wazuh · GregWhiteyBialas · Oct 1, 2024 · Oct 30, 2024
diff --git a/.github/playbooks/single-wazuh.yml b/.github/playbooks/single-wazuh.yml
@@ -34,4 +34,4 @@
           - gpg-agent
         state: present
         update_cache: yes
-      when: ansible_distribution == "Ubuntu"
+      when: ansible_facts.distribution == "Ubuntu"
diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml
@@ -8,10 +8,10 @@
   when: packages_repository == 'pre-release'
 
 - include_tasks: RedHat.yml
-  when: ansible_os_family == 'RedHat'
+  when: ansible_facts.os_family == 'RedHat'
 
 - include_tasks: Debian.yml
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts.os_family == 'Debian'
 
 - name: Install Filebeat | Redhat
   yum:
@@ -21,7 +21,7 @@
   tags:
   - install
   - init
-  when: ansible_os_family == 'RedHat'
+  when: ansible_facts.os_family == 'RedHat'
 
 - name: Install Filebeat | Debian
   apt:
@@ -34,7 +34,7 @@
   until: "install is not failed"  
   retries: 10
   delay: 10
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts.os_family == 'Debian'
 
 - name: Checking if Filebeat Module folder file exists
   stat:
@@ -83,7 +83,7 @@
     enabled: true
 
 - include_tasks: "RMRedHat.yml"
-  when: ansible_os_family == "RedHat"
+  when: ansible_facts.os_family == "RedHat"
 
 - include_tasks: "RMDebian.yml"
-  when: ansible_os_family == "Debian"
+  when: ansible_facts.os_family == "Debian"
diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -50,7 +50,7 @@ wazuh_agent_config_overlay: yes
 
 # This is a middle ground between breaking existing uses of wazuh_agent_nat
 # and allow working with agents having several network interfaces
-wazuh_agent_address: '{{ "any" if wazuh_agent_nat else ansible_default_ipv4.address }}'
+wazuh_agent_address: '{{ "any" if wazuh_agent_nat else ansible_facts.default_ipv4.address }}'
 
 # List of managers. The first one with register variable declared *and* set to true
 # is the one used to register the agent. Otherwise, the first one in the list will be used.

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
@@ -22,7 +22,7 @@
     state: present
   register: wazuh_agent_ca_package_install
   until: wazuh_agent_ca_package_install is succeeded
-  when: not (ansible_distribution == "Debian" and ansible_distribution_major_version in ['11'])
+  when: not (ansible_facts.distribution == "Debian" and ansible_facts.distribution_major_version in ['11'])
 
 - name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)
   become: true
@@ -34,22 +34,22 @@
     executable: /bin/bash
   changed_when: false
   when:
-    - ansible_distribution == "Ubuntu"
-    - ansible_distribution_major_version | int == 14
+    - ansible_facts.distribution == "Ubuntu"
+    - ansible_facts.distribution_major_version | int == 14
     - not wazuh_custom_packages_installation_agent_enabled
 
 - name: Debian/Ubuntu | Download Wazuh repository key
   get_url:
     url: "{{ wazuh_agent_config.repo.gpg }}"
     dest: "{{ wazuh_agent_config.repo.path }}"
   when:
-    - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+    - not (ansible_facts.distribution == "Ubuntu" and ansible_facts.distribution_major_version | int == 14)
     - not wazuh_custom_packages_installation_agent_enabled
 
 - name: Debian/Ubuntu | Import Wazuh GPG key
   command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_agent_config.repo.keyring_path }} --import {{ wazuh_agent_config.repo.path }}"
   when:
-    - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+    - not (ansible_facts.distribution == "Ubuntu" and ansible_facts.distribution_major_version | int == 14)
     - not wazuh_custom_packages_installation_agent_enabled
   args:
     creates: "{{ wazuh_agent_config.repo.keyring_path }}"
@@ -59,7 +59,7 @@
     path: "{{ wazuh_agent_config.repo.keyring_path }}"
     mode: '0644'
   when:
-    - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+    - not (ansible_facts.distribution == "Ubuntu" and ansible_facts.distribution_major_version | int == 14)
     - not wazuh_custom_packages_installation_agent_enabled
 
 - name: Debian/Ubuntu | Add Wazuh repositories
@@ -74,15 +74,15 @@
 - name: Debian/Ubuntu | Set Distribution CIS filename for debian
   set_fact:
     cis_distribution_filename: cis_debian_linux_rcl.txt
-  when: ansible_os_family == "Debian"
+  when: ansible_facts.os_family == "Debian"
 
 - name: Debian/Ubuntu | Install OpenJDK-8 repo
   apt_repository:
     repo: 'ppa:openjdk-r/ppa'
     state: present
     update_cache: true
   when:
-    - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+    - (ansible_facts.distribution == "Ubuntu" and ansible_facts.distribution_major_version | int == 14)
 
 - when:
     - wazuh_agent_config.cis_cat.disable == 'no'

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
@@ -1,9 +1,9 @@
 ---
 - include_tasks: "RedHat.yml"
-  when: ansible_os_family == "RedHat"
+  when: ansible_facts.os_family == "RedHat"
 
 - include_tasks: "Debian.yml"
-  when: ansible_os_family == "Debian"
+  when: ansible_facts.os_family == "Debian"
 
 - include_tasks: "installation_from_custom_packages.yml"
   when:
@@ -15,7 +15,7 @@
     state: present
     lock_timeout: '{{ wazuh_agent_yum_lock_timeout }}'
   when:
-    - ansible_os_family|lower == "redhat"
+    - ansible_facts.os_family|lower == "redhat"
     - not wazuh_custom_packages_installation_agent_enabled
   tags:
     - init
@@ -26,9 +26,9 @@
     state: present
     cache_valid_time: 3600
   when:
-    - ansible_os_family|lower != "redhat"
+    - ansible_facts.os_family|lower != "redhat"
     - not wazuh_custom_packages_installation_agent_enabled
-    - not ansible_check_mode
+    - not ansible_facts.check_mode
   tags:
     - init
 
@@ -88,7 +88,7 @@
       register: agent_auth_output
       notify: restart wazuh-agent
       vars:
-        agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}"
+        agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_facts.hostname }}{% endif %}"
       when:
         - not client_keys_file.stat.exists or client_keys_file.stat.size == 0
         - wazuh_agent_authd.registration_address is not none
@@ -155,7 +155,7 @@
       changed_when: api_agent_post.json.error == 0
       register: api_agent_post
       vars:
-        agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
+        agent_name: '{{ target_manager.agent_name | default(ansible_facts.hostname) }}'
         jwt_token: '{{ api_jwt_result.json.data.token }}'
       tags:
         - config
@@ -197,7 +197,7 @@
         OSSEC_ACTION_CONFIRMED: y
       register: manage_agents_output
       vars:
-        agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
+        agent_name: '{{ target_manager.agent_name | default(ansible_facts.hostname) }}'
       notify: restart wazuh-agent
   when:
     - not ( wazuh_agent_authd.enable | bool )
@@ -264,8 +264,8 @@
 
 - include_tasks: "RMRedHat.yml"
   when:
-    - ansible_os_family == "RedHat"
+    - ansible_facts.os_family == "RedHat"
 
 - include_tasks: "RMDebian.yml"
   when:
-    - ansible_os_family == "Debian"
+    - ansible_facts.os_family == "Debian"
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
@@ -8,8 +8,8 @@
     gpgcheck: true
   changed_when: false
   when:
-    - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
-    - (ansible_distribution_major_version|int <= 5)
+    - (ansible_facts['os_family']|lower == 'redhat') and (ansible_facts.distribution|lower != 'amazon')
+    - (ansible_facts.distribution_major_version|int <= 5)
     - not wazuh_custom_packages_installation_agent_enabled
   register: repo_v5_installed
 
@@ -36,26 +36,26 @@
 - name: Set Distribution CIS filename for RHEL5
   set_fact:
     cis_distribution_filename: cis_rhel5_linux_rcl.txt
-  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "5"
+  when: ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version == "5"
 
 - name: Set Distribution CIS filename for RHEL6
   set_fact:
     cis_distribution_filename: cis_rhel6_linux_rcl.txt
-  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "6"
+  when: ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version == "6"
 
 - name: Set Distribution CIS filename for RHEL7
   set_fact:
     cis_distribution_filename: cis_rhel7_linux_rcl.txt
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version == "7"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution_major_version == "7"
 
 - name: Set Distribution CIS filename for RHEL7 (Amazon)
   set_fact:
     cis_distribution_filename: cis_rhel7_linux_rcl.txt
   when:
-    - ansible_distribution == "Amazon"
-    - ansible_distribution_major_version == "NA"
+    - ansible_facts.distribution == "Amazon"
+    - ansible_facts.distribution_major_version == "NA"
 
 - name: RedHat/CentOS/RedHat | Install openscap
   package: name=openscap-scanner state=present

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml
@@ -4,25 +4,25 @@
       deb: "{{ wazuh_custom_packages_installation_agent_deb_url }}"
       state: present
     when:
-      - ansible_os_family|lower == "debian"
+      - ansible_facts.os_family|lower == "debian"
       - wazuh_custom_packages_installation_agent_enabled
 
   - name: Install Wazuh Agent from .rpm packages | yum
     yum:
       name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}"
       state: present
     when:
-      - ansible_os_family|lower == "redhat"
+      - ansible_facts.os_family|lower == "redhat"
       - wazuh_custom_packages_installation_agent_enabled
-      - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8")
-      - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
+      - not (ansible_facts.distribution|lower == "centos" and ansible_facts.distribution_major_version >= "8")
+      - not (ansible_facts.distribution|lower == "redhat" and ansible_facts.distribution_major_version >= "8")
 
   - name: Install Wazuh Agent from .rpm packages | dnf
     dnf:
       name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}"
       state: present
     when:
-      - ansible_os_family|lower == "redhat"
+      - ansible_facts.os_family|lower == "redhat"
       - wazuh_custom_packages_installation_agent_enabled
-      - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or
-        (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
+      - (ansible_facts.distribution|lower == "centos" and ansible_facts.distribution_major_version >= "8") or
+        (ansible_facts.distribution|lower == "redhat" and ansible_facts.distribution_major_version >= "8")
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml
@@ -60,7 +60,7 @@
       register: agent_auth_output
       notify: macOS | Restart Wazuh Agent
       vars:
-        agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}"
+        agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_facts.hostname }}{% endif %}"
       when:
         - not client_keys_file.stat.exists or client_keys_file.stat.size == 0
         - wazuh_agent_authd.registration_address is not none
@@ -125,7 +125,7 @@
       changed_when: api_agent_post.json.error == 0
       register: api_agent_post
       vars:
-        agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
+        agent_name: '{{ target_manager.agent_name | default(ansible_facts.hostname) }}'
         jwt_token: '{{ api_jwt_result.json.data.token }}'
       tags:
         - config
@@ -167,7 +167,7 @@
         OSSEC_ACTION_CONFIRMED: y
       register: manage_agents_output
       vars:
-        agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
+        agent_name: '{{ target_manager.agent_name | default(ansible_facts.hostname) }}'
       notify: macOS | Restart Wazuh Agent
   when:
     - not ( wazuh_agent_authd.enable | bool )

diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml
@@ -19,10 +19,10 @@
   when: wazuh_agent_config_overlay | bool
 
 - include_tasks: "Windows.yml"
-  when: ansible_os_family == "Windows"
+  when: ansible_facts.os_family == "Windows"
 
 - include_tasks: "Linux.yml"
-  when: ansible_system == "Linux"
+  when: ansible_facts.system == "Linux"
 
 - include_tasks: "macOS.yml"
-  when: ansible_system == "Darwin"
+  when: ansible_facts.system == "Darwin"