Add Kibana and NGINX config for Kibana

author: Joe Banks <[email protected]> 2022-03-15 20:03:15 +0000
committer: Joe Banks <[email protected]> 2022-03-15 20:03:15 +0000
commit: 69abf523abb9ca7e52187ea64e53290e3f5e1039 (patch)
tree: be65fffb084ee419cc81e6f46a89559a92cec5c3
parent: Add Elasticsearch (diff)
7 files changed, 100 insertions, 0 deletions
diff --git a/roles/kibana-nginx/README.md b/roles/kibana-nginx/README.md
new file mode 100644
index 0000000..23f8ffc
--- /dev/null
+++ b/roles/kibana-nginx/README.md
@@ -0,0 +1,3 @@
+# Role "kibana-nginx"
+
+This role installs the configuration for NGINX reverse proxying to Kibana.
diff --git a/roles/kibana-nginx/meta/main.yml b/roles/kibana-nginx/meta/main.yml
new file mode 100644
index 0000000..fe0bcd5
--- /dev/null
+++ b/roles/kibana-nginx/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+  - nginx
+  - nginx-cloudflare-mtls
diff --git a/roles/kibana-nginx/tasks/main.yml b/roles/kibana-nginx/tasks/main.yml
new file mode 100644
index 0000000..ae34b94
--- /dev/null
+++ b/roles/kibana-nginx/tasks/main.yml
@@ -0,0 +1,26 @@
+- name: Install Kibana NGINX config
+  copy:
+    dest: /etc/nginx/sites-enabled/kibana
+    mode: 0644
+    group: root
+    owner: root
+    content: |
+      # Managed by Ansible
+      server {
+        listen 443 ssl http2;
+        server_name kibana.pydis.wtf;
+
+        ssl_certificate      /etc/letsencrypt/live/pydis.wtf/fullchain.pem;
+        ssl_certificate_key  /etc/letsencrypt/live/pydis.wtf/privkey.pem;
+        ssl_client_certificate {{ nginx_cloudflare_mtls_certificate_path }};
+        ssl_verify_client on;
+
+        location / {
+          include proxy_params;
+          proxy_pass http://localhost:5601;
+        }
+      }
+  notify:
+    - reload the nginx service
+  tags:
+    - role::kibana-nginx
diff --git a/roles/kibana/README.md b/roles/kibana/README.md
new file mode 100644
index 0000000..b3f1188
--- /dev/null
+++ b/roles/kibana/README.md
@@ -0,0 +1,3 @@
+# Role "kibana"
+
+The Kibana role deploys Kibana, a visualisation software for Elasticsearch.
diff --git a/roles/kibana/tasks/main.yml b/roles/kibana/tasks/main.yml
new file mode 100644
index 0000000..1d89194
--- /dev/null
+++ b/roles/kibana/tasks/main.yml
@@ -0,0 +1,53 @@
+---
+- name: Install GPG
+  package:
+    name: gpg
+    state: present
+  tags:
+    - role::kibana
+
+- name: Install Elasticsearch signing key
+  shell: >-
+    wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch |
+    gpg --yes --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
+  args:
+    creates: /usr/share/keyrings/elasticsearch-keyring.gpg
+  tags:
+    - role::kibana
+
+- name: Add Elasticsearch repository to apt
+  copy:
+    content: >-
+      deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg]
+      https://artifacts.elastic.co/packages/8.x/apt stable main
+    dest: /etc/apt/sources.list.d/elastic-8.x.list
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    - role::kibana
+  register: add_kibana_repo
+
+- name: Install Kibana
+  apt:
+    pkg: kibana
+    state: present
+    update_cache: "{{ add_kibana_repo.changed }}"
+  tags:
+    - role::kibana
+
+- name: Configure Kibana base URL
+  lineinfile:
+    path: /etc/kibana/kibana.yml
+    state: present
+    line: "server.publicBaseUrl: {{ kibana_public_url }}"
+  tags:
+    - role::kibana
+
+- name: Start and enable Kibana
+  service:
+    name: kibana
+    state: started
+    enabled: true
+  tags:
+    - role::kibana
diff --git a/roles/kibana/vars/main/vars.yml b/roles/kibana/vars/main/vars.yml
new file mode 100644
index 0000000..6c91ac0
--- /dev/null
+++ b/roles/kibana/vars/main/vars.yml
@@ -0,0 +1,3 @@
+kibana_elastic_username: "pydis"
+kibana_elastic_password: "{{ encrypted_kibana_elastic_password }}"
+kibana_public_url: "https://kibana.pydis.wtf"
diff --git a/roles/kibana/vars/main/vault.yml b/roles/kibana/vars/main/vault.yml
new file mode 100644
index 0000000..cc3f7ef
--- /dev/null
+++ b/roles/kibana/vars/main/vault.yml
@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+39393931323735373539653161363535623031303435633030353239643464303066333536623161
+3537666562346136646663393066323137663034373866610a316331353166366135383164656535
+39323866336534383730383436303863643963353333383933356634336466636337663766393639
+6330313161633865310a396564343161626236366639616635333537613639663464356265333333
+62643932343962653236396430383139333333316132623362626239346662393131396332393136
+62633934303531373139303530653236323136646537303035653061386539613839346365316332
+323334663539356430326131373335623861
author	Joe Banks <[email protected]>	2022-03-15 20:03:15 +0000
committer	Joe Banks <[email protected]>	2022-03-15 20:03:15 +0000
commit	69abf523abb9ca7e52187ea64e53290e3f5e1039 (patch)
tree	be65fffb084ee419cc81e6f46a89559a92cec5c3
parent	Add Elasticsearch (diff)