wazuh/wazuh-ansible
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-ansible.git synced 2025-12-10 00:38:17 -06:00
Code Issues Packages Projects Releases 105 Wiki Activity

Merge pull request #1855 from wazuh/enhancement/2705-wazuh-server-to-wazuh-manager-replacement

Browse Source 
Replace all occurrences of Wazuh server with Wazuh manager
This commit is contained in:
Gonzalo Acuña 2025-11-20 13:48:42 -03:00 committed by GitHub
commit ba50107b69
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
22 changed files with 113 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.github/playbooks/gather_central_logs.yml vendored
View File

@ -37,9 +37,8 @@
mode: '0755'
loop:
- wazuh-indexer
- wazuh-server
- wazuh-manager
- wazuh-dashboard
- load-balancer
- name: Make sure local_log_file_path directory exists on local machine
delegate_to: localhost
@ -82,36 +81,36 @@
mode: '0644'
remote_src: true
- name: Wazuh Server
- name: Wazuh Manager
when: (single_node | bool) or inventory_hostname in ['manager', 'worker']
ignore_errors: true
block:
- name: Wazuh Server | Fetching logs (1/3)
- name: Wazuh Manager | Fetching logs (1/3)
changed_when: false
ansible.builtin.shell: |
journalctl -u wazuh-manager > {{ remote_logs_path }}/wazuh-server/{{ logs_prefix }}_journalctl.log
journalctl -u wazuh-manager > {{ remote_logs_path }}/wazuh-manager/{{ logs_prefix }}_journalctl.log
- name: Wazuh Server | Fetching logs (2/3)
- name: Wazuh Manager | Fetching logs (2/3)
ansible.builtin.find:
paths: /var/ossec/logs/
file_type: file
register: wazuh_server_logs
register: wazuh_manager_logs
- name: Wazuh Server | Fetching logs (3/3)
- name: Wazuh Manager | Fetching logs (3/3)
ansible.builtin.copy:
src: "{{ item.path }}"
dest: "{{ remote_logs_path }}/wazuh-server/{{ logs_prefix }}_{{ item.path | basename }}"
dest: "{{ remote_logs_path }}/wazuh-manager/{{ logs_prefix }}_{{ item.path | basename }}"
remote_src: true
mode: '0644'
loop: "{{ wazuh_server_logs.files | default([]) }}"
loop: "{{ wazuh_manager_logs.files | default([]) }}"
loop_control:
label: "{{ item.path | basename }}"
when: wazuh_server_logs is defined and (wazuh_server_logs.matched | int) > 0
when: wazuh_manager_logs is defined and (wazuh_manager_logs.matched | int) > 0
- name: Wazuh Server | Fetching configuration
- name: Wazuh Manager | Fetching configuration
ansible.builtin.copy:
src: /var/ossec/etc/ossec.conf
dest: "{{ remote_logs_path }}/wazuh-server/{{ logs_prefix }}_ossec.conf"
dest: "{{ remote_logs_path }}/wazuh-manager/{{ logs_prefix }}_ossec.conf"
remote_src: true
mode: '0644'

12
.github/workflows/aio.yml vendored
View File

@ -13,7 +13,7 @@ on:
default: '["CentOS_8", "AmazonLinux_23", "Ubuntu_22", "RHEL8"]'
type: string
COMMIT_LIST:
description: 'Wazuh components revisions (comma-separated string list) ["indexer", "server", "dashboard", "agent"]'
description: 'Wazuh components revisions (comma-separated string list) ["indexer", "manager", "dashboard", "agent"]'
required: true
default: '["latest", "latest", "latest", "latest"]'
type: string
@ -93,7 +93,7 @@ jobs:
COMMIT_LIST='["latest", "latest", "latest", "latest"]'
fi
echo "COMMIT_LIST=$COMMIT_LIST" >> $GITHUB_OUTPUT
echo "Revision list (indexer, server, dashboard, agent): $COMMIT_LIST"
echo "Revision list (indexer, manager, dashboard, agent): $COMMIT_LIST"
- name: Configure AWS credentials (assume role)
uses: aws-actions/configure-aws-credentials@v4
with:
@ -166,7 +166,7 @@ jobs:
# Extract revisions using jq
INDEXER_COMMIT=$(echo "$COMMIT_LIST" | jq -r '.[0]')
SERVER_COMMIT=$(echo "$COMMIT_LIST" | jq -r '.[1]')
MANAGER_COMMIT=$(echo "$COMMIT_LIST" | jq -r '.[1]')
DASHBOARD_COMMIT=$(echo "$COMMIT_LIST" | jq -r '.[2]')
AGENT_COMMIT=$(echo "$COMMIT_LIST" | jq -r '.[3]')
@ -191,7 +191,7 @@ jobs:
# Replace component revisions
line=${line//\$\{\{ env.INDEXER_REVISION \}\}/$INDEXER_COMMIT}
line=${line//\$\{\{ env.MANAGER_REVISION \}\}/$SERVER_COMMIT}
line=${line//\$\{\{ env.MANAGER_REVISION \}\}/$MANAGER_COMMIT}
line=${line//\$\{\{ env.DASHBOARD_REVISION \}\}/$DASHBOARD_COMMIT}
line=${line//\$\{\{ env.AGENT_REVISION \}\}/$AGENT_COMMIT}
@ -366,8 +366,8 @@ jobs:
echo "ansible_ssh_common_args='-o StrictHostKeyChecking=no'" >> $ALLOCATOR_PATH/inventory
echo "ansible_ssh_private_key_file=${{ needs.setup-runner.outputs.PRIVATE_KEY_PATH }}" >> $ALLOCATOR_PATH/inventory
# Set the Wazuh server IP in the Ansible playbook
sed -i "s|<Your Wazuh Server IP>|$private_ip|g" wazuh-ansible/wazuh-agent.yml
# Set the Wazuh manager IP in the Ansible playbook
sed -i "s|<Your Wazuh Manager IP>|$private_ip|g" wazuh-ansible/wazuh-agent.yml
- name: Allocate Agent instances
run: |
# Define variables

12
.github/workflows/distributed.yml vendored
View File

@ -13,7 +13,7 @@ on:
default: '["CentOS_8", "AmazonLinux_23", "Ubuntu_22", "RHEL8"]'
type: string
COMMIT_LIST:
description: 'Wazuh components revisions (comma-separated string list) ["indexer", "server", "dashboard", "agent"]'
description: 'Wazuh components revisions (comma-separated string list) ["indexer", "manager", "dashboard", "agent"]'
required: true
default: '["latest", "latest", "latest", "latest"]'
type: string
@ -95,7 +95,7 @@ jobs:
COMMIT_LIST='["latest", "latest", "latest", "latest"]'
fi
echo "COMMIT_LIST=$COMMIT_LIST" >> $GITHUB_OUTPUT
echo "Revision list (indexer, server, dashboard, agent): $COMMIT_LIST"
echo "Revision list (indexer, manager, dashboard, agent): $COMMIT_LIST"
- name: Configure AWS credentials (assume role)
uses: aws-actions/configure-aws-credentials@v4
with:
@ -168,7 +168,7 @@ jobs:
# Extract revisions using jq
INDEXER_COMMIT=$(echo "$COMMIT_LIST" | jq -r '.[0]')
SERVER_COMMIT=$(echo "$COMMIT_LIST" | jq -r '.[1]')
MANAGER_COMMIT=$(echo "$COMMIT_LIST" | jq -r '.[1]')
DASHBOARD_COMMIT=$(echo "$COMMIT_LIST" | jq -r '.[2]')
AGENT_COMMIT=$(echo "$COMMIT_LIST" | jq -r '.[3]')
@ -193,7 +193,7 @@ jobs:
# Replace component revisions
line=${line//\$\{\{ env.INDEXER_REVISION \}\}/$INDEXER_COMMIT}
line=${line//\$\{\{ env.MANAGER_REVISION \}\}/$SERVER_COMMIT}
line=${line//\$\{\{ env.MANAGER_REVISION \}\}/$MANAGER_COMMIT}
line=${line//\$\{\{ env.DASHBOARD_REVISION \}\}/$DASHBOARD_COMMIT}
line=${line//\$\{\{ env.AGENT_REVISION \}\}/$AGENT_COMMIT}
@ -409,8 +409,8 @@ jobs:
echo "ansible_ssh_common_args='-o StrictHostKeyChecking=no'" >> $inventory_file
echo "ansible_ssh_private_key_file=${ssh_key_path}" >> $inventory_file
# Set the Wazuh server IP in the Ansible playbook
sed -i "s|<Your Wazuh Server IP>|$manager_private_ip|g" wazuh-ansible/wazuh-agent.yml
# Set the Wazuh manager IP in the Ansible playbook
sed -i "s|<Your Wazuh Manager IP>|$manager_private_ip|g" wazuh-ansible/wazuh-agent.yml
- name: Allocate Agent instances
run: |
# Define variables

1
CHANGELOG.md
View File

@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file.
### Changed
- Replace all occurrences of Wazuh server with Wazuh manager ([#1855](https://github.com/wazuh/wazuh-ansible/pull/1855))
- Documentation backport and adaptation ([#1852](https://github.com/wazuh/wazuh-ansible/pull/1852))
- GHA workflows backport and adaptation ([#1846](https://github.com/wazuh/wazuh-ansible/pull/1846))
- Logs gathering playbook backport and adaptation ([#1842](https://github.com/wazuh/wazuh-ansible/pull/1842))

16
docs/ref/configuration/configuration-files.md
View File

@ -23,7 +23,7 @@ ansible_ssh_private_key_file=/path/to/key.pem
For a distributed deployment, the inventory file specifies multiple nodes, each with its public IP address (or FQDN) and private IP address. This setup includes:
- `wi1`, `wi2`, `wi3`: Wazuh Indexer nodes
- `manager`, `worker`: Wazuh Servers.
- `manager`, `worker`: Wazuh Managers.
- `dashboard`: Wazuh Dashboard.
Each entry defines the required connection details, allowing Ansible to efficiently manage and configure the environment.Ensure that node names remain consistent with those used in the documentation's inventory examples.
@ -74,23 +74,23 @@ The AIO deployment playbook is preconfigured with default values, requiring only
The playbook `wazuh-aio.yml` includes:
- **Wazuh Indexer Role**: Manages configuration and certificate creation for each node, deploying a single Wazuh Indexer instance.
- **Wazuh Server Role**: Sets up a `server` instance and establishes its connection to the Indexer.
- **Wazuh Dashboard Role**: Installs the Wazuh Dashboard on the same node and configures connections to both the Wazuh Indexer and Wazuh Server nodes.
- **Wazuh Manager Role**: Sets up a Wazuh manager instance and establishes its connection to the Wazuh Indexer node.
- **Wazuh Dashboard Role**: Installs the Wazuh Dashboard on the same node and configures connections to both the Wazuh Indexer and Wazuh Manager nodes.
### Distributed Deployment Playbook
The distributed deployment playbook comes preconfigured with default values tailored to the following setup:
- Three Wazuh Indexer nodes (`wi1`, `wi2`, `wi3`) forming a cluster.
- Two Wazuh Server nodes (`manager` and `worker`).
- Two Wazuh Manager nodes (`manager` and `worker`).
- A Wazuh Dashboard node (`dashboard`).
The playbook `wazuh-distributed.yml` includes:
- Wazuh Indexer role: Handles the configuration and certificate generation for each node.
- Wazuh Server role:
- Wazuh Manager role:
- Configures the `manager` and `worker` nodes and their connectivity to the Indexer nodes.
- Wazuh Dashboard role: Configures connectivity to both the Wazuh Indexer and Wazuh Server nodes.
- Wazuh Dashboard role: Configures connectivity to both the Wazuh Indexer and Wazuh Manager nodes.
### Wazuh Agent Deployment Playbook
@ -98,8 +98,8 @@ The Wazuh Agent deployment playbook is designed to install and configure the Waz
The playbook wazuh-agent.yml includes:
- **Wazuh Agent Role**: Installs and configures the Wazuh agent on each host and enrolls to the Wazuh Server manager node.
- **Wazuh Agent Role**: Installs and configures the Wazuh agent on each host and enrolls to the Wazuh Manager manager node.
- **Package URLs Role**: Manages package sources for agent installation.
**Important:**
Before running the playbook, edit the `wazuh-agent.yml` file and replace `<Your Wazuh Server IP>` with the actual IP address of your Wazuh Server manager node.
Before running the playbook, edit the `wazuh-agent.yml` file and replace `<Your Wazuh Manager IP>` with the actual IP address of your Wazuh Manager manager node.

4
docs/ref/deployment.md
View File

@ -28,7 +28,7 @@ Additionally, Wazuh Agents can be installed on one or multiple hosts, simplifyin
In an AIO deployment, all components are installed on a single node, including:
- Wazuh Indexer
- Wazuh Server
- Wazuh Manager
- Wazuh Dashboard
To perform an AIO deployment, use the `wazuh-aio.yml` playbook. This playbook installs and configures all required components on one node.
@ -42,7 +42,7 @@ To perform an AIO deployment, use the `wazuh-aio.yml` playbook. This playbook in
A distributed deployment spreads components across multiple nodes for improved scalability and redundancy. The components include:
- Three Wazuh Indexer nodes
- Two Wazuh Server nodes (master and worker)
- Two Wazuh Manager nodes (master and worker)
- One Wazuh Dashboard node
To execute a distributed deployment, use the `wazuh-distributed.yml` playbook, which installs and configures all necessary components across multiple nodes.

