Fixes in Molecule tests, Wazuh components installation and Versioning Control

[rshad]

Hi team!

This PR includes many fixes and issues resolving for Molecule tests, Ansible roles and other components in wazuh-ansible repository.

1- Molecule Tests:
Molecule tests, found in the branch 3.9.2_7.1.1_tests were not working as expected. Many errors from different types in different roles. Errors like:

• Ansible Lint
• Pure Installation Errors.
• Idempotence Test errors.
• MAX LOCKED MEMORY limits issue.

1.1 - Fixed Ansible-Lint errors. => Trailing spaces, changing shell directive by command, etc ...

1.2 - Fixed installation issues for many roles, but dedicated more than half the time to Elasticsearch issues which can be resumed as follows:

• • Issues in Centos x.x < 7.0 and Ubuntu Trusty related to the need for having Java installed. However, Elasticsearch 7.* indicates that there is no need to install Java explicitly because it already includes a JVM in its installation. But this way was not the case in CentOS 6 and Ubuntu Trusty. Check here the official documentation

Elasticsearch is built using Java, and includes a bundled version of OpenJDK from the JDK maintainers (GPLv2+CE) within each distribution. The bundled JVM is the recommended JVM and is located within the jdk directory of the Elasticsearch home directory.

1.3 - Idempotence Test errors:
We adapted the failing tasks in order to idempotent. so a task which already made a change in the system, when the idempotence test is run, this change must not be produced again.

1.4 - MAX LOCKED MEMORY limits issue.

When running Molecule tests on containers for all distribution, sometimes "not always", an error was produced in Ubuntu Trusty when trying to start Elasticsearch:

/etc/init.d/elasticsearch: line 122: ulimit: max locked memory: cannot modify limit ... Operation not permitted. ...

After investigating, we discovered that this issue is related to the privileges of the user running the corresponding task in Ubuntu Trusty, in such case the user needed more privileges than the ones given by default. in order to solve this issue, we needed to add the directive privileged: true for Ubuntu Trusty.

  - name: trusty
    image: ubuntu:trusty
    privileged: true
    memory_reservation: 2048m
    ulimits:
      - nofile:262144:262144

With this error message, we also faced warnings such as:

fatal: [trusty]: FAILED! => {"changed": false, "msg": "OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.\n"

by which the execution failed. CHECK A POSSIBLE SOLUTION HERE

• Note: We opened a new issue to follow up this problem.

.2. Versioning Control for Wazuh components when installing with Ansible
In this issue https://github.com/wazuh/wazuh-ansible/issues/197 we had a request to add versioning for Wazuh Manager, Agent, and Filebeat. This functionality was added successfully for each Wazuh component. So now, we can indicate a determined version of Wazuh or Elasticsearch when running wazuh-ansible installation.

.3. Create Ansible playbook in order to automate the uninstallation of already installed Wazuh components

We created a new role in order to uninstall wazuh-manager.

Related Branches

• https://github.com/wazuh/wazuh-ansible/tree/fix_tests
• https://github.com/wazuh/wazuh-ansible/tree/3.9.2_7.1.1_tests
• https://github.com/wazuh/wazuh-ansible/tree/issue-198

Related Issues

• Playbook Tasks Should Be Idempotent #100
• Provide a means to select the installed version number #59
• Create Ansible playbook in order to automate the uninstallation of already installed Wazuh components #198
• Add versioning for Wazuh Manager, Agent and Filebeat #197
• Explicitly install Java in Centos 6 and Ubuntu Trusty #203

Kind Regards,

Rshad Zhran

[manuasir]

The permissions here look incorrect. Please fix it and push again, thanks!

[manuasir]

Hi @rshad , please add the commented changes. thanks