Wazuh agent

This role is designed to install and configure the Wazuh agent on different hosts. There are agent installer packages for Linux, macOS, and Windows endpoints. This role can also enroll the agent in the Wazuh manager. Below are some variables you can use to customize the installation:

• wazuh_managers: This specifies a list of Wazuh manager node(s) for Wazuh agents to report to.

• wazuh_agent_authd: This specifies a set of options to register the Wazuh agent on the Wazuh server with. This requires the wazuh-authd service to be running on the Wazuh server.

To use the role in a playbook, the wazuh-agent.yml file can be created with the contents below:

- hosts: all:!wazuh-manager
  roles:
   - ansible-wazuh-agent

You can maintain different environments using a variable definition YAML file for each one:

• For a production environment, the variables can be saved in vars-production.yml:

wazuh_managers:
  - address: 10.1.1.12
    port: 1514
    protocol: udp
wazuh_agent_authd:
  registration_address: 10.1.1.12
  enable: true
  port: 1515
  ssl_agent_ca: null
  ssl_auto_negotiate: 'no'

• For a development environment, the variables can be saved in vars-development.yml:

wazuh_managers:
  - address: 192.168.0.10
    port: 1514
    protocol: udp
wazuh_agent_authd:
  registration_address: 192.168.0.10
  enable: true
  port: 1515
  ssl_agent_ca: null
  ssl_auto_negotiate: 'no'

To execute the playbook for a specific environment, run the command below:

$ ansible-playbook wazuh-agent.yml -e@vars-production.yml

The example above for a production environment will install a Wazuh agent in all host groups except the wazuh-manager group. Then, it will register them to the Wazuh manager with IP address 10.1.1.12.

Please review the variables references section to see all variables available for this role.