diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 8c791a04..bca544e6 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -1,7 +1,6 @@ --- # The OpenDistro version opendistro_version: 1.6.0 - elasticsearch_cluster_name: wazuh-cluster # Minimum master nodes in cluster, 2 for 3 nodes elasticsearch cluster @@ -25,12 +24,9 @@ package_repos: baseurl: 'https://artifacts.elastic.co/packages/oss-7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' -populate_inventory_to_hosts_file: true - -es_plugin_bin_path: /usr/share/elasticsearch/bin/elasticsearch-plugin -es_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig -es_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools - +opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig +opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools +opendistro_conf_path: /etc/elasticsearch/ es_nodes: |- {% for item in groups['es-cluster'] -%} {{ hostvars[item]['ip'] }}{% if not loop.last %}","{% endif %} @@ -42,11 +38,6 @@ opendistro_security_password: admin opendistro_jvm_xms: null opendistro_http_port: 9200 -opendistro_network_host: 127.0.0.1 -opendistro_reachable_host: 127.0.0.1 -opendistro_jvm_xms: null -elastic_stack_version: 7.6.1 -opendistro_lower_disk_requirements: false elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' @@ -54,6 +45,7 @@ elasticrepo: gpg: 'https://artifacts.elastic.co/GPG-KEY-opendistro' key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' +opendistro_admin_password: Test@123 # Cluster Settings single_node: true opendistro_cluster_name: wazuh @@ -67,18 +59,3 @@ opendistro_discovery_nodes: opendistro_node_data: true opendistro_node_ingest: true -# X-Pack Security -opendistro_xpack_security: false -opendistro_xpack_security_user: elastic -opendistro_xpack_security_password: elastic_pass - -node_certs_generator: false -node_certs_source: /usr/share/elasticsearch -node_certs_destination: /etc/elasticsearch/certs - -# CA generation -master_certs_path: /es_certs -generate_CA: true -ca_key_name: "" -ca_cert_name: "" -ca_password: "" diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml b/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml index d396960b..b2170af1 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml @@ -56,14 +56,14 @@ - name: RedHat/CentOS/Fedora | Copy the opendistro security configuration file to cluster blockinfile: block: "{{ lookup('file', '/tmp/opendistro-nodecerts/config/{{ inventory_hostname }}_elasticsearch_config_snippet.yml') }}" - dest: "{{ conf_dir }}/elasticsearch.yml" + dest: "{{ opendistro_conf_path }}/elasticsearch.yml" backup: yes insertafter: EOF marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##" when: install.changed - name: RedHat/CentOS/Fedora | Prepare the opendistro security configuration file - command: sed -i 's/searchguard/opendistro_security/g' {{ conf_dir }}/elasticsearch.yml + command: sed -i 's/searchguard/opendistro_security/g' {{ opendistro_conf_path }}/elasticsearch.yml when: install.changed - name: RedHat/CentOS/Fedora | Restart elasticsearch with security configuration @@ -75,32 +75,32 @@ - name: RedHat/CentOS/Fedora | Copy the opendistro security internal users template template: src: "templates/internal_users.yml.j2" - dest: "{{ es_sec_plugin_conf_path }}/internal_users.yml" + dest: "{{ opendistro_sec_plugin_conf_path }}/internal_users.yml" mode: 0644 run_once: true when: install.changed - name: RedHat/CentOS/Fedora | Set the Admin user password shell: > - sed -i 's,{{ admin_password }},'$(sh {{ es_sec_plugin_tools_path }}/hash.sh -p {{ admin_password }} | tail -1)',' - {{ es_sec_plugin_conf_path }}/internal_users.yml + sed -i 's,{{ admin_password }},'$(sh {{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ admin_password }} | tail -1)',' + {{ opendistro_sec_plugin_conf_path }}/internal_users.yml run_once: true when: install.changed - name: RedHat/CentOS/Fedora | Set the kibanaserver user pasword shell: > - sed -i 's,{{ kibanaserver_password }},'$(sh {{ es_sec_plugin_tools_path }}/hash.sh -p {{ kibanaserver_password }} | tail -1)',' - {{ es_sec_plugin_conf_path }}/internal_users.yml + sed -i 's,{{ kibanaserver_password }},'$(sh {{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ kibanaserver_password }} | tail -1)',' + {{ opendistro_sec_plugin_conf_path }}/internal_users.yml run_once: true when: install.changed - name: RedHat/CentOS/Fedora | Initialize the opendistro security index in elasticsearch shell: > - sh {{ es_sec_plugin_tools_path }}/securityadmin.sh - -cacert {{ conf_dir }}/root-ca.pem - -cert {{ conf_dir }}/admin.pem - -key {{ conf_dir }}/admin.key - -cd {{ es_sec_plugin_conf_path }}/ + sh {{ opendistro_sec_plugin_tools_path }}/securityadmin.sh + -cacert {{ opendistro_conf_path }}/root-ca.pem + -cert {{ opendistro_conf_path }}/admin.pem + -key {{ opendistro_conf_path }}/admin.key + -cd {{ opendistro_sec_plugin_conf_path }}/ -nhnv -icl -h {{ hostvars[inventory_hostname]['ip'] }} run_once: true diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index 728f4970..bdfb6be8 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -22,8 +22,8 @@ - name: Copy Configuration File template: - src: "templates/elasticsearch.ym.j2" - dest: "{{conf_dir}}/elasticsearch.yml" + src: "templates/elasticsearch.yml.j2" + dest: "{{opendistro_conf_path}}/elasticsearch.yml" group: elasticsearch mode: 0644 backup: yes diff --git a/roles/opendistro/opendistro-elasticsearch/templates/elasticsearch.yml.j2 b/roles/opendistro/opendistro-elasticsearch/templates/elasticsearch.yml.j2 index 6b025674..58a8ece2 100644 --- a/roles/opendistro/opendistro-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/opendistro/opendistro-elasticsearch/templates/elasticsearch.yml.j2 @@ -1,4 +1,4 @@ -cluster.name: "{{ elasticsearch_cluster_name }}" +cluster.name: "{{ opendistro_cluster_name }}" node.name: "{{ inventory_hostname }}" diff --git a/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 b/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 index c43ce401..de69125c 100644 --- a/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 +++ b/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 @@ -23,10 +23,10 @@ # Xms represents the initial size of total heap space # Xmx represents the maximum size of total heap space -{% if elasticsearch_jvm_xms is not none %} -{% if elasticsearch_jvm_xms < 32000 %} --Xms{{ elasticsearch_jvm_xms }}m --Xmx{{ elasticsearch_jvm_xms }}m +{% if opendistro_jvm_xms is not none %} +{% if opendistro_jvm_xms < 32000 %} +-Xms{{ opendistro_jvm_xms }}m +-Xmx{{ opendistro_jvm_xms }}m {% else %} -Xms32000m -Xmx32000m