Overview
Introduction
The Ravenxcope Ansible Service is a central orchestration component that handles the configuration and activation of remote sensor hosts. Built with Go and the Gin framework, it acts as an API-driven wrapper around Ansible, allowing the Ravenxcope Backend to trigger complex system configurations through simple HTTP requests.
The service is responsible for:
- Playbook Execution — Running standardized Ansible playbooks for sensor setup and activation.
- Rule Management — Storing and serving threat detection rule files (e.g., Suricata, Snort) to be deployed on sensors.
- Execution Tracking — Maintaining a log of playbook runs, including status, start/end times, and full CLI output.
Role in the Architecture
The Ansible Service is internal to the Defense Center. It receives commands from the Backend and communicates with Remote Sensors via SSH.
Core Capabilities
1. Sensor Lifecycle Management
- Initial Setup — Preparing a fresh host with necessary dependencies (Docker, networking).
- Activation — Deploying detection engines (Suricata/Snort) and connecting them to the backend.
- Deactivation — Gracefully removing setups and cleaning up host resources.
2. Threat Detection Rules
- Central Repository — Serves as the "source of truth" for rule files.
- Dynamic Updates — Allows uploading new rules which are then pushed to sensors during activation.
3. Asynchronous Execution
- Non-blocking API — Returns an
executionIdimmediately while the playbook runs in the background. - Detailed Logs — Captures standard output and error from the
ansible-playbookcommand for debugging.
Technology Stack
| Category | Technology | Version | Purpose |
|---|---|---|---|
| Runtime | Go | 1.21+ | Service logic and API |
| API Framework | Gin | latest | HTTP routing and middleware |
| Orchestration | Ansible | latest | Remote host configuration |
| Container | Docker | — | Service deployment |
Key Design Principles
- API-First Orchestration — All Ansible operations are exposed as RESTful endpoints.
- Dynamic Inventory — Generates temporary Ansible inventory files on-the-fly based on request parameters.
- Stateless Operations — Does not require a database; tracks current session executions in memory.
- Security — Uses SSH password/key authentication with privilege escalation (
become: yes) to manage remote hosts.