From 6b95e304b6ac4dfec08df5cd0fe29be9cc7dc22c Mon Sep 17 00:00:00 2001
From: "Manuel J. Bernal" <manu.asi2@gmail.com>
Date: Thu, 13 Jun 2019 17:49:05 +0200
Subject: [PATCH] Supporting ELK 7 cluster

---
 playbooks/wazuh-elastic_stack-distributed.yml               | 1 -
 roles/elastic-stack/ansible-elasticsearch/tasks/main.yml    | 6 +++++-
 .../ansible-elasticsearch/templates/elasticsearch.yml.j2    | 2 ++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml
index 6bdf4857..887cafbd 100644
--- a/playbooks/wazuh-elastic_stack-distributed.yml
+++ b/playbooks/wazuh-elastic_stack-distributed.yml
@@ -6,5 +6,4 @@
 - hosts: <your elastic stack server host>
   roles:
     - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'}
-    - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-logstash, logstash_input_beats: true, elasticsearch_network_host: 'localhost'}
     - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'}
diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
index 8d48441e..bd7bc0d4 100644
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
@@ -95,6 +95,8 @@
     url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh"
     method: GET
     status_code: 200, 404
+  when: not elasticsearch_bootstrap_node or single_node
+  poll: 30
   register: wazuh_alerts_template_exits
   tags: init
 
@@ -105,7 +107,9 @@
     status_code: 200
     body_format: json
     body: "{{ lookup('template','wazuh-elastic7-template-alerts.json.j2') }}"
-  when: wazuh_alerts_template_exits.status != 200
+  when: 
+    - wazuh_alerts_template_exits.status is defined
+    - wazuh_alerts_template_exits.status != 200
   tags: init
 
 - import_tasks: "RMRedHat.yml"
diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2
index f0d08cff..595dd58a 100644
--- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2
+++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2
@@ -10,11 +10,13 @@ network.host: {{ elasticsearch_network_host }}
 {% if single_node %}
 discovery.type: single-node
 {% elif elasticsearch_bootstrap_node %}
+node.master: true
 cluster.initial_master_nodes: 
 {% for item in elasticsearch_cluster_nodes %}
   - {{ item }}
 {% endfor %}
 {% elif elasticsearch_master_candidate %}
+node.master: true
 discovery.seed_hosts:
 {% for item in elasticsearch_cluster_nodes %}
   - {{ item }}