From 9c3f04a122afc755f7020625964b59677ff9c5dd Mon Sep 17 00:00:00 2001 From: Karl Goetz Date: Mon, 5 Jun 2023 11:01:55 +1000 Subject: [PATCH] commit all my PR fixes to one branch upstream PRs #929, #930, #931 --- README.md | 6 +++--- playbooks/wazuh-agent.yml | 7 ++++--- playbooks/wazuh-single.yml | 4 ++-- roles/wazuh/wazuh-indexer/tasks/main.yml | 2 ++ roles/wazuh/wazuh-indexer/tasks/security_actions.yml | 8 ++++++-- 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 8136f77fe..923fff2bb 100644 --- a/README.md +++ b/README.md @@ -340,7 +340,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a sing ```yaml --- # Certificates generation - - hosts: aio + - hosts: wazuh_aio roles: - role: ../roles/wazuh/wazuh-indexer perform_installation: false @@ -356,7 +356,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a sing tags: - generate-certs # Single node - - hosts: aio + - hosts: wazuh_aio become: yes become_user: root roles: @@ -383,7 +383,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a sing ### Inventory file ```ini -[aio] +[wazuh_aio] [all:vars] diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index 22fcfa778..1072e3889 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -1,16 +1,17 @@ --- -- hosts: +- hosts: wazuh_clients:!wazuh_aio become: yes become_user: root roles: - ../roles/wazuh/ansible-wazuh-agent vars: wazuh_managers: - - address: + - address: wazuh_aio port: 1514 protocol: tcp api_port: 55000 api_proto: 'http' api_user: ansible max_retries: 5 - retry_interval: 5 \ No newline at end of file + retry_interval: 5 + diff --git a/playbooks/wazuh-single.yml b/playbooks/wazuh-single.yml index 38499f5cb..09d167c76 100644 --- a/playbooks/wazuh-single.yml +++ b/playbooks/wazuh-single.yml @@ -1,6 +1,6 @@ --- # Certificates generation - - hosts: aio + - hosts: wazuh_aio roles: - role: ../roles/wazuh/wazuh-indexer perform_installation: false @@ -16,7 +16,7 @@ tags: - generate-certs # Single node - - hosts: aio + - hosts: wazuh_aio become: yes become_user: root roles: diff --git a/roles/wazuh/wazuh-indexer/tasks/main.yml b/roles/wazuh/wazuh-indexer/tasks/main.yml index 48034ae6a..68a2df60a 100644 --- a/roles/wazuh/wazuh-indexer/tasks/main.yml +++ b/roles/wazuh/wazuh-indexer/tasks/main.yml @@ -109,6 +109,7 @@ tags: debug when: - hostvars[inventory_hostname]['private_ip'] is not defined or not hostvars[inventory_hostname]['private_ip'] + - not ansible_check_mode - name: Wait for Wazuh indexer API (Private IP) uri: @@ -128,6 +129,7 @@ tags: debug when: - hostvars[inventory_hostname]['private_ip'] is defined and hostvars[inventory_hostname]['private_ip'] + - not ansible_check_mode - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index 26b83fd75..3a141a982 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -60,7 +60,9 @@ replace: "{{ indexer_password_hash | quote }}" vars: indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}" - + when: + - not ansible_check_mode + # this can also be achieved with password_hash, but it requires dependencies on the controller - name: Hash the kibanaserver role/user pasword shell: | @@ -76,7 +78,9 @@ replace: "{{ indexer_password_hash | quote }}" vars: indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}" - + when: + - not ansible_check_mode + - name: Initialize the Opensearch security index in Wazuh indexer command: > sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }}