diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 01a1923e..f5c4e07e 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -26,12 +26,6 @@ minimum_master_nodes: 2 # Example es1.example.com, es2.example.com domain_name: wazuh.com -# The Wazuh indexer package repository -package_repos: - apt: - openjdk: - baseurl: 'deb http://deb.debian.org/debian stretch-backports main' - indexer_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools indexer_conf_path: /etc/wazuh-indexer/ @@ -46,11 +40,6 @@ indexer_jvm_xms: null indexer_http_port: 9200 -certs_gen_tool_version: 4.3 - -# Url of certificates generator tool -certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" - indexer_admin_password: changeme dashboard_password: changeme diff --git a/roles/wazuh/wazuh-indexer/tasks/Debian.yml b/roles/wazuh/wazuh-indexer/tasks/Debian.yml index 9b6ef404..2c2b370b 100644 --- a/roles/wazuh/wazuh-indexer/tasks/Debian.yml +++ b/roles/wazuh/wazuh-indexer/tasks/Debian.yml @@ -16,30 +16,11 @@ ] state: present - - name: Add the repository key for Debian's Stretch Backports repository - ansible.builtin.apt_key: - keyserver: keyserver.ubuntu.com - id: 648ACFD622F3D138 - - - name: Add openjdk repository - apt_repository: - repo: "{{ package_repos.apt.openjdk.baseurl }}" - state: present - update_cache: yes - filename: 'wazuh-openjdk' - -- name: Install openjdk-11-jdk - apt: - name: openjdk-11-jdk - state: present - environment: - JAVA_HOME: /usr - - name: Add Wazuh indexer repository block: - name: Add apt repository signing key apt_key: - url: "{{ wazuh_repo.apt.gpg }}" + url: "{{ wazuh_repo.gpg }}" state: present - name: Add Wazuh indexer repository diff --git a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml index 0daa7c3b..53a67ab6 100644 --- a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml +++ b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml @@ -11,23 +11,15 @@ gpgcheck: true changed_when: false - - name: RedHat/CentOS/Fedora | Install OpenJDK 11 - yum: - name: java-11-openjdk-devel - state: present - when: - - ansible_distribution != 'Amazon' - - name: Amazon Linux | Install OpenJDK 11 + + - name: Amazon Linux | Install Amazon extras block: - name: Install Amazon extras yum: name: amazon-linux-extras state: present - - name: Install OpenJDK 11 - shell: amazon-linux-extras install java-openjdk11 -y - - name: Configure vm.max_map_count lineinfile: line: "vm.max_map_count=262144" diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index b3804f63..405bfe33 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -46,7 +46,9 @@ run_once: true - name: Hashing the custom admin password - command: "{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }}" # noqa 301 + shell: | + export JAVA_HOME=/usr/share/wazuh-indexer/jdk + {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }} register: indexer_admin_password_hashed no_log: '{{ indexer_nolog_sensible | bool }}' run_once: true @@ -62,7 +64,9 @@ # this can also be achieved with password_hash, but it requires dependencies on the controller - name: Hash the kibanaserver role/user pasword - command: "{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }}" # noqa 301 + shell: | + export JAVA_HOME=/usr/share/wazuh-indexer/jdk + {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }} register: indexer_kibanaserver_password_hashed no_log: '{{ indexer_nolog_sensible | bool }}' run_once: true