--- - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' - import_tasks: Debian.yml when: ansible_os_family == 'Debian' - name: Reload systemd systemd: daemon_reload: true ignore_errors: true when: - not (ansible_distribution == "Amazon" and ansible_distribution_version == "(Karoo)") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Copying node's certificate from master copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" - "{{ master_certs_path }}/ca/ca.crt" tags: xpack-security when: - kibana_xpack_security - generate_CA - name: Copying node's certificate from master (Custom CA) copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" mode: '0664' with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" - "{{ master_certs_path }}/ca/{{ ca_cert_name }}" when: - kibana_xpack_security - not generate_CA tags: xpack-security - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" state: directory recurse: yes owner: kibana group: kibana when: - kibana_xpack_security tags: xpack-security - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" mode: '0770' recurse: yes when: - kibana_xpack_security notify: restart kibana tags: xpack-security - name: Kibana configuration template: src: kibana.yml.j2 dest: /etc/kibana/kibana.yml owner: root group: root mode: '0664' notify: restart kibana tags: configure - name: Checking Wazuh-APP version shell: >- grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json args: executable: /bin/bash removes: /usr/share/kibana/plugins/wazuh/package.json register: wazuh_app_verify changed_when: false failed_when: - wazuh_app_verify.rc != 0 - wazuh_app_verify.rc != 1 - name: Removing old Wazuh-APP command: /usr/share/kibana/bin/kibana-plugin --allow-root remove wazuh when: wazuh_app_verify.rc == 1 tags: install - name: Removing bundles file: path: /usr/share/kibana/optimize/bundles state: absent when: wazuh_app_verify.rc == 1 tags: install - name: Explicitly starting Kibana to generate "wazuh-" service: name: kibana state: started - name: Build and Install Wazuh Kibana Plugin from sources import_tasks: build_wazuh_plugin.yml when: - build_from_sources is defined - build_from_sources - name: Install Wazuh Plugin (can take a while) shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json become: yes become_user: kibana notify: restart kibana tags: - install - skip_ansible_lint when: - not build_from_sources - name: Reload systemd configuration systemd: daemon_reload: true - name: Ensure Kibana is started and enabled service: name: kibana enabled: true state: started - import_tasks: RMRedHat.yml when: ansible_os_family == 'RedHat' - import_tasks: RMDebian.yml when: ansible_os_family == 'Debian'