Skip to content

Commit

Permalink
Fix and enhance PR checks workflows (AIO & Distributed) to use alloca…
Browse files Browse the repository at this point in the history
…tor module
  • Loading branch information
YisDav committed Nov 14, 2024
1 parent caee49d commit 1cd684f
Show file tree
Hide file tree
Showing 15 changed files with 714 additions and 497 deletions.
38 changes: 21 additions & 17 deletions .github/playbooks/aio-wazuh.yml
Original file line number Diff line number Diff line change
@@ -1,38 +1,42 @@
- name: Generate certificates prior to converging
hosts: localhost
hosts: aio
become: true
become_user: root
roles:
# 1. Check packages
- role: ../../roles/wazuh/check-packages
become: no
delegate_to: localhost
delegate_to: aio
run_once: true
# 2. Generate certificates
- role: ../../roles/wazuh/wazuh-indexer
vars:
generate_certs: true
perform_installation: false
instances:
node1:
name: wazuh-es01 # Important: must be equal to indexer_node_name.
ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node3:
name: wazuh-mgr01
ip: "127.0.0.1"
role: wazuh
node5:
name: wazuh-dash01
ip: "127.0.0.1"
role: dashboard
macos_localhost: false
vars:
# wazuh_endpoint_list: "{{ groups['aio'] }}"
instances:
node1:
name: wazuh-es01 # Important: must be equal to indexer_node_name.
ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node3:
name: wazuh-mgr01
ip: "127.0.0.1"
role: wazuh
node5:
name: wazuh-dash01
ip: "127.0.0.1"
role: dashboard
pre_tasks:
- name: overview of cert configuration
debug:
var: wazuh_endpoint_list
# var: wazuh_endpoint_list
var: instances

- name: Converge
hosts: localhost
hosts: aio
become: true
become_user: root
roles:
Expand Down
177 changes: 177 additions & 0 deletions .github/playbooks/distributed-wazuh.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,177 @@
---
# Certificates generation
- hosts: wi1
roles:
# Check packages
- role: ../../roles/wazuh/check-packages
become: no
delegate_to: localhost
run_once: true
# Generate certificates
- role: ../../roles/wazuh/wazuh-indexer
vars:
generate_certs: true
perform_installation: false
become: true
become_user: root
vars:
indexer_node_master: true
instances:
node1:
name: node-1
ip: "{{ hostvars.wi1.private_ip }}"
role: indexer
node2:
name: node-2
ip: "{{ hostvars.wi2.private_ip }}"
role: indexer
node3:
name: node-3
ip: "{{ hostvars.wi3.private_ip }}"
role: indexer
node4:
name: node-4
ip: "{{ hostvars.manager.private_ip }}"
role: wazuh
node_type: master
node5:
name: node-5
ip: "{{ hostvars.worker.private_ip }}"
role: wazuh
node_type: worker
node6:
name: node-6
ip: "{{ hostvars.dashboard.private_ip }}"
role: dashboard
macos_localhost: false
tags:
- generate-certs

# Wazuh indexer cluster
- hosts: wi_cluster
strategy: free
roles:
- role: ../../roles/wazuh/wazuh-indexer
indexer_network_host: "{{ private_ip }}"
become: yes
become_user: root
vars:
indexer_cluster_nodes:
- "{{ hostvars.wi1.private_ip }}"
- "{{ hostvars.wi2.private_ip }}"
- "{{ hostvars.wi3.private_ip }}"
indexer_discovery_nodes:
- "{{ hostvars.wi1.private_ip }}"
- "{{ hostvars.wi2.private_ip }}"
- "{{ hostvars.wi3.private_ip }}"
indexer_node_master: true
instances:
node1:
name: node-1 # Important: must be equal to indexer_node_name.
ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node2:
name: node-2
ip: "{{ hostvars.wi2.private_ip }}"
role: indexer
node3:
name: node-3
ip: "{{ hostvars.wi3.private_ip }}"
role: indexer
node4:
name: node-4
ip: "{{ hostvars.manager.private_ip }}"
role: wazuh
node_type: master
node5:
name: node-5
ip: "{{ hostvars.worker.private_ip }}"
role: wazuh
node_type: worker
node6:
name: node-6
ip: "{{ hostvars.dashboard.private_ip }}"
role: dashboard

# Wazuh cluster
- hosts: manager
roles:
- role: "../../roles/wazuh/ansible-wazuh-manager"
- role: "../../roles/wazuh/ansible-filebeat-oss"
become: yes
become_user: root
vars:
filebeat_node_name: node-4
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'master'
node_type: 'master'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
wazuh_api_users:
- username: custom-user
password: SecretPassword1!
filebeat_output_indexer_hosts:
- "{{ hostvars.wi1.private_ip }}"
- "{{ hostvars.wi2.private_ip }}"
- "{{ hostvars.wi3.private_ip }}"

- hosts: worker
roles:
- role: "../../roles/wazuh/ansible-wazuh-manager"
- role: "../../roles/wazuh/ansible-filebeat-oss"
become: yes
become_user: root
vars:
filebeat_node_name: node-5
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'worker_01'
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
filebeat_output_indexer_hosts:
- "{{ hostvars.wi1.private_ip }}"
- "{{ hostvars.wi2.private_ip }}"
- "{{ hostvars.wi3.private_ip }}"

# Wazuh dashboard node
- hosts: dashboard
roles:
- role: "../../roles/wazuh/wazuh-dashboard"
become: yes
become_user: root
vars:
indexer_network_host: "{{ hostvars.wi1.private_ip }}"
indexer_cluster_nodes:
- "{{ hostvars.wi1.private_ip }}"
- "{{ hostvars.wi2.private_ip }}"
- "{{ hostvars.wi3.private_ip }}"
dashboard_node_name: node-6
wazuh_api_credentials:
- id: default
url: https://{{ hostvars.manager.private_ip }}
port: 55000
username: custom-user
password: SecretPassword1!
ansible_shell_allow_world_readable_temp: true
37 changes: 0 additions & 37 deletions .github/playbooks/single-wazuh.yml

This file was deleted.

Loading

0 comments on commit 1cd684f

Please sign in to comment.