Merge pull request #288 from wazuh/feature-287-avoid-repo-hardcoding

Avoid repository hardcoding
wazuh · Oct 29, 2019 · b964d15 · b964d15
2 parents c4e6fa1 + f367e9b
commit b964d15
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 32 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,12 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## [v3.xx.x_x.x.x]
+
+## Changed
+
+- Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288)
+
 ## [v3.10.2_7.3.2]
 
 ### Added

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -31,6 +31,10 @@ wazuh_winagent_config:
   repo: https://packages.wazuh.com/3.x/windows/
   md5: 71650780904cbfc2e45eae4298adb7a3 
 wazuh_agent_config:
+  repo:
+    apt: 'https://packages.wazuh.com/3.x/apt/ stable main'
+    yum: 'https://packages.wazuh.com/3.x/yum/'
+    gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
   active_response:
     ar_disabled: 'no'
     ca_store: '/var/ossec/etc/wpk_root.pem'

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
@@ -22,13 +22,14 @@
     - ansible_distribution_major_version | int == 14
 
 - name: Debian/Ubuntu | Installing Wazuh repository key
-  apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  apt_key:
+    url: "{{ wazuh_agent_config.repo.gpg }}"
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
 
 - name: Debian/Ubuntu | Add Wazuh repositories
   apt_repository:
-    repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
+    repo: "deb {{ wazuh_agent_config.repo.apt }}"
     state: present
     update_cache: true
 

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
@@ -1,37 +1,28 @@
 ---
-- name: RedHat/CentOS/Fedora | Install Wazuh repo
-  yum_repository:
-    name: wazuh_repo
-    description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
-    gpgcheck: true
-  changed_when: false
-  when:
-    - ansible_distribution_major_version|int > 5
-
 - name: RedHat/CentOS 5 | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
     description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/5/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH-5
+    baseurl: "{{ wazuh_agent_config.repo.yum }}5/"
+    gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5"
     gpgcheck: true
   changed_when: false
   when:
-    - ansible_distribution_major_version|int == 5
+    - (ansible_facts['os_family']|lower == 'redhat')
+    - (ansible_distribution_major_version|int <= 5)
+  register: repo_v5_installed
 
-- name: AmazonLinux | Install Wazuh repo
+- name: RedHat/CentOS/Fedora | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
     description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    baseurl: "{{ wazuh_agent_config.repo.yum }}"
+    gpgkey: "{{ wazuh_agent_config.repo.gpg }}"
     gpgcheck: true
   changed_when: false
   when:
-    - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
-
+    - repo_v5_installed.skipped
+    
 - name: RedHat/CentOS/Fedora | download Oracle Java RPM
   get_url:
     url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -5,6 +5,10 @@ wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: latest
 
 wazuh_manager_config:
+  repo:
+    apt: 'https://packages.wazuh.com/3.x/apt/ stable main'
+    yum: 'https://packages.wazuh.com/3.x/yum/'
+    gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
   json_output: 'yes'
   alerts_log: 'yes'
   logall: 'no'

diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@@ -24,13 +24,14 @@
     - ansible_distribution_major_version | int == 14
 
 - name: Debian/Ubuntu | Installing Wazuh repository key
-  apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  apt_key:
+    url: "{{ wazuh_manager_config.repo.gpg }}"
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
 
 - name: Debian/Ubuntu | Add Wazuh repositories
   apt_repository:
-    repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
+    repo: "deb {{ wazuh_manager_config.repo.apt }}"
     state: present
     update_cache: true
   changed_when: false
@@ -49,7 +50,8 @@
     - ansible_distribution_major_version | int == 14
 
 - name: Debian/Ubuntu | Installing NodeJS repository key
-  apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key
+  apt_key:
+    url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
 

diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
@@ -38,26 +38,29 @@
   when:
     - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
 
-- name: RedHat/CentOS/Fedora | Install Wazuh repo
+- name: RedHat/CentOS 5 | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
     description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    baseurl: "{{ wazuh_manager_config.repo.yum }}5/"
+    gpgkey: "{{ wazuh_manager_config.repo.gpg }}-5"
     gpgcheck: true
   changed_when: false
   when:
-    - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
+    - (ansible_facts['os_family']|lower == 'redhat')
+    - (ansible_distribution_major_version|int <= 5)
+  register: repo_v5_manager_installed
 
-- name: RedHat/CentOS 5 | Install Wazuh repo
+- name: RedHat/CentOS/Fedora | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
     description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/5/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    baseurl: "{{ wazuh_manager_config.repo.yum }}"
+    gpgkey: "{{ wazuh_manager_config.repo.gpg }}"
     gpgcheck: true
+  changed_when: false
   when:
-    - ansible_distribution_major_version|int == 5
+    - repo_v5_manager_installed.skipped
 
 - name: RedHat/CentOS/Fedora | Install openscap
   package: name={{ item }} state=present