-
Notifications
You must be signed in to change notification settings - Fork 14
/
install.sls
110 lines (95 loc) · 4.17 KB
/
install.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
{% if pillar["wazuh"] is defined and pillar["acme"] is defined %}
{% from "acme/macros.jinja" import verify_and_issue %}
{% set acme = pillar['acme'].keys() | first %}
vm.max_map_count:
sysctl.present:
- value: 262144
{{ verify_and_issue(acme, "wazuh", pillar["wazuh"]["domain"]) }}
cert_permission_fix:
file.managed:
- name: /opt/acme/cert/wazuh_{{ pillar["wazuh"]["domain"] }}_fullchain.cer
- user: 1000
- group: 1000
key_permission_fix:
file.managed:
- name: /opt/acme/cert/wazuh_{{ pillar["wazuh"]["domain"] }}_key.key
- user: 1000
- group: 1000
cmd.run:
- name: git config --global --add safe.directory /opt/wazuh/{{ pillar["wazuh"]["domain"] }}
cron_cert_key_permissions_fix:
cron.present:
- name: /bin/bash -c "chown 1000:1000 /opt/acme/cert/wazuh_{{ pillar['wazuh']['domain'] }}*"
- identifier: Set permissions on wazuh cert and key
- user: root
- user: root
- minute: 0
wazuh_clone_from_git:
git.cloned:
- name: https://github.com/wazuh/wazuh-docker
- target: /opt/wazuh/{{ pillar["wazuh"]["domain"] }}
- branch: "v{{ pillar["wazuh"]["release"] }}"
wazuh_certs_generation:
cmd.run:
- name: '[ ! -f /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/single-node/config/wazuh_indexer_ssl_certs/root-ca.key ] && docker-compose -f generate-indexer-certs.yml run --rm generator || true'
- shell: /bin/bash
- cwd: /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/single-node
wazuh_data_dirs_1:
file.directory:
- names:
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/filebeat_etc
- makedirs: True
wazuh_data_dirs_2:
file.directory:
- names:
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/wazuh_api_configuration
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/wazuh_queue
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/wazuh_integrations
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/wazuh_wodles
- group: 101
wazuh_data_dirs_3:
file.directory:
- names:
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/wazuh_etc
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/wazuh_logs
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/wazuh_stats
- user: 101
- group: 101
wazuh_data_dirs_4:
file.directory:
- names:
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/wazuh-indexer-data
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/wazuh_var_multigroups
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/wazuh_active_response
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/wazuh_agentless
- /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/filebeat_var
- user: 1000
- group: 1000
docker_network:
docker_network.present:
- name: wazuh
{% include "wazuh/includes/internal_users_yml.sls" with context %}
{% include "wazuh/includes/indexer.sls" with context %}
{% include "wazuh/includes/manager.sls" with context %}
{% include "wazuh/includes/dashboard.sls" with context %}
{% include "wazuh/includes/applying_changes.sls" with context %}
{% include "wazuh/includes/internal_options_conf.sls" with context %}
reload manager on changes in internal_options.conf:
cmd.run:
- name: docker exec wazuh.manager /var/ossec/bin/wazuh-control reload
- watch:
- file: /opt/wazuh/{{ pillar["wazuh"]["domain"] }}/volumes/wazuh_etc/internal_options.conf
cron_backup_ossec_conf:
cron.present:
- name: 'rsync -qa /opt/wazuh/{{ pillar['wazuh']['domain'] }}/volumes/wazuh_etc/ossec.conf /opt/wazuh/{{ pillar['wazuh']['domain'] }}/single-node/config/wazuh_cluster/wazuh_manager.conf; chown 1000:1000 /opt/wazuh/{{ pillar['wazuh']['domain'] }}/single-node/config/wazuh_cluster/wazuh_manager.conf; chmod 644 /opt/wazuh/{{ pillar['wazuh']['domain'] }}/single-node/config/wazuh_cluster/wazuh_manager.conf'
- identifier: backup_ossec_conf
- user: root
- minute: '*/5'
cron_wazuh_dashboard_restart_for_reload_acme_certificates:
cron.present:
- name: 'docker restart wazuh.dashboard'
- identifier: cron_wazuh_dashboard_restart_for_reload_acme_certificates
- user: root
- minute: 0
- hour: 1
{% endif %}