2
docs/ref/getting-started/requirements.md
View File

@ -50,7 +50,7 @@ Here is a detailed outline of the requirements needed to implement Wazuh using w
Refer to the official documentation of each Wazuh component for detailed hardware requirements:
- **Wazuh Indexer**: [Installation Guide](https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/index.html)
- **Wazuh Server**: [Installation Guide](https://documentation.wazuh.com/current/installation-guide/wazuh-server/index.html)
- **Wazuh Manager**: [Installation Guide](https://documentation.wazuh.com/current/installation-guide/wazuh-manager/index.html)
- **Wazuh Dashboard**: [Installation Guide](https://documentation.wazuh.com/current/installation-guide/wazuh-dashboard/index.html)
- **Wazuh Agent**: [Installation Guide](https://documentation.wazuh.com/current/installation-guide/wazuh-agent/index.html)

12
docs/ref/glossary.md
View File

@ -2,11 +2,11 @@
### All-in-One (AIO) Deployment
A deployment method where all Wazuh components (Indexer, Server, and Dashboard) and its dependencies are installed on a single node. Suitable for small environments or testing purposes.
A deployment method where all Wazuh components (Indexer, Manager, and Dashboard) and its dependencies are installed on a single node. Suitable for small environments or testing purposes.
### Distributed Deployment
A deployment strategy in which Wazuh components are installed on separate nodes to enhance scalability, performance, and fault tolerance. It involves multiple Indexer nodes, Server nodes, and a single Dashboard node.
A deployment strategy in which Wazuh components are installed on separate nodes to enhance scalability, performance, and fault tolerance. It involves multiple Indexer nodes, Manager nodes, and a single Dashboard node.
### Ansible
@ -22,7 +22,7 @@ A YAML file containing a set of instructions (tasks) that Ansible executes on ta
### Roles
Reusable Ansible configurations that define tasks for specific components. Examples include `wazuh-indexer`, `wazuh-server`, and `wazuh-dashboard`.
Reusable Ansible configurations that define tasks for specific components. Examples include `wazuh-indexer`, `wazuh-manager`, and `wazuh-dashboard`.
### SSH
@ -34,7 +34,7 @@ The machine where Ansible is installed and from which playbooks are executed. It
### Target Node
A server or host where Wazuh components (Indexer, Server, Dashboard, or Agent) are installed using Ansible.
A server or host where Wazuh components (Indexer, Manager, Dashboard, or Agent) are installed using Ansible.
### Wazuh
@ -42,7 +42,7 @@ An open-source security platform that provides threat detection, compliance mana
### Wazuh Agent
A lightweight software component installed on monitored endpoints to collect and send security data to the Wazuh Server.
A lightweight software component installed on monitored endpoints to collect and send security data to the Wazuh Manager.
### Wazuh Dashboard
@ -52,7 +52,7 @@ A web-based user interface for managing and visualizing Wazuh data.
A component responsible for storing and indexing security data collected by Wazuh Agents.
### Wazuh Server
### Wazuh Manager
The central component of Wazuh that processes data from agents and communicates with the Indexer and Dashboard.

4
docs/ref/introduction/compatibility.md
View File

@ -8,7 +8,7 @@ Also, review the official Ansible documentation to ensure your control node meet
## Central Components Compatibility
To install the central components of Wazuh (indexer, server, and dashboard), it is necessary to use a machine running a Linux operating system. The installation of Wazuh via Ansible is compatible with the two major Linux distribution families: Debian and Red Hat.
To install the central components of Wazuh (indexer, manager, and dashboard), it is necessary to use a machine running a Linux operating system. The installation of Wazuh via Ansible is compatible with the two major Linux distribution families: Debian and Red Hat.
For detailed information on the compatibility of Wazuh components, please refer to the Wazuh documentation:
@ -26,6 +26,6 @@ For more detailed information on Wazuh agents compatibility, please refer to
## Notes on Compatibility
- Ensure the target systems meet the minimum hardware and software requirements for Wazuh.
- Verify that the network configuration allows proper communication between Wazuh components (e.g., server, agents, and dashboard).
- Verify that the network configuration allows proper communication between Wazuh components (e.g., manager, agents, and dashboard).
- Refer to the Wazuh documentation for detailed information on the [Architecture](https://documentation.wazuh.com/current/getting-started/architecture.html) and network requirements.
- For distributed deployments, ensure all nodes are running compatible operating systems and Wazuh versions.

6
docs/ref/introduction/description.md
View File

@ -12,7 +12,7 @@ Key features include:
## How Wazuh-Ansible Works
The project is organized with playbooks located in the project root directory and roles stored in the `roles` directory. Each role contains specific tasks to configure Wazuh components, such as the server, agents, or the web interface.
The project is organized with playbooks located in the project root directory and roles stored in the `roles` directory. Each role contains specific tasks to configure Wazuh components, such as the manager, agents, or the web interface.
When a playbook is executed, Ansible uses the defined roles to perform the required tasks. This structure ensures flexibility and code reusability, making it easier to manage configurations across multiple servers.
@ -22,7 +22,7 @@ The available playbooks in the project include:
- `wazuh-aio.yml`: Deploys Wazuh on a single server (All-in-One).
- `wazuh-distributed.yml`: Deploys Wazuh in a distributed environment.
- `wazuh-agent.yml`: Configures and enrolls one or more agents into the Wazuh server.
- `wazuh-agent.yml`: Configures and enrolls one or more agents into the Wazuh manager.
### Roles
@ -30,7 +30,7 @@ The roles utilized in the project, executed in sequence, are:
- `package-urls`: Configures the URLs for Wazuh packages.
- `wazuh-indexer`: Installs and configures the Wazuh Indexer component.
- `wazuh-server`: Installs and configures the Wazuh server.
- `wazuh-manager`: Installs and configures the Wazuh manager.
- `wazuh-dashboard`: Installs and configures the Wazuh User Interface (WUI).
## Use Cases

4
roles/wazuh-agent/tasks/Linux.yml
View File

@ -22,7 +22,7 @@
state: present
disable_gpg_check: true
environment:
WAZUH_MANAGER: "{{ wazuh_server_address }}"
WAZUH_MANAGER: "{{ wazuh_manager_address }}"
when:
- ansible_facts.os_family == "RedHat"
@ -31,7 +31,7 @@
deb: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}_{{ ansible_facts.architecture }}.deb"
state: present
environment:
WAZUH_MANAGER: "{{ wazuh_server_address }}"
WAZUH_MANAGER: "{{ wazuh_manager_address }}"
when:
- ansible_facts.os_family == "Debian"

2
roles/wazuh-agent/tasks/Windows.yml
View File

@ -13,7 +13,7 @@
- name: Windows | Install Wazuh agent
ansible.windows.win_package:
path: "{{ wazuh_agent_win_package_download_path }}\\{{ wazuh_agent_package_name }}.msi"
arguments: '/q WAZUH_MANAGER="{{ wazuh_server_address }}"'
arguments: '/q WAZUH_MANAGER="{{ wazuh_manager_address }}"'
state: present
- name: Windows | Stop Wazuh agent service (if already running)

2
roles/wazuh-agent/tasks/macOS.yml
View File

@ -25,7 +25,7 @@
- name: MacOS | Create Wazuh environment variables file
ansible.builtin.copy:
content: |
WAZUH_MANAGER="{{ wazuh_server_address }}"
WAZUH_MANAGER="{{ wazuh_manager_address }}"
dest: /tmp/wazuh_envs
mode: '0644'

2
roles/wazuh-dashboard/defaults/main.yml
View File

@ -1,7 +1,7 @@
---
dashboard_node_name: "dashboard"
wazuh_server_master_address: "{{ hostvars[inventory_hostname].private_ip }}"
wazuh_manager_master_address: "{{ hostvars[inventory_hostname].private_ip }}"
indexer_cluster_nodes:
- "{{ hostvars[inventory_hostname].private_ip }}"

4
roles/wazuh-dashboard/tasks/main.yml
View File

@ -52,11 +52,11 @@
- https://{{ node }}:9200
{% endfor %}
# - name: Dashboard-config | Configure Wazuh server address in wazuh.yml
# - name: Dashboard-config | Configure Wazuh manager address in wazuh.yml
# ansible.builtin.replace:
# path: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
# regexp: 'url:\s+https://.*$'
# replace: 'url: https://{{ wazuh_server_master_address }}'
# replace: 'url: https://{{ wazuh_manager_master_address }}'
# become: true
- name: Copy the certificates from local to the Wazuh dashboard instance

4
roles/wazuh-indexer/tasks/config_files_setup.yml
View File

@ -88,7 +88,7 @@
- name: Cert-gen | Add server nodes section (cluster mode)
ansible.builtin.blockinfile:
path: "{{ local_configs_path }}/config.yml"
marker: "# Server nodes"
marker: "# Manager nodes"
state: present
insertafter: "server:"
block: |
@ -133,7 +133,7 @@
regexp: '<indexer-node-ip>'
replace: "{{ hostvars[inventory_hostname].private_ip }}"
- name: Cert-gen | Add server node section (single node mode)
- name: Cert-gen | Add manager node section (single node mode)
ansible.builtin.replace:
path: "{{ local_configs_path }}/config.yml"
regexp: '<wazuh-manager-ip>'

11
roles/wazuh-manager/defaults/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
single_node: false
node_type: "master"
manager_node_name: "wazuh-1"
wazuh_indexer_hosts:
- host: "{{ hostvars[inventory_hostname].private_ip }}"
port: 9200
wazuh_manager_package_download_path: "/tmp/wazuh-manager"
wazuh_manager_package_name: "wazuh-manager-{{ wazuh_full_version }}-{{ wazuh_package_revision }}"

78
roles/wazuh-server/tasks/main.yml → roles/wazuh-manager/tasks/main.yml
View File

@ -8,7 +8,7 @@
ansible.builtin.include_vars:
file: ../../vars/{{ urls_file }}
- name: Install Wazuh Server
- name: Install Wazuh Manager
block:
- name: Check if local_configs_path directory exists
run_once: true
@ -25,59 +25,59 @@
msg: "The directory {{ local_configs_path }} (local_configs_path) does not exist."
when: not local_configs_path_stat.stat.exists
- name: Ensure wazuh-server package download directory exists
- name: Ensure wazuh-manager package download directory exists
ansible.builtin.file:
path: "{{ wazuh_server_package_download_path }}"
path: "{{ wazuh_manager_package_download_path }}"
state: directory
mode: '0755'
- name: RHEL-based | Download wazuh-server package
- name: RHEL-based | Download wazuh-manager package
when: ansible_facts.os_family == 'RedHat'
block:
- name: RedHat/CentOS/Fedora (x86_64) | Download wazuh-server package
- name: RedHat/CentOS/Fedora (x86_64) | Download wazuh-manager package
ansible.builtin.get_url:
url: "{{ wazuh_manager_amd64_rpm }}"
dest: "{{ wazuh_server_package_download_path }}/{{ wazuh_server_package_name }}_{{ ansible_facts.architecture }}.rpm"
dest: "{{ wazuh_manager_package_download_path }}/{{ wazuh_manager_package_name }}_{{ ansible_facts.architecture }}.rpm"
mode: '0644'
when:
- ansible_facts.architecture == "x86_64"
- name: RedHat/CentOS/Fedora (aarch64) | Download wazuh-server package
- name: RedHat/CentOS/Fedora (aarch64) | Download wazuh-manager package
ansible.builtin.get_url:
url: "{{ wazuh_manager_arm64_rpm }}"
dest: "{{ wazuh_server_package_download_path }}/{{ wazuh_server_package_name }}_{{ ansible_facts.architecture }}.rpm"
dest: "{{ wazuh_manager_package_download_path }}/{{ wazuh_manager_package_name }}_{{ ansible_facts.architecture }}.rpm"
mode: '0644'
when:
- ansible_facts.architecture == "aarch64"
- name: RedHat/CentOS/Fedora | Install wazuh-server package
- name: RedHat/CentOS/Fedora | Install wazuh-manager package
ansible.builtin.dnf:
name: "{{ wazuh_server_package_download_path }}/{{ wazuh_server_package_name }}_{{ ansible_facts.architecture }}.rpm"
name: "{{ wazuh_manager_package_download_path }}/{{ wazuh_manager_package_name }}_{{ ansible_facts.architecture }}.rpm"
state: present
disable_gpg_check: true
- name: Debian-based systems | Download wazuh-server package
- name: Debian-based systems | Download wazuh-manager package
when: ansible_facts.os_family == 'Debian'
block:
- name: Debian-based (AMD64) | Download wazuh-server package
- name: Debian-based (AMD64) | Download wazuh-manager package
ansible.builtin.get_url:
url: "{{ wazuh_manager_amd64_deb }}"
dest: "{{ wazuh_server_package_download_path }}/{{ wazuh_server_package_name }}_{{ ansible_facts.architecture }}.deb"
dest: "{{ wazuh_manager_package_download_path }}/{{ wazuh_manager_package_name }}_{{ ansible_facts.architecture }}.deb"
mode: '0644'
when:
- ansible_facts.architecture == "x86_64"
- name: Debian-based (ARM64) | Download wazuh-server package
- name: Debian-based (ARM64) | Download wazuh-manager package
ansible.builtin.get_url:
url: "{{ wazuh_manager_arm64_deb }}"
dest: "{{ wazuh_server_package_download_path }}/{{ wazuh_server_package_name }}_{{ ansible_facts.architecture }}.deb"
dest: "{{ wazuh_manager_package_download_path }}/{{ wazuh_manager_package_name }}_{{ ansible_facts.architecture }}.deb"
mode: '0644'
when:
- ansible_facts.architecture == "aarch64"
- name: Debian-based | Install wazuh-server package
- name: Debian-based | Install wazuh-manager package
ansible.builtin.apt:
deb: "{{ wazuh_server_package_download_path }}/{{ wazuh_server_package_name }}_{{ ansible_facts.architecture }}.deb"
deb: "{{ wazuh_manager_package_download_path }}/{{ wazuh_manager_package_name }}_{{ ansible_facts.architecture }}.deb"
state: present
- name: Linux | Reload systemd configuration
@ -85,7 +85,7 @@
daemon_reload: true
become: true
- name: Copy the certificates from local to the Wazuh Server instance
- name: Copy the certificates from local to the Wazuh Manager instance
ansible.builtin.copy:
src: "{{ local_configs_path }}/wazuh-certificates/{{ item }}"
dest: /var/ossec/etc/certs/
@ -94,8 +94,8 @@
mode: '0400'
with_items:
- "root-ca.pem"
- "{{ server_node_name }}-key.pem"
- "{{ server_node_name }}.pem"
- "{{ manager_node_name }}-key.pem"
- "{{ manager_node_name }}.pem"
- name: Copy certificates to match default names
ansible.builtin.copy:
@ -106,8 +106,8 @@
group: wazuh
mode: '0400'
with_items:
- { src: "{{ server_node_name }}-key.pem", dest: "server-1-key.pem" }
- { src: "{{ server_node_name }}.pem", dest: "server-1.pem" }
- { src: "{{ manager_node_name }}-key.pem", dest: "manager-1-key.pem" }
- { src: "{{ manager_node_name }}.pem", dest: "manager-1.pem" }
# TEMP: make sure destination directory exists
- name: Create Filebeat certificates directory
@ -129,8 +129,8 @@
mode: '0400'
with_items:
- { src: "/var/ossec/etc/certs/root-ca.pem", dest: "/etc/filebeat/certs/root-ca.pem" }
- { src: "/var/ossec/etc/certs/{{ server_node_name }}.pem", dest: "/etc/filebeat/certs/filebeat.pem" }
- { src: "/var/ossec/etc/certs/{{ server_node_name }}-key.pem", dest: "/etc/filebeat/certs/filebeat-key.pem" }
- { src: "/var/ossec/etc/certs/{{ manager_node_name }}.pem", dest: "/etc/filebeat/certs/filebeat.pem" }
- { src: "/var/ossec/etc/certs/{{ manager_node_name }}-key.pem", dest: "/etc/filebeat/certs/filebeat-key.pem" }
- name: Generate the wazuh-keystore (username)
ansible.builtin.shell:
@ -150,9 +150,9 @@
register: keystore_password_result
changed_when: keystore_password_result.rc == 0
- name: Server-config | Edit the ossec.conf file
- name: Manager-config | Edit the ossec.conf file
block:
- name: Server-config | Replace indexer hosts in ossec.conf
- name: Manager-config | Replace indexer hosts in ossec.conf
ansible.builtin.replace:
path: /var/ossec/etc/ossec.conf
regexp: '(^[ \t]*)<hosts>[\s\S]*?</hosts>'
@ -163,41 +163,41 @@
{% endfor %}
</hosts>
- name: Server-config | Edit cluster configuration in ossec.conf (node name)
- name: Manager-config | Edit cluster configuration in ossec.conf (node name)
ansible.builtin.replace:
path: /var/ossec/etc/ossec.conf
regexp: '(<node_name>)[^<]+(</node_name>)'
replace: '\1{{ server_node_name }}\2'
replace: '\1{{ manager_node_name }}\2'
- name: Server-config | Edit cluster configuration in ossec.conf (node type)
- name: Manager-config | Edit cluster configuration in ossec.conf (node type)
ansible.builtin.replace:
path: /var/ossec/etc/ossec.conf
regexp: '(<node_type>)[^<]+(</node_type>)'
replace: '\1{% if node_type == "master" or single_node %}master{% else %}worker{% endif %}\2'
- name: Server-config | Edit cluster configuration in ossec.conf (bind address)
- name: Manager-config | Edit cluster configuration in ossec.conf (bind address)
ansible.builtin.replace:
path: /var/ossec/etc/ossec.conf
regexp: '(<bind_addr>)[\s\S]*?(</bind_addr>)'
replace: '<bind_addr>0.0.0.0</bind_addr>'
- name: Server-config | Edit cluster configuration in ossec.conf (nodes list)
- name: Manager-config | Edit cluster configuration in ossec.conf (nodes list)
ansible.builtin.replace:
path: /var/ossec/etc/ossec.conf
regexp: '(<node>)[\s\S]*?(</node>)'
replace: '<node>{{ hostvars["manager"].private_ip }}</node>'
when: not single_node
- name: Ensure Wazuh Server service is started
- name: Ensure Wazuh Manager service is started
ansible.builtin.service:
name: "wazuh-manager"
enabled: true
state: restarted
- name: Wazuh Server | Health check (master)
- name: Wazuh Manager | Health check (master)
when: node_type == "master" or single_node
block:
- name: Wazuh Server | Authenticate and obtain API token (master)
- name: Wazuh Manager | Authenticate and obtain API token (master)
ansible.builtin.uri:
url: "https://{{ private_ip }}:55000/security/user/authenticate"
method: POST
@ -211,7 +211,7 @@
retries: 12
delay: 5
- name: Wazuh Server | Perform API healthcheck (master)
- name: Wazuh Manager | Perform API healthcheck (master)
ansible.builtin.uri:
url: "https://{{ private_ip }}:55000/cluster/healthcheck"
method: GET
@ -222,14 +222,14 @@
register: wazuh_api_healthcheck
until:
- wazuh_api_healthcheck.status == 200
- server_node_name in wazuh_api_healthcheck.content
- manager_node_name in wazuh_api_healthcheck.content
retries: 12
delay: 5
- name: Wazuh Server | Health check (worker)
- name: Wazuh Manager | Health check (worker)
when: node_type == "worker" and not single_node
block:
- name: Wazuh Server | Perform CLI healthcheck (worker)
- name: Wazuh Manager | Perform CLI healthcheck (worker)
ansible.builtin.command: /var/ossec/bin/cluster_control -l
register: cluster_control_list
changed_when: false
@ -241,6 +241,6 @@
- name: Remove leftover installation files
ansible.builtin.file:
path: "{{ wazuh_server_package_download_path }}"
path: "{{ wazuh_manager_package_download_path }}"
state: absent
force: true

