From 13b232154026a852998b499ad8757a906bf9a538 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 15:01:15 +0100 Subject: [PATCH] Rename wazuh_sources_installation to wazuh_manager sources_installation --- playbooks/wazuh-elastic_stack-single.yml | 12 +-- .../ansible-wazuh-agent/defaults/main.yml | 2 +- .../ansible-wazuh-agent/tasks/Debian.yml | 4 +- .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 10 +-- .../ansible-wazuh-agent/tasks/RedHat.yml | 4 +- .../tasks/installation_from_sources.yml | 14 ++-- .../templates/preloaded_vars.conf.j2 | 2 +- .../ansible-wazuh-manager/defaults/main.yml | 2 +- .../ansible-wazuh-manager/tasks/Debian.yml | 16 ++-- .../ansible-wazuh-manager/tasks/RedHat.yml | 8 +- .../tasks/installation_from_sources.yml | 74 ++++++++++--------- .../ansible-wazuh-manager/tasks/main.yml | 4 +- .../templates/preloaded_vars.conf.j2 | 2 +- 13 files changed, 81 insertions(+), 73 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index 051b5fd2..bc353dfd 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -1,8 +1,8 @@ --- -- hosts: +- hosts: all roles: - - {role: ../roles/wazuh/ansible-wazuh-manager} - - role: ../roles/wazuh/ansible-filebeat - filebeat_output_elasticsearch_hosts: localhost:9200 - - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} - - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' } + # - {role: ../roles/wazuh/ansible-wazuh-manager} + # - role: ../roles/wazuh/ansible-filebeat + # filebeat_output_elasticsearch_hosts: 172.24.1.2:9200 + # - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} + - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: '172.24.1.1', elasticsearch_reachable_host: '172.24.1.2' } diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index b4bed923..3ff7d803 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,6 @@ --- wazuh_agent_version: 3.10.2-1 -wazuh_sources_installation: +wazuh_manager_sources_installation: enabled: "true" branch: "v3.10.2" user_language: "y" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 81062d80..329fab6d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -20,7 +20,7 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -35,7 +35,7 @@ state: present update_cache: true when: - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index e258fa1f..9c8db0b8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,7 +1,7 @@ --- - include_tasks: "../tasks/installation_from_sources.yml" when: - - wazuh_sources_installation.enabled + - wazuh_manager_sources_installation.enabled - include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" @@ -17,7 +17,7 @@ poll: 30 when: - ansible_os_family|lower == "redhat" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled tags: - init @@ -28,7 +28,7 @@ cache_valid_time: 3600 when: - ansible_os_family|lower != "redhat" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled tags: - init @@ -200,9 +200,9 @@ - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - include_tasks: "RMDebian.yml" when: - ansible_os_family == "Debian" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 13b1b3e8..e9580a94 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,7 +10,7 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -23,7 +23,7 @@ changed_when: false when: - repo_v5_installed is skipped - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 381f9c67..55714673 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -28,17 +28,17 @@ - name: Download required packages from github.com/wazuh/wazuh get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" - name: Create folder to extract Wazuh branch file: - path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + command: "tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" register: wazuh_untar changed_when: wazuh_untar.rc ==0 args: @@ -47,7 +47,7 @@ - name: Clean remaining files from others builds command: "make -C src {{ item }}" args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" with_items: - "clean" - "clean-deps" @@ -58,7 +58,7 @@ - name: Render the "preloaded-vars.conf" file template: src: "templates/preloaded_vars.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" + dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root mode: '644' @@ -68,4 +68,4 @@ register: installation_result changed_when: installation_result == 0 args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" \ No newline at end of file + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 index f02252d1..be552560 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 @@ -1,4 +1,4 @@ -{% for key, value in wazuh_sources_installation.items() %} +{% for key, value in wazuh_manager_sources_installation.items() %} {% if "user_" in key %} {% if value is defined and value is not none %} {{ key|upper }}="{{ value }}" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 68948ae4..2767ab37 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -4,7 +4,7 @@ wazuh_manager_version: 3.10.2-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present -wazuh_sources_installation: +wazuh_manager_sources_installation: enabled: true branch: "v3.10.2" user_language: "en" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 3bd2c541..c8b52fda 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,7 +1,7 @@ --- - include_tasks: "installation_from_sources.yml" when: - - wazuh_sources_installation.enabled + - wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: @@ -27,14 +27,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -44,7 +44,7 @@ update_cache: true changed_when: false when: - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14) become: true @@ -58,14 +58,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key apt_key: url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: @@ -74,7 +74,7 @@ update_cache: true changed_when: false when: - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -139,4 +139,4 @@ until: wazuh_manager_main_packages_installed is succeeded tags: init when: - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index ed681344..9baae413 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,7 +1,7 @@ --- - include_tasks: "../tasks/installation_from_sources.yml" when: - - wazuh_sources_installation.enabled + - wazuh_manager_sources_installation.enabled - name: RedHat/CentOS | Install Nodejs repo yum_repository: @@ -45,7 +45,7 @@ when: - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -58,7 +58,7 @@ changed_when: false when: - repo_v5_manager_installed is skipped - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -155,7 +155,7 @@ until: wazuh_manager_main_packages_installed is succeeded when: - ansible_os_family|lower == "redhat" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 472eab8f..8469713e 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -29,17 +29,17 @@ - name: Download required packages from github.com/wazuh/wazuh get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" - name: Create folder to extract Wazuh branch file: - path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + command: "tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" register: wazuh_untar changed_when: wazuh_untar.rc ==0 args: @@ -48,7 +48,7 @@ - name: Clean remaining files from others builds command: "make -C src {{ item }}" args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" with_items: - "clean" - "clean-deps" @@ -59,7 +59,7 @@ - name: Render the "preloaded-vars.conf" file template: src: "templates/preloaded_vars.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" + dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root mode: '644' @@ -69,38 +69,46 @@ register: installation_result changed_when: installation_result == 0 args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" # Wazuh API + - name: Check if Wazuh API is already installed + stat: + path: /var/ossec/api/app.js + register: wazuh_api - - name: Download script to install Nodejs repository - get_url: - url: "{{ node_js_repository_url }}" - dest: "/tmp/setup_nodejs_repo.sh" - mode: "0700" + - name: Install Wazuh API from sources + block: + - name: Download script to install Nodejs repository + get_url: + url: "{{ node_js_repository_url }}" + dest: "/tmp/setup_nodejs_repo.sh" + mode: "0700" - - name: Execute downloaded script to install Nodejs repo - command: /tmp/setup_nodejs_repo.sh - register: node_repo_installation_result - changed_when: node_repo_installation_result.rc == 0 + - name: Execute downloaded script to install Nodejs repo + command: /tmp/setup_nodejs_repo.sh + register: node_repo_installation_result + changed_when: node_repo_installation_result.rc == 0 - - name: Install Nodejs - package: - name: nodejs - state: present + - name: Install Nodejs + package: + name: nodejs + state: present - - name: Run NPM under root account - command: npm config set user 0 - register: allow_root_npm - changed_when: allow_root_npm.rc == 0 + - name: Run NPM under root account + command: npm config set user 0 + register: allow_root_npm + changed_when: allow_root_npm.rc == 0 - - name: Download the installation script to install Wazuh API - get_url: - url: "https://raw.githubusercontent.com/wazuh/wazuh-api/v{{ wazuh_manager_version[:-2] }}/install_api.sh" - dest: "/tmp/install_api.sh" - mode: "0700" + - name: Download the installation script to install Wazuh API + get_url: + url: "https://raw.githubusercontent.com/wazuh/wazuh-api/v{{ wazuh_manager_version[:-2] }}/install_api.sh" + dest: "/tmp/install_api.sh" + mode: "0700" - - name: Execute Wazuh API installation script - shell: /tmp/install_api.sh download > /tmp/build_api_log.txt - register: install_api - changed_when: install_api.rc == 0 + - name: Execute Wazuh API installation script + shell: /tmp/install_api.sh download > /tmp/build_api_log.txt + register: install_api + changed_when: install_api.rc == 0 + when: + - not wazuh_api.stat.exists diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index f2fc55db..d2c99535 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -356,9 +356,9 @@ - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - include_tasks: "RMDebian.yml" when: - ansible_os_family == "Debian" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 index f02252d1..be552560 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 @@ -1,4 +1,4 @@ -{% for key, value in wazuh_sources_installation.items() %} +{% for key, value in wazuh_manager_sources_installation.items() %} {% if "user_" in key %} {% if value is defined and value is not none %} {{ key|upper }}="{{ value }}"