From 3fe48ea7fd5cd4ba49858e648f0f36a8e4ecd343 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 09:45:23 +0100 Subject: [PATCH 01/18] Remove conditioinal from task that checks NodeJS --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index c1d91434..8ef1c2cb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -11,8 +11,6 @@ stat: path: /usr/bin/node register: node_service_status - when: - - wazuh_manager_config.cluster.node_type == "master" - name: Install NodeJS repository block: From 58f0484cdaa6c3e10bba2117b6a44552d5b94e3b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 09:47:27 +0100 Subject: [PATCH 02/18] Bump Windows Agent version --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 186cac9d..c7014e2a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -61,7 +61,7 @@ wazuh_winagent_config: # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe md5: 87ce22038688efb44d95f9daff472056 -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: repo: From ab0a6aaaf39493a556791ce5399b40591995479a Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 14:08:12 +0100 Subject: [PATCH 03/18] Remove Windows MD5 verification --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 - roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 9 --------- 2 files changed, 10 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index c7014e2a..fbb278eb 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,7 +60,6 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - md5: 87ce22038688efb44d95f9daff472056 wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index dc9b8fe0..0b844d0a 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -30,15 +30,6 @@ when: - not wazuh_package_downloaded.stat.exists -- name: Windows | Verify the Wazuh Agent installer - win_stat: - path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" - get_checksum: true - checksum_algorithm: md5 - register: wazuh_agent_status - failed_when: - - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 - - name: Windows | Install Agent if not already installed win_package: path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" From 91948198a093ad10c0f2b208877f44c8034e853b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 14:56:32 +0100 Subject: [PATCH 04/18] Revert "Merge pull request #381 from wazuh/remove_windows_md5_check" This reverts commit 4cc3e077a01750a8386fd486dc7a72dd790a01c2, reversing changes made to 52a81af988a00abd60483f1ccacab34ddd2c9b76. --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index fbb278eb..c7014e2a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,6 +60,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe + md5: 87ce22038688efb44d95f9daff472056 wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 0b844d0a..dc9b8fe0 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -30,6 +30,15 @@ when: - not wazuh_package_downloaded.stat.exists +- name: Windows | Verify the Wazuh Agent installer + win_stat: + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" + get_checksum: true + checksum_algorithm: md5 + register: wazuh_agent_status + failed_when: + - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 + - name: Windows | Install Agent if not already installed win_package: path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" From 3b166ea617801ea54658af109f03184d13b01d63 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 15:07:21 +0100 Subject: [PATCH 05/18] Add flag to enable/disable Windows MD5 check --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index c7014e2a..039e5960 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,6 +60,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe + check_md5: True md5: 87ce22038688efb44d95f9daff472056 wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index dc9b8fe0..461249e9 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -38,6 +38,8 @@ register: wazuh_agent_status failed_when: - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 + when: + - wazuh_winagent_config.check_md5 - name: Windows | Install Agent if not already installed win_package: From 163c89dbabcb822d18d58a7d4ddae65c16587dd6 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 10 Mar 2020 15:23:35 +0100 Subject: [PATCH 06/18] Adding nodejs recommended node_options and plugin optimization --- .../ansible-kibana/defaults/main.yml | 5 ++++- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 4 +--- .../elastic-stack/ansible-kibana/tasks/main.yml | 17 ++++++++++++++--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index cd25eec2..dcc2bf8a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,8 +43,11 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_8.x" # Build from sources build_from_sources: false wazuh_plugin_branch: 3.11-7.6 + +#Nodejs NODE_OPTIONS +node_options: --max-old-space-size=4096 \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 37cfd7dc..5fb74823 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,9 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}" - environment: - NODE_OPTIONS: "--max-old-space-size=3072" + shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index c0d663cc..72f229ae 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -62,6 +62,12 @@ - kibana_xpack_security tags: xpack-security +- name: Node configuration + replace: + path: /usr/share/kibana/bin/kibana + regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' + replace: 'NODE_OPTIONS="--no-warnings {{node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" @@ -119,9 +125,7 @@ - name: Install Wazuh Plugin (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" - environment: - NODE_OPTIONS: "--max-old-space-size=3072" + shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json @@ -135,6 +139,13 @@ when: - not build_from_sources +- name: Kibana optimization (can take a while) + shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana --optimize --allow-root' + args: + executable: /bin/bash + become: yes + become_user: kibana + - name: Wait for Elasticsearch port wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} From cfd2de0610c40f9c99d27f313ebbcb1ecfa34dc1 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 15:59:48 +0100 Subject: [PATCH 07/18] node_options scope improvements --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 3 ++- roles/elastic-stack/ansible-kibana/tasks/main.yml | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index dcc2bf8a..a237607a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,4 +50,5 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -node_options: --max-old-space-size=4096 \ No newline at end of file +# kibana_script_node_options: --max-old-space-size=4096 +node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 72f229ae..163605cc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -62,11 +62,12 @@ - kibana_xpack_security tags: xpack-security -- name: Node configuration +- name: Kibana script additional configuration for node replace: path: /usr/share/kibana/bin/kibana regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' - replace: 'NODE_OPTIONS="--no-warnings {{node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + replace: 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + when: kibana_script_node_options is defined - name: Ensuring certificates folder owner file: From a4465eb82fd9c87778712c035330a977558bbf46 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 16:27:44 +0100 Subject: [PATCH 08/18] node options variable improvements --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index a237607a..f62e114a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,5 +50,5 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -# kibana_script_node_options: --max-old-space-size=4096 +kibana_script_node_options: "--max-old-space-size=4096" node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 163605cc..8fad346a 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -67,7 +67,7 @@ path: /usr/share/kibana/bin/kibana regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' replace: 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' - when: kibana_script_node_options is defined + when: kibana_script_node_options != "" - name: Ensuring certificates folder owner file: From 9dc91b88775e901c91f34b3ea591431b78e4c683 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 17:55:28 +0100 Subject: [PATCH 09/18] Adding lint fixes --- .../ansible-kibana/defaults/main.yml | 2 +- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- .../elastic-stack/ansible-kibana/tasks/main.yml | 17 ++++++++++++----- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index f62e114a..79078f7b 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,5 +50,5 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -kibana_script_node_options: "--max-old-space-size=4096" +kibana_script_node_options: "" node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 5fb74823..e2b0bb50 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' + shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 8fad346a..e6c7f52d 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -65,9 +65,14 @@ - name: Kibana script additional configuration for node replace: path: /usr/share/kibana/bin/kibana - regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' - replace: 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' - when: kibana_script_node_options != "" + regexp: >- + 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" + NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' + replace: >- + 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" + NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + when: kibana_script_node_options | length > 0 + - name: Ensuring certificates folder owner file: @@ -126,7 +131,9 @@ - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' + shell: >- + 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} + -{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json @@ -141,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana --optimize --allow-root' + shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana --optimize' args: executable: /bin/bash become: yes From efd55e5a5b0717f1957f10ed811a06bd233c1383 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 18:11:00 +0100 Subject: [PATCH 10/18] Minor linting fix --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index e6c7f52d..7c78baa6 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -153,6 +153,8 @@ executable: /bin/bash become: yes become_user: kibana + tags: + - skip_ansible_lint - name: Wait for Elasticsearch port wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} From 83aa5de3ef9e3df80d582f1a4ad313b6ec5c0469 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 11 Mar 2020 18:21:25 +0100 Subject: [PATCH 11/18] Bump NodeJS version to 10.x --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index cd25eec2..692b85ad 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,7 +43,7 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_10.x" # Build from sources build_from_sources: false From c0670f02afd26e1314f9287b1604024d786a3599 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 09:06:18 +0100 Subject: [PATCH 12/18] Lint fixes --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index e2b0bb50..141438af 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' + shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 7c78baa6..2241c900 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -69,7 +69,7 @@ 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' replace: >- - 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" + 'NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' when: kibana_script_node_options | length > 0 @@ -132,7 +132,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- - 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} + 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} -{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash @@ -148,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana --optimize' + shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize' args: executable: /bin/bash become: yes From b4bd4b334cea2262b5413344d5839a2146e8d530 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 10:47:28 +0100 Subject: [PATCH 13/18] multiline wrap with whitespace in a correct column --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 2241c900..53571026 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -132,8 +132,8 @@ - name: Install Wazuh Plugin (can take a while) shell: >- - 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} - -{{ wazuh_version }}_{{ elastic_stack_version }}.zip' + 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json From 3d2cce76fa7ee8a972f4f6ef86bed4982744bc73 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 11:50:02 +0100 Subject: [PATCH 14/18] multiline wrapping fix --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 53571026..118945ae 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -131,9 +131,8 @@ - name: Install Wazuh Plugin (can take a while) - shell: >- - 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install - {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' + shell: "NODE_OPTIONS=\" {{ node_options }} \" /usr/share/kibana/bin/kibana-plugin \ + install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json From dab2f69b68dc7246c0a0356395d7c6354b962a64 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 15:02:28 +0100 Subject: [PATCH 15/18] removing single quotes --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 15 ++++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 141438af..cd22f42e 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' + shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 118945ae..8c8ed588 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -66,11 +66,11 @@ replace: path: /usr/share/kibana/bin/kibana regexp: >- - 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" - NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' + NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" + NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\} replace: >- - 'NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" - NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" + NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@} when: kibana_script_node_options | length > 0 @@ -131,8 +131,9 @@ - name: Install Wazuh Plugin (can take a while) - shell: "NODE_OPTIONS=\" {{ node_options }} \" /usr/share/kibana/bin/kibana-plugin \ - install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: >- + NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json @@ -147,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize' + shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize args: executable: /bin/bash become: yes From b9a8dfff8abcbe123f9baa125f498b6a18d5457e Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 09:29:54 +0100 Subject: [PATCH 16/18] fix to pass the indempotence test --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 8c8ed588..1900777b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -153,6 +153,7 @@ executable: /bin/bash become: yes become_user: kibana + changed_when: false tags: - skip_ansible_lint From 84b5510e3010f88da3863a53d416c789786fbded Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 12:11:07 +0100 Subject: [PATCH 17/18] Removing whitespaces surrounding node_options var --- .../elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index cd22f42e..a674a95f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} + shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 1900777b..dc7c3696 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -132,7 +132,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- - NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install + NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip args: executable: /bin/bash @@ -148,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize + shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana --optimize args: executable: /bin/bash become: yes From f4b70ab1c643b60b71236802ed04d143b76ea1ca Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 12:27:18 +0100 Subject: [PATCH 18/18] removing kibana script extra node options --- .../elastic-stack/ansible-kibana/defaults/main.yml | 1 - roles/elastic-stack/ansible-kibana/tasks/main.yml | 13 ------------- 2 files changed, 14 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index da865a38..e930eae7 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,5 +50,4 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -kibana_script_node_options: "" node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index dc7c3696..b43b3755 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -62,18 +62,6 @@ - kibana_xpack_security tags: xpack-security -- name: Kibana script additional configuration for node - replace: - path: /usr/share/kibana/bin/kibana - regexp: >- - NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" - NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\} - replace: >- - NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" - NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@} - when: kibana_script_node_options | length > 0 - - - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" @@ -129,7 +117,6 @@ - build_from_sources is defined - build_from_sources - - name: Install Wazuh Plugin (can take a while) shell: >- NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install