From a1359495a98a966851f171f238b7f372c46f8a78 Mon Sep 17 00:00:00 2001
From: Manuel Gutierrez <manuel.gutierrez@wazuh.com>
Date: Tue, 24 Sep 2019 10:57:23 +0200
Subject: [PATCH 1/4] Fix linting: trailing whitespace

---
 roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
index 85706199..af17e528 100644
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
@@ -76,7 +76,7 @@
     mode: 0660
   notify: restart elasticsearch
   tags: configure
-  
+
 - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf
   lineinfile:
     path: /etc/security/limits.conf

From 02425e0c85a15157882f5db6f559acd12383a945 Mon Sep 17 00:00:00 2001
From: Manuel Gutierrez <manuel.gutierrez@wazuh.com>
Date: Tue, 24 Sep 2019 11:09:21 +0200
Subject: [PATCH 2/4] Fix linting errors

Fixed linting on xpack_security.yml
---
 .../tasks/xpack_security.yml                  | 67 +++++++++----------
 1 file changed, 33 insertions(+), 34 deletions(-)

diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
index e64b71df..046c3382 100644
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
@@ -39,7 +39,7 @@
   when:
     - node_certs_generator
 
-- name: Importing custom CA key 
+- name: Importing custom CA key
   copy:
     src: "{{ master_certs_path }}/ca/{{ ca_key_name }}"
     dest: "{{ node_certs_source }}/{{ ca_key_name }}"
@@ -61,7 +61,7 @@
 
 - name: Generating certificates for Elasticsearch security (generating CA)
   shell: >-
-    /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in 
+    /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in
     {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip
   when:
     - node_certs_generator
@@ -70,37 +70,37 @@
   tags: xpack-security
 
 - name: Generating certificates for Elasticsearch security (using provided CA | Without CA Password)
-  shell: >- 
-    /usr/share/elasticsearch/bin/elasticsearch-certutil cert 
-    --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} 
+  shell: >-
+    /usr/share/elasticsearch/bin/elasticsearch-certutil cert
+    --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }}
     --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip
   when:
     - node_certs_generator
     - not xpack_certs_zip.stat.exists
     - not generate_CA
-    - ca_password == ""
+    - ca_password | length == 0
   tags: xpack-security
 
 - name: Generating certificates for Elasticsearch security (using provided CA | Using CA Password)
-  shell: >- 
-    /usr/share/elasticsearch/bin/elasticsearch-certutil cert 
-    --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} 
-    --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip 
-    --ca-pass {{ca_password}}
+  shell: >-
+    /usr/share/elasticsearch/bin/elasticsearch-certutil cert
+    --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }}
+    --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip
+    --ca-pass {{ ca_password }}
   when:
     - node_certs_generator
     - not xpack_certs_zip.stat.exists
     - not generate_CA
-    - ca_password != ""
-  tags: xpack-security 
-  
+    - ca_password | length > 0
+  tags: xpack-security
+
 - name: Verify the Elastic certificates directory
   file:
     path: "{{ master_certs_path }}"
     state: directory
     mode: '0700'
   delegate_to: "127.0.0.1"
-  when: 
+  when:
     - node_certs_generator
 
 - name: Verify the Certificates Authority directory
@@ -109,7 +109,7 @@
     state: directory
     mode: '0700'
   delegate_to: "127.0.0.1"
-  when: 
+  when:
     - node_certs_generator
 
 - name: Copying certificates to Ansible master
@@ -118,7 +118,7 @@
     dest: "{{ master_certs_path }}/"
     flat: yes
     mode: 0700
-  when: 
+  when:
     - node_certs_generator
   tags: xpack-security
 
@@ -126,39 +126,39 @@
   file:
     state: absent
     path: "{{ node_certs_source }}/certs.zip"
-  when: 
+  when:
     - node_certs_generator
-    
+
 - name: Unzip generated certs.zip
   unarchive:
-    src: "{{master_certs_path}}/certs.zip"
-    dest: "{{master_certs_path}}/"
+    src: "{{ master_certs_path }}/certs.zip"
+    dest: "{{ master_certs_path }}/"
   become: true
   delegate_to: "127.0.0.1"
-  when: 
+  when:
     - node_certs_generator
   tags: xpack-security
 
 - name: Copying node's certificate from master
   copy:
-    src: "{{item}}"
-    dest: "{{node_certs_destination}}/"
+    src: "{{ item }}"
+    dest: "{{ node_certs_destination }}/"
   with_items:
-    - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" 
-    - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt"
-    - "{{master_certs_path}}/ca/ca.crt"
+    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key"
+    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt"
+    - "{{ master_certs_path }}/ca/ca.crt"
   when:
     - generate_CA
   tags: xpack-security
 
