-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This commit adds the initial provisioning structure with the manager role (with its playbook, tasks, etc.). This allows to install the any manager version using custom packages or repo. Note: When using the repo it uses `4.x` gpg, we should discuss if we want to extend the support
- Loading branch information
roronoasins
committed
Jun 16, 2023
1 parent
f09f1cc
commit 2ad6af2
Showing
11 changed files
with
245 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
--- | ||
- hosts: manager | ||
roles: | ||
- role: ../roles/wazuh/manager |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- | ||
## Global | ||
wazuh_manager_version: "{{ packages_version | default(manager_production_version) }}" | ||
wazuh_dir: "/var/ossec" | ||
service_name: wazuh-manager | ||
wazuh_manager_config_defaults: | ||
repo: '{{ wazuh_repo }}' | ||
|
||
|
||
# Custom packages installation | ||
wazuh_custom_packages_installation_manager_enabled: false | ||
wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" | ||
wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
--- | ||
- name: start service | ||
become: true | ||
systemd: | ||
name: "{{ service_name }}" | ||
daemon_reload: true | ||
state: started | ||
enabled: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- | ||
galaxy_info: | ||
author: Wazuh | ||
description: Installing, deploying and configuring Wazuh Manager. | ||
company: wazuh.com | ||
license: license (GPLv3) | ||
min_ansible_version: 2.0 | ||
platforms: | ||
- name: EL | ||
versions: | ||
- all | ||
- name: Ubuntu | ||
versions: | ||
- all | ||
- name: Debian | ||
versions: | ||
- all | ||
- name: Fedora | ||
versions: | ||
- all | ||
galaxy_tags: | ||
- monitoring | ||
dependencies: [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
--- | ||
- name: Debian/Ubuntu | Install gnupg, apt-transport-https | ||
become: true | ||
apt: | ||
name: | ||
- gnupg | ||
- apt-transport-https | ||
state: present | ||
cache_valid_time: 3600 | ||
install_recommends: false | ||
register: wazuh_manager_https_packages_installed | ||
until: wazuh_manager_https_packages_installed is succeeded | ||
|
||
- name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14) | ||
become: true | ||
shell: | | ||
set -o pipefail | ||
curl -s {{ wazuh_repo.gpg }} | apt-key add - | ||
args: | ||
warn: false | ||
executable: /bin/bash | ||
changed_when: false | ||
when: | ||
- ansible_distribution == "Ubuntu" | ||
- ansible_distribution_major_version | int == 14 | ||
- not wazuh_custom_packages_installation_manager_enabled | ||
|
||
- name: Debian/Ubuntu | Installing Wazuh repository key | ||
apt_key: | ||
url: "{{ wazuh_repo.gpg }}" | ||
id: "{{ wazuh_repo.key_id }}" | ||
when: | ||
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) | ||
- not wazuh_custom_packages_installation_manager_enabled | ||
|
||
- name: Debian/Ubuntu | Add Wazuh repositories | ||
apt_repository: | ||
filename: wazuh_repo | ||
repo: "{{ wazuh_repo.apt }}" | ||
state: present | ||
update_cache: true | ||
changed_when: false | ||
when: | ||
- not wazuh_custom_packages_installation_manager_enabled | ||
|
||
- name: Debian/Ubuntu | Install wazuh-manager | ||
become: true | ||
apt: | ||
name: "wazuh-manager={{ wazuh_manager_version }}-*" | ||
state: present | ||
notify: start service | ||
when: not wazuh_custom_packages_installation_manager_enabled | ||
|
||
- name: Install Wazuh Manager from .deb packages | ||
become: true | ||
apt: | ||
deb: "{{ wazuh_custom_packages_installation_manager_deb_url }}" | ||
state: present | ||
notify: start service | ||
when: | ||
- wazuh_custom_packages_installation_manager_enabled | ||
|
||
- name: run the handlers after the installation | ||
meta: flush_handlers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
--- | ||
- name: RedHat/CentOS 5 | Install Wazuh repo | ||
become: true | ||
yum_repository: | ||
name: wazuh_repo | ||
description: Wazuh repository | ||
baseurl: "{{ wazuh_repo.yum }}5/" | ||
gpgkey: "{{ wazuh_repo.gpg }}-5" | ||
gpgcheck: true | ||
changed_when: false | ||
when: | ||
- (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') | ||
- (ansible_distribution_major_version|int <= 5) | ||
- not wazuh_custom_packages_installation_manager_enabled | ||
