--- # Certificates generation - hosts: wi1 roles: - role: ../roles/opensearch/wazuh-indexer indexer_network_host: "{{ private_ip }}" indexer_cluster_nodes: - "{{ hostvars.wi1.private_ip }}" - "{{ hostvars.wi2.private_ip }}" - "{{ hostvars.wi3.private_ip }}" indexer_discovery_nodes: - "{{ hostvars.wi1.private_ip }}" - "{{ hostvars.wi2.private_ip }}" - "{{ hostvars.wi3.private_ip }}" perform_installation: false become: no vars: indexer_node_master: true instances: node1: name: node-1 # Important: must be equal to indexer_node_name. ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. role: indexer node2: name: node-2 ip: "{{ hostvars.wi2.private_ip }}" role: indexer node3: name: node-3 ip: "{{ hostvars.wi3.private_ip }}" role: indexer node4: name: node-4 ip: "{{ hostvars.manager.private_ip }}" role: wazuh node_type: master node5: name: node-5 ip: "{{ hostvars.worker.private_ip }}" role: wazuh node_type: worker node6: name: node-6 ip: "{{ hostvars.dashboard.private_ip }}" role: dashboard tags: - generate-certs #Wazuh Indexer Cluster - hosts: wi_cluster strategy: free roles: - role: ../roles/opensearch/wazuh-indexer indexer_network_host: "{{ private_ip }}" become: yes become_user: root vars: indexer_cluster_nodes: - "{{ hostvars.wi1.private_ip }}" - "{{ hostvars.wi2.private_ip }}" - "{{ hostvars.wi3.private_ip }}" indexer_discovery_nodes: - "{{ hostvars.wi1.private_ip }}" - "{{ hostvars.wi2.private_ip }}" - "{{ hostvars.wi3.private_ip }}" indexer_node_master: true instances: node1: name: node-1 # Important: must be equal to indexer_node_name. ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. role: indexer node2: name: node-2 ip: "{{ hostvars.wi2.private_ip }}" role: indexer node3: name: node-3 ip: "{{ hostvars.wi3.private_ip }}" role: indexer node4: name: node-4 ip: "{{ hostvars.manager.private_ip }}" role: wazuh node_type: master node5: name: node-5 ip: "{{ hostvars.worker.private_ip }}" role: wazuh node_type: worker node6: name: node-6 ip: "{{ hostvars.dashboard.private_ip }}" role: dashboard #Wazuh cluster - hosts: manager roles: - role: "../roles/wazuh/ansible-wazuh-manager" - role: "../roles/wazuh/ansible-filebeat-oss" filebeat_node_name: node-4 become: yes become_user: root vars: wazuh_manager_config: connection: - type: 'secure' port: '1514' protocol: 'tcp' queue_size: 131072 api: https: 'yes' cluster: disable: 'no' node_name: 'master' node_type: 'master' key: 'c98b62a9b6169ac5f67dae55ae4a9088' nodes: - "{{ hostvars.manager.private_ip }}" hidden: 'no' wazuh_api_users: - username: custom-user password: SecretPassword1! filebeat_output_indexer_hosts: - "{{ hostvars.wi1.private_ip }}" - "{{ hostvars.wi2.private_ip }}" - "{{ hostvars.wi3.private_ip }}" - hosts: worker roles: - role: "../roles/wazuh/ansible-wazuh-manager" - role: "../roles/wazuh/ansible-filebeat-oss" filebeat_node_name: node-5 become: yes become_user: root vars: wazuh_manager_config: connection: - type: 'secure' port: '1514' protocol: 'tcp' queue_size: 131072 api: https: 'yes' cluster: disable: 'no' node_name: 'worker_01' node_type: 'worker' key: 'c98b62a9b6169ac5f67dae55ae4a9088' nodes: - "{{ hostvars.manager.private_ip }}" hidden: 'no' filebeat_output_indexer_hosts: - "{{ hostvars.wi1.private_ip }}" - "{{ hostvars.wi2.private_ip }}" - "{{ hostvars.wi3.private_ip }}" #Indexer+Dashboard node - hosts: dashboard roles: - role: "../roles/opensearch/wazuh-indexer" - role: "../roles/opensearch/wazuh-dashboard" become: yes become_user: root vars: indexer_network_host: "{{ hostvars.dashboard.private_ip }}" indexer_node_name: node-6 indexer_node_master: false indexer_node_ingest: false indexer_node_data: false indexer_cluster_nodes: - "{{ hostvars.wi1.private_ip }}" - "{{ hostvars.wi2.private_ip }}" - "{{ hostvars.wi3.private_ip }}" indexer_discovery_nodes: - "{{ hostvars.wi1.private_ip }}" - "{{ hostvars.wi2.private_ip }}" - "{{ hostvars.wi3.private_ip }}" dashboard_node_name: node-6 wazuh_api_credentials: - id: default url: https://{{ hostvars.manager.private_ip }} port: 55000 username: custom-user password: SecretPassword! instances: node1: name: node-1 ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. role: indexer node2: name: node-2 ip: "{{ hostvars.wi2.private_ip }}" role: indexer node3: name: node-3 ip: "{{ hostvars.wi3.private_ip }}" role: indexer node4: name: node-4 ip: "{{ hostvars.manager.private_ip }}" role: wazuh node_type: master node5: name: node-5 ip: "{{ hostvars.worker.private_ip }}" role: wazuh node_type: worker node6: name: node-6 ip: "{{ hostvars.dashboard.private_ip }}" role: dashboard ansible_shell_allow_world_readable_temp: true