90 lines
2.3 KiB
YAML
Executable File
90 lines
2.3 KiB
YAML
Executable File
---
|
|
|
|
- import_tasks: RedHat.yml
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- import_tasks: Debian.yml
|
|
when: ansible_os_family == 'Debian'
|
|
|
|
- name: Remove Dashboard configuration file
|
|
file:
|
|
# noqa 503
|
|
path: "{{ dashboard_conf_path }}/opensearch_dashboards.yml"
|
|
state: absent
|
|
tags: install
|
|
|
|
- import_tasks: security_actions.yml
|
|
|
|
- name: Copy Configuration File
|
|
template:
|
|
src: "templates/opensearch_dashboards.yml.j2"
|
|
dest: "{{ dashboard_conf_path }}/opensearch_dashboards.yml"
|
|
group: wazuh-dashboard
|
|
owner: wazuh-dashboard
|
|
mode: 0640
|
|
force: yes
|
|
notify: restart wazuh-dashboard
|
|
tags:
|
|
- install
|
|
- configure
|
|
|
|
- name: Ensuring Wazuh-Dashboard directory owner
|
|
file:
|
|
# noqa 208
|
|
path: "/usr/share/wazuh-dashboard"
|
|
state: directory
|
|
owner: wazuh-dashboard
|
|
group: wazuh-dashboard
|
|
recurse: yes
|
|
|
|
- name: Wait for Wazuh-Indexer port
|
|
wait_for: host={{ indexer_network_host }} port={{ indexer_http_port }}
|
|
|
|
- name: Select correct API protocol
|
|
set_fact:
|
|
indexer_api_protocol: "{% if dashboard_security is defined and dashboard_security %}https{% else %}http{% endif %}"
|
|
|
|
- name: Attempting to delete legacy Wazuh index if exists
|
|
uri:
|
|
url: "{{ indexer_api_protocol }}://{{ indexer_network_host }}:{{ indexer_http_port }}/.wazuh"
|
|
method: DELETE
|
|
user: "admin"
|
|
password: "{{ indexer_admin_password }}"
|
|
validate_certs: no
|
|
status_code: 200, 404
|
|
|
|
- name: Create Wazuh Plugin config directory
|
|
file:
|
|
path: /usr/share/wazuh-dashboard/data/wazuh/config/
|
|
state: directory
|
|
recurse: yes
|
|
owner: wazuh-dashboard
|
|
group: wazuh-dashboard
|
|
mode: 0751
|
|
changed_when: False
|
|
|
|
- name: Configure Wazuh Dashboard Plugin
|
|
template:
|
|
src: wazuh.yml.j2
|
|
dest: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
|
|
owner: wazuh-dashboard
|
|
group: wazuh-dashboard
|
|
mode: 0751
|
|
changed_when: False
|
|
|
|
- name: Configure opensearch.password in opensearch_dashboards.keystore
|
|
shell: >-
|
|
echo {{ dashboard_password }} | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password
|
|
args:
|
|
executable: /bin/bash
|
|
become: yes
|
|
|
|
- name: Ensure Wazuh-Dashboard started and enabled
|
|
service:
|
|
name: wazuh-dashboard
|
|
enabled: true
|
|
state: started
|
|
|
|
- import_tasks: RMRedHat.yml
|
|
when: ansible_os_family == 'RedHat'
|