Update to latest 5.0.0 package changes

.gitignore

@@ -1,4 +1,4 @@
-roles/vars/urls.yml
+roles/vars/artifacts_urls.yml
 deployment-config-files/
 *.pem
 *.ini

CHANGELOG.md

@@ -10,6 +10,7 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
+- Enhance indexer role defaults, wazuh-aio playbook, and nginx installation steps for the server role ([#1598](https://github.com/wazuh/wazuh-ansible/pull/1598))
 - Use ansible_facts for Wazuh agent tasks ([#1590](https://github.com/wazuh/wazuh-ansible/pull/1590))
 - Corrections in opensearch.yml file configuration in the wazuh-indexer role ([#1580](https://github.com/wazuh/wazuh-ansible/pull/1580))
 - Add package URLs role for AIO and distributed setups ([#1588](https://github.com/wazuh/wazuh-ansible/pull/1588))

roles/package-urls/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
 
 source: "production"
-package_urls_file_uri: "packages.wazuh.com/{{ wazuh_major_minor_version }}/package_urls.txt"
-package_urls_file_uri_prerelease: "packages-dev.wazuh.com/{{ wazuh_major_minor_version }}/package_urls.txt"
+package_urls_file_uri: "packages.wazuh.com/{{ wazuh_major_minor_version }}/artifacts_urls.yml"
+package_urls_file_uri_prerelease: "packages-dev.wazuh.com/{{ wazuh_major_minor_version }}/artifacts_urls.yml"

roles/package-urls/tasks/main.yml

@@ -5,7 +5,7 @@
 - name: Download package URLs file
   get_url:
     url: "https://{{ package_urls_file_uri_prerelease if source == 'prerelease' else package_urls_file_uri }}"
-    dest: "{{ playbook_dir }}/roles/vars/urls.yml"
+    dest: "{{ playbook_dir }}/roles/vars/artifacts_urls.yml"
   when: source in ['production', 'prerelease']
   run_once: true
   delegate_to: localhost

roles/vars/main.yml

@@ -5,4 +5,4 @@ wazuh_package_revision: "1"
 
 local_configs_path: "{{ playbook_dir }}/deployment-config-files"
 
-urls_file: "urls.yml"
+urls_file: "artifacts_urls.yml"

roles/wazuh-agent/tasks/Linux.yml

@@ -57,13 +57,14 @@
 
 - name: Linux | Register Wazuh agent
   shell: |
-    /usr/share/wazuh-agent/bin/wazuh-agent --register-agent --user wazuh --password wazuh --url https://{{ wazuh_server_addresses[0] }}:55000 --verification-mode none
+    /usr/share/wazuh-agent/bin/wazuh-agent --enroll-agent --user wazuh --password wazuh --url https://{{ wazuh_server_addresses[0] }}:55000 --verification-mode none
 
 - name: Linux | Start and enable Wazuh Agent service
   block:
-    - name: Linux | Reload systemd daemon
-      ansible.builtin.command:
-        cmd: systemctl daemon-reload
+    - name: Linux | Reload systemd configuration
+      systemd:
+        daemon_reload: yes
+      become: yes
 
     - name: Linux | Ensure Wazuh Agent service is stopped [1/3]
       service:

roles/wazuh-agent/tasks/Windows.yml

@@ -31,7 +31,7 @@
     state: started
 
 - name: Windows | Register Wazuh agent
-  win_command: '"C:\\Program Files\\wazuh-agent\\wazuh-agent.exe" --register-agent --user wazuh --password wazuh --url https://{{ wazuh_server_addresses[0] }}:55000 --verification-mode none'
+  win_command: '"C:\\Program Files\\wazuh-agent\\wazuh-agent.exe" --enroll-agent --user wazuh --password wazuh --url https://{{ wazuh_server_addresses[0] }}:55000 --verification-mode none'
 
 - name: Windows | Update Wazuh agent configuration with Wazuh server IP address
   win_lineinfile:

roles/wazuh-agent/tasks/macOS.yml

@@ -40,7 +40,7 @@
     state: present
 
 - name: MacOS | Register Wazuh agent
-  command: "/Library/Application\\ Support/Wazuh\\ agent.app/bin/wazuh-agent --register-agent --user wazuh --password wazuh --url https://{{ wazuh_server_addresses[0] }}:55000 --verification-mode none"
+  command: "/Library/Application\\ Support/Wazuh\\ agent.app/bin/wazuh-agent --enroll-agent --user wazuh --password wazuh --url https://{{ wazuh_server_addresses[0] }}:55000 --verification-mode none"
 
 - name: MacOS | Restart Wazuh agent service (MacOS 10.10+)
   command: "launchctl kickstart -k system/com.wazuh.agent"

roles/wazuh-dashboard/tasks/main.yml

@@ -24,6 +24,11 @@
   when:
     - ansible_facts.os_family == 'Debian'
 
+- name: Linux | Reload systemd configuration
+  systemd:
+    daemon_reload: yes
+  become: yes
+
 - name: Dashboard-config | Configure Wazuh dashboard
   block:
       - name: Dashboard-config | Remove current opensearch.hosts configuration
@@ -42,13 +47,6 @@
               - https://{{ node }}:9200
             {% endfor %}
 
-      - name: Dashboard-config | Update Wazuh API URL
-        replace:
-          path: /etc/wazuh-dashboard/opensearch_dashboards.yml
-          regexp: "url: 'https://localhost'"
-          replace: "url: 'https://{{ wazuh_server_api_host }}'"
-        become: yes
-
       - name: Dashboard-config | Remove comments from configuration file
         replace:
           path: "/etc/wazuh-dashboard/opensearch_dashboards.yml"

roles/wazuh-indexer/defaults/main.yml

@@ -1,13 +1,12 @@
 ---
 
 single_node: false
+generate_certs: true
 instances:
   aio:
     name: node-1
-    ip: '{{ hostvars[inventory_hostname].private_ip }}'
+    ip: "{{ hostvars[inventory_hostname].private_ip }}"
     role: aio
 
-generate_certs: true
-
 wazuh_indexer_package_download_path: "/tmp/wazuh-indexer"
 wazuh_indexer_package_name: "wazuh-indexer-{{ wazuh_full_version }}-{{ wazuh_package_revision }}"

roles/wazuh-indexer/tasks/dependencies.yml

@@ -27,7 +27,7 @@
       shell: sysctl -p
       become: yes
   when:
-    - ansible_facts.os_family == 'Amazon'
+    - ansible_facts.distribution == 'Amazon'
 
 - name: RHEL, CentOS, and Amazon Linux 2 | Configure system settings and install dependencies
   block:

roles/wazuh-indexer/tasks/main.yml

@@ -25,7 +25,7 @@
 - import_tasks: "config_files_setup.yml"
   become: yes
 
-- name: Reload systemd configuration
+- name: Linux | Reload systemd configuration
   systemd:
     daemon_reload: yes
   become: yes

roles/wazuh-server/tasks/lb.yml

@@ -1,23 +1,26 @@
 ---
 
-- name: Install Nginx
-  package:
-    name: "nginx"
-    state: present
-    update_cache: yes
+- name: Amazon Linux 2 | Install Nginx
+  command: amazon-linux-extras install nginx1.12=latest -y
+  args:
+    creates: /sbin/nginx
+  when:
+    - ansible_facts.distribution == 'Amazon'
+    - ansible_facts.distribution_major_version == '2'
   tags:
     - provision_load_balancer
 
-- name: RHEL-based LB | Install Nginx stream module
-  yum:
-    name: nginx-mod-stream
+- name: Install Nginx (package manager)
+  package:
+    name: "nginx"
     state: present
+    update_cache: yes
   when:
-    - ansible_facts.os_family == 'RedHat'
+    - ansible_facts.distribution != 'Amazon' or ansible_facts.distribution_major_version != '2'
   tags:
     - provision_load_balancer
 
-- name: Install nginx-full package
+- name: Debian-based LB | Install Nginx full package
   apt:
     name: "nginx-full"
     state: present
@@ -27,6 +30,16 @@
   tags:
     - provision_load_balancer
 
+
+- name: RHEL-based LB | Install Nginx stream module
+  yum:
+    name: nginx-mod-stream
+    state: present
+  when:
+    - ansible_facts.os_family == 'RedHat'
+  tags:
+    - provision_load_balancer
+
 - name: Make sure the /etc/nginx/modules directory exists
   file:
     path: /etc/nginx/modules

roles/wazuh-server/tasks/main.yml

@@ -77,6 +77,11 @@
       when:
         - ansible_facts.os_family == 'Debian'
 
+    - name: Linux | Reload systemd configuration
+      systemd:
+        daemon_reload: yes
+      become: yes
+
     - name: Copy the certificates from local to the Wazuh Server instance
       copy:
         src: "{{ local_configs_path }}/wazuh-certificates/{{ item }}"

wazuh-aio.yml

@@ -9,8 +9,3 @@
     - role: wazuh-dashboard
   vars:
     single_node: true
-    instances:
-      aio:
-        name: node-1
-        ip: "{{ hostvars.aio.private_ip }}"
-        role: aio