Adaptation to Wazuh 4.0 and fixes

roles/elastic-stack/ansible-kibana/defaults/main.yml

@@ -19,10 +19,10 @@ elasticrepo:
 # API credentials
 wazuh_api_credentials:
   - id: "default"
-    url: "http://localhost"
+    url: "https://localhost"
     port: 55000
-    user: "foo"
+    username: "wazuh"
-    password: "bar"
+    password: "wazuh"
 
 # Xpack Security
 kibana_xpack_security: false

roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2

@@ -129,6 +129,6 @@ hosts:
   - {{ api['id'] }}:
       url: {{ api['url'] }}
       port: {{ api['port'] }}
-      user: {{ api['user'] }}
+      username: {{ api['username'] }}
       password: {{ api['password'] }}
 {% endfor %}

roles/opendistro/opendistro-elasticsearch/defaults/main.yml

@@ -56,7 +56,7 @@ opendistro_http_port: 9200
 certs_gen_tool_version: 1.7
 
 # Url of Search Guard certificates generator tool
-certs_gen_tool_url: "https://releases.floragunn.com/search-guard-tlstool/{{ certs_gen_tool_version }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
+certs_gen_tool_url: "https://wazuh-demo.s3-us-west-1.amazonaws.com/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
 
 elasticrepo:
   apt: 'https://artifacts.elastic.co/packages/7.x/apt'

roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2

@@ -129,6 +129,6 @@ hosts:
   - {{ api['id'] }}:
       url: {{ api['url'] }}
       port: {{ api['port'] }}
-      user: {{ api['user'] }}
+      username: {{ api['username'] }}
       password: {{ api['password'] }}
 {% endfor %}

roles/wazuh/ansible-wazuh-manager/handlers/main.yml

@@ -4,3 +4,9 @@
     name: wazuh-manager
     state: restarted
     enabled: true
+
+- name: restart wazuh-api
+  service:
+    name: wazuh-api
+    state: restarted
+    enabled: true

roles/wazuh/ansible-wazuh-manager/tasks/main.yml

@@ -166,12 +166,12 @@
   when:
     - shared_agent_config is defined
 
-- name: Installing the config.js (api configuration)
+- name: Installing the api.yaml (api configuration)
-  template: src=var-ossec-api-configuration-config.js.j2
+  template: src=api.yaml.j2
-            dest=/var/ossec/api/configuration/config.js
+            dest=/var/ossec/api/configuration/api.yaml
             owner=root
             group=ossec
-            mode=0740
+            mode=0640
   notify: restart wazuh-api
   when:
     - wazuh_manager_config.cluster.node_type == "master"
@@ -301,20 +301,73 @@
   tags:
     - config
 
-- name: Wazuh-API User
+# - name: Get API auth token
-  template:
+#   uri:
-    src: api_user.j2
+#     url: "https://{{ inventory_hostname }}:55000/security/user/authenticate?raw=true"
-    dest: "/var/ossec/api/configuration/auth/user"
+#     method: GET
-    owner: root
+#     user: wazuh
-    group: root
+#     password: wazuh
-    mode: 0750
+#     validate_certs: no
-  no_log: true
+#     force_basic_auth: yes
-  notify: restart wazuh-api
+#     return_content: yes
-  when:
+#     status_code: 200
-    - wazuh_api_user is defined
+#   retries: 10
-    - wazuh_manager_config.cluster.node_type == "master"
+#   delay: 5
-  tags:
+#   until: token.status == 200
-    - config
+#   register: token
+#   tags: 
+#     - config_api_users
+#   when:
+#     - wazuh_api_users is defined
+#     - wazuh_manager_config.cluster.node_type == "master"
+
+# - name: Create Wazuh-API Users
+#   block:
+#     - name: Create new user
+#       uri:
+#         url: "https://{{ inventory_hostname }}:55000/security/users"
+#         method: POST
+#         body_format: json
+#         body:
+#           username: "{{ item.username }}"
+#           password: "{{ item.password }}"
+#         validate_certs: no
+#         status_code: 200
+#         headers: 
+#           Authorization: "Bearer {{ token.content }}"
+#       with_items:
+#         - "{{ wazuh_api_users }}"
+#       register: user_creation
+
+#     - name: Get new users IDs
+#       uri:
+#         url: "https://{{ inventory_hostname }}:5500/security/users"
+#         method: GET
+#         validate_certs: no
+#         status_code: 200
+#         headers: 
+#           Authorization: "Bearer {{ token.content }}"
+#       register: new_users_id
+
+    # - name: Join new users into administrator role
+    #   uri:
+    #     url: "https://{{ inventory_hostname }}:55000/security/users/3/roles"
+    #     method: POST
+    #     force_basic_auth: yes
+    #     body_format: form-urlencoded
+    #     body: "role_ids=1"
+    #     validate_certs: no
+    #     status_code: 200
+    #     headers: 
+    #       Authorization: "Bearer {{ token.content }}"
+    #   with_items:
+    #     - "{{ wazuh_api_users }}"
+    #   register: user_creation
+  # tags: 
+  #   - config_api_users
+  # when:
+  #   - wazuh_api_users is defined
+  #   - wazuh_manager_config.cluster.node_type == "master"
 
 - name: Agentless Hosts & Passwd
   template:

roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2

@@ -1,18 +1,18 @@
 # USE THIS FILE AS A TEMPLATE. UNCOMMENT LINES TO APPLY CUSTOM CONFIGURATION
 
-host: "{{ wazuh_manager_config.api.bind_addr }}"
+ host: {{ wazuh_manager_config.api.bind_addr }}
-port: "{{ wazuh_manager_config.api.port }}"
+ port: {{ wazuh_manager_config.api.port }}
 
 # Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no
 
-behind_proxy_server: "{{ wazuh_manager_config.api.behind_proxy_server }}"
+ behind_proxy_server: {{ wazuh_manager_config.api.behind_proxy_server }}
 #Advanced configuration
 
  https:
-  enabled: "{{ wazuh_manager_config.api.https }}"
+  enabled: {{ wazuh_manager_config.api.https }}
   key: "{{ wazuh_manager_config.api.https_key }}"
   cert: "{{ wazuh_manager_config.api.https_cert }}"
-  use_ca: "{{ wazuh_manager_config.api.https_use_ca }}"
+  use_ca: {{ wazuh_manager_config.api.https_use_ca }}
   ca: "{{ wazuh_manager_config.api.https_ca }}"
 
 # Logging configuration
@@ -22,23 +22,23 @@ logs:
   path: "{{ wazuh_manager_config.api.logging_path }}"
 # Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage
  cors:
-  enabled: "{{ wazuh_manager_config.api.cors }}"
+  enabled: {{ wazuh_manager_config.api.cors }}
   source_route: "{{ wazuh_manager_config.api.cors_source_route }}"
   expose_headers: "{{ wazuh_manager_config.api.cors_expose_headers }}"
   allow_headers: "{{ wazuh_manager_config.api.cors_allow_headers }}"
-  allow_credentials: "{{ wazuh_manager_config.api.cors_allow_credentials }}"
+  allow_credentials: {{ wazuh_manager_config.api.cors_allow_credentials }}
 # Cache (time in seconds)
  cache:
-  enabled: "{{ wazuh_manager_config.api.cache }}"
+  enabled: {{ wazuh_manager_config.api.cache }}
-  time: "{{ wazuh_manager_config.api.cache_time }}"
+  time: {{ wazuh_manager_config.api.cache_time }}
 # Access parameters
  access:
-  max_login_attempts: "{{ wazuh_manager_config.api.access_max_login_attempts }}"
+  max_login_attempts: {{ wazuh_manager_config.api.access_max_login_attempts }}
-  block_time: "{{ wazuh_manager_config.api.access_block_time }}"
+  block_time: {{ wazuh_manager_config.api.access_block_time }}
-  max_request_per_minute: "{{ wazuh_manager_config.api.access_max_request_per_minute }}"
+  max_request_per_minute: {{ wazuh_manager_config.api.access_max_request_per_minute }}
 # Force the use of authd when adding and removing agents. Values: yes, no
-use_only_authd: "{{ wazuh_manager_config.api.use_only_authd }}"
+ use_only_authd: {{ wazuh_manager_config.api.use_only_authd }}
 # Drop privileges (Run as ossec user)
-drop_privileges: "{{ wazuh_manager_config.api.drop_privileges }}"
+ drop_privileges: {{ wazuh_manager_config.api.drop_privileges }}
 # Enable features under development
-experimental_features: "{{ wazuh_manager_config.api.experimental_features }}"
+ experimental_features: {{ wazuh_manager_config.api.experimental_features }}