openstack-ansible-ops/elk_metrics_6x/installAuditbeat.yml

---
- name: Install Auditbeat
  hosts: hosts
  become: true
  vars:
    haproxy_ssl: false

  vars_files:
    - vars/variables.yml

  environment: "{{ deployment_environment_variables | default({}) }}"

  pre_tasks:
    - include_tasks: common_task_data_node_hosts.yml

  tasks:
    - include_tasks: common_task_install_elk_repo.yml

    - name: Ensure Auditbeat is installed
      apt:
        name: "{{ item }}"
        state: "{{ elk_package_state | default('present') }}"
        update_cache: true
      with_items:
        - audispd-plugins
        - auditbeat
      tags:
        - package_install

    - name: exit playbook after uninstall
      meta: end_play
      when:
        - elk_package_state | default('present') == 'absent'

  post_tasks:
    - name: Drop auditbeat conf file
      template:
        src: templates/auditbeat.yml.j2
        dest: /etc/auditbeat/auditbeat.yml

    - name: Stop auditd
      systemd:
        name: "auditd"
        enabled: "{{ not inventory_hostname in groups['kibana'] | default([]) }}"
        state: stopped
      when:
        - not apply_security_hardening | default(true) | bool

    - name: Enable and restart auditbeat
      systemd:
        name: "auditbeat"
        enabled: "{{ not inventory_hostname in groups['kibana'] | default([]) }}"
        state: restarted


- name: Load Auditbeat Dashboards
  hosts: hosts[0]
  become: true
  vars_files:
    - vars/variables.yml
  tasks:
    - name: Load templates
      shell: >-
        auditbeat setup
        {{ item }}
        -E 'output.logstash.enabled=false'
        -E 'output.elasticsearch.hosts={{ coordination_nodes | to_json }}'
        -e -v
      with_items:
        - "--template"
        - "--dashboards"
      register: templates
      until: templates is success
      retries: 3
      delay: 2
  tags:
    - beat-setup