Initial commit

This commit is contained in:
Tyler Hale 2023-04-04 14:18:31 -06:00
parent 2563526115
commit f672b9705c
Signed by: Tyler
GPG key ID: C7CC4B910D88EF96
8 changed files with 276 additions and 9 deletions

View file

@ -1,19 +1,46 @@
# Ansible-Kibana # Ansible-Kibana
Installs and configures a RHEL based machine as a Kibana server
## Role Variables
## Requirements | Variable | Required | Default | Choices | Comments |
| ----------------------------------------- | -------- | ----------------------- | ----------------------------- | ------------------------------------------------------------ |
## Variables | kibana_server_port | Yes | "5601" | | |
| kibana_server_host | Yes | "0.0.0.0" | | |
| Variable | Required | Default | Choices | Description | | kibana_elasticsearch_url | Yes | "http://localhost:9200" | | |
| -------- | -------- | ------- | ------- | ----------- | | kibana_elasticsearch_username | No | "" | | |
| | | | | | | kibana_elasticsearch_password | No | "" | | |
| kibana_server_ssl_enabled | No | "" | | |
| kibana_server_ssl_certificate | No | "" | | |
| kibana_server_ssl_key | No | "" | | |
| kibana_elasticsearch_ssl_verificationMode | No | "" | "full", "certificate", "none" | Default is undefined/full |
| kibana_firewall_access | No | "" | | Defines IPs that should be allowed access to the kibana port |
## Example ## Example
---
Execute playbook against multiple Kibana frontends with a single elasticsearch server
`ansible-playbook -i hosts site.yml`
```yaml
---
# file: hosts
kibana:
hosts:
ki01:
ansible_host: 192.168.0.10
ki02:
ansible_host: 192.168.0.11
vars:
kibana_elasticsearch_url: "http://10.1.1.19:9200"
kibana_firewall_access:
- "10.1.1.1"
- "10.1.1.254"
```
## License ## License
See LICENSE file for full license information. See LICENSE file for full license information.
## Screenshots

14
hosts.yml Normal file
View file

@ -0,0 +1,14 @@
---
# file: hosts.yml
kibana:
hosts:
kpi-opsmon01:
ansible_host: 10.1.25.71
vars:
ansible_user: ansible
kibana_elasticsearch_url: "http://10.1.1.20:9200"
kibana_firewall_access:
- "10.1.1.62/24"
- "10.1.1.75/24"

7
kibana.yml Normal file
View file

@ -0,0 +1,7 @@
---
# file: kibana.yml
- hosts: kibana
become: true
roles:
- kibana

View file

@ -0,0 +1,18 @@
---
# file: roles/kibana/defaults/main.yml
kibana_server_port: "5601"
kibana_server_host: "0.0.0.0"
kibana_elasticsearch_url: "http://localhost:9200"
kibana_elasticsearch_username: ""
kibana_elasticsearch_password: ""
kibana_server_ssl_enabled: ""
kibana_server_ssl_certificate: ""
kibana_server_ssl_key: ""
kibana_es_version: "8"
kibana_elasticsearch_ssl_verificationMode: ""
kibana_firewall_access: ""

View file

@ -0,0 +1,13 @@
---
# file: roles/kibana/handlers/main.yml
- name: Reload firewalld
service:
name: firewalld
state: reloaded
- name: Restart Kibana
service:
name: kibana
state: restarted
become: yes

View file

@ -0,0 +1,41 @@
---
# file: roles/kibana/tasks/main.yml
- name: Add elasticsearch repo
yum_repository:
name: elasticsearch
description: "Elasticsearch repository for {{ kibana_es_version }}.x packages"
baseurl: "https://artifacts.elastic.co/packages/{{ kibana_es_version }}.x/yum"
gpgcheck: false
gpgkey: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
state: present
- name: Install Kibana
package:
name: kibana
state: latest
- name: Ensure Kibana is running and enabled
service:
name: kibana
state: started
enabled: true
- name: Enforce the Kibana configuration
template:
src: kibana.yml.j2
dest: /etc/kibana/kibana.yml
owner: root
group: root
mode: 0644
notify: Restart Kibana
- name: Allow firewall access for approved devices
firewalld:
rich_rule: 'rule family=ipv4 source address={{ item }} port port={{ kibana_server_port }} protocol=tcp accept'
permanent: yes
immediate: yes
state: enabled
loop: "{{ kibana_firewall_access }}"
notify: Reload firewalld
when: kibana_firewall_access != ""

View file

@ -0,0 +1,142 @@
# {{ ansible_managed }}
# Kibana is served by a back end server. This setting specifies the port to use.
{% if kibana_server_port != "5601" %}
server.port: {{ kibana_server_port }}
{% else %}
#server.port: 5601
{% endif %}
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "{{ kibana_server_host }}"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false
# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576
# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["{{ kibana_elasticsearch_url }}"]
# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true
# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"
# The default application to load.
#kibana.defaultAppId: "home"
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
{% if kibana_elasticsearch_username and kibana_elasticsearch_password %}
elasticsearch.username: "{{ kibana_elasticsearch_username }}"
elasticsearch.password: "{{ kibana_elasticsearch_password }}"
{% else %}
#elasticsearch.username: "kibana_system"
#elasticsearch.password: "pass"
{% endif %}
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
{% if kibana_server_ssl_enabled %}
server.ssl.enabled: "{{ kibana_server_ssl_enabled }}"
{% else %}
#server.ssl.enabled: false
{% endif %}
{% if kibana_server_ssl_certificate %}
server.ssl.certificate: "{{ kibana_server_ssl_certificate }}"
{% else %}
#server.ssl.certificate: /path/to/your/server.crt
{% endif %}
{% if kibana_server_ssl_key %}
server.ssl.key: "{{ kibana_server_ssl_key }}"
{% else %}
#server.ssl.key: /path/to/your/server.key
{% endif %}
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
{% if kibana_elasticsearch_ssl_verificationMode %}
elasticsearch.ssl.verificationMode: {{ kibana_elasticsearch_ssl_verificationMode }}
{% else %}
#elasticsearch.ssl.verificationMode: full
{% endif %}
# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]
# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}
# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000
# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000
# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false
# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid
# Enables you to specify a file where Kibana stores log output.
#logging.dest: stdout
# Set the value of this setting to true to suppress all logging output.
#logging.silent: false
# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false
# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"

5
site.yml Normal file
View file

@ -0,0 +1,5 @@
---
# file: site.yml
## This playbook deploys the whole application stack in this site.
- import_playbook: kibana.yml