From 7cce8e9490421b7ddfd3144915659111a6490b89 Mon Sep 17 00:00:00 2001
From: singuliere <singuliere@autistici.org>
Date: Tue, 8 Jan 2019 13:58:41 +0100
Subject: [PATCH] make agent registration delegate_to configurable

Registering to the API requires the port 55000 of the wazuh manager is
open. Depending on the firewall policy, it may be true from the
ansible controller, reason why it was delegated to localhost in the
original implementation at 6cb6d3bda84c65508881e293e3403dae94ff24cc

The role should be more flexible and allow for the API call to be made
from the ansible controller or the host.

Implementation note: although it would be more elegant to use omit
instead of inventory_hostname, it is not possible because of an
ansible bug at this time https://github.com/ansible/ansible/issues/26009

Fixes: https://github.com/wazuh/wazuh-ansible/issues/126

Signed-off-by: singuliere <singuliere@autistici.org>
---
 roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 +
 roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml   | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 56580b75..dd56cb42 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -6,6 +6,7 @@ wazuh_managers:
     api_port: 55000
     api_proto: 'http'
     api_user: null
+wazuh_api_reachable_from_agent: false
 wazuh_profile: null
 wazuh_auto_restart: 'yes'
 wazuh_agent_authd:
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
index 2d17fb16..f16e5997 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
@@ -95,11 +95,12 @@
         user: "{{ wazuh_managers.0.api_user }}"
         password: "{{ api_pass }}"
       register: newagent_api
+      delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}"
+      become: no
       changed_when: newagent_api.json.error == 0
       when:
         - check_keys.stat.exists == false or check_keys.stat.size == 0
         - wazuh_managers.0.address is not none
-      become: no
       tags:
         - config
         - api
@@ -117,7 +118,7 @@
         - wazuh_managers.0.address is not none
         - newagent_api.json.error == 0
       register: newagentdata_api
-      delegate_to: localhost
+      delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}"
       become: no
       tags:
         - config