search

wazuh / wazuh-ansible

Wazuh - Ansible playbook
https://wazuh.com
Other
297 stars 191 forks source link

Cannot deploy playbooks using ansible on a Mac #1115

Closed dmaasland closed 4 months ago

dmaasland commented 1 year ago

Hello,

It seems that deploying of playbooks does not work when running Ansible on a Mac. Something weird happens during the certificate generation where node certificates aren't created. I've narrowed this down to the Mac version of awk not playing nice with the commands in the wazuh-certs-generator.sh script. It'll give warnings like this when run manually:

awk: syntax error at source line 7
 context is
        , >>>  indent+) <<<  "  ";
awk: illegal statement at source line 7
awk: illegal statement at source line 7
sed: 2: "s|^[[:space:]]*#.*||;s| ...": undefined label '1;t;:1;s|^[[:space:]]*$||;t2;p;:2;d'
sed: 2: "s|^\([[:space:]]*\)-[[: ...": unused label '1;s|^\([[:space:]]*\)\([a-zA-Z0-9_]*\)[[:space:]]*:[[:space:]]*\(&[a-zA-Z0-9_]*\)\?[[:space:]]*\[[[:space:]]*\(.*\)[[:space:]]*,[[:space:]]*\(.*\)[[:space:]]*\]|\1\2: \3[\4]\n\1  - \5|;t1'
sed: 2: "s|^\([[:space:]]*\)-[[: ...": unused label '2;s|^\([[:space:]]*\)-[[:space:]]*\[[[:space:]]*\(.*\)[[:space:]]*,[[:space:]]*\(.*\)[[:space:]]*\]|\1- [\2]\n\1  - \3|;t2'
sed: 2: "s|^\([[:space:]]*\)\([a ...": unused label '1;s|^\([[:space:]]*\)-[[:space:]]*{[[:space:]]*\(.*\)[[:space:]]*,[[:space:]]*\([a-zA-Z0-9_]*\)[[:space:]]*:[[:space:]]*\(.*\)[[:space:]]*}|\1- {\2}\n\1  \3: \4|;t1'
sed: 2: "s|^\([[:space:]]*\)\([a ...": unused label '2;s|^\([[:space:]]*\)\([a-zA-Z0-9_]*\)[[:space:]]*:[[:space:]]*\(&[a-zA-Z0-9_]*\)\?[[:space:]]*{[[:space:]]*\(.*\)[[:space:]]*,[[:space:]]*\([a-zA-Z0-9_]*\)[[:space:]]*:[[:space:]]*\(.*\)[[:space:]]*}|\1\2: \3 {\4}\n\1  \5: \6|;t2'
awk: syntax error at source line 7
 context is
        , >>>  indent+) <<<  "  ";
awk: illegal statement at source line 7
awk: illegal statement at source line 7
sed: 2: "s|^[[:space:]]*#.*||;s| ...": undefined label '1;t;:1;s|^[[:space:]]*$||;t2;p;:2;d'
sed: 2: "s|^\([[:space:]]*\)-[[: ...": unused label '1;s|^\([[:space:]]*\)\([a-zA-Z0-9_]*\)[[:space:]]*:[[:space:]]*\(&[a-zA-Z0-9_]*\)\?[[:space:]]*\[[[:space:]]*\(.*\)[[:space:]]*,[[:space:]]*\(.*\)[[:space:]]*\]|\1\2: \3[\4]\n\1  - \5|;t1'
sed: 2: "s|^\([[:space:]]*\)-[[: ...": unused label '2;s|^\([[:space:]]*\)-[[:space:]]*\[[[:space:]]*\(.*\)[[:space:]]*,[[:space:]]*\(.*\)[[:space:]]*\]|\1- [\2]\n\1  - \3|;t2'
sed: 2: "s|^\([[:space:]]*\)\([a ...": unused label '1;s|^\([[:space:]]*\)-[[:space:]]*{[[:space:]]*\(.*\)[[:space:]]*,[[:space:]]*\([a-zA-Z0-9_]*\)[[:space:]]*:[[:space:]]*\(.*\)[[:space:]]*}|\1- {\2}\n\1  \3: \4|;t1'
sed: 2: "s|^\([[:space:]]*\)\([a ...": unused label '2;s|^\([[:space:]]*\)\([a-zA-Z0-9_]*\)[[:space:]]*:[[:space:]]*\(&[a-zA-Z0-9_]*\)\?[[:space:]]*{[[:space:]]*\(.*\)[[:space:]]*,[[:space:]]*\([a-zA-Z0-9_]*\)[[:space:]]*:[[:space:]]*\(.*\)[[:space:]]*}|\1\2: \3 {\4}\n\1  \5: \6|;t2'

Ansible won't show you this though so it just seems to fail. Running the same command in an ubuntu docker works fine.

vikman90 commented 1 year ago

Assigning this issue to @wazuh/cicd.

mrjson79 commented 9 months ago

watching this - have the same issue on mac. Trying to install 4.7.2.

c-bordon commented 4 months ago

Update report

After resolving that the alternative for using the Wazuh certificates tool for macOS and Windows systems is to use the tool through docker: https://github.com/wazuh/wazuh-packages/issues/1660

An adaptation is made so that when the playbooks are run on a macOS host with Ansible, the creation of the certificates is generated using the dockerized image.

Some tests are carried out in a simulated environment (performed on a Linux machine, limiting the execution of tasks according to the system)

Test in linux:

TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] *****************************************************************************************************************************************************************
ok: [192.168.57.46 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] **************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] *************************************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] *************************************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] *************************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ***************************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check for Docker installation on macOS] ************************************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : Local action | Fail if Docker is not installed] *******************************************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : Local action | Run Docker container on macOS] *********************************************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : Local action | Remove Docker image after execution] ***************************************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] ********************************************************************************************************************************************************
skipping: [192.168.57.46]

Test in simulated macOS:

TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] *****************************************************************************************************************************************************************
ok: [192.168.57.46 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] **************************************************************************************************************************
changed: [192.168.57.46 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] *************************************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] *************************************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] *************************************************************************************************************************************
changed: [192.168.57.46 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ***************************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check for Docker installation on macOS] ************************************************************************************************************************************************
changed: [192.168.57.46 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Fail if Docker is not installed] *******************************************************************************************************************************************************
skipping: [192.168.57.46]

TASK [../roles/wazuh/wazuh-indexer : Local action | Run Docker container on macOS] *********************************************************************************************************************************************************
changed: [192.168.57.46 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Remove Docker image after execution] ***************************************************************************************************************************************************
changed: [192.168.57.46 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] ********************************************************************************************************************************************************
skipping: [192.168.57.46]

cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-ansible$ ls -la playbooks/indexer/certificates/
total 16
drwxr-xr-x 3 root root 4096 jun 27 16:29 .
drwxr-xr-x 3 root root 4096 jun 27 16:29 ..
-rw-r--r-- 1 root root  205 jun 27 16:29 config.yml
dr-x------ 2 root root 4096 jun 27 16:29 wazuh-certificates
cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-ansible$ sudo ls -la playbooks/indexer/certificates/wazuh-certificates/
total 40
dr-x------ 2 root             root             4096 jun 27 16:29 .
drwxr-xr-x 3 root             root             4096 jun 27 16:29 ..
-r-------- 1 cbordon          cbordon          1704 jun 27 16:29 admin-key.pem
-r-------- 1 cbordon          cbordon          1119 jun 27 16:29 admin.pem
-r-------- 1 cbordon          cbordon          1704 jun 27 16:29 node-1-key.pem
-r-------- 1 cbordon          cbordon          1277 jun 27 16:29 node-1.pem
-r-------- 1 cbordon          cbordon          1704 jun 27 16:29 root-ca.key
-r-------- 1 systemd-coredump systemd-coredump 1704 jun 27 16:29 root-ca-manager.key
-r-------- 1 systemd-coredump systemd-coredump 1204 jun 27 16:29 root-ca-manager.pem
-r-------- 1 cbordon          cbordon          1204 jun 27 16:29 root-ca.pem
cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-ansible$ cat playbooks/indexer/certificates/config.yml 
nodes:
  # Indexer server nodes
  indexer:
    - name: node-1
      ip: 127.0.0.1

  # Wazuh server nodes
  # Use node_type only with more than one Wazuh manager
  server:

  # Dashboard node
  dashboard:
c-bordon commented 4 months ago

Test installation in Linux:

  TASK [../roles/wazuh/wazuh-dashboard : Copy the certificates from local to the Wazuh dashboard instance] ***********************************************************************************************************************************
changed: [192.168.57.46] => (item=root-ca.pem)
changed: [192.168.57.46] => (item=node-1-key.pem)
changed: [192.168.57.46] => (item=node-1.pem)

TASK [../roles/wazuh/wazuh-dashboard : Copy Configuration File] ****************************************************************************************************************************************************************************
changed: [192.168.57.46]

TASK [../roles/wazuh/wazuh-dashboard : Ensuring Wazuh dashboard directory owner] ***********************************************************************************************************************************************************
ok: [192.168.57.46]

TASK [../roles/wazuh/wazuh-dashboard : Wait for Wazuh-Indexer port] ************************************************************************************************************************************************************************
ok: [192.168.57.46]

TASK [../roles/wazuh/wazuh-dashboard : Select correct API protocol] ************************************************************************************************************************************************************************
ok: [192.168.57.46]

TASK [../roles/wazuh/wazuh-dashboard : Attempting to delete legacy Wazuh index if exists] **************************************************************************************************************************************************
ok: [192.168.57.46]

TASK [../roles/wazuh/wazuh-dashboard : Create Wazuh Plugin config directory] ***************************************************************************************************************************************************************
ok: [192.168.57.46]

TASK [../roles/wazuh/wazuh-dashboard : Configure Wazuh Dashboard Plugin] *******************************************************************************************************************************************************************
ok: [192.168.57.46]

TASK [../roles/wazuh/wazuh-dashboard : Configure opensearch.password in opensearch_dashboards.keystore] ************************************************************************************************************************************
changed: [192.168.57.46]

TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] *********************************************************************************************************************************************************
changed: [192.168.57.46]

TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] ********************************************************************************************************************************
skipping: [192.168.57.46]

RUNNING HANDLER [../roles/wazuh/wazuh-indexer : restart wazuh-indexer] *********************************************************************************************************************************************************************
changed: [192.168.57.46]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-manager : restart wazuh-manager] *************************************************************************************************************************************************************
changed: [192.168.57.46]

RUNNING HANDLER [../roles/wazuh/ansible-filebeat-oss : restart filebeat] *******************************************************************************************************************************************************************
changed: [192.168.57.46]

RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] *****************************************************************************************************************************************************************
changed: [192.168.57.46]

PLAY RECAP *********************************************************************************************************************************************************************************************************************************
192.168.57.46              : ok=117  changed=58   unreachable=0    failed=0    skipped=91   rescued=0    ignored=0

Screenshot_20240627_171625

c-bordon commented 4 months ago

Test in Linux using docker:

TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] *****************************************************************************************************************************************************************
ok: [192.168.57.151 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] **************************************************************************************************************************
changed: [192.168.57.151 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] *************************************************************************************************************************************************
skipping: [192.168.57.151]

TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] *************************************************************************************************************************************************
skipping: [192.168.57.151]

TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] *************************************************************************************************************************************
changed: [192.168.57.151 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ***************************************************************************************************************************************
skipping: [192.168.57.151]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check for Docker installation on macOS] ************************************************************************************************************************************************
changed: [192.168.57.151 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Fail if Docker is not installed] *******************************************************************************************************************************************************
skipping: [192.168.57.151]

TASK [../roles/wazuh/wazuh-indexer : Local action | Run Docker container on macOS] *********************************************************************************************************************************************************
changed: [192.168.57.151 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Remove Docker image after execution] ***************************************************************************************************************************************************
changed: [192.168.57.151 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] ********************************************************************************************************************************************************
skipping: [192.168.57.151]

TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] ********************************************************************************************************************************************************************************
skipping: [192.168.57.151]

----

TASK [../roles/wazuh/wazuh-dashboard : Configure opensearch.password in opensearch_dashboards.keystore] ************************************************************************************************************************************
changed: [192.168.57.151]

TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] *********************************************************************************************************************************************************
changed: [192.168.57.151]

TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] ********************************************************************************************************************************
skipping: [192.168.57.151]

RUNNING HANDLER [../roles/wazuh/wazuh-indexer : restart wazuh-indexer] *********************************************************************************************************************************************************************
changed: [192.168.57.151]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-manager : restart wazuh-manager] *************************************************************************************************************************************************************
changed: [192.168.57.151]

RUNNING HANDLER [../roles/wazuh/ansible-filebeat-oss : restart filebeat] *******************************************************************************************************************************************************************
changed: [192.168.57.151]

RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] *****************************************************************************************************************************************************************
changed: [192.168.57.151]

PLAY RECAP *********************************************************************************************************************************************************************************************************************************
192.168.57.151             : ok=117  changed=62   unreachable=0    failed=0    skipped=91   rescued=0    ignored=0

Screenshot_20240627_171617

Enaraque commented 4 months ago

Update report

An attempt has been made to install an AIO with ansible on an ubuntu 20 VM from a macOS host machine. When trying to install the certificates, the part of running docker containers on macOS was skipped even though the host machine was macOS. Because of this, I got the error certificate verify failed: unable to get local issuer certificate

The output was the following:

ansible error output ```console TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ************************************************** changed: [192.168.56.11 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] ************************************************************************* ok: [192.168.56.11 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] ************************************************************************* changed: [192.168.56.11 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] ************************************************************* changed: [192.168.56.11 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] *************************************************************** changed: [192.168.56.11 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Local action | Check for Docker installation on macOS] ************************************************************************ skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Local action | Fail if Docker is not installed] ******************************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Local action | Run Docker container on macOS] ********************************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Local action | Remove Docker image after execution] *************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] ******************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] ******************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] *************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] ****************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ******************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Update cache] ***************************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] ******************************************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] *********************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Import Wazuh repository GPG key] ********************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Set permissions for Wazuh repository GPG key] ********************************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Add Wazuh indexer repository] ************************************************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ******************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Remove performance analyzer plugin from Wazuh indexer] ************************************************************************ skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] ***************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] ******************************************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : include_tasks] **************************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] ***************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] ********************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Index files to remove] ******************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] *********************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] ************************************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] *************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] ************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] ************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] ************************************************************************************************* skipping: [192.168.56.11] PLAY [aio] ********************************************************************************************************************************************************* TASK [Gathering Facts] ********************************************************************************************************************************************* ok: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : include_vars] ***************************************************************************************************************** ok: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : include_vars] ***************************************************************************************************************** ok: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : include_vars] ***************************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : include_vars] ***************************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] ***************************************************************************************** ok: [192.168.56.11 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Print all available facts] **************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] ************************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] ************************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] ************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] *************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Local action | Check for Docker installation on macOS] ************************************************************************ skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Local action | Fail if Docker is not installed] ******************************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Local action | Run Docker container on macOS] ********************************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Local action | Remove Docker image after execution] *************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] ******************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] ******************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] *************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] ****************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ******************************************************************************************************** skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Update cache] ***************************************************************************************************************** ok: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] ******************************************************************************************* skipping: [192.168.56.11] TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] *********************************************************************************************** fatal: [192.168.56.11]: FAILED! => {"changed": false, "dest": "/tmp/WAZUH-GPG-KEY", "elapsed": 0, "msg": "Request failed: ", "url": "https://packages.wazuh.com/key/GPG-KEY-WAZUH"} PLAY RECAP ********************************************************************************************************************************************************* 192.168.56.11 : ok=15 changed=4 unreachable=0 failed=1 skipped=51 rescued=0 ignored=0 ```
c-bordon commented 4 months ago

We need to review with @teddytpc1 the behavior of delegate_to parameter

c-bordon commented 4 months ago

New approach.

We change the form of validation since the systems check does not work for us because Ansible validates the target system. In this case, it omits validating the host (macOS), so we will use a variable to validate this. With this, the user who runs Ansible on macOS must change the variable to true for the deployment to work correctly:

Test with the variable in false

TASK [../roles/wazuh/wazuh-indexer : include_vars] *****************************************************************************************************************************************************************************************
skipping: [192.168.57.103]

TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] *****************************************************************************************************************************************************************
ok: [192.168.57.103 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] **************************************************************************************************************************
changed: [192.168.57.103 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] *************************************************************************************************************************************************
ok: [192.168.57.103 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] *************************************************************************************************************************************************
changed: [192.168.57.103 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] *************************************************************************************************************************************
changed: [192.168.57.103 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ***************************************************************************************************************************************
changed: [192.168.57.103 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check for Docker installation on macOS] ************************************************************************************************************************************************
skipping: [192.168.57.103]

TASK [../roles/wazuh/wazuh-indexer : Local action | Fail if Docker is not installed] *******************************************************************************************************************************************************
skipping: [192.168.57.103]

TASK [../roles/wazuh/wazuh-indexer : Local action | Run Docker container on macOS] *********************************************************************************************************************************************************
skipping: [192.168.57.103]

TASK [../roles/wazuh/wazuh-indexer : Local action | Remove Docker image after execution] ***************************************************************************************************************************************************
skipping: [192.168.57.103]

TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] ********************************************************************************************************************************************************
skipping: [192.168.57.103]

----

TASK [../roles/wazuh/wazuh-dashboard : Configure Wazuh Dashboard Plugin] *******************************************************************************************************************************************************************
ok: [192.168.57.103]

TASK [../roles/wazuh/wazuh-dashboard : Configure opensearch.password in opensearch_dashboards.keystore] ************************************************************************************************************************************
changed: [192.168.57.103]

TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] *********************************************************************************************************************************************************
changed: [192.168.57.103]

TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] ********************************************************************************************************************************
skipping: [192.168.57.103]

RUNNING HANDLER [../roles/wazuh/wazuh-indexer : restart wazuh-indexer] *********************************************************************************************************************************************************************
changed: [192.168.57.103]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-manager : restart wazuh-manager] *************************************************************************************************************************************************************
changed: [192.168.57.103]

RUNNING HANDLER [../roles/wazuh/ansible-filebeat-oss : restart filebeat] *******************************************************************************************************************************************************************
changed: [192.168.57.103]

RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] *****************************************************************************************************************************************************************
changed: [192.168.57.103]

PLAY RECAP *********************************************************************************************************************************************************************************************************************************
192.168.57.103             : ok=117  changed=61   unreachable=0    failed=0    skipped=91   rescued=0    ignored=0

Screenshot_20240628_104957

c-bordon commented 4 months ago

Testing with variable in true

TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] *****************************************************************************************************************************************************************
ok: [192.168.57.193 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] **************************************************************************************************************************
changed: [192.168.57.193 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] *************************************************************************************************************************************************
ok: [192.168.57.193 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] *************************************************************************************************************************************************
skipping: [192.168.57.193]

TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] *************************************************************************************************************************************
changed: [192.168.57.193 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ***************************************************************************************************************************************
skipping: [192.168.57.193]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check for Docker installation on macOS] ************************************************************************************************************************************************
changed: [192.168.57.193 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Fail if Docker is not installed] *******************************************************************************************************************************************************
skipping: [192.168.57.193]

TASK [../roles/wazuh/wazuh-indexer : Local action | Run Docker container on macOS] *********************************************************************************************************************************************************
changed: [192.168.57.193 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Remove Docker image after execution] ***************************************************************************************************************************************************
changed: [192.168.57.193 -> localhost]

---

TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] *********************************************************************************************************************************************************
changed: [192.168.57.193]

TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] ********************************************************************************************************************************
skipping: [192.168.57.193]

RUNNING HANDLER [../roles/wazuh/wazuh-indexer : restart wazuh-indexer] *********************************************************************************************************************************************************************
changed: [192.168.57.193]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-manager : restart wazuh-manager] *************************************************************************************************************************************************************
changed: [192.168.57.193]

RUNNING HANDLER [../roles/wazuh/ansible-filebeat-oss : restart filebeat] *******************************************************************************************************************************************************************
changed: [192.168.57.193]

RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] *****************************************************************************************************************************************************************
changed: [192.168.57.193]

PLAY RECAP *********************************************************************************************************************************************************************************************************************************
192.168.57.193             : ok=118  changed=62   unreachable=0    failed=0    skipped=90   rescued=0    ignored=0

Screenshot_20240628_110358

c-bordon commented 4 months ago

Test with macOS variable in false on Distributed deploy


TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] *****************************************************************************************************************************************************************
ok: [wi1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] **************************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] *************************************************************************************************************************************************
ok: [wi1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] *************************************************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] *************************************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ***************************************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check for Docker installation on macOS] ************************************************************************************************************************************************
skipping: [wi1]

TASK [../roles/wazuh/wazuh-indexer : Local action | Fail if Docker is not installed] *******************************************************************************************************************************************************
skipping: [wi1]

TASK [../roles/wazuh/wazuh-indexer : Local action | Run Docker container on macOS] *********************************************************************************************************************************************************
skipping: [wi1]

TASK [../roles/wazuh/wazuh-indexer : Local action | Remove Docker image after execution] ***************************************************************************************************************************************************
skipping: [wi1]

---

TASK [../roles/wazuh/wazuh-dashboard : Attempting to delete legacy Wazuh index if exists] **************************************************************************************************************************************************
ok: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Create Wazuh Plugin config directory] ***************************************************************************************************************************************************************
ok: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Configure Wazuh Dashboard Plugin] *******************************************************************************************************************************************************************
ok: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Configure opensearch.password in opensearch_dashboards.keystore] ************************************************************************************************************************************
changed: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] *********************************************************************************************************************************************************
changed: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] ********************************************************************************************************************************
skipping: [dashboard]

RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] *****************************************************************************************************************************************************************
changed: [dashboard]

PLAY RECAP *********************************************************************************************************************************************************************************************************************************
dashboard                  : ok=22   changed=12   unreachable=0    failed=0    skipped=5    rescued=0    ignored=0   
manager                    : ok=60   changed=32   unreachable=0    failed=0    skipped=28   rescued=0    ignored=0   
wi1                        : ok=41   changed=27   unreachable=0    failed=0    skipped=54   rescued=0    ignored=0   
wi2                        : ok=27   changed=18   unreachable=0    failed=0    skipped=27   rescued=0    ignored=0   
wi3                        : ok=27   changed=18   unreachable=0    failed=0    skipped=27   rescued=0    ignored=0   
wi4                        : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
worker                     : ok=56   changed=28   unreachable=0    failed=0    skipped=32   rescued=0    ignored=0

Screenshot_20240628_115012

c-bordon commented 4 months ago

Test with macOS variable on true to Distributed deployment

TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] *****************************************************************************************************************************************************************
ok: [wi1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] **************************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] *************************************************************************************************************************************************
ok: [wi1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] *************************************************************************************************************************************************
skipping: [wi1]

TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] *************************************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ***************************************************************************************************************************************
skipping: [wi1]

TASK [../roles/wazuh/wazuh-indexer : Local action | Check for Docker installation on macOS] ************************************************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Fail if Docker is not installed] *******************************************************************************************************************************************************
skipping: [wi1]

TASK [../roles/wazuh/wazuh-indexer : Local action | Run Docker container on macOS] *********************************************************************************************************************************************************
changed: [wi1 -> localhost]

TASK [../roles/wazuh/wazuh-indexer : Local action | Remove Docker image after execution] ***************************************************************************************************************************************************
changed: [wi1 -> localhost]

----

TASK [../roles/wazuh/wazuh-dashboard : Copy Configuration File] ****************************************************************************************************************************************************************************
changed: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Ensuring Wazuh dashboard directory owner] ***********************************************************************************************************************************************************
ok: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Wait for Wazuh-Indexer port] ************************************************************************************************************************************************************************
ok: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Select correct API protocol] ************************************************************************************************************************************************************************
ok: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Attempting to delete legacy Wazuh index if exists] **************************************************************************************************************************************************
ok: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Create Wazuh Plugin config directory] ***************************************************************************************************************************************************************
ok: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Configure Wazuh Dashboard Plugin] *******************************************************************************************************************************************************************
ok: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Configure opensearch.password in opensearch_dashboards.keystore] ************************************************************************************************************************************
changed: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] *********************************************************************************************************************************************************
changed: [dashboard]

TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] ********************************************************************************************************************************
skipping: [dashboard]

RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] *****************************************************************************************************************************************************************
changed: [dashboard]

PLAY RECAP *********************************************************************************************************************************************************************************************************************************
dashboard                  : ok=22   changed=12   unreachable=0    failed=0    skipped=5    rescued=0    ignored=0   
manager                    : ok=60   changed=32   unreachable=0    failed=0    skipped=28   rescued=0    ignored=0   
wi1                        : ok=42   changed=28   unreachable=0    failed=0    skipped=53   rescued=0    ignored=0   
wi2                        : ok=27   changed=18   unreachable=0    failed=0    skipped=27   rescued=0    ignored=0   
wi3                        : ok=27   changed=18   unreachable=0    failed=0    skipped=27   rescued=0    ignored=0   
worker                     : ok=56   changed=28   unreachable=0    failed=0    skipped=32   rescued=0    ignored=0

Screenshot_20240628_124123

Enaraque commented 4 months ago

Update report

When running the playbook from a native macOS, everything works as expected. The certificates are created correctly via the docker image and the installation of the AIO on the remote machine completes correctly.

Tests

Playbook execution

Deploy logs ```console sudo ansible-playbook playbooks/wazuh-single.yml -i inventory_aio PLAY [aio] ******************************************************************************************************************************************************************************************************************************* TASK [Gathering Facts] ******************************************************************************************************************************************************************************************************************* [WARNING]: Platform linux on host 3.85.101.227 is using the discovered Python interpreter at /usr/bin/python3.10, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.17/reference_appendices/interpreter_discovery.html for more information. ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : include_vars] *************************************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : include_vars] *************************************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : include_vars] *************************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : include_vars] *************************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] *************************************************************************************************************************************************************** ok: [3.85.101.227 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ************************************************************************************************************************ changed: [3.85.101.227 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] *********************************************************************************************************************************************** ok: [3.85.101.227 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] *********************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] *********************************************************************************************************************************** changed: [3.85.101.227 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Local action | Check for Docker installation on macOS] ********************************************************************************************************************************************** changed: [3.85.101.227 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Local action | Fail if Docker is not installed] ***************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Local action | Run Docker container on macOS] ******************************************************************************************************************************************************* changed: [3.85.101.227 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Local action | Remove Docker image after execution] ************************************************************************************************************************************************* changed: [3.85.101.227 -> localhost] TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] ****************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] ****************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] ************************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] **************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ************************************************************************************************************************************************ skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ****************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Update cache] *************************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] ***************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] ********************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Import Wazuh repository GPG key] ******************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Set permissions for Wazuh repository GPG key] ******************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Add Wazuh indexer repository] *********************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ****************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Remove performance analyzer plugin from Wazuh indexer] ********************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] *************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] ***************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : include_tasks] ************************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] *************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] ******************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Index files to remove] ****************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] ********************************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] *********************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] ************************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] ************************************************************************************************************************************************************ skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] *********************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] *********************************************************************************************************************************************************************** skipping: [3.85.101.227] PLAY [aio] ******************************************************************************************************************************************************************************************************************************* TASK [Gathering Facts] ******************************************************************************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : include_vars] *************************************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : include_vars] *************************************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : include_vars] *************************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : include_vars] *************************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] *************************************************************************************************************************************************************** ok: [3.85.101.227 -> localhost] TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ************************************************************************************************************************ skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] *********************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] *********************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] *********************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Local action | Check for Docker installation on macOS] ********************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Local action | Fail if Docker is not installed] ***************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Local action | Run Docker container on macOS] ******************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Local action | Remove Docker image after execution] ************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] ****************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] ****************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] ************************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] **************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ************************************************************************************************************************************************ skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ****************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Update cache] *************************************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] ***************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] ********************************************************************************************************************************************************************* changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Import Wazuh repository GPG key] ******************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Set permissions for Wazuh repository GPG key] ******************************************************************************************************************************************************* changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Add Wazuh indexer repository] *********************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ****************************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Remove performance analyzer plugin from Wazuh indexer] ********************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] *************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] ***************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : include_tasks] ************************************************************************************************************************************************************************************** included: /Users/enriquearaqueespinosa/work-wazuh/wazuh-repos/wazuh-ansible/roles/wazuh/wazuh-indexer/tasks/security_actions.yml for 3.85.101.227 TASK [../roles/wazuh/wazuh-indexer : Configure IP (Private address)] ********************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Configure IP (Public address)] ********************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Ensure Indexer certificates directory permissions.] ************************************************************************************************************************************************* changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Copy the node & admin certificates to Wazuh indexer cluster] **************************************************************************************************************************************** changed: [3.85.101.227] => (item=root-ca.pem) changed: [3.85.101.227] => (item=root-ca.key) changed: [3.85.101.227] => (item=node-1-key.pem) changed: [3.85.101.227] => (item=node-1.pem) changed: [3.85.101.227] => (item=admin-key.pem) changed: [3.85.101.227] => (item=admin.pem) TASK [../roles/wazuh/wazuh-indexer : Restart Wazuh indexer with security configuration] ************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Copy the Opensearch security internal users template] *********************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Hashing the custom admin password] ****************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Set the Admin user password] ************************************************************************************************************************************************************************ changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Hash the kibanaserver role/user pasword] ************************************************************************************************************************************************************ changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Set the kibanaserver user password] ***************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Initialize the Opensearch security index in Wazuh indexer] ****************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Create custom user] ********************************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] *************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] ******************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Index files to remove] ****************************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] ********************************************************************************************************************************************************************************* changed: [3.85.101.227] => (item={'path': '/var/lib/wazuh-indexer/rca_enabled.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 998, 'gid': 999, 'size': 5, 'inode': 531982, 'dev': 66305, 'nlink': 1, 'atime': 1720604534.381138, 'mtime': 1720604534.381138, 'ctime': 1720604534.381138, 'gr_name': 'wazuh-indexer', 'pw_name': 'wazuh-indexer', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) changed: [3.85.101.227] => (item={'path': '/var/lib/wazuh-indexer/batch_metrics_enabled.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 998, 'gid': 999, 'size': 6, 'inode': 531983, 'dev': 66305, 'nlink': 1, 'atime': 1720604534.381138, 'mtime': 1720604534.381138, 'ctime': 1720604534.385138, 'gr_name': 'wazuh-indexer', 'pw_name': 'wazuh-indexer', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) changed: [3.85.101.227] => (item={'path': '/var/lib/wazuh-indexer/performance_analyzer_enabled.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 998, 'gid': 999, 'size': 5, 'inode': 531981, 'dev': 66305, 'nlink': 1, 'atime': 1720604534.381138, 'mtime': 1720604534.381138, 'ctime': 1720604534.381138, 'gr_name': 'wazuh-indexer', 'pw_name': 'wazuh-indexer', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] *********************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] ************************************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] ************************************************************************************************************************************************************ skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] *********************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] *********************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies] *********************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] ******************************************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] ******************************************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] ******************************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] ******************************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Overlay wazuh_manager_config on top of defaults] ******************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ****************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ****************************************************************************************************************************************************************************** included: /Users/enriquearaqueespinosa/work-wazuh/wazuh-repos/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml for 3.85.101.227 TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl] *********************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)] ******************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Download Wazuh repository key] ********************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Import Wazuh GPG key] ******************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Set permissions for Wazuh GPG key] ****************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Add Wazuh repositories] ***************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu] **************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenJDK-8 repo] ***************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenJDK 1.8] ******************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenScap] *********************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Get OpenScap installed version] ********************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Check OpenScap version] ***************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install wazuh-manager] ****************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ****************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Generate the wazuh-keystore (username)] ***************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Generate the wazuh-keystore (password)] ***************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Install expect] ***************************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Generate SSL files for authd] *************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Copy CA, SSL key and cert for authd] ******************************************************************************************************************************************************** skipping: [3.85.101.227] => (item=) skipping: [3.85.101.227] => (item=sslmanager.cert) skipping: [3.85.101.227] => (item=sslmanager.key) skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old init authd service] ******************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old systemd authd service] **************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Ensure ossec-authd service is disabled] ***************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Removing old init authd services] *********************************************************************************************************************************************************** skipping: [3.85.101.227] => (item=/etc/init.d/ossec-authd) skipping: [3.85.101.227] => (item=/lib/systemd/system/ossec-authd.service) skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_rules.xml (default local_rules.xml)] *********************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Adding local rules files] ******************************************************************************************************************************************************************* changed: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_decoder.xml] *********************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Adding local decoders files] **************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Configure the shared-agent.conf] ************************************************************************************************************************************************************ skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_internal_options.conf] ************************************************************************************************************************************************* changed: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving Agentless Credentials] *********************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving authd Credentials] *************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Check if syslog output is enabled] ********************************************************************************************************************************************************** skipping: [3.85.101.227] => (item={'server': None, 'port': None, 'format': None}) skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Check if client-syslog is enabled] ********************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Enable client-syslog] *********************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Check if ossec-agentlessd is enabled] ******************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Enable ossec-agentlessd] ******************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Checking alert log output settings] ********************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Configure ossec.conf] *********************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Ossec-authd password] *********************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Copy create_user script] ******************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Create admin.json] ************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Execute create_user script] ***************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Delete create_user script] ****************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Agentless Hosts & Passwd] ******************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Encode the secret] ************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Ensure Wazuh Manager service is started and enabled.] *************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Create agent groups] ************************************************************************************************************************************************************************ skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : Run uninstall tasks] ************************************************************************************************************************************************************************ included: /Users/enriquearaqueespinosa/work-wazuh/wazuh-repos/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml for 3.85.101.227 TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Remove Wazuh repository.] *************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)] *********************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] ******************************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] ******************************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] ******************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] ******************************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] ******************************************************************************************************************************************************************************* included: /Users/enriquearaqueespinosa/work-wazuh/wazuh-repos/wazuh-ansible/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml for 3.85.101.227 TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl] ************************************************************************************************************************ ok: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Download Filebeat apt key.] ************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Import Filebeat GPG key] ********************************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Set permissions for Filebeat GPG key] ******************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Add Filebeat-oss repository.] ************************************************************************************************************************************************ ok: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Redhat] ******************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Debian] ******************************************************************************************************************************************************************* changed: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module folder file exists] ********************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Download Filebeat module package] ************************************************************************************************************************************************************ changed: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Unpack Filebeat module package] ************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Setting 0755 permission for Filebeat module folder] ****************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module package file exists] ********************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Delete Filebeat module package file] ********************************************************************************************************************************************************* changed: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Copy Filebeat configuration.] **************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Fetch latest Wazuh alerts template] ********************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] ******************************************************************************************************************************************************************************* included: /Users/enriquearaqueespinosa/work-wazuh/wazuh-repos/wazuh-ansible/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml for 3.85.101.227 TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat SSL key pair directory exists.] ********************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : Copy the certificates from local to the Manager instance] ************************************************************************************************************************************ changed: [3.85.101.227] => (item=node-1-key.pem) changed: [3.85.101.227] => (item=node-1.pem) changed: [3.85.101.227] => (item=root-ca.pem) TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat is started and enabled at boot.] ********************************************************************************************************************************************* changed: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] ******************************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] ******************************************************************************************************************************************************************************* included: /Users/enriquearaqueespinosa/work-wazuh/wazuh-repos/wazuh-ansible/roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml for 3.85.101.227 TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)] **************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************************************* skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : RedHat/CentOS/Fedora | Add Wazuh dashboard repo] ************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] ************************************************************************************************************************************************************************** skipping: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Download apt repository signing key] ************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Import Wazuh repository GPG key] ****************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Set permissions for Wazuh repository GPG key] ***************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Debian systems | Add Wazuh dashboard repo] ******************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] ************************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Remove Dashboard configuration file] ************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Ensure Dashboard certificates directory permissions.] ********************************************************************************************************************************************* changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Copy the certificates from local to the Wazuh dashboard instance] ********************************************************************************************************************************* changed: [3.85.101.227] => (item=root-ca.pem) changed: [3.85.101.227] => (item=node-1-key.pem) changed: [3.85.101.227] => (item=node-1.pem) TASK [../roles/wazuh/wazuh-dashboard : Copy Configuration File] ************************************************************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Ensuring Wazuh dashboard directory owner] ********************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Wait for Wazuh-Indexer port] ********************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Select correct API protocol] ********************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Attempting to delete legacy Wazuh index if exists] ************************************************************************************************************************************************ ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Create Wazuh Plugin config directory] ************************************************************************************************************************************************************* ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Configure Wazuh Dashboard Plugin] ***************************************************************************************************************************************************************** ok: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Configure opensearch.password in opensearch_dashboards.keystore] ********************************************************************************************************************************** changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] ******************************************************************************************************************************************************* changed: [3.85.101.227] TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] ****************************************************************************************************************************** skipping: [3.85.101.227] RUNNING HANDLER [../roles/wazuh/wazuh-indexer : restart wazuh-indexer] ******************************************************************************************************************************************************************* changed: [3.85.101.227] RUNNING HANDLER [../roles/wazuh/ansible-wazuh-manager : restart wazuh-manager] *********************************************************************************************************************************************************** changed: [3.85.101.227] RUNNING HANDLER [../roles/wazuh/ansible-filebeat-oss : restart filebeat] ***************************************************************************************************************************************************************** changed: [3.85.101.227] RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] *************************************************************************************************************************************************************** changed: [3.85.101.227] PLAY RECAP ******************************************************************************************************************************************************************************************************************************* 3.85.101.227 : ok=118 changed=56 unreachable=0 failed=0 skipped=90 rescued=0 ignored=0 ```

Services status

Manager status ```console root@ip-172-31-38-135:/home/ubuntu# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2024-07-10 09:55:51 UTC; 1min 47s ago Process: 62129 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) Tasks: 153 (limit: 9405) Memory: 910.0M CPU: 44.299s CGroup: /system.slice/wazuh-manager.service ├─62206 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─62207 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─62210 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─62213 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─62256 /var/ossec/bin/wazuh-authd ├─62272 /var/ossec/bin/wazuh-db ├─62296 /var/ossec/bin/wazuh-execd ├─62311 /var/ossec/bin/wazuh-analysisd ├─62322 /var/ossec/bin/wazuh-syscheckd ├─62370 /var/ossec/bin/wazuh-remoted ├─62404 /var/ossec/bin/wazuh-logcollector ├─62423 /var/ossec/bin/wazuh-monitord └─62450 /var/ossec/bin/wazuh-modulesd Jul 10 09:55:43 ip-172-31-38-135 env[62129]: Started wazuh-analysisd... Jul 10 09:55:44 ip-172-31-38-135 env[62129]: Started wazuh-syscheckd... Jul 10 09:55:46 ip-172-31-38-135 env[62129]: Started wazuh-remoted... Jul 10 09:55:47 ip-172-31-38-135 env[62129]: Started wazuh-logcollector... Jul 10 09:55:48 ip-172-31-38-135 env[62129]: Started wazuh-monitord... Jul 10 09:55:48 ip-172-31-38-135 env[62446]: 2024/07/10 09:55:48 wazuh-modulesd:router: INFO: Loaded router module. Jul 10 09:55:48 ip-172-31-38-135 env[62446]: 2024/07/10 09:55:48 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Jul 10 09:55:49 ip-172-31-38-135 env[62129]: Started wazuh-modulesd... Jul 10 09:55:51 ip-172-31-38-135 env[62129]: Completed. Jul 10 09:55:51 ip-172-31-38-135 systemd[1]: Started Wazuh manager. ```
Indexer status ```console root@ip-172-31-38-135:/home/ubuntu# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2024-07-10 09:55:19 UTC; 2min 24s ago Docs: https://documentation.wazuh.com Main PID: 61649 (java) Tasks: 62 (limit: 9405) Memory: 4.3G CPU: 1min 14.562s CGroup: /system.slice/wazuh-indexer.service └─61649 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UT> Jul 10 09:54:31 ip-172-31-38-135 systemd[1]: Starting Wazuh-indexer... Jul 10 09:54:43 ip-172-31-38-135 systemd-entrypoint[61649]: WARNING: A terminally deprecated method in java.lang.System has been called Jul 10 09:54:43 ip-172-31-38-135 systemd-entrypoint[61649]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Jul 10 09:54:43 ip-172-31-38-135 systemd-entrypoint[61649]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Jul 10 09:54:43 ip-172-31-38-135 systemd-entrypoint[61649]: WARNING: System::setSecurityManager will be removed in a future release Jul 10 09:54:46 ip-172-31-38-135 systemd-entrypoint[61649]: WARNING: A terminally deprecated method in java.lang.System has been called Jul 10 09:54:46 ip-172-31-38-135 systemd-entrypoint[61649]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Jul 10 09:54:46 ip-172-31-38-135 systemd-entrypoint[61649]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Jul 10 09:54:46 ip-172-31-38-135 systemd-entrypoint[61649]: WARNING: System::setSecurityManager will be removed in a future release Jul 10 09:55:19 ip-172-31-38-135 systemd[1]: Started Wazuh-indexer. ```
Dashboard status ```console root@ip-172-31-38-135:/home/ubuntu# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2024-07-10 09:56:00 UTC; 1min 48s ago Main PID: 63438 (node) Tasks: 11 (limit: 9405) Memory: 195.2M CPU: 13.299s CGroup: /system.slice/wazuh-dashboard.service └─63438 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist ```
Filebeat output ```console root@ip-172-31-38-135:/home/ubuntu# filebeat test output elasticsearch: https://127.0.0.1:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 127.0.0.1 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 ```

Dashboard connection

Captura de pantalla 2024-07-10 a las 12 13 01

AirP0WeR commented 4 months ago

Same bug on mac for me, thanks for fix it.