Add filebeat, indexer and dashboard roles

[roronoasins]

dev-branch
69-add-fid-roles

Description

As a part of https://github.com/wazuh/qa-system-framework/issues/57, as we've been working on the roles structure and the first roles (manager and agent) we can add now the following roles:

• filebeat
• indexer
• dashboard

So we can verify that the whole stack works.

We will use the roles and playbooks from wazuh-ansible as a reference.

[roronoasins]

• filebeat and indexer roles research
• Add filebeat role
• Add indexer role
• Having issues with manager certs, tomorrow will finish with this and continue with the migration

[roronoasins]

The indexer role works

root@ip-172-31-12-107:/home/qa# curl -k -u admin:changeme https://172.31.12.107:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh",
  "cluster_uuid" : "15rQr6JGR5GrJuKQHYCC3Q",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "f2f809ea280ffba217451da894a5899f1cec02ab",
    "build_date" : "2022-12-12T22:17:42.341124910Z",
    "build_snapshot" : false,
    "lucene_version" : "9.4.2",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
root@ip-172-31-12-107:/home/qa# curl -k -u admin:changeme https://172.31.12.107:9200/_cat/nodes?v
ip            heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
172.31.12.107            5          94   1    0.02    0.23     0.14 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
172.31.13.193            5          97   3    0.01    0.15     0.13 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-1

But we need to research all the playbook approaches that are available and decide how to add them (aio, single node, cluster, etc.)

I started playing with the dashboard role

[roronoasins]

The dashboard is installed but something's wrong with the Wazuh API and the alerts index pattern.

Also, we need to decide if we want to use the wazuh-ansible playbooks for the indexer and dashboard, or create something new using an easier way to install these components.

Besides, a detailed documentation is required.

[roronoasins]

Research the different dashboard playbooks and tasks. Something is wrong with the API or certs, we need to verify if we can isolate the dashboard role.

[roronoasins]

I was facing these errors

INFO: No current API selected
INFO: Getting API hosts...
INFO: API hosts found: 1
INFO: Checking API host id [default]...
INFO: Could not connect to API id [default]: 3099 - ERROR3099 - Invalid credentials
INFO: Removed [navigate] cookie
ERROR: No API available to connect

Tomorrow I will try to use the schema.j2 from wazuh-qa with the pipe, so I use the current intermediate inventories