Using latest SearchGuard tool. Fixing Wazuh API credentials template

2020-08-26 14:05:38 +02:00 · 2020-08-26 14:05:38 +02:00 · f2e7a75b09
commit f2e7a75b09
parent af88cc4de8
4 changed files with 28 additions and 44 deletions
--- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
+++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
@ -53,10 +53,10 @@ opendistro_jvm_xms: null

 opendistro_http_port: 9200

-certs_gen_tool_version: 1.7
+certs_gen_tool_version: 1.8

 # Url of Search Guard certificates generator tool
-certs_gen_tool_url: "https://wazuh-demo.s3-us-west-1.amazonaws.com/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
+certs_gen_tool_url: "https://maven.search-guard.com/search-guard-tlstool/{{ certs_gen_tool_version }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"

 elasticrepo:
  apt: 'https://artifacts.elastic.co/packages/7.x/apt'
--- a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml
+++ b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml
@ -29,7 +29,7 @@

  - name: Local action | Extract the certificates generation tool
    unarchive:
-      src: "{{ local_certs_path }}/search-guard-tlstool-1.7.zip"
+      src: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
      dest: "{{ local_certs_path }}/"

  - name: Local action | Add the execution bit to the binary
--- a/roles/opendistro/opendistro-kibana/defaults/main.yml
+++ b/roles/opendistro/opendistro-kibana/defaults/main.yml
@ -34,10 +34,10 @@ package_repos:
 # API credentials
 wazuh_api_credentials:
  - id: "default"
-    url: "http://localhost"
+    url: "https://localhost"
    port: 55000
-    user: "foo"
-    password: "bar"
+    username: "wazuh"
+    password: "wazuh"

 # opendistro Security
 kibana_opendistro_security: true
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@ -35,26 +35,10 @@ wazuh_manager_sources_installation:
  user_ca_store: null
  threads: "2"

-wazuh_api_sources_installation:
-  enabled: false
-  branch: "v3.13.1"
-  update: "y"
-  remove: "y"
-  directory: null
-  port: 55000
-  https: "n"
-  authd: null
-  proxy: null
-  country: null
-  state: null
-  locality: null
-  org_name: null
-  org_unit: null
-  common_name: null
-  password: null
-
-wazuh_api_user:
-  - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/"
+# wazuh_api_users:
+#   - username: custom_user5
+#     password: Custom_password0
+#     role: administrator

 wazuh_manager_config:
  repo:
@ -68,29 +52,29 @@ wazuh_manager_config:
  logall_json: 'no'
  log_format: 'plain'
  api:
-    bind_addr: '0.0.0.0'
+    bind_addr: 0.0.0.0
    port: 55000
-    behind_proxy_server: 'no'
-    https: 'yes'
-    https_key: 'api/configuration/ssl/server.key'
-    https_cert: 'api/configuration/ssl/server.crt'
-    https_use_ca: 'False'
-    https_ca: 'api/configuration/ssl/ca.crt'
-    logging_level: 'info'
-    logging_path: 'logs/api.log'
-    cors: 'no'
-    cors_source_route: '*'
-    cors_expose_headers: '*'
-    cors_allow_headers: '*'
-    cors_allow_credentials: 'no'
-    cache: 'yes'
+    behind_proxy_server: no
+    https: yes
+    https_key: "api/configuration/ssl/server.key"
+    https_cert: "api/configuration/ssl/server.crt"
+    https_use_ca: False
+    https_ca: "api/configuration/ssl/ca.crt"
+    logging_level: "info"
+    logging_path: "logs/api.log"
+    cors: no
+    cors_source_route: "*"
+    cors_expose_headers: "*"
+    cors_allow_headers: "*"
+    cors_allow_credentials: no
+    cache: yes
    cache_time: 0.750
    access_max_login_attempts: 5
    access_block_time: 300
    access_max_request_per_minute: 300
-    use_only_authd: 'no'
-    drop_privileges: 'yes'
-    experimental_features: 'no'
+    use_only_authd: no
+    drop_privileges: yes
+    experimental_features: no
  cluster:
    disable: 'yes'
    name: 'wazuh'