Expect tag deleted

Fixes to include 4.2 changes Fixes to include 4.2 changes Merge pull request wazuh#682 from wazuh/680-expect-fix-master Expect tag deleted (master) Refactoring ansible role Fix molecule tests Fix ansible roles
pyToshka · Dec 20, 2021 · 4a14122 · 4a14122
1 parent 84291ba
commit 4a14122
Show file tree

Hide file tree

Showing 63 changed files with 364 additions and 231 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -12,4 +12,4 @@ warn_list:
 # This is for false positives
 # 504: Do not use 'local_action', use 'delegate_to: localhost'
 skip_list:
-  - '504'
+  - '504'
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -3,10 +3,16 @@ name: Molecule tests for Wazuh Ansible
 on: [pull_request, workflow_dispatch, release]
 
 jobs:
-
   scenario-default:
     name: Default scenario (smoke)
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        distro:
+          - fedora34
+          - debian9
+          - centos7
+          - ubuntu2004
     steps:
       - name: Check out the codebase.
         uses: actions/checkout@v2
@@ -21,7 +27,7 @@ jobs:
       - name: Set up Python 3.
         uses: actions/setup-python@v2
         with:
-          python-version: '3.x'
+          python-version: '3.8'
 
       - name: Install poetry
         run: pip3 install poetry
@@ -34,10 +40,16 @@ jobs:
         env:
           PY_COLORS: '1'
           ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_DISTRO: "${{ matrix.distro }}"
 
   scenario-distributed-wazuh-elk:
     name: Distributed ELK + Wazuh
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        distro:
+          - debian9
+          - centos7
     steps:
       - name: Check out the codebase.
         uses: actions/checkout@v2
@@ -51,7 +63,7 @@ jobs:
       - name: Set up Python 3.
         uses: actions/setup-python@v2
         with:
-          python-version: '3.x'
+          python-version: '3.8'
 
       - name: Install poetry
         run: pip3 install poetry
@@ -65,10 +77,16 @@ jobs:
         env:
           PY_COLORS: '1'
           ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_DISTRO: "${{ matrix.distro }}"
 
   scenario-distributed-wazuh-elk-xpack:
     name: Distributed ELK + XPack + Wazuh
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        distro:
+          - debian9
+          - centos7
     steps:
       - name: Check out the codebase.
         uses: actions/checkout@v2
@@ -82,7 +100,7 @@ jobs:
       - name: Set up Python 3.
         uses: actions/setup-python@v2
         with:
-          python-version: '3.x'
+          python-version: '3.8'
 
       - name: Install poetry
         run: pip3 install poetry
@@ -95,10 +113,16 @@ jobs:
         env:
           PY_COLORS: '1'
           ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_DISTRO: "${{ matrix.distro }}"
 
   scenario-distributed-wazuh-odfe:
     name: Distributed ODFE + Wazuh
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        distro:
+          - debian9
+          - centos7
     steps:
       - name: Check out the codebase.
         uses: actions/checkout@v2
@@ -112,7 +136,7 @@ jobs:
       - name: Set up Python 3.
         uses: actions/setup-python@v2
         with:
-          python-version: '3.x'
+          python-version: '3.8'
 
       - name: Install poetry
         run: pip3 install poetry
@@ -125,3 +149,4 @@ jobs:
         env:
           PY_COLORS: '1'
           ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_DISTRO: "${{ matrix.distro }}"
diff --git a/.gitignore b/.gitignore
@@ -10,4 +10,8 @@ wazuh-manager.yml
 Pipfile.lock
 *.swp
 molecule/**/es_certs/
-molecule/**/opendistro/
+molecule/**/opendistro/
+.idea/
+Vagrantfile
+playbook.yml
+.vagrant/
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,42 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.0.1
+    hooks:
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+      - id: check-byte-order-marker
+      - id: check-executables-have-shebangs
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: debug-statements
+      - id: check-yaml
+        files: .*\.(yaml|yml)$
+  - repo: https://github.com/PyCQA/flake8.git
+    rev: 4.0.1
+    hooks:
+      - id: flake8
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.26.3
+    hooks:
+      - id: yamllint
+        files: \.(yaml|yml)$
+        args: [-c=.yamllint]
+        types: [file, yaml]
+        entry: yamllint --strict -f parsable
+  - repo: https://github.com/ansible/ansible-lint
+    rev: v5.3.1
+    hooks:
+      - id: ansible-lint
+        always_run: true
+        pass_filenames: false
+        verbose: true
+        entry: env ANSIBLE_LIBRARY=plugins ansible-lint --force-color -p -v
+        additional_dependencies:
+          - 'ansible-core>=2.11'
+  - repo: https://github.com/openstack-dev/bashate.git
+    rev: 2.1.0
+    hooks:
+      - id: bashate
+        entry: bashate --error . --verbose --ignore=E006,E040
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -73,7 +73,7 @@ All notable changes to this project will be documented in this file.
 - Update to [Wazuh v4.1.1](https://github.com/wazuh/wazuh/blob/v4.1.1/CHANGELOG.md#v411)
 - Apply changes in ossec.conf file
 - Modify jvm.options to [v7.10](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/jvm-options.html)
-- Change opendistro repository packages (opendistroforelasticsearch, elasticsearch-oss) to Wazuh URL and GPG key 
+- Change opendistro repository packages (opendistroforelasticsearch, elasticsearch-oss) to Wazuh URL and GPG key
 
