Playbooks updated
This commit is contained in:
Gonzalo Acuña
parent
35a14f3569
commit
8499c6b941
@ -4,6 +4,6 @@
|
|||||||
- role: ../roles/wazuh/ansible-wazuh-manager
|
- role: ../roles/wazuh/ansible-wazuh-manager
|
||||||
- role: ../roles/wazuh/ansible-filebeat-oss
|
- role: ../roles/wazuh/ansible-filebeat-oss
|
||||||
filebeat_output_indexer_hosts:
|
filebeat_output_indexer_hosts:
|
||||||
- "<elastic-node-1>:9200"
|
- "<indexer-node-1>:9200"
|
||||||
- "<elastic-node-2>:9200"
|
- "<indexer-node-2>:9200"
|
||||||
- "<elastic-node-2>:9200"
|
- "<indexer-node-2>:9200"
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
- hosts: es1
|
- hosts: wi1
|
||||||
roles:
|
roles:
|
||||||
- role: ../roles/opensearch/wazuh-dashboard
|
- role: ../roles/opensearch/wazuh-dashboard
|
||||||
vars:
|
vars:
|
||||||
@ -1,81 +1,97 @@
|
|||||||
---
|
---
|
||||||
# Certificates generation
|
# Certificates generation
|
||||||
- hosts: es1
|
- hosts: wi1
|
||||||
roles:
|
roles:
|
||||||
- role: ../roles/opensearch/wazuh-indexer
|
- role: ../roles/opensearch/wazuh-indexer
|
||||||
elasticsearch_network_host: "{{ private_ip }}"
|
indexer_network_host: "{{ private_ip }}"
|
||||||
elasticsearch_cluster_nodes:
|
indexer_cluster_nodes:
|
||||||
- "{{ hostvars.es1.private_ip }}"
|
- "{{ hostvars.wi1.private_ip }}"
|
||||||
- "{{ hostvars.es2.private_ip }}"
|
- "{{ hostvars.wi2.private_ip }}"
|
||||||
- "{{ hostvars.es3.private_ip }}"
|
- "{{ hostvars.wi3.private_ip }}"
|
||||||
elasticsearch_discovery_nodes:
|
indexer_discovery_nodes:
|
||||||
- "{{ hostvars.es1.private_ip }}"
|
- "{{ hostvars.wi1.private_ip }}"
|
||||||
- "{{ hostvars.es2.private_ip }}"
|
- "{{ hostvars.wi2.private_ip }}"
|
||||||
- "{{ hostvars.es3.private_ip }}"
|
- "{{ hostvars.wi3.private_ip }}"
|
||||||
perform_installation: false
|
perform_installation: false
|
||||||
become: yes
|
become: yes
|
||||||
become_user: root
|
become_user: root
|
||||||
vars:
|
vars:
|
||||||
elasticsearch_node_master: true
|
indexer_node_master: true
|
||||||
instances:
|
instances:
|
||||||
node1:
|
node1:
|
||||||
name: node-1 # Important: must be equal to elasticsearch_node_name.
|
name: node-1 # Important: must be equal to indexer_node_name.
