }} 19 | lang.i18n={{ teamserver_general_lang_i18n }} 20 | node.name={{ teamserver_general_node_name }} 21 | teamserver.cert={{ teamserver_general_teamserver_cert }} 22 | teamserver.url={{ teamserver_general_teamserver_url }} 23 | timezone.default={{ teamserver_general_timezone_default }} 24 | cache.usememcache={{ teamserver_general_use_memcache }} 25 | cache.memcache.servers={{ cache_configuration_endpoint }} 26 | cache.eac.expirationInSeconds={{ teamserver_general_eac_expiration }} 27 | cache.eac.type={{ teamserver_general_eac_cache_type }} 28 | teamserver.environment={{ env }} 29 | reporting.storage.s3.bucket={{ product }}-{{ env }}-{{ region }}-reports 30 | reporting.storage.mode=S3 31 | reporting.generation.limit={{ teamserver_general_reporting_generation_limit }} -------------------------------------------------------------------------------- /templates/autoscale_script.sh: -------------------------------------------------------------------------------- 1 | # #!/bin/bash 2 | 3 | # # Don't make a mess of / 4 | # mkdir -p /tmp/contrast 5 | # cd /tmp/contrast 6 | 7 | # region={{ teamserver_region }} 8 | # # hard code to us-east-1, we don't need to replicate these artifacts 9 | # agent_artifact_region=us-east-1 10 | # # enforce contrast_data_directory for older bundles 11 | # contrast_data_dir={{ teamserver_contrast_datadir }} 12 | 13 | # # full bucket path ie contrast-production-artifacts/saas or contrast-internal-artifacts 14 | # teamserver_bucket={{ teamserver_asg_bucket }} 15 | 16 | # # full bucket path for agents 17 | # teamserver_agent_bucket={{ agent_s3_bucket }}/{{ agent_s3_env}}/agents 18 | 19 | # # AWS metadata url timeout :( 20 | # # double timeout every try for 5 tries 21 | # function retry_aws_cmd () { 22 | # local max_attempts=${ATTEMPTS-5} 23 | # local timeout=${TIMEOUT-1} 24 | # local attempt=0 25 | # local exitCode=0 26 | 27 | # while (( $attempt < $max_attempts )) 28 | # do 29 | # "$@" 30 | # exitCode=$? 31 | 32 | # if [[ $exitCode == 0 ]] 33 | # then 34 | # break 35 | # fi 36 | 37 | # echo "Command failed: Retrying in $timeout.." 1>&2 38 | # sleep $timeout 39 | # attempt=$(( attempt + 1 )) 40 | # timeout=$(( timeout * 2 )) 41 | # done 42 | 43 | # if [[ $exitCode != 0 ]] 44 | # then 45 | # echo "Unable to: ($@)" 1>&2 46 | # fi 47 | 48 | # return $exitCode 49 | # } 50 | 51 | # deploy () { 52 | # artifact=$1 53 | # # change user to tomcat to not change ownership of /opt/codedeploy dirs 54 | # runuser -l tomcat -c "/opt/codedeploy-agent/bin/codedeploy-local --bundle-location $artifact --type zip" 55 | # } 56 | 57 | # download_codedeploy_bundle () { 58 | # artifact=$1 59 | # required=$2 60 | # echo "Attempting to download version.txt from s3 ($teamserver_bucket)" 61 | # retry_aws_cmd aws s3 --region $region cp s3://"$teamserver_bucket"/"$artifact"/version.txt "$artifact"_version.txt 62 | # VERSION=$(cat "$artifact"_version.txt) 63 | # if [[ -z $VERSION ]]; then 64 | # return "Skipping. Specified version not found" 65 | # fi 66 | 67 | # echo "Preparing to download latest deployed version of the artifact for $artifact" 68 | # if [[ $(retry_aws_cmd aws s3 --region $region ls s3://"$teamserver_bucket"/"$artifact"/"$VERSION"/latest.txt) ]]; then 69 | # echo "latest.txt is present" 70 | # retry_aws_cmd aws s3 --region $region cp s3://"$teamserver_bucket"/"$artifact"/"$VERSION"/latest.txt "$artifact"_latest.txt 71 | # latest_artifact=$(cat "$artifact"_latest.txt) 72 | 73 | # if [[ $(retry_aws_cmd aws s3 --region $region ls s3://"$teamserver_bucket"/"$artifact"/"$VERSION"/"$latest_artifact") ]]; then 74 | # echo "latest_artifact present" 75 | # retry_aws_cmd aws s3 --region $region cp s3://"$teamserver_bucket"/"$artifact"/"$VERSION"/"$latest_artifact" . 