Created
March 12, 2022 23:03
-
-
Save swisskyrepo/d4bdc2716e5270391ee207e79a707bd6 to your computer and use it in GitHub Desktop.
Elastic EDR Ansible
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - name: Add required dependencies. | |
| apt: | |
| name: | |
| - apt-transport-https | |
| - gnupg2 | |
| state: present | |
| - name: Add Elasticsearch apt key. | |
| apt_key: | |
| url: https://artifacts.elastic.co/GPG-KEY-elasticsearch | |
| state: present | |
| - name: Add Elasticsearch repository. | |
| apt_repository: | |
| repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' | |
| state: present | |
| update_cache: true | |
| - name: Install java | |
| apt: | |
| name: openjdk-11-jre | |
| state: present | |
| - name: Install elasticsearch | |
| apt: | |
| name: elasticsearch | |
| state: present | |
| - name: Install kibana | |
| apt: | |
| name: kibana | |
| state: present | |
| - name: copy kibana config | |
| copy: | |
| src: kibana.yml | |
| dest: /etc/kibana/kibana.yml | |
| owner: "root" | |
| group: "kibana" | |
| mode: 0660 | |
| - name: elasticsearch change start timeout to 3min | |
| lineinfile: | |
| destfile: /usr/lib/systemd/system/elasticsearch.service | |
| regexp: 'TimeoutStartSec=' | |
| line: 'TimeoutStartSec=300' | |
| - name: copy elasticsearch config | |
| copy: | |
| src: elasticsearch.yml | |
| dest: /etc/elasticsearch/elasticsearch.yml | |
| owner: "root" | |
| group: "elasticsearch" | |
| mode: 0660 | |
| - name: enable elasticsearch | |
| service: | |
| name: elasticsearch | |
| enabled: yes | |
| - name: enable kibana | |
| service: | |
| name: kibana | |
| enabled: yes | |
| # Upload Passwords | |
| - name: copy elastic.pwd | |
| copy: | |
| src: elastic.pwd | |
| dest: /etc/elasticsearch/elastic.pwd | |
| owner: "root" | |
| group: "elasticsearch" | |
| mode: 0660 | |
| # Add JVM options - Limit to 1Go RAM | |
| # Xms represents the initial size of total heap space | |
| # Xmx represents the maximum size of total heap space | |
| - name: add JVM options | |
| copy: | |
| src: options | |
| dest: /etc/elasticsearch/jvm.options.d/options | |
| owner: "root" | |
| group: "elasticsearch" | |
| mode: 0660 | |
| # Now start the service | |
| - name: start elasticsearch | |
| service: | |
| name: elasticsearch | |
| state: started | |
| # Set Elastic and Kibana Passwords | |
| - name: set elastic passwords | |
| become: yes | |
| shell: cat /etc/elasticsearch/elastic.pwd | /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive | |
| # Now restart the service | |
| - name: start elasticsearch | |
| service: | |
| name: elasticsearch | |
| state: restarted | |
| # Then start Kibana service with the correct config (username:password) | |
| - name: start kibana | |
| service: | |
| name: kibana | |
| state: started |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hi @swisskyrepo - sorry to spam around in this, but i just can't recognize the EDR bits in this? was there a part two?