This stack contains the Wazuh cluster Ansible playbook. This stands up the Wazuh cluster which consists of a Wazuh manager node and two Wazuh worker nodes. The cluster is used for security monitoring, threat detection, integrity monitoring, and more.
We developed this role to stand up the Wazuh cluster based on the configurations and requirements. Installs the Wazuh manager and Wazuh worker on the target instances. More information on the wazuh-cluster role and role variables can be found here.
Enables the logging for the Wazuh Cluster.
We are using Galaxy which provides pre-packaged units of work known to Ansible as roles and collections. Content from roles and collections of the wazuh-ansible are referenced in oci-rsa-ansible-wazuh. This playbook installs and configures Wazuh agent and manager.
Installs base packages and sets configuration for general security, monitoring, and auditing purposes. More information on the oci-rsa-ansible-base can be found here.
- Ansible core >= 2.9.x
- Oracle Autonomous Linux >= 7.9
A list of other roles hosted on Galaxy:
- wazuh-ansible: These playbooks install and configure Wazuh Agent, Manager and
Elastic Stack
- ansible-wazuh-manager: This role installs and configures Wazuh Manager and Wazuh API
- ansible-filebeat-oss: This role installs Filebeat which is used with Wazuh Manager to send events and alerts to Elasticsearch.
A list of other roles hosted on Github:
- oci-rsa-ansible-base: Installs base packages and sets configuration for general security, monitoring, and auditing purposes.
mainbranch contains the latest code.
There are multiple ways to run Ansible playbook, but for our project we choose to pull down the bundled playbook from the OCI Object Storage bucket and then run the following command to configure each of the hosts locally.
ansible-playbook -i localhost, $OCI_RSA_BASE/${playbook_name}/main.yml --connection=local
An extra_variables.yml file is required to set the variables below. Here the Wazuh password, Open Distro Elasticsearch
security password, Wazuh bucket name, and the node type can be set by the user.
wazuh_api_users:
- username: "wazuh"
password: "${}"
elasticsearch_security_password: "${}"
wazuh_backup_bucket_name: "${}"
wazuh_node_type: "${}"
wazuh_cluster_key: "${}"
This is a wrapper which configures the Wazuh cluster. To deploy the infrastructure and configure the cluster on instance nodes, our team recommends a specific workflow. Detailed explanation of the recommended workflow can be found here.
This repository was developed by the Oracle OCI Regulatory Solutions and Automation (RSA) team.
Interested in contributing? See our contribution guidelines for details.
This repository and its contents are licensed under UPL 1.0.