openstack-ansible-ops/elk_metrics_6x/installAuditbeat.yml

---
- name: Install Auditbeat
  hosts: hosts
  become: true
  vars:
    haproxy_ssl: false

  vars_files:
    - vars/variables.yml

  environment: "{{ deployment_environment_variables | default({}) }}"

  pre_tasks:
    - include_tasks: common_task_data_node_hosts.yml

  tasks:
    - include_tasks: common_task_install_elk_repo.yml

    - name: Ensure Auditbeat is installed
      apt:
        name: "{{ item }}"
        state: "{{ elk_package_state | default('present') }}"
        update_cache: true
      with_items:
        - audispd-plugins
        - auditbeat
      tags:
        - package_install

    - name: exit playbook after uninstall
      meta: end_play
      when:
        - elk_package_state | default('present') == 'absent'

  post_tasks:
    - name: Drop auditbeat conf file
      template:
        src: templates/auditbeat.yml.j2
        dest: /etc/auditbeat/auditbeat.yml

    - name: Stop auditd
      systemd:
        name: "auditd"
        enabled: "{{ not inventory_hostname in groups['kibana'] | default([]) }}"
        state: stopped
      when:
        - not apply_security_hardening | default(true) | bool

    - name: Enable and restart auditbeat
      systemd:
        name: "auditbeat"
        enabled: "{{ not inventory_hostname in groups['kibana'] | default([]) }}"
        state: restarted

  tags:
    - beat-install

- import_playbook: setupAuditbeat.yml