From f6e020631e639d7f69a04b9f407f393a81ad74ca Mon Sep 17 00:00:00 2001 From: Christos Pollalis Date: Sat, 11 Apr 2020 02:15:42 +0300 Subject: [PATCH] Make agent registration via the rest API idempotent Check whether an error was returned by the HTTP POST to the `agents/` endpoint before invoking `/var/ossec/bin/manage_agents` in order to register a new agent. It seems like that if an agent has already been registered under the given name, the HTTP POST will return an error that'll cause the next task, which is meant to retrieve the agent information, to be skipped. That'll cause the agent registration task to fail in return. Instead, this change will cause the aforementioned task to be skipped, too. So, if an agent has already been successfully registered and the playbook is re-run, it'll run all the way to the end. If anything goes wrong (during the registration process) and the agent fails to start, the `restart wazuh-agent` handler will still fail. --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 9528aa33..a84e4020 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -124,7 +124,6 @@ password: "{{ api_pass }}" register: newagent_api notify: restart wazuh-agent - # changed_when: newagent_api.json.error == 0 vars: agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ inventory_hostname }}{% endif %}" when: @@ -133,7 +132,7 @@ become: false ignore_errors: true - - name: Linux | Retieve new agent data via rest-API + - name: Linux | Retrieve new agent data via rest-API uri: url: >- "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address @@ -164,7 +163,7 @@ when: - not check_keys.stat.exists or check_keys.stat.size == 0 - wazuh_agent_authd.registration_address is not none - - newagent_api.changed + - newagent_api.json.error == 0 notify: restart wazuh-agent when: