Big changes to Elastic services

Install-Client and Install-Server are now valid.  They will install what is needed per the hosts file.  Computers in Linux will get client and computers in Elastic will get server.
This commit is contained in:
James Tombleson 2019-04-22 15:01:56 -07:00
parent b4f0af6963
commit 02c5a9c632
13 changed files with 260 additions and 232 deletions

32
playbook/README.md Normal file
View File

@ -0,0 +1,32 @@
# Playbook
This is the collection of playbooks that have been made. Each folder here ties back into the hosts file.
## Linux
This contains files that are designed to be ran against all linux based hosts. Some files are just general security updates and some will install packages that all servers need.
Installable services
* elastic-heartbeat
* elastic-metricbeat
### Docker
This contains files that will maintain and deploy docker servers.
Docker servers will be a sub under Linux for basic up keep on the servers.
### Elastic
This folder contains the files needed for a host that runs Elastic services as a server.
* ElasticSearch
* Kibana
## Windows
Just like its Linux counter part, this contains the information and playbooks that are designed to be ran against all windows servers. Keeping baseline firewall, users, groups and windows updates are some examples.

View File

@ -0,0 +1,44 @@
# This will work on a new install.
# If any changes are needed to the cluster name on an existing install add another function
- name: Config - cluster.name 'elastic-DMI01'
become: true
lineinfile:
path: /etc/elasticsearch/elasticsearch.yml
regex: '^cluster.name'
insertafter: '#cluster.name: my-application'
line: 'cluster.name: elastic-DMI01'
backup: yes
# We define the name of the host we are working on
- name: Config - node.name
become: true
lineinfile:
path: /etc/elasticsearch/elasticsearch.yml
regex: '^node.name'
insertafter: '#node.name: node-1'
line: "node.name: {{ ansible_eno1.ipv4.address }}"
# Allow 9200 so we can access it over the network
- name: Allow port 9200 though UFW
become: true
ufw:
rule: allow
port: 9200
#name: ElasticSearch
- name: Service reload daemon
become: true
systemd:
daemon_reload: yes
- name: systemd - enable ElasticSearch on startup
become: true
systemd:
name: elasticsearch
enabled: yes
- name: systemd - restart ElasticSearch service
become: true
systemd:
name: elasticsearch
state: restarted

View File

@ -0,0 +1,25 @@
---
- name: define kibana host
become: true
lineinfile:
path: /etc/heartbeat/heartbeat.yml
regex: '^host: "dm-nagios.local:5601"'
insertafter: '#host: "localhost:5601"'
line: 'host: "dm-nagios.local:5601"'
- name: systemd - daemon reload
become: true
systemd:
daemon_reload: yes
- name: system - enable on startup
become: true
systemd:
name: heartbeat-elastic
enabled: yes
- name: systemd - restart heartbeat
become: true
systemd:
name: heartbeat-elastic
state: restarted

View File

@ -0,0 +1,49 @@
- name: Config - Server.Port 5601
become: true
lineinfile:
path: /etc/kibana/kibana.yml
regex: '^server.port'
insertafter: '#server.port: 5601'
line: 'server.port: 5601'
backup: yes
- name: Config - Server.host
become: true
lineinfile:
path: /etc/kibana/kibana.yml
regex: '^server.host'
insertafter: '#server.host'
line: 'server.host: {{ ansible_eno1.ipv4.address }}'
- name: Config - elasticsearch.hosts
become: true
lineinfile:
path: /etc/kibana/kibana.yml
regex: '^elasticsearch.hosts'
insertafter: '#elasticsearch.hosts:'
line: 'elasticsearch.hosts: ["http://localhost:9200"]'
- name: Allow port 5601
become: true
ufw:
rule: allow
port: 5601
- name: systemd - daemon reload
become: true
systemd:
daemon_reload: yes
- name: systemd - enable Kibana on startup
become: true
systemd:
name: kibana
enabled: yes
- name: systemd - restart Kibana
become: true
systemd:
name: kibana
state: restarted

View File

@ -0,0 +1,29 @@
# - name: enable modules
- name: define kibana host
become: true
lineinfile:
path: /etc/metricbeat/metricbeat.yml
regex: '^host: "dm-nagios.local:5601"'
insertafter: '#host: "localhost:5601"'
line: 'host: "dm-nagios.local:5601"'
#- name: config where to send information
- name: systemd - daemon reload
become: true
systemd:
daemon_reload: yes
- name: Enable service on system startup
become: true
systemd:
name: metricbeat
enabled: yes
- name: systemd - restart Metricbeat
become: true
systemd:
name: metricbeat
state: restarted

View File

@ -0,0 +1,25 @@
---
# This will install all the client parts needed for elastic to monitor client computers
- name: Install elastic client programs
hosts: linux
tasks:
- name: Install elastic repo
include: install-repo.yml
- name: Install elastic heartbeat
become: true
apt:
name: heartbeat-elastic
- name: Configure elastic heartbeazt
include: config-heartbeat.yml
- name: Install elastic metricbeat
become: true
apt:
name: metricbeat
- name: Configure elastic metricbeat
include: config-metricbeat.yml

