From 82693e34f1e1475fdb9213d92c33fedd580b8b8f Mon Sep 17 00:00:00 2001
From: joschneid <jott.ess@web.de>
Date: Thu, 24 Jan 2019 08:42:57 +0100
Subject: [PATCH] debian repo keys with pgp keyserver

---
 .../elastic-stack/ansible-elasticsearch/defaults/main.yml | 1 +
 .../elastic-stack/ansible-elasticsearch/tasks/Debian.yml  | 4 ++--
 roles/elastic-stack/ansible-kibana/defaults/main.yml      | 2 +-
 roles/elastic-stack/ansible-kibana/tasks/Debian.yml       | 4 ++--
 roles/elastic-stack/ansible-logstash/defaults/main.yml    | 2 ++
 roles/elastic-stack/ansible-logstash/tasks/Debian.yml     | 4 ++--
 roles/wazuh/ansible-filebeat/defaults/main.yml            | 2 ++
 roles/wazuh/ansible-filebeat/tasks/Debian.yml             | 4 ++--
 roles/wazuh/ansible-wazuh-agent/defaults/main.yml         | 2 ++
 roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml          | 6 ++++--
 roles/wazuh/ansible-wazuh-manager/defaults/main.yml       | 3 +++
 roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml        | 8 ++++++--
 12 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
index 677517a9..078fcca1 100644
--- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
@@ -8,3 +8,4 @@ elastic_stack_version: 6.5.4
 elasticsearch_shards: 5
 elasticsearch_replicas: 1
 elasticsearch_install_java: yes
+elasticrepo_gpg_keyserver: pgp.mit.edu
diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
index ae4e717f..cb6156d1 100644
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
@@ -32,8 +32,8 @@
 
 - name: Debian/Ubuntu | Add Elasticsearch GPG key.
   apt_key:
-    url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
-    state: present
+    keyserver: "{{ elasticrepo_gpg_keyserver }}"
+    id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
 
 - name: Debian/Ubuntu | Install Elastic repo
   apt_repository:
diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml
index e4a61c07..54165327 100644
--- a/roles/elastic-stack/ansible-kibana/defaults/main.yml
+++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml
@@ -5,4 +5,4 @@ kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
 elastic_stack_version: 6.5.4
 wazuh_version: 3.8.0
-
+elasticrepo_gpg_keyserver: pgp.mit.edu
diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml
index 9cb809d2..6e3f1f16 100644
--- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml
@@ -10,8 +10,8 @@
 
 - name: Debian/Ubuntu | Add Elasticsearch GPG key
   apt_key:
-    url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
-    state: present
+    keyserver: "{{ elasticrepo_gpg_keyserver }}"
+    id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
 
 - name: Debian/Ubuntu | Install Elastic repo
   apt_repository:
diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml
index 955fcf6f..51a3e9ad 100644
--- a/roles/elastic-stack/ansible-logstash/defaults/main.yml
+++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml
@@ -17,3 +17,5 @@ logstash_ssl_certificate_file: ""
 logstash_ssl_key_file: ""
 
 logstash_install_java: yes
+
+elasticrepo_gpg_keyserver: pgp.mit.edu
diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml
index 628fd8e4..1e9fceb4 100644
--- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml
+++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml
@@ -31,8 +31,8 @@
 
 - name: Debian/Ubuntu | Add Elasticsearch GPG key
   apt_key:
-    url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
-    state: present
+    keyserver: "{{ elasticrepo_gpg_keyserver }}"
+    id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
 
 - name: Debian/Ubuntu | Install Elasticsearch repo
   apt_repository:
diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml
index 0f9b5c5a..e7ebe216 100644
--- a/roles/wazuh/ansible-filebeat/defaults/main.yml
+++ b/roles/wazuh/ansible-filebeat/defaults/main.yml
@@ -27,3 +27,5 @@ filebeat_ssl_dir: /etc/pki/logstash
 filebeat_ssl_certificate_file: ""
 filebeat_ssl_key_file: ""
 filebeat_ssl_insecure: "false"
+
+elasticrepo_gpg_keyserver: pgp.mit.edu
diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml
index 45494c26..afa76227 100644
--- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml
@@ -10,8 +10,8 @@
 
 - name: Debian/Ubuntu | Add Elasticsearch apt key.
   apt_key:
-    url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
-    state: present
+    keyserver: "{{ elasticrepo_gpg_keyserver }}"
+    id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
 
 - name: Debian/Ubuntu | Add Filebeat repository.
   apt_repository:
diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 52521a7d..7e20b6ce 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -305,3 +305,5 @@ wazuh_agent_config:
     list:
       - key: Env
         value: Production
+
+wauzhrepo_gpg_keyserver: pgp.mit.edu
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
index d8affe84..bbd6f8fe 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
@@ -8,8 +8,10 @@
     - apt-transport-https
     - ca-certificates
 
-- name: Debian/Ubuntu | Installing repository key
-  apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+- name: Debian/Ubuntu | Installing Wazuh repository key
+  apt_key:
+    keyserver: "{{ wauzhrepo_gpg_keyserver }}"
+    id: 0DCFCA5547B19D2A6099506096B3EE5F29111145
 
 - name: Debian/Ubuntu | Add Wazuh repositories
   apt_repository:
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index b9817a3a..9d69fe0d 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -329,3 +329,6 @@ wazuh_agent_configs:
         format: 'eventchannel'
       - location: 'System'
         format: 'eventlog'
+
+wauzhrepo_gpg_keyserver: pgp.mit.edu
+nodejsrepo_gpg_keyserver: pgp.mit.edu
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
index f2885345..539ad4e1 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@@ -9,7 +9,9 @@
     - ca-certificates
 
 - name: Debian/Ubuntu | Installing Wazuh repository key
-  apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  apt_key:
+    keyserver: "{{ wauzhrepo_gpg_keyserver }}"
+    id: 0DCFCA5547B19D2A6099506096B3EE5F29111145
 
 - name: Debian/Ubuntu | Add Wazuh repositories
   apt_repository:
@@ -18,7 +20,9 @@
     update_cache: yes
 
 - name: Debian/Ubuntu | Installing NodeJS repository key
-  apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key
+  apt_key:
+    keyserver: "{{ nodejsrepo_gpg_keyserver }}"
+    id: 9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280
 
 - name: Debian/Ubuntu | Add NodeSource repositories for Node.js
   apt_repository: