From 6f4ecfcb3793f28cb53265a691df466fd4b39976 Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Wed, 17 Apr 2019 11:46:45 -0700 Subject: [PATCH 01/11] update inventory template Added a commented out line to define where python can be found on the device. --- README.md | 20 ++++++++++++++++++++ hosts.template | 1 + 2 files changed, 21 insertions(+) diff --git a/README.md b/README.md index dd119f8..97dc597 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,25 @@ # Ansible +This repo contains my configuration and setup for my ansible use. Use at your own risk. + +## Installers + +### New hosts + +#### Linux + +```bash +wget https://github.com/luther38/Ansible/blob/master/scripts/installAnsible.sh +chmod 777 installAnsible.sh +./installOpenSSH.sh +``` + +#### Windows + +```powershell + +``` + Review the installAnsible.sh for quick setup. Make sure you run the commands out of this folder so things work as desired. diff --git a/hosts.template b/hosts.template index 567e261..a826df0 100644 --- a/hosts.template +++ b/hosts.template @@ -7,6 +7,7 @@ ansible_connection=ssh ansible_password= ansible_become_method=sudo ansible_become_pass= +#ansible_python_interpreter=/usr/bin/python3 [windows] 192.168.0.2 From 6ffc3201f59db8b81894ef31bc378781319ef7e6 Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Thu, 18 Apr 2019 11:19:08 -0700 Subject: [PATCH 02/11] Changes! Updated Docs Updated InstallDocker to support Ubuntu dist release Added some Vagrant support Adjusting Nagios still --- README.md | 15 ++++---- playbook/linux/docker/InstallDocker.yml | 2 +- playbook/linux/nagios/deployNagios.yml | 28 --------------- ...install-NagiosCore-ubuntu-dependancies.yml | 11 ++++++ playbook/linux/nagios/installNagiosCore.yml | 12 +++++++ scripts/installAnsible.sh | 5 +++ scripts/installVagrant.sh | 35 +++++++++++++++++++ 7 files changed, 70 insertions(+), 38 deletions(-) delete mode 100644 playbook/linux/nagios/deployNagios.yml create mode 100644 playbook/linux/nagios/install-NagiosCore-ubuntu-dependancies.yml create mode 100644 playbook/linux/nagios/installNagiosCore.yml create mode 100755 scripts/installVagrant.sh diff --git a/README.md b/README.md index 97dc597..0b5b9ca 100644 --- a/README.md +++ b/README.md @@ -17,13 +17,12 @@ chmod 777 installAnsible.sh #### Windows ```powershell - +$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" +$file = "$env:temp\ConfigureRemotingForAnsible.ps1" +(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) +powershell.exe -ExecutionPolicy ByPass -File $file ``` -Review the installAnsible.sh for quick setup. - -Make sure you run the commands out of this folder so things work as desired. - ## Configuration I have a basic configuration file in place at the root of this folder for anisble to find. @@ -32,10 +31,6 @@ I have a basic configuration file in place at the root of this folder for anisbl I have a template file in place that should only be used as a refrence. Make a copy of that file and name it hosts then update that file. -## Testing Inventory - - - ### Testing Linux devices ```bash @@ -48,5 +43,7 @@ ansible linux -i hosts -m ping ansible windows -i hosts -m win_ping ``` +## Unit Testing +Still in the works diff --git a/playbook/linux/docker/InstallDocker.yml b/playbook/linux/docker/InstallDocker.yml index 3ac542e..1264536 100644 --- a/playbook/linux/docker/InstallDocker.yml +++ b/playbook/linux/docker/InstallDocker.yml @@ -35,7 +35,7 @@ become: true become_method: sudo apt_repository: - repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ bionic stable" + repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ {{ ansible_distribution_release }} stable" state: present - name: Update Repos diff --git a/playbook/linux/nagios/deployNagios.yml b/playbook/linux/nagios/deployNagios.yml deleted file mode 100644 index 99bfb7b..0000000 --- a/playbook/linux/nagios/deployNagios.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: Install Nagios Core - hosts: nagios - - tasks: - - name: Install requrements - apt: - name: {{ packages }} - vars: - packages: - - install - - build-essential - - libgd-dev - - openssl - - libssl-dev - - unzip - - apache2 - - - name: Make Group: Nagios - group: - name: nagios - - - - - - - name: Make User: Nagios - - diff --git a/playbook/linux/nagios/install-NagiosCore-ubuntu-dependancies.yml b/playbook/linux/nagios/install-NagiosCore-ubuntu-dependancies.yml new file mode 100644 index 0000000..8ee3767 --- /dev/null +++ b/playbook/linux/nagios/install-NagiosCore-ubuntu-dependancies.yml @@ -0,0 +1,11 @@ + + +- name: Install Nagios Core Dependancies + hosts: nagios + + tasks: + - name: Update apt + apt: + update_cache: yes + + diff --git a/playbook/linux/nagios/installNagiosCore.yml b/playbook/linux/nagios/installNagiosCore.yml new file mode 100644 index 0000000..29cd7ca --- /dev/null +++ b/playbook/linux/nagios/installNagiosCore.yml @@ -0,0 +1,12 @@ +- name: Install Nagios Core + hosts: nagios + + tasks: + - include_role: + name: oefenweb.nagios-server + # vars: + # nagios_version: 4.4.3 + # nagios_users: + #- user: nagiosadmin + #- pass: password + diff --git a/scripts/installAnsible.sh b/scripts/installAnsible.sh index 3111787..a4696fd 100644 --- a/scripts/installAnsible.sh +++ b/scripts/installAnsible.sh @@ -32,3 +32,8 @@ sudo pip install 'ansible[azure]' echo "[pip] Installing Docker module" sudo pip install docker + + +echo "Installing roles from galaxy.ansible.com" +echo "[galaxy] Nagios Core - Server Side " +ansible-galaxy install networklore.nagios diff --git a/scripts/installVagrant.sh b/scripts/installVagrant.sh new file mode 100755 index 0000000..9d7c550 --- /dev/null +++ b/scripts/installVagrant.sh @@ -0,0 +1,35 @@ + +# This will install Vagrant on the device + +#1.0 Started to add Vagrant to the project + +echo "OS: $OSTYPE" +if [[ "$OSTYPE" == "darin"* ]]; then + +# I use debian so sudo +elif [[ "$OSTYPE" == "linux-gnu" ]]; then + + # Download current release + wget https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2.2.4_linux_amd64.zip + + unzip vagrant_2.2.4_linux_amd64.zip + + # Remove the zip + rm vagrant_2.2.4_linux_amd64.zip + + # copy over to bin + sudo cp vagrant /usr/bin/vagrant + + rm vagrant + + echo "Installing VirtualBox 6" + wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add - + wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add - + sudo add-apt-repository "deb [arch=amd64] http://download.virtualbox.org/virtualbox/debian cosmic contrib" + sudo apt update + sudo apt install virtualbox-6.0 +else + echo "You are running on a OS that is not supported by this script at this time." + echo "No changes have been made." + exit +fi From d000d9616c2ea3bf62100eb9724090d098bca813 Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Thu, 18 Apr 2019 12:02:09 -0700 Subject: [PATCH 03/11] Added ElasticSearch --- playbook/linux/elastic/elastic-7.x.list | 1 + .../linux/elastic/install-elasticsearch.yml | 40 +++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 playbook/linux/elastic/elastic-7.x.list create mode 100644 playbook/linux/elastic/install-elasticsearch.yml diff --git a/playbook/linux/elastic/elastic-7.x.list b/playbook/linux/elastic/elastic-7.x.list new file mode 100644 index 0000000..7eef915 --- /dev/null +++ b/playbook/linux/elastic/elastic-7.x.list @@ -0,0 +1 @@ +deb https://artifacts.elastic.co/packages/7.x/apt stable main diff --git a/playbook/linux/elastic/install-elasticsearch.yml b/playbook/linux/elastic/install-elasticsearch.yml new file mode 100644 index 0000000..260c679 --- /dev/null +++ b/playbook/linux/elastic/install-elasticsearch.yml @@ -0,0 +1,40 @@ + + +- name: Install Elasticsearch + hosts: elastic + + tasks: + - name: Install Elastic GPG Key + become: true + apt_key: + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + state: present + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + + - name: Install apt-transport-https + apt: + name: apt-transport-https + - name: Add Elastic Repo + become: true + copy: + src: elastic-7.x.list + dest: /etc/apt/sources.list.d/ + backup: yes + + - name: Update Packages + become: true + apt: + update_cache: true + + - name: Install ElasticSearch + become: true + apt: + name: elasticsearch + + - name: Start Service + systemd: + daemon_reload: yes + enabled: yes + name: elasticsearch + + From 35467bf21a08a463f0e5ae525f4f635409224dbc Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Thu, 18 Apr 2019 13:49:30 -0700 Subject: [PATCH 04/11] Added Kibana yml Kibana can now be installed. Updated ElasticSearch. --- .../linux/elastic/install-elasticsearch.yml | 16 +++++- playbook/linux/elastic/install-kibana.yml | 51 +++++++++++++++++++ 2 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 playbook/linux/elastic/install-kibana.yml diff --git a/playbook/linux/elastic/install-elasticsearch.yml b/playbook/linux/elastic/install-elasticsearch.yml index 260c679..fe40405 100644 --- a/playbook/linux/elastic/install-elasticsearch.yml +++ b/playbook/linux/elastic/install-elasticsearch.yml @@ -31,10 +31,22 @@ apt: name: elasticsearch - - name: Start Service + - name: Allow port 9200 though UFW + become: true + ufw: + rule: allow + port: 9200 + #name: ElasticSearch + + - name: Service reload daemon + become: true systemd: daemon_reload: yes - enabled: yes + + - name: Start ElasticSearch + become: true + systemd: name: elasticsearch + enabled: yes diff --git a/playbook/linux/elastic/install-kibana.yml b/playbook/linux/elastic/install-kibana.yml new file mode 100644 index 0000000..946de91 --- /dev/null +++ b/playbook/linux/elastic/install-kibana.yml @@ -0,0 +1,51 @@ + +- name: Install Kibana + hosts: elastic + + tasks: + - name: Install Elastic GPG Key + become: true + apt_key: + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + state: present + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + + - name: Install apt-transport-https + apt: + name: apt-transport-https + + - name: Add Elastic Repo + become: true + copy: + src: elastic-7.x.list + dest: /etc/apt/sources.list.d/ + backup: yes + + - name: Update Packages + become: true + apt: + update_cache: true + + - name: Install kibana + become: true + apt: + name: kibana + + - name: Allow port 5601 + become: true + ufw: + rule: allow + port: 5601 + + - name: Service daemon reload + become: true + systemd: + daemon_reload: yes + + - name: Start Kibana + become: true + systemd: + name: kibana.service + enabled: yes + state: started + From 104d8a29d8a7b16675fcb5f55177bd647621a644 Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Thu, 18 Apr 2019 14:21:20 -0700 Subject: [PATCH 05/11] Kibana updates Added config file. Ansible will copy the config file over to the server. --- playbook/linux/elastic/install-kibana.yml | 7 ++ playbook/linux/elastic/kibana.yml | 113 ++++++++++++++++++++++ 2 files changed, 120 insertions(+) create mode 100644 playbook/linux/elastic/kibana.yml diff --git a/playbook/linux/elastic/install-kibana.yml b/playbook/linux/elastic/install-kibana.yml index 946de91..e742434 100644 --- a/playbook/linux/elastic/install-kibana.yml +++ b/playbook/linux/elastic/install-kibana.yml @@ -30,6 +30,13 @@ become: true apt: name: kibana + + - name: Update kibana config + become: true + copy: + src: kibana.yml + dest: /etc/kibana/ + backup: yes - name: Allow port 5601 become: true diff --git a/playbook/linux/elastic/kibana.yml b/playbook/linux/elastic/kibana.yml new file mode 100644 index 0000000..366f247 --- /dev/null +++ b/playbook/linux/elastic/kibana.yml @@ -0,0 +1,113 @@ +# Kibana is served by a back end server. This setting specifies the port to use. +server.port: 5601 + +# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. +# The default is 'localhost', which usually means remote machines will not be able to connect. +# To allow connections from remote users, set this parameter to a non-loopback address. +server.host: "192.168.0.173" + +# Enables you to specify a path to mount Kibana at if you are running behind a proxy. +# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath +# from requests it receives, and to prevent a deprecation warning at startup. +# This setting cannot end in a slash. +#server.basePath: "" + +# Specifies whether Kibana should rewrite requests that are prefixed with +# `server.basePath` or require that they are rewritten by your reverse proxy. +# This setting was effectively always `false` before Kibana 6.3 and will +# default to `true` starting in Kibana 7.0. +#server.rewriteBasePath: false + +# The maximum payload size in bytes for incoming server requests. +#server.maxPayloadBytes: 1048576 + +# The Kibana server's name. This is used for display purposes. +#server.name: "your-hostname" + +# The URLs of the Elasticsearch instances to use for all your queries. +elasticsearch.hosts: ["http://localhost:9200"] + +# When this setting's value is true Kibana uses the hostname specified in the server.host +# setting. When the value of this setting is false, Kibana uses the hostname of the host +# that connects to this Kibana instance. +#elasticsearch.preserveHost: true + +# Kibana uses an index in Elasticsearch to store saved searches, visualizations and +# dashboards. Kibana creates a new index if the index doesn't already exist. +#kibana.index: ".kibana" + +# The default application to load. +#kibana.defaultAppId: "home" + +# If your Elasticsearch is protected with basic authentication, these settings provide +# the username and password that the Kibana server uses to perform maintenance on the Kibana +# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which +# is proxied through the Kibana server. +#elasticsearch.username: "user" +#elasticsearch.password: "pass" + +# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. +# These settings enable SSL for outgoing requests from the Kibana server to the browser. +#server.ssl.enabled: false +#server.ssl.certificate: /path/to/your/server.crt +#server.ssl.key: /path/to/your/server.key + +# Optional settings that provide the paths to the PEM-format SSL certificate and key files. +# These files validate that your Elasticsearch backend uses the same key files. +#elasticsearch.ssl.certificate: /path/to/your/client.crt +#elasticsearch.ssl.key: /path/to/your/client.key + +# Optional setting that enables you to specify a path to the PEM file for the certificate +# authority for your Elasticsearch instance. +#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] + +# To disregard the validity of SSL certificates, change this setting's value to 'none'. +#elasticsearch.ssl.verificationMode: full + +# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of +# the elasticsearch.requestTimeout setting. +#elasticsearch.pingTimeout: 1500 + +# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value +# must be a positive integer. +#elasticsearch.requestTimeout: 30000 + +# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side +# headers, set this value to [] (an empty list). +#elasticsearch.requestHeadersWhitelist: [ authorization ] + +# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten +# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. +#elasticsearch.customHeaders: {} + +# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. +#elasticsearch.shardTimeout: 30000 + +# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying. +#elasticsearch.startupTimeout: 5000 + +# Logs queries sent to Elasticsearch. Requires logging.verbose set to true. +#elasticsearch.logQueries: false + +# Specifies the path where Kibana creates the process ID file. +#pid.file: /var/run/kibana.pid + +# Enables you specify a file where Kibana stores log output. +#logging.dest: stdout + +# Set the value of this setting to true to suppress all logging output. +#logging.silent: false + +# Set the value of this setting to true to suppress all logging output other than error messages. +#logging.quiet: false + +# Set the value of this setting to true to log all events, including system usage information +# and all requests. +#logging.verbose: false + +# Set the interval in milliseconds to sample system and process performance +# metrics. Minimum is 100ms. Defaults to 5000. +#ops.interval: 5000 + +# Specifies locale to be used for all localizable strings, dates and number formats. +#i18n.locale: "en" From e38755d897872e796d72bf6219a081c57c1e061a Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Fri, 19 Apr 2019 09:07:35 -0700 Subject: [PATCH 06/11] Update install-elasticsearch.yml adding config updates --- .../linux/elastic/install-elasticsearch.yml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/playbook/linux/elastic/install-elasticsearch.yml b/playbook/linux/elastic/install-elasticsearch.yml index fe40405..1f38dbf 100644 --- a/playbook/linux/elastic/install-elasticsearch.yml +++ b/playbook/linux/elastic/install-elasticsearch.yml @@ -31,6 +31,26 @@ apt: name: elasticsearch + + # This will work on a new install. + # If any changes are needed to the cluster name on an existing install add another function + - name: Config - cluster.name 'elastic-DMI01' + become: true + lineinfile: + path: /etc/elasticsearch/elasticsearch.yml + regex: '^cluster.name' + insertafter: '#cluster.name: my-application' + line: 'cluster.name: elastic-DMI01' + backup: yes + + - name: Config - node.name + become: true + lineinfile: + path: /etc/elasticsearch/elasticsearch.yml + regex: '^node.name' + insertafter: '#node.name: node-1' + line: "node.name: {{ ansible_eno1.ipv4.address }}" + - name: Allow port 9200 though UFW become: true ufw: From 6f8d66a2fe14fa3dfdc9a69d021e2f79b8c44934 Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Fri, 19 Apr 2019 09:16:55 -0700 Subject: [PATCH 07/11] Update install-elasticsearch.yml service will now turn on at system startup. service will be restarted at the end. --- playbook/linux/elastic/install-elasticsearch.