afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1062 from wazuh/change/1051-wazuh-manager-install-from-sources-fails-due-to-the-gcc-version-tomaster

Browse Source 
Removed build from source from wazuh-ansible repo
This commit is contained in:
Gonzalo Acuña 2023-10-09 13:25:25 -03:00 committed by GitHub
commit 749421c45b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 2 additions and 341 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/elastic-stack/ansible-kibana/defaults/main.yml
View File

@ -45,9 +45,5 @@ nodejs:
redhat: "rpm" redhat: "rpm"
repo_url_ext: "nodesource.com/setup_10.x" repo_url_ext: "nodesource.com/setup_10.x"
# Build from sources
build_from_sources: false
wazuh_plugin_branch: 4.1-7.10
#Nodejs NODE_OPTIONS #Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

3
roles/opendistro/opendistro-kibana/defaults/main.yml
View File

@ -52,9 +52,6 @@ nodejs:
redhat: "rpm" redhat: "rpm"
repo_url_ext: "nodesource.com/setup_10.x" repo_url_ext: "nodesource.com/setup_10.x"
# Build from sources
build_from_sources: false
wazuh_plugin_branch: 4.1-7.10
#Nodejs NODE_OPTIONS #Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

24
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -7,30 +7,6 @@ wazuh_custom_packages_installation_agent_enabled: false
wazuh_custom_packages_installation_agent_deb_url: "" wazuh_custom_packages_installation_agent_deb_url: ""
wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_custom_packages_installation_agent_rpm_url: ""
# Sources installation
wazuh_agent_sources_installation:
enabled: false
branch: "v4.8.0"
user_language: "y"
user_no_stop: "y"
user_install_type: "agent"
user_dir: "/var/ossec"
user_delete_dir: "y"
user_enable_active_response: "y"
user_enable_syscheck: "y"
user_enable_rootcheck: "y"
user_enable_openscap: "n"
user_enable_sca: "y"
user_enable_authd: "y"
user_generate_authd_cert: "n"
user_update: "y"
user_binaryinstall: null
user_agent_server_ip: "YOUR_MANAGER_IP"
user_agent_server_name: null
user_agent_config_profile: null
user_ca_store: "{{ wazuh_dir }}/wpk_root.pem"
wazuh_agent_yum_lock_timeout: 30 wazuh_agent_yum_lock_timeout: 30
# We recommend the use of ansible-vault to protect Wazuh, api, agentless and authd credentials. # We recommend the use of ansible-vault to protect Wazuh, api, agentless and authd credentials.

3
roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
View File

@ -30,7 +30,6 @@
when: when:
- ansible_distribution == "Ubuntu" - ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14 - ansible_distribution_major_version | int == 14
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
- name: Debian/Ubuntu | Installing Wazuh repository key - name: Debian/Ubuntu | Installing Wazuh repository key
@ -39,7 +38,6 @@
id: "{{ wazuh_agent_config.repo.key_id }}" id: "{{ wazuh_agent_config.repo.key_id }}"
when: when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
- name: Debian/Ubuntu | Add Wazuh repositories - name: Debian/Ubuntu | Add Wazuh repositories
@ -49,7 +47,6 @@
state: present state: present
update_cache: true update_cache: true
when: when:
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
- name: Debian/Ubuntu | Set Distribution CIS filename for debian - name: Debian/Ubuntu | Set Distribution CIS filename for debian

