Merge pull request #859 from wazuh/merge-43-into-44

Merge `4.3` into `4.4`
2022-11-08 14:07:58 +01:00 · 2022-11-08 14:07:58 +01:00 · ba3203ebf1
commit ba3203ebf1
parent e324831e2f 21317b449b
14 changed files with 164 additions and 37 deletions
--- a/README.md
+++ b/README.md
@ -8,8 +8,9 @@
 These playbooks install and configure Wazuh agent, manager and indexer and dashboard.
 ## Branches
-* `master` branch contains the latest code, be aware of possible bugs on this branch.
+
-* `stable` branch on correspond to the last Wazuh stable version.
+- `master` branch contains the latest code, be aware of possible bugs on this branch.
 - `stable` branch on correspond to the last Wazuh stable version.
 ## Compatibility Matrix
@ -41,8 +42,8 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
 ## Documentation
-* [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html)
+- [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html)
-* [Full documentation](http://documentation.wazuh.com)
+- [Full documentation](http://documentation.wazuh.com)
 ## Directory structure
@ -70,10 +71,10 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
    │ ├── VERSION
    │ ├── CHANGELOG.md
 ## Example: production-ready distributed environment
 ### Playbook
 The hereunder example playbook uses the `wazuh-ansible` role to provision a production-ready Wazuh environment. The architecture includes 2 Wazuh nodes, 3 Wazuh indexer nodes and a mixed Wazuh dashboard node (Wazuh indexer data node + Wazuh dashboard).
 ```yaml
@ -328,6 +329,7 @@ After the playbook execution, the Wazuh UI should be reachable through `https://
 ## Example: single-host environment
 ### Playbook
 The hereunder example playbook uses the `wazuh-ansible` role to provision a single-host Wazuh environment. This architecture includes all the Wazuh and Opensearch components in a single node.
 ```yaml
@ -416,4 +418,4 @@ Copyright (C) 2016, Wazuh Inc.  (License GPLv2)
 ## Web references
-* [Wazuh website](http://wazuh.com)
+- [Wazuh website](http://wazuh.com)
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@ -15,6 +15,12 @@
 - name: ConvergeInstall
  hosts: all
  roles:
    # 1. Check packages
    - role: ../../roles/wazuh/check-packages
      become: no
      delegate_to: localhost
      run_once: true
    # 2. Managers
    - role: ../../roles/wazuh/ansible-wazuh-manager
      vars:
    - { role: ../../roles/wazuh/ansible-filebeat-oss, filebeat_output_indexer_hosts: "indexer_centos7:9200" }
--- a/molecule/distributed-wazuh/converge.yml
+++ b/molecule/distributed-wazuh/converge.yml
@ -79,18 +79,23 @@
  become: true
  become_user: root
  roles:
-    # 1. Wazuh indexer
+    # 1. Check packages
    - role: ../../roles/wazuh/check-packages
      become: no
      delegate_to: localhost
      run_once: true
    # 2. Wazuh indexer
    - role: ../../roles/wazuh/wazuh-indexer
      when: inventory_hostname in groups['indexer']
-    # 2. Managers
+    # 3. Managers
    - role: ../../roles/wazuh/ansible-wazuh-manager
      when: inventory_hostname in groups['managers']
    - role: ../../roles/wazuh/ansible-filebeat-oss
      when: inventory_hostname in groups['managers']
-    # 3. Wazuh dashboard
+    # 4. Wazuh dashboard
    - role: ../../roles/wazuh/wazuh-dashboard
      when: inventory_hostname in groups['dashboard']
-    # 4. Agents:
+    # 5. Agents:
    - role: ../../roles/wazuh/ansible-wazuh-agent
      vars:
        wazuh_managers: '{{ wazuh_managers_list }}'
--- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml
@ -1,16 +1,15 @@
 ---
- name: Get latest Wazuh release
+- include_vars: ../../vars/repo_vars.yml
  become: false
  shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
  register: wazuh_latest_release
  delegate_to: localhost
