Modified several variables
This commit is contained in:
Manuel J. Bernal
parent
34920f5fe5
commit
7269b15041
@ -1,7 +1,6 @@
|
|||||||
---
|
---
|
||||||
# The OpenDistro version
|
# The OpenDistro version
|
||||||
opendistro_version: 1.6.0
|
opendistro_version: 1.6.0
|
||||||
|
|
||||||
elasticsearch_cluster_name: wazuh-cluster
|
elasticsearch_cluster_name: wazuh-cluster
|
||||||
|
|
||||||
# Minimum master nodes in cluster, 2 for 3 nodes elasticsearch cluster
|
# Minimum master nodes in cluster, 2 for 3 nodes elasticsearch cluster
|
||||||
@ -25,12 +24,9 @@ package_repos:
|
|||||||
baseurl: 'https://artifacts.elastic.co/packages/oss-7.x/yum'
|
baseurl: 'https://artifacts.elastic.co/packages/oss-7.x/yum'
|
||||||
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
|
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
|
||||||
|
|
||||||
populate_inventory_to_hosts_file: true
|
opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig
|
||||||
|
opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools
|
||||||
es_plugin_bin_path: /usr/share/elasticsearch/bin/elasticsearch-plugin
|
opendistro_conf_path: /etc/elasticsearch/
|
||||||
es_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig
|
|
||||||
es_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools
|
|
||||||
|
|
||||||
es_nodes: |-
|
es_nodes: |-
|
||||||
{% for item in groups['es-cluster'] -%}
|
{% for item in groups['es-cluster'] -%}
|
||||||
{{ hostvars[item]['ip'] }}{% if not loop.last %}","{% endif %}
|
{{ hostvars[item]['ip'] }}{% if not loop.last %}","{% endif %}
|
||||||
@ -42,11 +38,6 @@ opendistro_security_password: admin
|
|||||||
opendistro_jvm_xms: null
|
opendistro_jvm_xms: null
|
||||||
|
|
||||||
opendistro_http_port: 9200
|
opendistro_http_port: 9200
|
||||||
opendistro_network_host: 127.0.0.1
|
|
||||||
opendistro_reachable_host: 127.0.0.1
|
|
||||||
opendistro_jvm_xms: null
|
|
||||||
elastic_stack_version: 7.6.1
|
|
||||||
opendistro_lower_disk_requirements: false
|
|
||||||
|
|
||||||
elasticrepo:
|
elasticrepo:
|
||||||
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
|
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
|
||||||
@ -54,6 +45,7 @@ elasticrepo:
|
|||||||
gpg: 'https://artifacts.elastic.co/GPG-KEY-opendistro'
|
gpg: 'https://artifacts.elastic.co/GPG-KEY-opendistro'
|
||||||
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
|
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
|
||||||
|
|
||||||
|
opendistro_admin_password: Test@123
|
||||||
# Cluster Settings
|
# Cluster Settings
|
||||||
single_node: true
|
single_node: true
|
||||||
opendistro_cluster_name: wazuh
|
opendistro_cluster_name: wazuh
|
||||||
@ -67,18 +59,3 @@ opendistro_discovery_nodes:
|
|||||||
opendistro_node_data: true
|
opendistro_node_data: true
|
||||||
opendistro_node_ingest: true
|
opendistro_node_ingest: true
|
||||||
|
|
||||||
# X-Pack Security
|
|
||||||
opendistro_xpack_security: false
|
|
||||||
opendistro_xpack_security_user: elastic
|
|
||||||
opendistro_xpack_security_password: elastic_pass
|
|
||||||
|
|
||||||
node_certs_generator: false
|
|
||||||
node_certs_source: /usr/share/elasticsearch
|
|
||||||
node_certs_destination: /etc/elasticsearch/certs
|
|
||||||
|
|
||||||
# CA generation
|
|
||||||
master_certs_path: /es_certs
|
|
||||||
generate_CA: true
|
|
||||||
ca_key_name: ""
|
|
||||||
ca_cert_name: ""
|
|
||||||
ca_password: ""
|
|
||||||
|
|||||||
@ -56,14 +56,14 @@
|
|||||||
- name: RedHat/CentOS/Fedora | Copy the opendistro security configuration file to cluster
|
- name: RedHat/CentOS/Fedora | Copy the opendistro security configuration file to cluster
|
||||||
blockinfile:
|
blockinfile:
|
||||||
block: "{{ lookup('file', '/tmp/opendistro-nodecerts/config/{{ inventory_hostname }}_elasticsearch_config_snippet.yml') }}"
|
block: "{{ lookup('file', '/tmp/opendistro-nodecerts/config/{{ inventory_hostname }}_elasticsearch_config_snippet.yml') }}"
|
||||||
dest: "{{ conf_dir }}/elasticsearch.yml"
|
dest: "{{ opendistro_conf_path }}/elasticsearch.yml"
|
||||||
backup: yes
|
backup: yes
|
||||||
insertafter: EOF
|
insertafter: EOF
|
||||||
marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##"
|
marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##"
|
||||||
when: install.changed
|
when: install.changed
|
||||||
|
|
||||||
- name: RedHat/CentOS/Fedora | Prepare the opendistro security configuration file
|
- name: RedHat/CentOS/Fedora | Prepare the opendistro security configuration file
|
||||||
command: sed -i 's/searchguard/opendistro_security/g' {{ conf_dir }}/elasticsearch.yml
|
command: sed -i 's/searchguard/opendistro_security/g' {{ opendistro_conf_path }}/elasticsearch.yml
|
||||||
when: install.changed
|
when: install.changed
|
||||||
|
|
||||||
- name: RedHat/CentOS/Fedora | Restart elasticsearch with security configuration
|
- name: RedHat/CentOS/Fedora | Restart elasticsearch with security configuration
|
||||||
@ -75,32 +75,32 @@
|
|||||||
- name: RedHat/CentOS/Fedora | Copy the opendistro security internal users template
|
- name: RedHat/CentOS/Fedora | Copy the opendistro security internal users template
|
||||||
template:
|
template:
|
||||||
src: "templates/internal_users.yml.j2"
|
src: "templates/internal_users.yml.j2"
|
||||||
dest: "{{ es_sec_plugin_conf_path }}/internal_users.yml"
|
dest: "{{ opendistro_sec_plugin_conf_path }}/internal_users.yml"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
run_once: true
|
run_once: true
|
||||||
when: install.changed
|
when: install.changed
|
||||||
|
|
||||||
- name: RedHat/CentOS/Fedora | Set the Admin user password
|
- name: RedHat/CentOS/Fedora | Set the Admin user password
|
||||||
shell: >
|
shell: >
|
||||||
sed -i 's,{{ admin_password }},'$(sh {{ es_sec_plugin_tools_path }}/hash.sh -p {{ admin_password }} | tail -1)','
|
sed -i 's,{{ admin_password }},'$(sh {{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ admin_password }} | tail -1)','
|
||||||
{{ es_sec_plugin_conf_path }}/internal_users.yml
|
{{ opendistro_sec_plugin_conf_path }}/internal_users.yml
|
||||||
run_once: true
|
run_once: true
|
||||||
when: install.changed
|
when: install.changed
|
||||||
|
|
||||||
- name: RedHat/CentOS/Fedora | Set the kibanaserver user pasword
|
- name: RedHat/CentOS/Fedora | Set the kibanaserver user pasword
|
||||||
shell: >
|
shell: >
|
||||||
sed -i 's,{{ kibanaserver_password }},'$(sh {{ es_sec_plugin_tools_path }}/hash.sh -p {{ kibanaserver_password }} | tail -1)','
|
sed -i 's,{{ kibanaserver_password }},'$(sh {{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ kibanaserver_password }} | tail -1)','
|
||||||
{{ es_sec_plugin_conf_path }}/internal_users.yml
|
{{ opendistro_sec_plugin_conf_path }}/internal_users.yml
|
||||||
run_once: true
|
run_once: true
|
||||||
when: install.changed
|
when: install.changed
|
||||||
|
|
||||||
- name: RedHat/CentOS/Fedora | Initialize the opendistro security index in elasticsearch
|
- name: RedHat/CentOS/Fedora | Initialize the opendistro security index in elasticsearch
|
||||||
shell: >
|
shell: >
|
||||||
sh {{ es_sec_plugin_tools_path }}/securityadmin.sh
|
sh {{ opendistro_sec_plugin_tools_path }}/securityadmin.sh
|
||||||
-cacert {{ conf_dir }}/root-ca.pem
|
-cacert {{ opendistro_conf_path }}/root-ca.pem
|
||||||
-cert {{ conf_dir }}/admin.pem
|
-cert {{ opendistro_conf_path }}/admin.pem
|
||||||
-key {{ conf_dir }}/admin.key
|
-key {{ opendistro_conf_path }}/admin.key
|
||||||
-cd {{ es_sec_plugin_conf_path }}/
|
-cd {{ opendistro_sec_plugin_conf_path }}/
|
||||||
-nhnv -icl
|
-nhnv -icl
|
||||||
-h {{ hostvars[inventory_hostname]['ip'] }}
|
-h {{ hostvars[inventory_hostname]['ip'] }}
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|||||||
@ -22,8 +22,8 @@
|
|||||||
|
|
||||||
- name: Copy Configuration File
|
- name: Copy Configuration File
|
||||||
template:
|
template:
|
||||||
src: "templates/elasticsearch.ym.j2"
|
src: "templates/elasticsearch.yml.j2"
|
||||||
dest: "{{conf_dir}}/elasticsearch.yml"
|
dest: "{{opendistro_conf_path}}/elasticsearch.yml"
|
||||||
group: elasticsearch
|
group: elasticsearch
|
||||||
mode: 0644
|
mode: 0644
|
||||||
backup: yes
|
backup: yes
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
cluster.name: "{{ elasticsearch_cluster_name }}"
|
cluster.name: "{{ opendistro_cluster_name }}"
|
||||||
|
|
||||||
node.name: "{{ inventory_hostname }}"
|
node.name: "{{ inventory_hostname }}"
|
||||||
|
|
||||||
|
|||||||
@ -23,10 +23,10 @@
|
|||||||
|
|
||||||
# Xms represents the initial size of total heap space
|
# Xms represents the initial size of total heap space
|
||||||
# Xmx represents the maximum size of total heap space
|
# Xmx represents the maximum size of total heap space
|
||||||
{% if elasticsearch_jvm_xms is not none %}
|
{% if opendistro_jvm_xms is not none %}
|
||||||
{% if elasticsearch_jvm_xms < 32000 %}
|
{% if opendistro_jvm_xms < 32000 %}
|
||||||
-Xms{{ elasticsearch_jvm_xms }}m
|
-Xms{{ opendistro_jvm_xms }}m
|
||||||
-Xmx{{ elasticsearch_jvm_xms }}m
|
-Xmx{{ opendistro_jvm_xms }}m
|
||||||
{% else %}
|
{% else %}
|
||||||
-Xms32000m
|
-Xms32000m
|
||||||
-Xmx32000m
|
-Xmx32000m
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user