Update Wazuh API Installation

[jm404]

Hi all,

The Wazuh API installation is currently done with:

wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml

Lines 2 to 11 in c2ae0bf

	- name: RedHat/CentOS | Install Nodejs repo
	yum_repository:
	name: NodeJS
	description: NodeJS-$releasever
	baseurl: https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/x86_64
	gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
	gpgcheck: true
	changed_when: false
	when:
	- ansible_distribution_major_version|int > 5

Which is currently outdated. It's required to update it according to the Wazuh Documentation

Tasks:

• Update API tasks for RedHat and Debian families

• Update conditionals and remove AmazonLinux | Get Nodejs task

• Test installation on both OS families and ensure API is correctly installed

Best regards

Jose

[rshad]

Working Branch: feature-326-wazuh-api-installation

[rshad]

Hi all!

We reformulated the tasks so we follow the latest documentation from Wazuh.

Changes can be resumed as:

• Add task to check if node service already exists (RedHat) 686c02b

wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml

Lines 2 to 4 in 686c02b

	- name: Check if NodeJS service Exists
	stat: path=/usr/bin/node
	register: node_service_status

• Adapt NodeJS installation tasks for Debian 4dd7805

wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml

Lines 41 to 49 in 686c02b

	- name: Debian/Ubuntu | Installing NodeJS repository
	become: true
	shell: |
	set -o pipefail
	curl -sL https://deb.nodesource.com/setup_8.x | bash -
	args:
	warn: false
	executable: /bin/bash
	changed_when: false

• Adapt NodeJS installation tasks for Amazon/Fedora 3c70bc5

wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml

Lines 6 to 25 in 686c02b

	- name: Centos | Get Nodejs
	shell: |
	set -o pipefail
	curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
	args:
	warn: false
	executable: /bin/bash
	creates: /etc/yum.repos.d/nodesource-el7.repo
	when:
	- ansible_distribution_major_version|int > 5 and not node_service_status.stat.exists
	- name: AmazonLinux/Fedora| Get Nodejs
	shell: |
	set -o pipefail
	curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
	args:
	warn: false
	executable: /bin/bash
	when:
	- ( ansible_distribution|lower == "amazon" or ansible_distribution|lower == 'fedora' ) and not node_service_status.stat.exists

Kr,

Rshad

[rshad]

Hi all!

After getting a first valid version of the requested configuration, we thought about having a more efficient and better designed Ansible configuration. This improvement is based on the implementation of the following 3 points:

1- Try to use Ansible modules instead of some alternatives like (shell: curl ....)
2- Use the package module to unify the packages installation instead of using yum_repository and apt for each of RedHat and Debian distributions respectively.
3- Centralize the common configurations in main.yml instead of repeating them for each distribution separately.

Tasks

To do so, we added the following configuration.

• Removed all the tasks related to NodeJS installation from both tasks files:

• • roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
• • roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
• • Related Commits
• • • d85d210

---

• Centralize all the needed configurations "Tasks" in the role's main.yml file

• • Added a task to check if node service is already installed on the system.
    

    wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/main.yml

    Lines 10 to 13 in 565a84c

    	- name: Check if NodeJS service exists
    	stat:
    	path: /usr/bin/node
    	register: node_service_status

• • **If Not Then Run** Added a Block of two tasks to download the NodeJS repository bash script and to install the downloaded script.
    

    wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/main.yml

    Lines 15 to 28 in 565a84c

    	- name: Install NodeJS repository
    	block:
    	- name: Download NodeJS repository script
    	get_url:
    	url: "https://{{ repo_dic[ansible_os_family|lower] }}.nodesource.com/setup_8.x"
    	dest: /etc/nodejs.sh
    	mode: '0775'
    	changed_when: false
    	- name: Run NodeJS bash script
    	command: sh /etc/nodejs.sh
    	register: nodejs_script
    	changed_when: nodejs_script.rc == 0
    	when: not node_service_status.stat.exists

• • Added a task to install NodeJs.

Note: This task will run in both cases, when NodeJS is already installed or it's not, but using Ansible package module, will prevent it from being executed if node is installed and then no Idempotecne errors are produced.

wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/main.yml

Lines 30 to 36 in 565a84c

	- name: Installing NodeJS
	package:
	name: nodejs
	state: present
	register: nodejs_service_is_installed
	until: nodejs_service_is_installed is succeeded
	tags: init

---

Variables

As you can see in the task "Download NodeJS repository script"

wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/main.yml

Lines 17 to 22 in 565a84c

	- name: Download NodeJS repository script
	get_url:
	url: "https://{{ repo_dic[ansible_os_family|lower] }}.nodesource.com/setup_8.x"
	dest: /etc/nodejs.sh
	mode: '0775'
	changed_when: false

We use a dictionary repo_dic to check to which distribution, NodeJS repository should be downloaded; so in

• wazuh-ansible/roles/wazuh/ansible-wazuh-manager/defaults/main.yml

We added the definition of repo_dic as follows:

wazuh-ansible/roles/wazuh/ansible-wazuh-manager/defaults/main.yml

Lines 329 to 331 in 565a84c

	repo_dic:
	debian: "deb"
	redhat: "rpm"

Kr,

Rshad