Skip to content

Commit

Permalink
add(#59): add the manager role
Browse files Browse the repository at this point in the history 
This commit adds the initial provisioning structure with the manager role (with its playbook, tasks, etc.). This allows to install the any manager version using custom packages or repo.

Note: When using the repo it uses `4.x` gpg, we should discuss if we want to extend the support
  • Loading branch information
roronoasins committed Jun 16, 2023
1 parent f09f1cc commit 2ad6af2
Show file tree
Hide file tree
Showing 11 changed files with 245 additions and 0 deletions.
4 changes: 4 additions & 0 deletions provisioning/playbooks/wazuh-manager.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
- hosts: manager
roles:
- role: ../roles/wazuh/manager
13 changes: 13 additions & 0 deletions provisioning/roles/wazuh/manager/defaults/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
## Global
wazuh_manager_version: "{{ packages_version | default(manager_production_version) }}"
wazuh_dir: "/var/ossec"
service_name: wazuh-manager
wazuh_manager_config_defaults:
repo: '{{ wazuh_repo }}'


# Custom packages installation
wazuh_custom_packages_installation_manager_enabled: false
wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
8 changes: 8 additions & 0 deletions provisioning/roles/wazuh/manager/handlers/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
- name: start service
become: true
systemd:
name: "{{ service_name }}"
daemon_reload: true
state: started
enabled: true
23 changes: 23 additions & 0 deletions provisioning/roles/wazuh/manager/meta/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
galaxy_info:
author: Wazuh
description: Installing, deploying and configuring Wazuh Manager.
company: wazuh.com
license: license (GPLv3)
min_ansible_version: 2.0
platforms:
- name: EL
versions:
- all
- name: Ubuntu
versions:
- all
- name: Debian
versions:
- all
- name: Fedora
versions:
- all
galaxy_tags:
- monitoring
dependencies: []
64 changes: 64 additions & 0 deletions provisioning/roles/wazuh/manager/tasks/Debian.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
---
- name: Debian/Ubuntu | Install gnupg, apt-transport-https
become: true
apt:
name:
- gnupg
- apt-transport-https
state: present
cache_valid_time: 3600
install_recommends: false
register: wazuh_manager_https_packages_installed
until: wazuh_manager_https_packages_installed is succeeded

- name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)
become: true
shell: |
set -o pipefail
curl -s {{ wazuh_repo.gpg }} | apt-key add -
args:
warn: false
executable: /bin/bash
changed_when: false
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14
- not wazuh_custom_packages_installation_manager_enabled

- name: Debian/Ubuntu | Installing Wazuh repository key
apt_key:
url: "{{ wazuh_repo.gpg }}"
id: "{{ wazuh_repo.key_id }}"
when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- not wazuh_custom_packages_installation_manager_enabled

- name: Debian/Ubuntu | Add Wazuh repositories
apt_repository:
filename: wazuh_repo
repo: "{{ wazuh_repo.apt }}"
state: present
update_cache: true
changed_when: false
when:
- not wazuh_custom_packages_installation_manager_enabled

- name: Debian/Ubuntu | Install wazuh-manager
become: true
apt:
name: "wazuh-manager={{ wazuh_manager_version }}-*"
state: present
notify: start service
when: not wazuh_custom_packages_installation_manager_enabled

- name: Install Wazuh Manager from .deb packages
become: true
apt:
deb: "{{ wazuh_custom_packages_installation_manager_deb_url }}"
state: present
notify: start service
when:
- wazuh_custom_packages_installation_manager_enabled

- name: run the handlers after the installation
meta: flush_handlers
68 changes: 68 additions & 0 deletions provisioning/roles/wazuh/manager/tasks/RedHat.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
---
- name: RedHat/CentOS 5 | Install Wazuh repo
become: true
yum_repository:
name: wazuh_repo
description: Wazuh repository
baseurl: "{{ wazuh_repo.yum }}5/"
gpgkey: "{{ wazuh_repo.gpg }}-5"
gpgcheck: true
changed_when: false
when:
- (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
- (ansible_distribution_major_version|int <= 5)
- not wazuh_custom_packages_installation_manager_enabled
register: repo_v5_manager_installed

- name: RedHat/CentOS/Fedora | Install Wazuh repo
become: true
yum_repository:
name: wazuh_repo
description: Wazuh repository
baseurl: "{{ wazuh_repo.yum }}"
gpgkey: "{{ wazuh_repo.gpg }}"
gpgcheck: true
changed_when: false
when:
- repo_v5_manager_installed is skipped
- not wazuh_custom_packages_installation_manager_enabled

- name: CentOS/RedHat/Amazon | Install wazuh-manager
become: true
package:
name: "wazuh-manager-{{ wazuh_manager_version }}"
state: present
register: wazuh_manager_main_packages_installed
until: wazuh_manager_main_packages_installed is succeeded
when:
- ansible_os_family|lower == "redhat"
- not wazuh_custom_packages_installation_manager_enabled
notify: start service
tags:
- init

- block:
- name: Install Wazuh Manager from .rpm packages | yum
become: true
yum:
name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}"
state: present
when:
- not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8")
- not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")

- name: Install Wazuh Manager from .rpm packages | dnf
become: true
dnf:
name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}"
state: present
disable_gpg_check: True
when:
- (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or
(ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
notify: start service
when:
- wazuh_custom_packages_installation_manager_enabled

- name: run the handlers after the installation
meta: flush_handlers
27 changes: 27 additions & 0 deletions provisioning/roles/wazuh/manager/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
---

- name: Include vars/repo_vars.yml
include_vars: ../../vars/repo_vars.yml

- name: Include vars/repo.yml
include_vars: ../../vars/repo.yml
when: packages_repository == 'production'

- name: Include vars/repo_pre-release.yml
include_vars: ../../vars/repo_pre-release.yml
when: packages_repository == 'pre-release'

- name: Include vars/repo_staging.yml
include_vars: ../../vars/repo_staging.yml
when: packages_repository == 'staging'

- name: Include tasks based on OS
include_tasks: "{{ ansible_os_family }}.yml"

- name: Ensure Wazuh Manager service is started and enabled.
service:
name: "wazuh-manager"
enabled: true
state: started
tags:
- config
12 changes: 12 additions & 0 deletions provisioning/roles/wazuh/vars/repo.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
wazuh_repo:
apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
yum: 'https://packages.wazuh.com/4.x/yum/'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"

certs_gen_tool_version: 4.4

# Url of certificates generator tool
certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
12 changes: 12 additions & 0 deletions provisioning/roles/wazuh/vars/repo_pre-release.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
wazuh_repo:
apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main'
yum: 'https://packages-dev.wazuh.com/pre-release/yum/'
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"

certs_gen_tool_version: 4.4

# Url of certificates generator tool
certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
12 changes: 12 additions & 0 deletions provisioning/roles/wazuh/vars/repo_staging.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
wazuh_repo:
apt: 'deb https://packages-dev.wazuh.com/staging/apt/ unstable main'
yum: 'https://packages-dev.wazuh.com/staging/yum/'
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"

certs_gen_tool_version: 4.4

# Url of certificates generator tool
certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
2 changes: 2 additions & 0 deletions provisioning/roles/wazuh/vars/repo_vars.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
packages_repository: production
manager_production_version: 4.4.4

0 comments on commit 2ad6af2

Please sign in to comment.