Merge pull request #234 from wazuh/233-fix-windows-agent-installation

Fix Wazuh Agent installation on Windows hosts
2019-09-11 13:31:46 +02:00 · 2019-09-11 13:31:46 +02:00 · 39bb001f87
commit 39bb001f87
parent a7246ea943 d3784b4727
4 changed files with 53 additions and 50 deletions
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@ -20,14 +20,17 @@ wazuh_notify_time: '10'
 wazuh_time_reconnect: '60'
 wazuh_crypto_method: 'aes'
 wazuh_winagent_config:
-  install_dir: 'C:\Program Files\ossec-agent\'
-  install_dir_x86: 'C:\Program Files (x86)\ossec-agent\'
-  auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe
+  download_dir: C:\
+  install_dir: C:\Program Files\ossec-agent\
+  install_dir_x86: C:\Program Files (x86)\ossec-agent\
+  auth_path: C:\Program Files\ossec-agent\agent-auth.exe
+  # Adding quotes to auth_path_x86 since win_shell outputs error otherwise
  auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
  version: '3.9.5'
  revision: '1'
  repo: https://packages.wazuh.com/3.x/windows/
-  md5: c3fdbd6c121ca371b8abcd477ed4e8a4
+  md5: ee5b24216db472d291da4e14f0b3bc63
+  register_key: 9903C258-FC1E-4886-B7DB-1535976EC1D5
 wazuh_agent_config:
  active_response:
    ar_disabled: 'no'
--- a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml
@ -2,5 +2,5 @@
 - name: restart wazuh-agent
  service: name=wazuh-agent state=restarted enabled=yes

- name: restart wazuh-agent windows
+- name: Windows | Restart Wazuh Agent
  win_service: name=OssecSvc start_mode=auto state=restarted
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
@ -4,54 +4,50 @@
    path: C:\Program Files (x86)
  register: check_path

- name: "Set Win Path"
+- name: Windows | Set Win Path (x86)
  set_fact:
-    wazuh_agent_win_path: "{% wazuh_winagent_config.install_dir_x86 if check_path.stat.exists else wazuh_winagent_config.install_dir %}"
-
- name: Windows | Get current installed version
-  win_shell: "{% if check_path.stat.exists %}{{ wazuh_winagent_config.install_dir_x86 }}{% else %}
-  {{ wazuh_winagent_config.install_dir }}{% endif %}ossec-agent.exe -h"
-  args:
-    removes: "{% if check_path.stat.exists %}{{ wazuh_winagent_config.install_dir_x86 }}{% else %}
-    {{ wazuh_winagent_config.install_dir }}{% endif %}ossec-agent.exe"
-  register: agent_version
-  failed_when: false
-  changed_when: false
-
- name: Windows | Check Wazuh agent version installed
-  set_fact: correct_version=true
+    wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir_x86 }}"
+    wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}"
  when:
-    - agent_version.stdout is defined
-    - wazuh_winagent_config.version in agent_version.stdout
+    - check_path.stat.exists

- name: Windows | Downloading windows Wazuh agent installer
-  win_get_url:
-    dest: C:\wazuh-agent-installer.msi
-    url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
+- name: Windows | Set Win Path (x64)
+  set_fact:
+    wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir }}"
+    wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}"
  when:
-    - correct_version is not defined
+    - not check_path.stat.exists

- name: Windows | Verify the downloaded Wazuh agent installer
+- name: Windows | Check if Wazuh installer is already downloaded
  win_stat:
-    path: C:\wazuh-agent-installer.msi
+    path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
+  register: wazuh_package_downloaded
+
+- name: Windows | Download Wazuh Agent package
+  win_get_url:
+    url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
+    dest: "{{ wazuh_winagent_config.download_dir }}"
+  when:
+    - not wazuh_package_downloaded.stat.exists
+
+- name: Windows | Verify the Wazuh Agent installer
+  win_stat:
+    path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
    get_checksum: true
    checksum_algorithm: md5
-  register: installer_md5
-  when:
-    - correct_version is not defined
+  register: wazuh_agent_status
  failed_when:
-    - installer_md5.stat.checksum != wazuh_winagent_config.md5
+    - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5

- name: Windows | Install Wazuh agent
+- name: Windows | Install Agent if not already installed
  win_package:
-    path: C:\wazuh-agent-installer.msi
-  when:
-    - correct_version is not defined
+    path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
+    product_id: '{{ "{" }}{{ wazuh_winagent_config.register_key }}{{ "}" }}'
+    state: present

 - name: Windows | Check if client.keys exists
-  win_stat: path="{{ wazuh_agent_win_path }}"
+  win_stat: path="{{ wazuh_agent_win_path }}client.keys"
  register: check_windows_key
-  notify: restart wazuh-agent windows
  tags:
    - config

@ -62,15 +58,12 @@

 - name: Windows | Register agent
  win_shell: >
-    {% if check_path.stat.exists %}{{ wazuh_winagent_config.auth_path_x86 }}{% else %}
-    {{ wazuh_winagent_config.auth_path }}{% endif %}
+    {{ wazuh_agent_win_auth_path }}
    -m {{ wazuh_managers.0.address }}
    -p {{ wazuh_agent_authd.port }}
    {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %}
-  args:
-    chdir: "{{ wazuh_agent_win_path }}"
  register: agent_auth_output
-  notify: restart wazuh-agent windows
+  notify: Windows | Restart Wazuh Agent
  when:
    - wazuh_agent_authd.enable
    - not check_windows_key.stat.exists or check_windows_key.stat.size == 0
@ -78,11 +71,16 @@
  tags:
    - config

+- name: Windows | Check if ossec folder is accessible
+  win_file:
+    path: "{{ wazuh_agent_win_path }}"
+    state: directory
+
 - name: Windows | Installing agent configuration (ossec.conf)
-  win_template:
+  template:
    src: var-ossec-etc-ossec-agent.conf.j2
    dest: "{{ wazuh_agent_win_path }}ossec.conf"
-  notify: restart wazuh-agent windows
+  notify: Windows | Restart Wazuh Agent
  tags:
    - config

@ -90,11 +88,11 @@
  win_template:
    src: var-ossec-etc-local-internal-options.conf.j2
    dest: "{{ wazuh_agent_win_path }}local_internal_options.conf"
-  notify: restart wazuh-agent windows
+  notify: Windows | Restart Wazuh Agent
  tags:
    - config

 - name: Windows | Delete downloaded Wazuh agent installer file
  win_file:
-    path: C:\wazuh-agent-installer.msi
+    path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
    state: absent
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@ -322,7 +322,8 @@
  notify: restart wazuh-api
  when:
    - wazuh_api_user is defined
-    - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon' and ansible_distribution_major_version|int < 6)
+    - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon')
+    - ansible_distribution_major_version|int < 6
  tags:
    - config

@ -378,7 +379,8 @@
  environment:
    LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib"
  when:
-    - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon' and ansible_distribution_major_version|int < 6)
+    - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon')
+    - ansible_distribution_major_version|int < 6

 - name: Ensure Wazuh Manager is started and enabled (EL5)
  service: