Updated configuration to new VD and indexer #1162

davidcr01 · 2023-12-18T14:04:49Z

Related: #1159

The aim of this PR is to change the new configuration of the new Vulnerability Detector and indexer configuration. With this, the provider list is removed and a new block <indexer> is added.

Testing

A test deploying Wazuh using the wazuh-single.yml playbook has been performed. The log is abbreviated.

🟢 Show log

> ansible-playbook wazuh-single.yml -v
Using /home/davidcr01/Wazuh/ansible/playbooks/ansible.cfg as config file

PLAY [ubuntu] *******************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************
ok: [192.168.57.203]

TASK [../roles/wazuh/wazuh-indexer : include_vars] ******************************************************************
ok: [192.168.57.203] => {"ansible_facts": {"packages_repository": "staging"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-indexer/tasks/../../vars/repo_vars.yml"], "changed": false}

TASK [../roles/wazuh/wazuh-indexer : include_vars] ******************************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'production'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : include_vars] ******************************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"}

...

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] ***
skipping: [192.168.57.203] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] **************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"}

PLAY [ubuntu] *******************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************
ok: [192.168.57.203]

TASK [../roles/wazuh/wazuh-indexer : include_vars] ******************************************************************
ok: [192.168.57.203] => {"ansible_facts": {"packages_repository": "staging"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-indexer/tasks/../../vars/repo_vars.yml"], "changed": false}

TASK [../roles/wazuh/wazuh-indexer : include_vars] ******************************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'production'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : include_vars] ******************************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ***
skipping: [192.168.57.203] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] **************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] **************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] **************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ****************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] *********************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] *********************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] ****************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] *******************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ***************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *********************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] ******************************************
changed: [192.168.57.203] => {"changed": true, "path": "/etc/wazuh-indexer/opensearch.yml", "state": "absent"}

TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] ********************************************
changed: [192.168.57.203] => {"changed": true, "checksum": "a4274fd4697c79fffe669c100dc4cdf2e6e82e0d", "dest": "/etc/wazuh-indexer/opensearch.yml", "gid": 122, "group": "wazuh-indexer", "md5sum": "51ec9c7bdf48d5743394311e52877ac6", "mode": "0640", "owner": "root", "size": 2349, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1702900209.2622633-27830-253145898921704/source", "state": "file", "uid": 0}

TASK [../roles/wazuh/wazuh-indexer : include_tasks] *****************************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-indexer/tasks/security_actions.yml for 192.168.57.203

TASK [../roles/wazuh/wazuh-indexer : Configure IP (Private address)] ************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "hostvars[inventory_hostname]['private_ip'] is defined", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Configure IP (Public address)] *************************************************
ok: [192.168.57.203] => {"ansible_facts": {"target_address": "127.0.0.1"}, "changed": false}

TASK [../roles/wazuh/wazuh-indexer : Ensure Indexer certificates directory permissions.] ****************************
ok: [192.168.57.203] => {"changed": false, "gid": 122, "group": "wazuh-indexer", "mode": "0764", "owner": "wazuh-indexer", "path": "/etc/wazuh-indexer/certs/", "size": 4096, "state": "directory", "uid": 114}

TASK [../roles/wazuh/wazuh-indexer : Copy the Opensearch security internal users template] **************************
changed: [192.168.57.203] => {"changed": true, "checksum": "6475bb616c085f988c1fe09fe9e96750acadf3af", "dest": "/etc/wazuh-indexer/opensearch-security/internal_users.yml", "gid": 122, "group": "wazuh-indexer", "md5sum": "499247bfbc0488b8ddffe47663ebb7a3", "mode": "0644", "owner": "wazuh-indexer", "size": 396, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1702900237.0701706-28049-199816598681087/source", "state": "file", "uid": 114}

TASK [../roles/wazuh/wazuh-indexer : Hashing the custom admin password] *********************************************
changed: [192.168.57.203] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true}

TASK [../roles/wazuh/wazuh-indexer : Set the Admin user password] ***************************************************
changed: [192.168.57.203] => {"changed": true, "msg": "1 replacements made", "rc": 0}

TASK [../roles/wazuh/wazuh-indexer : Hash the kibanaserver role/user pasword] ***************************************
changed: [192.168.57.203] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true}

TASK [../roles/wazuh/wazuh-indexer : Set the kibanaserver user password] ********************************************
changed: [192.168.57.203] => {"changed": true, "msg": "1 replacements made", "rc": 0}

