Initial commit

2023-04-04 14:18:31 -06:00 · 2023-04-04 14:18:31 -06:00 · f672b9705c
commit f672b9705c
parent 2563526115
8 changed files with 276 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -1,19 +1,46 @@
 # Ansible-Kibana
 Installs and configures a RHEL based machine as a Kibana server
 ## Role Variables
-## Requirements
+|                 Variable                  | Required |         Default         |            Choices            |                           Comments                           |
-
+| ----------------------------------------- | -------- | ----------------------- | ----------------------------- | ------------------------------------------------------------ |
-## Variables
+| kibana_server_port                        | Yes      | "5601"                  |                               |                                                              |
-
+| kibana_server_host                        | Yes      | "0.0.0.0"               |                               |                                                              |
-| Variable | Required | Default | Choices | Description |
+| kibana_elasticsearch_url                  | Yes      | "http://localhost:9200" |                               |                                                              |
-| -------- | -------- | ------- | ------- | ----------- |
+| kibana_elasticsearch_username             | No       | ""                      |                               |                                                              |
-|          |          |         |         |             |
+| kibana_elasticsearch_password             | No       | ""                      |                               |                                                              |
 | kibana_server_ssl_enabled                 | No       | ""                      |                               |                                                              |
 | kibana_server_ssl_certificate             | No       | ""                      |                               |                                                              |
 | kibana_server_ssl_key                     | No       | ""                      |                               |                                                              |
 | kibana_elasticsearch_ssl_verificationMode | No       | ""                      | "full", "certificate", "none" | Default is undefined/full                                    |
 | kibana_firewall_access                    | No       | ""                      |                               | Defines IPs that should be allowed access to the kibana port |
 ## Example
 ---
 Execute playbook against multiple Kibana frontends with a single elasticsearch server
 `ansible-playbook -i hosts site.yml`
 ```yaml
 ---
 # file: hosts
 kibana:
  hosts:
    ki01:
      ansible_host: 192.168.0.10
    ki02:
      ansible_host: 192.168.0.11
  vars:
    kibana_elasticsearch_url: "http://10.1.1.19:9200"
    kibana_firewall_access:
      - "10.1.1.1"
      - "10.1.1.254"
 ```
 ## License
 See LICENSE file for full license information.
 ## Screenshots
--- a/hosts.yml
+++ b/hosts.yml
@ -0,0 +1,14 @@
 ---
 # file: hosts.yml
 kibana:
  hosts:
    kpi-opsmon01:
      ansible_host: 10.1.25.71
  vars:
    ansible_user: ansible
    kibana_elasticsearch_url: "http://10.1.1.20:9200"
    kibana_firewall_access: 
      - "10.1.1.62/24"
      - "10.1.1.75/24"
--- a/kibana.yml
+++ b/kibana.yml
@ -0,0 +1,7 @@
 ---
 # file: kibana.yml
 - hosts: kibana
  become: true
  roles:
    - kibana
--- a/roles/kibana/defaults/main.yml
+++ b/roles/kibana/defaults/main.yml
@ -0,0 +1,18 @@
 ---
 # file: roles/kibana/defaults/main.yml
 kibana_server_port: "5601"
 kibana_server_host: "0.0.0.0"
 kibana_elasticsearch_url: "http://localhost:9200"
 kibana_elasticsearch_username: ""
 kibana_elasticsearch_password: ""
 kibana_server_ssl_enabled: ""
 kibana_server_ssl_certificate: ""
 kibana_server_ssl_key: ""
 kibana_es_version: "8"
 kibana_elasticsearch_ssl_verificationMode: ""
 kibana_firewall_access: ""
--- a/roles/kibana/handlers/main.yml
+++ b/roles/kibana/handlers/main.yml
@ -0,0 +1,13 @@
 ---
 # file: roles/kibana/handlers/main.yml
 - name: Reload firewalld
  service:
    name: firewalld
    state: reloaded
 - name: Restart Kibana
  service:
    name: kibana
    state: restarted
  become: yes
--- a/roles/kibana/tasks/main.yml
+++ b/roles/kibana/tasks/main.yml
@ -0,0 +1,41 @@
 ---
 # file: roles/kibana/tasks/main.yml
 - name: Add elasticsearch repo
  yum_repository:
    name: elasticsearch
    description: "Elasticsearch repository for {{ kibana_es_version }}.x packages"
    baseurl:  "https://artifacts.elastic.co/packages/{{ kibana_es_version }}.x/yum"
    gpgcheck: false
    gpgkey: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
    state: present
 - name: Install Kibana
  package:
    name: kibana
    state: latest
 - name: Ensure Kibana is running and enabled
  service:
    name: kibana
    state: started
    enabled: true
 - name: Enforce the Kibana configuration
  template:
    src: kibana.yml.j2
    dest: /etc/kibana/kibana.yml
    owner: root
    group: root
    mode: 0644
  notify: Restart Kibana
 - name: Allow firewall access for approved devices
  firewalld:
    rich_rule: 'rule family=ipv4 source address={{ item }} port port={{ kibana_server_port }} protocol=tcp accept'
    permanent: yes
    immediate: yes
    state: enabled
  loop: "{{ kibana_firewall_access }}"
  notify: Reload firewalld
  when: kibana_firewall_access != ""
--- a/roles/kibana/templates/kibana.yml.j2
+++ b/roles/kibana/templates/kibana.yml.j2
@ -0,0 +1,142 @@
 # {{ ansible_managed }}
 # Kibana is served by a back end server. This setting specifies the port to use.
 {% if kibana_server_port != "5601" %}
 server.port: {{ kibana_server_port }}
 {% else %}
 #server.port: 5601
 {% endif %}
 # Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
 # The default is 'localhost', which usually means remote machines will not be able to connect.
 # To allow connections from remote users, set this parameter to a non-loopback address.
 server.host: "{{ kibana_server_host }}"
 # Enables you to specify a path to mount Kibana at if you are running behind a proxy.
 # Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
 # from requests it receives, and to prevent a deprecation warning at startup.
 # This setting cannot end in a slash.
 #server.basePath: ""
 # Specifies whether Kibana should rewrite requests that are prefixed with
 # `server.basePath` or require that they are rewritten by your reverse proxy.
 # This setting was effectively always `false` before Kibana 6.3 and will
 # default to `true` starting in Kibana 7.0.
 #server.rewriteBasePath: false
 # The maximum payload size in bytes for incoming server requests.
 #server.maxPayloadBytes: 1048576
 # The Kibana server's name.  This is used for display purposes.
 #server.name: "your-hostname"
 # The URLs of the Elasticsearch instances to use for all your queries.
 elasticsearch.hosts: ["{{ kibana_elasticsearch_url }}"]
 # When this setting's value is true Kibana uses the hostname specified in the server.host
 # setting. When the value of this setting is false, Kibana uses the hostname of the host
 # that connects to this Kibana instance.
 #elasticsearch.preserveHost: true
 # Kibana uses an index in Elasticsearch to store saved searches, visualizations and
 # dashboards. Kibana creates a new index if the index doesn't already exist.
 #kibana.index: ".kibana"
 # The default application to load.
 #kibana.defaultAppId: "home"
 # If your Elasticsearch is protected with basic authentication, these settings provide
 # the username and password that the Kibana server uses to perform maintenance on the Kibana
 # index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
 # is proxied through the Kibana server.
 {% if kibana_elasticsearch_username and kibana_elasticsearch_password %}
 elasticsearch.username: "{{ kibana_elasticsearch_username }}"
 elasticsearch.password: "{{ kibana_elasticsearch_password }}"
 {% else %}
 #elasticsearch.username: "kibana_system"
 #elasticsearch.password: "pass"
 {% endif %}
 # Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
 # These settings enable SSL for outgoing requests from the Kibana server to the browser.
 {% if kibana_server_ssl_enabled %}
 server.ssl.enabled: "{{ kibana_server_ssl_enabled }}"
 {% else %}
 #server.ssl.enabled: false
 {% endif %}
 {% if kibana_server_ssl_certificate %}
 server.ssl.certificate: "{{ kibana_server_ssl_certificate }}"
 {% else %}
 #server.ssl.certificate: /path/to/your/server.crt
 {% endif %}
 {% if kibana_server_ssl_key %}
 server.ssl.key: "{{ kibana_server_ssl_key }}"
 {% else %}
 #server.ssl.key: /path/to/your/server.key
 {% endif %}
 # Optional settings that provide the paths to the PEM-format SSL certificate and key files.
 # These files are used to verify the identity of Kibana to Elasticsearch and are required when
 # xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
 #elasticsearch.ssl.certificate: /path/to/your/client.crt
 #elasticsearch.ssl.key: /path/to/your/client.key
 # Optional setting that enables you to specify a path to the PEM file for the certificate
 # authority for your Elasticsearch instance.
 #elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
 # To disregard the validity of SSL certificates, change this setting's value to 'none'.
 {% if kibana_elasticsearch_ssl_verificationMode %}
 elasticsearch.ssl.verificationMode: {{ kibana_elasticsearch_ssl_verificationMode }}
 {% else %}
 #elasticsearch.ssl.verificationMode: full
 {% endif %}
 # Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
 # the elasticsearch.requestTimeout setting.
 #elasticsearch.pingTimeout: 1500
 # Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
 # must be a positive integer.
 #elasticsearch.requestTimeout: 30000
 # List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
 # headers, set this value to [] (an empty list).
 #elasticsearch.requestHeadersWhitelist: [ authorization ]
 # Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
 # by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
 #elasticsearch.customHeaders: {}
 # Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
 #elasticsearch.shardTimeout: 30000
 # Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
 #elasticsearch.startupTimeout: 5000
 # Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
 #elasticsearch.logQueries: false
 # Specifies the path where Kibana creates the process ID file.
 #pid.file: /var/run/kibana.pid
 # Enables you to specify a file where Kibana stores log output.
 #logging.dest: stdout
 # Set the value of this setting to true to suppress all logging output.
 #logging.silent: false
 # Set the value of this setting to true to suppress all logging output other than error messages.
 #logging.quiet: false
 # Set the value of this setting to true to log all events, including system usage information
 # and all requests.
 #logging.verbose: false
 # Set the interval in milliseconds to sample system and process performance
 # metrics. Minimum is 100ms. Defaults to 5000.
 #ops.interval: 5000
 # Specifies locale to be used for all localizable strings, dates and number formats.
 # Supported languages are the following: English - en , by default , Chinese - zh-CN .
 #i18n.locale: "en"
--- a/site.yml
+++ b/site.yml
@ -0,0 +1,5 @@
 ---
 # file: site.yml
 ## This playbook deploys the whole application stack in this site.
 - import_playbook: kibana.yml