View File

@ -1,80 +0,0 @@
- name: Install Elasticsearch
hosts: elastic
tasks:
- name: Install Elastic GPG Key
become: true
apt_key:
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
state: present
id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
- name: Install apt-transport-https
apt:
name: apt-transport-https
- name: Add Elastic Repo
become: true
copy:
src: elastic-7.x.list
dest: /etc/apt/sources.list.d/
backup: yes
- name: Update Packages
become: true
apt:
update_cache: true
- name: Install ElasticSearch
become: true
apt:
name: elasticsearch
# This will work on a new install.
# If any changes are needed to the cluster name on an existing install add another function
- name: Config - cluster.name 'elastic-DMI01'
become: true
lineinfile:
path: /etc/elasticsearch/elasticsearch.yml
regex: '^cluster.name'
insertafter: '#cluster.name: my-application'
line: 'cluster.name: elastic-DMI01'
backup: yes
# We define the name of the host we are working on
- name: Config - node.name
become: true
lineinfile:
path: /etc/elasticsearch/elasticsearch.yml
regex: '^node.name'
insertafter: '#node.name: node-1'
line: "node.name: {{ ansible_eno1.ipv4.address }}"
# Allow 9200 so we can access it over the network
- name: Allow port 9200 though UFW
become: true
ufw:
rule: allow
port: 9200
#name: ElasticSearch
- name: Service reload daemon
become: true
systemd:
daemon_reload: yes
- name: systemd - enable ElasticSearch on startup
become: true
systemd:
name: elasticsearch
enabled: yes
- name: systemd - restart ElasticSearch service
become: true
systemd:
name: elasticsearch
state: restarted

View File

@ -1,83 +0,0 @@
- name: Install Kibana
hosts: elastic
tasks:
- name: Install Elastic GPG Key
become: true
apt_key:
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
state: present
id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
- name: Install apt-transport-https
apt:
name: apt-transport-https
- name: Add Elastic Repo
become: true
copy:
src: elastic-7.x.list
dest: /etc/apt/sources.list.d/
backup: yes
- name: Update Packages
become: true
apt:
update_cache: true
- name: Install kibana
become: true
apt:
name: kibana
- name: Config - Server.Port 5601
become: true
lineinfile:
path: /etc/kibana/kibana.yml
regex: '^server.port'
insertafter: '#server.port: 5601'
line: 'server.port: 5601'
backup: yes
- name: Config - Server.host
become: true
lineinfile:
path: /etc/kibana/kibana.yml
regex: '^server.host'
insertafter: '#server.host'
line: 'server.host: {{ ansible_eno1.ipv4.address }}'
- name: Config - elasticsearch.hosts
become: true
lineinfile:
path: /etc/kibana/kibana.yml
regex: '^elasticsearch.hosts'
insertafter: '#elasticsearch.hosts:'
line: 'elasticsearch.hosts: ["http://localhost:9200"]'
- name: Allow port 5601
become: true
ufw:
rule: allow
port: 5601
- name: systemd - daemon reload
become: true
systemd:
daemon_reload: yes
- name: systemd - enable Kibana on startup
become: true
systemd:
name: kibana
enabled: yes
- name: systemd - restart Kibana
become: true
systemd:
name: kibana
state: restarted

View File

@ -1,44 +0,0 @@
- name: Install Metricbeat
hosts: elastic
tasks:
- name: Download metricbeat deb
get_url:
url: 'https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.0.0-amd64.deb'
dest: /tmp/metricbeat.deb
- name: Install metricbeat
become: true
apt:
deb: /tmp/metricbeat.deb
# - name: enable modules
- name: define kibana host:
become: true
lineinfile:
path: /etc/metricbeat/metricbeat.yml
regex: '^host: "localhost:5601"'
insertafter: '#host: "localhost:5601"'
line: 'host: '
- name: config where to send information
- name: systemd - daemon reload
become: true
systemd:
daemon_reload: yes
- name: Enable service on system startup
become: true
systemd:
name: metricbeat
enabed: yes
- name: systemd - restart Metricbeat
become: true
systemd:
name: metricbeat
state: restarted

View File

@ -0,0 +1,29 @@
---
- name: Install Elastic GPG Key
become: true
apt_key:
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
state: present
id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
- name: Install apt-transport-https
become: true
apt:
name: apt-transport-https
- name: Add Elastic Repo
become: true
copy:
dest: '/etc/apt/sources.list.d/elastic-7.x.list'
content: "deb https://artifacts.elastic.co/packages/7.x/apt stable main"
# copy:
#src: elastic-7.x.list
# dest: /etc/apt/sources.list.d/
# backup: yes
- name: Update Packages
become: true
apt:
update_cache: true

View File

@ -0,0 +1,27 @@
---
# This will install all elastic services for a elastic server
# ElasticSearch
# Kibana
- name: Install Elastic server programs
hosts: elastic
tasks:
- name: Install Requrements
include: install-repo.yml
- name: Install ElasticSearch from apt
become: true
apt:
name: elasticsearch
- name: Configure ElasticSearch
include: config-elasticsearch.yml
- name: Install Kibana from apt
become: true
apt:
name: kibana
- name: Configure Kibana
include: config-kibana.yml

View File

@ -1,25 +0,0 @@
- name: Install Nagios Core
hosts: nagios
tasks:
- name: Install requrements
apt:
name: {{ packages }}
vars:
packages:
- install
- build-essential
- libgd-dev
- openssl
- libssl-dev
- unzip
- apache2
- name: Make Group: Nagios
- name: Make User: Nagios