More options on client registration

ansible-wazuh-agent/defaults/main.yml

@@ -1,9 +1,14 @@
 ---
 wazuh_manager_ip: null
-wazuh_authd_port: 1515
 wazuh_profile: null
 wazuh_manager_proto: tcp
-wazuh_register_client: false
+wazuh_agent_authd:
+  enable: false
+  port: 1515
+  ssl_agent_ca: null
+  ssl_agent_cert: null
+  ssl_agent_key: null
+  ssl_auto_negotiate: 'no'
 wazuh_notify_time: null
 wazuh_time_reconnect: null
 wazuh_winagent_config:

ansible-wazuh-agent/tasks/Linux.yml

@@ -10,6 +10,26 @@
   tags:
     - init
 
+- name: Retrieving authd Credentials
+  include_vars: authd_pass.yml
+  tags:
+    - config
+
+- name: Copy CA, SSL key and cert for authd
+  copy:
+    src: "{{ item }}"
+    dest: "/var/ossec/etc/{{ item | basename }}"
+    mode: 0644
+  with_items:
+    - "{{ wazuh_agent_authd.ssl_agent_ca }}"
+    - "{{ wazuh_agent_authd.ssl_agent_cert }}"
+    - "{{ wazuh_agent_authd.ssl_agent_key }}"
+  tags:
+    - config
+  when:
+    - wazuh_agent_authd.ssl_agent_ca is not none
+    - wazuh_agent_authd.enable == true
+
 - name: Linux | Check if client.keys exists
   stat: path=/var/ossec/etc/client.keys
   register: check_keys
@@ -17,10 +37,20 @@
     - config
 
 - name: Linux | Register agent
-  shell: /var/ossec/bin/agent-auth -m {{ wazuh_manager_ip }} -p {{ wazuh_authd_port }}
+  shell: >
+    /var/ossec/bin/agent-auth
+    -m {{ wazuh_manager_ip }}
+    -p {{ wazuh_agent_authd.port }}
+    {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %}
+    {% if wazuh_agent_authd.ssl_agent_ca is not none %}
+    -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
+    -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
+    -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
+    {% endif %}
+    {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %}
   register: agent_auth_output
   when:
-    - wazuh_register_client == true
+    - wazuh_agent_authd.enable == true
     - check_keys.stat.size == 0
     - wazuh_manager_ip is not none
   tags:
@@ -29,7 +59,7 @@
 - name: Linux | Verify agent registration
   shell: echo {{ agent_auth_output }} | grep "Valid key created"
   when:
-    - wazuh_register_client == true
+    - wazuh_agent_authd.enable == true
     - check_keys.stat.size == 0
     - wazuh_manager_ip is not none
   tags:

ansible-wazuh-agent/tasks/Windows.yml

@@ -43,14 +43,23 @@
   tags:
     - config
 
+- name: Retrieving authd Credentials
+  include_vars: authd_pass.yml
+  tags:
+    - config
+
 - name: Windows | Register agent
-  win_shell: "{{ wazuh_winagent_config.install_dir }}agent-auth.exe -m {{ wazuh_manager_ip }} -p {{ wazuh_authd_port }}"
+  win_shell: >
+    {{ wazuh_winagent_config.install_dir }}agent-auth.exe
+    -m {{ wazuh_manager_ip }}
+    -p {{ wazuh_agent_authd.port }}
+    {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %}
   args:
     chdir: "{{ wazuh_winagent_config.install_dir }}"
   register: agent_auth_output
   notify: restart wazuh-agent windows
   when:
-    - wazuh_register_client == true
+    - wazuh_agent_authd.enable == true
     - check_windows_key.stat.exists == false
     - wazuh_manager_ip is not none
   tags:

ansible-wazuh-agent/vars/authd_pass.yml

@@ -0,0 +1,2 @@
+---
+#authd_pass: 'foobar'