导入yum的扩展仓库,里面有ansible的安装包,使用yum命令进行安装。
因为ansible跟客户端通信是采用SSH协议,所以按照正常ssh登录的方式来进行,可以使用密码进行登录到客户端上面,但是这种方法是不推荐的,因为当有成百上千台服务器,账号和密码不一定一样,需要写上很多台的账号和密码,很不实际的做法。
采用的做法是,使用公钥进行登录,所以在自动化部署服务器上面使用ssh-kengen命令生成公钥和私钥,并且将私钥的权限设置为只有root可以读写 。
在wazuh管理端服务器上面新建authorized_keys文件,并且赋予这个文件权限。
复制 [root@wazuh-manager ~]# touch /root/.ssh/authorized_keys
[root@wazuh-manager ~]# chmod 664 /root/.ssh/authorized_keys 在自动化部署服务器上面,通过ssh连接到wazuh管理端上面,将公钥导入到authorized_keys文件里面。
复制 [root@autodeploy ~]# cat /root/.ssh/id_rsa.pub | ssh root@192.168.1.200 "cat >> /root/.ssh/authorized_keys"
The authenticity of host '192.168.1.200 (192.168.1.200)' can't be established.
ECDSA key fingerprint is SHA256:5DEFzTB4TGNWXkMkrU36uM/d+VwdoLaJ05iBUxSfzgw.
ECDSA key fingerprint is MD5:7e:aa:e2:e1:6d:5e:cf:8a:2a:b6:83:60:44:57:05:1b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.200' (ECDSA) to the list of known hosts.
root@192.168.1.200's password: wazuh管理端查看authorized_keys文件,发现公钥已经导入成功。
复制 [root@wazuh-manager ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCCOCgLRd77WfAoUSCyXiGvT3GE/zbeyEXy1G70ohy2c1fQ8DfAfwnK/G7wk58NSpYSdjx1DXJoKJf9ZKgUwhC18S/XzRnyCNh3Q7H6NIWBbfAs3qSdoaz2i7SB6ghqSrXSt82MPBWk1II7f/b8mgwpybQnRJXNOsXuD5axYUTmXE7EJclMpCY75bj2Atjg7Pz3ixtH8dIQQoK8+2cmtX1+E51JR1dlVXqS9xpa9Z9vYR1zrofv+o3RJm9KeKu9YZFW/KKCyM/iG4fNPjuevp3qsH8rF5q8gjJRDd3b4lV2/AC4spS02SnEq4DtdXg8znbEfLnvaooWh5FUb47SHZP root@autodeploy wazuh管理端需要添加一条hosts记录
复制 [root@wazuh-manager ~]# cat /etc/hosts
192.168.1.110 www.autodeploy.com
192.168.1.110 autodeploy 现在在自动化部署服务器上面直接ssh到wazuh管理端是不用输入密码,就可以完成登录操作。
复制 [root@autodeploy .ssh]# ssh 192.168.1.200
Last login: Sat Jun 26 05:50:08 2021 from www.autodeploy.com
[root@wazuh-manager ~]#
[root@wazuh-manager ~]# logout
Connection to 192.168.1.200 closed. 在ansible目录hosts文件添加一条连接wazuh管理端记录,ssh登录的用户是root账号,添加完成之后,使用ansible all -m ping测试记录是否正确,返回结果显示ping pong说明记录是没有问题的。
复制 [root@autodeploy .ssh]# cat /etc/ansible/hosts
192.168.1.200 ansible_ssh_user=root
[root@autodeploy .ssh]# ansible all -m ping
192.168.1.200 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
} 来到ansible的roles目录下面,使用git clone下载wazuh的ansible剧本(任务)。
复制 [root@autodeploy ~]# cd /etc/ansible/roles/
[root@autodeploy roles]# git clone https://github.com/wazuh/wazuh-ansible.git
Cloning into 'wazuh-ansible'...
remote: Enumerating objects: 14110, done.
remote: Counting objects: 100% (1061/1061), done.
remote: Compressing objects: 100% (347/347), done.
remote: Total 14110 (delta 634), reused 989 (delta 592), pack-reused 13049
Receiving objects: 100% (14110/14110), 5.11 MiB | 2.30 MiB/s, done.
Resolving deltas: 100% (8800/8800), done.
[root@autodeploy roles]# ls
wazuh-ansible
在这里可以看到ansible的剧本有6个,查看wazuh-manager.yml文件,可以看到非常简单,只有几行代码。
复制 [root@autodeploy playbooks]# pwd
/etc/ansible/roles/wazuh-ansible/playbooks
[root@autodeploy playbooks]# cat wazuh-manager.yml
---
- hosts: <WAZUH_MANAGER_HOST>
roles:
- role: ../roles/wazuh/ansible-wazuh-manager
- role: ../roles/wazuh/ansible-filebeat
filebeat_output_elasticsearch_hosts: <YOUR_ELASTICSEARCH_IP>:9200 修改默认的文件,把filebeat的两行注释掉,先不安装filebeta,并且在hosts的位置输入wazuh管理端的IP地址。
复制 [root@autodeploy playbooks]# cat wazuh-manager.yml
---
- hosts: 192.168.1.200
roles:
- role: ../roles/wazuh/ansible-wazuh-manager
#- role: ../roles/wazuh/ansible-filebeat
# filebeat_output_elasticsearch_hosts: <YOUR_ELASTICSEARCH_IP>:9200 使用ansible-playbook命令执行编排的脚本安装
复制 [root@autodeploy playbooks]# ansible-playbook wazuh-manager.yml -b -k
SSH password:
PLAY [192.168.1.200] *********************
TASK [Gathering Facts] *******************
ok: [192.168.1.200]
TASK [../roles/wazuh/ansible-wazuh-manager : Overlay wazuh_manager_config on top of defaults] **********
ok: [192.168.1.200]
TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies] **************************************
changed: [192.168.1.200]
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] *********************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml for 192.168.1.200
TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS 5 | Install Wazuh repo] **********************
skipping: [192.168.1.200]
TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS/Fedora | Install Wazuh repo] *****************
ok: [192.168.1.200]
...........................
另外两台centos和Ubuntu的客户端的操作步骤也是跟wazuh管理端一样,发送公钥过去进行通信。然后在ansible的hosts文件添加记录,并且使用ping命令进行测试。
复制 [root@autodeploy playbooks]# cat /etc/ansible/hosts
192.168.1.200 ansible_ssh_user=root
192.168.1.101 ansible_ssh_user=root
192.168.1.100 ansible_ssh_user=root
[root@autodeploy playbooks]# ansible all -m ping
192.168.1.200 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.1.101 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.1.100 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
} 在agent.yml命令的hosts添加centos和ubuntu客户端的IP地址记录,并且在下面wazuh manager服务添加wazuh管理端的IP信息和端口信息。
复制 [root@autodeploy playbooks]# cat agent.yml
---
- hosts: 192.168.1.100,192.168.1.101
roles:
- ../roles/wazuh/ansible-wazuh-agent
vars:
wazuh_managers:
- address: 192.168.1.200
port: 1514
protocol: tcp
api_port: 55000
api_proto: 'http'
api_user: ansible
max_retries: 5
retry_interval: 5
wazuh_agent_authd:
registration_address: 192.168.1.200
enable: true
port: 1515
ssl_agent_ca: null
ssl_auto_negotiate: 'no' 执行编排剧本进行安装。
复制 [root@autodeploy playbooks]# ansible-playbook agent.yml -b -k
SSH password:
PLAY [192.168.1.100,192.168.1.101] ************************************************************
TASK [Gathering Facts] ************************************************************************
ok: [192.168.1.100]
ok: [192.168.1.101]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] *****
ok: [192.168.1.100]
ok: [192.168.1.101]
