Skip to content

Commit

Permalink
Merge pull request #1457 from wazuh/enhancement/1449-fix-pr-checks
Browse files Browse the repository at this point in the history 
Replace machulav GHA EC2 runner for wazuh-automation allocator module
  • Loading branch information
@teddytpc1
teddytpc1 authored Nov 27, 2024
2 parents caee49d + 2eaa7cb commit 51278ce
Show file tree
Hide file tree
Showing 15 changed files with 729 additions and 497 deletions.
38 changes: 21 additions & 17 deletions .github/playbooks/aio-wazuh.yml
View file
Original file line number Diff line number Diff line change
@@ -1,38 +1,42 @@
- name: Generate certificates prior to converging
hosts: localhost
hosts: aio
become: true
become_user: root
roles:
# 1. Check packages
- role: ../../roles/wazuh/check-packages
become: no
delegate_to: localhost
delegate_to: aio
run_once: true
# 2. Generate certificates
- role: ../../roles/wazuh/wazuh-indexer
vars:
generate_certs: true
perform_installation: false
instances:
node1:
name: wazuh-es01 # Important: must be equal to indexer_node_name.
ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node3:
name: wazuh-mgr01
ip: "127.0.0.1"
role: wazuh
node5:
name: wazuh-dash01
ip: "127.0.0.1"
role: dashboard
macos_localhost: false
vars:
# wazuh_endpoint_list: "{{ groups['aio'] }}"
instances:
node1:
name: wazuh-es01 # Important: must be equal to indexer_node_name.
ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node3:
name: wazuh-mgr01
ip: "127.0.0.1"
role: wazuh
node5:
name: wazuh-dash01
ip: "127.0.0.1"
role: dashboard
pre_tasks:
- name: overview of cert configuration
debug:
var: wazuh_endpoint_list
# var: wazuh_endpoint_list
var: instances

- name: Converge
hosts: localhost
hosts: aio
become: true
become_user: root
roles:
Expand Down
177 changes: 177 additions & 0 deletions .github/playbooks/distributed-wazuh.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,177 @@
---
# Certificates generation
- hosts: wi1
roles:
# Check packages
- role: ../../roles/wazuh/check-packages
become: no
delegate_to: localhost
run_once: true
# Generate certificates
- role: ../../roles/wazuh/wazuh-indexer
vars:
generate_certs: true
perform_installation: false
become: true
become_user: root
vars:
indexer_node_master: true
instances:
node1:
name: node-1
ip: "{{ hostvars.wi1.private_ip }}"
role: indexer
node2:
name: node-2
ip: "{{ hostvars.wi2.private_ip }}"
role: indexer
node3:
name: node-3
ip: "{{ hostvars.wi3.private_ip }}"
role: indexer
node4:
name: node-4
ip: "{{ hostvars.manager.private_ip }}"
role: wazuh
node_type: master
node5:
name: node-5
ip: "{{ hostvars.worker.private_ip }}"
role: wazuh
node_type: worker
node6:
name: node-6
ip: "{{ hostvars.dashboard.private_ip }}"
role: dashboard
macos_localhost: false
tags:
- generate-certs

# Wazuh indexer cluster
- hosts: wi_cluster
strategy: free
roles:
- role: ../../roles/wazuh/wazuh-indexer
indexer_network_host: "{{ private_ip }}"
become: yes
become_user: root
vars:
indexer_cluster_nodes:
- "{{ hostvars.wi1.private_ip }}"
- "{{ hostvars.wi2.private_ip }}"
- "{{ hostvars.wi3.private_ip }}"
indexer_discovery_nodes:
- "{{ hostvars.wi1.private_ip }}"
- "{{ hostvars.wi2.private_ip }}"
- "{{ hostvars.wi3.private_ip }}"
indexer_node_master: true
instances:
node1:
name: node-1 # Important: must be equal to indexer_node_name.
ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node2:
name: node-2
ip: "{{ hostvars.wi2.private_ip }}"
role: indexer
node3:
name: node-3
ip: "{{ hostvars.wi3.private_ip }}"
role: indexer
node4:
name: node-4
ip: "{{ hostvars.manager.private_ip }}"
role: wazuh
node_type: master
node5:
name: node-5
ip: "{{ hostvars.worker.private_ip }}"
role: wazuh
node_type: worker
node6:
name: node-6
ip: "{{ hostvars.dashboard.private_ip }}"
role: dashboard

# Wazuh cluster
- hosts: manager
roles:
- role: "../../roles/wazuh/ansible-wazuh-manager"
- role: "../../roles/wazuh/ansible-filebeat-oss"
become: yes
become_user: root
vars:
filebeat_node_name: node-4
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'master'
node_type: 'master'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
wazuh_api_users:
- username: custom-user
password: SecretPassword1!
filebeat_output_indexer_hosts:
- "{{ hostvars.wi1.private_ip }}"
- "{{ hostvars.wi2.private_ip }}"
- "{{ hostvars.wi3.private_ip }}"

- hosts: worker
roles:
- role: "../../roles/wazuh/ansible-wazuh-manager"
- role: "../../roles/wazuh/ansible-filebeat-oss"
become: yes
become_user: root
vars:
filebeat_node_name: node-5
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'worker_01'
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
filebeat_output_indexer_hosts:
- "{{ hostvars.wi1.private_ip }}"
- "{{ hostvars.wi2.private_ip }}"
- "{{ hostvars.wi3.private_ip }}"

# Wazuh dashboard node
- hosts: dashboard
roles:
- role: "../../roles/wazuh/wazuh-dashboard"
become: yes
become_user: root
vars:
indexer_network_host: "{{ hostvars.wi1.private_ip }}"
indexer_cluster_nodes:
- "{{ hostvars.wi1.private_ip }}"
- "{{ hostvars.wi2.private_ip }}"
- "{{ hostvars.wi3.private_ip }}"
dashboard_node_name: node-6
wazuh_api_credentials:
- id: default
url: https://{{ hostvars.manager.private_ip }}
port: 55000
username: custom-user
password: SecretPassword1!
ansible_shell_allow_world_readable_temp: true
37 changes: 0 additions & 37 deletions .github/playbooks/single-wazuh.yml
View file

This file was deleted.

Loading

0 comments on commit 51278ce

Please sign in to comment.