Merge pull request #1207 from wazuh/merge-4.8.2-into-master

Merge `4.8.2` into `master`
wazuh · Feb 7, 2024 · a8734c8 · a8734c8
2 parents a6dfcfb + 33b036c
commit a8734c8
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 13 deletions.
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -37,6 +37,22 @@
 - include_tasks: "Debian.yml"
   when: ansible_os_family == "Debian"
 
+- name: Generate the wazuh-keystore (username)
+  shell: >
+    /var/ossec/bin/wazuh-keystore -f indexer -k username -v {{ indexer_security_user }}
+  notify: restart wazuh-manager
+  tags:
+    - init
+    - config
+
+- name: Generate the wazuh-keystore (password)
+  shell: >
+    /var/ossec/bin/wazuh-keystore -f indexer -k password -v {{ indexer_security_password }}
+  notify: restart wazuh-manager
+  tags:
+    - init
+    - config
+
 - name: Install expect
   package:
     name: expect

diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -267,20 +267,18 @@
   <indexer>
     <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' or wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
     <hosts>
-    {% for item in wazuh_manager_config.indexer.hosts %} 
-      <host>https://{{ item }}:{{ filebeat_output_indexer_port }}</host> 
-    {% endfor %} 
+    {% for item in wazuh_manager_config.indexer.hosts %}
+      <host>https://{{ item }}:{{ filebeat_output_indexer_port }}</host>
+    {% endfor %}
     </hosts>
 
-    <username>{{ indexer_security_user }}</username> 
-    <password>{{ indexer_security_password }}</password> 
-    <ssl> 
-      <certificate_authorities> 
-        <ca>{{ filebeat_ssl_dir }}/root-ca.pem</ca> 
-      </certificate_authorities> 
-      <certificate>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem</certificate> 
-      <key>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem</key> 
-    </ssl> 
+    <ssl>
+      <certificate_authorities>
+        <ca>{{ filebeat_ssl_dir }}/root-ca.pem</ca>
+      </certificate_authorities>
+      <certificate>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem</certificate>
+      <key>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem</key>
+    </ssl>
   </indexer>
 
   <!-- File integrity monitoring -->

diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml
@@ -102,7 +102,7 @@
     become: yes
     become_user: root
 
-  run_once: true
+  when: inventory_hostname == ansible_play_hosts[0]
 
 - name: Create custom user
   uri:
@@ -122,5 +122,6 @@
     timeout: 4
   when:
     - indexer_custom_user is defined and indexer_custom_user
+    - inventory_hostname == ansible_play_hosts[0]