From 2d2654c251540111ff58950824e8333d5ca4c05d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Fri, 6 Nov 2020 13:17:47 -0300 Subject: [PATCH] molecule: remove playground scenario clustered-wazuh-only --- molecule/clustered-wazuh-only/Dockerfile.j2 | 14 -- molecule/clustered-wazuh-only/INSTALL.rst | 16 --- molecule/clustered-wazuh-only/converge.yml | 23 ---- .../clustered-wazuh-only/group_vars/all.yml | 11 -- .../group_vars/elastic.yml | 13 -- .../group_vars/managers.yml | 20 --- molecule/clustered-wazuh-only/molecule.yml | 130 ------------------ .../tests/test_default.py | 64 --------- 8 files changed, 291 deletions(-) delete mode 100644 molecule/clustered-wazuh-only/Dockerfile.j2 delete mode 100644 molecule/clustered-wazuh-only/INSTALL.rst delete mode 100644 molecule/clustered-wazuh-only/converge.yml delete mode 100644 molecule/clustered-wazuh-only/group_vars/all.yml delete mode 100644 molecule/clustered-wazuh-only/group_vars/elastic.yml delete mode 100644 molecule/clustered-wazuh-only/group_vars/managers.yml delete mode 100644 molecule/clustered-wazuh-only/molecule.yml delete mode 100644 molecule/clustered-wazuh-only/tests/test_default.py diff --git a/molecule/clustered-wazuh-only/Dockerfile.j2 b/molecule/clustered-wazuh-only/Dockerfile.j2 deleted file mode 100644 index 19692c20..00000000 --- a/molecule/clustered-wazuh-only/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/clustered-wazuh-only/INSTALL.rst b/molecule/clustered-wazuh-only/INSTALL.rst deleted file mode 100644 index e26493b8..00000000 --- a/molecule/clustered-wazuh-only/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Install -******* - -Requirements -============ - -* Docker Engine -* docker-py - -Install -======= - -.. code-block:: bash - - $ sudo pip install docker-py diff --git a/molecule/clustered-wazuh-only/converge.yml b/molecule/clustered-wazuh-only/converge.yml deleted file mode 100644 index 63e7694f..00000000 --- a/molecule/clustered-wazuh-only/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- - -- name: Converge - hosts: all - become: true - become_user: root - roles: - - role: ../../roles/elastic-stack/ansible-elasticsearch - when: inventory_hostname in groups['elastic'] - - role: ../../roles/wazuh/ansible-wazuh-manager - when: inventory_hostname in groups['managers'] - - role: ../../roles/wazuh/ansible-filebeat - when: inventory_hostname in groups['managers'] - pre_tasks: - - debug: - msg: | - ----------------------------------------- - managers: {{ managers_hostvars | length }} - addresses: {{ manager_addresses }} - ----------------------------------------- - elastic: {{ elastic_hostvars | length }} - addresses: {{ elastic_addresses }} - ----------------------------------------- \ No newline at end of file diff --git a/molecule/clustered-wazuh-only/group_vars/all.yml b/molecule/clustered-wazuh-only/group_vars/all.yml deleted file mode 100644 index 13205b13..00000000 --- a/molecule/clustered-wazuh-only/group_vars/all.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -######################################################## -# Helper variables -private_ip: '{{ ansible_default_ipv4.address }}' - -managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" -elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" - -manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" -elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" \ No newline at end of file diff --git a/molecule/clustered-wazuh-only/group_vars/elastic.yml b/molecule/clustered-wazuh-only/group_vars/elastic.yml deleted file mode 100644 index 6ee4ba11..00000000 --- a/molecule/clustered-wazuh-only/group_vars/elastic.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -single_node: false -elasticsearch_node_master: true -minimum_master_nodes: 1 - -elasticsearch_network_host: '{{ private_ip }}' -elasticsearch_node_name: '{{ ansible_hostname }}' - -elasticsearch_cluster_nodes: '{{ elastic_addresses }}' - -elasticsearch_discovery_nodes: '{{ elastic_addresses }}' - diff --git a/molecule/clustered-wazuh-only/group_vars/managers.yml b/molecule/clustered-wazuh-only/group_vars/managers.yml deleted file mode 100644 index e191ad10..00000000 --- a/molecule/clustered-wazuh-only/group_vars/managers.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -wazuh_manager_fqdn: '{{ ansible_hostname }}' -filebeat_node_name: '{{ ansible_hostname }}' -filebeat_output_elasticsearch_hosts: '{{ elastic_addresses }}' - -wazuh_manager_config: - connection: - - type: 'secure' - port: '1514' - protocol: 'tcp' - queue_size: 131072 - api: - https: 'yes' - cluster: - disable: 'no' - node_name: '{{ ansible_hostname }}' - node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}" - nodes: '{{ manager_addresses }}' - hidden: 'no' \ No newline at end of file diff --git a/molecule/clustered-wazuh-only/molecule.yml b/molecule/clustered-wazuh-only/molecule.yml deleted file mode 100644 index 3b5106af..00000000 --- a/molecule/clustered-wazuh-only/molecule.yml +++ /dev/null @@ -1,130 +0,0 @@ ---- -# Distributed scenario: clustered manager scenario + connected agents -# 2-core CPU -# 7 GB of RAM memory -# 14 GB of SSD disk space - -dependency: - name: galaxy -driver: - name: docker -#lint: -# name: yamllint -# enabled: false -platforms: - - ################################################ - # Wazuh Managers - ################################################ - - name: wazuh_manager_centos7 - hostname: wazuh-mgr01 - image: geerlingguy/docker-centos7-ansible - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: wazuh_manager_ubuntu2004 - hostname: wazuh-mgr02 - image: geerlingguy/docker-ubuntu2004-ansible - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: wazuh_manager_debian9 - hostname: wazuh-mgr03 - image: geerlingguy/docker-debian9-ansible - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - ################################################ - # Elastic Cluster - ################################################ - - name: wazuh_elasticsearch_centos7 - hostname: wazuh-es01 - image: geerlingguy/docker-centos7-ansible - pre_build_image: true - privileged: true - memory: 4096m - memory_reservation: 2048m - env: - ES_JAVA_OPTS: '-Xms1g -Xmx1g' - groups: - - elastic - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: wazuh_elasticsearch_debian9 - hostname: wazuh-es03 - image: geerlingguy/docker-debian9-ansible - pre_build_image: true - privileged: true - memory: 4096m - memory_reservation: 2048m - env: - ES_JAVA_OPTS: '-Xms1g -Xmx1g' - groups: - - elastic - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - -provisioner: - name: ansible - inventory: - links: - group_vars: group_vars - #host_vars: ../../../inventory/host_vars/ - playbooks: - create: create.yml - converge: converge.yml - #destroy: destroy.yml - config_options: - defaults: - hash_behaviour: merge - env: - ANSIBLE_ROLES_PATH: ./roles - lint: - name: ansible-lint - enabled: false -scenario: - name: clustered-wazuh-only - test_sequence: - - dependency - - syntax - - create - - prepare - - converge - #- idempotence - #- verify - - cleanup - - destroy -verifier: - name: testinfra -# lint: -# name: flake8 -# enabled: false diff --git a/molecule/clustered-wazuh-only/tests/test_default.py b/molecule/clustered-wazuh-only/tests/test_default.py deleted file mode 100644 index a6a86674..00000000 --- a/molecule/clustered-wazuh-only/tests/test_default.py +++ /dev/null @@ -1,64 +0,0 @@ -import os -import pytest -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "4.0.0" - - -def test_wazuh_packages_are_installed(host): - """Test the main packages are installed.""" - manager = host.package("wazuh-manager") - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - - -def test_wazuh_services_are_running(host): - """Test the services are enabled and running. - - When assert commands are commented, this means that the service command has - a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 - """ - # This currently doesn't work with out current Docker base images - # manager = host.service("wazuh-manager") - # api = host.service("wazuh-api") - # assert manager.is_running - # assert api.is_running - output = host.check_output( - 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' - ) - assert 'ossec-authd' in output - assert 'wazuh-modulesd' in output - assert 'wazuh-db' in output - assert 'ossec-execd' in output - assert 'ossec-monitord' in output - assert 'ossec-remoted' in output - assert 'ossec-logcollector' in output - assert 'ossec-analysisd' in output - assert 'ossec-syscheckd' in output - - -@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ - ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), - ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), -]) -def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): - """Test Wazuh related files exist and have proper owners and mode.""" - wazuh_file_host = host.file(wazuh_file) - assert wazuh_file_host.user == wazuh_owner - assert wazuh_file_host.group == wazuh_group - assert wazuh_file_host.mode == wazuh_mode - - -def test_filebeat_is_installed(host): - """Test the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.9.1')