From 769d28edf49a997ca7c1128f78435fc51783fb8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Mon, 21 Feb 2022 13:55:04 -0300 Subject: [PATCH] Playbook and readme updated --- README.md | 26 +++++++++---------- .../wazuh-opensearch-production-ready.yml | 8 +++--- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 0e5896ff..d4e8180f 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb | Wazuh version | Elastic | ODFE | |---------------|---------|--------| -| v4.3.0 | | 1.13.2 | +| v4.3.0 | | | | v4.2.5 | 7.10.2 | 1.13.2 | | v4.2.4 | 7.10.2 | 1.13.2 | | v4.2.3 | 7.10.2 | 1.13.2 | @@ -75,7 +75,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb ## Example: production-ready distributed environment ### Playbook -The hereunder example playbook uses the `wazuh-ansible` role to provision a production-ready Wazuh environment. The architecture includes 2 Wazuh nodes, 3 ODFE nodes and a mixed ODFE-Kibana node. +The hereunder example playbook uses the `wazuh-ansible` role to provision a production-ready Wazuh environment. The architecture includes 2 Wazuh nodes, 3 Wazuh Indexer nodes and a mixed Wazuh dashboard node. ```yaml --- @@ -199,7 +199,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod hidden: 'no' wazuh_api_users: - username: custom-user - password: .S3cur3Pa55w0rd*- + password: SecretPassword! filebeat_output_indexer_hosts: - "{{ hostvars.wi1.private_ip }}" - "{{ hostvars.wi2.private_ip }}" @@ -261,10 +261,10 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod url: https://{{ hostvars.manager.private_ip }} port: 55000 username: custom-user - password: .S3cur3Pa55w0rd*- + password: SecretPassword! instances: node1: - name: node-1 # Important: must be equal to indexer_node_name. + name: node-1 ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. role: indexer node2: @@ -289,7 +289,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod name: node-6 ip: "{{ hostvars.dashboard.private_ip }}" role: dashboard - ansible_shell_allow_world_readable_temp: true + ansible_shell_allow_world_readable_temp: true ``` ### Inventory file @@ -300,10 +300,10 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod - The ssh credentials used by Ansible during the provision can be specified in this file too. Another option is including them directly on the playbook. ```ini -wi1 ansible_host= private_ip= elasticsearch_node_name=node-1 -wi2 ansible_host= private_ip= elasticsearch_node_name=node-2 -wi3 ansible_host= private_ip= elasticsearch_node_name=node-3 -kibana ansible_host= private_ip= +wi1 ansible_host= private_ip= indexer_node_name=node-1 +wi2 ansible_host= private_ip= indexer_node_name=node-2 +wi3 ansible_host= private_ip= indexer_node_name=node-3 +dashboard ansible_host= private_ip= manager ansible_host= private_ip= worker ansible_host= private_ip= @@ -321,15 +321,15 @@ ansible_ssh_extra_args='-o StrictHostKeyChecking=no' ### Launching the playbook ```bash -ansible-playbook wazuh-odfe-production-ready.yml -i inventory +sudo ansible-playbook wazuh-opensearch-production-ready.yml -i inventory ``` -After the playbook execution, the Wazuh UI should be reachable through `https://:5601` +After the playbook execution, the Wazuh UI should be reachable through `https://:5601` ## Example: single-host environment ### Playbook -The hereunder example playbook uses the `wazuh-ansible` role to provision a single-host Wazuh environment. This architecture includes all the Wazuh and ODFE components in a single node. +The hereunder example playbook uses the `wazuh-ansible` role to provision a single-host Wazuh environment. This architecture includes all the Wazuh and Opensearch components in a single node. ```yaml --- diff --git a/playbooks/wazuh-opensearch-production-ready.yml b/playbooks/wazuh-opensearch-production-ready.yml index c23d9ff4..f8542096 100644 --- a/playbooks/wazuh-opensearch-production-ready.yml +++ b/playbooks/wazuh-opensearch-production-ready.yml @@ -119,7 +119,7 @@ hidden: 'no' wazuh_api_users: - username: custom-user - password: .S3cur3Pa55w0rd*- + password: SecretPassword! filebeat_output_indexer_hosts: - "{{ hostvars.wi1.private_ip }}" - "{{ hostvars.wi2.private_ip }}" @@ -181,10 +181,10 @@ url: https://{{ hostvars.manager.private_ip }} port: 55000 username: custom-user - password: .S3cur3Pa55w0rd*- + password: SecretPassword! instances: node1: - name: node-1 # Important: must be equal to indexer_node_name. + name: node-1 ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. role: indexer node2: @@ -209,4 +209,4 @@ name: node-6 ip: "{{ hostvars.dashboard.private_ip }}" role: dashboard - ansible_shell_allow_world_readable_temp: true + ansible_shell_allow_world_readable_temp: true