From 0b961246961fc38c9675b782e99f2a1b859b531b Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Wed, 24 Apr 2019 14:40:05 -0700 Subject: [PATCH] Elastic configs for windows hosts is in progress I am able to deploy metricbeat now to the windows hosts. Looking at heartbeat again though. --- .../linux/elastic/config-elasticsearch.yml | 66 ------- playbook/linux/elastic/config-heartbeat.yml | 16 -- playbook/linux/elastic/config-kibana.yml | 37 +--- playbook/linux/elastic/config-metricbeat.yml | 31 +--- .../linux/elastic/config-win-heartbeat.yml | 56 ++++++ .../linux/elastic/config-win-metricbeat.yml | 39 ++++ playbook/linux/elastic/elasticsearch.j2 | 20 +-- playbook/linux/elastic/heartbeat.j2 | 168 ++++++++++++++++++ playbook/linux/elastic/install-client.yml | 27 ++- playbook/linux/elastic/install-server.yml | 39 ++-- playbook/linux/elastic/install-win-client.yml | 25 +++ playbook/linux/elastic/kibana.j2 | 120 +++++++++++++ playbook/linux/elastic/metricbeat.j2 | 155 ++++++++++++++++ playbook/windows/install-elastic-client.yml | 44 +++++ 14 files changed, 671 insertions(+), 172 deletions(-) create mode 100644 playbook/linux/elastic/config-win-heartbeat.yml create mode 100644 playbook/linux/elastic/config-win-metricbeat.yml create mode 100755 playbook/linux/elastic/heartbeat.j2 create mode 100644 playbook/linux/elastic/install-win-client.yml create mode 100644 playbook/linux/elastic/kibana.j2 create mode 100755 playbook/linux/elastic/metricbeat.j2 create mode 100644 playbook/windows/install-elastic-client.yml diff --git a/playbook/linux/elastic/config-elasticsearch.yml b/playbook/linux/elastic/config-elasticsearch.yml index c19978c..2971f8c 100644 --- a/playbook/linux/elastic/config-elasticsearch.yml +++ b/playbook/linux/elastic/config-elasticsearch.yml @@ -1,70 +1,4 @@ # This will work on a new install. -# If any changes are needed to the cluster name on an existing install add another function -- name: Config - cluster.name 'logging-dev' - become: true - lineinfile: - path: /etc/elasticsearch/elasticsearch.yml - regex: '^cluster.name' - insertafter: '#cluster.name: my-application' - line: 'cluster.name: logging-dev' - backup: yes - -# We define the name of the host we are working on -- name: Config - node.name - become: true - lineinfile: - path: /etc/elasticsearch/elasticsearch.yml - regex: '^node.name' - insertafter: '#node.name: node-1' - line: "node.name: dev-data-01" - -- name: Config - network.host - become: true - lineinfile: - path: /etc/elasticsearch/elasticsearch.yml - regexp: 'network.host:' - insertafter: '#network.host:' - line: 'network.host: {{ ansible_eno1.ipv4.address }}' - -- name: Config - transport.host - become: true - lineinfile: - path: /etc/elasticsearch/elasticsearch.yml - regexp: 'transort.host:' - #insertafter: 'http.port: 9200' - line: 'transport.host: localhost' - state: present - #backrefs: yes - -- name: Config - transport.tcp.port - become: true - lineinfile: - path: /etc/elasticsearch/elasticsearch.yml - regexp: 'transport.tcp.port:' - #insertafter: 'transport.host: localhost' - line: 'transport.tcp.port: 9300' - state: present - backrefs: yes - -- name: Config - node.master - become: true - lineinfile: - path: /etc/elasticsearch/elasticsearch.yml - regexp: 'node.master:' - insertafter: 'node.name:' - line: 'node.master: true' - state: present - backrefs: yes - -- name: Config - node.data - become: true - lineinfile: - path: /etc/elasticsearch/elasticsearch.yml - regexp: 'node.data:' - insertafter: 'node.master:' - line: 'node.data: true' - state: present - backrefs: yes # Allow 9200 so we can access it over the network - name: Allow port 9200 though UFW diff --git a/playbook/linux/elastic/config-heartbeat.yml b/playbook/linux/elastic/config-heartbeat.yml index a7ea73d..c1810dd 100644 --- a/playbook/linux/elastic/config-heartbeat.yml +++ b/playbook/linux/elastic/config-heartbeat.yml @@ -1,20 +1,4 @@ --- -- name: define kibana host - become: true - lineinfile: - path: /etc/heartbeat/heartbeat.yml - regex: '^host: "dm-nagios.local:5601"' - insertafter: '#host: "localhost:5601"' - line: 'host: "dm-nagios.local:5601"' - -- name: define elasticsearch host - become: true - lineinfile: - path: /etc/heartbeat/heartbeat.yml - regexp: 'hosts: \["localhost:9200"\]' - line: ' host: ["dm-nagios.local:9200"]' - state: present - backrefs: yes - name: systemd - daemon reload become: true diff --git a/playbook/linux/elastic/config-kibana.yml b/playbook/linux/elastic/config-kibana.yml index d7513d0..e507c78 100644 --- a/playbook/linux/elastic/config-kibana.yml +++ b/playbook/linux/elastic/config-kibana.yml @@ -1,40 +1,5 @@ - -- name: Config - Server.Port 5601 - become: true - lineinfile: - path: /etc/kibana/kibana.yml - regex: '^server.port' - insertafter: '#server.port: 5601' - line: 'server.port: 5601' - backup: yes - -- name: Config - Server.host - become: true - lineinfile: - path: /etc/kibana/kibana.yml - regex: '^server.host' - insertafter: '#server.host' - line: 'server.host: {{ ansible_eno1.ipv4.address }}' - -- name: Config - server.name - become: true - lineinfile: - path: /etc/kibana/kibana.yml - regexp: 'server.name:' - insertafter: '#server.name: "your-hostname"' - line: 'server.name: {{ ansible_hostname }}' - -- name: Config - elasticsearch.hosts - become: true - lineinfile: - path: /etc/kibana/kibana.yml - regex: '^elasticsearch.hosts' - insertafter: '#elasticsearch.hosts:' - #line: 'elasticsearch.hosts: ["http://{{ ansible_eno1.ipv4.address }}:9200"]' - line: 'elasticsearch.hosts: ["https://localhost:9200"]' - -- name: Allow port 5601 +- name: Allow 5601 though UFW become: true ufw: rule: allow diff --git a/playbook/linux/elastic/config-metricbeat.yml b/playbook/linux/elastic/config-metricbeat.yml index e9b6386..1726d2c 100644 --- a/playbook/linux/elastic/config-metricbeat.yml +++ b/playbook/linux/elastic/config-metricbeat.yml @@ -1,37 +1,12 @@ # - name: enable modules - -- name: define kibana host - become: true - lineinfile: - path: /etc/metricbeat/metricbeat.yml - regexp: 'host: "localhost:5601"' - #insertafter: '#host: "localhost:5601"' - line: ' host: "192.168.0.173:5601"' - state: present - backrefs: yes - -- name: define elasticsearch host - become: true - lineinfile: - path: /etc/metricbeat/metricbeat.yml - regexp: 'hosts: \["localhost:9200"\]' - #insertafter: '#hosts: ["localhost:9200"]' - line: ' hosts: ["192.168.0.173:9200"]' - state: present - backrefs: yes - - name: enable system module become: true shell: metricbeat modules enable system -- name: run metricbeat setup - become: true - shell: metricbeat setup - -- name: start metricbeat service - become: true - shell: metricbeat service metricbeat start + #- name: start metricbeat service + # become: true + #shell: metricbeat service metricbeat start - name: systemd - daemon reload become: true diff --git a/playbook/linux/elastic/config-win-heartbeat.yml b/playbook/linux/elastic/config-win-heartbeat.yml new file mode 100644 index 0000000..051614b --- /dev/null +++ b/playbook/linux/elastic/config-win-heartbeat.yml @@ -0,0 +1,56 @@ +--- +# This will install all the client parts needed for elastic to monitor client computers + +- name: Install elastic client programs + hosts: windows + vars: + elastic_version: '7.0.0' + url_heartbeat: 'https://artifacts.elastic.co/downloads/beats/heartbeat/heartbeat-{{elastic_version}}-windows-x86_64.zip' + temp: 'c:\temp\' + program_files: 'c:\program files\' + kibana_host: '192.168.0.173:5601' + elasticsearch_hosts: '["192.168.0.173:9200"]' + + + tasks: + - name: make temp folder + win_file: + path: c:\temp\ + state: directory + + - name: download heartbeat + win_get_url: + url: '{{ url_heartbeat }}' + dest: 'C:\temp\heartbeat-{{ elastic_version }}.zip' + force: no + + - name: unzip heartbeat + win_unzip: + src: c:\temp\heartbeat-{{ elastic_version }}.zip + dest: C:\temp\heartbeat-{{ elastic_version }}\ + creates: C:\temp\heartbeat-{{ elastic_version }}\ + + - name: Copy heartbeat-{{ elastic_version }} folder + win_command: powershell.exe copy-item -Path 'c:\temp\heartbeat-{{ elastic_version }}\heartbeat-{{ elastic_version }}-windows-x86_64\' -Filter * -Recurse -Destination 'C:\Program Files\Heartbeat\' + args: + creates: C:\Program Files\Heartbeat\ + + - name: Update template + win_template: + src: heartbeat.j2 + dest: C:\Program Files\Heartbeat\heartbeat.yml + + - name: Install Heartbeat service + win_command: powershell.exe -ExecutionPolicy ByPass -File install-service-heartbeat.ps1 + args: + chdir: C:\program files\heartbeat\ + + - name: stop heartbeat service + win_service: + name: heartbeat + state: stopped + + - name: start heartbeat service + win_service: + name: heartbeat + state: started diff --git a/playbook/linux/elastic/config-win-metricbeat.yml b/playbook/linux/elastic/config-win-metricbeat.yml new file mode 100644 index 0000000..68c6254 --- /dev/null +++ b/playbook/linux/elastic/config-win-metricbeat.yml @@ -0,0 +1,39 @@ +--- +# This will install all the client parts needed for elastic to monitor client computers + +- name: download metricbeat + win_get_url: + url: '{{ url_metricbeat }}' + dest: 'C:\temp\metricbeat-{{ elastic_version }}.zip' + force: no + +- name: unzip heartbeat + win_unzip: + src: c:\temp\metricbeat-{{ elastic_version }}.zip + dest: C:\temp\metricbeat-{{ elastic_version }}\ + creates: C:\temp\metricbeat-{{ elastic_version }}\ + +- name: Copy metricbeat-{{ elastic_version }} folder + win_command: powershell.exe copy-item -Path 'c:\temp\metricbeat-{{ elastic_version }}\metricbeat-{{ elastic_version }}-windows-x86_64\' -Filter * -Recurse -Destination 'C:\Program Files\Metricbeat\' + args: + creates: C:\Program Files\Metricbeat\ + +- name: Update template + win_template: + src: metricbeat.j2 + dest: C:\Program Files\Metricbeat\metricbeat.yml + +- name: Install Metricbeat service + win_command: powershell.exe -ExecutionPolicy ByPass -File install-service-metricbeat.ps1 + args: + chdir: C:\program files\metricbeat\ + +- name: stop service + win_service: + name: metricbeat + state: stopped + +- name: start service + win_service: + name: metricbeat + state: started diff --git a/playbook/linux/elastic/elasticsearch.j2 b/playbook/linux/elastic/elasticsearch.j2 index 16fcf9a..e9f0b64 100755 --- a/playbook/linux/elastic/elasticsearch.j2 +++ b/playbook/linux/elastic/elasticsearch.j2 @@ -15,16 +15,16 @@ # Use a descriptive name for your cluster: # #cluster.name: my-application -cluster.name: {{ cluster_name }} +cluster.name: {{ es_cluster_name }} # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # #node.name: node-1 -node.name: {{ node_name }} -node.master: {{ node_master }} -node.data: {{ node_data }} +node.name: {{ es_node_name }} +node.master: {{ es_node_master }} +node.data: {{ es_node_data }} # # Add custom attributes to the node: # @@ -34,11 +34,11 @@ node.data: {{ node_data }} # # Path to directory where to store the data (separate multiple locations by comma): # -path.data: {{ path_data }} +path.data: {{ es_path_data }} # # Path to log files: # -path.logs: {{ path_logs }} +path.logs: {{ es_path_logs }} # # ----------------------------------- Memory ----------------------------------- # @@ -56,13 +56,13 @@ path.logs: {{ path_logs }} # # Set the bind address to a specific IP (IPv4 or IPv6): # -network.host: {{ network_host }} +network.host: {{ ansible_default_ipv4.address }} # # Set a custom port for HTTP: # -http.port: {{ http_port }} -transport.host: {{ transport_host }} -transport.port: {{ transport_port }} +http.port: {{ es_http_port }} +transport.host: {{ es_transport_host }} +transport.tcp.port: {{ es_transport_port }} # # For more information, consult the network module documentation.# # diff --git a/playbook/linux/elastic/heartbeat.j2 b/playbook/linux/elastic/heartbeat.j2 new file mode 100755 index 0000000..22fdf7c --- /dev/null +++ b/playbook/linux/elastic/heartbeat.j2 @@ -0,0 +1,168 @@ +################### Heartbeat Configuration Example ######################### + +# This file is an example configuration file highlighting only some common options. +# The heartbeat.reference.yml file in the same directory contains all the supported options +# with detailed comments. You can use it for reference. +# +# You can find the full configuration reference here: +# https://www.elastic.co/guide/en/beats/heartbeat/index.html + +############################# Heartbeat ###################################### + +# Define a directory to load monitor definitions from. Definitions take the form +# of individual yaml files. +heartbeat.config.monitors: + # Directory + glob pattern to search for configuration files + path: ${path.config}/monitors.d/*.yml + # If enabled, heartbeat will periodically check the config.monitors path for changes + reload.enabled: false + # How often to check for changes + reload.period: 5s + +# Configure monitors inline +heartbeat.monitors: +- type: http + + # List or urls to query + urls: ["http://localhost:9200"] + + # Configure task schedule + schedule: '@every 10s' + + # Total test connection and data exchange timeout + #timeout: 16s + +#==================== Elasticsearch template setting ========================== + +setup.template.settings: + index.number_of_shards: 1 + index.codec: best_compression + #_source.enabled: false + +#================================ General ===================================== + +# The name of the shipper that publishes the network data. It can be used to group +# all the transactions sent by a single shipper in the web interface. +#name: + +# The tags of the shipper are included in their own field with each +# transaction published. +#tags: ["service-X", "web-tier"] + +# Optional fields that you can specify to add additional information to the +# output. +#fields: +# env: staging + + +#============================== Dashboards ===================================== +# These settings control loading the sample dashboards to the Kibana index. Loading +# the dashboards is disabled by default and can be enabled either by setting the +# options here or by using the `setup` command. + +setup.dashboards.enabled: true + +# The URL from where to download the dashboards archive. By default this URL +# has a value which is computed based on the Beat name and version. For released +# versions, this URL points to the dashboard archive on the artifacts.elastic.co +# website. +#setup.dashboards.url: + +#============================== Kibana ===================================== + +# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. +# This requires a Kibana endpoint configuration. +setup.kibana: + + # Kibana Host + # Scheme and port can be left out and will be set to the default (http and 5601) + # In case you specify and additional path, the scheme is required: http://localhost:5601/path + # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601 + + host: {{ kibana_host }} + + # Kibana Space ID + # ID of the Kibana Space into which the dashboards should be loaded. By default, + # the Default Space will be used. + #space.id: + +#============================= Elastic Cloud ================================== + +# These settings simplify using heartbeat with the Elastic Cloud (https://cloud.elastic.co/). + +# The cloud.id setting overwrites the `output.elasticsearch.hosts` and +# `setup.kibana.host` options. +# You can find the `cloud.id` in the Elastic Cloud web UI. +#cloud.id: + +# The cloud.auth setting overwrites the `output.elasticsearch.username` and +# `output.elasticsearch.password` settings. The format is `:`. +#cloud.auth: + +#================================ Outputs ===================================== + +# Configure what output to use when sending the data collected by the beat. + +#-------------------------- Elasticsearch output ------------------------------ +output.elasticsearch: + # Array of hosts to connect to. + hosts: {{ elasticsearch_hosts }} + + # Optional protocol and basic auth credentials. + #protocol: "https" + #username: "elastic" + #password: "changeme" + +#----------------------------- Logstash output -------------------------------- +#output.logstash: + # The Logstash hosts + #hosts: ["localhost:5044"] + + # Optional SSL. By default is off. + # List of root certificates for HTTPS server verifications + #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] + + # Certificate for SSL client authentication + #ssl.certificate: "/etc/pki/client/cert.pem" + + # Client Certificate Key + #ssl.key: "/etc/pki/client/cert.key" + +#================================ Processors ===================================== + +# Configure processors to enhance or manipulate events generated by the beat. + +processors: + - add_host_metadata: ~ + - add_cloud_metadata: ~ + +#================================ Logging ===================================== + +# Sets log level. The default log level is info. +# Available log levels are: error, warning, info, debug +#logging.level: debug + +# At debug level, you can selectively enable logging only for some components. +# To enable all selectors use ["*"]. Examples of other selectors are "beat", +# "publish", "service". +#logging.selectors: ["*"] + +#============================== Xpack Monitoring =============================== +# heartbeat can export internal metrics to a central Elasticsearch monitoring +# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The +# reporting is disabled by default. + +# Set to true to enable the monitoring reporter. +#xpack.monitoring.enabled: false + +# Uncomment to send the metrics to Elasticsearch. Most settings from the +# Elasticsearch output are accepted here as well. Any setting that is not set is +# automatically inherited from the Elasticsearch output configuration, so if you +# have the Elasticsearch output configured, you can simply uncomment the +# following line. +#xpack.monitoring.elasticsearch: + +#================================= Migration ================================== + +# This allows to enable 6.7 migration aliases +#migration.6_to_7.enabled: true diff --git a/playbook/linux/elastic/install-client.yml b/playbook/linux/elastic/install-client.yml index 0072b57..67a923f 100644 --- a/playbook/linux/elastic/install-client.yml +++ b/playbook/linux/elastic/install-client.yml @@ -3,23 +3,38 @@ - name: Install elastic client programs hosts: elasticClients + vars: + kibana_host: '192.168.0.173:5601' + elasticsearch_hosts: '["192.168.0.173:9200"]' tasks: - name: Install elastic repo include: install-repo.yml - #- name: Install elastic heartbeat - #become: true - #apt: - #name: heartbeat-elastic + - name: Install elastic heartbeat + become: true + apt: + name: heartbeat-elastic + + - name: Update Heatbeat config + become: true + template: + src: heartbeat.j2 + dest: /etc/heartbeat/heartbeat.yml - #- name: Configure elastic heartbeat - #include: config-heartbeat.yml + - name: Configure elastic heartbeat + include: config-heartbeat.yml - name: Install elastic metricbeat become: true apt: name: metricbeat + - name: Update Metricbeat config + become: true + template: + src: metricbeat.j2 + dest: /etc/metricbeat/metricbeat.yml + - name: Configure elastic metricbeat include: config-metricbeat.yml diff --git a/playbook/linux/elastic/install-server.yml b/playbook/linux/elastic/install-server.yml index e4451d5..d5204aa 100644 --- a/playbook/linux/elastic/install-server.yml +++ b/playbook/linux/elastic/install-server.yml @@ -6,16 +6,17 @@ - name: Install Elastic server programs hosts: elastic vars: - cluster_name: 'logging-dev' - node_name: 'dev-data-01' - node_master: 'true' - node_data: 'true' - path_data: '/var/lib/elasticsearch' - path_logs: '/var/log/elasticsearch' - network_host: {{ ansible_default_ipv4.address }} - http_port: '9200' - transport_host: 'localhost' - transport_port: '9300' + es_cluster_name: 'logging-dev' + es_node_name: 'dev-data-01' + es_node_master: 'true' + es_node_data: 'true' + es_path_data: '/var/lib/elasticsearch' + es_path_logs: '/var/log/elasticsearch' + es_http_port: '9200' + es_transport_host: 'localhost' + es_transport_port: '9300' + k_server_port: 5601 + k_elasticsearch_hosts: 'http://192.168.0.173:9200' tasks: - name: Install Requrements @@ -26,6 +27,12 @@ apt: name: elasticsearch + - name: Update ElasticSearch config + become: true + template: + src: elasticsearch.j2 + dest: /etc/elasticsearch/elasticsearch.yml + - name: Configure ElasticSearch include: config-elasticsearch.yml @@ -34,5 +41,17 @@ apt: name: kibana + - name: Configure Kibana + become: true + template: + src: kibana.j2 + dest: /etc/kibana/kibana.yml + - name: Configure Kibana include: config-kibana.yml + + #- name: Install Logstash + #become: true + #apt: + #name: logstash + diff --git a/playbook/linux/elastic/install-win-client.yml b/playbook/linux/elastic/install-win-client.yml new file mode 100644 index 0000000..8be6258 --- /dev/null +++ b/playbook/linux/elastic/install-win-client.yml @@ -0,0 +1,25 @@ +--- +# This will install all the client parts needed for elastic to monitor client computers + +- name: Install elastic client programs + hosts: windows + vars: + elastic_version: '7.0.0' + url_heartbeat: 'https://artifacts.elastic.co/downloads/beats/heartbeat/heartbeat-{{elastic_version}}-windows-x86_64.zip' + url_metricbeat: 'https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.0.0-windows-x86_64.zip' + temp: 'c:\temp\' + program_files: 'c:\program files\' + kibana_host: '192.168.0.173:5601' + elasticsearch_hosts: '["192.168.0.173:9200"]' + + + tasks: + - name: make temp folder + win_file: + path: c:\temp\ + state: directory + + - name: Install Metricbeat + include: config-win-metricbeat.yml + + diff --git a/playbook/linux/elastic/kibana.j2 b/playbook/linux/elastic/kibana.j2 new file mode 100644 index 0000000..234a051 --- /dev/null +++ b/playbook/linux/elastic/kibana.j2 @@ -0,0 +1,120 @@ +# Kibana is served by a back end server. This setting specifies the port to use. +#server.port: 5601 + +server.port: {{ k_server_port }} + +# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. +# The default is 'localhost', which usually means remote machines will not be able to connect. +# To allow connections from remote users, set this parameter to a non-loopback address. +#server.host: "192.168.0.173" + +server.host: {{ ansible_default_ipv4.address }} + +# Enables you to specify a path to mount Kibana at if you are running behind a proxy. +# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath +# from requests it receives, and to prevent a deprecation warning at startup. +# This setting cannot end in a slash. +#server.basePath: "" + +# Specifies whether Kibana should rewrite requests that are prefixed with +# `server.basePath` or require that they are rewritten by your reverse proxy. +# This setting was effectively always `false` before Kibana 6.3 and will +# default to `true` starting in Kibana 7.0. +#server.rewriteBasePath: false + +# The maximum payload size in bytes for incoming server requests. +#server.maxPayloadBytes: 1048576 + +# The Kibana server's name. This is used for display purposes. +server.name: {{ ansible_hostname }} + +# The URLs of the Elasticsearch instances to use for all your queries. +#elasticsearch.hosts: ["http://localhost:9200"] +elasticsearch.hosts: [ + {{ k_elasticsearch_hosts }} +] + +# When this setting's value is true Kibana uses the hostname specified in the server.host +# setting. When the value of this setting is false, Kibana uses the hostname of the host +# that connects to this Kibana instance. +#elasticsearch.preserveHost: true + +# Kibana uses an index in Elasticsearch to store saved searches, visualizations and +# dashboards. Kibana creates a new index if the index doesn't already exist. +#kibana.index: ".kibana" + +# The default application to load. +#kibana.defaultAppId: "home" + +# If your Elasticsearch is protected with basic authentication, these settings provide +# the username and password that the Kibana server uses to perform maintenance on the Kibana +# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which +# is proxied through the Kibana server. +#elasticsearch.username: "user" +#elasticsearch.password: "pass" + +# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. +# These settings enable SSL for outgoing requests from the Kibana server to the browser. +#server.ssl.enabled: false +#server.ssl.certificate: /path/to/your/server.crt +#server.ssl.key: /path/to/your/server.key + +# Optional settings that provide the paths to the PEM-format SSL certificate and key files. +# These files validate that your Elasticsearch backend uses the same key files. +#elasticsearch.ssl.certificate: /path/to/your/client.crt +#elasticsearch.ssl.key: /path/to/your/client.key + +# Optional setting that enables you to specify a path to the PEM file for the certificate +# authority for your Elasticsearch instance. +#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] + +# To disregard the validity of SSL certificates, change this setting's value to 'none'. +#elasticsearch.ssl.verificationMode: full + +# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of +# the elasticsearch.requestTimeout setting. +#elasticsearch.pingTimeout: 1500 + +# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value +# must be a positive integer. +#elasticsearch.requestTimeout: 30000 + +# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side +# headers, set this value to [] (an empty list). +#elasticsearch.requestHeadersWhitelist: [ authorization ] + +# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten +# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. +#elasticsearch.customHeaders: {} + +# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. +#elasticsearch.shardTimeout: 30000 + +# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying. +#elasticsearch.startupTimeout: 5000 + +# Logs queries sent to Elasticsearch. Requires logging.verbose set to true. +#elasticsearch.logQueries: false + +# Specifies the path where Kibana creates the process ID file. +#pid.file: /var/run/kibana.pid + +# Enables you specify a file where Kibana stores log output. +#logging.dest: stdout + +# Set the value of this setting to true to suppress all logging output. +#logging.silent: false + +# Set the value of this setting to true to suppress all logging output other than error messages. +#logging.quiet: false + +# Set the value of this setting to true to log all events, including system usage information +# and all requests. +#logging.verbose: false + +# Set the interval in milliseconds to sample system and process performance +# metrics. Minimum is 100ms. Defaults to 5000. +#ops.interval: 5000 + +# Specifies locale to be used for all localizable strings, dates and number formats. +#i18n.locale: "en" diff --git a/playbook/linux/elastic/metricbeat.j2 b/playbook/linux/elastic/metricbeat.j2 new file mode 100755 index 0000000..a6ec3cb --- /dev/null +++ b/playbook/linux/elastic/metricbeat.j2 @@ -0,0 +1,155 @@ +###################### Metricbeat Configuration Example ####################### + +# This file is an example configuration file highlighting only the most common +# options. The metricbeat.reference.yml file from the same directory contains all the +# supported options with more comments. You can use it as a reference. +# +# You can find the full configuration reference here: +# https://www.elastic.co/guide/en/beats/metricbeat/index.html + +#========================== Modules configuration ============================ + +metricbeat.config.modules: + # Glob pattern for configuration loading + path: ${path.config}/modules.d/*.yml + + # Set to true to enable config reloading + reload.enabled: false + + # Period on which files under path should be checked for changes + #reload.period: 10s + +#==================== Elasticsearch template setting ========================== + +setup.template.settings: + index.number_of_shards: 1 + index.codec: best_compression + #_source.enabled: false + +#================================ General ===================================== + +# The name of the shipper that publishes the network data. It can be used to group +# all the transactions sent by a single shipper in the web interface. +#name: + +# The tags of the shipper are included in their own field with each +# transaction published. +#tags: ["service-X", "web-tier"] + +# Optional fields that you can specify to add additional information to the +# output. +#fields: +# env: staging + + +#============================== Dashboards ===================================== +# These settings control loading the sample dashboards to the Kibana index. Loading +# the dashboards is disabled by default and can be enabled either by setting the +# options here or by using the `setup` command. + +setup.dashboards.enabled: true + +# The URL from where to download the dashboards archive. By default this URL +# has a value which is computed based on the Beat name and version. For released +# versions, this URL points to the dashboard archive on the artifacts.elastic.co +# website. +#setup.dashboards.url: + +#============================== Kibana ===================================== + +# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. +# This requires a Kibana endpoint configuration. +setup.kibana: + + # Kibana Host + # Scheme and port can be left out and will be set to the default (http and 5601) + # In case you specify and additional path, the scheme is required: http://localhost:5601/path + # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601 + + host: "{{ kibana_host }}" + + # Kibana Space ID + # ID of the Kibana Space into which the dashboards should be loaded. By default, + # the Default Space will be used. + #space.id: + +#============================= Elastic Cloud ================================== + +# These settings simplify using metricbeat with the Elastic Cloud (https://cloud.elastic.co/). + +# The cloud.id setting overwrites the `output.elasticsearch.hosts` and +# `setup.kibana.host` options. +# You can find the `cloud.id` in the Elastic Cloud web UI. +#cloud.id: + +# The cloud.auth setting overwrites the `output.elasticsearch.username` and +# `output.elasticsearch.password` settings. The format is `:`. +#cloud.auth: + +#================================ Outputs ===================================== + +# Configure what output to use when sending the data collected by the beat. + +#-------------------------- Elasticsearch output ------------------------------ +output.elasticsearch: + # Array of hosts to connect to. + hosts: {{ elasticsearch_hosts }} + + # Optional protocol and basic auth credentials. + #protocol: "https" + #username: "elastic" + #password: "changeme" + +#----------------------------- Logstash output -------------------------------- +#output.logstash: + # The Logstash hosts + #hosts: ["localhost:5044"] + + # Optional SSL. By default is off. + # List of root certificates for HTTPS server verifications + #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] + + # Certificate for SSL client authentication + #ssl.certificate: "/etc/pki/client/cert.pem" + + # Client Certificate Key + #ssl.key: "/etc/pki/client/cert.key" + +#================================ Processors ===================================== + +# Configure processors to enhance or manipulate events generated by the beat. + +processors: + - add_host_metadata: ~ + - add_cloud_metadata: ~ + +#================================ Logging ===================================== + +# Sets log level. The default log level is info. +# Available log levels are: error, warning, info, debug +#logging.level: debug + +# At debug level, you can selectively enable logging only for some components. +# To enable all selectors use ["*"]. Examples of other selectors are "beat", +# "publish", "service". +#logging.selectors: ["*"] + +#============================== Xpack Monitoring =============================== +# metricbeat can export internal metrics to a central Elasticsearch monitoring +# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The +# reporting is disabled by default. + +# Set to true to enable the monitoring reporter. +#xpack.monitoring.enabled: false + +# Uncomment to send the metrics to Elasticsearch. Most settings from the +# Elasticsearch output are accepted here as well. Any setting that is not set is +# automatically inherited from the Elasticsearch output configuration, so if you +# have the Elasticsearch output configured, you can simply uncomment the +# following line. +#xpack.monitoring.elasticsearch: + +#================================= Migration ================================== + +# This allows to enable 6.7 migration aliases +#migration.6_to_7.enabled: true diff --git a/playbook/windows/install-elastic-client.yml b/playbook/windows/install-elastic-client.yml new file mode 100644 index 0000000..91d1a12 --- /dev/null +++ b/playbook/windows/install-elastic-client.yml @@ -0,0 +1,44 @@ +--- +# This will install all the client parts needed for elastic to monitor client computers + +- name: Install elastic client programs + hosts: windows + vars: + elastic_version: '7.0.0' + url_heartbeat: 'https://artifacts.elastic.co/downloads/beats/heartbeat/heartbeat-{{elastic_version}}-windows-x86_64.zip' + temp: 'c:\temp\' + program_files: 'c:\program files\' + kibana_host: '192.168.0.173:5601' + elasticsearch_hosts: '["192.168.0.173:9200"]' + + + tasks: + - name: make temp folder + win_file: + path: c:\temp\ + state: directory + + - name: download heartbeat + win_get_url: + url: '{{ url_heartbeat }}' + dest: 'C:\temp\heartbeat-{{ elastic_version }}.zip' + force: no + + - name: unzip heartbeat + win_unzip: + src: c:\temp\heartbeat-{{ elastic_version }}.zip + dest: C:\temp\heartbeat-{{ elastic_version }}\ + creates: C:\temp\heartbeat-{{ elastic_version }}\ + + - name: Copy heartbeat-{{ elastic_version }} folder + win_command: powershell.exe copy-item -Path 'c:\temp\heartbeat-{{ elastic_version }}\heartbeat-{{ elastic_version }}-windows-x86_64\' -Filter * -Recurse -Destination 'C:\Program Files\Heartbeat\' + args: + creates: C:\Program Files\Heartbeat\ + + - name: Update template + win_template: + src: heartbeat.j2 + dest: C:\Program Files\Heartbeat\heartbeat.yml + + - name: Install Heartbeat service + win_command: powershell.exe -ExecutionPolicy ByPass -File 'C:\Program Files\Heartbeat\install-service-heartbeat.ps1'