codeenigma · gregharvey · Feb 29, 2024 · Feb 29, 2024 · Feb 29, 2024
diff --git a/roles/debian/wazuh/defaults/main.yml b/roles/debian/wazuh/defaults/main.yml
@@ -1,7 +1,6 @@
 ---
-_wazuh_path: ""
-
 wazuh:
+  path: wazuh
   #roles_directory: "/path/to/roles" # defaults to /home/controller/.ansible/roles/wazuh-ansible
   branch: "v4.7.2" # wazuh-ansible git branch to checkout - not to be confused with wazuh_version!
   # Agent variables, installed locally by default

diff --git a/roles/debian/wazuh/tasks/install.yml b/roles/debian/wazuh/tasks/install.yml
diff --git a/roles/debian/wazuh/tasks/main.yml b/roles/debian/wazuh/tasks/main.yml
@@ -1,23 +1,112 @@
----
-# Assumes you have run the ce_provision role on your controller and it has already installed the Wazuh roles
-- name: Select items with URL https://github.com/wazuh/wazuh-ansible.git
-  ansible.builtin.set_fact:
-    _wazuh_items: "{{ ce_provision.contrib_roles | selectattr('repo', 'equalto', 'https://github.com/wazuh/wazuh-ansible.git') | list }}"
+- name: Import elastic-stack.
+  ansible.builtin.import_role:
+    name: "contrib/{{ wazuh.path }}/roles/elastic-stack/ansible-kibana"
 
-- name: Debug print _wazuh_items
-  ansible.builtin.debug:
-    msg: "{{ _wazuh_items }}"
+- name: Import opendistro.
+  ansible.builtin.import_role:
+    name: "contrib/{{ wazuh.path }}/roles/opendistro/opendistro-kibana"
 
-- name: Set wazuh path based on matching repo
-  ansible.builtin.set_fact:
-    _wazuh_path: "{{ _wazuh_items | map(attribute='directory') | first }}"
-  when: _wazuh_items | length > 0
+- name: Generate certificates.
+  ansible.builtin.import_role:
+    name: "contrib/{{ wazuh.path }}/roles/wazuh/wazuh-indexer"
+  delegate_to: localhost
+  vars:
+    indexer_node_master: "{{ wazuh.indexer.indexer_node_master }}"
+    instances: "{{ wazuh.indexer.indexer_primary }}"
+    perform_installation: false
+  tags:
+    - generate-certs
 
-- name: Debug _wazuh_path before including install.yml
-  ansible.builtin.debug:
-    msg: "The value of _wazuh_path is: '{{ _wazuh_path | default('Not set') }}'"
+- name: Install Wazuh indexer.
+  ansible.builtin.import_role:
+    name: "contrib/{{ wazuh.path }}/roles/wazuh/wazuh-indexer"
+  vars:
+    single_node: "{{ wazuh.indexer.single_node }}"
+    domain_name: "{{ wazuh.indexer.domain_name }}"
+    indexer_cluster_name: "{{ wazuh.indexer.indexer_cluster_name }}"
+    indexer_node_name: "{{ wazuh.indexer.indexer_node_name }}"
+    minimum_master_nodes: "{{ wazuh.indexer.minimum_master_nodes }}"
+    indexer_node_master: "{{ wazuh.indexer.indexer_node_master }}"
+    indexer_node_data: "{{ wazuh.indexer.indexer_node_data }}"
+    indexer_node_ingest: "{{ wazuh.indexer.indexer_node_ingest }}"
+    indexer_start_timeout: "{{ wazuh.indexer.indexer_start_timeout }}"
+    indexer_network_host: "{{ wazuh.indexer.indexer_network_host }}"
+    indexer_cluster_nodes: "{{ wazuh.indexer.indexer_cluster_nodes }}"
+    indexer_discovery_nodes: "{{ wazuh.indexer.indexer_discovery_nodes }}"
+    indexer_http_port: "{{ wazuh.indexer.indexer_http_port }}"
+    indexer_api_protocol: "{{ wazuh.indexer.indexer_api_protocol }}"
+    indexer_custom_user: "{{ wazuh.indexer.indexer_custom_user }}"
+    indexer_custom_user_role: "{{ wazuh.indexer.indexer_custom_user_role }}"
+    indexer_admin_password: "{{ wazuh.indexer.indexer_admin_password }}"
+    dashboard_password: "{{ wazuh.dashboard.dashboard_password }}"
+    instances: "{{ wazuh.indexer.indexer_instances }}"
+    perform_installation: true
+  tags:
+    - install
+  when: wazuh.indexer.install
 
-- name: Include task to install based on selected items
-  ansible.builtin.import_tasks:
-    file: install.yml
-  when: _wazuh_items | length > 0
+- name: Install Wazuh Manager.
+  ansible.builtin.import_role:
+    name: "contrib/{{ wazuh.path }}/roles/wazuh/ansible-wazuh-manager"
+  vars:
+    wazuh_manager_mailto: "{{ wazuh.manager.wazuh_manager_mailto }}"
+    wazuh_manager_email_smtp_server: "{{ wazuh.manager.wazuh_manager_email_smtp_server }}"
+    wazuh_manager_email_from: "{{ wazuh.manager.wazuh_manager_email_from }}"
+    wazuh_manager_email_maxperhour: "{{ wazuh.manager.wazuh_manager_email_maxperhour }}"
+    wazuh_manager_email_queue_size: "{{ wazuh.manager.wazuh_manager_email_queue_size }}"
+    wazuh_manager_email_log_source: "{{ wazuh.manager.wazuh_manager_email_log_source }}"
+    wazuh_manager_log_level: "{{ wazuh.manager.wazuh_manager_log_level }}"
+    wazuh_manager_email_level: "{{ wazuh.manager.wazuh_manager_email_level }}"
+    wazuh_manager_extra_emails: "{{ wazuh.manager.wazuh_manager_extra_emails }}"
+    wazuh_manager_reports: "{{ wazuh.manager.wazuh_manager_reports }}"
+    wazuh_manager_api: "{{ wazuh.manager.wazuh_manager_api }}"
+    agent_groups: "{{ wazuh.manager.agent_groups }}"
+  when: wazuh.manager.install
+
+- name: Install Filebeat.
+  ansible.builtin.import_role:
+    name: "contrib/{{ wazuh.path }}/roles/wazuh/ansible-filebeat-oss"
+  vars:
+    filebeat_version: "{{ wazuh.filebeat.filebeat_version }}"
+    filebeat_node_name: "{{ wazuh.filebeat.filebeat_node_name }}"
+    filebeat_output_indexer_hosts: "{{ wazuh.filebeat.filebeat_output_indexer_hosts }}"
+    filebeat_module_package_url: "{{ wazuh.filebeat.filebeat_module_package_url }}"
+    filebeat_module_package_name: "{{ wazuh.filebeat.filebeat_module_package_name }}"
+    indexer_security_user: "{{ wazuh.filebeat.indexer_security_user | default('admin') }}"
+    indexer_security_password: "{{ wazuh.indexer.indexer_admin_password }}"
+  when: wazuh.filebeat.install
+
+- name: Install Wazuh dashboard.
+  ansible.builtin.import_role:
+    name: "contrib/{{ wazuh.path }}/roles/wazuh/wazuh-dashboard"
+  vars:
+    dashboard_node_name: "{{ wazuh.dashboard.dashboard_node_name }}"
+    dashboard_server_host: "{{ wazuh.dashboard.dashboard_server_host }}"
+    dashboard_server_port: "{{ wazuh.dashboard.dashboard_server_port }}"
+    dashboard_server_name: "{{ wazuh.dashboard.dashboard_server_name }}"
+    wazuh_api_credentials: "{{ wazuh.dashboard.wazuh_api_credentials }}"
+    dashboard_security: "{{ wazuh.dashboard.dashboard_security }}"
+    dashboard_user: "{{ wazuh.dashboard.dashboard_user }}"
+    dashboard_password: "{{ wazuh.dashboard.dashboard_password }}"
+    indexer_admin_password: "{{ wazuh.indexer.indexer_admin_password }}"
+    indexer_http_port: "{{ wazuh.indexer.indexer_http_port }}"
+    indexer_api_protocol: "{{ wazuh.indexer.indexer_api_protocol }}"
+    ansible_shell_allow_world_readable_temp: true
+  when: wazuh.dashboard.install
+
+- name: Install Wazuh agent.
+  ansible.builtin.import_role:
+    name: "contrib/{{ wazuh.path }}/roles/wazuh/ansible-wazuh-agent"
+  vars:
+    wazuh_managers: "{{ wazuh.agent.managers }}"
+    wazuh_agent_enrollment:
+      enabled: "{{ wazuh.agent.wazuh_agent_enrollment.enabled }}"
+      agent_name: "{{ wazuh.agent.wazuh_agent_enrollment.agent_name }}"
+      groups: "{{ wazuh.agent.wazuh_agent_enrollment.groups }}"
+      agent_address: "{{ wazuh.agent.wazuh_agent_enrollment.agent_address }}"
+      ssl_ciphers: "{{ wazuh.agent.wazuh_agent_enrollment.ssl_ciphers }}"
+      wazuh_custom_packages_installation_agent_enabled: false
+    ansible_shell_allow_world_readable_temp: true
+    wazuh_agent_sources_installation:
+      enabled: true
+  when: wazuh.agent.install and not wazuh_agent_sources_installation.enabled