afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added new variables

Browse Source
This commit is contained in:
Manuel J. Bernal 2020-05-08 18:43:01 +02:00
parent 9152d07ac1
commit a2fe75775e
3 changed files with 16 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
roles/opendistro/opendistro-elasticsearch/defaults/main.yml
View File

@ -39,6 +39,9 @@ opendistro_jvm_xms: null
opendistro_http_port: 9200 opendistro_http_port: 9200
# Url of Search Guard certificates generator tool
certs_gen_tool_url: https://releases.floragunn.com/search-guard-tlstool/1.7/search-guard-tlstool-1.7.zip
elasticrepo: elasticrepo:
apt: 'https://artifacts.elastic.co/packages/7.x/apt' apt: 'https://artifacts.elastic.co/packages/7.x/apt'
yum: 'https://artifacts.elastic.co/packages/7.x/yum' yum: 'https://artifacts.elastic.co/packages/7.x/yum'
@ -50,13 +53,5 @@ opendistro_kibana_password: changeme
# Cluster Settings # Cluster Settings
single_node: true single_node: true
opendistro_cluster_name: wazuh opendistro_cluster_name: wazuh
opendistro_node_name: node-1
opendistro_bootstrap_node: false
opendistro_node_master: false
opendistro_cluster_nodes:
- 127.0.0.1
opendistro_discovery_nodes:
- 127.0.0.1
opendistro_node_data: true
opendistro_node_ingest: true
local_certs_path: /tmp/opendistro-nodecerts

20
roles/opendistro/opendistro-elasticsearch/tasks/LocalActions.yml
View File

@ -4,27 +4,27 @@
- name: Local action | Create local temporary directory for certificates generation - name: Local action | Create local temporary directory for certificates generation
local_action: local_action:
module: file module: file
path: /tmp/opendistro-nodecerts path: {{ local_certs_path }}
state: directory state: directory
run_once: true run_once: true
- name: Local action | Download certificates generation tool - name: Local action | Download certificates generation tool
local_action: local_action:
module: get_url module: get_url
url: https://releases.floragunn.com/search-guard-tlstool/1.7/search-guard-tlstool-1.7.zip url: "{{ certs_gen_tool_url }}"
dest: /tmp/opendistro-nodecerts/search-guard-tlstool-1.7.zip dest: "{{ local_certs_path }}/search-guard-tlstool-1.7.zip"
run_once: /tmp/opendistro-nodecerts/search-guard-tlstool.zip run_once: "{{ local_certs_path }}/search-guard-tlstool.zip"
- name: Local action | Extract the certificates generation tool - name: Local action | Extract the certificates generation tool
local_action: local_action:
module: unarchive module: unarchive
src: /tmp/opendistro-nodecerts/search-guard-tlstool-1.7.zip src: "{{ local_certs_path }}/search-guard-tlstool-1.7.zip"
dest: /tmp/opendistro-nodecerts/ dest: "{{ local_certs_path }}/"
- name: Local action | Add the execution bit to the binary - name: Local action | Add the execution bit to the binary
local_action: local_action:
module: file module: file
dest: /tmp/opendistro-nodecerts/tools/sgtlstool.sh dest: "{{ local_certs_path }}/tools/sgtlstool.sh"
mode: a+x mode: a+x
run_once: true run_once: true
@ -32,18 +32,18 @@
local_action: local_action:
module: template module: template
src: "templates/tlsconfig.yml.j2" src: "templates/tlsconfig.yml.j2"
dest: /tmp/opendistro-nodecerts/config/tlsconfig.yml dest: "{{ local_certs_path }}/config/tlsconfig.yml"
run_once: true run_once: true
- name: Local action | Check if root CA file exists - name: Local action | Check if root CA file exists
local_action: local_action:
module: stat module: stat
path: /tmp/opendistro-nodecerts/config/root-ca.key path: "{{ local_certs_path }}/config/root-ca.key"
register: root_ca_file register: root_ca_file
- name: Local action | Generate the node & admin certificates in local - name: Local action | Generate the node & admin certificates in local
local_action: local_action:
module: command /tmp/opendistro-nodecerts/tools/sgtlstool.sh -c /tmp/opendistro-nodecerts/config/tlsconfig.yml -ca -crt -t /tmp/opendistro-nodecerts/config/ -f -o module: command {{ local_certs_path }}/tools/sgtlstool.sh -c {{ local_certs_path }}/config/tlsconfig.yml -ca -crt -t {{ local_certs_path }}/config/ -f -o
run_once: true run_once: true
when: root_ca_file.stat.exists == False when: root_ca_file.stat.exists == False

4
roles/opendistro/opendistro-elasticsearch/tasks/SecurityActions.yml
View File

@ -12,7 +12,7 @@
- name: Copy the node & admin certificates to Elasticsearch cluster - name: Copy the node & admin certificates to Elasticsearch cluster
copy: copy:
src: "/tmp/opendistro-nodecerts/config/{{ item }}" src: "{{ local_certs_path }}/config/{{ item }}"
dest: /etc/elasticsearch/ dest: /etc/elasticsearch/
mode: 0644 mode: 0644
with_items: with_items:
@ -28,7 +28,7 @@
- name: Copy the opendistro security configuration file to cluster - name: Copy the opendistro security configuration file to cluster
blockinfile: blockinfile:
block: "{{ lookup('file', '/tmp/opendistro-nodecerts/config/{{ inventory_hostname }}_elasticsearch_config_snippet.yml') }}" block: "{{ lookup('file', '{{ local_certs_path }}/config/{{ inventory_hostname }}_elasticsearch_config_snippet.yml') }}"
dest: "{{ opendistro_conf_path }}/elasticsearch.yml" dest: "{{ opendistro_conf_path }}/elasticsearch.yml"
insertafter: EOF insertafter: EOF
marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##" marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##"