diff --git a/Pipfile b/Pipfile
index ce0266f2..6f709455 100644
--- a/Pipfile
+++ b/Pipfile
@@ -14,9 +14,22 @@ molecule = "==2.20.2"
python_version = "2.7"
[scripts]
+test ="molecule test --destroy=never"
+worker ="molecule test -s worker --destroy=never"
+agent ="molecule test -s wazuh-agent --destroy=never"
+elasticsearch ="molecule test -s elasticsearch --destroy=never"
+kibana ="molecule test -s kibana --destroy=never"
+
+# Verify ..
+verify ="molecule verify"
+verify_worker ="molecule verify -s worker"
+verify_agent ="molecule verify -s agent"
+verify_elasticsearch ="molecule verify -s elasticsearch"
+verify_kibana ="molecule verify -s kibana"
+
+# Destroy ..
destroy ="molecule destroy"
-test ="molecule test"
-agent ="molecule test -s wazuh-agent"
-elasticsearch ="molecule test -s elasticsearch"
-filebeat ="molecule test -s filebeat"
-kibana ="molecule test -s kibana"
+destroy_worker ="molecule destroy -s worker"
+destroy_agent ="molecule destroy -s agent"
+destroy_elasticsearch ="molecule destroy -s elasticsearch"
+destroy_kibana ="molecule destroy -s kibana"
diff --git a/molecule/default/create.yml b/molecule/default/create.yml
index 25932aee..0b25ec81 100644
--- a/molecule/default/create.yml
+++ b/molecule/default/create.yml
@@ -44,10 +44,13 @@
- name: Create docker network(s)
docker_network:
- name: "{{ item }}"
- docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}"
+ name: "main"
state: present
- with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}"
+
+ - name: Sleep 5 seconds till the network gets created if it's not
+ # Pause for 5 minutes to build app cache.
+ pause:
+ seconds: 10
- name: Create molecule instance(s)
docker_container:
@@ -65,7 +68,8 @@
exposed_ports: "{{ item.exposed_ports | default(omit) }}"
published_ports: "{{ item.published_ports | default(omit) }}"
ulimits: "{{ item.ulimits | default(omit) }}"
- networks: "{{ item.networks | default(omit) }}"
+ networks:
+ - name: "main"
dns_servers: "{{ item.dns_servers | default(omit) }}"
register: server
with_items: "{{ molecule_yml.platforms }}"
@@ -78,4 +82,4 @@
register: docker_jobs
until: docker_jobs.finished
retries: 300
- with_items: "{{ server.results }}"
+ with_items: "{{ server.results }}"
\ No newline at end of file
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
deleted file mode 100644
index 6a54a846..00000000
--- a/molecule/default/molecule.yml
+++ /dev/null
@@ -1,69 +0,0 @@
----
-dependency:
- name: galaxy
-driver:
- name: docker
-lint:
- name: yamllint
- enabled: false
-platforms:
- - name: bionic
- image: solita/ubuntu-systemd:bionic
- command: /sbin/init
- ulimits:
- - nofile:262144:262144
- privileged: true
- memory_reservation: 2048m
- - name: xenial
- image: solita/ubuntu-systemd:xenial
- privileged: true
- memory_reservation: 2048m
- command: /sbin/init
- ulimits:
- - nofile:262144:262144
-# - name: trusty
-# image: ubuntu:trusty
-# privileged: true
-# memory_reservation: 2048m
-# ulimits:
-# - nofile:262144:262144
-# - name: centos6
-# image: centos:6
-# privileged: true
-# memory_reservation: 2048m
-# ulimits:
-# - nofile:262144:262144
- - name: centos7
- image: milcom/centos7-systemd
- memory_reservation: 2048m
- privileged: true
- ulimits:
- - nofile:262144:262144
-provisioner:
- name: ansible
- env:
- ANSIBLE_ROLES_PATH: ../../roles
- lint:
- name: ansible-lint
- enabled: true
-scenario:
- name: default
- test_sequence:
- - lint
- - dependency
- - cleanup
- - destroy
- - syntax
- - create
- - prepare
- - converge
- - idempotence
- - side_effect
- - verify
- - cleanup
- - destroy
-verifier:
- name: testinfra
- lint:
- name: flake8
- enabled: true
diff --git a/molecule/default/molecule.yml.template b/molecule/default/molecule.yml.template
new file mode 100644
index 00000000..f46226c2
--- /dev/null
+++ b/molecule/default/molecule.yml.template
@@ -0,0 +1,47 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint:
+ name: yamllint
+ enabled: false
+platforms:
+ - name: manager_platform_
+ image: imagename
+ command: /sbin/init
+ ulimits:
+ - nofile:262144:262144
+ privileged: true
+ memory_reservation: 2048m
+provisioner:
+ name: ansible
+ config_options:
+ defaults:
+ hash_behaviour: merge
+ env:
+ ANSIBLE_ROLES_PATH: ../../roles
+ lint:
+ name: ansible-lint
+ enabled: true
+scenario:
+ name: default
+ test_sequence:
+ - lint
+ - dependency
+ - cleanup
+ - destroy
+ - syntax
+ - create
+ - prepare
+ - converge
+ - idempotence
+ - side_effect
+ - verify
+ - cleanup
+ - destroy
+verifier:
+ name: testinfra
+ lint:
+ name: flake8
+ enabled: true
diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml
index 242a3777..d4561c1b 100644
--- a/molecule/default/playbook.yml
+++ b/molecule/default/playbook.yml
@@ -3,4 +3,17 @@
hosts: all
roles:
- role: wazuh/ansible-wazuh-manager
-
+ vars:
+ wazuh_manager_config:
+ cluster:
+ disable: 'no'
+ name: 'wazuh'
+ node_name: 'manager'
+ node_type: 'master'
+ key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
+ port: '1516'
+ bind_addr: '0.0.0.0'
+ nodes:
+ - 'manager_bionic'
+ hidden: 'no'
+ - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_bionic:9200' }
\ No newline at end of file
diff --git a/molecule/default/playbook.yml.template b/molecule/default/playbook.yml.template
new file mode 100644
index 00000000..f73659e9
--- /dev/null
+++ b/molecule/default/playbook.yml.template
@@ -0,0 +1,19 @@
+---
+- name: Converge
+ hosts: all
+ roles:
+ - role: wazuh/ansible-wazuh-manager
+ vars:
+ wazuh_manager_config:
+ cluster:
+ disable: 'no'
+ name: 'wazuh'
+ node_name: 'manager'
+ node_type: 'master'
+ key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
+ port: '1516'
+ bind_addr: '0.0.0.0'
+ nodes:
+ - 'manager_platform'
+ hidden: 'no'
+ - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' }
\ No newline at end of file
diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
index c5e76d67..174a499f 100644
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@@ -73,8 +73,17 @@ def test_open_ports(host):
"""Test if the main port is open and the agent-auth is not open."""
distribution = host.system_info.distribution.lower()
if distribution == 'ubuntu':
+ assert host.socket("tcp://0.0.0.0:1516").is_listening
assert host.socket("tcp://0.0.0.0:1515").is_listening
assert host.socket("tcp://0.0.0.0:1514").is_listening
elif distribution == 'centos':
+ assert host.socket("tcp://0.0.0.0:1516").is_listening
assert host.socket("tcp://127.0.0.1:1515").is_listening
assert host.socket("tcp://127.0.0.1:1514").is_listening
+
+
+def test_filebeat_is_installed(host):
+ """Test if the elasticsearch package is installed."""
+ filebeat = host.package("filebeat")
+ assert filebeat.is_installed
+ assert filebeat.version.startswith('7.2.1')
diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml
index ebf47ccb..11d8902f 100644
--- a/molecule/elasticsearch/molecule.yml
+++ b/molecule/elasticsearch/molecule.yml
@@ -8,41 +8,19 @@ lint:
options:
config-data:
ignore: .virtualenv
-platforms:
- #- name: bionic
- # image: solita/ubuntu-systemd:bionic
- # command: /sbin/init
- # ulimits:
- # - nofile:262144:262144
- # privileged: true
- # memory_reservation: 2048m
- #- name: xenial
- # image: solita/ubuntu-systemd:xenial
- # privileged: true
- # memory_reservation: 2048m
- # command: /sbin/init
- # ulimits:
- # - nofile:262144:262144
- #- name: trusty
- #image: ubuntu:trusty
- #privileged: true
- #memory_reservation: 2048m
- #ulimits:
- #- nofile:262144:262144
- #- name: centos6
- # image: centos:6
- # privileged: true
- # memory_reservation: 2048m
- # ulimits:
- # - nofile:262144:262144
- - name: centos7
- image: milcom/centos7-systemd
- memory_reservation: 2048m
- privileged: true
+bionics:
+ - name: elasticsearch_bionic
+ image: solita/ubuntu-systemd:bionic
+ command: /sbin/init
ulimits:
- nofile:262144:262144
+ privileged: true
+ memory_reservation: 2048m
provisioner:
name: ansible
+ config_options:
+ defaults:
+ hash_behaviour: merge
playbooks:
docker:
create: ../default/create.yml
@@ -57,6 +35,22 @@ provisioner:
group_vars:
all:
elasticsearch_jvm_xms: 512
+scenario:
+ name: elasticsearch
+ test_sequence:
+ - lint
+ - dependency
+ - cleanup
+ - destroy
+ - syntax
+ - create
+ - prepare
+ - converge
+ #- idempotence
+ - side_effect
+ - verify
+ - cleanup
+ - destroy
verifier:
name: testinfra
lint:
diff --git a/molecule/elasticsearch/molecule.yml.template b/molecule/elasticsearch/molecule.yml.template
new file mode 100644
index 00000000..baba140e
--- /dev/null
+++ b/molecule/elasticsearch/molecule.yml.template
@@ -0,0 +1,57 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint:
+ name: yamllint
+ options:
+ config-data:
+ ignore: .virtualenv
+platforms:
+ - name: elasticsearch_platform_
+ image: imagename
+ command: /sbin/init
+ ulimits:
+ - nofile:262144:262144
+ privileged: true
+ memory_reservation: 2048m
+provisioner:
+ name: ansible
+ config_options:
+ defaults:
+ hash_behaviour: merge
+ playbooks:
+ docker:
+ create: ../default/create.yml
+ destroy: ../default/destroy.yml
+ prepare: ../default/prepare.yml
+ env:
+ ANSIBLE_ROLES_PATH: ../../roles
+ lint:
+ name: ansible-lint
+ enabled: true
+ inventory:
+ group_vars:
+ all:
+ elasticsearch_jvm_xms: 512
+scenario:
+ name: elasticsearch
+ test_sequence:
+ - lint
+ - dependency
+ - cleanup
+ - destroy
+ - syntax
+ - create
+ - prepare
+ - converge
+ - idempotence
+ - side_effect
+ - verify
+ - cleanup
+ - destroy
+verifier:
+ name: testinfra
+ lint:
+ name: flake8
diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml
index f6bf45f9..6b5c44f8 100644
--- a/molecule/elasticsearch/playbook.yml
+++ b/molecule/elasticsearch/playbook.yml
@@ -3,4 +3,4 @@
hosts: all
roles:
- role: elastic-stack/ansible-elasticsearch
- elasticsearch_network_host: 'localhost'
+ elasticsearch_network_host: 'elasticsearch_bionic'
diff --git a/molecule/elasticsearch/playbook.yml.template b/molecule/elasticsearch/playbook.yml.template
new file mode 100644
index 00000000..0b2f9d5a
--- /dev/null
+++ b/molecule/elasticsearch/playbook.yml.template
@@ -0,0 +1,6 @@
+---
+- name: Converge
+ hosts: all
+ roles:
+ - role: elastic-stack/ansible-elasticsearch
+ elasticsearch_network_host: 'elasticsearch_platform'
diff --git a/molecule/filebeat/INSTALL.rst b/molecule/filebeat/INSTALL.rst
deleted file mode 100644
index 6a44bde9..00000000
--- a/molecule/filebeat/INSTALL.rst
+++ /dev/null
@@ -1,22 +0,0 @@
-*******
-Docker driver installation guide
-*******
-
-Requirements
-============
-
-* Docker Engine
-
-Install
-=======
-
-Please refer to the `Virtual environment`_ documentation for installation best
-practices. If not using a virtual environment, please consider passing the
-widely recommended `'--user' flag`_ when invoking ``pip``.
-
-.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
-.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
-
-.. code-block:: bash
-
- $ pip install 'molecule[docker]'
diff --git a/molecule/filebeat/playbook.yml b/molecule/filebeat/playbook.yml
deleted file mode 100644
index 3ff917f6..00000000
--- a/molecule/filebeat/playbook.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Converge
- hosts: all
- roles:
- - role: wazuh/ansible-filebeat
diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml
deleted file mode 100644
index 49325b85..00000000
--- a/molecule/filebeat/prepare.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-- name: Prepare
- hosts: all
- gather_facts: true
- tasks:
-
- - name: "Install Python packages for Trusty to solve trust issues"
- package:
- name:
- - python-apt
- - python-setuptools
- - python-pip
- state: latest
- register: wazuh_manager_trusty_packages_installed
- until: wazuh_manager_trusty_packages_installed is succeeded
- when:
- - ansible_distribution == "Ubuntu"
- - ansible_distribution_major_version | int == 14
-
- - name: "Install dependencies"
- package:
- name:
- - curl
- - net-tools
- state: latest
- register: wazuh_manager_dependencies_packages_installed
- until: wazuh_manager_dependencies_packages_installed is succeeded
-
- - name: "Install (RedHat) dependencies"
- package:
- name:
- - initscripts
- state: latest
- register: wazuh_manager_dependencies_packages_installed
- until: wazuh_manager_dependencies_packages_installed is succeeded
- when:
- - ansible_os_family == 'RedHat'
diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py
deleted file mode 100644
index 02638b52..00000000
--- a/molecule/filebeat/tests/test_default.py
+++ /dev/null
@@ -1,13 +0,0 @@
-import os
-
-import testinfra.utils.ansible_runner
-
-testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
- os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
-
-
-def test_filebeat_is_installed(host):
- """Test if the elasticsearch package is installed."""
- filebeat = host.package("filebeat")
- assert filebeat.is_installed
- assert filebeat.version.startswith('7.2.1')
diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml
deleted file mode 100644
index 20ea5e07..00000000
--- a/molecule/kibana/molecule.yml
+++ /dev/null
@@ -1,61 +0,0 @@
----
-dependency:
- name: galaxy
-driver:
- name: docker
-lint:
- name: yamllint
- options:
- config-data:
- ignore: .virtualenv
-platforms:
- - name: bionic
- image: solita/ubuntu-systemd:bionic
- command: /sbin/init
- ulimits:
- - nofile:262144:262144
- privileged: true
- memory_reservation: 1024m
- - name: xenial
- image: solita/ubuntu-systemd:xenial
- privileged: true
- memory_reservation: 1024m
- command: /sbin/init
- ulimits:
- - nofile:262144:262144
-# - name: trusty
-# image: ubuntu:trusty
-# memory_reservation: 1024m
-# ulimits:
-# - nofile:262144:262144
-# - name: centos6
-# image: centos:6
-# privileged: true
-# memory_reservation: 1024m
-# ulimits:
-# - nofile:262144:262144
- - name: centos7
- image: milcom/centos7-systemd
- memory_reservation: 1024m
- privileged: true
- ulimits:
- - nofile:262144:262144
-provisioner:
- name: ansible
- playbooks:
- docker:
- create: ../default/create.yml
- destroy: ../default/destroy.yml
- env:
- ANSIBLE_ROLES_PATH: ../../roles
- lint:
- name: ansible-lint
- enabled: true
- inventory:
- group_vars:
- all:
- elasticsearch_jvm_xms: 256
-verifier:
- name: testinfra
- lint:
- name: flake8
diff --git a/molecule/filebeat/molecule.yml b/molecule/kibana/molecule.yml.template
similarity index 51%
rename from molecule/filebeat/molecule.yml
rename to molecule/kibana/molecule.yml.template
index 5e055508..eec8f6e3 100644
--- a/molecule/filebeat/molecule.yml
+++ b/molecule/kibana/molecule.yml.template
@@ -9,27 +9,18 @@ lint:
config-data:
ignore: .virtualenv
platforms:
- # - name: trusty
- # image: ubuntu:trusty
- - name: bionic
- image: solita/ubuntu-systemd:bionic
+ - name: kibana_platform_
+ image: imagename
command: /sbin/init
+ ulimits:
+ - nofile:262144:262144
privileged: true
- - name: xenial
- image: solita/ubuntu-systemd:xenial
- privileged: true
- command: /sbin/init
- #- name: centos6
- # image: geerlingguy/docker-centos6-ansible
- # privileged: true
- # command: /sbin/init
- # volumes:
- # - /sys/fs/cgroup:/sys/fs/cgroup:ro
- - name: centos7
- image: milcom/centos7-systemd
- privileged: true
+ memory_reservation: 1024m
provisioner:
name: ansible
+ config_options:
+ defaults:
+ hash_behaviour: merge
playbooks:
docker:
create: ../default/create.yml
@@ -39,6 +30,10 @@ provisioner:
lint:
name: ansible-lint
enabled: true
+ inventory:
+ group_vars:
+ all:
+ elasticsearch_jvm_xms: 256
verifier:
name: testinfra
lint:
diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml
index 6deac809..6af17723 100644
--- a/molecule/kibana/playbook.yml
+++ b/molecule/kibana/playbook.yml
@@ -2,6 +2,5 @@
- name: Converge
hosts: all
roles:
-
- role: elastic-stack/ansible-kibana
-
\ No newline at end of file
+ elasticsearch_network_host: 'elasticsearch_bionic'
\ No newline at end of file
diff --git a/molecule/kibana/playbook.yml.template b/molecule/kibana/playbook.yml.template
new file mode 100644
index 00000000..b166ac28
--- /dev/null
+++ b/molecule/kibana/playbook.yml.template
@@ -0,0 +1,6 @@
+---
+- name: Converge
+ hosts: all
+ roles:
+ - role: elastic-stack/ansible-kibana
+ elasticsearch_network_host: 'elasticsearch_platform'
\ No newline at end of file
diff --git a/molecule/kibana/prepare.yml b/molecule/kibana/prepare.yml
index 7e5ca29d..c5592219 100644
--- a/molecule/kibana/prepare.yml
+++ b/molecule/kibana/prepare.yml
@@ -34,8 +34,3 @@
until: wazuh_manager_dependencies_packages_installed is succeeded
when:
- ansible_os_family == 'RedHat'
-
- roles:
- - role: wazuh/ansible-wazuh-manager
- - role: elastic-stack/ansible-elasticsearch
- elasticsearch_network_host: 'localhost'
diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml
index 47c0012f..a0b050b1 100644
--- a/molecule/wazuh-agent/molecule.yml
+++ b/molecule/wazuh-agent/molecule.yml
@@ -11,48 +11,51 @@ lint:
config-data:
ignore: .virtualenv
platforms:
- - name: wazuh_server_centos7
- image: milcom/centos7-systemd
- networks:
- - name: wazuh
- privileged: true
- groups:
- - manager
+ #- name: wazuh_server_centos7
+ # image: milcom/centos7-systemd
+ # networks:
+ # - name: wazuh
+ # privileged: true
+ # groups:
+ # - manager
- name: wazuh_agent_bionic
image: ubuntu:bionic
networks:
- name: wazuh
groups:
- agent
- - name: wazuh_agent_xenial
- image: solita/ubuntu-systemd:xenial
- privileged: true
- command: /sbin/init
- networks:
- - name: wazuh
- groups:
- - agent
- - name: wazuh_agent_trusty
- image: ubuntu:trusty
- networks:
- - name: wazuh
- groups:
- - agent
- - name: wazuh_agent_centos6
- image: centos:6
- networks:
- - name: wazuh
- groups:
- - agent
- - name: wazuh_agent_centos7
- image: milcom/centos7-systemd
- privileged: true
- networks:
- - name: wazuh
- groups:
- - agent
+ #- name: wazuh_agent_xenial
+ # image: solita/ubuntu-systemd:xenial
+ # privileged: true
+ # command: /sbin/init
+ # networks:
+ # - name: wazuh
+ # groups:
+ # - agent
+ #- name: wazuh_agent_trusty
+ # image: ubuntu:trusty
+ # networks:
+ # - name: wazuh
+ # groups:
+ # - agent
+ #- name: wazuh_agent_centos6
+ # image: centos:6
+ # networks:
+ # - name: wazuh
+ # groups:
+ # - agent
+ #- name: wazuh_agent_centos7
+ # image: milcom/centos7-systemd
+ # privileged: true
+ # networks:
+ # - name: wazuh
+ # groups:
+ # - agent
provisioner:
name: ansible
+ config_options:
+ defaults:
+ hash_behaviour: merge
playbooks:
docker:
create: ../default/create.yml
diff --git a/molecule/wazuh-agent/molecule.yml.template b/molecule/wazuh-agent/molecule.yml.template
new file mode 100644
index 00000000..a0b050b1
--- /dev/null
