diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml index 6d7ef99c..1362b116 100644 --- a/roles/wazuh/vars/repo.yml +++ b/roles/wazuh/vars/repo.yml @@ -16,8 +16,3 @@ certs_gen_tool_version: 4.8 # Url of certificates generator tool certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" - -rollover_alias_tool_version: 4.8 - -# Url of certificates generator tool -rollover_alias_url: "https://packages.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml index 4131b206..eaafa611 100644 --- a/roles/wazuh/vars/repo_pre-release.yml +++ b/roles/wazuh/vars/repo_pre-release.yml @@ -16,8 +16,3 @@ certs_gen_tool_version: 4.8 # Url of certificates generator tool certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" - -rollover_alias_tool_version: 4.8 - -# Url of certificates generator tool -rollover_alias_url: "https://packages-dev.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" \ No newline at end of file diff --git a/roles/wazuh/vars/repo_staging.yml b/roles/wazuh/vars/repo_staging.yml index 00d6d63f..0bba2c4b 100644 --- a/roles/wazuh/vars/repo_staging.yml +++ b/roles/wazuh/vars/repo_staging.yml @@ -15,8 +15,3 @@ certs_gen_tool_version: 4.8 # Url of certificates generator tool certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" - -rollover_alias_tool_version: 4.8 - -# Url of certificates generator tool -rollover_alias_url: "https://packages-dev.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" \ No newline at end of file diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 9b68f219..8c959c50 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -28,6 +28,7 @@ domain_name: wazuh.com indexer_sec_plugin_conf_path: /etc/wazuh-indexer/opensearch-security indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools +indexer_bin_path: /usr/share/wazuh-indexer/bin indexer_conf_path: /etc/wazuh-indexer indexer_index_path: /var/lib/wazuh-indexer/ diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index 51a22a2b..cdf604d9 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -52,7 +52,7 @@ {{ indexer_sec_plugin_tools_path }}/hash.sh -p '{{ indexer_admin_password }}' register: indexer_admin_password_hashed no_log: '{{ indexer_nolog_sensible | bool }}' - + - name: Set the Admin user password replace: path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" @@ -60,7 +60,7 @@ replace: "{{ indexer_password_hash | quote }}" vars: indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}" - + # this can also be achieved with password_hash, but it requires dependencies on the controller - name: Hash the kibanaserver role/user pasword shell: | @@ -68,7 +68,7 @@ {{ indexer_sec_plugin_tools_path }}/hash.sh -p '{{ dashboard_password }}' register: indexer_kibanaserver_password_hashed no_log: '{{ indexer_nolog_sensible | bool }}' - + - name: Set the kibanaserver user password replace: path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" @@ -76,7 +76,7 @@ replace: "{{ indexer_password_hash | quote }}" vars: indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}" - + - name: Initialize the Opensearch security index in Wazuh indexer command: > sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }} @@ -94,18 +94,11 @@ register: result until: result.rc == 0 - - name: Download Rollover alias script - get_url: - url: "{{ rollover_alias_url }}" - dest: "{{ indexer_conf_path }}/indexerRolloverAlias.sh" - mode: 744 - - name: Initialize Rollover alias command: > - {{ indexer_conf_path }}/indexerRolloverAlias.sh - environment: - INDEXER_PASSWORD: "{{ indexer_admin_password }}" - INDEXER_HOSTNAME: "{{ target_address }}" + {{ indexer_bin_path }}/indexer-ism-init.sh + -p {{ indexer_admin_password }} + -i {{ target_address }} become: yes become_user: root