Merge branch 'master' into merge-4.10.2-into-master

wazuh · Nov 4, 2024 · db19ec4 · db19ec4
2 parents f2aa160 + 1684a4e
commit db19ec4
Show file tree

Hide file tree

Showing 19 changed files with 81 additions and 39 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,12 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## [v5.0.0]
+
+### Added
+
+- Update to [Wazuh v5.0.0](https://github.com/wazuh/wazuh/blob/v5.0.0/CHANGELOG.md#500)
+
 ## [v4.10.2]
 
 ### Added

diff --git a/README.md b/README.md
@@ -16,6 +16,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
 
 | Wazuh version | Elastic | ODFE   |
 |---------------|---------|--------|
+| v5.0.0        |         |        |
 | v4.10.2       |         |        |
 | v4.10.1       |         |        |
 | v4.10.0       |         |        |
@@ -206,10 +207,10 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod
       roles:
         - role: "../roles/wazuh/ansible-wazuh-manager"
         - role: "../roles/wazuh/ansible-filebeat-oss"
-          filebeat_node_name: node-4
       become: yes
       become_user: root
       vars:
+        filebeat_node_name: node-4
         wazuh_manager_config:
           connection:
               - type: 'secure'
@@ -238,10 +239,10 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod
       roles:
         - role: "../roles/wazuh/ansible-wazuh-manager"
         - role: "../roles/wazuh/ansible-filebeat-oss"
-          filebeat_node_name: node-5
       become: yes
       become_user: root
       vars:
+        filebeat_node_name: node-5
         wazuh_manager_config:
           connection:
               - type: 'secure'

diff --git a/VERSION b/VERSION
@@ -1,2 +1,2 @@
-WAZUH-ANSIBLE_VERSION="v4.10.2"
-REVISION="41020"
+WAZUH-ANSIBLE_VERSION="v5.0.0"
+REVISION="50000"
diff --git a/playbooks/wazuh-production-ready.yml b/playbooks/wazuh-production-ready.yml
@@ -43,6 +43,7 @@
             name: node-6
             ip: "{{ hostvars.dashboard.private_ip }}"
             role: dashboard
+        macos_localhost: false
       tags:
         - generate-certs
 
@@ -97,10 +98,10 @@
       roles:
         - role: "../roles/wazuh/ansible-wazuh-manager"
         - role: "../roles/wazuh/ansible-filebeat-oss"
-          filebeat_node_name: node-4
       become: yes
       become_user: root
       vars:
+        filebeat_node_name: node-4
         wazuh_manager_config:
           connection:
               - type: 'secure'
@@ -129,10 +130,10 @@
       roles:
         - role: "../roles/wazuh/ansible-wazuh-manager"
         - role: "../roles/wazuh/ansible-filebeat-oss"
-          filebeat_node_name: node-5
       become: yes
       become_user: root
       vars:
+        filebeat_node_name: node-5
         wazuh_manager_config:
           connection:
               - type: 'secure'

diff --git a/playbooks/wazuh-single.yml b/playbooks/wazuh-single.yml
@@ -13,6 +13,7 @@
           name: node-1       # Important: must be equal to indexer_node_name.
           ip: 127.0.0.1
           role: indexer
+      macos_localhost: false
     tags:
       - generate-certs
 # Single node

diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 filebeat_version: 7.10.2
 
-wazuh_template_branch: v4.10.2
+wazuh_template_branch: v5.0.0
 
 filebeat_node_name: node-1
 
@@ -23,7 +23,7 @@ local_certs_path: "{{ playbook_dir }}/indexer/certificates"
 
 filebeatrepo:
   keyring_path: '/usr/share/keyrings/wazuh.gpg'
-  apt: "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main"
-  yum: 'https://packages.wazuh.com/4.x/yum/'
+  apt: "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/5.x/apt/ stable main"
+  yum: 'https://packages.wazuh.com/5.x/yum/'
   gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
   path: '/tmp/WAZUH-GPG-KEY'
diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml
@@ -39,24 +39,24 @@
 - name: Checking if Filebeat Module folder file exists
   stat:
     path: "{{ filebeat_module_folder }}"
-  register: filebeat_module_folder
+  register: filebeat_module_folder_info
 
 - name: Download Filebeat module package
   get_url:
     url: "{{ filebeat_module_package_url }}/{{ filebeat_module_package_name }}"
     dest: "{{ filebeat_module_package_path }}"
-  when: not filebeat_module_folder.stat.exists
+  when: not filebeat_module_folder_info.stat.exists
 
 - name: Unpack Filebeat module package
   unarchive:
     src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}"
     dest: "{{ filebeat_module_destination }}"
     remote_src: yes
-  when: not filebeat_module_folder.stat.exists
+  when: not filebeat_module_folder_info.stat.exists
 
 - name: Setting 0755 permission for Filebeat module folder
   file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes
-  when: not filebeat_module_folder.stat.exists
+  when: not filebeat_module_folder_info.stat.exists
 
 - name: Checking if Filebeat Module package file exists
   stat:

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
-wazuh_agent_version: 4.10.2
+wazuh_agent_version: 5.0.0
 
 # Custom packages installation
 
@@ -65,7 +65,7 @@ wazuh_managers:
     retry_interval: 5
     register: yes
 
-## Authentication Method: Enrollment section (4.x)
+## Authentication Method: Enrollment section (5.x)
 
 # For more information see:
 # * https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#enrollment

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
-wazuh_manager_version: 4.10.2
+wazuh_manager_version: 5.0.0
 
 wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: present

diff --git a/roles/wazuh/check-packages/defaults/main.yml b/roles/wazuh/check-packages/defaults/main.yml
@@ -1,2 +1,2 @@
 ---
-wazuh_version: 4.10.2
+wazuh_version: 5.0.0
diff --git a/roles/wazuh/check-packages/scripts/check_packages.sh b/roles/wazuh/check-packages/scripts/check_packages.sh
@@ -9,7 +9,7 @@ checkPackages(){
     ## Set S3 Bucket URL
     if [ $1 == "production" ]; then
         echo "production"
-        PACKAGES_URL=https://packages.wazuh.com/4.x/
+        PACKAGES_URL=https://packages.wazuh.com/5.x/
     elif [ $1 == "pre-release" ]; then
         echo "pre-release"
         PACKAGES_URL=https://packages-dev.wazuh.com/pre-release/

diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml
@@ -1,20 +1,20 @@
 wazuh_repo:
   keyring_path: '/usr/share/keyrings/wazuh.gpg'
-  apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main'
-  yum: 'https://packages.wazuh.com/4.x/yum/'
+  apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/5.x/apt/ stable main'
+  yum: 'https://packages.wazuh.com/5.x/yum/'
   gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
   path: '/tmp/WAZUH-GPG-KEY'
-wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
+wazuh_winagent_config_url: "https://packages.wazuh.com/5.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
-wazuh_winagent_sha512_url: "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
-filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat
+wazuh_winagent_sha512_url: "https://packages.wazuh.com/5.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
+filebeat_module_package_url: https://packages.wazuh.com/5.x/filebeat
 
 wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
 wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
-wazuh_macos_intel_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_intel_package_name }}"
-wazuh_macos_arm_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_arm_package_name }}"
+wazuh_macos_intel_package_url: "https://packages.wazuh.com/5.x/macos/{{ wazuh_macos_intel_package_name }}"
+wazuh_macos_arm_package_url: "https://packages.wazuh.com/5.x/macos/{{ wazuh_macos_arm_package_name }}"
 
-certs_gen_tool_version: "4.10"
+certs_gen_tool_version: "5.0"
 
 # Url of certificates generator tool
 certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml
@@ -14,7 +14,7 @@ wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg
 wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/pre-release/{{ wazuh_macos_intel_package_name }}"
 wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/pre-release/macos/{{ wazuh_macos_arm_package_name }}"
 
-certs_gen_tool_version: "4.10"
+certs_gen_tool_version: "5.0"
 
 # Url of certificates generator tool
 certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
diff --git a/roles/wazuh/vars/repo_staging.yml b/roles/wazuh/vars/repo_staging.yml
@@ -15,7 +15,7 @@ wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg
 wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_intel_package_name }}"
 wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_arm_package_name }}"
 
-certs_gen_tool_version: "4.10"
+certs_gen_tool_version: "5.0"
 
 # Url of certificates generator tool
 certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
diff --git a/roles/wazuh/wazuh-dashboard/defaults/main.yml b/roles/wazuh/wazuh-dashboard/defaults/main.yml
@@ -8,20 +8,20 @@ dashboard_node_name: node-1
 dashboard_server_host: "0.0.0.0"
 dashboard_server_port: "443"
 dashboard_server_name: "dashboard"
-wazuh_version: 4.10.2
+wazuh_version: 5.0.0
 indexer_cluster_nodes:
   - 127.0.0.1
 
 # The Wazuh dashboard package repository
-dashboard_version: "4.10.2"
+dashboard_version: "5.0.0"
 
 # API credentials
 wazuh_api_credentials:
   - id: "default"
     url: "https://127.0.0.1"
     port: 55000
-    username: "wazuh"
-    password: "wazuh"
+    username: "wazuh-wui"
+    password: "wazuh-wui"
 
 # Dashboard Security
 dashboard_security: true

diff --git a/roles/wazuh/wazuh-dashboard/templates/wazuh.yml.j2 b/roles/wazuh/wazuh-dashboard/templates/wazuh.yml.j2
@@ -21,7 +21,7 @@
 # ------------------------------- Index patterns -------------------------------
 #
 # Default index pattern to use.
-#pattern: wazuh-alerts-4.x-*
+#pattern: wazuh-alerts-5.x-*
 #
 # ----------------------------------- Checks -----------------------------------
 #
@@ -92,17 +92,17 @@
 # Default: 900 (s)
 #wazuh.monitoring.frequency: 900
 #
-# Configure wazuh-monitoring-4.x-* indices shards and replicas.
+# Configure wazuh-monitoring-5.x-* indices shards and replicas.
 #wazuh.monitoring.shards: 2
 #wazuh.monitoring.replicas: 0
 #
-# Configure wazuh-monitoring-4.x-* indices custom creation interval.
+# Configure wazuh-monitoring-5.x-* indices custom creation interval.
 # Values: h (hourly), d (daily), w (weekly), m (monthly)
 # Default: d
 #wazuh.monitoring.creation: d
 #
 # Default index pattern to use for Wazuh monitoring
-#wazuh.monitoring.pattern: wazuh-monitoring-4.x-*
+#wazuh.monitoring.pattern: wazuh-monitoring-5.x-*
 #
 #
 # ------------------------------- App privileges --------------------------------

diff --git a/roles/wazuh/wazuh-dashboard/vars/debian.yml b/roles/wazuh/wazuh-dashboard/vars/debian.yml
@@ -1,2 +1,2 @@
 ---
-dashboard_version: 4.10.2
+dashboard_version: 5.0.0
diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 # Cluster Settings
-indexer_version: 4.10.2
+indexer_version: 5.0.0
 
 single_node: false
 indexer_node_name: node-1
@@ -48,3 +48,6 @@ generate_certs: true
 perform_installation: true
 
 indexer_nolog_sensible: true
+
+# Docker image for certificates generation on macOS
+wazuh_certs_tool_docker: "wazuh/wazuh-cert-tool:{{ indexer_version }}"
diff --git a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml
@@ -26,7 +26,7 @@
     get_url:
       url: "{{ certs_gen_tool_url }}"
       dest: "{{ local_certs_path }}/wazuh-certs-tool.sh"
-    when: not tool_package.stat.exists
+    when: not tool_package.stat.exists and not macos_localhost
 
   - name: Local action | Prepare the certificates generation template file
     template:
@@ -38,6 +38,36 @@
   - name: Local action | Generate the node & admin certificates in local
     command: >-
       bash {{ local_certs_path }}/wazuh-certs-tool.sh -A
+    when: not macos_localhost
+
+  - name: Local action | Check for Docker installation on macOS
+    command: docker --version
+    register: docker_check
+    when: macos_localhost
+    ignore_errors: yes
+
+  - name: Local action | Fail if Docker is not installed
+    fail:
+      msg: "Docker is not installed on this host."
+    when: (docker_check.rc | default(1)) != 0 and macos_localhost
+
+  - name: Local action | Run Docker container on macOS
+    community.docker.docker_container:
+      name: wazuh-cert-tool
+      image: "{{ wazuh_certs_tool_docker }}"
+      state: started
+      auto_remove: true
+      volumes:
+        - "{{ local_certs_path }}/config.yml:/config/certs.yml"
+        - "{{ local_certs_path }}/wazuh-certificates/:/certificates/"
+    when: macos_localhost
+
+  - name: Local action | Remove Docker image after execution
+    community.docker.docker_image:
+      name: "{{ wazuh_certs_tool_docker }}"
+      state: absent
+      force_absent: yes
+    when: macos_localhost
 
   run_once: true
   delegate_to: localhost