Adapt automation that uses the allocator

[fcaffieri]

Description

Due to the changes requested in issue #2079, modifications were made to the inventory generated by the Allocator.
The output format of inventory.yaml was modified to be in Ansible format.

Previous format:

ansible_connection:ssh
ansible_host: ec2-34-204-85-128.compute-1.amazonaws.com
ansible_port: 2200
ansible_ssh_common_args: -o StrictHostKeyChecking=no
ansible_ssh_private_key_file: /tmp/wazuh-devops-testing-machines/wia-155/wia-155-23-01-2025-19-39
ansible_user: ubuntu

New format:

all:
  hosts:
    i-0296704b894b571b5:
      ansible_connection: ssh
      ansible_host: ec2-107-21-70-81.compute-1.amazonaws.com
      ansible_port: 2200
      ansible_ssh_common_args: -o StrictHostKeyChecking=no
      ansible_ssh_private_key_file: /tmp/wazuh-qa/automation-2036-ubuntu-22.04-691/automation-2036-ubuntu-22.04-key-7074
      ansible_user: ubuntu

This format is valid to be executed directly with an ansible playbook. For more detailed examples see this comment

Review any automation that uses the inventory of Allocator to adapt them to the new format.

The objective of this issue is to modify the automation that utilizes the allocator; these modifications will take effect from version 4.12.0 onwards.
For testing you can use the branches:

• Based on main: enhancement/2079-adapt-allocator-to-generate-ansible-inventory-to-master
• Based on 4.12.0: enhancement/2079-adapt-allocator-to-generate-ansible-inventory

Approved by

DRI name:

[fcaffieri]

Update report

Working on the inventory adaptations to use the one generated by the allocator.
Several issues were found:

• For distributed, the inventory generated by the allocator is not viable, since it generates 1 YAML for each execution of the allocator and it was necessary to adapt this to generate a YAML like the following:

wi1:
  hosts:
    i-0293e84cf7901cd03:
      ansible_connection: ssh
      ansible_host: ec2-100-28-210-189.compute-1.amazonaws.com
      ansible_port: 2200
      ansible_ssh_common_args: -o StrictHostKeyChecking=no
      ansible_ssh_private_key_file: /tmp/allocator_instance/gha_ansible_key_1739915555
      ansible_user: cloud-user
      private_ip: 172.31.68.169

wi_cluster:
  hosts:
    i-0c2debefee36512f3:
      ansible_connection: ssh
      ansible_host: ec2-3-236-142-40.compute-1.amazonaws.com
      ansible_port: 2200
      ansible_ssh_common_args: -o StrictHostKeyChecking=no
      ansible_ssh_private_key_file: /tmp/allocator_instance/gha_ansible_key_1739915555
      ansible_user: cloud-user
      private_ip: 172.31.66.141
    i-0df110750bd8bd576:
      ansible_connection: ssh
      ansible_host: ec2-44-220-49-88.compute-1.amazonaws.com
      ansible_port: 2200
      ansible_ssh_common_args: -o StrictHostKeyChecking=no
      ansible_ssh_private_key_file: /tmp/allocator_instance/gha_ansible_key_1739915555
      ansible_user: cloud-user
      private_ip: 172.31.76.57
manager:
  hosts:
    i-0a051b5766f469421:
      ansible_connection: ssh
      ansible_host: ec2-44-222-187-199.compute-1.amazonaws.com
      ansible_port: 2200
      ansible_ssh_common_args: -o StrictHostKeyChecking=no
      ansible_ssh_private_key_file: /tmp/allocator_instance/gha_ansible_key_1739915555
      ansible_user: cloud-user
      private_ip: 172.31.70.22
worker:
  hosts:
    i-07a264e2092d6e241:
      ansible_connection: ssh
      ansible_host: ec2-44-211-234-29.compute-1.amazonaws.com
      ansible_port: 2200
      ansible_ssh_common_args: -o StrictHostKeyChecking=no
      ansible_ssh_private_key_file: /tmp/allocator_instance/gha_ansible_key_1739915555
      ansible_user: cloud-user
      private_ip: 172.31.72.207
dashboard:
  hosts:
    i-07a63c23287a5472b:
      ansible_connection: ssh
      ansible_host: ec2-44-221-44-223.compute-1.amazonaws.com
      ansible_port: 2200
      ansible_ssh_common_args: -o StrictHostKeyChecking=no
      ansible_ssh_private_key_file: /tmp/allocator_instance/gha_ansible_key_1739915555
      ansible_user: cloud-user
      private_ip: 172.31.74.105

