Initial indexer changes

roles/opendistro/opendistro-elasticsearch/defaults/main.yml

@@ -1,69 +0,0 @@
----
-# Cluster Settings
-opendistro_version: 1.13.2
-
-single_node: false
-elasticsearch_node_name: node-1
-opendistro_cluster_name: wazuh
-elasticsearch_network_host: '0.0.0.0'
-
-elasticsearch_node_master: true
-elasticsearch_node_data: true
-elasticsearch_node_ingest: true
-elasticsearch_start_timeout: 90
-
-elasticsearch_lower_disk_requirements: false
-elasticsearch_cluster_nodes:
-  - 127.0.0.1
-elasticsearch_discovery_nodes:
-  - 127.0.0.1
-
-local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
-
-# Minimum master nodes in cluster, 2 for 3 nodes elasticsearch cluster
-minimum_master_nodes: 2
-
-# Configure hostnames for Elasticsearch nodes
-# Example es1.example.com, es2.example.com
-domain_name: wazuh.com
-
-# The OpenDistro package repository
-package_repos:
-  yum:
-    opendistro:
-      baseurl: 'https://packages.wazuh.com/4.x/yum/'
-      gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-  apt:
-    opendistro:
-      baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
-      gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-    openjdk:
-      baseurl: 'deb http://deb.debian.org/debian stretch-backports main'
-      
-opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig
-opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools
-opendistro_conf_path: /etc/elasticsearch/
-
-# Security password
-opendistro_custom_user: ""
-opendistro_custom_user_role: "admin"
-
-# Set JVM memory limits
-opendistro_jvm_xms: null
-
-opendistro_http_port: 9200
-
-certs_gen_tool_version: 1.8
-
-# Url of Search Guard certificates generator tool
-certs_gen_tool_url: "https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-tlstool/{{ certs_gen_tool_version }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
-
-
-opendistro_admin_password: changeme
-opendistro_kibana_password: changeme
-
-# Deployment settings
-generate_certs: true
-perform_installation: true
-
-opendistro_nolog_sensible: true

roles/opendistro/opendistro-elasticsearch/handlers/main.yml

@@ -1,5 +0,0 @@
----
-- name: restart elasticsearch
-  service:
-    name: elasticsearch
-    state: restarted

roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml

@@ -1,50 +0,0 @@
----
-- block:
-
-  - name: RedHat/CentOS/Fedora | Add OpenDistro repo
-    yum_repository:
-      file: opendistro
-      name: opendistro_repo
-      description: Opendistro yum repository
-      baseurl: "{{ package_repos.yum.opendistro.baseurl }}"
-      gpgkey: "{{ package_repos.yum.opendistro.gpg }}"
-      gpgcheck: true
-    changed_when: false
-
-  - name: RedHat/CentOS/Fedora | Install OpenJDK 11
-    yum:
-      name: java-11-openjdk-devel
-      state: present
-    when:
-      - ansible_distribution != 'Amazon'
-
-  - name: Amazon Linux | Install OpenJDK 11
-    block:
-      - name: Install Amazon extras
-        yum:
-          name: amazon-linux-extras
-          state: present
-
-      - name: Install OpenJDK 11
-        shell: amazon-linux-extras install java-openjdk11 -y
-
-    when:
-      - ansible_distribution == 'Amazon'
-
-  - name: RedHat/CentOS/Fedora | Install OpenDistro dependencies
-    yum:
-      name: "{{ packages }}"
-    vars:
-      packages:
-      - wget
-      - unzip
-
-  - name: Install OpenDistro
-    package:
-      name: opendistroforelasticsearch-{{ opendistro_version }}
-      state: present
-    register: install
-    tags: install
-
-  tags:
-  - install

roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml

@@ -1,87 +0,0 @@
----
-- name: Check if certificates already exists
-  stat:
-    path: "{{ local_certs_path }}"
-  register: certificates_folder
-  delegate_to: localhost
-  become: no
-  tags:
-    - generate-certs
-
-
-- block:
-
-  - name: Local action | Create local temporary directory for certificates generation
-    file:
-      path: "{{ local_certs_path }}"
-      mode: 0755
-      state: directory
-
-  - name: Local action | Check that the generation tool exists
-    stat:
-      path: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
-    register: tool_package
-
-  - name: Local action | Download certificates generation tool
-    get_url:
-      url: "{{ certs_gen_tool_url }}"
-      dest: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
-    when: not tool_package.stat.exists
-
-  - name: Local action | Extract the certificates generation tool
-    unarchive:
-      src: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
-      dest: "{{ local_certs_path }}/"
-
-  - name: Local action | Add the execution bit to the binary
-    file:
-      dest: "{{ local_certs_path }}/tools/sgtlstool.sh"
-      mode: a+x
-
-  - name: Local action | Prepare the certificates generation template file
-    template:
-      src: "templates/tlsconfig.yml.j2"
-      dest: "{{ local_certs_path }}/config/tlsconfig.yml"
-      mode: 0644
-    register: tlsconfig_template
-
-  - name: Create a directory if it does not exist
-    file:
-      path: "{{ local_certs_path }}/certs/"
-      state: directory
-      mode: '0755'
-
-  - name: Local action | Check if root CA file exists
-    stat:
-      path: "{{ local_certs_path }}/certs/root-ca.key"
-    register: root_ca_file
-
-  - name: Local action | Generate the node & admin certificates in local
-    command: >-
-      {{ local_certs_path }}/tools/sgtlstool.sh
-      -c {{ local_certs_path }}/config/tlsconfig.yml
-      -ca -crt
-      -t {{ local_certs_path }}/certs/
-      -f -o
-    when:
-      - not root_ca_file.stat.exists
-      - tlsconfig_template.changed
-
-  - name: Local action | Generate the node & admin certificates using an existing root CA
-    command: >-
-     {{ local_certs_path }}/tools/sgtlstool.sh
-     -c {{ local_certs_path }}/config/tlsconfig.yml
-     -crt
-     -t {{ local_certs_path }}/certs/
-     -f
-    when:
-      - root_ca_file.stat.exists
-      - tlsconfig_template.changed
-
-  run_once: true
-  delegate_to: localhost
-  become: no
-  tags:
-    - generate-certs
-  when:
-    - not certificates_folder.stat.exists

roles/opendistro/opendistro-kibana/handlers/main.yml

@@ -1,3 +0,0 @@
----
-- name: restart kibana
-  service: name=kibana state=restarted

roles/opendistro/opendistro-kibana/vars/debian.yml

@@ -1,3 +0,0 @@
----
-
-kibana_opendistro_version: 1.13.2

roles/opensearch/wazuh-dashboard/defaults/main.yml

@@ -4,17 +4,21 @@
 elasticsearch_http_port: 9200
 elastic_api_protocol: https
 kibana_conf_path: /etc/kibana
+## 732 check the path
 kibana_node_name: node-1
 kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
 kibana_server_name: "kibana"
 kibana_max_payload_bytes: 1048576
-elastic_stack_version: 7.10.2
+elastic_stack_version: 4.3.0
+## 732 check if it is the right version
 wazuh_version: 4.3.0
 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
+## 732 check if it is needed.
 
 # The OpenDistro package repository
-kibana_opendistro_version: 1.13.2-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
+kibana_opendistro_version: 4.3.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
+## 732 check if it is the right version
 
 package_repos:
   yum:
@@ -55,6 +59,7 @@ nodejs:
 # Build from sources
 build_from_sources: false
 wazuh_plugin_branch: 4.1-7.10
+## 732 check if it is the right version and if it is needed
 
 #Nodejs NODE_OPTIONS
 node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

roles/opensearch/wazuh-dashboard/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+- name: restart wazuh-dashboard
+  service: name=wazuh-dashboard state=restarted
+## 732 service name should be updated

roles/opensearch/wazuh-dashboard/tasks/Debian.yml

@@ -3,19 +3,22 @@
 
   - include_vars: debian.yml 
   - name: Add apt repository signing key
+## 732 will not be needed. The wazuh repo should be added
     apt_key:
       url: "{{ package_repos.apt.opendistro.gpg }}"
       state: present
 
   - name: Debian systems | Add OpenDistro repo
+## 732 will not be needed. The wazuh repo should be added
     apt_repository:
       repo: "{{ package_repos.apt.opendistro.baseurl }}"
       state: present
       update_cache: yes
 
-  - name: Install Kibana
+  - name: Install Wazuh-Dashboard
+## 732 package name and task name should be updated.
     apt:
-      name: "opendistroforelasticsearch-kibana={{ kibana_opendistro_version }}"
+      name: "wazuh-dashboard={{ kibana_opendistro_version }}"
       state: present
     register: install
 

roles/opensearch/wazuh-dashboard/tasks/RedHat.yml

@@ -10,9 +10,9 @@
       gpgkey: "{{ package_repos.yum.opendistro.gpg }}"
       gpgcheck: true
 
-  - name: Install Kibana
+  - name: Install Wazuh-Dashboard
     package:
-      name: "opendistroforelasticsearch-kibana-{{ kibana_opendistro_version }}"
+      name: "wazuh-dashboard-{{ kibana_opendistro_version }}"
       state: present
     register: install
     

roles/opensearch/wazuh-dashboard/tasks/build_wazuh_plugin.yml

@@ -1,4 +1,5 @@
 ---
+## 732 will not be needed
   - name: Ensure the Git package is present
     package:
       name: git
@@ -33,12 +34,14 @@
     changed_when: install_yarn_result == 0
 
   - name: Remove old wazuh-kibana-app git directory
+## 732 check if it is needed
     file:
       path: /tmp/app
       state: absent
     changed_when: false
 
