MVP - Ansible - Roles: wazuh-indexer role #1521

YisDav · 2025-01-23T13:29:11Z

Description

The ansible role for Wazuh indexer (roles/wazuh-indexer) is a proposal that facilitates the installation and configuration of the Wazuh indexer component. This role will ensure that the indexer is set up correctly and is able to handle data from Wazuh agents effectively.

For a more detailed description, please refer to the parent commit (#1493).

Tasks

Develop the Wazuh indexer role. The playbook must support installation across all platforms, ensuring compatibility with the Central Components tier 1 OS versions and architectures.
Validate the role's functionality by testing it with all supported Wazuh indexer environments.

The text was updated successfully, but these errors were encountered:

YisDav · 2025-01-29T12:45:50Z

Update

Among the advances that have been made in the development of the Ansible role for Wazuh Indexer, there are these elements:

Reduction in the number of variables used by the role.
Simplification of part of the Ansible code.
Modification in the download, installation and configuration tasks. Now, you have a more OOB installation.
Use of variables file with URLs for package installation.
Elimination of templates for configuration files. Use of replacement tasks and reconfiguration of the files.

YisDav · 2025-02-14T13:04:10Z

Update

Tests have been carried out to verify the functioning of the Ansible role to perform the installation of Wazuh Indexer 5.0.0. The following operating systems were used to carry out the tests:

Tested OSs

Distribution	Version	Architecture
Ubuntu	24.04	aarch64
Debian	12	x86_64
Redhat	9	aarch64
CentOS Stream	8	x86_64
Amazon Linux	2023	x86_64

Both deployments have been tested on those operative systems: AIO and distributed.

Archive with all evidence files

evidence-1521.zip

Description

Here is all included evidence of testing. This includes: execution outputs, screenshots, and inventory and example playbook.

AIO evidence

Ansible results

Ansible output log


PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [aio]

TASK [../roles/wazuh-indexer : include_vars] ***********************************
ok: [aio]

TASK [../roles/wazuh-indexer : include_vars] ***********************************
ok: [aio]

TASK [../roles/wazuh-indexer : Ensure wazuh-indexer package download directory exists] ***
changed: [aio]

TASK [../roles/wazuh-indexer : Amazon Linux | Install Amazon extras in Amazon Linux 2] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : Amazon Linux | Configure vm.max_map_count] ******
ok: [aio]

TASK [../roles/wazuh-indexer : Amazon Linux | Update vm.max_map_count] *********
changed: [aio]

TASK [../roles/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ***
ok: [aio]

TASK [../roles/wazuh-indexer : RedHat/CentOS/Fedora (x86_64) | Download wazuh-indexer package] ***
changed: [aio]

TASK [../roles/wazuh-indexer : RedHat/CentOS/Fedora (aarch64) | Download wazuh-indexer package] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : Debian-based | Install Indexer dependencies] ****
skipping: [aio]

TASK [../roles/wazuh-indexer : Debian-based (AMD64) | Download wazuh-indexer package] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : Debian-based (ARM64) | Download wazuh-indexer package] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : Linux CentOS/RedHat | Install wazuh-indexer using yum] ***
changed: [aio]

TASK [../roles/wazuh-indexer : Linux Debian | Install wazuh-indexer using dpkg] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : Cert-gen | Check if certificates already exists] ***
ok: [aio -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Remove existing certificates] ********
skipping: [aio]

TASK [../roles/wazuh-indexer : Cert-gen | Check if configuration is defined correctly] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : Cert-gen | Create local temporary directory for certificates generation (all certs)] ***
changed: [aio -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Download certificates generation tool] ***
changed: [aio -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Download base config.yml file] *******
changed: [aio -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Remove comments from config.yml file (1/2)] ***
changed: [aio -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Remove comments from config.yml file (2/2)] ***
changed: [aio -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Remove existing nodes sections (cluster mode)] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : Cert-gen | Remove empty lines from config.yml file (cluster mode)] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : Cert-gen | Add indexer nodes section (cluster mode)] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : Cert-gen | Add server nodes section (cluster mode)] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : Cert-gen | Add dashboard nodes section (cluster mode)] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : Cert-gen | Add indexer node section (single node mode)] ***
changed: [aio -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Add server node section (single node mode)] ***
changed: [aio -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Add dashboard node section (single node mode)] ***
changed: [aio -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Generate certificates] ***************
changed: [aio -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Copy certificates to each Wazuh indexer node] ***
changed: [aio] => (item=root-ca.pem)
changed: [aio] => (item=root-ca.key)
changed: [aio] => (item=node-1-key.pem)
changed: [aio] => (item=node-1.pem)
changed: [aio] => (item=admin-key.pem)
changed: [aio] => (item=admin.pem)

TASK [../roles/wazuh-indexer : Cert-gen | Rename indexer key certificate (1/2)] ***
changed: [aio]

TASK [../roles/wazuh-indexer : Cert-gen | Rename indexer certificate (2/2)] ****
changed: [aio]

TASK [../roles/wazuh-indexer : OpenSearch Config | Update network.host configuration] ***
changed: [aio]

TASK [../roles/wazuh-indexer : OpenSearch Config | Update node.name configuration] ***
ok: [aio]

TASK [../roles/wazuh-indexer : Remove existing nodes in cluster.initial_master_nodes] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : OpenSearch Config | Update cluster.initial_master_nodes values] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : OpenSearch Config | Remove cluster.initial_master_nodes for single-node cluster] ***
changed: [aio]

TASK [../roles/wazuh-indexer : OpenSearch Config | Uncomment discovery.seed_hosts line] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : OpenSearch Config | Update discovery.seed_hosts value] ***
skipping: [aio]

TASK [../roles/wazuh-indexer : OpenSearch Config | Remove existing SSL configuration lines in plugins.security.nodes_dn] ***
changed: [aio]

TASK [../roles/wazuh-indexer : OpenSearch Config | Update SSL configuration values in plugins.security.nodes_dn] ***
changed: [aio]

TASK [../roles/wazuh-indexer : Add single-node discovery type if needed] *******
changed: [aio]

TASK [../roles/wazuh-indexer : Reload systemd configuration] *******************
ok: [aio]

TASK [../roles/wazuh-indexer : Ensure Wazuh indexer started and enabled] *******
changed: [aio]

TASK [../roles/wazuh-indexer : Initialize Wazuh Indexer cluster] ***************
changed: [aio]

TASK [../roles/wazuh-indexer : Wait for Wazuh indexer API] *********************
FAILED - RETRYING: [aio]: Wait for Wazuh indexer API (24 retries left).
ok: [aio]

TASK [../roles/wazuh-indexer : Reload systemd configuration] *******************
ok: [aio]

TASK [../roles/wazuh-indexer : Remove Wazuh Indexer installation leftovers] ****
changed: [aio]

TASK [../roles/wazuh-indexer : Remove local Wazuh Indexer leftover files] ******
changed: [aio -> localhost]

PLAY RECAP *********************************************************************
aio                        : ok=35   changed=25   unreachable=0    failed=0    skipped=17   rescued=0    ignored=0

Cluster health of one of the AIO instances

Distributed evidence

Ansible results

Ansible output log

❯ ansible-playbook -i inventory.ini wazuh-aio.yml

PLAY [all] **********************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************
[WARNING]: Platform linux on host wi1 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another Python interpreter could change the meaning of
that path. See https://docs.ansible.com/ansible-core/2.16/reference_appendices/interpreter_discovery.html for more information.
ok: [wi1]
ok: [wi2]
ok: [wi5]
ok: [wi4]
ok: [wi3]

TASK [../roles/wazuh-indexer : include_vars] ************************************************************************************************************************************************
ok: [wi1]
ok: [wi2]
ok: [wi3]
ok: [wi4]
ok: [wi5]

TASK [../roles/wazuh-indexer : include_vars] ************************************************************************************************************************************************
ok: [wi1]
ok: [wi2]
ok: [wi3]
ok: [wi4]
ok: [wi5]

TASK [../roles/wazuh-indexer : Ensure wazuh-indexer package download directory exists] ******************************************************************************************************
changed: [wi2]
changed: [wi5]
changed: [wi4]
changed: [wi1]
changed: [wi3]

TASK [../roles/wazuh-indexer : Amazon Linux | Install Amazon extras in Amazon Linux 2] ******************************************************************************************************
skipping: [wi1]
skipping: [wi2]
skipping: [wi3]
skipping: [wi4]
skipping: [wi5]

TASK [../roles/wazuh-indexer : Amazon Linux | Configure vm.max_map_count] *******************************************************************************************************************
skipping: [wi2]
skipping: [wi3]
skipping: [wi4]
skipping: [wi5]
changed: [wi1]

TASK [../roles/wazuh-indexer : Amazon Linux | Update vm.max_map_count] **********************************************************************************************************************
skipping: [wi2]
skipping: [wi3]
skipping: [wi4]
skipping: [wi5]
changed: [wi1]

TASK [../roles/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] *********************************************************************************************************
skipping: [wi4]
skipping: [wi5]
ok: [wi1]
changed: [wi2]
changed: [wi3]

TASK [../roles/wazuh-indexer : RedHat/CentOS/Fedora (x86_64) | Download wazuh-indexer package] **********************************************************************************************
skipping: [wi3]
skipping: [wi4]
skipping: [wi5]
changed: [wi1]
changed: [wi2]

TASK [../roles/wazuh-indexer : RedHat/CentOS/Fedora (aarch64) | Download wazuh-indexer package] *********************************************************************************************
skipping: [wi1]
skipping: [wi2]
skipping: [wi4]
skipping: [wi5]
changed: [wi3]

TASK [../roles/wazuh-indexer : Debian-based | Install Indexer dependencies] *****************************************************************************************************************
skipping: [wi1]
skipping: [wi2]
skipping: [wi3]
ok: [wi4]
ok: [wi5]

TASK [../roles/wazuh-indexer : Debian-based (AMD64) | Download wazuh-indexer package] *******************************************************************************************************
skipping: [wi1]
skipping: [wi2]
skipping: [wi3]
skipping: [wi4]
changed: [wi5]

TASK [../roles/wazuh-indexer : Debian-based (ARM64) | Download wazuh-indexer package] *******************************************************************************************************
skipping: [wi1]
skipping: [wi2]
skipping: [wi3]
skipping: [wi5]
changed: [wi4]

TASK [../roles/wazuh-indexer : Linux CentOS/RedHat | Install wazuh-indexer using yum] *******************************************************************************************************
skipping: [wi4]
skipping: [wi5]
changed: [wi1]
changed: [wi2]
changed: [wi3]

TASK [../roles/wazuh-indexer : Linux Debian | Install wazuh-indexer using dpkg] *************************************************************************************************************
skipping: [wi1]
skipping: [wi3]
skipping: [wi2]
changed: [wi5]
changed: [wi4]

TASK [../roles/wazuh-indexer : Cert-gen | Check if certificates already exists] *************************************************************************************************************
ok: [wi1 -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Remove existing certificates] *********************************************************************************************************************
skipping: [wi1]

TASK [../roles/wazuh-indexer : Cert-gen | Create local temporary directory for certificates generation] *************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Check that the generation tool exists] ************************************************************************************************************
ok: [wi1 -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Download certificates generation tool] ************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Create base config.yml file] **********************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Add indexer nodes section] ************************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Add server nodes section] *************************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Add dashboard nodes section] **********************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Generate certificates] ****************************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh-indexer : Cert-gen | Copy certificates to each Wazuh indexer node] *****************************************************************************************************
changed: [wi4] => (item=root-ca.pem)
changed: [wi5] => (item=root-ca.pem)
changed: [wi3] => (item=root-ca.pem)
changed: [wi2] => (item=root-ca.pem)
changed: [wi1] => (item=root-ca.pem)
changed: [wi4] => (item=root-ca.key)
changed: [wi5] => (item=root-ca.key)
changed: [wi3] => (item=root-ca.key)
changed: [wi2] => (item=root-ca.key)
changed: [wi1] => (item=root-ca.key)
changed: [wi4] => (item=node-4-key.pem)
changed: [wi5] => (item=node-5-key.pem)
changed: [wi3] => (item=node-3-key.pem)
changed: [wi2] => (item=node-2-key.pem)
changed: [wi1] => (item=node-1-key.pem)
changed: [wi4] => (item=node-4.pem)
changed: [wi5] => (item=node-5.pem)
changed: [wi3] => (item=node-3.pem)
changed: [wi2] => (item=node-2.pem)
changed: [wi1] => (item=node-1.pem)
changed: [wi4] => (item=admin-key.pem)
changed: [wi5] => (item=admin-key.pem)
changed: [wi3] => (item=admin-key.pem)
changed: [wi2] => (item=admin-key.pem)
changed: [wi1] => (item=admin-key.pem)
changed: [wi4] => (item=admin.pem)
changed: [wi5] => (item=admin.pem)
changed: [wi2] => (item=admin.pem)
changed: [wi3] => (item=admin.pem)
changed: [wi1] => (item=admin.pem)

TASK [../roles/wazuh-indexer : Cert-gen | Rename indexer key certificate] *******************************************************************************************************************
changed: [wi1]
changed: [wi2]
changed: [wi4]
changed: [wi5]
changed: [wi3]

TASK [../roles/wazuh-indexer : Cert-gen | Rename indexer certificate] ***********************************************************************************************************************
changed: [wi2]
changed: [wi4]
changed: [wi5]
changed: [wi1]
changed: [wi3]

TASK [../roles/wazuh-indexer : OpenSearch Config | Update network.host configuration] *******************************************************************************************************
changed: [wi5]
changed: [wi2]
changed: [wi4]
changed: [wi1]
changed: [wi3]

TASK [../roles/wazuh-indexer : OpenSearch Config | Update node.name configuration] **********************************************************************************************************
changed: [wi2]
changed: [wi4]
changed: [wi5]
ok: [wi1]
changed: [wi3]

TASK [../roles/wazuh-indexer : Remove existing nodes in cluster.initial_master_nodes] *******************************************************************************************************
changed: [wi2]
changed: [wi5]
changed: [wi4]
changed: [wi1]
changed: [wi3]

TASK [../roles/wazuh-indexer : OpenSearch Config | Update cluster.initial_master_nodes values] **********************************************************************************************
changed: [wi4]
changed: [wi2]
changed: [wi5]
changed: [wi1]
changed: [wi3]

TASK [../roles/wazuh-indexer : OpenSearch Config | Remove cluster.initial_master_nodes for single-node cluster] *****************************************************************************
skipping: [wi1]
skipping: [wi2]
skipping: [wi3]
skipping: [wi4]
skipping: [wi5]

TASK [../roles/wazuh-indexer : OpenSearch Config | Uncomment discovery.seed_hosts line] *****************************************************************************************************
changed: [wi5]
changed: [wi2]
changed: [wi1]
changed: [wi4]
changed: [wi3]

TASK [../roles/wazuh-indexer : OpenSearch Config | Update discovery.seed_hosts value] *******************************************************************************************************
changed: [wi4]
changed: [wi2]
changed: [wi5]
changed: [wi1]
changed: [wi3]

TASK [../roles/wazuh-indexer : OpenSearch Config | Remove existing SSL configuration lines in plugins.security.nodes_dn] ********************************************************************
changed: [wi2]
changed: [wi4]
changed: [wi5]
changed: [wi1]
changed: [wi3]

TASK [../roles/wazuh-indexer : OpenSearch Config | Update SSL configuration values in plugins.security.nodes_dn] ****************************************************************************
changed: [wi4]
changed: [wi2]
changed: [wi5]
changed: [wi1]
changed: [wi3]

TASK [../roles/wazuh-indexer : Add single-node discovery type if needed] ********************************************************************************************************************
skipping: [wi1]
skipping: [wi2]
skipping: [wi3]
skipping: [wi4]
skipping: [wi5]

TASK [../roles/wazuh-indexer : Reload systemd configuration] ********************************************************************************************************************************
ok: [wi2]
ok: [wi5]
ok: [wi4]
ok: [wi1]
ok: [wi3]

TASK [../roles/wazuh-indexer : Ensure Wazuh indexer started and enabled] ********************************************************************************************************************
changed: [wi5]
changed: [wi1]
changed: [wi2]
changed: [wi3]
changed: [wi4]

TASK [../roles/wazuh-indexer : Initialize Wazuh Indexer cluster] ****************************************************************************************************************************
changed: [wi1]

TASK [../roles/wazuh-indexer : Wait for Wazuh indexer API] **********************************************************************************************************************************
FAILED - RETRYING: [wi2]: Wait for Wazuh indexer API (24 retries left).
FAILED - RETRYING: [wi4]: Wait for Wazuh indexer API (24 retries left).
FAILED - RETRYING: [wi5]: Wait for Wazuh indexer API (24 retries left).
FAILED - RETRYING: [wi1]: Wait for Wazuh indexer API (24 retries left).
FAILED - RETRYING: [wi3]: Wait for Wazuh indexer API (24 retries left).
ok: [wi2]
ok: [wi5]
ok: [wi4]
ok: [wi1]
ok: [wi3]

TASK [../roles/wazuh-indexer : Reload systemd configuration] ********************************************************************************************************************************
ok: [wi5]
ok: [wi2]
ok: [wi1]
ok: [wi4]
ok: [wi3]

TASK [../roles/wazuh-indexer : Remove Wazuh Indexer installation leftovers] *****************************************************************************************************************
changed: [wi2]
changed: [wi4]
changed: [wi5]
changed: [wi3]
changed: [wi1]

PLAY RECAP **********************************************************************************************************************************************************************************
wi1                        : ok=35   changed=25   unreachable=0    failed=0    skipped=9    rescued=0    ignored=0   
wi2                        : ok=23   changed=17   unreachable=0    failed=0    skipped=10   rescued=0    ignored=0   
wi3                        : ok=23   changed=17   unreachable=0    failed=0    skipped=10   rescued=0    ignored=0   
wi4                        : ok=23   changed=16   unreachable=0    failed=0    skipped=10   rescued=0    ignored=0   
wi5                        : ok=23   changed=16   unreachable=0    failed=0    skipped=10   rescued=0    ignored=0

Cluster health results:


   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
  ~~       V~' '->
   ~~~         /
    ~~._.   _/
      _/ _/
     _/m/'
Last login: Tue Feb 11 20:36:10 2025 from *.*.*.57
[ec2-user@ip-172-*-*-125 ~]$ curl -k -u admin:admin https://172.*.*.125:9200/_cat/nodes?v
ip            heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
172.*.*.50            38          41   2    0.00    0.07     0.04 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-2
172.*.*.75            25          36   1    0.00    0.08     0.06 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-5
172.*.*.125           32          38   2    0.00    0.08     0.08 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-1
172.*.*.6             21          44   2    0.02    0.12     0.09 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-3
172.*.*.248           16          39   1    0.00    0.13     0.09 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-4

YisDav · 2025-02-24T15:37:33Z

Update

A new PR has been added, with the purpose of correct some details of the refactoring implementation.
Include:

Make local_configs_path a global variable
Improved package naming (include architecture)
Remove unnecessary cleaning tasks

#1563

Additionally, the code will be updated and corrected to incorporate the changes proposed in this pull request and this issue.

YisDav · 2025-02-28T12:18:56Z

Update

Tests were conducted to verify the functionality of the Ansible role following the implementation of corrections to the installation process for Wazuh Indexer 5.0.0.

Tested OSs

Distribution	Version	Architecture
Ubuntu	24.04	aarch64
Debian	12	x86_64
Redhat	9	aarch64
CentOS Stream	8	x86_64
Amazon Linux	2023	x86_64

Both deployments have been tested on those operative systems: AIO and distributed.

Archive with all evidence files

evidence-1523-2.zip

Description

Here is all included evidence of testing. This includes: execution outputs, screenshots, and inventory and example playbook.

AIO evidence

Ansible results

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [aio]

TASK [wazuh-indexer : include_vars] ********************************************
ok: [aio]

TASK [wazuh-indexer : include_vars] ********************************************
ok: [aio]

TASK [wazuh-indexer : Ensure wazuh-indexer package download directory exists] ***
changed: [aio]

TASK [wazuh-indexer : Amazon Linux | Install Amazon extras in Amazon Linux 2] ***
skipping: [aio]

TASK [wazuh-indexer : Amazon Linux | Configure vm.max_map_count] ***************
skipping: [aio]

TASK [wazuh-indexer : Amazon Linux | Update vm.max_map_count] ******************
skipping: [aio]

TASK [wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] *****
ok: [aio]

TASK [wazuh-indexer : RedHat/CentOS/Fedora (x86_64) | Download wazuh-indexer package] ***
changed: [aio]

TASK [wazuh-indexer : RedHat/CentOS/Fedora (aarch64) | Download wazuh-indexer package] ***
skipping: [aio]

TASK [wazuh-indexer : Debian-based | Install Indexer dependencies] *************
skipping: [aio]

TASK [wazuh-indexer : Debian-based (AMD64) | Download wazuh-indexer package] ***
skipping: [aio]

TASK [wazuh-indexer : Debian-based (ARM64) | Download wazuh-indexer package] ***
skipping: [aio]

TASK [wazuh-indexer : set_fact] ************************************************
ok: [aio]

TASK [wazuh-indexer : set_fact] ************************************************
skipping: [aio]

TASK [wazuh-indexer : set_fact] ************************************************
skipping: [aio]

TASK [wazuh-indexer : set_fact] ************************************************
skipping: [aio]

TASK [wazuh-indexer : Linux CentOS/RedHat | Install wazuh-indexer using yum] ***
changed: [aio]

TASK [wazuh-indexer : Linux Debian | Install wazuh-indexer using apt] **********
skipping: [aio]

TASK [wazuh-indexer : Cert-gen | Check if certificates already exists] *********
ok: [aio -> localhost]

TASK [wazuh-indexer : Cert-gen | Remove existing certificates] *****************
changed: [aio -> localhost]

TASK [wazuh-indexer : Cert-gen | Check if configuration is defined correctly] ***
skipping: [aio]

TASK [wazuh-indexer : Cert-gen | Create local temporary directory for certificates generation (all certs)] ***
changed: [aio -> localhost]

TASK [wazuh-indexer : Cert-gen | Download certificates generation tool] ********
changed: [aio -> localhost]

TASK [wazuh-indexer : Cert-gen | Download base config.yml file] ****************
changed: [aio -> localhost]

TASK [wazuh-indexer : Cert-gen | Remove comments from config.yml file] *********
changed: [aio -> localhost]

TASK [wazuh-indexer : Cert-gen | Remove existing nodes sections (cluster mode)] ***
skipping: [aio]

TASK [wazuh-indexer : Cert-gen | Add indexer nodes section (cluster mode)] *****
skipping: [aio]

TASK [wazuh-indexer : Cert-gen | Add server nodes section (cluster mode)] ******
skipping: [aio]

TASK [wazuh-indexer : Cert-gen | Add dashboard nodes section (cluster mode)] ***
skipping: [aio]

TASK [wazuh-indexer : Cert-gen | Remove comments from config.yml file] *********
skipping: [aio]

TASK [wazuh-indexer : Cert-gen | Remove empty lines from config.yml file (cluster mode)] ***
skipping: [aio]

TASK [wazuh-indexer : Cert-gen | Add indexer node section (single node mode)] ***
changed: [aio -> localhost]

TASK [wazuh-indexer : Cert-gen | Add server node section (single node mode)] ***
changed: [aio -> localhost]

TASK [wazuh-indexer : Cert-gen | Add dashboard node section (single node mode)] ***
changed: [aio -> localhost]

TASK [wazuh-indexer : Cert-gen | Generate certificates] ************************
changed: [aio -> localhost]

TASK [wazuh-indexer : Cert-gen | Copy certificates to each Wazuh indexer node] ***
changed: [aio] => (item=root-ca.pem)
changed: [aio] => (item=root-ca.key)
changed: [aio] => (item=node-1-key.pem)
changed: [aio] => (item=node-1.pem)
changed: [aio] => (item=admin-key.pem)
changed: [aio] => (item=admin.pem)

TASK [wazuh-indexer : Cert-gen | Rename indexer key certificate (1/2)] *********
changed: [aio]

TASK [wazuh-indexer : Cert-gen | Rename indexer certificate (2/2)] *************
changed: [aio]

TASK [wazuh-indexer : OpenSearch Config | Update network.host configuration] ***
changed: [aio]

TASK [wazuh-indexer : OpenSearch Config | Update node.name configuration] ******
ok: [aio]

TASK [wazuh-indexer : Remove existing nodes in cluster.initial_master_nodes] ***
skipping: [aio]

TASK [wazuh-indexer : OpenSearch Config | Update cluster.initial_master_nodes values] ***
skipping: [aio]

TASK [wazuh-indexer : OpenSearch Config | Remove cluster.initial_master_nodes for single-node cluster] ***
changed: [aio]

TASK [wazuh-indexer : OpenSearch Config | Uncomment discovery.seed_hosts line] ***
skipping: [aio]

TASK [wazuh-indexer : OpenSearch Config | Update discovery.seed_hosts value] ***
skipping: [aio]

TASK [wazuh-indexer : OpenSearch Config | Remove existing SSL configuration lines in plugins.security.nodes_dn] ***
changed: [aio]

TASK [wazuh-indexer : OpenSearch Config | Update SSL configuration values in plugins.security.nodes_dn] ***
changed: [aio]

TASK [wazuh-indexer : Add single-node discovery type if needed] ****************
changed: [aio]

TASK [wazuh-indexer : Reload systemd configuration] ****************************
ok: [aio]

TASK [wazuh-indexer : Ensure Wazuh indexer started and enabled] ****************
changed: [aio]

TASK [wazuh-indexer : Initialize Wazuh Indexer cluster] ************************
changed: [aio]

TASK [wazuh-indexer : Wait for Wazuh indexer API] ******************************
ok: [aio]

TASK [wazuh-indexer : Reload systemd configuration] ****************************
ok: [aio]

TASK [wazuh-indexer : Remove Wazuh Indexer installation leftovers] *************
changed: [aio]

PLAY RECAP *********************************************************************
aio                        : ok=35   changed=24   unreachable=0    failed=0    skipped=24   rescued=0    ignored=0

Distributed evidence

Ansible results

Ansible output log

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [wi5]
ok: [wi4]
ok: [wi2]
ok: [wi1]
ok: [wi3]

TASK [wazuh-indexer : include_vars] ********************************************
ok: [wi1]
ok: [wi2]
ok: [wi3]
ok: [wi4]
ok: [wi5]

TASK [wazuh-indexer : include_vars] ********************************************
ok: [wi1]
ok: [wi2]
ok: [wi3]
ok: [wi4]
ok: [wi5]

TASK [wazuh-indexer : Ensure wazuh-indexer package download directory exists] ***
changed: [wi5]
changed: [wi3]
changed: [wi2]
changed: [wi4]
changed: [wi1]

TASK [wazuh-indexer : Amazon Linux | Install Amazon extras in Amazon Linux 2] ***
skipping: [wi1]
skipping: [wi2]
skipping: [wi3]
skipping: [wi4]
skipping: [wi5]

TASK [wazuh-indexer : Amazon Linux | Configure vm.max_map_count] ***************
skipping: [wi1]
skipping: [wi2]
skipping: [wi3]
skipping: [wi4]
skipping: [wi5]

TASK [wazuh-indexer : Amazon Linux | Update vm.max_map_count] ******************
skipping: [wi1]
skipping: [wi2]
skipping: [wi3]
skipping: [wi4]
skipping: [wi5]

TASK [wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] *****
skipping: [wi2]
skipping: [wi3]
ok: [wi5]
ok: [wi1]
ok: [wi4]

TASK [wazuh-indexer : RedHat/CentOS/Fedora (x86_64) | Download wazuh-indexer package] ***
skipping: [wi2]
skipping: [wi3]
skipping: [wi4]
changed: [wi5]
changed: [wi1]

TASK [wazuh-indexer : RedHat/CentOS/Fedora (aarch64) | Download wazuh-indexer package] ***
skipping: [wi1]
skipping: [wi2]
skipping: [wi3]
skipping: [wi5]
changed: [wi4]

TASK [wazuh-indexer : Debian-based | Install Indexer dependencies] *************
skipping: [wi1]
skipping: [wi4]
skipping: [wi5]
ok: [wi2]
ok: [wi3]

TASK [wazuh-indexer : Debian-based (AMD64) | Download wazuh-indexer package] ***
skipping: [wi1]
skipping: [wi3]
skipping: [wi4]
skipping: [wi5]
changed: [wi2]

TASK [wazuh-indexer : Debian-based (ARM64) | Download wazuh-indexer package] ***
skipping: [wi1]
skipping: [wi2]
skipping: [wi4]
skipping: [wi5]
changed: [wi3]

TASK [wazuh-indexer : Linux CentOS/RedHat | Install wazuh-indexer using yum] ***
skipping: [wi2]
skipping: [wi3]
changed: [wi5]
changed: [wi4]
changed: [wi1]

TASK [wazuh-indexer : Linux Debian | Install wazuh-indexer using apt] **********
skipping: [wi1]
skipping: [wi4]
skipping: [wi5]
changed: [wi3]
changed: [wi2]

TASK [wazuh-indexer : Cert-gen | Check if certificates already exists] *********
ok: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Remove existing certificates] *****************
changed: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Check if configuration is defined correctly] ***
skipping: [wi1]

TASK [wazuh-indexer : Cert-gen | Create local temporary directory for certificates generation (all certs)] ***
changed: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Download certificates generation tool] ********
changed: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Download base config.yml file] ****************
changed: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Remove comments from config.yml file] *********
changed: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Remove existing nodes sections (cluster mode)] ***
