From 882098fbd82d96df81c73547799d97df960eb1ee Mon Sep 17 00:00:00 2001 From: wangjian Date: Tue, 7 May 2024 18:16:45 +0800 Subject: [PATCH] add es and kibana roles and config templates --- playbook/group_vars/all | 4 +- playbook/roles/elasticsearch/tasks/main.yml | 45 ++++++++ playbook/roles/kibana/tasks/main.yml | 25 +++++ playbook/standalone.yml | 76 +------------ playbook/templates/kibana/kibana.yml.j2 | 115 ++++++++++++++++++++ 5 files changed, 194 insertions(+), 71 deletions(-) create mode 100644 playbook/roles/elasticsearch/tasks/main.yml create mode 100644 playbook/roles/kibana/tasks/main.yml create mode 100644 playbook/templates/kibana/kibana.yml.j2 diff --git a/playbook/group_vars/all b/playbook/group_vars/all index 18e866f..754f85f 100644 --- a/playbook/group_vars/all +++ b/playbook/group_vars/all @@ -1,2 +1,4 @@ --- -arch: x86_64 \ No newline at end of file +arch: x86_64 +es_name: kibana_system +es_name_password: Kylinmanager13579! \ No newline at end of file diff --git a/playbook/roles/elasticsearch/tasks/main.yml b/playbook/roles/elasticsearch/tasks/main.yml new file mode 100644 index 0000000..04dbcb1 --- /dev/null +++ b/playbook/roles/elasticsearch/tasks/main.yml @@ -0,0 +1,45 @@ +--- +- name: install java-11-openjdk-devel for elasticsearch + dnf: + name: java-11-openjdk-devel* + state: present +- name: get elasticsearch from official website + shell: wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.16-linux-x86_64.tar.gz --no-check-certificate + args: + chdir: /root/ + when: arch == x86_64 +- name: unzip tar.gz + shell: tar -xzvf elasticsearch-7.17.16-linux-x86_64.tar.gz -C /opt + args: + chdir: /root/ + when: arch == x86_64 +- name: get elasticsearch from official website + shell: wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.16-linux-aarch64.tar.gz --no-check-certificate + args: + chdir: /root/ + when: arch == aarch64 +- name: unzip tar.gz + shell: tar -xzvf elasticsearch-7.17.16-linux-aarch64.tar.gz -C /opt + args: + chdir: /root/ + when: arch == aarch64 +- name: add elastic user + shell: groupadd elastic && useradd elastic -g elastic +- name: chown /opt/elasticsearch-7.17.16/ + shell: chown -R elastic:elastic /opt/elasticsearch-7.17.16/ +- name: change es config + template: src=templates/elasticsearch/elasticsearch.yml.j2 dest=/opt/elasticsearch-7.17.16/config/elasticsearch.yml +- name: change jvms + lineinfile: + path: /opt/elasticsearch-7.17.16/config/jvm.options + regexp: '^#?-Xms*' + line: '-Xms4g' + backrefs: yes +- name: change jvmx + lineinfile: + path: /opt/elasticsearch-7.17.16/config/jvm.options + regexp: '^#?-Xmx*' + line: '-Xmx4g' + backrefs: yes +- name: start elasticsearch + shell: nohup /opt/elasticsearch-7.17.16/bin/elasticsearch -d & \ No newline at end of file diff --git a/playbook/roles/kibana/tasks/main.yml b/playbook/roles/kibana/tasks/main.yml new file mode 100644 index 0000000..cd59100 --- /dev/null +++ b/playbook/roles/kibana/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: get kibana from official website + shell: wget https://artifacts.elastic.co/downloads/kibana/kibana-7.17.16-linux-x86_64.tar.gz --no-check-certificate + args: + chdir: /root/ + when: arch == x86_64 +- name: unzip tar.gz + shell: tar -xzvf kibana-7.17.16-linux-x86_64.tar.gz -C /opt + args: + chdir: /root/ + when: arch == x86_64 +- name: get kibana from official website + shell: wget https://artifacts.elastic.co/downloads/kibana/kibana-7.17.16-linux-aarch64.tar.gz --no-check-certificate + args: + chdir: /root/ + when: arch == aarch64 +- name: unzip tar.gz + shell: tar -xzvf kibana-7.17.16-linux-aarch64.tar.gz -C /opt + args: + chdir: /root/ + when: arch == aarch64 +- name: change es config + template: src=templates/kibana/kibana.yml.j2 dest=/opt/kibana-7.17.16/config/kibana.yml +- name: start kibana + shell: nohup /opt/kibana-7.17.16/bin/kibana --allow-root & \ No newline at end of file diff --git a/playbook/standalone.yml b/playbook/standalone.yml index 10a6e14..fd7e23b 100644 --- a/playbook/standalone.yml +++ b/playbook/standalone.yml @@ -1,76 +1,12 @@ --- -- name: install PilotGo-ELK platform - hosts: standalone - become: yes - become_user: root +- hosts: standalone + remote_user: root + + roles: + - elasticsearch + - kibana tasks: - - name: install java-11-openjdk-devel for elasticsearch - dnf: - name: java-11-openjdk-devel* - state: present - - name: get elasticsearch from official website - shell: wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.16-linux-x86_64.tar.gz --no-check-certificate - args: - chdir: /root/ - when: arch == x86_64 - - name: unzip tar.gz - shell: tar -xzvf elasticsearch-7.17.16-linux-x86_64.tar.gz -C /opt - args: - chdir: /root/ - when: arch == x86_64 - - name: get elasticsearch from official website - shell: wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.16-linux-aarch64.tar.gz --no-check-certificate - args: - chdir: /root/ - when: arch == aarch64 - - name: unzip tar.gz - shell: tar -xzvf elasticsearch-7.17.16-linux-aarch64.tar.gz -C /opt - args: - chdir: /root/ - when: arch == aarch64 - - name: add elastic user - shell: groupadd elastic && useradd elastic -g elastic - - name: chown /opt/elasticsearch-7.17.16/ - shell: chown -R elastic:elastic /opt/elasticsearch-7.17.16/ - - name: change es config - template: src=templates/elasticsearch/elasticsearch.yml.j2 dest=/opt/elasticsearch-7.17.16/config/elasticsearch.yml - - name: change jvms - lineinfile: - path: /opt/elasticsearch-7.17.16/config/jvm.options - regexp: '^#?-Xms*' - line: '-Xms4g' - backrefs: yes - - name: change jvmx - lineinfile: - path: /opt/elasticsearch-7.17.16/config/jvm.options - regexp: '^#?-Xmx*' - line: '-Xmx4g' - backrefs: yes - - name: start elasticsearch - shell: nohup /opt/elasticsearch-7.17.16/bin/elasticsearch -d & - - name: get kibana from official website - shell: wget https://artifacts.elastic.co/downloads/kibana/kibana-7.17.16-linux-x86_64.tar.gz --no-check-certificate - args: - chdir: /root/ - when: arch == x86_64 - - name: unzip tar.gz - shell: tar -xzvf kibana-7.17.16-linux-x86_64.tar.gz -C /opt - args: - chdir: /root/ - when: arch == x86_64 - - name: get elasticsearch from official website - shell: wget https://artifacts.elastic.co/downloads/kibana/kibana-7.17.16-linux-aarch64.tar.gz --no-check-certificate - args: - chdir: /root/ - when: arch == aarch64 - - name: unzip tar.gz - shell: tar -xzvf kibana-7.17.16-linux-aarch64.tar.gz -C /opt - args: - chdir: /root/ - when: arch == aarch64 - - name: start kibana - shell: nohup /opt/kibana-7.17.16/bin/kibana --allow-root & - name: install docker dnf: name: docker diff --git a/playbook/templates/kibana/kibana.yml.j2 b/playbook/templates/kibana/kibana.yml.j2 new file mode 100644 index 0000000..6f29a0f --- /dev/null +++ b/playbook/templates/kibana/kibana.yml.j2 @@ -0,0 +1,115 @@ +# Kibana is served by a back end server. This setting specifies the port to use. +server.port: 5601 + +# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. +# The default is 'localhost', which usually means remote machines will not be able to connect. +# To allow connections from remote users, set this parameter to a non-loopback address. +server.host: "0.0.0.0" + +# Enables you to specify a path to mount Kibana at if you are running behind a proxy. +# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath +# from requests it receives, and to prevent a deprecation warning at startup. +# This setting cannot end in a slash. +#server.basePath: "" + +# Specifies whether Kibana should rewrite requests that are prefixed with +# `server.basePath` or require that they are rewritten by your reverse proxy. +# This setting was effectively always `false` before Kibana 6.3 and will +# default to `true` starting in Kibana 7.0. +#server.rewriteBasePath: false + +# Specifies the public URL at which Kibana is available for end users. If +# `server.basePath` is configured this URL should end with the same basePath. +#server.publicBaseUrl: "" + +# The maximum payload size in bytes for incoming server requests. +#server.maxPayload: 1048576 + +# The Kibana server's name. This is used for display purposes. +#server.name: "your-hostname" + +# The URLs of the Elasticsearch instances to use for all your queries. +elasticsearch.hosts: ["http://localhost:9200"] + +# Kibana uses an index in Elasticsearch to store saved searches, visualizations and +# dashboards. Kibana creates a new index if the index doesn't already exist. +#kibana.index: ".kibana" + +# The default application to load. +#kibana.defaultAppId: "home" + +# If your Elasticsearch is protected with basic authentication, these settings provide +# the username and password that the Kibana server uses to perform maintenance on the Kibana +# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which +# is proxied through the Kibana server. +elasticsearch.username: "{{ es_name }}" +elasticsearch.password: "{{ es_name_password }}" + +# Kibana can also authenticate to Elasticsearch via "service account tokens". +# If may use this token instead of a username/password. +# elasticsearch.serviceAccountToken: "my_token" + +# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. +# These settings enable SSL for outgoing requests from the Kibana server to the browser. +#server.ssl.enabled: false +#server.ssl.certificate: /path/to/your/server.crt +#server.ssl.key: /path/to/your/server.key + +# Optional settings that provide the paths to the PEM-format SSL certificate and key files. +# These files are used to verify the identity of Kibana to Elasticsearch and are required when +# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required. +#elasticsearch.ssl.certificate: /path/to/your/client.crt +#elasticsearch.ssl.key: /path/to/your/client.key + +# Optional setting that enables you to specify a path to the PEM file for the certificate +# authority for your Elasticsearch instance. +#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] + +# To disregard the validity of SSL certificates, change this setting's value to 'none'. +#elasticsearch.ssl.verificationMode: full + +# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of +# the elasticsearch.requestTimeout setting. +#elasticsearch.pingTimeout: 1500 + +# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value +# must be a positive integer. +#elasticsearch.requestTimeout: 30000 + +# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side +# headers, set this value to [] (an empty list). +#elasticsearch.requestHeadersWhitelist: [ authorization ] + +# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten +# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. +#elasticsearch.customHeaders: {} + +# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. +#elasticsearch.shardTimeout: 30000 + +# Logs queries sent to Elasticsearch. Requires logging.verbose set to true. +#elasticsearch.logQueries: false + +# Specifies the path where Kibana creates the process ID file. +#pid.file: /run/kibana/kibana.pid + +# Enables you to specify a file where Kibana stores log output. +#logging.dest: stdout + +# Set the value of this setting to true to suppress all logging output. +#logging.silent: false + +# Set the value of this setting to true to suppress all logging output other than error messages. +#logging.quiet: false + +# Set the value of this setting to true to log all events, including system usage information +# and all requests. +#logging.verbose: false + +# Set the interval in milliseconds to sample system and process performance +# metrics. Minimum is 100ms. Defaults to 5000. +#ops.interval: 5000 + +# Specifies locale to be used for all localizable strings, dates and number formats. +# Supported languages are the following: English - en , by default , Chinese - zh-CN . +#i18n.locale: "en" -- Gitee