From 74d182e732561f71796e7f9b7701f6181965e142 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 1 Nov 2023 15:22:40 -0300 Subject: [PATCH 1/4] Rollover alias tasks added --- roles/wazuh/vars/repo.yml | 7 ++++++- roles/wazuh/vars/repo_pre-release.yml | 7 ++++++- roles/wazuh/vars/repo_staging.yml | 7 ++++++- roles/wazuh/wazuh-indexer/tasks/security_actions.yml | 10 +++++++++- 4 files changed, 27 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml index 1703c4c2..6d7ef99c 100644 --- a/roles/wazuh/vars/repo.yml +++ b/roles/wazuh/vars/repo.yml @@ -15,4 +15,9 @@ wazuh_macos_arm_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_maco certs_gen_tool_version: 4.8 # Url of certificates generator tool -certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file +certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" + +rollover_alias_tool_version: 4.8 + +# Url of certificates generator tool +rollover_alias_url: "https://packages.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml index 502aa584..4131b206 100644 --- a/roles/wazuh/vars/repo_pre-release.yml +++ b/roles/wazuh/vars/repo_pre-release.yml @@ -15,4 +15,9 @@ wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/pre-release/macos/{ certs_gen_tool_version: 4.8 # Url of certificates generator tool -certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file +certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" + +rollover_alias_tool_version: 4.8 + +# Url of certificates generator tool +rollover_alias_url: "https://packages-dev.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" \ No newline at end of file diff --git a/roles/wazuh/vars/repo_staging.yml b/roles/wazuh/vars/repo_staging.yml index 7bd37414..00d6d63f 100644 --- a/roles/wazuh/vars/repo_staging.yml +++ b/roles/wazuh/vars/repo_staging.yml @@ -14,4 +14,9 @@ wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wa certs_gen_tool_version: 4.8 # Url of certificates generator tool -certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file +certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" + +rollover_alias_tool_version: 4.8 + +# Url of certificates generator tool +rollover_alias_url: "https://packages-dev.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" \ No newline at end of file diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index 26b83fd7..a06df8b4 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -93,8 +93,16 @@ delay: 5 register: result until: result.rc == 0 - run_once: true + - name: Download Rollover alias script + get_url: + url: "{{ rollover_alias_url }}" + dest: "{{ indexer_conf_path }}/indexerRolloverAlias.sh" + + - name: Initialize Rollover alias + command: > + INDEXER_PASSWORD={{ indexer_admin_password }} INDEXER_HOSTNAME={{ target_address }} ./{{ indexer_conf_path }}/indexerRolloverAlias.sh + run_once: true - name: Create custom user uri: From a69937e5335fd25413053428b0ac35816ba0e3bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 1 Nov 2023 16:38:07 -0300 Subject: [PATCH 2/4] Environment variables added --- roles/wazuh/wazuh-indexer/tasks/security_actions.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index a06df8b4..51a22a2b 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -98,10 +98,17 @@ get_url: url: "{{ rollover_alias_url }}" dest: "{{ indexer_conf_path }}/indexerRolloverAlias.sh" + mode: 744 - name: Initialize Rollover alias command: > - INDEXER_PASSWORD={{ indexer_admin_password }} INDEXER_HOSTNAME={{ target_address }} ./{{ indexer_conf_path }}/indexerRolloverAlias.sh + {{ indexer_conf_path }}/indexerRolloverAlias.sh + environment: + INDEXER_PASSWORD: "{{ indexer_admin_password }}" + INDEXER_HOSTNAME: "{{ target_address }}" + become: yes + become_user: root + run_once: true - name: Create custom user From 9835b2f3bcf5b206346f9a8ed02514d59c30b26f Mon Sep 17 00:00:00 2001 From: c-bordon Date: Wed, 8 Nov 2023 13:00:30 -0300 Subject: [PATCH 3/4] Updated this PR with the new changes of indexer-ism-init script --- roles/wazuh/vars/repo.yml | 5 ----- roles/wazuh/vars/repo_pre-release.yml | 5 ----- roles/wazuh/vars/repo_staging.yml | 5 ----- roles/wazuh/wazuh-indexer/defaults/main.yml | 1 + .../wazuh-indexer/tasks/security_actions.yml | 21 +++++++------------ 5 files changed, 8 insertions(+), 29 deletions(-) diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml index 6d7ef99c..1362b116 100644 --- a/roles/wazuh/vars/repo.yml +++ b/roles/wazuh/vars/repo.yml @@ -16,8 +16,3 @@ certs_gen_tool_version: 4.8 # Url of certificates generator tool certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" - -rollover_alias_tool_version: 4.8 - -# Url of certificates generator tool -rollover_alias_url: "https://packages.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml index 4131b206..eaafa611 100644 --- a/roles/wazuh/vars/repo_pre-release.yml +++ b/roles/wazuh/vars/repo_pre-release.yml @@ -16,8 +16,3 @@ certs_gen_tool_version: 4.8 # Url of certificates generator tool certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" - -rollover_alias_tool_version: 4.8 - -# Url of certificates generator tool -rollover_alias_url: "https://packages-dev.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" \ No newline at end of file diff --git a/roles/wazuh/vars/repo_staging.yml b/roles/wazuh/vars/repo_staging.yml index 00d6d63f..0bba2c4b 100644 --- a/roles/wazuh/vars/repo_staging.yml +++ b/roles/wazuh/vars/repo_staging.yml @@ -15,8 +15,3 @@ certs_gen_tool_version: 4.8 # Url of certificates generator tool certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" - -rollover_alias_tool_version: 4.8 - -# Url of certificates generator tool -rollover_alias_url: "https://packages-dev.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" \ No newline at end of file diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 9b68f219..8c959c50 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -28,6 +28,7 @@ domain_name: wazuh.com indexer_sec_plugin_conf_path: /etc/wazuh-indexer/opensearch-security indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools +indexer_bin_path: /usr/share/wazuh-indexer/bin indexer_conf_path: /etc/wazuh-indexer indexer_index_path: /var/lib/wazuh-indexer/ diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index 51a22a2b..cdf604d9 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -52,7 +52,7 @@ {{ indexer_sec_plugin_tools_path }}/hash.sh -p '{{ indexer_admin_password }}' register: indexer_admin_password_hashed no_log: '{{ indexer_nolog_sensible | bool }}' - + - name: Set the Admin user password replace: path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" @@ -60,7 +60,7 @@ replace: "{{ indexer_password_hash | quote }}" vars: indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}" - + # this can also be achieved with password_hash, but it requires dependencies on the controller - name: Hash the kibanaserver role/user pasword shell: | @@ -68,7 +68,7 @@ {{ indexer_sec_plugin_tools_path }}/hash.sh -p '{{ dashboard_password }}' register: indexer_kibanaserver_password_hashed no_log: '{{ indexer_nolog_sensible | bool }}' - + - name: Set the kibanaserver user password replace: path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" @@ -76,7 +76,7 @@ replace: "{{ indexer_password_hash | quote }}" vars: indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}" - + - name: Initialize the Opensearch security index in Wazuh indexer command: > sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }} @@ -94,18 +94,11 @@ register: result until: result.rc == 0 - - name: Download Rollover alias script - get_url: - url: "{{ rollover_alias_url }}" - dest: "{{ indexer_conf_path }}/indexerRolloverAlias.sh" - mode: 744 - - name: Initialize Rollover alias command: > - {{ indexer_conf_path }}/indexerRolloverAlias.sh - environment: - INDEXER_PASSWORD: "{{ indexer_admin_password }}" - INDEXER_HOSTNAME: "{{ target_address }}" + {{ indexer_bin_path }}/indexer-ism-init.sh + -p {{ indexer_admin_password }} + -i {{ target_address }} become: yes become_user: root From 0b0ad880cf9467ca2b1e70e7b30e0fee19b31f42 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Wed, 8 Nov 2023 13:02:05 -0300 Subject: [PATCH 4/4] Update task name --- roles/wazuh/wazuh-indexer/tasks/security_actions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index cdf604d9..797e2dbd 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -94,7 +94,7 @@ register: result until: result.rc == 0 - - name: Initialize Rollover alias + - name: Initialize ISM script command: > {{ indexer_bin_path }}/indexer-ism-init.sh -p {{ indexer_admin_password }}