   - name: Clone wazuh-kibana-app repository # Using command as git module doesn't cover single-branch nor depth
+## 732 will not be needed
     command: git clone https://github.com/wazuh/wazuh-kibana-app -b {{ wazuh_plugin_branch }} --single-branch --depth=1 app # noqa 303
     register: clone_app_repo_result
     changed_when: false

roles/opensearch/wazuh-dashboard/tasks/main.yml

@@ -32,7 +32,7 @@
     owner: kibana
     mode: 0640
     marker: "## {mark} Kibana general settings ##"
-  notify: restart kibana
+  notify: restart wazuh-dashboard
   tags:
     - install
     - configure
@@ -46,38 +46,38 @@
     group: kibana
     recurse: yes
 
-- name: Build and Install Wazuh Kibana Plugin from sources
+#- name: Build and Install Wazuh Kibana Plugin from sources
-  import_tasks: build_wazuh_plugin.yml
+#  import_tasks: build_wazuh_plugin.yml
-  when:
+#  when:
-    - build_from_sources is defined
+#    - build_from_sources is defined
-    - build_from_sources
+#    - build_from_sources
 
-- name: Install Wazuh Plugin (can take a while)
+#- name: Install Wazuh Plugin (can take a while)
-  shell: >-
+#  shell: >-
-    NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install
+#    NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install
-    {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip
+#    {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip
-  args:
+#  args:
-    executable: /bin/bash
+#    executable: /bin/bash
-    creates: /usr/share/kibana/plugins/wazuh/package.json
+#    creates: /usr/share/kibana/plugins/wazuh/package.json
-    chdir: /usr/share/kibana
+#    chdir: /usr/share/kibana
-  become: yes
+#  become: yes
-  become_user: kibana
+#  become_user: kibana
-  notify: restart kibana
+#  notify: restart kibana
-  tags:
+#  tags:
-    - install
+#    - install
-    - skip_ansible_lint
+#    - skip_ansible_lint
-  when:
+#  when:
-    - not build_from_sources
+#    - not build_from_sources
 
-- name: Kibana optimization (can take a while)
+#- name: Kibana optimization (can take a while)
-  shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml
+#  shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml
-  args:
+#  args:
-    executable: /bin/bash
+#    executable: /bin/bash
-  become: yes
+#  become: yes
-  become_user: kibana
+#  become_user: kibana
-  changed_when: false
+#  changed_when: false
-  tags:
+#  tags:
-    - skip_ansible_lint
+#    - skip_ansible_lint
 
 - name: Wait for Elasticsearch port
   wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }}

roles/opensearch/wazuh-dashboard/vars/debian.yml

@@ -0,0 +1,3 @@
+---
+
+kibana_opendistro_version: 4.3.0

roles/opensearch/wazuh-indexer/defaults/main.yml

@@ -0,0 +1,77 @@
+---
+# Cluster Settings
+opendistro_version: 4.3.0
+
+single_node: false
+elasticsearch_node_name: node-1
+opendistro_cluster_name: wazuh
+elasticsearch_network_host: '0.0.0.0'
+
+elasticsearch_node_master: true
+elasticsearch_node_data: true
+elasticsearch_node_ingest: true
+elasticsearch_start_timeout: 90
+
+elasticsearch_lower_disk_requirements: false
+elasticsearch_cluster_nodes:
+  - 127.0.0.1
+elasticsearch_discovery_nodes:
+  - 127.0.0.1
+
+local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
+##check if it is the correct directory
+
+# Minimum master nodes in cluster, 2 for 3 nodes elasticsearch cluster
+minimum_master_nodes: 2
+
+# Configure hostnames for Elasticsearch nodes
+# Example es1.example.com, es2.example.com
+domain_name: wazuh.com
+
+# The OpenDistro package repository
+package_repos:
+  yum:
+    opendistro:
+      #baseurl: 'https://packages.wazuh.com/4.x/yum/'
+      baseurl: 'https://packages-dev.wazuh.com/pre-release/yum/'
+      #gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
+      gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
+  apt:
+    opendistro:
+      #baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
+      baseurl: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main'
+      #gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
+      gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
+    openjdk:
+      baseurl: 'deb http://deb.debian.org/debian stretch-backports main'
+      
+opendistro_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig
+opendistro_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools
+opendistro_conf_path: /etc/wazuh-indexer/
+opendistro_index_path: /var/lib/wazuh-indexer/
+
+# Security password
+opendistro_custom_user: ""
+opendistro_custom_user_role: "admin"
+
+# Set JVM memory limits
+opendistro_jvm_xms: null
+
+opendistro_http_port: 9700
+## 732 this port changes to 9700
+
+certs_gen_tool_version: 4.3
+## 732 will no longer be needed. /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-cert-tool.sh comes with the package.
+
+# Url of Search Guard certificates generator tool
+certs_gen_tool_url: "https://packages-dev.wazuh.com/resources/{{ certs_gen_tool_version }}/install_functions/opendistro/wazuh-cert-tool.sh"
+## 732 will no longer be needed. /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-cert-tool.sh comes with the package.
+
+opendistro_admin_password: changeme
+opendistro_kibana_password: changeme
+
+# Deployment settings
+generate_certs: true
+perform_installation: true
+
+opendistro_nolog_sensible: true

roles/opensearch/wazuh-indexer/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart wazuh-indexer
+  service:
+    name: wazuh-indexer
+    state: restarted
+## 732 the name of the service changes to wazuh-indexer

roles/opensearch/wazuh-indexer/tasks/Debian.yml

@@ -9,7 +9,8 @@
   when: (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "9")
   block:
   
