afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removing unneeded blocks and commenting latest implementation for centos and trusty

Browse Source
This commit is contained in:
Jose M 2019-07-30 15:18:55 +02:00
parent b1faf023df
commit d877738d45
1 changed files with 36 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
View File

@ -175,19 +175,6 @@
- elasticsearch_xpack_security - elasticsearch_xpack_security
tags: xpack-security tags: xpack-security
# - name: Unzip generated certs.zip
# unarchive:
# src: "/tmp/elastic_certificates/certs.zip"
# dest: "/tmp/elastic_certificates"
# become: true
# when:
# - node_certs_generator
# - elasticsearch_xpack_security
# - certs_file_generated is defined
# - not certificate_file_exists.stat.exists
# tags: xpack-security
- name: Ensuring certificates folder owner - name: Ensuring certificates folder owner
shell: "chown -R elasticsearch: {{node_certs_destination}}/" shell: "chown -R elasticsearch: {{node_certs_destination}}/"
when: when:
@ -202,9 +189,6 @@
- elasticsearch_xpack_security - elasticsearch_xpack_security
tags: xpack-security tags: xpack-security
# Importing certificates
- name: Copying node's certificate from master - name: Copying node's certificate from master
copy: copy:
src: "{{item}}" src: "{{item}}"
@ -215,14 +199,6 @@
- "{{master_certs_destination}}/ca/ca.crt" - "{{master_certs_destination}}/ca/ca.crt"
tags: xpack-security tags: xpack-security
# - name: Remove generated certs file
# shell: /bin/rm -f {{node_certs_source}}/certs.zip*
# when:
# - node_certs_generator
# - elasticsearch_xpack_security
# tags: xpack-security
- name: Configure Elasticsearch. - name: Configure Elasticsearch.
template: template:
src: elasticsearch.yml.j2 src: elasticsearch.yml.j2
@ -238,49 +214,52 @@
when: when:
- elasticsearch_xpack_security - elasticsearch_xpack_security
- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf # - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf
lineinfile: # lineinfile:
path: /etc/security/limits.conf # path: /etc/security/limits.conf
line: elasticsearch - memlock unlimited # line: elasticsearch - memlock unlimited
create: yes # create: yes
become: true # become: true
when: # when:
- ansible_distribution == "Ubuntu" # - ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14 # - ansible_distribution_major_version | int == 14
changed_when: false # changed_when: false
- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.d/elasticsearch.conf # - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.d/elasticsearch.conf
lineinfile: # lineinfile:
path: /etc/security/limits.d/elasticsearch.conf # path: /etc/security/limits.d/elasticsearch.conf
line: elasticsearch - memlock unlimited # line: elasticsearch - memlock unlimited
create: yes # create: yes
become: true # become: true
changed_when: false # changed_when: false
when: # when:
- ansible_distribution == "Ubuntu" # - ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14 # - ansible_distribution_major_version | int == 14
- name: Distribution != one of [ centos 6.*, trusty ] | Reload systemd # - name: Distribution != one of [ centos 6.*, trusty ] | Reload systemd
systemd: daemon_reload=true # systemd: daemon_reload=true
ignore_errors: true # ignore_errors: true
when: # when:
- not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") # - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) # - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<'))
- not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) # - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<'))
- not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) # - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<'))
- name: Distribution is centos 6.* | Enable Elasticsearch # - name: Distribution is centos 6.* | Enable Elasticsearch
service: name=elasticsearch enabled=yes # service: name=elasticsearch enabled=yes
- name: Distribution is centos 6.* | Start Elasticsearch # - name: Distribution is centos 6.* | Start Elasticsearch
service: name=elasticsearch state=started # service: name=elasticsearch state=started
ignore_errors: true # ignore_errors: true
- name: Ensure Elasticsearch started and enabled - name: Ensure Elasticsearch started and enabled
service: service:
name: elasticsearch name: elasticsearch
enabled: true enabled: true
state: started state: started
tags:
- configure
- init
- name: Make sure Elasticsearch is running before proceeding - name: Make sure Elasticsearch is running before proceeding
wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300 wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300