search

wazuh / qa-system-framework

GNU General Public License v2.0
1 stars 3 forks source link

Add manager and agent roles #59

Closed roronoasins closed 9 months ago

roronoasins commented 1 year ago
dev-branch
59-add-manager-agent-roles

Description

As a part of #57, we need to add a folder structure to the upcoming roles and some of them. We can start with the pair of manager-agent.

We will use the roles and playbooks from wazuh-ansible as a reference.

roronoasins commented 1 year ago

I have added the manager role to the repo within qa-system-framework/provisioning/roles/wazuh/manager path but I had the followings errors when trying to use the handler as wazuh-ansible

TASK [../roles/wazuh/manager : Ensure Wazuh Manager service is started and enabled.] *************************************************************************************************************************
fatal: [manager1]: FAILED! => {"changed": false, "msg": "Unable to enable service wazuh-manager: Synchronizing state of wazuh-manager.service with SysV service script with /lib/systemd/systemd-sysv-install.\nExecuting: /lib/systemd/systemd-sysv-install enable wazuh-manager\nFailed to reload daemon: Method call timed out\nupdate-rc.d: error: no runlevel symlinks to modify, aborting!\n"}

Don't know if the handler is triggered or skipped since there is no logging about handlers. Tried to manually import it but nothing happened

Tomorrow will try to fix this or even add a new handler that uses wazuh-control instead or another way

roronoasins commented 1 year ago

The first provisioning structure is like follows:

qa-system-framework/
|-- provisioning/
|   |-- playbooks/
|   `-- roles/
|       `-- wazuh/
|           |-- manager/
|           |   |-- defauts/
|           |   |-- handlers/
|           |   |-- meta/
|           |   `-- tasks/
|           `-- vars/
|-- src/
|   `-- ...
|-- tests/
|   `-- ...
`-- ...

It is possible to install the manager both via repo or custom package. Here we have both scenarios reproduced:

