From 812fadd76b40a9f05c5159fa53b9a150368ca272 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:01:25 +0100 Subject: [PATCH 01/12] Add default to manage repositories --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 87f8534c..d7155415 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -31,6 +31,10 @@ wazuh_winagent_config: repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 wazuh_agent_config: + repo: + apt: 'https://packages.wazuh.com/3.x/apt/ stable main' + yum: 'https://packages.wazuh.com/3.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' active_response: ar_disabled: 'no' ca_store: '/var/ossec/etc/wpk_root.pem' From 8a69a6e92234db6539ff439e5a7c1097c2851903 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:02:07 +0100 Subject: [PATCH 02/12] Update Debian repositories to use dynamic urls from default variables --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 5 +++-- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 +++++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 48e45685..e2629069 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -22,13 +22,14 @@ - ansible_distribution_major_version | int == 14 - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: + url: "{{ wazuh_agent_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: "deb {{ wazuh_agent_config.repo.apt }}" state: present update_cache: true diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 9e9a94d7..79328bb1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,13 +24,14 @@ - ansible_distribution_major_version | int == 14 - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: + url: "{{ wazuh_agent_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: deb "{{ wazuh_agent_config.repo.apt }}" state: present update_cache: true changed_when: false @@ -49,7 +50,8 @@ - ansible_distribution_major_version | int == 14 - name: Debian/Ubuntu | Installing NodeJS repository key - apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key + apt_key: + url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) From afff33941d088497085209c5d2d750e7e423fe8e Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:02:41 +0100 Subject: [PATCH 03/12] Update RedHat tasks to use dynamic repo urls from variables --- .../ansible-wazuh-agent/tasks/RedHat.yml | 27 ++++++---------- .../ansible-wazuh-manager/tasks/RedHat.yml | 31 ++++++++++--------- 2 files changed, 26 insertions(+), 32 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 33382e28..86d38f12 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -1,36 +1,27 @@ --- -- name: RedHat/CentOS/Fedora | Install Wazuh repo - yum_repository: - name: wazuh_repo - description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH - gpgcheck: true - changed_when: false - when: - - ansible_distribution_major_version|int > 5 - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH-5 + baseurl: "{{ wazuh_agent_config.repo.yum }}5/" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5" gpgcheck: true changed_when: false when: - - ansible_distribution_major_version|int == 5 + - (ansible_facts['os_family']|lower == 'redhat') + - (ansible_os_family = ansible_distribution_major_version|int <= 5) + register: repo_v5_installed -- name: AmazonLinux | Install Wazuh repo +- name: RedHat/CentOS/Fedora | Install Wazuh repo yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: "{{ wazuh_agent_config.repo.yum }}" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}" gpgcheck: true changed_when: false when: - - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + - repo_v5_installed is undefined - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 7540e142..ffac6189 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -38,26 +38,29 @@ when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" -- name: RedHat/CentOS/Fedora | Install Wazuh repo - yum_repository: - name: wazuh_repo - description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH - gpgcheck: true - changed_when: false - when: - - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: "{{ wazuh_agent_config.repo.yum }}5/" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5" gpgcheck: true + changed_when: false when: - - ansible_distribution_major_version|int == 5 + - (ansible_facts['os_family']|lower == 'redhat') + - (ansible_os_family = ansible_distribution_major_version|int <= 5) + register: repo_v5_manager_installed + +- name: RedHat/CentOS/Fedora | Install Wazuh repo + yum_repository: + name: wazuh_repo + description: Wazuh repository + baseurl: "{{ wazuh_agent_config.repo.yum }}" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}" + gpgcheck: true + changed_when: false + when: + - repo_v5_manager_installed is undefined - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present From 8c1740381bc392322395663963d9d76dff331dee Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:27:22 +0100 Subject: [PATCH 04/12] Add manager repo variables --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f45e95b0..1482a533 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,6 +5,10 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest wazuh_manager_config: + repo: + apt: 'https://packages.wazuh.com/3.x/apt/ stable main' + yum: 'https://packages.wazuh.com/3.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' json_output: 'yes' alerts_log: 'yes' logall: 'no' From a21392fe58991ac5e0645e69afd38e57f43fcc74 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:27:32 +0100 Subject: [PATCH 05/12] Fix manager repo variables typo --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index ffac6189..3ec0719b 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -42,8 +42,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: "{{ wazuh_agent_config.repo.yum }}5/" - gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5" + baseurl: "{{ wazuh_manager_config.repo.yum }}5/" + gpgkey: "{{ wazuh_manager_config.repo.gpg }}-5" gpgcheck: true changed_when: false when: @@ -55,8 +55,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: "{{ wazuh_agent_config.repo.yum }}" - gpgkey: "{{ wazuh_agent_config.repo.gpg }}" + baseurl: "{{ wazuh_manager_config.repo.yum }}" + gpgkey: "{{ wazuh_manager_config.repo.gpg }}" gpgcheck: true changed_when: false when: From 30b04ac5a8b7c0771d2485a4a44a0b44bc8b8665 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:55:21 +0100 Subject: [PATCH 06/12] Update CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) mode change 100644 => 100755 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md old mode 100644 new mode 100755 index ad13d3d3..f220561d --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.xx.x_x.x.x] + +## Changed + +- Make Wazuh repositories instalation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) + ## [v3.10.2_7.3.2] ### Added From 3bedf74055c69f8eccb1f2083a93df9fdb9ad777 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 11:50:55 +0100 Subject: [PATCH 07/12] Fix wrong conditionals in repo installation tasks --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 86d38f12..0c3b8b97 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -9,7 +9,7 @@ changed_when: false when: - (ansible_facts['os_family']|lower == 'redhat') - - (ansible_os_family = ansible_distribution_major_version|int <= 5) + - (ansible_distribution_major_version|int <= 5) register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 3ec0719b..71a5a375 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -48,7 +48,7 @@ changed_when: false when: - (ansible_facts['os_family']|lower == 'redhat') - - (ansible_os_family = ansible_distribution_major_version|int <= 5) + - (ansible_distribution_major_version|int <= 5) register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo From 83d0de790a46e9ebed1a86fc9c9fe6e22f2335fe Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 15:54:29 +0100 Subject: [PATCH 08/12] Fix wazuh manager variable typo related with repositories --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 79328bb1..bad36dfb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -25,13 +25,13 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: - url: "{{ wazuh_agent_config.repo.gpg }}" + url: "{{ wazuh_manager_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: deb "{{ wazuh_agent_config.repo.apt }}" + repo: deb "{{ wazuh_manager_config.repo.apt }}" state: present update_cache: true changed_when: false From acb052ba73a5dc6cb15751c7d98452f32a586fdd Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 17:09:39 +0100 Subject: [PATCH 09/12] Fix RedHat conditional related with Wazuh repositories --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 71a5a375..09b2c0a4 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -60,7 +60,7 @@ gpgcheck: true changed_when: false when: - - repo_v5_manager_installed is undefined + - repo_v5_manager_installed.skipped - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present From 34ed408cfd05ce24938b819b069babdfce3c5fab Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 17:54:00 +0100 Subject: [PATCH 10/12] Fix typo in Debian repository installation task --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index bad36dfb..8bf97217 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -31,7 +31,7 @@ - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: deb "{{ wazuh_manager_config.repo.apt }}" + repo: "deb {{ wazuh_manager_config.repo.apt }}" state: present update_cache: true changed_when: false From fd0d51bc52432c5e78062a980e8f1ff50e3dbce9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 20:53:14 +0100 Subject: [PATCH 11/12] Change Agent repository condition to .skipped like manager task --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 0c3b8b97..7bfcc611 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -21,8 +21,8 @@ gpgcheck: true changed_when: false when: - - repo_v5_installed is undefined - + - repo_v5_installed.skipped + - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm From f367e9bd23ad7b12b11caf1ed94737f8665da11f Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 20:54:51 +0100 Subject: [PATCH 12/12] Fix typo in CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f220561d..b434ff63 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ## Changed -- Make Wazuh repositories instalation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) +- Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) ## [v3.10.2_7.3.2]