Merged client playbook and server playbook

2025-08-29 15:06:26 +02:00 · 2023-04-18 14:52:43 +02:00
parent 2c76f99dd1
commit ec0dbee7bb
341 changed files with 153 additions and 811 deletions
--- a/roles/docker-elk/Readme.md
+++ b/roles/docker-elk/Readme.md
@@ -1,13 +0,0 @@
-# role docker-elk
-
-I decided against using this role for security reasons. I recommend to use another tool if you don't want to pay for keeping your logs save and if you don't want to depend on external servers. 
-
-## restart all services
-```bash
-docker restart elk_logstash_1 && docker restart elk_elasticsearch_1 && docker restart elk_kibana_1
-```
-
-## see
- https://logz.io/blog/elk-stack-on-docker/
- https://github.com/kevinveenbirkenbach/docker-elk
- https://logz.io/blog/docker-logging/
--- a/roles/docker-elk/defaults/main.yml
+++ b/roles/docker-elk/defaults/main.yml
@@ -1,2 +0,0 @@
---
-docker_elk_compose_path: "/srv/github.com/kevinveenbirkenbach/docker-elk/"
--- a/roles/docker-elk/files/elasticsearch-sysctl.conf
+++ b/roles/docker-elk/files/elasticsearch-sysctl.conf
@@ -1,2 +0,0 @@
-# https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html
-vm.max_map_count=262144
--- a/roles/docker-elk/handlers/main.yml
+++ b/roles/docker-elk/handlers/main.yml
@@ -1,7 +0,0 @@
---
- name: recreate docker-elk
-  command:
-    cmd: docker-compose up -d --force-recreate
-    chdir: "{{docker_elk_compose_path}}"
-  environment:
-    COMPOSE_HTTP_TIMEOUT: 600
--- a/roles/docker-elk/meta/main.yml
+++ b/roles/docker-elk/meta/main.yml
@@ -1,2 +0,0 @@
-dependencies:
- native-docker-reverse-proxy
--- a/roles/docker-elk/tasks/main.yml
+++ b/roles/docker-elk/tasks/main.yml
@@ -1,52 +0,0 @@
---
-
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx
-
- name: create elasticsearch-sysctl.conf
-  copy:
-    src: "elasticsearch-sysctl.conf"
-    dest: /etc/sysctl.d/elasticsearch-sysctl.conf
-    owner: root
-    group: root
-
- name: set vm.max_map_count=262144
-  command:
-    cmd: sysctl -w vm.max_map_count=262144
-
- name: "create {{docker_elk_compose_path}}"
-  file:
-    path: "{{docker_elk_compose_path}}"
-    state: directory
-    mode: 0755
-
- name: git pull docker-elk
-  git:
-    repo: "https://github.com/kevinveenbirkenbach/docker-elk.git"
-    dest: "{{docker_elk_compose_path}}"
-    update: yes
-  notify: recreate docker-elk
-
- name: copy docker-compose.yml
-  template: src=docker-compose.yml.j2 dest={{docker_elk_compose_path}}docker-compose.yml
-  notify: recreate docker-elk
-
- name: copy elasticsearch.yml
-  template: src=elasticsearch.yml.j2 dest={{docker_elk_compose_path}}elasticsearch/config/elasticsearch.yml
-  notify: recreate docker-elk
-
- name: copy kibana.yml
-  template: src=kibana.yml.j2 dest={{docker_elk_compose_path}}kibana/config/kibana.yml
-  notify: recreate docker-elk
-
- name: copy logstash.yml
-  template: src=logstash.yml.j2 dest={{docker_elk_compose_path}}logstash/config/logstash.yml
-  notify: recreate docker-elk
-
- name: copy logstash.conf
-  template: src=logstash.conf.j2 dest={{docker_elk_compose_path}}logstash/pipeline/logstash.conf
-  notify: recreate docker-elk
--- a/roles/docker-elk/templates/docker-compose.yml.j2
+++ b/roles/docker-elk/templates/docker-compose.yml.j2
@@ -1,77 +0,0 @@
-version: '3.2'
-
-services:
-  elasticsearch:
-    build:
-      context: elasticsearch/
-      args:
-        ELK_VERSION: $ELK_VERSION
-    volumes:
-      - type: bind
-        source: ./elasticsearch/config/elasticsearch.yml
-        target: /usr/share/elasticsearch/config/elasticsearch.yml
-        read_only: true
-      - type: volume
-        source: elasticsearch
-        target: /usr/share/elasticsearch/data
-    ports:
-      - "9200:9200"
-      - "9300:9300"
-    environment:
-      ES_JAVA_OPTS: "-Xmx256m -Xms256m"
-      ELASTIC_PASSWORD: changeme
-      # Use single node discovery in order to disable production mode and avoid bootstrap checks.
-      # see: https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
-      discovery.type: single-node
-    networks:
-      - elk
-
-  logstash:
-    build:
-      context: logstash/
-      args:
-        ELK_VERSION: $ELK_VERSION
-    volumes:
-      - type: bind
-        source: ./logstash/config/logstash.yml
-        target: /usr/share/logstash/config/logstash.yml
-        read_only: true
-      - type: bind
-        source: ./logstash/pipeline
-        target: /usr/share/logstash/pipeline
-        read_only: true
-    ports:
-      - "5044:5044"
-      - "5000:5000/tcp"
-      - "5000:5000/udp"
-      - "9600:9600"
-    environment:
-      LS_JAVA_OPTS: "-Xmx256m -Xms256m"
-    networks:
-      - elk
-    depends_on:
-      - elasticsearch
-
-  kibana:
-    build:
-      context: kibana/
-      args:
-        ELK_VERSION: $ELK_VERSION
-    volumes:
-      - type: bind
-        source: ./kibana/config/kibana.yml
-        target: /usr/share/kibana/config/kibana.yml
-        read_only: true
-    ports:
-      - "127.0.0.1:{{ http_port }}:5601"
-    networks:
-      - elk
-    depends_on:
-      - elasticsearch
-
-networks:
-  elk:
-    driver: bridge
-
-volumes:
-  elasticsearch:
--- a/roles/docker-elk/templates/elasticsearch.yml.j2
+++ b/roles/docker-elk/templates/elasticsearch.yml.j2
@@ -1,13 +0,0 @@
---
-## Default Elasticsearch configuration from Elasticsearch base image.
-## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml
-#
-cluster.name: "docker-cluster"
-network.host: 0.0.0.0
-
-## X-Pack settings
-## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html
-#
-xpack.license.self_generated.type: basic
-xpack.security.enabled: true
-xpack.monitoring.collection.enabled: true
--- a/roles/docker-elk/templates/kibana.yml.j2
+++ b/roles/docker-elk/templates/kibana.yml.j2
@@ -1,13 +0,0 @@
---
-## Default Kibana configuration from Kibana base image.
-## https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/templates/kibana_yml.template.ts
-#
-server.name: kibana
-server.host: 0.0.0.0
-elasticsearch.hosts: [ "http://elasticsearch:9200" ]
-monitoring.ui.container.elasticsearch.enabled: true
-
-## X-Pack security credentials
-#
-elasticsearch.username: elastic
-elasticsearch.password: {{elastic_search_password}}
--- a/roles/docker-elk/templates/logstash.conf.j2
+++ b/roles/docker-elk/templates/logstash.conf.j2
@@ -1,20 +0,0 @@
-input {
-	beats {
-		port => 5044
-	}
-
-	tcp {
-		port => 5000
-	}
-}
-
-## Add your filters / logstash plugins configuration here
-
-output {
-	elasticsearch {
-		hosts => "elasticsearch:9200"
-		user => "elastic"
-		password => "{{elastic_search_password}}"
-		ecs_compatibility => disabled
-	}
-}
--- a/roles/docker-elk/templates/logstash.yml.j2
+++ b/roles/docker-elk/templates/logstash.yml.j2
@@ -1,12 +0,0 @@
---
-## Default Logstash configuration from Logstash base image.
-## https://github.com/elastic/logstash/blob/master/docker/data/logstash/config/logstash-full.yml
-#
-http.host: "0.0.0.0"
-xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]
-
-## X-Pack security credentials
-#
-xpack.monitoring.enabled: true
-xpack.monitoring.elasticsearch.username: elastic
-xpack.monitoring.elasticsearch.password: {{elastic_search_password}}