---
- import_tasks: "RedHat.yml"
  when: ansible_os_family == "RedHat"

- import_tasks: "Debian.yml"
  when: ansible_os_family == "Debian"

- name: Linux | Install wazuh-agent
  package: name=wazuh-agent state=latest
  tags:
    - init

- name: Retrieving authd Credentials
  include_vars: authd_pass.yml
  tags:
    - config

- name: Copy CA, SSL key and cert for authd
  copy:
    src: "{{ item }}"
    dest: "/var/ossec/etc/{{ item | basename }}"
    mode: 0644
  with_items:
    - "{{ wazuh_agent_authd.ssl_agent_ca }}"
    - "{{ wazuh_agent_authd.ssl_agent_cert }}"
    - "{{ wazuh_agent_authd.ssl_agent_key }}"
  tags:
    - config
  when:
    - wazuh_agent_authd.ssl_agent_ca is not none
    - wazuh_agent_authd.enable == true

- name: Linux | Check if client.keys exists
  stat: path=/var/ossec/etc/client.keys
  register: check_keys
  tags:
    - config

- name: Linux | Register agent
  shell: >
    /var/ossec/bin/agent-auth
    -m {{ wazuh_manager_ip }}
    -p {{ wazuh_agent_authd.port }}
    {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %}
    {% if wazuh_agent_authd.ssl_agent_ca is not none %}
    -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
    -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
    -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
    {% endif %}
    {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %}
  register: agent_auth_output
  when:
    - wazuh_agent_authd.enable == true
    - check_keys.stat.size == 0
    - wazuh_manager_ip is not none
  tags:
    - config

- name: Linux | Verify agent registration
  shell: echo {{ agent_auth_output }} | grep "Valid key created"
  when:
    - wazuh_agent_authd.enable == true
    - check_keys.stat.size == 0
    - wazuh_manager_ip is not none
  tags:
    - config

- name: Linux | Installing agent configuration (ossec.conf)
  template: src=var-ossec-etc-ossec-agent.conf.j2
            dest=/var/ossec/etc/ossec.conf
            owner=root
            group=ossec
            mode=0644
  notify: restart wazuh-agent
  tags:
    - init
    - config

- name: Linux | Ensure Wazuh Agent service is started and enabled
  service:
    name: wazuh-agent
    enabled: yes
    state: started

- import_tasks: "RMRedHat.yml"
  when: ansible_os_family == "RedHat"

- import_tasks: "RMDebian.yml"
  when: ansible_os_family == "Debian"