Add agent-upgrade module to wazuh-agent role

thanegill · thanegill · commit 11c3956e03cb · 2025-03-25T14:49:46.000-07:00
diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -352,13 +352,25 @@ wazuh_agent_active_response:
   ca_store_macos: 'etc/wpk_root.pem'
   ca_verification: 'yes'
 
+## Agent Upgrade
+wazuh_agent_agent_upgrade:
+  enabled: 'yes'
+  notification_wait_start: '60s'
+  notification_wait_factor: '4'
+  notification_wait_max: '2h'
+  ca_verification: 'yes'
+  ca_store: "{{ wazuh_dir }}/etc/wpk_root.pem"
+  ca_store_win: 'wpk_root.pem'
+  ca_store_macos: 'etc/wpk_root.pem'
+
 ## Logging
 wazuh_agent_log_format: 'plain'
 
 # wazuh_agent_config
 wazuh_agent_config_defaults:
   repo: '{{ wazuh_repo }}'
   active_response: '{{ wazuh_agent_active_response }}'
+  agent_upgrade: '{{ wazuh_agent_agent_upgrade }}'
   log_format: '{{ wazuh_agent_log_format }}'
   client_buffer: '{{ wazuh_agent_client_buffer }}'
   syscheck: '{{ wazuh_agent_syscheck }}'
diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -472,9 +472,9 @@
   <active-response>
     <disabled>{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}</disabled>
     <ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
-    {% if ansible_system == "Windows" %}
+    {% if ansible_os_family == "Windows" %}
     <ca_store>{{ wazuh_agent_config.active_response.ca_store_win }}</ca_store>
-    {% elif ansible_system == "Darwin" %}
+    {% elif ansible_os_family == "Darwin" %}
     <ca_store>{{ wazuh_agent_config.active_response.ca_store_macos }}</ca_store>
     {% else %}
     <ca_store>{{ wazuh_agent_config.active_response.ca_store }}</ca_store>
@@ -485,4 +485,21 @@
     <log_format>{{ wazuh_agent_config.log_format }}</log_format>
   </logging>
 
+  <agent-upgrade>
+    <enabled>{{ wazuh_agent_config.agent_upgrade.enabled }}</enabled>
+    <notification_wait_start>{{ wazuh_agent_config.agent_upgrade.notification_wait_start }}</notification_wait_start>
+    <notification_wait_factor>{{ wazuh_agent_config.agent_upgrade.notification_wait_factor }}</notification_wait_factor>
+    <notification_wait_max>{{ wazuh_agent_config.agent_upgrade.notification_wait_max }}</notification_wait_max>
+    <ca_verification>
+      <enabled>{{ wazuh_agent_config.agent_upgrade.ca_verification }}</enabled>
+      {% if ansible_os_family == "Windows" %}
+      <ca_store>{{ wazuh_agent_config.agent_upgrade.ca_store_win }}</ca_store>
+      {% elif ansible_os_family == "Darwin" %}
+      <ca_store>{{ wazuh_agent_config.agent_upgrade.ca_store_macos }}</ca_store>
+      {% else %}
+      <ca_store>{{ wazuh_agent_config.agent_upgrade.ca_store }}</ca_store>
+      {% endif %}
+    </ca_verification>
+  </agent-upgrade>
+
 </ossec_config>
