Merge pull request #320 from wazuh/feature-317-optimize-manager-role
Optimized manager role
This commit is contained in:
Manuel J. Bernal
GitHub
commit
ad54aa45e2
@ -1,8 +1,8 @@
|
||||
---
|
||||
- import_tasks: RedHat.yml
|
||||
- include_tasks: RedHat.yml
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- import_tasks: Debian.yml
|
||||
- include_tasks: Debian.yml
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: CentOS/RedHat | Install Filebeat.
|
||||
@ -116,8 +116,8 @@
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- import_tasks: "RMRedHat.yml"
|
||||
- include_tasks: "RMRedHat.yml"
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- import_tasks: "RMDebian.yml"
|
||||
- include_tasks: "RMDebian.yml"
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
---
|
||||
- import_tasks: "RedHat.yml"
|
||||
- include_tasks: "RedHat.yml"
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- import_tasks: "Debian.yml"
|
||||
- include_tasks: "Debian.yml"
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Linux CentOS/RedHat | Install wazuh-agent
|
||||
@ -191,8 +191,8 @@
|
||||
state: started
|
||||
tags: config
|
||||
|
||||
- import_tasks: "RMRedHat.yml"
|
||||
- include_tasks: "RMRedHat.yml"
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- import_tasks: "RMDebian.yml"
|
||||
- include_tasks: "RMDebian.yml"
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- import_tasks: "Windows.yml"
|
||||
- include_tasks: "Windows.yml"
|
||||
when: ansible_os_family == "Windows"
|
||||
|
||||
- import_tasks: "Linux.yml"
|
||||
- include_tasks: "Linux.yml"
|
||||
when: ansible_system == "Linux"
|
||||
|
||||
@ -7,6 +7,7 @@
|
||||
- gnupg
|
||||
state: present
|
||||
cache_valid_time: 3600
|
||||
install_recommends: false
|
||||
register: wazuh_manager_https_packages_installed
|
||||
until: wazuh_manager_https_packages_installed is succeeded
|
||||
|
||||
@ -85,16 +86,16 @@
|
||||
- init
|
||||
|
||||
- name: Debian/Ubuntu | Install OpenScap
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
apt:
|
||||
name:
|
||||
- libopenscap8
|
||||
- xsltproc
|
||||
state: present
|
||||
cache_valid_time: 3600
|
||||
install_recommends: false
|
||||
register: wazuh_manager_openscap_installed
|
||||
until: wazuh_manager_openscap_installed is succeeded
|
||||
when: wazuh_manager_config.openscap.disable == 'no'
|
||||
with_items:
|
||||
- libopenscap8
|
||||
- xsltproc
|
||||
tags:
|
||||
- init
|
||||
|
||||
@ -113,3 +114,15 @@
|
||||
changed_when: false
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api
|
||||
apt:
|
||||
name:
|
||||
- "wazuh-manager={{ wazuh_manager_version }}"
|
||||
- "wazuh-api={{ wazuh_manager_version }}"
|
||||
state: present
|
||||
cache_valid_time: 3600
|
||||
install_recommends: false
|
||||
register: wazuh_manager_main_packages_installed
|
||||
until: wazuh_manager_main_packages_installed is succeeded
|
||||
tags: init
|
||||
|
||||
@ -137,3 +137,40 @@
|
||||
cis_distribution_filename: cis_rhel7_linux_rcl.txt
|
||||
when:
|
||||
- ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
|
||||
|
||||
- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api
|
||||
package:
|
||||
name: "{{ item }}-{{ wazuh_manager_version }}"
|
||||
state: "{{ wazuh_manager_package_state }}"
|
||||
with_items:
|
||||
- wazuh-manager
|
||||
- wazuh-api
|
||||
register: wazuh_manager_main_packages_installed
|
||||
until: wazuh_manager_main_packages_installed is succeeded
|
||||
when:
|
||||
- ansible_os_family|lower == "redhat"
|
||||
tags:
|
||||
- init
|
||||
|
||||
- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3
|
||||
replace:
|
||||
path: /etc/init.d/wazuh-manager
|
||||
regexp: 'echo -n "Starting Wazuh-manager: "'
|
||||
replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib'
|
||||
when:
|
||||
- ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6
|
||||
- wazuh_manager_config.cluster.disable != 'yes'
|
||||
|
||||
- name: Install expect (EL5)
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: "{{ wazuh_manager_package_state }}"
|
||||
with_items:
|
||||
- expect
|
||||
register: wazuh_manager_main_packages_installed
|
||||
until: wazuh_manager_main_packages_installed is succeeded
|
||||
when:
|
||||
- ansible_os_family|lower == "RedHat"
|
||||
- ansible_distribution_major_version|int < 6
|
||||
tags:
|
||||
- init
|
||||
|
||||
@ -7,40 +7,12 @@
|
||||
- tar
|
||||
state: present
|
||||
|
||||
- import_tasks: "RedHat.yml"
|
||||
- include_tasks: "RedHat.yml"
|
||||
when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon")
|
||||
|
||||
- import_tasks: "Debian.yml"
|
||||
- include_tasks: "Debian.yml"
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api
|
||||
package:
|
||||
name: "{{ item }}-{{ wazuh_manager_version }}"
|
||||
state: "{{ wazuh_manager_package_state }}"
|
||||
with_items:
|
||||
- wazuh-manager
|
||||
- wazuh-api
|
||||
register: wazuh_manager_main_packages_installed
|
||||
until: wazuh_manager_main_packages_installed is succeeded
|
||||
when:
|
||||
- ansible_os_family|lower == "redhat"
|
||||
tags:
|
||||
- init
|
||||
|
||||
- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api
|
||||
apt:
|
||||
name: "{{ item }}={{ wazuh_manager_version }}"
|
||||
state: present
|
||||
cache_valid_time: 3600
|
||||
with_items:
|
||||
- wazuh-manager
|
||||
- wazuh-api
|
||||
register: wazuh_manager_main_packages_installed
|
||||
until: wazuh_manager_main_packages_installed is succeeded
|
||||
when:
|
||||
- not (ansible_os_family|lower == "redhat")
|
||||
tags: init
|
||||
|
||||
- name: Install expect
|
||||
package:
|
||||
name: expect
|
||||
@ -49,29 +21,6 @@
|
||||
- not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6)
|
||||
tags: init
|
||||
|
||||
- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3
|
||||
replace:
|
||||
path: /etc/init.d/wazuh-manager
|
||||
regexp: 'echo -n "Starting Wazuh-manager: "'
|
||||
replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib'
|
||||
when:
|
||||
- ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6
|
||||
- wazuh_manager_config.cluster.disable != 'yes'
|
||||
|
||||
- name: Install expect (EL5)
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: "{{ wazuh_manager_package_state }}"
|
||||
with_items:
|
||||
- expect
|
||||
register: wazuh_manager_main_packages_installed
|
||||
until: wazuh_manager_main_packages_installed is succeeded
|
||||
when:
|
||||
- ansible_os_family|lower == "RedHat"
|
||||
- ansible_distribution_major_version|int < 6
|
||||
tags:
|
||||
- init
|
||||
|
||||
- name: Generate SSL files for authd
|
||||
command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ wazuh_manager_fqdn }}/"
|
||||
args:
|
||||
@ -404,8 +353,8 @@
|
||||
when:
|
||||
- ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6
|
||||
|
||||
- import_tasks: "RMRedHat.yml"
|
||||
- include_tasks: "RMRedHat.yml"
|
||||
when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon"
|
||||
|
||||
- import_tasks: "RMDebian.yml"
|
||||
- include_tasks: "RMDebian.yml"
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user