Merge pull request #753 from wazuh/4.3-unify-repo

Unify repo variables and update repo logic.

roles/wazuh/ansible-wazuh-agent/defaults/main.yml

@@ -55,17 +55,10 @@ wazuh_winagent_config:
   auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
   check_md5: True
   md5: 8ffa75d13280f1aa6ffca54f4273df4d
-wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.0-1.msi
 wazuh_winagent_package_name: wazuh-agent-4.3.0-1.msi
 
 wazuh_dir: "/var/ossec"
 
-wazuh_agent_repo:
-  apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
-  yum: 'https://packages.wazuh.com/4.x/yum/'
-  gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-  key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
-
 # This is deprecated, see: wazuh_agent_address
 wazuh_agent_nat: false
 
@@ -367,7 +360,7 @@ wazuh_agent_log_format: 'plain'
 
 # wazuh_agent_config
 wazuh_agent_config_defaults:
-  repo: '{{ wazuh_agent_repo }}'
+  repo: '{{ wazuh_repo }}'
   active_response: '{{ wazuh_agent_active_response }}'
   log_format: '{{ wazuh_agent_log_format }}'
   client_buffer: '{{ wazuh_agent_client_buffer }}'

roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml

@@ -14,7 +14,7 @@
   become: true
   shell: |
     set -o pipefail
-    curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
+    curl -s {{ wazuh_agent_config.repo.gpg }} | apt-key add -
   args:
     warn: false
     executable: /bin/bash

roles/wazuh/ansible-wazuh-agent/tasks/main.yml

@@ -1,5 +1,16 @@
 ---
 
+- name: Get latest Wazuh release
+  shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
+  register: wazuh_latest_release
+  delegate_to: localhost
+
+- include_vars: ../../vars/repo.yml
+  when: "{{ wazuh_latest_release.stdout is version(wazuh_agent_version, operator='ge') }}"
+
+- include_vars: ../../vars/repo_dev.yml
+  when: "{{ wazuh_latest_release.stdout is version(wazuh_agent_version, operator='lt') }}"
+
 - name: Overlay wazuh_agent_config on top of defaults
   set_fact:
     wazuh_agent_config: '{{ wazuh_agent_config_defaults | combine(config_layer, recursive=True) }}'

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -37,12 +37,6 @@ wazuh_manager_sources_installation:
   threads: "2"
 
 wazuh_dir: "/var/ossec"
-wazuh_manager_repo:
-  apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
-  yum: 'https://packages.wazuh.com/4.x/yum/'
-  gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-  key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
-
 
 ##########################################
 ### Wazuh-OSSEC
@@ -421,7 +415,7 @@ wazuh_manager_config_overlay: true
 
 ## Other/Wrappers
 wazuh_manager_config_defaults:
-  repo: '{{ wazuh_manager_repo }}'
+  repo: '{{ wazuh_repo }}'
   json_output: '{{ wazuh_manager_json_output }}'
   alerts_log: '{{ wazuh_manager_alerts_log }}'
   logall: '{{ wazuh_manager_logall }}'

roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml

@@ -16,7 +16,7 @@
   become: true
   shell: |
     set -o pipefail
-    curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
+    curl -s {{ wazuh_manager_config.repo.gpg }} | apt-key add -
   args:
     warn: false
     executable: /bin/bash

roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml

@@ -35,7 +35,8 @@
   until: wazuh_manager_openscp_packages_installed is succeeded
   tags:
     - init
-  when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
+  when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") and
+        not (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
 
 - name: CentOS 6 | Install Software Collections (SCL) Repository
   package: name=centos-release-scl state=present

roles/wazuh/ansible-wazuh-manager/tasks/main.yml

@@ -1,5 +1,15 @@
 ---
 
+- name: Get latest wazuh release
+  shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
+  register: wazuh_latest_release
+
+- include_vars: ../../vars/repo.yml
+  when: "{{ wazuh_latest_release.stdout is version(wazuh_manager_version, operator='ge') }}"
+
+- include_vars: ../../vars/repo_dev.yml
+  when: "{{ wazuh_latest_release.stdout is version(wazuh_manager_version, operator='lt') }}"
+
 - name: Overlay wazuh_manager_config on top of defaults
   set_fact:
     wazuh_manager_config: '{{ wazuh_manager_config_defaults | combine(config_layer, recursive=True) }}'
@@ -26,7 +36,8 @@
     name: expect
     state: "{{ wazuh_manager_package_state }}"
   when:
-    - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6)
+    - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) and
+      not (ansible_distribution|lower == "centos" and ansible_distribution_major_version|int == 8)
   tags: init
 
 - name: Generate SSL files for authd

roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml

@@ -2,7 +2,7 @@
 
 - name: Debian/Ubuntu | Remove Wazuh repository.
   apt_repository:
-    repo: deb https://packages.wazuh.com/4.x/apt {{ ansible_distribution_release }} main
+    repo: "{{ wazuh_manager_config.repo.apt }}"
     state: absent
   changed_when: false
   when: ansible_os_family == "Debian"

roles/wazuh/vars/repo.yml

@@ -0,0 +1,11 @@
+wazuh_repo:
+  apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
+  yum: 'https://packages.wazuh.com/4.x/yum/'
+  gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
+  key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
+wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.0-1.msi
+
+certs_gen_tool_version: 4.3
+
+# Url of certificates generator tool
+certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"

roles/wazuh/vars/repo_dev.yml

@@ -0,0 +1,11 @@
+wazuh_repo:
+  apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main'
+  yum: 'https://packages-dev.wazuh.com/pre-release/yum/'
+  gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
+  key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
+wazuh_winagent_config_url: https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-4.3.0-1.msi
+
+certs_gen_tool_version: 4.3
+
+# Url of certificates generator tool
+certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"

roles/wazuh/wazuh-dashboard/defaults/main.yml

@@ -15,16 +15,6 @@ indexer_cluster_nodes:
 # The Wazuh dashboard package repository
 dashboard_version: "4.3.0"
 
-package_repos:
-  yum:
-    dashboard:
-      baseurl: 'https://packages.wazuh.com/4.x/yum/'
-      gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-  apt:
-    dashboard:
-      baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
-      gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-
 # API credentials
 wazuh_api_credentials:
   - id: "default"

roles/wazuh/wazuh-dashboard/tasks/Debian.yml

@@ -4,12 +4,12 @@
   - include_vars: debian.yml
   - name: Add apt repository signing key
     apt_key:
-      url: "{{ package_repos.apt.dashboard.gpg }}"
+      url: "{{ wazuh_repo.gpg }}"
       state: present
 
   - name: Debian systems | Add Wazuh dashboard repo
     apt_repository:
-      repo: "{{ package_repos.apt.dashboard.baseurl }}"
+      repo: "{{ wazuh_repo.apt }}"
       state: present
       update_cache: yes
 

roles/wazuh/wazuh-dashboard/tasks/RedHat.yml

@@ -6,8 +6,8 @@
       file: wazuh
       name: wazuh_repo
       description: Wazuh yum repository
-      baseurl: "{{ package_repos.yum.dashboard.baseurl }}"
-      gpgkey: "{{ package_repos.yum.dashboard.gpg }}"
+      baseurl: "{{ wazuh_repo.yum }}"
+      gpgkey: "{{ wazuh_repo.gpg }}"
       gpgcheck: true
 
   - name: Install Wazuh dashboard

roles/wazuh/wazuh-dashboard/tasks/main.yml

@@ -1,4 +1,13 @@
 ---
+- name: Get latest wazuh release
+  shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
+  register: wazuh_latest_release
+
+- include_vars: ../../vars/repo.yml
+  when: "{{ wazuh_latest_release.stdout is version(dashboard_version, operator='ge') }}"
+
+- include_vars: ../../vars/repo_dev.yml
+  when: "{{ wazuh_latest_release.stdout is version(dashboard_version, operator='lt') }}"
 
 - import_tasks: RedHat.yml
   when: ansible_os_family == 'RedHat'

roles/wazuh/wazuh-indexer/defaults/main.yml

@@ -26,19 +26,6 @@ minimum_master_nodes: 2
 # Example es1.example.com, es2.example.com
 domain_name: wazuh.com
 
