Elasticsearch

This role is intended to deploy Elasticsearch node, you have some variables that can be used to customize the installation:

  • elasticsearch_network_host: defines listen ip address (default: 127.0.0.1).

  • elasticsearch_http_port: defines listen port (default: 9200).

  • elasticsearch_jvm_xms: amount of memory for java (default: null).

  • elastic_stack_version: defines elk version to be installed.

You can create a YAML file wazuh-elastic.yml to be used by Ansible playbook:

- hosts: elasticsearch
  roles:
  - ansible-role-elasticsearch

You can set your custom variable definitions for different environments, for example:

  1. For production enviroment vars-production.yml:

elasticsearch_network_host: '10.1.1.10'
  1. For development enviroment vars-development.yml:

elasticsearch_network_host: '192.168.0.10'

Next, run the ansible playbook:

$ ansible-playbook wazuh-elastic.yml -e@vars-production.yml

The example above will install Elasticsearch and set the listen address to: 10.1.1.10 using vars-production.yml.

Please review the references section to see all variables available for this role.