diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 80f23884..904a565a 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -214,44 +214,27 @@ when: - elasticsearch_xpack_security -# - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf -# lineinfile: -# path: /etc/security/limits.conf -# line: elasticsearch - memlock unlimited -# create: yes -# become: true -# when: -# - ansible_distribution == "Ubuntu" -# - ansible_distribution_major_version | int == 14 -# changed_when: false - -# - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.d/elasticsearch.conf -# lineinfile: -# path: /etc/security/limits.d/elasticsearch.conf -# line: elasticsearch - memlock unlimited -# create: yes -# become: true -# changed_when: false -# when: -# - ansible_distribution == "Ubuntu" -# - ansible_distribution_major_version | int == 14 - -# - name: Distribution != one of [ centos 6.*, trusty ] | Reload systemd -# systemd: daemon_reload=true -# ignore_errors: true -# when: -# - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") -# - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) -# - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) -# - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - -# - name: Distribution is centos 6.* | Enable Elasticsearch -# service: name=elasticsearch enabled=yes - -# - name: Distribution is centos 6.* | Start Elasticsearch -# service: name=elasticsearch state=started -# ignore_errors: true +- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf + lineinfile: + path: /etc/security/limits.conf + line: elasticsearch - memlock unlimited + create: yes + become: true + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + changed_when: false +- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.d/elasticsearch.conf + lineinfile: + path: /etc/security/limits.d/elasticsearch.conf + line: elasticsearch - memlock unlimited + create: yes + become: true + changed_when: false + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 - name: Ensure Elasticsearch started and enabled service: name: elasticsearch @@ -267,32 +250,6 @@ - configure - init -- name: Check for Wazuh Alerts template (http) - uri: - url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/_template/wazuh" - method: GET - status_code: 200, 404 - when: - - elasticsearch_bootstrap_node or single_node - - not elasticsearch_xpack_security - poll: 30 - register: wazuh_alerts_template_exits - until: wazuh_alerts_template_exits is succeeded - tags: init - -- name: Installing Wazuh Alerts template (http) - uri: - url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/_template/wazuh" - method: PUT - status_code: 200 - body_format: json - body: "{{ lookup('template','wazuh-elastic7-template-alerts.json.j2') }}" - when: - - wazuh_alerts_template_exits.status is defined - - wazuh_alerts_template_exits.status != 200 - - not elasticsearch_xpack_security - tags: init - - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat"