Merge pull request #1110 from wazuh/1109-enhacement-rolloveralias

Rollover alias script execution added
2023-11-14 08:16:23 -03:00 · 2023-11-14 08:16:23 -03:00 · 971ea76ede
commit 971ea76ede
parent a6c7bf40e5 0b0ad880cf
5 changed files with 17 additions and 8 deletions
--- a/roles/wazuh/vars/repo.yml
+++ b/roles/wazuh/vars/repo.yml
@ -15,4 +15,4 @@ wazuh_macos_arm_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_maco
 certs_gen_tool_version: 4.8

 # Url of certificates generator tool
-certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
+certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
--- a/roles/wazuh/vars/repo_pre-release.yml
+++ b/roles/wazuh/vars/repo_pre-release.yml
@ -15,4 +15,4 @@ wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/pre-release/macos/{
 certs_gen_tool_version: 4.8

 # Url of certificates generator tool
-certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
+certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
--- a/roles/wazuh/vars/repo_staging.yml
+++ b/roles/wazuh/vars/repo_staging.yml
@ -14,4 +14,4 @@ wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wa
 certs_gen_tool_version: 4.8

 # Url of certificates generator tool
-certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
+certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
--- a/roles/wazuh/wazuh-indexer/defaults/main.yml
+++ b/roles/wazuh/wazuh-indexer/defaults/main.yml
@ -28,6 +28,7 @@ domain_name: wazuh.com

 indexer_sec_plugin_conf_path: /etc/wazuh-indexer/opensearch-security
 indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools
+indexer_bin_path: /usr/share/wazuh-indexer/bin
 indexer_conf_path: /etc/wazuh-indexer
 indexer_index_path: /var/lib/wazuh-indexer/

--- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml
+++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml
@ -52,7 +52,7 @@
      {{ indexer_sec_plugin_tools_path }}/hash.sh -p '{{ indexer_admin_password }}'
    register: indexer_admin_password_hashed
    no_log: '{{ indexer_nolog_sensible | bool }}'
-  
+
  - name: Set the Admin user password
    replace:
      path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml"
@ -60,7 +60,7 @@
      replace: "{{ indexer_password_hash | quote }}"
    vars:
      indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}"
-  
+
  # this can also be achieved with password_hash, but it requires dependencies on the controller
  - name: Hash the kibanaserver role/user pasword
    shell: |
@ -68,7 +68,7 @@
      {{ indexer_sec_plugin_tools_path }}/hash.sh -p '{{ dashboard_password }}'
    register: indexer_kibanaserver_password_hashed
    no_log: '{{ indexer_nolog_sensible | bool }}'
-  
+
  - name: Set the kibanaserver user password
    replace:
      path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml"
@ -76,7 +76,7 @@
      replace: "{{ indexer_password_hash | quote }}"
    vars:
      indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}"
-  
+
  - name: Initialize the Opensearch security index in Wazuh indexer
    command: >
      sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }}
@ -93,8 +93,16 @@
    delay: 5
    register: result
    until: result.rc == 0
-  run_once: true

+  - name: Initialize ISM script
+    command: >
+      {{ indexer_bin_path }}/indexer-ism-init.sh
+      -p {{ indexer_admin_password }}
+      -i {{ target_address }}
+    become: yes
+    become_user: root
+
+  run_once: true

 - name: Create custom user
  uri: