213 lines
6.8 KiB
YAML
213 lines
6.8 KiB
YAML
---
|
|
# Certificates generation
|
|
- hosts: wi1
|
|
roles:
|
|
- role: ../roles/opensearch/wazuh-indexer
|
|
indexer_network_host: "{{ private_ip }}"
|
|
indexer_cluster_nodes:
|
|
- "{{ hostvars.wi1.private_ip }}"
|
|
- "{{ hostvars.wi2.private_ip }}"
|
|
- "{{ hostvars.wi3.private_ip }}"
|
|
indexer_discovery_nodes:
|
|
- "{{ hostvars.wi1.private_ip }}"
|
|
- "{{ hostvars.wi2.private_ip }}"
|
|
- "{{ hostvars.wi3.private_ip }}"
|
|
perform_installation: false
|
|
become: no
|
|
vars:
|
|
indexer_node_master: true
|
|
instances:
|
|
node1:
|
|
name: node-1 # Important: must be equal to indexer_node_name.
|
|
ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
|
|
role: indexer
|
|
node2:
|
|
name: node-2
|
|
ip: "{{ hostvars.wi2.private_ip }}"
|
|
role: indexer
|
|
node3:
|
|
name: node-3
|
|
ip: "{{ hostvars.wi3.private_ip }}"
|
|
role: indexer
|
|
node4:
|
|
name: node-4
|
|
ip: "{{ hostvars.manager.private_ip }}"
|
|
role: wazuh
|
|
node_type: master
|
|
node5:
|
|
name: node-5
|
|
ip: "{{ hostvars.worker.private_ip }}"
|
|
role: wazuh
|
|
node_type: worker
|
|
node6:
|
|
name: node-6
|
|
ip: "{{ hostvars.dashboard.private_ip }}"
|
|
role: dashboard
|
|
tags:
|
|
- generate-certs
|
|
|
|
# Wazuh indexer cluster
|
|
- hosts: wi_cluster
|
|
strategy: free
|
|
roles:
|
|
- role: ../roles/opensearch/wazuh-indexer
|
|
indexer_network_host: "{{ private_ip }}"
|
|
become: yes
|
|
become_user: root
|
|
vars:
|
|
indexer_cluster_nodes:
|
|
- "{{ hostvars.wi1.private_ip }}"
|
|
- "{{ hostvars.wi2.private_ip }}"
|
|
- "{{ hostvars.wi3.private_ip }}"
|
|
indexer_discovery_nodes:
|
|
- "{{ hostvars.wi1.private_ip }}"
|
|
- "{{ hostvars.wi2.private_ip }}"
|
|
- "{{ hostvars.wi3.private_ip }}"
|
|
indexer_node_master: true
|
|
instances:
|
|
node1:
|
|
name: node-1 # Important: must be equal to indexer_node_name.
|
|
ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
|
|
role: indexer
|
|
node2:
|
|
name: node-2
|
|
ip: "{{ hostvars.wi2.private_ip }}"
|
|
role: indexer
|
|
node3:
|
|
name: node-3
|
|
ip: "{{ hostvars.wi3.private_ip }}"
|
|
role: indexer
|
|
node4:
|
|
name: node-4
|
|
ip: "{{ hostvars.manager.private_ip }}"
|
|
role: wazuh
|
|
node_type: master
|
|
node5:
|
|
name: node-5
|
|
ip: "{{ hostvars.worker.private_ip }}"
|
|
role: wazuh
|
|
node_type: worker
|
|
node6:
|
|
name: node-6
|
|
ip: "{{ hostvars.dashboard.private_ip }}"
|
|
role: dashboard
|
|
|
|
# Wazuh cluster
|
|
- hosts: manager
|
|
roles:
|
|
- role: "../roles/wazuh/ansible-wazuh-manager"
|
|
- role: "../roles/wazuh/ansible-filebeat-oss"
|
|
filebeat_node_name: node-4
|
|
become: yes
|
|
become_user: root
|
|
vars:
|
|
wazuh_manager_config:
|
|
connection:
|
|
- type: 'secure'
|
|
port: '1514'
|
|
protocol: 'tcp'
|
|
queue_size: 131072
|
|
api:
|
|
https: 'yes'
|
|
cluster:
|
|
disable: 'no'
|
|
node_name: 'master'
|
|
node_type: 'master'
|
|
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
|
|
nodes:
|
|
- "{{ hostvars.manager.private_ip }}"
|
|
hidden: 'no'
|
|
wazuh_api_users:
|
|
- username: custom-user
|
|
password: SecretPassword1!
