wazuh-ansible-4.8.1/ansible-role-elasticsearch/tasks/main.yml

---
- import_tasks: RedHat.yml
  when: ansible_os_family == 'RedHat'

- import_tasks: Debian.yml
  when: ansible_os_family == "Debian"

- name: Configure Elasticsearch.
  template:
    src: elasticsearch.yml.j2
    dest: /etc/elasticsearch/elasticsearch.yml
    owner: root
    group: elasticsearch
    mode: 0660
  notify: restart elasticsearch
  tags: configure

- name: Configure Elasticsearch JVM memmory.
  template:
    src: jvm.options.j2
    dest: /etc/elasticsearch/jvm.options
    owner: root
    group: elasticsearch
    mode: 0660
  notify: restart elasticsearch
  tags: configure

- name: Ensure Elasticsearch started and enabled
  service:
    name: elasticsearch
    enabled: yes
    state: started

- name: Make sure Elasticsearch is running before proceeding
  wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300
  tags:
    - configure
    - init

- name: Check for Wazuh template
  uri:
    url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh"
    method: GET
    status_code: 200, 404
  register: wazuh_template_exits
  tags: init

- name: Installing Wazuh template
  uri:
    url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh"
    method: PUT
    status_code: 200
    body_format: json
    body: "{{ lookup('template','wazuh-elastic5-template.json.j2') }}"
  when: wazuh_template_exits.status != 200
  tags: init

- name: Injecting sample alert
  uri:
    url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/wazuh-alerts-{{ ansible_date_time.date | regex_replace('-', '.') }}/wazuh/sample"
    method: PUT
    status_code: 200, 201
    body_format: json
    body: "{{ lookup('template','alert_sample.json.j2') }}"
  tags: init

- import_tasks: "RMRedHat.yml"
  when: ansible_os_family == "RedHat"

- import_tasks: "RMDebian.yml"
  when: ansible_os_family == "Debian"