From c56ea57025e772ac2f57ed179ca2e6f86686193a Mon Sep 17 00:00:00 2001 From: c-bordon Date: Thu, 27 Jun 2024 15:14:56 -0300 Subject: [PATCH 1/6] Added support for Wazuh certificates tool with Docker --- .../wazuh-indexer/tasks/local_actions.yml | 50 ++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml index 4a215bef..6803a88d 100644 --- a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml @@ -21,12 +21,13 @@ stat: path: "{{ local_certs_path }}/wazuh-certs-tool.sh" register: tool_package + when: ansible_os_family != 'Darwin' or ansible_os_family != 'Windows' - name: Local action | Download certificates generation tool get_url: url: "{{ certs_gen_tool_url }}" dest: "{{ local_certs_path }}/wazuh-certs-tool.sh" - when: not tool_package.stat.exists + when: not tool_package.stat.exists and ansible_os_family != 'Darwin' or ansible_os_family != 'Windows' - name: Local action | Prepare the certificates generation template file template: @@ -34,10 +35,57 @@ dest: "{{ local_certs_path }}/config.yml" mode: 0644 register: tlsconfig_template + when: ansible_os_family != 'Darwin' or ansible_os_family != 'Windows' - name: Local action | Generate the node & admin certificates in local command: >- bash {{ local_certs_path }}/wazuh-certs-tool.sh -A + when: ansible_os_family != 'Darwin' or ansible_os_family != 'Windows' + + - name: Local action | Check for Docker installation on macOS + command: docker --version + register: docker_check + when: os_family == 'Darwin' + ignore_errors: yes + + - name: Local action | Check for Docker installation on Windows + win_shell: docker --version + register: docker_check + when: os_family == 'Windows' + ignore_errors: yes + + - name: Local action | Fail if Docker is not installed + fail: + msg: "Docker is not installed on this host." + when: docker_check.rc != 0 and ansible_os_family == 'Darwin' or ansible_os_family == 'Windows' + + - name: Local action | Run Docker container on macOS + community.docker.docker_container: + name: wazuh-cert-tool + image: "wazuh/wazuh-cert-tool" + state: started + auto_remove: true + volumes: + - "{{ local_certs_path }}/config.yml:/config/certs.yml" + - "{{ local_certs_path }}/wazuh-certificates:/certificates/" + when: os_family == 'Darwin' + + - name: Local action | Run Docker container on Windows + community.docker.docker_container: + name: wazuh-cert-tool + image: "wazuh/wazuh-cert-tool" + state: started + auto_remove: true + volumes: + - "C:/{{ local_certs_path }}/config.yml:/config/certs.yml" + - "{{ local_certs_path }}/wazuh-certificates:C:/certificates/" + when: os_family == 'Windows' + + - name: Remove Docker image after execution + community.docker.docker_image: + name: "wazuh/wazuh-cert-tool" + state: absent + when: os_family == 'Darwin' or os_family == 'Windows' run_once: true delegate_to: localhost From 299c59ca13491ab299a06ed4b29515e5835f1478 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Thu, 27 Jun 2024 16:13:14 -0300 Subject: [PATCH 2/6] Removed Windows option for Ansible executor node --- .../wazuh-indexer/tasks/local_actions.yml | 35 +++++-------------- 1 file changed, 9 insertions(+), 26 deletions(-) diff --git a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml index 6803a88d..b3ad0714 100644 --- a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml @@ -21,13 +21,13 @@ stat: path: "{{ local_certs_path }}/wazuh-certs-tool.sh" register: tool_package - when: ansible_os_family != 'Darwin' or ansible_os_family != 'Windows' + when: ansible_os_family == 'Darwin' - name: Local action | Download certificates generation tool get_url: url: "{{ certs_gen_tool_url }}" dest: "{{ local_certs_path }}/wazuh-certs-tool.sh" - when: not tool_package.stat.exists and ansible_os_family != 'Darwin' or ansible_os_family != 'Windows' + when: not (tool_package.stat.exists | default(1)) and ansible_os_family == 'Darwin' - name: Local action | Prepare the certificates generation template file template: @@ -35,29 +35,23 @@ dest: "{{ local_certs_path }}/config.yml" mode: 0644 register: tlsconfig_template - when: ansible_os_family != 'Darwin' or ansible_os_family != 'Windows' + when: ansible_os_family == 'Darwin' - name: Local action | Generate the node & admin certificates in local command: >- bash {{ local_certs_path }}/wazuh-certs-tool.sh -A - when: ansible_os_family != 'Darwin' or ansible_os_family != 'Windows' + when: ansible_os_family == 'Darwin' - name: Local action | Check for Docker installation on macOS command: docker --version register: docker_check - when: os_family == 'Darwin' - ignore_errors: yes - - - name: Local action | Check for Docker installation on Windows - win_shell: docker --version - register: docker_check - when: os_family == 'Windows' + when: ansible_os_family != 'Darwin' ignore_errors: yes - name: Local action | Fail if Docker is not installed fail: msg: "Docker is not installed on this host." - when: docker_check.rc != 0 and ansible_os_family == 'Darwin' or ansible_os_family == 'Windows' + when: (docker_check.rc | default(1)) != 0 and ansible_os_family != 'Darwin' - name: Local action | Run Docker container on macOS community.docker.docker_container: @@ -68,24 +62,13 @@ volumes: - "{{ local_certs_path }}/config.yml:/config/certs.yml" - "{{ local_certs_path }}/wazuh-certificates:/certificates/" - when: os_family == 'Darwin' + when: ansible_os_family != 'Darwin' - - name: Local action | Run Docker container on Windows - community.docker.docker_container: - name: wazuh-cert-tool - image: "wazuh/wazuh-cert-tool" - state: started - auto_remove: true - volumes: - - "C:/{{ local_certs_path }}/config.yml:/config/certs.yml" - - "{{ local_certs_path }}/wazuh-certificates:C:/certificates/" - when: os_family == 'Windows' - - - name: Remove Docker image after execution + - name: Local action | Remove Docker image after execution community.docker.docker_image: name: "wazuh/wazuh-cert-tool" state: absent - when: os_family == 'Darwin' or os_family == 'Windows' + when: ansible_os_family != 'Darwin' run_once: true delegate_to: localhost From f15ead77c624a5329efd5730ca7bf3f6f4741172 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Thu, 27 Jun 2024 16:13:59 -0300 Subject: [PATCH 3/6] Fixed macOS validations --- .../wazuh/wazuh-indexer/tasks/local_actions.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml index b3ad0714..ffff6c31 100644 --- a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml @@ -21,13 +21,13 @@ stat: path: "{{ local_certs_path }}/wazuh-certs-tool.sh" register: tool_package - when: ansible_os_family == 'Darwin' + when: ansible_os_family != 'Darwin' - name: Local action | Download certificates generation tool get_url: url: "{{ certs_gen_tool_url }}" dest: "{{ local_certs_path }}/wazuh-certs-tool.sh" - when: not (tool_package.stat.exists | default(1)) and ansible_os_family == 'Darwin' + when: not tool_package.stat.exists and ansible_os_family != 'Darwin' - name: Local action | Prepare the certificates generation template file template: @@ -35,23 +35,23 @@ dest: "{{ local_certs_path }}/config.yml" mode: 0644 register: tlsconfig_template - when: ansible_os_family == 'Darwin' + when: ansible_os_family != 'Darwin' - name: Local action | Generate the node & admin certificates in local command: >- bash {{ local_certs_path }}/wazuh-certs-tool.sh -A - when: ansible_os_family == 'Darwin' + when: ansible_os_family != 'Darwin' - name: Local action | Check for Docker installation on macOS command: docker --version register: docker_check - when: ansible_os_family != 'Darwin' + when: ansible_os_family == 'Darwin' ignore_errors: yes - name: Local action | Fail if Docker is not installed fail: msg: "Docker is not installed on this host." - when: (docker_check.rc | default(1)) != 0 and ansible_os_family != 'Darwin' + when: (docker_check.rc | default(1)) != 0 and ansible_os_family == 'Darwin' - name: Local action | Run Docker container on macOS community.docker.docker_container: @@ -62,13 +62,13 @@ volumes: - "{{ local_certs_path }}/config.yml:/config/certs.yml" - "{{ local_certs_path }}/wazuh-certificates:/certificates/" - when: ansible_os_family != 'Darwin' + when: ansible_os_family == 'Darwin' - name: Local action | Remove Docker image after execution community.docker.docker_image: name: "wazuh/wazuh-cert-tool" state: absent - when: ansible_os_family != 'Darwin' + when: ansible_os_family == 'Darwin' run_once: true delegate_to: localhost From aae4ccb5dde711b99f9c9ced78fcceaeb3acf49d Mon Sep 17 00:00:00 2001 From: c-bordon Date: Thu, 27 Jun 2024 16:33:36 -0300 Subject: [PATCH 4/6] Fixed validation --- roles/wazuh/wazuh-indexer/tasks/local_actions.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml index ffff6c31..5ebe13db 100644 --- a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml @@ -35,7 +35,6 @@ dest: "{{ local_certs_path }}/config.yml" mode: 0644 register: tlsconfig_template - when: ansible_os_family != 'Darwin' - name: Local action | Generate the node & admin certificates in local command: >- @@ -56,18 +55,19 @@ - name: Local action | Run Docker container on macOS community.docker.docker_container: name: wazuh-cert-tool - image: "wazuh/wazuh-cert-tool" + image: "wazuh-certs-tool" state: started auto_remove: true volumes: - "{{ local_certs_path }}/config.yml:/config/certs.yml" - - "{{ local_certs_path }}/wazuh-certificates:/certificates/" + - "{{ local_certs_path }}/wazuh-certificates/:/certificates/" when: ansible_os_family == 'Darwin' - name: Local action | Remove Docker image after execution community.docker.docker_image: - name: "wazuh/wazuh-cert-tool" + name: "wazuh-certs-tool" state: absent + force_absent: yes when: ansible_os_family == 'Darwin' run_once: true From cdc4005ea1454e7d1ad4a14b0cb1491008e1314e Mon Sep 17 00:00:00 2001 From: c-bordon Date: Thu, 27 Jun 2024 17:18:37 -0300 Subject: [PATCH 5/6] Fixed docker image --- roles/wazuh/wazuh-indexer/tasks/local_actions.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml index 5ebe13db..d8b63c79 100644 --- a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml @@ -55,7 +55,7 @@ - name: Local action | Run Docker container on macOS community.docker.docker_container: name: wazuh-cert-tool - image: "wazuh-certs-tool" + image: "wazuh/wazuh-cert-tool" state: started auto_remove: true volumes: @@ -65,7 +65,7 @@ - name: Local action | Remove Docker image after execution community.docker.docker_image: - name: "wazuh-certs-tool" + name: "wazuh/wazuh-cert-tool" state: absent force_absent: yes when: ansible_os_family == 'Darwin' From dbc6e6cd702111f20228bc90c7174b0c94a896e8 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Fri, 28 Jun 2024 12:49:08 -0300 Subject: [PATCH 6/6] Changed macOS validation to a variable --- playbooks/wazuh-production-ready.yml | 1 + playbooks/wazuh-single.yml | 1 + roles/wazuh/wazuh-indexer/defaults/main.yml | 3 +++ .../wazuh/wazuh-indexer/tasks/local_actions.yml | 17 ++++++++--------- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/playbooks/wazuh-production-ready.yml b/playbooks/wazuh-production-ready.yml index a6ea3097..1d0b4cc8 100644 --- a/playbooks/wazuh-production-ready.yml +++ b/playbooks/wazuh-production-ready.yml @@ -43,6 +43,7 @@ name: node-6 ip: "{{ hostvars.dashboard.private_ip }}" role: dashboard + macos_localhost: false tags: - generate-certs diff --git a/playbooks/wazuh-single.yml b/playbooks/wazuh-single.yml index 38499f5c..77017c72 100644 --- a/playbooks/wazuh-single.yml +++ b/playbooks/wazuh-single.yml @@ -13,6 +13,7 @@ name: node-1 # Important: must be equal to indexer_node_name. ip: 127.0.0.1 role: indexer + macos_localhost: false tags: - generate-certs # Single node diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index e1796da9..cbc3f65e 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -48,3 +48,6 @@ generate_certs: true perform_installation: true indexer_nolog_sensible: true + +# Docker image for certificates generation on macOS +wazuh_certs_tool_docker: "wazuh/wazuh-cert-tool:{{ indexer_version }}" diff --git a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml index d8b63c79..b5575a2b 100644 --- a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml @@ -21,13 +21,12 @@ stat: path: "{{ local_certs_path }}/wazuh-certs-tool.sh" register: tool_package - when: ansible_os_family != 'Darwin' - name: Local action | Download certificates generation tool get_url: url: "{{ certs_gen_tool_url }}" dest: "{{ local_certs_path }}/wazuh-certs-tool.sh" - when: not tool_package.stat.exists and ansible_os_family != 'Darwin' + when: not tool_package.stat.exists and not macos_localhost - name: Local action | Prepare the certificates generation template file template: @@ -39,36 +38,36 @@ - name: Local action | Generate the node & admin certificates in local command: >- bash {{ local_certs_path }}/wazuh-certs-tool.sh -A - when: ansible_os_family != 'Darwin' + when: not macos_localhost - name: Local action | Check for Docker installation on macOS command: docker --version register: docker_check - when: ansible_os_family == 'Darwin' + when: macos_localhost ignore_errors: yes - name: Local action | Fail if Docker is not installed fail: msg: "Docker is not installed on this host." - when: (docker_check.rc | default(1)) != 0 and ansible_os_family == 'Darwin' + when: (docker_check.rc | default(1)) != 0 and macos_localhost - name: Local action | Run Docker container on macOS community.docker.docker_container: name: wazuh-cert-tool - image: "wazuh/wazuh-cert-tool" + image: "{{ wazuh_certs_tool_docker }}" state: started auto_remove: true volumes: - "{{ local_certs_path }}/config.yml:/config/certs.yml" - "{{ local_certs_path }}/wazuh-certificates/:/certificates/" - when: ansible_os_family == 'Darwin' + when: macos_localhost - name: Local action | Remove Docker image after execution community.docker.docker_image: - name: "wazuh/wazuh-cert-tool" + name: "{{ wazuh_certs_tool_docker }}" state: absent force_absent: yes - when: ansible_os_family == 'Darwin' + when: macos_localhost run_once: true delegate_to: localhost