--- - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' - import_tasks: Debian.yml when: ansible_os_family == 'Debian' - name: Reload systemd systemd: daemon_reload: true ignore_errors: true when: - not (ansible_distribution == "Amazon" and ansible_distribution_version == "(Karoo)") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Copying node's certificate from master copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" - "{{ master_certs_path }}/ca/ca.crt" tags: xpack-security when: - kibana_xpack_security - generate_CA - name: Copying node's certificate from master (Custom CA) copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" mode: '0664' with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" - "{{ master_certs_path }}/ca/{{ ca_cert_name }}" when: - kibana_xpack_security - not generate_CA tags: xpack-security - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" state: directory recurse: yes owner: kibana group: kibana when: - kibana_xpack_security tags: xpack-security - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" mode: '0770' recurse: yes when: - kibana_xpack_security notify: restart kibana tags: xpack-security - name: Kibana configuration template: src: kibana.yml.j2 dest: /etc/kibana/kibana.yml owner: root group: root mode: '0664' notify: restart kibana tags: configure - name: Checking Wazuh-APP version shell: >- grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json args: executable: /bin/bash removes: /usr/share/kibana/plugins/wazuh/package.json register: wazuh_app_verify changed_when: false failed_when: - wazuh_app_verify.rc != 0 - wazuh_app_verify.rc != 1 - name: Removing old Wazuh-APP command: /usr/share/kibana/bin/kibana-plugin --allow-root remove wazuh when: wazuh_app_verify.rc == 1 tags: install - name: Removing bundles file: path=/usr/share/kibana/optimize/bundles state=absent become: yes become_user: kibana when: wazuh_app_verify.rc == 1 tags: install - name: Install Wazuh-APP (can take a while) shell: | /usr/share/kibana/bin/kibana-plugin --allow-root install \ https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip environment: NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana tags: - install - skip_ansible_lint - name: Reload systemd configuration systemd: daemon_reload: true - name: Ensure Kibana is started and enabled service: name: kibana enabled: true state: started - import_tasks: RMRedHat.yml when: ansible_os_family == 'RedHat' - import_tasks: RMDebian.yml when: ansible_os_family == 'Debian'