---
- import_tasks: RedHat.yml
  when: ansible_os_family == 'RedHat'

- import_tasks: Debian.yml
  when: ansible_os_family == 'Debian'

- name: CentOS/RedHat |  Install Filebeat.
  package: name=filebeat-{{ filebeat_version }} state=present
  register: filebeat_installing_package
  until: filebeat_installing_package is succeeded
  when:
    - ansible_distribution in ['CentOS','RedHat', 'Amazon']
  tags:
    - install

- name: Debian/Ubuntu | Install Filebeat.
  apt:
    name: filebeat={{ filebeat_version }}
    state: present
    cache_valid_time: 3600
  register: filebeat_installing_package_debian
  until: filebeat_installing_package_debian is succeeded
  when:
    - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'])
  tags:
    - init

- name: Check if certificate exists locally
  stat:
    path: "{{ node_certs_destination }}/{{ filebeat_node_name }}.crt"
  register: certificate_file_exists
  when:
    - filebeat_xpack_security

- name: Copy key & certificate files in generator node (locally)
  synchronize:
    src: "{{ node_certs_source }}/{{ filebeat_node_name }}/"
    dest: "{{ node_certs_destination }}/"
  delegate_to: "{{ node_certs_generator_ip }}"
  when:
    - node_certs_generator
    - filebeat_xpack_security
    - not certificate_file_exists.stat.exists
  tags: xpack-security

- name: Copy ca certificate file in generator node (locally)
  synchronize:
    src: "{{ node_certs_source }}/ca/"
    dest: "{{ node_certs_destination }}/"
  delegate_to: "{{ node_certs_generator_ip }}"
  when:
    - node_certs_generator
    - filebeat_xpack_security
    - not certificate_file_exists.stat.exists
  register: check_certs_permissions
  tags: xpack-security

- name: Importing key & certificate files from generator node
  command: >-
    {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}:
    {{ node_certs_source }}/{{ filebeat_node_name }}/ {{ node_certs_destination }}/
  when:
    - not node_certs_generator
    - filebeat_xpack_security
    - not certificate_file_exists.stat.exists
  tags: xpack-security

- name: Importing ca certificate file from generator node
  command: >-
    {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}:
    {{ node_certs_source }}/ca/ {{ node_certs_destination }}/
  when:
    - not node_certs_generator
    - filebeat_xpack_security
    - not certificate_file_exists.stat.exists
  register: check_certs_permissions
  tags: xpack-security

- name: Ensuring certificates folder owner
  file:
    path: "{{ node_certs_destination }}/"
    mode: '0770'
    recurse: yes

  when:
    - check_certs_permissions is defined
    - filebeat_xpack_security
  tags: xpack-security

- name: Checking if Filebeat Module folder file exists
  stat:
    path: "{{ filebeat_module_folder }}"
  register: filebeat_module_folder


- name: Download Filebeat module package
  get_url:
    url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }}
    dest: "{{ filebeat_module_package_path }}"
  when: not filebeat_module_folder.stat.exists

- name: Unpakcing Filebeat module package
  unarchive:
    src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}"
    dest: "{{ filebeat_module_destination }}"
    remote_src: yes
  when: not filebeat_module_folder.stat.exists

- name: Setting 0755 permission for Filebeat module folder
  file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes
  when: not filebeat_module_folder.stat.exists

- name: Checking if Filebeat Module package file exists
  stat:
    path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}"
  register: filebeat_module_package
  when: filebeat_module_package is not defined

- name: Delete Filebeat module package file
  file:
    state: absent
    path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}"
  when: filebeat_module_package.stat.exists

- import_tasks: config.yml
  when: filebeat_create_config
  notify: restart filebeat

- name: Reload systemd
  systemd: daemon_reload=yes
  ignore_errors: true
  when:
    - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
    - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<'))
    - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<'))
    - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<'))

- name: Ensure Filebeat is started and enabled at boot.
  service:
    name: filebeat
    state: started
    enabled: true

- import_tasks: "RMRedHat.yml"
  when: ansible_os_family == "RedHat"

- import_tasks: "RMDebian.yml"
  when: ansible_os_family == "Debian"