First OpenDistro default installation

playbooks/wazuh-opendistro.yml

@@ -0,0 +1,4 @@
+---
+- hosts: 172.16.0.161
+  roles:
+    - role: ../roles/opendistro/opendistro-elasticsearch

roles/opendistro/opendistro-elasticsearch/defaults/main.yml

@@ -0,0 +1,19 @@
+---
+# The OpenDistro version
+opendistro_version: 1.6.0
+
+# The OpenDistro package repository
+package_repos:
+  yum: 
+    opendistro: 
+      baseurl: 'https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/'
+      gpg: 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch'
+    elasticsearch_oss:
+      baseurl: 'https://artifacts.elastic.co/packages/oss-7.x/yum'
+      gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
+
+# Security password
+opendistro_security_password: admin
+
+# Set JVM memory limits
+elasticsearch_jvm_xms: null

roles/opendistro/opendistro-elasticsearch/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart elasticsearch
+  service: name=elasticsearch state=restarted

roles/opendistro/opendistro-elasticsearch/meta/main.yml

@@ -0,0 +1,24 @@
+---
+galaxy_info:
+  author: Wazuh
+  description: Installing and maintaining Opendistro server.
+  company: wazuh.com
+  license: license (GPLv3)
+  min_ansible_version: 2.0
+  platforms:
+    - name: EL
+      versions:
+        - all
+    - name: Ubuntu
+      versions:
+        - all
+    - name: Debian
+      versions:
+        - all
+    - name: Fedora
+      versions:
+        - all
+  galaxy_tags:
+    - web
+    - system
+    - monitoring

roles/opendistro/opendistro-elasticsearch/tasks/RMRedHat.yml

@@ -0,0 +1,6 @@
+---
+- name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata)
+  yum_repository:
+    name: elastic_repo_7
+    state: absent
+  changed_when: false

roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml

@@ -0,0 +1,36 @@
+---
+
+- name: RedHat/CentOS/Fedora | Add OpenDistro repo
+  yum_repository:
+    file: opendistro
+    name: opendistro_repo
+    description: Opendistro yum repository
+    baseurl: "{{ package_repos.yum.opendistro.baseurl }}"
+    gpgkey: "{{ package_repos.yum.opendistro.gpg }}"
+    gpgcheck: true
+  changed_when: false
+
+- name: RedHat/CentOS/Fedora | Add Elasticsearch-oss repo
+  yum_repository:
+    file: opendistro
+    name: elasticsearch_oss_repo
+    description: Elasticsearch-oss yum repository
+    baseurl: "{{ package_repos.yum.elasticsearch_oss.baseurl }}"
+    gpgkey: "{{ package_repos.yum.elasticsearch_oss.gpg }}"
+    gpgcheck: true
+  changed_when: false
+
+- name: RedHat/CentOS/Fedora | Install OpenJDK 11
+  yum: name=java-11-openjdk-devel state=present
+
+- name: RedHat/CentOS/Fedora | Install OpenDistro dependencies
+  yum:
+    name: "{{ packages }}"
+  vars:
+    packages:
+    - wget
+    - unzip
+
+- name: RedHat/CentOS/Fedora | Install OpenDistro
+  package: name=opendistroforelasticsearch-{{ opendistro_version }} state=present
+  tags: install

roles/opendistro/opendistro-elasticsearch/tasks/main.yml

@@ -0,0 +1,58 @@
+---
+- import_tasks: RedHat.yml
+  when: ansible_os_family == 'RedHat'
+
+- import_tasks: Debian.yml
+  when: ansible_os_family == "Debian"
+
+- name: Configure OpenDistro Elasticsearch JVM memmory.
+  template:
+    src: jvm.options.j2
+    dest: /etc/elasticsearch/jvm.options
+    owner: root
+    group: elasticsearch
+    mode: 0660
+  notify: restart elasticsearch
+  tags: configure
+
+# fix in new PR (ignore_errors)
+
+- import_tasks: "RMRedHat.yml"
+  when: ansible_os_family == "RedHat"
+
+
+- name: Ensure Elasticsearch started and enabled
+  service:
+    name: elasticsearch
+    enabled: true
+    state: started
+  tags:
+    - configure
+    - init
+
+- name: Make sure Elasticsearch is running before proceeding
+  wait_for: host=localhost port=9200 delay=3 timeout=400
+  tags:
+    - configure
+    - init
+
+- import_tasks: "RMRedHat.yml"
+  when: ansible_os_family == "RedHat"
+
+- import_tasks: "RMDebian.yml"
+  when: ansible_os_family == "Debian"
+
+- name: Wait for Elasticsearch API
+  uri:
+    url: "https://localhost:9200/_cluster/health/"
+    user: "admin" # Default Elasticsearch user is always "elastic"
+    password: "{{ opendistro_security_password }}"
+    validate_certs: no
+    status_code: 200,401
+    return_content: yes
+    timeout: 4
+  register: _result
+  until: (  _result.json is defined) and (_result.json.status == "green")
+  retries: 24
+  delay: 5
+

roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2

@@ -0,0 +1,117 @@
+#jinja2: trim_blocks:False
+# {{ ansible_managed }}
+## JVM configuration
+
+################################################################
+## IMPORTANT: JVM heap size
+################################################################
+##
+## You should always set the min and max JVM heap
+## size to the same value. For example, to set
+## the heap to 4 GB, set:
+##
+## -Xms4g
+## -Xmx4g
+##
+## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
+## for more information
+##
+################################################################
+
+# Xms represents the initial size of total heap space
+# Xmx represents the maximum size of total heap space
+
+# Xms represents the initial size of total heap space
+# Xmx represents the maximum size of total heap space
+{% if elasticsearch_jvm_xms is not none %}
+{% if elasticsearch_jvm_xms < 32000 %}
+-Xms{{ elasticsearch_jvm_xms }}m
+-Xmx{{ elasticsearch_jvm_xms }}m
+{% else %}
+-Xms32000m
+-Xmx32000m
+{% endif %}
+{% else %}
+-Xms{% if ansible_memtotal_mb < 64000 %}{{ ((ansible_memtotal_mb|int)/2)|int }}m{% else %}32000m{% endif %}
+-Xmx{% if ansible_memtotal_mb < 64000 %}{{ ((ansible_memtotal_mb|int)/2)|int }}m{% else %}32000m{% endif %}
+{% endif %}
+
+################################################################
+## Expert settings
+################################################################
+##
+## All settings below this section are considered
+## expert settings. Don't tamper with them unless
+## you understand what you are doing
+##
+################################################################
+
+## GC configuration
+-XX:+UseConcMarkSweepGC
+-XX:CMSInitiatingOccupancyFraction=75
+-XX:+UseCMSInitiatingOccupancyOnly
+
+## optimizations
+
+# pre-touch memory pages used by the JVM during initialization
+-XX:+AlwaysPreTouch
+
+## basic
+
+# force the server VM
+-server
+
+# explicitly set the stack size
+-Xss1m
+
+# set to headless, just in case
+-Djava.awt.headless=true
+
+# ensure UTF-8 encoding by default (e.g. filenames)
+-Dfile.encoding=UTF-8
+
+# use our provided JNA always versus the system one
+-Djna.nosys=true
+
+# turn off a JDK optimization that throws away stack traces for common
+# exceptions because stack traces are important for debugging
+-XX:-OmitStackTraceInFastThrow
+
+# flags to configure Netty
+-Dio.netty.noUnsafe=true
+-Dio.netty.noKeySetOptimization=true
+-Dio.netty.recycler.maxCapacityPerThread=0
+
+# log4j 2
+-Dlog4j.shutdownHookEnabled=false
+-Dlog4j2.disable.jmx=true
+
+## heap dumps
+
+# generate a heap dump when an allocation from the Java heap fails
+# heap dumps are created in the working directory of the JVM
+-XX:+HeapDumpOnOutOfMemoryError
+
+# specify an alternative path for heap dumps
+# ensure the directory exists and has sufficient space
+-XX:HeapDumpPath=/var/lib/elasticsearch
+
+## GC logging
+
+#-XX:+PrintGCDetails
+#-XX:+PrintGCTimeStamps
+#-XX:+PrintGCDateStamps
+#-XX:+PrintClassHistogram
+#-XX:+PrintTenuringDistribution
+#-XX:+PrintGCApplicationStoppedTime
+
+# log GC status to a file with time stamps
+# ensure the directory exists
+#-Xloggc:${loggc}
+
+# By default, the GC log file will not rotate.
+# By uncommenting the lines below, the GC log file
+# will be rotated every 128MB at most 32 times.
+#-XX:+UseGCLogFileRotation
+#-XX:NumberOfGCLogFiles=32
+#-XX:GCLogFileSize=128M