Untitled

- name: ELK Stack
  hosts: elk
  strategy: free
  roles:
    - role: common/base
      tags:
        - os
    - role: common/sshable
      tags:
        - os
    - role: elastic.elasticsearch
      tags:
        - install
        - elasticsearch
  vars:
    es_version: 7.2.0
    es_version_lock: false
    es_data_dirs:
      - /opt/elasticsearch/data
    es_log_dir: /var/log/elasticsearch
    es_heap_size: 1024m
    es_config:
      http.port: 9200
      network.host: 0.0.0.0
      transport.port: 9300
      cluster.name: "logs"
      node.master: true
      node.name: elk01
      cluster.initial_master_nodes: elk01
      # bootstrap.memory_lock: true
    local_net: 172.16.1.0/24
  tasks:
    - name: Change hostname
      hostname:
        name: vmcent76elk
      tags:
        - os

    - name: Update /etc/hosts with hostnames
      lineinfile:
        dest: /etc/hosts
        regexp: '^127\.0\.0\.1[ \t]+localhost'
        line: "127.0.0.1 localhost vmcent76elk"
        state: present
      tags:
        - os

    # - name: Add Elasticsearch repo
    #   yum_repository:
    #     name: elasticsearch
    #     description: Elasticsearch repository for 7.x packages
    #     gpgcheck: yes
    #     gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
    #     baseurl: https://artifacts.elastic.co/packages/7.x/yum
    #     state: absent

    - name: Install logstash
      package:
        name:
          - logstash
          - java-11-openjdk
        state: latest
      tags:
        - install
        - logstash

    - name: Install logstash service
      command: /usr/share/logstash/bin/system-install /etc/logstash/startup.options systemd
      args:
        creates: /etc/systemd/system/logstash.service
      tags:
        - install
        - logstash

    - name: logstash configuration
      copy:
        content: |
          input {
            beats {
              ssl => false
              host => "::"
              port => 5044
            }

            http {
              ssl => false
              host => "::"
              port => 8888
            }

            udp {
              host => "::1"
              port => 10514
              codec => "json"
              type => "rsyslog"
            }
          }

          output {
            elasticsearch {
              hosts => ["http://localhost:9200"]
              index => "logstash-%{+YYYY.MM.dd}"
              # index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
            }
          }
        dest: /etc/logstash/conf.d/logstash.conf
      tags:
        - logstash

    - name: Enable & start logstash
      systemd:
        name: logstash
        enabled: yes
        state: restarted
        daemon_reload: yes
      tags:
        - install
        - logstash

    - name: Install kibana
      package:
        name: kibana
        state: latest
      tags:
        - install
        - kibana

    - name: Enable & start kibana
      systemd:
        name: kibana
        enabled: yes
        state: restarted
        daemon_reload: yes
      tags:
        - install
        - kibana

    - name: Install rsyslog
      package:
        name: rsyslog
        state: latest
      tags:
        - install
        - rsyslog

    - name: rsyslog json template config
      copy:
        content: |
          template(name="json-template"
            type="list") {
              constant(value="{")
                constant(value="\"@timestamp\":\"")     property(name="timereported" dateFormat="rfc3339")
                constant(value="\",\"@version\":\"1")
                constant(value="\",\"message\":\"")     property(name="msg" format="json")
                constant(value="\",\"sysloghost\":\"")  property(name="hostname")
                constant(value="\",\"severity\":\"")    property(name="syslogseverity-text")
                constant(value="\",\"facility\":\"")    property(name="syslogfacility-text")
                constant(value="\",\"programname\":\"") property(name="programname")
                constant(value="\",\"procid\":\"")      property(name="procid")
              constant(value="\"}\n")
          }
        dest: /etc/rsyslog.d/01-json-template.conf
      tags:
        - rsyslog

    - name: rsyslog logstash output config
      copy:
        content: |
          *.* @localhost:10514;json-template
        dest: /etc/rsyslog.d/99-logstash-output.conf
      tags:
        - rsyslog

    - name: rsyslog tcp/udp syslog reception
      lineinfile:
        path: /etc/rsyslog.conf
        regex: "#?{{ item | regex_escape() }}"
        line: "{{ item }}"
      with_items:
        - "$ModLoad imudp"
        - "$UDPServerRun 514"
        - "$ModLoad imtcp"
        - "$InputTCPServerRun 514"
      tags:
        - rsyslog

    # - name: rsyslog log directory
    #   file:
    #     path: /var/log/rsyslog
    #     state: directory

    # - name: rsyslog remote log destination
    #   blockinfile:
    #     path: /etc/rsyslog.conf
    #     insertbefore: "GLOBAL DIRECTIVES"
    #     block: |
    #       # $template RemoteLogs,"/var/log/rsyslog/%HOSTNAME%.log"
    #       # . ?RemoteLogs & ~

    - name: selinux allow rsyslog
      seport:
        ports: "514"
        proto: "{{ item }}"
        setype: syslogd_port_t
        state: present
      with_items:
        - tcp
        - udp
      tags:
        - install
        - rsyslog

    - name: Enable & start rsyslog
      systemd:
        name: rsyslog
        enabled: yes
        state: restarted
        daemon_reload: yes
      tags:
        - install
        - rsyslog

    - name: Install nginx
      package:
        name: nginx
        state: latest
      tags:
        - install
        - nginx

    - name: Remove nginx default server
      replace:
        path: /etc/nginx/nginx.conf
        regexp: '(?ms)^\s+server {({[^{}]*}|.*?)+}'
        replace: ''
      tags:
        - nginx

    - name: Configure nginx to proxy kibana
      copy:
        content: |
          server {
            listen 80;
            server_name kibana;

            error_log   /var/log/nginx/kibana.error.log;
            access_log  /var/log/nginx/kibana.access.log;

            location / {
              rewrite ^/(.*) /$1 break;
              proxy_ignore_client_abort on;
              proxy_pass http://localhost:5601;
              proxy_set_header  X-Real-IP  $remote_addr;
              proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header  Host $http_host;
            }
          }
        dest: /etc/nginx/conf.d/kibana.conf
      tags:
        - nginx

    - name: Start nginx service
      systemd:
        name: nginx
        enabled: yes
        state: restarted
      tags:
        - install
        - nginx

    - name: selinux allow nginx to network connect
      seboolean:
        name: httpd_can_network_connect
        state: yes
        persistent: yes
      tags:
        - install
        - nginx

    - name: Add internal network to firewalld trusted zone
      firewalld:
        source: "{{ local_net }}"
        zone: trusted
        permanent: yes
        immediate: yes
        state: enabled
      tags:
        - os

    - name: Open trusted firewall ports
      firewalld:
        port: "{{ item }}"
        zone: trusted
        permanent: yes
        immediate: yes
        state: enabled
      with_items:
        - "80/tcp"
        - "9200/tcp"
      tags:
        - install
        - logstash
        - nginx

    - name: Open public firewall ports
      firewalld:
        port: "{{ item }}"
        zone: public
        permanent: yes
        immediate: yes
        state: enabled
      with_items:
        - "514/tcp"
        - "514/udp"
        - "8888/tcp"
      tags:
        - install
        - rsyslog