From 7444885ecd26b381f46d2ac57baa3aa786f4f3e8 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 12:47:44 +0200 Subject: [PATCH 01/11] Check if var is defined --- .../ansible-elasticsearch/templates/instances.yml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index 62182293..1e87f8d2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -6,10 +6,10 @@ instances: {% for (key,value) in instances.items() %} - name: "{{ value.name }}" -{% if value.ip %} +{% if value.ip is defined %} ip: - "{{ value.ip }}" -{% elif value.dns %} +{% elif value.dns is defined %} dns: - "{{ value.dns }}" {% endif %} From a542c3bb4ba27d57356f4bae6886c4c329e5f6a1 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 13:08:02 +0200 Subject: [PATCH 02/11] Remove unzip check --- .../ansible-elasticsearch/tasks/xpack_security.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 35f64fae..8cdfdb77 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -1,12 +1,4 @@ -- name: Install unzip dependency. - package: - name: unzip - state: present - delegate_to: "127.0.0.1" - when: - - node_certs_generator - - name: Check if certificate exists locally stat: path: "{{ node_certs_destination }}/{{ elasticsearch_node_name }}.crt" From 6fc395a81f7ccb4a469a73fcd28e6c159432df87 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 15:12:54 +0200 Subject: [PATCH 03/11] Add length check --- .../ansible-elasticsearch/templates/instances.yml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index 1e87f8d2..b2f3bf6c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -6,10 +6,10 @@ instances: {% for (key,value) in instances.items() %} - name: "{{ value.name }}" -{% if value.ip is defined %} +{% if value.ip is defined and value.ip | length > 0 %} ip: - "{{ value.ip }}" -{% elif value.dns is defined %} +{% elif value.dns is defined and value.dns | length > 0 %} dns: - "{{ value.dns }}" {% endif %} From a53674791f7ff3d8ab276a35d1c17bfdf5292fc7 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 16:44:12 +0200 Subject: [PATCH 04/11] Add xpack scenario in the Readme --- .../ansible-elasticsearch/README.md | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index f3089e7e..68d55c29 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -12,6 +12,8 @@ This role will work on: * Fedora * Debian * Ubuntu + +For the elasticsearch role with XPack security the `unzip` command must be available on the Ansible master. Role Variables -------------- @@ -53,6 +55,70 @@ Example Playbook - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} ``` +- Three nodes Elasticsearch cluster with XPack security +``` +--- +- hosts: elastic-1 + roles: + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.111 + node_name: node-1 + single_node: false + elasticsearch_master_candidate: true + elasticsearch_bootstrap_node: true + elasticsearch_cluster_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + elasticsearch_discovery_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + elasticsearch_xpack_security: true + node_certs_generator: true + node_certs_generator_ip: 172.16.0.111 + + vars: + instances: + node-1: + name: node-1 + ip: 172.16.0.111 + node-2: + name: node-2 + ip: 172.16.0.112 + node-3: + name: node-3 + ip: 172.16.0.113 + +- hosts: elastic-2 + roles: + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.112 + elasticsearch_node_name: node-2 + elasticsearch_xpack_security: true + elasticsearch_master_candidate: true + node_certs_generator_ip: 172.16.0.111 + elasticsearch_discovery_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + +- hosts: elastic-3 + roles: + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.113 + elasticsearch_node_name: node-3 + elasticsearch_xpack_security: true + elasticsearch_master_candidate: true + node_certs_generator_ip: 172.16.0.111 + elasticsearch_discovery_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + +``` + + License and copyright --------------------- From 65ba7e088f361854de3a80cfd5c031b35d863cb3 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 18:39:21 +0200 Subject: [PATCH 05/11] Add config tag to the enable service task --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index d9415ffc..37a8a8eb 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -185,6 +185,7 @@ name: wazuh-agent enabled: true state: started + tags: config - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From 86de4a0fee015d2c6e96fc10d08dc008b8fc29ca Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 1 Oct 2019 11:01:18 +0200 Subject: [PATCH 06/11] Add elasticsearch_reachable_host This fixes #262 --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 5 +---- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index f365f66a..c19fcce9 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -3,6 +3,7 @@ elasticsearch_cluster_name: wazuh elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 +elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.3.2 single_node: true @@ -30,7 +31,3 @@ generate_CA: true ca_key_name: "" ca_cert_name: "" ca_password: "" - - - - diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index af17e528..706de27e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -109,7 +109,7 @@ - init - name: Make sure Elasticsearch is running before proceeding - wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 + wait_for: host={{ elasticsearch_reachable_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 tags: - configure - init From 38993c3100360f09539834714078da9fd7add340 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 1 Oct 2019 18:20:29 +0200 Subject: [PATCH 07/11] Fix vars on cluster example --- roles/elastic-stack/ansible-elasticsearch/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 68d55c29..41cebd54 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -62,7 +62,7 @@ Example Playbook roles: - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.111 - node_name: node-1 + elasticsearch_node_name: node-1 single_node: false elasticsearch_master_candidate: true elasticsearch_bootstrap_node: true @@ -95,6 +95,7 @@ Example Playbook - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.112 elasticsearch_node_name: node-2 + single_node: false elasticsearch_xpack_security: true elasticsearch_master_candidate: true node_certs_generator_ip: 172.16.0.111 @@ -108,6 +109,7 @@ Example Playbook - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.113 elasticsearch_node_name: node-3 + single_node: false elasticsearch_xpack_security: true elasticsearch_master_candidate: true node_certs_generator_ip: 172.16.0.111 From b9695dc9058236758a44adb421a4c2b89fd9b4b8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 2 Oct 2019 09:25:53 +0200 Subject: [PATCH 08/11] Remove product_id parameter from windows Agent. Update md5 --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 3 +-- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index f6904240..0222d8d7 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -29,8 +29,7 @@ wazuh_winagent_config: version: '3.10.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: ee5b24216db472d291da4e14f0b3bc63 - register_key: 9903C258-FC1E-4886-B7DB-1535976EC1D5 + md5: 2bceb80901f22b56221658aceb64b914 wazuh_agent_config: active_response: ar_disabled: 'no' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 2d388748..8dff6274 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -42,7 +42,6 @@ - name: Windows | Install Agent if not already installed win_package: path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" - product_id: '{{ "{" }}{{ wazuh_winagent_config.register_key }}{{ "}" }}' state: present - name: Windows | Check if client.keys exists From 37bbca73a420aec8cf191f72db2a98408c1ac430 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 2 Oct 2019 09:30:59 +0200 Subject: [PATCH 09/11] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95a9d18b..3c192f74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,10 @@ All notable changes to this project will be documented in this file. - Fixed Kibana installation in Amazon Linux [@jm404](https://github.com/jm404) [#232](https://github.com/wazuh/wazuh-ansible/pull/232) - Fixed Windows Agent installation and configuration [@jm404](https://github.com/jm404) [#234](https://github.com/wazuh/wazuh-ansible/pull/234) +### Fixed + +- Removed registry key check on Wazuh Agent installation in windows [@jm404](https://github.com/jm404) [#265](https://github.com/wazuh/wazuh-ansible/pull/265) + ## [v3.9.5_7.2.1] ### Added From 867936d4c5fa3b71a33e812627eb529b809cccc0 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 2 Oct 2019 09:52:13 +0200 Subject: [PATCH 10/11] Update md5 for windows agent installater --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 0222d8d7..32d5963c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -29,7 +29,7 @@ wazuh_winagent_config: version: '3.10.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: 2bceb80901f22b56221658aceb64b914 + md5: 71650780904cbfc2e45eae4298adb7a3 wazuh_agent_config: active_response: ar_disabled: 'no' From 99426a3c0fbf5d98e6c930a0c21c2deaef65ea51 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 4 Oct 2019 17:01:34 +0200 Subject: [PATCH 11/11] New task to create elasticsearch users Fixes #269 Fixes #268 --- .../ansible-elasticsearch/README.md | 7 +++++++ .../tasks/xpack_security.yml | 16 ++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 41cebd54..b10a2152 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -79,6 +79,13 @@ Example Playbook node_certs_generator_ip: 172.16.0.111 vars: + elasticsearch_xpack_users: + anne: + password: 'PasswordHere' + roles: '["kibana_user", "monitoring_user"]' + jack: + password: 'PasswordHere' + roles: '["superuser"]' instances: node-1: name: node-1 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 8cdfdb77..1d338cf7 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -194,3 +194,19 @@ when: - node_certs_generator tags: molecule-idempotence-notest + +- name: Create elasticsearch users + uri: + url: "https://{{ elasticsearch_reachable_host }}:9200/_security/user/{{ item.key }}" + method: POST + body_format: json + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' + validate_certs: no + loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}" + register: http_response + failed_when: http_response.status != 200 + when: + - elasticsearch_xpack_users is defined + - node_certs_generator