Configure Kibana to use its own VIP
This change modifies the deployment manifests to use the Kibana VIP address instead of the one allocated for Elasticsearch. It allows then the deployer to expose the Kibana dashboard on the public network using network templates if needed. Change-Id: I8debb43e3e382a7319a70643116572a7e50cb246 DocImpact: document the Kibana VIP address Implements-blueprint: kibana-grafana-public-ip-access Depends-On: Icdf9315239a8fde8b0528f555a89adf0374c408f
This commit is contained in:
parent
521cf50a22
commit
2d74feb3d5
|
@ -19,24 +19,27 @@ $kibana_backend_port = hiera('lma::elasticsearch::apache_port')
|
|||
$kibana_backend_viewer_port = hiera('lma::elasticsearch::apache_viewer_port')
|
||||
$kibana_frontend_port = hiera('lma::elasticsearch::kibana_frontend_port')
|
||||
$kibana_frontend_viewer_port = hiera('lma::elasticsearch::kibana_frontend_viewer_port')
|
||||
$vip = hiera('lma::elasticsearch::vip')
|
||||
$es_vip = hiera('lma::elasticsearch::vip')
|
||||
$kibana_vip = hiera('lma::kibana::vip')
|
||||
|
||||
$nodes_ips = hiera('lma::elasticsearch::nodes')
|
||||
$nodes_names = prefix(range(1, size($nodes_ips)), 'server_')
|
||||
$es_nodes_ips = hiera('lma::elasticsearch::nodes')
|
||||
$es_nodes_names = prefix(range(1, size($es_nodes_ips)), 'server_')
|
||||
$kibana_nodes_ips = hiera('lma::kibana::nodes')
|
||||
$kibana_nodes_names = prefix(range(1, size($kibana_nodes_ips)), 'server_')
|
||||
|
||||
Openstack::Ha::Haproxy_service {
|
||||
server_names => $nodes_names,
|
||||
ipaddresses => $nodes_ips,
|
||||
public => false,
|
||||
public_ssl => false,
|
||||
internal => true,
|
||||
internal_virtual_ip => $vip,
|
||||
}
|
||||
|
||||
$es_haproxy_service = hiera('lma::elasticsearch::es_haproxy_service')
|
||||
openstack::ha::haproxy_service { $es_haproxy_service:
|
||||
order => '920',
|
||||
internal_virtual_ip => $es_vip,
|
||||
listen_port => $es_port,
|
||||
server_names => $es_nodes_names,
|
||||
ipaddresses => $es_nodes_ips,
|
||||
balancermember_port => $es_port,
|
||||
balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3',
|
||||
haproxy_config_options => {
|
||||
|
@ -53,7 +56,10 @@ if $kibana_tls['enabled'] {
|
|||
order => '921',
|
||||
internal_ssl => true,
|
||||
internal_ssl_path => $kibana_tls['cert_file_path'],
|
||||
internal_virtual_ip => $kibana_vip,
|
||||
listen_port => $kibana_frontend_port,
|
||||
server_names => $kibana_nodes_names,
|
||||
ipaddresses => $kibana_nodes_ips,
|
||||
balancermember_port => $kibana_backend_port,
|
||||
balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3',
|
||||
haproxy_config_options => {
|
||||
|
@ -67,7 +73,10 @@ if $kibana_tls['enabled'] {
|
|||
order => '922',
|
||||
internal_ssl => true,
|
||||
internal_ssl_path => $kibana_tls['cert_file_path'],
|
||||
internal_virtual_ip => $kibana_vip,
|
||||
listen_port => $kibana_frontend_viewer_port,
|
||||
server_names => $kibana_nodes_names,
|
||||
ipaddresses => $kibana_nodes_ips,
|
||||
balancermember_port => $kibana_backend_viewer_port,
|
||||
balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3',
|
||||
haproxy_config_options => {
|
||||
|
@ -81,7 +90,10 @@ if $kibana_tls['enabled'] {
|
|||
} else {
|
||||
openstack::ha::haproxy_service { 'kibana':
|
||||
order => '921',
|
||||
internal_virtual_ip => $kibana_vip,
|
||||
listen_port => $kibana_frontend_port,
|
||||
server_names => $kibana_nodes_names,
|
||||
ipaddresses => $kibana_nodes_ips,