Install via custom pakcages
inv.yml ```yml manager: hosts: manager1: ip: 172.31.6.27 ansible_host: 172.31.6.27 ansible_user: qa ansible_connection: ssh wazuh_custom_packages_installation_manager_enabled: true wazuh_custom_packages_installation_manager_rpm_url: https://packages.wazuh.com/4.x/yum/wazuh-manager-4.4.1-1.x86_64.rpm manager2: ip: 172.31.10.218 ansible_host: 172.31.10.218 ansible_user: qa ansible_connection: ssh wazuh_custom_packages_installation_manager_enabled: true wazuh_custom_packages_installation_manager_deb_url: https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-manager/wazuh-manager_4.3.10-1_amd64.deb vars: {} all: vars: ansible_ssh_common_args: -o StrictHostKeyChecking=no ansible_winrm_server_cert_validation: ignore ansible_ssh_private_key_file: /path/to/key ```
Playbook run and installation check 1. Install the managers using ansible ```bash pc@pc:~/qa-system-framework/provisioning/playbooks$ ansible-playbook -i /tmp/ wazuh-manager.yml PLAY [manager] *************************************************************************************** TASK [Gathering Facts] ******************************************************************************* ok: [manager1] ok: [manager2] TASK [../roles/wazuh/manager : Include vars/repo_vars.yml] ******************************************* ok: [manager1] ok: [manager2] TASK [../roles/wazuh/manager : Include vars/repo.yml] ************************************************ ok: [manager1] ok: [manager2] TASK [../roles/wazuh/manager : Include vars/repo_pre-release.yml] ************************************ skipping: [manager1] skipping: [manager2] TASK [../roles/wazuh/manager : Include vars/repo_staging.yml] **************************************** skipping: [manager1] skipping: [manager2] TASK [../roles/wazuh/manager : Include tasks based on OS] ******************************************** included: qa-system-framework/provisioning/roles/wazuh/manager/tasks/RedHat.yml for manager1 included: qa-system-framework/provisioning/roles/wazuh/manager/tasks/Debian.yml for manager2 TASK [../roles/wazuh/manager : RedHat/CentOS 5 | Install Wazuh repo] ********************************* skipping: [manager1] TASK [../roles/wazuh/manager : RedHat/CentOS/Fedora | Install Wazuh repo] **************************** skipping: [manager1] TASK [../roles/wazuh/manager : CentOS/RedHat/Amazon | Install wazuh-manager] ************************* skipping: [manager1] TASK [../roles/wazuh/manager : Install Wazuh Manager from .rpm packages | yum] *********************** skipping: [manager1] TASK [../roles/wazuh/manager : Install Wazuh Manager from .rpm packages | dnf] *********************** changed: [manager1] TASK [../roles/wazuh/manager : run the handlers after the installation] ****************************** RUNNING HANDLER [../roles/wazuh/manager : start service] ********************************************* TASK [../roles/wazuh/manager : start service] ******************************************************** ok: [manager2] RUNNING HANDLER [../roles/wazuh/manager : start service] ********************************************* changed: [manager1] TASK [../roles/wazuh/manager : Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)] ********** skipping: [manager2] TASK [../roles/wazuh/manager : Debian/Ubuntu | Installing Wazuh repository key] ********************** skipping: [manager2] TASK [../roles/wazuh/manager : Debian/Ubuntu | Add Wazuh repositories] ******************************* skipping: [manager2] TASK [../roles/wazuh/manager : Debian/Ubuntu | Install wazuh-manager] ******************************** skipping: [manager2] TASK [../roles/wazuh/manager : Install Wazuh Manager from .deb packages] ***************************** changed: [manager2] TASK [../roles/wazuh/manager : run the handlers after the installation] ****************************** TASK [../roles/wazuh/manager : Ensure Wazuh Manager service is started and enabled.] ***************** ok: [manager1] RUNNING HANDLER [../roles/wazuh/manager : Ensure Wazuh Manager service is started and enabled.] ****** changed: [manager2] TASK [../roles/wazuh/manager : Ensure Wazuh Manager service is started and enabled.] ***************** ok: [manager2] PLAY RECAP ******************************************************************************************* manager1 : ok=7 changed=2 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 manager2 : ok=8 changed=2 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 pc@pc:~/qa-system-framework/provisioning/playbooks$ ``` 2. Check the installation ``` root@ip-172-31-10-218:/home/qa# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.3.10" WAZUH_REVISION="40323" WAZUH_TYPE="server" root@ip-172-31-10-218:/home/qa# ``` ``` [root@ip-172-31-6-27 qa]# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.4.1" WAZUH_REVISION="40406" WAZUH_TYPE="server" [root@ip-172-31-6-27 qa]# ```
Install via repo
inv.yml ```yml manager: hosts: manager1: ip: 172.31.6.27 ansible_host: 172.31.6.27 ansible_user: qa ansible_connection: ssh manager2: ip: 172.31.10.218 ansible_host: 172.31.10.218 ansible_user: qa ansible_connection: ssh packages_version: 4.3.10 vars: {} all: vars: ansible_ssh_common_args: -o StrictHostKeyChecking=no ansible_winrm_server_cert_validation: ignore ansible_ssh_private_key_file: /path/to/key ```
Playbook run and installation check 1. Install the managers using ansible ```bash pc@pc:~/qa-system-framework/provisioning/playbooks$ ansible-playbook -i /tmp/inv.yml wazuh-manager.yml PLAY [manager] *************************************************************************************** TASK [Gathering Facts] ******************************************************************************* ok: [manager1] ok: [manager2] TASK [../roles/wazuh/manager : Include vars/repo_vars.yml] ******************************************* ok: [manager1] ok: [manager2] TASK [../roles/wazuh/manager : Include vars/repo.yml] ************************************************ ok: [manager1] ok: [manager2] TASK [../roles/wazuh/manager : Include vars/repo_pre-release.yml] ************************************ skipping: [manager1] skipping: [manager2] TASK [../roles/wazuh/manager : Include vars/repo_staging.yml] **************************************** skipping: [manager1] skipping: [manager2] TASK [../roles/wazuh/manager : Include tasks based on OS] ******************************************** included: qa-system-framework/provisioning/roles/wazuh/manager/tasks/RedHat.yml for manager1 included: qa-system-framework/provisioning/roles/wazuh/manager/tasks/Debian.yml for manager2 TASK [../roles/wazuh/manager : RedHat/CentOS 5 | Install Wazuh repo] ********************************* skipping: [manager1] TASK [../roles/wazuh/manager : RedHat/CentOS/Fedora | Install Wazuh repo] **************************** ok: [manager1] TASK [../roles/wazuh/manager : CentOS/RedHat/Amazon | Install wazuh-manager] ************************* changed: [manager1] TASK [../roles/wazuh/manager : Install Wazuh Manager from .rpm packages | yum] *********************** skipping: [manager1] TASK [../roles/wazuh/manager : Install Wazuh Manager from .rpm packages | dnf] *********************** skipping: [manager1] TASK [../roles/wazuh/manager : run the handlers after the installation] ****************************** RUNNING HANDLER [../roles/wazuh/manager : start service] ********************************************* TASK [../roles/wazuh/manager : start service] ******************************************************** ok: [manager2] RUNNING HANDLER [../roles/wazuh/manager : start service] ********************************************* changed: [manager1] TASK [../roles/wazuh/manager : Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)] ********** skipping: [manager2] TASK [../roles/wazuh/manager : Debian/Ubuntu | Installing Wazuh repository key] ********************** ok: [manager2] TASK [../roles/wazuh/manager : Debian/Ubuntu | Add Wazuh repositories] ******************************* ok: [manager2] TASK [../roles/wazuh/manager : Debian/Ubuntu | Install wazuh-manager] ******************************** changed: [manager2] TASK [../roles/wazuh/manager : Install Wazuh Manager from .deb packages] ***************************** skipping: [manager2] TASK [../roles/wazuh/manager : run the handlers after the installation] ****************************** TASK [../roles/wazuh/manager : Ensure Wazuh Manager service is started and enabled.] ***************** ok: [manager1] RUNNING HANDLER [../roles/wazuh/manager : Ensure Wazuh Manager service is started and enabled.] ****** changed: [manager2] TASK [../roles/wazuh/manager : Ensure Wazuh Manager service is started and enabled.] ***************** ok: [manager2] PLAY RECAP ******************************************************************************************* manager1 : ok=8 changed=2 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0 manager2 : ok=10 changed=2 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 pc@pc:~/qa-system-framework/provisioning/playbooks$ ``` 2. Check the installation ``` root@ip-172-31-10-218:/home/qa# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.3.10" WAZUH_REVISION="40323" WAZUH_TYPE="server" root@ip-172-31-10-218:/home/qa# ``` > You can change the version installed when using `packages_version` within the inventory ``` [root@ip-172-31-6-27 qa]# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.4.4" WAZUH_REVISION="40411" WAZUH_TYPE="server" [root@ip-172-31-6-27 qa]# ```
roronoasins commented 1 year ago

