afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #562 from wazuh/4.2.0-sources

Browse Source 
Install cmake in sources installation
This commit is contained in:
Alberto Rodríguez 2021-04-13 17:24:44 +02:00 committed by GitHub
commit e946b5635e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 171 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
playbooks/wazuh-kibana.yml
View File

@ -3,4 +3,5 @@
roles: roles:
- role: ../roles/elastic-stack/ansible-kibana - role: ../roles/elastic-stack/ansible-kibana
elasticsearch_network_host: <YOUR_ELASTICSEARCH_IP> elasticsearch_network_host: <YOUR_ELASTICSEARCH_IP>
vars:
ansible_shell_allow_world_readable_temp: true

1
playbooks/wazuh-odfe-production-ready.yml
View File

@ -186,3 +186,4 @@
node6: node6:
name: node-6 name: node-6
ip: "{{ hostvars.kibana.private_ip }}" ip: "{{ hostvars.kibana.private_ip }}"
ansible_shell_allow_world_readable_temp: true

1
playbooks/wazuh-odfe-single.yml
View File

@ -19,3 +19,4 @@
node1: node1:
name: node-1 # Important: must be equal to elasticsearch_node_name. name: node-1 # Important: must be equal to elasticsearch_node_name.
ip: <your server host> ip: <your server host>
ansible_shell_allow_world_readable_temp: true

2
playbooks/wazuh-opendistro-kibana.yml
View File

@ -2,3 +2,5 @@
- hosts: es1 - hosts: es1
roles: roles:
- role: ../roles/opendistro/opendistro-kibana - role: ../roles/opendistro/opendistro-kibana
vars:
ansible_shell_allow_world_readable_temp: true

6
roles/opendistro/opendistro-elasticsearch/defaults/main.yml
View File

@ -32,6 +32,12 @@ package_repos:
opendistro: opendistro:
baseurl: 'https://packages.wazuh.com/4.x/yum/' baseurl: 'https://packages.wazuh.com/4.x/yum/'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
apt:
opendistro:
baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
openjdk:
baseurl: 'deb http://deb.debian.org/debian stretch-backports main'
opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig
opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools

43
roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml Normal file
View File

@ -0,0 +1,43 @@
---
#- name: Install OpenDistro dependencies
# apt:
# name: [
# 'unzip', 'wget', 'curl',
# 'apt-transport-https', software-properties-common
# ]
# state: present
- name: Add openjdk repository
apt_repository:
repo: "{{ package_repos.apt.openjdk.baseurl }}"
state: present
update_cache: yes
- name: Install openjdk-11-jdk
apt:
name: openjdk-11-jdk
state: present
environment:
JAVA_HOME: /usr
- name: Add Opendistro repository
block:
- name: Add apt repository signing key
apt_key:
url: "{{ package_repos.apt.opendistro.gpg }}"
state: present
- name: Add Opendistro repository
apt_repository:
repo: "{{ package_repos.apt.opendistro.baseurl }}"
state: present
update_cache: yes
- name: Install OpenDistro
apt:
name: opendistroforelasticsearch={{ opendistro_version }}-1
state: present
register: install
tags: install

7
roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml
View File

@ -39,5 +39,12 @@
- wget - wget
- unzip - unzip
- name: Install OpenDistro
package:
name: opendistroforelasticsearch-{{ opendistro_version }}
state: present
register: install
tags: install
tags: tags:
- install - install

12
roles/opendistro/opendistro-elasticsearch/tasks/main.yml
View File

@ -8,18 +8,13 @@
- import_tasks: RedHat.yml - import_tasks: RedHat.yml
when: ansible_os_family == 'RedHat' when: ansible_os_family == 'RedHat'
- name: Install OpenDistro - import_tasks: Debian.yml
package: when: ansible_os_family == 'Debian'
name: opendistroforelasticsearch-{{ opendistro_version }}
state: present
register: install
tags: install
- name: Remove elasticsearch configuration file - name: Remove elasticsearch configuration file
file: file:
path: "{{ opendistro_conf_path }}/elasticsearch.yml" path: "{{ opendistro_conf_path }}/elasticsearch.yml"
state: absent state: absent
when: install.changed
tags: install tags: install
- name: Copy Configuration File - name: Copy Configuration File
@ -30,13 +25,12 @@
group: elasticsearch group: elasticsearch
mode: 0640 mode: 0640
marker: "## {mark} Opendistro general settings ##" marker: "## {mark} Opendistro general settings ##"
when: install.changed
tags: install tags: install
- include_tasks: security_actions.yml - include_tasks: security_actions.yml
tags: tags:
- security - security
when: install.changed
- name: Configure OpenDistro Elasticsearch JVM memmory. - name: Configure OpenDistro Elasticsearch JVM memmory.
template: template:

7
roles/opendistro/opendistro-kibana/defaults/main.yml
View File

@ -21,7 +21,10 @@ package_repos:
opendistro: opendistro:
baseurl: 'https://packages.wazuh.com/4.x/yum/' baseurl: 'https://packages.wazuh.com/4.x/yum/'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
apt:
opendistro:
baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
# API credentials # API credentials
wazuh_api_credentials: wazuh_api_credentials:
@ -38,7 +41,7 @@ kibana_telemetry_optin: "false"
kibana_telemetry_enabled: "false" kibana_telemetry_enabled: "false"
opendistro_admin_password: changeme opendistro_admin_password: changeme
opendistro_kibana_user: admin opendistro_kibana_user: changeme
opendistro_kibana_password: changeme opendistro_kibana_password: changeme
local_certs_path: "{{ playbook_dir }}/opendistro/certificates" local_certs_path: "{{ playbook_dir }}/opendistro/certificates"

23
roles/opendistro/opendistro-kibana/tasks/Debian.yml Normal file
View File

@ -0,0 +1,23 @@
---
- block:
- include_vars: debian.yml
- name: Add apt repository signing key
apt_key:
url: "{{ package_repos.apt.opendistro.gpg }}"
state: present
- name: Debian systems | Add OpenDistro repo
apt_repository:
repo: "{{ package_repos.apt.opendistro.baseurl }}"
state: present
update_cache: yes
- name: Install Kibana
apt:
name: "opendistroforelasticsearch-kibana={{ kibana_opendistro_version }}"
state: present
register: install
tags:
- install

6
roles/opendistro/opendistro-kibana/tasks/RedHat.yml
View File

@ -10,5 +10,11 @@
gpgkey: "{{ package_repos.yum.opendistro.gpg }}" gpgkey: "{{ package_repos.yum.opendistro.gpg }}"
gpgcheck: true gpgcheck: true
- name: Install Kibana
package:
name: "opendistroforelasticsearch-kibana-{{ kibana_opendistro_version }}"
state: present
register: install
tags: tags:
- install - install

8
roles/opendistro/opendistro-kibana/tasks/main.yml
View File

@ -11,12 +11,8 @@
- import_tasks: RedHat.yml - import_tasks: RedHat.yml
when: ansible_os_family == 'RedHat' when: ansible_os_family == 'RedHat'
- name: Install Kibana - import_tasks: Debian.yml
package: when: ansible_os_family == 'Debian'
name: "opendistroforelasticsearch-kibana-{{ kibana_opendistro_version }}"
state: present
register: install
tags: install
- name: Remove Kibana configuration file - name: Remove Kibana configuration file
file: file:

3
roles/opendistro/opendistro-kibana/vars/debian.yml Normal file
View File

@ -0,0 +1,3 @@
---
kibana_opendistro_version: 1.12.0

6
roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
View File

@ -97,6 +97,12 @@
tags: tags:
- config - config
- name: Install dependencies to build from sources
apt:
name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'libssl-dev', 'g++']
state: present
when: wazuh_manager_sources_installation.enabled
- name: Debian/Ubuntu | Install wazuh-manager - name: Debian/Ubuntu | Install wazuh-manager
apt: apt:
name: name:

6
roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
View File

@ -92,6 +92,12 @@
when: when:
- ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
- name: Install dependencies to build from sources
yum:
name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'openssl-devel', 'gcc-c++']
state: present
when: wazuh_manager_sources_installation.enabled
- name: CentOS/RedHat/Amazon | Install wazuh-manager - name: CentOS/RedHat/Amazon | Install wazuh-manager
package: package:
name: "wazuh-manager-{{ wazuh_manager_version }}" name: "wazuh-manager-{{ wazuh_manager_version }}"

40
roles/wazuh/ansible-wazuh-manager/tasks/install_cmake.yml Normal file
View File

@ -0,0 +1,40 @@
---
# Vars
# cmake_download_url: http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz
# cmake_version: 3.18.3
#
- name: Include CMake install vars
include_vars: install_cmake.yml
- name: Download CMake sources
get_url:
url: "{{ cmake_download_url }}"
dest: "/tmp/cmake-{{ cmake_version }}.tar.gz"
register: cmake_download
- name: Unpack CMake
unarchive:
copy: no
dest: /tmp/
src: "{{ cmake_download.dest }}"
when: cmake_download.changed
register: cmake_unpack
- name: Configure CMake
command: "./bootstrap"
args:
chdir: "/tmp/cmake-{{ cmake_version }}"
when: cmake_unpack.changed
register: cmake_configure
- name: Install CMake
shell: make && make install
args:
chdir: "/tmp/cmake-{{ cmake_version }}"
when: cmake_configure.changed
- name: Delete installation files
file:
state: absent
path: "/tmp/cmake-{{ cmake_version }}"

11
roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
View File

@ -2,8 +2,8 @@
# Wazuh Manager # Wazuh Manager
- name: Check if Wazuh Manager is already installed - name: Check if Wazuh Manager is already installed
stat: stat:
path: "{{ wazuh_dir }}/bin/ossec-control" path: "{{ wazuh_dir }}/bin/wazuh-control"
register: wazuh_ossec_control register: wazuh_control_path
- name: Installing Wazuh Manager from sources - name: Installing Wazuh Manager from sources
block: block:
@ -18,6 +18,9 @@
- tar - tar
state: present state: present
- name: Install CMake
include_tasks: install_cmake.yml
- name: Removing old files - name: Removing old files
file: file:
path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
@ -102,6 +105,8 @@
changed_when: installation_result == 0 changed_when: installation_result == 0
args: args:
chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
environment:
PATH: /usr/local/bin:{{ ansible_env.PATH }}
- name: Cleanup downloaded files - name: Cleanup downloaded files
file: file:
@ -114,7 +119,7 @@
state: absent state: absent
when: when:
- not wazuh_ossec_control.stat.exists - not wazuh_control_path.stat.exists
- wazuh_manager_sources_installation.enabled - wazuh_manager_sources_installation.enabled
tags: tags:
- manager - manager

17
roles/wazuh/ansible-wazuh-manager/tasks/main.yml
View File

@ -141,19 +141,6 @@
when: when:
- shared_agent_config is defined - shared_agent_config is defined
- name: Installing the api.yaml (api configuration)
template: src=api.yaml.j2
dest="{{ wazuh_dir }}/api/configuration/api.yaml"
owner=root
group=ossec
mode=0640
notify: restart wazuh-manager
when:
- wazuh_manager_config.cluster.node_type == "master"
tags:
- init
- config
- name: Installing the local_internal_options.conf - name: Installing the local_internal_options.conf
template: src=var-ossec-etc-local-internal-options.conf.j2 template: src=var-ossec-etc-local-internal-options.conf.j2
dest="{{ wazuh_dir }}/etc/local_internal_options.conf" dest="{{ wazuh_dir }}/etc/local_internal_options.conf"
@ -197,7 +184,7 @@
- config - config
- name: Enable client-syslog - name: Enable client-syslog
command: "{{ wazuh_dir }}/bin/ossec-control enable client-syslog" command: "{{ wazuh_dir }}/bin/wazuh-control enable client-syslog"
notify: restart wazuh-manager notify: restart wazuh-manager
when: when:
- csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout
@ -219,7 +206,7 @@
- config - config
- name: Enable ossec-agentlessd - name: Enable ossec-agentlessd
command: "{{ wazuh_dir }}/bin/ossec-control enable agentless" command: "{{ wazuh_dir }}/bin/wazuh-control enable agentless"
notify: restart wazuh-manager notify: restart wazuh-manager
when: when:
- agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout

4
roles/wazuh/ansible-wazuh-manager/vars/install_cmake.yml Normal file
View File

@ -0,0 +1,4 @@
# Install cmake vars
cmake_version: 3.18.3
cmake_download_url: "http://packages.wazuh.com/utils/cmake/cmake-{{ cmake_version }}.tar.gz"