vars:
  wazuh_template_branch: enhancement/1543-adapt-automations-to-new-inventory

• Then for AIO, another problem was found, since the playbooks expect a YAML format, different from the one generated by the allocator, in this case, the solution was simple and was applied as follows:

aio:
  hosts:
    i-0c2ca827c11d3be2f:
    ansible_connection: ssh
    ansible_host: ec2-44-210-239-230.compute-1.amazonaws.com
    ansible_port: 2200
    ansible_ssh_common_args: -o StrictHostKeyChecking=no
    ansible_ssh_private_key_file: /tmp/allocator_instance/gha_ansible_CentOS_8_13399609272-8347/gha_ansible_CentOS_8_13399609272-key-4845
    ansible_user: cloud-user
  vars:
    wazuh_template_branch: enhancement/1543-adapt-automations-to-new-inventory

• An error was found executing the workflows, because there are no packages for 5.0.0 and all the changes required for this issue are for version 5.0.0, since in previous versions the allocator is not used to raise instances.

• Another issue was found for distributed, which requires adapting all playbooks and roles (this is currently being worked on). They expect an ini-type format with predefined variables that differ from the allocator's.
  This issue generates errors of the following type:

fatal: [i-0293e84cf7901cd03 -> localhost]: FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: {'node1': {'name': 'node-1', 'ip': '{{ hostvars.wi1.private_ip }}', 'role': 'indexer'}, 'node2': {'name': 'node-2', 'ip': '{{ hostvars.wi2.private_ip }}', 'role': 'indexer'}, 'node3': {'name': 'node-3', 'ip': '{{ hostvars.wi3.private_ip }}', 'role': 'indexer'}, 'node4': {'name': 'node-4', 'ip': '{{ hostvars.manager.private_ip }}', 'role': 'wazuh', 'node_type': 'master'}, 'node5': {'name': 'node-5', 'ip': '{{ hostvars.worker.private_ip }}', 'role': 'wazuh', 'node_type': 'worker'}, 'node6': {'name': 'node-6', 'ip': '{{ hostvars.dashboard.private_ip }}', 'role': 'dashboard'}}: \"hostvars['wi1']\" is undefined. \"hostvars['wi1']\" is undefined. {'node1': {'name': 'node-1', 'ip': '{{ hostvars.wi1.private_ip }}', 'role': 'indexer'}, 'node2': {'name': 'node-2', 'ip': '{{ hostvars.wi2.private_ip }}', 'role': 'indexer'}, 'node3': {'name': 'node-3', 'ip': '{{ hostvars.wi3.private_ip }}', 'role': 'indexer'}, 'node4

[YisDav]

Update

Test have been performed with some changes and adjustments. It has been mainly adapted the creation of the definitive inventory file (ini format) using the information from the new allocator-generated YAML inventory. This way, the ini inventory is prepared before Ansible is executed.

All checks for PR have been passed. meaning that both distributed and aio deployments were successful.
/~https://github.com/wazuh/wazuh-ansible/pull/1561/checks?check_run_id=37616507953

For these checks there are two temporal commits added. In summary, these commits made changes to use 4.x versions and use the right automation branch, so test could be performed. They are better explained in the PR.

Distributed

Workflow execution: here

Execution results:

AIO

Workflow execution: here

Execution results: