From 69427edea6e45567212415ff57a388ddd1aa80a4 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 9 Aug 2019 16:45:23 +0200 Subject: [PATCH 01/17] initial changes --- roles/wazuh/ansible-filebeat/defaults/main.yml | 5 +++++ roles/wazuh/ansible-filebeat/tasks/main.yml | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 103d61eb..1fed5fb0 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -43,3 +43,8 @@ node_certs_destination: /etc/filebeat/certs rsync_path: /usr/bin/rsync rsync_user: vagrant rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' + +filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz +filebeat_module_package_path: /root/ +filebeat_module_destination: /usr/share/filebeat/module +filebeat_module_folder: /usr/share/filebeat/module/wazuh \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 7bafcc79..b0e5371c 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -88,6 +88,19 @@ - filebeat_xpack_security tags: xpack-security +- name: Download Filebeat module package + get_url: + url: https://packages-dev.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} + dest: "{{ filebeat_module_package_path }}" + +- name: Unpakcaging Filebeat module package + unarchive: + src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + dest: "{{ filebeat_module_destination }}" + +- name: Setting 0755 permission for Filebeat module folder + file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes + - import_tasks: config.yml when: filebeat_create_config notify: restart filebeat From da005fea58a33dd77e8c356de26e990f76fc27dd Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 10:27:42 +0200 Subject: [PATCH 02/17] removed Java installation tasks for SysV systems --- molecule/filebeat/molecule.yml | 34 ++++++++-------- molecule/filebeat/prepare.yml | 1 + molecule/kibana/molecule.yml | 40 +++++++++---------- molecule/kibana/playbook.yml | 1 + .../ansible-elasticsearch/tasks/Debian.yml | 14 ------- .../ansible-elasticsearch/tasks/RedHat.yml | 7 ---- roles/wazuh/ansible-filebeat/tasks/main.yml | 5 ++- 7 files changed, 42 insertions(+), 60 deletions(-) diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index e456c4ae..761326f3 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -11,23 +11,23 @@ lint: platforms: - name: trusty image: ubuntu:trusty - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - privileged: true - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - command: /sbin/init - - name: centos6 - image: geerlingguy/docker-centos6-ansible - privileged: true - command: /sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: centos7 - image: milcom/centos7-systemd - privileged: true + # - name: bionic + # image: solita/ubuntu-systemd:bionic + # command: /sbin/init + # privileged: true + # - name: xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # command: /sbin/init + #- name: centos6 + # image: geerlingguy/docker-centos6-ansible + # privileged: true + # command: /sbin/init + # volumes: + # - /sys/fs/cgroup:/sys/fs/cgroup:ro + #- name: centos7 + # image: milcom/centos7-systemd + # privileged: true provisioner: name: ansible playbooks: diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml index f3dc9aac..49325b85 100644 --- a/molecule/filebeat/prepare.yml +++ b/molecule/filebeat/prepare.yml @@ -7,6 +7,7 @@ - name: "Install Python packages for Trusty to solve trust issues" package: name: + - python-apt - python-setuptools - python-pip state: latest diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 2017a6bd..8cf21dc2 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -9,31 +9,31 @@ lint: config-data: ignore: .virtualenv platforms: - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 1024m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 +# - name: bionic +# image: solita/ubuntu-systemd:bionic +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 +# privileged: true +# memory_reservation: 1024m +# - name: xenial +# image: solita/ubuntu-systemd:xenial +# privileged: true +# memory_reservation: 1024m +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # memory_reservation: 1024m # ulimits: # - nofile:262144:262144 - - name: centos6 - image: centos:6 - privileged: true - memory_reservation: 1024m - ulimits: - - nofile:262144:262144 +# - name: centos6 +# image: centos:6 +# privileged: true +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 - name: centos7 image: milcom/centos7-systemd memory_reservation: 1024m diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index 74fc1038..18543dce 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -3,3 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-kibana + \ No newline at end of file diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index b35f11e1..67a34e7e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -8,12 +8,6 @@ register: elasticsearch_ca_packages_installed until: elasticsearch_ca_packages_installed is succeeded -- name: "Install Java Repo for Trusty" - apt_repository: repo='ppa:openjdk-r/ppa' - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - name: Update and upgrade apt packages become: true apt: @@ -24,14 +18,6 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 -- name: Install Oracle Java 8 - become: true - apt: name=openjdk-8-jdk - - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - name: Update and upgrade apt packages become: true apt: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 81176ee0..16366dfc 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -9,13 +9,6 @@ gpgcheck: true changed_when: false -- name: CentOS x.x => x.x < 7.0 | Installing Java - yum: - name: java-1.8.0-openjdk.x86_64 - state: present - when: - - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 - - name: RedHat/CentOS/Fedora | Install Elasticsarch package: name=elasticsearch-{{ elastic_stack_version }} state=present tags: install diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index b0e5371c..7e1d408a 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -90,13 +90,14 @@ - name: Download Filebeat module package get_url: - url: https://packages-dev.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} + url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} dest: "{{ filebeat_module_package_path }}" - name: Unpakcaging Filebeat module package - unarchive: + unarchive: src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" dest: "{{ filebeat_module_destination }}" + remote_src: yes - name: Setting 0755 permission for Filebeat module folder file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes From 2b7bf881aebc3ba4c989d59be0180d2464291016 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 11:54:51 +0200 Subject: [PATCH 03/17] improved the tasks of filebeat module installation and fixed idempotence errors --- Pipfile | 1 + molecule/filebeat/molecule.yml | 10 +++++----- roles/wazuh/ansible-filebeat/tasks/main.yml | 22 ++++++++++++++++++++- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/Pipfile b/Pipfile index 9e3b448b..e7dab50e 100644 --- a/Pipfile +++ b/Pipfile @@ -14,6 +14,7 @@ molecule = "*" python_version = "2.7" [scripts] +clean = "molecule destroy" test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 761326f3..e85c687d 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -9,8 +9,8 @@ lint: config-data: ignore: .virtualenv platforms: - - name: trusty - image: ubuntu:trusty + # - name: trusty + # image: ubuntu:trusty # - name: bionic # image: solita/ubuntu-systemd:bionic # command: /sbin/init @@ -25,9 +25,9 @@ platforms: # command: /sbin/init # volumes: # - /sys/fs/cgroup:/sys/fs/cgroup:ro - #- name: centos7 - # image: milcom/centos7-systemd - # privileged: true + - name: centos7 + image: milcom/centos7-systemd + privileged: true provisioner: name: ansible playbooks: diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 7e1d408a..8328e068 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -88,19 +88,39 @@ - filebeat_xpack_security tags: xpack-security +- name: Checking if Filebeat Module folder file exists + stat: + path: "{{ filebeat_module_folder }}" + register: filebeat_module_folder + - name: Download Filebeat module package get_url: url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} dest: "{{ filebeat_module_package_path }}" + when: not filebeat_module_folder.stat.exists -- name: Unpakcaging Filebeat module package +- name: Unpakcing Filebeat module package unarchive: src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" dest: "{{ filebeat_module_destination }}" remote_src: yes + when: not filebeat_module_folder.stat.exists - name: Setting 0755 permission for Filebeat module folder file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes + when: not filebeat_module_folder.stat.exists + +- name: Checking if Filebeat Module package file exists + stat: + path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + register: filebeat_module_package + when: filebeat_module_package is not defined + +- name: Delete Filebeat module package file + file: + state: absent + path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + when: filebeat_module_package.stat.exists - import_tasks: config.yml when: filebeat_create_config From cb5149c6290c8da765f043ae130f7c56fcbb68ef Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 17:36:31 +0200 Subject: [PATCH 04/17] Fix Kibana APP installation by becoming user kibana --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 4e12b1b2..a32b90fd 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -118,14 +118,14 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana - ignore_errors: "{{ kibana_plugin_install_ignore_error }}" + become_user: kibana tags: - install - skip_ansible_lint From cae6e96be66f51596bffebfa40fa8bdee73853bf Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 14:43:29 +0200 Subject: [PATCH 05/17] changing default variables values --- molecule/filebeat/molecule.yml | 12 ++++++------ molecule/kibana/molecule.yml | 1 - playbooks/wazuh-elastic.yml | 5 +++-- playbooks/wazuh-kibana.yml | 10 +++------- playbooks/wazuh-manager.yml | 8 +++----- .../ansible-elasticsearch/defaults/main.yml | 3 +-- .../ansible-elasticsearch/tasks/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 ++ roles/wazuh/ansible-filebeat/tasks/main.yml | 1 + 9 files changed, 20 insertions(+), 24 deletions(-) diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index e85c687d..699495d1 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -12,9 +12,9 @@ platforms: # - name: trusty # image: ubuntu:trusty # - name: bionic - # image: solita/ubuntu-systemd:bionic - # command: /sbin/init - # privileged: true + image: solita/ubuntu-systemd:bionic + command: /sbin/init + privileged: true # - name: xenial # image: solita/ubuntu-systemd:xenial # privileged: true @@ -25,9 +25,9 @@ platforms: # command: /sbin/init # volumes: # - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: centos7 - image: milcom/centos7-systemd - privileged: true + #- name: centos7 + # image: milcom/centos7-systemd + # privileged: true provisioner: name: ansible playbooks: diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 8cf21dc2..42b55fd3 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -55,7 +55,6 @@ provisioner: group_vars: all: elasticsearch_jvm_xms: 256 - kibana_plugin_install_ignore_error: true verifier: name: testinfra lint: diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml index 0c3b0a61..36bd9b1d 100644 --- a/playbooks/wazuh-elastic.yml +++ b/playbooks/wazuh-elastic.yml @@ -1,4 +1,5 @@ --- -- hosts: +- hosts: roles: - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'your elasticsearch IP'} + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: '' diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml index 2fc5cc1d..200f4891 100644 --- a/playbooks/wazuh-kibana.yml +++ b/playbooks/wazuh-kibana.yml @@ -1,10 +1,6 @@ --- -- hosts: 172.16.0.162 +- hosts: roles: - role: ../roles/elastic-stack/ansible-kibana - kibana_xpack_security: true - kibana_user: elastic - kibana_password: elastic_pass - kibana_node_name: node-2 - elasticsearch_network_host: 172.16.0.161 - node_certs_generator: false + elasticsearch_network_host: + diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index 93fb9e9d..5ec6a50b 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,10 +1,8 @@ --- -- hosts: 172.16.0.161 +- hosts: roles: - role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-filebeat - filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 - filebeat_xpack_security: true - filebeat_node_name: node-1 - node_certs_generator: true + filebeat_output_elasticsearch_hosts: :9200 + diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index a07f02e2..58b5e308 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -3,10 +3,9 @@ elasticsearch_cluster_name: wazuh elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 -elasticsearch_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.2.0 -single_node: false +single_node: true elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false elasticsearch_cluster_nodes: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 99782056..8fb9184d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -259,7 +259,7 @@ state: started - name: Make sure Elasticsearch is running before proceeding - wait_for: host={{ elasticsearch_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 + wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 tags: - configure - init diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 32a194c8..9e9367ca 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -23,3 +23,5 @@ node_certs_destination: /etc/kibana/certs rsync_path: /usr/bin/rsync rsync_user: vagrant rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' + +kibana_plugin_install_ignore_error: true \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 8328e068..fbf8cfbf 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -93,6 +93,7 @@ path: "{{ filebeat_module_folder }}" register: filebeat_module_folder + - name: Download Filebeat module package get_url: url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} From c1c5f90bc34ef1184d54b4a9cd68da820f46cace Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 16 Aug 2019 18:11:00 +0200 Subject: [PATCH 06/17] Updating tests --- molecule/default/molecule.yml | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f37858bc..97f0fef9 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -8,18 +8,37 @@ lint: enabled: false platforms: - name: bionic - image: ubuntu:bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m - name: xenial image: solita/ubuntu-systemd:xenial privileged: true + memory_reservation: 2048m command: /sbin/init - - name: trusty - image: ubuntu:trusty + ulimits: + - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# privileged: true +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 - name: centos6 image: centos:6 + privileged: true + memory_reservation: 2048m + ulimits: + - nofile:262144:262144 - name: centos7 image: milcom/centos7-systemd + memory_reservation: 2048m privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible env: From 7ab3f960c84d4c3158cbbac9477fa7502d6ff7ae Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 19:23:46 +0200 Subject: [PATCH 07/17] fixed some molecule errors --- Pipfile | 2 +- molecule/default/molecule.yml | 24 +++++++++++-------- molecule/default/playbook.yml | 8 +++---- molecule/elasticsearch/molecule.yml | 12 +++++----- molecule/filebeat/molecule.yml | 2 +- molecule/kibana/playbook.yml | 1 + .../ansible-elasticsearch/tasks/main.yml | 7 ------ 7 files changed, 26 insertions(+), 30 deletions(-) diff --git a/Pipfile b/Pipfile index e7dab50e..77eeea6b 100644 --- a/Pipfile +++ b/Pipfile @@ -15,7 +15,7 @@ python_version = "2.7" [scripts] clean = "molecule destroy" -test ="molecule test" +test ="molecule test --destroy=never" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f37858bc..064b4643 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -8,18 +8,22 @@ lint: enabled: false platforms: - name: bionic - image: ubuntu:bionic - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true + image: solita/ubuntu-systemd:bionic command: /sbin/init - - name: trusty - image: ubuntu:trusty - - name: centos6 - image: centos:6 - - name: centos7 - image: milcom/centos7-systemd privileged: true + ulimits: + - nofile:262144:262144 +# - name: xenial +# image: solita/ubuntu-systemd:xenial +# privileged: true +# command: /sbin/init +# - name: trusty +# image: ubuntu:trusty +# - name: centos6 +# image: centos:6 +# - name: centos7 +# image: milcom/centos7-systemd +# privileged: true provisioner: name: ansible env: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 639e6320..e692aaae 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -3,8 +3,6 @@ hosts: all roles: - role: wazuh/ansible-wazuh-manager - -# - {role: wazuh/ansible-filebeat} #, filebeat_output_elasticsearch_hosts: 'your elastic stack server IP' -# Elasticsearch requires too much memory to test multiple containers concurrently - To Fix -# - {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} -# - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} + - {role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'localhost:9200'} + - {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} + - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 1ad6ef7b..b252e554 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -23,12 +23,12 @@ platforms: command: /sbin/init ulimits: - nofile:262144:262144 - #- name: trusty - #image: ubuntu:trusty - #privileged: true - #memory_reservation: 2048m - #ulimits: - #- nofile:262144:262144 + #- name: trusty + #image: ubuntu:trusty + #privileged: true + #memory_reservation: 2048m + #ulimits: + #- nofile:262144:262144 - name: centos6 image: centos:6 privileged: true diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 699495d1..7ad07f77 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -11,7 +11,7 @@ lint: platforms: # - name: trusty # image: ubuntu:trusty - # - name: bionic + - name: bionic image: solita/ubuntu-systemd:bionic command: /sbin/init privileged: true diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index 18543dce..6deac809 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -2,5 +2,6 @@ - name: Converge hosts: all roles: + - role: elastic-stack/ansible-kibana \ No newline at end of file diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 8fb9184d..7ee77beb 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -245,13 +245,6 @@ - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) -- name: Distribution is centos 6.* | Enable Elasticsearch - service: name=elasticsearch enabled=yes - -- name: Distribution is centos 6.* | Start Elasticsearch - service: name=elasticsearch state=started - ignore_errors: true - - name: Ensure Elasticsearch started and enabled service: name: elasticsearch From 60f58e99386d223c1ad3df1bc7724f597b78459d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 20:09:08 +0200 Subject: [PATCH 08/17] completed --- Pipfile | 1 + molecule/default/playbook.yml | 6 +-- molecule/default/tests/test_default.py | 51 +++++++++++++++++++ .../ansible-kibana/tasks/main.yml | 1 + 4 files changed, 56 insertions(+), 3 deletions(-) diff --git a/Pipfile b/Pipfile index 77eeea6b..f85e6439 100644 --- a/Pipfile +++ b/Pipfile @@ -16,6 +16,7 @@ python_version = "2.7" [scripts] clean = "molecule destroy" test ="molecule test --destroy=never" +verify_test ="molecule verify" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index e692aaae..f34d0837 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,7 +2,7 @@ - name: Converge hosts: all roles: - - role: wazuh/ansible-wazuh-manager - - {role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'localhost:9200'} - - {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} + #- role: wazuh/ansible-wazuh-manager + #- {role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'localhost:9200'} + #- {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index e55bc894..da8f772b 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -78,3 +78,54 @@ def test_open_ports(host): elif distribution == 'centos': assert host.socket("tcp://:::1515").is_listening assert not host.socket("tcp://:::1514").is_listening + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_filebeat_is_installed(host): + """Test if the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.2.0') + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_elasticsearch_is_installed(host): + """Test if the elasticsearch package is installed.""" + elasticsearch = host.package("elasticsearch") + assert elasticsearch.is_installed + assert elasticsearch.version.startswith('7.2.0') + + +def test_elasticsearch_is_running(host): + """Test if the services are enabled and running.""" + elasticsearch = host.service("elasticsearch") + assert elasticsearch.is_enabled + assert elasticsearch.is_running + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_port_kibana_is_open(host): + """Test if the port 5601 is open and listening to connections.""" + host.socket("tcp://0.0.0.0:5601").is_listening + + +def test_find_correct_elasticsearch_version(host): + """Test if we find the kibana/elasticsearch version in package.json""" + kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") + assert kibana.contains("7.2.0") + + +def test_wazuh_plugin_installed(host): + """Make sure there is a plugin wazuh directory.""" + kibana = host.file("/usr/share/kibana/plugins/wazuh/") + + assert kibana.is_directory \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index a32b90fd..fe0c9365 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -125,6 +125,7 @@ executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana + become: yes become_user: kibana tags: - install From c59c0fd008d3662410333406508b7f6fb84b39b7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 10:07:38 +0200 Subject: [PATCH 09/17] uncommented some platforms in Molecule tests and made the default test running only for the manager --- molecule/default/molecule.yml | 26 +++++++++++++------------- molecule/default/playbook.yml | 6 ++---- molecule/elasticsearch/molecule.yml | 12 ++++++------ molecule/filebeat/molecule.yml | 14 +++++++------- molecule/kibana/molecule.yml | 28 ++++++++++++++-------------- 5 files changed, 42 insertions(+), 44 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 4b1b2677..ea838971 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -14,13 +14,13 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 5120m -#- name: xenial -# image: solita/ubuntu-systemd:xenial -# privileged: true -# memory_reservation: 2048m -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 +- name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # privileged: true @@ -33,12 +33,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 -# - name: centos7 -# image: milcom/centos7-systemd -# memory_reservation: 2048m -# privileged: true -# ulimits: -# - nofile:262144:262144 +- name: centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible env: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index f34d0837..242a3777 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,7 +2,5 @@ - name: Converge hosts: all roles: - #- role: wazuh/ansible-wazuh-manager - #- {role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'localhost:9200'} - #- {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} - - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} + - role: wazuh/ansible-wazuh-manager + diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index b252e554..7b2bbe1f 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -29,12 +29,12 @@ platforms: #memory_reservation: 2048m #ulimits: #- nofile:262144:262144 - - name: centos6 - image: centos:6 - privileged: true - memory_reservation: 2048m - ulimits: - - nofile:262144:262144 + #- name: centos6 + # image: centos:6 + # privileged: true + # memory_reservation: 2048m + # ulimits: + # - nofile:262144:262144 - name: centos7 image: milcom/centos7-systemd memory_reservation: 2048m diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 7ad07f77..a094407a 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -15,19 +15,19 @@ platforms: image: solita/ubuntu-systemd:bionic command: /sbin/init privileged: true - # - name: xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # command: /sbin/init + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + command: /sbin/init #- name: centos6 # image: geerlingguy/docker-centos6-ansible # privileged: true # command: /sbin/init # volumes: # - /sys/fs/cgroup:/sys/fs/cgroup:ro - #- name: centos7 - # image: milcom/centos7-systemd - # privileged: true + - name: centos7 + image: milcom/centos7-systemd + privileged: true provisioner: name: ansible playbooks: diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 42b55fd3..20ea5e07 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -9,20 +9,20 @@ lint: config-data: ignore: .virtualenv platforms: -# - name: bionic -# image: solita/ubuntu-systemd:bionic -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 -# privileged: true -# memory_reservation: 1024m -# - name: xenial -# image: solita/ubuntu-systemd:xenial -# privileged: true -# memory_reservation: 1024m -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 1024m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # memory_reservation: 1024m From 37cd4893b3105c78b3bb35f72e156058a2fc0302 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 10:27:44 +0200 Subject: [PATCH 10/17] fixed some linting errors and removed the changes added to the tests --- Pipfile | 1 - molecule/default/molecule.yml | 26 ++++++------- molecule/default/tests/test_default.py | 53 +------------------------- molecule/filebeat/molecule.yml | 6 +-- 4 files changed, 17 insertions(+), 69 deletions(-) diff --git a/Pipfile b/Pipfile index f85e6439..b0784518 100644 --- a/Pipfile +++ b/Pipfile @@ -14,7 +14,6 @@ molecule = "*" python_version = "2.7" [scripts] -clean = "molecule destroy" test ="molecule test --destroy=never" verify_test ="molecule verify" agent ="molecule test -s wazuh-agent" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index ea838971..ad7d7219 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -14,13 +14,13 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 5120m -- name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # privileged: true @@ -33,12 +33,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 -- name: centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible env: diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index da8f772b..8e1817e3 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -77,55 +77,4 @@ def test_open_ports(host): assert not host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': assert host.socket("tcp://:::1515").is_listening - assert not host.socket("tcp://:::1514").is_listening - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_filebeat_is_installed(host): - """Test if the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.2.0') - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_elasticsearch_is_installed(host): - """Test if the elasticsearch package is installed.""" - elasticsearch = host.package("elasticsearch") - assert elasticsearch.is_installed - assert elasticsearch.version.startswith('7.2.0') - - -def test_elasticsearch_is_running(host): - """Test if the services are enabled and running.""" - elasticsearch = host.service("elasticsearch") - assert elasticsearch.is_enabled - assert elasticsearch.is_running - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_port_kibana_is_open(host): - """Test if the port 5601 is open and listening to connections.""" - host.socket("tcp://0.0.0.0:5601").is_listening - - -def test_find_correct_elasticsearch_version(host): - """Test if we find the kibana/elasticsearch version in package.json""" - kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("7.2.0") - - -def test_wazuh_plugin_installed(host): - """Make sure there is a plugin wazuh directory.""" - kibana = host.file("/usr/share/kibana/plugins/wazuh/") - - assert kibana.is_directory \ No newline at end of file + assert not host.socket("tcp://:::1514").is_listening \ No newline at end of file diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index a094407a..5e055508 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -25,9 +25,9 @@ platforms: # command: /sbin/init # volumes: # - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: centos7 - image: milcom/centos7-systemd - privileged: true + - name: centos7 + image: milcom/centos7-systemd + privileged: true provisioner: name: ansible playbooks: From 9d9aa9088add1fe32f0038a72fc7b33ca6618c90 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 10:54:34 +0200 Subject: [PATCH 11/17] fixed flake8 errors --- molecule/default/tests/test_default.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 8e1817e3..e55bc894 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -77,4 +77,4 @@ def test_open_ports(host): assert not host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': assert host.socket("tcp://:::1515").is_listening - assert not host.socket("tcp://:::1514").is_listening \ No newline at end of file + assert not host.socket("tcp://:::1514").is_listening From 07172620cd31500a59c16b4f91287c5414bcbba0 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 11:37:58 +0200 Subject: [PATCH 12/17] fixed tests for molecule/default --- Pipfile | 1 - molecule/default/molecule.yml | 2 +- molecule/default/tests/test_default.py | 8 ++++---- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/Pipfile b/Pipfile index b0784518..9919f2cd 100644 --- a/Pipfile +++ b/Pipfile @@ -15,7 +15,6 @@ python_version = "2.7" [scripts] test ="molecule test --destroy=never" -verify_test ="molecule verify" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index ad7d7219..23b9f5ce 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -57,7 +57,7 @@ scenario: - create - prepare - converge - # - idempotence + - idempotence - side_effect - verify - cleanup diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index e55bc894..45a52de1 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -73,8 +73,8 @@ def test_open_ports(host): """Test if the main port is open and the agent-auth is not open.""" distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1515").is_listening - assert not host.socket("tcp://0.0.0.0:1514").is_listening + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://:::1515").is_listening - assert not host.socket("tcp://:::1514").is_listening + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening From c15a466912551704ef4d29bfc701fede1f0bcc2c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 11:52:54 +0200 Subject: [PATCH 13/17] fixed tests for molecule/default .. --- molecule/default/tests/test_default.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 45a52de1..6e5b3294 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -73,8 +73,8 @@ def test_open_ports(host): """Test if the main port is open and the agent-auth is not open.""" distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': - assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening + assert host.socket("tcp://0.0.0.0:1515").is_listening + assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening + assert host.socket("tcp://:::1515").is_listening + assert host.socket("tcp://:::1514").is_listening From 0d0032e2dced163675121ad6e2d03c5292e3e13f Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 12:17:36 +0200 Subject: [PATCH 14/17] improved molecule/default tests --- molecule/default/tests/test_default.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 6e5b3294..7757401e 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -76,5 +76,5 @@ def test_open_ports(host): assert host.socket("tcp://0.0.0.0:1515").is_listening assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://:::1515").is_listening - assert host.socket("tcp://:::1514").is_listening + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening \ No newline at end of file From 8fbac1af24e4bbc72a288e76e7a72a7622ab1e8f Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 12:21:54 +0200 Subject: [PATCH 15/17] removed some additional changes from Pipefile --- Pipfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index 9919f2cd..9e3b448b 100644 --- a/Pipfile +++ b/Pipfile @@ -14,7 +14,7 @@ molecule = "*" python_version = "2.7" [scripts] -test ="molecule test --destroy=never" +test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" From 70e2d68cb0295a1740dc4ab260d4743e28c0e4c7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 12:44:47 +0200 Subject: [PATCH 16/17] reduced the memory ram for molecule/default --- Pipfile | 1 + molecule/default/molecule.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Pipfile b/Pipfile index 9e3b448b..118d47c9 100644 --- a/Pipfile +++ b/Pipfile @@ -14,6 +14,7 @@ molecule = "*" python_version = "2.7" [scripts] +destroy ="molecule destroy" test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 23b9f5ce..bc49d808 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -13,7 +13,7 @@ platforms: ulimits: - nofile:262144:262144 privileged: true - memory_reservation: 5120m + memory_reservation: 2048m - name: xenial image: solita/ubuntu-systemd:xenial privileged: true @@ -57,7 +57,7 @@ scenario: - create - prepare - converge - - idempotence + # - idempotence - side_effect - verify - cleanup From 9582a0aacd2f7d4afb0d66a9e8ebe72f9ba357e8 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 13:16:51 +0200 Subject: [PATCH 17/17] updated ansible and molecule versions --- Pipfile | 4 ++-- molecule/default/tests/test_default.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Pipfile b/Pipfile index 118d47c9..3de882c3 100644 --- a/Pipfile +++ b/Pipfile @@ -5,8 +5,8 @@ name = "pypi" [packages] docker-py = "*" -ansible = "==2.7.11" -molecule = "*" +ansible = "==2.7.13" +molecule = "2.20" [dev-packages] diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 7757401e..227f8e59 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -77,4 +77,4 @@ def test_open_ports(host): assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening \ No newline at end of file + assert host.socket("tcp://127.0.0.1:1514").is_listening