162 lines
5.1 KiB
YAML
162 lines
5.1 KiB
YAML
---
|
|
#
|
|
# Install/run kibana for browbeat
|
|
#
|
|
|
|
- name: Copy kibana yum repo file
|
|
copy:
|
|
src=kibana.repo
|
|
dest=/etc/yum.repos.d/kibana.repo
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
become: true
|
|
|
|
# We need to insert data to create an initial index, query if it exists
|
|
- name: Check elasticsearch index for content
|
|
uri:
|
|
url=http://localhost:9200/_cat/indices
|
|
method=GET
|
|
return_content=yes
|
|
register: elasticsearch_index
|
|
|
|
# Populate elasticsearch with local logs if using logstash
|
|
- name: Populate elasticsearch index with local logs via logstash
|
|
shell: cat /var/log/messages | /opt/logstash/bin/logstash -f /etc/logstash/conf.d/10-syslog.conf
|
|
when: "'logstash-' not in elasticsearch_index.content"
|
|
ignore_errors: true
|
|
no_log: true
|
|
|
|
- name: Install local rsyslogd for fluentd
|
|
package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
become: true
|
|
with_items:
|
|
- rsyslog
|
|
when: (logging_backend == 'fluentd')
|
|
|
|
- name: Setup local rsyslogd for fluentd
|
|
lineinfile: dest=/etc/rsyslog.conf \
|
|
line="*.* @localhost:{{ fluentd_syslog_port }}"
|
|
when: (logging_backend == 'fluentd')
|
|
register: rsyslog_updated
|
|
|
|
- name: Populate elasticsearch index with local logs via fluentd
|
|
systemd:
|
|
name: rsyslog.service
|
|
state: restarted
|
|
ignore_errors: true
|
|
when: rsyslog_updated != 0
|
|
|
|
- name: Install kibana rpms
|
|
package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
become: true
|
|
with_items:
|
|
- kibana
|
|
- unzip
|
|
|
|
- name: Check kibana filebeat dashboards
|
|
stat: path=/tmp/filebeat-dashboards.zip
|
|
ignore_errors: true
|
|
register: kibana_dashboards_present
|
|
|
|
- name: Copy kibana filebeat dashboards
|
|
copy:
|
|
src=filebeat-dashboards.zip
|
|
dest=/tmp/filebeat-dashboards.zip
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
become: true
|
|
ignore_errors: true
|
|
when: kibana_dashboards_present != 0
|
|
|
|
- name: Install kibana filebeat dashboards
|
|
unarchive: src=/tmp/filebeat-dashboards.zip dest=/tmp/ copy=no
|
|
ignore_errors: true
|
|
when: kibana_dashboards_present != 0
|
|
|
|
- name: Validate kibana load.sh script is available for use
|
|
stat:
|
|
path: /tmp/beats-dashboards-master/load.sh
|
|
ignore_errors: true
|
|
register: kibana_dashboards_load_sh_present
|
|
|
|
- name: Configure kibana filebeat dashboards
|
|
shell: sh /tmp/beats-dashboards-master/load.sh -url "http://localhost:9200" -user "{{kibana_user}}:{{kibana_password}}"
|
|
ignore_errors: true
|
|
when: kibana_dashboards_load_sh_present != 0
|
|
tags:
|
|
# Skip ANSIBLE0013 Use shell only when shell functionality is required
|
|
# Shell required here during script execution
|
|
- skip_ansible_lint
|
|
|
|
- name: Check kibana users
|
|
stat: path=/etc/nginx/htpasswd.users
|
|
ignore_errors: true
|
|
register: kibana_user_pwfile_exists
|
|
|
|
- name: Create kibana admin user
|
|
command: htpasswd -b -c /etc/nginx/htpasswd.users {{kibana_user}} {{kibana_password}}
|
|
ignore_errors: true
|
|
when: kibana_user_pwfile_exists != 0
|
|
|
|
- name: Setup kibana service
|
|
service: name=kibana state=started enabled=true
|
|
become: true
|
|
|
|
- name: Check Filebeat forwarder SSL certificate
|
|
stat: path=/etc/pki/tls/certs/filebeat-forwarder.crt
|
|
ignore_errors: true
|
|
register: filebeat_forwarder_ssl_exists
|
|
|
|
- name: Create client forwarder SSL certificate
|
|
command: openssl req -subj '/CN={{ ansible_fqdn }}/' -config /etc/pki/tls/openssl_extras.cnf \
|
|
-x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout /etc/pki/tls/private/filebeat-forwarder.key \
|
|
-out /etc/pki/tls/certs/filebeat-forwarder.crt
|
|
ignore_errors: true
|
|
when: filebeat_forwarder_ssl_exists != 0
|
|
|
|
- name: Check Filebeat forwarder SSL certificate copy
|
|
stat: path=/usr/share/nginx/html/filebeat-forwarder.crt
|
|
ignore_errors: true
|
|
register: filebeat_forwarder_ssl_client_copy_exists
|
|
|
|
- name: Copy Filebeat forwarder SSL certificate
|
|
command: cp /etc/pki/tls/certs/filebeat-forwarder.crt /usr/share/nginx/html/filebeat-forwarder.crt
|
|
ignore_errors: true
|
|
when: filebeat_forwarder_ssl_client_copy_exists != 0
|
|
|
|
- name: Refresh logstash service
|
|
systemd:
|
|
name: logstash.service
|
|
state: restarted
|
|
ignore_errors: true
|
|
when: (logging_backend != 'fluentd')
|
|
|
|
- name: Refresh fluentd service
|
|
systemd:
|
|
name: td-agent.service
|
|
state: restarted
|
|
when: (logging_backend == 'fluentd')
|
|
become: true
|
|
|
|
- name: Print SSL post-setup information
|
|
debug: msg="Filebeat SSL Certificate available at http://{{ ansible_fqdn }}:{{ elk_server_ssl_cert_port }}/filebeat-forwarder.crt"
|
|
when: (logging_backend != 'fluentd')
|
|
|
|
- name: Print post-setup URL
|
|
debug: msg="*** ELK Services available at http://{{ ansible_fqdn }}:{{ nginx_kibana_port }} ***"
|
|
|
|
- name: Print index creation instructions
|
|
debug: msg="** 1) Navigate to http://{{ ansible_fqdn }}:{{ nginx_kibana_port }} and login with admin/admin, click 'create' on the green index button ***"
|
|
|
|
- name: Print filebeat openstack client setup instructions
|
|
debug: msg="** 2) Run ansible-playbook -i hosts install/elk-openstack-client.yml --extra-vars 'elk_server={{ ansible_default_ipv4.address }}' to setup OpenStack clients ***"
|
|
|
|
- name: Print filebeat client setup instructions
|
|
debug: msg="** 2) Run ansible-playbook -i hosts install/elk-client.yml --extra-vars 'elk_server={{ ansible_default_ipv4.address }}' to setup clients ***"
|