From f0f54b63a658eeb41c579f3a2859ddbb50293582 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 30 Oct 2019 16:01:32 +0100 Subject: [PATCH 1/3] Rename "elasticsearch_master_candidate" to "elasticsearch_node_master" --- roles/elastic-stack/ansible-elasticsearch/README.md | 10 +++++----- .../ansible-elasticsearch/defaults/main.yml | 2 +- .../templates/elasticsearch.yml.j2 | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 388affce..c574aa9f 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -48,11 +48,11 @@ Example Playbook - hosts: 172.16.0.162 roles: - - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.162', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.162', elasticsearch_node_master: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} - hosts: 172.16.0.163 roles: - - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_node_master: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} ``` - Three nodes Elasticsearch cluster with XPack security @@ -64,7 +64,7 @@ Example Playbook elasticsearch_network_host: 172.16.0.111 elasticsearch_node_name: node-1 single_node: false - elasticsearch_master_candidate: true + elasticsearch_node_master: true elasticsearch_bootstrap_node: true elasticsearch_cluster_nodes: - 172.16.0.111 @@ -97,7 +97,7 @@ Example Playbook elasticsearch_node_name: node-2 single_node: false elasticsearch_xpack_security: true - elasticsearch_master_candidate: true + elasticsearch_node_master: true node_certs_generator_ip: 172.16.0.111 elasticsearch_discovery_nodes: - 172.16.0.111 @@ -111,7 +111,7 @@ Example Playbook elasticsearch_node_name: node-3 single_node: false elasticsearch_xpack_security: true - elasticsearch_master_candidate: true + elasticsearch_node_master: true node_certs_generator_ip: 172.16.0.111 elasticsearch_discovery_nodes: - 172.16.0.111 diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 87381a4e..abf3161c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -8,7 +8,7 @@ elasticsearch_jvm_xms: null elastic_stack_version: 7.3.2 single_node: true elasticsearch_bootstrap_node: false -elasticsearch_master_candidate: false +elasticsearch_node_master: false elasticsearch_cluster_nodes: - 127.0.0.1 elasticsearch_discovery_nodes: diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 2bb6ebe4..4f8d56cc 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -20,7 +20,7 @@ discovery.seed_hosts: - {{ item }} {% endfor %} {% else %} -node.master: {{ elasticsearch_master_candidate|lower }} +node.master: {{ elasticsearch_node_master|lower }} discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} From 9020e06ec8d330276439faf78bcbb012281bfbc2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 30 Oct 2019 16:01:56 +0100 Subject: [PATCH 2/3] Update ES parameters with new node.ingest and node.data variables --- .../ansible-elasticsearch/defaults/main.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index abf3161c..bcd81183 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -1,20 +1,25 @@ --- -elasticsearch_cluster_name: wazuh -elasticsearch_node_name: node-1 + elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.3.2 +elasticsearch_lower_disk_requirements: false + +# Cluster Settings single_node: true +elasticsearch_cluster_name: wazuh +elasticsearch_node_name: node-1 elasticsearch_bootstrap_node: false elasticsearch_node_master: false elasticsearch_cluster_nodes: - 127.0.0.1 elasticsearch_discovery_nodes: - 127.0.0.1 +elasticsearch_node_data: true +elasticsearch_node_ingest: true -elasticsearch_lower_disk_requirements: false # X-Pack Security elasticsearch_xpack_security: false elasticsearch_xpack_security_user: elastic @@ -24,8 +29,6 @@ node_certs_generator: false node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/elasticsearch/certs - - # CA generation master_certs_path: /es_certs generate_CA: true From a46b681dcfc32f655ed4e93a09e1b4e5d9fa190e Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 30 Oct 2019 16:02:26 +0100 Subject: [PATCH 3/3] Update elasticsearch.yml to render node.data and .ingest vars --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 4f8d56cc..0d6887f5 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -21,6 +21,12 @@ discovery.seed_hosts: {% endfor %} {% else %} node.master: {{ elasticsearch_node_master|lower }} +{% if elasticsearch_node_data|lower == 'false' %} +node.data: false +{% endif %} +{% if elasticsearch_node_ingest|lower == 'false' %} +node.ingest: false +{% endif %} discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} @@ -34,9 +40,8 @@ cluster.routing.allocation.disk.watermark.low: 500mb cluster.routing.allocation.disk.watermark.high: 300mb {% endif %} -# XPACK Security - {% if elasticsearch_xpack_security %} +# XPACK Security xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate