From 3448734482067e1720215985f380d9799f511f39 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 30 Dec 2020 15:41:34 +0100 Subject: [PATCH] Added elk draft --- roles/docker-elk/handlers/main.yml | 5 ++ roles/docker-elk/tasks/main.yml | 80 ++++++++++++++++++++ roles/docker-elk/templates/elasticsearch.yml | 13 ++++ roles/docker-elk/templates/kibana.yml | 13 ++++ roles/docker-elk/templates/logstash.conf | 20 +++++ roles/docker-elk/templates/logstash.yml | 12 +++ site.yml | 4 + 7 files changed, 147 insertions(+) create mode 100644 roles/docker-elk/handlers/main.yml create mode 100644 roles/docker-elk/tasks/main.yml create mode 100644 roles/docker-elk/templates/elasticsearch.yml create mode 100644 roles/docker-elk/templates/kibana.yml create mode 100644 roles/docker-elk/templates/logstash.conf create mode 100644 roles/docker-elk/templates/logstash.yml diff --git a/roles/docker-elk/handlers/main.yml b/roles/docker-elk/handlers/main.yml new file mode 100644 index 00000000..ca7174c7 --- /dev/null +++ b/roles/docker-elk/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: recreate docker-elk + command: + cmd: docker-compose -p docker-elk up -d --force-recreate + chdir: /srv/docker-elk diff --git a/roles/docker-elk/tasks/main.yml b/roles/docker-elk/tasks/main.yml new file mode 100644 index 00000000..f1ccc865 --- /dev/null +++ b/roles/docker-elk/tasks/main.yml @@ -0,0 +1,80 @@ +--- + +- name: recieve {{domain}} certificate + command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} + +- name: configure {{domain}}.conf + template: src=roles/native-nginx-docker-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + notify: restart nginx + +- name: "create /etc/docker-elk" + file: + path: "/etc/docker-elk" + state: directory + mode: 0755 + +- name: copy elasticsearch.yml + template: src=elasticsearch.yml dest=/etc/docker-elk/elasticsearch.yml + +- name: copy kibana.yml + template: src=kibana.yml dest=/etc/docker-elk/kibana.yml + +- name: copy logstash.yml + template: src=logstash.yml dest=/etc/docker-elk/logstash.yml + +- name: copy logstash.conf + template: src=logstash.conf dest=/etc/docker-elk/logstash.conf + +- name: "setup elk" + docker_compose: + project_name: elk + definition: + elasticsearch: + image: elasticsearch + restart: always + volumes: + - type: bind + source: /etc/docker-elk/elasticsearch.yml + target: /usr/share/elasticsearch/config/elasticsearch.yml + read_only: true + - type: volume + source: elasticsearch + target: /usr/share/elasticsearch/data + ports: + - "9200:9200" + - "9300:9300" + environment: + ES_JAVA_OPTS: "-Xmx256m -Xms256m" + ELASTIC_PASSWORD: changeme + # Use single node discovery in order to disable production mode and avoid bootstrap checks. + # see: https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html + discovery.type: single-node + logstash: + image: logstash + restart: always + volumes: + - type: bind + source: /etc/docker-elk/logstash.yml + target: /usr/share/logstash/config/logstash.yml + read_only: true + - type: bind + source: /etc/docker-elk/logstash.conf + target: /usr/share/logstash/pipeline/logstash.conf + read_only: true + ports: + - "5044:5044" + - "5000:5000/tcp" + - "5000:5000/udp" + - "9600:9600" + environment: + LS_JAVA_OPTS: "-Xmx256m -Xms256m" + kibana: + image: kibana + restart: always + volumes: + - type: bind + source: /etc/docker-elk/kibana.yml + target: /usr/share/kibana/config/kibana.yml + read_only: true + ports: + - "5601:5601" diff --git a/roles/docker-elk/templates/elasticsearch.yml b/roles/docker-elk/templates/elasticsearch.yml new file mode 100644 index 00000000..b06c1d21 --- /dev/null +++ b/roles/docker-elk/templates/elasticsearch.yml @@ -0,0 +1,13 @@ +--- +## Default Elasticsearch configuration from Elasticsearch base image. +## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml +# +cluster.name: "docker-cluster" +network.host: 0.0.0.0 + +## X-Pack settings +## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html +# +xpack.license.self_generated.type: basic +xpack.security.enabled: true +xpack.monitoring.collection.enabled: true diff --git a/roles/docker-elk/templates/kibana.yml b/roles/docker-elk/templates/kibana.yml new file mode 100644 index 00000000..0e1dc60c --- /dev/null +++ b/roles/docker-elk/templates/kibana.yml @@ -0,0 +1,13 @@ +--- +## Default Kibana configuration from Kibana base image. +## https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/templates/kibana_yml.template.ts +# +server.name: kibana +server.host: 0.0.0.0 +elasticsearch.hosts: [ "http://elasticsearch:9200" ] +monitoring.ui.container.elasticsearch.enabled: true + +## X-Pack security credentials +# +elasticsearch.username: elastic +elasticsearch.password: changeme diff --git a/roles/docker-elk/templates/logstash.conf b/roles/docker-elk/templates/logstash.conf new file mode 100644 index 00000000..7d5918ba --- /dev/null +++ b/roles/docker-elk/templates/logstash.conf @@ -0,0 +1,20 @@ +input { + beats { + port => 5044 + } + + tcp { + port => 5000 + } +} + +## Add your filters / logstash plugins configuration here + +output { + elasticsearch { + hosts => "elasticsearch:9200" + user => "elastic" + password => "changeme" + ecs_compatibility => disabled + } +} diff --git a/roles/docker-elk/templates/logstash.yml b/roles/docker-elk/templates/logstash.yml new file mode 100644 index 00000000..a48c35ff --- /dev/null +++ b/roles/docker-elk/templates/logstash.yml @@ -0,0 +1,12 @@ +--- +## Default Logstash configuration from Logstash base image. +## https://github.com/elastic/logstash/blob/master/docker/data/logstash/config/logstash-full.yml +# +http.host: "0.0.0.0" +xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ] + +## X-Pack security credentials +# +xpack.monitoring.enabled: true +xpack.monitoring.elasticsearch.username: elastic +xpack.monitoring.elasticsearch.password: changeme diff --git a/site.yml b/site.yml index 027a3435..622af634 100644 --- a/site.yml +++ b/site.yml @@ -47,4 +47,8 @@ domain: "mail.{{top_domain}}" http_port: 8007 https_port: 4431 + - role: docker-elk + vars: + domain: "kibana.{{top_domain}}" + http_port: 8008 - native-docker-volume-backup