Many OS support is getting added to the agents' provisioning.

Currently it's working for Debian and RedHat. Besides, it is being added the rest of Deployer's supported OS, like Windows, Solaris, MacOS, etc.

roronoasins commented 1 year ago

The following OS are currently working:

Has been added support for both ECS and EC2 instances. Also, we can use a var to define the version that we want install via repo. For MacOS it freezes during the installation task

And these issues were reported during the research/dev:

It is required to discuss if we want just to install the components or also check that everything is correct after the service starts

roronoasins commented 1 year ago

I've been working on adding the become to the playbook instead of having it in each task that is required in linux systems. I could not make this work.

This is required since windows can't use the become var: windows da error por usar become cuando no se usa en su item sino en el anterior fatal: [winagent1]: FAILED! => {"msg": "The powershell shell family is incompatible with the sudo become plugin"}

To achieve that I tried these workarounds:

  1. Set the become var using bools/conditionals

    • become: "{{ ansible_os_family != 'Windows' }}"

    • become: "{{ (true if (ansible_facts['os_family'] != 'Windows'))|default(false)|bool }}"

  2. Use tasks to set the become var for each role

    tasks:
  - name: set become
    set_fact:
      become: "{{ (true if (ansible_facts['os_family'] != 'Windows')) or (false if (ansible_facts['os_family'] == 'Windows')) }}"

  - name: show become value
    debug:
      msg: "become value: {{ become }}"

  3. Split the roles in two

    - hosts: all
  roles:
    - role: ../roles/wazuh/agent
      hosts: winagent
      when: "'winagent' in group_names"
    - role: ../roles/wazuh/agent
      become: true
      hosts: agent
      when: "'agent' in group_names"

    the vars are inherited from the first role item

So we'll maintain the individual becomes within the tasks that require them.

Also, there is a thing about MacOS instances. Don't know if it is a coincidence but the pkg installation won't end if it is run for a second time

TASK [../roles/wazuh/agent : Install MacOS agent from pkg | custom macos pkg] ********************************************************************************************************************************

Solaris and MacOS instances are installed now correctly. Tomorrow will check that everything works as expected for every service and installation.

roronoasins commented 1 year ago

Test environment

managers:

agents:

inv.yml ```yml manager: hosts: manager1: ansible_host: 172.31.51.219 ansible_user: qa ansible_connection: ssh manager2: ansible_host: 172.31.8.225 ansible_user: qa ansible_connection: ssh packages_version: 4.4.0 agent: children: linux: hosts: agent1: ip: 10.10.0.251 ansible_host: 10.10.0.251 ansible_port: 13901 ansible_password: vagrant ansible_user: vagrant ansible_connection: ssh manager_ip: 172.31.51.219 wazuh_custom_packages_installation_agent_macos_url: https://packages.wazuh.com/4.x/macos/wazuh-agent-4.4.4-1.pkg wazuh_custom_packages_installation_agent_enabled: true agent2: ip: 10.10.0.251 ansible_host: 10.10.0.251 ansible_port: 11330 ansible_password: vagrant ansible_user: vagrant ansible_connection: ssh manager_ip: 172.31.51.219 wazuh_custom_packages_installation_agent_solaris_11_url: https://packages.wazuh.com/4.x/solaris/i386/11/wazuh-agent_v4.4.4-sol11-i386.p5p wazuh_custom_packages_installation_agent_enabled: true ansible_ssh_common_args: -o StrictHostKeyChecking=no -oHostKeyAlgorithms=+ssh-dss agent3: ansible_host: 172.31.7.206 ansible_user: qa ansible_connection: ssh manager_ip: 172.31.51.219 agent4: ansible_host: 172.31.4.233 ansible_user: qa ansible_connection: ssh manager_ip: 172.31.51.219 agent5: ansible_host: 172.31.8.95 ansible_user: qa ansible_connection: ssh manager_ip: 172.31.51.219 agent6: ansible_host: 172.31.9.206 ansible_user: qa ansible_connection: ssh manager_ip: 172.31.51.219 agent7: ansible_host: 172.31.3.173 ansible_user: qa manager_ip: 172.31.51.219 ansible_connection: winrm ansible_password: wazuhqa ansible_winrm_server_cert_validation: ignore all: vars: ansible_ssh_common_args: -o StrictHostKeyChecking=no ansible_winrm_server_cert_validation: ignore ansible_ssh_private_key_file: /home/roronoasins/certs/jenkins-key.pem ```

