From e2b7d6ea42107f128cb12383d2898df2c1b8d1f7 Mon Sep 17 00:00:00 2001 From: David Okon Date: Fri, 13 Feb 2026 11:22:37 +0100 Subject: [PATCH 01/11] improve encryption key handling and adjustable encryption key size, also output if existing encryption keys are found --- roles/elasticstack/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elasticstack/defaults/main.yml b/roles/elasticstack/defaults/main.yml index ee14ca30..819934c0 100644 --- a/roles/elasticstack/defaults/main.yml +++ b/roles/elasticstack/defaults/main.yml @@ -25,6 +25,7 @@ elasticstack_security: true elasticstack_variant: elastic elasticstack_force_pip: false elasticstack_manage_pip: false +elasticstack_encryption_key_size: 64 # for debugging only elasticstack_no_log: true From 93897fb964d5d3a25a10a8a501465af598d9a418 Mon Sep 17 00:00:00 2001 From: David Okon Date: Fri, 13 Feb 2026 12:09:57 +0100 Subject: [PATCH 02/11] implemented checks if encryption keys already exist --- roles/kibana/tasks/kibana-security.yml | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/roles/kibana/tasks/kibana-security.yml b/roles/kibana/tasks/kibana-security.yml index db4479ed..40d226fa 100644 --- a/roles/kibana/tasks/kibana-security.yml +++ b/roles/kibana/tasks/kibana-security.yml @@ -1,5 +1,15 @@ --- +- name: Ensure encryption key exists + ansible.builtin.stat: + path: "{{ elasticstack_ca_dir }}/encryption_key" + register: encryption_key_exists + +- name: Ensure saved encryption key exists + ansible.builtin.stat: + path: "{{ elasticstack_ca_dir }}/savedobjects_encryption_key" + register: savedobjects_encryption_key_exists + - name: Ensure kibana certificate exists ansible.builtin.stat: path: "/etc/kibana/certs/{{ ansible_hostname }}-kibana.p12" @@ -125,11 +135,14 @@ - name: Generate encryption key # noqa: risky-shell-pipe ansible.builtin.shell: > if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi; - openssl rand -base64 36 > + openssl rand -base64 {{ elasticstack_encryption_key_size }} > {{ elasticstack_ca_dir }}/encryption_key changed_when: false args: creates: "{{ elasticstack_ca_dir }}/encryption_key" + - debug: + msg: "File exists..." + when: encryption_key_exists.stat.exits - name: Fetch encryption key ansible.builtin.command: cat {{ elasticstack_ca_dir }}/encryption_key @@ -139,12 +152,14 @@ - name: Generate saved objects encryption key # noqa: risky-shell-pipe ansible.builtin.shell: > if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi; - openssl rand - -base64 36 > + openssl rand -base64 {{ elasticstack_encryption_key_size }} > {{ elasticstack_ca_dir }}/savedobjects_encryption_key changed_when: false args: creates: "{{ elasticstack_ca_dir }}/savedobjects_encryption_key" + - debug: + msg: "File exists..." + when: savedobjects_encryption_key_exists.stat.exits - name: Fetch saved objects encryption key ansible.builtin.command: cat {{ elasticstack_ca_dir }}/savedobjects_encryption_key From d63b1c2782e65bedf317e4ec27bb47ff0d5be94f Mon Sep 17 00:00:00 2001 From: David Okon Date: Fri, 13 Feb 2026 14:19:36 +0100 Subject: [PATCH 03/11] removed trailing spaces for lint --- roles/kibana/tasks/kibana-security.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kibana/tasks/kibana-security.yml b/roles/kibana/tasks/kibana-security.yml index 40d226fa..3851b2f9 100644 --- a/roles/kibana/tasks/kibana-security.yml +++ b/roles/kibana/tasks/kibana-security.yml @@ -8,7 +8,7 @@ - name: Ensure saved encryption key exists ansible.builtin.stat: path: "{{ elasticstack_ca_dir }}/savedobjects_encryption_key" - register: savedobjects_encryption_key_exists + register: savedobjects_encryption_key_exists - name: Ensure kibana certificate exists ansible.builtin.stat: @@ -142,7 +142,7 @@ creates: "{{ elasticstack_ca_dir }}/encryption_key" - debug: msg: "File exists..." - when: encryption_key_exists.stat.exits + when: encryption_key_exists.stat.exits - name: Fetch encryption key ansible.builtin.command: cat {{ elasticstack_ca_dir }}/encryption_key From 817f79e1b9db346ad12f7cc2ece8bf61e5ff86eb Mon Sep 17 00:00:00 2001 From: David Okon Date: Fri, 13 Feb 2026 15:29:44 +0100 Subject: [PATCH 04/11] Added seperate Task for setting new default index and introduced variable for index UUID --- roles/kibana/defaults/main.yml | 1 + roles/kibana/tasks/kibana-default-index.yml | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 roles/kibana/tasks/kibana-default-index.yml diff --git a/roles/kibana/defaults/main.yml b/roles/kibana/defaults/main.yml index 725d70f5..5e981cac 100644 --- a/roles/kibana/defaults/main.yml +++ b/roles/kibana/defaults/main.yml @@ -14,6 +14,7 @@ kibana_cert_validity_period: 1095 kibana_cert_will_expire_soon: false kibana_sniff_on_start: false kibana_sniff_on_connection_fault: false +kibana_custom_default_index: 979390d0-3def-11ea-ad1f-5b09c073c7d3 kibana_freshstart: changed: false diff --git a/roles/kibana/tasks/kibana-default-index.yml b/roles/kibana/tasks/kibana-default-index.yml new file mode 100644 index 00000000..c7f92cf9 --- /dev/null +++ b/roles/kibana/tasks/kibana-default-index.yml @@ -0,0 +1,16 @@ +--- + +- name: Set Custom Default Index + uri: + url: 'http://{{ ansible_default_ipv4.address }}:5601/api/kibana/settings' + method: POST + body: + changes: + defaultIndex: {{ kibana_custom_default_index }} + body_format: json + headers: + kbn-version: 8.19.11 + Content-Type: application/json + register: result +- debug: + msg: "setting new custom Index to {{ kibana_custom_default_index }}" From 9996efbc125d08e72cb3bc3bf54903515df7f689 Mon Sep 17 00:00:00 2001 From: David Okon Date: Fri, 13 Feb 2026 15:40:22 +0100 Subject: [PATCH 05/11] adjusted trailing spaces for linting --- roles/kibana/tasks/kibana-default-index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kibana/tasks/kibana-default-index.yml b/roles/kibana/tasks/kibana-default-index.yml index c7f92cf9..5eead598 100644 --- a/roles/kibana/tasks/kibana-default-index.yml +++ b/roles/kibana/tasks/kibana-default-index.yml @@ -1,6 +1,6 @@ --- -- name: Set Custom Default Index +- name: Set Custom Default Index uri: url: 'http://{{ ansible_default_ipv4.address }}:5601/api/kibana/settings' method: POST From 8d690b0ec11caa6d93433d4c017f741af70c63b8 Mon Sep 17 00:00:00 2001 From: David Okon Date: Fri, 13 Feb 2026 16:29:56 +0100 Subject: [PATCH 06/11] added taggig to auditbeat.yml as an start. this shouldnt collide with anything --- roles/beats/tasks/auditbeat.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/roles/beats/tasks/auditbeat.yml b/roles/beats/tasks/auditbeat.yml index 46a84a00..8edd1ffd 100644 --- a/roles/beats/tasks/auditbeat.yml +++ b/roles/beats/tasks/auditbeat.yml @@ -10,6 +10,9 @@ string ) if (elasticstack_version is defined and elasticstack_version | length > 0)) | replace(' ', '') }} + tags: + - auditbeat + - name - name: Install Auditbeat - rpm - full stack ansible.builtin.package: @@ -21,6 +24,9 @@ when: - ansible_os_family == "RedHat" - elasticstack_full_stack | bool + tags: + - auditbeat + - rpm - name: Install Auditbeat - rpm - standalone ansible.builtin.package: @@ -30,6 +36,10 @@ when: - ansible_os_family == "RedHat" - not elasticstack_full_stack | bool + tags: + - auditbeat + - standalone + - rpm - name: Install Auditbeat - deb ansible.builtin.package: @@ -38,6 +48,9 @@ - Restart Auditbeat when: - ansible_os_family == "Debian" + tags: + - auditbeat + - deb # KICS complains about "latest" package but this is a dedicated update task @@ -55,6 +68,10 @@ - elasticstack_version == "latest" - ansible_os_family == "RedHat" - elasticstack_full_stack | bool + tags: + - auditbeat + - fullstack + - rpm - name: Install Auditbeat latest version - rpm - standalone ansible.builtin.package: @@ -67,6 +84,10 @@ - elasticstack_version == "latest" - ansible_os_family == "RedHat" - not elasticstack_full_stack | bool + tags: + - auditbeat + - latest + - rpm - name: Install Auditbeat latest version - deb ansible.builtin.package: @@ -78,6 +99,10 @@ - elasticstack_version is defined - elasticstack_version == "latest" - ansible_os_family == "Debian" + tags: + - auditbeat + - latest + - deb - name: Configure Auditbeat ansible.builtin.template: @@ -105,6 +130,9 @@ when: - beats_auditbeat_setup | bool - beats_auditbeat_output == "elasticsearch" + tags: + - auditbeat + - setup - name: Start Auditbeat ansible.builtin.service: @@ -112,3 +140,6 @@ state: started enabled: true when: beats_auditbeat_enable | bool + tags: + - auditbeat + - start From 0fc540ab5edc73061b795458ad72abe7dd204791 Mon Sep 17 00:00:00 2001 From: David Okon Date: Mon, 16 Feb 2026 15:49:43 +0100 Subject: [PATCH 07/11] fixed unhashable key error --- roles/kibana/tasks/kibana-default-index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kibana/tasks/kibana-default-index.yml b/roles/kibana/tasks/kibana-default-index.yml index 5eead598..4c7df0e9 100644 --- a/roles/kibana/tasks/kibana-default-index.yml +++ b/roles/kibana/tasks/kibana-default-index.yml @@ -6,7 +6,7 @@ method: POST body: changes: - defaultIndex: {{ kibana_custom_default_index }} + defaultIndex: '{{ kibana_custom_default_index }}' body_format: json headers: kbn-version: 8.19.11 From 2c16ee943d87c653a39c0d39cebf8532181b107d Mon Sep 17 00:00:00 2001 From: David Okon Date: Mon, 16 Feb 2026 16:15:09 +0100 Subject: [PATCH 08/11] changed debug into ansible.builtin.debug --- roles/kibana/tasks/kibana-security.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kibana/tasks/kibana-security.yml b/roles/kibana/tasks/kibana-security.yml index 3851b2f9..cb830470 100644 --- a/roles/kibana/tasks/kibana-security.yml +++ b/roles/kibana/tasks/kibana-security.yml @@ -140,7 +140,7 @@ changed_when: false args: creates: "{{ elasticstack_ca_dir }}/encryption_key" - - debug: + - ansible.builtin.debug: msg: "File exists..." when: encryption_key_exists.stat.exits @@ -157,7 +157,7 @@ changed_when: false args: creates: "{{ elasticstack_ca_dir }}/savedobjects_encryption_key" - - debug: + - ansible.builtin.debug: msg: "File exists..." when: savedobjects_encryption_key_exists.stat.exits From 2d608a2ae63b84dd224e837bf43a8973a66e2d01 Mon Sep 17 00:00:00 2001 From: David Okon Date: Mon, 16 Feb 2026 16:22:10 +0100 Subject: [PATCH 09/11] added missing fqdn for ansible linter --- roles/kibana/tasks/kibana-default-index.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kibana/tasks/kibana-default-index.yml b/roles/kibana/tasks/kibana-default-index.yml index 4c7df0e9..56cdbaaa 100644 --- a/roles/kibana/tasks/kibana-default-index.yml +++ b/roles/kibana/tasks/kibana-default-index.yml @@ -1,7 +1,7 @@ --- - name: Set Custom Default Index - uri: + ansible.builtin.uri: url: 'http://{{ ansible_default_ipv4.address }}:5601/api/kibana/settings' method: POST body: @@ -12,5 +12,5 @@ kbn-version: 8.19.11 Content-Type: application/json register: result -- debug: +- ansible.builtin.debug: msg: "setting new custom Index to {{ kibana_custom_default_index }}" From 7bd049c3ea03499e05ef96c5f83819f922d5e1d5 Mon Sep 17 00:00:00 2001 From: David Okon Date: Tue, 17 Feb 2026 10:58:52 +0100 Subject: [PATCH 10/11] added tagging metricbeat tags --- roles/beats/tasks/metricbeat.yml | 40 +++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/roles/beats/tasks/metricbeat.yml b/roles/beats/tasks/metricbeat.yml index 4ca61cfb..fcc2d1c7 100644 --- a/roles/beats/tasks/metricbeat.yml +++ b/roles/beats/tasks/metricbeat.yml @@ -10,6 +10,9 @@ string ) if (elasticstack_version is defined and elasticstack_version | length > 0)) | replace(' ', '') }} + tags: + - metricbeat + - name - name: Install Metricbeat - rpm - full stack ansible.builtin.package: @@ -21,6 +24,10 @@ when: - ansible_os_family == "RedHat" - elasticstack_full_stack | bool + tags: + - metricbeat + - fullstack + - rpm - name: Install Metricbeat - rpm - standalone ansible.builtin.package: @@ -30,6 +37,10 @@ when: - ansible_os_family == "RedHat" - not elasticstack_full_stack | bool + tags: + - metricbeat + - standalone + - rpm - name: Install Metricbeat - deb ansible.builtin.package: @@ -38,6 +49,9 @@ - Restart Metricbeat when: - ansible_os_family == "Debian" + tags: + - metricbeat + - deb - name: Install Metricbeat latest version - rpm - full stack ansible.builtin.package: @@ -52,6 +66,10 @@ - elasticstack_version == "latest" - ansible_os_family == "RedHat" - elasticstack_full_stack | bool + tags: + - metricbeat + - fullstack + - rpm - name: Install Metricbeat latest version - rpm - standalone ansible.builtin.package: @@ -64,7 +82,10 @@ - elasticstack_version == "latest" - ansible_os_family == "RedHat" - not elasticstack_full_stack | bool - + tags: + - metricbeat + - latest + - rpm - name: Install Metricbeat latest version - deb ansible.builtin.package: @@ -76,6 +97,10 @@ - elasticstack_version is defined - elasticstack_version == "latest" - ansible_os_family == "Debian" + tags: + - metricbeat + - latest + - deb - name: Configure Metricbeat ansible.builtin.template: @@ -86,6 +111,10 @@ mode: 0644 notify: - Restart Metricbeat + tags: + - configuration + - beats_metricbeat_configuration + - beats_configuration - name: Enable modules ansible.builtin.command: "metricbeat modules enable {{ item }}" @@ -93,6 +122,9 @@ creates: "/etc/metricbeat/modules.d/{{ item }}.yml" with_items: "{{ beats_metricbeat_modules }}" when: beats_metricbeat_modules is defined + tags: + - metricbeat + - metricbeat_enable_module - name: Enable Ingest Pipelines ansible.builtin.command: > @@ -106,6 +138,9 @@ when: - beats_metricbeat_modules is defined - beats_metricbeat_output == "elasticsearch" + tags: + - metricbeat + - metricbeat_ingest_pipelines - name: Start Metricbeat ansible.builtin.service: @@ -113,3 +148,6 @@ state: started enabled: true when: beats_metricbeat_enable | bool + tags: + - metricbeat + - metricbeat_start From 8969868ccc99a0a170bada0f0e1e1c4fda3e0541 Mon Sep 17 00:00:00 2001 From: David Okon Date: Tue, 17 Feb 2026 12:29:15 +0100 Subject: [PATCH 11/11] added tagging to filebeat role --- roles/beats/tasks/filebeat.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/roles/beats/tasks/filebeat.yml b/roles/beats/tasks/filebeat.yml index 0fbce0cb..3ffce5fe 100644 --- a/roles/beats/tasks/filebeat.yml +++ b/roles/beats/tasks/filebeat.yml @@ -9,6 +9,9 @@ elasticstack_version | string ) if (elasticstack_version is defined and elasticstack_version | length > 0)) | replace(' ', '') }} + tags: + - filebeat + - name - name: Install Filebeat - rpm - full stack ansible.builtin.package: @@ -20,6 +23,9 @@ when: - ansible_os_family == "RedHat" - elasticstack_full_stack | bool + tags: + - filebeat + - rpm - name: Install Filebeat - rpm - standalone ansible.builtin.package: @@ -29,6 +35,10 @@ when: - ansible_os_family == "RedHat" - not elasticstack_full_stack | bool + tags: + - filebeat + - standalone + - rpm - name: Install Filebeat - deb ansible.builtin.package: @@ -37,6 +47,9 @@ - Restart Filebeat when: - ansible_os_family == "Debian" + tags: + - filebeat + - deb - name: Install Filebeat latest version - rpm - full stack ansible.builtin.package: @@ -51,6 +64,10 @@ - elasticstack_version == "latest" - ansible_os_family == "RedHat" - elasticstack_full_stack | bool + tags: + - filebeat + - fullstack + - rpm - name: Install Filebeat latest version - rpm - standalone ansible.builtin.package: @@ -63,6 +80,10 @@ - elasticstack_version == "latest" - ansible_os_family == "RedHat" - not elasticstack_full_stack | bool + tags: + - filebeat + - latest + - rpm - name: Install Filebeat latest version - deb ansible.builtin.package: @@ -74,6 +95,10 @@ - elasticstack_version is defined - elasticstack_version == "latest" - ansible_os_family == "Debian" + tags: + - filebeat + - latest + - deb - name: Configure Filebeat ansible.builtin.template: @@ -122,6 +147,9 @@ with_items: "{{ beats_filebeat_modules }}" notify: - Restart Filebeat + tags: + - filebeat + - setup - name: Start Filebeat ansible.builtin.service: @@ -129,3 +157,6 @@ state: started enabled: true when: beats_filebeat_enable | bool + tags: + - filebeat + - start