This cookbook installs and configures Elastic Stack. Please note that it's not obligatory to install the whole stack, recipes can work independently.
api.rb
: declare API credentials for all manager installedjvm.rb
: declare the amount of memory RAM JVM will usepaths.rb
: initialize different paths used during installationversions.rb
: versions for Wazuh and ELKelasticsearch.yml.rb
: customize YAML configuration file for Elasticsearchfilebeat.yml.rb
: customize YAML configuration file for Filebeat
Create a role, elastic-stack
. Modify attributes to customize the installation.
{
"name": "elastic-stack",
"description": "Elastic Stack role",
"json_class": "Chef::Role",
"default_attributes": {
},
"override_attributes": {
},
"chef_type": "role",
"run_list": [
"recipe[elastic-stack::default]"
],
"env_run_lists": {
}
}
Declares all recipes in the cookbook and installs the whole Elastic Stack.
Installs Elasticsearch package and configures elasticsearch.yml.
Declares elastic repository and GPG key URLs.
Installs Kibana packages and configures kibana.yml. Also install and configures Wazuh Kibana plugin.
ES implements a big change on how clusters are formed and the communication between them. You can check full details here A-new-era-for-cluster-coordination-in-elasticsearch
Elastic adds new parameters that customize the cluster formation: discovery.seed_hosts
. discovery.host_provider
and cluster.initial_master_nodes
You can find more information about such attributes here: Discovery and cluster formation settings
In order to make Chef compatible Elasticsearch 7.x, two new attributes could be added.
['elastic']['yml']['discovery']
: This option let you set the full line in the elasticsearch.yml file so you can declare it to:
['elastic']['yml']['discovery']['seed_hosts']: <IP>"
['elastic']['yml']['discovery']['seed_providers']: <DNS>"
['elastic']['yml']['discovery']['type']: single-node"
['elastic']['yml']['cluster']['initial_master_nodes']
: Allows to insert the whole line for the initial master nodes. Usage example:
['elastic']['yml']['cluster']['initial_master_nodes']: "['<IP>']"
One example of the previously stated configuration would be the following:
The hereunder example shows a simple configuration override for initial_master_nodes
variable:
{
"name": "elastic-stack",
"description": "Elastic Stack role",
"json_class": "Chef::Role",
"default_attributes": {
},
"override_attributes": {
"elastic": {
"yml": {
"cluster": {
"initial_master_nodes": "192.168.0.1"
}
}
}
},
"chef_type": "role",
"run_list": [
"recipe[elastic-stack::default]"
],
"env_run_lists": {
}
}
Check https://documentation.wazuh.com/current/learning-wazuh/build-lab/install-elastic-stack.html for more information about how to install Elastic Stack.