212 lines
5.8 KiB
YAML
212 lines
5.8 KiB
YAML
---
|
|
# resetting password:
|
|
#
|
|
# $ curl -XPOST -D- 'http://{{bridgewithdns.elk_es }}:9200/_security/user/elastic/_password' \
|
|
# -H 'Content-Type: application/json' \
|
|
# -u elastic:<your current elastic password> \
|
|
# -d '{"password" : "<your new password>"}'
|
|
- name: install certs
|
|
copy:
|
|
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
|
|
dest: "/usr/local/etc/certs/"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
tags:
|
|
- letsencrypt-certs
|
|
notify: reload nginx
|
|
vars:
|
|
prediff_cmd: echo
|
|
with_items:
|
|
- "{{ kibana_url }}"
|
|
- "{{ domain }}"
|
|
|
|
- name: create dir structure
|
|
file:
|
|
path: "{{ elk_root }}/{{ item }}"
|
|
state: directory
|
|
mode: 0755
|
|
owner: "{{ elk_uid }}"
|
|
group: "{{ elk_gid }}"
|
|
recurse: false
|
|
with_items:
|
|
- elasticsearch
|
|
- elasticsearch/config
|
|
- elasticsearch/data
|
|
- logstash
|
|
- logstash/config
|
|
- logstash/pipeline
|
|
- logstash/logs
|
|
- kibana
|
|
- kibana/config
|
|
|
|
- name: template configs
|
|
template:
|
|
src: "{{ item }}.yml.j2"
|
|
dest: "{{ elk_root }}/{{ item }}/config/{{ item }}.yml"
|
|
owner: "{{ elk_uid }}"
|
|
group: "{{ elk_gid }}"
|
|
mode: 0644
|
|
with_items:
|
|
- elasticsearch
|
|
- logstash
|
|
- kibana
|
|
tags:
|
|
- logstash
|
|
notify:
|
|
- restart kibana container
|
|
- restart logstash container
|
|
|
|
- name: template pipeline config
|
|
template:
|
|
src: pipeline-logstash.yml.j2
|
|
dest: "{{ elk_root }}/logstash/pipeline/logstash.yml"
|
|
owner: "{{ elk_uid }}"
|
|
group: "{{ elk_gid }}"
|
|
mode: 0644
|
|
tags:
|
|
- logstash
|
|
notify: restart logstash container
|
|
|
|
# - name: template log4j2 file for logstash
|
|
# template:
|
|
# src: log4j2.properties.j2
|
|
# dest: "{{ elk_root }}/logstash/config/log4j2.properties"
|
|
# owner: "{{ elk_uid }}"
|
|
# group: "{{ elk_gid }}"
|
|
# mode: 0644
|
|
|
|
- name: elasticsearch container {{ elasticsearch_container_state }}
|
|
docker_container:
|
|
name: elasticsearch
|
|
hostname: elasticsearch
|
|
image: docker.elastic.co/elasticsearch/elasticsearch:{{ elk_version }}
|
|
auto_remove: false
|
|
restart_policy: "no"
|
|
detach: true
|
|
pull: true
|
|
state: "{{ elasticsearch_container_state }}"
|
|
container_default_behavior: compatibility
|
|
#user: "{{ elk_uid }}:{{ elk_gid }}"
|
|
# testing commebnting this out following a craah
|
|
#memory: "5G" # 5G
|
|
mounts:
|
|
- type: bind
|
|
source: "{{ elk_root }}/elasticsearch/config/elasticsearch.yml"
|
|
target: /usr/share/elasticsearch/config/elasticsearch.yml
|
|
read_only: true
|
|
- type: bind
|
|
source: "{{ elk_root }}/elasticsearch/data"
|
|
target: /usr/share/elasticsearch/data
|
|
ports:
|
|
- 127.0.0.1:9200:9200
|
|
- 127.0.0.1:9300:9300
|
|
env:
|
|
#ES_JAVA_OPTS: "-Xmx4g -Xms4g" # 4g
|
|
ES_JAVA_OPTS: "-Xmx6g -Xms6g"
|
|
#ELASTIC_PASSWORD: "{{ elk_default_password }}"
|
|
discovery.type: single-node
