Adding DEB support to Elasticsearch, Kibana and Logstash deploy

ansible-role-elasticsearch/defaults/main.yml

@@ -1 +1,7 @@
 ---
+elasticsearch_cluster_name: wazuh
+elasticsearch_node_name: node-1
+elasticsearch_http_port: 9200
+elasticsearch_network_host: 127.0.0.1
+elasticsearch_jvm_xms: 1g
+elk_stack_version: 5.4.0

ansible-role-elasticsearch/tasks/Debian.yml

@@ -0,0 +1,46 @@
+---
+- name: Debian/Ubuntu | apt-transport-https
+  apt:
+    name: apt-transport-https
+    state: present
+    update_cache: yes
+
+- name: Debian/Ubuntu | ca-certificates
+  apt:
+    name: ca-certificates
+    state: present
+
+- name: Debian/Ubuntu | Setting webupd8 repository
+  apt_repository:
+    repo: 'ppa:webupd8team/java'
+    codename: 'xenial'
+    update_cache: yes
+
+- name: Debian/Ubuntu | Accept Oracle Java 8 license
+  debconf:
+    name: oracle-java8-installer
+    question: shared/accepted-oracle-license-v1-1
+    value: true
+    vtype: boolean
+
+- name: Debian/Ubuntu | Oracle Java 8 installer
+  apt:
+    name: oracle-java8-installer
+    state: present
+
+- name: Debian/Ubuntu | Add Elasticsearch GPG key.
+  apt_key:
+    url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
+    state: present
+
+- name: Debian/Ubuntu | Install Elastic repo
+  apt_repository:
+    repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
+    state: present
+    filename: 'elk_repo'
+    update_cache: yes
+
+- name: Debian/Ubuntu | Install Elasticsarch
+  apt:
+    name: elasticsearch={{ elk_stack_version }}
+    state: present

ansible-role-elasticsearch/tasks/RMDebian.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Debian/Ubuntu | Removing Elasticsearch repository
+  apt_repository:
+    repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
+    state: absent

ansible-role-elasticsearch/tasks/RMRedHat.yml

@@ -2,5 +2,5 @@
 # Remove logstash repository
 - name: Remove Elasticsearch repository (and clean up left-over metadata)
   yum_repository:
-    name: logstash
+    name: elk_repo
     state: absent

ansible-role-elasticsearch/tasks/RedHat.yml

@@ -1,27 +1,23 @@
 ---
-- name: download Java RPM
+- name: RedHat | download Oracle Java RPM
-  shell:
+  get_url:
-    "curl -L  -H 'Cookie:oraclelicense=accept-securebackup-cookie' -o /tmp/jdk-8-linux-x64.rpm http://download.oracle.com/otn-pub/java/jdk/8u111-b14/jdk-8u111-linux-x64.rpm"
+    url: http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm
-  args:
+    dest: /tmp/jdk-8-linux-x64.rpm
-    creates: "/tmp/jdk-8-linux-x64.rpm"
+    headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
   register: oracle_java_task_rpm_download
   become: yes
-  tags:
-    - installation
 
-- name: install RPM
+- name: RedHat | Install Oracle Java RPM
   action: "yum name=/tmp/jdk-8-linux-x64.rpm state=present"
   when: not oracle_java_task_rpm_download|skipped
   become: yes
-  tags:
-    - installation
 
-- name: Add Elasticsearch GPG key.
+- name: RedHat | Add Elasticsearch GPG key
   rpm_key:
     key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     state: present
 
-- name: RedHat | Install Elasticsearch repo
+- name: RedHat | Install Elastic repo
   yum_repository:
     name: elk_repo
     description: Elastic repository for 5.x packages
@@ -30,7 +26,4 @@
     gpgcheck: yes
 
 - name: RedHat | Install Elasticsarch
-  yum: pkg=elasticsearch-5.3.0
+  yum: pkg=elasticsearch-{{ elk_stack_version }} state=present
-       state=present
-  tags:
-    - init

ansible-role-elasticsearch/tasks/main.yml

@@ -2,9 +2,8 @@
 - include: RedHat.yml
   when: ansible_os_family == 'RedHat'
 
-- name: 'check parm is null or invalid'
+- include: Debian.yml
-  fail: msg="This playbook is not compatible with Debian/Ubuntu"
+  when: ansible_os_family == "Debian"
-  when: ansible_os_family == 'Debian'
 
 - name: Configure Elasticsearch.
   template:
@@ -36,3 +35,7 @@
 - name: Remove the correct repository
   include: "RMRedHat.yml"
   when: ansible_os_family == "RedHat"
+
+- name: Remove the correct repository
+  include: "RMDebian.yml"
+  when: ansible_os_family == "Debian"

ansible-role-elasticsearch/vars/main.yml

@@ -1,6 +0,0 @@
----
-elasticsearch_cluster_name: wazuh
-elasticsearch_node_name: node-1
-elasticsearch_http_port: 9200
-elasticsearch_network_host: 192.168.33.182
-elasticsearch_jvm_xms: 1g

ansible-role-filebeat/tasks/RMDebian.yml

@@ -2,5 +2,5 @@
 # Remove ELK REPOSITORY and Wazuh repositories from sources list.
 - name: Remove Filebeat repository (and clean up left-over metadata)
   apt_repository:
-    repo: ddeb https://artifacts.elastic.co/packages/5.x/apt stable main
+    repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
     state: absent

ansible-role-filebeat/tasks/RMRedHat.yml

@@ -2,5 +2,5 @@
 # Remove repositories
 - name: Remove Filebeat repository (and clean up left-over metadata)
   yum_repository:
-    name: filebeat
+    name: elk_repo
     state: absent

ansible-role-filebeat/tasks/RedHat.yml

@@ -6,7 +6,7 @@
 
 - name: RedHat | Install Filebeats repo
   yum_repository:
-    name: filebeat
+    name: elk_repo
     description: Elastic repository for 5.x packages
     baseurl: https://artifacts.elastic.co/packages/5.x/yum
     gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch

ansible-role-filebeat/tasks/main.yml

@@ -1,8 +1,8 @@
 ---
-- include: setup-RedHat.yml
+- include: RedHat.yml
   when: ansible_os_family == 'RedHat'
 
-- include: setup-Debian.yml
+- include: Debian.yml
   when: ansible_os_family == 'Debian'
 
 - name: Install Filebeat.

ansible-role-kibana/defaults/main.yml

@@ -1 +1,5 @@
 ---
+elasticsearch_http_port: "9200"
+elasticsearch_network_host: "127.0.0.1"
+kibana_server_host: "0.0.0.0"
+elk_stack_version: 5.4.0

ansible-role-kibana/tasks/Debian.yml

@@ -0,0 +1,17 @@
+---
+- name: Debian/Ubuntu | Add Elasticsearch GPG key
+  apt_key:
+    url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
+    state: present
+
+- name: Debian/Ubuntu | Install Elastic repo
+  apt_repository:
+    repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
+    state: present
+    filename: 'elk_repo'
+    update_cache: yes
+
+- name: Debian/Ubuntu | Install Kibana
+  apt:
+    name: kibana={{ elk_stack_version }}
+    state: present

ansible-role-kibana/tasks/RMDebian.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Debian/Ubuntu | Removing Elasticsearch repository
+  apt_repository:
+    repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
+    state: absent

ansible-role-kibana/tasks/RMRedHat.yml

@@ -2,5 +2,5 @@
 # Remove logstash repository
 - name: Remove Elasticsearch repository (and clean up left-over metadata)
   yum_repository:
-    name: logstash
+    name: elk_repo
     state: absent

ansible-role-kibana/tasks/RedHat.yml

@@ -1,10 +1,10 @@
 ---
-- name: Add Elasticsearch GPG key.
+- name: RedHat | Add Elasticsearch GPG key
   rpm_key:
     key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     state: present
 
-- name: RedHat | Install Kibana repo
+- name: RedHat | Install Elastic repo
   yum_repository:
     name: elk_repo
     description: Elastic repository for 5.x packages
@@ -13,11 +13,4 @@
     gpgcheck: yes
 
 - name: RedHat | Install Kibana
-  yum: pkg=kibana-5.3.0
+  yum: pkg=kibana-{{ elk_stack_version }} state=present
-       state=present
-  tags:
-    - init
-
-- name: Remove the correct repository
-  include: "RMRedHat.yml"
-  when: ansible_os_family == "RedHat"

ansible-role-kibana/tasks/main.yml

@@ -2,8 +2,7 @@
 - include: RedHat.yml
   when: ansible_os_family == 'RedHat'
 
-- name: 'check parm is null or invalid'
+- include: Debian.yml
-  fail: msg="This playbook is not compatible with Debian/Ubuntu"
   when: ansible_os_family == 'Debian'
 
 - name: Make sure Elasticsearch is running before proceeding.
@@ -18,17 +17,30 @@
     mode: 0664
   notify: restart kibana
 
+- name: Checking Wazuh-APP version compatibility
+  shell: grep -E 'version.*{{ elk_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json
+    removes=/usr/share/kibana/plugins/wazuh/package.json
+  register: wazuh_app_notok
+  ignore_errors: yes
+  changed_when: "wazuh_app_notok.rc != 0"
 
-- name: Verify if Wazuh-APP is installed
+- name: Removing Wazuh-APP by compatibility issues
-  command: /bin/bash /usr/share/kibana/bin/kibana-plugin list
+  shell: /usr/share/kibana/bin/kibana-plugin remove wazuh
-  register: kibanainstalled
+  when: wazuh_app_notok.rc != 0
 
 - name: Install Wazuh-APP (can take a while)
-  shell: /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.3.0.zip && service kibana restart
+  shell: /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elk_stack_version }}.zip
-  when: kibanainstalled.stdout.find('wazuh') == -1
+    creates=/usr/share/kibana/plugins/wazuh/package.json
+  notify: restart kibana
 
-- name: Ensure Logstash, Kibana and Elasticsearch started and enabled
+- name: Ensure Kibana started and enabled
   service:
     name: kibana
     enabled: yes
     state: started
+
+- include: RMRedHat.yml
+  when: ansible_os_family == 'RedHat'
+
+- include: RMDebian.yml
+  when: ansible_os_family == 'Debian'

ansible-role-kibana/vars/main.yml

@@ -1,5 +0,0 @@
----
-elasticsearch_http_port: "9200"
-elasticsearch_network_host: "192.168.33.182"
-
-kibana_server_host: "0.0.0.0"

ansible-role-logstash/defaults/main.yml

@@ -1 +1,4 @@
 ---
+elasticsearch_network_host: "127.0.0.1"
+elasticsearch_http_port: "9200"
+elk_stack_version: 5.4.0

ansible-role-logstash/tasks/Debian.yml

@@ -0,0 +1,47 @@
+---
+- name: Debian/Ubuntu | apt-transport-https
+  apt:
+    name: apt-transport-https
+    state: present
+    update_cache: yes
+
+- name: Debian/Ubuntu | ca-certificates
+  apt:
+    name: ca-certificates
+    state: present
+
+- name: Debian/Ubuntu | Setting webupd8 repository
+  apt_repository:
+    repo: 'ppa:webupd8team/java'
+    codename: 'xenial'
+    update_cache: yes
+
+- name: Debian/Ubuntu | Accept Oracle Java 8 license
+  debconf:
+    name: oracle-java8-installer
+    question: shared/accepted-oracle-license-v1-1
+    value: true
+    vtype: boolean
+
+- name: Debian/Ubuntu | Oracle Java 8 installer
+  apt:
+    name: oracle-java8-installer
+    update_cache: yes
+    state: present
+
+- name: Debian/Ubuntu | Add Elasticsearch GPG key
+  apt_key:
+    url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
+    state: present
+
+- name: Debian/Ubuntu | Install Elasticsearch repo
+  apt_repository:
+    repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
+    state: present
+    filename: 'elk_repo'
+    update_cache: yes
+
+- name: Debian/Ubuntu | Install Logstash
+  apt:
+    name: logstash=1:{{ elk_stack_version }}-1
+    state: present