|
|
filebeat_output_indexer_hosts:
|
|
- "{{ hostvars.wi1.private_ip }}"
|
|
- "{{ hostvars.wi2.private_ip }}"
|
|
- "{{ hostvars.wi3.private_ip }}"
|
|
|
|
- hosts: worker
|
|
roles:
|
|
- role: "../roles/wazuh/ansible-wazuh-manager"
|
|
- role: "../roles/wazuh/ansible-filebeat-oss"
|
|
filebeat_node_name: node-5
|
|
become: yes
|
|
become_user: root
|
|
vars:
|
|
wazuh_manager_config:
|
|
connection:
|
|
- type: 'secure'
|
|
port: '1514'
|
|
protocol: 'tcp'
|
|
queue_size: 131072
|
|
api:
|
|
https: 'yes'
|
|
cluster:
|
|
disable: 'no'
|
|
node_name: 'worker_01'
|
|
node_type: 'worker'
|
|
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
|
|
nodes:
|
|
- "{{ hostvars.manager.private_ip }}"
|
|
hidden: 'no'
|
|
filebeat_output_indexer_hosts:
|
|
- "{{ hostvars.wi1.private_ip }}"
|
|
- "{{ hostvars.wi2.private_ip }}"
|
|
- "{{ hostvars.wi3.private_ip }}"
|
|
|
|
# Indexer + dashboard node
|
|
- hosts: dashboard
|
|
roles:
|
|
- role: "../roles/opensearch/wazuh-indexer"
|
|
- role: "../roles/opensearch/wazuh-dashboard"
|
|
become: yes
|
|
become_user: root
|
|
vars:
|
|
indexer_network_host: "{{ hostvars.dashboard.private_ip }}"
|
|
indexer_node_name: node-6
|
|
indexer_node_master: false
|
|
indexer_node_ingest: false
|
|
indexer_node_data: false
|
|
indexer_cluster_nodes:
|
|
- "{{ hostvars.wi1.private_ip }}"
|
|
- "{{ hostvars.wi2.private_ip }}"
|
|
- "{{ hostvars.wi3.private_ip }}"
|
|
indexer_discovery_nodes:
|
|
- "{{ hostvars.wi1.private_ip }}"
|
|
- "{{ hostvars.wi2.private_ip }}"
|
|
- "{{ hostvars.wi3.private_ip }}"
|
|
dashboard_node_name: node-6
|
|
wazuh_api_credentials:
|
|
- id: default
|
|
url: https://{{ hostvars.manager.private_ip }}
|
|
port: 55000
|
|
username: custom-user
|
|
password: SecretPassword!
|
|
instances:
|
|
node1:
|
|
name: node-1
|
|
ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
|
|
role: indexer
|
|
node2:
|
|
name: node-2
|
|
ip: "{{ hostvars.wi2.private_ip }}"
|
|
role: indexer
|
|
node3:
|
|
name: node-3
|
|
ip: "{{ hostvars.wi3.private_ip }}"
|
|
role: indexer
|
|
node4:
|
|
name: node-4
|
|
ip: "{{ hostvars.manager.private_ip }}"
|
|
role: wazuh
|
|
node_type: master
|
|
node5:
|
|
name: node-5
|
|
ip: "{{ hostvars.worker.private_ip }}"
|
|
role: wazuh
|
|
node_type: worker
|
|
node6:
|
|
name: node-6
|
|
ip: "{{ hostvars.dashboard.private_ip }}"
|
|
role: dashboard
|
|
ansible_shell_allow_world_readable_temp: true
|