From 7cce8e9490421b7ddfd3144915659111a6490b89 Mon Sep 17 00:00:00 2001
From: singuliere <singuliere@autistici.org>
Date: Tue, 8 Jan 2019 13:58:41 +0100
Subject: [PATCH 1/2] make agent registration delegate_to configurable

Registering to the API requires the port 55000 of the wazuh manager is
open. Depending on the firewall policy, it may be true from the
ansible controller, reason why it was delegated to localhost in the
original implementation at 6cb6d3bda84c65508881e293e3403dae94ff24cc

The role should be more flexible and allow for the API call to be made
from the ansible controller or the host.

Implementation note: although it would be more elegant to use omit
instead of inventory_hostname, it is not possible because of an
ansible bug at this time https://github.com/ansible/ansible/issues/26009

Fixes: https://github.com/wazuh/wazuh-ansible/issues/126

Signed-off-by: singuliere <singuliere@autistici.org>
---
 roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 +
 roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml   | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 56580b75..dd56cb42 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -6,6 +6,7 @@ wazuh_managers:
     api_port: 55000
     api_proto: 'http'
     api_user: null
+wazuh_api_reachable_from_agent: false
 wazuh_profile: null
 wazuh_auto_restart: 'yes'
 wazuh_agent_authd:
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
index 2d17fb16..f16e5997 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
@@ -95,11 +95,12 @@
         user: "{{ wazuh_managers.0.api_user }}"
         password: "{{ api_pass }}"
       register: newagent_api
+      delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}"
+      become: no
       changed_when: newagent_api.json.error == 0
       when:
         - check_keys.stat.exists == false or check_keys.stat.size == 0
         - wazuh_managers.0.address is not none
-      become: no
       tags:
         - config
         - api
@@ -117,7 +118,7 @@
         - wazuh_managers.0.address is not none
         - newagent_api.json.error == 0
       register: newagentdata_api
-      delegate_to: localhost
+      delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}"
       become: no
       tags:
         - config

From fdc3b0f55cd1f774523232b517aef462207e7d0a Mon Sep 17 00:00:00 2001
From: "Manuel J. Bernal" <manu.asi2@gmail.com>
Date: Thu, 14 May 2020 18:13:53 +0200
Subject: [PATCH 2/2] Lint changes

---
 roles/opendistro/opendistro-elasticsearch/handlers/main.yml | 2 +-
 roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml  | 2 +-
 .../opendistro-elasticsearch/tasks/local_actions.yml        | 6 +++---
 roles/opendistro/opendistro-elasticsearch/tasks/main.yml    | 4 ++--
 roles/wazuh/ansible-filebeat/tasks/main.yml                 | 1 -
 roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml             | 2 +-
 6 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/roles/opendistro/opendistro-elasticsearch/handlers/main.yml b/roles/opendistro/opendistro-elasticsearch/handlers/main.yml
index 95f5868b..3cfaa6b0 100644
--- a/roles/opendistro/opendistro-elasticsearch/handlers/main.yml
+++ b/roles/opendistro/opendistro-elasticsearch/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: restart elasticsearch
-  service: 
+  service:
     name: elasticsearch
     state: restarted
diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml b/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml
index 1a2eed56..f018c9f7 100644
--- a/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml
+++ b/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml
@@ -23,7 +23,7 @@
 
   - name: RedHat/CentOS/Fedora | Install OpenJDK 11
     yum:
-      name: java-11-openjdk-devel 
+      name: java-11-openjdk-devel
       state: present
 
   - name: RedHat/CentOS/Fedora | Install OpenDistro dependencies
diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml
index 60379616..d4857046 100644
--- a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml
+++ b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml
@@ -7,7 +7,7 @@
       path: "{{ local_certs_path }}"
       state: directory
     run_once: true
-    
+
   - name: Local action | Download certificates generation tool
     local_action:
       module: get_url
@@ -37,7 +37,7 @@
 
   - name: Local action | Check if root CA file exists
     local_action:
-      module: stat 
+      module: stat
       path: "{{ local_certs_path }}/config/root-ca.key"
     register: root_ca_file
 
@@ -45,7 +45,7 @@
     local_action:
       module: command {{ local_certs_path }}/tools/sgtlstool.sh -c {{ local_certs_path }}/config/tlsconfig.yml -ca -crt -t {{ local_certs_path }}/config/ -f -o
     run_once: true
-    when: root_ca_file.stat.exists == False
+    when: not root_ca_file.stat.exists
 
   tags:
   - generate-certs
\ No newline at end of file
diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml
index c8941208..9df1e01c 100644
--- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml
+++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml
@@ -7,7 +7,7 @@
 
 - name: Install OpenDistro
   package:
-    name: opendistroforelasticsearch-{{ opendistro_version }} 
+    name: opendistroforelasticsearch-{{ opendistro_version }}
     state: present
   register: install
   tags: install
@@ -18,7 +18,7 @@
     state: absent
   when: install.changed
   tags: install
-  
+
 - name: Copy Configuration File
   blockinfile:
     block: "{{ lookup('template', 'elasticsearch.yml.j2') }}"
diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml
index 4948c252..4dcd8da5 100644
--- a/roles/wazuh/ansible-filebeat/tasks/main.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/main.yml
@@ -69,7 +69,6 @@
     path: "{{ filebeat_module_folder }}"
   register: filebeat_module_folder
 
-
 - name: Download Filebeat module package
   get_url:
     url: "{{ filebeat_module_package_url }}/{{ filebeat_module_package_name }}"
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
index e9342860..2c4e2f5e 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
@@ -127,7 +127,7 @@
       become: no
       changed_when: newagent_api.json.error == 0
       when:
-        - check_keys.stat.exists == false or check_keys.stat.size == 0
+        - not check_keys.stat.exists or check_keys.stat.size == 0
         - wazuh_managers.0.address is not none
       tags:
         - config