Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjust Roles to enable collection import using galaxy-install #1586

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Adjust Roles to enable collection import using galaxy-install #1586

wants to merge 2 commits into from

Conversation

fbienz
Copy link

@fbienz fbienz commented Mar 13, 2025

Changes

Adjusted structure of roles, to enable import using galaxy-install.

Import using a requirements file from a git repository:

collections:
  - name: https://github.com/wazuh/wazuh-ansible
    type: git

Since the main branch is already set up for wazuh 5.0 which has not been released yet, I created a branch that is compatible with wazuh 4.11.0.

collections:
  - name: https://github.com/fbienz/wazuh-ansible
    type: git
    version: "4.x"

Usage example in a playbook:

---
- name: Setup Wazuh server
  hosts: wazuh_server
  vars:
    single_node: true
    minimum_master_nodes: 1
    indexer_node_master: true
    indexer_network_host: 127.0.0.1
    filebeat_node_name: node-1
    filebeat_output_indexer_hosts:
    - 127.0.0.1
    instances:
      node1:
        name: node-1
        ip: 127.0.0.1
        role: indexer
    ansible_shell_allow_world_readable_temp: true # not sure if needed, but it was in the original playbook
  tags:
    - wazuh
  tasks:

    - name: "Wazuh Indexer"
      become: true
      ansible.builtin.import_role:
        name: wazuh.wazuh.wazuh_indexer

    - name: "Wazuh Manager"
      become: true
      ansible.builtin.import_role:
        name: wazuh.wazuh.wazuh_manager

    - name: "Setup and install Filebeat for Wazuh"
      become: true
      ansible.builtin.import_role:
        name: wazuh.wazuh.filebeat_oss

    - name: "Wazuh Dashboard"
      become: true
      ansible.builtin.import_role:
        name: wazuh.wazuh.wazuh_dashboard

Required improvement

  • properly populate galaxy.yml I only did the bare minimum here as I cannot decide on additional information for the wazuh team.

Potential improvements

  • reduce coupling between the roles and the wazuh version. This would make the roles more flexible and possibly easier to maintain by reducing the need for back-porting changes.
    Users would also benefit from greater control over the wazuh version they want to use.
  • remove the vars files in ./roles/vars and use role defaults instead. This would make the roles more consistent with ansible best practices and allow users to override the default values more easily.
  • remove roles filebeat, elastic-stack and opendistro. These roles contain only files with variables that do not seem to be used anywhere.
  • rename the roles to remove the wazuh prefix. This would reduce repetition when importing the roles. Though it might cause confusion with non wazuh roles.

@BillyWeans BillyWeans mentioned this pull request Mar 21, 2025
Closed
@fbienz
Copy link
Author

fbienz commented Mar 24, 2025

I suppose I jumped the gun somewhat, as the implementation for roles is covered by #1493 .
However that Issue seems to still be missing a galaxy.yml file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@fbienz