nikola
49 lines
1.7 KiB
Markdown
49 lines
1.7 KiB
Markdown
# Wazuh on Proxmox - Plan
|
|
|
|
## Goal
|
|
Provision one VM on local Proxmox using Terraform and install Wazuh all-in-one
|
|
automatically.
|
|
|
|
## Current Assets
|
|
- Ready single-VM Proxmox Terraform baseline in `sources/iac-test/main.tf`.
|
|
- Ready multi-VM reference in `sources/multi-vm-iac/main.tf`.
|
|
- Known working Proxmox params from existing code:
|
|
- endpoint `https://10.0.50.110:8006/`
|
|
- node `rbmk2`
|
|
- template VM ID `169`
|
|
- bridge `vmbr0`
|
|
- cloud-init user `devops`
|
|
|
|
## Selected Base
|
|
Use `iac-test` as base because target is one VM for Wazuh.
|
|
|
|
## Work Plan
|
|
1. Create clean Terraform project structure from single-VM base:
|
|
- `main.tf`, `variables.tf`, `outputs.tf`, `versions.tf`
|
|
- `terraform.tfvars.example`
|
|
2. Parameterize all environment-specific values:
|
|
- Proxmox endpoint/token file path/node/template/datastore/bridge
|
|
- VM name, CPU, RAM, disk, IP, gateway, SSH key, SSH port
|
|
3. Add cloud-init/user-data provisioning for Wazuh:
|
|
- OS packages and prerequisites
|
|
- run `wazuh-install.sh -a`
|
|
- ensure services are enabled and started
|
|
4. Add post-deploy validation outputs:
|
|
- VM IP
|
|
- dashboard URL
|
|
- quick health commands
|
|
5. Add runbook (`README.md`) with exact operator commands:
|
|
- `terraform init`
|
|
- `terraform plan -var-file=...`
|
|
- `terraform apply -var-file=...`
|
|
- access + agent enrollment steps
|
|
6. Optional hardening pass:
|
|
- split Wazuh install from VM creation (null_resource/ansible)
|
|
- add destroy safeguards and tags
|
|
|
|
## Open Inputs Needed Before Apply
|
|
- Final static IP for Wazuh VM in LAN.
|
|
- Whether to keep default Wazuh ports (443, 1514, 1515) exposed as-is.
|
|
- Template `169` confirmation (cloud-init enabled and qemu-guest-agent present).
|
|
|