Supporting ELK 7 cluster

playbooks/wazuh-elastic_stack-distributed.yml

@@ -6,5 +6,4 @@
 - hosts: <your elastic stack server host>
   roles:
     - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'}
-    - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-logstash, logstash_input_beats: true, elasticsearch_network_host: 'localhost'}
     - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'}

roles/elastic-stack/ansible-elasticsearch/tasks/main.yml

@@ -95,6 +95,8 @@
     url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh"
     method: GET
     status_code: 200, 404
+  when: not elasticsearch_bootstrap_node or single_node
+  poll: 30
   register: wazuh_alerts_template_exits
   tags: init
 
@@ -105,7 +107,9 @@
     status_code: 200
     body_format: json
     body: "{{ lookup('template','wazuh-elastic7-template-alerts.json.j2') }}"
-  when: wazuh_alerts_template_exits.status != 200
+  when: 
+    - wazuh_alerts_template_exits.status is defined
+    - wazuh_alerts_template_exits.status != 200
   tags: init
 
 - import_tasks: "RMRedHat.yml"

roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2

@@ -10,11 +10,13 @@ network.host: {{ elasticsearch_network_host }}
 {% if single_node %}
 discovery.type: single-node
 {% elif elasticsearch_bootstrap_node %}
+node.master: true
 cluster.initial_master_nodes: 
 {% for item in elasticsearch_cluster_nodes %}
   - {{ item }}
 {% endfor %}
 {% elif elasticsearch_master_candidate %}
+node.master: true
 discovery.seed_hosts:
 {% for item in elasticsearch_cluster_nodes %}
   - {{ item }}