-    - name: Install OpenDistro dependencies
+    - name: Install Wazuh-Indexer dependencies
+    ## 732 change task name
       apt:
         name: [
           'unzip', 'wget', 'curl', 'apt-transport-https', software-properties-common
@@ -21,22 +22,24 @@
         keyserver: keyserver.ubuntu.com
         id: 648ACFD622F3D138
     
-    - name: Add openjdk repository
+#    - name: Add openjdk repository
-      apt_repository:
+#      apt_repository:
-        repo: "{{ package_repos.apt.openjdk.baseurl }}"
+#        repo: "{{ package_repos.apt.openjdk.baseurl }}"
-        state: present
+#        state: present
-        update_cache: yes
+#        update_cache: yes
-        filename: 'wazuh-openjdk'
+#        filename: 'wazuh-openjdk'
 
-- name: Install openjdk-11-jdk
+#- name: Install openjdk-11-jdk
-  apt:
+### 732 will not be needed as indexer comes with the jdk.
-    name: openjdk-11-jdk
+#  apt:
-    state: present
+#    name: openjdk-11-jdk
-  environment:
+#    state: present
-    JAVA_HOME: /usr
+#  environment:
+#    JAVA_HOME: /usr
 
-- name: Add Opendistro repository
+- name: Add Wazuh-Indexer repository
   block:
+  ## 732 the wazuh repo should be added instead
     - name: Add apt repository signing key
       apt_key:
         url: "{{ package_repos.apt.opendistro.gpg }}"
@@ -49,9 +52,10 @@
         filename: 'wazuh-opendistro'
         update_cache: yes
 
-- name: Install OpenDistro
+- name: Install Wazuh-Indexer
+## the indexer package should be installed instead
   apt:
-    name: opendistroforelasticsearch={{ opendistro_version }}-1
+    name: wazuh-indexer={{ opendistro_version }}-1
     state: present
   register: install
   tags: install 

roles/opensearch/wazuh-indexer/tasks/RMRedHat.yml

@@ -1,5 +1,6 @@
 ---
 - name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata)
+  ## 732 will not be needed and if it is needed the wazuh repo should be removed.
   yum_repository:
     name: opendistro_repo
     state: absent

roles/opensearch/wazuh-indexer/tasks/RedHat.yml

@@ -0,0 +1,54 @@
+---
+- block:
+
+  - name: RedHat/CentOS/Fedora | Add Wazuh-Indexer repo
+   ## 732 wazuh repo should be added instead.
+    yum_repository:
+      file: opendistro
+      name: opendistro_repo
+      description: Opendistro yum repository
+      baseurl: "{{ package_repos.yum.opendistro.baseurl }}"
+      gpgkey: "{{ package_repos.yum.opendistro.gpg }}"
+      gpgcheck: true
+    changed_when: false
+
+#  - name: RedHat/CentOS/Fedora | Install OpenJDK 11
+#  ## 732 will not be needed
+#    yum:
+#      name: java-11-openjdk-devel
+#      state: present
+#    when:
+#      - ansible_distribution != 'Amazon'
+
+#  - name: Amazon Linux | Install OpenJDK 11
+#  ## 732 will not be needed
+#    block:
+#      - name: Install Amazon extras
+#        yum:
+#          name: amazon-linux-extras
+#          state: present
+
+#      - name: Install OpenJDK 11
+#        shell: amazon-linux-extras install java-openjdk11 -y
+
+#    when:
+#      - ansible_distribution == 'Amazon'
+
+  - name: RedHat/CentOS/Fedora | Install OpenDistro dependencies
+    yum:
+      name: "{{ packages }}"
+    vars:
+      packages:
+      - wget
+      - unzip
+
+  - name: Install Wazuh-Indexer
+  ## 732 the package name should be updated
+    package:
+      name: wazuh-indexer-{{ opendistro_version }}
+      state: present
+    register: install
+    tags: install
+
+  tags:
+  - install