 ## [v4.0.4]
 

diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -3,9 +3,11 @@
   hosts: all
   roles:
     - role: ../../roles/wazuh/ansible-wazuh-manager
-      vars:
-    - { role: ../../roles/wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: "elasticsearch_centos7:9200" }
+    - role: ../../roles/wazuh/ansible-filebeat
   vars:
+    filebeat_output_elasticsearch_hosts: "elasticsearch_centos7:9200"
+    wazuh_template_branch: "{{ lookup('env','WAZUH_TEMPLATE_BRANCH') or 'v4.2.5' }}"
+    wazuh_manager_version: "{{ lookup('env','WAZUH_MANAGER_VERSION') or '4.2.5-1' }}"
   pre_tasks:
     - name: (converge) fix missing packages in cloud images
       apt:
@@ -14,4 +16,4 @@
           - gpg-agent
         state: present
         update_cache: yes
-      when: ansible_distribution == "Ubuntu"
+      when: ansible_distribution == "Ubuntu"
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -9,9 +9,9 @@ lint: |
   ansible-lint roles
   flake8 molecule
 platforms:
-  - name: wazuh_manager_centos7
-    hostname: wazuh-mgr01
-    image: geerlingguy/docker-centos7-ansible
+  - name: "wazuh_manager_${MOLECULE_DISTRO:-fedora34}"
+    hostname: "wazuh-mgr01-${MOLECULE_DISTRO:-fedora34}"
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-fedora34}-ansible:latest"
     command: /sbin/init
     pre_build_image: true
     privileged: true
@@ -22,21 +22,6 @@ platforms:
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
 
-  - name: wazuh_manager_debian9
-    hostname: wazuh-mgr02
-    image: geerlingguy/docker-debian9-ansible
-    command: /sbin/init
-    pre_build_image: true
-    privileged: true
-    memory_reservation: 512m
-    memory: 1024m
-    groups:
-      - managers
-    ulimits:
-      - nofile:262144:262144
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-
 provisioner:
   name: ansible
   ansible_args:

diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
@@ -11,7 +11,6 @@ def get_wazuh_version():
     return "4.4.0"
 
 
-
 def test_wazuh_packages_are_installed(host):
     """Test the main packages are installed."""
     manager = host.package("wazuh-manager")
@@ -32,7 +31,7 @@ def test_wazuh_services_are_running(host):
     # assert api.is_running
     output = host.check_output(
         'ps aux | grep ossec | tr -s " " | cut -d" " -f11'
-        )
+    )
     assert 'ossec-authd' in output
     assert 'wazuh-modulesd' in output
     assert 'wazuh-db' in output

diff --git a/molecule/distributed-wazuh-elk-xpack/converge.yml b/molecule/distributed-wazuh-elk-xpack/converge.yml
@@ -5,7 +5,13 @@
   hosts: all
   become: true
   become_user: root
+  gather_facts: true
   vars:
+    packages:
+      Debian:
+        - iproute2
+      RedHat:
+        - iproute
     endpoints_hostvars: '{{ managers_hostvars | union(elastic_hostvars) | union(kibana_hostvars)  }}'
   roles:
     - role: ../../roles/elastic-stack/ansible-elasticsearch
@@ -16,6 +22,23 @@
         - inventory_hostname in groups['elastic']
         - ansible_hostname == 'wazuh-es01'
   pre_tasks:
+    - name: Wait for systemd to complete initialization. # noqa 303
+      command: systemctl is-system-running
+      register: systemctl_status
+      until: >
+        'running' in systemctl_status.stdout or
+        'degraded' in systemctl_status.stdout
+      retries: 30
+      delay: 5
+      when: ansible_service_mgr == 'systemd'
+      changed_when: false
+      failed_when: systemctl_status.rc > 1
+
+    - name: Install iproute2
+      package:
+        name: "{{ packages[ansible_os_family] }}"
+        state: present
+
     - name: (converge) build instances list dynamically for cert generator consumption
       set_fact:
         elk_endpoint_list: "{{ elk_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}"
@@ -91,4 +114,4 @@
         update_cache: yes
       when:
         - ansible_distribution == "Ubuntu"
-        - inventory_hostname in groups['agents']
+        - inventory_hostname in groups['agents']
diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml
@@ -22,4 +22,4 @@ wazuh_agent_authd:
   enable: true
   port: 1515
   ssl_agent_ca: null
-  ssl_auto_negotiate: 'no'
+  ssl_auto_negotiate: 'no'
diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml
@@ -17,12 +17,14 @@ kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}"
 elastic_stack_version: 7.10.2
 filebeat_version: 7.10.2
 
+
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.4.0-1
-wazuh_agent_version: 4.4.0-1
+wazuh_agent_version: "{{ lookup('env','WAZUH_AGENT_VERSION') or '4.2.5-1' }}"
+wazuh_template_branch: "{{ lookup('env','WAZUH_TEMPLATE_BRANCH') or 'v4.2.5' }}"
+wazuh_manager_version: "{{ lookup('env','WAZUH_MANAGER_VERSION') or '4.2.5-1' }}"
 
 # Kibana role appends it automatically.
-wazuh_version: 4.4.0
+wazuh_version: "{{ lookup('env','WAZUH_KIBANA_VERSION') or '4.2.5' }}"
 
 ########################################################
 # General ELK stack variables

diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/elastic.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/elastic.yml
@@ -14,4 +14,4 @@ elasticsearch_bootstrap_node: true
 elasticsearch_cluster_nodes: '{{ elastic_addresses }}'
 elasticsearch_discovery_nodes: '{{ elastic_addresses }}'
 
-elasticsearch_jvm_xms: 1024
+elasticsearch_jvm_xms: 1024
diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/managers.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/managers.yml
@@ -18,4 +18,4 @@ wazuh_manager_config:
     node_name: '{{ ansible_hostname }}'
     node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}"
     nodes: '{{ manager_addresses }}'
-    hidden: 'no'
+    hidden: 'no'