---
- name: RedHat/CentOS | Install Nodejs repo
  yum_repository:
    name: NodeJS
    description: NodeJS-$releasever
    baseurl: https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/x86_64
    gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
    gpgcheck: true
  changed_when: false
  when:
    - ansible_distribution_major_version|int > 5

- name: Fedora | Install Nodejs repo
  yum_repository:
    name: NodeJS
    description: NodeJS-$releasever
    baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64
    gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
    gpgcheck: true
  when: ansible_distribution == 'Fedora'

- name: AmazonLinux | Get Nodejs
  shell: |
    set -o pipefail
    curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
  args:
    warn: false
    executable: /bin/bash
  when:
    - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"

- name: AmazonLinux | Install Nodejs repo
  yum:
    name: nodejs
    state: present
  register: wazuh_manager_amz_node_packages_installed
  until: wazuh_manager_amz_node_packages_installed is succeeded
  when:
    - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"

- name: RedHat/CentOS 5 | Install Wazuh repo
  yum_repository:
    name: wazuh_repo
    description: Wazuh repository
    baseurl: "{{ wazuh_agent_config.repo.yum }}5/"
    gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5"
    gpgcheck: true
  changed_when: false
  when:
    - (ansible_facts['os_family']|lower == 'redhat')
    - (ansible_os_family = ansible_distribution_major_version|int <= 5)
  register: repo_v5_manager_installed

- name: RedHat/CentOS/Fedora | Install Wazuh repo
  yum_repository:
    name: wazuh_repo
    description: Wazuh repository
    baseurl: "{{ wazuh_agent_config.repo.yum }}"
    gpgkey: "{{ wazuh_agent_config.repo.gpg }}"
    gpgcheck: true
  changed_when: false
  when:
    - repo_v5_manager_installed is undefined

- name: RedHat/CentOS/Fedora | Install openscap
  package: name={{ item }} state=present
  with_items:
    - openscap-scanner
    - openssl
  register: wazuh_manager_openscp_packages_installed
  until: wazuh_manager_openscp_packages_installed is succeeded
  tags:
    - init
  when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")

- name: CentOS 6 | Install Software Collections (SCL) Repository
  package: name=centos-release-scl state=present
  register: wazuh_manager_scl_packages_installed
  until: wazuh_manager_scl_packages_installed is succeeded
  when:
    - ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6'
    - wazuh_manager_config.cluster.disable != 'yes'

- name: RedHat 6 | Enabling Red Hat Software Collections (RHSCL)
  command: yum-config-manager --enable {{ item }}
  with_items:
    - rhui-REGION-rhel-server-rhscl
    - rhel-server-rhscl-6-rpms
  when:
    - ansible_distribution == 'RedHat' and  ansible_distribution_major_version == '6'
    - wazuh_manager_config.cluster.disable != 'yes'

- name: CentOS/RedHat 6 | Install Python 2.7
  package: name=python27 state=present
  register: wazuh_manager_python_package_installed
  until: wazuh_manager_python_package_installed is succeeded
  when:
    - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version == '6'
    - wazuh_manager_config.cluster.disable != 'yes'

- name: CentOS/RedHat 6 | Install python-cryptography module
  pip: name=cryptography state=present
  register: wazuh_manager_cryptography_package_installed
  until: wazuh_manager_cryptography_package_installed is succeeded
  environment:
    PATH: "/opt/rh/python27/root/usr/bin:{{ ansible_env.PATH }}"
    LD_LIBRARY_PATH: "/opt/rh/python27/root/usr/lib64:/opt/rh/python27/root/usr/lib"
  when:
    - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version == '6'
    - wazuh_manager_config.cluster.disable != 'yes'

- name: RedHat/CentOS/Fedora | Install python-cryptography module
  package: name=python-cryptography state=present
  register: wazuh_manager_cryptography_package_installed
  until: wazuh_manager_cryptography_package_installed is succeeded
  when:
    - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat') and ansible_distribution_major_version == '6' )
    - wazuh_manager_config.cluster.disable != 'yes'

- name: RedHat/CentOS/Fedora | Install OpenJDK 1.8
  yum: name=java-1.8.0-openjdk state=present
  when:
    - wazuh_manager_config.cis_cat.disable == 'no'
    - wazuh_manager_config.cis_cat.install_java == 'yes'
  tags:
    - init

- name: Set Distribution CIS filename for RHEL5/CentOS-5
  set_fact:
    cis_distribution_filename: cis_rhel5_linux_rcl.txt
  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == '5'

- name: Set Distribution CIS filename for RHEL6/CentOS-6
  set_fact:
    cis_distribution_filename: cis_rhel6_linux_rcl.txt
  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == '6'

- name: Set Distribution CIS filename for RHEL7/CentOS-7
  set_fact:
    cis_distribution_filename: cis_rhel7_linux_rcl.txt
  when:
    - ansible_os_family == "RedHat" and ansible_distribution_major_version == '7'

- name: Set Distribution CIS filename for RHEL7/CentOS-7 (Amazon)
  set_fact:
    cis_distribution_filename: cis_rhel7_linux_rcl.txt
  when:
    - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"