diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 48c8bf6a..72078678 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -35,7 +35,7 @@ jobs: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' - scenario-distributed-wazuh-odfe: + scenario-distributed-wazuh: name: Distributed ODFE + Wazuh runs-on: ubuntu-latest steps: @@ -60,7 +60,7 @@ jobs: run: poetry install - name: Run Molecule tests. - run: poetry run molecule test -s distributed-wazuh-odfe + run: poetry run molecule test -s distributed-wazuh env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml deleted file mode 100644 index 4fcb46fd..00000000 --- a/molecule/distributed-wazuh-odfe/group_vars/all.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- - -######################################################## -# Helper variables -private_ip: '{{ ansible_default_ipv4.address }}' - -managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" -elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" -kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars) | list }}" - -manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" -elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" -kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}" - -######################################################## -# General ELK stack variables - -# OpenDistro -kibana_opendistro_security: true - -opendistro_kibana_user: kibanaserver -opendistro_security_user: elastic - -opendistro_kibana_password: changeme -opendistro_security_password: admin -opendistro_admin_password: changeme - -# All nodes are called by IP name -elasticsearch_node_name: '{{ ansible_hostname }}' -kibana_node_name: '{{ ansible_hostname }}' -filebeat_node_name: '{{ ansible_hostname }}' - -######################################################## -# Versions -# See: https://opendistro.github.io/for-elasticsearch-docs/version-history/ - -elastic_stack_version: 7.10.2 -opendistro_version: 1.13.2 -filebeat_version: 7.10.2 -kibana_opendistro_version: 1.13.2-1 - -# Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.3.1-1 -wazuh_agent_version: 4.3.1-1 - -# Kibana role appends it automatically. -wazuh_version: 4.3.1 diff --git a/molecule/distributed-wazuh-odfe/group_vars/elastic.yml b/molecule/distributed-wazuh-odfe/group_vars/elastic.yml deleted file mode 100644 index 056f5184..00000000 --- a/molecule/distributed-wazuh-odfe/group_vars/elastic.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -single_node: false -elasticsearch_node_master: true -minimum_master_nodes: 1 - -elasticsearch_network_host: '{{ private_ip }}' - -elasticsearch_reachable_host: '{{ private_ip }}' -elasticsearch_http_port: 9200 - -elasticsearch_bootstrap_node: true -elasticsearch_cluster_nodes: '{{ elastic_addresses }}' -elasticsearch_discovery_nodes: '{{ elastic_addresses }}' - -opendistro_jvm_xms: 1024 diff --git a/molecule/distributed-wazuh-odfe/group_vars/kibana.yml b/molecule/distributed-wazuh-odfe/group_vars/kibana.yml deleted file mode 100644 index 5101d76a..00000000 --- a/molecule/distributed-wazuh-odfe/group_vars/kibana.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -kibana_server_name: '{{ ansible_hostname }}' -elasticsearch_network_host: "{{ elastic_addresses[0] }}" -#elasticsearch_http_port: 9200 - -elasticsearch_node_master: false -elasticsearch_node_ingest: false -elasticsearch_node_data: false - -wazuh_api_credentials: - - id: default - url: 'https://{{ manager_addresses[0] }}' - port: 55000 - #port: 1514 - username: wazuh - password: wazuh diff --git a/molecule/distributed-wazuh-odfe/INSTALL.rst b/molecule/distributed-wazuh/INSTALL.rst similarity index 100% rename from molecule/distributed-wazuh-odfe/INSTALL.rst rename to molecule/distributed-wazuh/INSTALL.rst diff --git a/molecule/distributed-wazuh-odfe/converge.yml b/molecule/distributed-wazuh/converge.yml similarity index 69% rename from molecule/distributed-wazuh-odfe/converge.yml rename to molecule/distributed-wazuh/converge.yml index 874df159..53f95153 100644 --- a/molecule/distributed-wazuh-odfe/converge.yml +++ b/molecule/distributed-wazuh/converge.yml @@ -5,7 +5,7 @@ become: true become_user: root vars: - endpoints_hostvars: '{{ managers_hostvars | union(elastic_hostvars) | union(kibana_hostvars) }}' + endpoints_hostvars: '{{ managers_hostvars | union(indexer_hostvars) | union(dashboard_hostvars) }}' wazuh_managers_common: port: 1514 protocol: tcp @@ -17,7 +17,7 @@ pre_tasks: - name: (converge) build instances list dynamically for cert generator consumption set_fact: - odfe_endpoint_list: "{{ odfe_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}" + wazuh_endpoint_list: "{{ wazuh_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}" vars: instance_hostname: '{{ item.ansible_facts.hostname }}' instance_item: @@ -35,39 +35,39 @@ - name: overview of cert configuration debug: - var: odfe_endpoint_list + var: wazuh_endpoint_list - name: Generate certificates prior to converging - hosts: molecule_odfe_elasticsearch_centos7 + hosts: molecule_wazuh_indexer_centos7 become: true become_user: root roles: - - role: ../../roles/opendistro/opendistro-elasticsearch + - role: ../../roles/wazuh/wazuh-indexer vars: generate_certs: true perform_installation: false - instances: '{{ odfe_endpoint_list }}' + instances: '{{ wazuh_endpoint_list }}' pre_tasks: - name: overview of cert configuration debug: - var: odfe_endpoint_list + var: wazuh_endpoint_list - name: Converge hosts: all become: true become_user: root roles: - # 1. Elasticsearch - - role: ../../roles/opendistro/opendistro-elasticsearch - when: inventory_hostname in groups['elastic'] + # 1. Wazuh indexer + - role: ../../roles/wazuh/wazuh-indexer + when: inventory_hostname in groups['indexer'] # 2. Managers - role: ../../roles/wazuh/ansible-wazuh-manager when: inventory_hostname in groups['managers'] - role: ../../roles/wazuh/ansible-filebeat-oss when: inventory_hostname in groups['managers'] - # 3. Kibana - - role: ../../roles/opendistro/opendistro-kibana - when: inventory_hostname in groups['kibana'] + # 3. Wazuh dashboard + - role: ../../roles/wazuh/wazuh-dashboard + when: inventory_hostname in groups['dashboard'] # 4. Agents: - role: ../../roles/wazuh/ansible-wazuh-agent vars: diff --git a/molecule/distributed-wazuh-odfe/group_vars/agents.yml b/molecule/distributed-wazuh/group_vars/agents.yml similarity index 100% rename from molecule/distributed-wazuh-odfe/group_vars/agents.yml rename to molecule/distributed-wazuh/group_vars/agents.yml diff --git a/molecule/distributed-wazuh/group_vars/all.yml b/molecule/distributed-wazuh/group_vars/all.yml new file mode 100644 index 00000000..44025daa --- /dev/null +++ b/molecule/distributed-wazuh/group_vars/all.yml @@ -0,0 +1,39 @@ +--- + +######################################################## +# Helper variables +private_ip: '{{ ansible_default_ipv4.address }}' + +managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" +indexer_hostvars: "{{ groups['indexer'] | map('extract', hostvars) | list }}" +dashboard_hostvars: "{{ groups['dashboard'] | map('extract', hostvars) | list }}" + +manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" +indexer_addresses: "{{ indexer_hostvars | map(attribute='private_ip') | list }}" +dashboard_addresses: "{{ dashboard_hostvars | map(attribute='private_ip') | list }}" + +######################################################## +# General Wazuh stack variables + +# Wazuh indexer/dashboard +dashboard_security: true + +dashboard_user: kibanaserver +indexer_security_user: admin + +dashboard_password: changeme +indexer_security_password: changeme +indexer_admin_password: changeme + +# All nodes are called by IP name +indexer_node_name: '{{ ansible_hostname }}' +dashboard_node_name: '{{ ansible_hostname }}' +filebeat_node_name: '{{ ansible_hostname }}' + +indexer_version: 4.3.1 +filebeat_version: 7.10.2 +wazuh_version: 4.3.1 + +# Debian packages need the ${VERSION}-1 +wazuh_manager_version: 4.3.1-1 +wazuh_agent_version: 4.3.1-1 diff --git a/molecule/distributed-wazuh/group_vars/dashboard.yml b/molecule/distributed-wazuh/group_vars/dashboard.yml new file mode 100644 index 00000000..73550266 --- /dev/null +++ b/molecule/distributed-wazuh/group_vars/dashboard.yml @@ -0,0 +1,17 @@ +--- + +dashboard_server_name: '{{ ansible_hostname }}' +indexer_network_host: "{{ indexer_addresses[0] }}" +#indexer_http_port: 9200 + +indexer_node_master: false +indexer_node_ingest: false +indexer_node_data: false + +wazuh_api_credentials: + - id: default + url: 'https://{{ manager_addresses[0] }}' + port: 55000 + #port: 1514 + username: wazuh + password: wazuh diff --git a/molecule/distributed-wazuh/group_vars/indexer.yml b/molecule/distributed-wazuh/group_vars/indexer.yml new file mode 100644 index 00000000..747fdd6c --- /dev/null +++ b/molecule/distributed-wazuh/group_vars/indexer.yml @@ -0,0 +1,12 @@ +--- + +single_node: false +indexer_node_master: true +minimum_master_nodes: 1 + +indexer_network_host: '{{ private_ip }}' + +indexer_http_port: 9200 + +indexer_cluster_nodes: '{{ indexer_addresses }}' +indexer_discovery_nodes: '{{ indexer_addresses }}' diff --git a/molecule/distributed-wazuh-odfe/group_vars/managers.yml b/molecule/distributed-wazuh/group_vars/managers.yml similarity index 83% rename from molecule/distributed-wazuh-odfe/group_vars/managers.yml rename to molecule/distributed-wazuh/group_vars/managers.yml index 4f15afd5..866b1ebe 100644 --- a/molecule/distributed-wazuh-odfe/group_vars/managers.yml +++ b/molecule/distributed-wazuh/group_vars/managers.yml @@ -1,7 +1,7 @@ --- wazuh_manager_fqdn: '{{ ansible_hostname }}' -filebeat_output_elasticsearch_hosts: '{{ elastic_addresses }}' +filebeat_output_indexer_hosts: '{{ indexer_addresses }}' wazuh_manager_config: connection: diff --git a/molecule/distributed-wazuh-odfe/molecule.yml b/molecule/distributed-wazuh/molecule.yml similarity index 88% rename from molecule/distributed-wazuh-odfe/molecule.yml rename to molecule/distributed-wazuh/molecule.yml index 46c08695..d6f1d90b 100644 --- a/molecule/distributed-wazuh-odfe/molecule.yml +++ b/molecule/distributed-wazuh/molecule.yml @@ -18,7 +18,7 @@ platforms: ################################################ # Wazuh Managers ################################################ - - name: molecule_odfe_manager_centos7 + - name: molecule_wazuh_manager_centos7 hostname: wazuh-mgr01 image: geerlingguy/docker-centos7-ansible command: /sbin/init @@ -33,7 +33,7 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: molecule_odfe_manager_debian9 + - name: molecule_wazuh_manager_debian9 hostname: wazuh-mgr02 image: geerlingguy/docker-debian9-ansible command: /sbin/init @@ -49,9 +49,9 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:ro ################################################ - # Elastic Cluster + # Wazuh indexer Cluster ################################################ - - name: molecule_odfe_elasticsearch_centos7 + - name: molecule_wazuh_indexer_centos7 hostname: wazuh-es01 image: geerlingguy/docker-centos7-ansible command: /sbin/init @@ -60,13 +60,13 @@ platforms: memory: 4096m memory_reservation: 2048m groups: - - elastic + - indexer ulimits: - nofile:262144:262144 volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: molecule_odfe_elasticsearch_centos7_2 + - name: molecule_wazuh_indexer_centos7_2 hostname: wazuh-es02 image: geerlingguy/docker-centos7-ansible command: /sbin/init @@ -75,7 +75,7 @@ platforms: memory: 4096m memory_reservation: 2048m groups: - - elastic + - indexer ulimits: - nofile:262144:262144 volumes: @@ -84,7 +84,7 @@ platforms: ################################################ # Wazuh Agents ################################################ - - name: molecule_odfe_agent_centos7 + - name: molecule_wazuh_agent_centos7 hostname: wazuh-agent01 image: geerlingguy/docker-centos7-ansible command: /sbin/init @@ -97,7 +97,7 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: molecule_odfe_agent_debian9 + - name: molecule_wazuh_agent_debian9 hostname: wazuh-agent02 image: geerlingguy/docker-debian9-ansible command: /sbin/init @@ -111,11 +111,11 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:ro ################################################ - # Kibana + # Wazuh dashboard ################################################ - - name: molecule_odfe_kibana_centos7 - hostname: wazuh-kib01 + - name: molecule_wazuh_dashboard_centos7 + hostname: wazuh-dash01 image: geerlingguy/docker-centos7-ansible command: /sbin/init pre_build_image: true @@ -123,7 +123,7 @@ platforms: memory: 2048m memory_reservation: 512m groups: - - kibana + - dashboard volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro @@ -147,7 +147,7 @@ provisioner: name: ansible-lint enabled: false scenario: - name: distributed-wazuh-odfe + name: distributed-wazuh test_sequence: - dependency - syntax diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh/tests/test_default.py similarity index 100% rename from molecule/distributed-wazuh-odfe/tests/test_default.py rename to molecule/distributed-wazuh/tests/test_default.py