Split "Copy CA, SSL key and cert for authd" task

of the wazuh-agent playbook to allow one to perform either manager or agent verification, or both.
2020-04-11 18:26:13 +03:00 · 2020-04-11 18:26:13 +03:00 · ae40cb4582
commit ae40cb4582
parent f6e020631e
1 changed files with 11 additions and 3 deletions
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
@ -50,17 +50,25 @@
    - name: Retrieving authd Credentials
      include_vars: authd_pass.yml

-    - name: Copy CA, SSL key and cert for authd
+    - name: Copy CA root certificate to verify authd
+      copy:
+        src: "{{ wazuh_agent_authd.ssl_agent_ca }}"
+        dest: "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
+        mode: 0644
+      when:
+        - wazuh_agent_authd.ssl_agent_ca is not none
+
+    - name: Copy TLS/SSL certificate for agent verification
      copy:
        src: "{{ item }}"
        dest: "/var/ossec/etc/{{ item | basename }}"
        mode: 0644
      with_items:
-        - "{{ wazuh_agent_authd.ssl_agent_ca }}"
        - "{{ wazuh_agent_authd.ssl_agent_cert }}"
        - "{{ wazuh_agent_authd.ssl_agent_key }}"
      when:
-        - wazuh_agent_authd.ssl_agent_ca is not none
+        - wazuh_agent_authd.ssl_agent_cert is not none
+        - wazuh_agent_authd.ssl_agent_key is not none

    - name: Linux | Register agent (via authd)
      shell: >