Merge pull request #26 from stackhpc/wazuh

Add option to deploy wazuh

Author: Alex-Welsh

.terraform.lock.hcl

@@ -125,6 +125,10 @@ Generate Terraform variables:
    storage_flavor = "general.v1.small"
    storage_disk_size = 100
 
+   deploy_wazuh = true
+   infra_vm_flavor = "general.v1.small"
+   infra_vm_disk_size = 100
+
    EOF
 
 You will need to set the `multinode_flavor`, `multinode_keypair`, `prefix`,
@@ -136,6 +140,10 @@ nodes. Both virtual machines and baremetal are supported, but the
 `controller_disk_size` and `compute_disk_size` must be set to 0 when using
 baremetal host. This will stop a block device being allocated.
 
+If `deploy_wazuh` is set to true, an infrastructure VM will be created that
+hosts the Wazuh manager. The Wazuh deployment playbooks will also be triggered
+automatically to deploy Wazuh agents to the overcloud hosts.
+
 Generate a plan:
 
 .. code-block:: console

README.rst

@@ -59,6 +59,7 @@
       loop:
         - overcloud-host-configure/pre.d/
         - seed-host-configure/pre.d/
+        - infra-vm-host-configure/pre.d/
 
     - name: Ensure Kayobe hooks are present
       ansible.builtin.file:
@@ -73,6 +74,9 @@
         - { src: growroot.yml, dest: seed-host-configure/pre.d/5-growroot.yml }
         - { src: fix-networking.yml, dest: seed-host-configure/pre.d/15-fix-networking.yml }
         - { src: configure-vxlan.yml, dest: seed-host-configure/pre.d/20-configure-vxlan.yml }
+        - { src: growroot.yml, dest: infra-vm-host-configure/pre.d/5-growroot.yml }
+        - { src: fix-networking.yml, dest: infra-vm-host-configure/pre.d/15-fix-networking.yml }
+        - { src: configure-vxlan.yml, dest: infra-vm-host-configure/pre.d/20-configure-vxlan.yml }
 
 
     - name: Ensure Admin Overcloud Network file is present

ansible/deploy-openstack-config.yml

@@ -134,3 +134,27 @@ resource "openstack_compute_instance_v2" "storage" {
     create = "90m"
   }
 }
+
+resource "openstack_compute_instance_v2" "wazuh_manager" {
+  name         = format("%s-wazuh-manager-%02d", var.prefix, count.index + 1)
+  flavor_name  = var.infra_vm_flavor
+  key_pair     = resource.openstack_compute_keypair_v2.keypair.name
+  image_name   = var.multinode_image
+  config_drive = true
+  user_data    = file("templates/userdata.cfg.tpl")
+  count        = var.deploy_wazuh ? 1 : 0
+  network {
+    name = var.multinode_vm_network
+  }
+  block_device {
+    uuid                  = data.openstack_images_image_v2.multinode_image.id
+    source_type           = "image"
+    volume_size           = var.infra_vm_disk_size
+    boot_index            = 0
+    destination_type      = "volume"
+    delete_on_termination = true
+  }
+  timeouts {
+    create = "90m"
+  }
+}

compute_instances.tf

@@ -11,6 +11,7 @@ resource "local_file" "hosts" {
       ansible_control_hostname = openstack_compute_instance_v2.ansible_control.name
       storage_hostname         = openstack_compute_instance_v2.storage.*.name
       seed_hostname            = openstack_compute_instance_v2.seed.name
+      wazuh_manager_hostname   = openstack_compute_instance_v2.wazuh_manager.*.name
     }
   )
   filename        = "ansible/files/hosts"
@@ -32,6 +33,8 @@ resource "local_file" "admin_networks" {
       storage                  = openstack_compute_instance_v2.storage.*.access_ip_v4
       seed_hostname            = openstack_compute_instance_v2.seed.name
       seed                     = openstack_compute_instance_v2.seed.access_ip_v4
+      wazuh_manager_hostname   = openstack_compute_instance_v2.wazuh_manager.*.name
+      wazuh_manager            = openstack_compute_instance_v2.wazuh_manager.*.access_ip_v4
     }
   )
   filename        = "ansible/files/admin-oc-networks.yml"
@@ -54,8 +57,9 @@ resource "local_file" "deploy_openstack" {
   content = templatefile(
     "${path.module}/templates/deploy-openstack.tpl",
     {
-      seed_addr   = openstack_compute_instance_v2.seed.access_ip_v4
-      ssh_user    = var.ssh_user
+      seed_addr    = openstack_compute_instance_v2.seed.access_ip_v4,
+      ssh_user     = var.ssh_user,
+      deploy_wazuh = var.deploy_wazuh
     }
   )
   filename        = "ansible/files/deploy-openstack.sh"

outputs.tf

@@ -14,4 +14,7 @@ admin_oc_ips:
   ${seed_hostname}: ${seed}
 %{ for hostname, addr in zipmap(storage_hostname, storage) ~}
   ${ hostname }: ${ addr }
-%{ endfor ~}
+%{ endfor ~}
+%{ for hostname, addr in zipmap(wazuh_manager_hostname, wazuh_manager) ~}
+  ${ hostname }: ${ addr }
+%{ endfor ~}

templates/admin-oc-networks.tpl

@@ -45,6 +45,7 @@ set -x
 kayobe control host bootstrap
 kayobe seed host configure
 kayobe overcloud host configure
+%{ if deploy_wazuh }kayobe infra vm host configure%{ endif }
 
 kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/cephadm-deploy.yml
 sleep 30
@@ -53,6 +54,13 @@ kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/cephadm-gather-keys.yml
 
 kayobe overcloud service deploy
 
+%{ if deploy_wazuh }
+kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-secrets.yml
+ansible-vault encrypt --vault-password-file ~/vault.password  $KAYOBE_CONFIG_PATH/environments/ci-multinode/wazuh-secrets.yml
+kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml
+kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-agent.yml
+%{ endif }
+
 activate_virt_env "openstack"
 activate_kayobe_env
 

templates/deploy-openstack.tpl

@@ -39,3 +39,11 @@ ${ element }
 
 [monitoring:children]
 controllers
+
+[wazuh-manager]
+%{ for element in wazuh_manager_hostname ~}
+${ element }
+%{ endfor ~}
+
+[infra-vms:children]
+wazuh-manager

templates/hosts.tpl

@@ -51,6 +51,10 @@ variable "storage_flavor" {
   type = string
 }
 
+variable "infra_vm_flavor" {
+  type = string
+}
+
 variable "multinode_vm_network" {
   type = string
 }
@@ -86,3 +90,15 @@ variable "storage_disk_size" {
   type = number
   default = 100
 }
+
+variable "infra_vm_disk_size" {
+  description = "Block storage root disk size for infrastructure VMs."
+  type = number
+  default = 100
+}
+
+variable "deploy_wazuh" {
+  description = "Bool, whether or not to deploy Wazuh."
+  type = bool
+  default = false
+}