Merge pull request #288 from wazuh/feature-287-avoid-repo-hardcoding

Avoid repository hardcoding

CHANGELOG.md

@@ -1,6 +1,12 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## [v3.xx.x_x.x.x]
+
+## Changed
+
+- Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288)
+
 ## [v3.10.2_7.3.2]
 
 ### Added

roles/wazuh/ansible-wazuh-agent/defaults/main.yml

@@ -31,6 +31,10 @@ wazuh_winagent_config:
   repo: https://packages.wazuh.com/3.x/windows/
   md5: 71650780904cbfc2e45eae4298adb7a3 
 wazuh_agent_config:
+  repo:
+    apt: 'https://packages.wazuh.com/3.x/apt/ stable main'
+    yum: 'https://packages.wazuh.com/3.x/yum/'
+    gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
   active_response:
     ar_disabled: 'no'
     ca_store: '/var/ossec/etc/wpk_root.pem'

roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml

@@ -22,13 +22,14 @@
     - ansible_distribution_major_version | int == 14
 
 - name: Debian/Ubuntu | Installing Wazuh repository key
-  apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  apt_key:
+    url: "{{ wazuh_agent_config.repo.gpg }}"
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
 
 - name: Debian/Ubuntu | Add Wazuh repositories
   apt_repository:
-    repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
+    repo: "deb {{ wazuh_agent_config.repo.apt }}"
     state: present
     update_cache: true
 

roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml

@@ -1,36 +1,27 @@
 ---
-- name: RedHat/CentOS/Fedora | Install Wazuh repo
-  yum_repository:
-    name: wazuh_repo
-    description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
-    gpgcheck: true
-  changed_when: false
-  when:
-    - ansible_distribution_major_version|int > 5
-
 - name: RedHat/CentOS 5 | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
     description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/5/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH-5
+    baseurl: "{{ wazuh_agent_config.repo.yum }}5/"
+    gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5"
     gpgcheck: true
   changed_when: false
   when:
-    - ansible_distribution_major_version|int == 5
+    - (ansible_facts['os_family']|lower == 'redhat')
+    - (ansible_distribution_major_version|int <= 5)
+  register: repo_v5_installed
 
-- name: AmazonLinux | Install Wazuh repo
+- name: RedHat/CentOS/Fedora | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
     description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    baseurl: "{{ wazuh_agent_config.repo.yum }}"
+    gpgkey: "{{ wazuh_agent_config.repo.gpg }}"
     gpgcheck: true
   changed_when: false
   when:
-    - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
+    - repo_v5_installed.skipped
     
 - name: RedHat/CentOS/Fedora | download Oracle Java RPM
   get_url:

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -5,6 +5,10 @@ wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: latest
 
 wazuh_manager_config:
+  repo:
+    apt: 'https://packages.wazuh.com/3.x/apt/ stable main'
+    yum: 'https://packages.wazuh.com/3.x/yum/'
+    gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
   json_output: 'yes'
   alerts_log: 'yes'
   logall: 'no'

roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml

@@ -24,13 +24,14 @@
     - ansible_distribution_major_version | int == 14
 
 - name: Debian/Ubuntu | Installing Wazuh repository key
-  apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  apt_key:
+    url: "{{ wazuh_manager_config.repo.gpg }}"
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
 
 - name: Debian/Ubuntu | Add Wazuh repositories
   apt_repository:
-    repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
+    repo: "deb {{ wazuh_manager_config.repo.apt }}"
     state: present
     update_cache: true
   changed_when: false
@@ -49,7 +50,8 @@
     - ansible_distribution_major_version | int == 14
 
 - name: Debian/Ubuntu | Installing NodeJS repository key
-  apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key
+  apt_key:
+    url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
 

roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml

@@ -38,26 +38,29 @@
   when:
     - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
 
-- name: RedHat/CentOS/Fedora | Install Wazuh repo
-  yum_repository:
-    name: wazuh_repo
-    description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
-    gpgcheck: true
-  changed_when: false
-  when:
-    - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
-
 - name: RedHat/CentOS 5 | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
     description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/5/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    baseurl: "{{ wazuh_manager_config.repo.yum }}5/"
+    gpgkey: "{{ wazuh_manager_config.repo.gpg }}-5"
     gpgcheck: true
+  changed_when: false
   when:
-    - ansible_distribution_major_version|int == 5
+    - (ansible_facts['os_family']|lower == 'redhat')
+    - (ansible_distribution_major_version|int <= 5)
+  register: repo_v5_manager_installed
+
+- name: RedHat/CentOS/Fedora | Install Wazuh repo
+  yum_repository:
+    name: wazuh_repo
+    description: Wazuh repository
+    baseurl: "{{ wazuh_manager_config.repo.yum }}"
+    gpgkey: "{{ wazuh_manager_config.repo.gpg }}"
+    gpgcheck: true
+  changed_when: false
+  when:
+    - repo_v5_manager_installed.skipped
 
 - name: RedHat/CentOS/Fedora | Install openscap
   package: name={{ item }} state=present