Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- - name: ELK Stack
- hosts: elk
- strategy: free
- roles:
- - role: common/base
- tags:
- - os
- - role: common/sshable
- tags:
- - os
- - role: elastic.elasticsearch
- tags:
- - install
- - elasticsearch
- vars:
- es_version: 7.2.0
- es_version_lock: false
- es_data_dirs:
- - /opt/elasticsearch/data
- es_log_dir: /var/log/elasticsearch
- es_heap_size: 1024m
- es_config:
- http.port: 9200
- network.host: 0.0.0.0
- transport.port: 9300
- cluster.name: "logs"
- node.master: true
- node.name: elk01
- cluster.initial_master_nodes: elk01
- # bootstrap.memory_lock: true
- local_net: 172.16.1.0/24
- tasks:
- - name: Change hostname
- hostname:
- name: vmcent76elk
- tags:
- - os
- - name: Update /etc/hosts with hostnames
- lineinfile:
- dest: /etc/hosts
- regexp: '^127\.0\.0\.1[ \t]+localhost'
- line: "127.0.0.1 localhost vmcent76elk"
- state: present
- tags:
- - os
- # - name: Add Elasticsearch repo
- # yum_repository:
- # name: elasticsearch
- # description: Elasticsearch repository for 7.x packages
- # gpgcheck: yes
- # gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
- # baseurl: https://artifacts.elastic.co/packages/7.x/yum
- # state: absent
- - name: Install logstash
- package:
- name:
- - logstash
- - java-11-openjdk
- state: latest
- tags:
- - install
- - logstash
- - name: Install logstash service
- command: /usr/share/logstash/bin/system-install /etc/logstash/startup.options systemd
- args:
- creates: /etc/systemd/system/logstash.service
- tags:
- - install
- - logstash
- - name: logstash configuration
- copy:
- content: |
- input {
- beats {
- ssl => false
- host => "::"
- port => 5044
- }
- http {
- ssl => false
- host => "::"
- port => 8888
- }
- udp {
- host => "::1"
- port => 10514
- codec => "json"
- type => "rsyslog"
- }
- }
- output {
- elasticsearch {
- hosts => ["http://localhost:9200"]
- index => "logstash-%{+YYYY.MM.dd}"
- # index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
- }
- }
- dest: /etc/logstash/conf.d/logstash.conf
- tags:
- - logstash
- - name: Enable & start logstash
- systemd:
- name: logstash
- enabled: yes
- state: restarted
- daemon_reload: yes
- tags:
- - install
- - logstash
- - name: Install kibana
- package:
- name: kibana
- state: latest
- tags:
- - install
- - kibana
- - name: Enable & start kibana
- systemd:
- name: kibana
- enabled: yes
- state: restarted
- daemon_reload: yes
- tags:
- - install
- - kibana
- - name: Install rsyslog
- package:
- name: rsyslog
- state: latest
- tags:
- - install
- - rsyslog
- - name: rsyslog json template config
- copy:
- content: |
- template(name="json-template"
- type="list") {
- constant(value="{")
- constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
- constant(value="\",\"@version\":\"1")
- constant(value="\",\"message\":\"") property(name="msg" format="json")
- constant(value="\",\"sysloghost\":\"") property(name="hostname")
- constant(value="\",\"severity\":\"") property(name="syslogseverity-text")
- constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
- constant(value="\",\"programname\":\"") property(name="programname")
- constant(value="\",\"procid\":\"") property(name="procid")
- constant(value="\"}\n")
- }
- dest: /etc/rsyslog.d/01-json-template.conf
- tags:
- - rsyslog
- - name: rsyslog logstash output config
- copy:
- content: |
- *.* @localhost:10514;json-template
- dest: /etc/rsyslog.d/99-logstash-output.conf
- tags:
- - rsyslog
- - name: rsyslog tcp/udp syslog reception
- lineinfile:
- path: /etc/rsyslog.conf
- regex: "#?{{ item | regex_escape() }}"
- line: "{{ item }}"
- with_items:
- - "$ModLoad imudp"
- - "$UDPServerRun 514"
- - "$ModLoad imtcp"
- - "$InputTCPServerRun 514"
- tags:
- - rsyslog
- # - name: rsyslog log directory
- # file:
- # path: /var/log/rsyslog
- # state: directory
- # - name: rsyslog remote log destination
- # blockinfile:
- # path: /etc/rsyslog.conf
- # insertbefore: "GLOBAL DIRECTIVES"
- # block: |
- # # $template RemoteLogs,"/var/log/rsyslog/%HOSTNAME%.log"
- # # . ?RemoteLogs & ~
- - name: selinux allow rsyslog
- seport:
- ports: "514"
- proto: "{{ item }}"
- setype: syslogd_port_t
- state: present
- with_items:
- - tcp
- - udp
- tags:
- - install
- - rsyslog
- - name: Enable & start rsyslog
- systemd:
- name: rsyslog
- enabled: yes
- state: restarted
- daemon_reload: yes
- tags:
- - install
- - rsyslog
- - name: Install nginx
- package:
- name: nginx
- state: latest
- tags:
- - install
- - nginx
- - name: Remove nginx default server
- replace:
- path: /etc/nginx/nginx.conf
- regexp: '(?ms)^\s+server {({[^{}]*}|.*?)+}'
- replace: ''
- tags:
- - nginx
- - name: Configure nginx to proxy kibana
- copy:
- content: |
- server {
- listen 80;
- server_name kibana;
- error_log /var/log/nginx/kibana.error.log;
- access_log /var/log/nginx/kibana.access.log;
- location / {
- rewrite ^/(.*) /$1 break;
- proxy_ignore_client_abort on;
- proxy_pass http://localhost:5601;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $http_host;
- }
- }
- dest: /etc/nginx/conf.d/kibana.conf
- tags:
- - nginx
- - name: Start nginx service
- systemd:
- name: nginx
- enabled: yes
- state: restarted
- tags:
- - install
- - nginx
- - name: selinux allow nginx to network connect
- seboolean:
- name: httpd_can_network_connect
- state: yes
- persistent: yes
- tags:
- - install
- - nginx
- - name: Add internal network to firewalld trusted zone
- firewalld:
- source: "{{ local_net }}"
- zone: trusted
- permanent: yes
- immediate: yes
- state: enabled
- tags:
- - os
- - name: Open trusted firewall ports
- firewalld:
- port: "{{ item }}"
- zone: trusted
- permanent: yes
- immediate: yes
- state: enabled
- with_items:
- - "80/tcp"
- - "9200/tcp"
- tags:
- - install
- - logstash
- - nginx
- - name: Open public firewall ports
- firewalld:
- port: "{{ item }}"
- zone: public
- permanent: yes
- immediate: yes
- state: enabled
- with_items:
- - "514/tcp"
- - "514/udp"
- - "8888/tcp"
- tags:
- - install
- - rsyslog
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement