2.6.1 ansible Linux 安装

导入yum的扩展仓库，里面有ansible的安装包，使用yum命令进行安装。

因为ansible跟客户端通信是采用SSH协议，所以按照正常ssh登录的方式来进行，可以使用密码进行登录到客户端上面，但是这种方法是不推荐的，因为当有成百上千台服务器，账号和密码不一定一样，需要写上很多台的账号和密码，很不实际的做法。

采用的做法是，使用公钥进行登录，所以在自动化部署服务器上面使用ssh-kengen命令生成公钥和私钥，并且将私钥的权限设置为只有root可以读写。

在wazuh管理端服务器上面新建authorized_keys文件，并且赋予这个文件权限。

[root@wazuh-manager ~]# touch /root/.ssh/authorized_keys
[root@wazuh-manager ~]# chmod 664 /root/.ssh/authorized_keys

在自动化部署服务器上面，通过ssh连接到wazuh管理端上面，将公钥导入到authorized_keys文件里面。

[root@autodeploy ~]# cat /root/.ssh/id_rsa.pub | ssh root@192.168.1.200 "cat >> /root/.ssh/authorized_keys"
The authenticity of host '192.168.1.200 (192.168.1.200)' can't be established.
ECDSA key fingerprint is SHA256:5DEFzTB4TGNWXkMkrU36uM/d+VwdoLaJ05iBUxSfzgw.
ECDSA key fingerprint is MD5:7e:aa:e2:e1:6d:5e:cf:8a:2a:b6:83:60:44:57:05:1b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.200' (ECDSA) to the list of known hosts.
root@192.168.1.200's password: 

wazuh管理端查看authorized_keys文件，发现公钥已经导入成功。

[root@wazuh-manager ~]# cat /root/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCCOCgLRd77WfAoUSCyXiGvT3GE/zbeyEXy1G70ohy2c1fQ8DfAfwnK/G7wk58NSpYSdjx1DXJoKJf9ZKgUwhC18S/XzRnyCNh3Q7H6NIWBbfAs3qSdoaz2i7SB6ghqSrXSt82MPBWk1II7f/b8mgwpybQnRJXNOsXuD5axYUTmXE7EJclMpCY75bj2Atjg7Pz3ixtH8dIQQoK8+2cmtX1+E51JR1dlVXqS9xpa9Z9vYR1zrofv+o3RJm9KeKu9YZFW/KKCyM/iG4fNPjuevp3qsH8rF5q8gjJRDd3b4lV2/AC4spS02SnEq4DtdXg8znbEfLnvaooWh5FUb47SHZP root@autodeploy

wazuh管理端需要添加一条hosts记录

[root@wazuh-manager ~]# cat /etc/hosts
192.168.1.110  www.autodeploy.com
192.168.1.110 autodeploy

现在在自动化部署服务器上面直接ssh到wazuh管理端是不用输入密码，就可以完成登录操作。

[root@autodeploy .ssh]# ssh  192.168.1.200 
Last login: Sat Jun 26 05:50:08 2021 from www.autodeploy.com
[root@wazuh-manager ~]# 
[root@wazuh-manager ~]# logout 
Connection to 192.168.1.200 closed.

在ansible目录hosts文件添加一条连接wazuh管理端记录，ssh登录的用户是root账号，添加完成之后，使用ansible all -m ping测试记录是否正确，返回结果显示ping pong说明记录是没有问题的。

[root@autodeploy .ssh]# cat /etc/ansible/hosts 
192.168.1.200 ansible_ssh_user=root
[root@autodeploy .ssh]# ansible all -m ping
192.168.1.200 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

来到ansible的roles目录下面，使用git clone下载wazuh的ansible剧本（任务）。

[root@autodeploy ~]# cd /etc/ansible/roles/
[root@autodeploy roles]# git clone  https://github.com/wazuh/wazuh-ansible.git
Cloning into 'wazuh-ansible'...
remote: Enumerating objects: 14110, done.
remote: Counting objects: 100% (1061/1061), done.
remote: Compressing objects: 100% (347/347), done.
remote: Total 14110 (delta 634), reused 989 (delta 592), pack-reused 13049
Receiving objects: 100% (14110/14110), 5.11 MiB | 2.30 MiB/s, done.
Resolving deltas: 100% (8800/8800), done.

[root@autodeploy roles]# ls
wazuh-ansible

在这里可以看到ansible的剧本有6个，查看wazuh-manager.yml文件，可以看到非常简单，只有几行代码。

[root@autodeploy playbooks]# pwd
/etc/ansible/roles/wazuh-ansible/playbooks

[root@autodeploy playbooks]# cat wazuh-manager.yml 
---
- hosts: <WAZUH_MANAGER_HOST>
  roles:
    - role: ../roles/wazuh/ansible-wazuh-manager
    - role: ../roles/wazuh/ansible-filebeat
      filebeat_output_elasticsearch_hosts: <YOUR_ELASTICSEARCH_IP>:9200

修改默认的文件，把filebeat的两行注释掉，先不安装filebeta，并且在hosts的位置输入wazuh管理端的IP地址。

[root@autodeploy playbooks]# cat wazuh-manager.yml 
---
- hosts: 192.168.1.200
  roles:
    - role: ../roles/wazuh/ansible-wazuh-manager
    #- role: ../roles/wazuh/ansible-filebeat
    #  filebeat_output_elasticsearch_hosts: <YOUR_ELASTICSEARCH_IP>:9200

使用ansible-playbook命令执行编排的脚本安装

[root@autodeploy playbooks]# ansible-playbook wazuh-manager.yml -b -k
SSH password: 

PLAY [192.168.1.200] *********************
TASK [Gathering Facts] *******************
ok: [192.168.1.200]

TASK [../roles/wazuh/ansible-wazuh-manager : Overlay wazuh_manager_config on top of defaults] **********
ok: [192.168.1.200]

TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies] **************************************
changed: [192.168.1.200]

TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] *********************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml for 192.168.1.200

TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS 5 | Install Wazuh repo] **********************
skipping: [192.168.1.200]

TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS/Fedora | Install Wazuh repo] *****************
ok: [192.168.1.200]
...........................

另外两台centos和Ubuntu的客户端的操作步骤也是跟wazuh管理端一样，发送公钥过去进行通信。然后在ansible的hosts文件添加记录，并且使用ping命令进行测试。

[root@autodeploy playbooks]# cat /etc/ansible/hosts 
192.168.1.200 ansible_ssh_user=root
192.168.1.101 ansible_ssh_user=root
192.168.1.100 ansible_ssh_user=root

[root@autodeploy playbooks]# ansible all -m ping
192.168.1.200 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.1.101 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.1.100 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    }, 
    "changed": false, 
    "ping": "pong"
}

在agent.yml命令的hosts添加centos和ubuntu客户端的IP地址记录，并且在下面wazuh manager服务添加wazuh管理端的IP信息和端口信息。

[root@autodeploy playbooks]# cat agent.yml 
---
- hosts: 192.168.1.100,192.168.1.101
  roles:
    - ../roles/wazuh/ansible-wazuh-agent
  vars:
    wazuh_managers:
      - address: 192.168.1.200
        port: 1514
        protocol: tcp
        api_port: 55000
        api_proto: 'http'
        api_user: ansible
        max_retries: 5
        retry_interval: 5
    wazuh_agent_authd:
      registration_address: 192.168.1.200 
      enable: true
      port: 1515
      ssl_agent_ca: null
      ssl_auto_negotiate: 'no'

执行编排剧本进行安装。

[root@autodeploy playbooks]# ansible-playbook agent.yml -b -k
SSH password: 

PLAY [192.168.1.100,192.168.1.101] ************************************************************

TASK [Gathering Facts] ************************************************************************
ok: [192.168.1.100]
ok: [192.168.1.101]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] *****
ok: [192.168.1.100]
ok: [192.168.1.101]