Add Wazuh Cluster only playbook

[maumrsms]

Hello team!

I recently needed to work on an Ansible playbook to deploy 1 Wazuh cluster composed by 1 master node + 2 worker nodes only. No indexer, no dashboard, no Filebeat.

This is the playbook:

---
# Wazuh cluster
    - hosts: manager
      roles:
        - role: "../roles/wazuh/ansible-wazuh-manager"
      become: yes
      become_user: root
      vars:
        wazuh_manager_config:
          connection:
              - type: 'secure'
                port: '1514'
                protocol: 'tcp'
                queue_size: 131072
          api:
              https: 'yes'
          cluster:
              disable: 'no'
              node_name: 'master'
              node_type: 'master'
              key: 'c98b62a9b6169ac5f67dae55ae4a9088'
              nodes:
                  - "{{ hostvars.manager.private_ip }}"
              hidden: 'no'
        wazuh_api_users:
          - username: custom-user
            password: SecretPassword1!

    - hosts: worker
      roles:
        - role: "../roles/wazuh/ansible-wazuh-manager"
      become: yes
      become_user: root
      vars:
        wazuh_manager_config:
          connection:
              - type: 'secure'
                port: '1514'
                protocol: 'tcp'
                queue_size: 131072
          api:
              https: 'yes'
          cluster:
              disable: 'no'
              node_name: 'worker_01'
              node_type: 'worker'
              key: 'c98b62a9b6169ac5f67dae55ae4a9088'
              nodes:
                  - "{{ hostvars.manager.private_ip }}"
              hidden: 'no'
                
    - hosts: worker02
      roles:
        - role: "../roles/wazuh/ansible-wazuh-manager"
      become: yes
      become_user: root
      vars:
        wazuh_manager_config:
          connection:
              - type: 'secure'
                port: '1514'
                protocol: 'tcp'
                queue_size: 131072
          api:
              https: 'yes'
          cluster:
              disable: 'no'
              node_name: 'worker_02'
              node_type: 'worker'
              key: 'c98b62a9b6169ac5f67dae55ae4a9088'
              nodes:
                  - "{{ hostvars.manager.private_ip }}"
              hidden: 'no'

It would be useful for users to have a similar cluster deployment option in Wazuh Ansible files.

[teddytpc1]

Hi, @maumrsms is this really useful? Why would a user need to deploy Wazuh managers without the rest of the components?

[maumrsms]

Hello @teddytpc1!
Simply because not everybody uses Indexer/Elasticsearch. In fact this was requested by a BIG company that deploys clusters in a frequent manner.
Still, you are the one who will confirm how feasible this is maintain.
Let me know any comment!

[teddytpc1]

Alright, it makes sense. We will provide a new playbook for this case.
Thanks!

[teddytpc1]

The playbook was added and tested with three nodes:

• 2 RedHat 9 nodes
• 1 Ubuntu 20.04

The tests finished without errors.