From 56bbd22f6542a309a059aec38e66c840d1cd12ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Tue, 2 Mar 2021 19:55:22 +0100 Subject: [PATCH 1/5] Apply Wazuh v4.1.1 changes --- README.md | 4 ++-- molecule/default/tests/test_default.py | 4 ++-- .../distributed-wazuh-elk-xpack/group_vars/all.yml | 10 +++++----- .../tests/test_default.py | 4 ++-- molecule/distributed-wazuh-elk/group_vars/all.yml | 10 +++++----- .../distributed-wazuh-elk/tests/test_default.py | 4 ++-- molecule/distributed-wazuh-odfe/group_vars/all.yml | 14 +++++++------- .../distributed-wazuh-odfe/tests/test_default.py | 4 ++-- pyproject.toml | 2 +- .../elastic-stack/ansible-elasticsearch/README.md | 2 +- .../ansible-elasticsearch/defaults/main.yml | 2 +- .../elastic-stack/ansible-kibana/defaults/main.yml | 6 +++--- roles/elastic-stack/ansible-kibana/tasks/main.yml | 10 +++++----- .../opendistro-elasticsearch/defaults/main.yml | 2 +- .../opendistro/opendistro-kibana/defaults/main.yml | 8 ++++---- roles/opendistro/opendistro-kibana/tasks/main.yml | 4 ++-- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 14 +++++++------- .../wazuh/ansible-wazuh-manager/defaults/main.yml | 10 +++++++--- .../templates/var-ossec-etc-ossec-server.conf.j2 | 5 ++--- 21 files changed, 65 insertions(+), 62 deletions(-) diff --git a/README.md b/README.md index 6c19bd11..66a3cbb9 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. ## Branches * `master` branch corresponds to the latest Wazuh Ansible changes. It might be unstable. -* `3.13` branch on correspond to the last Wazuh Ansible stable version. +* `4.1` branch on correspond to the last Wazuh Ansible stable version. ## Compatibility Matrix | Wazuh version | Elastic | ODFE | |---------------|---------|--------| -| v4.0.4 | 7.9.3 | 1.11.0 | +| v4.1.1 | 7.10.0 | 1.12.0 | ## Documentation diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 9685df3b..e2553f2b 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.0.4" + return "4.1.1" def test_wazuh_packages_are_installed(host): @@ -61,4 +61,4 @@ def test_filebeat_is_installed(host): """Test the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.9.1') + assert filebeat.version.startswith('7.10.0') diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml index 9a7f803c..0ddad67f 100644 --- a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml @@ -14,15 +14,15 @@ kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}" ######################################################## # Versions -elastic_stack_version: 7.9.3 -filebeat_version: 7.9.3 +elastic_stack_version: 7.10.2 +filebeat_version: 7.10.2 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.0.4-1 -wazuh_agent_version: 4.0.4-1 +wazuh_manager_version: 4.1.1-1 +wazuh_agent_version: 4.1.1-1 # Kibana role appends it automatically. -wazuh_version: 4.0.4 +wazuh_version: 4.1.1 ######################################################## diff --git a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py index 4c045977..df94fa34 100644 --- a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py +++ b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.0.4" + return "4.1.1" def test_wazuh_packages_are_installed(host): @@ -61,4 +61,4 @@ def test_filebeat_is_installed(host): """Test the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.9.3') + assert filebeat.version.startswith('7.10.2') diff --git a/molecule/distributed-wazuh-elk/group_vars/all.yml b/molecule/distributed-wazuh-elk/group_vars/all.yml index c436a187..eee90788 100644 --- a/molecule/distributed-wazuh-elk/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk/group_vars/all.yml @@ -12,12 +12,12 @@ elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" ######################################################## # Versions -elastic_stack_version: 7.9.3 -filebeat_version: 7.9.3 +elastic_stack_version: 7.10.2 +filebeat_version: 7.10.2 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.0.4-1 -wazuh_agent_version: 4.0.4-1 +wazuh_manager_version: 4.1.1-1 +wazuh_agent_version: 4.1.1-1 # Kibana role appends it automatically. -wazuh_version: 4.0.4 \ No newline at end of file +wazuh_version: 4.1.1 diff --git a/molecule/distributed-wazuh-elk/tests/test_default.py b/molecule/distributed-wazuh-elk/tests/test_default.py index 4c045977..df94fa34 100644 --- a/molecule/distributed-wazuh-elk/tests/test_default.py +++ b/molecule/distributed-wazuh-elk/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.0.4" + return "4.1.1" def test_wazuh_packages_are_installed(host): @@ -61,4 +61,4 @@ def test_filebeat_is_installed(host): """Test the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.9.3') + assert filebeat.version.startswith('7.10.2') diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml index 800554c3..0c3f41be 100644 --- a/molecule/distributed-wazuh-odfe/group_vars/all.yml +++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml @@ -34,14 +34,14 @@ filebeat_node_name: '{{ ansible_hostname }}' # Versions # See: https://opendistro.github.io/for-elasticsearch-docs/version-history/ -elastic_stack_version: 7.9.1 -opendistro_version: 1.11.0 -filebeat_version: 7.9.1 -kibana_opendistro_version: -1.11.0-1 +elastic_stack_version: 7.10.0 +opendistro_version: 1.12.0 +filebeat_version: 7.10.0 +kibana_opendistro_version: -1.12.0-1 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.0.4-1 -wazuh_agent_version: 4.0.4-1 +wazuh_manager_version: 4.1.1-1 +wazuh_agent_version: 4.1.1-1 # Kibana role appends it automatically. -wazuh_version: 4.0.4 \ No newline at end of file +wazuh_version: 4.1.1 diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh-odfe/tests/test_default.py index 9685df3b..e2553f2b 100644 --- a/molecule/distributed-wazuh-odfe/tests/test_default.py +++ b/molecule/distributed-wazuh-odfe/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.0.4" + return "4.1.1" def test_wazuh_packages_are_installed(host): @@ -61,4 +61,4 @@ def test_filebeat_is_installed(host): """Test the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.9.1') + assert filebeat.version.startswith('7.10.0') diff --git a/pyproject.toml b/pyproject.toml index 97491f5f..fc3313b6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "wazuh-ansible" -version = "4.0.4" +version = "4.1.1" description = "" authors = ["neonmei "] diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 4d5636ad..15f7ee7a 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -36,7 +36,7 @@ Example Playbook ``` - hosts: elasticsearch roles: - - { role: ansible-role-elasticsearch, elasticsearch_network_host: '192.168.33.182', single_host: true } + - { role: ansible-role-elasticsearch, elasticsearch_network_host: '192.168.33.182', single_node: true } ``` - Three nodes Elasticsearch cluster diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 34d44890..e82c3141 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.9.3 +elastic_stack_version: 7.10.2 elasticsearch_lower_disk_requirements: false elasticsearch_path_repo: [] diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 01fb49c0..be7a8820 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,8 +6,8 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_conf_path: /etc/kibana -elastic_stack_version: 7.9.3 -wazuh_version: 4.0.4 +elastic_stack_version: 7.10.2 +wazuh_version: 4.1.1 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana elasticrepo: @@ -47,7 +47,7 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 4.0-7.9 +wazuh_plugin_branch: 4.1-7.10 #Nodejs NODE_OPTIONS node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 43de44e9..85666192 100755 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -88,7 +88,7 @@ - name: Removing bundles file: - path: /usr/share/kibana/optimize/bundles + path: /usr/share/kibana/data/bundles state: absent when: wazuh_app_verify.rc == 1 tags: install @@ -131,10 +131,10 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli --optimize -c {{ kibana_conf_path }}/kibana.yml + shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml args: executable: /bin/bash - creates: /usr/share/kibana/optimize/wazuh/ + creates: /usr/share/kibana/data/wazuh/ become: yes become_user: kibana tags: @@ -159,7 +159,7 @@ - name: Create wazuh plugin config directory file: - path: /usr/share/kibana/optimize/wazuh/config/ + path: /usr/share/kibana/data/wazuh/config/ state: directory recurse: yes owner: kibana @@ -170,7 +170,7 @@ - name: Configure Wazuh Kibana Plugin template: src: wazuh.yml.j2 - dest: /usr/share/kibana/optimize/wazuh/config/wazuh.yml + dest: /usr/share/kibana/data/wazuh/config/wazuh.yml owner: kibana group: kibana mode: 0751 diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index cfcbc863..52db7353 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -1,6 +1,6 @@ --- # Cluster Settings -opendistro_version: 1.11.0 +opendistro_version: 1.12.0 single_node: false elasticsearch_node_name: node-1 diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 223cdfb6..3caed1d0 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -9,12 +9,12 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 -elastic_stack_version: 7.9.1 -wazuh_version: 4.0.4 +elastic_stack_version: 7.10.0 +wazuh_version: 4.1.1 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana # The OpenDistro package repository -kibana_opendistro_version: -1.11.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts +kibana_opendistro_version: -1.12.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts package_repos: yum: @@ -54,7 +54,7 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 4.0-7.9 +wazuh_plugin_branch: 4.1-7.10 #Nodejs NODE_OPTIONS node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml index 4cc73140..3fa8dd5e 100755 --- a/roles/opendistro/opendistro-kibana/tasks/main.yml +++ b/roles/opendistro/opendistro-kibana/tasks/main.yml @@ -102,7 +102,7 @@ - name: Create wazuh plugin config directory file: - path: /usr/share/kibana/optimize/wazuh/config/ + path: /usr/share/kibana/data/wazuh/config/ state: directory recurse: yes owner: kibana @@ -113,7 +113,7 @@ - name: Configure Wazuh Kibana Plugin template: src: wazuh.yml.j2 - dest: /usr/share/kibana/optimize/wazuh/config/wazuh.yml + dest: /usr/share/kibana/data/wazuh/config/wazuh.yml owner: kibana group: kibana mode: 0751 diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 94f0ced1..1c061daf 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- -filebeat_version: 7.9.1 +filebeat_version: 7.10.0 -wazuh_template_branch: v4.0.4 +wazuh_template_branch: v4.1.1 filebeat_output_elasticsearch_hosts: - "localhost:9200" diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 7d7e73e0..1e584269 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,7 +1,7 @@ --- -filebeat_version: 7.9.3 +filebeat_version: 7.10.2 -wazuh_template_branch: v4.0.4 +wazuh_template_branch: v4.1.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index fabc9411..2d7b8423 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 4.0.4-1 +wazuh_agent_version: 4.1.1-1 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false - branch: "v4.0.4" + branch: "v4.1.1" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -55,8 +55,8 @@ wazuh_winagent_config: auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True md5: 8ffa75d13280f1aa6ffca54f4273df4d -wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.4-1.msi -wazuh_winagent_package_name: wazuh-agent-4.0.4-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.1.1-1.msi +wazuh_winagent_package_name: wazuh-agent-4.1.1-1.msi wazuh_dir: "/var/ossec" @@ -96,7 +96,7 @@ wazuh_managers: ## Authentication Method: Enrollment section (4.x) # For more information see: -# * https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/client.html#enrollment +# * https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#enrollment wazuh_agent_enrollment: enabled: 'yes' @@ -117,7 +117,7 @@ wazuh_agent_enrollment: ## Authentication Method: invoking agent-auth # For more information see: -# * https://documentation.wazuh.com/4.0/user-manual/registering/password-authorization-registration.html +# * https://documentation.wazuh.com/current/user-manual/registering/password-authorization-registration.html wazuh_agent_authd: registration_address: 127.0.0.1 @@ -133,7 +133,7 @@ wazuh_agent_authd: ## Authentication Method: REST API # For more information see: -# * https://documentation.wazuh.com/4.0/user-manual/registering/restful-api-registration.html +# * https://documentation.wazuh.com/current/user-manual/registering/restful-api-registration.html wazuh_agent_api_validate: yes ## Client buffer diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1c04b460..30652aa6 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 4.0.4-1 +wazuh_manager_version: 4.1.1-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v4.0.4" + branch: "v4.1.1" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -71,6 +71,9 @@ wazuh_manager_globals: - '^localhost.localdomain$' - '127.0.0.53' +wazuh_manager_agent_disconnection_time: '20s' +wazuh_manager_agents_disconnection_alert_time: '100s' + ## Alerts wazuh_manager_log_level: 3 wazuh_manager_email_level: 12 @@ -365,7 +368,6 @@ wazuh_manager_authd: force_time: 0 purge: 'yes' use_password: 'no' - limit_maxagents: 'yes' ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH' ssl_agent_ca: null ssl_verify_host: 'no' @@ -469,6 +471,8 @@ wazuh_manager_config_defaults: integrations: '{{ wazuh_manager_integrations }}' monitor_aws: '{{ wazuh_manager_monitor_aws }}' labels: '{{ wazuh_manager_labels }}' + agents_disconnection_time: '{{ wazuh_manager_agent_disconnection_time }}' + agents_disconnection_alert_time: '{{ wazuh_manager_agents_disconnection_alert_time }}' # shared-agent.conf diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 0f5764cf..3242e88b 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -19,6 +19,8 @@ {{ wazuh_manager_config.mail_from }} {{ wazuh_manager_config.mail_maxperhour }} {{ wazuh_manager_config.email_log_source }} + {{ wazuh_manager_config.agents_disconnection_time }} + {{ wazuh_manager_config.agents_disconnection_alert_time }} @@ -633,9 +635,6 @@ {% if wazuh_manager_config.authd.use_password is not none %} {{wazuh_manager_config.authd.use_password}} {% endif %} - {% if wazuh_manager_config.authd.limit_maxagents is not none %} - {{wazuh_manager_config.authd.limit_maxagents}} - {% endif %} {% if wazuh_manager_config.authd.ciphers is not none %} {{wazuh_manager_config.authd.ciphers}} {% endif %} From 6b3d4a16a46e2b9b2a3d8063a16728906ba9b437 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Wed, 3 Mar 2021 19:28:05 +0100 Subject: [PATCH 2/5] all.yml: fix version typo --- molecule/distributed-wazuh-odfe/group_vars/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml index 0c3f41be..521f8994 100644 --- a/molecule/distributed-wazuh-odfe/group_vars/all.yml +++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml @@ -37,7 +37,7 @@ filebeat_node_name: '{{ ansible_hostname }}' elastic_stack_version: 7.10.0 opendistro_version: 1.12.0 filebeat_version: 7.10.0 -kibana_opendistro_version: -1.12.0-1 +kibana_opendistro_version: 1.12.0-1 # Debian packages need the ${VERSION}-1 wazuh_manager_version: 4.1.1-1 From 8fab5ecbd173de96251b6d0805e4c2aff8401f83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Wed, 3 Mar 2021 19:28:49 +0100 Subject: [PATCH 3/5] Change opendistro package url and gpg key --- .../opendistro-elasticsearch/defaults/main.yml | 9 +++------ .../opendistro-elasticsearch/tasks/RedHat.yml | 12 +----------- roles/opendistro/opendistro-kibana/defaults/main.yml | 9 +++------ roles/opendistro/opendistro-kibana/tasks/RedHat.yml | 11 +---------- 4 files changed, 8 insertions(+), 33 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 52db7353..b86dd656 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -30,12 +30,9 @@ domain_name: wazuh.com package_repos: yum: opendistro: - baseurl: 'https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/' - gpg: 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch' - elasticsearch_oss: - baseurl: 'https://artifacts.elastic.co/packages/oss-7.x/yum' - gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' - + baseurl: 'https://packages.wazuh.com/4.