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/playbook/linux/elastic/install-elasticsearch.yml b/playbook/linux/elastic/install-elasticsearch.yml index 1f38dbf..3d17d2b 100644 --- a/playbook/linux/elastic/install-elasticsearch.yml +++ b/playbook/linux/elastic/install-elasticsearch.yml @@ -63,10 +63,15 @@ systemd: daemon_reload: yes - - name: Start ElasticSearch + - name: systemd - enable ElasticSearch on startup become: true systemd: name: elasticsearch enabled: yes + - name: systemd - restart ElasticSearch service + become: true + systemd: + name: elasticsearch + state: restarted From 8f63118ca28abf1b64147defd62a18a20fd7a678 Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Fri, 19 Apr 2019 12:52:07 -0700 Subject: [PATCH 08/11] updates Comments added to elasticsearch Config for kibana is now done with ansible removed the stored config file metricbeat was added --- .../linux/elastic/install-elasticsearch.yml | 3 + playbook/linux/elastic/install-kibana.yml | 113 +++++++++++------- playbook/linux/elastic/install-metricbeat.yml | 19 +++ playbook/linux/elastic/kibana.yml | 113 ------------------ 4 files changed, 91 insertions(+), 157 deletions(-) create mode 100644 playbook/linux/elastic/install-metricbeat.yml delete mode 100644 playbook/linux/elastic/kibana.yml diff --git a/playbook/linux/elastic/install-elasticsearch.yml b/playbook/linux/elastic/install-elasticsearch.yml index 3d17d2b..acaf766 100644 --- a/playbook/linux/elastic/install-elasticsearch.yml +++ b/playbook/linux/elastic/install-elasticsearch.yml @@ -14,6 +14,7 @@ - name: Install apt-transport-https apt: name: apt-transport-https + - name: Add Elastic Repo become: true copy: @@ -43,6 +44,7 @@ line: 'cluster.name: elastic-DMI01' backup: yes + # We define the name of the host we are working on - name: Config - node.name become: true lineinfile: @@ -51,6 +53,7 @@ insertafter: '#node.name: node-1' line: "node.name: {{ ansible_eno1.ipv4.address }}" + # Allow 9200 so we can access it over the network - name: Allow port 9200 though UFW become: true ufw: diff --git a/playbook/linux/elastic/install-kibana.yml b/playbook/linux/elastic/install-kibana.yml index e742434..2323363 100644 --- a/playbook/linux/elastic/install-kibana.yml +++ b/playbook/linux/elastic/install-kibana.yml @@ -3,56 +3,81 @@ hosts: elastic tasks: - - name: Install Elastic GPG Key - become: true - apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - state: present - id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + - name: Install Elastic GPG Key + become: true + apt_key: + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + state: present + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - - name: Install apt-transport-https - apt: - name: apt-transport-https + - name: Install apt-transport-https + apt: + name: apt-transport-https - - name: Add Elastic Repo - become: true - copy: - src: elastic-7.x.list - dest: /etc/apt/sources.list.d/ - backup: yes + - name: Add Elastic Repo + become: true + copy: + src: elastic-7.x.list + dest: /etc/apt/sources.list.d/ + backup: yes - - name: Update Packages - become: true - apt: - update_cache: true + - name: Update Packages + become: true + apt: + update_cache: true - - name: Install kibana - become: true - apt: - name: kibana + - name: Install kibana + become: true + apt: + name: kibana - - name: Update kibana config - become: true - copy: - src: kibana.yml - dest: /etc/kibana/ - backup: yes - - name: Allow port 5601 - become: true - ufw: - rule: allow - port: 5601 + - name: Config - Server.Port 5601 + become: true + lineinfile: + path: /etc/kibana/kibana.yml + regex: '^server.port' + insertafter: '#server.port: 5601' + line: 'server.port: 5601' + backup: yes - - name: Service daemon reload - become: true - systemd: - daemon_reload: yes - - name: Start Kibana - become: true - systemd: - name: kibana.service - enabled: yes - state: started + - name: Config - Server.host + become: true + lineinfile: + path: /etc/kibana/kibana.yml + regex: '^server.host' + insertafter: '#server.host' + line: 'server.host: {{ ansible_eno1.ipv4.address }}' + + - name: Config - elasticsearch.hosts + become: true + lineinfile: + path: /etc/kibana/kibana.yml + regex: '^elasticsearch.hosts' + insertafter: '#elasticsearch.hosts:' + line: 'elasticsearch.hosts: ["http://localhost:9200"]' + + - name: Allow port 5601 + become: true + ufw: + rule: allow + port: 5601 + + - name: systemd - daemon reload + become: true + systemd: + daemon_reload: yes + + - name: systemd - enable Kibana on startup + become: true + systemd: + name: kibana + enabled: yes + + - name: systemd - restart Kibana + become: true + systemd: + name: kibana + state: restarted diff --git a/playbook/linux/elastic/install-metricbeat.yml b/playbook/linux/elastic/install-metricbeat.yml new file mode 100644 index 0000000..22fdbb2 --- /dev/null +++ b/playbook/linux/elastic/install-metricbeat.yml @@ -0,0 +1,19 @@ + +- name: Install Metricbeat + hosts: elastic + + tasks: + - name: Download metricbeat deb + get_url: + url: 'https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.0.0-amd64.deb' + dest: /tmp/metricbeat.deb + + - name: Install metricbeat + become: true + apt: + deb: /tmp/metricbeat.deb + + - name: enable modules + + + - name: config where to send information diff --git a/playbook/linux/elastic/kibana.yml b/playbook/linux/elastic/kibana.yml deleted file mode 100644 index 366f247..0000000 --- a/playbook/linux/elastic/kibana.yml +++ /dev/null @@ -1,113 +0,0 @@ -# Kibana is served by a back end server. This setting specifies the port to use. -server.port: 5601 - -# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. -# The default is 'localhost', which usually means remote machines will not be able to connect. -# To allow connections from remote users, set this parameter to a non-loopback address. -server.host: "192.168.0.173" - -# Enables you to specify a path to mount Kibana at if you are running behind a proxy. -# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath -# from requests it receives, and to prevent a deprecation warning at startup. -# This setting cannot end in a slash. -#server.basePath: "" - -# Specifies whether Kibana should rewrite requests that are prefixed with -# `server.basePath` or require that they are rewritten by your reverse proxy. -# This setting was effectively always `false` before Kibana 6.3 and will -# default to `true` starting in Kibana 7.0. -#server.rewriteBasePath: false - -# The maximum payload size in bytes for incoming server requests. -#server.maxPayloadBytes: 1048576 - -# The Kibana server's name. This is used for display purposes. -#server.name: "your-hostname" - -# The URLs of the Elasticsearch instances to use for all your queries. -elasticsearch.hosts: ["http://localhost:9200"] - -# When this setting's value is true Kibana uses the hostname specified in the server.host -# setting. When the value of this setting is false, Kibana uses the hostname of the host -# that connects to this Kibana instance. -#elasticsearch.preserveHost: true - -# Kibana uses an index in Elasticsearch to store saved searches, visualizations and -# dashboards. Kibana creates a new index if the index doesn't already exist. -#kibana.index: ".kibana" - -# The default application to load. -#kibana.defaultAppId: "home" - -# If your Elasticsearch is protected with basic authentication, these settings provide -# the username and password that the Kibana server uses to perform maintenance on the Kibana -# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which -# is proxied through the Kibana server. -#elasticsearch.username: "user" -#elasticsearch.password: "pass" - -# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. -# These settings enable SSL for outgoing requests from the Kibana server to the browser. -#server.ssl.enabled: false -#server.ssl.certificate: /path/to/your/server.crt -#server.ssl.key: /path/to/your/server.key - -# Optional settings that provide the paths to the PEM-format SSL certificate and key files. -# These files validate that your Elasticsearch backend uses the same key files. -#elasticsearch.ssl.certificate: /path/to/your/client.crt -#elasticsearch.ssl.key: /path/to/your/client.key - -# Optional setting that enables you to specify a path to the PEM file for the certificate -# authority for your Elasticsearch instance. -#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] - -# To disregard the validity of SSL certificates, change this setting's value to 'none'. -#elasticsearch.ssl.verificationMode: full - -# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of -# the elasticsearch.requestTimeout setting. -#elasticsearch.pingTimeout: 1500 - -# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value -# must be a positive integer. -#elasticsearch.requestTimeout: 30000 - -# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side -# headers, set this value to [] (an empty list). -#elasticsearch.requestHeadersWhitelist: [ authorization ] - -# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten -# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. -#elasticsearch.customHeaders: {} - -# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. -#elasticsearch.shardTimeout: 30000 - -# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying. -#elasticsearch.startupTimeout: 5000 - -# Logs queries sent to Elasticsearch. Requires logging.verbose set to true. -#elasticsearch.logQueries: false - -# Specifies the path where Kibana creates the process ID file. -#pid.file: /var/run/kibana.pid - -# Enables you specify a file where Kibana stores log output. -#logging.dest: stdout - -# Set the value of this setting to true to suppress all logging output. -#logging.silent: false - -# Set the value of this setting to true to suppress all logging output other than error messages. -#logging.quiet: false - -# Set the value of this setting to true to log all events, including system usage information -# and all requests. -#logging.verbose: false - -# Set the interval in milliseconds to sample system and process performance -# metrics. Minimum is 100ms. Defaults to 5000. -#ops.interval: 5000 - -# Specifies locale to be used for all localizable strings, dates and number formats. -#i18n.locale: "en" From b4f0af6963e936ed2ca084d8c5a164c6ad459ac1 Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Fri, 19 Apr 2019 16:15:04 -0700 Subject: [PATCH 09/11] Update install-metricbeat.yml --- playbook/linux/elastic/install-metricbeat.yml | 