Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ansible linting #1363

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

ansible linting #1363

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions roles/wazuh/wazuh-indexer/handlers/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
- name: restart wazuh-indexer
service:
- name: Restart wazuh-indexer
ansible.builtin.service:
name: wazuh-indexer
state: restarted
30 changes: 14 additions & 16 deletions roles/wazuh/wazuh-indexer/tasks/Debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,48 +1,46 @@

---

- name: Update cache
apt:
update_cache: yes
ansible.builtin.apt:
update_cache: true

- name: Debian 9 (Stretch)
when: (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "9")
block:

- name: Install Wazuh indexer dependencies
apt:
ansible.builtin.apt:
name: [
'unzip', 'wget', 'curl', 'apt-transport-https', software-properties-common
'unzip', 'wget', 'curl', 'apt-transport-https', 'software-properties-common'
]
state: present

- name: Add Wazuh indexer repository
block:
- name: Add apt repository signing key
get_url:
ansible.builtin.get_url:
url: "{{ wazuh_repo.gpg }}"
dest: "{{ wazuh_repo.path }}"
mode: "0644"

- name: Import Wazuh repository GPG key
command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_repo.keyring_path }} --import {{ wazuh_repo.path }}"
ansible.builtin.command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_repo.keyring_path }} --import {{ wazuh_repo.path }}"
args:
creates: "{{ wazuh_repo.keyring_path }}"

- name: Set permissions for Wazuh repository GPG key
file:
ansible.builtin.file:
path: "{{ wazuh_repo.keyring_path }}"
mode: '0644'
mode: "0644"

- name: Add Wazuh indexer repository
apt_repository:
ansible.builtin.apt_repository:
repo: "{{ wazuh_repo.apt }}"
state: present
filename: 'wazuh-indexer'
update_cache: yes
filename: "wazuh-indexer"
update_cache: true

- name: Install Wazuh indexer
apt:
ansible.builtin.apt:
name: wazuh-indexer={{ indexer_version }}-1
state: present
register: install
tags: install
tags: install
2 changes: 1 addition & 1 deletion roles/wazuh/wazuh-indexer/tasks/RMRedHat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
- name: RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)
yum_repository:
ansible.builtin.yum_repository:
name: wazuh_repo
state: absent
changed_when: false
106 changes: 52 additions & 54 deletions roles/wazuh/wazuh-indexer/tasks/RedHat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,56 +1,54 @@
---
- block:

- name: RedHat/CentOS/Fedora | Add Wazuh indexer repo
yum_repository:
name: wazuh_repo
description: Wazuh yum repository
baseurl: "{{ wazuh_repo.yum }}"
gpgkey: "{{ wazuh_repo.gpg }}"
gpgcheck: true
changed_when: false



- name: Amazon Linux | Configure system settings
block:
- name: Install Amazon extras in Amazon Linux 2
yum:
name: amazon-linux-extras
state: present
when:
- ansible_distribution == 'Amazon'
- ansible_distribution_major_version == '2'

- name: Configure vm.max_map_count
lineinfile:
line: "vm.max_map_count=262144"
dest: "/etc/sysctl.conf"
insertafter: EOF
create: true
become: yes

- name: Update vm.max_map_count
shell: sysctl -p
become: yes

when:
- ansible_distribution == 'Amazon'

- name: RedHat/CentOS/Fedora | Install Indexer dependencies
yum:
name: "{{ packages }}"
vars:
packages:
- wget
- unzip

- name: Install Wazuh indexer
package:
name: wazuh-indexer-{{ indexer_version }}
state: present
register: install
tags: install

- name: Redhat install
tags:
- install
- install
block:
- name: RedHat/CentOS/Fedora | Add Wazuh indexer repo
ansible.builtin.yum_repository:
name: wazuh_repo
description: Wazuh yum repository
baseurl: "{{ wazuh_repo.yum }}"
gpgkey: "{{ wazuh_repo.gpg }}"
gpgcheck: true
changed_when: false

- name: Amazon Linux | Configure system settings
when:
- ansible_distribution == 'Amazon'
block:
- name: Install Amazon extras in Amazon Linux 2
ansible.builtin.yum:
name: amazon-linux-extras
state: present
when:
- ansible_distribution == 'Amazon'
- ansible_distribution_major_version == '2'

- name: Configure vm.max_map_count
ansible.builtin.lineinfile:
line: "vm.max_map_count=262144"
dest: "/etc/sysctl.conf"
mode: "0644"
insertafter: EOF
create: true
become: true

- name: Update vm.max_map_count
ansible.builtin.command: sysctl -p
become: true
changed_when: false

- name: RedHat/CentOS/Fedora | Install Indexer dependencies
ansible.builtin.yum:
name: "{{ packages }}"
vars:
packages:
- wget
- unzip

- name: Install Wazuh indexer
ansible.builtin.package:
name: wazuh-indexer-{{ indexer_version }}
state: present
register: install
tags: install
125 changes: 63 additions & 62 deletions roles/wazuh/wazuh-indexer/tasks/local_actions.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,78 +1,79 @@
---
- name: Check if certificates already exists
stat:
ansible.builtin.stat:
path: "{{ local_certs_path }}"
register: certificates_folder
delegate_to: localhost
become: no
become: false
tags:
- generate-certs

- name: Generate certificates if certificates folder is missing
run_once: true
delegate_to: localhost
become: false
tags:
- generate-certs
when:
- not certificates_folder.stat.exists
block:
- name: Local action | Create local temporary directory for certificates generation
ansible.builtin.file:
path: "{{ local_certs_path }}"
mode: "0755"
state: directory

- block:

- name: Local action | Create local temporary directory for certificates generation
file:
path: "{{ local_certs_path }}"
mode: 0755
state: directory

- name: Local action | Check that the generation tool exists
stat:
path: "{{ local_certs_path }}/wazuh-certs-tool.sh"
register: tool_package

- name: Local action | Download certificates generation tool
get_url:
url: "{{ certs_gen_tool_url }}"
dest: "{{ local_certs_path }}/wazuh-certs-tool.sh"
when: not tool_package.stat.exists and not macos_localhost
- name: Local action | Check that the generation tool exists
ansible.builtin.stat:
path: "{{ local_certs_path }}/wazuh-certs-tool.sh"
register: tool_package

- name: Local action | Prepare the certificates generation template file
template:
src: "templates/config.yml.j2"
dest: "{{ local_certs_path }}/config.yml"
mode: 0644
register: tlsconfig_template
- name: Local action | Download certificates generation tool
ansible.builtin.get_url:
url: "{{ certs_gen_tool_url }}"
dest: "{{ local_certs_path }}/wazuh-certs-tool.sh"
mode: "0755"
when: not tool_package.stat.exists and not macos_localhost

- name: Local action | Generate the node & admin certificates in local
command: >-
bash {{ local_certs_path }}/wazuh-certs-tool.sh -A
when: not macos_localhost
- name: Local action | Prepare the certificates generation template file
ansible.builtin.template:
src: "templates/config.yml.j2"
dest: "{{ local_certs_path }}/config.yml"
mode: "0644"
register: tlsconfig_template

- name: Local action | Check for Docker installation on macOS
command: docker --version
register: docker_check
when: macos_localhost
ignore_errors: yes
- name: Local action | Generate the node & admin certificates in local
ansible.builtin.command: >-
bash {{ local_certs_path }}/wazuh-certs-tool.sh -A
changed_when: false
when: not macos_localhost

- name: Local action | Fail if Docker is not installed
fail:
msg: "Docker is not installed on this host."
when: (docker_check.rc | default(1)) != 0 and macos_localhost
- name: Local action | Check for Docker installation on macOS
ansible.builtin.command: docker --version
register: docker_check
changed_when: false
when: macos_localhost
ignore_errors: true

- name: Local action | Run Docker container on macOS
community.docker.docker_container:
name: wazuh-cert-tool
image: "{{ wazuh_certs_tool_docker }}"
state: started
auto_remove: true
volumes:
- "{{ local_certs_path }}/config.yml:/config/certs.yml"
- "{{ local_certs_path }}/wazuh-certificates/:/certificates/"
when: macos_localhost
- name: Local action | Fail if Docker is not installed
ansible.builtin.fail:
msg: "Docker is not installed on this host."
when: (docker_check.rc | default(1)) != 0 and macos_localhost

- name: Local action | Remove Docker image after execution
community.docker.docker_image:
name: "{{ wazuh_certs_tool_docker }}"
state: absent
force_absent: yes
when: macos_localhost
- name: Local action | Run Docker container on macOS
community.docker.docker_container:
name: wazuh-cert-tool
image: "{{ wazuh_certs_tool_docker }}"
state: started
auto_remove: true
volumes:
- "{{ local_certs_path }}/config.yml:/config/certs.yml"
- "{{ local_certs_path }}/wazuh-certificates/:/certificates/"
when: macos_localhost

run_once: true
delegate_to: localhost
become: no
tags:
- generate-certs
when:
- not certificates_folder.stat.exists
- name: Local action | Remove Docker image after execution
community.docker.docker_image:
name: "{{ wazuh_certs_tool_docker }}"
state: absent
force_absent: true
when: macos_localhost
Loading