-# The Wazuh indexer package repository
-package_repos:
-  yum:
-    indexer:
-      baseurl: 'https://packages.wazuh.com/4.x/yum/'
-      gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-  apt:
-    indexer:
-      baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
-      gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-    openjdk:
-      baseurl: 'deb http://deb.debian.org/debian stretch-backports main'
-
 indexer_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig
 indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools
 indexer_conf_path: /etc/wazuh-indexer/
@@ -53,11 +40,6 @@ indexer_jvm_xms: null
 
 indexer_http_port: 9200
 
-certs_gen_tool_version: 4.3
-
-# Url of certificates generator tool
-certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
-
 indexer_admin_password: changeme
 dashboard_password: changeme
 

roles/wazuh/wazuh-indexer/tasks/Debian.yml

@@ -16,35 +16,16 @@
         ]
         state: present
 
-    - name: Add the repository key for Debian's Stretch Backports repository
-      ansible.builtin.apt_key:
-        keyserver: keyserver.ubuntu.com
-        id: 648ACFD622F3D138
-
-    - name: Add openjdk repository
-      apt_repository:
-        repo: "{{ package_repos.apt.openjdk.baseurl }}"
-        state: present
-        update_cache: yes
-        filename: 'wazuh-openjdk'
-
-- name: Install openjdk-11-jdk
-  apt:
-    name: openjdk-11-jdk
-    state: present
-  environment:
-    JAVA_HOME: /usr
-
 - name: Add Wazuh indexer repository
   block:
     - name: Add apt repository signing key
       apt_key:
-        url: "{{ package_repos.apt.indexer.gpg }}"
+        url: "{{ wazuh_repo.gpg }}"
         state: present
 
     - name: Add Wazuh indexer repository
       apt_repository:
-        repo: "{{ package_repos.apt.indexer.baseurl }}"
+        repo: "{{ wazuh_repo.apt }}"
         state: present
         filename: 'wazuh-indexer'
         update_cache: yes

roles/wazuh/wazuh-indexer/tasks/RedHat.yml

@@ -6,28 +6,20 @@
       file: wazuh
       name: wazuh_repo
       description: Wazuh yum repository
-      baseurl: "{{ package_repos.yum.indexer.baseurl }}"
-      gpgkey: "{{ package_repos.yum.indexer.gpg }}"
+      baseurl: "{{ wazuh_repo.yum }}"
+      gpgkey: "{{ wazuh_repo.gpg }}"
       gpgcheck: true
     changed_when: false
 
-  - name: RedHat/CentOS/Fedora | Install OpenJDK 11
-    yum:
-      name: java-11-openjdk-devel
-      state: present
-    when:
-      - ansible_distribution != 'Amazon'
 
-  - name: Amazon Linux | Install OpenJDK 11
+
+  - name: Amazon Linux | Install Amazon extras
     block:
       - name: Install Amazon extras
         yum:
           name: amazon-linux-extras
           state: present
 
-      - name: Install OpenJDK 11
-        shell: amazon-linux-extras install java-openjdk11 -y
-
       - name: Configure vm.max_map_count
         lineinfile:
           line: "vm.max_map_count=262144"

roles/wazuh/wazuh-indexer/tasks/main.yml

@@ -1,4 +1,13 @@
 ---
+- name: Get latest wazuh release
+  shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
+  register: wazuh_latest_release
+
+- include_vars: ../../vars/repo.yml
+  when: "{{ wazuh_latest_release.stdout is version(indexer_version, operator='ge') }}"
+
+- include_vars: ../../vars/repo_dev.yml
+  when: "{{ wazuh_latest_release.stdout is version(indexer_version, operator='lt') }}"
 
 - import_tasks: local_actions.yml
   when:

roles/wazuh/wazuh-indexer/tasks/security_actions.yml

@@ -46,7 +46,9 @@
   run_once: true
 
 - name: Hashing the custom admin password
-  command: "{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }}" # noqa 301
+  shell: |
+    export JAVA_HOME=/usr/share/wazuh-indexer/jdk
+    {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }}
   register: indexer_admin_password_hashed
   no_log: '{{ indexer_nolog_sensible | bool }}'
   run_once: true
@@ -62,7 +64,9 @@
 
 # this can also be achieved with password_hash, but it requires dependencies on the controller
 - name: Hash the kibanaserver role/user pasword
-  command: "{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }}" # noqa 301
+  shell: |
+    export JAVA_HOME=/usr/share/wazuh-indexer/jdk
+    {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }}
   register: indexer_kibanaserver_password_hashed
   no_log: '{{ indexer_nolog_sensible | bool }}'
   run_once: true