Add Packetbeat

1 files changed, 64 insertions, 0 deletions

diff --git a/roles/packetbeat/tasks/main.yml b/roles/packetbeat/tasks/main.yml
new file mode 100644
index 0000000..8811373
--- /dev/null
+++ b/roles/packetbeat/tasks/main.yml
@@ -0,0 +1,64 @@
+---
+- name: Install libpcap0.8
+  package:
+    name: libpcap0.8
+    state: present
+  tags:
+    - role::packetbeat
+
+- name: Install GPG
+  package:
+    name: gpg
+    state: present
+  tags:
+    - role::packetbeat
+
+- name: Install Elasticsearch signing key
+  shell: >-
+    wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch |
+    gpg --yes --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
+  args:
+    creates: /usr/share/keyrings/elasticsearch-keyring.gpg
+  tags:
+    - role::packetbeat
+
+- name: Add Elasticsearch repository to apt
+  copy:
+    content: >-
+      deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg]
+      https://artifacts.elastic.co/packages/8.x/apt stable main
+    dest: /etc/apt/sources.list.d/elastic-8.x.list
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    - role::packetbeat
+  register: add_packetbeat_repo
+
+- name: Install Packetbeat
+  apt:
+    pkg: packetbeat
+    state: present
+    update_cache: "{{ add_packetbeat_repo.changed }}"
+  tags:
+    - role::packetbeat
+
+- name: Configure Packetbeat
+  template:
+    src: packetbeat.yml.j2
+    dest: /etc/packetbeat/packetbeat.yml
+    mode: 0644
+    owner: root
+    group: root
+  tags:
+    - role::packetbeat
+  notify:
+    - restart packetbeat
+
+- name: Start and enable Packetbeat
+  service:
+    name: packetbeat
+    state: started
+    enabled: true
+  tags:
+    - role::packetbeat