Create new API config template file

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -8,9 +8,6 @@ wazuh_manager_package_state: present
 wazuh_custom_packages_installation_manager_enabled: false
 wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
 wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
-wazuh_custom_packages_installation_api_enabled: false
-wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
-wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
 
 # Sources installation
 wazuh_manager_sources_installation:
@@ -73,19 +70,27 @@ wazuh_manager_config:
   api:
     bind_addr: '0.0.0.0'
     port: 55000
-    https: 'no'
-    basic_auth: 'yes'
     behind_proxy_server: 'no'
-    https_cert: '/var/ossec/etc/sslmanager.cert'
-    https_key: '/var/ossec/etc/sslmanager.key'
-    https_use_ca: 'no'
-    https_ca: ''
-    use_only_authd: 'false'
-    drop_privileges: 'true'
-    experimental_features: 'false'
-    secure_protocol: 'TLSv1_2_method'
-    honor_cipher_order: 'true'
-    ciphers: ''
+    https: 'yes'
+    https_key: 'api/configuration/ssl/server.key'
+    https_cert: 'api/configuration/ssl/server.crt'
+    https_use_ca: 'False'
+    https_ca: 'api/configuration/ssl/ca.crt'
+    logging_level: 'info'
+    logging_path: 'logs/api.log'
+    cors: 'no'
+    cors_source_route: '*'
+    cors_expose_headers: '*'
+    cors_allow_headers: '*'
+    cors_allow_credentials: 'no'
+    cache: 'yes'
+    cache_time: 0.750
+    access_max_login_attempts: 5
+    access_block_time: 300
+    access_max_request_per_minute: 300
+    use_only_authd: 'no'
+    drop_privileges: 'yes'
+    experimental_features: 'no'
   cluster:
     disable: 'yes'
     name: 'wazuh'

roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml

@@ -23,8 +23,8 @@
   when:
     - ansible_distribution == "Ubuntu"
     - ansible_distribution_major_version | int == 14
-    - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
-    - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
+    - not wazuh_manager_sources_installation.enabled
+    - not wazuh_custom_packages_installation_manager_enabled
 
 - name: Debian/Ubuntu | Installing Wazuh repository key
   apt_key:
@@ -32,8 +32,8 @@
     id: "{{ wazuh_manager_config.repo.key_id }}"
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
-    - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
-    - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
+    - not wazuh_manager_sources_installation.enabled
+    - not wazuh_custom_packages_installation_manager_enabled
 
 - name: Debian/Ubuntu | Add Wazuh repositories
   apt_repository:
@@ -43,8 +43,8 @@
     update_cache: true
   changed_when: false
   when:
-    - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
-    - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
+    - not wazuh_manager_sources_installation.enabled
+    - not wazuh_custom_packages_installation_manager_enabled
 
 - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
   set_fact:
@@ -113,4 +113,4 @@
 
 - include_tasks: "installation_from_custom_packages.yml"
   when:
-    - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled
+    - wazuh_custom_packages_installation_manager_enabled

roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml

@@ -6,15 +6,6 @@
           state: present
         when:
           - wazuh_custom_packages_installation_manager_enabled
-
-      - name: Install Wazuh API from .deb packages
-        apt:
-          deb: "{{ wazuh_custom_packages_installation_api_deb_url }}"
-          state: present
-        when:
-          - wazuh_custom_packages_installation_api_enabled
-          - wazuh_manager_config.cluster.node_type == "master"
-
     when:
       - ansible_os_family|lower == "debian"
 
@@ -36,26 +27,5 @@
         - wazuh_custom_packages_installation_manager_enabled
         - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or
           (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
-
-    - name: Install Wazuh API from .rpm packages | yum
-      yum:
-        name: "{{ wazuh_custom_packages_installation_api_rpm_url }}"
-        state: present
-      when:
-        - wazuh_custom_packages_installation_api_enabled
-        - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8")
-        - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
-        - wazuh_manager_config.cluster.node_type == "master"
-
-    - name: Install Wazuh API from .rpm packages | dnf
-      dnf:
-        name: "{{ wazuh_custom_packages_installation_api_rpm_url }}"
-        state: present
-      when:
-        - wazuh_custom_packages_installation_api_enabled
-        - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or
-          (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
-        - wazuh_manager_config.cluster.node_type == "master"
-
     when:
       - ansible_os_family|lower == "redhat"

roles/wazuh/ansible-wazuh-manager/templates/api_conf.j2

@@ -0,0 +1,44 @@
+# USE THIS FILE AS A TEMPLATE. UNCOMMENT LINES TO APPLY CUSTOM CONFIGURATION
+
+host: "{{ wazuh_manager_config.api.bind_addr }}"
+port: "{{ wazuh_manager_config.api.port }}"
+
+# Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no
+
+behind_proxy_server: "{{ wazuh_manager_config.api.behind_proxy_server }}"
+#Advanced configuration
+
+https:
+  enabled: "{{ wazuh_manager_config.api.https }}"
+  key: "{{ wazuh_manager_config.api.https_key }}"
+  cert: "{{ wazuh_manager_config.api.https_cert }}"
+  use_ca: "{{ wazuh_manager_config.api.https_use_ca }}"
+  ca: "{{ wazuh_manager_config.api.https_ca }}"
+
+# Logging configuration
+# Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level).
+logs:
+  level: "{{ wazuh_manager_config.api.logging_level }}"
+  path: "{{ wazuh_manager_config.api.logging_path }}"
+# Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage
+cors:
+  enabled: "{{ wazuh_manager_config.api.cors }}"
+  source_route: "{{ wazuh_manager_config.api.cors_source_route }}"
+  expose_headers: "{{ wazuh_manager_config.api.cors_expose_headers }}"
+  allow_headers: "{{ wazuh_manager_config.api.cors_allow_headers }}"
+  allow_credentials: "{{ wazuh_manager_config.api.cors_allow_credentials }}"
+# Cache (time in seconds)
+cache:
+  enabled: "{{ wazuh_manager_config.api.cache }}"
+  time: "{{ wazuh_manager_config.api.cache_time }}"
+# Access parameters
+access:
+  max_login_attempts: "{{ wazuh_manager_config.api.access_max_login_attempts }}"
+  block_time: "{{ wazuh_manager_config.api.access_block_time }}"
+  max_request_per_minute: "{{ wazuh_manager_config.api.access_max_request_per_minute }}"
+# Force the use of authd when adding and removing agents. Values: yes, no
+use_only_authd: "{{ wazuh_manager_config.api.use_only_authd }}"
+# Drop privileges (Run as ossec user)
+drop_privileges: "{{ wazuh_manager_config.api.drop_privileges }}"
+# Enable features under development
+experimental_features: "{{ wazuh_manager_config.api.experimental_features }}"