Fix cluster key and add custom user

2020-10-27 14:26:10 +01:00 · 2020-10-27 14:26:10 +01:00 · 8cb307064b
commit 8cb307064b
parent 13cda56e94
2 changed files with 22 additions and 17 deletions
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-# Wazuh-Ansible 
+# Wazuh-Ansible

 [![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://wazuh.com/community/join-us-on-slack/)
 [![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh)
@ -26,15 +26,15 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack.

    ├── wazuh-ansible
    │ ├── roles
-    │ │ ├── elastic-stack 
-    │ │ │ ├── ansible-elasticsearch        
+    │ │ ├── elastic-stack
+    │ │ │ ├── ansible-elasticsearch
    │ │ │ ├── ansible-kibana
-    │ │     
-    │ │ ├── opendistro                
+    │ │
+    │ │ ├── opendistro
    │ │ │ ├── opendistro-elasticsearch
    │ │ │ ├── opendistro-kibana
-    │ │ 
-    │ │ ├── wazuh                
+    │ │
+    │ │ ├── wazuh
    │ │ │ ├── ansible-filebeat
    │ │ │ ├── ansible-filebeat-oss
    │ │ │ ├── ansible-wazuh-manager
@ -105,7 +105,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod
            ip: "{{ hostvars.kibana.private_ip }}"
      tags:
        - generate-certs
-    
+
 #ODFE Cluster
    - hosts: odfe_cluster
      strategy: free
@ -143,7 +143,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod
          node6:
            name: node-6
            ip: "{{ hostvars.kibana.private_ip }}"
-  
+
  #Wazuh cluster
    - hosts: manager
      roles:
@ -165,6 +165,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod
              disable: 'no'
              node_name: 'master'
              node_type: 'master'
+              key: 'c98b62a9b6169ac5f67dae55ae4a9088'
              nodes:
                  - '"{{ hostvars.manager.private_ip }}"'
              hidden: 'no'
@ -172,7 +173,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod
                - "{{ hostvars.es1.private_ip }}"
                - "{{ hostvars.es2.private_ip }}"
                - "{{ hostvars.es3.private_ip }}"
-  
+
    - hosts: worker
      roles:
        - role: "../roles/wazuh/ansible-wazuh-manager"
@ -201,7 +202,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod
                - "{{ hostvars.es1.private_ip }}"
                - "{{ hostvars.es2.private_ip }}"
                - "{{ hostvars.es3.private_ip }}"
-  
+
  #ODFE+Kibana node
    - hosts: kibana
      roles:
@ -253,9 +254,9 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod

 ### Inventory file

- The `ansible_host` variable should contain the `address/FQDN` used to gather facts and provision each node. 
+- The `ansible_host` variable should contain the `address/FQDN` used to gather facts and provision each node.
 - The `private_ip` variable should contain the `address/FQDN` used for the internal cluster communications.
- Whether the environment is located in a local subnet, `ansible_host` and `private_ip` variables should match. 
+- Whether the environment is located in a local subnet, `ansible_host` and `private_ip` variables should match.
 - The ssh credentials used by Ansible during the provision can be specified in this file too. Another option is including them directly on the playbook.

 ```ini
@ -305,7 +306,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a sing
        single_node: true
        minimum_master_nodes: 1
        elasticsearch_node_master: true
-        elasticsearch_network_host: <your server host>  
+        elasticsearch_network_host: <your server host>
        filebeat_node_name: node-1
        filebeat_output_elasticsearch_hosts: <your server host>
        ansible_ssh_user: vagrant
@ -341,7 +342,7 @@ After the playbook execution, the Wazuh UI should be reachable through `https://

 If you want to contribute to our repository, please fork our Github repository and submit a pull request.

-If you are not familiar with Github, you can also share them through [our users mailing list](https://groups.google.com/d/forum/wazuh), to which you can subscribe by sending an email to `wazuh+subscribe@googlegroups.com`. 
+If you are not familiar with Github, you can also share them through [our users mailing list](https://groups.google.com/d/forum/wazuh), to which you can subscribe by sending an email to `wazuh+subscribe@googlegroups.com`.

 ### Modified by Wazuh

--- a/playbooks/wazuh-odfe-production-ready.yml
+++ b/playbooks/wazuh-odfe-production-ready.yml
@ -98,9 +98,13 @@
              disable: 'no'
              node_name: 'master'
              node_type: 'master'
+              key: 'c98b62a9b6169ac5f67dae55ae4a9088'
              nodes:
                  - '"{{ hostvars.manager.private_ip }}"'
              hidden: 'no'
+        wazuh_api_users:
+          - username: custom-user
+            password: .S3cur3Pa55w0rd*-
        filebeat_output_elasticsearch_hosts:
                - "{{ hostvars.es1.private_ip }}"
                - "{{ hostvars.es2.private_ip }}"
@ -161,8 +165,8 @@
          - id: default
            url: https://{{ hostvars.manager.private_ip }}
            port: 55000
-            username: foo
-            password: bar
+            username: custom-user
+            password: .S3cur3Pa55w0rd*-
        instances:
          node1:
            name: node-1       # Important: must be equal to elasticsearch_node_name.