From abd4f57106e5dddda336a150c24ee27807f7b70d Mon Sep 17 00:00:00 2001
From: manuasir <manuel.jimenez@wazuh.com>
Date: Wed, 26 Feb 2020 16:11:44 +0100
Subject: [PATCH 1/3] Avoid to install Wazuh API in worker nodes, fixes #370

---
 .../ansible-wazuh-manager/tasks/Debian.yml    |  3 +-
 .../ansible-wazuh-manager/tasks/RedHat.yml    |  1 +
 .../installation_from_custom_packages.yml     |  3 ++
 .../tasks/installation_from_sources.yml       |  3 ++
 .../ansible-wazuh-manager/tasks/main.yml      | 29 +++++++++++++++----
 5 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
index ca4820fc..4712b573 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@@ -131,4 +131,5 @@
   tags: init
   when:
     - not wazuh_api_sources_installation.enabled
-    - not wazuh_custom_packages_installation_manager_enabled
\ No newline at end of file
+    - not wazuh_custom_packages_installation_manager_enabled
+    - wazuh_manager_config.cluster.node_type == "master"
\ No newline at end of file
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
index c0ff9ee4..cb0dbf5a 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
@@ -142,6 +142,7 @@
     - ansible_os_family|lower == "redhat"
     - not wazuh_api_sources_installation.enabled
     - not wazuh_custom_packages_installation_api_enabled
+    - wazuh_manager_config.cluster.node_type == "master"
   tags:
     - init
 
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml
index ae837c9a..c4081a08 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml
@@ -13,6 +13,8 @@
           state: present
         when:
           - wazuh_custom_packages_installation_api_enabled
+          - wazuh_manager_config.cluster.node_type == "master"
+
     when:
       - ansible_os_family|lower == "debian"
 
@@ -30,5 +32,6 @@
         state: present
       when:
         - wazuh_custom_packages_installation_api_enabled
+        - wazuh_manager_config.cluster.node_type == "master"
     when:
       - ansible_os_family|lower == "redhat"
\ No newline at end of file
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
index 10203cb9..484f4b58 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
@@ -122,6 +122,8 @@
     stat:
       path: /var/ossec/api/app.js
     register: wazuh_api
+    when:       
+      - wazuh_manager_config.cluster.node_type == "master"
 
   - name: Install Wazuh API from sources
     block:
@@ -178,5 +180,6 @@
     when:
       - not wazuh_api.stat.exists
       - wazuh_api_sources_installation.enabled
+      - wazuh_manager_config.cluster.node_type == "master"
     tags:
       - api
\ No newline at end of file
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index 88b3628f..d2ab8237 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -11,6 +11,8 @@
   stat:
     path: /usr/bin/node
   register: node_service_status
+  when: 
+    - wazuh_manager_config.cluster.node_type == "master"
 
 - name: Install NodeJS repository
   block:
@@ -25,7 +27,9 @@
       command: sh /etc/nodejs.sh
       register: nodejs_script
       changed_when: nodejs_script.rc == 0
-  when: not node_service_status.stat.exists
+  when: 
+    - not node_service_status.stat.exists
+    - wazuh_manager_config.cluster.node_type == "master"
 
 - name: Installing NodeJS
   package:
@@ -33,6 +37,9 @@
     state: present
   register: nodejs_service_is_installed
   until: nodejs_service_is_installed is succeeded
+  when: 
+    - wazuh_manager_config.cluster.node_type == "master"
+
   tags: init
 
 - include_tasks: "RedHat.yml"
@@ -168,6 +175,9 @@
             group=ossec
             mode=0740
   notify: restart wazuh-api
+  when: 
+    - wazuh_manager_config.cluster.node_type == "master"
+
   tags:
     - init
     - config
@@ -304,6 +314,7 @@
   notify: restart wazuh-api
   when:
     - wazuh_api_user is defined
+    - wazuh_manager_config.cluster.node_type == "master"
   tags:
     - config
 
@@ -325,14 +336,20 @@
   tags:
     - config
 
-- name: Ensure Wazuh Manager, wazuh API service is started and enabled
+- name: Ensure Wazuh Manager service is started and enabled.
   service:
-    name: "{{ item }}"
+    name: "wazuh-manager"
     enabled: true
     state: started
-  with_items:
-    - wazuh-manager
-    - wazuh-api
+  tags:
+    - config
+
+- name: Ensure Wazuh API service is started and enabled.
+  service:
+    name: "wazuh-api"
+    enabled: true
+    state: started
+  when: wazuh_manager_config.cluster.node_type == "master"
   tags:
     - config
 

From 543eff6342647d9834cc3d55d12e984202f8523c Mon Sep 17 00:00:00 2001
From: Rshad Zhran <rashzk95@gmail.com>
Date: Wed, 26 Feb 2020 17:06:48 +0100
Subject: [PATCH 2/3] Fix conditions in tasks: Replace variables

---
 roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
index ca4820fc..c8980bfa 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@@ -24,7 +24,7 @@
     - ansible_distribution == "Ubuntu"
     - ansible_distribution_major_version | int == 14
     - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
-    - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled
+    - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
 
 - name: Debian/Ubuntu | Installing Wazuh repository key
   apt_key:
@@ -33,7 +33,7 @@
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
     - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
-    - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled
+    - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
 
 - name: Debian/Ubuntu | Add Wazuh repositories
   apt_repository:
@@ -44,7 +44,7 @@
   changed_when: false
   when:
     - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
-    - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled
+    - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
 
 - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
   set_fact:
@@ -117,7 +117,7 @@
 
 - include_tasks: "installation_from_custom_packages.yml"
   when:
-    - wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled
+    - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled
 
 - name: Debian/Ubuntu | Install wazuh-api
   apt:

From 079273eb353cf180010a84a3e4d3e5f8e8d0bf0c Mon Sep 17 00:00:00 2001
From: manuasir <manuel.jimenez@wazuh.com>
Date: Wed, 26 Feb 2020 17:26:01 +0100
Subject: [PATCH 3/3] Fix linting

---
 .../tasks/installation_from_sources.yml                   | 2 +-
 roles/wazuh/ansible-wazuh-manager/tasks/main.yml          | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
index 484f4b58..c83aaff1 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
@@ -122,7 +122,7 @@
     stat:
       path: /var/ossec/api/app.js
     register: wazuh_api
-    when:       
+    when:
       - wazuh_manager_config.cluster.node_type == "master"
 
   - name: Install Wazuh API from sources
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index d2ab8237..c1d91434 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -11,7 +11,7 @@
   stat:
     path: /usr/bin/node
   register: node_service_status
-  when: 
+  when:
     - wazuh_manager_config.cluster.node_type == "master"
 
 - name: Install NodeJS repository
@@ -27,7 +27,7 @@
       command: sh /etc/nodejs.sh
       register: nodejs_script
       changed_when: nodejs_script.rc == 0
-  when: 
+  when:
     - not node_service_status.stat.exists
     - wazuh_manager_config.cluster.node_type == "master"
 
@@ -37,7 +37,7 @@
     state: present
   register: nodejs_service_is_installed
   until: nodejs_service_is_installed is succeeded
-  when: 
+  when:
     - wazuh_manager_config.cluster.node_type == "master"
 
   tags: init
@@ -175,7 +175,7 @@
             group=ossec
             mode=0740
   notify: restart wazuh-api
-  when: 
+  when:
     - wazuh_manager_config.cluster.node_type == "master"
 
   tags: