From a5441ddc8a1a8ab52c9d1ac2b1122619b1c7a550 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Mon, 7 Feb 2022 17:01:52 -0300 Subject: [PATCH] Indexer and dashboard variables names updated --- README.md | 6 +++--- playbooks/wazuh-manager-oss.yml | 2 +- playbooks/wazuh-odfe-production-ready.yml | 12 +++++------ playbooks/wazuh-odfe-single.yml | 6 +++--- playbooks/wazuh-opendistro-kibana.yml | 2 +- playbooks/wazuh-opendistro.yml | 2 +- .../wazuh-dashboard/defaults/main.yml | 2 +- .../wazuh-dashboard/tasks/Debian.yml | 2 +- .../wazuh-indexer/defaults/main.yml | 4 ++-- .../opensearch/wazuh-indexer/tasks/Debian.yml | 4 ++-- .../wazuh-indexer/tasks/RMRedHat.yml | 4 ++-- .../opensearch/wazuh-indexer/tasks/RedHat.yml | 2 +- roles/opensearch/wazuh-indexer/tasks/main.yml | 8 ++++---- .../wazuh-indexer/tasks/security_actions.yml | 20 +++++++++---------- .../wazuh-indexer/templates/config.yml.j2 | 2 ++ .../wazuh-indexer/templates/opensearch.yml.j2 | 2 +- roles/wazuh/ansible-filebeat-oss/README.md | 2 +- .../ansible-filebeat-oss/defaults/main.yml | 4 ++-- .../ansible-filebeat-oss/tasks/RMRedHat.yml | 2 +- .../ansible-filebeat-oss/tasks/RedHat.yml | 4 ++-- .../templates/filebeat.yml.j2 | 6 +++--- 21 files changed, 50 insertions(+), 48 deletions(-) diff --git a/README.md b/README.md index 9e0d589d..db7ac89f 100644 --- a/README.md +++ b/README.md @@ -180,7 +180,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod nodes: - "{{ hostvars.manager.private_ip }}" hidden: 'no' - filebeat_output_elasticsearch_hosts: + filebeat_output_indexer_hosts: - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" - "{{ hostvars.es3.private_ip }}" @@ -209,7 +209,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod nodes: - "{{ hostvars.manager.private_ip }}" hidden: 'no' - filebeat_output_elasticsearch_hosts: + filebeat_output_indexer_hosts: - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" - "{{ hostvars.es3.private_ip }}" @@ -319,7 +319,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a sing elasticsearch_node_master: true elasticsearch_network_host: filebeat_node_name: node-1 - filebeat_output_elasticsearch_hosts: + filebeat_output_indexer_hosts: ansible_ssh_user: vagrant ansible_ssh_private_key_file: /path/to/ssh/key.pem ansible_ssh_extra_args: '-o StrictHostKeyChecking=no' diff --git a/playbooks/wazuh-manager-oss.yml b/playbooks/wazuh-manager-oss.yml index ba7b9444..d28b8736 100644 --- a/playbooks/wazuh-manager-oss.yml +++ b/playbooks/wazuh-manager-oss.yml @@ -3,7 +3,7 @@ roles: - role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-filebeat-oss - filebeat_output_elasticsearch_hosts: + filebeat_output_indexer_hosts: - ":9200" - ":9200" - ":9200" diff --git a/playbooks/wazuh-odfe-production-ready.yml b/playbooks/wazuh-odfe-production-ready.yml index 75cc30e9..1068cbdc 100644 --- a/playbooks/wazuh-odfe-production-ready.yml +++ b/playbooks/wazuh-odfe-production-ready.yml @@ -2,7 +2,7 @@ # Certificates generation - hosts: es1 roles: - - role: ../roles/opendistro/opendistro-elasticsearch + - role: ../roles/opensearch/wazuh-indexer elasticsearch_network_host: "{{ private_ip }}" elasticsearch_cluster_nodes: - "{{ hostvars.es1.private_ip }}" @@ -43,7 +43,7 @@ - hosts: odfe_cluster strategy: free roles: - - role: ../roles/opendistro/opendistro-elasticsearch + - role: ../roles/opensearch/wazuh-indexer elasticsearch_network_host: "{{ private_ip }}" become: yes become_user: root @@ -105,7 +105,7 @@ wazuh_api_users: - username: custom-user password: .S3cur3Pa55w0rd*- - filebeat_output_elasticsearch_hosts: + filebeat_output_indexer_hosts: - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" - "{{ hostvars.es3.private_ip }}" @@ -134,7 +134,7 @@ nodes: - "{{ hostvars.manager.private_ip }}" hidden: 'no' - filebeat_output_elasticsearch_hosts: + filebeat_output_indexer_hosts: - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" - "{{ hostvars.es3.private_ip }}" @@ -142,8 +142,8 @@ #ODFE+Kibana node - hosts: kibana roles: - - role: "../roles/opendistro/opendistro-elasticsearch" - - role: "../roles/opendistro/opendistro-kibana" + - role: "../roles/opensearch/wazuh-indexer" + - role: "../roles/opensearch/wazuh-dashboard" become: yes become_user: root vars: diff --git a/playbooks/wazuh-odfe-single.yml b/playbooks/wazuh-odfe-single.yml index 53b7dee3..9249fc20 100644 --- a/playbooks/wazuh-odfe-single.yml +++ b/playbooks/wazuh-odfe-single.yml @@ -4,17 +4,17 @@ become: yes become_user: root roles: - - role: ../roles/opendistro/opendistro-elasticsearch + - role: ../roles/opensearch/wazuh-indexer - role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-filebeat-oss - - role: ../roles/opendistro/opendistro-kibana + - role: ../roles/opensearch/wazuh-dashboard vars: single_node: true minimum_master_nodes: 1 elasticsearch_node_master: true elasticsearch_network_host: 127.0.0.1 filebeat_node_name: node-1 - filebeat_output_elasticsearch_hosts: 127.0.0.1 + filebeat_output_indexer_hosts: 127.0.0.1 instances: node1: name: node-1 # Important: must be equal to elasticsearch_node_name. diff --git a/playbooks/wazuh-opendistro-kibana.yml b/playbooks/wazuh-opendistro-kibana.yml index 8d195ad5..2a762639 100644 --- a/playbooks/wazuh-opendistro-kibana.yml +++ b/playbooks/wazuh-opendistro-kibana.yml @@ -1,6 +1,6 @@ --- - hosts: es1 roles: - - role: ../roles/opendistro/opendistro-kibana + - role: ../roles/opensearch/wazuh-dashboard vars: ansible_shell_allow_world_readable_temp: true diff --git a/playbooks/wazuh-opendistro.yml b/playbooks/wazuh-opendistro.yml index 63b54eb2..8de1c16c 100644 --- a/playbooks/wazuh-opendistro.yml +++ b/playbooks/wazuh-opendistro.yml @@ -1,7 +1,7 @@ --- - hosts: es_cluster roles: - - role: ../roles/opendistro/opendistro-elasticsearch + - role: ../roles/opensearch/wazuh-indexer vars: instances: # A certificate will be generated for every node using the name as CN. diff --git a/roles/opensearch/wazuh-dashboard/defaults/main.yml b/roles/opensearch/wazuh-dashboard/defaults/main.yml index f1a87302..ecea6dfc 100644 --- a/roles/opensearch/wazuh-dashboard/defaults/main.yml +++ b/roles/opensearch/wazuh-dashboard/defaults/main.yml @@ -49,7 +49,7 @@ dashboard_security: true #kibana_telemetry_enabled: "false" indexer_admin_password: changeme -dashboard_user: dashboardserver +dashboard_user: kibanaserver dashboard_password: changeme local_certs_path: "{{ playbook_dir }}/indexer/certificates" diff --git a/roles/opensearch/wazuh-dashboard/tasks/Debian.yml b/roles/opensearch/wazuh-dashboard/tasks/Debian.yml index 84ff2723..5ff2b2be 100644 --- a/roles/opensearch/wazuh-dashboard/tasks/Debian.yml +++ b/roles/opensearch/wazuh-dashboard/tasks/Debian.yml @@ -7,7 +7,7 @@ url: "{{ package_repos.apt.dashboard.gpg }}" state: present - - name: Debian systems | Add OpenDistro repo + - name: Debian systems | Add Wazuh-Dashboard repo apt_repository: repo: "{{ package_repos.apt.dashboard.baseurl }}" state: present diff --git a/roles/opensearch/wazuh-indexer/defaults/main.yml b/roles/opensearch/wazuh-indexer/defaults/main.yml index 19548e8a..0c72b624 100644 --- a/roles/opensearch/wazuh-indexer/defaults/main.yml +++ b/roles/opensearch/wazuh-indexer/defaults/main.yml @@ -15,8 +15,8 @@ indexer_start_timeout: 90 #elasticsearch_lower_disk_requirements: false indexer_cluster_nodes: - 127.0.0.1 -#elasticsearch_discovery_nodes: -# - 127.0.0.1 +indexer_discovery_nodes: + - 127.0.0.1 local_certs_path: "{{ playbook_dir }}/indexer/certificates" ##check if it is the correct directory diff --git a/roles/opensearch/wazuh-indexer/tasks/Debian.yml b/roles/opensearch/wazuh-indexer/tasks/Debian.yml index c5748e3c..e29db550 100644 --- a/roles/opensearch/wazuh-indexer/tasks/Debian.yml +++ b/roles/opensearch/wazuh-indexer/tasks/Debian.yml @@ -45,11 +45,11 @@ url: "{{ package_repos.apt.indexer.gpg }}" state: present - - name: Add Opendistro repository + - name: Add Indexer repository apt_repository: repo: "{{ package_repos.apt.indexer.baseurl }}" state: present - filename: 'wazuh-opendistro' + filename: 'wazuh-indexer' update_cache: yes - name: Install Wazuh-Indexer diff --git a/roles/opensearch/wazuh-indexer/tasks/RMRedHat.yml b/roles/opensearch/wazuh-indexer/tasks/RMRedHat.yml index 3d162cdf..c0c769d3 100644 --- a/roles/opensearch/wazuh-indexer/tasks/RMRedHat.yml +++ b/roles/opensearch/wazuh-indexer/tasks/RMRedHat.yml @@ -1,7 +1,7 @@ --- -- name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata) +- name: RedHat/CentOS/Fedora | Remove Wazuh-Indexer repository (and clean up left-over metadata) ## 732 will not be needed and if it is needed the wazuh repo should be removed. yum_repository: - name: opendistro_repo + name: wazuh_repo state: absent changed_when: false diff --git a/roles/opensearch/wazuh-indexer/tasks/RedHat.yml b/roles/opensearch/wazuh-indexer/tasks/RedHat.yml index 8e17326f..317aa007 100644 --- a/roles/opensearch/wazuh-indexer/tasks/RedHat.yml +++ b/roles/opensearch/wazuh-indexer/tasks/RedHat.yml @@ -46,7 +46,7 @@ when: - ansible_distribution == 'Amazon' - - name: RedHat/CentOS/Fedora | Install OpenDistro dependencies + - name: RedHat/CentOS/Fedora | Install Indexer dependencies yum: name: "{{ packages }}" vars: diff --git a/roles/opensearch/wazuh-indexer/tasks/main.yml b/roles/opensearch/wazuh-indexer/tasks/main.yml index ddf17a49..305dde73 100644 --- a/roles/opensearch/wazuh-indexer/tasks/main.yml +++ b/roles/opensearch/wazuh-indexer/tasks/main.yml @@ -91,7 +91,7 @@ state: absent with_items: "{{ files_to_delete.files }}" - - name: Ensure Elasticsearch started and enabled + - name: Ensure Wazuh-Indexer started and enabled ## 732 the service name should be updated service: name: wazuh-indexer @@ -101,7 +101,7 @@ - name: Wait for Wazuh-Indexer API uri: url: "https://{{ inventory_hostname if not single_node else indexer_network_host }}:{{ indexer_http_port }}/_cat/health/" - user: "admin" # Default OpenDistro user is always "admin" + user: "admin" # Default Indexer user is always "admin" password: "{{ indexer_admin_password }}" validate_certs: no status_code: 200,401 @@ -117,10 +117,10 @@ when: - hostvars[inventory_hostname]['private_ip'] is not defined or not hostvars[inventory_hostname]['private_ip'] - - name: Wait for Elasticsearch API (Private IP) + - name: Wait for Wazuh-Indexer API (Private IP) uri: url: "https://{{ hostvars[inventory_hostname]['private_ip'] if not single_node else indexer_network_host }}:{{ indexer_http_port }}/_cat/health/" - user: "admin" # Default OpenDistro user is always "admin" + user: "admin" # Default Indexer user is always "admin" password: "{{ indexer_admin_password }}" validate_certs: no status_code: 200,401 diff --git a/roles/opensearch/wazuh-indexer/tasks/security_actions.yml b/roles/opensearch/wazuh-indexer/tasks/security_actions.yml index c63afd16..96565941 100644 --- a/roles/opensearch/wazuh-indexer/tasks/security_actions.yml +++ b/roles/opensearch/wazuh-indexer/tasks/security_actions.yml @@ -22,7 +22,7 @@ - hostvars[inventory_hostname]['private_ip'] is not defined -- name: Copy the node & admin certificates to Elasticsearch cluster +- name: Copy the node & admin certificates to Wazuh-Indexer cluster copy: src: "{{ local_certs_path }}/certs/{{ item }}" dest: "{{ indexer_conf_path }}/certs/" @@ -55,12 +55,12 @@ # replace: 'opendistro_security' # tags: local -- name: Restart elasticsearch with security configuration +- name: Restart Wazuh-Indexer with security configuration systemd: name: wazuh-indexer state: restarted -- name: Copy the OpenDistro security internal users template +- name: Copy the Opensearch security internal users template template: src: "templates/internal_users.yml.j2" dest: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" @@ -77,15 +77,15 @@ replace: path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" regexp: '(?<=admin:\n hash: )(.*)(?=)' - replace: "{{ odfe_password_hash | quote }}" + replace: "{{ indexer_password_hash | quote }}" vars: - odfe_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}" + indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}" run_once: true # this can also be achieved with password_hash, but it requires dependencies on the controller - name: Hash the kibanaserver role/user pasword command: "{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }}" # noqa 301 - register: opendistro_kibanaserver_password_hashed + register: indexer_kibanaserver_password_hashed no_log: '{{ indexer_nolog_sensible | bool }}' run_once: true @@ -93,12 +93,12 @@ replace: path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" regexp: '(?<=kibanaserver:\n hash: )(.*)(?=)' - replace: "{{ odfe_password_hash | quote }}" + replace: "{{ indexer_password_hash | quote }}" vars: - odfe_password_hash: "{{ opendistro_kibanaserver_password_hashed.stdout_lines | last }}" + indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}" run_once: true -- name: Initialize the OpenDistro security index in elasticsearch +- name: Initialize the Opensearch security index in Wazuh-Indexer command: > sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }} JAVA_HOME=/usr/share/wazuh-indexer/jdk @@ -116,7 +116,7 @@ uri: url: "https://{{ target_address }}:{{ indexer_http_port }}/_plugins/_security/api/internalusers/{{ indexer_custom_user }}" method: PUT - user: "admin" # Default OpenDistro user is always "admin" + user: "admin" # Default Indexer user is always "admin" password: "{{ indexer_admin_password }}" body: | { diff --git a/roles/opensearch/wazuh-indexer/templates/config.yml.j2 b/roles/opensearch/wazuh-indexer/templates/config.yml.j2 index 8b1babf1..918e947e 100644 --- a/roles/opensearch/wazuh-indexer/templates/config.yml.j2 +++ b/roles/opensearch/wazuh-indexer/templates/config.yml.j2 @@ -1,6 +1,7 @@ nodes: # Elasticsearch server nodes elasticsearch: +## 732 this will change to indexer: {% for (key,value) in instances.items() %} {% if (value.role is defined and value.role == 'indexer') %} name: {{ value.name }} @@ -25,6 +26,7 @@ nodes: # Kibana node kibana: +## 732 this will change to dashboards: {% for (key,value) in instances.items() %} {% if (value.role is defined and value.role == 'dashboard') %} name: {{ value.name }} diff --git a/roles/opensearch/wazuh-indexer/templates/opensearch.yml.j2 b/roles/opensearch/wazuh-indexer/templates/opensearch.yml.j2 index 19413f70..5cc294ad 100644 --- a/roles/opensearch/wazuh-indexer/templates/opensearch.yml.j2 +++ b/roles/opensearch/wazuh-indexer/templates/opensearch.yml.j2 @@ -9,7 +9,7 @@ cluster.initial_master_nodes: {% endfor %} discovery.seed_hosts: -{% for item in elasticsearch_discovery_nodes %} +{% for item in indexer_discovery_nodes %} - {{ item }} {% endfor %} {% endif %} diff --git a/roles/wazuh/ansible-filebeat-oss/README.md b/roles/wazuh/ansible-filebeat-oss/README.md index 81fc8dcc..e8c26f13 100644 --- a/roles/wazuh/ansible-filebeat-oss/README.md +++ b/roles/wazuh/ansible-filebeat-oss/README.md @@ -19,7 +19,7 @@ Role Variables Available variables are listed below, along with default values (see `defaults/main.yml`): ``` - filebeat_output_elasticsearch_hosts: + filebeat_output_indexer_hosts: - "localhost:9200" ``` diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index dfd9fb04..01f5becd 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -3,7 +3,7 @@ filebeat_version: 7.10.2 wazuh_template_branch: v4.2.5 -filebeat_output_elasticsearch_hosts: +filebeat_output_indexer_hosts: - "localhost:9700" #filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat @@ -18,7 +18,7 @@ indexer_security_password: changeme filebeat_security: true filebeat_ssl_dir: /etc/pki/filebeat -# Local path to store the generated certificates (OpenDistro security plugin) +# Local path to store the generated certificates (Opensearch security plugin) local_certs_path: ./indexer/certificates filebeatrepo: diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat-oss/tasks/RMRedHat.yml index 8565894e..abf858fe 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/RMRedHat.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata) yum_repository: - name: elastic_oss-repo_7 + name: wazuh_repo state: absent changed_when: false diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml index d4024e25..bdf4519b 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml @@ -1,8 +1,8 @@ --- - name: RedHat/CentOS/Fedora/Amazon Linux | Install Filebeats repo yum_repository: - name: elastic_oss-repo_7 - description: Elastic repository for 7.x packages + name: wazuh_repo + description: Wazuh Repo baseurl: "{{ filebeatrepo.yum }}" gpgkey: "{{ filebeatrepo.gpg }}" gpgcheck: true diff --git a/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 index 8b013a74..86066f3c 100644 --- a/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 @@ -14,9 +14,9 @@ setup.template.json.name: 'wazuh' setup.template.overwrite: true setup.ilm.enabled: false -# Send events directly to Elasticsearch +# Send events directly to Opensearch output.elasticsearch: - hosts: {{ filebeat_output_elasticsearch_hosts | to_json }} + hosts: {{ filebeat_output_indexer_hosts | to_json }} {% if filebeat_security %} username: {{ indexer_security_user }} @@ -28,5 +28,5 @@ output.elasticsearch: ssl.key: "{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem" {% endif %} -# Optional. Send events to Logstash instead of Elasticsearch +# Optional. Send events to Logstash instead of Opensearch #output.logstash.hosts: ["YOUR_LOGSTASH_SERVER_IP:5000"] \ No newline at end of file