Remove OpenJDK install from Indexer role

2022-04-26 17:09:58 -03:00 · 2022-04-26 17:09:58 -03:00 · 5dc31f4731
commit 5dc31f4731
parent 60b891084e
4 changed files with 9 additions and 43 deletions
--- a/roles/wazuh/wazuh-indexer/defaults/main.yml
+++ b/roles/wazuh/wazuh-indexer/defaults/main.yml
@ -26,12 +26,6 @@ minimum_master_nodes: 2
 # Example es1.example.com, es2.example.com
 domain_name: wazuh.com
 # The Wazuh indexer package repository
 package_repos:
  apt:
    openjdk:
      baseurl: 'deb http://deb.debian.org/debian stretch-backports main'
 indexer_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig
 indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools
 indexer_conf_path: /etc/wazuh-indexer/
@ -46,11 +40,6 @@ indexer_jvm_xms: null
 indexer_http_port: 9200
 certs_gen_tool_version: 4.3
 # Url of certificates generator tool
 certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
 indexer_admin_password: changeme
 dashboard_password: changeme
--- a/roles/wazuh/wazuh-indexer/tasks/Debian.yml
+++ b/roles/wazuh/wazuh-indexer/tasks/Debian.yml
@ -16,30 +16,11 @@
        ]
        state: present
    - name: Add the repository key for Debian's Stretch Backports repository
      ansible.builtin.apt_key:
        keyserver: keyserver.ubuntu.com
        id: 648ACFD622F3D138
    - name: Add openjdk repository
      apt_repository:
        repo: "{{ package_repos.apt.openjdk.baseurl }}"
        state: present
        update_cache: yes
        filename: 'wazuh-openjdk'
 - name: Install openjdk-11-jdk
  apt:
    name: openjdk-11-jdk
    state: present
  environment:
    JAVA_HOME: /usr
 - name: Add Wazuh indexer repository
  block:
    - name: Add apt repository signing key
      apt_key:
-        url: "{{ wazuh_repo.apt.gpg }}"
+        url: "{{ wazuh_repo.gpg }}"
        state: present
    - name: Add Wazuh indexer repository
--- a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml
+++ b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml
@ -11,23 +11,15 @@
      gpgcheck: true
    changed_when: false
  - name: RedHat/CentOS/Fedora | Install OpenJDK 11
    yum:
      name: java-11-openjdk-devel
      state: present
    when:
      - ansible_distribution != 'Amazon'
-  - name: Amazon Linux | Install OpenJDK 11
+
  - name: Amazon Linux | Install Amazon extras
    block:
      - name: Install Amazon extras
        yum:
          name: amazon-linux-extras
          state: present
      - name: Install OpenJDK 11
        shell: amazon-linux-extras install java-openjdk11 -y
      - name: Configure vm.max_map_count
        lineinfile:
          line: "vm.max_map_count=262144"
--- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml
+++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml
@ -46,7 +46,9 @@
  run_once: true
 - name: Hashing the custom admin password
-  command: "{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }}" # noqa 301
+  shell: |
    export JAVA_HOME=/usr/share/wazuh-indexer/jdk
    {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }}
  register: indexer_admin_password_hashed
  no_log: '{{ indexer_nolog_sensible | bool }}'
  run_once: true
@ -62,7 +64,9 @@
 # this can also be achieved with password_hash, but it requires dependencies on the controller
 - name: Hash the kibanaserver role/user pasword
-  command: "{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }}" # noqa 301
+  shell: |
    export JAVA_HOME=/usr/share/wazuh-indexer/jdk
    {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }}
  register: indexer_kibanaserver_password_hashed
  no_log: '{{ indexer_nolog_sensible | bool }}'
  run_once: true