|
|
networks_cli_compatible: false
|
|
networks:
|
|
- name: bridgewithdns
|
|
ipv4_address: "{{ bridgewithdns.elasticsearch }}"
|
|
tags:
|
|
- docker-containers
|
|
- elk-containers
|
|
- elasticsearch-container
|
|
|
|
- name: start logstash container
|
|
docker_container:
|
|
name: logstash
|
|
hostname: logstash
|
|
image: docker.elastic.co/logstash/logstash:{{ elk_version }}
|
|
auto_remove: false
|
|
restart_policy: "unless-stopped"
|
|
detach: true
|
|
pull: true
|
|
state: started
|
|
container_default_behavior: compatibility
|
|
memory: "3G"
|
|
mounts:
|
|
- type: bind
|
|
source: /usr/local/etc/certs/{{ domain }}
|
|
target: /etc/letsencrypt/live/{{ domain }}
|
|
read_only: true
|
|
- type: bind
|
|
source: "{{ elk_root }}/logstash/logs"
|
|
target: /usr/share/logstash/logs
|
|
read_only: false
|
|
- type: bind
|
|
source: "{{ elk_root }}/logstash/config/logstash.yml"
|
|
target: /usr/share/logstash/config/logstash.yml
|
|
read_only: true
|
|
- type: bind
|
|
source: "{{ elk_root }}/logstash/pipeline"
|
|
target: /usr/share/logstash/pipeline
|
|
read_only: true
|
|
ports:
|
|
- "{{ wg_clients[inventory_hostname].ip}}:{{ logstash_beats }}:{{ logstash_beats }}/tcp"
|
|
- "{{ wg_clients[inventory_hostname].ip}}:{{ logstash_beats }}:{{ logstash_beats }}/udp"
|
|
- "{{ wg_clients[inventory_hostname].ip}}:{{ logstash_tcp }}:{{ logstash_tcp }}/tcp"
|
|
- "{{ wg_clients[inventory_hostname].ip}}:{{ logstash_udp }}:{{ logstash_udp }}/udp"
|
|
- "{{ wg_clients[inventory_hostname].ip}}:{{ logstash_syslog_port }}:{{ logstash_syslog_port }}/udp"
|
|
- "127.0.0.1:9600:9600"
|
|
env:
|
|
LS_JAVA_OPTS: "-Xmx2g -Xms2g"
|
|
networks_cli_compatible: false
|
|
networks:
|
|
- name: bridgewithdns
|
|
ipv4_address: "{{ bridgewithdns.logstash }}"
|
|
tags:
|
|
- docker-containers
|
|
- elk-containers
|
|
- logstash
|
|
- logstash-container
|
|
|
|
- name: kibana container {{ elasticsearch_container_state }}
|
|
docker_container:
|
|
name: kibana
|
|
hostname: kibana
|
|
image: docker.elastic.co/kibana/kibana:{{ elk_version }}
|
|
auto_remove: false
|
|
restart_policy: "unless-stopped"
|
|
detach: true
|
|
pull: true
|
|
state: "{{ elasticsearch_container_state }}"
|
|
container_default_behavior: compatibility
|
|
mounts:
|
|
- type: bind
|
|
source: "{{ elk_root }}/kibana/config"
|
|
target: /usr/share/kibana/config
|
|
read_only: true
|
|
networks_cli_compatible: false
|
|
networks:
|
|
- name: bridgewithdns
|
|
ipv4_address: "{{ bridgewithdns.kibana }}"
|
|
tags:
|
|
- docker-containers
|
|
- elk-containers
|
|
- kibana-container
|
|
|
|
- name: template nginx vhost for kibana
|
|
template:
|
|
src: 01-kibana.conf.j2
|
|
dest: /etc/nginx/sites-enabled/01-kibana
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- nginx
|
|
- kibana-nginx
|
|
notify: reload nginx
|
|
|
|
- name: cron file
|
|
template:
|
|
src: elk-cron.j2
|
|
dest: /etc/cron.d/elk
|
|
mode: 0600
|
|
owner: root
|
|
group: root
|
|
tags:
|
|
- cron
|