11
roles/wazuh-server/defaults/main.yml
View File

@ -1,11 +0,0 @@
---
single_node: false
node_type: "master"
server_node_name: "wazuh-1"
wazuh_indexer_hosts:
- host: "{{ hostvars[inventory_hostname].private_ip }}"
port: 9200
wazuh_server_package_download_path: "/tmp/wazuh-server"
wazuh_server_package_name: "wazuh-server-{{ wazuh_full_version }}-{{ wazuh_package_revision }}"

2
wazuh-agent.yml
View File

@ -4,7 +4,7 @@
hosts: agents
strategy: free
vars:
wazuh_server_address: "<Your Wazuh Server IP>"
wazuh_manager_address: "<Your Wazuh Manager IP>"
roles:
- role: package-urls
tasks:

2
wazuh-aio.yml
View File

@ -6,7 +6,7 @@
roles:
- role: package-urls
- role: wazuh-indexer
- role: wazuh-server
- role: wazuh-manager
- role: wazuh-dashboard
vars:
single_node: true

10
wazuh-distributed.yml
View File

@ -45,11 +45,11 @@
- name: Configure Wazuh Manager
hosts: manager
roles:
- role: wazuh-server
- role: wazuh-manager
become: true
vars:
node_type: "master"
server_node_name: "node-4"
manager_node_name: "node-4"
wazuh_indexer_hosts:
- host: "{{ hostvars.wi1.private_ip }}"
port: 9200
@ -61,11 +61,11 @@
- name: Configure Wazuh Worker
hosts: worker
roles:
- role: wazuh-server
- role: wazuh-manager
become: true
vars:
node_type: "worker"
server_node_name: "node-5"
manager_node_name: "node-5"
wazuh_indexer_hosts:
- host: "{{ hostvars.wi1.private_ip }}"
port: 9200
@ -81,7 +81,7 @@
become: true
vars:
dashboard_node_name: "node-6"
wazuh_server_master_address: "{{ hostvars.manager.private_ip }}"
wazuh_manager_master_address: "{{ hostvars.manager.private_ip }}"
indexer_cluster_nodes:
- "{{ hostvars.wi1.private_ip }}"
- "{{ hostvars.wi2.private_ip }}"