27 ++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/playbook/linux/elastic/install-metricbeat.yml b/playbook/linux/elastic/install-metricbeat.yml index 22fdbb2..31c4050 100644 --- a/playbook/linux/elastic/install-metricbeat.yml +++ b/playbook/linux/elastic/install-metricbeat.yml @@ -13,7 +13,32 @@ apt: deb: /tmp/metricbeat.deb - - name: enable modules + # - name: enable modules + + - name: define kibana host: + become: true + lineinfile: + path: /etc/metricbeat/metricbeat.yml + regex: '^host: "localhost:5601"' + insertafter: '#host: "localhost:5601"' + line: 'host: ' - name: config where to send information + + - name: systemd - daemon reload + become: true + systemd: + daemon_reload: yes + + - name: Enable service on system startup + become: true + systemd: + name: metricbeat + enabed: yes + + - name: systemd - restart Metricbeat + become: true + systemd: + name: metricbeat + state: restarted From 02c5a9c632018892fb3691db17a8fbbb44c824d7 Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Mon, 22 Apr 2019 15:01:56 -0700 Subject: [PATCH 10/11] Big changes to Elastic services Install-Client and Install-Server are now valid. They will install what is needed per the hosts file. Computers in Linux will get client and computers in Elastic will get server. --- playbook/README.md | 32 +++++++ .../linux/elastic/config-elasticsearch.yml | 44 ++++++++++ playbook/linux/elastic/config-heartbeat.yml | 25 ++++++ playbook/linux/elastic/config-kibana.yml | 49 +++++++++++ playbook/linux/elastic/config-metricbeat.yml | 29 +++++++ playbook/linux/elastic/install-client.yml | 25 ++++++ .../linux/elastic/install-elasticsearch.yml | 80 ------------------ playbook/linux/elastic/install-kibana.yml | 83 ------------------- playbook/linux/elastic/install-metricbeat.yml | 44 ---------- playbook/linux/elastic/install-repo.yml | 29 +++++++ playbook/linux/elastic/install-server.yml | 27 ++++++ ...{deployPwsh.yml => install-powershell.yml} | 0 playbook/nagios/deployNagios.yml | 25 ------ 13 files changed, 260 insertions(+), 232 deletions(-) create mode 100644 playbook/README.md create mode 100644 playbook/linux/elastic/config-elasticsearch.yml create mode 100644 playbook/linux/elastic/config-heartbeat.yml create mode 100644 playbook/linux/elastic/config-kibana.yml create mode 100644 playbook/linux/elastic/config-metricbeat.yml create mode 100644 playbook/linux/elastic/install-client.yml delete mode 100644 playbook/linux/elastic/install-elasticsearch.yml delete mode 100644 playbook/linux/elastic/install-kibana.yml delete mode 100644 playbook/linux/elastic/install-metricbeat.yml create mode 100644 playbook/linux/elastic/install-repo.yml create mode 100644 playbook/linux/elastic/install-server.yml rename playbook/linux/{deployPwsh.yml => install-powershell.yml} (100%) delete mode 100644 playbook/nagios/deployNagios.yml diff --git a/playbook/README.md b/playbook/README.md new file mode 100644 index 0000000..fdaae2b --- /dev/null +++ b/playbook/README.md @@ -0,0 +1,32 @@ +# Playbook + +This is the collection of playbooks that have been made. Each folder here ties back into the hosts file. + +## Linux + +This contains files that are designed to be ran against all linux based hosts. Some files are just general security updates and some will install packages that all servers need. + +Installable services + + * elastic-heartbeat + * elastic-metricbeat + +### Docker + +This contains files that will maintain and deploy docker servers. + +Docker servers will be a sub under Linux for basic up keep on the servers. + + +### Elastic + +This folder contains the files needed for a host that runs Elastic services as a server. + + * ElasticSearch + * Kibana + +## Windows + +Just like its Linux counter part, this contains the information and playbooks that are designed to be ran against all windows servers. Keeping baseline firewall, users, groups and windows updates are some examples. + + diff --git a/playbook/linux/elastic/config-elasticsearch.yml b/playbook/linux/elastic/config-elasticsearch.yml new file mode 100644 index 0000000..019b899 --- /dev/null +++ b/playbook/linux/elastic/config-elasticsearch.yml @@ -0,0 +1,44 @@ +# This will work on a new install. +# If any changes are needed to the cluster name on an existing install add another function +- name: Config - cluster.name 'elastic-DMI01' +become: true +lineinfile: + path: /etc/elasticsearch/elasticsearch.yml + regex: '^cluster.name' + insertafter: '#cluster.name: my-application' + line: 'cluster.name: elastic-DMI01' + backup: yes + +# We define the name of the host we are working on +- name: Config - node.name +become: true +lineinfile: + path: /etc/elasticsearch/elasticsearch.yml + regex: '^node.name' + insertafter: '#node.name: node-1' + line: "node.name: {{ ansible_eno1.ipv4.address }}" + +# Allow 9200 so we can access it over the network +- name: Allow port 9200 though UFW +become: true +ufw: + rule: allow + port: 9200 + #name: ElasticSearch + +- name: Service reload daemon +become: true +systemd: + daemon_reload: yes + +- name: systemd - enable ElasticSearch on startup +become: true +systemd: + name: elasticsearch + enabled: yes + +- name: systemd - restart ElasticSearch service +become: true +systemd: + name: elasticsearch + state: restarted diff --git a/playbook/linux/elastic/config-heartbeat.yml b/playbook/linux/elastic/config-heartbeat.yml new file mode 100644 index 0000000..ad2dacd --- /dev/null +++ b/playbook/linux/elastic/config-heartbeat.yml @@ -0,0 +1,25 @@ +--- +- name: define kibana host + become: true + lineinfile: + path: /etc/heartbeat/heartbeat.yml + regex: '^host: "dm-nagios.local:5601"' + insertafter: '#host: "localhost:5601"' + line: 'host: "dm-nagios.local:5601"' + +- name: systemd - daemon reload + become: true + systemd: + daemon_reload: yes + +- name: system - enable on startup + become: true + systemd: + name: heartbeat-elastic + enabled: yes + +- name: systemd - restart heartbeat + become: true + systemd: + name: heartbeat-elastic + state: restarted diff --git a/playbook/linux/elastic/config-kibana.yml b/playbook/linux/elastic/config-kibana.yml new file mode 100644 index 0000000..1152ec6 --- /dev/null +++ b/playbook/linux/elastic/config-kibana.yml @@ -0,0 +1,49 @@ + +- name: Config - Server.Port 5601 + become: true + lineinfile: + path: /etc/kibana/kibana.yml + regex: '^server.port' + insertafter: '#server.port: 5601' + line: 'server.port: 5601' + backup: yes + + +- name: Config - Server.host + become: true + lineinfile: + path: /etc/kibana/kibana.yml + regex: '^server.host' + insertafter: '#server.host' + line: 'server.host: {{ ansible_eno1.ipv4.address }}' + +- name: Config - elasticsearch.hosts + become: true + lineinfile: + path: /etc/kibana/kibana.yml + regex: '^elasticsearch.hosts' + insertafter: '#elasticsearch.hosts:' + line: 'elasticsearch.hosts: ["http://localhost:9200"]' + +- name: Allow port 5601 + become: true + ufw: + rule: allow + port: 5601 + +- name: systemd - daemon reload + become: true + systemd: + daemon_reload: yes + +- name: systemd - enable Kibana on startup + become: true + systemd: + name: kibana + enabled: yes + +- name: systemd - restart Kibana + become: true + systemd: + name: kibana + state: restarted diff --git a/playbook/linux/elastic/config-metricbeat.yml b/playbook/linux/elastic/config-metricbeat.yml new file mode 100644 index 0000000..d4e0400 --- /dev/null +++ b/playbook/linux/elastic/config-metricbeat.yml @@ -0,0 +1,29 @@ + +# - name: enable modules + +- name: define kibana host + become: true + lineinfile: + path: /etc/metricbeat/metricbeat.yml + regex: '^host: "dm-nagios.local:5601"' + insertafter: '#host: "localhost:5601"' + line: 'host: "dm-nagios.local:5601"' + +#- name: config where to send information + +- name: systemd - daemon reload + become: true + systemd: + daemon_reload: yes + +- name: Enable service on system startup + become: true + systemd: + name: metricbeat + enabled: yes + +- name: systemd - restart Metricbeat + become: true + systemd: + name: metricbeat + state: restarted diff --git a/playbook/linux/elastic/install-client.yml b/playbook/linux/elastic/install-client.yml new file mode 100644 index 0000000..9573703 --- /dev/null +++ b/playbook/linux/elastic/install-client.yml @@ -0,0 +1,25 @@ +--- +# This will install all the client parts needed for elastic to monitor client computers + +- name: Install elastic client programs + hosts: linux + + tasks: + - name: Install elastic repo + include: install-repo.yml + + - name: Install elastic heartbeat + become: true + apt: + name: heartbeat-elastic + + - name: Configure elastic heartbeazt + include: config-heartbeat.yml + + - name: Install elastic metricbeat + become: true + apt: + name: metricbeat + + - name: Configure elastic metricbeat + include: config-metricbeat.yml diff --git a/playbook/linux/elastic/install-elasticsearch.yml b/playbook/linux/elastic/install-elasticsearch.yml deleted file mode 100644 index acaf766..0000000 --- a/playbook/linux/elastic/install-elasticsearch.yml +++ /dev/null @@ -1,80 +0,0 @@ - - -- name: Install Elasticsearch - hosts: elastic - - tasks: - - name: Install Elastic GPG Key - become: true - apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - state: present - id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - - - name: Install apt-transport-https - apt: - name: apt-transport-https - - - name: Add Elastic Repo - become: true - copy: - src: elastic-7.x.list - dest: /etc/apt/sources.list.d/ - backup: yes - - - name: Update Packages - become: true - apt: - update_cache: true - - - name: Install ElasticSearch - become: true - apt: - name: elasticsearch - - - # This will work on a new install. - # If any changes are needed to the cluster name on an existing install add another function - - name: Config - cluster.name 'elastic-DMI01' - become: true - lineinfile: - path: /etc/elasticsearch/elasticsearch.yml - regex: '^cluster.name' - insertafter: '#cluster.name: my-application' - line: 'cluster.name: elastic-DMI01' - backup: yes - - # We define the name of the host we are working on - - name: Config - node.name - become: true - lineinfile: - path: /etc/elasticsearch/elasticsearch.yml - regex: '^node.name' - insertafter: '#node.name: node-1' - line: "node.name: {{ ansible_eno1.ipv4.address }}" - - # Allow 9200 so we can access it over the network - - name: Allow port 9200 though UFW - become: true - ufw: - rule: allow - port: 9200 - #name: ElasticSearch - - - name: Service reload daemon - become: true - systemd: - daemon_reload: yes - - - name: systemd - enable ElasticSearch on startup - become: true - systemd: - name: elasticsearch - enabled: yes - - - name: systemd - restart ElasticSearch service - become: true - systemd: - name: elasticsearch - state: restarted - diff --git a/playbook/linux/elastic/install-kibana.yml b/playbook/linux/elastic/install-kibana.yml deleted file mode 100644 index 2323363..0000000 --- a/playbook/linux/elastic/install-kibana.yml +++ /dev/null @@ -1,83 +0,0 @@ - -- name: Install Kibana - hosts: elastic - - tasks: - - name: Install Elastic GPG Key - become: true - apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - state: present - id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - - - name: Install apt-transport-https - apt: - name: apt-transport-https - - - name: Add Elastic Repo - become: true - copy: - src: elastic-7.x.list - dest: /etc/apt/sources.list.d/ - backup: yes - - - name: Update Packages - become: true - apt: - update_cache: true - - - name: Install kibana - become: true - apt: - name: kibana - - - - name: Config - Server.Port 5601 - become: true - lineinfile: - path: /etc/kibana/kibana.yml - regex: '^server.port' - insertafter: '#server.port: 5601' - line: 'server.port: 5601' - backup: yes - - - - name: Config - Server.host - become: true - lineinfile: - path: /etc/kibana/kibana.yml - regex: '^server.host' - insertafter: '#server.host' - line: 'server.host: {{ ansible_eno1.ipv4.address }}' - - - name: Config - elasticsearch.hosts - become: true - lineinfile: - path: /etc/kibana/kibana.yml - regex: '^elasticsearch.hosts' - insertafter: '#elasticsearch.hosts:' - line: 'elasticsearch.hosts: ["http://localhost:9200"]' - - - name: Allow port 5601 - become: true - ufw: - rule: allow - port: 5601 - - - name: systemd - daemon reload - become: true - systemd: - daemon_reload: yes - - - name: systemd - enable Kibana on startup - become: true - systemd: - name: kibana - enabled: yes - - - name: systemd - restart Kibana - become: true - systemd: - name: kibana - state: restarted - diff --git a/playbook/linux/elastic/install-metricbeat.yml b/playbook/linux/elastic/install-metricbeat.yml deleted file mode 100644 index 31c4050..0000000 --- a/playbook/linux/elastic/install-metricbeat.yml +++ /dev/null @@ -1,44 +0,0 @@ - -- name: Install Metricbeat - hosts: elastic - - tasks: - - name: Download metricbeat deb - get_url: - url: 'https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.0.0-amd64.deb' - dest: /tmp/metricbeat.deb - - - name: Install metricbeat - become: true - apt: - deb: /tmp/metricbeat.deb - - # - name: enable modules - - - name: define kibana host: - become: true - lineinfile: - path: /etc/metricbeat/metricbeat.yml - regex: '^host: "localhost:5601"' - insertafter: '#host: "localhost:5601"' - line: 'host: ' - - - - name: config where to send information - - - name: systemd - daemon reload - become: true - systemd: - daemon_reload: yes - - - name: Enable service on system startup - become: true - systemd: - name: metricbeat - enabed: yes - - - name: systemd - restart Metricbeat - become: true - systemd: - name: metricbeat - state: restarted diff --git a/playbook/linux/elastic/install-repo.yml b/playbook/linux/elastic/install-repo.yml new file mode 100644 index 0000000..c4504a6 --- /dev/null +++ b/playbook/linux/elastic/install-repo.yml @@ -0,0 +1,29 @@ +--- + +- name: Install Elastic GPG Key + become: true + apt_key: + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + state: present + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + +- name: Install apt-transport-https + become: true + apt: + name: apt-transport-https + +- name: Add Elastic Repo + become: true + copy: + dest: '/etc/apt/sources.list.d/elastic-7.x.list' + content: "deb https://artifacts.elastic.co/packages/7.x/apt stable main" + # copy: + #src: elastic-7.x.list + # dest: /etc/apt/sources.list.d/ + # backup: yes + +- name: Update Packages + become: true + apt: + update_cache: true + diff --git a/playbook/linux/elastic/install-server.yml b/playbook/linux/elastic/install-server.yml new file mode 100644 index 0000000..bc6854a --- /dev/null +++ b/playbook/linux/elastic/install-server.yml @@ -0,0 +1,27 @@ +--- +# This will install all elastic services for a elastic server +# ElasticSearch +# Kibana + +- name: Install Elastic server programs + hosts: elastic + + tasks: + - name: Install Requrements + include: install-repo.yml + + - name: Install ElasticSearch from apt + become: true + apt: + name: elasticsearch + + - name: Configure ElasticSearch + include: config-elasticsearch.yml + + - name: Install Kibana from apt + become: true + apt: + name: kibana + + - name: Configure Kibana + include: config-kibana.yml diff --git a/playbook/linux/deployPwsh.yml b/playbook/linux/install-powershell.yml similarity index 100% rename from playbook/linux/deployPwsh.yml rename to playbook/linux/install-powershell.yml diff --git a/playbook/nagios/deployNagios.yml b/playbook/nagios/deployNagios.yml deleted file mode 100644 index 1429c8d..0000000 --- a/playbook/nagios/deployNagios.yml +++ /dev/null @@ -1,25 +0,0 @@ -- name: Install Nagios Core - hosts: nagios - - tasks: - - name: Install requrements - apt: - name: {{ packages }} - vars: - packages: - - install - - build-essential - - libgd-dev - - openssl - - libssl-dev - - unzip - - apache2 - - - name: Make Group: Nagios - - - - - - name: Make User: Nagios - - From 305708add3bb3d0c27d9350b0b946ee95cb280ae Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Mon, 22 Apr 2019 15:32:56 -0700 Subject: [PATCH 11/11] Update config-metricbeat.yml Not finished with it. --- playbook/linux/elastic/config-metricbeat.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/playbook/linux/elastic/config-metricbeat.yml b/playbook/linux/elastic/config-metricbeat.yml index d4e0400..90fed44 100644 --- a/playbook/linux/elastic/config-metricbeat.yml +++ b/playbook/linux/elastic/config-metricbeat.yml @@ -11,6 +11,22 @@ #- name: config where to send information + #- name: Remove builtin elasticsearch host config + # become: true + # replace: + #dest: /etc/metricbeat/metricbeat.yml + #regexp: '^hosts: ["localhost:9200"]' + #replace: '#hosts: ["localhost:9200"]' + +- name: define elasticsearch host + become: true + lineinfile: + path: /etc/metricbeat/metricbeat.yml + regex: '^hosts: ["localhost:9200"]' + insertafter: 'hosts: ["localhost:9200"]' + line: 'hosts: ["dm-nagios.local:9200"]' + + - name: systemd - daemon reload become: true systemd: