Re-add ELK deployment including bootstrapper
Change-Id: Iedac481e593c1f0df8ae9d5d5af20fb280992e94
This commit is contained in:
parent
ba1b0c15c7
commit
ebbdc7e312
|
@ -0,0 +1,23 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDzTCCArWgAwIBAgIJAMjKv/sJrt0JMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
|
||||
BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEUMBIGA1UEBwwLU2FuIEFudG9uaW8xCzAJ
|
||||
BgNVBAoMAklUMRowGAYDVQQDDBFvc2EuY29udGludW91cy5wdzEfMB0GA1UdEQwW
|
||||
SVAuMT1vc2EuY29udGludW91cy5wdzAeFw0xODAzMDIxNTM1NDZaFw0yODAyMjgx
|
||||
NTM1NDZaMH0xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEUMBIGA1UEBwwL
|
||||
U2FuIEFudG9uaW8xCzAJBgNVBAoMAklUMRowGAYDVQQDDBFvc2EuY29udGludW91
|
||||
cy5wdzEfMB0GA1UdEQwWSVAuMT1vc2EuY29udGludW91cy5wdzCCASIwDQYJKoZI
|
||||
hvcNAQEBBQADggEPADCCAQoCggEBANjzeNQOfZPLWEYXcyn4htcjli6QCT8FKU8I
|
||||
edvaPDEjefcdBmD2f49bc8RRqbB8cje/B6vAAeBfXoQKoh5HQ/rec1S2aSQsYObl
|
||||
ecaQTYKVVVUsAhbsmLf39rpqIhmKKA+qZCAJPsdtUQ2fTfwNnF2+9XhZ40LsZDse
|
||||
cCCtwM3sKq5OymZ1JsHKMp1FEJINDAiV1aekmNjoaOeCCbuEgKKiniGJ7iVp18x8
|
||||
80tGUwFq2gXrlmzYQntA80vN9MtWgnkn5KACVvE3vLpzPyKRsn5htsedmccNWGa5
|
||||
eQHgAIoaP1AI57ryZHOFQxebWCWanxm19RdekyhTeqsGSso70b8CAwEAAaNQME4w
|
||||
HQYDVR0OBBYEFHHOdo0iyJbl15Q3/61oYMMAGLH1MB8GA1UdIwQYMBaAFHHOdo0i
|
||||
yJbl15Q3/61oYMMAGLH1MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
|
||||
AAFh2mLQmGePooS/OoDNfeTORVSmq3u+l/F+5XGSSXjujY3tkl8AvXhvwVRKYFkE
|
||||
y8viOR8yTvT6kyA7jQ2Fe2g0CVK+TyxpFiXQgCxISN9zAM/E2mGiM4FXqkrkl6vs
|
||||
XacpMa7FAr1ZCp//rWT8NDPPMdq1L5BO4BEpE1tseaJSRv8SWztLpQZUic4YgvN2
|
||||
HKnG4qpuA90nrDL30uB/dQxcVad4lG9f2vXYgbjg6QMyY1s4VVd3v9w+do8GLeia
|
||||
ddlRJ6Pnmk26Kgs/0WoVVBNYVUrdo+Hk0k2BpO0/Yk+0+rz8wa+Ee4vAA3M4xT1p
|
||||
NhQjSPoo+M+vDa6hxK8/Z/c=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,185 @@
|
|||
---
|
||||
|
||||
- name: Bootstrap ELK project
|
||||
hosts: "{{ openstack_service_setup_host | default('localhost') }}"
|
||||
vars_files:
|
||||
- vars/elk.yml
|
||||
pre_tasks:
|
||||
- name: Set ansible_python_interpreter
|
||||
set_fact:
|
||||
ansible_python_interpreter: >-
|
||||
{{ openstack_service_setup_host_python_interpreter |
|
||||
default((inventory_hostname == 'localhost') |
|
||||
ternary(ansible_playbook_python,
|
||||
ansible_python['executable'])) }}
|
||||
- name: Install openstacksdk
|
||||
pip:
|
||||
name: openstacksdk
|
||||
state: latest
|
||||
tasks:
|
||||
- name: Create ELK project
|
||||
os_project:
|
||||
cloud: default
|
||||
endpoint_type: internal
|
||||
name: "{{ elk_bootstrap_auth.project_name }}"
|
||||
domain: "{{ elk_bootstrap_auth.project_domain_id }}"
|
||||
description: ELK stack
|
||||
region_name: "{{ elk_region_name }}"
|
||||
- name: Create ELK user
|
||||
os_user:
|
||||
cloud: default
|
||||
endpoint_type: internal
|
||||
description: ELK Ansible Management user
|
||||
name: "{{ elk_bootstrap_auth.username }}"
|
||||
password: "{{ elk_bootstrap_auth.password }}"
|
||||
domain: "{{ elk_bootstrap_auth.user_domain_id }}"
|
||||
region_name: "{{ elk_region_name }}"
|
||||
default_project: "{{ elk_bootstrap_auth.project_name }}"
|
||||
- name: Add ELK user to project
|
||||
os_user_role:
|
||||
cloud: default
|
||||
endpoint_type: internal
|
||||
user: "{{ elk_bootstrap_auth.username }}"
|
||||
project: "{{ elk_bootstrap_auth.project_name }}"
|
||||
role: '_member_'
