diff --git a/playbook/group_vars/all b/playbook/group_vars/all index 456ba16f52c322c1d13082da9e3d88972d7d524d..3cbac5ed2f7cd54a66bc4e90bba45765f39a2550 100644 --- a/playbook/group_vars/all +++ b/playbook/group_vars/all @@ -1,6 +1,6 @@ --- password_for_all_es_users: Kylinmanager13579! needSSL: true -kibana_ssl_crt_file: /opt/kibana/config/certs/kibana-server.crt -kibana_ssl_key_file: /opt/kibana/config/certs/kibana-server.key -kibana_elastic_ca_file: /opt/kibana/config/certs/elasticsearch-ca.pem \ No newline at end of file +kibana_ssl_crt_file: /opt/kibana/config/certs/kibana-server/kibana-server.crt +kibana_ssl_key_file: /opt/kibana/config/certs/kibana-server/kibana-server.key +kibana_elastic_ca_file: /opt/kibana/config/certs/kibana/elasticsearch-ca.pem \ No newline at end of file diff --git a/playbook/roles/fleet/tasks/main.yml b/playbook/roles/fleet/tasks/main.yml index 2d9c50c011099237ec2a7714a58d24f6c54b3ab4..4332cd8ce0a6585b5efbcdcdfcfd806948017818 100644 --- a/playbook/roles/fleet/tasks/main.yml +++ b/playbook/roles/fleet/tasks/main.yml @@ -16,7 +16,13 @@ regexp: '^#?xpack\.fleet\.registryUrl:\s*' line: 'xpack.fleet.registryUrl: http://127.0.0.1:8080' backup: yes +- name: service stop kibana + service: + name: kibana + state: stopped - name: stop kibana shell: kill -9 $(ps -ef | grep "nohup /opt/kibana/bin/kibana --allow-root &" | grep -v grep | awk '{print $2}') - name: start kibana - shell: nohup /opt/kibana/bin/kibana --allow-root & \ No newline at end of file + shell: nohup /opt/kibana/bin/kibana & + become: yes + become_user: elastic \ No newline at end of file diff --git a/playbook/roles/kibana/tasks/main.yml b/playbook/roles/kibana/tasks/main.yml index a7985a59ddf2e95be012609ebdf0bb952c088e91..0e83a77ebd692518429c9e22b5bbfcc10b153254 100644 --- a/playbook/roles/kibana/tasks/main.yml +++ b/playbook/roles/kibana/tasks/main.yml @@ -26,4 +26,6 @@ - name: change es config template: src=templates/kibana/kibana.yml.j2 dest=/opt/kibana/config/kibana.yml - name: start kibana - shell: nohup /opt/kibana/bin/kibana --allow-root & \ No newline at end of file + shell: nohup /opt/kibana/bin/kibana & + become: yes + become_user: elastic \ No newline at end of file diff --git a/playbook/standalone.yml b/playbook/standalone.yml index bba8cf9747acb549aeac6807ccf896102753b339..1e4f15afb0955c4ff4b639bdbb608c567cbdbd43 100644 --- a/playbook/standalone.yml +++ b/playbook/standalone.yml @@ -44,10 +44,19 @@ 'Is this correct*': "y" 'Do you wish to change any of these options*': "n" 'Provide a password for the*': "" + - name: create kibana https ca + expect: + command: /opt/elasticsearch/bin/elasticsearch-certutil cert --pem --name kibana-server + responses: + 'Please enter the desired output file *': "\n" - name: mkdir certs shell: mkdir -p /opt/elasticsearch/config/certs - name: unzip elasticsearch-ssl-http.zip - shell: mv /opt/elasticsearch/elasticsearch-ssl-http.zip /opt/elasticsearch/config/certs && unzip elasticsearch-ssl-http.zip + shell: mv /opt/elasticsearch/elasticsearch-ssl-http.zip /opt/elasticsearch/certificate-bundle.zip /opt/elasticsearch/config/certs + - name: unzip ssl zip + shell: unzip certificate-bundle.zip && unzip elasticsearch-ssl-http.zip + args: + chdir: /opt/elasticsearch/config/certs - name: stop es service service: name: elasticsearch @@ -62,6 +71,7 @@ expect: command: /opt/elasticsearch/bin/elasticsearch-setup-passwords interactive responses: + 'Please confirm that you would like to continue *': "y" 'Enter password for *': "{{ password_for_all_es_users }}" 'Reenter password for *': "{{ password_for_all_es_users }}" 'Enter password for *': "{{ password_for_all_es_users }}" @@ -75,4 +85,19 @@ 'Enter password for *': "{{ password_for_all_es_users }}" 'Reenter password for *': "{{ password_for_all_es_users }}" when: needSSL == "true" + - name: kibana https config + block: + - name: cp ca from es + shell: cp -ra /opt/elasticsearch/config/certs /opt/kibana/config + - name: service stop kibana + service: + name: kibana + state: stopped + - name: stop kibana + shell: kill -9 $(ps -ef | grep "nohup /opt/kibana/bin/kibana --allow-root &" | grep -v grep | awk '{print $2}') + - name: start kibana + shell: nohup /opt/kibana/bin/kibana & + become: yes + become_user: elastic + when: needSSL == "true"