roles/agent: update agent registry task with token, nolog and remove when, as it is checked on every task, shuld be applied to block
This commit is contained in:
neonmei
parent
535add6f4c
commit
d4092bf686
@ -83,7 +83,10 @@ wazuh_agent_nat: false
|
|||||||
wazuh_agent_nolog_sensible: yes
|
wazuh_agent_nolog_sensible: yes
|
||||||
wazuh_agent_config_overlay: yes
|
wazuh_agent_config_overlay: yes
|
||||||
|
|
||||||
## Client
|
# This is a middle ground between breaking existing uses of wazuh_agent_nat
|
||||||
|
# and allow working with agents having several network interfaces
|
||||||
|
wazuh_agent_address: '{{ "any" if wazuh_agent_nat else ansible_default_ipv4.address }}'
|
||||||
|
|
||||||
wazuh_managers:
|
wazuh_managers:
|
||||||
- address: 127.0.0.1
|
- address: 127.0.0.1
|
||||||
port: 1514
|
port: 1514
|
||||||
|
|||||||
@ -144,23 +144,26 @@
|
|||||||
|
|
||||||
- name: Linux | Create the agent key via rest-API
|
- name: Linux | Create the agent key via rest-API
|
||||||
uri:
|
uri:
|
||||||
url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/"
|
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents'
|
||||||
validate_certs: false
|
|
||||||
method: POST
|
method: POST
|
||||||
body: '{"name":"{{ agent_name }}"}'
|
|
||||||
body_format: json
|
body_format: json
|
||||||
status_code: 200
|
body:
|
||||||
|
name: '{{ agent_name }}'
|
||||||
|
ip: '{{ wazuh_agent_address }}'
|
||||||
|
force_time: 1
|
||||||
headers:
|
headers:
|
||||||
Content-Type: "application/json"
|
Authorization: 'Bearer {{ jwt_token }}'
|
||||||
user: "{{ wazuh_managers.0.api_user }}"
|
status_code: 200
|
||||||
password: "{{ api_pass }}"
|
return_content: yes
|
||||||
register: newagent_api
|
validate_certs: '{{ target_manager.validate_certs | default(false) }}'
|
||||||
delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}"
|
|
||||||
become: no
|
become: no
|
||||||
changed_when: newagent_api.json.error == 0
|
no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
|
||||||
when:
|
delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}"
|
||||||
- not check_keys.stat.exists or check_keys.stat.size == 0
|
changed_when: api_agent_post.json.error == 0
|
||||||
- wazuh_managers.0.address is not none
|
register: api_agent_post
|
||||||
|
vars:
|
||||||
|
agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
|
||||||
|
jwt_token: '{{ api_jwt_result.json.data.token }}'
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
- api
|
- api
|
||||||
@ -201,10 +204,10 @@
|
|||||||
- wazuh_agent_authd.registration_address is not none
|
- wazuh_agent_authd.registration_address is not none
|
||||||
- newagent_api.json.error == 0
|
- newagent_api.json.error == 0
|
||||||
notify: restart wazuh-agent
|
notify: restart wazuh-agent
|
||||||
|
|
||||||
when:
|
when:
|
||||||
- not wazuh_agent_authd.enable
|
- not ( wazuh_agent_authd.enable | bool )
|
||||||
- not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no'
|
- wazuh_agent_config.enrollment.enabled != 'yes'
|
||||||
|
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
- api
|
- api
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user