--- - name: Verify wazuh role hosts: localhost gather_facts: false vars: wazuh_data_dir: /tmp/sovereign_test/wazuh wazuh_domain: wazuh.test.example.com wazuh_admin_password: test_wazuh_admin wazuh_version: "4.9.0" tenant_name: Test Corp tasks: - name: Check wazuh data directory exists ansible.builtin.stat: path: "/tmp/sovereign_test/wazuh" register: data_dir_stat - name: Assert wazuh data directory is present ansible.builtin.assert: that: data_dir_stat.stat.isdir fail_msg: "Data directory /tmp/sovereign_test/wazuh was not created" - name: Check config subdirectory exists ansible.builtin.stat: path: "/tmp/sovereign_test/wazuh/config" register: config_dir_stat - name: Assert config subdirectory is present ansible.builtin.assert: that: config_dir_stat.stat.isdir fail_msg: "Config directory /tmp/sovereign_test/wazuh/config was not created" - name: Check dashboard-config subdirectory exists ansible.builtin.stat: path: "/tmp/sovereign_test/wazuh/dashboard-config" register: dashboard_config_dir_stat - name: Assert dashboard-config subdirectory is present ansible.builtin.assert: that: dashboard_config_dir_stat.stat.isdir fail_msg: "Dashboard-config directory /tmp/sovereign_test/wazuh/dashboard-config was not created" - name: Check opensearch_dashboards.yml exists ansible.builtin.stat: path: "/tmp/sovereign_test/wazuh/dashboard-config/opensearch_dashboards.yml" register: dashboards_config_stat - name: Assert opensearch_dashboards.yml was rendered ansible.builtin.assert: that: dashboards_config_stat.stat.exists fail_msg: "dashboard-config/opensearch_dashboards.yml was not rendered for wazuh" - name: Read opensearch_dashboards.yml ansible.builtin.slurp: src: "/tmp/sovereign_test/wazuh/dashboard-config/opensearch_dashboards.yml" register: dashboards_config_raw - name: Set dashboards config content fact ansible.builtin.set_fact: dashboards_config: "{{ dashboards_config_raw.content | b64decode }}" - name: Assert dashboards config contains tenant branding title ansible.builtin.assert: that: "'Test Corp Security' in dashboards_config" fail_msg: "opensearch_dashboards.yml does not contain 'Test Corp Security'" - name: Assert dashboards config contains admin password ansible.builtin.assert: that: "'test_wazuh_admin' in dashboards_config" fail_msg: "opensearch_dashboards.yml does not contain test_wazuh_admin password" - name: Check docker-compose.yml exists ansible.builtin.stat: path: "/tmp/sovereign_test/wazuh/docker-compose.yml" register: compose_stat - name: Assert docker-compose.yml was rendered ansible.builtin.assert: that: compose_stat.stat.exists fail_msg: "docker-compose.yml was not rendered for wazuh" - name: Read docker-compose.yml ansible.builtin.slurp: src: "/tmp/sovereign_test/wazuh/docker-compose.yml" register: compose_raw - name: Set compose content fact ansible.builtin.set_fact: compose: "{{ compose_raw.content | b64decode }}" - name: Assert wazuh-manager image with version is present ansible.builtin.assert: that: "'wazuh/wazuh-manager:4.9.0' in compose" fail_msg: "wazuh/wazuh-manager:4.9.0 image not found in docker-compose.yml" - name: Assert wazuh-dashboard image with version is present ansible.builtin.assert: that: "'wazuh/wazuh-dashboard:4.9.0' in compose" fail_msg: "wazuh/wazuh-dashboard:4.9.0 image not found in docker-compose.yml" - name: Assert wazuh domain traefik rule is present ansible.builtin.assert: that: "'Host(`wazuh.test.example.com`)' in compose" fail_msg: "Traefik rule for wazuh.test.example.com not found in docker-compose.yml" - name: Assert admin password is present in compose ansible.builtin.assert: that: "'test_wazuh_admin' in compose" fail_msg: "wazuh_admin_password not found in docker-compose.yml" - name: Assert GELF logging address is present ansible.builtin.assert: that: "'udp://127.0.0.1:12201' in compose" fail_msg: "GELF logging address udp://127.0.0.1:12201 not found in docker-compose.yml" - name: Assert sovereign network is external ansible.builtin.assert: that: "'external: true' in compose" fail_msg: "external: true not found in docker-compose.yml networks section"