Set new API configuration behavior

roles/elastic-stack/ansible-kibana/defaults/main.yml

@@ -9,6 +9,14 @@ elastic_stack_version: 7.5.1
 wazuh_version: 3.11.0
 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp
 
+# API credentials
+api_auth:
+  - api_id: "default"
+    api_url: "http://localhost"
+    api_port: 55000
+    api_user: "foo"
+    api_password: "bar"
+
 # Xpack Security
 kibana_xpack_security: false
 

roles/elastic-stack/ansible-kibana/tasks/main.yml

@@ -134,6 +134,31 @@
   when:
     - not build_from_sources
 
+- name: Wait for Elasticsearch port
+  wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }}
+
+- name: Select correct API protocol
+  set_fact:
+    elastic_api_protocol: "{% if kibana_xpack_security %}https{% else %}http{% endif %}"
+
+- name: Attempting to delete legacy Wazuh index if exists
+  uri:
+    url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh"
+    method: DELETE
+    user: "{{ elasticsearch_xpack_security_user }}"
+    password: "{{ elasticsearch_xpack_security_password }}"
+    validate_certs: no
+    status_code: 200, 404
+  ignore_errors: yes
+
+- name: Configure Wazuh Plugin
+  template:
+    src: wazuh.yml.j2
+    dest: /usr/share/kibana/plugins/wazuh/wazuh.yml
+    owner: kibana
+    group: root
+    mode: 0644
+
 - name: Reload systemd configuration
   systemd:
     daemon_reload: true

roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2

@@ -0,0 +1,134 @@
+---
+#
+# Wazuh app - App configuration file
+# Copyright (C) 2015-2019 Wazuh, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Find more information about this on the LICENSE file.
+#
+# ======================== Wazuh app configuration file ========================
+#
+# Please check the documentation for more information on configuration options:
+# https://documentation.wazuh.com/current/installation-guide/index.html
+#
+# Also, you can check our repository:
+# https://github.com/wazuh/wazuh-kibana-app
+#
+# ------------------------------- Index patterns -------------------------------
+#
+# Default index pattern to use.
+#pattern: wazuh-alerts-3.x-*
+#
+# ----------------------------------- Checks -----------------------------------
+#
+# Defines which checks must to be consider by the healthcheck
+# step once the Wazuh app starts. Values must to be true or false.
+#checks.pattern : true
+#checks.template: true
+#checks.api     : true
+#checks.setup   : true
+#
+# --------------------------------- Extensions ---------------------------------
+#
+# Defines which extensions should be activated when you add a new API entry.
+# You can change them after Wazuh app starts.
+# Values must to be true or false.
+#extensions.pci       : true
+#extensions.gdpr      : true
+#extensions.hipaa     : true
+#extensions.nist      : true
+#extensions.audit     : true
+#extensions.oscap     : false
+#extensions.ciscat    : false
+#extensions.aws       : false
+#extensions.virustotal: false
+#extensions.osquery   : false
+#extensions.docker    : false
+#
+# ---------------------------------- Time out ----------------------------------
+#
+# Defines maximum timeout to be used on the Wazuh app requests.
+# It will be ignored if it is bellow 1500.
+# It means milliseconds before we consider a request as failed.
+# Default: 20000
+#timeout: 20000
+#
+# ------------------------------ Advanced indices ------------------------------
+#
+# Configure .wazuh indices shards and replicas.
+#wazuh.shards          : 1
+#wazuh.replicas        : 0
+#
+# --------------------------- Index pattern selector ---------------------------
+#
+# Defines if the user is allowed to change the selected
+# index pattern directly from the Wazuh app top menu.
+# Default: true
+#ip.selector: true
+#
+# List of index patterns to be ignored
+#ip.ignore: []
+#
+# -------------------------------- X-Pack RBAC ---------------------------------
+#
+# Custom setting to enable/disable built-in X-Pack RBAC security capabilities.
+# Default: enabled
+#xpack.rbac.enabled: true
+#
+# ------------------------------ wazuh-monitoring ------------------------------
+#
+# Custom setting to enable/disable wazuh-monitoring indices.
+# Values: true, false, worker
+# If worker is given as value, the app will show the Agents status
+# visualization but won't insert data on wazuh-monitoring indices.
+# Default: true
+#wazuh.monitoring.enabled: true
+#
+# Custom setting to set the frequency for wazuh-monitoring indices cron task.
+# Default: 900 (s)
+#wazuh.monitoring.frequency: 900
+#
+# Configure wazuh-monitoring-3.x-* indices shards and replicas.
+#wazuh.monitoring.shards: 2
+#wazuh.monitoring.replicas: 0
+#
+# Configure wazuh-monitoring-3.x-* indices custom creation interval.
+# Values: h (hourly), d (daily), w (weekly), m (monthly)
+# Default: d
+#wazuh.monitoring.creation: d
+#
+# Default index pattern to use for Wazuh monitoring
+#wazuh.monitoring.pattern: wazuh-monitoring-3.x-*
+#
+#
+# ------------------------------- App privileges --------------------------------
+#admin: true
+#
+# ------------------------------- App logging level -----------------------------
+# Set the logging level for the Wazuh App log files.
+# Default value: info
+# Allowed values: info, debug
+#logs.level: info
+#
+#-------------------------------- API entries -----------------------------------
+#The following configuration is the default structure to define an API entry.
+#
+#hosts:
+#  - <id>:
+#     url: http(s)://<url>
+#     port: <port>
+#     user: <user>
+#     password: <password>
+
+hosts:
+{% for api in api_auth %}
+  - {{ api['api_id'] }}:
+      url: {{ api['api_url'] }}
+      port: {{ api['api_port'] }}
+      user: {{ api['api_user'] }}
+      password: {{ api['api_password'] }}
+{% endfor %}