diff --git a/.github/workflows/test_role_kibana.yml b/.github/workflows/test_role_kibana.yml index b58ad870..e1c0ebb3 100644 --- a/.github/workflows/test_role_kibana.yml +++ b/.github/workflows/test_role_kibana.yml @@ -67,10 +67,10 @@ jobs: strategy: fail-fast: false - max-parallel: 3 + max-parallel: 1 matrix: distro: [ubuntu2204] - scenario: [kibana_default, kibana_full_stack, kibana_full_stack-oss] + scenario: [kibana_default, kibana_full_stack] release: [ 7, 8 ] steps: diff --git a/docs/role-kibana.md b/docs/role-kibana.md index 1b83f251..29347498 100644 --- a/docs/role-kibana.md +++ b/docs/role-kibana.md @@ -25,6 +25,8 @@ These variables are identical over all our elastic related roles, hence the diff * *kibana_tls_key_passphrase*: Passphrase for kibana certificates (default: `PleaseChangeMe`) * *kibana_cert_expiration_buffer*: Ansible will renew the kibana certificate if its validity is shorter than this value, which should be number of days. (default: 30) * *kibana_cert_will_expire_soon*: Set it to true to renew kibana certificate (default: `fasle`), Or run the playbook with `--tags renew_kibana_cert` to do that. +* *elastic_kibana_host*: Hostname users use to connect to Kibana (default: FQDN of the host the role is executed on) +* *elastic_kibana_port*: Port Kibana webinterface is listening on (default: `5601`) * *elasticsearch_ca*: Set to the inventory hostname of the host that should house the CA for certificates for inter-node communication. (default: First node in the `elasticsearch` host group) * *elastic_ca_dir*: Directory where on the Elasticsearch CA host certificates are stored. This is only useful in connection with out other Elastic Stack related roles. (default: `/opt/es-ca`) * *elastic_ca_pass*: Password for Elasticsearch CA (default: `PleaseChangeMe`) diff --git a/molecule/kibana_full_stack-oss/converge.yml b/molecule/kibana_full_stack-oss/converge.yml deleted file mode 100644 index 8a03965c..00000000 --- a/molecule/kibana_full_stack-oss/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# The workaround for arbitrarily named role directory is important because -# the git repo has one name and the role within it another -# Found at: -# https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722 -- name: Converge - collections: - - netways.elasticstack - hosts: all - vars: - elastic_stack_full_stack: true - elastic_variant: oss - elastic_release: 7 - tasks: - - name: Include Elastic Repos - include_role: - name: repos - - name: Include Elasticsearch role - include_role: - name: elasticsearch - - name: Include logstash - include_role: - name: logstash - - name: Include Kibana - include_role: - name: kibana diff --git a/molecule/kibana_full_stack-oss/molecule.yml b/molecule/kibana_full_stack-oss/molecule.yml deleted file mode 100644 index 2e39979a..00000000 --- a/molecule/kibana_full_stack-oss/molecule.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: kibana-full-oss - groups: - - elasticsearch - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/molecule/kibana_full_stack-oss/prepare.yml b/molecule/kibana_full_stack-oss/prepare.yml deleted file mode 100644 index ed1547d8..00000000 --- a/molecule/kibana_full_stack-oss/prepare.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Prepare - hosts: all - tasks: - - name: Install packages needed for Debian - apt: - name: - - gpg - - curl - - procps - - gpg-agent - update_cache: yes - when: ansible_os_family == "Debian" - - name: Install git - package: - name: git diff --git a/molecule/kibana_full_stack-oss/verify.yml b/molecule/kibana_full_stack-oss/verify.yml deleted file mode 100644 index d247b2fc..00000000 --- a/molecule/kibana_full_stack-oss/verify.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - tasks: - - name: Give some time for all services to connect - wait_for: - timeout: 120 - - name: Kibana checks - block: - - name: fetch kibana.yml - command: cat /etc/kibana/kibana.yml - register: kibanayml - - name: Show kibana.yml - debug: - var: kibanayml.stdout_lines - - name: Check for Kibana port - wait_for: - port: 5601 - - name: Connect to Elasticsearch - command: "curl -s http://{{ groups['elasticsearch'][0] }}:{{ elastic_elasticsearch_http_port }}/_cat/indices" - - name: Connect to Kibana - command: "curl -s http://{{ ansible_hostname }}:5601/api/status" - register: curl_out - failed_when: "'green' not in curl_out.stdout" - when: "'kibana' in group_names" - # The following might be nicer but doesn't work - #- name: Connect to Kibana - # uri: - # url: http://ansible-role-kibana_full_stack:5601/api/status - # user: elastic - # password: "{{ elastic_password.stdout }}" - # return_content: yes - # register: kibana_status - # #failed_when: "'"title": "Green"' not in kibana_status.content" - # failed_when: "'Green' not in kibana_status.content" diff --git a/roles/kibana/defaults/main.yml b/roles/kibana/defaults/main.yml index 641fcdef..f92172a2 100644 --- a/roles/kibana/defaults/main.yml +++ b/roles/kibana/defaults/main.yml @@ -23,3 +23,4 @@ elastic_release: 8 elastic_stack_full_stack: true elastic_variant: elastic elastic_elasticsearch_http_port: 9200 +elastic_kibana_port: 5601 diff --git a/roles/kibana/templates/kibana.yml.j2 b/roles/kibana/templates/kibana.yml.j2 index 564ff78e..76aba5f9 100644 --- a/roles/kibana/templates/kibana.yml.j2 +++ b/roles/kibana/templates/kibana.yml.j2 @@ -1,4 +1,5 @@ server.host: "0.0.0.0" +server.publicBaseUrl: "http{% if kibana_tls | bool %}s{% endif %}://{{ elastic_kibana_host | default( ansible_fqdn ) }}:{{ elastic_kibana_port }}" {% if elastic_stack_full_stack is defined and elastic_stack_full_stack | bool and kibana_security | bool and elastic_variant == "elastic" %} elasticsearch.hosts: [{% for host in kibana_elasticsearch_hosts %}"https://{{ host }}:{{ elastic_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]