8
roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
View File

@ -5,10 +5,6 @@
- include_tasks: "Debian.yml" - include_tasks: "Debian.yml"
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- include_tasks: "installation_from_sources.yml"
when:
- wazuh_agent_sources_installation.enabled
- include_tasks: "installation_from_custom_packages.yml" - include_tasks: "installation_from_custom_packages.yml"
when: when:
- wazuh_custom_packages_installation_agent_enabled - wazuh_custom_packages_installation_agent_enabled
@ -20,7 +16,6 @@
lock_timeout: '{{ wazuh_agent_yum_lock_timeout }}' lock_timeout: '{{ wazuh_agent_yum_lock_timeout }}'
when: when:
- ansible_os_family|lower == "redhat" - ansible_os_family|lower == "redhat"
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
tags: tags:
- init - init
@ -32,7 +27,6 @@
cache_valid_time: 3600 cache_valid_time: 3600
when: when:
- ansible_os_family|lower != "redhat" - ansible_os_family|lower != "redhat"
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
- not ansible_check_mode - not ansible_check_mode
tags: tags:
@ -271,9 +265,7 @@
- include_tasks: "RMRedHat.yml" - include_tasks: "RMRedHat.yml"
when: when:
- ansible_os_family == "RedHat" - ansible_os_family == "RedHat"
- not wazuh_agent_sources_installation.enabled
- include_tasks: "RMDebian.yml" - include_tasks: "RMDebian.yml"
when: when:
- ansible_os_family == "Debian" - ansible_os_family == "Debian"
- not wazuh_agent_sources_installation.enabled

2
roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
View File

@ -10,7 +10,6 @@
when: when:
- (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
- (ansible_distribution_major_version|int <= 5) - (ansible_distribution_major_version|int <= 5)
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
register: repo_v5_installed register: repo_v5_installed
@ -24,7 +23,6 @@
changed_when: false changed_when: false
when: when:
- repo_v5_installed is skipped - repo_v5_installed is skipped
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
- name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 - name: RedHat/CentOS/Fedora | Install OpenJDK 1.8

100
roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml
View File

@ -1,100 +0,0 @@
---
- name: Install dependencies to build Wazuh packages
package:
name:
- make
- gcc
- automake
- autoconf
- libtool
- tar
state: present
- name: Removing old files
file:
path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
state: absent
- name: Removing old folders
file:
path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
state: absent
- name: Installing policycoreutils-python (RedHat families)
package:
name:
- policycoreutils-python
when:
- ansible_os_family|lower == "redhat"
- name: Installing policycoreutils-python-utils (Debian families)
package:
name:
- libc6-dev
- curl
- policycoreutils
when:
- ansible_os_family|lower == "debian"
- name: Download required packages from github.com/wazuh/wazuh
get_url:
url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
dest: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
delegate_to: "{{ inventory_hostname }}"
changed_when: false
- name: Create folder to extract Wazuh branch
file:
path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
mode: 0755
state: directory
changed_when: false
- name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip
command: >-
tar -xzvf /tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz
--strip 1
--directory /tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}
register: wazuh_untar
changed_when: false
args:
warn: false
- name: Clean remaining files from others builds
command: "make -C src {{ item }}"
args:
chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/src/"
with_items:
- "clean"
- "clean-deps"
register: clean_result
changed_when: clean_result.rc == 0
failed_when: false
- name: Render the "preloaded-vars.conf" file
template:
src: "templates/preloaded_vars_agent.conf.j2"
dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf"
owner: root
group: root
mode: 0644
changed_when: false
- name: Executing "install.sh" script to build and install the Wazuh Agent
shell: ./install.sh > /tmp/build_agent_log.txt
register: installation_result
changed_when: installation_result == 0
args:
chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
- name: Cleanup downloaded files
file:
path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
state: absent
changed_when: false
- name: Cleanup created folders
file:
path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
state: absent
changed_when: false

7
roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2
View File

@ -1,7 +0,0 @@
{% for key, value in wazuh_agent_sources_installation.items() %}
{% if "user_" in key %}
{% if value is defined and value is not none %}
{{ key|upper }}="{{ value }}"
{% endif %}
{% endif %}
{% endfor %}

26
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -9,32 +9,6 @@ wazuh_custom_packages_installation_manager_enabled: false
wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
# Sources installation
wazuh_manager_sources_installation:
enabled: false
branch: "v4.8.0"
user_language: "en"
user_no_stop: "y"
user_install_type: "server"
user_dir: "/var/ossec"
user_delete_dir: null
user_enable_active_response: null
user_enable_syscheck: "y"
user_enable_rootcheck: "y"
user_enable_openscap: "n"
user_enable_authd: "y"
user_generate_authd_cert: null
user_update: "y"
user_binaryinstall: null
user_enable_email: "n"
user_auto_start: "y"
user_email_address: null
user_email_smpt: null
user_enable_syslog: "n"
user_white_list: "n"
user_ca_store: null
threads: "2"
wazuh_dir: "/var/ossec" wazuh_dir: "/var/ossec"
########################################## ##########################################