|
||||||
ip: "{{ hostvars.es1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
|
ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
|
||||||
|
role: indexer
|
||||||
node2:
|
node2:
|
||||||
name: node-2
|
name: node-2
|
||||||
ip: "{{ hostvars.es2.private_ip }}"
|
ip: "{{ hostvars.wi2.private_ip }}"
|
||||||
|
role: indexer
|
||||||
node3:
|
node3:
|
||||||
name: node-3
|
name: node-3
|
||||||
ip: "{{ hostvars.es3.private_ip }}"
|
ip: "{{ hostvars.wi3.private_ip }}"
|
||||||
|
role: indexer
|
||||||
node4:
|
node4:
|
||||||
name: node-4
|
name: node-4
|
||||||
ip: "{{ hostvars.manager.private_ip }}"
|
ip: "{{ hostvars.manager.private_ip }}"
|
||||||
|
role: wazuh
|
||||||
|
node_type: master
|
||||||
node5:
|
node5:
|
||||||
name: node-5
|
name: node-5
|
||||||
ip: "{{ hostvars.worker.private_ip }}"
|
ip: "{{ hostvars.worker.private_ip }}"
|
||||||
|
role: wazuh
|
||||||
|
node_type: worker
|
||||||
node6:
|
node6:
|
||||||
name: node-6
|
name: node-6
|
||||||
ip: "{{ hostvars.kibana.private_ip }}"
|
ip: "{{ hostvars.dashboard.private_ip }}"
|
||||||
|
role: dashboard
|
||||||
tags:
|
tags:
|
||||||
- generate-certs
|
- generate-certs
|
||||||
|
|
||||||
#ODFE Cluster
|
#ODFE Cluster
|
||||||
- hosts: odfe_cluster
|
- hosts: wi_cluster
|
||||||
strategy: free
|
strategy: free
|
||||||
roles:
|
roles:
|
||||||
- role: ../roles/opensearch/wazuh-indexer
|
- role: ../roles/opensearch/wazuh-indexer
|
||||||
elasticsearch_network_host: "{{ private_ip }}"
|
indexer_network_host: "{{ private_ip }}"
|
||||||
become: yes
|
become: yes
|
||||||
become_user: root
|
become_user: root
|
||||||
vars:
|
vars:
|
||||||
elasticsearch_cluster_nodes:
|
indexer_cluster_nodes:
|
||||||
- "{{ hostvars.es1.private_ip }}"
|
- "{{ hostvars.wi1.private_ip }}"
|
||||||
- "{{ hostvars.es2.private_ip }}"
|
- "{{ hostvars.wi2.private_ip }}"
|
||||||
- "{{ hostvars.es3.private_ip }}"
|
- "{{ hostvars.wi3.private_ip }}"
|
||||||
elasticsearch_discovery_nodes:
|
indexer_discovery_nodes:
|
||||||
- "{{ hostvars.es1.private_ip }}"
|
- "{{ hostvars.wi1.private_ip }}"
|
||||||
- "{{ hostvars.es2.private_ip }}"
|
- "{{ hostvars.wi2.private_ip }}"
|
||||||
- "{{ hostvars.es3.private_ip }}"
|
- "{{ hostvars.wi3.private_ip }}"
|
||||||
elasticsearch_node_master: true
|
indexer_node_master: true
|
||||||
instances:
|
instances:
|
||||||
node1:
|
node1:
|
||||||
name: node-1 # Important: must be equal to elasticsearch_node_name.
|
name: node-1 # Important: must be equal to indexer_node_name.
|
||||||
ip: "{{ hostvars.es1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
|
ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
|
||||||
|
role: indexer
|
||||||
node2:
|
node2:
|
||||||
name: node-2
|
name: node-2
|
||||||
ip: "{{ hostvars.es2.private_ip }}"
|
ip: "{{ hostvars.wi2.private_ip }}"
|
||||||
|
role: indexer
|
||||||
node3:
|
node3:
|
||||||
name: node-3
|
name: node-3
|
||||||
ip: "{{ hostvars.es3.private_ip }}"
|
ip: "{{ hostvars.wi3.private_ip }}"
|
||||||
|
role: indexer
|
||||||
node4:
|
node4:
|
||||||
name: node-4
|
name: node-4
|
||||||
ip: "{{ hostvars.manager.private_ip }}"
|
ip: "{{ hostvars.manager.private_ip }}"
|
||||||
|
role: wazuh
|
||||||
|
node_type: master
|
||||||
node5:
|
node5:
|
||||||
name: node-5
|
name: node-5
|
||||||
ip: "{{ hostvars.worker.private_ip }}"
|
ip: "{{ hostvars.worker.private_ip }}"
|
||||||
|
role: wazuh
|
||||||
|
node_type: worker
|
||||||
node6:
|
node6:
|
||||||
name: node-6
|
name: node-6
|
||||||
ip: "{{ hostvars.kibana.private_ip }}"
|
ip: "{{ hostvars.dashboard.private_ip }}"
|
||||||
|
role: dashboard
|
||||||
|
|
||||||
#Wazuh cluster
|
#Wazuh cluster
|
||||||
- hosts: manager
|
- hosts: manager
|
||||||
@ -106,9 +122,9 @@
|
|||||||
- username: custom-user
|
- username: custom-user
|
||||||
password: .S3cur3Pa55w0rd*-
|
password: .S3cur3Pa55w0rd*-
|
||||||
filebeat_output_indexer_hosts:
|
filebeat_output_indexer_hosts:
|
||||||
- "{{ hostvars.es1.private_ip }}"
|
- "{{ hostvars.wi1.private_ip }}"
|
||||||
- "{{ hostvars.es2.private_ip }}"
|
- "{{ hostvars.wi2.private_ip }}"
|
||||||
- "{{ hostvars.es3.private_ip }}"
|
- "{{ hostvars.wi3.private_ip }}"
|
||||||
|
|
||||||
- hosts: worker
|
- hosts: worker
|
||||||
roles:
|
roles:
|
||||||
@ -135,32 +151,32 @@
|
|||||||
- "{{ hostvars.manager.private_ip }}"
|
- "{{ hostvars.manager.private_ip }}"
|
||||||
hidden: 'no'
|
hidden: 'no'
|
||||||
filebeat_output_indexer_hosts:
|
filebeat_output_indexer_hosts:
|
||||||
- "{{ hostvars.es1.private_ip }}"
|
- "{{ hostvars.wi1.private_ip }}"
|
||||||
- "{{ hostvars.es2.private_ip }}"
|
- "{{ hostvars.wi2.private_ip }}"
|
||||||
- "{{ hostvars.es3.private_ip }}"
|
- "{{ hostvars.wi3.private_ip }}"
|
||||||
|
|
||||||
#ODFE+Kibana node
|
#Indexer+Dashboard node
|
||||||
- hosts: kibana
|
- hosts: dashboard
|
||||||
roles:
|
roles:
|
||||||
- role: "../roles/opensearch/wazuh-indexer"
|
- role: "../roles/opensearch/wazuh-indexer"
|
||||||
- role: "../roles/opensearch/wazuh-dashboard"
|
- role: "../roles/opensearch/wazuh-dashboard"
|
||||||
become: yes
|
become: yes
|
||||||
become_user: root
|
become_user: root
|
||||||
vars:
|
vars:
|
||||||
elasticsearch_network_host: "{{ hostvars.kibana.private_ip }}"
|
indexer_network_host: "{{ hostvars.dashboard.private_ip }}"
|
||||||
elasticsearch_node_name: node-6
|
indexer_node_name: node-6
|
||||||
elasticsearch_node_master: false
|
indexer_node_master: false
|
||||||
elasticsearch_node_ingest: false
|
indexer_node_ingest: false
|
||||||
elasticsearch_node_data: false
|
indexer_node_data: false
|
||||||
elasticsearch_cluster_nodes:
|
indexer_cluster_nodes:
|
||||||
- "{{ hostvars.es1.private_ip }}"
|
- "{{ hostvars.wi1.private_ip }}"
|
||||||
- "{{ hostvars.es2.private_ip }}"
|
- "{{ hostvars.wi2.private_ip }}"
|
||||||
- "{{ hostvars.es3.private_ip }}"
|
- "{{ hostvars.wi3.private_ip }}"
|
||||||
elasticsearch_discovery_nodes:
|
indexer_discovery_nodes:
|
||||||
- "{{ hostvars.es1.private_ip }}"
|
- "{{ hostvars.wi1.private_ip }}"
|
||||||
- "{{ hostvars.es2.private_ip }}"
|
- "{{ hostvars.wi2.private_ip }}"
|
||||||
- "{{ hostvars.es3.private_ip }}"
|
- "{{ hostvars.wi3.private_ip }}"
|
||||||
kibana_node_name: node-6
|
dashboard_node_name: node-6
|
||||||
wazuh_api_credentials:
|
wazuh_api_credentials:
|
||||||
- id: default
|
- id: default
|
||||||
url: https://{{ hostvars.manager.private_ip }}
|
url: https://{{ hostvars.manager.private_ip }}
|
||||||
@ -169,21 +185,29 @@
|
|||||||
password: .S3cur3Pa55w0rd*-
|
password: .S3cur3Pa55w0rd*-
|
||||||
instances:
|
instances:
|
||||||
node1:
|
node1:
|
||||||
name: node-1 # Important: must be equal to elasticsearch_node_name.
|
name: node-1 # Important: must be equal to indexer_node_name.
|
||||||
ip: "{{ hostvars.es1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
|
ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
|
||||||
|
role: indexer
|
||||||
node2:
|
node2:
|
||||||
name: node-2
|
name: node-2
|
||||||
ip: "{{ hostvars.es2.private_ip }}"
|
ip: "{{ hostvars.wi2.private_ip }}"
|
||||||
|
role: indexer
|
||||||
node3:
|
node3:
|
||||||
name: node-3
|
name: node-3
|
||||||
ip: "{{ hostvars.es3.private_ip }}"
|
ip: "{{ hostvars.wi3.private_ip }}"
|
||||||
|
role: indexer
|
||||||
node4:
|
node4:
|
||||||
name: node-4
|
name: node-4
|
||||||
ip: "{{ hostvars.manager.private_ip }}"
|
ip: "{{ hostvars.manager.private_ip }}"
|
||||||
|
role: wazuh
|
||||||
|
node_type: master
|
||||||
node5:
|
node5:
|
||||||
name: node-5
|
name: node-5
|
||||||
ip: "{{ hostvars.worker.private_ip }}"
|
ip: "{{ hostvars.worker.private_ip }}"
|
||||||
|
role: wazuh
|
||||||
|
node_type: worker
|
||||||
node6:
|
node6:
|
||||||
name: node-6
|
name: node-6
|
||||||
ip: "{{ hostvars.kibana.private_ip }}"
|
ip: "{{ hostvars.dashboard.private_ip }}"
|
||||||
|
role: dashboard
|
||||||
ansible_shell_allow_world_readable_temp: true
|
ansible_shell_allow_world_readable_temp: true
|
||||||
@ -11,12 +11,12 @@
|
|||||||
vars:
|
vars:
|
||||||
single_node: true
|
single_node: true
|
||||||
minimum_master_nodes: 1
|
minimum_master_nodes: 1
|
||||||
elasticsearch_node_master: true
|
indexer_node_master: true
|
||||||
elasticsearch_network_host: 127.0.0.1
|
indexer_network_host: 127.0.0.1
|
||||||
filebeat_node_name: node-1
|
filebeat_node_name: node-1
|
||||||
filebeat_output_indexer_hosts: 127.0.0.1
|
filebeat_output_indexer_hosts: 127.0.0.1
|
||||||
instances:
|
instances:
|
||||||
node1:
|
node1:
|
||||||
name: node-1 # Important: must be equal to elasticsearch_node_name.
|
name: node-1 # Important: must be equal to indexer_node_name.
|
||||||
ip: 127.0.0.1
|
ip: 127.0.0.1
|
||||||
ansible_shell_allow_world_readable_temp: true
|
ansible_shell_allow_world_readable_temp: true
|
||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
- hosts: es_cluster
|
- hosts: wi_cluster
|
||||||
roles:
|
roles:
|
||||||
- role: ../roles/opensearch/wazuh-indexer
|
- role: ../roles/opensearch/wazuh-indexer
|
||||||
|
|
||||||
@ -8,10 +8,13 @@
|
|||||||
node1:
|
node1:
|
||||||
name: node-1
|
name: node-1
|
||||||
ip: <node-1 IP>
|
ip: <node-1 IP>
|
||||||
|
role: indexer
|
||||||
node2:
|
node2:
|
||||||
name: node-2
|
name: node-2
|
||||||
ip: <node-2 IP>
|
ip: <node-2 IP>
|
||||||
|
role: indexer
|
||||||
node3:
|
node3:
|
||||||
name: node-3
|
name: node-3
|
||||||
ip: <node-3 IP>
|
ip: <node-3 IP>
|
||||||
|
role: indexer
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user