TASK [../roles/wazuh/wazuh-indexer : Initialize the Opensearch security index in Wazuh indexer] *********************
changed: [192.168.57.203] => {"attempts": 1, "changed": true, "cmd": ["sudo", "-u", "wazuh-indexer", "OPENSEARCH_PATH_CONF=/etc/wazuh-indexer", "JAVA_HOME=/usr/share/wazuh-indexer/jdk", "/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh", "-cd", "/etc/wazuh-indexer/opensearch-security/", "-icl", "-p", "9200", "-cd", "/etc/wazuh-indexer/opensearch-security/", "-nhnv", "-cacert", "/etc/wazuh-indexer/certs/root-ca.pem", "-cert", "/etc/wazuh-indexer/certs/admin.pem", "-key", "/etc/wazuh-indexer/certs/admin-key.pem", "-h", "127.0.0.1"], "delta": "0:00:05.521954", "end": "2023-12-18 11:50:48.575720", "msg": "", "rc": 0, "start": "2023-12-18 11:50:43.053766", "stderr": "", "stderr_lines": [], "stdout": "**************************************************************************\n** This tool will be deprecated in the next major release of OpenSearch **\n** https://github.com/opensearch-project/security/issues/1755           **\n**************************************************************************\nSecurity Admin v7\nWill connect to 127.0.0.1:9200 ... done\nConnected as \"CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US\"\nOpenSearch Version: 2.10.0\nContactingallowlist.yml ", "   SUCC: Configuration for 'allowlist' created or updated", "SUCC: Expected 10 config types for node {\"updated_config_types\":[\"allowlist\",\"tenants\",\"rolesmapping\",\"nodesdn\",\"audit\",\"roles\",\"whitelist\",\"internalusers\",\"actiongroups\",\"config\"],\"updated_config_size\":10,\"message\":null} is 10 ([\"allowlist\",\"tenants\",\"rolesmapping\",\"nodesdn\",\"audit\",\"roles\",\"whitelist\",\"internalusers\",\"actiongroups\",\"config\"]) due to: null", "Done with success"]}

TASK [../roles/wazuh/wazuh-indexer : Initialize ISM script] *********************************************************
changed: [192.168.57.203] => {"changed": true, "cmd": ["/usr/share/wazuh-indexer/bin/indexer-ism-init.sh", "-p", "changeme", "-i", "127.0.0.1"], "delta": "0:00:00.753157", "end": "2023-12-18 11:50:49.918434", "msg": "", "rc": 0, "start": "2023-12-18 11:50:49.165277", "stderr": "", "stderr_lines": [], "stdout": "Will create index templates to configure the alias\n SUCC: 'wazuh-alerts' template created or updated\n SUCC: 'wazuh-archives' template created or updated\nWill create the 'rollover_policy' policy\n  INFO: policy 'rollover_policy' already exists. Skipping policy creation\nWill create initial indices for the aliases\n  INFO: 'wazuh-alerts' write index already exists. Skipping write index creation\n  INFO: 'wazuh-archives' write index already exists. Skipping write index creation\nSUCC: Indexer ISM initialization finished successfully.", "stdout_lines": ["Will create index templates to configure the alias", " SUCC: 'wazuh-alerts' template created or updated", " SUCC: 'wazuh-archives' template created or updated", "Will create the 'rollover_policy' policy", "  INFO: policy 'rollover_policy' already exists. Skipping policy creation", "Will create initial indices for the aliases", "  INFO: 'wazuh-alerts' write index already exists. Skipping write index creation", "  INFO: 'wazuh-archives' write index already exists. Skipping write index creation", "SUCC: Indexer ISM initialization finished successfully."]}

TASK [../roles/wazuh/wazuh-indexer : Create custom user] ************************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "indexer_custom_user is defined and indexer_custom_user", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] ******************************************
ok: [192.168.57.203] => {"changed": false, "checksum": "fad8d325d95b5de5bd25aebfe83d13a782a2f2df", "dest": "/etc/wazuh-indexer/jvm.options", "gid": 122, "group": "wazuh-indexer", "mode": "0644", "owner": "root", "path": "/etc/wazuh-indexer/jvm.options", "size": 2475, "state": "file", "uid": 0}

TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] ***********************
ok: [192.168.57.203] => {"backup": "", "changed": false, "msg": ""}

TASK [../roles/wazuh/wazuh-indexer : Index files to remove] *********************************************************
ok: [192.168.57.203] => {"changed": false, "examined": 1, "files": [], "matched": 0, "msg": "All paths examined", "skipped_paths": {}}

TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] ************************************************************
skipping: [192.168.57.203] => {"changed": false, "skipped_reason": "No items in the list"}

TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] **************************************
ok: [192.168.57.203] => {"changed": false, "enabled": true, "name": "wazuh-indexer", "state": "started", "status": {"ActiveEnterTimestamp": "Mon 2023-12-18 11:50:36 UTC", "ActiveEnterTimestampMonotonic": "4662052817", "ActiveExitTimestamp": "Mon 2023-12-18 11:50:15 UTC", "ActiveExitTimestampMonotonic": "4640158129", "ActiveState": "active", "After": "sysinit.target network-online.target basic.target tmp.mount systemd-journald.socket systemd-tmpfiles-setup.service system.slice -.mount", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Mon 2023-12-18 11:50:15 UTC", "AssertTimestampMonotonic": "4640519371", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0", "WorkingDirectory": "/usr/share/wazuh-indexer"}}

TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] ****************************************************
ok: [192.168.57.203] => {"attempts": 1, "changed": false, "content": "1702900252 11:50:52 wazuh yellow 1 1 true 14 14 0 0 5 0 - 73.7%\n", "content_length": "64", "content_type": "text/plain; charset=UTF-8", "cookies": {}, "cookies_string": "", "elapsed": 0, "msg": "OK (64 bytes)", "redirected": false, "status": 200, "url": "https://127.0.0.1:9200/_cat/health/"}

TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] ***************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "hostvars[inventory_hostname]['private_ip'] is defined and hostvars[inventory_hostname]['private_ip']", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] ***
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == \"RedHat\"", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] **************************************************
ok: [192.168.57.203] => {"changed": false, "name": null, "status": {}}

TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies] **************************************************
ok: [192.168.57.203] => {"attempts": 1, "cache_update_time": 1702900201, "cache_updated": false, "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] **********************************************************
ok: [192.168.57.203] => {"ansible_facts": {"packages_repository": "staging"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/vars/../../vars/repo_vars.yml"], "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] **********************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'production'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] **********************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] **********************************************************
ok: [192.168.57.203] => {"ansible_facts": {"certs_gen_tool_url": "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh", "certs_gen_tool_version": 4.8, "check_sha512": false, "filebeat_module_package_url": "https://packages-dev.wazuh.com/pre-release/filebeat", "wazuh_macos_arm_package_name": "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg", "wazuh_macos_arm_package_url": "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_arm_package_name }}", "wazuh_macos_intel_package_name": "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg", "wazuh_macos_intel_package_url": "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_intel_package_name }}", "wazuh_repo": {"apt": "deb https://packages-dev.wazuh.com/staging/apt/ unstable main", "gpg": "https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "yum": "https://packages-dev.wazuh.com/staging/yum/"}, "wazuh_winagent_config_url": "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-0.40801.20231206.msi", "wazuh_winagent_package_name": "wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_sha512_url": "https://packages-dev.wazuh.com/staging/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-0.40801.20231206.msi.sha512"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/vars/../../vars/repo_staging.yml"], "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : Overlay wazuh_manager_config on top of defaults] ***********************
ok: [192.168.57.203] => {"ansible_facts": {"wazuh_manager_config": {"agents_disconnection_alert_time": "100s", "feed_update_interval": "60m", "indexer_status": "yes"}}}, "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] *********************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "(ansible_os_family == \"RedHat\" and ansible_distribution_major_version|int > 5) or (ansible_os_family  == \"RedHat\" and ansible_distribution == \"Amazon\")", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] *********************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml for 192.168.57.203

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl] ***
ok: [192.168.57.203] => {"attempts": 1, "cache_update_time": 1702900201, "cache_updated": false, "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)] ***********
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_distribution_major_version | int == 14", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Installing Wazuh repository key] ***********************
ok: [192.168.57.203] => {"before": ["96B3EE5F29111145", "417F3D5A664FAB32", "D94AA3F0EFE21092", "871920D1991BC93C"], "changed": false, "fp": "96B3EE5F29111145", "id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "short_id": "29111145"}

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Add Wazuh repositories] ********************************
ok: [192.168.57.203] => {"changed": false, "repo": "deb https://packages-dev.wazuh.com/staging/apt/ unstable main", "sources_added": [], "sources_removed": [], "state": "present"}

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu] *******
ok: [192.168.57.203] => {"ansible_facts": {"cis_distribution_filename": "cis_debian_linux_rcl.txt"}, "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenJDK-8 repo] ********************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "(ansible_distribution == \"Ubuntu\" and ansible_distribution_major_version | int == 14)", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenJDK 1.8] ***********************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_config.cis_cat.disable == 'no'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenScap] **************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_config.openscap.disable == 'no'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Get OpenScap installed version] ************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_config.openscap.disable == 'no'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Check OpenScap version] ********************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_config.openscap.disable == 'no'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install wazuh-manager] *********************************
ok: [192.168.57.203] => {"cache_update_time": 1702900201, "cache_updated": false, "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] *********************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_custom_packages_installation_manager_enabled", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Install expect] ********************************************************
ok: [192.168.57.203] => {"cache_update_time": 1702900201, "cache_updated": false, "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : Generate SSL files for authd] ******************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_config.authd.ssl_agent_ca is not none", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Copy CA, SSL key and cert for authd] ***********************************
skipping: [192.168.57.203] => (item=)  => {"ansible_loop_var": "item", "changed": false, "false_condition": "wazuh_manager_config.authd.ssl_agent_ca is not none", "item": "", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.203] => (item=sslmanager.cert)  => {"ansible_loop_var": "item", "changed": false, "false_condition": "wazuh_manager_config.authd.ssl_agent_ca is not none", "item": "sslmanager.cert", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.203] => (item=sslmanager.key)  => {"ansible_loop_var": "item", "changed": false, "false_condition": "wazuh_manager_config.authd.ssl_agent_ca is not none", "item": "sslmanager.key", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.203] => {"changed": false, "msg": "All items skipped"}

TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old init authd service] **********************************
ok: [192.168.57.203] => {"changed": false, "stat": {"exists": false}}

TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old systemd authd service] *******************************
ok: [192.168.57.203] => {"changed": false, "stat": {"exists": false}}

TASK [../roles/wazuh/ansible-wazuh-manager : Ensure ossec-authd service is disabled] ********************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "old_authd_service.stat.exists", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Removing old init authd services] **************************************
skipping: [192.168.57.203] => (item=/etc/init.d/ossec-authd)  => {"ansible_loop_var": "item", "changed": false, "false_condition": "old_authd_service.stat.exists", "item": "/etc/init.d/ossec-authd", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.203] => (item=/lib/systemd/system/ossec-authd.service)  => {"ansible_loop_var": "item", "changed": false, "false_condition": "old_authd_service.stat.exists", "item": "/lib/systemd/system/ossec-authd.service", "skip_reason": "Conditional result was False"}
skipping: [192.168.57.203] => {"changed": false, "msg": "All items skipped"}

TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_rules.xml (default local_rules.xml)] **************
ok: [192.168.57.203] => {"changed": false, "checksum": "e2ed6d5f4bc85b2a6338ffa3b67af9c56a6a2b9b", "dest": "/var/ossec/etc/rules/local_rules.xml", "gid": 123, "group": "wazuh", "mode": "0640", "owner": "wazuh", "path": "/var/ossec/etc/rules/local_rules.xml", "size": 496, "state": "file", "uid": 115}

TASK [../roles/wazuh/ansible-wazuh-manager : Adding local rules files] **********************************************
ok: [192.168.57.203] => {"changed": false, "checksum": "948b7acf2a4e9434837fd8a9ae4282d764159a34", "dest": "/var/ossec/etc/rules/sample_custom_rules.xml", "gid": 123, "group": "wazuh", "mode": "0640", "owner": "wazuh", "path": "/var/ossec/etc/rules/sample_custom_rules.xml", "size": 457, "state": "file", "uid": 115}

TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_decoder.xml] **************************************
ok: [192.168.57.203] => {"changed": false, "checksum": "22b3dffce338aa3b465f90b0a442f1892ab416dd", "dest": "/var/ossec/etc/decoders/local_decoder.xml", "gid": 123, "group": "wazuh", "mode": "0640", "owner": "wazuh", "path": "/var/ossec/etc/decoders/local_decoder.xml", "size": 775, "state": "file", "uid": 115}

TASK [../roles/wazuh/ansible-wazuh-manager : Adding local decoders files] *******************************************
ok: [192.168.57.203] => {"changed": false, "checksum": "ef2930e35e0d314628a611effb545e0571e49b5d", "dest": "/var/ossec/etc/decoders/sample_custom_decoders.xml", "gid": 123, "group": "wazuh", "mode": "0640", "owner": "wazuh", "path": "/var/ossec/etc/decoders/sample_custom_decoders.xml", "size": 775, "state": "file", "uid": 115}

TASK [../roles/wazuh/ansible-wazuh-manager : Configure the shared-agent.conf] ***************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "shared_agent_config is defined", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_internal_options.conf] ****************************
ok: [192.168.57.203] => {"changed": false, "checksum": "e2c8d0d38358dcd7c92e57b8f2cb0e7dfcf112e3", "dest": "/var/ossec/etc/local_internal_options.conf", "gid": 123, "group": "wazuh", "mode": "0640", "owner": "root", "path": "/var/ossec/etc/local_internal_options.conf", "size": 473, "state": "file", "uid": 0}

TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving Agentless Credentials] **************************************
ok: [192.168.57.203] => {"ansible_facts": {}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml"], "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving authd Credentials] ******************************************
ok: [192.168.57.203] => {"ansible_facts": {}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml"], "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : Check if syslog output is enabled] *************************************
skipping: [192.168.57.203] => (item={'server': None, 'port': None, 'format': None})  => {"ansible_loop_var": "item", "changed": false, "false_condition": "item.server is not none", "item": {"format": null, "port": null, "server": null}, "skip_reason": "Conditional result was False"}
skipping: [192.168.57.203] => {"changed": false, "msg": "All items skipped"}

TASK [../roles/wazuh/ansible-wazuh-manager : Check if client-syslog is enabled] *************************************
ok: [192.168.57.203] => {"changed": false, "cmd": "set -o pipefail\n\"grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo\"\n", "delta": null, "end": null, "msg": "Did not run command since '/var/ossec/bin/.process_list' does not exist", "rc": 0, "start": null, "stderr": "", "stderr_lines": [], "stdout": "skipped, since /var/ossec/bin/.process_list does not exist", "stdout_lines": ["skipped, since /var/ossec/bin/.process_list does not exist"]}

TASK [../roles/wazuh/ansible-wazuh-manager : Enable client-syslog] **************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "syslog_output is defined and syslog_output", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Check if ossec-agentlessd is enabled] **********************************
ok: [192.168.57.203] => {"changed": false, "cmd": "set -o pipefail\n\"grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo\"\n", "delta": null, "end": null, "msg": "Did not run command since '/var/ossec/bin/.process_list' does not exist", "rc": 0, "start": null, "stderr": "", "stderr_lines": [], "stdout": "skipped, since /var/ossec/bin/.process_list does not exist", "stdout_lines": ["skipped, since /var/ossec/bin/.process_list does not exist"]}

TASK [../roles/wazuh/ansible-wazuh-manager : Enable ossec-agentlessd] ***********************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "agentless_creds is defined", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Checking alert log output settings] ************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_config.json_output == 'no'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Configure ossec.conf] **************************************************
changed: [192.168.57.203] => {"changed": true, "checksum": "9de747b1950ac2a9443b0c9e22f8789d173dff39", "dest": "/var/ossec/etc/ossec.conf", "gid": 123, "group": "wazuh", "md5sum": "b4cac2bcb992724838243e45c780ef23", "mode": "0644", "owner": "root", "size": 8949, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1702900266.0141046-28637-199396110112813/source", "state": "file", "uid": 0}

TASK [../roles/wazuh/ansible-wazuh-manager : Ossec-authd password] **************************************************
skipping: [192.168.57.203] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : Copy create_user script] ***********************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_api_users is defined", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Create admin.json] *****************************************************
skipping: [192.168.57.203] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : Execute create_user script] ********************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_api_users is defined", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Agentless Hosts & Passwd] **********************************************
skipping: [192.168.57.203] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [../roles/wazuh/ansible-wazuh-manager : Encode the secret] *****************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "agentless_creds is defined", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-wazuh-manager : Ensure Wazuh Manager service is started and enabled.] ******************
ok: [192.168.57.203] => {"changed": false, "enabled": true, "name": "wazuh-manager", "state": "started", "status": {"ActiveEnterTimestamp": "Mon 2023-12-18 11:43:51 UTC", "ActiveEnterTimestampMonotonic": "4256509067", "ActiveExitTimestamp": "Mon 2023-12-18 11:43:28 UTC", "ActiveExitTimestampMonotonic": "4233265053", "ActiveState": "active", "After": "basic.target systemd-journald.socket network.target system.slice network-online.target sysinit.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Mon 2023-12-18 11:43:32 UTC", "AssertTimestampMonotonic": "4237232186", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0","network-online.target", "WatchdogSignal": "6", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}}

TASK [../roles/wazuh/ansible-wazuh-manager : Create agent groups] ***************************************************
skipping: [192.168.57.203] => {"changed": false, "skipped_reason": "No items in the list"}

TASK [../roles/wazuh/ansible-wazuh-manager : Run uninstall tasks] ***************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml for 192.168.57.203

TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Remove Wazuh repository.] ******************************
ok: [192.168.57.203] => {"changed": false, "repo": "deb https://packages-dev.wazuh.com/staging/apt/ unstable main", "sources_added": [], "sources_removed": ["/etc/apt/sources.list.d/packages_dev_wazuh_com_staging_apt.list"], "state": "absent"}

TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)] ***
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == \"RedHat\" or ansible_os_family == \"Amazon\"", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] ***********************************************************
ok: [192.168.57.203] => {"ansible_facts": {"packages_repository": "staging"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-filebeat-oss/tasks/../../vars/repo_vars.yml"], "changed": false}

TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] ***********************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'production'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] ***********************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] **********************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] **********************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml for 192.168.57.203

TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl] ***
ok: [192.168.57.203] => {"attempts": 1, "cache_update_time": 1702900271, "cache_updated": false, "changed": false}

TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Add Elasticsearch apt key.] *****************************
ok: [192.168.57.203] => {"before": ["96B3EE5F29111145", "417F3D5A664FAB32", "D94AA3F0EFE21092", "871920D1991BC93C"], "changed": false, "fp": "96B3EE5F29111145", "id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "short_id": "29111145"}

TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Add Filebeat-oss repository.] ***************************
ok: [192.168.57.203] => {"changed": false, "repo": "deb https://packages.wazuh.com/4.x/apt/ stable main", "sources_added": ["/etc/apt/sources.list.d/packages_wazuh_com_4_x_apt.list"], "sources_removed": [], "state": "present"}

TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Redhat] **********************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Debian] **********************************************
ok: [192.168.57.203] => {"attempts": 1, "cache_update_time": 1702900277, "cache_updated": false, "changed": false}

TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module folder file exists] *************************
ok: [192.168.57.203] => {"changed": false, "stat": {"atime": 1702898108.1584435, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "binary", "ctime": 1702897964.6587296, "dev": 64768, "device_type": 0, "executable": true, "exists": true, "gid": 0, "gr_name": "root", "inode": 3437576, "isblk": false, "ischr": false, "isdir": true, "isfifo": false, "isgid": false, "islnk": false, "isreg": false, "issock": false, "isuid": false, "mimetype": "inode/directory", "mode": "0755", "mtime": 1700095856.0, "nlink": 5, "path": "/usr/share/filebeat/module/wazuh", "pw_name": "root", "readable": true, "rgrp": true, "roth": true, "rusr": true, "size": 4096, "uid": 0, "version": "1664442465", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": true, "xoth": true, "xusr": true}}

TASK [../roles/wazuh/ansible-filebeat-oss : Download Filebeat module package] ***************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "not filebeat_module_folder.stat.exists", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-filebeat-oss : Unpack Filebeat module package] *****************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "not filebeat_module_folder.stat.exists", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-filebeat-oss : Setting 0755 permission for Filebeat module folder] *********************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "not filebeat_module_folder.stat.exists", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module package file exists] ************************
ok: [192.168.57.203] => {"changed": false, "stat": {"exists": false}}

TASK [../roles/wazuh/ansible-filebeat-oss : Delete Filebeat module package file] ************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "filebeat_module_package.stat.exists", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-filebeat-oss : Copy Filebeat configuration.] *******************************************
ok: [192.168.57.203] => {"changed": false, "checksum": "95e821f4a84607639477255edfada6114f8f0041", "dest": "/etc/filebeat/filebeat.yml", "gid": 0, "group": "root", "mode": "0400", "owner": "root", "path": "/etc/filebeat/filebeat.yml", "size": 889, "state": "file", "uid": 0}

TASK [../roles/wazuh/ansible-filebeat-oss : Fetch latest Wazuh alerts template] *************************************
ok: [192.168.57.203] => {"changed": false, "checksum_dest": "b0e78eb5887dfcb9175b646ade0a333c647f591e", "checksum_src": "b0e78eb5887dfcb9175b646ade0a333c647f591e", "dest": "/etc/filebeat/wazuh-template.json", "elapsed": 0, "gid": 0, "group": "root", "md5sum": "f2f88b09e17eb01aa39947fbaf4d9fb3", "mode": "0400", "msg": "OK (62776 bytes)", "owner": "root", "size": 62776, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1702900283.4184048-28854-247182789027379/tmpjjfc6vkm", "state": "file", "status_code": 200, "uid": 0, "url": "https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elasticsearch/7.x/wazuh-template.json"}

TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] **********************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml for 192.168.57.203

TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat SSL key pair directory exists.] *************************
ok: [192.168.57.203] => {"changed": false, "gid": 0, "group": "root", "mode": "0764", "owner": "root", "path": "/etc/pki/filebeat", "size": 4096, "state": "directory", "uid": 0}

TASK [../roles/wazuh/ansible-filebeat-oss : Copy the certificates from local to the Manager instance] ***************
changed: [192.168.57.203] => (item=node-1-key.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": vagrant/.ansible/tmp/ansible-tmp-1702900286.6834555-28891-163697944484848/source", "state": "file", "uid": 0}

TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat is started and enabled at boot.] ************************
ok: [192.168.57.203] => {"changed": false, "enabled": true, "name": "filebeat", "state": "started", "status": {"ActiveEnterTimestamp": "Mon 2023-12-18 11:43:52 UTC", "ActiveEnterTimestampMonotonic": "4257305406", "ActiveExitTimestamp": "Mon 2023-12-18 11:43:52 UTC", "ActiveExitTimestampMonotonic": "4257262553", "ActiveState": "active", "After": "systemd-journald.socket basic.target sysinit.target network-online.target system.slice", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Mon 2023-12-18 11:43:52 UTC", "AssertTimestampMonotonic": "4257289301", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no","0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-online.target", "WatchdogSignal": "6", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}}

TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] **********************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == \"RedHat\"", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] **********************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml for 192.168.57.203

TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)] ***
ok: [192.168.57.203] => {"changed": false, "repo": "deb https://packages.wazuh.com/4.x/apt/ stable main", "sources_added": [], "sources_removed": ["/etc/apt/sources.list.d/packages_wazuh_com_4_x_apt.list"], "state": "absent"}

TASK [../roles/wazuh/wazuh-dashboard : include_vars] ****************************************************************
ok: [192.168.57.203] => {"ansible_facts": {"packages_repository": "staging"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-dashboard/vars/../../vars/repo_vars.yml"], "changed": false}

TASK [../roles/wazuh/wazuh-dashboard : include_vars] ****************************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'production'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-dashboard : include_vars] ****************************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-dashboard : include_vars] ****************************************************************
ok: [192.168.57.203] => {"ansible_facts": {"certs_gen_tool_url": "https://packages-dev.wazuh.com/{{ certs_gen_tool_version wazuh_agent_version }}-0.40801.20231206.msi.sha512"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-dashboard/vars/../../vars/repo_staging.yml"], "changed": false}

TASK [../roles/wazuh/wazuh-dashboard : RedHat/CentOS/Fedora | Add Wazuh dashboard repo] *****************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] *****************************************************
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"}

TASK [../roles/wazuh/wazuh-dashboard : include_vars] ****************************************************************
ok: [192.168.57.203] => {"ansible_facts": {"dashboard_version": "4.8.0"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-dashboard/vars/debian.yml"], "changed": false}

TASK [../roles/wazuh/wazuh-dashboard : Add apt repository signing key] **********************************************
ok: [192.168.57.203] => {"before": ["96B3EE5F29111145", "417F3D5A664FAB32", "D94AA3F0EFE21092", "871920D1991BC93C"], "changed": false, "fp": "96B3EE5F29111145", "id": "96B3EE5F29111145", "key_id": "96B3EE5F29111145", "short_id": "29111145"}

TASK [../roles/wazuh/wazuh-dashboard : Debian systems | Add Wazuh dashboard repo] ***********************************
changed: [192.168.57.203] => {"changed": true, "repo": "deb https://packages-dev.wazuh.com/staging/apt/ unstable main", "sources_added": ["/etc/apt/sources.list.d/packages_dev_wazuh_com_staging_apt.list"], "sources_removed": [], "state": "present"}

TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] *****************************************************
ok: [192.168.57.203] => {"cache_update_time": 1702900302, "cache_updated": true, "changed": false}

TASK [../roles/wazuh/wazuh-dashboard : Remove Dashboard configuration file] *****************************************
changed: [192.168.57.203] => {"changed": true, "path": "/etc/wazuh-dashboard//opensearch_dashboards.yml", "state": "absent"}

TASK [../roles/wazuh/wazuh-dashboard : Ensure Dashboard certificates directory permissions.] ************************
ok: [192.168.57.203] => {"changed": false, "gid": 124, "group": "wazuh-dashboard", "mode": "0764", "owner": "wazuh-dashboard", "path": "/etc/wazuh-dashboard/certs/", "size": 4096, "state": "directory", "uid": 116}

TASK [../roles/wazuh/wazuh-dashboard : Copy the certificates from local to the Wazuh dashboard instance] ************
changed: [192.168.57.203] => (item=root-ca.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "3e44e82559b145dc7bf0f3d7a966bfde26226466", "dest": "/etc/wazuh-dashboard/certs/root-ca.pem", "gid": 124, "group": "wazuh-dashboard", "item": "root-ca.pem", "md5sum": "2dbcdc37011973dd199909db3045df32", "mode": "0400", "owner": "wazuh-dashboard", "size": 1204, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1702900304.6742272-29120-117776270352259/source", "state": "file", "uid": 116}
changed: [192.168.57.203] => (item=node-1-key.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "9ce77ddea505c181c5366d4bc316f138be3f20e0", "dest": "/etc/wazuh-dashboard/certs/node-1-key.pem", "gid": 124, "group": "wazuh-dashboard", "item": "node-1-key.pem", "md5sum": "f401cef93a0e3728ea7bca1644825b5a", "mode": "0400", "owner": "wazuh-dashboard", "size": 1704, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1702900305.308591-29120-167623908828886/source", "state": "file", "uid": 116}
changed: [192.168.57.203] => (item=node-1.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "579f68c0b20869a8c7fa6f3adaf6f033937799a6", "dest": "/etc/wazuh-dashboard/certs/node-1.pem", "gid": 124, "group": "wazuh-dashboard", "item": "node-1.pem", "md5sum": "df36ffb3d3eac4353c48ecde582676e9", "mode": "0400", "owner": "wazuh-dashboard", "size": 1277, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1702900305.9313245-29120-27261758453971/source", "state": "file", "uid": 116}

TASK [../roles/wazuh/wazuh-dashboard : Copy Configuration File] *****************************************************
changed: [192.168.57.203] => {"changed": true, "checksum": "73329f90bb75106a7a5fc7ce7b3c4b83f3392d8e", "dest": "/etc/wazuh-dashboard//opensearch_dashboards.yml", "gid": 124, "group": "wazuh-dashboard", "md5sum": "896d22db5e2a4e1c09a9fc8b4f3d5205", "mode": "0640", "owner": "wazuh-dashboard", "size": 588, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1702900306.6029675-29198-253023806324391/source", "state": "file", "uid": 116}

TASK [../roles/wazuh/wazuh-dashboard : Ensuring Wazuh dashboard directory owner] ************************************
ok: [192.168.57.203] => {"changed": false, "gid": 124, "group": "wazuh-dashboard", "mode": "0750", "owner": "wazuh-dashboard", "path": "/usr/share/wazuh-dashboard", "size": 4096, "state": "directory", "uid": 116}

TASK [../roles/wazuh/wazuh-dashboard : Wait for Wazuh-Indexer port] *************************************************
ok: [192.168.57.203] => {"changed": false, "elapsed": 0, "match_groupdict": {}, "match_groups": [], "path": null, "port": 9200, "search_regex": null, "state": "started"}

TASK [../roles/wazuh/wazuh-dashboard : Select correct API protocol] *************************************************
ok: [192.168.57.203] => {"ansible_facts": {"indexer_api_protocol": "https"}, "changed": false}

TASK [../roles/wazuh/wazuh-dashboard : Attempting to delete legacy Wazuh index if exists] ***************************
ok: [192.168.57.203] => {"changed": false, "content_length": "365", "content_type": "application/json; charset=UTF-8", "elapsed": 0, "json": {"error": {"index": ".wazuh", "index_uuid": "_na_", "reason": "no such index [.wazuh]", "resource.id": ".wazuh", "resource.type": "index_or_alias", "root_cause": [{"index": ".wazuh", "index_uuid": "_na_", "reason": "no such index [.wazuh]", "resource.id": ".wazuh", "resource.type": "index_or_alias", "type": "index_not_found_exception"}], "type": "index_not_found_exception"}, "status": 404}, "msg": "HTTP Error 404: Not Found", "redirected": false, "status": 404, "url": "https://127.0.0.1:9200/.wazuh"}

TASK [../roles/wazuh/wazuh-dashboard : Create Wazuh Plugin config directory] ****************************************
ok: [192.168.57.203] => {"changed": false, "gid": 124, "group": "wazuh-dashboard", "mode": "0751", "owner": "wazuh-dashboard", "path": "/usr/share/wazuh-dashboard/data/wazuh/config/", "size": 4096, "state": "directory", "uid": 116}

TASK [../roles/wazuh/wazuh-dashboard : Configure Wazuh Dashboard Plugin] ********************************************
ok: [192.168.57.203] => {"changed": false, "checksum": "67bd12474da6b60e2a944e340fa025baf9c31cd5", "dest": "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml", "gid": 124, "group": "wazuh-dashboard", "mode": "0751", "owner": "wazuh-dashboard", "path": "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml", "size": 4287, "state": "file", "uid": 116}

TASK [../roles/wazuh/wazuh-dashboard : Configure opensearch.password in opensearch_dashboards.keystore] *************
changed: [192.168.57.203] => {"changed": true, "cmd": "echo 'changeme' | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password", "delta": "0:00:00.726779", "end": "2023-12-18 11:52:01.613715", "msg": "", "rc": 0, "start": "2023-12-18 11:52:00.886936", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}

TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] **********************************
ok: [192.168.57.203] => {"changed": false, "enabled": true, "name": "wazuh-dashboard", "state": "started", "status": {"ActiveEnterTimestamp": "Mon 2023-12-18 11:43:53 UTC", "ActiveEnterTimestampMonotonic": "4258477245", "ActiveExitTimestamp": "Mon 2023-12-18 11:43:52 UTC", "ActiveExitTimestampMonotonic": "4258062588", "ActiveState": "active", "After": "sysinit.target "UnitFilePreset": "enabled", "UnitFileState": "enabled", "User": "wazuh-dashboard", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0", "WorkingDirectory": "/usr/share/wazuh-dashboard"}}

TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] *********
skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"}

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-manager : restart wazuh-manager] **************************************
changed: [192.168.57.203] => {"changed": true, "enabled": true, "name": "wazuh-manager", "state": "started", "status": {"ActiveEnterTimestamp": "Mon 2023-12-18 11:43:51 UTC", "ActiveEnterTimestampMonotonic": "4256509067", "ActiveExitTimestamp": "Mon 2023-12-18 11:43:28 UTC", "ActiveExitTimestampMonotonic": "4233265053", "ActiveState": "active", "After": "basic.target"infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-online.target", "WatchdogSignal": "6", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}}

RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] ******************************************
changed: [192.168.57.203] => {"changed": true, "name": "wazuh-dashboard", "state": "started", "status": "WorkingDirectory": "/usr/share/wazuh-dashboard"}}

PLAY RECAP **********************************************************************************************************
192.168.57.203             : ok=100  changed=25   unreachable=0    failed=0    skipped=86   rescued=0    ignored=0

It is checked that the new configuration is copied successfully:

<vulnerability-detection>
    <enabled>yes</enabled>
    <indexer-status>yes</indexer-status>
    <feed-update-interval>60m</feed-update-interval>
  </vulnerability-detection>

  <indexer>
    <enabled>yes</enabled>
    <hosts>

      <host>https://127.0.0.1:9200</host>

      <host>https://168.22.5.5:9200</host>

    </hosts>

    <username>admin</username>
    <password>changeme</password>
    <ssl>
      <certificate_authorities>
        <ca>/etc/pki/filebeat/root-ca.pem</ca>
      </certificate_authorities>
      <certificate>/etc/pki/filebeat/node-1.pem</certificate>
      <key>/etc/pki/filebeat/node-1-key.pem</key>
    </ssl>
  </indexer>

Taking into account the following inventory snippet:

filebeat_node_name: node-1
      filebeat_output_indexer_hosts:
      - 127.0.0.1
      - 168.22.5.5

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

davidcr01 added 4 commits December 15, 2023 16:38

Changed configuration to new VD and indexer

cffba0d

Indexer and VD must coincide in config

56d627a

Modify indexer variables

29b7807

Added spaces between variable

57c70de

davidcr01 requested review from teddytpc1, vcerenu and c-bordon December 18, 2023 14:04

davidcr01 self-assigned this Dec 18, 2023

c-bordon previously approved these changes Dec 18, 2023

View reviewed changes

davidcr01 linked an issue Dec 18, 2023 that may be closed by this pull request

Update Configuration to New Vulnerability Detector and Indexer #1159

Closed

davidcr01 dismissed c-bordon’s stale review via 960c01c December 18, 2023 17:27

davidcr01 force-pushed the 1159-update-configuration-to-new-vulnerability-detector-and-indexer branch from 960c01c to 57c70de Compare December 18, 2023 17:27

davidcr01 added 2 commits December 18, 2023 18:28

Changed names in the default configuration

4193cb0

Fixed Filebeat node list

bac757c

davidcr01 requested a review from c-bordon December 18, 2023 18:44

teddytpc1 requested changes Dec 19, 2023

View reviewed changes

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 Outdated Show resolved Hide resolved

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 Outdated Show resolved Hide resolved

Fixed manager template in VD config

f08c893

davidcr01 requested a review from teddytpc1 December 19, 2023 14:01

teddytpc1 approved these changes Dec 19, 2023

View reviewed changes

c-bordon approved these changes Dec 19, 2023

View reviewed changes

vcerenu approved these changes Dec 19, 2023

View reviewed changes

teddytpc1 merged commit 2821f87 into 4.8.0 Dec 19, 2023
14 of 20 checks passed

teddytpc1 deleted the 1159-update-configuration-to-new-vulnerability-detector-and-indexer branch December 19, 2023 14:52

teddytpc1 mentioned this pull request Jan 24, 2024

Adapt VD to Wazuh Keystore for Indexer configuration #1196

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Updated configuration to new VD and indexer #1162

Updated configuration to new VD and indexer #1162

davidcr01 commented Dec 18, 2023 •

edited

Loading

Updated configuration to new VD and indexer #1162

Updated configuration to new VD and indexer #1162

Conversation

davidcr01 commented Dec 18, 2023 • edited Loading

Testing

davidcr01 commented Dec 18, 2023 •

edited

Loading