Wazuh Cluster Ansible Playbook

[David Kavanagh]

Hi there!

While attempting to deploy the wazuh-production-ready.yml playbook, I have run into an issue at the step to create Indexer users.

I was wondering if anyone had insights into what would cause this, or help me in finding the root cause?

Thanks everyone!

TASK [../roles/wazuh/wazuh-indexer : Copy the Opensearch security internal users template] *******************************************

changed: [wi1]

TASK [../roles/wazuh/wazuh-indexer : Hashing the custom admin password] **************************************************************

changed: [wi2]

TASK [../roles/wazuh/wazuh-indexer : Hashing the custom admin password] **************************************************************

changed: [wi3]

TASK [../roles/wazuh/wazuh-indexer : Hashing the custom admin password] **************************************************************

changed: [wi1]

TASK [../roles/wazuh/wazuh-indexer : Set the Admin user password] ********************************************************************

changed: [wi1]

TASK [../roles/wazuh/wazuh-indexer : Set the Admin user password] ********************************************************************

changed: [wi3]

TASK [../roles/wazuh/wazuh-indexer : Set the Admin user password] ********************************************************************

changed: [wi2]

TASK [../roles/wazuh/wazuh-indexer : Hash the kibanaserver role/user pasword] ********************************************************

changed: [wi1]

TASK [../roles/wazuh/wazuh-indexer : Hash the kibanaserver role/user pasword] ********************************************************

changed: [wi2]

TASK [../roles/wazuh/wazuh-indexer : Hash the kibanaserver role/user pasword] ********************************************************

changed: [wi3]

TASK [../roles/wazuh/wazuh-indexer : Set the kibanaserver user password] *************************************************************

changed: [wi1]

TASK [../roles/wazuh/wazuh-indexer : Set the kibanaserver user password] *************************************************************

changed: [wi2]

TASK [../roles/wazuh/wazuh-indexer : Set the kibanaserver user password] *************************************************************

changed: [wi3]

Best regards,

David

[David Kavanagh]

I just realised I never actually stated the problem here. At the point in the screenshot above, the playbook doesn't proceed any further. It's not failing with an error either - just hangs in perpetuity. 

[Roman Luna]

Hi,

Here is one of the guides in order to deploy the whole stack of Wazuh, which involves the indexer, dashboard and Wazuh manager: Deploying with ansible

The playbook that you are running involves the use of workers nodes for the manager and indexer, which is oriented when there is more of a heavy load.

Nonetheless, mind sharing the playbook that you are using and the  /etc/ansible/hosts ?

Regards,

Roman from Wazuh!.

[David Kavanagh]

Hey Roman, I wanted to update you with my progress at the beginning of the week. I created 

• a new playbook (wazuh-distributed.yml),
• modified main.yml for /roles/wazuh/ansible-filebeat-oss/defaults/main.yml
• modified main.yml for /roles/wazuh/wazuh-manager/defaults/main.yml
• modified main.yml for /roles/wazuh/wazuh-dashboard/defaults/main.yml
• a hosts file to reference the variables

With these modifications, I was able to deploy an architecture consisting of:

• 1x Wazuh Indexer
• 1x Wazuh Master
• 1x Wazuh Dashboard

The next steps I want to take it to identify if I there's any default values that may cause security concerns.

[Roman Luna]

Hi,

Thank you for your update!

Let me know if you any further questions related to this, there are many variables that you can set in ansible which might help in securing the installation.

One thing that we usually recommend on every installation is to change the default password. You can find in the following link how to do so:

https://documentation.wazuh.com/current/user-manual/securing-wazuh/wazuh-indexer.html

Regards,

Roman Luna.