From 65d896ec7f4cd1cc8e51a3b62b85dc9f1c02e13b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= <teddytpc1@gmail.com>
Date: Wed, 24 Jan 2024 10:39:31 -0300
Subject: [PATCH] VD keystore changes

---
 .../ansible-wazuh-manager/tasks/main.yml      |  9 ++++++++
 .../var-ossec-etc-ossec-server.conf.j2        | 22 +++++++++----------
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index 1c029b6c..1b928113 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -252,6 +252,15 @@
     - init
     - config
 
+- name: Generate the wazuh-keystore
+  shell: >
+    /var/ossec/bin/wazuh-keystore -f indexer -k user -v {{ indexer_security_user }}
+    /var/ossec/bin/wazuh-keystore -f indexer -k password -v {{ indexer_security_password }}
+  notify: restart wazuh-manager
+  tags:
+    - init
+    - config
+
 - name: Ossec-authd password
   template:
     src: authd_pass.j2
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index d14a7bf6..d0b33170 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -267,20 +267,18 @@
   <indexer>
     <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' or wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
     <hosts>
-    {% for item in wazuh_manager_config.indexer.hosts %} 
-      <host>https://{{ item }}:{{ filebeat_output_indexer_port }}</host> 
-    {% endfor %} 
+    {% for item in wazuh_manager_config.indexer.hosts %}
+      <host>https://{{ item }}:{{ filebeat_output_indexer_port }}</host>
+    {% endfor %}
     </hosts>
 
-    <username>{{ indexer_security_user }}</username> 
-    <password>{{ indexer_security_password }}</password> 
-    <ssl> 
-      <certificate_authorities> 
-        <ca>{{ filebeat_ssl_dir }}/root-ca.pem</ca> 
-      </certificate_authorities> 
-      <certificate>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem</certificate> 
-      <key>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem</key> 
-    </ssl> 
+    <ssl>
+      <certificate_authorities>
+        <ca>{{ filebeat_ssl_dir }}/root-ca.pem</ca>
+      </certificate_authorities>
+      <certificate>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem</certificate>
+      <key>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem</key>
+    </ssl>
   </indexer>
 
   <!-- File integrity monitoring -->