---
- import_tasks: RedHat.yml
  when: ansible_os_family == 'RedHat'

- import_tasks: Debian.yml
  when: ansible_os_family == 'Debian'

- name: Reload systemd
  systemd: daemon_reload=true
  ignore_errors: true
  when:
    - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
    - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<'))
    - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<'))
    - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<'))

- name: Copying node's certificate from master
  copy:
    src: "{{item}}"
    dest: "{{node_certs_destination}}/"
  with_items: 
    - "{{master_certs_path}}/{{kibana_node_name}}/{{ kibana_node_name }}.key" 
    - "{{master_certs_path}}/{{kibana_node_name}}/{{ kibana_node_name }}.crt"
    - "{{master_certs_path}}/ca/ca.crt"
  tags: xpack-security
  when:
    - kibana_xpack_security
    - generate_CA

- name: Copying node's certificate from master (Custom CA)
  copy:
    src: "{{item}}"
    dest: "{{node_certs_destination}}/"
    mode: '0664' 
  with_items: 
    - "{{master_certs_path}}/{{kibana_node_name}}/{{ kibana_node_name }}.key" 
    - "{{master_certs_path}}/{{kibana_node_name}}/{{ kibana_node_name }}.crt"
    - "{{master_certs_path}}/ca/{{ca_cert_name}}"
  when:
    - kibana_xpack_security
    - not generate_CA
  tags: xpack-security

- name: Ensuring certificates folder owner
  file:
    path: "{{ node_certs_destination }}/"
    state: directory
    recurse: yes
    owner: kibana
    group: kibana
  when:
    - kibana_xpack_security
  tags: xpack-security

- name: Ensuring certificates folder owner
  file:
    path: "{{ node_certs_destination }}/"
    mode: '0770'
    recurse: yes
  when:
    - kibana_xpack_security
  tags: xpack-security

- name: Kibana configuration
  template:
    src: kibana.yml.j2
    dest: /etc/kibana/kibana.yml
    owner: root
    group: root
    mode: '0664' 
  notify: restart kibana
  tags: configure

- name: Checking Wazuh-APP version
  shell: |
    set -o pipefail
    grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo
  args:
    executable: /bin/bash
    removes: /usr/share/kibana/plugins/wazuh/package.json
  register: wazuh_app_verify
  changed_when: false
  tags: install

- name: Removing old Wazuh-APP
  command: /usr/share/kibana/bin/kibana-plugin remove wazuh
  when: wazuh_app_verify.stdout == "0"
  tags: install

- name: Removing bundles
  file: path=/usr/share/kibana/optimize/bundles state=absent
  when: wazuh_app_verify.stdout == "0"
  tags: install

- name: Install Wazuh-APP (can take a while)
  shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip"
  environment:
    NODE_OPTIONS: "--max-old-space-size=3072"
  args:
    executable: /bin/bash
    creates: /usr/share/kibana/plugins/wazuh/package.json
  notify: restart kibana
  become_user: kibana
  tags:
    - install
    - skip_ansible_lint

- name: Ensure Kibana started and enabled
  service:
    name: kibana
    enabled: true
    state: started

- import_tasks: RMRedHat.yml
  when: ansible_os_family == 'RedHat'

- import_tasks: RMDebian.yml
  when: ansible_os_family == 'Debian'