 - include_vars: ../../vars/repo.yml
-  when: "wazuh_latest_release.stdout is version(wazuh_agent_version, operator='ge')"
+  when: packages_repository == 'production'
- include_vars: ../../vars/repo_dev.yml
+- include_vars: ../../vars/repo_pre-release.yml
-  when: "wazuh_latest_release.stdout is version(wazuh_agent_version, operator='lt')"
+  when: packages_repository == 'pre-release'
 - include_vars: ../../vars/repo_staging.yml
  when: packages_repository == 'staging'
 - name: Overlay wazuh_agent_config on top of defaults
  set_fact:
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@ -9,15 +9,16 @@
      - curl
    state: present
- name: Get latest wazuh release
+- include_vars: ../../vars/repo_vars.yml
  shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
  register: wazuh_latest_release
 - include_vars: ../../vars/repo.yml
-  when: "wazuh_latest_release.stdout is version(wazuh_manager_version, operator='ge')"
+  when: packages_repository == 'production'
- include_vars: ../../vars/repo_dev.yml
+- include_vars: ../../vars/repo_pre-release.yml
-  when: "wazuh_latest_release.stdout is version(wazuh_manager_version, operator='lt')"
+  when: packages_repository == 'pre-release'
 - include_vars: ../../vars/repo_staging.yml
  when: packages_repository == 'staging'
 - name: Overlay wazuh_manager_config on top of defaults
  set_fact:
--- a/roles/wazuh/check-packages/defaults/main.yml
+++ b/roles/wazuh/check-packages/defaults/main.yml
@ -0,0 +1,2 @@
 ---
 wazuh_version: 4.4.0
--- a/roles/wazuh/check-packages/files/packages_uri.txt
+++ b/roles/wazuh/check-packages/files/packages_uri.txt
@ -0,0 +1,6 @@
 yum/wazuh-manager-VERSION-1.x86_64.rpm
 apt/pool/main/w/wazuh-manager/wazuh-manager_VERSION-1_amd64.deb
 yum/wazuh-dashboard-VERSION-1.x86_64.rpm
 yum/wazuh-indexer-VERSION-1.x86_64.rpm
 apt/pool/main/w/wazuh-agent/wazuh-agent_VERSION-1_amd64.deb
 yum/wazuh-agent-VERSION-1.x86_64.rpm
--- a/roles/wazuh/check-packages/scripts/check_packages.sh
+++ b/roles/wazuh/check-packages/scripts/check_packages.sh
@ -0,0 +1,80 @@
 #!/bin/bash
 VERSION=$1
 #echo $VERSION
 ## Replace VERSION with $VERSION in packages_uri.txt and save it as packages_uri_new.txt
 sed 's,VERSION,'$VERSION',g' ../files/packages_uri.txt > ../files/packages_uri_new.txt
 checkPackages(){
    ## Set S3 Bucket URL
    if [ $1 == "production" ]; then
        echo "production"
        PACKAGES_URL=https://packages.wazuh.com/4.x/
    elif [ $1 == "pre-release" ]; then
        echo "pre-release"
        PACKAGES_URL=https://packages-dev.wazuh.com/pre-release/
    elif [ $1 == "staging" ]; then
        echo "staging"
        PACKAGES_URL=https://packages-dev.wazuh.com/staging/
        CHECK_WIN_PACKAGE=$(grep windows ../files/packages_uri_new.txt)
        echo $CHECK_WIN_PACKAGE
        if [ -n "$CHECK_WIN_PACKAGE" ]; then
            WIN_AGENT_NAME=$(aws s3 ls s3://packages-dev.wazuh.com/staging/windows/wazuh-agent-$VERSION --region=us-west-1 | tail -1 | awk '{printf $4}')
            if [ -z $WIN_AGENT_NAME ]; then
                echo "Windows agent package for version " $VERSION " does not exist in the staging repository"
                exit 1
            fi
            WIN_AGENT_URI="windows/"$WIN_AGENT_NAME
            echo $PACKAGES_URL$WIN_AGENT_URI "check"
            sed -i 's,windows/.*,'$WIN_AGENT_URI',g' ../files/packages_uri_new.txt
            sed -i 's,wazuh_winagent_config_url.*,wazuh_winagent_config_url: \"'$PACKAGES_URL$WIN_AGENT_URI'\",g' ../../vars/repo_staging.yml
            sed -i 's,wazuh_winagent_package_name.*,wazuh_winagent_package_name: \"'$WIN_AGENT_NAME'\",g' ../../vars/repo_staging.yml
        fi
    fi
    ## Set EXISTS to 0 (true)
    EXISTS=0
    ## Loop through the packages_uri_new.txt file
    while IFS= read -r URI
    do
        echo "$URI"
        ## Check if the package exists
        PACKAGE=$(curl --silent -I $PACKAGES_URL$URI | grep -E "^HTTP" | awk  '{print $2}')
        ## If it does not exist set EXISTS to 1 (false)
        if [ "$PACKAGE" != "200" ]; then
            EXISTS=1
            #echo $PACKAGES_URL$URI "does not exist"
            return $EXISTS
        fi
    done < ../files/packages_uri_new.txt
    return $EXISTS
 }
 replaceVars(){
    sed -i "s|packages_repository:.*|packages_repository: $1|g" ../../vars/repo_vars.yml
 }
 ## Call the checkPackages function for each repository
 if checkPackages "production"; then
    echo "production"
    replaceVars "production"
    exit 0
 elif checkPackages "pre-release"; then
    echo "pre-release"
    replaceVars "pre-release"
    exit 0
 elif checkPackages "production"; then
    echo "production"
    replaceVars "production"
    exit 0
 elif checkPackages "staging"; then
    echo "staging"
    replaceVars "staging"
    exit 0
 else
    echo "Failed"
    exit 1
 fi
--- a/roles/wazuh/check-packages/tasks/main.yml
+++ b/roles/wazuh/check-packages/tasks/main.yml
@ -0,0 +1,11 @@
 ---
  - name: Check packages
    shell: |
      ./check_packages.sh {{ wazuh_version }}
    args:
      warn: false
      executable: /bin/bash
      chdir: "{{ role_path }}/scripts/"
    delegate_to: localhost
    become: no
--- a/roles/wazuh/vars/repo_pre-release.yml
+++ b/roles/wazuh/vars/repo_pre-release.yml
--- a/roles/wazuh/vars/repo_staging.yml
+++ b/roles/wazuh/vars/repo_staging.yml
@ -0,0 +1,12 @@
 wazuh_repo:
  apt: 'deb https://packages-dev.wazuh.com/staging/apt/ unstable main'
  yum: 'https://packages-dev.wazuh.com/staging/yum/'
  gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
  key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
 wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 certs_gen_tool_version: 4.4
 # Url of certificates generator tool
 certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
--- a/roles/wazuh/vars/repo_vars.yml
+++ b/roles/wazuh/vars/repo_vars.yml
@ -0,0 +1 @@
 packages_repository: production
--- a/roles/wazuh/wazuh-dashboard/tasks/main.yml
+++ b/roles/wazuh/wazuh-dashboard/tasks/main.yml
@ -1,13 +1,14 @@
 ---
- name: Get latest wazuh release
+- include_vars: ../../vars/repo_vars.yml
  shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
  register: wazuh_latest_release
 - include_vars: ../../vars/repo.yml
-  when: "wazuh_latest_release.stdout is version(dashboard_version, operator='ge')"
+  when: packages_repository == 'production'
- include_vars: ../../vars/repo_dev.yml
+- include_vars: ../../vars/repo_pre-release.yml
-  when: "wazuh_latest_release.stdout is version(dashboard_version, operator='lt')"
+  when: packages_repository == 'pre-release'
 - include_vars: ../../vars/repo_staging.yml
  when: packages_repository == 'staging'
 - import_tasks: RedHat.yml
  when: ansible_os_family == 'RedHat'
--- a/roles/wazuh/wazuh-indexer/tasks/main.yml
+++ b/roles/wazuh/wazuh-indexer/tasks/main.yml
@ -1,13 +1,14 @@
 ---
- name: Get latest wazuh release
+- include_vars: ../../vars/repo_vars.yml
  shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
  register: wazuh_latest_release
 - include_vars: ../../vars/repo.yml
-  when: "wazuh_latest_release.stdout is version(indexer_version, operator='ge')"
+  when: packages_repository == 'production'
- include_vars: ../../vars/repo_dev.yml
+- include_vars: ../../vars/repo_pre-release.yml
-  when: "wazuh_latest_release.stdout is version(indexer_version, operator='lt')"
+  when: packages_repository == 'pre-release'
 - include_vars: ../../vars/repo_staging.yml
  when: packages_repository == 'staging'
 - import_tasks: local_actions.yml
  when: