33 lines
924 B
YAML
33 lines
924 B
YAML
---
|
|
- name: Deploy Centralized Security Server
|
|
hosts: security_servers
|
|
become: true
|
|
vars:
|
|
server_environment: production
|
|
vault_version: "1.15.2"
|
|
wazuh_version: "4.7.0"
|
|
|
|
roles:
|
|
- common # Base system hardening
|
|
- docker # Container runtime
|
|
- nginx-proxy # Reverse proxy with SSL
|
|
- vault # HashiCorp Vault
|
|
- wazuh-server # OSSEC/Wazuh server
|
|
- elasticsearch # Log storage
|
|
- prometheus # Metrics collection
|
|
- grafana # Dashboards
|
|
- vulnerability-scanner # Security scanning
|
|
- backup-setup # Backup configuration
|
|
|
|
post_tasks:
|
|
- name: Verify all services are running
|
|
service:
|
|
name: "{{ item }}"
|
|
state: started
|
|
enabled: yes
|
|
loop:
|
|
- vault
|
|
- wazuh-manager
|
|
- elasticsearch
|
|
- prometheus
|
|
- grafana |