|
||||
balancermember_port => $kibana_backend_port,
|
||||
balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3',
|
||||
haproxy_config_options => {
|
||||
|
@ -93,7 +105,10 @@ if $kibana_tls['enabled'] {
|
|||
if $authnz['ldap_enabled'] and $authnz['ldap_authorization_enabled'] {
|
||||
openstack::ha::haproxy_service { 'kibana-viewer':
|
||||
order => '922',
|
||||
internal_virtual_ip => $kibana_vip,
|
||||
listen_port => $kibana_frontend_viewer_port,
|
||||
server_names => $kibana_nodes_names,
|
||||
ipaddresses => $kibana_nodes_ips,
|
||||
balancermember_port => $kibana_backend_viewer_port,
|
||||
balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3',
|
||||
haproxy_config_options => {
|
||||
|
|
|
@ -21,7 +21,7 @@ prepare_network_config($network_scheme)
|
|||
|
||||
$elasticsearch_kibana = hiera_hash('elasticsearch_kibana')
|
||||
$hiera_file = '/etc/hiera/plugins/elasticsearch_kibana.yaml'
|
||||
$listen_address = get_network_role_property('elasticsearch', 'ipaddr')
|
||||
$es_listen_address = get_network_role_property('elasticsearch', 'ipaddr')
|
||||
$es_nodes = get_nodes_hash_by_roles($network_metadata, ['elasticsearch_kibana', 'primary-elasticsearch_kibana'])
|
||||
$es_addresses_map = get_node_to_ipaddr_map_by_network_role($es_nodes, 'elasticsearch')
|
||||
$es_ip_addresses = sort(values($es_addresses_map))
|
||||
|
@ -29,7 +29,18 @@ $es_nodes_count = count($es_nodes)
|
|||
if ! $network_metadata['vips']['es_vip_mgmt'] {
|
||||
fail('Elasticsearch VIP is not defined')
|
||||
}
|
||||
$vip = $network_metadata['vips']['es_vip_mgmt']['ipaddr']
|
||||
$elasticsearch_vip = $network_metadata['vips']['es_vip_mgmt']['ipaddr']
|
||||
|
||||
# For security reasons (eg not exposing Kibana directly on the public network),
|
||||
# only the Kibana VIP should listen on the 'kibana' network and the Kibana
|
||||
# services themselves should listen on the 'elasticsearch' network which is an
|
||||
# equivalent of the management network for OpenStack.
|
||||
$kibana_listen_address = $es_listen_address
|
||||
$kibana_ip_addresses = $es_ip_addresses
|
||||
if ! $network_metadata['vips']['kibana'] {
|
||||
fail('Kibana VIP is not defined')
|
||||
}
|
||||
$kibana_vip = $network_metadata['vips']['kibana']['ipaddr']
|
||||
|
||||
if is_integer($elasticsearch_kibana['number_of_replicas']) and $elasticsearch_kibana['number_of_replicas'] < $es_nodes_count {
|
||||
$number_of_replicas = 0 + $elasticsearch_kibana['number_of_replicas']
|
||||
|
@ -127,9 +138,9 @@ $calculated_content = inline_template('
|
|||
lma::corosync_roles:
|
||||
- primary-elasticsearch_kibana
|
||||
- elasticsearch_kibana
|
||||
lma::elasticsearch::vip: <%= @vip %>
|
||||
lma::elasticsearch::vip: <%= @elasticsearch_vip %>
|
||||
lma::elasticsearch::es_haproxy_service: elasticsearch-rest
|
||||
lma::elasticsearch::listen_address: <%= @listen_address%>
|
||||
lma::elasticsearch::listen_address: <%= @es_listen_address%>
|
||||
<% if @tls_enabled -%>
|
||||
lma::elasticsearch::kibana_frontend_port: 443
|
||||
lma::elasticsearch::kibana_frontend_viewer_port: 8443
|
||||
|
@ -158,6 +169,12 @@ lma::elasticsearch::jvm_size: <%= @elasticsearch_kibana["jvm_heap_size"] %>
|
|||
lma::elasticsearch::instance_name: <%= @instance_name %>
|
||||
lma::elasticsearch::node_name: "<%= @fqdn %>_es-01"
|
||||
lma::elasticsearch::cluster_name: lma
|
||||
lma::kibana::vip: <%= @kibana_vip %>
|
||||
lma::kibana::listen_address: <%= @kibana_listen_address%>
|
||||
lma::kibana::nodes:
|
||||
<% @kibana_ip_addresses.each do |x| -%>
|
||||
- "<%= x %>"
|
||||
<% end -%>
|
||||
lma::kibana::tls:
|
||||
enabled: <%= @tls_enabled %>
|
||||
<% if @tls_enabled -%>
|
||||
|
|
|
@ -16,7 +16,8 @@ notice('fuel-plugin-elasticsearch-kibana: provision_services.pp')
|
|||
|
||||
$deployment_id = hiera('deployment_id')
|
||||
$master_ip = hiera('master_ip')
|
||||
$vip = hiera('lma::elasticsearch::vip')
|
||||
$es_vip = hiera('lma::elasticsearch::vip')
|
||||
$kibana_vip = hiera('lma::kibana::vip')
|
||||
$kibana_viewer_port = hiera('lma::elasticsearch::kibana_frontend_viewer_port')
|
||||
$es_port = hiera('lma::elasticsearch::rest_port')
|
||||
$number_of_replicas = hiera('lma::elasticsearch::number_of_replicas')
|
||||
|
@ -33,14 +34,14 @@ if $kibana_tls['enabled'] {
|
|||
$kibana_hostname = $kibana_tls['hostname']
|
||||
if $two_links {
|
||||
$kibana_link_data = "{\"title\":\"Kibana (Admin role)\",\
|
||||
\"description\":\"Dashboard for visualizing logs and notifications (${kibana_hostname}: ${protocol}://${vip})\",\
|
||||
\"description\":\"Dashboard for visualizing logs and notifications (${kibana_hostname}: ${protocol}://${kibana_vip})\",\
|
||||
\"url\":\"${protocol}://${kibana_hostname}\"}"
|
||||
$kibana_link_viewer_data = "{\"title\":\"Kibana (Viewer role)\",\
|
||||
\"description\":\"Dashboard for visualizing logs and notifications (${kibana_hostname}: ${protocol}://${vip}:${kibana_viewer_port})\",\
|
||||
\"description\":\"Dashboard for visualizing logs and notifications (${kibana_hostname}: ${protocol}://${kibana_vip}:${kibana_viewer_port})\",\
|
||||
\"url\":\"${protocol}://${kibana_hostname}:${kibana_viewer_port}/\"}"
|
||||
} else {
|
||||
$kibana_link_data = "{\"title\":\"Kibana\",\
|
||||
\"description\":\"Dashboard for visualizing logs and notifications (${kibana_hostname}: ${protocol}://${vip})\",\
|
||||
\"description\":\"Dashboard for visualizing logs and notifications (${kibana_hostname}: ${protocol}://${kibana_vip})\",\
|
||||
\"url\":\"${protocol}://${kibana_hostname}\"}"
|
||||
}
|
||||
} else {
|
||||
|
@ -48,24 +49,24 @@ if $kibana_tls['enabled'] {
|
|||
if $two_links {
|
||||
$kibana_link_data = "{\"title\":\"Kibana (Admin role)\",\
|
||||
\"description\":\"Dashboard for visualizing logs and notifications\",\
|
||||
\"url\":\"${protocol}://${vip}\"}"
|
||||
\"url\":\"${protocol}://${kibana_vip}\"}"
|
||||
$kibana_link_viewer_data = "{\"title\":\"Kibana (Viewer role)\",\
|
||||
\"description\":\"Dashboard for visualizing logs and notifications\",\
|
||||
\"url\":\"${protocol}://${vip}:${kibana_viewer_port}/\"}"
|
||||
\"url\":\"${protocol}://${kibana_vip}:${kibana_viewer_port}/\"}"
|
||||
} else {
|
||||
$kibana_link_data = "{\"title\":\"Kibana\",\
|
||||
\"description\":\"Dashboard for visualizing logs and notifications\",\
|
||||
\"url\":\"${protocol}://${vip}\"}"
|
||||
\"url\":\"${protocol}://${kibana_vip}\"}"
|
||||
}
|
||||
}
|
||||
|
||||
lma_logging_analytics::es_template { ['log', 'notification']:
|
||||
number_of_replicas => $number_of_replicas,
|
||||
host => $vip,
|
||||
host => $es_vip,
|
||||
port => $es_port,
|
||||
} ->
|
||||
class { 'lma_logging_analytics::curator':
|
||||
host => $vip,
|
||||
host => $es_vip,
|
||||
port => $es_port,
|
||||
retention_period => hiera('lma::elasticsearch::retention_period'),
|
||||
prefixes => ['log', 'notification'],
|
||||
|
|
Loading…
Reference in New Issue