From c3fb5279cbee74a483ef1151969d3a91b8cf6e17 Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Fri, 10 Mar 2023 13:48:14 +0100 Subject: [PATCH 1/4] Set baseURL in Kibana fixes #68 --- docs/role-kibana.md | 2 ++ roles/kibana/defaults/main.yml | 1 + roles/kibana/templates/kibana.yml.j2 | 1 + 3 files changed, 4 insertions(+) diff --git a/docs/role-kibana.md b/docs/role-kibana.md index 1b83f251..29347498 100644 --- a/docs/role-kibana.md +++ b/docs/role-kibana.md @@ -25,6 +25,8 @@ These variables are identical over all our elastic related roles, hence the diff * *kibana_tls_key_passphrase*: Passphrase for kibana certificates (default: `PleaseChangeMe`) * *kibana_cert_expiration_buffer*: Ansible will renew the kibana certificate if its validity is shorter than this value, which should be number of days. (default: 30) * *kibana_cert_will_expire_soon*: Set it to true to renew kibana certificate (default: `fasle`), Or run the playbook with `--tags renew_kibana_cert` to do that. +* *elastic_kibana_host*: Hostname users use to connect to Kibana (default: FQDN of the host the role is executed on) +* *elastic_kibana_port*: Port Kibana webinterface is listening on (default: `5601`) * *elasticsearch_ca*: Set to the inventory hostname of the host that should house the CA for certificates for inter-node communication. (default: First node in the `elasticsearch` host group) * *elastic_ca_dir*: Directory where on the Elasticsearch CA host certificates are stored. This is only useful in connection with out other Elastic Stack related roles. (default: `/opt/es-ca`) * *elastic_ca_pass*: Password for Elasticsearch CA (default: `PleaseChangeMe`) diff --git a/roles/kibana/defaults/main.yml b/roles/kibana/defaults/main.yml index 641fcdef..f92172a2 100644 --- a/roles/kibana/defaults/main.yml +++ b/roles/kibana/defaults/main.yml @@ -23,3 +23,4 @@ elastic_release: 8 elastic_stack_full_stack: true elastic_variant: elastic elastic_elasticsearch_http_port: 9200 +elastic_kibana_port: 5601 diff --git a/roles/kibana/templates/kibana.yml.j2 b/roles/kibana/templates/kibana.yml.j2 index 564ff78e..a46a227c 100644 --- a/roles/kibana/templates/kibana.yml.j2 +++ b/roles/kibana/templates/kibana.yml.j2 @@ -1,4 +1,5 @@ server.host: "0.0.0.0" +http{% if kibana_tls | bool %}s{% endif %}://{{ elastic_kibana_host | default( {{ ansible_fqdn }} ) }}:{{ elastic_kibana_port }} {% if elastic_stack_full_stack is defined and elastic_stack_full_stack | bool and kibana_security | bool and elastic_variant == "elastic" %} elasticsearch.hosts: [{% for host in kibana_elasticsearch_hosts %}"https://{{ host }}:{{ elastic_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] From c54166745cc5599be75d1d812ad4d1078a766cbf Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Fri, 10 Mar 2023 17:35:26 +0100 Subject: [PATCH 2/4] Reworking template --- roles/kibana/templates/kibana.yml.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/kibana/templates/kibana.yml.j2 b/roles/kibana/templates/kibana.yml.j2 index a46a227c..f1f20e46 100644 --- a/roles/kibana/templates/kibana.yml.j2 +++ b/roles/kibana/templates/kibana.yml.j2 @@ -1,5 +1,7 @@ server.host: "0.0.0.0" -http{% if kibana_tls | bool %}s{% endif %}://{{ elastic_kibana_host | default( {{ ansible_fqdn }} ) }}:{{ elastic_kibana_port }} +server.publicBaseUrl: "http" +{% if kibana_tls | bool %}s{% endif %} +"://{{ elastic_kibana_host | default( {{ ansible_fqdn }} ) }}:{{ elastic_kibana_port }}" {% if elastic_stack_full_stack is defined and elastic_stack_full_stack | bool and kibana_security | bool and elastic_variant == "elastic" %} elasticsearch.hosts: [{% for host in kibana_elasticsearch_hosts %}"https://{{ host }}:{{ elastic_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] From b02a8b888814079d87af092e4a21f6c11bc92db0 Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Mon, 13 Mar 2023 15:58:16 +0100 Subject: [PATCH 3/4] Rework template for Kibana --- .github/workflows/test_role_kibana.yml | 2 +- roles/kibana/templates/kibana.yml.j2 | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test_role_kibana.yml b/.github/workflows/test_role_kibana.yml index b58ad870..cf0c316d 100644 --- a/.github/workflows/test_role_kibana.yml +++ b/.github/workflows/test_role_kibana.yml @@ -67,7 +67,7 @@ jobs: strategy: fail-fast: false - max-parallel: 3 + max-parallel: 1 matrix: distro: [ubuntu2204] scenario: [kibana_default, kibana_full_stack, kibana_full_stack-oss] diff --git a/roles/kibana/templates/kibana.yml.j2 b/roles/kibana/templates/kibana.yml.j2 index f1f20e46..76aba5f9 100644 --- a/roles/kibana/templates/kibana.yml.j2 +++ b/roles/kibana/templates/kibana.yml.j2 @@ -1,7 +1,5 @@ server.host: "0.0.0.0" -server.publicBaseUrl: "http" -{% if kibana_tls | bool %}s{% endif %} -"://{{ elastic_kibana_host | default( {{ ansible_fqdn }} ) }}:{{ elastic_kibana_port }}" +server.publicBaseUrl: "http{% if kibana_tls | bool %}s{% endif %}://{{ elastic_kibana_host | default( ansible_fqdn ) }}:{{ elastic_kibana_port }}" {% if elastic_stack_full_stack is defined and elastic_stack_full_stack | bool and kibana_security | bool and elastic_variant == "elastic" %} elasticsearch.hosts: [{% for host in kibana_elasticsearch_hosts %}"https://{{ host }}:{{ elastic_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] From a3f0f14803fbfba5fe6deb8e0f493b389cba7d64 Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Mon, 13 Mar 2023 17:45:20 +0100 Subject: [PATCH 4/4] Remove Tests for full stack Kibana OSS OSS versions of the stack won't be supported for long now. We can start removing everything that needs newer versions of Elasticsearch. helps with #120 --- .github/workflows/test_role_kibana.yml | 2 +- molecule/kibana_full_stack-oss/converge.yml | 26 --------------- molecule/kibana_full_stack-oss/molecule.yml | 20 ----------- molecule/kibana_full_stack-oss/prepare.yml | 16 --------- molecule/kibana_full_stack-oss/verify.yml | 37 --------------------- 5 files changed, 1 insertion(+), 100 deletions(-) delete mode 100644 molecule/kibana_full_stack-oss/converge.yml delete mode 100644 molecule/kibana_full_stack-oss/molecule.yml delete mode 100644 molecule/kibana_full_stack-oss/prepare.yml delete mode 100644 molecule/kibana_full_stack-oss/verify.yml diff --git a/.github/workflows/test_role_kibana.yml b/.github/workflows/test_role_kibana.yml index cf0c316d..e1c0ebb3 100644 --- a/.github/workflows/test_role_kibana.yml +++ b/.github/workflows/test_role_kibana.yml @@ -70,7 +70,7 @@ jobs: max-parallel: 1 matrix: distro: [ubuntu2204] - scenario: [kibana_default, kibana_full_stack, kibana_full_stack-oss] + scenario: [kibana_default, kibana_full_stack] release: [ 7, 8 ] steps: diff --git a/molecule/kibana_full_stack-oss/converge.yml b/molecule/kibana_full_stack-oss/converge.yml deleted file mode 100644 index 8a03965c..00000000 --- a/molecule/kibana_full_stack-oss/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# The workaround for arbitrarily named role directory is important because -# the git repo has one name and the role within it another -# Found at: -# https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722 -- name: Converge - collections: - - netways.elasticstack - hosts: all - vars: - elastic_stack_full_stack: true - elastic_variant: oss - elastic_release: 7 - tasks: - - name: Include Elastic Repos - include_role: - name: repos - - name: Include Elasticsearch role - include_role: - name: elasticsearch - - name: Include logstash - include_role: - name: logstash - - name: Include Kibana - include_role: - name: kibana diff --git a/molecule/kibana_full_stack-oss/molecule.yml b/molecule/kibana_full_stack-oss/molecule.yml deleted file mode 100644 index 2e39979a..00000000 --- a/molecule/kibana_full_stack-oss/molecule.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: kibana-full-oss - groups: - - elasticsearch - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/molecule/kibana_full_stack-oss/prepare.yml b/molecule/kibana_full_stack-oss/prepare.yml deleted file mode 100644 index ed1547d8..00000000 --- a/molecule/kibana_full_stack-oss/prepare.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Prepare - hosts: all - tasks: - - name: Install packages needed for Debian - apt: - name: - - gpg - - curl - - procps - - gpg-agent - update_cache: yes - when: ansible_os_family == "Debian" - - name: Install git - package: - name: git diff --git a/molecule/kibana_full_stack-oss/verify.yml b/molecule/kibana_full_stack-oss/verify.yml deleted file mode 100644 index d247b2fc..00000000 --- a/molecule/kibana_full_stack-oss/verify.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - tasks: - - name: Give some time for all services to connect - wait_for: - timeout: 120 - - name: Kibana checks - block: - - name: fetch kibana.yml - command: cat /etc/kibana/kibana.yml - register: kibanayml - - name: Show kibana.yml - debug: - var: kibanayml.stdout_lines - - name: Check for Kibana port - wait_for: - port: 5601 - - name: Connect to Elasticsearch - command: "curl -s http://{{ groups['elasticsearch'][0] }}:{{ elastic_elasticsearch_http_port }}/_cat/indices" - - name: Connect to Kibana - command: "curl -s http://{{ ansible_hostname }}:5601/api/status" - register: curl_out - failed_when: "'green' not in curl_out.stdout" - when: "'kibana' in group_names" - # The following might be nicer but doesn't work - #- name: Connect to Kibana - # uri: - # url: http://ansible-role-kibana_full_stack:5601/api/status - # user: elastic - # password: "{{ elastic_password.stdout }}" - # return_content: yes - # register: kibana_status - # #failed_when: "'"title": "Green"' not in kibana_status.content" - # failed_when: "'Green' not in kibana_status.content"