--- - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' - import_tasks: Debian.yml when: ansible_os_family == 'Debian' - name: Reload systemd systemd: daemon_reload=true ignore_errors: true when: - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Check if certificate exists locally stat: path: "{{ node_certs_destination }}/{{ kibana_node_name }}.crt" register: certificate_file_exists when: - kibana_xpack_security - name: Copy key & certificate files in generator node (locally) synchronize: src: "{{ node_certs_source }}/{{ kibana_node_name }}/" dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" when: - node_certs_generator - kibana_xpack_security - not certificate_file_exists.stat.exists tags: xpack-security - name: Copy ca certificate file in generator node (locally) synchronize: src: "{{ node_certs_source }}/ca/" dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" when: - node_certs_generator - kibana_xpack_security - not certificate_file_exists.stat.exists tags: xpack-security - name: Importing key & certificate files from generator node command: >- {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: {{ node_certs_source }}/{{ kibana_node_name }}/ {{ node_certs_destination }}/ when: - not node_certs_generator - kibana_xpack_security - not certificate_file_exists.stat.exists tags: xpack-security - name: Importing ca certificate file from generator node command: >- {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: {{ node_certs_source }}/ca/ {{ node_certs_destination }}/ when: - not node_certs_generator - kibana_xpack_security - not certificate_file_exists.stat.exists register: check_certs_permissions tags: xpack-security - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" state: directory recurse: yes owner: kibana group: kibana when: - check_certs_permissions is defined - kibana_xpack_security tags: xpack-security - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" mode: '0770' recurse: yes when: - check_certs_permissions is defined - kibana_xpack_security tags: xpack-security - name: Kibana configuration template: src: kibana.yml.j2 dest: /etc/kibana/kibana.yml owner: root group: root mode: 0664 notify: restart kibana tags: configure - name: Checking Wazuh-APP version shell: | set -o pipefail grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo args: executable: /bin/bash removes: /usr/share/kibana/plugins/wazuh/package.json register: wazuh_app_verify changed_when: false tags: install - name: Removing old Wazuh-APP command: /usr/share/kibana/bin/kibana-plugin remove wazuh when: wazuh_app_verify.stdout == "0" tags: install - name: Removing bundles file: path=/usr/share/kibana/optimize/bundles state=absent when: wazuh_app_verify.stdout == "0" tags: install - name: Install Wazuh-APP (can take a while) shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana ignore_errors: "{{ kibana_plugin_install_ignore_error }}" tags: - install - skip_ansible_lint - name: Ensure Kibana started and enabled service: name: kibana enabled: true state: started - import_tasks: RMRedHat.yml when: ansible_os_family == 'RedHat' - import_tasks: RMDebian.yml when: ansible_os_family == 'Debian'