Hi, I am following ansible deployment based on documentation and ins

<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clip

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

Installing wazuh manager based on documentation example fails about wazuh-ansible HOT 3 CLOSED

andel7 commented on May 18, 2024

Installing wazuh manager based on documentation example fails

from wazuh-ansible.

Comments (3)

andel7 commented on May 18, 2024


TASK [ansible-wazuh-manager : Configure ossec.conf] ********************************************************************************************************************************************************
fatal: [10.142.0.11]: FAILED! => {"changed": false, "msg": "AnsibleError: Unexpected templating type error occurred on (<!--\n  Wazuh - Manager - Default configuration\n  More info at: https://documentation.wazuh.com\n  Mailing list: https://groups.google.com/forum/#!forum/wazuh\n-->\n\n<ossec_config>\n  <global>\n    <jsonout_output>{{ wazuh_manager_config.json_output }}</jsonout_output>\n    <alerts_log>{{ wazuh_manager_config.alerts_log }}</alerts_log>\n    <logall>{{ wazuh_manager_config.logall }}</logall>\n    {% if wazuh_manager_config.email_notification | lower == \"yes\" %}\n    <email_notification>yes</email_notification>\n    {% else %}\n    <email_notification>no</email_notification>\n    {% endif %}\n    {% for to in wazuh_manager_config.mail_to %}\n    <email_to>{{ to }}</email_to>\n    {% endfor %}\n    <smtp_server>{{ wazuh_manager_config.mail_smtp_server }}</smtp_server>\n    <email_from>{{ wazuh_manager_config.mail_from }}</email_from>\n  </global>\n\n  <cluster>\n    <disabled>{{ wazuh_manager_config.cluster.disable }}</disabled>\n    <name>{{ wazuh_manager_config.cluster.name }}</name>\n    <node_name>{{ wazuh_manager_config.cluster.node_name }}</node_name>\n    <node_type>{{ wazuh_manager_config.cluster.node_type }}</node_type>\n    <key>{{ wazuh_manager_config.cluster.key }}</key>\n    <interval>{{ wazuh_manager_config.cluster.interval }}</interval>\n    <port>{{ wazuh_manager_config.cluster.port }}</port>\n    <bind_addr>{{ wazuh_manager_config.cluster.bind_addr }}</bind_addr>\n    <nodes>\n    {% for node in wazuh_manager_config.cluster.nodes %}\n      <node>{{ node }}</node>\n    {% endfor %}\n    </nodes>\n    <hidden>{{ wazuh_manager_config.cluster.hidden }}</hidden>\n  </cluster>\n\n  <logging>\n    <log_format>{{ wazuh_manager_config.log_format }}</log_format>\n  </logging>\n\n{% if wazuh_manager_config.authd.enable == true %}\n  <auth>\n    <disabled>no</disabled>\n    {% if wazuh_manager_config.authd.port is not none %}<port>{{wazuh_manager_config.authd.port}}</port>{% else %}<port>1515</port>{% endif %}\n    {% if wazuh_manager_config.authd.use_source_ip is not none %}<use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>{% endif %}\n    {% if wazuh_manager_config.authd.force_insert is not none %}<force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>{% endif %}\n    {% if wazuh_manager_config.authd.force_time is not none %}<force_time>{{wazuh_manager_config.authd.force_time}}</force_time>{% endif %}\n    {% if wazuh_manager_config.authd.purge is not none %}<purge>{{wazuh_manager_config.authd.purge}}</purge>{% endif %}\n    {% if wazuh_manager_config.authd.use_password is not none %}<use_password>{{wazuh_manager_config.authd.use_password}}</use_password>{% endif %}\n    {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>{% endif %}\n    {% if wazuh_manager_config.authd.ssl_verify_host is not none %}<ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>{% endif %}\n    {% if wazuh_manager_config.authd.ssl_manager_cert is not none %}<ssl_manager_cert>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>{% endif %}\n    {% if wazuh_manager_config.authd.ssl_manager_key is not none %}<ssl_manager_key>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>{% endif %}\n    {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}<ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>{% endif %}\n  </auth>\n{% endif %}\n\n{% if wazuh_manager_config.extra_emails is defined %}\n{% for mail in wazuh_manager_config.extra_emails %}\n{% if mail.enable == true %}\n  <email_alerts>\n    <email_to>{{ mail.mail_to }}</email_to>\n    {% if mail.format is not none %}\n    <format>{{ mail.format }}</format>\n    {% endif %}\n    {% if mail.level is not none %}\n    <level>{{ mail.level }}</level>\n    {% endif %}\n    {% if mail.event_location is not none %}\n    <event_location>{{ mail.event_location }}</event_location>\n    {% endif %}\n    {% if mail.group is not none %}\n    <group>{{ mail.group }}</group>\n    {% endif %}\n    {% if mail.do_not_delay is not none and mail.do_not_delay == true %}\n    <do_not_delay />\n    {% endif %}\n    {% if mail.do_not_group is not none and mail.do_not_group == true %}\n    <do_not_group />\n    {% endif %}\n    {% if mail.rule_id is not none %}\n    <rule_id>{{ mail.rule_id }}</rule_id>\n    {% endif %}\n  </email_alerts>\n{% endif %}\n{% endfor %}\n{% endif %}\n\n{% if wazuh_manager_config.reports is defined %}\n{% for report in wazuh_manager_config.reports %}\n{% if report.enable == true %}\n  <reports>\n    <category>{{ report.category }}</category>\n    <title>{{ report.title }}</title>\n    <email_to>{{ report.email_to }}</email_to>\n    {% if report.location is not none %}<location>{{ report.location }}</location>{% endif %}\n    {% if report.group is not none %}<group>{{ report.group }}</group>{% endif %}\n    {% if report.rule is not none %}<rule>{{ report.rule }}</rule>{% endif %}\n    {% if report.level is not none %}<level>{{ report.level }}</level>{% endif %}\n    {% if report.srcip is not none %}<srcip>{{ report.srcip }}</srcip>{% endif %}\n    {% if report.user is not none %}<user>{{ report.user }}</user>{% endif %}\n    {% if report.showlogs is not none %}<showlogs>{{ report.showlogs }}</showlogs>{% endif %}\n  </reports>\n{% endif %}\n{% endfor %}\n{% endif %}\n\n  <alerts>\n    <log_alert_level>{{ wazuh_manager_config.log_level }}</log_alert_level>\n    <email_alert_level>{{ wazuh_manager_config.email_level }}</email_alert_level>\n  </alerts>\n\n  <remote>\n  {% for connection in wazuh_manager_config.connection %}\n    <connection>{{ connection.type }}</connection>\n    <port>{{ connection.port }}</port>\n    <protocol>{{ connection.protocol }}</protocol>\n  {% endfor %}\n  </remote>\n\n  <rootcheck>\n    <disabled>no</disabled>\n    <check_unixaudit>yes</check_unixaudit>\n    <check_files>yes</check_files>\n    <check_trojans>yes</check_trojans>\n    <check_dev>yes</check_dev>\n    <check_sys>yes</check_sys>\n    <check_pids>yes</check_pids>\n    <check_ports>yes</check_ports>\n    <check_if>yes</check_if>\n\n    <!-- Frequency that rootcheck is executed - every 12 hours -->\n    <frequency>{{ wazuh_manager_config.rootcheck.frequency }}</frequency>\n\n    <rootkit_files>/var/ossec/etc/shared/default/rootkit_files.txt</rootkit_files>\n    <rootkit_trojans>/var/ossec/etc/shared/default/rootkit_trojans.txt</rootkit_trojans>\n    <system_audit>/var/ossec/etc/shared/default/system_audit_rcl.txt</system_audit>\n    <system_audit>/var/ossec/etc/shared/default/system_audit_ssh.txt</system_audit>\n    {% if cis_distribution_filename is defined %}\n    <system_audit>/var/ossec/etc/shared/default/{{ cis_distribution_filename }}</system_audit>\n    {% endif %}\n\n    <skip_nfs>yes</skip_nfs>\n  </rootcheck>\n\n  <syscheck>\n    <auto_ignore>{{ wazuh_manager_config.syscheck.auto_ignore }}</auto_ignore>\n    <alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files>\n    <!-- Frequency that syscheck is executed -- default every 20 hours -->\n    <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>\n    <scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>\n\n    <!-- Directories to check  (perform all possible verifications) -->\n    {% if wazuh_manager_config.syscheck.directories is defined %}\n    {% for directory in wazuh_manager_config.syscheck.directories %}\n    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>\n    {% endfor %}\n    {% endif %}\n\n    <!-- Files/directories to ignore -->\n    {% if wazuh_manager_config.syscheck.ignore is defined %}\n    {% for ignore in wazuh_manager_config.syscheck.ignore %}\n    <ignore>{{ ignore }}</ignore>\n    {% endfor %}\n    {% endif %}\n\n    <!