update RHEL repositories and add ansible-vault file for api user

ansible-wazuh-agent/tasks/RedHat.yml

@@ -1,11 +1,5 @@
 ---
-# Tasks specific for RedHat systems
+# Tasks specific for RedHat/CentOS systems
-
-- name: RedHat | Set some facts
-  set_fact:
-    ansible_distribution: centos
-  when: ansible_distribution == "RedHat"
-
 - name: RedHat | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
@@ -13,7 +7,17 @@
     baseurl: https://packages.wazuh.com/yum/el/$releasever/$basearch
     gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
     gpgcheck: yes
+  when: ansible_distribution == 'CentOS'
 
+# Tasks specific for RedHat systems
+- name: RedHat | Install Wazuh repo
+  yum_repository:
+    name: wazuh_repo
+    description: CentOS-$releasever - Wazuh
+    baseurl: https://packages.wazuh.com/yum/rhel/$releasever/$basearch
+    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    gpgcheck: yes
+  when: ansible_distribution == 'RedHat'
 
 - name: Set Distribution CIS filename for RHEL5
   set_fact:

ansible-wazuh-server/handlers/main.yml

@@ -5,3 +5,8 @@
   service: name=wazuh-manager
            state=restarted
            enabled=yes
+
+- name: restart wazuh-api
+  service: name=wazuh-api
+           state=restarted
+           enabled=yes

ansible-wazuh-server/tasks/RedHat.yml

@@ -1,11 +1,5 @@
 ---
 # Tasks specific for RedHat systems
-
-- name: RedHat | Set some facts
-  set_fact:
-    ansible_distribution: centos
-  when: ansible_distribution == "RedHat"
-
 - name: RedHat | Install Nodejs repo
   yum_repository:
     name: NodeJS
@@ -14,13 +8,24 @@
     gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
     gpgcheck: yes
 
-- name: RedHat | Install Wazuh repo
+- name: CentOS | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
     description: CentOS-$releasever - Wazuh
     baseurl: https://packages.wazuh.com/yum/el/$releasever/$basearch
     gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
     gpgcheck: yes
+  when: ansible_distribution == 'CentOS'
+
+# Tasks specific for RedHat systems
+- name: RedHat | Install Wazuh repo
+  yum_repository:
+    name: wazuh_repo
+    description: CentOS-$releasever - Wazuh
+    baseurl: https://packages.wazuh.com/yum/rhel/$releasever/$basearch
+    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    gpgcheck: yes
+  when: ansible_distribution == 'RedHat'
 
 - name: RedHat | Install epel repo
   yum: name=https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ansible_distribution_major_version}}.noarch.rpm state=present

ansible-wazuh-server/tasks/main.yml

@@ -41,7 +41,6 @@
     - config
     - rules
 
-
 - name: Check if client-syslog is enabled
   shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-csyslogd is running' | xargs echo"
   register: csyslog_running
@@ -92,6 +91,20 @@
     - init
     - config
 
+- name: Import secret variable file
+  include_vars: "api-user.yml"
+  no_log: true
+
+- name: Wazuh-api User
+  copy:
+    content: "{{user}}"
+    dest: "/var/ossec/api/configuration/auth/user"
+    owner: root
+    group: root
+    mode: 0750
+  no_log: true
+  notify: restart wazuh-api
+
 - name: Ensure Wazuh Manager, wazuh api and ossec-authd service is started and enabled
   service:
     name: "{{ item }}"

ansible-wazuh-server/vars/api-user.yml

@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+36386266366539623939353066643064616263636338323237666633366233373764333432373330
+3463386532373033623136363164386638663066656535620a343863326564396361663265363831
+33333665666364363661366337663761653732323166653564396466346464656238616564636434
+3535626161313834360a636664353431373563383964626463663335643430316235313638663930
+66386530343630613531663434386339366233306663376639333235376365366436663831376161
+64336436303035333234636361303439313237393436373538333862373839366265666438353061
+373032306536613230343261303761663664