diff --git a/provisioning/environments/manager_agent.yaml b/provisioning/environments/manager_agent.yaml new file mode 100644 index 0000000000..31492c9e53 --- /dev/null +++ b/provisioning/environments/manager_agent.yaml @@ -0,0 +1,27 @@ +wazuh-manager: + roles: + - manager + +wazuh-agent1: + roles: + - agent + manager: wazuh-manager + version: 4.1.5 + revision: 1 + repository: live + +wazuh-agent2: + roles: + - agent + manager: wazuh-manager + version: 4.2.2 + revision: 1 + repository: live + +wazuh-agent3: + manager: wazuh-manager + roles: + - agent + version: 4.2.5 + revision: 1 + repository: live diff --git a/provisioning/playbooks/apache.yaml b/provisioning/playbooks/apache.yaml new file mode 100644 index 0000000000..3b4fc883cb --- /dev/null +++ b/provisioning/playbooks/apache.yaml @@ -0,0 +1,14 @@ +- hosts: apache + tasks: + - name: Install apache block + block: + - name: Install apache server in Linux systems + become: true + become_user: root + import_role: + name: ../roles/apache + when: ansible_os_family == "Debian" or ansible_os_family == "RedHat" or ansible_os_family == "Solaris" + - name: Install apache server in Windows and macOS hosts + import_role: + name: ../roles/apache + when: ansible_os_family == "Windows" or ansible_os_family == "Darwin" diff --git a/provisioning/playbooks/qa_framework.yaml b/provisioning/playbooks/qa_framework.yaml new file mode 100644 index 0000000000..a9ff6239f9 --- /dev/null +++ b/provisioning/playbooks/qa_framework.yaml @@ -0,0 +1,12 @@ +- hosts: qa_framework + roles: + - ../roles/qa_framework + vars: + qa_hosts: + - port: 1514 + protocol: tcp + api_port: 55000 + api_proto: http + api_user: ansible + max_retries: 5 + retry_interval: 5 diff --git a/provisioning/playbooks/wazuh_environment.yaml b/provisioning/playbooks/wazuh_environment.yaml new file mode 100644 index 0000000000..da6ee2ede8 --- /dev/null +++ b/provisioning/playbooks/wazuh_environment.yaml @@ -0,0 +1,71 @@ +# Certificates generation +- hosts: wi1 + roles: + - role: "{{ wazuh_ansible_roles }}/wazuh/wazuh-indexer" + indexer_network_host: "{{ private_ip }}" + perform_installation: false + become: true + vars: + indexer_node_master: true + tags: + - generate-certs + +# Wazuh indexer cluster +- hosts: wi_cluster + roles: + - role: "{{ wazuh_ansible_roles }}/wazuh/wazuh-indexer" + indexer_network_host: "{{ private_ip }}" + become: true + become_user: root + vars: + indexer_node_master: true + +- hosts: manager + roles: + - role: "{{wazuh_ansible_roles }}/wazuh/ansible-wazuh-manager" + become: true + become_user: root + +- hosts: filebeat + roles: + - role: "{{wazuh_ansible_roles }}/wazuh/ansible-filebeat-oss" + become: true + become_user: root + +# Indexer + dashboard node +- hosts: dashboard + roles: + - role: "{{wazuh_ansible_roles }}/wazuh/wazuh-indexer" + - role: "{{wazuh_ansible_roles }}/wazuh/wazuh-dashboard" + become: true + become_user: root + vars: + indexer_network_host: "{{ hostvars.dashboard.private_ip }}" + indexer_node_master: false + indexer_node_ingest: false + indexer_node_data: false + indexer_cluster_nodes: "{{ indexer_discovery_nodes }}" + ansible_shell_allow_world_readable_temp: true + wazuh_api_credentials: + - id: default + url: https://{{ hostvars.master.private_ip }} + port: 55000 + username: wazuh + password: wazuh + +# Agent +- hosts: agent + tasks: + - name: Agents + block: + - name: Install UNIX based agents + become: true + become_user: root + import_role: + name: "{{ wazuh_ansible_roles }}/wazuh/ansible-wazuh-agent" + when: ansible_os_family != "Windows" + + - name: Install Windows based agents + import_role: + name: "{{ wazuh_ansible_roles }}/wazuh/ansible-wazuh-agent" + when: ansible_os_family == "Windows" diff --git a/provisioning/roles.yaml b/provisioning/roles.yaml new file mode 100644 index 0000000000..8eb92c9088 --- /dev/null +++ b/provisioning/roles.yaml @@ -0,0 +1,77 @@ +qa_framework: + playbook: ./playbooks/qa_framework.yml + os: ANY + service: ANY + vars: + mandatory: + qa_repository_reference: QA_REFERENCE + +apache: + playbook: ./playbooks/apache.yml + os: LINUX_BASED_OS + service: ANY + +agent: + playbook: ./playbooks/wazuh_environment.yaml + os: ANY + service: ANY + vars: + mandatory: + version: VERSION + revision: REVISION + repository: REPOSITORY + manager: MANAGER_HOST + +manager: + playbook: ./playbooks/wazuh_environment.yaml + os: LINUX_BASED_OS + service: ANY + resources: + minimal: + cpu: 2 + memory: 2048 + vars: + mandatory: + version: VERSION + revision: REVISION + repository: REPOSITORY + default: + type: master + +indexer: + playbook: ./playbooks/wazuh_environment.yaml + os: LINUX_BASED_OS + service: ANY + resources: + minimal: + cpu: 4 + memory: 4096 + vars: + mandatory: + version: VERSION + revision: REVISION + repository: REPOSITORY + +dashboard: + playbook: ./playbooks/wazuh_environment.yaml + os: LINUX_BASED_OS + service: ANY + resources: + minimal: + cpu: 4 + memory: 4096 + vars: + mandatory: + version: VERSION + revision: REVISION + repository: REPOSITORY + +filebeat: + depends: manager + playbook: ./playbooks/wazuh_environment.yaml + service: ANY + os: LINUX_BASED_OS + resources: + minimal: + cpu: 2 + memory: 2048 diff --git a/provisioning/roles/apache/schema.j2 b/provisioning/roles/apache/schema.j2 new file mode 100644 index 0000000000..0c8b0de891 --- /dev/null +++ b/provisioning/roles/apache/schema.j2 @@ -0,0 +1,25 @@ +{% macro expand_ansible_connection_attributes(attributes_map) %} +{% for attr_key, attr_value in attributes_map.items() %} +{% if 'ansible' in attr_key %} +{{- attr_key }}: {{ attr_value }} +{% endif %} +{% endfor %} +{%- endmacro -%} + +{% if apache is defined%} +apache: + hosts: + {%- for apache_key, apache_value in apache.items() %} + + apache{{ loop.index }}: + ansible_host: {{ apache_value['ip'] }} + {{ expand_ansible_connection_attributes(apache_value) | indent(6) }} + {%- endfor %} +{% endif %} + + +all: + vars: + # General ansible connection parameters + ansible_ssh_common_args: -o StrictHostKeyChecking=no + ansible_winrm_server_cert_validation: ignore diff --git a/provisioning/roles/apache/tasks/Linux.yaml b/provisioning/roles/apache/tasks/Linux.yaml new file mode 100644 index 0000000000..ecea56bb62 --- /dev/null +++ b/provisioning/roles/apache/tasks/Linux.yaml @@ -0,0 +1,14 @@ +- name: Install apache server + package: + name: "{{ program }}" + state: present + +- name: Start {{ service }} service + service: + name: "{{ service }}" + state: started + +- name: Check {{ service }} is running + command: systemctl status {{ service }} + register: service_status + failed_when: (service_status.stderr | length > 0) or ("active (running)" not in service_status.stdout ) diff --git a/provisioning/roles/apache/tasks/MacOS.yaml b/provisioning/roles/apache/tasks/MacOS.yaml new file mode 100644 index 0000000000..000d2110cb --- /dev/null +++ b/provisioning/roles/apache/tasks/MacOS.yaml @@ -0,0 +1,7 @@ +- name: Install {{ program }} with brew | MacOS + homebrew: + name: "{{ program }}" + update_homebrew: true + +- name: Start {{ program }} with brew | MacOS + shell: /usr/local/bin/brew services start {{ program }} diff --git a/provisioning/roles/apache/tasks/Solaris.yaml b/provisioning/roles/apache/tasks/Solaris.yaml new file mode 100644 index 0000000000..6e33b60633 --- /dev/null +++ b/provisioning/roles/apache/tasks/Solaris.yaml @@ -0,0 +1,19 @@ +- name: Install CSWpkgutil + become: true + shell: pkgadd -d http://get.opencsw.org/now -n + +- name: Fetch new catalog and descriptions + become: true + shell: /opt/csw/bin/pkgutil -U + +- name: Install apache2 + become: true + shell: /opt/csw/bin/pkgutil -y -i apache2 + +- name: List files + become: true + shell: /usr/sbin/pkgchk -L CSWapache2 + +- name: Enable service + become: true + shell: svcadm -v enable /network/http:apache2 diff --git a/provisioning/roles/apache/tasks/Windows.yaml b/provisioning/roles/apache/tasks/Windows.yaml new file mode 100644 index 0000000000..d9532f5665 --- /dev/null +++ b/provisioning/roles/apache/tasks/Windows.yaml @@ -0,0 +1,27 @@ +- name: Download the Apache binaries + win_get_url: + url: "{{ apache_zip_url }}" + dest: "{{ home_dir }}" + checksum: "{{apache_algorithm}}:{{apache_checksum}}" + +- name: Unzip Apache binaries zip + community.windows.win_unzip: + src: "{{ apache_zip_path }}" + dest: "{{ home_dir }}" + creates: "{{ apache_folder_path }}" + +- name: Replace Apache's ServerRoot location + community.windows.win_lineinfile: + path: "{{ apache_folder_path }}/conf/httpd.conf" + backrefs: true + regex: Define SRVROOT "c:/Apache24" + line: Define SRVROOT "c:/Users/qa/Apache24" + +- name: Verify httpd.conf + ansible.windows.win_shell: "{{ apache_bin_path }} -t" + +- name: Install Apache service + ansible.windows.win_shell: "{{ apache_bin_path }} -k install" + +- name: Start Apache service + ansible.windows.win_shell: "{{ apache_bin_path }} -k start" diff --git a/provisioning/roles/apache/tasks/main.yaml b/provisioning/roles/apache/tasks/main.yaml new file mode 100644 index 0000000000..cbb4c5d947 --- /dev/null +++ b/provisioning/roles/apache/tasks/main.yaml @@ -0,0 +1,49 @@ +# vars + +# Linux +- name: Include Debian custom vars + include_vars: ../vars/Debian.yml + when: ansible_os_family == "Debian" + +- name: Include RedHat custom vars + include_vars: ../vars/RedHat.yml + when: ansible_os_family == "RedHat" + +# Windows +- name: Include Windows custom vars + include_vars: ../vars/Windows.yml + when: ansible_os_family == "Windows" + +# Solaris +- name: Include Solaris custom vars + include_vars: ../vars/Solaris.yml + when: ansible_os_family == "Solaris" + +# MacOS +- name: Include MacOS custom vars + include_vars: ../vars/MacOS.yml + when: ansible_os_family == "Darwin" + +# Linux +- name: Include Linux custom tasks + include_tasks: Linux.yml + when: ansible_os_family == "Debian" or ansible_os_family == "RedHat" + +# Windows +- name: Include Windows custom tasks + include_tasks: Windows.yml + when: ansible_os_family == "Windows" + +# Solaris +- name: Include Solaris custom tasks + include_tasks: Solaris.yml + when: ansible_os_family == "Solaris" + args: + apply: + environment: + PATH: "{{ environment_paths }}" + +# macOS +- name: Include MacOS custom tasks + include_tasks: MacOS.yml + when: ansible_os_family == "Darwin" diff --git a/provisioning/roles/apache/vars/Debian.yaml b/provisioning/roles/apache/vars/Debian.yaml new file mode 100644 index 0000000000..3239efe204 --- /dev/null +++ b/provisioning/roles/apache/vars/Debian.yaml @@ -0,0 +1,2 @@ +program: apache2 +service: apache2 diff --git a/provisioning/roles/apache/vars/MacOS.yaml b/provisioning/roles/apache/vars/MacOS.yaml new file mode 100644 index 0000000000..91d4d1d2f9 --- /dev/null +++ b/provisioning/roles/apache/vars/MacOS.yaml @@ -0,0 +1,3 @@ +program: httpd +service: httpd +home_dir: /Users/vagrant diff --git a/provisioning/roles/apache/vars/RedHat.yaml b/provisioning/roles/apache/vars/RedHat.yaml new file mode 100644 index 0000000000..4c14545279 --- /dev/null +++ b/provisioning/roles/apache/vars/RedHat.yaml @@ -0,0 +1,2 @@ +program: httpd +service: httpd diff --git a/provisioning/roles/apache/vars/Solaris.yaml b/provisioning/roles/apache/vars/Solaris.yaml new file mode 100644 index 0000000000..29e8143acc --- /dev/null +++ b/provisioning/roles/apache/vars/Solaris.yaml @@ -0,0 +1,4 @@ +program: apache-24 +service: apache24 +home_dir: /export/home/vagrant +environment_paths: /opt/python3/bin/:/usr/sbin:/usr/bin:/usr/sbin/:/opt/csw/gnu/:/usr/sfw/bin/:/opt/csw/bin/ diff --git a/provisioning/roles/apache/vars/Windows.yaml b/provisioning/roles/apache/vars/Windows.yaml new file mode 100644 index 0000000000..940c2b2b56 --- /dev/null +++ b/provisioning/roles/apache/vars/Windows.yaml @@ -0,0 +1,13 @@ +# https://archive.apache.org/dist/httpd/binaries/win32/?C=M;O=D openssl msi with its sha file +# https://www.apachelounge.com/download/VS16/binaries binaries and checksums +service: httpd +apache_version: 2.4.54 +home_dir: C:\Users/qa +# latest stable version +apache_zip_url: https://www.apachelounge.com/download/VS16/binaries/httpd-2.4.54-win64-VS16.zip +apache_algorithm: sha256 +apache_checksum: b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c +apache_zip_file: httpd-{{apache_version}}-win64-VS16.zip +apache_zip_path: "{{home_dir}}/{{apache_zip_file}}" +apache_folder_path: "{{home_dir}}/Apache24" +apache_bin_path: "{{apache_folder_path}}/bin/httpd.exe" diff --git a/provisioning/roles/apache/vars/main.yaml b/provisioning/roles/apache/vars/main.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/provisioning/roles/createInventory.yaml b/provisioning/roles/createInventory.yaml new file mode 100644 index 0000000000..def296f26d --- /dev/null +++ b/provisioning/roles/createInventory.yaml @@ -0,0 +1,8 @@ +- name: Creating inventory using templates + hosts: localhost + + tasks: + - name: Template a file + ansible.builtin.template: + src: "{{ source_template }}" + dest: "{{ dest_inventory}}" diff --git a/provisioning/roles/qa_framework/defaults/main.yaml b/provisioning/roles/qa_framework/defaults/main.yaml new file mode 100644 index 0000000000..7aaa295c68 --- /dev/null +++ b/provisioning/roles/qa_framework/defaults/main.yaml @@ -0,0 +1,8 @@ +qa_repository_url: https://github.com/wazuh/wazuh-qa.git +qa_repository_reference: master +qa_requirements_file: requirements.txt +test_setup_qa_path: deps/wazuh_testing +setup_installer: setup.py +build_dir: /tmp/wazuh-qa +# This flag allows modifying any var +customize: false diff --git a/provisioning/roles/qa_framework/schema.j2 b/provisioning/roles/qa_framework/schema.j2 new file mode 100644 index 0000000000..a21b295280 --- /dev/null +++ b/provisioning/roles/qa_framework/schema.j2 @@ -0,0 +1,26 @@ +{% macro expand_ansible_connection_attributes(attributes_map) %} +{% for attr_key, attr_value in attributes_map.items() %} +{% if 'ansible' in attr_key %} +{{- attr_key }}: {{ attr_value }} +{% endif %} +{% endfor %} +{%- endmacro -%} + +{% if qa_framework is defined%} +qa_framework: + hosts: + {%- for qa_framework_key, qa_framework_value in qa_framework.items() %} + + qa_framework{{ loop.index }}: + ansible_host: {{ qa_framework_value['ip'] }} + {{ expand_ansible_connection_attributes(qa_framework_value) | indent(6) }} + qa_repository_reference: {{ qa_framework_value['qa_repository_reference'] }} + {%- endfor %} +{% endif %} + + +all: + vars: + # General ansible connection parameters + ansible_ssh_common_args: -o StrictHostKeyChecking=no + ansible_winrm_server_cert_validation: ignore diff --git a/provisioning/roles/qa_framework/tasks/Solaris.yaml b/provisioning/roles/qa_framework/tasks/Solaris.yaml new file mode 100644 index 0000000000..fc4b0471ba --- /dev/null +++ b/provisioning/roles/qa_framework/tasks/Solaris.yaml @@ -0,0 +1,4 @@ +- name: Install python requirements on Solaris + command: "{{ python_executable }} -m pip install -r {{ qa_requirements_file }}" + args: + chdir: "{{ build_dir }}" diff --git a/provisioning/roles/qa_framework/tasks/Unix.yaml b/provisioning/roles/qa_framework/tasks/Unix.yaml new file mode 100644 index 0000000000..848d436851 --- /dev/null +++ b/provisioning/roles/qa_framework/tasks/Unix.yaml @@ -0,0 +1,36 @@ +- name: Clone Wazuh-QA repo | UNIX + git: + repo: "{{ qa_repository_url }}" + dest: "{{ build_dir }}" + version: "{{ qa_repository_reference }}" + depth: 1 + register: clone_result + retries: 6 + delay: 10 + until: clone_result is success + when: ansible_os_family != "Solaris" + +- name: Clone Wazuh-QA repo | Solaris + git: + repo: "{{ qa_repository_url }}" + dest: "{{ build_dir }}" + version: "{{ qa_repository_reference }}" + depth: 1 + register: clone_result + retries: 6 + delay: 10 + until: clone_result is success + environment: + PATH: /opt/python3/bin/:/usr/bin:/bin:/usr/sbin/:/opt/csw/gnu/:/usr/sfw/bin/:/opt/csw/bin/ + when: ansible_os_family == "Solaris" + +- name: Install python requirements | UNIX + command: "{{ python_executable }} -m pip install -r {{ qa_requirements_file }} --no-cache-dir \ + --only-binary=:cryptography,grpcio: --user" + args: + chdir: "{{ build_dir }}" + +- name: Install setup.py | UNIX + command: "{{ python_executable }} {{ setup_installer }} install --user" + args: + chdir: "{{ build_dir }}/{{ test_setup_qa_path }}" diff --git a/provisioning/roles/qa_framework/tasks/Windows.yaml b/provisioning/roles/qa_framework/tasks/Windows.yaml new file mode 100644 index 0000000000..cad2dace59 --- /dev/null +++ b/provisioning/roles/qa_framework/tasks/Windows.yaml @@ -0,0 +1,22 @@ +- name: Create {{ build_dir }} if does not exist + ansible.windows.win_file: + path: "{{ build_dir }}" + state: directory + +- name: Clone Wazuh-QA repo | Windows + win_command: powershell.exe - + args: + chdir: "{{ build_dir }}" + stdin: git clone {{ qa_repository_url }} -b {{ qa_repository_reference }} --depth=1 \ + {{ build_dir }}/tmp; move tmp/* ./ + +- name: Install python requirements | Windows + win_command: "{{ python_executable }} -m pip install -r {{ qa_requirements_file }} \ + --no-cache-dir --only-binary=:cryptography,grpcio:" + args: + chdir: "{{ build_dir }}" + +- name: Install setup.py | Windows + win_command: "{{ python_executable }} {{ setup_installer }} install" + args: + chdir: "{{ build_dir }}\\{{ test_setup_qa_path }}" diff --git a/provisioning/roles/qa_framework/tasks/main.yaml b/provisioning/roles/qa_framework/tasks/main.yaml new file mode 100644 index 0000000000..5f9e6ea69c --- /dev/null +++ b/provisioning/roles/qa_framework/tasks/main.yaml @@ -0,0 +1,41 @@ +# vars + +# Unix +- name: Include Unix custom vars + include_vars: Unix.yml + when: + - customize == false + - ansible_os_family != "Windows" + +# Solaris +- name: Include Solaris custom vars + include_vars: Solaris.yml + when: + - customize == false + - ansible_os_family == "Solaris" + +# macOS +- name: Include macOS custom vars + include_vars: macOS.yml + when: + - customize == false + - ansible_os_family == "Darwin" + +# Windows +- name: Include Windows custom vars + include_vars: Windows.yml + when: + - customize == false + - ansible_os_family == "Windows" + +# tasks + +# Unix|Solaris|macOS +- name: Include Unix custom tasks + include_tasks: Unix.yml + when: ansible_os_family != "Windows" + +# Windows +- name: Include Windows custom tasks + include_tasks: Windows.yml + when: ansible_os_family == "Windows" diff --git a/provisioning/roles/qa_framework/vars/Solaris.yaml b/provisioning/roles/qa_framework/vars/Solaris.yaml new file mode 100644 index 0000000000..0abc152641 --- /dev/null +++ b/provisioning/roles/qa_framework/vars/Solaris.yaml @@ -0,0 +1 @@ +python_executable: /opt/python3/bin/python3 diff --git a/provisioning/roles/qa_framework/vars/Unix.yaml b/provisioning/roles/qa_framework/vars/Unix.yaml new file mode 100644 index 0000000000..d7ccd9d41b --- /dev/null +++ b/provisioning/roles/qa_framework/vars/Unix.yaml @@ -0,0 +1 @@ +python_executable: /usr/local/bin/python3.10 diff --git a/provisioning/roles/qa_framework/vars/Windows.yaml b/provisioning/roles/qa_framework/vars/Windows.yaml new file mode 100644 index 0000000000..3bfbd88b1e --- /dev/null +++ b/provisioning/roles/qa_framework/vars/Windows.yaml @@ -0,0 +1,2 @@ +build_dir: C:\Users\qa\AppData\Local\Temp\wazuh-qa +python_executable: C:\Users\qa\AppData\Local\Programs\Python\Python310\python.exe diff --git a/provisioning/roles/qa_framework/vars/macOS.yaml b/provisioning/roles/qa_framework/vars/macOS.yaml new file mode 100644 index 0000000000..fc4312d0aa --- /dev/null +++ b/provisioning/roles/qa_framework/vars/macOS.yaml @@ -0,0 +1 @@ +python_executable: /Library/Developer/CommandLineTools/usr/bin/python3 diff --git a/provisioning/roles/qa_framework/vars/main.yaml b/provisioning/roles/qa_framework/vars/main.