Results

managers ``` roronoasins@roronoasins-pc:~/qa-system-framework/provisioning/playbooks$ ansible-playbook -i /tmp/inv.yml wazuh-manager.yml PLAY [manager] *********************************************************************************************************************************************************************************************** TASK [Gathering Facts] *************************************************************************************************************************************************************************************** ok: [manager2] ok: [manager1] TASK [../roles/wazuh/manager : Include vars/repo_vars.yml] *************************************************************************************************************************************************** ok: [manager1] ok: [manager2] TASK [../roles/wazuh/manager : Include vars/repo.yml] ******************************************************************************************************************************************************** ok: [manager1] ok: [manager2] TASK [../roles/wazuh/manager : Include vars/repo_pre-release.yml] ******************************************************************************************************************************************** skipping: [manager1] skipping: [manager2] TASK [../roles/wazuh/manager : Include vars/repo_staging.yml] ************************************************************************************************************************************************ skipping: [manager1] skipping: [manager2] TASK [../roles/wazuh/manager : Include tasks based on OS] **************************************************************************************************************************************************** included: qa-system-framework/provisioning/roles/wazuh/manager/tasks/Debian.yml for manager1 included: qa-system-framework/provisioning/roles/wazuh/manager/tasks/RedHat.yml for manager2 TASK [../roles/wazuh/manager : Debian/Ubuntu | Install gnupg, apt-transport-https] *************************************************************************************************************************** changed: [manager1] TASK [../roles/wazuh/manager : Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)] ****************************************************************************************************************** skipping: [manager1] TASK [../roles/wazuh/manager : Debian/Ubuntu | Installing Wazuh repository key] ****************************************************************************************************************************** changed: [manager1] TASK [../roles/wazuh/manager : Debian/Ubuntu | Add Wazuh repositories] *************************************************************************************************************************************** ok: [manager1] TASK [../roles/wazuh/manager : Debian/Ubuntu | Install wazuh-manager] **************************************************************************************************************************************** changed: [manager1] TASK [../roles/wazuh/manager : Install Wazuh Manager from .deb packages] ************************************************************************************************************************************* skipping: [manager1] TASK [../roles/wazuh/manager : run the handlers after the installation] ************************************************************************************************************************************** RUNNING HANDLER [../roles/wazuh/manager : start service] ***************************************************************************************************************************************************** TASK [../roles/wazuh/manager : start service] **************************************************************************************************************************************************************** skipping: [manager2] RUNNING HANDLER [../roles/wazuh/manager : start service] ***************************************************************************************************************************************************** changed: [manager1] TASK [../roles/wazuh/manager : RedHat/CentOS/Fedora | Install Wazuh repo] ************************************************************************************************************************************ ok: [manager2] TASK [../roles/wazuh/manager : CentOS/RedHat/Amazon | Install wazuh-manager] ********************************************************************************************************************************* changed: [manager2] TASK [../roles/wazuh/manager : Install Wazuh Manager from .rpm packages | yum] ******************************************************************************************************************************* skipping: [manager2] TASK [../roles/wazuh/manager : Install Wazuh Manager from .rpm packages | dnf] ******************************************************************************************************************************* skipping: [manager2] TASK [../roles/wazuh/manager : run the handlers after the installation] ************************************************************************************************************************************** RUNNING HANDLER [../roles/wazuh/manager : start service] ***************************************************************************************************************************************************** changed: [manager2] PLAY RECAP *************************************************************************************************************************************************************************************************** manager1 : ok=9 changed=4 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 manager2 : ok=7 changed=2 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0 roronoasins@roronoasins-pc:~/qa-system-framework/provisioning/playbooks$ ```
agents ``` roronoasins@roronoasins-pc:~/qa-system-framework/provisioning/playbooks$ ansible-playbook -i /tmp/inv.yml wazuh-agent.yml PLAY [agent] ************************************************************************************************************************************************************************************************* TASK [Gathering Facts] *************************************************************************************************************************************************************************************** [WARNING]: Platform sunos on host agent2 is using the discovered Python interpreter at /opt/python3/bin/python3.7, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.14/reference_appendices/interpreter_discovery.html for more information. ok: [agent2] [WARNING]: Platform darwin on host agent1 is using the discovered Python interpreter at /usr/bin/python3, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.14/reference_appendices/interpreter_discovery.html for more information. ok: [agent1] ok: [agent5] [WARNING]: Platform linux on host agent3 is using the discovered Python interpreter at /usr/local/bin/python3.10, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.14/reference_appendices/interpreter_discovery.html for more information. ok: [agent3] ok: [agent4] ok: [agent7] ok: [agent6] TASK [../roles/wazuh/agent : include_vars] ******************************************************************************************************************************************************************* ok: [agent1] ok: [agent2] ok: [agent3] ok: [agent4] ok: [agent5] ok: [agent6] ok: [agent7] TASK [../roles/wazuh/agent : include_vars] ******************************************************************************************************************************************************************* ok: [agent1] ok: [agent2] ok: [agent3] ok: [agent4] ok: [agent5] ok: [agent6] ok: [agent7] TASK [../roles/wazuh/agent : include_vars] ******************************************************************************************************************************************************************* skipping: [agent1] skipping: [agent2] skipping: [agent3] skipping: [agent4] skipping: [agent5] skipping: [agent6] skipping: [agent7] TASK [../roles/wazuh/agent : include_vars] ******************************************************************************************************************************************************************* skipping: [agent1] skipping: [agent2] skipping: [agent3] skipping: [agent4] skipping: [agent5] skipping: [agent6] skipping: [agent7] TASK [../roles/wazuh/agent : include_tasks] ****************************************************************************************************************************************************************** skipping: [agent1] skipping: [agent2] skipping: [agent3] skipping: [agent4] skipping: [agent5] skipping: [agent6] included: qa-system-framework/provisioning/roles/wazuh/agent/tasks/Windows.yml for agent7 TASK [../roles/wazuh/agent : Windows | Check if Program Files (x86) exists] ********************************************************************************************************************************** ok: [agent7] TASK [../roles/wazuh/agent : Windows | Set Win Path (x86)] *************************************************************************************************************************************************** ok: [agent7] TASK [../roles/wazuh/agent : Windows | Set Win Path (x64)] *************************************************************************************************************************************************** skipping: [agent7] TASK [../roles/wazuh/agent : Windows | Check if Wazuh installer is already downloaded] *********************************************************************************************************************** ok: [agent7] TASK [../roles/wazuh/agent : Windows | Download Wazuh Agent package] ***************************************************************************************************************************************** changed: [agent7] TASK [../roles/wazuh/agent : Windows | Install Agent if not already installed] ******************************************************************************************************************************* changed: [agent7] TASK [../roles/wazuh/agent : Windows | Check if client.keys exists] ****************************************************************************************************************************************** ok: [agent7] TASK [../roles/wazuh/agent : Windows | Delete downloaded Wazuh agent installer file] ************************************************************************************************************************* changed: [agent7] TASK [../roles/wazuh/agent : include_tasks] ****************************************************************************************************************************************************************** skipping: [agent7] TASK [../roles/wazuh/agent : include_tasks] ****************************************************************************************************************************************************************** skipping: [agent1] skipping: [agent2] skipping: [agent7] included: qa-system-framework/provisioning/roles/wazuh/agent/tasks/Linux.yml for agent3, agent4, agent5, agent6 TASK [../roles/wazuh/agent : Include tasks based on OS] ****************************************************************************************************************************************************** included: qa-system-framework/provisioning/roles/wazuh/agent/tasks/RedHat.yml for agent3, agent4 included: qa-system-framework/provisioning/roles/wazuh/agent/tasks/Debian.yml for agent5, agent6 TASK [../roles/wazuh/agent : RedHat/CentOS 5 | Install Wazuh repo] ******************************************************************************************************************************************* skipping: [agent3] skipping: [agent4] TASK [../roles/wazuh/agent : RedHat/CentOS/Fedora | Install Wazuh repo] ************************************************************************************************************************************** ok: [agent3] ok: [agent4] TASK [../roles/wazuh/agent : Linux CentOS/RedHat | Install wazuh-agent] ************************************************************************************************************************************** changed: [agent3] changed: [agent4] TASK [../roles/wazuh/agent : Remove Wazuh repository (and clean up left-over metadata)] ********************************************************************************************************************** ok: [agent4] ok: [agent3] TASK [../roles/wazuh/agent : Debian/Ubuntu | Install ca-certificates and gnupg] ****************************************************************************************************************************** ok: [agent5] ok: [agent6] TASK [../roles/wazuh/agent : Debian/Ubuntu | Install apt-transport-https and acl] **************************************************************************************************************************** changed: [agent5] changed: [agent6] TASK [../roles/wazuh/agent : Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)] ******************************************************************************************************************** skipping: [agent5] skipping: [agent6] TASK [../roles/wazuh/agent : Debian/Ubuntu | Installing Wazuh repository key] ******************************************************************************************************************************** ok: [agent6] changed: [agent5] TASK [../roles/wazuh/agent : Debian/Ubuntu | Add Wazuh repositories] ***************************************************************************************************************************************** ok: [agent6] changed: [agent5] TASK [../roles/wazuh/agent : Linux Debian | Install wazuh-agent] ********************************************************************************************************************************************* changed: [agent5] changed: [agent6] TASK [../roles/wazuh/agent : Remove Wazuh repository (and clean up left-over metadata)] ********************************************************************************************************************** ok: [agent5] ok: [agent6] TASK [../roles/wazuh/agent : include_tasks] ****************************************************************************************************************************************************************** skipping: [agent3] skipping: [agent4] skipping: [agent5] skipping: [agent6] TASK [../roles/wazuh/agent : include_tasks] ****************************************************************************************************************************************************************** skipping: [agent2] skipping: [agent3] skipping: [agent4] skipping: [agent5] skipping: [agent6] skipping: [agent7] included: qa-system-framework/provisioning/roles/wazuh/agent/tasks/MacOS.yml for agent1 TASK [../roles/wazuh/agent : Download agent package] ********************************************************************************************************************************************************* changed: [agent1] TASK [../roles/wazuh/agent : include_tasks] ****************************************************************************************************************************************************************** included: qa-system-framework/provisioning/roles/wazuh/agent/tasks/installation_from_custom_packages.yml for agent1 TASK [../roles/wazuh/agent : Install Wazuh Agent from .deb packages] ***************************************************************************************************************************************** skipping: [agent1] TASK [../roles/wazuh/agent : Install Wazuh Agent from .rpm packages | yum] *********************************************************************************************************************************** skipping: [agent1] TASK [../roles/wazuh/agent : Install Wazuh Agent from .rpm packages | dnf] *********************************************************************************************************************************** skipping: [agent1] TASK [../roles/wazuh/agent : Install MacOS agent from pkg | custom macos pkg] ******************************************************************************************************************************** changed: [agent1] TASK [../roles/wazuh/agent : Install Solaris 10 wazuh agent custom package] ********************************************************************************************************************************** skipping: [agent1] TASK [../roles/wazuh/agent : Install Solaris 11 wazuh agent custom package] ********************************************************************************************************************************** skipping: [agent1] TASK [../roles/wazuh/agent : Donwload Windows agent msi] ***************************************************************************************************************************************************** skipping: [agent1] TASK [../roles/wazuh/agent : Install Wazuh Agent from .msi packages | custom win_package] ******************************************************************************************************************** skipping: [agent1] TASK [../roles/wazuh/agent : include_tasks] ****************************************************************************************************************************************************************** skipping: [agent1] skipping: [agent3] skipping: [agent4] skipping: [agent5] skipping: [agent6] skipping: [agent7] included: qa-system-framework/provisioning/roles/wazuh/agent/tasks/Solaris.yml for agent2 TASK [../roles/wazuh/agent : Download Solaris 11 agent package] ********************************************************************************************************************************************** changed: [agent2] TASK [../roles/wazuh/agent : Download Solaris 10 agent package] ********************************************************************************************************************************************** skipping: [agent2] TASK [../roles/wazuh/agent : include_tasks] ****************************************************************************************************************************************************************** included: qa-system-framework/provisioning/roles/wazuh/agent/tasks/installation_from_custom_packages.yml for agent2 TASK [../roles/wazuh/agent : Install Wazuh Agent from .deb packages] ***************************************************************************************************************************************** skipping: [agent2] TASK [../roles/wazuh/agent : Install Wazuh Agent from .rpm packages | yum] *********************************************************************************************************************************** skipping: [agent2] TASK [../roles/wazuh/agent : Install Wazuh Agent from .rpm packages | dnf] *********************************************************************************************************************************** skipping: [agent2] TASK [../roles/wazuh/agent : Install MacOS agent from pkg | custom macos pkg] ******************************************************************************************************************************** skipping: [agent2] TASK [../roles/wazuh/agent : Install Solaris 10 wazuh agent custom package] ********************************************************************************************************************************** skipping: [agent2] TASK [../roles/wazuh/agent : Install Solaris 11 wazuh agent custom package] ********************************************************************************************************************************** changed: [agent2] TASK [../roles/wazuh/agent : Donwload Windows agent msi] ***************************************************************************************************************************************************** skipping: [agent2] TASK [../roles/wazuh/agent : Install Wazuh Agent from .msi packages | custom win_package] ******************************************************************************************************************** skipping: [agent2] TASK [../roles/wazuh/agent : Add the manager's IP to the agent's ossec.conf] ********************************************************************************************************************************* changed: [agent5] changed: [agent3] skipping: [agent7] changed: [agent4] changed: [agent2] changed: [agent1] changed: [agent6] TASK [../roles/wazuh/agent : Add the manager's IP to the winagent's ossec.conf] ****************************************************************************************************************************** skipping: [agent1] skipping: [agent2] skipping: [agent3] skipping: [agent4] skipping: [agent5] skipping: [agent6] changed: [agent7] TASK [../roles/wazuh/agent : run the handlers after the installation] **************************************************************************************************************************************** TASK [../roles/wazuh/agent : run the handlers after the installation] **************************************************************************************************************************************** TASK [../roles/wazuh/agent : run the handlers after the installation] **************************************************************************************************************************************** TASK [../roles/wazuh/agent : run the handlers after the installation] **************************************************************************************************************************************** TASK [../roles/wazuh/agent : run the handlers after the installation] **************************************************************************************************************************************** TASK [../roles/wazuh/agent : run the handlers after the installation] **************************************************************************************************************************************** TASK [../roles/wazuh/agent : run the handlers after the installation] **************************************************************************************************************************************** RUNNING HANDLER [../roles/wazuh/agent : start WazuhSvc] ****************************************************************************************************************************************************** changed: [agent7] RUNNING HANDLER [../roles/wazuh/agent : start service] ******************************************************************************************************************************************************* changed: [agent4] changed: [agent3] changed: [agent5] changed: [agent2] changed: [agent1] changed: [agent6] PLAY RECAP *************************************************************************************************************************************************************************************************** agent1 : ok=9 changed=4 unreachable=0 failed=0 skipped=13 rescued=0 ignored=0 agent2 : ok=9 changed=4 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0 agent3 : ok=10 changed=3 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 agent4 : ok=10 changed=3 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 agent5 : ok=13 changed=6 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 agent6 : ok=13 changed=4 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 agent7 : ok=13 changed=5 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 roronoasins@roronoasins-pc:~/qa-system-framework/provisioning/playbooks$ ```
/var/ossec/bin/agent_control -l ``` root@ip-172-31-51-219:/home/qa# /var/ossec/bin/agent_control -l Wazuh agent_control. List of available agents: ID: 000, Name: ip-172-31-51-219.ec2.internal (server), IP: 127.0.0.1, Active/Local ID: 001, Name: ip-172-31-8-225.ec2.internal, IP: any, Active ID: 002, Name: ip-172-31-4-233.ec2.internal, IP: any, Active ID: 003, Name: ip-172-31-7-206.ec2.internal, IP: any, Active ID: 004, Name: ip-172-31-8-95, IP: any, Active ID: 005, Name: solaris-11, IP: any, Active ID: 006, Name: macos-1200, IP: any, Active ID: 007, Name: ip-172-31-9-206, IP: any, Active ID: 008, Name: EC2AMAZ-N9OLJ1L, IP: any, Active List of agentless devices: root@ip-172-31-51-219:/home/qa# ```