Remove dependency of inventory_hostname for AIO. Set node_type variable for Wazuh server role to define if installing node is manager or worker

2025-12-10 00:38:17 -06:00 · 2025-11-11 10:29:56 -05:00 · 2025-11-11 10:29:56 -05:00 · 4dde62010e
commit 4dde62010e
parent b3e71bf57e
4 changed files with 15 additions and 6 deletions
--- a/roles/wazuh-indexer/tasks/config_files_setup.yml
+++ b/roles/wazuh-indexer/tasks/config_files_setup.yml
@ -164,6 +164,12 @@
      args:
        creates: "{{ local_configs_path }}/wazuh-certificates/root-ca.pem"

+- name: Cert-gen | Set node name variable
+  ansible.builtin.set_fact:
+    node_name: "{{ (single_node | bool) | ternary(instances['aio_node'].name, instances[inventory_hostname].name) }}"
+  when:
+    - generate_certs
+
 - name: Cert-gen | Copy certificates to each Wazuh indexer node
  ansible.builtin.copy:
    src: "{{ local_configs_path }}/wazuh-certificates/{{ item }}"
@ -174,8 +180,8 @@
  with_items:
    - root-ca.pem
    - root-ca.key
-    - "{{ instances[inventory_hostname].name }}-key.pem"
-    - "{{ instances[inventory_hostname].name }}.pem"
+    - "{{ node_name }}-key.pem"
+    - "{{ node_name }}.pem"
    - admin-key.pem
    - admin.pem
  when:
--- a/roles/wazuh-server/defaults/main.yml
+++ b/roles/wazuh-server/defaults/main.yml
@ -1,6 +1,7 @@
 ---

 single_node: false
+node_type: "master"
 server_node_name: "wazuh-1"
 wazuh_indexer_hosts:
  - host: "{{ hostvars[inventory_hostname].private_ip }}"
--- a/roles/wazuh-server/tasks/main.yml
+++ b/roles/wazuh-server/tasks/main.yml
@ -173,7 +173,7 @@
          ansible.builtin.replace:
            path: /var/ossec/etc/ossec.conf
            regexp: '(<node_type>)[^<]+(</node_type>)'
-            replace: '\1{% if inventory_hostname == "manager" or single_node %}master{% else %}worker{% endif %}\2'
+            replace: '\1{% if node_type == "master" or single_node %}master{% else %}worker{% endif %}\2'

        - name: Server-config | Edit cluster configuration in ossec.conf (bind address)
          ansible.builtin.replace:
@ -195,7 +195,7 @@
        state: restarted

    - name: Wazuh Server | Health check (master)
-      when: inventory_hostname == "manager" or single_node
+      when: node_type == "master" or single_node
      block:
        - name: Wazuh Server | Authenticate and obtain API token (master)
          ansible.builtin.uri:
@ -227,7 +227,7 @@
          delay: 5

    - name: Wazuh Server | Health check (worker)
-      when: inventory_hostname == "worker"
+      when: node_type == "worker" and not single_node
      block:
        - name: Wazuh Server | Perform CLI healthcheck (worker)
          ansible.builtin.command: /var/ossec/bin/cluster_control -l
--- a/wazuh-distributed.yml
+++ b/wazuh-distributed.yml
@ -15,7 +15,7 @@
  vars:
    # generate_certs: false                    # Set to false if you are using your own certificates
    instances:
-      wi1:
+      wi1:                                     # Must be same as inventory hostname
        name: node-1
        ip: "{{ hostvars.wi1.private_ip }}"
        role: indexer
@ -48,6 +48,7 @@
    - role: wazuh-server
  become: true
  vars:
+    node_type: "master"
    server_node_name: "node-4"
    wazuh_indexer_hosts:
      - host: "{{ hostvars.wi1.private_ip }}"
@ -63,6 +64,7 @@
    - role: wazuh-server
  become: true
  vars:
+    node_type: "worker"
    server_node_name: "node-5"
    wazuh_indexer_hosts:
      - host: "{{ hostvars.wi1.private_ip }}"