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools opendistro_conf_path: /etc/elasticsearch/ diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml b/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml index 402cf3c3..08105af1 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml @@ -11,16 +11,6 @@ gpgcheck: true changed_when: false - - name: RedHat/CentOS/Fedora | Add Elasticsearch-oss repo - yum_repository: - file: opendistro - name: elasticsearch_oss_repo - description: Elasticsearch-oss yum repository - baseurl: "{{ package_repos.yum.elasticsearch_oss.baseurl }}" - gpgkey: "{{ package_repos.yum.elasticsearch_oss.gpg }}" - gpgcheck: true - changed_when: false - - name: RedHat/CentOS/Fedora | Install OpenJDK 11 yum: name: java-11-openjdk-devel @@ -50,4 +40,4 @@ - unzip tags: - - install \ No newline at end of file + - install diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 3caed1d0..a04db4e1 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -14,16 +14,13 @@ wazuh_version: 4.1.1 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana # The OpenDistro package repository -kibana_opendistro_version: -1.12.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts +kibana_opendistro_version: 1.12.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts package_repos: yum: opendistro: - baseurl: 'https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/' - gpg: 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch' - elasticsearch_oss: - baseurl: 'https://artifacts.elastic.co/packages/oss-7.x/yum' - gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + baseurl: 'https://packages.wazuh.com/4.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' # API credentials diff --git a/roles/opendistro/opendistro-kibana/tasks/RedHat.yml b/roles/opendistro/opendistro-kibana/tasks/RedHat.yml index d2dbc4ec..70b5b70a 100644 --- a/roles/opendistro/opendistro-kibana/tasks/RedHat.yml +++ b/roles/opendistro/opendistro-kibana/tasks/RedHat.yml @@ -10,14 +10,5 @@ gpgkey: "{{ package_repos.yum.opendistro.gpg }}" gpgcheck: true - - name: RedHat/CentOS/Fedora | Add Elasticsearch-oss repo - yum_repository: - file: opendistro - name: elasticsearch_oss_repo - description: Elasticsearch-oss yum repository - baseurl: "{{ package_repos.yum.elasticsearch_oss.baseurl }}" - gpgkey: "{{ package_repos.yum.elasticsearch_oss.gpg }}" - gpgcheck: true - tags: - - install \ No newline at end of file + - install From 8449eaf8edaa2160b821307cad2a4e81cf16826a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Wed, 3 Mar 2021 19:29:07 +0100 Subject: [PATCH 4/5] main.yml: fix some typo --- roles/opendistro/opendistro-kibana/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml index 3fa8dd5e..41980054 100755 --- a/roles/opendistro/opendistro-kibana/tasks/main.yml +++ b/roles/opendistro/opendistro-kibana/tasks/main.yml @@ -13,7 +13,7 @@ - name: Install Kibana package: - name: "opendistroforelasticsearch-kibana{{ kibana_opendistro_version }}" + name: "opendistroforelasticsearch-kibana-{{ kibana_opendistro_version }}" state: present register: install tags: install @@ -75,7 +75,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli --optimize -c {{ kibana_conf_path }}/kibana.yml + shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml args: executable: /bin/bash become: yes From e66d9033b8bff3f7f45990d4da267e6ccff31524 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Wed, 3 Mar 2021 19:29:51 +0100 Subject: [PATCH 5/5] jvm.options: update to default values in 1.12.0 version --- .../templates/jvm.options.j2 | 95 ++++++++----------- 1 file changed, 37 insertions(+), 58 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 b/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 index de69125c..c4758969 100644 --- a/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 +++ b/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 @@ -1,5 +1,3 @@ -#jinja2: trim_blocks:False -# {{ ansible_managed }} ## JVM configuration ################################################################ @@ -21,21 +19,23 @@ # Xms represents the initial size of total heap space # Xmx represents the maximum size of total heap space -# Xms represents the initial size of total heap space -# Xmx represents the maximum size of total heap space {% if opendistro_jvm_xms is not none %} {% if opendistro_jvm_xms < 32000 %} -Xms{{ opendistro_jvm_xms }}m + -Xmx{{ opendistro_jvm_xms }}m {% else %} -Xms32000m + -Xmx32000m {% endif %} {% else %} -Xms{% if ansible_memtotal_mb < 64000 %}{{ ((ansible_memtotal_mb|int)/2)|int }}m{% else %}32000m{% endif %} + -Xmx{% if ansible_memtotal_mb < 64000 %}{{ ((ansible_memtotal_mb|int)/2)|int }}m{% else %}32000m{% endif %} {% endif %} + ################################################################ ## Expert settings ################################################################ @@ -47,44 +47,22 @@ ################################################################ ## GC configuration --XX:+UseConcMarkSweepGC --XX:CMSInitiatingOccupancyFraction=75 --XX:+UseCMSInitiatingOccupancyOnly +8-13:-XX:+UseConcMarkSweepGC +8-13:-XX:CMSInitiatingOccupancyFraction=75 +8-13:-XX:+UseCMSInitiatingOccupancyOnly -## optimizations +## G1GC Configuration +# NOTE: G1 GC is only supported on JDK version 10 or later +# to use G1GC, uncomment the next two lines and update the version on the +# following three lines to your version of the JDK +# 10-13:-XX:-UseConcMarkSweepGC +# 10-13:-XX:-UseCMSInitiatingOccupancyOnly +14-:-XX:+UseG1GC +14-:-XX:G1ReservePercent=25 +14-:-XX:InitiatingHeapOccupancyPercent=30 -# pre-touch memory pages used by the JVM during initialization --XX:+AlwaysPreTouch - -## basic - -# force the server VM --server - -# explicitly set the stack size --Xss1m - -# set to headless, just in case --Djava.awt.headless=true - -# ensure UTF-8 encoding by default (e.g. filenames) --Dfile.encoding=UTF-8 - -# use our provided JNA always versus the system one --Djna.nosys=true - -# turn off a JDK optimization that throws away stack traces for common -# exceptions because stack traces are important for debugging --XX:-OmitStackTraceInFastThrow - -# flags to configure Netty --Dio.netty.noUnsafe=true --Dio.netty.noKeySetOptimization=true --Dio.netty.recycler.maxCapacityPerThread=0 - -# log4j 2 --Dlog4j.shutdownHookEnabled=false --Dlog4j2.disable.jmx=true +## JVM temporary directory +-Djava.io.tmpdir=${ES_TMPDIR} ## heap dumps @@ -92,26 +70,27 @@ # heap dumps are created in the working directory of the JVM -XX:+HeapDumpOnOutOfMemoryError -# specify an alternative path for heap dumps -# ensure the directory exists and has sufficient space +# specify an alternative path for heap dumps; ensure the directory exists and +# has sufficient space -XX:HeapDumpPath=/var/lib/elasticsearch -## GC logging +# specify an alternative path for JVM fatal error logs +-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log -#-XX:+PrintGCDetails -#-XX:+PrintGCTimeStamps -#-XX:+PrintGCDateStamps -#-XX:+PrintClassHistogram -#-XX:+PrintTenuringDistribution -#-XX:+PrintGCApplicationStoppedTime +## JDK 8 GC logging +8:-XX:+PrintGCDetails +8:-XX:+PrintGCDateStamps +8:-XX:+PrintTenuringDistribution +8:-XX:+PrintGCApplicationStoppedTime +8:-Xloggc:/var/log/elasticsearch/gc.log +8:-XX:+UseGCLogFileRotation +8:-XX:NumberOfGCLogFiles=32 +8:-XX:GCLogFileSize=64m -# log GC status to a file with time stamps -# ensure the directory exists -#-Xloggc:${loggc} +# JDK 9+ GC logging +9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m -# By default, the GC log file will not rotate. -# By uncommenting the lines below, the GC log file -# will be rotated every 128MB at most 32 times. -#-XX:+UseGCLogFileRotation -#-XX:NumberOfGCLogFiles=32 -#-XX:GCLogFileSize=128M +## OpenDistro Performance Analyzer +-Dclk.tck=100 +-Djdk.attach.allowAttachSelf=true +-Djava.security.policy=file:///usr/share/elasticsearch/plugins/opendistro_performance_analyzer/pa_config/es_security.policy