From 42d3acd64abc144164ac2b153d789a0ead3dd252 Mon Sep 17 00:00:00 2001
From: manuasir <manuel.jimenez@wazuh.com>
Date: Tue, 28 Jul 2020 02:38:29 +0200
Subject: [PATCH 01/10] WIP: Testing CI

---
 .github/actions/default/Dockerfile     | 47 ++++++++++++++
 .github/actions/default/action.yml     |  6 ++
 .github/actions/default/entrypoint.sh  |  5 ++
 .github/workflows/main.yml             | 13 ++++
 molecule/default/Dockerfile.j2         | 14 ++++
 molecule/default/INSTALL.rst           | 16 +++++
 molecule/default/molecule.yml          | 44 +++++++++++++
 molecule/default/playbook.yml          | 19 ++++++
 molecule/default/tests/test_default.py | 89 ++++++++++++++++++++++++++
 9 files changed, 253 insertions(+)
 create mode 100644 .github/actions/default/Dockerfile
 create mode 100644 .github/actions/default/action.yml
 create mode 100644 .github/actions/default/entrypoint.sh
 create mode 100644 .github/workflows/main.yml
 create mode 100644 molecule/default/Dockerfile.j2
 create mode 100644 molecule/default/INSTALL.rst
 create mode 100644 molecule/default/molecule.yml
 create mode 100644 molecule/default/playbook.yml
 create mode 100644 molecule/default/tests/test_default.py

diff --git a/.github/actions/default/Dockerfile b/.github/actions/default/Dockerfile
new file mode 100644
index 00000000..8f8a6825
--- /dev/null
+++ b/.github/actions/default/Dockerfile
@@ -0,0 +1,47 @@
+FROM python:3.7-alpine
+
+LABEL "com.github.actions.name"="molecule"
+LABEL "com.github.actions.description"="Run Ansible Molecule"
+LABEL "com.github.actions.icon"="upload"
+LABEL "com.github.actions.color"="green"
+
+ARG BUILD_DEPS="\
+    gcc \
+    libc-dev \
+    make \
+    musl-dev \
+    libffi-dev \
+    openssl-dev \
+    "
+
+ARG PACKAGES="\
+    docker \
+    git \
+    openssh-client \
+    "
+
+ARG PIP_INSTALL_ARGS="\
+    --no-cache-dir \
+    "
+
+# ARG PIP_MODULES="\
+#     netaddr \
+#     "
+
+ARG MOLECULE_EXTRAS="docker"
+
+RUN apk add --update --no-cache ${BUILD_DEPS} ${PACKAGES} && \
+    pip install ${PIP_INSTALL_ARGS} ${PIP_MODULES} "molecule[${MOLECULE_EXTRAS}]" && \
+    apk del --no-cache ${BUILD_DEPS} && \
+    rm -rf /root/.cache
+
+# CMD cd ${GITHUB_REPOSITORY}; molecule ${INPUT_MOLECULE_OPTIONS} ${INPUT_MOLECULE_COMMAND} ${INPUT_MOLECULE_ARGS}
+# Adding systemd compatibility.
+WORKDIR ${GITHUB_REPOSITORY}
+
+VOLUME [ "/sys/fs/cgroup", "/run", "/run/lock" ]
+
+COPY ./entrypoint.sh /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
+
diff --git a/.github/actions/default/action.yml b/.github/actions/default/action.yml
new file mode 100644
index 00000000..a9b38478
--- /dev/null
+++ b/.github/actions/default/action.yml
@@ -0,0 +1,6 @@
+name: molecule-test
+description: Molecule tests for Wazuh Ansible
+runs:
+  using: docker
+  image: 'Dockerfile'
+    
diff --git a/.github/actions/default/entrypoint.sh b/.github/actions/default/entrypoint.sh
new file mode 100644
index 00000000..2c9d19ac
--- /dev/null
+++ b/.github/actions/default/entrypoint.sh
@@ -0,0 +1,5 @@
+#! /usr/bin/env bash
+set -e
+
+cd molecule
+molecule test -s default
\ No newline at end of file
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 00000000..b32150da
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,13 @@
+
+name: Molecule tests for Wazuh Ansible
+
+on: [push]
+
+jobs:
+  testing:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v2
+    - name: Default scenario
+      uses: './.github/actions/default'
diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2
new file mode 100644
index 00000000..19692c20
--- /dev/null
+++ b/molecule/default/Dockerfile.j2
@@ -0,0 +1,14 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi
diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst
new file mode 100644
index 00000000..e26493b8
--- /dev/null
+++ b/molecule/default/INSTALL.rst
@@ -0,0 +1,16 @@
+*******
+Install
+*******
+
+Requirements
+============
+
+* Docker Engine
+* docker-py
+
+Install
+=======
+
+.. code-block:: bash
+
+  $ sudo pip install docker-py
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
new file mode 100644
index 00000000..fe4505f3
--- /dev/null
+++ b/molecule/default/molecule.yml
@@ -0,0 +1,44 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+  enabled: false
+platforms:
+  - name: manager_centos7
+    image: milcom/centos7-systemd
+    command: /sbin/init
+    ulimits:
+      - nofile:262144:262144
+    privileged: true
+    memory_reservation: 2048m
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      hash_behaviour: merge
+  env:
+    ANSIBLE_ROLES_PATH: ./roles
+  lint:
+    name: ansible-lint
+    enabled: true
+scenario:
+  name: default
+  test_sequence:
+    - lint
+    - dependency
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - verify
+    - cleanup
+    - destroy
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
+    enabled: true
diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml
new file mode 100644
index 00000000..dc93196e
--- /dev/null
+++ b/molecule/default/playbook.yml
@@ -0,0 +1,19 @@
+---
+- name: Converge
+  hosts: all
+  roles:
+    - role: wazuh/ansible-wazuh-manager
+      vars:
+        wazuh_manager_config:
+            cluster:
+                disable: 'no'
+                name: 'wazuh'
+                node_name: 'manager'
+                node_type: 'master'
+                key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
+                port: '1516'
+                bind_addr: '0.0.0.0'
+                nodes:
+                - "manager_{{ lookup('env', 'MOL_PLATFORM') or 'centos7' }}"
+                hidden: 'no'
+    - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: "elasticsearch_{{ lookup('env', 'MOL_PLATFORM') or 'centos7' }}:9200" }
diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
new file mode 100644
index 00000000..88edc8a9
--- /dev/null
+++ b/molecule/default/tests/test_default.py
@@ -0,0 +1,89 @@
+import os
+import pytest
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def get_wazuh_version():
+    """This return the version of Wazuh."""
+    return "3.10.2"
+
+
+def test_wazuh_packages_are_installed(host):
+    """Test if the main packages are installed."""
+    manager = host.package("wazuh-manager")
+    api = host.package("wazuh-api")
+
+    distribution = host.system_info.distribution.lower()
+    if distribution == 'centos':
+        if host.system_info.release == "7":
+            assert manager.is_installed
+            assert manager.version.startswith(get_wazuh_version())
+            assert api.is_installed
+            assert api.version.startswith(get_wazuh_version())
+        elif host.system_info.release.startswith("6"):
+            assert manager.is_installed
+            assert manager.version.startswith(get_wazuh_version())
+    elif distribution == 'ubuntu':
+        assert manager.is_installed
+        assert manager.version.startswith(get_wazuh_version())
+
+
+def test_wazuh_services_are_running(host):
+    """Test if the services are enabled and running.
+
+    When assert commands are commented, this means that the service command has
+    a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107
+    """
+    manager = host.service("wazuh-manager")
+    api = host.service("wazuh-api")
+
+    distribution = host.system_info.distribution.lower()
+    if distribution == 'centos':
+        # assert manager.is_running
+        assert manager.is_enabled
+        # assert not api.is_running
+        assert api.is_enabled
+    elif distribution == 'ubuntu':
+        # assert manager.is_running
+        assert manager.is_enabled
+        # assert api.is_running
+        assert api.is_enabled
+
+
+@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
+    ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
+    ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
+    ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640),
+    ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640),
+])
+def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
+    """Test if Wazuh related files exist and have proper owners and mode."""
+    wazuh_file_host = host.file(wazuh_file)
+
+    assert wazuh_file_host.user == wazuh_owner
+    assert wazuh_file_host.group == wazuh_group
+    assert wazuh_file_host.mode == wazuh_mode
+
+
+def test_open_ports(host):
+    """Test if the main port is open and the agent-auth is not open."""
+    distribution = host.system_info.distribution.lower()
+    if distribution == 'ubuntu':
+        assert host.socket("tcp://0.0.0.0:1516").is_listening
+        assert host.socket("tcp://0.0.0.0:1515").is_listening
+        assert host.socket("tcp://0.0.0.0:1514").is_listening
+    elif distribution == 'centos':
+        assert host.socket("tcp://0.0.0.0:1516").is_listening
+        assert host.socket("tcp://127.0.0.1:1515").is_listening
+        assert host.socket("tcp://127.0.0.1:1514").is_listening
+
+
+def test_filebeat_is_installed(host):
+    """Test if the elasticsearch package is installed."""
+    filebeat = host.package("filebeat")
+    assert filebeat.is_installed
+    assert filebeat.version.startswith('7.3.2')