76 | 77 | # echo "Deploying $latest_artifact" 78 | # full_path_of_artifact=$(readlink -f $latest_artifact) 79 | # deploy $full_path_of_artifact 80 | 81 | # echo "Remove temporary placement of artifacts" 82 | # rm $latest_artifact 83 | # else 84 | # echo "latest_artifact not present" 85 | # return 86 | # fi 87 | # else 88 | # echo "latest.txt not present" 89 | # return 90 | # fi 91 | # } 92 | 93 | # echo "Now downloading TeamServer" 94 | # download_codedeploy_bundle contrast-ui 95 | # chown -R tomcat:tomcat /var/www/ 96 | # chmod 755 -R /var/www/ 97 | # download_codedeploy_bundle teamserver 98 | -------------------------------------------------------------------------------- /templates/contrast_esapi_ESAPI.properties: -------------------------------------------------------------------------------- 1 | 2 | Logger.LogServerIP=true 3 | Encryptor.HashAlgorithm=SHA-512 4 | Encryptor.HashIterations=1024 5 | ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector 6 | ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder 7 | HttpUtilities.ForceSecureSession=false 8 | Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+\=_ ]*$ 9 | Validator.HTTPURL=^.*$ 10 | Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-\=\\*\\.\\?;,+\\/\:&_ ]*$ 11 | Validator.HTTPURI=^[a-zA-Z0-9()\\-\=\\*\\.\\?;,+\\/\:&_ ]*$ 12 | Validator.HTTPQueryString=^[a-zA-Z0-9()\\-\=\\*\\.\\?;,+\\/\:&_ ](1,50)$ 13 | ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer 14 | ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor 15 | Encryptor.cipher_modes.additional_allowed=CBC,ECB 16 | HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll 17 | Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC 18 | Authenticator.UsernameParameterName=username 19 | HttpUtilities.ForceHttpOnlyCookies=true 20 | Validator.HTTPJSESSIONID=^[A-Z0-9]{10,32}$ 21 | Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$ 22 | ESAPI.Authenticator=contrast.teamserver.security.auth.prod.ContrastAuthenticatorAdapter 23 | Encryptor.PlainText.overwrite=true 24 | Encryptor.CipherTransformation=AES/CBC/PKCS5Padding 25 | Encryptor.DigitalSignatureKeyLength=1024 26 | IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2 27 | IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout 28 | Validator.AccountName=^[a-zA-Z0-9]{3,20}$ 29 | ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor 30 | Validator.HTTPContextPath=^[a-zA-Z0-9.\\-_]*$ 31 | Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f 32 | HttpUtilities.UploadDir=C\:\\ESAPI\\testUpload 33 | Logger.LogEncodingRequired=false 34 | Authenticator.PasswordParameterName=password 35 | Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$ 36 | Validator.ConfigurationFile=validation.properties 37 | Executor.WorkingDirectory=C\:\\Windows\\Temp 38 | ESAPI.printProperties=false 39 | Encryptor.DigitalSignatureAlgorithm=DSA 40 | Logger.LogFileName=ESAPI_logging_file 41 | Encryptor.CipherText.useMAC=true 42 | Encryptor.MasterSalt={{ teamserver_esapi_encryptor_master_salt }} 43 | IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1 44 | IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10 45 | IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10 46 | Validator.RoleName=^[a-z]{1,20}$ 47 | Validator.HTTPParameterName=^[a-zA-Z0-9_]{1,32}$ 48 | Logger.ApplicationName=Contrast TeamServer 49 | Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$ 50 | IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout 51 | IntrusionDetector.event.test.actions=disable,log 52 | Encryptor.KDF.PRF=HmacSHA256 53 | Authenticator.AllowedLoginAttempts=3 54 | Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+\=_ ]*$ 55 | HttpUtilities.ForceHttpOnlySession=false 56 | IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout 57 | HttpUtilities.MaxUploadFileBytes=500000000 58 | Validator.Redirect=^\\/test.