afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial indexer changes

Browse Source
This commit is contained in:
Gonzalo Acuña 2022-02-01 17:39:57 -03:00
parent 14a295389e
commit 9bd3e0f4e7
No known key found for this signature in database
GPG Key ID: 646BA79A313A2270
34 changed files with 551 additions and 341 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
roles/opendistro/opendistro-elasticsearch/defaults/main.yml
View File

@ -1,69 +0,0 @@
---
# Cluster Settings
opendistro_version: 1.13.2
single_node: false
elasticsearch_node_name: node-1
opendistro_cluster_name: wazuh
elasticsearch_network_host: '0.0.0.0'
elasticsearch_node_master: true
elasticsearch_node_data: true
elasticsearch_node_ingest: true
elasticsearch_start_timeout: 90
elasticsearch_lower_disk_requirements: false
elasticsearch_cluster_nodes:
- 127.0.0.1
elasticsearch_discovery_nodes:
- 127.0.0.1
local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
# Minimum master nodes in cluster, 2 for 3 nodes elasticsearch cluster
minimum_master_nodes: 2
# Configure hostnames for Elasticsearch nodes
# Example es1.example.com, es2.example.com
domain_name: wazuh.com
# The OpenDistro package repository
package_repos:
yum:
opendistro:
baseurl: 'https://packages.wazuh.com/4.x/yum/'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
apt:
opendistro:
baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
openjdk:
baseurl: 'deb http://deb.debian.org/debian stretch-backports main'
opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig
opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools
opendistro_conf_path: /etc/elasticsearch/
# Security password
opendistro_custom_user: ""
opendistro_custom_user_role: "admin"
# Set JVM memory limits
opendistro_jvm_xms: null
opendistro_http_port: 9200
certs_gen_tool_version: 1.8
# Url of Search Guard certificates generator tool
certs_gen_tool_url: "https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-tlstool/{{ certs_gen_tool_version }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
opendistro_admin_password: changeme
opendistro_kibana_password: changeme
# Deployment settings
generate_certs: true
perform_installation: true
opendistro_nolog_sensible: true

5
roles/opendistro/opendistro-elasticsearch/handlers/main.yml
View File

@ -1,5 +0,0 @@
---
- name: restart elasticsearch
service:
name: elasticsearch
state: restarted

50
roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml
View File

@ -1,50 +0,0 @@
---
- block:
- name: RedHat/CentOS/Fedora | Add OpenDistro repo
yum_repository:
file: opendistro
name: opendistro_repo
description: Opendistro yum repository
baseurl: "{{ package_repos.yum.opendistro.baseurl }}"
gpgkey: "{{ package_repos.yum.opendistro.gpg }}"
gpgcheck: true
changed_when: false
- name: RedHat/CentOS/Fedora | Install OpenJDK 11
yum:
name: java-11-openjdk-devel
state: present
when:
- ansible_distribution != 'Amazon'
- name: Amazon Linux | Install OpenJDK 11
block:
- name: Install Amazon extras
yum:
name: amazon-linux-extras
state: present
- name: Install OpenJDK 11
shell: amazon-linux-extras install java-openjdk11 -y
when:
- ansible_distribution == 'Amazon'
- name: RedHat/CentOS/Fedora | Install OpenDistro dependencies
yum:
name: "{{ packages }}"
vars:
packages:
- wget
- unzip
- name: Install OpenDistro
package:
name: opendistroforelasticsearch-{{ opendistro_version }}
state: present
register: install
tags: install
tags:
- install

87
roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml
View File

@ -1,87 +0,0 @@
---
- name: Check if certificates already exists
stat:
path: "{{ local_certs_path }}"
register: certificates_folder
delegate_to: localhost
become: no
tags:
- generate-certs
- block:
- name: Local action | Create local temporary directory for certificates generation
file:
path: "{{ local_certs_path }}"
mode: 0755
state: directory
- name: Local action | Check that the generation tool exists
stat:
path: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
register: tool_package
- name: Local action | Download certificates generation tool
get_url:
url: "{{ certs_gen_tool_url }}"
dest: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
when: not tool_package.stat.exists
- name: Local action | Extract the certificates generation tool
unarchive:
src: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
dest: "{{ local_certs_path }}/"
- name: Local action | Add the execution bit to the binary
file:
dest: "{{ local_certs_path }}/tools/sgtlstool.sh"
mode: a+x
- name: Local action | Prepare the certificates generation template file
template:
src: "templates/tlsconfig.yml.j2"
dest: "{{ local_certs_path }}/config/tlsconfig.yml"
mode: 0644
register: tlsconfig_template
- name: Create a directory if it does not exist
file:
path: "{{ local_certs_path }}/certs/"
state: directory
mode: '0755'
- name: Local action | Check if root CA file exists
stat:
path: "{{ local_certs_path }}/certs/root-ca.key"
register: root_ca_file
- name: Local action | Generate the node & admin certificates in local
command: >-
{{ local_certs_path }}/tools/sgtlstool.sh
-c {{ local_certs_path }}/config/tlsconfig.yml
-ca -crt
-t {{ local_certs_path }}/certs/
-f -o
when:
- not root_ca_file.stat.exists
- tlsconfig_template.changed
- name: Local action | Generate the node & admin certificates using an existing root CA
command: >-
{{ local_certs_path }}/tools/sgtlstool.sh
-c {{ local_certs_path }}/config/tlsconfig.yml
-crt
-t {{ local_certs_path }}/certs/
-f
when:
- root_ca_file.stat.exists
- tlsconfig_template.changed
run_once: true
delegate_to: localhost
become: no
tags:
- generate-certs
when:
- not certificates_folder.stat.exists

3
roles/opendistro/opendistro-kibana/handlers/main.yml
View File

@ -1,3 +0,0 @@
---
- name: restart kibana
service: name=kibana state=restarted

3
roles/opendistro/opendistro-kibana/vars/debian.yml
View File

@ -1,3 +0,0 @@
---
kibana_opendistro_version: 1.13.2

9
roles/opendistro/opendistro-kibana/defaults/main.yml → roles/opensearch/wazuh-dashboard/defaults/main.yml
View File

@ -4,17 +4,21 @@
elasticsearch_http_port: 9200 elasticsearch_http_port: 9200
elastic_api_protocol: https elastic_api_protocol: https
kibana_conf_path: /etc/kibana kibana_conf_path: /etc/kibana
## 732 check the path
kibana_node_name: node-1 kibana_node_name: node-1
kibana_server_host: "0.0.0.0" kibana_server_host: "0.0.0.0"
kibana_server_port: "5601" kibana_server_port: "5601"
kibana_server_name: "kibana" kibana_server_name: "kibana"
kibana_max_payload_bytes: 1048576 kibana_max_payload_bytes: 1048576
elastic_stack_version: 7.10.2 elastic_stack_version: 4.3.0
## 732 check if it is the right version
wazuh_version: 4.3.0 wazuh_version: 4.3.0
wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
## 732 check if it is needed.
# The OpenDistro package repository # The OpenDistro package repository
kibana_opendistro_version: 1.13.2-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts kibana_opendistro_version: 4.3.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
## 732 check if it is the right version
package_repos: package_repos:
yum: yum:
@ -55,6 +59,7 @@ nodejs:
# Build from sources # Build from sources
build_from_sources: false build_from_sources: false
wazuh_plugin_branch: 4.1-7.10 wazuh_plugin_branch: 4.1-7.10
## 732 check if it is the right version and if it is needed
#Nodejs NODE_OPTIONS #Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

4
roles/opensearch/wazuh-dashboard/handlers/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
- name: restart wazuh-dashboard
service: name=wazuh-dashboard state=restarted
## 732 service name should be updated

7
roles/opendistro/opendistro-kibana/tasks/Debian.yml → roles/opensearch/wazuh-dashboard/tasks/Debian.yml
View File

@ -3,19 +3,22 @@
- include_vars: debian.yml - include_vars: debian.yml
- name: Add apt repository signing key - name: Add apt repository signing key
## 732 will not be needed. The wazuh repo should be added
apt_key: apt_key:
url: "{{ package_repos.apt.opendistro.gpg }}" url: "{{ package_repos.apt.opendistro.gpg }}"
state: present state: present
- name: Debian systems | Add OpenDistro repo - name: Debian systems | Add OpenDistro repo
## 732 will not be needed. The wazuh repo should be added
apt_repository: apt_repository:
repo: "{{ package_repos.apt.opendistro.baseurl }}" repo: "{{ package_repos.apt.opendistro.baseurl }}"
state: present state: present
update_cache: yes update_cache: yes
- name: Install Kibana - name: Install Wazuh-Dashboard
## 732 package name and task name should be updated.
apt: apt:
name: "opendistroforelasticsearch-kibana={{ kibana_opendistro_version }}" name: "wazuh-dashboard={{ kibana_opendistro_version }}"
state: present state: present
register: install register: install

0
roles/opendistro/opendistro-kibana/tasks/RMRedHat.yml → roles/opensearch/wazuh-dashboard/tasks/RMRedHat.yml
View File

4
roles/opendistro/opendistro-kibana/tasks/RedHat.yml → roles/opensearch/wazuh-dashboard/tasks/RedHat.yml
View File

@ -10,9 +10,9 @@
gpgkey: "{{ package_repos.yum.opendistro.gpg }}" gpgkey: "{{ package_repos.yum.opendistro.gpg }}"
gpgcheck: true gpgcheck: true
- name: Install Kibana - name: Install Wazuh-Dashboard
package: package:
name: "opendistroforelasticsearch-kibana-{{ kibana_opendistro_version }}" name: "wazuh-dashboard-{{ kibana_opendistro_version }}"
state: present state: present
register: install register: install

3
roles/opendistro/opendistro-kibana/tasks/build_wazuh_plugin.yml → roles/opensearch/wazuh-dashboard/tasks/build_wazuh_plugin.yml
View File

@ -1,4 +1,5 @@
--- ---
## 732 will not be needed
- name: Ensure the Git package is present - name: Ensure the Git package is present
package: package:
name: git name: git
@ -33,12 +34,14 @@
changed_when: install_yarn_result == 0 changed_when: install_yarn_result == 0
- name: Remove old wazuh-kibana-app git directory - name: Remove old wazuh-kibana-app git directory
## 732 check if it is needed
file: file:
path: /tmp/app path: /tmp/app
state: absent state: absent
changed_when: false changed_when: false
- name: Clone wazuh-kibana-app repository # Using command as git module doesn't cover single-branch nor depth - name: Clone wazuh-kibana-app repository # Using command as git module doesn't cover single-branch nor depth
## 732 will not be needed
command: git clone https://github.com/wazuh/wazuh-kibana-app -b {{ wazuh_plugin_branch }} --single-branch --depth=1 app # noqa 303 command: git clone https://github.com/wazuh/wazuh-kibana-app -b {{ wazuh_plugin_branch }} --single-branch --depth=1 app # noqa 303
register: clone_app_repo_result register: clone_app_repo_result
changed_when: false changed_when: false

62
roles/opendistro/opendistro-kibana/tasks/main.yml → roles/opensearch/wazuh-dashboard/tasks/main.yml
View File

@ -32,7 +32,7 @@
owner: kibana owner: kibana
mode: 0640 mode: 0640
marker: "## {mark} Kibana general settings ##" marker: "## {mark} Kibana general settings ##"
notify: restart kibana notify: restart wazuh-dashboard
tags: tags:
- install - install
- configure - configure
@ -46,38 +46,38 @@
group: kibana group: kibana
recurse: yes recurse: yes
- name: Build and Install Wazuh Kibana Plugin from sources #- name: Build and Install Wazuh Kibana Plugin from sources
import_tasks: build_wazuh_plugin.yml # import_tasks: build_wazuh_plugin.yml
when: # when:
- build_from_sources is defined # - build_from_sources is defined
- build_from_sources # - build_from_sources
- name: Install Wazuh Plugin (can take a while) #- name: Install Wazuh Plugin (can take a while)
shell: >- # shell: >-
NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install # NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install
{{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip # {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip
args: # args:
executable: /bin/bash # executable: /bin/bash
creates: /usr/share/kibana/plugins/wazuh/package.json # creates: /usr/share/kibana/plugins/wazuh/package.json
chdir: /usr/share/kibana # chdir: /usr/share/kibana
become: yes # become: yes
become_user: kibana # become_user: kibana
notify: restart kibana # notify: restart kibana
tags: # tags:
- install # - install
- skip_ansible_lint # - skip_ansible_lint
when: # when:
- not build_from_sources # - not build_from_sources
- name: Kibana optimization (can take a while) #- name: Kibana optimization (can take a while)
shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml # shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml
args: # args:
executable: /bin/bash # executable: /bin/bash
become: yes # become: yes
become_user: kibana # become_user: kibana
changed_when: false # changed_when: false
tags: # tags:
- skip_ansible_lint # - skip_ansible_lint
- name: Wait for Elasticsearch port - name: Wait for Elasticsearch port
wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }}

0
roles/opendistro/opendistro-kibana/tasks/security_actions.yml → roles/opensearch/wazuh-dashboard/tasks/security_actions.yml
View File

0
roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 → roles/opensearch/wazuh-dashboard/templates/opendistro_kibana.yml.j2
View File

0
roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 → roles/opensearch/wazuh-dashboard/templates/wazuh.yml.j2
View File

3
roles/opensearch/wazuh-dashboard/vars/debian.yml Normal file
View File

@ -0,0 +1,3 @@
---
kibana_opendistro_version: 4.3.0

77
roles/opensearch/wazuh-indexer/defaults/main.yml Normal file
View File

@ -0,0 +1,77 @@
---
# Cluster Settings
opendistro_version: 4.3.0
single_node: false
elasticsearch_node_name: node-1
opendistro_cluster_name: wazuh
elasticsearch_network_host: '0.0.0.0'
elasticsearch_node_master: true
elasticsearch_node_data: true
elasticsearch_node_ingest: true
elasticsearch_start_timeout: 90
elasticsearch_lower_disk_requirements: false
elasticsearch_cluster_nodes:
- 127.0.0.1
elasticsearch_discovery_nodes:
- 127.0.0.1
local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
##check if it is the correct directory
# Minimum master nodes in cluster, 2 for 3 nodes elasticsearch cluster
minimum_master_nodes: 2
# Configure hostnames for Elasticsearch nodes
# Example es1.example.com, es2.example.com
domain_name: wazuh.com
# The OpenDistro package repository
package_repos:
yum:
opendistro:
#baseurl: 'https://packages.wazuh.com/4.x/yum/'
baseurl: 'https://packages-dev.wazuh.com/pre-release/yum/'
#gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
apt:
opendistro:
#baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
baseurl: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main'
#gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
openjdk:
baseurl: 'deb http://deb.debian.org/debian stretch-backports main'
opendistro_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig
opendistro_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools
opendistro_conf_path: /etc/wazuh-indexer/
opendistro_index_path: /var/lib/wazuh-indexer/
# Security password
opendistro_custom_user: ""
opendistro_custom_user_role: "admin"
# Set JVM memory limits
opendistro_jvm_xms: null
opendistro_http_port: 9700
## 732 this port changes to 9700
certs_gen_tool_version: 4.3
## 732 will no longer be needed. /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-cert-tool.sh comes with the package.
# Url of Search Guard certificates generator tool
certs_gen_tool_url: "https://packages-dev.wazuh.com/resources/{{ certs_gen_tool_version }}/install_functions/opendistro/wazuh-cert-tool.sh"
## 732 will no longer be needed. /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-cert-tool.sh comes with the package.
opendistro_admin_password: changeme
opendistro_kibana_password: changeme
# Deployment settings
generate_certs: true
perform_installation: true
opendistro_nolog_sensible: true

6
roles/opensearch/wazuh-indexer/handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: restart wazuh-indexer
service:
name: wazuh-indexer
state: restarted
## 732 the name of the service changes to wazuh-indexer

0
roles/opendistro/opendistro-elasticsearch/meta/main.yml → roles/opensearch/wazuh-indexer/meta/main.yml
View File

36
roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml → roles/opensearch/wazuh-indexer/tasks/Debian.yml
View File

@ -9,7 +9,8 @@
when: (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "9") when: (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "9")
block: block:
- name: Install OpenDistro dependencies - name: Install Wazuh-Indexer dependencies
## 732 change task name
apt: apt:
name: [ name: [
'unzip', 'wget', 'curl', 'apt-transport-https', software-properties-common 'unzip', 'wget', 'curl', 'apt-transport-https', software-properties-common
@ -21,22 +22,24 @@
keyserver: keyserver.ubuntu.com keyserver: keyserver.ubuntu.com
id: 648ACFD622F3D138 id: 648ACFD622F3D138
- name: Add openjdk repository # - name: Add openjdk repository
apt_repository: # apt_repository:
repo: "{{ package_repos.apt.openjdk.baseurl }}" # repo: "{{ package_repos.apt.openjdk.baseurl }}"
state: present # state: present
update_cache: yes # update_cache: yes
filename: 'wazuh-openjdk' # filename: 'wazuh-openjdk'
- name: Install openjdk-11-jdk #- name: Install openjdk-11-jdk
apt: ### 732 will not be needed as indexer comes with the jdk.
name: openjdk-11-jdk # apt:
state: present # name: openjdk-11-jdk
environment: # state: present
JAVA_HOME: /usr # environment:
# JAVA_HOME: /usr
- name: Add Opendistro repository - name: Add Wazuh-Indexer repository
block: block:
## 732 the wazuh repo should be added instead
- name: Add apt repository signing key - name: Add apt repository signing key
apt_key: apt_key:
url: "{{ package_repos.apt.opendistro.gpg }}" url: "{{ package_repos.apt.opendistro.gpg }}"
@ -49,9 +52,10 @@
filename: 'wazuh-opendistro' filename: 'wazuh-opendistro'
update_cache: yes update_cache: yes
- name: Install OpenDistro - name: Install Wazuh-Indexer
## the indexer package should be installed instead
apt: apt:
name: opendistroforelasticsearch={{ opendistro_version }}-1 name: wazuh-indexer={{ opendistro_version }}-1
state: present state: present
register: install register: install
tags: install tags: install

1
roles/opendistro/opendistro-elasticsearch/tasks/RMRedHat.yml → roles/opensearch/wazuh-indexer/tasks/RMRedHat.yml
View File

@ -1,5 +1,6 @@
--- ---
- name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata) - name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata)
## 732 will not be needed and if it is needed the wazuh repo should be removed.
yum_repository: yum_repository:
name: opendistro_repo name: opendistro_repo
state: absent state: absent

54
roles/opensearch/wazuh-indexer/tasks/RedHat.yml Normal file
View File

@ -0,0 +1,54 @@
---
- block:
- name: RedHat/CentOS/Fedora | Add Wazuh-Indexer repo
## 732 wazuh repo should be added instead.
yum_repository:
file: opendistro
name: opendistro_repo
description: Opendistro yum repository
baseurl: "{{ package_repos.yum.opendistro.baseurl }}"
gpgkey: "{{ package_repos.yum.opendistro.gpg }}"
gpgcheck: true
changed_when: false
# - name: RedHat/CentOS/Fedora | Install OpenJDK 11
# ## 732 will not be needed
# yum:
# name: java-11-openjdk-devel
# state: present
# when:
# - ansible_distribution != 'Amazon'
# - name: Amazon Linux | Install OpenJDK 11
# ## 732 will not be needed
# block:
# - name: Install Amazon extras
# yum:
# name: amazon-linux-extras
# state: present
# - name: Install OpenJDK 11
# shell: amazon-linux-extras install java-openjdk11 -y
# when:
# - ansible_distribution == 'Amazon'
- name: RedHat/CentOS/Fedora | Install OpenDistro dependencies
yum:
name: "{{ packages }}"
vars:
packages:
- wget
- unzip
- name: Install Wazuh-Indexer
## 732 the package name should be updated
package:
name: wazuh-indexer-{{ opendistro_version }}
state: present
register: install
tags: install
tags:
- install

76
roles/opensearch/wazuh-indexer/tasks/local_actions.yml Normal file
View File

@ -0,0 +1,76 @@
---
- name: Check if certificates already exists
stat:
path: "{{ local_certs_path }}"
register: certificates_folder
delegate_to: localhost
become: no
tags:
- generate-certs
- block:
- name: Local action | Create local temporary directory for certificates generation
file:
path: "{{ local_certs_path }}"
mode: 0755
state: directory
- name: Local action | Check that the generation tool exists
## 732 will not be needed
stat:
path: "{{ local_certs_path }}/wazuh-cert-tool.sh"
register: tool_package
- name: Local action | Download certificates generation tool
## 732 will not be needed
get_url:
url: "{{ certs_gen_tool_url }}"
dest: "{{ local_certs_path }}/wazuh-cert-tool.sh"
#search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
when: not tool_package.stat.exists
# - name: Local action | Extract the certificates generation tool
# ## 732 will not be needed
# unarchive:
# src: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
# dest: "{{ local_certs_path }}/"
# - name: Local action | Add the execution bit to the binary
# ## 732 will not be needed
# file:
# dest: "{{ local_certs_path }}/tools/sgtlstool.sh"
# mode: a+x
- name: Local action | Prepare the certificates generation template file
## 732 need to resolve the certificate creation (config.yml)
template:
src: "templates/config.yml.j2"
dest: "{{ local_certs_path }}/config.yml"
mode: 0644
register: tlsconfig_template
# - name: Create a directory if it does not exist
# file:
# path: "{{ local_certs_path }}/certs/"
# state: directory
# mode: '0755'
# - name: Local action | Check if root CA file exists
# stat:
# path: "{{ local_certs_path }}/certs/root-ca.key"
# register: root_ca_file
- name: Local action | Generate the node & admin certificates in local
command: >-
bash {{ local_certs_path }}/wazuh-cert-tool.sh
become: yes
run_once: true
delegate_to: localhost
become: no
tags:
- generate-certs
when:
- not certificates_folder.stat.exists

76
roles/opendistro/opendistro-elasticsearch/tasks/main.yml → roles/opensearch/wazuh-indexer/tasks/main.yml
View File

@ -11,32 +11,35 @@
- import_tasks: Debian.yml - import_tasks: Debian.yml
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian'
- name: Remove performance analyzer plugin from elasticsearch # - name: Remove performance analyzer plugin from elasticsearch
become: true # ## 732 will not be needed
command: ./elasticsearch-plugin remove opendistro-performance-analyzer # become: true
ignore_errors: true # command: ./elasticsearch-plugin remove opendistro-performance-analyzer
args: # ignore_errors: true
chdir: /usr/share/elasticsearch/bin/ # args:
register: remove_elasticsearch_performance_analyzer # chdir: /usr/share/elasticsearch/bin/
failed_when: # register: remove_elasticsearch_performance_analyzer
- remove_elasticsearch_performance_analyzer.rc != 0 # failed_when:
- '"not found" not in remove_elasticsearch_performance_analyzer.stderr' # - remove_elasticsearch_performance_analyzer.rc != 0
changed_when: "remove_elasticsearch_performance_analyzer.rc == 0" # - '"not found" not in remove_elasticsearch_performance_analyzer.stderr'
# changed_when: "remove_elasticsearch_performance_analyzer.rc == 0"
- name: Remove elasticsearch configuration file - name: Remove elasticsearch configuration file
## 732 will not be needed
file: file:
path: "{{ opendistro_conf_path }}/elasticsearch.yml" path: "{{ opendistro_conf_path }}/opensearch.yml"
state: absent state: absent
tags: install tags: install
- name: Copy Configuration File - name: Copy Configuration File
blockinfile: ## 732 will not be needed
block: "{{ lookup('template', 'elasticsearch.yml.j2') }}" template:
dest: "{{ opendistro_conf_path }}/elasticsearch.yml" src: "templates/opensearch.yml.j2"
create: true dest: "{{ opendistro_conf_path }}/opensearch.yml"
group: elasticsearch owner: root
group: wazuh-indexer
mode: 0640 mode: 0640
marker: "## {mark} Opendistro general settings ##" force: yes
tags: install tags: install
- include_tasks: security_actions.yml - include_tasks: security_actions.yml
@ -45,44 +48,59 @@
- name: Configure OpenDistro Elasticsearch JVM memmory. - name: Configure OpenDistro Elasticsearch JVM memmory.
## 732 will not be needed and if it is needed the path should be updated.
template: template:
src: "templates/jvm.options.j2" src: "templates/jvm.options.j2"
dest: /etc/elasticsearch/jvm.options dest: "{{ opendistro_conf_path }}/jvm.options"
owner: root owner: root
group: elasticsearch group: wazuh-indexer
mode: 0644 mode: 0644
force: yes force: yes
notify: restart elasticsearch notify: restart wazuh-indexer
tags: install tags: install
- name: Configure disabled log4j. - name: Configure disabled log4j.
## 732 will not be needed
template: template:
src: "templates/disabledlog4j.options.j2" src: "templates/disabledlog4j.options.j2"
dest: /etc/elasticsearch/jvm.options.d/disabledlog4j.options dest: "{{ opendistro_conf_path }}/jvm.options.d/disabledlog4j.options"
owner: root owner: root
group: elasticsearch group: wazuh-indexer
mode: 2750 mode: 2750
force: yes force: yes
notify: restart elasticsearch notify: restart wazuh-indexer
tags: install tags: install
- name: Ensure extra time for Elasticsearch to start on reboots - name: Ensure extra time for Elasticsearch to start on reboots
lineinfile: lineinfile:
path: /usr/lib/systemd/system/elasticsearch.service path: /usr/lib/systemd/system/wazuh-indexer.service
regexp: '^TimeoutStartSec=' regexp: '^TimeoutStartSec='
line: "TimeoutStartSec={{ elasticsearch_start_timeout }}" line: "TimeoutStartSec={{ elasticsearch_start_timeout }}"
become: yes become: yes
tags: configure tags: configure
- name: Index files to remove
find:
paths: "{{ opendistro_index_path }}"
patterns: "*"
register: files_to_delete
- name: Remove Index Files
file:
path: "{{ item.path }}"
state: absent
with_items: "{{ files_to_delete.files }}"
- name: Ensure Elasticsearch started and enabled - name: Ensure Elasticsearch started and enabled
## 732 the service name should be updated
service: service:
name: elasticsearch name: wazuh-indexer
enabled: true enabled: true
state: started state: started
- name: Wait for Elasticsearch API - name: Wait for Elasticsearch API
uri: uri:
url: "https://{{ inventory_hostname if not single_node else elasticsearch_network_host }}:{{ opendistro_http_port }}/_cluster/health/" url: "https://{{ inventory_hostname if not single_node else elasticsearch_network_host }}:{{ opendistro_http_port }}/_cat/health/"
user: "admin" # Default OpenDistro user is always "admin" user: "admin" # Default OpenDistro user is always "admin"
password: "{{ opendistro_admin_password }}" password: "{{ opendistro_admin_password }}"
validate_certs: no validate_certs: no
@ -101,7 +119,7 @@
- name: Wait for Elasticsearch API (Private IP) - name: Wait for Elasticsearch API (Private IP)
uri: uri:
url: "https://{{ hostvars[inventory_hostname]['private_ip'] if not single_node else elasticsearch_network_host }}:{{ opendistro_http_port }}/_cluster/health/" url: "https://{{ hostvars[inventory_hostname]['private_ip'] if not single_node else elasticsearch_network_host }}:{{ opendistro_http_port }}/_cat/health/"
user: "admin" # Default OpenDistro user is always "admin" user: "admin" # Default OpenDistro user is always "admin"
password: "{{ opendistro_admin_password }}" password: "{{ opendistro_admin_password }}"
validate_certs: no validate_certs: no
@ -125,5 +143,5 @@
systemd: systemd:
daemon_reload: true daemon_reload: true
become: yes become: yes
notify: restart elasticsearch notify: restart wazuh-indexer
when: perform_installation when: perform_installation

77
roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml → roles/opensearch/wazuh-indexer/tasks/security_actions.yml
View File

@ -1,12 +1,13 @@
- name: Remove demo certs #- name: Remove demo certs
file: # ## 732 will not be needed
path: "{{ item }}" # file:
state: absent # path: "{{ item }}"
with_items: # state: absent
- "{{ opendistro_conf_path }}/kirk.pem" # with_items:
- "{{ opendistro_conf_path }}/kirk-key.pem" # - "{{ opendistro_conf_path }}/kirk.pem"
- "{{ opendistro_conf_path }}/esnode.pem" # - "{{ opendistro_conf_path }}/kirk-key.pem"
- "{{ opendistro_conf_path }}/esnode-key.pem" # - "{{ opendistro_conf_path }}/esnode.pem"
# - "{{ opendistro_conf_path }}/esnode-key.pem"
- name: Configure IP (Private address) - name: Configure IP (Private address)
set_fact: set_fact:
@ -24,38 +25,39 @@
- name: Copy the node & admin certificates to Elasticsearch cluster - name: Copy the node & admin certificates to Elasticsearch cluster
copy: copy:
src: "{{ local_certs_path }}/certs/{{ item }}" src: "{{ local_certs_path }}/certs/{{ item }}"
dest: /etc/elasticsearch/ dest: "{{ opendistro_conf_path }}/certs/"
mode: 0644 mode: 0644
become: yes
with_items: with_items:
- root-ca.pem - root-ca.pem
- root-ca.key - root-ca.key
- "{{ elasticsearch_node_name }}.key" - "{{ elasticsearch_node_name }}-key.pem"
- "{{ elasticsearch_node_name }}.pem" - "{{ elasticsearch_node_name }}.pem"
- "{{ elasticsearch_node_name }}_http.key" #- "{{ elasticsearch_node_name }}_http.key"
- "{{ elasticsearch_node_name }}_http.pem" #- "{{ elasticsearch_node_name }}_http.pem"
- "{{ elasticsearch_node_name }}_elasticsearch_config_snippet.yml" #- "{{ elasticsearch_node_name }}_elasticsearch_config_snippet.yml"
- admin.key - admin-key.pem
- admin.pem - admin.pem
- name: Copy the OpenDistro security configuration file to cluster #- name: Copy the OpenDistro security configuration file to cluster
blockinfile: # blockinfile:
block: "{{ lookup('file', snippet_path ) }}" # block: "{{ lookup('file', snippet_path ) }}"
dest: "{{ opendistro_conf_path }}/elasticsearch.yml" # dest: "{{ opendistro_conf_path }}/elasticsearch.yml"
insertafter: EOF # insertafter: EOF
marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##" # marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##"
vars: # vars:
snippet_path: '{{ local_certs_path }}/certs/{{ elasticsearch_node_name }}_elasticsearch_config_snippet.yml' # snippet_path: '{{ local_certs_path }}/certs/{{ elasticsearch_node_name }}_elasticsearch_config_snippet.yml'
- name: Prepare the OpenDistro security configuration file #- name: Prepare the OpenDistro security configuration file
replace: # replace:
path: "{{ opendistro_conf_path }}/elasticsearch.yml" # path: "{{ opendistro_conf_path }}/elasticsearch.yml"
regexp: 'searchguard' # regexp: 'searchguard'
replace: 'opendistro_security' # replace: 'opendistro_security'
tags: local # tags: local
- name: Restart elasticsearch with security configuration - name: Restart elasticsearch with security configuration
systemd: systemd:
name: elasticsearch name: wazuh-indexer
state: restarted state: restarted
- name: Copy the OpenDistro security internal users template - name: Copy the OpenDistro security internal users template
@ -98,18 +100,21 @@
- name: Initialize the OpenDistro security index in elasticsearch - name: Initialize the OpenDistro security index in elasticsearch
command: > command: >
sudo -u wazuh-indexer OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
JAVA_HOME=/usr/share/wazuh-indexer/jdk
{{ opendistro_sec_plugin_tools_path }}/securityadmin.sh {{ opendistro_sec_plugin_tools_path }}/securityadmin.sh
-cacert {{ opendistro_conf_path }}/root-ca.pem -cd {{ opendistro_sec_plugin_tools_path }}/
-cert {{ opendistro_conf_path }}/admin.pem -icl -p 9800 -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig
-key {{ opendistro_conf_path }}/admin.key -cacert {{ opendistro_conf_path }}/certs/root-ca.pem
-cd {{ opendistro_sec_plugin_conf_path }}/ -cert {{ opendistro_conf_path }}/certs/admin.pem
-nhnv -icl -key {{ opendistro_conf_path }}/certs/admin-key.pem
-nhnv
-h {{ target_address }} -h {{ target_address }}
run_once: true # noqa 301 run_once: true # noqa 301
- name: Create custom user - name: Create custom user
uri: uri:
url: "https://{{ target_address }}:{{ opendistro_http_port }}/_opendistro/_security/api/internalusers/{{ opendistro_custom_user }}" url: "https://{{ target_address }}:{{ opendistro_http_port }}/_plugins/_security/api/internalusers/{{ opendistro_custom_user }}"
method: PUT method: PUT
user: "admin" # Default OpenDistro user is always "admin" user: "admin" # Default OpenDistro user is always "admin"
password: "{{ opendistro_admin_password }}" password: "{{ opendistro_admin_password }}"

33
roles/opensearch/wazuh-indexer/templates/config.yml.j2 Normal file
View File

@ -0,0 +1,33 @@
nodes:
# Elasticsearch server nodes
elasticsearch:
{% for (key,value) in instances.items() %}
{% if (value.role is defined and value.role == 'indexer') %}
name: {{ value.name }}
ip: {{ value.ip }}
{% endif %}
{% endfor %}
# Wazuh server nodes
# Use node_type only with more than one Wazuh manager
wazuh_servers:
{% for (key,value) in instances.items() %}
{% if (value.role is defined and value.role == 'wazuh') %}
name: {{ value.name }}
ip: {{ value.ip }}
{% endif %}
{% if (value.node_type is defined and value.node_type == 'master') %}
node_type: master
{% elif (value.node_type is defined and value.node_type == 'worker') %}
node_type: worker
{% endif %}
{% endfor %}
# Kibana node
kibana:
{% for (key,value) in instances.items() %}
{% if (value.role is defined and value.role == 'dashboard') %}
name: {{ value.name }}
ip: {{ value.ip }}
{% endif %}
{% endfor %}

0
roles/opendistro/opendistro-elasticsearch/templates/disabledlog4j.options.j2 → roles/opensearch/wazuh-indexer/templates/disabledlog4j.options.j2
View File

0
roles/opendistro/opendistro-elasticsearch/templates/elasticsearch.yml.j2 → roles/opensearch/wazuh-indexer/templates/elasticsearch.yml.j2
View File

0
roles/opendistro/opendistro-elasticsearch/templates/internal_users.yml.j2 → roles/opensearch/wazuh-indexer/templates/internal_users.yml.j2
View File

83
roles/opensearch/wazuh-indexer/templates/jvm.options copy.j2 Normal file
View File

@ -0,0 +1,83 @@
## JVM configuration
################################################################
## IMPORTANT: JVM heap size
################################################################
##
## You should always set the min and max JVM heap
## size to the same value. For example, to set
## the heap to 4 GB, set:
##
## -Xms4g
## -Xmx4g
##
## See https://opensearch.org/docs/opensearch/install/important-settings/
## for more information
##
################################################################
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
-Xms1g
-Xmx1g
################################################################
## Expert settings
################################################################
##
## All settings below this section are considered
## expert settings. Don't tamper with them unless
## you understand what you are doing
##
################################################################
## GC configuration
8-13:-XX:+UseConcMarkSweepGC
8-13:-XX:CMSInitiatingOccupancyFraction=75
8-13:-XX:+UseCMSInitiatingOccupancyOnly
## G1GC Configuration
# NOTE: G1 GC is only supported on JDK version 10 or later
# to use G1GC, uncomment the next two lines and update the version on the
# following three lines to your version of the JDK
# 10-13:-XX:-UseConcMarkSweepGC
# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
14-:-XX:+UseG1GC
14-:-XX:G1ReservePercent=25
14-:-XX:InitiatingHeapOccupancyPercent=30
## JVM temporary directory
-Djava.io.tmpdir=${OPENSEARCH_TMPDIR}
## heap dumps
# generate a heap dump when an allocation from the Java heap fails
# heap dumps are created in the working directory of the JVM
-XX:+HeapDumpOnOutOfMemoryError
# specify an alternative path for heap dumps; ensure the directory exists and
# has sufficient space
-XX:HeapDumpPath=data
# specify an alternative path for JVM fatal error logs
-XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log
## JDK 8 GC logging
8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:/var/log/wazuh-indexer/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m
# JDK 9+ GC logging
9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m
## OpenDistro Performance Analyzer
-Dclk.tck=100
-Djdk.attach.allowAttachSelf=true
-Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opendistro-performance-analyzer/pa_config/es_security.policy

12
roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 → roles/opensearch/wazuh-indexer/templates/jvm.options.j2
View File

@ -62,7 +62,7 @@
14-:-XX:InitiatingHeapOccupancyPercent=30 14-:-XX:InitiatingHeapOccupancyPercent=30
## JVM temporary directory ## JVM temporary directory
-Djava.io.tmpdir=${ES_TMPDIR} -Djava.io.tmpdir=${OPENSEARCH_TMPDIR}
## heap dumps ## heap dumps
@ -72,25 +72,25 @@
# specify an alternative path for heap dumps; ensure the directory exists and # specify an alternative path for heap dumps; ensure the directory exists and
# has sufficient space # has sufficient space
-XX:HeapDumpPath=/var/lib/elasticsearch -XX:HeapDumpPath=data
# specify an alternative path for JVM fatal error logs # specify an alternative path for JVM fatal error logs
-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log
## JDK 8 GC logging ## JDK 8 GC logging
8:-XX:+PrintGCDetails 8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps 8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution 8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime 8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:/var/log/elasticsearch/gc.log 8:-Xloggc:/var/log/wazuh-indexer/gc.log
8:-XX:+UseGCLogFileRotation 8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32 8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m 8:-XX:GCLogFileSize=64m
# JDK 9+ GC logging # JDK 9+ GC logging
9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m 9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m
## OpenDistro Performance Analyzer ## OpenDistro Performance Analyzer
-Dclk.tck=100 -Dclk.tck=100
-Djdk.attach.allowAttachSelf=true -Djdk.attach.allowAttachSelf=true
-Djava.security.policy=file:///usr/share/elasticsearch/plugins/opendistro_performance_analyzer/pa_config/es_security.policy -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy

52
roles/opensearch/wazuh-indexer/templates/opensearch.yml.j2 Normal file
View File

@ -0,0 +1,52 @@
network.host: {{ elasticsearch_network_host }}
node.name: {{ elasticsearch_node_name }}
{% if single_node == true %}
discovery.type: single-node
{% else %}
cluster.initial_master_nodes:
{% for item in elasticsearch_cluster_nodes %}
- {{ item }}
{% endfor %}
{% endif %}
cluster.name: {{ opendistro_cluster_name }}
http.port: 9700-9799
transport.tcp.port: 9800-9899
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
###############################################################################
# #
# WARNING: Demo certificates set up in this file. #
# Please change on production cluster! #
# #
###############################################################################
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/{{ elasticsearch_node_name }}.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/{{ elasticsearch_node_name }}-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/{{ elasticsearch_node_name }}.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/{{ elasticsearch_node_name }}-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.audit.type: internal_opensearch
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Docu,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN={{ elasticsearch_node_name }},OU=Docu,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true

0
roles/opendistro/opendistro-elasticsearch/templates/tlsconfig.yml.j2 → roles/opensearch/wazuh-indexer/templates/tlsconfig.yml.j2
View File