Puppet Class: wazuh::repo
- Defined in:
- manifests/repo.pp
Overview
Copyright © 2015, Wazuh Inc. Wazuh repository installation
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
# File 'manifests/repo.pp', line 3
class wazuh::repo (
) {
case $facts['os']['family'] {
'Debian' : {
$wazuh_repo_url = 'https://packages.wazuh.com/4.x/apt'
$repo_release = 'stable'
if $facts['os']['distro']['codename'] =~ /(jessie|wheezy|stretch|buster|bullseye|bookworm|trixie|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic|focal|groovy|jammy|noble)/
and ! defined(Package['apt-transport-https']) and ! defined(Package['gnupg']) and ! defined(Package['gpg']) {
ensure_packages(['apt-transport-https', 'gnupg', 'gpg'], { 'ensure' => 'present' })
}
# Create keyring directory if it doesn't exist
file { '/usr/share/keyrings':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
# Download and import GPG key using curl and gpg
exec { 'download-wazuh-key':
path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/'],
command => 'curl -fsSL https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --dearmor -o /usr/share/keyrings/wazuh.gpg',
creates => '/usr/share/keyrings/wazuh.gpg',
require => File['/usr/share/keyrings'],
}
# Ensure permissions on the keyring
file { '/usr/share/keyrings/wazuh.gpg':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
require => Exec['download-wazuh-key'],
}
case $facts['os']['distro']['codename'] {
/(jessie|wheezy|stretch|buster|bullseye|bookworm|trixie|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic|focal|groovy|jammy|noble)/: {
# Manage the APT source list file content using concat
concat { '/etc/apt/sources.list.d/wazuh.list':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
notify => Exec['apt-update'],
}
concat::fragment { 'wazuh-source':
target => '/etc/apt/sources.list.d/wazuh.list',
content => "deb [signed-by=/usr/share/keyrings/wazuh.gpg] ${wazuh_repo_url} ${repo_release} main\n",
order => '01',
require => File['/usr/share/keyrings/wazuh.gpg'],
notify => Exec['apt-update'],
}
}
default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') }
}
# Define an exec resource to run 'apt-get update'
exec { 'apt-update':
command => 'apt-get update',
refreshonly => true,
path => ['/bin', '/usr/bin'],
require => Concat['/etc/apt/sources.list.d/wazuh.list'],
}
}
'Linux', 'RedHat', 'Suse' : {
case $facts['os'][name] {
/^(CentOS|RedHat|OracleLinux|Fedora|Amazon|AlmaLinux|Rocky|SLES)$/: {
if ( $facts['os']['release']['full'] =~ /^5.*/ ) {
$baseurl = 'https://packages.wazuh.com/4.x/yum/5/'
$gpgkey = 'http://packages.wazuh.com/key/GPG-KEY-WAZUH'
} else {
$baseurl = 'https://packages.wazuh.com/4.x/yum/'
$gpgkey = 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
}
}
default: { fail('This Wazuh module has not been tested on your distribution.') }
}
# Set up Wazuh repo
case $facts['os'][name] {
/^(CentOS|RedHat|OracleLinux|Fedora|Amazon|AlmaLinux|Rocky)$/: {
yumrepo { 'wazuh':
descr => 'WAZUH Repository - www.wazuh.com',
enabled => true,
gpgcheck => 1,
gpgkey => $gpgkey,
baseurl => $baseurl,
}
}
/^(SLES)$/: {
zypprepo { 'wazuh':
ensure => present,
name => 'WAZUH OSSEC Repository - www.wazuh.com',
enabled => 1,
gpgcheck => 0,
repo_gpgcheck => 0,
pkg_gpgcheck => 0,
gpgkey => $gpgkey,
baseurl => $baseurl,
}
}
default: { fail('This ossec module has not been tested on your Operating System)') }
}
}
default: { fail('This ossec module has not been tested on your Operating System)') }
}
}
|