4
roles/wazuh/ansible-wazuh-manager/files/create_user.py
View File

@ -13,7 +13,7 @@ SPECIAL_CHARS = "@$!%*?&-_"
try: try:
from wazuh.rbac.orm import create_rbac_db from wazuh.rbac.orm import check_database_integrity
from wazuh.security import ( from wazuh.security import (
create_user, create_user,
get_users, get_users,
@ -69,7 +69,7 @@ if __name__ == "__main__":
username, password = read_user_file() username, password = read_user_file()
# create RBAC database # create RBAC database
create_rbac_db() check_database_integrity()
initial_users = db_users() initial_users = db_users()
if username not in initial_users: if username not in initial_users:

14
roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
View File

@ -24,7 +24,6 @@
when: when:
- ansible_distribution == "Ubuntu" - ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14 - ansible_distribution_major_version | int == 14
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
- name: Debian/Ubuntu | Installing Wazuh repository key - name: Debian/Ubuntu | Installing Wazuh repository key
@ -33,7 +32,6 @@
id: "{{ wazuh_manager_config.repo.key_id }}" id: "{{ wazuh_manager_config.repo.key_id }}"
when: when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
- name: Debian/Ubuntu | Add Wazuh repositories - name: Debian/Ubuntu | Add Wazuh repositories
@ -44,7 +42,6 @@
update_cache: true update_cache: true
changed_when: false changed_when: false
when: when:
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
@ -98,12 +95,6 @@
tags: tags:
- config - config
- name: Install dependencies to build from sources
apt:
name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'libssl-dev', 'g++']
state: present
when: wazuh_manager_sources_installation.enabled
- name: Debian/Ubuntu | Install wazuh-manager - name: Debian/Ubuntu | Install wazuh-manager
apt: apt:
name: name:
@ -111,13 +102,8 @@
state: present state: present
tags: init tags: init
when: when:
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
- include_tasks: "installation_from_sources.yml"
when:
- wazuh_manager_sources_installation.enabled
- include_tasks: "installation_from_custom_packages.yml" - include_tasks: "installation_from_custom_packages.yml"
when: when:
- wazuh_custom_packages_installation_manager_enabled - wazuh_custom_packages_installation_manager_enabled

13
roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
View File

@ -10,7 +10,6 @@
when: when:
- (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
- (ansible_distribution_major_version|int <= 5) - (ansible_distribution_major_version|int <= 5)
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
register: repo_v5_manager_installed register: repo_v5_manager_installed
@ -24,7 +23,6 @@
changed_when: false changed_when: false
when: when:
- repo_v5_manager_installed is skipped - repo_v5_manager_installed is skipped
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
- name: RedHat/CentOS/Fedora | Install openscap - name: RedHat/CentOS/Fedora | Install openscap
@ -93,12 +91,6 @@
when: when:
- ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
- name: Install dependencies to build from sources
yum:
name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'openssl-devel', 'gcc-c++']
state: present
when: wazuh_manager_sources_installation.enabled
- name: CentOS/RedHat/Amazon | Install wazuh-manager - name: CentOS/RedHat/Amazon | Install wazuh-manager
package: package:
name: "wazuh-manager-{{ wazuh_manager_version }}" name: "wazuh-manager-{{ wazuh_manager_version }}"
@ -107,15 +99,10 @@
until: wazuh_manager_main_packages_installed is succeeded until: wazuh_manager_main_packages_installed is succeeded
when: when:
- ansible_os_family|lower == "redhat" - ansible_os_family|lower == "redhat"
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
tags: tags:
- init - init
- include_tasks: "../tasks/installation_from_sources.yml"
when:
- wazuh_manager_sources_installation.enabled
- include_tasks: "../tasks/installation_from_custom_packages.yml" - include_tasks: "../tasks/installation_from_custom_packages.yml"
when: when:
- wazuh_custom_packages_installation_manager_enabled - wazuh_custom_packages_installation_manager_enabled

125
roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
View File

@ -1,125 +0,0 @@
---
# Wazuh Manager
- name: Check if Wazuh Manager is already installed
stat:
path: "{{ wazuh_dir }}/bin/wazuh-control"
register: wazuh_control_path
- name: Installing Wazuh Manager from sources
block:
- name: Install dependencies to build Wazuh packages
package:
name:
- make
- gcc
- automake
- autoconf
- libtool
- tar
state: present
- name: Install CMake
include_tasks: install_cmake.yml
- name: Removing old files
file:
path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
state: absent
- name: Removing old folders
file:
path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
state: absent
- name: Installing policycoreutils-python (RedHat families)
package:
name:
- policycoreutils-python
when:
- ansible_os_family|lower == "redhat"
- name: Installing policycoreutils-python-utils (Debian families)
package:
name:
- libc6-dev
- curl
- policycoreutils
when:
- ansible_os_family|lower == "debian"
- name: Remove old repository folder
file:
path: /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}
state: absent
- name: Download required packages from github.com/wazuh/wazuh
get_url:
url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
delegate_to: "{{ inventory_hostname }}"
- name: Create folder to extract Wazuh branch
file:
path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
owner: root
group: root
mode: 0644
state: directory
# When downloading "v3.11.0" extracted folder name is 3.11.0.
# Explicitly creating the folder with proper naming and striping first level in .tar.gz file
- name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip
command: >-
tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz
--strip 1
--directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}
register: wazuh_untar
changed_when: wazuh_untar.rc ==0
args:
warn: false
- name: Clean remaining files from others builds
command: "make -C src {{ item }}"
args:
chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/"
with_items:
- "clean"
- "clean-deps"
register: clean_result
changed_when: clean_result.rc == 0
failed_when: false
- name: Render the "preloaded-vars.conf" file
template:
src: "templates/preloaded_vars_manager.conf.j2"
dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf"
owner: root
group: root
mode: 0644
- name: Executing "install.sh" script to build and install the Wazuh Manager
shell: ./install.sh > /tmp/build_wazuh_manager_log.txt
register: installation_result
changed_when: installation_result == 0
args:
chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
environment:
PATH: /usr/local/bin:{{ ansible_env.PATH }}
- name: Cleanup downloaded files
file:
path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
state: absent
- name: Cleanup created folders
file:
path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
state: absent
when:
- not wazuh_control_path.stat.exists
- wazuh_manager_sources_installation.enabled
tags:
- manager

1
roles/wazuh/ansible-wazuh-manager/tasks/main.yml
View File

@ -336,4 +336,3 @@
- name: Run uninstall tasks - name: Run uninstall tasks
include_tasks: uninstall.yml include_tasks: uninstall.yml
when: not wazuh_manager_sources_installation.enabled

7
roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2
View File

@ -1,7 +0,0 @@
{% for key, value in wazuh_manager_sources_installation.items() %}
{% if "user_" in key %}
{% if value is defined and value is not none %}
{{ key|upper }}="{{ value }}"
{% endif %}
{% endif %}
{% endfor %}

1
roles/wazuh/wazuh-dashboard/tasks/RedHat.yml
View File

@ -3,7 +3,6 @@
- name: RedHat/CentOS/Fedora | Add Wazuh dashboard repo - name: RedHat/CentOS/Fedora | Add Wazuh dashboard repo
yum_repository: yum_repository:
file: wazuh
name: wazuh_repo name: wazuh_repo
description: Wazuh yum repository description: Wazuh yum repository
baseurl: "{{ wazuh_repo.yum }}" baseurl: "{{ wazuh_repo.yum }}"

1
roles/wazuh/wazuh-indexer/tasks/RedHat.yml
View File

@ -3,7 +3,6 @@
- name: RedHat/CentOS/Fedora | Add Wazuh indexer repo - name: RedHat/CentOS/Fedora | Add Wazuh indexer repo
yum_repository: yum_repository:
file: wazuh
name: wazuh_repo name: wazuh_repo
description: Wazuh yum repository description: Wazuh yum repository
baseurl: "{{ wazuh_repo.yum }}" baseurl: "{{ wazuh_repo.yum }}"