register: repo_v5_manager_installed | ||
|
||
- name: RedHat/CentOS/Fedora | Install Wazuh repo | ||
become: true | ||
yum_repository: | ||
name: wazuh_repo | ||
description: Wazuh repository | ||
baseurl: "{{ wazuh_repo.yum }}" | ||
gpgkey: "{{ wazuh_repo.gpg }}" | ||
gpgcheck: true | ||
changed_when: false | ||
when: | ||
- repo_v5_manager_installed is skipped | ||
- not wazuh_custom_packages_installation_manager_enabled | ||
|
||
- name: CentOS/RedHat/Amazon | Install wazuh-manager | ||
become: true | ||
package: | ||
name: "wazuh-manager-{{ wazuh_manager_version }}" | ||
state: present | ||
register: wazuh_manager_main_packages_installed | ||
until: wazuh_manager_main_packages_installed is succeeded | ||
when: | ||
- ansible_os_family|lower == "redhat" | ||
- not wazuh_custom_packages_installation_manager_enabled | ||
notify: start service | ||
tags: | ||
- init | ||
|
||
- block: | ||
- name: Install Wazuh Manager from .rpm packages | yum | ||
become: true | ||
yum: | ||
name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" | ||
state: present | ||
when: | ||
- not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") | ||
- not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") | ||
|
||
- name: Install Wazuh Manager from .rpm packages | dnf | ||
become: true | ||
dnf: | ||
name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" | ||
state: present | ||
disable_gpg_check: True | ||
when: | ||
- (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or | ||
(ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") | ||
notify: start service | ||
when: | ||
- wazuh_custom_packages_installation_manager_enabled | ||
|
||
- name: run the handlers after the installation | ||
meta: flush_handlers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
|
||
- name: Include vars/repo_vars.yml | ||
include_vars: ../../vars/repo_vars.yml | ||
|
||
- name: Include vars/repo.yml | ||
include_vars: ../../vars/repo.yml | ||
when: packages_repository == 'production' | ||
|
||
- name: Include vars/repo_pre-release.yml | ||
include_vars: ../../vars/repo_pre-release.yml | ||
when: packages_repository == 'pre-release' | ||
|
||
- name: Include vars/repo_staging.yml | ||
include_vars: ../../vars/repo_staging.yml | ||
when: packages_repository == 'staging' | ||
|
||
- name: Include tasks based on OS | ||
include_tasks: "{{ ansible_os_family }}.yml" | ||
|
||
- name: Ensure Wazuh Manager service is started and enabled. | ||
service: | ||
name: "wazuh-manager" | ||
enabled: true | ||
state: started | ||
tags: | ||
- config |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
wazuh_repo: | ||
apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' | ||
yum: 'https://packages.wazuh.com/4.x/yum/' | ||
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' | ||
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' | ||
wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" | ||
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" | ||
|
||
certs_gen_tool_version: 4.4 | ||
|
||
# Url of certificates generator tool | ||
certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
wazuh_repo: | ||
apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main' | ||
yum: 'https://packages-dev.wazuh.com/pre-release/yum/' | ||
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' | ||
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' | ||
wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" | ||
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" | ||
|
||
certs_gen_tool_version: 4.4 | ||
|
||
# Url of certificates generator tool | ||
certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
wazuh_repo: | ||
apt: 'deb https://packages-dev.wazuh.com/staging/apt/ unstable main' | ||
yum: 'https://packages-dev.wazuh.com/staging/yum/' | ||
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' | ||
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' | ||
wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" | ||
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" | ||
|
||
certs_gen_tool_version: 4.4 | ||
|
||
# Url of certificates generator tool | ||
certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
packages_repository: production | ||
manager_production_version: 4.4.4 |