+++ b/molecule/wazuh-agent/molecule.yml.template
@@ -0,0 +1,89 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+ #lint:
+ # name: yamllint
+lint:
+ name: yamllint
+ options:
+ config-data:
+ ignore: .virtualenv
+platforms:
+ #- name: wazuh_server_centos7
+ # image: milcom/centos7-systemd
+ # networks:
+ # - name: wazuh
+ # privileged: true
+ # groups:
+ # - manager
+ - name: wazuh_agent_bionic
+ image: ubuntu:bionic
+ networks:
+ - name: wazuh
+ groups:
+ - agent
+ #- name: wazuh_agent_xenial
+ # image: solita/ubuntu-systemd:xenial
+ # privileged: true
+ # command: /sbin/init
+ # networks:
+ # - name: wazuh
+ # groups:
+ # - agent
+ #- name: wazuh_agent_trusty
+ # image: ubuntu:trusty
+ # networks:
+ # - name: wazuh
+ # groups:
+ # - agent
+ #- name: wazuh_agent_centos6
+ # image: centos:6
+ # networks:
+ # - name: wazuh
+ # groups:
+ # - agent
+ #- name: wazuh_agent_centos7
+ # image: milcom/centos7-systemd
+ # privileged: true
+ # networks:
+ # - name: wazuh
+ # groups:
+ # - agent
+provisioner:
+ name: ansible
+ config_options:
+ defaults:
+ hash_behaviour: merge
+ playbooks:
+ docker:
+ create: ../default/create.yml
+ destroy: ../default/destroy.yml
+ env:
+ ANSIBLE_ROLES_PATH: ../../roles
+ inventory:
+ group_vars:
+ agent:
+ api_pass: password
+ wazuh_managers:
+ - address: "{{ wazuh_manager_ip }}"
+ port: 1514
+ protocol: tcp
+ api_port: 55000
+ api_proto: 'http'
+ api_user: null
+ wazuh_agent_authd:
+ enable: true
+ port: 1515
+ ssl_agent_ca: null
+ ssl_agent_cert: null
+ ssl_agent_key: null
+ ssl_auto_negotiate: 'no'
+ lint:
+ name: ansible-lint
+ enabled: true
+verifier:
+ name: testinfra
+ lint:
+ name: flake8
diff --git a/molecule/wazuh-agent/playbook.yml b/molecule/wazuh-agent/playbook.yml
index 5b869569..4feac0c2 100644
--- a/molecule/wazuh-agent/playbook.yml
+++ b/molecule/wazuh-agent/playbook.yml
@@ -1,20 +1,18 @@
---
- name: Converge
- hosts: agent
- pre_tasks:
- - name: "Get ip Wazuh Manager"
- shell: |
- set -o pipefail
- grep $(hostname) /etc/hosts | awk '{print $1}' | sort | head -n 2 | tail -n 1
- register: wazuh_manager_ip_stdout
- changed_when: false
- delegate_to: wazuh_server_centos7
- args:
- executable: /bin/bash
-
- - name: "Set fact for ip address"
- set_fact:
- wazuh_manager_ip: "{{ wazuh_manager_ip_stdout.stdout }}"
-
+ hosts: all
roles:
- role: wazuh/ansible-wazuh-agent
+ vars:
+ wazuh_managers:
+ - address: 'manager_platform'
+ port: 1514
+ protocol: tcp
+ api_port: 55000
+ api_proto: 'http'
+ api_user: ansible
+ wazuh_agent_authd:
+ enable: true
+ port: 1515
+ ssl_agent_ca: null
+ ssl_auto_negotiate: 'no'
diff --git a/molecule/wazuh-agent/playbook.yml.template b/molecule/wazuh-agent/playbook.yml.template
new file mode 100644
index 00000000..4feac0c2
--- /dev/null
+++ b/molecule/wazuh-agent/playbook.yml.template
@@ -0,0 +1,18 @@
+---
+- name: Converge
+ hosts: all
+ roles:
+ - role: wazuh/ansible-wazuh-agent
+ vars:
+ wazuh_managers:
+ - address: 'manager_platform'
+ port: 1514
+ protocol: tcp
+ api_port: 55000
+ api_proto: 'http'
+ api_user: ansible
+ wazuh_agent_authd:
+ enable: true
+ port: 1515
+ ssl_agent_ca: null
+ ssl_auto_negotiate: 'no'
diff --git a/molecule/filebeat/Dockerfile.j2 b/molecule/worker/Dockerfile.j2
similarity index 100%
rename from molecule/filebeat/Dockerfile.j2
rename to molecule/worker/Dockerfile.j2
diff --git a/molecule/worker/molecule.yml.template b/molecule/worker/molecule.yml.template
new file mode 100644
index 00000000..ecfe6469
--- /dev/null
+++ b/molecule/worker/molecule.yml.template
@@ -0,0 +1,53 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint:
+ name: yamllint
+ options:
+ config-data:
+ ignore: .virtualenv
+platforms:
+ - name: worker_platform_
+ image: imagename
+ command: /sbin/init
+ ulimits:
+ - nofile:262144:262144
+ privileged: true
+ memory_reservation: 2048m
+provisioner:
+ name: ansible
+ config_options:
+ defaults:
+ hash_behaviour: merge
+ playbooks:
+ docker:
+ create: ../default/create.yml
+ destroy: ../default/destroy.yml
+ prepare: ../default/prepare.yml
+ env:
+ ANSIBLE_ROLES_PATH: ../../roles
+ lint:
+ name: ansible-lint
+ enabled: true
+scenario:
+ name: worker
+ test_sequence:
+ - lint
+ - dependency
+ - cleanup
+ - destroy
+ - syntax
+ - create
+ - prepare
+ - converge
+ - idempotence
+ - side_effect
+ - verify
+ - cleanup
+ - destroy
+verifier:
+ name: testinfra
+ lint:
+ name: flake8
diff --git a/molecule/worker/playbook.yml b/molecule/worker/playbook.yml
new file mode 100644
index 00000000..a59f93f2
--- /dev/null
+++ b/molecule/worker/playbook.yml
@@ -0,0 +1,21 @@
+---
+- name: Converge
+ hosts: all
+ roles:
+ - role: wazuh/ansible-wazuh-manager
+ vars:
+ wazuh_manager_config:
+ cluster:
+ disable: 'no'
+ name: 'wazuh'
+ node_name: 'worker-01'
+ node_type: 'worker'
+ key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
+ port: '1516'
+ bind_addr: '0.0.0.0'
+ nodes:
+ - 'manager_bionic'
+ hidden: 'no'
+ - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_bionic:9200' }
+
+
diff --git a/molecule/worker/playbook.yml.template b/molecule/worker/playbook.yml.template
new file mode 100644
index 00000000..45b12d1d
--- /dev/null
+++ b/molecule/worker/playbook.yml.template
@@ -0,0 +1,21 @@
+---
+- name: Converge
+ hosts: all
+ roles:
+ - role: wazuh/ansible-wazuh-manager
+ vars:
+ wazuh_manager_config:
+ cluster:
+ disable: 'no'
+ name: 'wazuh'
+ node_name: 'worker-01'
+ node_type: 'worker'
+ key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
+ port: '1516'
+ bind_addr: '0.0.0.0'
+ nodes:
+ - 'manager_platform'
+ hidden: 'no'
+ - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' }
+
+
diff --git a/molecule/worker/tests/test_default.py b/molecule/worker/tests/test_default.py
new file mode 100644
index 00000000..8dc96bbf
--- /dev/null
+++ b/molecule/worker/tests/test_default.py
@@ -0,0 +1,85 @@
+import os
+import pytest
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def get_wazuh_version():
+ """This return the version of Wazuh."""
+ return "3.9.5"
+
+
+def test_wazuh_packages_are_installed(host):
+ """Test if the main packages are installed."""
+ manager = host.package("wazuh-manager")
+ api = host.package("wazuh-api")
+
+ distribution = host.system_info.distribution.lower()
+ if distribution == 'centos':
+ if host.system_info.release == "7":
+ assert manager.is_installed
+ assert manager.version.startswith(get_wazuh_version())
+ assert api.is_installed
+ assert api.version.startswith(get_wazuh_version())
+ elif host.system_info.release.startswith("6"):
+ assert manager.is_installed
+ assert manager.version.startswith(get_wazuh_version())
+ elif distribution == 'ubuntu':
+ assert manager.is_installed
+ assert manager.version.startswith(get_wazuh_version())
+
+
+def test_wazuh_services_are_running(host):
+ """Test if the services are enabled and running.
+
+ When assert commands are commented, this means that the service command has
+ a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107
+ """
+ manager = host.service("wazuh-manager")
+ api = host.service("wazuh-api")
+
+ distribution = host.system_info.distribution.lower()
+ if distribution == 'centos':
+ # assert manager.is_running
+ assert manager.is_enabled
+ # assert not api.is_running
+ assert not api.is_enabled
+ elif distribution == 'ubuntu':
+ # assert manager.is_running
+ assert manager.is_enabled
+ # assert api.is_running
+ assert api.is_enabled
+
+
+@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
+ ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
+ ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
+ ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640),
+ ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640),
+])
+def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
+ """Test if Wazuh related files exist and have proper owners and mode."""
+ wazuh_file_host = host.file(wazuh_file)
+
+ assert wazuh_file_host.user == wazuh_owner
+ assert wazuh_file_host.group == wazuh_group
+ assert wazuh_file_host.mode == wazuh_mode
+
+
+def test_open_ports(host):
+ """Test if the main port is open and the agent-auth is not open."""
+ distribution = host.system_info.distribution.lower()
+ if distribution == 'ubuntu':
+ assert host.socket("tcp://0.0.0.0:1514").is_listening
+ elif distribution == 'centos':
+ assert host.socket("tcp://127.0.0.1:1514").is_listening
+
+
+def test_filebeat_is_installed(host):
+ """Test if the elasticsearch package is installed."""
+ filebeat = host.package("filebeat")
+ assert filebeat.is_installed
+ assert filebeat.version.startswith('7.2.1')
diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 7d7e139d..6946cc07 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -42,7 +42,7 @@
- {{ wazuh_agent_config.active_response.ar|default('no') }}
+ {{ wazuh_agent_config.active_response.ar_disabled|default('no') }}
{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}
{{ wazuh_agent_config.active_response.ca_verification }}
@@ -99,14 +99,14 @@
{% endif %}
- {% if wazuh_agent_config.syscheck.directories is defined and ansible_os_family == "Linux" %}
+ {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %}
{% for directory in wazuh_agent_config.syscheck.directories %}
{{ directory.dirs }}
{% endfor %}
{% endif %}
- {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_os_family == "Windows" %}
+ {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_system == "Windows" %}
{% for directory in wazuh_agent_config.syscheck.win_directories %}
{{ directory.dirs }}
{% endfor %}
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 433e00c6..8c7c1f16 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -35,9 +35,7 @@ wazuh_manager_config:
port: '1516'
bind_addr: '0.0.0.0'
nodes:
- - '172.17.0.2'
- - '172.17.0.3'
- - '172.17.0.4'
+ - 'manager'
hidden: 'no'
connection:
- type: 'secure'
@@ -54,8 +52,8 @@ wazuh_manager_config:
use_password: 'no'
ssl_agent_ca: null
ssl_verify_host: 'no'
- ssl_manager_cert: '/var/ossec/etc/sslmanager.cert'
- ssl_manager_key: '/var/ossec/etc/sslmanager.key'
+ ssl_manager_cert: 'sslmanager.cert'
+ ssl_manager_key: 'sslmanager.key'
ssl_auto_negotiate: 'no'
email_notification: 'no'
mail_to:
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index d63b8ec7..8858d0be 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -70,7 +70,7 @@
- name: Copy CA, SSL key and cert for authd
copy:
src: "{{ item }}"
- dest: "/var/ossec/etc/{{ item | basename }}"
+ dest: "/var/ossec/etc/{{ item }}"
mode: 0644
with_items:
- "{{ wazuh_manager_config.authd.ssl_agent_ca }}"
diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh
new file mode 100644
index 00000000..c1a0941d
--- /dev/null
+++ b/run_cluster_mode.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+paths=( "molecule/default/" "molecule/worker/" "molecule/elasticsearch/" "molecule/kibana/" )
+images=( "solita/ubuntu-systemd:bionic" "solita/ubuntu-systemd:xenial" "milcom/centos7-systemd" "ubuntu:trusty" "centos:6" )
+platform=( "bionic" "xenial" "centos7" "trusty" "centos6" )
+
+echo "Please select an image. "
+
+select IMAGE in "${images[@]}";
+do
+ echo "You picked $IMAGE ($REPLY)"
+ break
+done
+
+index=$(($REPLY - 1))
+
+if [ -z "$IMAGE" ]
+then
+ echo "Platform not selected. Please select a platform of [bionuc, xenial or centos7]. => Aborting"
+ exit
+else
+ for i in "${paths[@]}"
+ do
+ cp "$i/playbook.yml.template" "$i/playbook.yml"
+ sed -i "s/platform/${platform[$index]}/g" "$i/playbook.yml"
+
+ cp "$i/molecule.yml.template" "$i/molecule.yml"
+ sed -i "s|imagename|${images[$index]}|g" "$i/molecule.yml"
+ sed -i "s/platform_/${platform[$index]}/g" "$i/molecule.yml"
+
+ done
+fi
+
+sudo pipenv run elasticsearch
+sudo pipenv run test
+sudo pipenv run worker
+sudo pipenv run kibana
+
+sudo pipenv run destroy
+sudo pipenv run destroy_worker
+sudo pipenv run destroy_elasticsearch
+sudo pipenv run destroy_kibana
+