roles/opensearch/wazuh-indexer/tasks/local_actions.yml

@@ -0,0 +1,76 @@
+---
+- name: Check if certificates already exists
+  stat:
+    path: "{{ local_certs_path }}"
+  register: certificates_folder
+  delegate_to: localhost
+  become: no
+  tags:
+    - generate-certs
+
+
+- block:
+
+  - name: Local action | Create local temporary directory for certificates generation
+    file:
+      path: "{{ local_certs_path }}"
+      mode: 0755
+      state: directory
+
+  - name: Local action | Check that the generation tool exists
+  ## 732 will not be needed
+    stat:
+      path: "{{ local_certs_path }}/wazuh-cert-tool.sh"
+    register: tool_package
+
+  - name: Local action | Download certificates generation tool
+  ## 732 will not be needed
+    get_url:
+      url: "{{ certs_gen_tool_url }}"
+      dest: "{{ local_certs_path }}/wazuh-cert-tool.sh"
+      #search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
+    when: not tool_package.stat.exists
+
+#  - name: Local action | Extract the certificates generation tool
+#  ## 732 will not be needed
+#    unarchive:
+#      src: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
+#      dest: "{{ local_certs_path }}/"
+
+#  - name: Local action | Add the execution bit to the binary
+#  ## 732 will not be needed
+#    file:
+#      dest: "{{ local_certs_path }}/tools/sgtlstool.sh"
+#      mode: a+x
+
+  - name: Local action | Prepare the certificates generation template file
+## 732 need to resolve the certificate creation (config.yml)
+    template:
+      src: "templates/config.yml.j2"
+      dest: "{{ local_certs_path }}/config.yml"
+      mode: 0644
+    register: tlsconfig_template
+
+#  - name: Create a directory if it does not exist
+#    file:
+#      path: "{{ local_certs_path }}/certs/"
+#      state: directory
+#      mode: '0755'
+
+#  - name: Local action | Check if root CA file exists
+#    stat:
+#      path: "{{ local_certs_path }}/certs/root-ca.key"
+#    register: root_ca_file
+
+  - name: Local action | Generate the node & admin certificates in local
+    command: >-
+      bash {{ local_certs_path }}/wazuh-cert-tool.sh
+    become: yes
+
+  run_once: true
+  delegate_to: localhost
+  become: no
+  tags:
+    - generate-certs
+  when:
+    - not certificates_folder.stat.exists

roles/opensearch/wazuh-indexer/tasks/main.yml

@@ -11,32 +11,35 @@
     - import_tasks: Debian.yml
       when: ansible_os_family == 'Debian'
 
-    - name: Remove performance analyzer plugin from elasticsearch
+#    - name: Remove performance analyzer plugin from elasticsearch
-      become: true
+#  ## 732 will not be needed
-      command: ./elasticsearch-plugin remove opendistro-performance-analyzer
+#      become: true
-      ignore_errors: true
+#      command: ./elasticsearch-plugin remove opendistro-performance-analyzer
-      args:
+#      ignore_errors: true
-        chdir: /usr/share/elasticsearch/bin/
+#      args:
-      register: remove_elasticsearch_performance_analyzer
+#        chdir: /usr/share/elasticsearch/bin/
-      failed_when:
+#      register: remove_elasticsearch_performance_analyzer
-        - remove_elasticsearch_performance_analyzer.rc != 0
+#      failed_when:
-        - '"not found" not in remove_elasticsearch_performance_analyzer.stderr'
+#        - remove_elasticsearch_performance_analyzer.rc != 0
-      changed_when: "remove_elasticsearch_performance_analyzer.rc == 0"
+#        - '"not found" not in remove_elasticsearch_performance_analyzer.stderr'
+#      changed_when: "remove_elasticsearch_performance_analyzer.rc == 0"
 
     - name: Remove elasticsearch configuration file
+  ## 732 will not be needed
       file:
-        path: "{{ opendistro_conf_path }}/elasticsearch.yml"
+        path: "{{ opendistro_conf_path }}/opensearch.yml"
         state: absent
       tags: install
 
     - name: Copy Configuration File
-      blockinfile:
+  ## 732 will not be needed
-        block: "{{ lookup('template', 'elasticsearch.yml.j2') }}"
+      template:
-        dest: "{{ opendistro_conf_path }}/elasticsearch.yml"
+        src: "templates/opensearch.yml.j2"
-        create: true
+        dest: "{{ opendistro_conf_path }}/opensearch.yml"
-        group: elasticsearch
+        owner: root
+        group: wazuh-indexer
         mode: 0640
-        marker: "## {mark} Opendistro general settings ##"
+        force: yes
       tags: install
 
     - include_tasks: security_actions.yml
@@ -45,44 +48,59 @@
 
 
     - name: Configure OpenDistro Elasticsearch JVM memmory.
+  ## 732 will not be needed and if it is needed the path should be updated.
       template:
         src: "templates/jvm.options.j2"
-        dest: /etc/elasticsearch/jvm.options
+        dest: "{{ opendistro_conf_path }}/jvm.options"
         owner: root
-        group: elasticsearch
+        group: wazuh-indexer
         mode: 0644
         force: yes
-      notify: restart elasticsearch
+      notify: restart wazuh-indexer
       tags: install
 
     - name: Configure disabled log4j.
+  ## 732 will not be needed
       template:
         src: "templates/disabledlog4j.options.j2"
-        dest: /etc/elasticsearch/jvm.options.d/disabledlog4j.options
+        dest: "{{ opendistro_conf_path }}/jvm.options.d/disabledlog4j.options"
         owner: root
-        group: elasticsearch
+        group: wazuh-indexer
         mode: 2750
         force: yes
-      notify: restart elasticsearch
+      notify: restart wazuh-indexer
       tags: install
 
     - name: Ensure extra time for Elasticsearch to start on reboots
       lineinfile:
-        path: /usr/lib/systemd/system/elasticsearch.service
+        path: /usr/lib/systemd/system/wazuh-indexer.service
         regexp: '^TimeoutStartSec='
         line: "TimeoutStartSec={{ elasticsearch_start_timeout }}"
       become: yes
       tags: configure
 
+    - name: Index files to remove
+      find:
+        paths: "{{ opendistro_index_path }}"
+        patterns: "*"
+      register: files_to_delete
+
+    - name: Remove Index Files
+      file: 
+        path: "{{ item.path }}"
+        state: absent
+      with_items: "{{ files_to_delete.files }}"
+
     - name: Ensure Elasticsearch started and enabled
+  ## 732 the service name should be updated
       service:
-        name: elasticsearch
+        name: wazuh-indexer
         enabled: true
         state: started
 
     - name: Wait for Elasticsearch API
       uri:
-        url: "https://{{ inventory_hostname if not single_node else elasticsearch_network_host }}:{{ opendistro_http_port }}/_cluster/health/"
+        url: "https://{{ inventory_hostname if not single_node else elasticsearch_network_host }}:{{ opendistro_http_port }}/_cat/health/"
         user: "admin" # Default OpenDistro user is always "admin"
         password: "{{ opendistro_admin_password }}"
         validate_certs: no
@@ -101,7 +119,7 @@
 
     - name: Wait for Elasticsearch API (Private IP)
       uri:
-        url: "https://{{ hostvars[inventory_hostname]['private_ip'] if not single_node else elasticsearch_network_host }}:{{ opendistro_http_port }}/_cluster/health/"
+        url: "https://{{ hostvars[inventory_hostname]['private_ip'] if not single_node else elasticsearch_network_host }}:{{ opendistro_http_port }}/_cat/health/"
         user: "admin" # Default OpenDistro user is always "admin"
         password: "{{ opendistro_admin_password }}"
         validate_certs: no
@@ -125,5 +143,5 @@
       systemd:
         daemon_reload: true
       become: yes
-      notify: restart elasticsearch
+      notify: restart wazuh-indexer
   when: perform_installation

roles/opensearch/wazuh-indexer/tasks/security_actions.yml

@@ -1,12 +1,13 @@
-- name: Remove demo certs
+#- name: Remove demo certs
-  file:
+#  ## 732 will not be needed
-    path: "{{ item }}"
+#  file:
-    state: absent
+#    path: "{{ item }}"
-  with_items:
+#    state: absent
-    - "{{ opendistro_conf_path }}/kirk.pem"
+#  with_items:
-    - "{{ opendistro_conf_path }}/kirk-key.pem"
+#    - "{{ opendistro_conf_path }}/kirk.pem"
-    - "{{ opendistro_conf_path }}/esnode.pem"
+#    - "{{ opendistro_conf_path }}/kirk-key.pem"
-    - "{{ opendistro_conf_path }}/esnode-key.pem"
+#    - "{{ opendistro_conf_path }}/esnode.pem"
+#    - "{{ opendistro_conf_path }}/esnode-key.pem"
 
 - name: Configure IP (Private address)
   set_fact:
@@ -24,38 +25,39 @@
 - name: Copy the node & admin certificates to Elasticsearch cluster
   copy:
     src: "{{ local_certs_path }}/certs/{{ item }}"
-    dest: /etc/elasticsearch/
+    dest: "{{ opendistro_conf_path }}/certs/"
     mode: 0644
+  become: yes
   with_items:
     - root-ca.pem
     - root-ca.key
-    - "{{ elasticsearch_node_name }}.key"
+    - "{{ elasticsearch_node_name }}-key.pem"
     - "{{ elasticsearch_node_name }}.pem"
-    - "{{ elasticsearch_node_name }}_http.key"
+    #- "{{ elasticsearch_node_name }}_http.key"
-    - "{{ elasticsearch_node_name }}_http.pem"
+    #- "{{ elasticsearch_node_name }}_http.pem"
-    - "{{ elasticsearch_node_name }}_elasticsearch_config_snippet.yml"
+    #- "{{ elasticsearch_node_name }}_elasticsearch_config_snippet.yml"
-    - admin.key
+    - admin-key.pem
     - admin.pem
 