 - name: Copying node's certificate from master (Custom CA)
   copy:
-    src: "{{item}}"
-    dest: "{{node_certs_destination}}/"
-  with_items: 
-    - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" 
-    - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt"
-    - "{{master_certs_path}}/ca/{{ca_cert_name}}"
+    src: "{{ item }}"
+    dest: "{{ node_certs_destination }}/"
+  with_items:
+    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key"
+    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt"
+    - "{{ master_certs_path }}/ca/{{ ca_cert_name }}"
   when:
     - not generate_CA
   tags: xpack-security
@@ -179,4 +179,3 @@
      echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password
   when:
     - node_certs_generator
-    
\ No newline at end of file

From 534704f115628b6d92a8f81100f56d7b64a1c1b2 Mon Sep 17 00:00:00 2001
From: Manuel Gutierrez <manuel.gutierrez@wazuh.com>
Date: Tue, 24 Sep 2019 12:47:28 +0200
Subject: [PATCH 3/4] Fix linting errors on vars

---
 roles/wazuh/ansible-filebeat/tasks/main.yml | 26 ++++++++++-----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml
index 7cd01cbd..85bd17e1 100644
--- a/roles/wazuh/ansible-filebeat/tasks/main.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/main.yml
@@ -28,25 +28,25 @@
 
 - name: Copying node's certificate from master
   copy:
-    src: "{{item}}"
-    dest: "{{node_certs_destination}}/"
-  with_items: 
-    - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.key" 
-    - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.crt"
-    - "{{master_certs_path}}/ca/ca.crt"
+    src: "{{ item }}"
+    dest: "{{ node_certs_destination }}/"
+  with_items:
+    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
+    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt"
+    - "{{ master_certs_path }}/ca/ca.crt"
   when:
     - generate_CA
     - filebeat_xpack_security
   tags: xpack-security
-  
+
 - name: Copying node's certificate from master (Custom CA)
   copy:
-    src: "{{item}}"
-    dest: "{{node_certs_destination}}/"
-  with_items: 
-    - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.key" 
-    - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.crt"
-    - "{{master_certs_path}}/ca/{{ca_cert_name}}"
+    src: "{{ item }}"
+    dest: "{{ node_certs_destination }}/"
+  with_items:
+    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
+    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt"
+    - "{{ master_certs_path }}/ca/{{ ca_cert_name }}"
   when:
     - not generate_CA
     - filebeat_xpack_security

From 4f955fe4988b19c433342daeed87e1bc852b5c78 Mon Sep 17 00:00:00 2001
From: Manuel Gutierrez <manuel.gutierrez@wazuh.com>
Date: Tue, 24 Sep 2019 12:49:26 +0200
Subject: [PATCH 4/4] Switch tasks from shell to command

---
 .../tasks/xpack_security.yml                  | 23 +++++++++++--------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
index 046c3382..650692c5 100644
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
@@ -60,9 +60,10 @@
   tags: xpack-security
 
 - name: Generating certificates for Elasticsearch security (generating CA)
-  shell: >-
-    /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in
-    {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip
+  command: >-
+    /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem
+    --in {{ node_certs_source }}/instances.yml
+    --out {{ node_certs_source }}/certs.zip
   when:
     - node_certs_generator
     - not xpack_certs_zip.stat.exists
@@ -70,10 +71,12 @@
   tags: xpack-security
 
 - name: Generating certificates for Elasticsearch security (using provided CA | Without CA Password)
-  shell: >-
+  command: >-
     /usr/share/elasticsearch/bin/elasticsearch-certutil cert
-    --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }}
-    --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip
+    --ca-key {{ node_certs_source }}/{{ ca_key_name }}
+    --ca-cert {{ node_certs_source }}/{{ ca_cert_name }}
+    --pem --in {{ node_certs_source }}/instances.yml
+    --out {{ node_certs_source }}/certs.zip
   when:
     - node_certs_generator
     - not xpack_certs_zip.stat.exists
@@ -82,9 +85,10 @@
   tags: xpack-security
 
 - name: Generating certificates for Elasticsearch security (using provided CA | Using CA Password)
-  shell: >-
+  command: >-
     /usr/share/elasticsearch/bin/elasticsearch-certutil cert
-    --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }}
+    --ca-key {{ node_certs_source }}/{{ ca_key_name }}
+    --ca-cert {{ node_certs_source }}/{{ ca_cert_name }}
     --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip
     --ca-pass {{ ca_password }}
   when:
@@ -175,7 +179,8 @@
   tags: xpack-security
 
 - name: Set elasticsearch bootstrap password
-  shell: >-
+  command: >-
+     set -o pipefail
      echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password
   when:
     - node_certs_generator