Single node deployment update

2022-02-18 14:14:23 -03:00 · 2022-02-18 14:14:23 -03:00 · 78ff9920aa
commit 78ff9920aa
parent 8499c6b941
7 changed files with 66 additions and 29 deletions
--- a/README.md
+++ b/README.md
@ -304,35 +304,51 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a sing

 ```yaml
 ---
+# Certificates generation
+  - hosts: aio
+    roles:
+      - role: ../roles/opensearch/wazuh-indexer
+        perform_installation: false
+    become: no
+    #become_user: root
+    vars:
+      indexer_node_master: true
+      instances:
+        node1:
+          name: node-1       # Important: must be equal to indexer_node_name.
+          ip: 127.0.0.1
+          role: indexer
+    tags:
+      - generate-certs
 # Single node
-    - hosts: server
-      become: yes
-      become_user: root
-      roles:
-        - role: ../roles/opendistro/opendistro-elasticsearch
-        - role: "../roles/wazuh/ansible-wazuh-manager"
-        - role: "../roles/wazuh/ansible-filebeat-oss"
-        - role: "../roles/opendistro/opendistro-kibana"
-      vars:
-        single_node: true
-        minimum_master_nodes: 1
-        elasticsearch_node_master: true
-        elasticsearch_network_host: <your server host>
-        filebeat_node_name: node-1
-        filebeat_output_indexer_hosts: <your server host>
-        ansible_ssh_user: vagrant
-        ansible_ssh_private_key_file: /path/to/ssh/key.pem
-        ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
-        instances:
-          node1:
-            name: node-1       # Important: must be equal to elasticsearch_node_name.
-            ip: <your server host>
+  - hosts: aio
+    become: yes
+    become_user: root
+    roles:
+      - role: ../roles/opensearch/wazuh-indexer
+      - role: ../roles/wazuh/ansible-wazuh-manager
+      - role: ../roles/wazuh/ansible-filebeat-oss
+      - role: ../roles/opensearch/wazuh-dashboard
+    vars:
+      single_node: true
+      minimum_master_nodes: 1
+      indexer_node_master: true
+      indexer_network_host: 127.0.0.1
+      filebeat_node_name: node-1
+      filebeat_output_indexer_hosts:
+      - 127.0.0.1
+      instances:
+        node1:
+          name: node-1       # Important: must be equal to indexer_node_name.
+          ip: 127.0.0.1
+          role: indexer
+      ansible_shell_allow_world_readable_temp: true
 ```

 ### Inventory file

 ```ini
-[server]
+[aio]
 <your server host>

 [all:vars]
@ -344,7 +360,7 @@ ansible_ssh_extra_args='-o StrictHostKeyChecking=no'
 ### Launching the playbook

 ```bash
-ansible-playbook wazuh-odfe-single.yml -i inventory
+sudo ansible-playbook wazuh-opensearch-single.yml -i inventory
 ```

 After the playbook execution, the Wazuh UI should be reachable through `https://<your server host>:5601`
--- a/playbooks/wazuh-opensearch-single.yml
+++ b/playbooks/wazuh-opensearch-single.yml
@ -1,6 +1,22 @@
 ---
+# Certificates generation
+  - hosts: aio
+    roles:
+      - role: ../roles/opensearch/wazuh-indexer
+        perform_installation: false
+    become: no
+    #become_user: root
+    vars:
+      indexer_node_master: true
+      instances:
+        node1:
+          name: node-1       # Important: must be equal to indexer_node_name.
+          ip: 127.0.0.1
+          role: indexer
+    tags:
+      - generate-certs
 # Single node
-  - hosts: <your server host>  
+  - hosts: aio
    become: yes
    become_user: root
    roles:
@ -14,9 +30,11 @@
      indexer_node_master: true
      indexer_network_host: 127.0.0.1
      filebeat_node_name: node-1
-      filebeat_output_indexer_hosts: 127.0.0.1
+      filebeat_output_indexer_hosts:
+      - 127.0.0.1
      instances:
        node1:
          name: node-1       # Important: must be equal to indexer_node_name.
          ip: 127.0.0.1
+          role: indexer
      ansible_shell_allow_world_readable_temp: true
--- a/roles/opensearch/wazuh-dashboard/defaults/main.yml
+++ b/roles/opensearch/wazuh-dashboard/defaults/main.yml
@ -9,6 +9,8 @@ dashboard_server_host: "0.0.0.0"
 dashboard_server_port: "5601"
 dashboard_server_name: "dashboard"
 wazuh_version: 4.3.0
+indexer_cluster_nodes:
+  - 127.0.0.1
  
 # The Wazuh dashboard package repository
 dashboard_version: "4.3.0"
--- a/roles/opensearch/wazuh-dashboard/tasks/Debian.yml
+++ b/roles/opensearch/wazuh-dashboard/tasks/Debian.yml
@ -17,6 +17,7 @@
    apt:
      name: "wazuh-dashboard={{ dashboard_version }}-1"
      state: present
+      update_cache: yes
    register: install

  tags:
--- a/roles/opensearch/wazuh-dashboard/tasks/RedHat.yml
+++ b/roles/opensearch/wazuh-dashboard/tasks/RedHat.yml
@ -14,6 +14,7 @@
    package:
      name: "wazuh-dashboard-{{ dashboard_version }}"
      state: present
+      update_cache: yes
    register: install
    
  tags:
--- a/roles/opensearch/wazuh-dashboard/tasks/main.yml
+++ b/roles/opensearch/wazuh-dashboard/tasks/main.yml
@ -72,7 +72,7 @@
    mode: 0751
  changed_when: False

- name: Configure opensearch.password in opensearch.keystore
+- name: Configure opensearch.password in opensearch_dashboards.keystore
  shell: >-
    echo {{ dashboard_password }} | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password
  args:
--- a/roles/opensearch/wazuh-indexer/tasks/RMRedHat.yml
+++ b/roles/opensearch/wazuh-indexer/tasks/RMRedHat.yml
@ -1,6 +1,5 @@
 ---
 - name: RedHat/CentOS/Fedora | Remove Wazuh-Indexer repository (and clean up left-over metadata)
-  ## 732 will not be needed and if it is needed the wazuh repo should be removed.
  yum_repository:
    name: wazuh_repo
    state: absent