From 32e3d45ced5a0bc2ec65958e009655862399a1cb Mon Sep 17 00:00:00 2001 From: l Date: Wed, 24 Apr 2019 13:35:29 +0200 Subject: [PATCH 1/6] Changing CentOS install from Oracle JDK to OpenJDK --- .../ansible-elasticsearch/tasks/RedHat.yml | 12 ++---------- .../elastic-stack/ansible-logstash/tasks/RedHat.yml | 12 ++---------- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index f4da03035..a7dd11461 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -1,16 +1,8 @@ --- - when: elasticsearch_install_java block: - - name: RedHat/CentOS/Fedora | download Oracle Java RPM - get_url: - url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm - dest: /tmp/jre-8-linux-x64.rpm - headers: 'Cookie:oraclelicense=accept-securebackup-cookie' - register: oracle_java_task_rpm_download - - - name: RedHat/CentOS/Fedora | Install Oracle Java RPM - package: name=/tmp/jre-8-linux-x64.rpm state=present - when: oracle_java_task_rpm_download is defined + - name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 + yum: name=java-1.8.0-openjdk state=present register: oracle_java_task_rpm_installed tags: install diff --git a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml index a5ad2cb38..04c79d552 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml @@ -1,16 +1,8 @@ --- - when: logstash_install_java block: - - name: RedHat/CentOS/Fedora | download Oracle Java RPM - get_url: - url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm - dest: /tmp/jre-8-linux-x64.rpm - headers: 'Cookie:oraclelicense=accept-securebackup-cookie' - register: oracle_java_task_rpm_download - - - name: RedHat/CentOS/Fedora | Install Oracle Java RPM - package: name=/tmp/jre-8-linux-x64.rpm state=present - when: oracle_java_task_rpm_download is defined + - name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 + yum: name=java-1.8.0-openjdk state=present register: oracle_java_task_rpm_installed tags: install From a29eb8faf47c0554cba655747798279ec0329b36 Mon Sep 17 00:00:00 2001 From: l Date: Wed, 24 Apr 2019 16:45:29 +0200 Subject: [PATCH 2/6] Using OpenJDK for cis-cat and for elastic at Debian based distros --- .../ansible-elasticsearch/tasks/Debian.yml | 20 ++----------------- .../ansible-logstash/tasks/Debian.yml | 19 ++---------------- .../ansible-wazuh-agent/tasks/Debian.yml | 20 ++----------------- .../ansible-wazuh-manager/tasks/Debian.yml | 20 ++----------------- .../ansible-wazuh-manager/tasks/RedHat.yml | 17 ++-------------- 5 files changed, 10 insertions(+), 86 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 162ed42f7..1957fe01d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -6,24 +6,8 @@ - when: elasticsearch_install_java block: - - name: Debian/Ubuntu | Setting webupd8 repository - apt_repository: - repo: 'ppa:webupd8team/java' - codename: 'xenial' - update_cache: yes - - - name: Debian/Ubuntu | Accept Oracle Java 8 license - debconf: - name: oracle-java8-installer - question: shared/accepted-oracle-license-v1-1 - value: true - vtype: boolean - - - name: Debian/Ubuntu | Oracle Java 8 installer - apt: - name: oracle-java8-installer - state: present - cache_valid_time: 3600 + - name: Debian/Ubuntu | Install OpenJDK 1.8 + apt: name: openjdk-8-jre state: present cache_valid_time: 3600 tags: install - name: Debian/Ubuntu | Add Elasticsearch GPG key. diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index 1fc5a1f80..2966b2250 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -6,23 +6,8 @@ - when: logstash_install_java block: - - name: Debian/Ubuntu | Setting webupd8 repository - apt_repository: - repo: 'ppa:webupd8team/java' - codename: 'xenial' - - - name: Debian/Ubuntu | Accept Oracle Java 8 license - debconf: - name: oracle-java8-installer - question: shared/accepted-oracle-license-v1-1 - value: true - vtype: boolean - - - name: Debian/Ubuntu | Oracle Java 8 installer - apt: - name: oracle-java8-installer - state: present - cache_valid_time: 3600 + - name: Debian/Ubuntu | Install OpenJDK 1.8 + apt: name: openjdk-8-jre state: present cache_valid_time: 3600 tags: install - name: Debian/Ubuntu | Add Elasticsearch GPG key diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 5fef8bad0..99ccfad79 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -22,24 +22,8 @@ - wazuh_agent_config.cis_cat.disable == 'no' - wazuh_agent_config.cis_cat.install_java == 'yes' block: - - name: Debian/Ubuntu | Setting webupd8 repository - apt_repository: - repo: 'ppa:webupd8team/java' - codename: 'xenial' - update_cache: yes - - - name: Debian/Ubuntu | Accept Oracle Java 8 license - debconf: - name: oracle-java8-installer - question: shared/accepted-oracle-license-v1-1 - value: true - vtype: boolean - - - name: Debian/Ubuntu | Oracle Java 8 installer - apt: - name: oracle-java8-installer - state: present - cache_valid_time: 3600 + - name: Debian/Ubuntu | Install OpenJDK 1.8 + apt: name: openjdk-8-jre state: present cache_valid_time: 3600 tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 05b6a5a72..95cda804b 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -36,24 +36,8 @@ - wazuh_manager_config.cis_cat.disable == 'no' - wazuh_manager_config.cis_cat.install_java == 'yes' block: - - name: Debian/Ubuntu | Setting webupd8 repository - apt_repository: - repo: 'ppa:webupd8team/java' - codename: 'xenial' - update_cache: yes - - - name: Debian/Ubuntu | Accept Oracle Java 8 license - debconf: - name: oracle-java8-installer - question: shared/accepted-oracle-license-v1-1 - value: true - vtype: boolean - - - name: Debian/Ubuntu | Oracle Java 8 installer - apt: - name: oracle-java8-installer - state: present - cache_valid_time: 3600 + - name: Debian/Ubuntu | Install OpenJDK 1.8 + apt: name: openjdk-8-jre state: present cache_valid_time: 3600 tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index e603508aa..cbaf45e77 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -94,27 +94,14 @@ - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat') and ansible_distribution_major_version == '6' ) - wazuh_manager_config.cluster.disable != 'yes' -- name: RedHat/CentOS/Fedora | download Oracle Java RPM - get_url: - url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm - dest: /tmp/jre-8-linux-x64.rpm - headers: 'Cookie:oraclelicense=accept-securebackup-cookie' - register: oracle_java_task_rpm_download +- name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 + yum: name=java-1.8.0-openjdk state=present when: - wazuh_manager_config.cis_cat.disable == 'no' - wazuh_manager_config.cis_cat.install_java == 'yes' tags: - init -- name: RedHat/CentOS/Fedora | Install Oracle Java RPM - package: name=/tmp/jre-8-linux-x64.rpm state=present - when: - - wazuh_manager_config.cis_cat.disable == 'no' - - wazuh_manager_config.cis_cat.install_java == 'yes' - - oracle_java_task_rpm_download is defined - tags: - - init - - name: Set Distribution CIS filename for RHEL5/CentOS-5 set_fact: cis_distribution_filename: cis_rhel5_linux_rcl.txt From b84aecfa673bf4a50927603d757878d6603cdd6f Mon Sep 17 00:00:00 2001 From: l Date: Wed, 24 Apr 2019 17:30:40 +0200 Subject: [PATCH 3/6] Fixing syntax error at Debian tasks --- roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-logstash/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 1957fe01d..4c4585833 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -7,7 +7,7 @@ - when: elasticsearch_install_java block: - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name: openjdk-8-jre state: present cache_valid_time: 3600 + apt: name= openjdk-8-jre state= present cache_valid_time= 3600 tags: install - name: Debian/Ubuntu | Add Elasticsearch GPG key. diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index 2966b2250..2323e8ea9 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -7,7 +7,7 @@ - when: logstash_install_java block: - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name: openjdk-8-jre state: present cache_valid_time: 3600 + apt: name= openjdk-8-jre state= present cache_valid_time= 3600 tags: install - name: Debian/Ubuntu | Add Elasticsearch GPG key diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 99ccfad79..7f9cebe8d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -23,7 +23,7 @@ - wazuh_agent_config.cis_cat.install_java == 'yes' block: - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name: openjdk-8-jre state: present cache_valid_time: 3600 + apt: name= openjdk-8-jre state= present cache_valid_time= 3600 tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 95cda804b..05482f76c 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -37,7 +37,7 @@ - wazuh_manager_config.cis_cat.install_java == 'yes' block: - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name: openjdk-8-jre state: present cache_valid_time: 3600 + apt: name= openjdk-8-jre state= present cache_valid_time= 3600 tags: - init From 9e2276091143859785469e45f1c6dc29a59aa3ab Mon Sep 17 00:00:00 2001 From: l Date: Wed, 24 Apr 2019 17:41:27 +0200 Subject: [PATCH 4/6] Fixing whitespaces --- roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-logstash/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 4c4585833..7f4602f2b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -7,7 +7,7 @@ - when: elasticsearch_install_java block: - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name= openjdk-8-jre state= present cache_valid_time= 3600 + apt: name=openjdk-8-jre state=present cache_valid_time=3600 tags: install - name: Debian/Ubuntu | Add Elasticsearch GPG key. diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index 2323e8ea9..18d1c9ea1 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -7,7 +7,7 @@ - when: logstash_install_java block: - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name= openjdk-8-jre state= present cache_valid_time= 3600 + apt: name=openjdk-8-jre state=present cache_valid_time=3600 tags: install - name: Debian/Ubuntu | Add Elasticsearch GPG key diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 7f9cebe8d..540bc4ec2 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -23,7 +23,7 @@ - wazuh_agent_config.cis_cat.install_java == 'yes' block: - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name= openjdk-8-jre state= present cache_valid_time= 3600 + apt: name=openjdk-8-jre state=present cache_valid_time=3600 tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 05482f76c..b90bb1884 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -37,7 +37,7 @@ - wazuh_manager_config.cis_cat.install_java == 'yes' block: - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name= openjdk-8-jre state= present cache_valid_time= 3600 + apt: name=openjdk-8-jre state=present cache_valid_time=3600 tags: - init From bcd535351b7f947141fdac812c609d236f8dc9fe Mon Sep 17 00:00:00 2001 From: jm404 Date: Tue, 30 Apr 2019 16:59:29 +0200 Subject: [PATCH 5/6] Adding openjdk repository for Ubuntu 14.04. --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 16 ++++++++++++---- .../wazuh/ansible-wazuh-manager/tasks/Debian.yml | 14 +++++++++++--- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 7584d7149..48e456856 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -37,12 +37,20 @@ cis_distribution_filename: cis_debian_linux_rcl.txt when: ansible_os_family == "Debian" +- name: Debian/Ubuntu | Install OpenJDK-8 repo + apt_repository: + repo: 'ppa:openjdk-r/ppa' + state: present + update_cache: true + when: + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - when: - - wazuh_agent_config.cis_cat.disable == 'no' - - wazuh_agent_config.cis_cat.install_java == 'yes' + - wazuh_agent_config.cis_cat.disable == 'no' + - wazuh_agent_config.cis_cat.install_java == 'yes' block: - - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name=openjdk-8-jre state=present cache_valid_time=3600 + - name: Debian/Ubuntu | Install OpenJDK 1.8 + apt: name=openjdk-8-jre state=present cache_valid_time=3600 tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index b960b20d8..9e9a94d7f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -64,12 +64,20 @@ set_fact: cis_distribution_filename: cis_debian_linux_rcl.txt +- name: Debian/Ubuntu | Install OpenJDK-8 repo + apt_repository: + repo: 'ppa:openjdk-r/ppa' + state: present + update_cache: true + when: + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - when: - - wazuh_manager_config.cis_cat.disable == 'no' - - wazuh_manager_config.cis_cat.install_java == 'yes' + - wazuh_manager_config.cis_cat.disable == 'no' + - wazuh_manager_config.cis_cat.install_java == 'yes' block: - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name=openjdk-8-jre state=present cache_valid_time=3600 + apt: name=openjdk-8-jre state=present cache_valid_time=3600 tags: - init From cd3fcc78573b2099089e3eb67b52cce0576a8f2c Mon Sep 17 00:00:00 2001 From: jm404 Date: Tue, 30 Apr 2019 17:00:44 +0200 Subject: [PATCH 6/6] Fixed linting problems for molecule tests. --- roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml | 2 +- roles/elastic-stack/ansible-logstash/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-logstash/tasks/RedHat.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 715cd9efe..f786d2a35 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -7,7 +7,7 @@ - when: elasticsearch_install_java block: - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name=openjdk-8-jre state=present cache_valid_time=3600 + apt: name=openjdk-8-jre state=present cache_valid_time=3600 tags: install - name: Debian/Ubuntu | Add Elasticsearch GPG key. diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 396df728c..79632b315 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -2,7 +2,7 @@ - when: elasticsearch_install_java block: - name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 - yum: name=java-1.8.0-openjdk state=present + yum: name=java-1.8.0-openjdk state=present register: oracle_java_task_rpm_installed tags: install diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index f81427e32..403ee88fc 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -7,7 +7,7 @@ - when: logstash_install_java block: - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name=openjdk-8-jre state=present cache_valid_time=3600 + apt: name=openjdk-8-jre state=present cache_valid_time=3600 tags: install - name: Debian/Ubuntu | Add Elasticsearch GPG key diff --git a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml index 5c0a96d82..ed16fbc5c 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml @@ -2,7 +2,7 @@ - when: logstash_install_java block: - name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 - yum: name=java-1.8.0-openjdk state=present + yum: name=java-1.8.0-openjdk state=present register: oracle_java_task_rpm_installed tags: install diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index b45591eb3..7540e1425 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -115,7 +115,7 @@ - wazuh_manager_config.cluster.disable != 'yes' - name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 - yum: name=java-1.8.0-openjdk state=present + yum: name=java-1.8.0-openjdk state=present when: - wazuh_manager_config.cis_cat.disable == 'no' - wazuh_manager_config.cis_cat.install_java == 'yes'