re-factoring

ansible-role-elasticsearch/defaults/main.yml

@@ -4,4 +4,4 @@ elasticsearch_node_name: node-1
 elasticsearch_http_port: 9200
 elasticsearch_network_host: 127.0.0.1
 elasticsearch_jvm_xms: 1g
-elastic_stack_version: 5.4.0
+elastic_stack_version: 5.5.0

ansible-role-elasticsearch/tasks/RedHat.yml

@@ -12,11 +12,6 @@
   register: oracle_java_task_rpm_installed
   tags: install
 
-- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key
-  rpm_key:
-    key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
-    state: present
-
 - name: RedHat/CentOS/Fedora | Install Elastic repo
   yum_repository:
     name: elk_repo

ansible-role-filebeat/meta/main.yml

@@ -3,7 +3,7 @@ dependencies: []
 
 galaxy_info:
   author: Wazuh
-  description: Installing and maintaining Elasticsearch server.
+  description: Installing and maintaining filebeat server.
   company: wazuh.com
   license: license (GPLv3)
   min_ansible_version: 2.0

ansible-role-filebeat/tasks/RedHat.yml

@@ -1,9 +1,4 @@
 ---
-- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key.
-  rpm_key:
-    key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
-    state: present
-
 - name: RedHat/CentOS/Fedora | Install Filebeats repo
   yum_repository:
     name: elk_repo

ansible-role-kibana/defaults/main.yml

@@ -3,4 +3,4 @@ elasticsearch_http_port: "9200"
 elasticsearch_network_host: "127.0.0.1"
 kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
-elastic_stack_version: 5.4.0
+elastic_stack_version: 5.5.0

ansible-role-kibana/tasks/RedHat.yml

@@ -1,9 +1,4 @@
 ---
-- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key
-  rpm_key:
-    key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
-    state: present
-
 - name: RedHat/CentOS/Fedora | Install Elastic repo
   yum_repository:
     name: elk_repo

ansible-role-logstash/README.md

@@ -17,9 +17,17 @@ Role Variables
 --------------
 ```
   ---
+  logstash_create_config: true
+  logstash_input_beats: false
+
   elasticsearch_network_host: "127.0.0.1"
   elasticsearch_http_port: "9200"
   elastic_stack_version: 5.4.0
+
+  logstash_ssl: false
+  logstash_ssl_dir: /etc/pki/logstash
+  logstash_ssl_certificate_file: ""
+  logstash_ssl_key_file: ""
 ```
 
 Example Playbook

ansible-role-logstash/defaults/main.yml

@@ -4,7 +4,7 @@ logstash_input_beats: false
 
 elasticsearch_network_host: "127.0.0.1"
 elasticsearch_http_port: "9200"
-elastic_stack_version: 5.4.0
+elastic_stack_version: 5.5.0
 
 logstash_ssl: false
 logstash_ssl_dir: /etc/pki/logstash

ansible-role-logstash/tasks/RedHat.yml

@@ -12,11 +12,6 @@
   register: oracle_java_task_rpm_installed
   tags: install
 
-- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key.
-  rpm_key:
-    key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
-    state: present
-
 - name: RedHat/CentOS/Fedora | Install Logstash repo
   yum_repository:
     name: elk_repo

ansible-role-logstash/templates/wazuh-elastic5-template.json.j2

@@ -2,7 +2,9 @@
   "order": 0,
   "template": "wazuh*",
   "settings": {
-    "index.refresh_interval": "5s"
+    "index.refresh_interval": "5s",
+    "number_of_shards" :   1,
+    "number_of_replicas" : 0
   },
   "mappings": {
     "wazuh": {

wazuh-elk.yml

@@ -0,0 +1,9 @@
+- hosts: wazuh-manager
+  roles:
+    - role: ansible-wazuh-manager
+    - { role: ansible-role-filebeat, filebeat_output_logstash_hosts: '192.168.212.187:5000' }
+- hosts: elastic_stack
+  roles:
+    - { role: ansible-role-elasticsearch, elasticsearch_network_host: 'localhost' } 
+    - { role: ansible-role-logstash, logstash_input_beats: true, elasticsearch_network_host: 'localhost' } 
+    - { role: ansible-role-kibana, elasticsearch_network_host: 'localhost' } 

wazuh-logstash.yml

@@ -1,3 +1,3 @@
 - hosts: logstash
   roles:
-    - { role: ansible-role-logstash, elasticsearch_network_host: '192.168.33.182' } 
+    - { role: ansible-role-logstash, elasticsearch_network_host: 'localhost' } 

wazuh-manager.yml

@@ -1,4 +1,4 @@
 - hosts: wazuh-manager
   roles:
-    - role: ansible-wazuh-server
+    - role: ansible-wazuh-manager
     - { role: ansible-role-filebeat, filebeat_output_logstash_hosts: '192.168.33.169:5000' }