From 4dde62010eb15c7834621d43b6104c680eb5a58e Mon Sep 17 00:00:00 2001 From: Jesus Garcia Date: Tue, 11 Nov 2025 10:29:56 -0500 Subject: [PATCH] Remove dependency of inventory_hostname for AIO. Set node_type variable for Wazuh server role to define if installing node is manager or worker --- roles/wazuh-indexer/tasks/config_files_setup.yml | 10 ++++++++-- roles/wazuh-server/defaults/main.yml | 1 + roles/wazuh-server/tasks/main.yml | 6 +++--- wazuh-distributed.yml | 4 +++- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/roles/wazuh-indexer/tasks/config_files_setup.yml b/roles/wazuh-indexer/tasks/config_files_setup.yml index 45ccc1d1..da98fff8 100644 --- a/roles/wazuh-indexer/tasks/config_files_setup.yml +++ b/roles/wazuh-indexer/tasks/config_files_setup.yml @@ -164,6 +164,12 @@ args: creates: "{{ local_configs_path }}/wazuh-certificates/root-ca.pem" +- name: Cert-gen | Set node name variable + ansible.builtin.set_fact: + node_name: "{{ (single_node | bool) | ternary(instances['aio_node'].name, instances[inventory_hostname].name) }}" + when: + - generate_certs + - name: Cert-gen | Copy certificates to each Wazuh indexer node ansible.builtin.copy: src: "{{ local_configs_path }}/wazuh-certificates/{{ item }}" @@ -174,8 +180,8 @@ with_items: - root-ca.pem - root-ca.key - - "{{ instances[inventory_hostname].name }}-key.pem" - - "{{ instances[inventory_hostname].name }}.pem" + - "{{ node_name }}-key.pem" + - "{{ node_name }}.pem" - admin-key.pem - admin.pem when: diff --git a/roles/wazuh-server/defaults/main.yml b/roles/wazuh-server/defaults/main.yml index c71b9d84..c5034c88 100644 --- a/roles/wazuh-server/defaults/main.yml +++ b/roles/wazuh-server/defaults/main.yml @@ -1,6 +1,7 @@ --- single_node: false +node_type: "master" server_node_name: "wazuh-1" wazuh_indexer_hosts: - host: "{{ hostvars[inventory_hostname].private_ip }}" diff --git a/roles/wazuh-server/tasks/main.yml b/roles/wazuh-server/tasks/main.yml index 9712a3cd..04fac0bd 100644 --- a/roles/wazuh-server/tasks/main.yml +++ b/roles/wazuh-server/tasks/main.yml @@ -173,7 +173,7 @@ ansible.builtin.replace: path: /var/ossec/etc/ossec.conf regexp: '()[^<]+()' - replace: '\1{% if inventory_hostname == "manager" or single_node %}master{% else %}worker{% endif %}\2' + replace: '\1{% if node_type == "master" or single_node %}master{% else %}worker{% endif %}\2' - name: Server-config | Edit cluster configuration in ossec.conf (bind address) ansible.builtin.replace: @@ -195,7 +195,7 @@ state: restarted - name: Wazuh Server | Health check (master) - when: inventory_hostname == "manager" or single_node + when: node_type == "master" or single_node block: - name: Wazuh Server | Authenticate and obtain API token (master) ansible.builtin.uri: @@ -227,7 +227,7 @@ delay: 5 - name: Wazuh Server | Health check (worker) - when: inventory_hostname == "worker" + when: node_type == "worker" and not single_node block: - name: Wazuh Server | Perform CLI healthcheck (worker) ansible.builtin.command: /var/ossec/bin/cluster_control -l diff --git a/wazuh-distributed.yml b/wazuh-distributed.yml index 1f00d3ce..caf6169c 100644 --- a/wazuh-distributed.yml +++ b/wazuh-distributed.yml @@ -15,7 +15,7 @@ vars: # generate_certs: false # Set to false if you are using your own certificates instances: - wi1: + wi1: # Must be same as inventory hostname name: node-1 ip: "{{ hostvars.wi1.private_ip }}" role: indexer @@ -48,6 +48,7 @@ - role: wazuh-server become: true vars: + node_type: "master" server_node_name: "node-4" wazuh_indexer_hosts: - host: "{{ hostvars.wi1.private_ip }}" @@ -63,6 +64,7 @@ - role: wazuh-server become: true vars: + node_type: "worker" server_node_name: "node-5" wazuh_indexer_hosts: - host: "{{ hostvars.wi1.private_ip }}"