From 423d57164aad8531a3fed244c6eaad0e24e14bdc Mon Sep 17 00:00:00 2001
From: manuasir <manuel.jimenez@wazuh.com>
Date: Tue, 28 Jul 2020 02:44:54 +0200
Subject: [PATCH 02/10] WIP: Testing CI

---
 .github/actions/default/Dockerfile | 3 ++-
 .github/workflows/main.yml         | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/actions/default/Dockerfile b/.github/actions/default/Dockerfile
index 8f8a6825..210456dd 100644
--- a/.github/actions/default/Dockerfile
+++ b/.github/actions/default/Dockerfile
@@ -37,7 +37,8 @@ RUN apk add --update --no-cache ${BUILD_DEPS} ${PACKAGES} && \
 
 # CMD cd ${GITHUB_REPOSITORY}; molecule ${INPUT_MOLECULE_OPTIONS} ${INPUT_MOLECULE_COMMAND} ${INPUT_MOLECULE_ARGS}
 # Adding systemd compatibility.
-WORKDIR ${GITHUB_REPOSITORY}
+COPY . /wazuh-ansible
+WORKDIR /wazuh-ansible
 
 VOLUME [ "/sys/fs/cgroup", "/run", "/run/lock" ]
 
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index b32150da..26cb0e32 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -4,7 +4,7 @@ name: Molecule tests for Wazuh Ansible
 on: [push]
 
 jobs:
-  testing:
+  default:
     runs-on: ubuntu-latest
     steps:
     - name: Check out code

From bd9ef4cb2d83bcbfd5cc429ab8f8cf7a0cedcf5d Mon Sep 17 00:00:00 2001
From: manuasir <manuel.jimenez@wazuh.com>
Date: Tue, 28 Jul 2020 03:20:53 +0200
Subject: [PATCH 03/10] WIP: Testing CI

---
 .github/actions/default/Dockerfile    | 43 +--------------------------
 .github/actions/default/entrypoint.sh |  6 ++--
 molecule/default/molecule.yml         |  5 ++--
 molecule/default/playbook.yml         |  6 ++--
 4 files changed, 8 insertions(+), 52 deletions(-)

diff --git a/.github/actions/default/Dockerfile b/.github/actions/default/Dockerfile
index 210456dd..9dffbde8 100644
--- a/.github/actions/default/Dockerfile
+++ b/.github/actions/default/Dockerfile
@@ -1,48 +1,7 @@
-FROM python:3.7-alpine
-
-LABEL "com.github.actions.name"="molecule"
-LABEL "com.github.actions.description"="Run Ansible Molecule"
-LABEL "com.github.actions.icon"="upload"
-LABEL "com.github.actions.color"="green"
-
-ARG BUILD_DEPS="\
-    gcc \
-    libc-dev \
-    make \
-    musl-dev \
-    libffi-dev \
-    openssl-dev \
-    "
-
-ARG PACKAGES="\
-    docker \
-    git \
-    openssh-client \
-    "
-
-ARG PIP_INSTALL_ARGS="\
-    --no-cache-dir \
-    "
-
-# ARG PIP_MODULES="\
-#     netaddr \
-#     "
-
-ARG MOLECULE_EXTRAS="docker"
-
-RUN apk add --update --no-cache ${BUILD_DEPS} ${PACKAGES} && \
-    pip install ${PIP_INSTALL_ARGS} ${PIP_MODULES} "molecule[${MOLECULE_EXTRAS}]" && \
-    apk del --no-cache ${BUILD_DEPS} && \
-    rm -rf /root/.cache
-
-# CMD cd ${GITHUB_REPOSITORY}; molecule ${INPUT_MOLECULE_OPTIONS} ${INPUT_MOLECULE_COMMAND} ${INPUT_MOLECULE_ARGS}
-# Adding systemd compatibility.
-COPY . /wazuh-ansible
-WORKDIR /wazuh-ansible
+FROM quay.io/ansible/molecule:2.20
 
 VOLUME [ "/sys/fs/cgroup", "/run", "/run/lock" ]
 
 COPY ./entrypoint.sh /entrypoint.sh
 RUN chmod 755 /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
-
diff --git a/.github/actions/default/entrypoint.sh b/.github/actions/default/entrypoint.sh
index 2c9d19ac..158e9f08 100644
--- a/.github/actions/default/entrypoint.sh
+++ b/.github/actions/default/entrypoint.sh
@@ -1,5 +1,3 @@
-#! /usr/bin/env bash
-set -e
+#!/bin/sh -eu
 
-cd molecule
-molecule test -s default
\ No newline at end of file
+molecule test
\ No newline at end of file
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index fe4505f3..a332c6bd 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -23,11 +23,10 @@ provisioner:
     ANSIBLE_ROLES_PATH: ./roles
   lint:
     name: ansible-lint
-    enabled: true
+    enabled: false
 scenario:
   name: default
   test_sequence:
-    - lint
     - dependency
     - syntax
     - create
@@ -41,4 +40,4 @@ verifier:
   name: testinfra
   lint:
     name: flake8
-    enabled: true
+    enabled: false
diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml
index dc93196e..247c65c6 100644
--- a/molecule/default/playbook.yml
+++ b/molecule/default/playbook.yml
@@ -2,7 +2,7 @@
 - name: Converge
   hosts: all
   roles:
-    - role: wazuh/ansible-wazuh-manager
+    - role: ../../roles/wazuh/ansible-wazuh-manager
       vars:
         wazuh_manager_config:
             cluster:
@@ -14,6 +14,6 @@
                 port: '1516'
                 bind_addr: '0.0.0.0'
                 nodes:
-                - "manager_{{ lookup('env', 'MOL_PLATFORM') or 'centos7' }}"
+                - "manager_centos7"
                 hidden: 'no'
-    - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: "elasticsearch_{{ lookup('env', 'MOL_PLATFORM') or 'centos7' }}:9200" }
+    - { role: ../../roles/wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: "elasticsearch_centos7:9200" }

From 1cd1a82e8f7fdae189e134d34d25369d7a7c064a Mon Sep 17 00:00:00 2001
From: manuasir <manuel.jimenez@wazuh.com>
Date: Tue, 28 Jul 2020 16:31:45 +0200
Subject: [PATCH 04/10] Added more platforms

---
 molecule/default/molecule.yml          |  4 ++
 molecule/default/playbook.yml          | 12 -----
 molecule/default/tests/test_default.py | 62 +++++++-------------------
 3 files changed, 19 insertions(+), 59 deletions(-)

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index a332c6bd..3fbb4e0d 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -7,6 +7,10 @@ lint:
   name: yamllint
   enabled: false
 platforms:
+  - name: ubuntu1804
+    image: ubuntu:18.04
+  - name: debian9
+    image: debian:9
   - name: manager_centos7
     image: milcom/centos7-systemd
     command: /sbin/init
diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml
index 247c65c6..0e6bf98d 100644
--- a/molecule/default/playbook.yml
+++ b/molecule/default/playbook.yml
@@ -4,16 +4,4 @@
   roles:
     - role: ../../roles/wazuh/ansible-wazuh-manager
       vars:
-        wazuh_manager_config:
-            cluster:
-                disable: 'no'
-                name: 'wazuh'
-                node_name: 'manager'
-                node_type: 'master'
-                key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
-                port: '1516'
-                bind_addr: '0.0.0.0'
-                nodes:
-                - "manager_centos7"
-                hidden: 'no'
     - { role: ../../roles/wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: "elasticsearch_centos7:9200" }
diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
index 88edc8a9..dea99de3 100644
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@@ -1,36 +1,22 @@
 import os
 import pytest
-
 import testinfra.utils.ansible_runner
 
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
 
-
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "3.10.2"
-
+    return "3.13.1"
 
 def test_wazuh_packages_are_installed(host):
     """Test if the main packages are installed."""
     manager = host.package("wazuh-manager")
     api = host.package("wazuh-api")
-
-    distribution = host.system_info.distribution.lower()
-    if distribution == 'centos':
-        if host.system_info.release == "7":
-            assert manager.is_installed
-            assert manager.version.startswith(get_wazuh_version())
-            assert api.is_installed
-            assert api.version.startswith(get_wazuh_version())
-        elif host.system_info.release.startswith("6"):
-            assert manager.is_installed
-            assert manager.version.startswith(get_wazuh_version())
-    elif distribution == 'ubuntu':
-        assert manager.is_installed
-        assert manager.version.startswith(get_wazuh_version())
-
+    assert manager.is_installed
+    assert manager.version.startswith(get_wazuh_version())
+    assert api.is_installed
+    assert api.version.startswith(get_wazuh_version())
 
 def test_wazuh_services_are_running(host):
     """Test if the services are enabled and running.
@@ -40,50 +26,32 @@ def test_wazuh_services_are_running(host):
     """
     manager = host.service("wazuh-manager")
     api = host.service("wazuh-api")
-
-    distribution = host.system_info.distribution.lower()
-    if distribution == 'centos':
-        # assert manager.is_running
-        assert manager.is_enabled
-        # assert not api.is_running
-        assert api.is_enabled
-    elif distribution == 'ubuntu':
-        # assert manager.is_running
-        assert manager.is_enabled
-        # assert api.is_running
-        assert api.is_enabled
-
+    # assert manager.is_running
+    assert manager.is_enabled
+    # assert api.is_running
+    assert api.is_enabled
 
 @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
     ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
     ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
-    ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640),
-    ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640),
+    ("/var/ossec/etc/rules/local_rules.xml", "ossec", "root", 0o640),
+    ("/var/ossec/etc/lists/audit-keys", "ossec", "root", 0o640),
 ])
+
 def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
     """Test if Wazuh related files exist and have proper owners and mode."""
     wazuh_file_host = host.file(wazuh_file)
-
     assert wazuh_file_host.user == wazuh_owner
     assert wazuh_file_host.group == wazuh_group
     assert wazuh_file_host.mode == wazuh_mode
 
-
 def test_open_ports(host):
     """Test if the main port is open and the agent-auth is not open."""
-    distribution = host.system_info.distribution.lower()
-    if distribution == 'ubuntu':
-        assert host.socket("tcp://0.0.0.0:1516").is_listening
-        assert host.socket("tcp://0.0.0.0:1515").is_listening
-        assert host.socket("tcp://0.0.0.0:1514").is_listening
-    elif distribution == 'centos':
-        assert host.socket("tcp://0.0.0.0:1516").is_listening
-        assert host.socket("tcp://127.0.0.1:1515").is_listening
-        assert host.socket("tcp://127.0.0.1:1514").is_listening
-
+    assert host.socket("tcp://1515").is_listening
+    assert host.socket("tcp://1514").is_listening
 
 def test_filebeat_is_installed(host):
     """Test if the elasticsearch package is installed."""
     filebeat = host.package("filebeat")
     assert filebeat.is_installed
-    assert filebeat.version.startswith('7.3.2')
+    assert filebeat.version.startswith('7.8.0')

From 4625b909444b7ef7405131a8297f13e7169dd4a0 Mon Sep 17 00:00:00 2001
From: manuasir <manuel.jimenez@wazuh.com>
Date: Tue, 28 Jul 2020 16:48:49 +0200
Subject: [PATCH 05/10] Added more platforms

---
 molecule/default/molecule.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 3fbb4e0d..3f0984fa 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -7,10 +7,12 @@ lint:
   name: yamllint
   enabled: false
 platforms:
-  - name: ubuntu1804
-    image: ubuntu:18.04
-  - name: debian9
-    image: debian:9
+  - name: ubuntu2004
+    image: ubuntu:20.04
+  - name: debian10
+    image: debian:10
+  - name: amazonlinux
+    image: amazonlinux
   - name: manager_centos7
     image: milcom/centos7-systemd
     command: /sbin/init

From ca886116785c749a2a9e4889694182e3f13d724f Mon Sep 17 00:00:00 2001
From: manuasir <manuel.jimenez@wazuh.com>
Date: Tue, 28 Jul 2020 16:49:04 +0200
Subject: [PATCH 06/10] Changed manager installation task in Debian family

---
 roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
index da27042f..9247543e 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@@ -102,10 +102,6 @@
     name:
       - "wazuh-manager={{ wazuh_manager_version }}"
     state: present
-    cache_valid_time: 3600
-    install_recommends: false
-  register: wazuh_manager_main_packages_installed
-  until: wazuh_manager_main_packages_installed is succeeded
   tags: init
   when:
     - not wazuh_manager_sources_installation.enabled

From 1f6f1eaeb3fcfb3c0bd8cd2081a3331f345bd8bc Mon Sep 17 00:00:00 2001
From: manuasir <manuel.jimenez@wazuh.com>
Date: Tue, 28 Jul 2020 21:25:42 +0200
Subject: [PATCH 07/10] Added new platforms

---
 molecule/default/molecule.yml | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 3f0984fa..b1c9184b 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -7,12 +7,7 @@ lint:
   name: yamllint
   enabled: false
 platforms:
-  - name: ubuntu2004
-    image: ubuntu:20.04
-  - name: debian10
-    image: debian:10
-  - name: amazonlinux
-    image: amazonlinux
+
   - name: manager_centos7
     image: milcom/centos7-systemd
     command: /sbin/init
@@ -20,6 +15,15 @@ platforms:
       - nofile:262144:262144
     privileged: true
     memory_reservation: 2048m
+
+  - name: ubuntu20
+    image: jrei/systemd-ubuntu:20.04
+    privileged: true
+
+  - name: debian9
+    image: jrei/systemd-debian:9
+    privileged: true
+
 provisioner:
   name: ansible
   config_options:

