Updat README

2020-10-15 16:44:54 +02:00 · 2020-10-15 16:44:54 +02:00 · 25b2a8a946
commit 25b2a8a946
parent 32d38d70bb
1 changed files with 207 additions and 284 deletions
--- a/README.md
+++ b/README.md
@ -48,10 +48,11 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack.
    │ ├── VERSION
    │ ├── CHANGELOG.md

-## Example custom deploy: Wazuh cluster, ODFE cluster, Kibana 
+
+## Example: production-ready distributed environment

 ### Playbook
-The hereunder example playbook deploys a complete Wazuh distributed architecture with two Wazuh nodes (master+worker), 3 ODFE nodes and a mixed ODFE and Kibana node.
+The hereunder example playbook uses the `wazuh-ansible` role to provision a production-ready Wazuh environment. The architecture includes 2 Wazuh nodes, 3 ODFE nodes and a mixed ODFE-Kibana node.

 ```yaml
 ---
@ -72,15 +73,7 @@ The hereunder example playbook deploys a complete Wazuh distributed architecture
      become: yes
      become_user: root
      vars:
-      opendistro_standalone_installation: false
-      ansible_ssh_user: centos
-      ansible_ssh_private_key_file: /home/zenid/.ssh/core-dev-nv.pem
-      ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
        elasticsearch_node_master: true
-      elasticsearch_cluster_name: wazuh
-      opendistro_version: 1.10.1
-      opendistro_admin_password: T3stP4ssw0rd
-      certs_gen_tool_url: https://wazuh-demo.s3-us-west-1.amazonaws.com/search-guard-tlstool-1.7.zip
        instances:
          node1:
            name: node-1       # Important: must be equal to elasticsearch_node_name.
@ -120,16 +113,7 @@ The hereunder example playbook deploys a complete Wazuh distributed architecture
          - "{{ hostvars.es1.private_ip }}"
          - "{{ hostvars.es2.private_ip }}"
          - "{{ hostvars.es3.private_ip }}"
-      opendistro_standalone_installation: false
-      ansible_ssh_user: centos
-      ansible_ssh_private_key_file: /home/zenid/.ssh/core-dev-nv.pem
-      ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
        elasticsearch_node_master: true
-      elasticsearch_cluster_name: wazuh
-      opendistro_version: 1.10.1
-      opendistro_admin_password: T3stP4ssw0rd
-      opendistro_custom_user_role: admin
-      certs_gen_tool_url: https://wazuh-demo.s3-us-west-1.amazonaws.com/search-guard-tlstool-1.7.zip
        instances:
          node1:
            name: node-1       # Important: must be equal to elasticsearch_node_name.
@ -159,10 +143,6 @@ The hereunder example playbook deploys a complete Wazuh distributed architecture
      become: yes
      become_user: root
      vars:
-      ansible_ssh_user: "centos"
-      ansible_ssh_private_key_file: /home/zenid/.ssh/core-dev-nv.pem
-      ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
-      wazuh_manager_version: 3.13.2
        wazuh_manager_config:
          connection:
              - type: 'secure'
@ -170,23 +150,14 @@ The hereunder example playbook deploys a complete Wazuh distributed architecture
                protocol: 'tcp'
                queue_size: 131072
          api:
-            port: "55000"
              https: 'yes'
          cluster:
              disable: 'no'
-            name: 'wazuh'
              node_name: 'master'
              node_type: 'master'
-            key: 'c98b62a9b6169ac5f67dae55ae4a9088'
-            port: '1516'
-            bind_addr: '0.0.0.0'
              nodes:
                  - '"{{ hostvars.manager.private_ip }}"'
              hidden: 'no'
-      filebeat_version: 7.9.1
-      filebeat_security: true
-      elasticsearch_security_user: wazuh
-      elasticsearch_security_password: T3stP4ssw0rd
        filebeat_output_elasticsearch_hosts:
                - "{{ hostvars.es1.private_ip }}"
                - "{{ hostvars.es2.private_ip }}"
@ -201,48 +172,21 @@ The hereunder example playbook deploys a complete Wazuh distributed architecture
      become_user: root
      vars:
        wazuh_manager_config:
-        authd:
-            enable: false
-            port: 1515
-            use_source_ip: 'no'
-            force_insert: 'yes'
-            force_time: 0
-            purge: 'yes'
-            use_password: 'no'
-            limit_maxagents: 'yes'
-            ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'
-            ssl_agent_ca: null
-            ssl_verify_host: 'no'
-            ssl_manager_cert: 'sslmanager.cert'
-            ssl_manager_key: 'sslmanager.key'
-            ssl_auto_negotiate: 'no'
          connection:
              - type: 'secure'
                port: '1514'
                protocol: 'tcp'
                queue_size: 131072
          api:
-            port: "55000"
              https: 'yes'
          cluster:
              disable: 'no'
-            name: 'wazuh'
              node_name: 'worker_01'
              node_type: 'worker'
              key: 'c98b62a9b6169ac5f67dae55ae4a9088'
-            port: '1516'
-            bind_addr: '0.0.0.0'
              nodes:
                  - '"{{ hostvars.manager.private_ip }}"'
              hidden: 'no'
-      ansible_ssh_user: centos
-      ansible_ssh_private_key_file: /home/zenid/.ssh/core-dev-nv.pem
-      ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
-      wazuh_manager_version: 3.13.2
-      filebeat_version: 7.9.1
-      filebeat_security: true
-      elasticsearch_security_user: wazuh
-      elasticsearch_security_password: T3stP4ssw0rd
        filebeat_output_elasticsearch_hosts:
                - "{{ hostvars.es1.private_ip }}"
                - "{{ hostvars.es2.private_ip }}"
@ -256,11 +200,8 @@ The hereunder example playbook deploys a complete Wazuh distributed architecture
      become: yes
      become_user: root
      vars:
-      elasticsearch_jvm_xms: 2560
        elasticsearch_network_host: "{{ hostvars.kibana.private_ip }}"
        elasticsearch_node_name: node-6
-      opendistro_kibana_user: wazuh
-      opendistro_kibana_password: T3stP4ssw0rd
        elasticsearch_node_master: false
        elasticsearch_node_ingest: false
        elasticsearch_node_data: false
@ -273,21 +214,6 @@ The hereunder example playbook deploys a complete Wazuh distributed architecture
            - "{{ hostvars.es2.private_ip }}"
            - "{{ hostvars.es3.private_ip }}"
        kibana_node_name: node-6
-      opendistro_standalone_installation: false
-      ansible_ssh_user: centos
-      ansible_ssh_private_key_file: /home/zenid/.ssh/core-dev-nv.pem
-      ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
-      wazuh_version: 3.13.2
-      elastic_stack_version: 7.9.1
-      opendistro_version: 1.10.1
-      kibana_opendistro_version: -1.10.1-1
-      elasticsearch_cluster_name: wazuh
-      kibana_opendistro_security: true
-      opendistro_admin_password: T3stP4ssw0rd
-      opendistro_custom_user: wazuh
-      opendistro_custom_user_role: admin
-      node_options: "--max-old-space-size=2048"
-      certs_gen_tool_url: https://wazuh-demo.s3-us-west-1.amazonaws.com/search-guard-tlstool-1.7.zip
        wazuh_api_credentials:
          - id: default
            url: https://{{ hostvars.manager.private_ip }}
@ -315,58 +241,55 @@ The hereunder example playbook deploys a complete Wazuh distributed architecture
            ip: "{{ hostvars.kibana.private_ip }}"
 ```