|
||||
# NOTE(logan): os_project_access was not added until ansible 2.5, so this
|
||||
# cannot be used until OSA is upgraded to Rocky. Until then the flavor must
|
||||
# be bootstrapped manually.
|
||||
# - name: Create ELK flavor
|
||||
# os_nova_flavor:
|
||||
# cloud: default
|
||||
# endpoint_type: internal
|
||||
# name: "{{ elk_flavor.name }}"
|
||||
# is_public: "{{ elk_flavor.public | bool }}"
|
||||
# vcpus: "{{ elk_flavor.vcpus }}"
|
||||
# ram: "{{ elk_flavor.ram }}"
|
||||
# disk: "{{ elk_flavor.disk }}"
|
||||
# - name: Add ELK user access to flavor
|
||||
# os_project_access:
|
||||
# cloud: default
|
||||
# endpoint_type: internal
|
||||
# target_project_id: "{{ elk_bootstrap_auth.project_name }}"
|
||||
# resource_type: nova_flavor
|
||||
# resource_name: "{{ elk_flavor.name }}"
|
||||
|
||||
- name: Bootstrap ELK Infrastructure
|
||||
hosts: localhost
|
||||
gather_facts: no
|
||||
vars_files:
|
||||
- vars/elk.yml
|
||||
pre_tasks:
|
||||
- name: Install openstacksdk
|
||||
pip:
|
||||
name: openstacksdk
|
||||
tasks:
|
||||
- name: Create SSH keypair
|
||||
os_keypair:
|
||||
auth: "{{ elk_bootstrap_auth }}"
|
||||
cacert: "{{ playbook_dir }}/../continuous_cacert.pem"
|
||||
name: ELK-ansible
|
||||
public_key_file: "{{ playbook_dir }}/../ssh/id_rsa.pub"
|
||||
- name: Create All Traffic security group
|
||||
os_security_group:
|
||||
auth: "{{ elk_bootstrap_auth }}"
|
||||
cacert: "{{ playbook_dir }}/../continuous_cacert.pem"
|
||||
name: All Traffic
|
||||
description: Pass all traffic
|
||||
- name: Add All Traffic security group rules
|
||||
os_security_group_rule:
|
||||
auth: "{{ elk_bootstrap_auth }}"
|
||||
cacert: "{{ playbook_dir }}/../continuous_cacert.pem"
|
||||
security_group: All Traffic
|
||||
direction: "{{ item.direction }}"
|
||||
ethertype: "{{ item.ethertype }}"
|
||||
with_items:
|
||||
- direction: ingress
|
||||
ethertype: IPv4
|
||||
- direction: ingress
|
||||
ethertype: IPv6
|
||||
- direction: egress
|
||||
ethertype: IPv4
|
||||
- direction: egress
|
||||
ethertype: IPv6
|
||||
- name: Create ELK anti-affinity group
|
||||
os_server_group:
|
||||
auth: "{{ elk_bootstrap_auth }}"
|
||||
cacert: "{{ playbook_dir }}/../continuous_cacert.pem"
|
||||
name: "{{ elk_server_group }}"
|
||||
policies:
|
||||
- anti-affinity
|
||||
register: server_group
|
||||
- name: Create ELK instances
|
||||
os_server:
|
||||
auth: "{{ elk_bootstrap_auth }}"
|
||||
cacert: "{{ playbook_dir }}/../continuous_cacert.pem"
|
||||
name: "{{ item.name }}"
|
||||
scheduler_hints:
|
||||
group: "{{ server_group.id }}"
|
||||
image: "{{ item.image }}"
|
||||
key_name: "{{ item.key_name }}"
|
||||
flavor: "{{ item.flavor }}"
|
||||
network: "{{ item.network }}"
|
||||
security_groups: "{{ item.security_groups }}"
|
||||
with_items: "{{ elk_instances }}"
|
||||
register: elk_instances_create
|
||||
- name: Create ELK volumes
|
||||
os_volume:
|
||||
auth: "{{ elk_bootstrap_auth }}"
|
||||
cacert: "{{ playbook_dir }}/../continuous_cacert.pem"
|
||||
display_name: "{{ item.0.name }}_{{ item.1.name }}"
|
||||
size: "{{ item.1.size }}"
|
||||
with_subelements:
|
||||
- "{{ elk_instances }}"
|
||||
- volumes
|
||||
# NOTE(logan): New syntax for ansible 2.5
|
||||
# loop: "{{ lookup('subelements', elk_instances, 'volumes', {'skip_missing': True}, wantlist=True) }}"
|
||||
- name: Attach volume to ELK instance
|
||||
os_server_volume:
|
||||
auth: "{{ elk_bootstrap_auth }}"
|
||||
cacert: "{{ playbook_dir }}/../continuous_cacert.pem"
|
||||
server: "{{ item.0.name }}"
|
||||
volume: "{{ item.0.name }}_{{ item.1.name }}"
|
||||
with_subelements:
|
||||
- "{{ elk_instances }}"
|
||||
- volumes
|
||||
# NOTE(logan): New syntax for ansible 2.5
|
||||
# loop: "{{ lookup('subelements', elk_instances, 'volumes', {'skip_missing': True}, wantlist=True) }}"
|
||||
- name: Add the hosts to the inventory
|
||||
add_host:
|
||||
name: "{{ item.openstack.name }}"
|
||||
groups: elk_hosts
|
||||
ansible_host: "{{ item.openstack.public_v4 }}"
|
||||
ansible_user: ubuntu
|
||||
ansible_become: true
|
||||
with_items: "{{ elk_instances_create.results }}"
|
||||
delegate_to: localhost
|
||||
- name: Build the ansible ELK inventory file
|
||||
template:
|
||||
src: inventory.yml.j2
|
||||
dest: "{{ playbook_dir }}/inventory/elk_hosts.yml"
|
||||
|
||||
- import_playbook: "{{ playbook_dir }}/../openstack-ansible/playbooks/openstack-hosts-setup.yml"
|
||||
vars:
|
||||
openstack_host_group: elk_hosts
|
||||
- import_playbook: "{{ playbook_dir }}/../openstack-ansible/playbooks/security-hardening.yml"
|
||||
vars:
|
||||
security_host_group: elk_hosts
|
||||
- import_playbook: "{{ playbook_dir }}/../openstack-ansible/playbooks/haproxy-install.yml"
|
||||
vars:
|
||||
haproxy_default_services:
|
||||
- service:
|
||||
haproxy_service_name: elasticsearch
|
||||
haproxy_backend_nodes: "{{ groups['elk_hosts'] | default([]) }}"
|
||||
haproxy_ssl: True
|
||||
haproxy_port: 9201
|
||||
haproxy_backend_port: 9200
|
||||
haproxy_balance_type: http
|
||||
haproxy_backend_options:
|
||||
- "httpchk"
|
||||
- service:
|
||||
haproxy_service_name: kibana_ssl
|
||||
haproxy_backend_nodes: "{{ groups['elk_hosts'] | default([]) }}"
|
||||
haproxy_ssl: True
|
||||
haproxy_port: 8443
|
||||
haproxy_backend_port: 81
|
||||
haproxy_balance_type: tcp
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
all:
|
||||
children:
|
||||
apm-server:
|
||||
children:
|
||||
? elk_hosts
|
||||
elastic-logstash:
|
||||
children:
|
||||
? elk_hosts
|
||||
kibana:
|
||||
children:
|
||||
? elk_hosts
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
# {{ ansible_managed }}
|
||||
|
||||
all:
|
||||
children:
|
||||
hosts:
|
||||
children:
|
||||
elk_hosts:
|
||||
vars:
|
||||
physical_host: "{% raw %}{{ inventory_hostname }}{% endraw %}"
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
hosts:
|
||||
{% for host in groups['elk_hosts'] %}
|
||||
{{ host }}:
|
||||
ansible_host: "{{ hostvars[host]['ansible_host'] }}"
|
||||
ansible_user: "{{ hostvars[host]['ansible_user'] }}"
|
||||
ansible_become: {{ hostvars[host]['ansible_become'] | bool }}
|
||||
{% endfor %}
|
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
|
||||
elk_bootstrap_auth:
|
||||
auth_url: "https://{{ external_lb_vip_address }}:5000/v3"
|
||||
project_name: ELK
|
||||
username: elk-ansible
|
||||
password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
37306132646537343266396632373832373637633230383334356335303666663134633531393433
|
||||
3166653761356366366365323463656461666237633130330a363937383639613931306365646364
|
||||
62616634353463333364323635653937623734376331393064326533376634336335343566353437
|
||||
3236326435643735630a633833643663643961626365396464633638303932613562376463323332
|
||||
36326135636464656435376633376333613462363263393738613331643466643433
|
||||
user_domain_id: default
|
||||
project_domain_id: default
|
||||
|
||||
elk_region_name: RegionOne
|
||||
|
||||
elk_flavor:
|
||||
name: elk
|
||||
public: no
|
||||
vcpus: 8
|
||||
ram: 16384
|
||||
disk: 25
|
||||
|
||||
elk_instance_template:
|
||||
image: 'ubuntu 18.04 [20180618]'
|
||||
key_name: ELK-ansible
|
||||
flavor: "{{ elk_flavor.name }}"
|
||||
network: Gateway Network
|
||||
security_groups:
|
||||
- All Traffic
|
||||
volumes:
|
||||
- name: data
|
||||
size: 1024
|
||||
|
||||
elk_server_group: elk
|
||||
|
||||
elk_instances:
|
||||
- "{{ elk_instance_template | combine({'name': 'elk1-1'}) }}"
|
||||
- "{{ elk_instance_template | combine({'name': 'elk1-2'}) }}"
|
||||
- "{{ elk_instance_template | combine({'name': 'elk1-3'}) }}"
|
|
@ -152,22 +152,3 @@ ironic_api_uwsgi_ini_overrides:
|
|||
magnum_api_uwsgi_ini_overrides:
|
||||
uwsgi:
|
||||
stats: "/tmp/magnum-api-uwsgi-stats.sock"
|
||||
|
||||
# Adding elastic search and kibana to haproxy_extra_services
|
||||
haproxy_extra_services:
|
||||
- service:
|
||||
haproxy_service_name: elasticsearch
|
||||
haproxy_backend_nodes: "{{ groups['elastic-logstash'] | default([]) }}"
|
||||
haproxy_ssl: True
|
||||
haproxy_port: 9201
|
||||
haproxy_backend_port: 9200
|
||||
haproxy_balance_type: http
|
||||
haproxy_backend_options:
|
||||
- "httpchk"
|
||||
- service:
|
||||
haproxy_service_name: kibana_ssl
|
||||
haproxy_backend_nodes: "{{ groups['kibana'] | default([]) }}"
|
||||
haproxy_ssl: True
|
||||
haproxy_port: 8443
|
||||
haproxy_backend_port: 81
|
||||
haproxy_balance_type: tcp
|
||||
|
|
|
@ -20,3 +20,16 @@ popd
|
|||
pushd ${PROJECT_PATH}/network_bootstrap
|
||||
openstack-ansible bootstrap-neutron.yml
|
||||
popd
|
||||
|
||||
pushd ${PROJECT_PATH}/elk_bootstrap
|
||||
openstack-ansible bootstrap-elk-infra.yml
|
||||
popd
|
||||
|
||||
pushd ${PROJECT_PATH}/openstack-ansible-ops/elk_metrics_6x
|
||||
source bootstrap-embedded-ansible.sh || true
|
||||
# Workaround until https://review.openstack.org/#/c/643758/ is merged
|
||||
export ANSIBLE_STRATEGY_PLUGINS="${HOME}/ansible_venv/repositories/roles/plugins/strategy"
|
||||
export ANSIBLE_INVENTORY="${ANSIBLE_INVENTORY},${PROJECT_PATH}/elk_bootstrap/inventory"
|
||||
ansible-playbook site.yml ${USER_VARS} -e 'elk_package_state="latest"'
|
||||
deactivate
|
||||
popd
|
||||
|
|
Loading…
Reference in New Issue