From 9bc6d550be6de3b42b3bfc07a5adbf73a7537baa Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 17:46:41 +0100 Subject: [PATCH 1/9] Create required variables for Wazuh Manager installation from packages --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 8c71671b..f1e9866b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -4,6 +4,15 @@ wazuh_manager_version: 3.11.3-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present +# Custom packages installation +wazuh_custom_packages_installation_manager_enabled: true +wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-manager_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-manager-3.12.0-0.3319fimreworksqlite.x86_64.rpm" +wazuh_custom_packages_installation_api_enabled: true +wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-api_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-api-3.12.0-0.3319fimreworksqlite.x86_64.rpm" + +# Sources installation wazuh_manager_sources_installation: enabled: false branch: "v3.11.3" From 7fb76b42e65993b925355b513aea31c40aa8be11 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 17:47:13 +0100 Subject: [PATCH 2/9] Create required tasks to download and install .rpm and .deb packages --- .../installation_from_custom_packages.yml | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml new file mode 100644 index 00000000..ae837c9a --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -0,0 +1,34 @@ +--- + - block: + - name: Install Wazuh Manager from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_manager_deb_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + + - name: Install Wazuh API from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_api_deb_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + when: + - ansible_os_family|lower == "debian" + + - block: + - name: Install Wazuh Manager from .rpm packages + yum: + name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + + - name: Install Wazuh API from .rpm packages + yum: + name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + when: + - ansible_os_family|lower == "redhat" \ No newline at end of file From bf6f72039cccac7fb0f9ebcce28a4084f4247ad9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 17:47:49 +0100 Subject: [PATCH 3/9] Update conditionals in Managers tasks to filter installation from packages --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 11 ++++++++++- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 8 ++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 36fe4ff5..ca4820fc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,6 +24,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -32,6 +33,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -42,6 +44,7 @@ changed_when: false when: - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -106,11 +109,16 @@ tags: init when: - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - include_tasks: "installation_from_sources.yml" when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled +- include_tasks: "installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - name: Debian/Ubuntu | Install wazuh-api apt: name: @@ -122,4 +130,5 @@ until: wazuh_manager_main_packages_installed is succeeded tags: init when: - - not wazuh_api_sources_installation.enabled \ No newline at end of file + - not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 5dc57e81..c0ff9ee4 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -11,6 +11,7 @@ - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,6 +25,7 @@ when: - repo_v5_manager_installed is skipped - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -118,6 +120,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled tags: - init @@ -125,6 +128,10 @@ when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled +- include_tasks: "../tasks/installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled + - name: CentOS/RedHat/Amazon | Install wazuh-api package: name: "wazuh-api-{{ wazuh_manager_version }}" @@ -134,6 +141,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_api_enabled tags: - init From aa33bd353140783b798b3036a71df4ab0077d681 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:09:26 +0100 Subject: [PATCH 4/9] Add required variables to install agents from custom packages --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 266cb33f..202f5d3a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,15 @@ --- wazuh_agent_version: 3.11.3-1 + +# Custom packages installation + +wazuh_custom_packages_installation_agent_enabled: true +wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm" + +# Sources installation + wazuh_agent_sources_installation: enabled: false branch: "v3.11.3" From 281d54557afcd46c564effee58d637be9f6e186b Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:09:48 +0100 Subject: [PATCH 5/9] Create tasks to download and install Agent from .rpm and .deb packages --- .../tasks/installation_from_custom_packages.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml new file mode 100644 index 00000000..01ce540c --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml @@ -0,0 +1,16 @@ +--- + - name: Install Wazuh Agent from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_agent_deb_url }}" + state: present + when: + - ansible_os_family|lower == "debian" + - wazuh_custom_packages_installation_agent_enabled + + - name: Install Wazuh Agent from .rpm packages + yum: + name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" + state: present + when: + - ansible_os_family|lower == "redhat" + - wazuh_custom_packages_installation_agent_enabled \ No newline at end of file From 8f0d54b274ffdc93c26fbe811f2a6042e0a7bcce Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:10:26 +0100 Subject: [PATCH 6/9] Update Agent conditionals to make them work with custom packages install --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 3 +++ roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 6 ++++++ roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 6 ++++-- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 68c0b726..9c12fdbf 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -21,6 +21,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -29,6 +30,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -38,6 +40,7 @@ update_cache: true when: - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 5664a428..c1c701fc 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -9,6 +9,10 @@ when: - wazuh_agent_sources_installation.enabled +- include_tasks: "installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_agent_enabled + - name: Linux CentOS/RedHat | Install wazuh-agent package: name: wazuh-agent-{{ wazuh_agent_version }} @@ -18,6 +22,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled tags: - init @@ -29,6 +34,7 @@ when: - ansible_os_family|lower != "redhat" - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled tags: - init diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index e0b2b426..d93052c4 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,7 +10,8 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_agent_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,6 +25,7 @@ when: - repo_v5_installed is skipped - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: @@ -34,7 +36,7 @@ until: oracle_java_task_rpm_download is succeeded when: - wazuh_agent_config.cis_cat.disable == 'no' - - wazuh_agent_config.cis_cat.install_java == 'yes' + - wazuh_agent_config.cis_cat.install_java == 'yes' tags: - init From 53cee9a7be1602777bbc4a40667f3c86750dabcb Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:11:39 +0100 Subject: [PATCH 7/9] Fix trailing whitespace in `RedHat.yml` tasks from Agent --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index d93052c4..8dbd2452 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -36,7 +36,7 @@ until: oracle_java_task_rpm_download is succeeded when: - wazuh_agent_config.cis_cat.disable == 'no' - - wazuh_agent_config.cis_cat.install_java == 'yes' + - wazuh_agent_config.cis_cat.install_java == 'yes' tags: - init From 807a816cf226215a565ba7af0a6b49b1da3cb06b Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:12:44 +0100 Subject: [PATCH 8/9] Set Wazuh version to 3.12.0 for testing purposes --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 202f5d3a..8b4d197e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.11.3-1 +wazuh_agent_version: 3.12.0-1 # Custom packages installation diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f1e9866b..3c5712d2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 3.11.3-1 +wazuh_manager_version: 3.12.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present From 9dddd2b26e176410fe0439345a1a55d00f3e5b99 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 19:19:16 +0100 Subject: [PATCH 9/9] Restore Wazuh installation to default configuration --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 8b4d197e..ccd96e1c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,10 +1,10 @@ --- -wazuh_agent_version: 3.12.0-1 +wazuh_agent_version: 3.11.3-1 # Custom packages installation -wazuh_custom_packages_installation_agent_enabled: true +wazuh_custom_packages_installation_agent_enabled: false wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3c5712d2..ffd1d90d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,14 +1,14 @@ --- -wazuh_manager_version: 3.12.0-1 +wazuh_manager_version: 3.11.3-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present # Custom packages installation -wazuh_custom_packages_installation_manager_enabled: true +wazuh_custom_packages_installation_manager_enabled: false wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-manager_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-manager-3.12.0-0.3319fimreworksqlite.x86_64.rpm" -wazuh_custom_packages_installation_api_enabled: true +wazuh_custom_packages_installation_api_enabled: false wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-api_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-api-3.12.0-0.3319fimreworksqlite.x86_64.rpm"