changed: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Add indexer nodes section (cluster mode)] *****
changed: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Add server nodes section (cluster mode)] ******
changed: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Add dashboard nodes section (cluster mode)] ***
changed: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Remove comments from config.yml file] *********
changed: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Add indexer node section (single node mode)] ***
skipping: [wi1]

TASK [wazuh-indexer : Cert-gen | Add server node section (single node mode)] ***
skipping: [wi1]

TASK [wazuh-indexer : Cert-gen | Add dashboard node section (single node mode)] ***
skipping: [wi1]

TASK [wazuh-indexer : Cert-gen | Remove empty lines from config.yml file (cluster mode)] ***
changed: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Generate certificates] ************************
changed: [wi1 -> localhost]

TASK [wazuh-indexer : Cert-gen | Copy certificates to each Wazuh indexer node] ***
changed: [wi5] => (item=root-ca.pem)
changed: [wi3] => (item=root-ca.pem)
changed: [wi4] => (item=root-ca.pem)
changed: [wi2] => (item=root-ca.pem)
changed: [wi1] => (item=root-ca.pem)
changed: [wi5] => (item=root-ca.key)
changed: [wi3] => (item=root-ca.key)
changed: [wi4] => (item=root-ca.key)
changed: [wi2] => (item=root-ca.key)
changed: [wi1] => (item=root-ca.key)
changed: [wi5] => (item=node-5-key.pem)
changed: [wi3] => (item=node-3-key.pem)
changed: [wi4] => (item=node-4-key.pem)
changed: [wi2] => (item=node-2-key.pem)
changed: [wi1] => (item=node-1-key.pem)
changed: [wi5] => (item=node-5.pem)
changed: [wi3] => (item=node-3.pem)
changed: [wi4] => (item=node-4.pem)
changed: [wi2] => (item=node-2.pem)
changed: [wi1] => (item=node-1.pem)
changed: [wi5] => (item=admin-key.pem)
changed: [wi3] => (item=admin-key.pem)
changed: [wi4] => (item=admin-key.pem)
changed: [wi2] => (item=admin-key.pem)
changed: [wi1] => (item=admin-key.pem)
changed: [wi5] => (item=admin.pem)
changed: [wi3] => (item=admin.pem)
changed: [wi4] => (item=admin.pem)
changed: [wi2] => (item=admin.pem)
changed: [wi1] => (item=admin.pem)

TASK [wazuh-indexer : Cert-gen | Rename indexer key certificate (1/2)] *********
changed: [wi3]
changed: [wi5]
changed: [wi4]
changed: [wi2]
changed: [wi1]

TASK [wazuh-indexer : Cert-gen | Rename indexer certificate (2/2)] *************
changed: [wi3]
changed: [wi5]
changed: [wi2]
changed: [wi4]
changed: [wi1]

TASK [wazuh-indexer : OpenSearch Config | Update network.host configuration] ***
changed: [wi3]
changed: [wi5]
changed: [wi4]
changed: [wi2]
changed: [wi1]

TASK [wazuh-indexer : OpenSearch Config | Update node.name configuration] ******
changed: [wi5]
changed: [wi3]
changed: [wi2]
changed: [wi4]
ok: [wi1]

TASK [wazuh-indexer : Remove existing nodes in cluster.initial_master_nodes] ***
changed: [wi5]
changed: [wi3]
changed: [wi4]
changed: [wi2]
changed: [wi1]

TASK [wazuh-indexer : OpenSearch Config | Update cluster.initial_master_nodes values] ***
changed: [wi5]
changed: [wi3]
changed: [wi2]
changed: [wi4]
changed: [wi1]

TASK [wazuh-indexer : OpenSearch Config | Remove cluster.initial_master_nodes for single-node cluster] ***
skipping: [wi1]
skipping: [wi2]
skipping: [wi3]
skipping: [wi4]
skipping: [wi5]

TASK [wazuh-indexer : OpenSearch Config | Uncomment discovery.seed_hosts line] ***
changed: [wi3]
changed: [wi5]
changed: [wi4]
changed: [wi1]
changed: [wi2]

TASK [wazuh-indexer : OpenSearch Config | Update discovery.seed_hosts value] ***
changed: [wi5]
changed: [wi3]
changed: [wi4]
changed: [wi2]
changed: [wi1]

TASK [wazuh-indexer : OpenSearch Config | Remove existing SSL configuration lines in plugins.security.nodes_dn] ***
changed: [wi5]
changed: [wi3]
changed: [wi4]
changed: [wi2]
changed: [wi1]

TASK [wazuh-indexer : OpenSearch Config | Update SSL configuration values in plugins.security.nodes_dn] ***
changed: [wi3]
changed: [wi5]
changed: [wi4]
changed: [wi2]
changed: [wi1]

TASK [wazuh-indexer : Add single-node discovery type if needed] ****************
skipping: [wi1]
skipping: [wi2]
skipping: [wi3]
skipping: [wi4]
skipping: [wi5]

TASK [wazuh-indexer : Reload systemd configuration] ****************************
ok: [wi5]
ok: [wi3]
ok: [wi4]
ok: [wi1]
ok: [wi2]

TASK [wazuh-indexer : Ensure Wazuh indexer started and enabled] ****************
changed: [wi5]
changed: [wi3]
changed: [wi4]
changed: [wi2]
changed: [wi1]

TASK [wazuh-indexer : Initialize Wazuh Indexer cluster] ************************
changed: [wi1]

TASK [wazuh-indexer : Wait for Wazuh indexer API] ******************************
FAILED - RETRYING: [wi5]: Wait for Wazuh indexer API (24 retries left).
FAILED - RETRYING: [wi4]: Wait for Wazuh indexer API (24 retries left).
FAILED - RETRYING: [wi3]: Wait for Wazuh indexer API (24 retries left).
FAILED - RETRYING: [wi2]: Wait for Wazuh indexer API (24 retries left).
FAILED - RETRYING: [wi1]: Wait for Wazuh indexer API (24 retries left).
FAILED - RETRYING: [wi5]: Wait for Wazuh indexer API (23 retries left).
FAILED - RETRYING: [wi3]: Wait for Wazuh indexer API (23 retries left).
FAILED - RETRYING: [wi4]: Wait for Wazuh indexer API (23 retries left).
FAILED - RETRYING: [wi2]: Wait for Wazuh indexer API (23 retries left).
FAILED - RETRYING: [wi1]: Wait for Wazuh indexer API (23 retries left).
ok: [wi5]
ok: [wi4]
ok: [wi3]
ok: [wi2]
ok: [wi1]

TASK [wazuh-indexer : Reload systemd configuration] ****************************
ok: [wi5]
ok: [wi3]
ok: [wi4]
ok: [wi1]
ok: [wi2]

TASK [wazuh-indexer : Remove Wazuh Indexer installation leftovers] *************
changed: [wi5]
changed: [wi4]
changed: [wi1]
changed: [wi2]
changed: [wi3]

PLAY RECAP *********************************************************************
wi1                        : ok=39   changed=30   unreachable=0    failed=0    skipped=15   rescued=0    ignored=0
wi2                        : ok=25   changed=18   unreachable=0    failed=0    skipped=11   rescued=0    ignored=0
wi3                        : ok=25   changed=18   unreachable=0    failed=0    skipped=11   rescued=0    ignored=0
wi4                        : ok=25   changed=17   unreachable=0    failed=0    skipped=11   rescued=0    ignored=0
wi5                        : ok=25   changed=18   unreachable=0    failed=0    skipped=11   rescued=0    ignored=0

Cluster health results:

   ,     #_
   ~\_  ####_        Amazon Linux 2
  ~~  \_#####\
  ~~     \###|       AL2 End of Life is 2025-06-30.
  ~~       \#/ ___
   ~~       V~' '->
    ~~~         /    A newer version of Amazon Linux is available!
      ~~._.   _/
         _/ _/       Amazon Linux 2023, GA and supported until 2028-03-15.
       _/m/'           https://aws.amazon.com/linux/amazon-linux-2023/

56 package(s) needed for security, out of 79 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-172-*-*-151 ~]$ curl -k -u admin:admin https://172.*.*.151:9200/_cat/nodes?v
ip            heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
172.*.*.151           56          55   1    0.00    0.02     0.07 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-5
172.*.*.42            48          76   3    0.08    0.05     0.12 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-2
172.*.*.145           64          81   3    0.08    0.10     0.08 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-4
172.*.*.75            43          76   2    0.00    0.01     0.07 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-3
172.*.*.145           28          74   5    0.00    0.07     0.20 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-1
[ec2-user@ip-172-*-*-151 ~]$

YisDav added level/subtask Task issue type/enhancement labels Jan 23, 2025

YisDav linked a pull request Jan 23, 2025 that will close this issue

Refactor of the wazuh-agent ansible role #1517

Merged

YisDav removed a link to a pull request Jan 23, 2025

Refactor of the wazuh-agent ansible role #1517

Merged

wazuhci moved this to On hold in XDR+SIEM/Release 5.0.0 Jan 31, 2025

wazuhci added this to XDR+SIEM/Release 5.0.0 Jan 31, 2025

teddytpc1 assigned YisDav Feb 6, 2025

teddytpc1 changed the title ~~Ansible MVP - Roles: wazuh-indexer role~~ MVP - Ansible - Roles: wazuh-indexer role Feb 6, 2025

wazuhci moved this from On hold to In progress in XDR+SIEM/Release 5.0.0 Feb 6, 2025

wazuhci moved this from In progress to On hold in XDR+SIEM/Release 5.0.0 Feb 11, 2025

wazuhci moved this from On hold to In progress in XDR+SIEM/Release 5.0.0 Feb 11, 2025

wazuhci moved this from In progress to On hold in XDR+SIEM/Release 5.0.0 Feb 13, 2025

YisDav mentioned this issue Feb 14, 2025

Refactor of the wazuh-indexer ansible role #1551

Merged

YisDav linked a pull request Feb 14, 2025 that will close this issue

Refactor of the wazuh-indexer ansible role #1551

Merged

wazuhci moved this from On hold to In progress in XDR+SIEM/Release 5.0.0 Feb 14, 2025

wazuhci moved this from In progress to Pending review in XDR+SIEM/Release 5.0.0 Feb 14, 2025

c-bordon closed this as completed Feb 18, 2025

wazuhci moved this from Pending review to Done in XDR+SIEM/Release 5.0.0 Feb 18, 2025

YisDav mentioned this issue Feb 24, 2025

Corrections for wazuh-indexer role refactoring #1563

Merged

YisDav linked a pull request Feb 24, 2025 that will close this issue

Corrections for wazuh-indexer role refactoring #1563

Merged

wazuhci moved this from Done to Pending review in XDR+SIEM/Release 5.0.0 Feb 24, 2025

YisDav reopened this Feb 24, 2025

wazuhci moved this from Pending review to In progress in XDR+SIEM/Release 5.0.0 Feb 27, 2025

wazuhci moved this from In progress to Pending review in XDR+SIEM/Release 5.0.0 Feb 28, 2025

wazuhci moved this from Pending review to Pending final review in XDR+SIEM/Release 5.0.0 Feb 28, 2025

teddytpc1 closed this as completed Feb 28, 2025

wazuhci moved this from Pending final review to Done in XDR+SIEM/Release 5.0.0 Feb 28, 2025

YisDav mentioned this issue Mar 12, 2025

Corrections in opensearch.yml file configuration in the wazuh-indexer role #1580

Open

YisDav linked a pull request Mar 12, 2025 that will close this issue

Corrections in opensearch.yml file configuration in the wazuh-indexer role #1580

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MVP - Ansible - Roles: wazuh-indexer role #1521

MVP - Ansible - Roles: wazuh-indexer role #1521

YisDav commented Jan 23, 2025 •

edited

Loading

YisDav commented Jan 29, 2025

YisDav commented Feb 14, 2025 •

edited

Loading

YisDav commented Feb 24, 2025 •

edited

Loading

YisDav commented Feb 28, 2025

MVP - Ansible - Roles: wazuh-indexer role #1521

MVP - Ansible - Roles: wazuh-indexer role #1521

Comments

YisDav commented Jan 23, 2025 • edited Loading

Description

Tasks

YisDav commented Jan 29, 2025

Update

YisDav commented Feb 14, 2025 • edited Loading

Update

AIO evidence

Distributed evidence

YisDav commented Feb 24, 2025 • edited Loading

Update

YisDav commented Feb 28, 2025

Update

AIO evidence

Distributed evidence

YisDav commented Jan 23, 2025 •

edited

Loading

YisDav commented Feb 14, 2025 •

edited

Loading

YisDav commented Feb 24, 2025 •

edited

Loading