*$ 59 | Authenticator.AbsoluteTimeoutDuration=120 60 | Executor.ApprovedExecutables=C\:\\Windows\\System32\\cmd.exe,C\:\\Windows\\System32\\runas.exe 61 | Authenticator.IdleTimeoutDuration=20 62 | Authenticator.RememberTokenDuration=14 63 | ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController 64 | Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec 65 | HttpUtilities.ForceSecureCookies=true 66 | Encryptor.EncryptionKeyLength=128 67 | Authenticator.MaxOldPasswordHashes=13 68 | Encoder.AllowMultipleEncoding=false 69 | HttpUtilities.ResponseContentType=text/html; charset\=UTF-8 70 | Encryptor.PreferredJCEProvider= 71 | IntrusionDetector.event.test.count=2 72 | Encryptor.ChooseIVMethod=random 73 | Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$ 74 | IntrusionDetector.event.test.interval=10 75 | IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1 76 | Encryptor.EncryptionAlgorithm=AES 77 | Validator.DirectoryName=^[a-zA-Z0-9\:/\\\\\!@\#$%^&{}\\[\\]()_+\\-\=,.~'` ]{1,255}$ 78 | ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator 79 | IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5 80 | Encryptor.RandomAlgorithm=SHA1PRNG 81 | Encryptor.CharacterEncoding=UTF-8 82 | Encryptor.MasterKey={{ teamserver_esapi_encryptor_master_key }} 83 | Validator.FileName=^[a-zA-Z0-9\!@\#$%^&{}\\[\\]()_+\\-\=,.~'` ]{1,255}$ 84 | ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities 85 | Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$ 86 | IntrusionDetector.Disable=true 87 | Validator.HTTPScheme=^(http|https)$ 88 | Logger.MaxLogFileSize=10000000 89 | Logger.LogApplicationName=true 90 | -------------------------------------------------------------------------------- /templates/contrast_conf_log4j2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | {% raw %}%d %m%n{% endraw %} 8 | 9 | 10 | 11 | 12 | 13 | 14 | {% raw %}%d{ddMMyy HH.mm.ss,SSS}{%X{session.id}} {%X{user.name}} {%X{remote.addr}} %-5p (%F:%L) %m%n{% endraw %} 15 | 16 | 17 | 18 | 19 | 20 | {% raw %}%d %m%n{% endraw %} 21 | 22 | 23 | 24 | 25 | 26 | 27 | {% raw %}%d{ddMMyy HH.mm.ss,SSS} %-5p (%F:%L) %m%n{% endraw %} 28 | 29 | 30 | 31 | 32 | 33 | 34 | {% raw %}%d{ddMMyy HH.mm.ss,SSS}{%X{session.id}} {%X{user.name}} {%X{remote.addr}} %-5p (%F:%L) %m%n{% endraw %} 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create contrast data directory ({{ teamserver_contrast_datadir }} 3 | file: 4 | path: "{{ teamserver_contrast_datadir }}" 5 | state: directory 6 | owner: "{{ teamserver_service_account }}" 7 | group: "{{ teamserver_service_account }}" 8 | 9 | - name: Create contents of contrast data directory ({{ teamserver_contrast_datadir }} 10 | file: 11 | path: "{{ teamserver_contrast_datadir }}/{{ item }}" 12 | state: directory 13 | owner: "{{ teamserver_service_account }}" 14 | group: "{{ teamserver_service_account }}" 15 | mode: 0770 16 | with_items: 17 | - conf 18 | - logs 19 | - data/rulepack 20 | - saml 21 | - bin 22 | - cache 23 | - libraries 24 | - agents 25 | - agents/contrast-service 26 | - agents/contrast-service/linux 27 | - agents/contrast-service/win 28 | - agents/contrast-service/mac 29 | - agents/java 30 | - agents/dotnet 31 | - agents/dotnet-core 32 | - agents/node 33 | - agents/ruby/agent 34 | - agents/ruby/service 35 | - agents/python 36 | - esapi 37 | 38 | # This license will need to be pulled from the sibling or upstream application server you want to join 39 | # It is important to do three things here: 40 | # 1. grab license that has been encrypted 41 | # 2. grab the key and salt from esapi.properties 42 | # 3. create ansible vault encrypted groupvars file for these properties 43 | # 3. create hidden .contrast file 44 | - name: Creating hidden .contrast file in contrast data directory 45 | file: 46 | path: "{{ teamserver_contrast_datadir }}/.contrast" 47 | state: touch 48 | owner: "{{ teamserver_service_account }}" 49 | group: "{{ teamserver_service_account }}" 50 | 51 | - name: install previously initialized license 52 | copy: 53 | src: "{{ teamserver_license_path }}" 54 | dest: "{{ teamserver_contrast_datadir }}/contrast.lic" 55 | owner: "{{ teamserver_service_account }}" 56 | group: "{{ teamserver_service_account }}" 57 | 58 | 59 | - name: Copy contrast esapi templates to {{ teamserver_contrast_datadir }}/esapi on target server 60 | template: 61 | src: contrast_esapi_{{ item }} 62 | dest: "{{ teamserver_contrast_datadir }}esapi/{{ item }}" 63 | owner: "{{ teamserver_service_account }}" 64 | group: "{{ teamserver_service_account }}" 65 | with_items: 66 | - ESAPI.properties 67 | - validation.properties 68 | - ValidationMessages.properties 69 | - ValidationMessages_es.properties 70 | when: teamserver_update_esapi 71 | 72 | - name: Copy contrast conf templates to {{ teamserver_contrast_datadir }}/conf on target server 73 | template: 74 | src: contrast_conf_{{ item.filename }} 75 | dest: "{{ teamserver_contrast_datadir }}/conf/{{ item.filename }}" 76 | owner: "{{ teamserver_service_account }}" 77 | group: "{{ teamserver_service_account }}" 78 | with_items: 79 | - { filename: agent.properties, conditional: "{{ teamserver_update_agent_properties }}" } 80 | - { filename: auth.properties, conditional: "{{ teamserver_update_auth_properties }}" } 81 | - { filename: general.properties, conditional: "{{ teamserver_update_general_properties }}" } 82 | - { filename: hub.properties, conditional: "{{ teamserver_update_hub_properties }}" } 83 | - { filename: mail.properties, conditional: "{{ teamserver_update_mail_properties }}" } 84 | - { filename: security.properties, conditional: "{{ teamserver_update_security_properties }}" } 85 | - { filename: support.properties, conditional: "{{ teamserver_update_support_properties }}" } 86 | - { filename: features.json, conditional: "{{ teamserver_update_features_json }}" } 87 | - { filename: head.js, conditional: "{{ teamserver_update_head_js }}" } 88 | - { filename: footer.html, conditional: "{{ teamserver_update_footer_html }}" } 89 | - { filename: ardy.properties, conditional: "{{ teamserver_update_ardyproperties }}" } 90 | - { filename: metrics.properties, conditional: "{{ teamserver_update_metrics_properties }}" } 91 | - { filename: telemetry.properties, conditional: "{{ teamserver_update_telemetry_properties }}" } 92 | when: "{{ item.conditional }} == true" 93 | tags: ['update_teamserver_property_files'] 94 | 95 | - name: Preinitializing TeamServer 96 | file: 97 | path: "{{ teamserver_contrast_datadir }}/.initialized" 98 | state: touch 99 | owner: "{{ teamserver_service_account }}" 100 | group: "{{ teamserver_service_account }}" 101 | 102 | # - name: Copy encrypted contrast data templates to {{ teamserver_contrast_datadir }} on target server 103 | # copy: 104 | # src: "{{ teamserver_encrypted_properties_folder }}/{{ item }}" 105 | # dest: "{{ teamserver_contrast_datadir }}/conf/{{ item }}" 106 | # owner: "{{ teamserver_service_account }}" 107 | # group: "{{ teamserver_service_account }}" 108 | # with_items: 109 | # - ad.properties 110 | # - database.properties 111 | # - ldap.properties 112 | # - servo.properties 113 | # - saml.properties 114 | # - avatar.properties 115 | 116 | - name: Update database properties {{ teamserver_contrast_datadir }} on target server 117 | template: 118 | src: contrast_conf_database.properties 119 | dest: "{{ teamserver_contrast_datadir }}/conf/database.properties.cleartext" 120 | owner: "{{ teamserver_service_account }}" 121 | group: "{{ teamserver_service_account }}" 122 | when: teamserver_update_database_properties 123 | tags: ['update_teamserver_property_files'] 124 | 125 | - name: Update AD properties {{ teamserver_contrast_datadir }} on target server 126 | template: 127 | src: contrast_conf_ad.properties 128 | dest: "{{ teamserver_contrast_datadir }}/conf/ad.properties.cleartext" 129 | owner: "{{ teamserver_service_account }}" 130 | group: "{{ teamserver_service_account }}" 131 | when: teamserver_update_ad_properties 132 | tags: ['update_teamserver_property_files'] 133 | 134 | - name: Update LDAP properties {{ teamserver_contrast_datadir }} on target server 135 | template: 136 | src: contrast_conf_ldap.properties 137 | dest: "{{ teamserver_contrast_datadir }}/conf/ldap.properties.cleartext" 138 | owner: "{{ teamserver_service_account }}" 139 | group: "{{ teamserver_service_account }}" 140 | when: teamserver_update_ldap_properties 141 | tags: ['update_teamserver_property_files'] 142 | 143 | - name: Update servo properties to {{ teamserver_contrast_datadir }} on target server 144 | template: 145 | src: contrast_conf_servo.properties 146 | dest: "{{ teamserver_contrast_datadir }}/conf/servo.properties.cleartext" 147 | owner: "{{ teamserver_service_account }}" 148 | group: "{{ teamserver_service_account }}" 149 | when: teamserver_update_servo_properties 150 | tags: ['update_teamserver_property_files'] 151 | 152 | - name: Update saml properties to {{ teamserver_contrast_datadir }} on target server 153 | template: 154 | src: contrast_conf_saml.properties 155 | dest: "{{ teamserver_contrast_datadir }}/conf/saml.properties.cleartext" 156 | owner: "{{ teamserver_service_account }}" 157 | group: "{{ teamserver_service_account }}" 158 | when: teamserver_update_saml_properties 159 | tags: ['update_teamserver_property_files'] 160 | 161 | - name: Update avatar properties to {{ teamserver_contrast_datadir }} on target server 162 | template: 163 | src: contrast_conf_avatar.properties 164 | dest: "{{ teamserver_contrast_datadir }}/conf/avatar.properties.cleartext" 165 | owner: "{{ teamserver_service_account }}" 166 | group: "{{ teamserver_service_account }}" 167 | when: teamserver_update_saml_properties 168 | tags: ['update_teamserver_property_files'] 169 | 170 | - name: Update agent_discovery properties to {{ teamserver_contrast_datadir }} on target server 171 | template: 172 | src: contrast_conf_agent_discovery.properties 173 | dest: "{{ teamserver_contrast_datadir }}/conf/agent_discovery.properties.cleartext" 174 | owner: "{{ teamserver_service_account }}" 175 | group: "{{ teamserver_service_account }}" 176 | when: teamserver_update_agent_discovery_properties 177 | tags: ['update_teamserver_property_files'] 178 | 179 | - name: Update activemq_connection properties to {{ teamserver_contrast_datadir }} on target server 180 | template: 181 | src: contrast_conf_activemq_connection.properties 182 | dest: "{{ teamserver_contrast_datadir }}/conf/activemq_connection.properties.cleartext" 183 | owner: "{{ teamserver_service_account }}" 184 | group: "{{ teamserver_service_account }}" 185 | when: teamserver_update_agent_discovery_properties 186 | tags: ['update_teamserver_property_files'] 187 | 188 | - name: install teamserver war into tomcat 189 | include_tasks: install.yml 190 | when: teamserver_deploy_enabled 191 | 192 | 193 | # - name: Creating a log rotate file to rotate teamserver logs 194 | # template: 195 | # src: contrast_logrotate 196 | # dest: /etc/logrotate.d/teamserver 197 | # owner: root 198 | # group: root 199 | 200 | # - name: Creating an autoscaling script for provisioning 201 | # template: 202 | # src: autoscale_script.sh 203 | # dest: {{ teamserver_contrast_datadir }}/bin/autoscaling.sh 204 | # owner: root 205 | # group: root 206 | # mode: 0775 207 | 208 | # Unnessary if not using SAML 209 | # - name: Copy SAML Keystore the application servers 210 | # copy: 211 | # src: "{{ teamserver_saml_keystore_path }}" 212 | # dest: "{{ teamserver_contrast_datadir }}/saml" 213 | # owner: tomcat 214 | # group: tomcat 215 | 216 | 217 | # - name: Create public web directory 218 | # file: 219 | # path: {{ teamserver_nginx_public_dir }} 220 | # state: directory 221 | # owner: tomcat 222 | # group: tomcat 223 | # mode: 0755 224 | # when: "teamserver_nginx_public_dir is defined" 225 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ansible-role-teamserver 3 | teamserver_contrast_datadir: "/opt/contrast/data" 4 | teamserver_deploy_enabled: false 5 | teamserver_license_path: "files/contrast.lic" 6 | teamserver_nginx_public_dir: "/var/www" 7 | teamserver_service_name: contrast-server 8 | teamserver_service_account: contrast_service 9 | 10 | # "fresh" or "used" 11 | teamserver_license_type: false 12 | teamserver_install_license: "used" 13 | teamserver_encrypted_properties_folder: "files/encrypted" 14 | teamserver_signed_artifact_url: 15 | teamserver_saml_keystore_path: "files/role-saml-keystore.jks" 16 | 17 | teamserver_update_database_properties: false 18 | teamserver_update_ldap_properties: false 19 | teamserver_update_ad_properties: false 20 | teamserver_update_servo_properties: false 21 | teamserver_update_saml_properties: false 22 | teamserver_update_agent_discovery_properties: false 23 | teamserver_update_agent_properties: false 24 | teamserver_update_auth_properties: false 25 | teamserver_update_general_properties: false 26 | teamserver_update_hub_properties: false 27 | teamserver_update_mail_properties: false 28 | teamserver_update_security_properties: false 29 | teamserver_update_support_properties: false 30 | teamserver_update_features_json: false 31 | teamserver_update_head_js: false 32 | teamserver_update_footer_html: false 33 | teamserver_update_ardyproperties: false 34 | teamserver_update_metrics_properties: false 35 | teamserver_update_telemetry_properties: false 36 | teamserver_update_esapi: false 37 | 38 | 39 | teamserver_region: "us-east-1" 40 | 41 | # used in agent.properties 42 | teamserver_agent_discovery_mode: filesystem 43 | 44 | # used in ad.properties.clean 45 | teamserver_ad_userDn: "cn=Directory Manager" 46 | teamserver_ad_identity_attribute_name: mail 47 | teamserver_ad_password: root 48 | teamserver_ad_group_users: "cn=Contrast Users,cn=Users,dc=contrastsecurity,dc=com" 49 | teamserver_ad_url: 389 50 | teamserver_ad_group_admin: "cn=Contrast Admins,cn=Users,dc=contrastsecurity,dc=com" 51 | teamserver_ad_base: "dc=contrastsecurity,dc=com" 52 | 53 | # used in database.properties.clean 54 | teamserver_jdbc_url: localhost 55 | teamserver_jdbc_pass: myfavoritepassword 56 | teamserver_jdbc_user: myfavoriteuser 57 | teamserver_jdbc_driver: com.mysql.jdbc.Driver 58 | teamserver_jdbc_debug: "false" 59 | teamserver_jdbc_type: MYSQL 60 | teamserver_jdbc_dialect: com.aspectsecurity.contrast.teamserver.persistence.CustomMySQL5Dialect 61 | teamserver_jdbc_max_pool_size: 50 62 | teamserver_jdbc_min_pool_size: 5 63 | teamserver_jdbc_database_type: default 64 | teamserver_jdbc_database_enabled: "true" 65 | teamserver_jdbc_database_bk_time: "4:0:0" 66 | teamserver_jdbc_database_bk_time: /opt/contrast/data/backups/db 67 | 68 | # hub.properties 69 | teamserver_try_hub: "false" 70 | teamserver_hub_host: hub.contrastsecurity.com 71 | teamserver_hub_port: 443 72 | teamserver_hub_protocol: https 73 | teanserver_hub_getall_url: "/rest/upate/1/teamserver.html" 74 | teamserver_hub_getlatest_url: "/rest/update/1/teamserver/latest.html" 75 | teamserver_hub_task_populatelibcache_sleep_millis: 1000 76 | teamserver_hub_task_populatelibcache_bulk_size: 25 77 | teamserver_hub_http_proxyHost: '' 78 | teamserver_hub_proxySet: "false" 79 | teamserver_hub_http_proxyPassword: '' 80 | teamserver_hub_http_proxyPort: '' 81 | teamserver_hub_http_proxyUser: '' 82 | 83 | 84 | # general.properties 85 | teamserver_general_teamserver_url: "http://ansible-role-teamserver:8080/Contrast/" 86 | teamserver_general_audit_use_forwardedfor: "false" 87 | teamserver_general_dotnet_name: ContrastSetup 88 | teamserver_general_jar_name: contrast.jar 89 | teamserver_general_jms_channel_concurrency_serverActivity: 2 90 | teamserver_general_jms_channel_concurrency_appUpdate: "5-10" 91 | teamserver_general_jms_channel_concurrency_routeCoverage: 3 92 | teamserver_general_jms_channel_concurrency_routeCoverageVulns: 1 93 | teamserver_general_jms_channel_concurrency_attackAlerts: 2 94 | teamserver_general_jms_channel_concurrency_applicationActivity: 2 95 | teamserver_general_jms_channel_concurrency_engineTraces: 2 96 | teamserver_general_jms_channel_concurrency_notificationNewServer: 1 97 | teamserver_general_jms_channel_concurrency_notificationServerOffline: 1 98 | teamserver_general_jms_channel_explicit_qos_enabled: "false" 99 | teamserver_general_jms_channel_time_to_live: 604800000 100 | teamserver_general_jms_connection_factory_session_cache_size: 30 101 | teamserver_general_jms_database_delete_on_startup_once: "false" 102 | # default connections in the pool right now 103 | teamserver_general_jms_max_connections: 50 104 | teamserver_general_lang_default: en 105 | teamserver_general_lang_i18n: en,es 106 | teamserver_general_node_name: node-contrast 107 | teamserver_general_teamserver_cert: '' 108 | teamserver_general_timezone_default: EST 109 | teamserver_general_eac_expiration: 600 110 | teamserver_general_eac_cache_type: MEMCACHE 111 | teamserver_general_reporting_generation_limit: 1250 112 | 113 | # ldap.properties.clean 114 | teamserver_ldap_server_port: 1389 115 | teamserver_ldap_bind_method: Simple 116 | teamserver_ldap_group_users: "cn=Contrast Users,cn=Users,dc=contrastsecurity,dc=com" 117 | teamserver_ldap_user_objectclass: inetOrgPerson 118 | teamserver_ldap_user_use_password_attribute: "true" 119 | teamserver_ldap_user_password_attribute: userPassword 120 | teamserver_ldap_bind_username: "cn=Directory Manager" 121 | teamserver_ldap_group_member_attribute: uniqueMember 122 | teamserver_ldap_bind_realm: NONE 123 | teamserver_ldap_group_use_subtrees: "true" 124 | teamserver_ldap_user_objectClass: inetOrgPerson 125 | teamserver_ldap_group_objectclass: 126 | teamserver_ldap_user_management: "true" 127 | teamserver_ldap_user_baseDN: "ou=users,ou=shared,o=teamserver" 128 | teamserver_ldap_user_firstname_attribute: givenName 129 | teamserver_ldap_user_use_subtrees: "true" 130 | teamserver_ldap_baseDN: "dc=contrastsecurity,dc=com" 131 | teamserver_ldap_server_protocol: ldap 132 | teamserver_ldap_group_baseDN: "ou=groups,ou=shared,o=teamserver" 133 | teamserver_ldap_identity_attribute_name: mail 134 | teamserver_ldap_group_lookup_strategy: GroupToUser 135 | teamserver_ldap_user_mail_attribute: mail 136 | teamserver_ldap_user_group_attribute: memberOf 137 | teamserver_ldap_user_username_attribute: cn 138 | teamserver_ldap_user_lastname_attribute: sn 139 | teamserver_ldap_group_admin: "cn=Contrast Admins,cn=Users,dc=contrastsecurity,dc=com" 140 | teamserver_ldap_server_address: "10.0.0.0" 141 | teamserver_ldap_bind_password: password 142 | 143 | # mail.properties 144 | teamserver_jira_report_to: "support@contrastsecurity.com" 145 | teamserver_jira_report_sender: contrast-no-reply@contrastsecurity.com 146 | teamserver_mail_enabled: "true" 147 | teamserver_mail_username: username@host.com 148 | teamserver_mail_debug: "false" 149 | teamserver_alert_subject: "Contrast- Vulnerability Alert :" 150 | teamserver_mail_smtp_starttls: "false" 151 | teamserver_mail_exchange_auth_required: "false" 152 | teamserver_mail_host: localhost 153 | teamserver_mail_smtp_auth: "false" 154 | teamserver_alert_sender: contrast-no-reply@contrastsecurity.com 155 | teamserver_mail_password: password 156 | teamserver_mail_port: 25 157 | teamserver_mail_protocol: smtp 158 | 159 | teamserver_esapi_encryptor_master_salt: "abc123" 160 | teamserver_esapi_encryptor_master_key: "xyz789" 161 | 162 | teamserver_auth_authentication_mode: db 163 | 164 | teamserver_security_expression_web_handler_mode: SIMPLE 165 | teamserver_security_superadmin_check_cert: "false" 166 | teamserver_security_superadmin_check_ip: "false" 167 | teamserver_security_expression_method_handler_mode: SIMPLE 168 | teamserver_security_superadmin_ip: 169 | teamserver_security_csrf_enforcement: "true" 170 | 171 | teamserver_head_js: "" 172 | teamserver_footer_html: "" 173 | 174 | # contrast_conf_servo.properties 175 | # to skip all metrics and objects for a space, leave observer blank 176 | # EXAMPLE: teamserver_servo_activemq_observers: 177 | # the line above would NOT log ANY metrics to cloudwatch or file 178 | # EXAMPLE teamserver_servo_activemq_observers: FILE 179 | # the line above would love metrics to a file 180 | 181 | # The opposite is true for metrics and observers! 182 | # When left blank, ALL metrics and/or observers will be logged to observer(s) 183 | # EXAMPLE: teamserver_servo_activemq_file_metrics: 184 | # Above -- ALL METRICS! 185 | # EXAMPLE: teamserver_servo_activemq_file_metrics: QueueSize,ConsumerCount 186 | # Above -- 2 metrics 187 | teamserver_servo_activemq_observers: FILE 188 | teamserver_servo_activemq_file_zerovaluemetrics: "true" 189 | teamserver_servo_activemq_file_metrics: amq-f-m 190 | teamserver_servo_activemq_file_objects: amq-f-o 191 | teamserver_servo_activemq_cloudwatch_metrics: amq-cw-m 192 | teamserver_servo_activemq_cloudwatch_objects: amq-cw-o 193 | 194 | teamserver_servo_spring_observers: FILE 195 | teamserver_servo_spring_file_zerovaluemetrics: "true" 196 | teamserver_servo_spring_file_metrics: s-f-m 197 | teamserver_servo_spring_file_objects: s-f-o 198 | teamserver_servo_spring_cloudwatch_metrics: s-c-m 199 | teamserver_servo_spring_cloudwatch_objects: s-c-o 200 | 201 | teamserver_servo_bg_observers: FILE 202 | teamserver_servo_bg_file_zerovaluemetrics: "true" 203 | teamserver_servo_bg_file_metrics: bg-f-m 204 | teamserver_servo_bg_file_objects: bg-f-o 205 | teamserver_bg_cloudwatch_metrics: bg-cw-m 206 | teamserver_bg_cloudwatch_objects: bg-cw-o 207 | 208 | # refresh value is in minutes 209 | teamserver_servo_refresh: 1 210 | teamserver_servo_cloudwatch_accesskey: abcd123 211 | teamserver_servo_cloudwatch_secretkey: xyz789 212 | teamserver_servo_cloudwatch_namespace_prefix: ansible-role-teamserver 213 | 214 | teamserver_authenticator_saml_keystore_path: role/based/keystore/path/to/jks.jks 215 | teamserver_authenticator_saml_keystore_default_key: contrast-saml 216 | teamserver_authenticator_saml_keystore_passwordMap: contrast-saml=changeit 217 | teamserver_authenticator_saml_keystore_password: changeit 218 | teamserver_authenticator_saml_url: "http://ansible-role-teamserver:8080/Contrast/" 219 | 220 | avatar_cloudfront_url: "default.cloudfront.url" 221 | avatar_s3_access_key_id: 222 | avatar_s3_secret_access_key: 223 | avatar_s3_bucket: "default_avatar_bucket" 224 | 225 | # ARDY 226 | teamserver_ardy_java_enabled: true 227 | teamserver_ardy_python_enabled: true 228 | teamserver_ardy_ruby_enabled: true 229 | teamserver_ardy_dotnet_enabled: true 230 | teamserver_ardy_node_enabled: true 231 | teamserver_ardy_proxy_enabled: true 232 | 233 | # agent discovery 234 | agent_s3_bucket: 235 | 236 | # hub auth 237 | hub_api_key: 238 | 239 | # Tomcat Properties 240 | tomcat_user: tomcat 241 | tomcat_group: tomcat --------------------------------------------------------------------------------