diff --git a/roles/falcon_configure/README.md b/roles/falcon_configure/README.md index 158559a0..f23bf758 100644 --- a/roles/falcon_configure/README.md +++ b/roles/falcon_configure/README.md @@ -32,6 +32,15 @@ Configures the CrowdStrike Falcon Sensor. This role is focused mainly on configu - `falcon_remove_aid` - Remove the Falcon Agent ID (AID) (bool, default: ***null***) +### Linux Specific Variables + +- `falcon_aid_retries` - Number of retries to attempt when waiting to retrieve the Falcon Agent ID (AID) (int, default: ***6***) +- `falcon_aid_delay` - Number of seconds to wait between `falcon_aid_retries` when waiting to retrieve the Falcon Agent ID (AID) (int, default: ***10***) + +> These variables control the retry behavior when attempting to retrieve the Falcon Agent ID (AID) after configuring +> and restarting the sensor. The default values should work for most, but you may need to increase them in +> environments with slower startup times. + ### Windows Specific Variables - `falcon_windows_become` - Whether to become a privileged user on Windows (bool, default: ***true***) diff --git a/roles/falcon_configure/defaults/main.yml b/roles/falcon_configure/defaults/main.yml index 81b705fa..6af247b6 100644 --- a/roles/falcon_configure/defaults/main.yml +++ b/roles/falcon_configure/defaults/main.yml @@ -44,6 +44,16 @@ falcon_client_secret: # falcon_provisioning_token: +######### Wait for AID generation ######### +# Number of retries to attempt when waiting to retrieve the Falcon Agent ID (AID) +# after sensor restart. +falcon_aid_retries: 6 + +# Number of seconds to wait between retries when waiting to retrieve the Falcon Agent ID (AID) +# after sensor restart. +falcon_aid_delay: 10 +########################################### + # Falcon requires that a master image remove the Falcon Agent ID (AID). This # ensures instances spun up from the master receive their own, unique, # Falcon Agent ID. diff --git a/roles/falcon_configure/tasks/configure.yml b/roles/falcon_configure/tasks/configure.yml index beea3558..e641e79e 100644 --- a/roles/falcon_configure/tasks/configure.yml +++ b/roles/falcon_configure/tasks/configure.yml @@ -33,19 +33,44 @@ # noqa args[module] # noqa no-handler - # Wait for aid to be generated - - name: CrowdStrike Falcon | Wait for Falcon Sensor to Generate AID - crowdstrike.falcon.falconctl_info: - name: - - aid - register: info - retries: 6 - delay: 10 - until: info.falconctl_info.aid + - name: Wait for AID to be generated block when: - info.falconctl_info.cid - falconctl_result.changed - # noqa no-handler + block: + # Wait for aid to be generated + - name: CrowdStrike Falcon | Wait for Falcon Sensor to Generate AID + crowdstrike.falcon.falconctl_info: + name: + - aid + register: get_aid + retries: "{{ falcon_aid_retries | int }}" + delay: "{{ falcon_aid_delay | int }}" + until: get_aid.falconctl_info.aid + + rescue: + - name: CrowdStrike Falcon | Second attempt to get AID + crowdstrike.falcon.falconctl_info: + name: + - aid + register: get_aid_retry + retries: "{{ falcon_aid_retries | int }}" + delay: "{{ falcon_aid_delay | int }}" + until: get_aid_retry.falconctl_info.aid + ignore_errors: true + + - name: CrowdStrike Falcon | Fail if AID Generation Fails + ansible.builtin.fail: + msg: "{{ error_msg }}" + vars: + error_msg: + error: "Failed to generate Falcon Sensor AID after multiple attempts." + troubleshooting_steps: + - "Verify the sensor is properly installed" + - "Confirm the CID is correct" + - "Check system can reach the CrowdStrike cloud" + - "Manually verify AID with: sudo /opt/CrowdStrike/falconctl -g --aid" + when: not get_aid_retry.falconctl_info.aid # Handle Master Image steps - name: CrowdStrike Falcon | Master Image Prep | Removing AID