wazuh-ansible-4.8.1/ansible-role-elk/tasks/main.yml

---
- include: RedHat.yml
  when: ansible_os_family == 'RedHat'

- name: Configure Elasticsearch.
  template:
    src: elasticsearch.yml.j2
    dest: /etc/elasticsearch/elasticsearch.yml
    owner: root
    group: elasticsearch
    mode: 0660
  notify: restart elasticsearch

- name: Configure Elasticsearch JVM memmory.
  template:
    src: jvm.options.j2
    dest: /etc/elasticsearch/jvm.options
    owner: root
    group: elasticsearch
    mode: 0660
  notify: restart elasticsearch

- name: Start Elasticsearch.
  service: name=elasticsearch state=started enabled=yes

- name: Make sure Elasticsearch is running before proceeding.
  wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300

- name: Logstash configuration
  template:
    src: 01-wazuh.conf.j2
    dest: /etc/logstash/conf.d/01-wazuh.conf
    owner: root
    group: root
  notify: restart logstash

- name: Logstash template
  template:
    src: wazuh-elastic5-template.json.j2
    dest: /etc/logstash/wazuh-elastic5-template.json
    owner: root
    group: root
  notify: restart logstash

- name: Kibana configuration
  template:
    src: kibana.yml.j2
    dest: /etc/kibana/kibana.yml
    owner: root
    group: root
    mode: 0664
  notify: restart kibana


- name: Verify if Wazuh-APP is installed
  command: /bin/bash /usr/share/kibana/bin/kibana-plugin list
  register: kibanainstalled

- name: Install Wazuh-APP (can take a while)
  shell: /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.2.2.zip && service kibana restart
  when: kibanainstalled.stdout.find('wazuh') == -1

- name: Ensure Logstash, Kibana and Elasticsearch started and enabled
  service:
    name: "{{ item }}"
    enabled: yes
    state: started
  with_items:
    - logstash
    - elasticsearch
    - kibana