From a1f4a16fd91f592da07257116f3499df7d993c87 Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 9 Nov 2020 13:03:54 -0300 Subject: [PATCH] roles/wazuh_manager: add support for role-distributed ansible.cfg setting for hash_behaviour --- .../ansible-wazuh-manager/defaults/main.yml | 21 +++++++++---------- .../ansible-wazuh-manager/tasks/main.yml | 8 +++++++ 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1d343003..57e9d5e2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -421,8 +421,17 @@ wazuh_manager_api: # - username: custom-user # password: .S3cur3Pa55w0rd*- # Must comply with requirements (8+ length, uppercase, lowercase, specials chars) +# NOTE: As wazuh_manager_config is built dynamically per playbooks and ansible.cfg provided in the repo, +# we should also cover the case for partial settings in inventory variables overlayed on top of role's +# defaults with merge hash_behaviour. If you do a full replace instead of the hash_behaviour, set this to false. +# +# Please do notice this behaviour is deprecated in 2.13 and role will move away from it in future versions: +# https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-hash-behaviour +# +wazuh_manager_config_overlay: true + ## Other/Wrappers -wazuh_manager_config: +wazuh_manager_config_defaults: repo: '{{ wazuh_manager_repo }}' json_output: '{{ wazuh_manager_json_output }}' alerts_log: '{{ wazuh_manager_alerts_log }}' @@ -435,7 +444,6 @@ wazuh_manager_config: authd: '{{ wazuh_manager_authd }}' email_notification: '{{ wazuh_manager_email_notification }}' mail_to: '{{ wazuh_manager_mailto }}' - mail_smtp_server: '{{ wazuh_manager_email_smtp_server }}' mail_from: '{{ wazuh_manager_email_from }}' mail_maxperhour: '{{ wazuh_manager_email_maxperhour }}' @@ -443,33 +451,24 @@ wazuh_manager_config: email_log_source: '{{ wazuh_manager_email_log_source }}' extra_emails: '{{ wazuh_manager_extra_emails }}' reports: '{{ wazuh_manager_reports}}' - syscheck: '{{ wazuh_manager_syscheck }}' rootcheck: '{{ wazuh_manager_rootcheck }}' - - openscap: '{{ wazuh_manager_openscap }}' cis_cat: '{{ wazuh_manager_ciscat }}' - osquery: '{{ wazuh_manager_osquery }}' syscollector: '{{ wazuh_manager_syscollector }}' sca: '{{ wazuh_manager_sca }}' vulnerability_detector: '{{ wazuh_manager_vulnerability_detector }}' - log_level: '{{ wazuh_manager_log_level }}' email_level: '{{ wazuh_manager_email_level }}' localfiles: '{{ wazuh_manager_localfiles }}' - globals: '{{ wazuh_manager_globals }}' commands: '{{ wazuh_manager_commands }}' ruleset: '{{ wazuh_manager_ruleset }}' - rule_exclude: '{{ wazuh_manager_rule_exclude }}' syslog_outputs: '{{ wazuh_manager_syslog_outputs }}' integrations: '{{ wazuh_manager_integrations }}' - monitor_aws: '{{ wazuh_manager_monitor_aws }}' - labels: '{{ wazuh_manager_labels }}' # shared-agent.conf diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index fb0be0e0..24274b4a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -1,4 +1,12 @@ --- + +- name: Overlay wazuh_manager_config on top of defaults + set_fact: + wazuh_manager_config: '{{ wazuh_manager_config_defaults | combine(config_layer, recursive=True) }}' + vars: + config_layer: '{{ wazuh_manager_config | default({}) }}' + when: wazuh_manager_config_overlay | bool + - name: "Install dependencies" package: name: