--- - name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl apt: name: - apt-transport-https - ca-certificates - gnupg - acl state: present cache_valid_time: 3600 install_recommends: false register: wazuh_manager_https_packages_installed until: wazuh_manager_https_packages_installed is succeeded - name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14) become: true shell: | set -o pipefail curl -s {{ wazuh_manager_config.repo.gpg }} | apt-key add - args: warn: false executable: /bin/bash changed_when: false when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Download Wazuh repository key get_url: url: "{{ wazuh_manager_config.repo.gpg }}" dest: "{{ wazuh_manager_config.repo.path }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Import Wazuh GPG key command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_manager_config.repo.keyring_path }} --import {{ wazuh_manager_config.repo.path }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_custom_packages_installation_manager_enabled args: creates: "{{ wazuh_manager_config.repo.keyring_path }}" - name: Debian/Ubuntu | Set permissions for Wazuh GPG key file: path: "{{ wazuh_manager_config.repo.keyring_path }}" mode: '0644' when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: filename: wazuh_repo repo: "{{ wazuh_manager_config.repo.apt }}" state: present update_cache: true changed_when: false when: - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: cis_distribution_filename: cis_debian_linux_rcl.txt - name: Debian/Ubuntu | Install OpenJDK-8 repo apt_repository: repo: 'ppa:openjdk-r/ppa' state: present update_cache: true when: - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - when: - wazuh_manager_config.cis_cat.disable == 'no' - wazuh_manager_config.cis_cat.install_java == 'yes' block: - name: Debian/Ubuntu | Install OpenJDK 1.8 apt: name=openjdk-8-jre state=present cache_valid_time=3600 tags: - init - name: Debian/Ubuntu | Install OpenSCAP apt: name: - "{{ 'openscap-scanner' if ansible_distribution_version >= '24.04' else 'libopenscap8' }}" - xsltproc state: present cache_valid_time: 3600 update_cache: yes install_recommends: false register: wazuh_manager_openscap_installed until: wazuh_manager_openscap_installed is succeeded retries: 3 delay: 10 when: wazuh_manager_config.openscap.disable == 'no' tags: - init - name: Debian/Ubuntu | Get OpenSCAP installed version shell: "dpkg-query --showformat='${Version}' --show {{ 'openscap-scanner' if ansible_distribution_version >= '24.04' else 'libopenscap8' }}" when: wazuh_manager_config.openscap.disable == 'no' register: openscap_version changed_when: false tags: - config - name: Debian/Ubuntu | Check if OpenSCAP version is >= 1.2 shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?" when: - wazuh_manager_config.openscap.disable == 'no' - openscap_version.stdout != "Not Installed" register: openscap_version_valid changed_when: false tags: - config - name: Debian/Ubuntu | Install wazuh-manager apt: name: - "wazuh-manager={{ wazuh_manager_version }}-*" state: present tags: init when: - not wazuh_custom_packages_installation_manager_enabled - include_tasks: "installation_from_custom_packages.yml" when: - wazuh_custom_packages_installation_manager_enabled