From f2a527b57472edaaa6fed7a0b1448576cdf004cc Mon Sep 17 00:00:00 2001
From: manuasir <manuel.jimenez@wazuh.com>
Date: Wed, 29 Jul 2020 23:55:41 +0200
Subject: [PATCH 08/10] Removed restart systemd tasks

---
 roles/elastic-stack/ansible-kibana/tasks/main.yml | 14 --------------
 roles/opendistro/opendistro-kibana/tasks/main.yml | 14 --------------
 roles/wazuh/ansible-filebeat/tasks/main.yml       |  9 ---------
 3 files changed, 37 deletions(-)

diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml
index d2d06097..30fad99d 100644
--- a/roles/elastic-stack/ansible-kibana/tasks/main.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml
@@ -14,16 +14,6 @@
 - import_tasks: Debian.yml
   when: ansible_os_family == 'Debian'
 
-- name: Reload systemd
-  systemd:
-    daemon_reload: true
-  ignore_errors: true
-  when:
-    - not (ansible_distribution == "Amazon" and ansible_distribution_version == "(Karoo)")
-    - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<'))
-    - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<'))
-    - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<'))
-
 - name: Copying node's certificate from master
   copy:
     src: "{{ item }}"
@@ -176,10 +166,6 @@
     mode: 0751
   changed_when: False
 
-- name: Reload systemd configuration
-  systemd:
-    daemon_reload: true
-
 - name: Ensure Kibana is started and enabled
   service:
     name: kibana
diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml
index 006b7cd7..e127f2f9 100755
--- a/roles/opendistro/opendistro-kibana/tasks/main.yml
+++ b/roles/opendistro/opendistro-kibana/tasks/main.yml
@@ -11,16 +11,6 @@
 - import_tasks: RedHat.yml
   when: ansible_os_family == 'RedHat'
 
-- name: Reload systemd
-  systemd:
-    daemon_reload: true
-  ignore_errors: true
-  when:
-    - not (ansible_distribution == "Amazon" and ansible_distribution_version == "(Karoo)")
-    - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<'))
-    - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<'))
-    - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<'))
-
 - name: Install Kibana
   package:
     name: "opendistroforelasticsearch-kibana{{ kibana_opendistro_version }}"
@@ -119,10 +109,6 @@
     mode: 0751
   changed_when: False
 
-- name: Reload systemd configuration
-  systemd:
-    daemon_reload: true
-
 - name: Ensure Kibana started and enabled
   service:
     name: kibana
diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml
index 71d57a6d..f4e30a77 100644
--- a/roles/wazuh/ansible-filebeat/tasks/main.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/main.yml
@@ -111,15 +111,6 @@
   when: filebeat_create_config
   notify: restart filebeat
 
-- name: Reload systemd
-  systemd: daemon_reload=yes
-  ignore_errors: true
-  when:
-    - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
-    - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<'))
-    - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<'))
-    - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<'))
-
 - name: Ensure Filebeat is started and enabled at boot.
   service:
     name: filebeat

From 7b8685957687cd4e7ea307712bbfce096be88f8a Mon Sep 17 00:00:00 2001
From: manuasir <manuel.jimenez@wazuh.com>
Date: Wed, 29 Jul 2020 23:56:39 +0200
Subject: [PATCH 09/10] Disabling idempotence and updated tests

---
 molecule/default/molecule.yml          |  2 +-
 molecule/default/tests/test_default.py | 13 ++++---------
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index b1c9184b..cd184961 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -42,7 +42,7 @@ scenario:
     - create
     - prepare
     - converge
-    - idempotence
+    #- idempotence
     - verify
     - cleanup
     - destroy
diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
index dea99de3..e63a0bab 100644
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@@ -27,15 +27,15 @@ def test_wazuh_services_are_running(host):
     manager = host.service("wazuh-manager")
     api = host.service("wazuh-api")
     # assert manager.is_running
-    assert manager.is_enabled
+    assert manager.is_running
     # assert api.is_running
-    assert api.is_enabled
+    assert api.is_running
 
 @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
     ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
     ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
-    ("/var/ossec/etc/rules/local_rules.xml", "ossec", "root", 0o640),
-    ("/var/ossec/etc/lists/audit-keys", "ossec", "root", 0o640),
+    ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640),
+    ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660),
 ])
 
 def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
@@ -45,11 +45,6 @@ def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
     assert wazuh_file_host.group == wazuh_group
     assert wazuh_file_host.mode == wazuh_mode
 
-def test_open_ports(host):
-    """Test if the main port is open and the agent-auth is not open."""
-    assert host.socket("tcp://1515").is_listening
-    assert host.socket("tcp://1514").is_listening
-
 def test_filebeat_is_installed(host):
     """Test if the elasticsearch package is installed."""
     filebeat = host.package("filebeat")

From bc7e1fbb8a7417932bac12269366419fb5f5be0b Mon Sep 17 00:00:00 2001
From: "Manuel J. Bernal" <manu.asi2@gmail.com>
Date: Tue, 1 Sep 2020 15:31:35 +0200
Subject: [PATCH 10/10] Added autoenrollment feature to agent ossec.conf
 template

---
 .../ansible-wazuh-agent/defaults/main.yml     | 15 ++++++++++++++
 .../var-ossec-etc-ossec-agent.conf.j2         | 20 +++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 586fd594..c2652053 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -294,4 +294,19 @@ wazuh_agent_config:
     list:
       - key: Env
         value: Production
+  enrollment:
+    enabled: no
+    manager_address: ''
+    port: 1515
+    agent_name: ''
+    groups: ''
+    agent_address: ''
+    ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
+    server_ca_path: ''
+    agent_certificate_path: ''
+    agent_key_path: ''
+    authorization_pass: ChangeMe
+    auto_method: no
+    delay_after_enrollment: 20
+    use_source_ip: no
 wazuh_agent_nat: false
diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index a1e79db5..d5433660 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -45,6 +45,26 @@
     <events_per_second>{{ wazuh_agent_config.client_buffer.events_per_sec }}</events_per_second>
   </client_buffer>
 
+  {% if wazuh_agent_config.enrollment is defined and wazuh_agent_config.enrollment.enabled == 'yes' %}
+    <enrollment>
+      <enabled>{{ wazuh_agent_config.enrollment.enabled }}</enabled>
+      <manager_address>{{ wazuh_agent_config.enrollment.manager_address }}</manager_address>
+      <port>{{ wazuh_agent_config.enrollment.port }}</port>
+      <agent_name>{{ wazuh_agent_config.enrollment.agent_name }}</agent_name>
+      <groups>{{ wazuh_agent_config.enrollment.groups }}</groups>
+      <agent_address>{{ wazuh_agent_config.enrollment.agent_address }}</agent_address>
+      <ssl_cipher>{{ wazuh_agent_config.enrollment.ssl_cipher }}</ssl_cipher>
+      <server_ca_path>{{ wazuh_agent_config.enrollment.server_ca_path }}</server_ca_path>
+      <agent_certificate_path>{{ wazuh_agent_config.enrollment.agent_certificate_path }}</agent_certificate_path>
+      <agent_key_path>{{ wazuh_agent_config.enrollment.agent_key_path }}</agent_key_path>
+      <authorization_pass>{{ wazuh_agent_config.enrollment.authorization_pass }}</authorization_pass>
+      <auto_method>{{ wazuh_agent_config.enrollment.auto_method }}</auto_method>
+      <delay_after_enrollment>{{ wazuh_agent_config.enrollment.delay_after_enrollment }}</delay_after_enrollment>
+      <use_source_ip>{{ wazuh_agent_config.enrollment.use_source_ip }}</use_source_ip>
+    </enrollment>
+  {% endif %}
+
+
   {% if wazuh_agent_config.rootcheck is defined %}
   <rootcheck>
     <disabled>no</disabled>