Merge pull request #329 from wazuh/feature-324-support-sources-installation

Add Support for sources installation

playbooks/wazuh-elastic.yml

@@ -1,5 +1,5 @@
 ---
 - hosts: <YOUR_ELASTICSEARCH_IP>
   roles:
-    - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch 
+    - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch
       elasticsearch_network_host: '<YOUR_ELASTICSEARCH_IP>'

playbooks/wazuh-elastic_stack-distributed.yml

@@ -6,7 +6,7 @@
       elasticsearch_network_host: <node-1 IP>
       node_name: node-1
       elasticsearch_bootstrap_node: true
-      elasticsearch_cluster_nodes: 
+      elasticsearch_cluster_nodes:
         - <node-1 IP>
         - <node-2 IP>
         - <node-3 IP>
@@ -22,7 +22,7 @@
   vars:
     instances:
       node1:
-        name: node-1       # Important: must be equal to elasticsearch_node_name.                    
+        name: node-1       # Important: must be equal to elasticsearch_node_name.
         ip: <node-1 IP>   # When unzipping, the node will search for its node name folder to get the cert.
       node2:
         name: node-2
@@ -43,10 +43,10 @@
         - <node-1 IP>
         - <node-2 IP>
         - <node-3 IP>
-  
+
 - hosts: <node-3 IP>
   roles:
-    - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch 
+    - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch
       elasticsearch_network_host: <node-3 IP>
       elasticsearch_node_name: node-3
       single_node: false

playbooks/wazuh-elastic_stack-single.yml

@@ -1,8 +1,8 @@
 ---
 - hosts: <your server host>
   roles:
-      - {role: ../roles/wazuh/ansible-wazuh-manager}
+    - {role: ../roles/wazuh/ansible-wazuh-manager}
-      - role: ../roles/wazuh/ansible-filebeat
+    - role: ../roles/wazuh/ansible-filebeat
-        filebeat_output_elasticsearch_hosts: localhost:9200
+      filebeat_output_elasticsearch_hosts: localhost:9200
-      - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true}
+    - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true}
-      - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' }
+    - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: '0.0.0.0', elasticsearch_reachable_host: 'localhost' }

roles/elastic-stack/ansible-kibana/defaults/main.yml

@@ -23,3 +23,14 @@ node_certs_destination: /etc/kibana/certs
 master_certs_path: /es_certs
 generate_CA: true
 ca_cert_name: ""
+
+# Nodejs
+nodejs:
+  repo_dict:
+      debian: "deb"
+      redhat: "rpm"
+  repo_url_ext: "nodesource.com/setup_8.x" 
+
+# Build from sources
+build_from_sources: true
+wazuh_plugin_branch: 3.10-7.4

roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml

@@ -0,0 +1,77 @@
+---
+  - name: Ensure the Git package is present
+    package:
+      name: git
+      state: present
+
+  - name: Modify repo url if host is in Debian family
+    set_fact:
+      node_js_repo_type: deb
+    when:
+      - ansible_os_family | lower == "debian"
+
+  - name: Download script to install Nodejs repository
+    get_url:
+      url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}"
+      dest: "/tmp/setup_nodejs_repo.sh"
+      mode: "0700"
+
+  - name: Execute downloaded script to install Nodejs repo
+    command: /tmp/setup_nodejs_repo.sh
+    register: node_repo_installation_result
+    changed_when: false
+
+  - name: Install Nodejs
+    package:
+      name: nodejs
+      state: present
+
+  - name: Install yarn dependency to build the Wazuh Kibana Plugin
+    # Using shell due to errors when evaluating text between @ with command
+    shell: "npm install -g {{ 'yarn' }}{{ '@' }}{{ '1.10.1'}}" # noqa 305
+    register: install_yarn_result
+    changed_when: install_yarn_result == 0
+
+  - name: Remove old wazuh-kibana-app git directory
+    file:
+      path: /tmp/app
+      state: absent
+    changed_when: false
+
+  - name: Clone wazuh-kibana-app repository # Using command as git module doesn't cover single-branch nor depth
+    command: git clone https://github.com/wazuh/wazuh-kibana-app -b {{ wazuh_plugin_branch }} --single-branch --depth=1 app # noqa 303
+    register: clone_app_repo_result
+    changed_when: false
+    args:
+      chdir: "/tmp"
+
+  - name: Executing yarn to build the package
+    command: "{{ item }}"
+    with_items:
+      - "yarn"
+      - "yarn build"
+    register: yarn_execution_result
+    changed_when: false
+    args:
+      chdir: "/tmp/app/"
+
+  - name: Obtain name of generated package
+    shell: "find ./ -name 'wazuh-*.zip' -printf '%f\\n'"
+    register: wazuhapp_package_name
+    changed_when: false
+    args:
+      chdir: "/tmp/app/build"
+
+  - name: Install Wazuh Plugin (can take a while)
+    shell: "/usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}"
+    environment:
+      NODE_OPTIONS: "--max-old-space-size=3072"
+    args:
+      executable: /bin/bash
+      creates: /usr/share/kibana/plugins/wazuh/package.json
+    become: yes
+    become_user: kibana
+    notify: restart kibana
+    tags:
+      - install
+      - skip_ansible_lint

roles/elastic-stack/ansible-kibana/tasks/main.yml

@@ -1,4 +1,13 @@
 ---
+
+- name: Stopping early, trying to compile Wazuh Kibana Plugin on Debian 10 is not possible
+  fail:
+    msg: "It's not possible to compile the Wazuh Kibana plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924"
+  when:
+    - build_from_sources
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version == "10"
+
 - import_tasks: RedHat.yml
   when: ansible_os_family == 'RedHat'
 
@@ -82,8 +91,8 @@
   register: wazuh_app_verify
   changed_when: false
   failed_when:
-    -  wazuh_app_verify.rc != 0
+    - wazuh_app_verify.rc != 0
-    -  wazuh_app_verify.rc != 1
+    - wazuh_app_verify.rc != 1
 
 - name: Removing old Wazuh-APP
   command: /usr/share/kibana/bin/kibana-plugin --allow-root remove wazuh
@@ -91,13 +100,25 @@
   tags: install
 
 - name: Removing bundles
-  file: path=/usr/share/kibana/optimize/bundles state=absent
+  file:
-  become: yes
+    path: /usr/share/kibana/optimize/bundles
-  become_user: kibana
+    state: absent
   when: wazuh_app_verify.rc == 1
   tags: install
 
-- name: Install Wazuh-APP (can take a while)
+- name: Explicitly starting Kibana to generate "wazuh-"
+  service:
+    name: kibana
+    state: started
+
+- name: Build and Install Wazuh Kibana Plugin from sources
+  import_tasks: build_wazuh_plugin.yml
+  when:
+    - build_from_sources is defined
+    - build_from_sources
+
+
+- name: Install Wazuh Plugin (can take a while)
   shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip"
   environment:
     NODE_OPTIONS: "--max-old-space-size=3072"
@@ -110,6 +131,8 @@
   tags:
     - install
     - skip_ansible_lint
+  when:
+    - not build_from_sources
 
 - name: Reload systemd configuration
   systemd:

roles/wazuh/ansible-wazuh-agent/defaults/main.yml

@@ -1,5 +1,28 @@
 ---
 wazuh_agent_version: 3.10.2-1
+
+wazuh_agent_sources_installation:
+  enabled: "false"
+  branch: "v3.10.2"
+  user_language: "y"
+  user_no_stop: "y"
+  user_install_type: "agent"
+  user_dir: "/var/ossec"
+  user_delete_dir: "y"
+  user_enable_active_response: "y"
+  user_enable_syscheck: "y"
+  user_enable_rootcheck: "y"
+  user_enable_openscap: "y"
+  user_enable_sca: "y"
+  user_enable_authd: "y"
+  user_generate_authd_cert: "n"
+  user_update: "y"
+  user_binaryinstall: null
+  user_agent_server_ip: "YOUR_MANAGER_IP"
+  user_agent_server_name: null
+  user_agent_config_profile: null
+  user_ca_store: "/var/ossec/wpk_root.pem"
+
 wazuh_managers:
   - address: 127.0.0.1
     port: 1514
@@ -320,4 +343,4 @@ wazuh_agent_config:
     list:
       - key: Env
         value: Production
-wazuh_agent_nat: false
+wazuh_agent_nat: false

roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml

@@ -20,12 +20,14 @@
   when:
     - ansible_distribution == "Ubuntu"
     - ansible_distribution_major_version | int == 14
+    - not wazuh_agent_sources_installation.enabled
 
 - name: Debian/Ubuntu | Installing Wazuh repository key
   apt_key:
     url: "{{ wazuh_agent_config.repo.gpg }}"
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+    - not wazuh_agent_sources_installation.enabled
 
 - name: Debian/Ubuntu | Add Wazuh repositories
   apt_repository:
@@ -33,6 +35,8 @@
     repo: "{{ wazuh_agent_config.repo.apt }}"
     state: present
     update_cache: true
+  when:
+    - not wazuh_agent_sources_installation.enabled
 
 - name: Debian/Ubuntu | Set Distribution CIS filename for debian
   set_fact:

roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml

@@ -5,6 +5,10 @@
 - include_tasks: "Debian.yml"
   when: ansible_os_family == "Debian"
 
+- include_tasks: "installation_from_sources.yml"
+  when:
+    - wazuh_agent_sources_installation.enabled
+
 - name: Linux CentOS/RedHat | Install wazuh-agent
   package:
     name: wazuh-agent-{{ wazuh_agent_version }}
@@ -13,6 +17,7 @@
   poll: 30
   when:
     - ansible_os_family|lower == "redhat"
+    - not wazuh_agent_sources_installation.enabled
   tags:
     - init
 
@@ -23,6 +28,7 @@
     cache_valid_time: 3600
   when:
     - ansible_os_family|lower != "redhat"
+    - not wazuh_agent_sources_installation.enabled
   tags:
     - init
 
@@ -192,7 +198,11 @@
   tags: config
 
 - include_tasks: "RMRedHat.yml"
-  when: ansible_os_family == "RedHat"
+  when:
+    - ansible_os_family == "RedHat"
+    - not wazuh_agent_sources_installation.enabled
 
 - include_tasks: "RMDebian.yml"
-  when: ansible_os_family == "Debian"
+  when:
+    - ansible_os_family == "Debian"
+    - not wazuh_agent_sources_installation.enabled

roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml

@@ -10,6 +10,7 @@
   when:
     - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
     - (ansible_distribution_major_version|int <= 5)
+    - not wazuh_agent_sources_installation.enabled or not wazuh_api_sources_installation.enabled
   register: repo_v5_installed
 
 - name: RedHat/CentOS/Fedora | Install Wazuh repo
@@ -22,6 +23,7 @@
   changed_when: false
   when:
     - repo_v5_installed is skipped
+    - not wazuh_agent_sources_installation.enabled
 
 - name: RedHat/CentOS/Fedora | download Oracle Java RPM
   get_url:

roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml

@@ -0,0 +1,99 @@
+---
+  - name: Install dependencies to build Wazuh packages
+    package:
+      name:
+        - make
+        - gcc
+        - automake
+        - autoconf
+        - libtool
+        - tar
+      state: present
+
+  - name: Removing old files
+    file:
+      path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
+      state: absent
+
+  - name: Removing old folders
+    file:
+      path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
+      state: absent
+
+  - name: Installing policycoreutils-python (RedHat families)
+    package:
+      name:
+        - policycoreutils-python
+    when:
+      - ansible_os_family|lower == "redhat"
+
+  - name: Installing policycoreutils-python-utils (Debian families)
+    package:
+      name:
+        - libc6-dev
+        - curl
+        - policycoreutils
+    when:
+      - ansible_os_family|lower == "debian"
+
+  - name: Download required packages from github.com/wazuh/wazuh
+    get_url:
+      url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
+      dest: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
+    delegate_to: "{{ inventory_hostname }}"
+    changed_when: false
+
+  - name: Create folder to extract Wazuh branch
+    file:
+      path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
+      state: directory
+    changed_when: false
+
+  - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip
+    command: >-
+      tar -xzvf /tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz
+      --strip 1
+      --directory /tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}
+    register: wazuh_untar
+    changed_when: false
+    args:
+      warn: false
+
+  - name: Clean remaining files from others builds
+    command: "make -C src {{ item }}"
+    args:
+      chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/src/"
+    with_items:
+      - "clean"
+      - "clean-deps"
+    register: clean_result
+    changed_when: clean_result.rc == 0
+    failed_when: false
+
+  - name: Render the "preloaded-vars.conf" file
+    template:
+      src: "templates/preloaded_vars_agent.conf.j2"
+      dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf"
+      owner: root
+      group: root
+      mode: '644'
+    changed_when: false
+
+  - name: Executing "install.sh" script to build and install the Wazuh Agent
+    shell: ./install.sh > /tmp/build_agent_log.txt
+    register: installation_result
+    changed_when: installation_result == 0
+    args:
+      chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
+
+  - name: Cleanup downloaded files
+    file:
+      path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
+      state: absent
+    changed_when: false
+
+  - name: Cleanup created folders
+    file:
+      path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
+      state: absent
+    changed_when: false

roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2

@@ -0,0 +1,7 @@
+{% for key, value in wazuh_agent_sources_installation.items() %}
+{% if "user_" in key %}
+{% if value is defined and value is not none %}
+{{ key|upper }}="{{ value }}"
+{% endif %}
+{% endif %}
+{% endfor %}

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -4,6 +4,49 @@ wazuh_manager_version: 3.10.2-1
 wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: present
 
+wazuh_manager_sources_installation:
+  enabled: true
+  branch: "v3.10.2"
+  user_language: "en"
+  user_no_stop: "y"
+  user_install_type: "server"
+  user_dir: "/var/ossec"
+  user_delete_dir: null
+  user_enable_active_response: null
+  user_enable_syscheck: "y"
+  user_enable_rootcheck: "y"
+  user_enable_openscap: "y"
+  user_enable_authd: "y"
+  user_generate_authd_cert: null
+  user_update: "y"
+  user_binaryinstall: null
+  user_enable_email: "n"
+  user_auto_start: "y"
+  user_email_address: null
+  user_email_smpt: null
+  user_enable_syslog: "n"
+  user_white_list: "n"
+  user_ca_store: null
+  threads: "2"
+
+wazuh_api_sources_installation:
+  enabled: true
+  branch: "v3.10.2"
+  update: "y"
+  remove: "y"
+  directory: null
+  port: 55000
+  https: "n"
+  authd: null
+  proxy: null
+  country: null
+  state: null
+  locality: null
+  org_name: null
+  org_unit: null
+  common_name: null
+  password: null
+
 wazuh_manager_config:
   repo:
     apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
@@ -326,8 +369,9 @@ wazuh_agent_configs:
         format: 'eventchannel'
       - location: 'System'
         format: 'eventlog'
+
 nodejs:
-  repo_dic:
+  repo_dict:
       debian: "deb"
       redhat: "rpm"
-  repo_url_ext: "nodesource.com/setup_8.x"
+  repo_url_ext: "nodesource.com/setup_8.x"

roles/wazuh/ansible-wazuh-manager/handlers/main.yml

@@ -12,6 +12,4 @@
   service:
     name: wazuh-api
     state: restarted
-    enabled: true
+    enabled: true
-  when:
-    - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6)

roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml

@@ -23,12 +23,14 @@
   when:
     - ansible_distribution == "Ubuntu"
     - ansible_distribution_major_version | int == 14
+    - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
 
 - name: Debian/Ubuntu | Installing Wazuh repository key
   apt_key:
     url: "{{ wazuh_manager_config.repo.gpg }}"
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+    - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
 
 - name: Debian/Ubuntu | Add Wazuh repositories
   apt_repository:
@@ -37,6 +39,8 @@
     state: present
     update_cache: true
   changed_when: false
+  when:
+    - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
 
 - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
   set_fact:
@@ -89,10 +93,26 @@
   tags:
     - config
 
-- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api
+- name: Debian/Ubuntu | Install wazuh-manager
   apt:
     name:
       - "wazuh-manager={{ wazuh_manager_version }}"
+    state: present
+    cache_valid_time: 3600
+    install_recommends: false
+  register: wazuh_manager_main_packages_installed
+  until: wazuh_manager_main_packages_installed is succeeded
+  tags: init
+  when:
+    - not wazuh_manager_sources_installation.enabled
+
+- include_tasks: "installation_from_sources.yml"
+  when:
+    - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled
+
+- name: Debian/Ubuntu | Install wazuh-api
+  apt:
+    name:
       - "wazuh-api={{ wazuh_manager_version }}"
     state: present
     cache_valid_time: 3600
@@ -100,3 +120,5 @@
   register: wazuh_manager_main_packages_installed
   until: wazuh_manager_main_packages_installed is succeeded
   tags: init
+  when:
+    - not wazuh_api_sources_installation.enabled

roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml

@@ -10,6 +10,7 @@
   when:
     - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
     - (ansible_distribution_major_version|int <= 5)
+    - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
   register: repo_v5_manager_installed
 
 - name: RedHat/CentOS/Fedora | Install Wazuh repo
@@ -22,6 +23,7 @@
   changed_when: false
   when:
     - repo_v5_manager_installed is skipped
+    - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
 
 - name: RedHat/CentOS/Fedora | Install openscap
   package: name={{ item }} state=present
@@ -107,17 +109,31 @@
   when:
     - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
 
-- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api
+- name: CentOS/RedHat/Amazon | Install wazuh-manager
   package:
-    name: "{{ item }}-{{ wazuh_manager_version }}"
+    name: "wazuh-manager-{{ wazuh_manager_version }}"
     state: "{{ wazuh_manager_package_state }}"
-  with_items:
-    - wazuh-manager
-    - wazuh-api
   register: wazuh_manager_main_packages_installed
   until: wazuh_manager_main_packages_installed is succeeded
   when:
     - ansible_os_family|lower == "redhat"
+    - not wazuh_manager_sources_installation.enabled
+  tags:
+    - init
+
+- include_tasks: "../tasks/installation_from_sources.yml"
+  when:
+    - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled
+
+- name: CentOS/RedHat/Amazon | Install wazuh-api
+  package:
+    name: "wazuh-api-{{ wazuh_manager_version }}"
+    state: "{{ wazuh_manager_package_state }}"
+  register: wazuh_api_main_packages_installed
+  until: wazuh_api_main_packages_installed is succeeded
+  when:
+    - ansible_os_family|lower == "redhat"
+    - not wazuh_api_sources_installation.enabled
   tags:
     - init
 
@@ -143,3 +159,4 @@
     - ansible_distribution_major_version|int < 6
   tags:
     - init
+

roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml

@@ -0,0 +1,181 @@
+---
+# Wazuh Manager
+  - name: Check if Wazuh Manager is already installed
+    stat:
+      path: /var/ossec/bin/ossec-control
+    register: wazuh_ossec_control
+
+  - name: Installing Wazuh Manager from sources
+    block:
+      - name: Install dependencies to build Wazuh packages
+        package:
+          name:
+            - make
+            - gcc
+            - automake
+            - autoconf
+            - libtool
+            - tar
+          state: present
+
+      - name: Removing old files
+        file:
+          path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
+          state: absent
+
+      - name: Removing old folders
+        file:
+          path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
+          state: absent
+
+      - name: Installing policycoreutils-python (RedHat families)
+        package:
+          name:
+            - policycoreutils-python
+        when:
+          - ansible_os_family|lower == "redhat"
+
+      - name: Installing policycoreutils-python-utils (Debian families)
+        package:
+          name:
+            - libc6-dev
+            - curl
+            - policycoreutils
+        when:
+          - ansible_os_family|lower == "debian"
+
+      - name: Remove old repository folder
+        file:
+          path: /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}
+          state: absent
+
+      - name: Download required packages from github.com/wazuh/wazuh
+        get_url:
+          url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
+          dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
+        delegate_to: "{{ inventory_hostname }}"
+
+      - name: Create folder to extract Wazuh branch
+        file:
+          path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
+          state: directory
+
+    # When downloading "v3.10.2" extracted folder name is 3.10.2. 
+    # Explicitly creating the folder with proper naming and striping first level in .tar.gz file
+
+      - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip
+        command: >-
+          tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz
+          --strip 1
+          --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}
+        register: wazuh_untar
+        changed_when: wazuh_untar.rc ==0
+        args:
+          warn: false
+
+      - name: Clean remaining files from others builds
+        command: "make -C src {{ item }}"
+        args:
+          chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/"
+        with_items:
+          - "clean"
+          - "clean-deps"
+        register: clean_result
+        changed_when: clean_result.rc == 0
+        failed_when: false
+
+      - name: Render the "preloaded-vars.conf" file
+        template:
+          src: "templates/preloaded_vars_manager.conf.j2"
+          dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf"
+          owner: root
+          group: root
+          mode: '644'
+
+      - name: Executing "install.sh" script to build and install the Wazuh Manager
+        shell: ./install.sh > /tmp/build_wazuh_manager_log.txt
+        register: installation_result
+        changed_when: installation_result == 0
+        args:
+          chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
+
+      - name: Cleanup downloaded files
+        file:
+          path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
+          state: absent
+
+      - name: Cleanup created folders
+        file:
+          path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
+          state: absent
+
+    when:
+      - not wazuh_ossec_control.stat.exists
+      - wazuh_manager_sources_installation.enabled
+    tags:
+      - manager
+
+# Wazuh API
+
+  - name: Check if Wazuh API is already installed
+    stat:
+      path: /var/ossec/api/app.js
+    register: wazuh_api
+
+  - name: Install Wazuh API from sources
+    block:
+      - name: Install dependencies to build Wazuh packages
+        package:
+          name:
+            - make
+            - gcc
+            - automake
+            - autoconf
+            - libtool
+            - tar
+          state: present
+
+      - name: Explicitly installing npm for Debian hosts
+        package:
+          name: npm
+          state: present
+        when:
+          - ansible_distribution == "Debian"
+
+      - name: Ensure Git is present in the host
+        package:
+          name: git
+          state: present
+
+      - name: Remove old repository folder
+        file:
+          path: /tmp/wazuh-api
+          state: absent
+
+      - name: Download the Wazuh API repository
+        git:
+          repo: 'https://github.com/wazuh/wazuh-api.git'
+          version: "{{ wazuh_api_sources_installation.branch }}"
+          dest: /tmp/wazuh-api
+
+      - name: Configure Wazuh API installation
+        template:
+          src: "templates/preloaded_vars_api.conf.j2"
+          dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf"
+          owner: root
+          group: root
+          mode: '644'
+
+      - name: Execute Wazuh API installation script
+        shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt
+        register: install_api
+        changed_when: install_api.rc == 0
+        args:
+          chdir: "/tmp/wazuh-api"
+        notify:
+          - restart wazuh-api
+    when:
+      - not wazuh_api.stat.exists
+      - wazuh_api_sources_installation.enabled
+    tags:
+      - api

roles/wazuh/ansible-wazuh-manager/tasks/main.yml

@@ -16,7 +16,7 @@
   block:
     - name: Download NodeJS repository script
       get_url:
-        url: "https://{{ nodejs['repo_dic'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}"
+        url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}"
         dest: /etc/nodejs.sh
         mode: '0775'
       changed_when: false
@@ -56,7 +56,7 @@
     chdir: /var/ossec/etc/
   tags:
     - config
-  when: not wazuh_manager_config.authd.ssl_agent_ca is not none
+  when: wazuh_manager_config.authd.ssl_agent_ca is not none
 
 - name: Copy CA, SSL key and cert for authd
   copy:
@@ -382,7 +382,11 @@
     - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6
 
 - include_tasks: "RMRedHat.yml"
-  when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon"
+  when:
+    - ansible_os_family == "RedHat" or ansible_os_family == "Amazon"
+    - not wazuh_manager_sources_installation.enabled
 
 - include_tasks: "RMDebian.yml"
-  when: ansible_os_family == "Debian"
+  when:
+    - ansible_os_family == "Debian"
+    - not wazuh_manager_sources_installation.enabled

roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2

@@ -0,0 +1,7 @@
+{% for key, value in wazuh_api_sources_installation.items() %}
+{% if "enabled" not in key and "branch" not in key %}
+{% if value is defined and value is not none %}
+{{ key|upper }}="{{ value }}"
+{% endif %}
+{% endif %}
+{% endfor %}

roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2

@@ -0,0 +1,7 @@
+{% for key, value in wazuh_manager_sources_installation.items() %}
+{% if "user_" in key %}
+{% if value is defined and value is not none %}
+{{ key|upper }}="{{ value }}"
+{% endif %}
+{% endif %}
+{% endfor %}