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/provisioning/roles/wazuh_environment/schema.j2 b/provisioning/roles/wazuh_environment/schema.j2 new file mode 100644 index 0000000000..60c4e6d7c4 --- /dev/null +++ b/provisioning/roles/wazuh_environment/schema.j2 @@ -0,0 +1,363 @@ +{% if vars['indexer'] is defined %} +{%- set indexer = vars['indexer'] -%} +{%- set indexer_nodes = indexer.keys() | list -%} +{%- set first_indexer_node = indexer_nodes | first -%} +{%- set last_indexer_node = indexer|length - 1-%} +{% else %} +{%- set last_indexer_node = 0-%} +{% endif %} + + +{% if vars['dashboard'] is defined %} + + {% if vars['dashboard']['ip'] == vars['indexer'][first_indexer_node]['ip'] %} + {%- set all_in_one = true-%} + {% else %} + {%- set all_in_one = false-%} +{% endif %} + + {% if all_in_one %} +{%- set dashboard_node = last_indexer_node + 1 -%} + {% else %} +{%- set dashboard_node = last_indexer_node + 2 -%} + {% endif %} +{%- set dashboard = vars['dashboard'] -%} + +{% else %} +{%- set dashboard_node = last_indexer_node + 1-%} +{% endif %} + + +{% if vars['manager'] is defined %} +{%- set manager = vars['manager'] -%} +{%- set master_node = dashboard_node + 1 -%} + + {% if manager['workers'] is not defined %} + {%- set workers = {} -%} + {% else %} + {%- set workers = vars['manager']['workers'] -%} + + {% endif %} +{% endif %} + +{% if vars['agent'] is defined %} +{%- set agent = vars['agent'] -%} +{% endif %} + +{% if vars['filebeat'] is defined %} +{%- set filebeat = vars['filebeat'] -%} +{% endif %} + +{% macro expand_ansible_connection_attributes(attributes_map) %} +{% for attr_key, attr_value in attributes_map.items() %} +{% if 'ansible' in attr_key %} +{{- attr_key }}: {{ attr_value }} +{% endif %} +{% endfor %} +{%- endmacro -%} + + + +{% macro expand_custom_package(role, role_parameters) %} + +{% if role == 'agent' %} +{% if role_parameters['wazuh_custom_packages_installation_agent_rpm_url'] is defined%} +wazuh_custom_packages_installation_agent_rpm_url: {{role_parameters['wazuh_custom_packages_installation_agent_rpm_url']}} +{% endif %} +{% if role_parameters['wazuh_custom_packages_installation_agent_deb_url'] is defined%} +wazuh_custom_packages_installation_agent_deb_url: {{role_parameters['wazuh_custom_packages_installation_agent_deb_url']}} +{% endif %} + +{% if role_parameters['wazuh_custom_packages_installation_agent_msi_url'] is defined %} +wazuh_custom_packages_installation_agent_msi_url: {{role_parameters['wazuh_custom_packages_installation_agent_msi_url']}} +{% endif %} + +{% if role_parameters['wazuh_custom_packages_installation_agent_macos_url'] is defined%} +wazuh_custom_packages_installation_agent_macos_url: {{role_parameters['wazuh_custom_packages_installation_agent_macos_url']}} +{% endif %} + +{% if role_parameters['wazuh_custom_packages_installation_agent_solaris_url'] is defined%} +wazuh_custom_packages_installation_agent_solaris_url: {{role_parameters['wazuh_custom_packages_installation_agent_solaris_url']}} +{% endif %} +{% endif %} + + +{% if role == 'manager' %} +{% if role_parameters['wazuh_custom_packages_installation_manager_deb_url'] is defined %} +wazuh_custom_packages_installation_manager_deb_url: {{role_parameters['wazuh_custom_packages_installation_manager_deb_url']}} +{% endif %} +{% if role_parameters['wazuh_custom_packages_installation_manager_rpm_url'] is defined%} +wazuh_custom_packages_installation_manager_rpm_url: {{role_parameters['wazuh_custom_packages_installation_manager_rpm_url']}} +{% endif %} +{% endif %} + + + +{% if role == 'dashboard' %} +{% if role_parameters['wazuh_custom_packages_installation_dashboard_deb_url'] is defined%} +wazuh_custom_packages_installation_dashboard_deb_url: {{role_parameters['wazuh_custom_packages_installation_dashboard_deb_url']}} +{% endif %} +{% if role_parameters['wazuh_custom_packages_installation_dashboard_rpm_url'] is defined %} +wazuh_custom_packages_installation_dashboard_rpm_url: {{role_parameters['wazuh_custom_packages_installation_dashboard_rpm_url']}} +{% endif %} +{% endif %} + +{% if role == 'indexer' %} +{% if role_parameters['wazuh_custom_packages_installation_indexer_deb_url'] is defined %} +wazuh_custom_packages_installation_indexer_deb_url: {{role_parameters['wazuh_custom_packages_installation_indexer_deb_url']}} +{% endif %} +{% if role_parameters['wazuh_custom_packages_installation_indexer_rpm_url'] is defined %} +wazuh_custom_packages_installation_indexer_rpm_url: {{role_parameters['wazuh_custom_packages_installation_indexer_rpm_url']}} +{% endif %} +{% endif %} + + + + +{% if role == 'filebeat' %} +{% if role_parameters['filebeat_repo'] is defined%} +filebeat_module_package_url: {{role_parameters['filebeat_repo']}} +{% endif %} +{% endif %} + +{%- endmacro -%} + + + +{% if indexer is defined%} +wi_cluster: + hosts: + {%- for indexer_key, indexer_value in indexer.items() %} + + wi{{ loop.index }}: + {{ expand_ansible_connection_attributes(indexer_value) | indent(6) }} + private_ip: {{ indexer_value['ip'] }} + {{ expand_custom_package('indexer', indexer_value) | indent(6) }} + + {%- endfor -%} + + {%- if dashboard is defined %} + + dashboard: + {%- if all_in_one %} + + perform_installation: false + indexer_node_name: "node-1" + dashboard_node_name: "node-1" + + {% if wazuh_app_repo is defined-%} + wazuh_app_url: {{ wazuh_app_repo }} + {% endif %} + + {{ expand_custom_package('indexer', vars['dashboard']) | indent(6) }} + {{ expand_custom_package('dashboard', vars['dashboard']) | indent(6) }} + + {% else %} + + {{ expand_custom_package('indexer', vars['dashboard']) | indent(6) }} + {{ expand_custom_package('dashboard', vars['dashboard']) | indent(6) }} + dashboard_node_name: "node-{{ dashboard_node }}" + + {% endif %} + + {{ expand_ansible_connection_attributes(dashboard) | indent(6) }} + private_ip: {{ dashboard['ip'] }} + + {% endif %} + + vars: + {% raw %} + indexer_network_host: "{{ private_ip }}" + {% endraw %} + + indexer_discovery_nodes: + + {% for indexer_key, indexer_value in indexer.items() %} + - "{{ indexer_value['ip'] }}" + {% endfor %} + + indexer_cluster_nodes: + + {% for indexer_key, indexer_value in indexer.items() %} + - "{{ indexer_value['ip'] }}" + {% endfor %} + + instances: + + {%- for indexer_key, indexer_value in indexer.items() %} + + node{{ loop.index }}: + name: node-{{loop.index}} + ip: "{{ indexer_value['ip'] }}" + role: indexer + {% endfor %} + + {%- if dashboard is defined and not all_in_one %} + + node{{dashboard_node}}: + name: node-{{dashboard_node}} + ip: "{{ dashboard['ip'] }}" + role: dashboard + {% endif %} + + {%- if manager is defined %} + + node{{master_node}}: + name: node-{{master_node}} + ip: "{{ manager['master']['ip'] }}" + role: wazuh + {%- if workers|length != 0 %} + + node_type: master + {% endif %} + + {%- for worker_key, worker_value in workers.items() %} + {% set real_node_index = master_node + loop.index %} + + node{{real_node_index}}: + name: node-{{real_node_index}} + ip: "{{ worker_value['ip'] }}" + role: wazuh + node_type: worker + {% endfor %} + {% endif %} +{% endif %} + + +{% if manager is defined -%} +manager: + hosts: + {%- if manager['master'] %} + + master: + {{ expand_ansible_connection_attributes(manager['master']) | indent(8) }} + private_ip: {{ manager['master']['ip'] }} + {{ expand_custom_package('manager', manager['master']) | indent(8) }} + wazuh_manager_config: + cluster: + disable: 'no' + node_name: 'master' + node_type: 'master' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ manager['master']['ip'] }}" + hidden: 'no' + {%- endif -%} + + {%- for worker_key, worker_values in workers.items() %} + + worker{{loop.index}}: + {{ expand_ansible_connection_attributes(worker_values) | indent(8) }} + private_ip: {{ worker_values['ip'] }} + {{ expand_custom_package('manager', worker_values) | indent(8) }} + wazuh_manager_config: + cluster: + disable: 'no' + node_name: "{{worker_key}}" + node_type: 'worker' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{manager['master']['ip']}}" + hidden: 'no' + {% endfor %} + + +{% if filebeat is defined%} +filebeat: + hosts: + {%- for filebeat_key, filebeat_value in filebeat.items() %} + + filebeat{{ loop.index }}: + {{ expand_ansible_connection_attributes(filebeat_value) | indent(6) }} + filebeat_node_name: node-{{ loop.index + master_node - 1 }} + {{ expand_custom_package('filebeat', filebeat_value) | indent(6) }} + {%- endfor %} + + vars: + filebeat_output_indexer_hosts: + - "{{ indexer[first_indexer_node]['ip'] }}" +{%- endif -%} +{% endif %} + +{% if agent is defined%} + +agent: + hosts: + {% for agent_key, agent_value in agent.items() -%} + agent{{loop.index}}: + {{ expand_custom_package('agent', agent_value) | indent(6) }} + {{ expand_ansible_connection_attributes(agent_value) | indent(6) }} + wazuh_managers: + - address: {{ agent_value['manager_ip'] }} + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: ansible + max_retries: 5 + retry_interval: 5 + {% endfor %} +{% endif %} + +all: + vars: + # General ansible connection parameters + ansible_ssh_common_args: -o StrictHostKeyChecking=no + ansible_winrm_server_cert_validation: ignore + + # Custom Packages parameters + wazuh_custom_packages_installation_agent_enabled: true + wazuh_custom_packages_installation_manager_enabled: true + + wazuh_custom_packages_installation_dashboard_enabled: true + wazuh_custom_packages_installation_indexer_enabled: true + + + {% if wazuh_custom_packages_installation_agent_deb_url is defined-%} + wazuh_custom_packages_installation_agent_deb_url: {{ wazuh_custom_packages_installation_agent_deb_url }} + {% endif %} + + {%- if wazuh_custom_packages_installation_agent_rpm_url is defined-%} + wazuh_custom_packages_installation_agent_rpm_url: {{ wazuh_custom_packages_installation_agent_rpm_url }} + {% endif %} + {%- if wazuh_custom_packages_installation_agent_msi_url is defined-%} + wazuh_custom_packages_installation_agent_msi_url: {{ wazuh_custom_packages_installation_agent_msi_url}} + {% endif %} + {%- if wazuh_custom_packages_installation_agent_macos_url is defined-%} + wazuh_custom_packages_installation_agent_macos_url: {{ wazuh_custom_packages_installation_agent_macos_url}} + {% endif %} + {%- if wazuh_custom_packages_installation_agent_solaris_url is defined-%} + wazuh_custom_packages_installation_agent_solaris_url: {{ wazuh_custom_packages_installation_agent_solaris_url}} + {% endif %} + {%- if wazuh_custom_packages_installation_manager_deb_url is defined-%} + wazuh_custom_packages_installation_manager_deb_url: {{ wazuh_custom_packages_installation_manager_deb_url}} + {% endif %} + {%- if wazuh_custom_packages_installation_manager_rpm_url is defined-%} + wazuh_custom_packages_installation_manager_rpm_url: {{ wazuh_custom_packages_installation_manager_rpm_url}} + {% endif %} + + {%- if wazuh_custom_packages_installation_dashboard_deb_url is defined-%} + wazuh_custom_packages_installation_dashboard_deb_url: {{ wazuh_custom_packages_installation_dashboard_deb_url}} + {% endif %} + + + {%- if wazuh_custom_packages_installation_dashboard_rpm_url is defined-%} + wazuh_custom_packages_installation_dashboard_rpm_url: {{ wazuh_custom_packages_installation_dashboard_rpm_url}} + {% endif %} + + + {%- if wazuh_custom_packages_installation_indexer_deb_url is defined-%} + wazuh_custom_packages_installation_indexer_deb_url: {{ wazuh_custom_packages_installation_indexer_deb_url}} + {% endif %} + + {%- if wazuh_custom_packages_installation_indexer_rpm_url is defined-%} + wazuh_custom_packages_installation_indexer_rpm_url: {{ wazuh_custom_packages_installation_indexer_rpm_url}} + {% endif %} + + {% if filebeat_repo is defined-%} + filebeat_module_package_url: {{ filebeat_repo }} + {% endif %} + + {% if wazuh_app_repo is defined-%} + wazuh_app_url: {{ wazuh_app_repo }} + {% endif %}