Added where possible the wazuh-manager role idempotent. Have to disable this because of issue #107

2019-04-16 19:09:36 +02:00 · 2019-04-16 19:09:36 +02:00 · dc8438401f
commit dc8438401f
parent 8291e4ab9f
6 changed files with 29 additions and 3 deletions
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@ -37,6 +37,20 @@ provisioner:
    enabled: true # fix in seperate PR
 scenario:
  name: default
  test_sequence:
    - lint
    - dependency
    - cleanup
    - destroy
    - syntax
    - create
    - prepare
    - converge
    # - idempotence
    - side_effect
    - verify
    - cleanup
    - destroy
 verifier:
  name: testinfra
  lint:
--- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@ -31,6 +31,7 @@
    repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
    state: present
    update_cache: yes
  changed_when: False
 - name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14)
  become: yes
@ -55,6 +56,7 @@
    repo: "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
    state: present
    update_cache: yes
  changed_when: False
 - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
  set_fact:
@ -101,7 +103,7 @@
  shell: "dpkg-query --showformat='${Version}' --show libopenscap8"
  when: wazuh_manager_config.openscap.disable == 'no'
  register: openscap_version
-  changed_when: true
+  changed_when: False
  tags:
    - config
@ -109,6 +111,6 @@
  shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
  when: wazuh_manager_config.openscap.disable == 'no'
  register: openscap_version_valid
-  changed_when: true
+  changed_when: False
  tags:
    - config
--- a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml
@ -3,8 +3,10 @@
  apt_repository:
    repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
    state: absent
  changed_when: False
 - name: Debian/Ubuntu | Remove Nodejs repository.
  apt_repository:
    repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main
    state: absent
  changed_when: False
--- a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml
@ -3,8 +3,10 @@
  yum_repository:
    name: NodeJS
    state: absent
  changed_when: False
 - name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)
  yum_repository:
    name: wazuh_repo
    state: absent
  changed_when: False
--- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
@ -6,6 +6,7 @@
    baseurl: https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/x86_64
    gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
    gpgcheck: yes
  changed_when: False
  when:
    - ansible_distribution_major_version|int > 5
@ -42,6 +43,7 @@
    baseurl: https://packages.wazuh.com/3.x/yum/
    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
    gpgcheck: yes
  changed_when: False
  when:
    - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@ -329,12 +329,16 @@
    group: ossec
    mode: 0640
  no_log: true
  register: wazuh_manager_cdb_lists
  until: wazuh_manager_cdb_lists is succeeded
  notify:
    - rebuild cdb_lists
    - restart wazuh-manager
  with_items:
    - "{{ cdb_lists }}"
-  when: cdb_lists is defined
+  when:
    - cdb_lists is defined
    - cdb_lists is iterable
  tags:
    - config