Merge pull request #562 from wazuh/4.2.0-sources

Install cmake in sources installation

playbooks/wazuh-kibana.yml

@@ -3,4 +3,5 @@
   roles:
     - role: ../roles/elastic-stack/ansible-kibana
       elasticsearch_network_host: <YOUR_ELASTICSEARCH_IP>
-
+  vars:
+    ansible_shell_allow_world_readable_temp: true

playbooks/wazuh-odfe-production-ready.yml

@@ -186,3 +186,4 @@
           node6:
             name: node-6
             ip: "{{ hostvars.kibana.private_ip }}"
+          ansible_shell_allow_world_readable_temp: true

playbooks/wazuh-odfe-single.yml

@@ -18,4 +18,5 @@
       instances:
         node1:
           name: node-1       # Important: must be equal to elasticsearch_node_name.
-          ip: <your server host>
+          ip: <your server host>
+      ansible_shell_allow_world_readable_temp: true

playbooks/wazuh-opendistro-kibana.yml

@@ -2,3 +2,5 @@
 - hosts: es1
   roles:
     - role: ../roles/opendistro/opendistro-kibana
+  vars:
+    ansible_shell_allow_world_readable_temp: true

roles/opendistro/opendistro-elasticsearch/defaults/main.yml

@@ -32,6 +32,12 @@ package_repos:
     opendistro:
       baseurl: 'https://packages.wazuh.com/4.x/yum/'
       gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
+  apt:
+    opendistro:
+      baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
+      gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
+    openjdk:
+      baseurl: 'deb http://deb.debian.org/debian stretch-backports main'
       
 opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig
 opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools

roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml

@@ -0,0 +1,43 @@
+
+---
+
+#- name: Install OpenDistro dependencies
+#  apt:
+#    name: [
+#      'unzip', 'wget', 'curl',
+#      'apt-transport-https', software-properties-common
+#    ]
+#    state: present
+
+- name: Add openjdk repository
+  apt_repository:
+    repo: "{{ package_repos.apt.openjdk.baseurl }}"
+    state: present
+    update_cache: yes
+
+- name: Install openjdk-11-jdk
+  apt:
+    name: openjdk-11-jdk
+    state: present
+  environment:
+    JAVA_HOME: /usr
+
+- name: Add Opendistro repository
+  block:
+    - name: Add apt repository signing key
+      apt_key:
+        url: "{{ package_repos.apt.opendistro.gpg }}"
+        state: present
+
+    - name: Add Opendistro repository
+      apt_repository:
+        repo: "{{ package_repos.apt.opendistro.baseurl }}"
+        state: present
+        update_cache: yes
+
+- name: Install OpenDistro
+  apt:
+    name: opendistroforelasticsearch={{ opendistro_version }}-1
+    state: present
+  register: install
+  tags: install 

roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml

@@ -39,5 +39,12 @@
       - wget
       - unzip
 
+  - name: Install OpenDistro
+    package:
+      name: opendistroforelasticsearch-{{ opendistro_version }}
+      state: present
+    register: install
+    tags: install
+
   tags:
   - install

roles/opendistro/opendistro-elasticsearch/tasks/main.yml

@@ -8,18 +8,13 @@
     - import_tasks: RedHat.yml
       when: ansible_os_family == 'RedHat'
 
-    - name: Install OpenDistro
+    - import_tasks: Debian.yml
-      package:
+      when: ansible_os_family == 'Debian'
-        name: opendistroforelasticsearch-{{ opendistro_version }}
-        state: present
-      register: install
-      tags: install
 
     - name: Remove elasticsearch configuration file
       file:
         path: "{{ opendistro_conf_path }}/elasticsearch.yml"
         state: absent
-      when: install.changed
       tags: install
 
     - name: Copy Configuration File
@@ -30,13 +25,12 @@
         group: elasticsearch
         mode: 0640
         marker: "## {mark} Opendistro general settings ##"
-      when: install.changed
       tags: install
 
     - include_tasks: security_actions.yml
       tags:
         - security
-      when: install.changed
+
 
     - name: Configure OpenDistro Elasticsearch JVM memmory.
       template:

roles/opendistro/opendistro-kibana/defaults/main.yml

@@ -21,7 +21,10 @@ package_repos:
     opendistro:
       baseurl: 'https://packages.wazuh.com/4.x/yum/'
       gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-
+  apt:
+    opendistro:
+      baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
+      gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
 
 # API credentials
 wazuh_api_credentials:
@@ -38,7 +41,7 @@ kibana_telemetry_optin: "false"
 kibana_telemetry_enabled: "false"
 
 opendistro_admin_password: changeme
-opendistro_kibana_user: admin
+opendistro_kibana_user: changeme
 opendistro_kibana_password: changeme
 local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
 

roles/opendistro/opendistro-kibana/tasks/Debian.yml

@@ -0,0 +1,23 @@
+---
+- block:
+
+  - include_vars: debian.yml 
+  - name: Add apt repository signing key
+    apt_key:
+      url: "{{ package_repos.apt.opendistro.gpg }}"
+      state: present
+
+  - name: Debian systems | Add OpenDistro repo
+    apt_repository:
+      repo: "{{ package_repos.apt.opendistro.baseurl }}"
+      state: present
+      update_cache: yes
+
+  - name: Install Kibana
+    apt:
+      name: "opendistroforelasticsearch-kibana={{ kibana_opendistro_version }}"
+      state: present
+    register: install
+
+  tags:
+    - install 

roles/opendistro/opendistro-kibana/tasks/RedHat.yml

@@ -10,5 +10,11 @@
       gpgkey: "{{ package_repos.yum.opendistro.gpg }}"
       gpgcheck: true
 