-- name: Copy the OpenDistro security configuration file to cluster
+#- name: Copy the OpenDistro security configuration file to cluster
-  blockinfile:
+#  blockinfile:
-    block: "{{ lookup('file', snippet_path ) }}"
+#    block: "{{ lookup('file', snippet_path ) }}"
-    dest: "{{ opendistro_conf_path }}/elasticsearch.yml"
+#    dest: "{{ opendistro_conf_path }}/elasticsearch.yml"
-    insertafter: EOF
+#    insertafter: EOF
-    marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##"
+#    marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##"
-  vars:
+#  vars:
-    snippet_path: '{{ local_certs_path }}/certs/{{ elasticsearch_node_name }}_elasticsearch_config_snippet.yml'
+#    snippet_path: '{{ local_certs_path }}/certs/{{ elasticsearch_node_name }}_elasticsearch_config_snippet.yml'
 
-- name: Prepare the OpenDistro security configuration file
+#- name: Prepare the OpenDistro security configuration file
-  replace:
+#  replace:
-    path: "{{ opendistro_conf_path }}/elasticsearch.yml"
+#    path: "{{ opendistro_conf_path }}/elasticsearch.yml"
-    regexp: 'searchguard'
+#    regexp: 'searchguard'
-    replace: 'opendistro_security'
+#    replace: 'opendistro_security'
-  tags: local
+#  tags: local
 
 - name: Restart elasticsearch with security configuration
   systemd:
-    name: elasticsearch
+    name: wazuh-indexer
     state: restarted
 
 - name: Copy the OpenDistro security internal users template
@@ -98,18 +100,21 @@
 
 - name: Initialize the OpenDistro security index in elasticsearch
   command: >
+    sudo -u wazuh-indexer OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
+    JAVA_HOME=/usr/share/wazuh-indexer/jdk
     {{ opendistro_sec_plugin_tools_path }}/securityadmin.sh
-    -cacert {{ opendistro_conf_path }}/root-ca.pem
+    -cd {{ opendistro_sec_plugin_tools_path }}/
-    -cert {{ opendistro_conf_path }}/admin.pem
+    -icl -p 9800 -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig
-    -key {{ opendistro_conf_path }}/admin.key
+    -cacert {{ opendistro_conf_path }}/certs/root-ca.pem
-    -cd {{ opendistro_sec_plugin_conf_path }}/
+    -cert {{ opendistro_conf_path }}/certs/admin.pem
-    -nhnv -icl
+    -key {{ opendistro_conf_path }}/certs/admin-key.pem
+    -nhnv
     -h {{ target_address }}
   run_once: true # noqa 301
 
 - name: Create custom user
   uri:
-    url: "https://{{ target_address }}:{{ opendistro_http_port }}/_opendistro/_security/api/internalusers/{{ opendistro_custom_user }}"
+    url: "https://{{ target_address }}:{{ opendistro_http_port }}/_plugins/_security/api/internalusers/{{ opendistro_custom_user }}"
     method: PUT
     user: "admin" # Default OpenDistro user is always "admin"
     password: "{{ opendistro_admin_password }}"

roles/opensearch/wazuh-indexer/templates/config.yml.j2

@@ -0,0 +1,33 @@
+nodes:
+  # Elasticsearch server nodes
+  elasticsearch:
+{% for (key,value) in instances.items() %}
+{% if (value.role is defined and value.role == 'indexer') %}
+    name: {{ value.name }}
+    ip: {{ value.ip }}
+{% endif %}
+{% endfor %}
+
+  # Wazuh server nodes
+  # Use node_type only with more than one Wazuh manager
+  wazuh_servers:
+{% for (key,value) in instances.items() %}
+{% if (value.role is defined and value.role == 'wazuh') %}
+    name: {{ value.name }}
+    ip: {{ value.ip }}
+{% endif %}
+{% if (value.node_type is defined and value.node_type == 'master') %}
+    node_type: master
+{% elif (value.node_type is defined and value.node_type == 'worker') %}
+    node_type: worker
+{% endif %}
+{% endfor %}
+
+  # Kibana node
+  kibana:
+{% for (key,value) in instances.items() %}
+{% if (value.role is defined and value.role == 'dashboard') %}
+    name: {{ value.name }}
+    ip: {{ value.ip }}
+{% endif %}
+{% endfor %}

roles/opensearch/wazuh-indexer/templates/jvm.options copy.j2

@@ -0,0 +1,83 @@
+## JVM configuration
+
+################################################################
+## IMPORTANT: JVM heap size
+################################################################
+##
+## You should always set the min and max JVM heap
+## size to the same value. For example, to set
+## the heap to 4 GB, set:
+##
+## -Xms4g
+## -Xmx4g
+##
+## See https://opensearch.org/docs/opensearch/install/important-settings/
+## for more information
+##
+################################################################
+
+# Xms represents the initial size of total heap space
+# Xmx represents the maximum size of total heap space
+
+-Xms1g
+-Xmx1g
+
+################################################################
+## Expert settings
+################################################################
+##
+## All settings below this section are considered
+## expert settings. Don't tamper with them unless
+## you understand what you are doing
+##
+################################################################
+
+## GC configuration
+8-13:-XX:+UseConcMarkSweepGC
+8-13:-XX:CMSInitiatingOccupancyFraction=75
+8-13:-XX:+UseCMSInitiatingOccupancyOnly
+
+## G1GC Configuration
+# NOTE: G1 GC is only supported on JDK version 10 or later
+# to use G1GC, uncomment the next two lines and update the version on the
+# following three lines to your version of the JDK
+# 10-13:-XX:-UseConcMarkSweepGC
+# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
+14-:-XX:+UseG1GC
+14-:-XX:G1ReservePercent=25
+14-:-XX:InitiatingHeapOccupancyPercent=30
+
+## JVM temporary directory
+-Djava.io.tmpdir=${OPENSEARCH_TMPDIR}
+
+## heap dumps
+
+# generate a heap dump when an allocation from the Java heap fails
+# heap dumps are created in the working directory of the JVM
+-XX:+HeapDumpOnOutOfMemoryError
+
+# specify an alternative path for heap dumps; ensure the directory exists and
+# has sufficient space
+-XX:HeapDumpPath=data
+
+# specify an alternative path for JVM fatal error logs
+-XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log
+
+## JDK 8 GC logging
+8:-XX:+PrintGCDetails
+8:-XX:+PrintGCDateStamps
+8:-XX:+PrintTenuringDistribution
+8:-XX:+PrintGCApplicationStoppedTime
+8:-Xloggc:/var/log/wazuh-indexer/gc.log
+8:-XX:+UseGCLogFileRotation
+8:-XX:NumberOfGCLogFiles=32
+8:-XX:GCLogFileSize=64m
+
+# JDK 9+ GC logging
+9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m
+
+
+## OpenDistro Performance Analyzer
+-Dclk.tck=100
+-Djdk.attach.allowAttachSelf=true
+-Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opendistro-performance-analyzer/pa_config/es_security.policy

roles/opensearch/wazuh-indexer/templates/jvm.options.j2

@@ -62,7 +62,7 @@
 14-:-XX:InitiatingHeapOccupancyPercent=30
 
 ## JVM temporary directory
--Djava.io.tmpdir=${ES_TMPDIR}
+-Djava.io.tmpdir=${OPENSEARCH_TMPDIR}
 
 ## heap dumps
 
@@ -72,25 +72,25 @@
 
 # specify an alternative path for heap dumps; ensure the directory exists and
 # has sufficient space
--XX:HeapDumpPath=/var/lib/elasticsearch
+-XX:HeapDumpPath=data
 
 # specify an alternative path for JVM fatal error logs
--XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log
+-XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log
 
 ## JDK 8 GC logging
 8:-XX:+PrintGCDetails
 8:-XX:+PrintGCDateStamps
 8:-XX:+PrintTenuringDistribution
 8:-XX:+PrintGCApplicationStoppedTime
-8:-Xloggc:/var/log/elasticsearch/gc.log
+8:-Xloggc:/var/log/wazuh-indexer/gc.log
 8:-XX:+UseGCLogFileRotation
 8:-XX:NumberOfGCLogFiles=32
 8:-XX:GCLogFileSize=64m
 
 # JDK 9+ GC logging
-9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m
+9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m
 
 ## OpenDistro Performance Analyzer
 -Dclk.tck=100
 -Djdk.attach.allowAttachSelf=true
--Djava.security.policy=file:///usr/share/elasticsearch/plugins/opendistro_performance_analyzer/pa_config/es_security.policy
+-Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy

roles/opensearch/wazuh-indexer/templates/opensearch.yml.j2

@@ -0,0 +1,52 @@
+network.host: {{ elasticsearch_network_host }}
+node.name: {{ elasticsearch_node_name }}
+{% if single_node == true %}
+discovery.type: single-node
+{% else %}
+cluster.initial_master_nodes:
+{% for item in elasticsearch_cluster_nodes %}
+  - {{ item }}
+{% endfor %}
+{% endif %}
+cluster.name: {{ opendistro_cluster_name }}
+
+http.port: 9700-9799
+transport.tcp.port: 9800-9899
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+
+
+###############################################################################
+#                                                                             #
+#         WARNING: Demo certificates set up in this file.                     #
+#                  Please change on production cluster!                       #
+#                                                                             #
+###############################################################################
+
+plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/{{ elasticsearch_node_name }}.pem
+plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/{{ elasticsearch_node_name }}-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/{{ elasticsearch_node_name }}.pem
+plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/{{ elasticsearch_node_name }}-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+
+plugins.security.audit.type: internal_opensearch
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Docu,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN={{ elasticsearch_node_name }},OU=Docu,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
+
+### Option to allow Filebeat-oss 7.10.2 to work ###
+compatibility.override_main_response_version: true