-- Files no diff -->\n    {% for no_diff in wazuh_manager_config.syscheck.no_diff %}\n    <nodiff>{{ no_diff }}</nodiff>\n    {% endfor %}\n  </syscheck>\n\n  {% if ansible_system == \"Linux\" and wazuh_manager_config.openscap.disable == 'no' %}\n  <wodle name=\"open-scap\">\n    <disabled>no</disabled>\n    <timeout>{{ wazuh_manager_config.openscap.timeout }}</timeout>\n    <interval>{{ wazuh_manager_config.openscap.interval }}</interval>\n    <scan-on-start>{{ wazuh_manager_config.openscap.scan_on_start }}</scan-on-start>\n    {% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}\n    <content type=\"xccdf\" path=\"ssg-ubuntu-1604-ds.xml\">\n      <profile>xccdf_org.ssgproject.content_profile_common</profile>\n    </content>\n    {% elif ansible_distribution == 'Debian' %}\n    {% if ansible_distribution_release == 'jessie' %}\n    {% if openscap_version_valid.stdout == \"0\" %}\n    <content type=\"xccdf\" path=\"ssg-debian-8-ds.xml\">\n      <profile>xccdf_org.ssgproject.content_profile_common</profile>\n    </content>\n    <content type=\"oval\" path=\"cve-debian-8-oval.xml\"/>\n    {% endif %}\n    {% elif ansible_distribution_release == 'stretch' %}\n    <content type=\"oval\" path=\"cve-debian-9-oval.xml\"/>\n    {% endif %}\n    {% elif ansible_distribution == 'CentOS' %}\n      {% if ansible_distribution_major_version == '7' %}\n      <content type=\"xccdf\" path=\"ssg-centos-7-ds.xml\">\n      {% elif ansible_distribution_major_version == '6' %}\n      <content type=\"xccdf\" path=\"ssg-centos-6-ds.xml\">\n      {% endif %}\n        <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>\n        <profile>xccdf_org.ssgproject.content_profile_common</profile>\n      </content>\n    {% elif ansible_distribution == 'RedHat' %}\n      {% if ansible_distribution_major_version == '7' %}\n      <content type=\"xccdf\" path=\"ssg-rhel-7-ds.xml\">\n      {% elif ansible_distribution_major_version == '6' %}\n      <content type=\"xccdf\" path=\"ssg-rhel-6-ds.xml\">\n      {% endif %}\n        <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>\n        <profile>xccdf_org.ssgproject.content_profile_common</profile>\n      </content>\n      {% if ansible_distribution_major_version == '7' %}\n      <content type=\"oval\" path=\"cve-redhat-7-ds.xml\"/>\n      {% elif ansible_distribution_major_version == '6' %}\n      <content type=\"oval\" path=\"cve-redhat-6-ds.xml\"/>\n      {% endif %}\n    {% elif ansible_distribution == 'Fedora' %}\n      <content type=\"xccdf\" path=\"ssg-fedora-ds.xml\">\n        <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>\n        <profile>xccdf_org.ssgproject.content_profile_common</profile>\n      </content>\n    {% endif %}\n  </wodle>\n  {% endif %}\n\n  {% if wazuh_manager_config.cis_cat.disable == 'no' %}\n  <wodle name=\"cis-cat\">\n    <disabled>no</disabled>\n    <timeout>{{ wazuh_manager_config.cis_cat.timeout }}</timeout>\n    <interval>{{ wazuh_manager_config.cis_cat.interval }}</interval>\n    <scan-on-start>{{ wazuh_manager_config.cis_cat.scan_on_start }}</scan-on-start>\n    {% if wazuh_manager_config.cis_cat.install_java == 'yes' %}\n    <java_path>/usr/bin</java_path>\n    {% else %}\n    <java_path>{{ wazuh_manager_config.cis_cat.java_path }}</java_path>\n    {% endif %}\n    <ciscat_path>{{ wazuh_manager_config.cis_cat.ciscat_path }}</ciscat_path>\n    {% for benchmark in wazuh_manager_config.cis_cat.content %}\n    <content type=\"{{ benchmark.type }}\" path=\"{{ benchmark.path }}\">\n      <profile>{{ benchmark.profile }}</profile>\n    </content>\n    {% endfor %}\n  </wodle>\n  {% endif %}\n\n  {% if ansible_system == \"Linux\" and wazuh_manager_config.vuls.disable == 'no' %}\n  <wodle name=\"command\">\n    <disabled>no</disabled>\n    <tag>Wazuh-VULS</tag>\n    <command>/usr/bin/python /var/ossec/wodles/vuls/vuls.py{% for arg in wazuh_manager_config.vuls.args %} --{{ arg }}{% endfor %}</command>\n    <interval>{{ wazuh_manager_config.vuls.interval }}</interval>\n    <ignore_output>yes</ignore_output>\n    <run_on_start>{{ wazuh_manager_config.vuls.run_on_start }}</run_on_start>\n  </wodle>\n  {% endif %}\n\n{% if agentless_creeds is defined %}\n{% for agentless in agentless_creeds %}\n  <agentless>\n    <type>{{ agentless.type }}</type>\n    <frequency>{{ agentless.frequency }}</frequency>\n    <host>{{ agentless.host }}</host>\n    <state>{{ agentless.state }}</state>\n    {% if agentless.arguments is defined %}\n      <arguments>{{ agentless.arguments }}</arguments>\n    {% endif %}\n  </agentless>\n\n{% endfor %}\n{% endif %}\n\n  <global>\n{% for white_list in wazuh_manager_config.globals %}\n    <white_list>{{ white_list }}</white_list>\n{% endfor %}\n  </global>\n\n  {% for command in wazuh_manager_config.commands %}\n    <command>\n      <name>{{ command.name }}</name>\n      <executable>{{ command.executable }}</executable>\n      <expect>{{ command.expect }}</expect>\n      <timeout_allowed>{{ command.timeout_allowed }}</timeout_allowed>\n    </command>\n  {% endfor %}\n\n\n  <ruleset>\n    <!-- Default ruleset -->\n    <decoder_dir>ruleset/decoders</decoder_dir>\n    <rule_dir>ruleset/rules</rule_dir>\n    <rule_exclude>0215-policy_rules.xml</rule_exclude>\n    {% if cdb_lists is defined %}\n    {% for list in cdb_lists %}\n    <list>etc/lists/{{ list.name }}</list>\n    {% endfor %}\n    {% endif %}\n\n    <!-- User-defined ruleset -->\n    <decoder_dir>etc/decoders</decoder_dir>\n    <rule_dir>etc/rules</rule_dir>\n  </ruleset>\n\n  <!-- Active Response Config -->\n{% for response in wazuh_manager_config.active_responses %}\n  <active-response>\n    <disabled>no</disabled>\n    <command>{{ response.command }}</command>\n    {%if response.location is defined %}<location>{{ response.location }}</location>{% endif %}\n    {%if response.agent_id is defined %}<agent_id>{{ response.agent_id }}</agent_id>{% endif %}\n    {%if response.level is defined %}<level>{{ response.level }}</level>{% endif %}\n    {%if response.rules_group is defined %}<rules_group>{{ response.rules_group }}</rules_group>{% endif %}\n    {%if response.rules_id is defined %}<rules_id>{{ response.rules_id }}</rules_id>{% endif %}\n    {%if response.timeout is defined %}<timeout>{{ response.timeout }}</timeout>{% endif %}\n    {%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %}\n  </active-response>\n{% endfor %}\n\n  <!-- Files to monitor (localfiles) -->\n{% for localfile in wazuh_manager_config.localfiles %}\n  <localfile>\n     <log_format>{{ localfile.format }}</log_format>\n     {% if localfile.format == 'command' or localfile.format == 'full_command' %}\n     <command>{{ localfile.command }}</command>\n     <frequency>{{ localfile.frequency }}</frequency>\n     {% else %}\n     <location>{{ localfile.location }}</location>\n     {% endif %}\n  </localfile>\n{% endfor %}\n\n{% if wazuh_manager_config.syslog_outputs is defined %}\n{% for syslog_output in wazuh_manager_config.syslog_outputs %}\n{% if syslog_output.server is not none  %}\n  <syslog_output>\n    <server>{{ syslog_output.server }}</server>\n    <port>{{ syslog_output.port }}</port>\n    <format>{{ syslog_output.format }}</format>\n  </syslog_output>\n{% endif %}\n{% endfor %}\n{% endif %}\n\n</ossec_config>\n): 'NoneType' object is not iterable"}

from wazuh-ansible.

andel7 commented on May 18, 2024

I think I understand the issue a bit better now.
Based on documentation (https://documentation.wazuh.com/current/deploying-with-ansible/roles/wazuh-manager.html) I can create a variable file - vars-production.yml. Add specific configurations and the run:

 ansible-playbook wazuh-manager.yml [email protected]

However if I create a wazuh_manager_config dictionary in vars-production.yml it completely overrides wazuh_manager_config from default/main.yml and then I get to copy-attributes-hell.
Either documentation should be fixed in some way or the variables in the playbook.

from wazuh-ansible.

commented on May 18, 2024

Hi @andel7,

Yes, this is the expected behavior according to Ansible the variable precedence. We're going to update our ansible documentation in ASAP, I created an issue here: wazuh/wazuh-documentation#282 in order to track this one and add your suggestions. Thanks!

Best Regards,

from wazuh-ansible.

Installing wazuh manager based on documentation example fails about wazuh-ansible HOT 3 CLOSED

Comments (3)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent