Added a successful installation on provided Docker containers with Molecule

molecule/default/molecule.yml

@@ -7,20 +7,31 @@ lint:
   name: yamllint
   enabled: false # fix in seperate PR
 platforms:
-  - name: bionic
+  - name: wazuh_manager_bionic
     image: ubuntu:bionic
-  - name: xenial
+    groups:
+      - wazuh_manager
+  - name: wazuh_manager_xenial
     image: ubuntu:xenial
-  - name: trusty
+    groups:
+      - wazuh_manager
+  - name: wazuh_manager_trusty
     image: ubuntu:trusty
-  - name: centos6
+    groups:
+      - wazuh_manager
+  - name: wazuh_manager_centos6
     image: centos:6
-  - name: centos7
-    image: centos:7      
+    groups:
+      - wazuh_manager
+  - name: wazuh_manager_centos7
+    image: milcom/centos7-systemd
+    privileged: True
+    groups:
+      - wazuh_manager
 provisioner:
   name: ansible
   env:
-    ANSIBLE_ROLES_PATH: $HOME/wazuh-ansible/roles
+    ANSIBLE_ROLES_PATH: ../../roles
   lint:
     name: ansible-lint
     enabled: true # fix in seperate PR

molecule/default/playbook.yml

@@ -1,9 +1,11 @@
 ---
 - name: Converge
-  hosts: all
+  hosts: wazuh_manager
   roles:
-    - {role: wazuh/ansible-wazuh-manager}
-    - {role: wazuh/ansible-filebeat} #, filebeat_output_logstash_hosts: 'your elastic stack server IP'
+    - role: wazuh/ansible-wazuh-manager
+
+
+    # - {role: wazuh/ansible-filebeat} #, filebeat_output_logstash_hosts: 'your elastic stack server IP'
     # Elasticsearch requires too much memory to test multiple containers concurrently - To Fix
     #- {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'}
     #- {role: elastic-stack/ansible-logstash, logstash_input_beats: true, elasticsearch_network_host: 'localhost'}

molecule/default/prepare.yml

@@ -1,5 +1,21 @@
 ---
 - name: Prepare
   hosts: all
-  gather_facts: false
-  tasks: []
+  gather_facts: True
+  tasks:
+
+    - name: "Install Python packages for Trusty to solve trust issues"
+      package:
+        name:
+          - python-setuptools
+          - python-pip
+        state: latest
+      when:
+        - ansible_distribution == "Ubuntu"
+        - ansible_distribution_major_version | int == 14
+
+    - name: "Install dependencies"
+      package:
+        name:
+          - curl
+        state: latest

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -1,5 +1,6 @@
 ---
 wazuh_manager_fqdn: "wazuh-server"
+wazuh_manager_package_state: latest
 
 wazuh_manager_config:
   json_output: 'yes'

roles/wazuh/ansible-wazuh-manager/handlers/main.yml

@@ -13,3 +13,5 @@
     name: wazuh-api
     state: restarted
     enabled: true
+  when:
+    - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6)

roles/wazuh/ansible-wazuh-manager/meta/main.yml

@@ -18,6 +18,6 @@ galaxy_info:
     - name: Fedora
       versions:
         - all
-  categories:
+  galaxy_tags:
     - monitoring
 dependencies: []

roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml

@@ -1,17 +1,30 @@
 ---
 - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
   apt:
-    name: ['apt-transport-https', 'ca-certificates']
-    state: present
-    cache_valid_time: 3600
-  with_items:
+    name:
       - apt-transport-https
       - ca-certificates
-    - urllib3
+      - gnupg
+    state: present
+    cache_valid_time: 3600
 
+- name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)
+  become: yes
+  shell: |
+    set -o pipefail
+    curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
+  args:
+    warn: False
+    executable: /bin/bash
+  changed_when: False
+  when:
+    - ansible_distribution == "Ubuntu"
+    - ansible_distribution_major_version | int == 14
 
 - name: Debian/Ubuntu | Installing Wazuh repository key
   apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  when:
+    - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
 
 - name: Debian/Ubuntu | Add Wazuh repositories
   apt_repository:
@@ -19,8 +32,23 @@
     state: present
     update_cache: yes
 
+- name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14)
+  become: yes
+  shell: |
+    set -o pipefail
+    curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
+  args:
+    warn: False
+    executable: /bin/bash
+  changed_when: False
+  when:
+    - ansible_distribution == "Ubuntu"
+    - ansible_distribution_major_version | int == 14
+
 - name: Debian/Ubuntu | Installing NodeJS repository key
   apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key
+  when:
+    - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
 
 - name: Debian/Ubuntu | Add NodeSource repositories for Node.js
   apt_repository:

roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml

@@ -19,9 +19,12 @@
   when: ansible_distribution == 'Fedora'
 
 - name: AmazonLinux | Get Nodejs
-  shell: curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
+  shell: |
+    set -o pipefail
+    curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
   args:
     warn: no
+    executable: /bin/bash
   when:
     - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
 
@@ -53,7 +56,10 @@
     - ansible_distribution_major_version|int == 5
 
 - name: RedHat/CentOS/Fedora | Install openscap
-  package: name=openscap-scanner state=present
+  package: name={{ item }} state=present
+  with_items:
+    - openscap-scanner
+    - openssl
   tags:
     - init
   when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
@@ -80,7 +86,7 @@
     - wazuh_manager_config.cluster.disable != 'yes'
 
 - name: CentOS/RedHat 6 | Install python-cryptography module
-  shell: pip2.7 install cryptography
+  pip: name=cryptography state=present
   environment:
     PATH: "/opt/rh/python27/root/usr/bin:{{ ansible_env.PATH }}"
     LD_LIBRARY_PATH: "/opt/rh/python27/root/usr/lib64:/opt/rh/python27/root/usr/lib"
@@ -128,4 +134,11 @@
 - name: Set Distribution CIS filename for RHEL7/CentOS-7
   set_fact:
     cis_distribution_filename: cis_rhel7_linux_rcl.txt
-    when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == '7') or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
+  when:
+    - ansible_os_family == "RedHat" and ansible_distribution_major_version == '7'
+
+- name: Set Distribution CIS filename for RHEL7/CentOS-7 (Amazon)
+  set_fact:
+    cis_distribution_filename: cis_rhel7_linux_rcl.txt
+  when:
+    - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"

roles/wazuh/ansible-wazuh-manager/tasks/main.yml

@@ -6,13 +6,13 @@
   when: ansible_os_family == "Debian"
 
 - name: Install wazuh-manager, wazuh-api and expect
-  package: pkg={{ item }} state=latest
+  package: pkg={{ item }} state={{ wazuh_manager_package_state }}
   with_items:
     - wazuh-manager
     - wazuh-api
     - expect
   when:
-    - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 )
+    - not (ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6)
   tags:
     - init
 
@@ -22,16 +22,16 @@
     regexp: 'echo -n "Starting Wazuh-manager: "'
     replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib'
   when:
-    - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version == '6'
+    - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int == 6
     - wazuh_manager_config.cluster.disable != 'yes'
 
 - name: Install wazuh-manager and expect (EL5)
-  package: pkg={{ item }} state=latest
+  package: pkg={{ item }} state={{ wazuh_manager_package_state }}
   with_items:
     - wazuh-manager
     - expect
   when:
-    - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and  ansible_distribution_major_version|int < 6
+    - ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6
   tags:
     - init
 
@@ -71,7 +71,7 @@
 
 - name: Ensure ossec-authd service is disabled
   service: name=ossec-authd enabled=no state=stopped
-  when: old_authd_service.stat.exists == True
+  when: old_authd_service.stat.exists
   tags:
     - config
 
@@ -80,7 +80,7 @@
   with_items:
     - "/etc/init.d/ossec-authd"
     - "/lib/systemd/system/ossec-authd.service"
-  when: old_authd_service.stat.exists == True
+  when: old_authd_service.stat.exists
   tags:
     - config
 
@@ -180,7 +180,7 @@
 - name: Retrieving Wazuh-API User Credentials
   include_vars: wazuh_api_creds.yml
   when:
-    - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 )
+    - not (ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6)
   tags:
     - config
 
@@ -198,9 +198,12 @@
     - config
 
 - name: Check if client-syslog is enabled
-  shell: "grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo"
+  shell: |
+    set -o pipefail
+    "grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo"
   args:
     removes: /var/ossec/bin/.process_list
+    executable: /bin/bash
   changed_when: False
   check_mode: no
   register: csyslog_enabled
@@ -212,14 +215,17 @@
   notify: restart wazuh-manager
   when:
     - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout
-    - syslog_output is defined and syslog_output == true
+    - syslog_output is defined and syslog_output
   tags:
     - config
 
 - name: Check if ossec-agentlessd is enabled
-  shell: "grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo"
+  shell: |
+    set -o pipefail
+    "grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo"
   args:
     removes: /var/ossec/bin/.process_list
+    executable: /bin/bash
   changed_when: False
   check_mode: no
   register: agentlessd_enabled
@@ -252,7 +258,7 @@
   poll: 0
   when:
     - wazuh_manager_config.vuls.disable != 'yes'
-    - ansible_distribution == 'Redhat' or ansible_distribution == 'CentOS' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' or ansible_distribution == 'Oracle'
+    - ansible_distribution in ['Redhat', 'CentOS', 'Ubuntu', 'Debian', 'Oracle']
   tags:
     - init
 
@@ -293,7 +299,7 @@
   notify: restart wazuh-api
   when:
     - wazuh_api_user is defined
-    - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 )
+    - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6)
   tags:
     - config
 
@@ -345,7 +351,7 @@
   environment:
     LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib"
   when:
-    - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 )
+    - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6)
 
 - name: Ensure Wazuh Manager is started and enabled (EL5)
   service:
@@ -355,7 +361,7 @@
   tags:
     - config
   when:
-    - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6
+    - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 6
 
 - import_tasks: "RMRedHat.yml"
   when: ansible_os_family == "RedHat"