--- - name: Update apt cache apt: update_cache: yes - name: Install required packages apt: name: - curl - apt-transport-https - lsb-release - gnupg2 state: present - name: Add Wazuh repository key get_url: url: https://packages.wazuh.com/key/GPG-KEY-WAZUH dest: /tmp/GPG-KEY-WAZUH - name: Add Wazuh GPG key apt_key: file: /tmp/GPG-KEY-WAZUH state: present - name: Add Wazuh repository apt_repository: repo: "deb https://packages.wazuh.com/4.x/apt/ stable main" state: present - name: Install Wazuh manager first apt: name: wazuh-manager state: present update_cache: yes - name: Start and enable Wazuh manager service: name: wazuh-manager state: started enabled: yes - name: Install Wazuh indexer apt: name: wazuh-indexer state: present update_cache: yes - name: Stop Wazuh indexer before configuration service: name: wazuh-indexer state: stopped - name: Configure Wazuh indexer with security disabled copy: content: | cluster.name: wazuh-cluster node.name: wazuh-node-1 path.data: /var/lib/wazuh-indexer path.logs: /var/log/wazuh-indexer network.host: 127.0.0.1 http.port: 9200 transport.host: 127.0.0.1 transport.tcp.port: 9300 bootstrap.memory_lock: false cluster.initial_master_nodes: ["wazuh-node-1"] # Disable security plugin to avoid certificate issues plugins.security.disabled: true # Memory settings indices.memory.index_buffer_size: 10% # Discovery settings discovery.type: single-node dest: /etc/wazuh-indexer/opensearch.yml backup: yes owner: wazuh-indexer group: wazuh-indexer mode: '0660' - name: Set JVM heap size for Wazuh indexer (1GB system has plenty of RAM) copy: content: | -Xms1g -Xmx1g -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:+DisableExplicitGC -Djava.io.tmpdir=/tmp -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/wazuh-indexer -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintGCDateStamps -XX:+PrintClassHistogram -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:/var/log/wazuh-indexer/gc.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=32 -XX:GCLogFileSize=64m dest: /etc/wazuh-indexer/jvm.options backup: yes owner: wazuh-indexer group: wazuh-indexer mode: '0660' - name: Set vm.max_map_count for Wazuh indexer sysctl: name: vm.max_map_count value: '262144' state: present reload: yes - name: Reload systemd daemon systemd: daemon_reload: yes - name: Start and enable Wazuh indexer service: name: wazuh-indexer state: started enabled: yes register: indexer_start - name: Wait for Wazuh indexer to be ready wait_for: port: 9200 host: 127.0.0.1 delay: 10 timeout: 120 when: not indexer_start.failed - name: Test Wazuh indexer API uri: url: http://127.0.0.1:9200 method: GET register: indexer_api_test ignore_errors: true - name: Show indexer API test result debug: var: indexer_api_test - name: Install Wazuh dashboard apt: name: wazuh-dashboard state: present update_cache: yes when: not indexer_start.failed - name: Configure Wazuh dashboard copy: content: | server.host: 0.0.0.0 server.port: 443 opensearch.hosts: ["http://127.0.0.1:9200"] opensearch.ssl.verificationMode: none opensearch.security.auth.type: "basicauth" opensearch_security.cookie.secure: false dest: /etc/wazuh-dashboard/opensearch_dashboards.yml backup: yes owner: wazuh-dashboard group: wazuh-dashboard mode: '0660' when: not indexer_start.failed - name: Start and enable Wazuh dashboard service: name: wazuh-dashboard state: started enabled: yes when: not indexer_start.failed - name: Verify Wazuh services status shell: systemctl status {{ item }} --no-pager register: wazuh_status changed_when: false ignore_errors: true loop: - wazuh-manager - wazuh-indexer - wazuh-dashboard - name: Show Wazuh services status debug: var: wazuh_status.results