+  - name: Install Kibana
+    package:
+      name: "opendistroforelasticsearch-kibana-{{ kibana_opendistro_version }}"
+      state: present
+    register: install
+    
   tags:
     - install

roles/opendistro/opendistro-kibana/tasks/main.yml

@@ -11,12 +11,8 @@
 - import_tasks: RedHat.yml
   when: ansible_os_family == 'RedHat'
 
-- name: Install Kibana
+- import_tasks: Debian.yml
-  package:
+  when: ansible_os_family == 'Debian'
-    name: "opendistroforelasticsearch-kibana-{{ kibana_opendistro_version }}"
-    state: present
-  register: install
-  tags: install
 
 - name: Remove Kibana configuration file
   file:

roles/opendistro/opendistro-kibana/vars/debian.yml

@@ -0,0 +1,3 @@
+---
+
+kibana_opendistro_version: 1.12.0

roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml

@@ -97,6 +97,12 @@
   tags:
     - config
 
+- name: Install dependencies to build from sources
+  apt:
+    name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'libssl-dev', 'g++']
+    state: present
+  when: wazuh_manager_sources_installation.enabled
+
 - name: Debian/Ubuntu | Install wazuh-manager
   apt:
     name:

roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml

@@ -92,6 +92,12 @@
   when:
     - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
 
+- name: Install dependencies to build from sources
+  yum:
+    name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'openssl-devel', 'gcc-c++']
+    state: present
+  when: wazuh_manager_sources_installation.enabled
+
 - name: CentOS/RedHat/Amazon | Install wazuh-manager
   package:
     name: "wazuh-manager-{{ wazuh_manager_version }}"

roles/wazuh/ansible-wazuh-manager/tasks/install_cmake.yml

@@ -0,0 +1,40 @@
+---
+
+# Vars
+# cmake_download_url: http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz
+# cmake_version: 3.18.3
+#
+  - name: Include CMake install vars 
+    include_vars: install_cmake.yml
+
+  - name: Download CMake sources
+    get_url:
+      url: "{{ cmake_download_url }}"
+      dest: "/tmp/cmake-{{ cmake_version }}.tar.gz"
+    register: cmake_download
+
+  - name: Unpack CMake
+    unarchive:
+      copy: no
+      dest: /tmp/
+      src: "{{ cmake_download.dest }}"
+    when: cmake_download.changed
+    register: cmake_unpack
+
+  - name: Configure CMake
+    command: "./bootstrap"
+    args:
+      chdir: "/tmp/cmake-{{ cmake_version }}"
+    when: cmake_unpack.changed
+    register: cmake_configure
+
+  - name: Install CMake
+    shell: make && make install
+    args:
+      chdir: "/tmp/cmake-{{ cmake_version }}"
+    when: cmake_configure.changed
+
+  - name: Delete installation files
+    file:
+      state: absent
+      path: "/tmp/cmake-{{ cmake_version }}"

roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml

@@ -2,8 +2,8 @@
 # Wazuh Manager
   - name: Check if Wazuh Manager is already installed
     stat:
-      path: "{{ wazuh_dir }}/bin/ossec-control"
+      path: "{{ wazuh_dir }}/bin/wazuh-control"
-    register: wazuh_ossec_control
+    register: wazuh_control_path
 
   - name: Installing Wazuh Manager from sources
     block:
@@ -18,6 +18,9 @@
             - tar
           state: present
 
+      - name: Install CMake 
+        include_tasks: install_cmake.yml
+
       - name: Removing old files
         file:
           path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
@@ -102,6 +105,8 @@
         changed_when: installation_result == 0
         args:
           chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
+        environment:
+          PATH: /usr/local/bin:{{ ansible_env.PATH }}
 
       - name: Cleanup downloaded files
         file:
@@ -114,7 +119,7 @@
           state: absent
 
     when:
-      - not wazuh_ossec_control.stat.exists
+      - not wazuh_control_path.stat.exists
       - wazuh_manager_sources_installation.enabled
     tags:
       - manager

roles/wazuh/ansible-wazuh-manager/tasks/main.yml

@@ -141,19 +141,6 @@
   when:
     - shared_agent_config is defined
 
-- name: Installing the api.yaml (api configuration)
-  template: src=api.yaml.j2
-            dest="{{ wazuh_dir }}/api/configuration/api.yaml"
-            owner=root
-            group=ossec
-            mode=0640
-  notify: restart wazuh-manager
-  when:
-    - wazuh_manager_config.cluster.node_type == "master"
-  tags:
-    - init
-    - config
-
 - name: Installing the local_internal_options.conf
   template: src=var-ossec-etc-local-internal-options.conf.j2
             dest="{{ wazuh_dir }}/etc/local_internal_options.conf"
@@ -197,7 +184,7 @@
     - config
 
 - name: Enable client-syslog
-  command: "{{ wazuh_dir }}/bin/ossec-control enable client-syslog"
+  command: "{{ wazuh_dir }}/bin/wazuh-control enable client-syslog"
   notify: restart wazuh-manager
   when:
     - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout
@@ -219,7 +206,7 @@
     - config
 
 - name: Enable ossec-agentlessd
-  command: "{{ wazuh_dir }}/bin/ossec-control enable agentless"
+  command: "{{ wazuh_dir }}/bin/wazuh-control enable agentless"
   notify: restart wazuh-manager
   when:
     - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout

roles/wazuh/ansible-wazuh-manager/vars/install_cmake.yml

@@ -0,0 +1,4 @@
+# Install cmake vars
+
+cmake_version: 3.18.3
+cmake_download_url: "http://packages.wazuh.com/utils/cmake/cmake-{{ cmake_version }}.tar.gz"