ansible-role-logstash/tasks/RMDebian.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Debian/Ubuntu | Removing Elasticsearch repository
+  apt_repository:
+    repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
+    state: absent

ansible-role-logstash/tasks/RMRedHat.yml

@@ -1,6 +1,6 @@
 ---
 # Remove logstash repository
-- name: Remove logstash repository (and clean up left-over metadata)
+- name: RedHat | Remove logstash repository (and clean up left-over metadata)
   yum_repository:
-    name: logstash
+    name: elk_repo
     state: absent

ansible-role-logstash/tasks/RedHat.yml

@@ -1,36 +1,30 @@
 ---
-- name: download Java RPM
+- name: RedHat | Download Java RPM
-  shell:
+  get_url:
-    "curl -L  -H 'Cookie:oraclelicense=accept-securebackup-cookie' -o /tmp/jdk-8-linux-x64.rpm http://download.oracle.com/otn-pub/java/jdk/8u111-b14/jdk-8u111-linux-x64.rpm"
+    url: http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm
-  args:
+    dest: /tmp/jdk-8-linux-x64.rpm
-    creates: "/tmp/jdk-8-linux-x64.rpm"
+    headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
   register: oracle_java_task_rpm_download
   become: yes
-  tags:
-    - installation
 
-- name: install RPM
+- name: RedHat | Install Oracle Java RPM
   action: "yum name=/tmp/jdk-8-linux-x64.rpm state=present"
   when: not oracle_java_task_rpm_download|skipped
   become: yes
-  tags:
-    - installation
 
-- name: Add Elasticsearch GPG key.
+- name: RedHat | Add Elasticsearch GPG key.
   rpm_key:
     key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     state: present
 
 - name: RedHat | Install Logstash repo
   yum_repository:
-    name: logstash
+    name: elk_repo
     description: Elastic repository for 5.x packages
     baseurl: https://artifacts.elastic.co/packages/5.x/yum
     gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     gpgcheck: yes
 
 - name: RedHat | Install Logstash
-  yum: pkg=logstash-5.3.0
+  yum: pkg=logstash-{{ elk_stack_version }}
        state=present
-  tags:
-    - init

ansible-role-logstash/tasks/main.yml

@@ -2,9 +2,8 @@
 - include: RedHat.yml
   when: ansible_os_family == 'RedHat'
 
-- name: 'check parm is null or invalid'
+- include: Debian.yml
-  fail: msg="This playbook is not compatible with Debian/Ubuntu"
+  when: ansible_os_family == "Debian"
-  when: ansible_os_family == 'Debian'
 
 - name: Logstash configuration
   template:
@@ -22,7 +21,6 @@
     group: root
   notify: restart logstash
 
-
 - name: Ensure Logstash started and enabled
   service:
     name: logstash
@@ -32,3 +30,7 @@
 - name: Remove the correct repository
   include: "RMRedHat.yml"
   when: ansible_os_family == "RedHat"
+
+- name: Remove the correct repository
+  include: "RMDebian.yml"
+  when: ansible_os_family == "Debian"

ansible-role-logstash/vars/main.yml

@@ -1,3 +0,0 @@
----
-elasticsearch_network_host: "192.168.33.182"
-elasticsearch_http_port: "9200"

ansible-wazuh-agent/defaults/main.yml

@@ -1,6 +1,4 @@
 ---
-# defaults file for ossec-agent
-
 ossec_server_ip: 127.0.0.1
 ossec_server_name: ""
 ossec_managed_server: true