--- - name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl apt: name: - apt-transport-https - ca-certificates - gnupg - acl state: present cache_valid_time: 3600 install_recommends: false register: wazuh_manager_https_packages_installed until: wazuh_manager_https_packages_installed is succeeded - name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14) become: true shell: | set -o pipefail curl -s {{ wazuh_manager_config.repo.gpg }} | apt-key add - args: warn: false executable: /bin/bash changed_when: false when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Download Wazuh repository key get_url: url: "{{ wazuh_manager_config.repo.gpg }}" dest: "{{ wazuh_manager_config.repo.path }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Import Wazuh GPG key command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_manager_config.repo.keyring_path }} --import {{ wazuh_manager_config.repo.path }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_custom_packages_installation_manager_enabled args: creates: "{{ wazuh_manager_config.repo.keyring_path }}" - name: Debian/Ubuntu | Set permissions for Wazuh GPG key file: path: "{{ wazuh_manager_config.repo.keyring_path }}" mode: '0644' when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: filename: wazuh_repo repo: "{{ wazuh_manager_config.repo.apt }}" state: present update_cache: true changed_when: false when: - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: cis_distribution_filename: cis_debian_linux_rcl.txt - name: Debian/Ubuntu | Install OpenJDK-8 repo apt_repository: repo: 'ppa:openjdk-r/ppa' state: present update_cache: true when: - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - when: - wazuh_manager_config.cis_cat.disable == 'no' - wazuh_manager_config.cis_cat.install_java == 'yes' block: - name: Debian/Ubuntu | Install OpenJDK 1.8 apt: name=openjdk-8-jre state=present cache_valid_time=3600 tags: - init - name: Debian/Ubuntu | Install OpenScap apt: name: "{{ item }}" state: present loop: "{{ openscap_packages }}" when: wazuh_agent_config.openscap.disable == 'no' tags: - init register: wazuh_agent_OpenScap_package_install until: wazuh_agent_OpenScap_package_install is succeeded vars: openscap_packages: "{{(ansible_distribution_version is version('24.04', '>=')) | ternary(['openscap-scanner', 'xsltproc'], ['libopenscap8', 'xsltproc']) }}" - name: Debian/Ubuntu | Get OpenScap installed version shell: "dpkg-query --showformat='${Version}' --show {{ openscap_package_name }}" register: openscap_version changed_when: false when: wazuh_agent_config.openscap.disable == 'no' vars: openscap_package_name: "{{ (ansible_distribution_version is version('24.04', '>=')) | ternary('openscap-scanner', 'libopenscap8') }}" tags: - config - name: Debian/Ubuntu | Check OpenScap version shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?" when: wazuh_manager_config.openscap.disable == 'no' register: openscap_version_valid changed_when: false tags: - config - name: Debian/Ubuntu | Install wazuh-manager apt: name: - "wazuh-manager={{ wazuh_manager_version }}-*" state: present tags: init when: - not wazuh_custom_packages_installation_manager_enabled - include_tasks: "installation_from_custom_packages.yml" when: - wazuh_custom_packages_installation_manager_enabled