feat: add Elastic stack bootstrap playbooks (#21)

QuokkaStake · Jun 29, 2024 · 2781883 · 2781883
1 parent ffeed03
commit 2781883
Show file tree

Hide file tree

Showing 5 changed files with 156 additions and 0 deletions.
diff --git a/playbooks/monitoring/elastic/01-install.yml b/playbooks/monitoring/elastic/01-install.yml
@@ -0,0 +1,65 @@
+---
+- name: Install Elastic stack
+  hosts: "{{ hosts | default('monitoring')  }}"
+
+  tasks:
+    - name: Install required packages
+      become: true
+      ansible.builtin.package:
+        name:
+          - apt-transport-https
+          - software-properties-common
+          - wget
+        state: present
+
+    - name: Download repository GPG
+      become: true
+      ansible.builtin.shell: "wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg" # noqa: command-instead-of-module risky-shell-pipe
+      args:
+        executable: /bin/bash
+      changed_when: true
+
+    - name: Add apt entry
+      become: true
+      ansible.builtin.copy:
+        content: 'deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main'
+        dest: /etc/apt/sources.list.d/elastic.list
+        mode: '0644'
+
+    - name: Update package cache
+      become: true
+      ansible.builtin.package:
+        update_cache: true
+
+    - name: Install Elastic stack
+      become: true
+      ansible.builtin.package:
+        name:
+          - elasticsearch
+          - logstash
+          - kibana
+        state: present
+
+    - name: Generate Elasticsearch config
+      become: true
+      ansible.builtin.template:
+        src: ../../../templates/monitoring/elastic/elasticsearch.yml.j2
+        dest: "/etc/elasticsearch/elasticsearch.yml"
+        mode: '0660'
+
+    - name: Generate Kibana config
+      become: true
+      ansible.builtin.template:
+        src: ../../../templates/monitoring/elastic/kibana.yml.j2
+        dest: "/etc/kibana/kibana.yml"
+        mode: '0660'
+
+    - name: Start services and enable them on autostart
+      become: true
+      ansible.builtin.service:
+        name: "{{ item }}"
+        state: restarted
+        enabled: true
+      loop:
+        - elasticsearch
+        - kibana
diff --git a/playbooks/monitoring/elastic/02-nginx-config.yml b/playbooks/monitoring/elastic/02-nginx-config.yml
@@ -0,0 +1,30 @@
+---
+- name: Set Kibana Nginx template
+  hosts: "{{ hosts | default('monitoring') }}"
+
+  tasks:
+    - name: Generate RPC Nginx config
+      become: true
+      ansible.builtin.template:
+        src: ../../../templates/monitoring/elastic/kibana-nginx.j2
+        dest: "/etc/nginx/sites-enabled/kibana"
+        mode: '0755'
+
+    - name: Generate Certbot template
+      become: true
+      ansible.builtin.shell: "sudo /snap/bin/certbot --nginx --agree-tos -m {{ certbot_email }} -n -d {{ kibana_domain }}"
+      args:
+        executable: /bin/bash
+      register: result
+      changed_when: false
+
+    - name: Verify Nginx config
+      become: true
+      ansible.builtin.command: nginx -t
+      changed_when: false
+
+    - name: (Re)start Nginx
+      become: true
+      ansible.builtin.systemd:
+        state: restarted
+        name: nginx
diff --git a/templates/monitoring/elastic/elasticsearch.yml.j2 b/templates/monitoring/elastic/elasticsearch.yml.j2
@@ -0,0 +1,18 @@
+xpack.security.enabled: true
+xpack.security.enrollment.enabled: true
+
+xpack.security.http.ssl:
+  enabled: true
+  keystore.path: certs/http.p12
+
+xpack.security.transport.ssl:
+  enabled: true
+  verification_mode: certificate
+  keystore.path: certs/transport.p12
+  truststore.path: certs/transport.p12
+
+cluster.initial_master_nodes: ["{{ ansible_hostname }}"]
+http.host: 127.0.0.1
+
+path.logs: /var/log/elasticsearch
+path.data: /var/lib/elasticsearch
diff --git a/templates/monitoring/elastic/kibana-nginx.j2 b/templates/monitoring/elastic/kibana-nginx.j2
@@ -0,0 +1,14 @@
+server {
+    listen 80;
+
+    server_name {{ kibana_domain }};
+
+    location / {
+        proxy_pass http://localhost:5601;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+    }
+}
diff --git a/templates/monitoring/elastic/kibana.yml.j2 b/templates/monitoring/elastic/kibana.yml.j2
@@ -0,0 +1,29 @@
+server.port: 5601
+server.host: "localhost"
+server.basePath: "/"
+server.rewriteBasePath: false
+{% if kibana_domain is defined %}
+server.publicBaseUrl: "https://{{ kibana_domain }}/"
+{% endif %}
+
+server.maxPayload: 1048576
+server.name: "{{ inventory_hostname }}"
+server.ssl.enabled: false
+
+elasticsearch.hosts: ["http://localhost:9200"]
+
+logging:
+  appenders:
+    file:
+      type: file
+      fileName: /var/log/kibana/kibana.log
+      layout:
+        type: json
+  root:
+    appenders:
+      - default
+      - file
+
+pid.file: /run/kibana/kibana.pid
+
+i18n.locale: "en"