From 31d3cd64d1b2a79ef14fedcbe5fa1087991ba9c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 26 Apr 2022 09:59:33 -0300 Subject: [PATCH] Repositories variables unified --- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 9 +-------- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-agent/tasks/main.yml | 10 ++++++++++ roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 8 +------- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 10 ++++++++++ roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml | 2 +- roles/wazuh/wazuh-dashboard/defaults/main.yml | 10 ---------- roles/wazuh/wazuh-dashboard/tasks/Debian.yml | 4 ++-- roles/wazuh/wazuh-dashboard/tasks/RedHat.yml | 4 ++-- roles/wazuh/wazuh-dashboard/tasks/main.yml | 9 +++++++++ roles/wazuh/wazuh-indexer/defaults/main.yml | 7 ------- roles/wazuh/wazuh-indexer/tasks/Debian.yml | 4 ++-- roles/wazuh/wazuh-indexer/tasks/RedHat.yml | 4 ++-- roles/wazuh/wazuh-indexer/tasks/main.yml | 9 +++++++++ 16 files changed, 52 insertions(+), 44 deletions(-) diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 5e47eb65..241e5026 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: v4.3.0 +wazuh_template_branch: 4.3 filebeat_node_name: node-1 diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 8706a992..19b56f5d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -55,17 +55,10 @@ wazuh_winagent_config: auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True md5: 8ffa75d13280f1aa6ffca54f4273df4d -wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.0-1.msi wazuh_winagent_package_name: wazuh-agent-4.3.0-1.msi wazuh_dir: "/var/ossec" -wazuh_agent_repo: - apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - yum: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' - # This is deprecated, see: wazuh_agent_address wazuh_agent_nat: false @@ -367,7 +360,7 @@ wazuh_agent_log_format: 'plain' # wazuh_agent_config wazuh_agent_config_defaults: - repo: '{{ wazuh_agent_repo }}' + repo: '{{ wazuh_repo }}' active_response: '{{ wazuh_agent_active_response }}' log_format: '{{ wazuh_agent_log_format }}' client_buffer: '{{ wazuh_agent_client_buffer }}' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index d9b3e255..37ab9afd 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -14,7 +14,7 @@ become: true shell: | set -o pipefail - curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - + curl -s {{ wazuh_agent_config.repo.gpg }} | apt-key add - args: warn: false executable: /bin/bash diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml index 43aa2ca3..52501861 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml @@ -1,5 +1,15 @@ --- +- name: Get latest wazuh release + shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" + register: wazuh_latest_release + +- include_vars: ../../vars/repo.yml + when: "{{ wazuh_latest_release.stdout is version(wazuh_agent_version, operator='ge') }}" + +- include_vars: ../../vars/repo_dev.yml + when: "{{ wazuh_latest_release.stdout is version(wazuh_agent_version, operator='lt') }}" + - name: Overlay wazuh_agent_config on top of defaults set_fact: wazuh_agent_config: '{{ wazuh_agent_config_defaults | combine(config_layer, recursive=True) }}' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 2e694ab5..3dc5b2d5 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -37,12 +37,6 @@ wazuh_manager_sources_installation: threads: "2" wazuh_dir: "/var/ossec" -wazuh_manager_repo: - apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - yum: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' - ########################################## ### Wazuh-OSSEC @@ -421,7 +415,7 @@ wazuh_manager_config_overlay: true ## Other/Wrappers wazuh_manager_config_defaults: - repo: '{{ wazuh_manager_repo }}' + repo: '{{ wazuh_repo }}' json_output: '{{ wazuh_manager_json_output }}' alerts_log: '{{ wazuh_manager_alerts_log }}' logall: '{{ wazuh_manager_logall }}' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 717add8c..ee903eb9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -16,7 +16,7 @@ become: true shell: | set -o pipefail - curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - + curl -s {{ wazuh_manager_config.repo.gpg }} | apt-key add - args: warn: false executable: /bin/bash diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 65ded135..d86a863a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -1,5 +1,15 @@ --- +- name: Get latest wazuh release + shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" + register: wazuh_latest_release + +- include_vars: ../../vars/repo.yml + when: "{{ wazuh_latest_release.stdout is version(wazuh_manager_version, operator='ge') }}" + +- include_vars: ../../vars/repo_dev.yml + when: "{{ wazuh_latest_release.stdout is version(wazuh_manager_version, operator='lt') }}" + - name: Overlay wazuh_manager_config on top of defaults set_fact: wazuh_manager_config: '{{ wazuh_manager_config_defaults | combine(config_layer, recursive=True) }}' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml index 6dcf5df9..824e6926 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml @@ -2,7 +2,7 @@ - name: Debian/Ubuntu | Remove Wazuh repository. apt_repository: - repo: deb https://packages.wazuh.com/4.x/apt {{ ansible_distribution_release }} main + repo: "{{ wazuh_manager_config.repo.apt }}" state: absent changed_when: false when: ansible_os_family == "Debian" diff --git a/roles/wazuh/wazuh-dashboard/defaults/main.yml b/roles/wazuh/wazuh-dashboard/defaults/main.yml index 7e50fb26..64e50752 100644 --- a/roles/wazuh/wazuh-dashboard/defaults/main.yml +++ b/roles/wazuh/wazuh-dashboard/defaults/main.yml @@ -15,16 +15,6 @@ indexer_cluster_nodes: # The Wazuh dashboard package repository dashboard_version: "4.3.0" -package_repos: - yum: - dashboard: - baseurl: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - apt: - dashboard: - baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - # API credentials wazuh_api_credentials: - id: "default" diff --git a/roles/wazuh/wazuh-dashboard/tasks/Debian.yml b/roles/wazuh/wazuh-dashboard/tasks/Debian.yml index 2d6c67b7..f41b3671 100644 --- a/roles/wazuh/wazuh-dashboard/tasks/Debian.yml +++ b/roles/wazuh/wazuh-dashboard/tasks/Debian.yml @@ -4,12 +4,12 @@ - include_vars: debian.yml - name: Add apt repository signing key apt_key: - url: "{{ package_repos.apt.dashboard.gpg }}" + url: "{{ wazuh_repo.gpg }}" state: present - name: Debian systems | Add Wazuh dashboard repo apt_repository: - repo: "{{ package_repos.apt.dashboard.baseurl }}" + repo: "{{ wazuh_repo.apt }}" state: present update_cache: yes diff --git a/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml b/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml index 994f2a0f..39900d43 100644 --- a/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml +++ b/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml @@ -6,8 +6,8 @@ file: wazuh name: wazuh_repo description: Wazuh yum repository - baseurl: "{{ package_repos.yum.dashboard.baseurl }}" - gpgkey: "{{ package_repos.yum.dashboard.gpg }}" + baseurl: "{{ wazuh_repo.yum }}" + gpgkey: "{{ wazuh_repo.gpg }}" gpgcheck: true - name: Install Wazuh dashboard diff --git a/roles/wazuh/wazuh-dashboard/tasks/main.yml b/roles/wazuh/wazuh-dashboard/tasks/main.yml index c477df58..ac451b3d 100755 --- a/roles/wazuh/wazuh-dashboard/tasks/main.yml +++ b/roles/wazuh/wazuh-dashboard/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: Get latest wazuh release + shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" + register: wazuh_latest_release + +- include_vars: ../../vars/repo.yml + when: "{{ wazuh_latest_release.stdout is version(dashboard_version, operator='ge') }}" + +- include_vars: ../../vars/repo_dev.yml + when: "{{ wazuh_latest_release.stdout is version(dashboard_version, operator='lt') }}" - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index e2a4bb48..01a1923e 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -28,14 +28,7 @@ domain_name: wazuh.com # The Wazuh indexer package repository package_repos: - yum: - indexer: - baseurl: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' apt: - indexer: - baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' openjdk: baseurl: 'deb http://deb.debian.org/debian stretch-backports main' diff --git a/roles/wazuh/wazuh-indexer/tasks/Debian.yml b/roles/wazuh/wazuh-indexer/tasks/Debian.yml index 7e67fb2f..9b6ef404 100644 --- a/roles/wazuh/wazuh-indexer/tasks/Debian.yml +++ b/roles/wazuh/wazuh-indexer/tasks/Debian.yml @@ -39,12 +39,12 @@ block: - name: Add apt repository signing key apt_key: - url: "{{ package_repos.apt.indexer.gpg }}" + url: "{{ wazuh_repo.apt.gpg }}" state: present - name: Add Wazuh indexer repository apt_repository: - repo: "{{ package_repos.apt.indexer.baseurl }}" + repo: "{{ wazuh_repo.apt }}" state: present filename: 'wazuh-indexer' update_cache: yes diff --git a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml index 4bb1ca05..0daa7c3b 100644 --- a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml +++ b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml @@ -6,8 +6,8 @@ file: wazuh name: wazuh_repo description: Wazuh yum repository - baseurl: "{{ package_repos.yum.indexer.baseurl }}" - gpgkey: "{{ package_repos.yum.indexer.gpg }}" + baseurl: "{{ wazuh_repo.yum }}" + gpgkey: "{{ wazuh_repo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/wazuh/wazuh-indexer/tasks/main.yml b/roles/wazuh/wazuh-indexer/tasks/main.yml index 03316b38..0e18d05f 100644 --- a/roles/wazuh/wazuh-indexer/tasks/main.yml +++ b/roles/wazuh/wazuh-indexer/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: Get latest wazuh release + shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" + register: wazuh_latest_release + +- include_vars: ../../vars/repo.yml + when: "{{ wazuh_latest_release.stdout is version(indexer_version, operator='ge') }}" + +- include_vars: ../../vars/repo_dev.yml + when: "{{ wazuh_latest_release.stdout is version(indexer_version, operator='lt') }}" - import_tasks: local_actions.yml when: