Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MVP - Ansible - Roles: wazuh-dashboard role #1523

Open
2 tasks done
YisDav opened this issue Jan 23, 2025 · 3 comments · May be fixed by #1565
Open
2 tasks done

MVP - Ansible - Roles: wazuh-dashboard role #1523

YisDav opened this issue Jan 23, 2025 · 3 comments · May be fixed by #1565
Assignees
@YisDav
Labels
level/subtask Task issue type/enhancement

Comments

@YisDav
Copy link
Member

YisDav commented Jan 23, 2025
edited
Loading

Description

The ansible role for Wazuh dashboard (roles/wazuh-dashboard) is intended to simplify the installation and configuration of the Wazuh dashboard component.

For a more detailed description, please refer to the parent commit (#1493).

Tasks

  • Develop the Wazuh dashboard role. The playbook must support installation across all platforms, ensuring compatibility with the Central Components tier 1 OS versions and architectures.
  • Validate the role's functionality by testing it with all supported Wazuh dashboard environments.
@teddytpc1 teddytpc1 changed the title Ansible MVP - Roles: wazuh-dashboard role MVP - Ansible - Roles: wazuh-dashboard role Feb 6, 2025
@wazuhci wazuhci moved this to Backlog in XDR+SIEM/Release 5.0.0 Feb 6, 2025
@wazuhci wazuhci moved this from Backlog to In progress in XDR+SIEM/Release 5.0.0 Feb 18, 2025
@wazuhci wazuhci moved this from In progress to On hold in XDR+SIEM/Release 5.0.0 Feb 20, 2025
@wazuhci wazuhci moved this from On hold to In progress in XDR+SIEM/Release 5.0.0 Feb 21, 2025
@YisDav
Copy link
Member Author

YisDav commented Feb 25, 2025
edited
Loading

Update

Tests have been carried out to verify the functioning of the Ansible role to perform the installation of Wazuh Dashboard 5.0.0. The following operating systems were used to carry out the tests:

Tested OSs

Distribution Version Architecture
Ubuntu 24.04 aarch64
Debian 12 x86_64
Redhat 9 aarch64
CentOS Stream 9 x86_64
Amazon Linux 2 x86_64

Each host successfully installed the Wazuh Dashboard and connected it to a preconfigured cluster (comprising an indexer, server, and a connected agent) to verify the success of the installation and connection between the dashboard and the cluster.

The deployment was completed successfully across all hosts.

Archive with all evidence files

evidence-1523.zip

Description Here is all included evidence of testing. This includes: execution outputs, screenshots, inventory and example playbook.

Accessing dashboard

In the .zip evidence archive contains all the complete evidence files, including screenshots of the dashboard webpages for all hosts.

Image

Ansible execution log

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [100.*.*.249]
ok: [54.*.*.185]
ok: [3.*.*.237]
ok: [34.*.*.45]
ok: [52.*.*.218]

TASK [wazuh-dashboard : include_vars] ******************************************
ok: [34.*.*.45]
ok: [3.*.*.237]
ok: [52.*.*.218]
ok: [54.*.*.185]
ok: [100.*.*.249]

TASK [wazuh-dashboard : include_vars] ******************************************
ok: [34.*.*.45]
ok: [3.*.*.237]
ok: [52.*.*.218]
ok: [54.*.*.185]
ok: [100.*.*.249]

TASK [wazuh-dashboard : Retrieve local_configs_path directory information] *****
ok: [34.*.*.45 -> localhost]

TASK [wazuh-dashboard : fail] **************************************************
skipping: [34.*.*.45]

TASK [wazuh-dashboard : Ensure wazuh-dashboard package download directory exists] ***
changed: [100.*.*.249]
changed: [3.*.*.237]
changed: [54.*.*.185]
changed: [52.*.*.218]
changed: [34.*.*.45]

TASK [wazuh-dashboard : RedHat/CentOS/Fedora | Install Dashboard dependencies] ***
skipping: [3.*.*.237]
skipping: [52.*.*.218]
ok: [100.*.*.249]
ok: [34.*.*.45]
ok: [54.*.*.185]

TASK [wazuh-dashboard : RedHat/CentOS/Fedora (x86_64) | Download wazuh-dashboard package] ***
skipping: [3.*.*.237]
skipping: [52.*.*.218]
skipping: [54.*.*.185]
changed: [100.*.*.249]
changed: [34.*.*.45]

TASK [wazuh-dashboard : RedHat/CentOS/Fedora (aarch64) | Download wazuh-dashboard package] ***
skipping: [34.*.*.45]
skipping: [3.*.*.237]
skipping: [52.*.*.218]
skipping: [100.*.*.249]
changed: [54.*.*.185]

TASK [wazuh-dashboard : Debian-based | Install Dashboard dependencies] *********
skipping: [34.*.*.45]
skipping: [54.*.*.185]
skipping: [100.*.*.249]
ok: [3.*.*.237]
changed: [52.*.*.218]

TASK [wazuh-dashboard : Debian-based (AMD64) | Download wazuh-dashboard package] ***
skipping: [34.*.*.45]
skipping: [52.*.*.218]
skipping: [54.*.*.185]
skipping: [100.*.*.249]
changed: [3.*.*.237]

TASK [wazuh-dashboard : Debian-based (ARM64) | Download wazuh-dashboard package] ***
skipping: [34.*.*.45]
skipping: [3.*.*.237]
skipping: [54.*.*.185]
skipping: [100.*.*.249]
changed: [52.*.*.218]

TASK [wazuh-dashboard : Linux CentOS/RedHat | Install wazuh-dashboard using yum] ***
skipping: [3.*.*.237]
skipping: [52.*.*.218]
changed: [100.*.*.249]
changed: [54.*.*.185]
changed: [34.*.*.45]

TASK [wazuh-dashboard : Linux Debian | Install wazuh-dashboard using dpkg] *****
skipping: [34.*.*.45]
skipping: [54.*.*.185]
skipping: [100.*.*.249]
changed: [52.*.*.218]
changed: [3.*.*.237]

TASK [wazuh-dashboard : Dashboard | Remove current opensearch.hosts configuration] ***
changed: [3.*.*.237]
changed: [52.*.*.218]
changed: [34.*.*.45]
changed: [100.*.*.249]
changed: [54.*.*.185]

TASK [wazuh-dashboard : Dashboard | Add opensearch.hosts configuration] ********
changed: [100.*.*.249]
changed: [54.*.*.185]
changed: [52.*.*.218]
changed: [3.*.*.237]
changed: [34.*.*.45]

TASK [wazuh-dashboard : Copy the certificates from local to the Wazuh dashboard instance] ***
changed: [100.*.*.249] => (item=root-ca.pem)
changed: [52.*.*.218] => (item=root-ca.pem)
changed: [3.*.*.237] => (item=root-ca.pem)
changed: [54.*.*.185] => (item=root-ca.pem)
changed: [34.*.*.45] => (item=root-ca.pem)
changed: [100.*.*.249] => (item=dashboard-key.pem)
changed: [52.*.*.218] => (item=dashboard-key.pem)
changed: [54.*.*.185] => (item=dashboard-key.pem)
changed: [3.*.*.237] => (item=dashboard-key.pem)
changed: [34.*.*.45] => (item=dashboard-key.pem)
changed: [100.*.*.249] => (item=dashboard.pem)
changed: [52.*.*.218] => (item=dashboard.pem)
changed: [54.*.*.185] => (item=dashboard.pem)
changed: [3.*.*.237] => (item=dashboard.pem)
changed: [34.*.*.45] => (item=dashboard.pem)

TASK [wazuh-dashboard : Rename certificates to match default names] ************
skipping: [34.*.*.45] => (item={'src': 'dashboard.pem', 'dest': 'dashboard.pem'}) 
skipping: [34.*.*.45] => (item={'src': 'dashboard-key.pem', 'dest': 'dashboard-key.pem'}) 
skipping: [3.*.*.237] => (item={'src': 'dashboard.pem', 'dest': 'dashboard.pem'}) 
skipping: [3.*.*.237] => (item={'src': 'dashboard-key.pem', 'dest': 'dashboard-key.pem'}) 
skipping: [34.*.*.45]
skipping: [52.*.*.218] => (item={'src': 'dashboard.pem', 'dest': 'dashboard.pem'}) 
skipping: [52.*.*.218] => (item={'src': 'dashboard-key.pem', 'dest': 'dashboard-key.pem'}) 
skipping: [3.*.*.237]
skipping: [52.*.*.218]
skipping: [54.*.*.185] => (item={'src': 'dashboard.pem', 'dest': 'dashboard.pem'}) 
skipping: [54.*.*.185] => (item={'src': 'dashboard-key.pem', 'dest': 'dashboard-key.pem'}) 
skipping: [54.*.*.185]
skipping: [100.*.*.249] => (item={'src': 'dashboard.pem', 'dest': 'dashboard.pem'}) 
skipping: [100.*.*.249] => (item={'src': 'dashboard-key.pem', 'dest': 'dashboard-key.pem'}) 
skipping: [100.*.*.249]

TASK [wazuh-dashboard : Ensure Wazuh dashboard started and enabled] ************
changed: [100.*.*.249]
changed: [34.*.*.45]
changed: [54.*.*.185]
changed: [52.*.*.218]
changed: [3.*.*.237]

TASK [wazuh-dashboard : Remove installation leftovers] *************************
changed: [100.*.*.249]
changed: [52.*.*.218]
changed: [54.*.*.185]
changed: [3.*.*.237]
changed: [34.*.*.45]

PLAY RECAP *********************************************************************
100.*.*.249             : ok=12   changed=8    unreachable=0    failed=0    skipped=6    rescued=0    ignored=0   
3.*.*.237               : ok=12   changed=8    unreachable=0    failed=0    skipped=6    rescued=0    ignored=0   
34.*.*.45              : ok=13   changed=8    unreachable=0    failed=0    skipped=7    rescued=0    ignored=0   
52.*.*.218             : ok=12   changed=9    unreachable=0    failed=0    skipped=6    rescued=0    ignored=0   
54.*.*.185              : ok=12   changed=8    unreachable=0    failed=0    skipped=6    rescued=0    ignored=0

@YisDav YisDav linked a pull request Feb 25, 2025 that will close this issue
Open
@YisDav YisDav linked a pull request Feb 25, 2025 that will close this issue
Refactor of the wazuh-dashboard ansible role #1565
Open
@wazuhci wazuhci moved this from In progress to Pending review in XDR+SIEM/Release 5.0.0 Feb 25, 2025
@YisDav
Copy link
Member Author

YisDav commented Feb 26, 2025
edited
Loading

Update

During the PR review, several changes were recommended:

  • Enhance OS comparisons for specific tasks.
  • Add variable and configuration tasks to correctly establish a connection with the Wazuh Server.

Additionally:

  • Add a task to verify the HTTP status of the dashboard after it has been initiated.

To implement these updates, the deployment will need to be retested on the previously identified hosts. The results and supporting evidence will be shared here once the tests are completed and the necessary data is collected.

The configuration file required for setting the Server API is not automatically generated on all hosts after installing the Wazuh Dashboard package and starting the service. This file is only created on RHEL and Ubuntu operating systems.

TASK [wazuh-dashboard : Dashboard | Configure /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml file] ***
changed: [18.*.*.215]
changed: [52.*.*.191]
fatal: [3.*.*.224]: FAILED! => {"changed": false, "msg": "Path /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml does not exist !", "rc": 257}
fatal: [100.*.*.210]: FAILED! => {"changed": false, "msg": "Path /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml does not exist !", "rc": 257}
fatal: [44.*.*.203]: FAILED! => {"changed": false, "msg": "Path /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml does not exist !", "rc": 257}

@wazuhci wazuhci moved this from Pending review to In progress in XDR+SIEM/Release 5.0.0 Feb 26, 2025
@YisDav
Copy link
Member Author

YisDav commented Mar 3, 2025

Update

After reaching out to the dashboard team to gather more information about the existence of this file and why it was created in some systems but not in others, we learned that the wazuh.yml file (which stored the server API information) will no longer exist. The configuration for connecting to the server will now be migrated to opensearch_dashboards.yml, with slight changes in how it is defined.

https://github.com/wazuh/wazuh-dashboard/blob/669e47228df391413b0296aae54425771776535c/config/opensearch_dashboards.prod.yml#L15-L21

As a result, a task was implemented to modify the default value for the API host (localhost) to the IP address registered as the Wazuh Server instance in the Ansible deployment.

Additionally, the other changes and improvements (previously mentioned) were implemented.

The corresponding evidence is attached below.

Evidence

Image

Ansible results:

...

PLAY RECAP *********************************************************************
al2_amd                    : ok=16   changed=11   unreachable=0    failed=0    skipped=6    rescued=0    ignored=0
centos9_amd                : ok=17   changed=11   unreachable=0    failed=0    skipped=7    rescued=0    ignored=0
debian12_amd               : ok=16   changed=11   unreachable=0    failed=0    skipped=6    rescued=0    ignored=0
rhel9_arm                  : ok=16   changed=10   unreachable=0    failed=0    skipped=6    rescued=0    ignored=0
ubuntu22_arm               : ok=16   changed=10   unreachable=0    failed=0    skipped=6    rescued=0    ignored=0
Complete Ansible output: 
PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [rhel9_arm]
ok: [al2_amd]
ok: [ubuntu22_arm]
ok: [debian12_amd]
ok: [centos9_amd]

TASK [wazuh-dashboard : include_vars] ******************************************
ok: [centos9_amd]
ok: [debian12_amd]
ok: [ubuntu22_arm]
ok: [rhel9_arm]
ok: [al2_amd]

TASK [wazuh-dashboard : include_vars] ******************************************
ok: [centos9_amd]
ok: [debian12_amd]
ok: [ubuntu22_arm]
ok: [rhel9_arm]
ok: [al2_amd]

TASK [wazuh-dashboard : Retrieve local_configs_path directory information] *****
ok: [centos9_amd -> localhost]

TASK [wazuh-dashboard : fail] **************************************************
skipping: [centos9_amd]

TASK [wazuh-dashboard : Ensure wazuh-dashboard package download directory exists] ***
changed: [ubuntu22_arm]
changed: [rhel9_arm]
changed: [al2_amd]
changed: [debian12_amd]
changed: [centos9_amd]

TASK [wazuh-dashboard : RedHat/CentOS/Fedora | Install Dashboard dependencies] ***
skipping: [debian12_amd]
skipping: [ubuntu22_arm]
ok: [al2_amd]
ok: [centos9_amd]
ok: [rhel9_arm]

TASK [wazuh-dashboard : RedHat/CentOS/Fedora (x86_64) | Download wazuh-dashboard package] ***
skipping: [debian12_amd]
skipping: [ubuntu22_arm]
skipping: [rhel9_arm]
changed: [al2_amd]
changed: [centos9_amd]

TASK [wazuh-dashboard : RedHat/CentOS/Fedora (aarch64) | Download wazuh-dashboard package] ***
skipping: [centos9_amd]
skipping: [debian12_amd]
skipping: [ubuntu22_arm]
skipping: [al2_amd]
changed: [rhel9_arm]

TASK [wazuh-dashboard : Debian-based | Install Dashboard dependencies] *********
skipping: [centos9_amd]
skipping: [rhel9_arm]
skipping: [al2_amd]
ok: [debian12_amd]
ok: [ubuntu22_arm]

TASK [wazuh-dashboard : Debian-based (AMD64) | Download wazuh-dashboard package] ***
skipping: [centos9_amd]
skipping: [ubuntu22_arm]
skipping: [rhel9_arm]
skipping: [al2_amd]
changed: [debian12_amd]

TASK [wazuh-dashboard : Debian-based (ARM64) | Download wazuh-dashboard package] ***
skipping: [centos9_amd]
skipping: [debian12_amd]
skipping: [rhel9_arm]
skipping: [al2_amd]
changed: [ubuntu22_arm]

TASK [wazuh-dashboard : Linux CentOS/RedHat | Install wazuh-dashboard using yum] ***
skipping: [debian12_amd]
skipping: [ubuntu22_arm]
changed: [al2_amd]
changed: [rhel9_arm]
changed: [centos9_amd]

TASK [wazuh-dashboard : Linux Debian | Install wazuh-dashboard using APT] ******
skipping: [centos9_amd]
skipping: [rhel9_arm]
skipping: [al2_amd]
changed: [ubuntu22_arm]
changed: [debian12_amd]

TASK [wazuh-dashboard : Dashboard | Remove current opensearch.hosts configuration] ***
changed: [ubuntu22_arm]
changed: [debian12_amd]
changed: [centos9_amd]
changed: [al2_amd]
changed: [rhel9_arm]

TASK [wazuh-dashboard : Dashboard | Add opensearch.hosts configuration] ********
changed: [rhel9_arm]
changed: [ubuntu22_arm]
changed: [al2_amd]
changed: [debian12_amd]
changed: [centos9_amd]

TASK [wazuh-dashboard : Dashboard | Update Wazuh API URL] **********************
ok: [ubuntu22_arm]
ok: [rhel9_arm]
changed: [al2_amd]
changed: [debian12_amd]
changed: [centos9_amd]

TASK [wazuh-dashboard : Dashboard | Remove comments from configuration file] ***
changed: [ubuntu22_arm]
changed: [rhel9_arm]
changed: [al2_amd]
changed: [debian12_amd]
changed: [centos9_amd]

TASK [wazuh-dashboard : Dashboard | Remove empty lines from config.yml file] ***
changed: [ubuntu22_arm]
changed: [rhel9_arm]
changed: [al2_amd]
changed: [debian12_amd]
changed: [centos9_amd]

TASK [wazuh-dashboard : Copy the certificates from local to the Wazuh dashboard instance] ***
changed: [ubuntu22_arm] => (item=root-ca.pem)
changed: [rhel9_arm] => (item=root-ca.pem)
changed: [al2_amd] => (item=root-ca.pem)
changed: [debian12_amd] => (item=root-ca.pem)
changed: [centos9_amd] => (item=root-ca.pem)
changed: [ubuntu22_arm] => (item=dashboard-key.pem)
changed: [rhel9_arm] => (item=dashboard-key.pem)
changed: [al2_amd] => (item=dashboard-key.pem)
changed: [debian12_amd] => (item=dashboard-key.pem)
changed: [centos9_amd] => (item=dashboard-key.pem)
changed: [ubuntu22_arm] => (item=dashboard.pem)
changed: [rhel9_arm] => (item=dashboard.pem)
changed: [al2_amd] => (item=dashboard.pem)
changed: [debian12_amd] => (item=dashboard.pem)
changed: [centos9_amd] => (item=dashboard.pem)

TASK [wazuh-dashboard : Rename certificates to match default names] ************
skipping: [centos9_amd] => (item={'src': 'dashboard.pem', 'dest': 'dashboard.pem'})
skipping: [centos9_amd] => (item={'src': 'dashboard-key.pem', 'dest': 'dashboard-key.pem'})
skipping: [debian12_amd] => (item={'src': 'dashboard.pem', 'dest': 'dashboard.pem'})
skipping: [debian12_amd] => (item={'src': 'dashboard-key.pem', 'dest': 'dashboard-key.pem'})
skipping: [centos9_amd]
skipping: [ubuntu22_arm] => (item={'src': 'dashboard.pem', 'dest': 'dashboard.pem'})
skipping: [ubuntu22_arm] => (item={'src': 'dashboard-key.pem', 'dest': 'dashboard-key.pem'})
skipping: [debian12_amd]
skipping: [ubuntu22_arm]
skipping: [rhel9_arm] => (item={'src': 'dashboard.pem', 'dest': 'dashboard.pem'})
skipping: [rhel9_arm] => (item={'src': 'dashboard-key.pem', 'dest': 'dashboard-key.pem'})
skipping: [rhel9_arm]
skipping: [al2_amd] => (item={'src': 'dashboard.pem', 'dest': 'dashboard.pem'})
skipping: [al2_amd] => (item={'src': 'dashboard-key.pem', 'dest': 'dashboard-key.pem'})
skipping: [al2_amd]

TASK [wazuh-dashboard : Ensure Wazuh dashboard started and enabled] ************
changed: [al2_amd]
changed: [rhel9_arm]
changed: [centos9_amd]
changed: [ubuntu22_arm]
changed: [debian12_amd]

TASK [wazuh-dashboard : Wait for Wazuh dashboard to be ready] ******************
FAILED - RETRYING: [ubuntu22_arm]: Wait for Wazuh dashboard to be ready (10 retries left).
FAILED - RETRYING: [rhel9_arm]: Wait for Wazuh dashboard to be ready (10 retries left).
FAILED - RETRYING: [al2_amd]: Wait for Wazuh dashboard to be ready (10 retries left).
FAILED - RETRYING: [debian12_amd]: Wait for Wazuh dashboard to be ready (10 retries left).
FAILED - RETRYING: [centos9_amd]: Wait for Wazuh dashboard to be ready (10 retries left).
ok: [ubuntu22_arm]
ok: [rhel9_arm]
ok: [al2_amd]
ok: [debian12_amd]
ok: [centos9_amd]

TASK [wazuh-dashboard : Remove installation leftovers] *************************
changed: [ubuntu22_arm]
changed: [al2_amd]
changed: [debian12_amd]
changed: [rhel9_arm]
changed: [centos9_amd]

PLAY RECAP *********************************************************************
al2_amd                    : ok=16   changed=11   unreachable=0    failed=0    skipped=6    rescued=0    ignored=0
centos9_amd                : ok=17   changed=11   unreachable=0    failed=0    skipped=7    rescued=0    ignored=0
debian12_amd               : ok=16   changed=11   unreachable=0    failed=0    skipped=6    rescued=0    ignored=0
rhel9_arm                  : ok=16   changed=10   unreachable=0    failed=0    skipped=6    rescued=0    ignored=0
ubuntu22_arm               : ok=16   changed=10   unreachable=0    failed=0    skipped=6    rescued=0    ignored=0

@wazuhci wazuhci moved this from In progress to Pending review in XDR+SIEM/Release 5.0.0 Mar 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@YisDav YisDav

Labels
level/subtask Task issue type/enhancement
Projects
XDR+SIEM/Release 5.0.0
Status: Pending review
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Refactor of the wazuh-dashboard ansible role wazuh/wazuh-ansible
1 participant
@YisDav