clean code

2017-04-06 14:57:11 -04:00 · 2017-04-06 14:57:11 -04:00 · bad7bbe9be
commit bad7bbe9be
parent c3e340433f
3 changed files with 48 additions and 15 deletions
--- a/ansible-wazuh-server/README.md
+++ b/ansible-wazuh-server/README.md
@ -20,12 +20,56 @@ ossec_server_config: []
 ossec_agent_configs: []
 api_user: []
 ```
-
 Vault variables
 ----------------

-### vars/api_user.yml
+### vars/agentless.yml
+This file has the agenless c.
+```
+---
+agentless_passlist:
+  - host: wazuh@wazuh.com
+    passwd: testpasswd
+  - host: wazuh2@wazuh.com
+    passwd: test2passwd
+```

+### templates/agentless.j2
+
+In this template we create the file with the format .passlist that ossec needs.
+
+```
+{% for agentless in agentless_passlist %}
+{{ agentless.host }}|{{ agentless.passwd }}
+{% endfor %}
+```
+
+### tasks/main
+
+In the main we import the variables included in the vault file agentless.yml, then we move to a temporal file the folder /var/ossec/agentless/.passlist_tmp and then encode to base64.
+
+```
+- name: Import agentless secret variable file
+  include_vars: "agentless.yml"
+  no_log: true
+
+- name: Agentless Credentials
+  template:
+    src: agentless.j2
+    dest: "/var/ossec/agentless/.passlist_tmp"
+    owner: root
+    group: root
+    mode: 0644
+  no_log: true
+  when: agentless_passlist is defined
+
+- name: Encode the secret
+  shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp
+  when: agentless_passlist is defined
+```
+
+### vars/api_user.yml
+This file has user and password created in httpasswd format.
 ```
 ---
 user:
@ -33,7 +77,8 @@ user:
  - "wazuh2:$apr1$XSwG938n$tDxKvaCBx5C/kdU2xXP3K."
 ```

-###Example setup
+
+### Example setup

 Edit the vars file for the host which runs the ossec-server:
 ### host_vars/ossec-server
--- a/ansible-wazuh-server/tasks/RedHat.yml
+++ b/ansible-wazuh-server/tasks/RedHat.yml
@ -57,9 +57,3 @@
  set_fact:
    cis_distribution_filename: cis_rhel7_linux_rcl.txt
  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7"
-
- name: Set ossec deploy facts for RedHat/CentOS
-  set_fact:
-    ossec_server_config_filename: ossec-server.conf
-    ossec_init_name: wazuh-manager
-  when: ansible_os_family == "RedHat"
--- a/ansible-wazuh-server/tasks/main.yml
+++ b/ansible-wazuh-server/tasks/main.yml
@ -78,12 +78,6 @@
  command: /var/ossec/bin/ossec-control start agentless
  when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined

- name: Set ossec deploy facts for Debian
-  set_fact:
-    ossec_server_config_filename: ossec.conf
-    ossec_init_name: ossec
-  when: ansible_os_family == "Debian"
-
 - name: Configure ossec.conf
  template: src=var-ossec-etc-ossec-server.conf.j2
            dest=/var/ossec/etc/ossec.conf