Merge pull request #859 from wazuh/merge-43-into-44

Merge `4.3` into `4.4`

README.md

@@ -8,8 +8,9 @@
 These playbooks install and configure Wazuh agent, manager and indexer and dashboard.
 
 ## Branches
-* `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `stable` branch on correspond to the last Wazuh stable version.
+
+- `master` branch contains the latest code, be aware of possible bugs on this branch.
+- `stable` branch on correspond to the last Wazuh stable version.
 
 ## Compatibility Matrix
 
@@ -41,8 +42,8 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
 
 ## Documentation
 
-* [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html)
-* [Full documentation](http://documentation.wazuh.com)
+- [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html)
+- [Full documentation](http://documentation.wazuh.com)
 
 ## Directory structure
 
@@ -70,10 +71,10 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
     │ ├── VERSION
     │ ├── CHANGELOG.md
 
-
 ## Example: production-ready distributed environment
 
 ### Playbook
+
 The hereunder example playbook uses the `wazuh-ansible` role to provision a production-ready Wazuh environment. The architecture includes 2 Wazuh nodes, 3 Wazuh indexer nodes and a mixed Wazuh dashboard node (Wazuh indexer data node + Wazuh dashboard).
 
 ```yaml
@@ -328,6 +329,7 @@ After the playbook execution, the Wazuh UI should be reachable through `https://
 ## Example: single-host environment
 
 ### Playbook
+
 The hereunder example playbook uses the `wazuh-ansible` role to provision a single-host Wazuh environment. This architecture includes all the Wazuh and Opensearch components in a single node.
 
 ```yaml
@@ -416,4 +418,4 @@ Copyright (C) 2016, Wazuh Inc.  (License GPLv2)
 
 ## Web references
 
-* [Wazuh website](http://wazuh.com)
+- [Wazuh website](http://wazuh.com)

molecule/default/converge.yml

@@ -15,6 +15,12 @@
 - name: ConvergeInstall
   hosts: all
   roles:
+    # 1. Check packages
+    - role: ../../roles/wazuh/check-packages
+      become: no
+      delegate_to: localhost
+      run_once: true
+    # 2. Managers
     - role: ../../roles/wazuh/ansible-wazuh-manager
       vars:
     - { role: ../../roles/wazuh/ansible-filebeat-oss, filebeat_output_indexer_hosts: "indexer_centos7:9200" }

molecule/distributed-wazuh/converge.yml

@@ -79,18 +79,23 @@
   become: true
   become_user: root
   roles:
-    # 1. Wazuh indexer
+    # 1. Check packages
+    - role: ../../roles/wazuh/check-packages
+      become: no
+      delegate_to: localhost
+      run_once: true
+    # 2. Wazuh indexer
     - role: ../../roles/wazuh/wazuh-indexer
       when: inventory_hostname in groups['indexer']
-    # 2. Managers
+    # 3. Managers
     - role: ../../roles/wazuh/ansible-wazuh-manager
       when: inventory_hostname in groups['managers']
     - role: ../../roles/wazuh/ansible-filebeat-oss
       when: inventory_hostname in groups['managers']
-    # 3. Wazuh dashboard
+    # 4. Wazuh dashboard
     - role: ../../roles/wazuh/wazuh-dashboard
       when: inventory_hostname in groups['dashboard']
-    # 4. Agents:
+    # 5. Agents:
     - role: ../../roles/wazuh/ansible-wazuh-agent
       vars:
         wazuh_managers: '{{ wazuh_managers_list }}'

roles/wazuh/ansible-wazuh-agent/tasks/main.yml

@@ -1,16 +1,15 @@
 ---
 
-- name: Get latest Wazuh release
-  become: false
-  shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
-  register: wazuh_latest_release
-  delegate_to: localhost
+- include_vars: ../../vars/repo_vars.yml
 
 - include_vars: ../../vars/repo.yml
-  when: "wazuh_latest_release.stdout is version(wazuh_agent_version, operator='ge')"
+  when: packages_repository == 'production'
 
-- include_vars: ../../vars/repo_dev.yml
-  when: "wazuh_latest_release.stdout is version(wazuh_agent_version, operator='lt')"
+- include_vars: ../../vars/repo_pre-release.yml
+  when: packages_repository == 'pre-release'
+
+- include_vars: ../../vars/repo_staging.yml
+  when: packages_repository == 'staging'
 
 - name: Overlay wazuh_agent_config on top of defaults
   set_fact:

roles/wazuh/ansible-wazuh-manager/tasks/main.yml

@@ -9,15 +9,16 @@
       - curl
     state: present
 
-- name: Get latest wazuh release
-  shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
-  register: wazuh_latest_release
+- include_vars: ../../vars/repo_vars.yml
 
 - include_vars: ../../vars/repo.yml
-  when: "wazuh_latest_release.stdout is version(wazuh_manager_version, operator='ge')"
+  when: packages_repository == 'production'
 
-- include_vars: ../../vars/repo_dev.yml
-  when: "wazuh_latest_release.stdout is version(wazuh_manager_version, operator='lt')"
+- include_vars: ../../vars/repo_pre-release.yml
+  when: packages_repository == 'pre-release'
+
+- include_vars: ../../vars/repo_staging.yml
+  when: packages_repository == 'staging'
 
 - name: Overlay wazuh_manager_config on top of defaults
   set_fact:

roles/wazuh/check-packages/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+wazuh_version: 4.4.0

roles/wazuh/check-packages/files/packages_uri.txt

@@ -0,0 +1,6 @@
+yum/wazuh-manager-VERSION-1.x86_64.rpm
+apt/pool/main/w/wazuh-manager/wazuh-manager_VERSION-1_amd64.deb
+yum/wazuh-dashboard-VERSION-1.x86_64.rpm
+yum/wazuh-indexer-VERSION-1.x86_64.rpm
+apt/pool/main/w/wazuh-agent/wazuh-agent_VERSION-1_amd64.deb
+yum/wazuh-agent-VERSION-1.x86_64.rpm

roles/wazuh/check-packages/scripts/check_packages.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+VERSION=$1
+#echo $VERSION
+## Replace VERSION with $VERSION in packages_uri.txt and save it as packages_uri_new.txt
+sed 's,VERSION,'$VERSION',g' ../files/packages_uri.txt > ../files/packages_uri_new.txt
+
+checkPackages(){
+    ## Set S3 Bucket URL
+    if [ $1 == "production" ]; then
+        echo "production"
+        PACKAGES_URL=https://packages.wazuh.com/4.x/
+    elif [ $1 == "pre-release" ]; then
+        echo "pre-release"
+        PACKAGES_URL=https://packages-dev.wazuh.com/pre-release/
+    elif [ $1 == "staging" ]; then
+        echo "staging"
+        PACKAGES_URL=https://packages-dev.wazuh.com/staging/
+        CHECK_WIN_PACKAGE=$(grep windows ../files/packages_uri_new.txt)
+        echo $CHECK_WIN_PACKAGE
+        if [ -n "$CHECK_WIN_PACKAGE" ]; then
+            WIN_AGENT_NAME=$(aws s3 ls s3://packages-dev.wazuh.com/staging/windows/wazuh-agent-$VERSION --region=us-west-1 | tail -1 | awk '{printf $4}')
+            if [ -z $WIN_AGENT_NAME ]; then
+                echo "Windows agent package for version " $VERSION " does not exist in the staging repository"
+                exit 1
+            fi
+            WIN_AGENT_URI="windows/"$WIN_AGENT_NAME
+            echo $PACKAGES_URL$WIN_AGENT_URI "check"
+            sed -i 's,windows/.*,'$WIN_AGENT_URI',g' ../files/packages_uri_new.txt
+            sed -i 's,wazuh_winagent_config_url.*,wazuh_winagent_config_url: \"'$PACKAGES_URL$WIN_AGENT_URI'\",g' ../../vars/repo_staging.yml
+            sed -i 's,wazuh_winagent_package_name.*,wazuh_winagent_package_name: \"'$WIN_AGENT_NAME'\",g' ../../vars/repo_staging.yml
+        fi
+    fi
+
+    ## Set EXISTS to 0 (true)
+    EXISTS=0
+
+    ## Loop through the packages_uri_new.txt file
+    while IFS= read -r URI
+    do
+        echo "$URI"
+        ## Check if the package exists
+        PACKAGE=$(curl --silent -I $PACKAGES_URL$URI | grep -E "^HTTP" | awk  '{print $2}')
+        ## If it does not exist set EXISTS to 1 (false)
+        if [ "$PACKAGE" != "200" ]; then
+            EXISTS=1
+            #echo $PACKAGES_URL$URI "does not exist"
+            return $EXISTS
+        fi
+    done < ../files/packages_uri_new.txt
+
+    return $EXISTS
+}
+
+replaceVars(){
+    sed -i "s|packages_repository:.*|packages_repository: $1|g" ../../vars/repo_vars.yml
+
+}
+
+## Call the checkPackages function for each repository
+if checkPackages "production"; then
+    echo "production"
+    replaceVars "production"
+    exit 0
+elif checkPackages "pre-release"; then
+    echo "pre-release"
+    replaceVars "pre-release"
+    exit 0
+elif checkPackages "production"; then
+    echo "production"
+    replaceVars "production"
+    exit 0
+elif checkPackages "staging"; then
+    echo "staging"
+    replaceVars "staging"
+    exit 0
+else
+    echo "Failed"
+    exit 1
+fi

roles/wazuh/check-packages/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+  - name: Check packages
+    shell: |
+      ./check_packages.sh {{ wazuh_version }}
+    args:
+      warn: false
+      executable: /bin/bash
+      chdir: "{{ role_path }}/scripts/"
+    delegate_to: localhost
+    become: no
+

roles/wazuh/vars/repo_staging.yml

@@ -0,0 +1,12 @@
+wazuh_repo:
+  apt: 'deb https://packages-dev.wazuh.com/staging/apt/ unstable main'
+  yum: 'https://packages-dev.wazuh.com/staging/yum/'
+  gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
+  key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
+wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
+wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
+
+certs_gen_tool_version: 4.4
+
+# Url of certificates generator tool
+certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"

roles/wazuh/vars/repo_vars.yml

@@ -0,0 +1 @@
+packages_repository: production

roles/wazuh/wazuh-dashboard/tasks/main.yml

@@ -1,13 +1,14 @@
 ---
-- name: Get latest wazuh release
-  shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
-  register: wazuh_latest_release
+- include_vars: ../../vars/repo_vars.yml
 
 - include_vars: ../../vars/repo.yml
-  when: "wazuh_latest_release.stdout is version(dashboard_version, operator='ge')"
+  when: packages_repository == 'production'
 
-- include_vars: ../../vars/repo_dev.yml
-  when: "wazuh_latest_release.stdout is version(dashboard_version, operator='lt')"
+- include_vars: ../../vars/repo_pre-release.yml
+  when: packages_repository == 'pre-release'
+
+- include_vars: ../../vars/repo_staging.yml
+  when: packages_repository == 'staging'
 
 - import_tasks: RedHat.yml
   when: ansible_os_family == 'RedHat'

roles/wazuh/wazuh-indexer/tasks/main.yml

@@ -1,13 +1,14 @@
 ---
-- name: Get latest wazuh release
-  shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
-  register: wazuh_latest_release
+- include_vars: ../../vars/repo_vars.yml
 
 - include_vars: ../../vars/repo.yml
-  when: "wazuh_latest_release.stdout is version(indexer_version, operator='ge')"
+  when: packages_repository == 'production'
 
-- include_vars: ../../vars/repo_dev.yml
-  when: "wazuh_latest_release.stdout is version(indexer_version, operator='lt')"
+- include_vars: ../../vars/repo_pre-release.yml
+  when: packages_repository == 'pre-release'
+
+- include_vars: ../../vars/repo_staging.yml
+  when: packages_repository == 'staging'
 
 - import_tasks: local_actions.yml
   when: