Doc/tagging/beats

docs/getting-started.md

@@ -61,3 +61,27 @@ Every role got its own set of variables, in addition a few variables are useable
 
 * *elasticstack_release*: Major release version of Elastic stack to configure. (default: `7`)
 * *elasticstack_variant*: Variant of the stack to install. Valid values: `elastic` or `oss`. (default: `elastic`)
+
+Tags
+-----------
+
+As of the beginning of now, we introduce the usage of tags in the role as well for quicker and more precise control of the installs.
+More Info on the usable tags can be found in the respective documentation of the role part.
+
+As of now *Beats*,*Elasticsearch*,*Kibana* and *Logstash* have tags available for usage.
+
+Most tags can be used in the role the following way:
+
+```
+- name: Playbook
+  hosts: some_host_pattern
+  collections:
+    - netways.elasticstack
+  vars:
+    component_install_tags: "tag1, tag2, tag3"
+  tasks:
+    - name: install elastic component
+      import_role:
+        name: netways.elasticstack.logstash
+  tags: "{{ component_install_tags }}"
+```

docs/role-beats.md

@@ -122,3 +122,35 @@ If you want to use this role with your own TLS certificates, use these variables
     - repos
     - beats
 ```
+
+## Tags
+
+We introduce now tags for more precise actions in the roles itself.
+Example instead of running the auditbeat install with rpm you can run on dedicated debian based systems with `-t "auditbeat, deb"` or `--tags "auditbeat, deb"`
+the role to install directly the debian part.
+
+Here a short list of available Tags:
+
+* *auditbeat*,*filebeat*,*metricbeat* and *beats-security*: Name of the selectable Beat
+* *name*: For debugging purpose if you need the exact Name of the Package which will be installed
+* *rpm*,*deb*: The Choice of the Operating System for quicker and more precise installation
+* *standalone*: As the naming suggests standalone install
+* *latest*: For choice of the latest Version available
+* *configuration*,*beats_auditbeat_configuration*,*beats_configuration*: For creating the configuration file of the beat
+* *setup*: For the elasticsearch auditbeat setup
+* *start*: If you need to trigger the start of the Beat   
+
+```
+- name: Install Elastic Beats
+  hosts: beats-hosts
+  collections:
+    - netways.elasticstack
+  vars:
+    elasticsearch_jna_workaround: true
+    elasticsearch_disable_systemcallfilterchecks: true
+    beats_install_tags: "auditbeat, deb"
+  roles:
+    - repos
+    - beats
+  tags: "{{ beats_install_tags }}"
+```

roles/beats/tasks/auditbeat.yml

@@ -10,6 +10,9 @@
       string ) if (elasticstack_version is defined and elasticstack_version | length > 0)) |
       replace(' ', '')
       }}
+  tags:
+    - auditbeat
+    - name
 
 - name: Install Auditbeat - rpm - full stack
   ansible.builtin.package:
@@ -21,6 +24,9 @@
   when:
     - ansible_os_family == "RedHat"
     - elasticstack_full_stack | bool
+  tags:
+    - auditbeat
+    - rpm
 
 - name: Install Auditbeat - rpm - standalone
   ansible.builtin.package:
@@ -30,6 +36,10 @@
   when:
     - ansible_os_family == "RedHat"
     - not elasticstack_full_stack | bool
+  tags:
+    - auditbeat
+    - standalone
+    - rpm
 
 - name: Install Auditbeat - deb
   ansible.builtin.package:
@@ -38,6 +48,9 @@
     - Restart Auditbeat
   when:
     - ansible_os_family == "Debian"
+  tags:
+    - auditbeat
+    - deb
 
 # KICS complains about "latest" package but this is a dedicated update task
 
@@ -55,11 +68,15 @@
     - elasticstack_version == "latest"
     - ansible_os_family == "RedHat"
     - elasticstack_full_stack | bool
+  tags:
+    - auditbeat
+    - fullstack
+    - rpm
 
 - name: Install Auditbeat latest version - rpm - standalone
   ansible.builtin.package:
     name: auditbeat
     state: latest
   notify:
     - Restart Auditbeat
   when:
@@ -67,17 +84,25 @@
     - elasticstack_version == "latest"
     - ansible_os_family == "RedHat"
     - not elasticstack_full_stack | bool
+  tags:
+    - auditbeat
+    - latest
+    - rpm
 
 - name: Install Auditbeat latest version - deb
   ansible.builtin.package:
     name: auditbeat
     state: latest
   notify:
     - Restart Auditbeat
   when:
     - elasticstack_version is defined
     - elasticstack_version == "latest"
     - ansible_os_family == "Debian"
+  tags:
+    - auditbeat
+    - latest
+    - deb
 
 - name: Configure Auditbeat
   ansible.builtin.template:
@@ -105,10 +130,16 @@
   when:
     - beats_auditbeat_setup | bool
     - beats_auditbeat_output == "elasticsearch"
+  tags:
+    - auditbeat
+    - setup
 
 - name: Start Auditbeat
   ansible.builtin.service:
     name: auditbeat
     state: started
     enabled: true
   when: beats_auditbeat_enable | bool
+  tags:
+    - auditbeat
+    - start

roles/elasticstack/defaults/main.yml

@@ -26,6 +26,7 @@ elasticstack_security: true
 elasticstack_variant: elastic
 elasticstack_force_pip: false
 elasticstack_manage_pip: false
+elasticstack_encryption_key_size: 64
 
   # for debugging only
 elasticstack_no_log: true

roles/kibana/defaults/main.yml

@@ -14,6 +14,7 @@ kibana_cert_validity_period: 1095
 kibana_cert_will_expire_soon: false
 kibana_sniff_on_start: false
 kibana_sniff_on_connection_fault: false
+kibana_custom_default_index: 979390d0-3def-11ea-ad1f-5b09c073c7d3
 
 kibana_freshstart:
   changed: false

roles/kibana/tasks/kibana-default-index.yml

@@ -0,0 +1,16 @@
+---
+
+- name: Set Custom Default Index
+  ansible.builtin.uri:
+    url: 'http://{{ ansible_default_ipv4.address }}:5601/api/kibana/settings'
+    method: POST
+    body:
+      changes:
+        defaultIndex: '{{ kibana_custom_default_index }}'
+    body_format: json
+    headers:
+      kbn-version: 8.19.11
+      Content-Type: application/json
+  register: result
+- ansible.builtin.debug:
+    msg: "setting new custom Index to {{ kibana_custom_default_index }}"

roles/kibana/tasks/kibana-security.yml

@@ -1,5 +1,15 @@
 ---
 
+- name: Ensure encryption key exists
+  ansible.builtin.stat:
+    path: "{{ elasticstack_ca_dir }}/encryption_key"
+  register: encryption_key_exists
+
+- name: Ensure saved encryption key exists
+  ansible.builtin.stat:
+    path: "{{ elasticstack_ca_dir }}/savedobjects_encryption_key"
+  register: savedobjects_encryption_key_exists
+
 - name: Ensure kibana certificate exists
   ansible.builtin.stat:
     path: "/etc/kibana/certs/{{ ansible_hostname }}-kibana.p12"
@@ -125,11 +135,17 @@
     - name: Generate encryption key # noqa: risky-shell-pipe
       ansible.builtin.shell: >
         if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi;
-        openssl rand -base64 36 >
+        openssl rand -base64 {{ elasticstack_encryption_key_size }} >
         {{ elasticstack_ca_dir }}/encryption_key
       changed_when: false
       args:
         creates: "{{ elasticstack_ca_dir }}/encryption_key"
+    - ansible.builtin.stat:
+        path: "{{ elasticstack_ca_dir }}/encryption_key"
+      register: encryption_key_exists
+    - ansible.builtin.debug:
+        msg: "File exists..."
+      when: encryption_key_exists.stat.exists
 
     - name: Fetch encryption key
       ansible.builtin.command: cat {{ elasticstack_ca_dir }}/encryption_key
@@ -139,12 +155,17 @@
     - name: Generate saved objects encryption key # noqa: risky-shell-pipe
       ansible.builtin.shell: >
         if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi;
-        openssl rand
-        -base64 36 >
+        openssl rand -base64 {{ elasticstack_encryption_key_size }} >
         {{ elasticstack_ca_dir }}/savedobjects_encryption_key
       changed_when: false
       args:
         creates: "{{ elasticstack_ca_dir }}/savedobjects_encryption_key"
+    - ansible.builtin.stat:
+        path: "{{ elasticstack_ca_dir }}/savedobjects_encryption_key"
+      register: savedobjects_encryption_key
+    - ansible.builtin.debug:
+        msg: "File exists..."
+      when: savedobjects_encryption_key.stat.exists
 
     - name: Fetch saved objects encryption key
       ansible.builtin.command: cat {{ elasticstack_ca_dir }}/savedobjects_encryption_key