+### Inventory file

-### Example inventory file
+The inventory file sets the public and private address of each node. The public addresses are used to gather facts and provision the instances while the private addresses are used for the cluster communications.

+The ssh credentials used by Ansible during the provision can be specified in this file too. Another option is including them directly on the playbook.

 ```ini
 es1 ansible_host=<es1_ec2_public_ip> private_ip=<es1_ec2_private_ip> elasticsearch_node_name=node-1
 es2 ansible_host=<es2_ec2_public_ip> private_ip=<es2_ec2_private_ip> elasticsearch_node_name=node-2
-es3 ansible_host=<es3_ec2_public_ip> private_ip=<es3_ec2_private_ip> elasticsearch_node_name=node-3 opendistro_custom_user=wazuh
+es3 ansible_host=<es3_ec2_public_ip> private_ip=<es3_ec2_private_ip> elasticsearch_node_name=node-3
 kibana  ansible_host=<kibana_node_public_ip> private_ip=<kibana_ec2_private_ip>
 manager ansible_host=<manager_node_public_ip> private_ip=<manager_ec2_private_ip>
 worker  ansible_host=<worker_node_public_ip> private_ip=<worker_ec2_private_ip>

-
 [odfe_cluster]
 es1
 es2
 es3
-[wui]
-kibana
-[managers]
-manager
-worker
+
+[all:vars]
+ansible_ssh_user=vagrant
+ansible_ssh_private_key_file=/path/to/ssh/key.pem
+ansible_ssh_extra_args='-o StrictHostKeyChecking=no'
+```
+
+### Launching playbook
+
+```bash
+ansible-playbook wazuh-odfe-production-ready.yml -i inventory
+```
+
+## Example: single-host environment
+
+### Playbook
+The hereunder example playbook uses the `wazuh-ansible` role to provision a single-host Wazuh environment. This architecture includes all the Wazuh and ODFE components in a single node.
+
+```yaml
+
+```
+
+### Launching playbook
+
+```bash
+ansible-playbook wazuh-odfe-single.yml -i inventory
 ```


 ## Branches
-
-* `stable` branch on correspond to the last Wazuh-Ansible stable version.
-* `master` branch contains the latest code, be aware of possible bugs on this branch.
-
-## Testing
-
-1. Get the `wazuh-ansible` folder from the `wazuh-qa` [repository](https://github.com/wazuh/wazuh-qa/tree/master/ansible/wazuh-ansible).
-
-```
-git clone https://github.com/wazuh/wazuh-qa
-```
-
-2. Copy the `Pipfile` and the `molecule` folder into the root wazuh-ansible directory:
-
-```
-cp wazuh-qa/ansible/wazuh-ansible/* . -R
-```
-
-3. Follow these steps for launching the tests. Check the Pipfile for running different scenarios:
-
-```
-pip install pipenv
-sudo pipenv install
-pipenv run test
-pipenv run agent
-```
+* `master` branch on correspond to the last Wazuh-Ansible stable version.

 ## Contribute

@ -387,7 +310,7 @@ https://github.com/dj-wasabi/ansible-ossec-server
 ## License and copyright

 WAZUH
-Copyright (C) 2016-2018 Wazuh Inc.  (License GPLv2)
+Copyright (C) 2016-2020 Wazuh Inc.  (License GPLv2)

 ## Web references