From 83b01f0f384d8ff1d34fa10e35d3785dc8b849dd Mon Sep 17 00:00:00 2001 From: Wolfgang Date: Tue, 21 Nov 2023 14:37:50 +0100 Subject: [PATCH 01/17] Initial work for v8 support --- defaults/main.yaml | 3 ++- tasks/kibana.yaml | 2 +- templates/kibana/kibana.yml | 1 - templates/kibana/kibana.yml.j2 | 5 +++++ 4 files changed, 8 insertions(+), 3 deletions(-) delete mode 100644 templates/kibana/kibana.yml create mode 100644 templates/kibana/kibana.yml.j2 diff --git a/defaults/main.yaml b/defaults/main.yaml index 2979112..87338cc 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -1,4 +1,5 @@ kibana: + version: 7 prefix: config: >- {%- if ansible_system == 'Linux' -%} @@ -10,7 +11,7 @@ kibana: apt: key_url: https://artifacts.elastic.co/GPG-KEY-elasticsearch repository: | - deb https://artifacts.elastic.co/packages/7.x/apt stable main + deb https://artifacts.elastic.co/packages/{{ vars.kibana.version }}.x/apt stable main domain: use_dehydrated: yes oauth2_proxy: diff --git a/tasks/kibana.yaml b/tasks/kibana.yaml index d7d6b6e..a2f0672 100644 --- a/tasks/kibana.yaml +++ b/tasks/kibana.yaml @@ -1,6 +1,6 @@ - name: Template Kibana config loop: - - src: kibana/kibana.yml + - src: kibana/kibana.yml.j2 dest: "{{ kibana.prefix.config }}/kibana.yml" loop_control: label: "{{ item.dest }}" diff --git a/templates/kibana/kibana.yml b/templates/kibana/kibana.yml deleted file mode 100644 index 37f2607..0000000 --- a/templates/kibana/kibana.yml +++ /dev/null @@ -1 +0,0 @@ -{{ kibana['kibana.yml']|to_nice_yaml(indent=2) }} diff --git a/templates/kibana/kibana.yml.j2 b/templates/kibana/kibana.yml.j2 new file mode 100644 index 0000000..df0b308 --- /dev/null +++ b/templates/kibana/kibana.yml.j2 @@ -0,0 +1,5 @@ +{% if kibana.version is not defined or kibana.version is version('8', '<') %} +{{ kibana['kibana.yml'] | to_nice_yaml(indent=2) }} +{% else %} +{{ kibana['kibana.yml'] | ansible.utils.remove_keys(target=['apm', 'graph', 'ml', 'reporting', 'xpack']) | to_nice_yaml(indent=2) }} +{% endif %} From e0e8f918ac668d6e2c104fee062f52d25f19621a Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Fri, 23 Aug 2024 11:09:32 +0200 Subject: [PATCH 02/17] Set up the apt repository on Debian-based OSes --- tasks/install.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/install.yaml b/tasks/install.yaml index 03ab15e..60ddbd3 100644 --- a/tasks/install.yaml +++ b/tasks/install.yaml @@ -1,4 +1,4 @@ -- when: ansible_distribution == 'Ubuntu' +- when: ansible_os_family == 'Debian' block: - name: Add Elastic repository key apt_key: From 26c72dc5b9e9912a4584c5512a3264075168d02b Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Fri, 23 Aug 2024 11:18:48 +0200 Subject: [PATCH 03/17] Add tasks to set kibana_system password --- tasks/main.yaml | 6 ++++++ tasks/password.yaml | 29 +++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 tasks/password.yaml diff --git a/tasks/main.yaml b/tasks/main.yaml index c2786d4..5befc8c 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -1,3 +1,9 @@ +--- - import_tasks: install.yaml + - import_tasks: nginx.yaml + - import_tasks: kibana.yaml + +- import_tasks: password.yaml + when: kibana.version is version('8', '>=') diff --git a/tasks/password.yaml b/tasks/password.yaml new file mode 100644 index 0000000..0b4f010 --- /dev/null +++ b/tasks/password.yaml @@ -0,0 +1,29 @@ +--- +- name: Display an error about missing kibana_system password + when: not elasticsearch.users.builtin.kibana_system.password + ansible.builtin.fail: + msg: >- + [ERROR]: The password for built-in user 'kibana_system' is not defined. + Starting with ElasticSearch 8, security is enabled by default, + which means that the built-in users must be password-protected. + Please set the variable `elasticsearch.users.builtin.kibana_system.password` + to your desired password. + +- name: Check if the password for the kibana_system user is already defined + changed_when: kibana_system_password_already_set.status == 401 + failed_when: kibana_system_password_already_set is failed and kibana_system_password_already_set.status != 401 + register: kibana_system_password_already_set + ansible.builtin.uri: + url: http://localhost:9200 + user: kibana_system + password: "{{ elasticsearch.users.builtin.kibana_system.password }}" + force_basic_auth: yes + +- name: Define a password for the elastic user + when: kibana_system_password_already_set is changed + changed_when: yes + ansible.builtin.shell: + cmd: >- + set -o pipefail && + printf "{{ elasticsearch.users.builtin.kibana_system.password }}\n{{ elasticsearch.users.builtin.kibana_system.password }}" | + {{ elasticsearch.prefix.bin }}/elasticsearch-reset-password -b -u kibana_system -i From 83cd86a2be11464c21a49d80fea626a2a003ed19 Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Fri, 23 Aug 2024 11:41:53 +0200 Subject: [PATCH 04/17] Remove the set -o pipefail option since dash doesn't support it --- tasks/password.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/password.yaml b/tasks/password.yaml index 0b4f010..ee5f9b0 100644 --- a/tasks/password.yaml +++ b/tasks/password.yaml @@ -24,6 +24,5 @@ changed_when: yes ansible.builtin.shell: cmd: >- - set -o pipefail && printf "{{ elasticsearch.users.builtin.kibana_system.password }}\n{{ elasticsearch.users.builtin.kibana_system.password }}" | {{ elasticsearch.prefix.bin }}/elasticsearch-reset-password -b -u kibana_system -i From d437f9cfb0284e49ced20d7f00df87e7258448e1 Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Fri, 23 Aug 2024 11:48:24 +0200 Subject: [PATCH 05/17] Add elasticsearch to Kibana dependencies --- meta/main.yaml | 1 + tasks/password.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/main.yaml b/meta/main.yaml index 69891c7..46df903 100644 --- a/meta/main.yaml +++ b/meta/main.yaml @@ -1,2 +1,3 @@ dependencies: - role: nginx + - role: elasticsearch diff --git a/tasks/password.yaml b/tasks/password.yaml index ee5f9b0..a15ce5c 100644 --- a/tasks/password.yaml +++ b/tasks/password.yaml @@ -19,7 +19,7 @@ password: "{{ elasticsearch.users.builtin.kibana_system.password }}" force_basic_auth: yes -- name: Define a password for the elastic user +- name: Define a password for the kibana_password user when: kibana_system_password_already_set is changed changed_when: yes ansible.builtin.shell: From 4ede6a6090793d594ab96b2ce7ac74d122ee53c7 Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Fri, 23 Aug 2024 11:56:46 +0200 Subject: [PATCH 06/17] Rework the nginx template --- tasks/main.yaml | 4 +- templates/nginx/http.d/kibana.conf | 132 ++++++++++++++++++----------- 2 files changed, 84 insertions(+), 52 deletions(-) diff --git a/tasks/main.yaml b/tasks/main.yaml index 5befc8c..f3b5da5 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -3,7 +3,7 @@ - import_tasks: nginx.yaml -- import_tasks: kibana.yaml - - import_tasks: password.yaml when: kibana.version is version('8', '>=') + +- import_tasks: kibana.yaml diff --git a/templates/nginx/http.d/kibana.conf b/templates/nginx/http.d/kibana.conf index 360a896..476d696 100644 --- a/templates/nginx/http.d/kibana.conf +++ b/templates/nginx/http.d/kibana.conf @@ -1,58 +1,90 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +{% if dehydrated | cert_exists(kibana.domain) and kibana.use_dehydrated %} server { - {% if dehydrated|cert_exists(kibana.domain) and kibana.use_dehydrated %} - listen 0.0.0.0:443 ssl http2; - listen [::]:443 ssl http2; - {% else %} - listen 0.0.0.0:80; - listen [::]:80; - {% endif %} + listen 0.0.0.0:80; + listen [::]:80; + {% if ansible_local.proserver|default(none) and ansible_local.proserver.routing.with_gate64 -%} + listen [::1]:87 proxy_protocol; + {%- endif %} + + server_name {{ kibana.domain }}; + + root /var/null; + + location / { + return 301 https://$host$request_uri; + } + + include {{ nginx.prefix.config }}/include/letsencrypt.conf; +} + +server { + listen 0.0.0.0:443 ssl http2; + listen [::]:443 ssl http2; - server_name {{ kibana.domain }}; + server_name {{ kibana.domain }}; - include {{ nginx.prefix.config }}/include/security_headers.conf; + include {{ nginx.prefix.config }}/include/security_headers.conf; + {% if kibana.oauth2_proxy %} + location /proserver/iap { + proxy_pass http://[::1]:{{ oauth2_proxy.config[kibana.oauth2_proxy].http_address.split(":")[-1] }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + } + + location = /proserver/iap/auth { + proxy_pass http://[::1]:{{ oauth2_proxy.config[kibana.oauth2_proxy].http_address.split(":")[-1] }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + } + {% endif %} + + location / { {% if kibana.oauth2_proxy %} - location /proserver/iap { - proxy_pass http://[::1]:{{ oauth2_proxy.config[kibana.oauth2_proxy].http_address.split(":")[-1] }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Auth-Request-Redirect $request_uri; - } - - location = /proserver/iap/auth { - proxy_pass http://[::1]:{{ oauth2_proxy.config[kibana.oauth2_proxy].http_address.split(":")[-1] }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header Content-Length ""; - proxy_pass_request_body off; - } + auth_request /proserver/iap/auth; + error_page 401 = /proserver/iap/sign_in; + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; {% endif %} - location / { - {% if kibana.oauth2_proxy %} - auth_request /proserver/iap/auth; - error_page 401 = /proserver/iap/sign_in; - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - {% endif %} - - proxy_pass http://127.0.0.1:5601; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } - - {% if dehydrated|cert_exists(kibana.domain) and kibana.use_dehydrated -%} - ############################################################################ - # HTTPS - ############################################################################ - ssl_certificate {{ dehydrated|cert_fullchain(kibana.domain) }}; - ssl_certificate_key {{ dehydrated|cert_privkey(kibana.domain) }}; - ssl_trusted_certificate {{ dehydrated|cert_chain(kibana.domain) }}; - include {{ nginx.prefix.config }}/include/https_params.conf; - {% endif %} + proxy_pass http://127.0.0.1:5601; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + + ssl_certificate {{ dehydrated|cert_fullchain(kibana.domain) }}; + ssl_certificate_key {{ dehydrated|cert_privkey(kibana.domain) }}; + ssl_trusted_certificate {{ dehydrated|cert_chain(kibana.domain) }}; + include {{ nginx.prefix.config }}/include/https_params.conf; +} +{% else %} + +server { + listen 0.0.0.0:80; + listen [::]:80; + + server_name {{ kibana.domain }}; + + location / { + proxy_pass http://127.0.0.1:5601; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } } +{% endif %} From dc09371edebdc033f16de2e6ef87af724976d557 Mon Sep 17 00:00:00 2001 From: Daniel Lienert Date: Sun, 15 Sep 2024 14:02:31 +0200 Subject: [PATCH 07/17] TASK: Increase max body size to 100MB This is needed when metricbeat sends templates during the setup process --- templates/nginx/http.d/kibana.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/nginx/http.d/kibana.conf b/templates/nginx/http.d/kibana.conf index 476d696..c5d44c1 100644 --- a/templates/nginx/http.d/kibana.conf +++ b/templates/nginx/http.d/kibana.conf @@ -27,6 +27,8 @@ server { listen [::]:443 ssl http2; server_name {{ kibana.domain }}; + + client_max_body_size 100M; include {{ nginx.prefix.config }}/include/security_headers.conf; From f7b093f503119ce5e4b2376166e50e2f7af86fb9 Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Mon, 16 Sep 2024 11:54:17 +0200 Subject: [PATCH 08/17] Switch to deb822 repository scheme --- defaults/main.yaml | 2 +- tasks/install.yaml | 35 ++++++++--------------------------- tasks/main.yaml | 4 ++++ tasks/repository.yaml | 27 +++++++++++++++++++++++++++ 4 files changed, 40 insertions(+), 28 deletions(-) create mode 100644 tasks/repository.yaml diff --git a/defaults/main.yaml b/defaults/main.yaml index 87338cc..b14a2d9 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -11,7 +11,7 @@ kibana: apt: key_url: https://artifacts.elastic.co/GPG-KEY-elasticsearch repository: | - deb https://artifacts.elastic.co/packages/{{ vars.kibana.version }}.x/apt stable main + deb https://artifacts.elastic.co/packages/{{ vars.kibana.version }}.x/apt domain: use_dehydrated: yes oauth2_proxy: diff --git a/tasks/install.yaml b/tasks/install.yaml index 60ddbd3..8470e43 100644 --- a/tasks/install.yaml +++ b/tasks/install.yaml @@ -1,31 +1,12 @@ -- when: ansible_os_family == 'Debian' - block: - - name: Add Elastic repository key - apt_key: - url: "{{ kibana.repository.apt.key_url }}" - - - name: Add Elastic repository - loop: - - /etc/apt/sources.list.d/elastic.list - copy: - content: "{{ kibana.repository.apt.repository }}" - dest: "{{ item }}" - register: kibana_add_apt_repository - - - name: Update apt cache - when: kibana_add_apt_repository.changed - apt: - update_cache: yes - - - name: Install Kibana - apt: - name: kibana +- name: Install Kibana + apt: + name: kibana - - name: Restart Kibana after package upgrade - lineinfile: - path: /etc/default/kibana - regexp: '^#?RESTART_ON_UPGRADE=' - line: RESTART_ON_UPGRADE=true +- name: Restart Kibana after package upgrade + lineinfile: + path: /etc/default/kibana + regexp: '^#?RESTART_ON_UPGRADE=' + line: RESTART_ON_UPGRADE=true - name: Enable Kibana service: diff --git a/tasks/main.yaml b/tasks/main.yaml index f3b5da5..fc4753c 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -1,5 +1,9 @@ --- +- import_tasks: repository.yaml + when: ansible_os_family == "Debian" + - import_tasks: install.yaml + when: ansible_os_family == "Debian" - import_tasks: nginx.yaml diff --git a/tasks/repository.yaml b/tasks/repository.yaml new file mode 100644 index 0000000..43d7a54 --- /dev/null +++ b/tasks/repository.yaml @@ -0,0 +1,27 @@ +--- +- name: Install python3-debian package with apt + ansible.builtin.apt: + name: python3-debian + update_cache: yes + +- name: Remove the legacy apt repository + ansible.builtin.file: + dest: /etc/apt/sources.list.d/elastic.list + state: absent + +- name: Add the Kibana apt repository + register: kibana_repository_added + ansible.builtin.deb822_repository: + name: elastic + uris: "{{ kibana.repository.apt.repository }}" + signed_by: "{{ kibana.repository.apt.key_url }}" + types: [deb] + components: [main] + suites: [stable] + state: present + enabled: yes + +- name: Update apt cache + when: kibana_repository_added.changed + ansible.builtin.apt: + update_cache: yes From d79516aa63af498559ecea00130da38ed37763ec Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Mon, 16 Sep 2024 11:57:25 +0200 Subject: [PATCH 09/17] Clean up repository and configuration tasks --- tasks/configure.yaml | 11 +++++++++++ tasks/install.yaml | 40 +++++++++++++++++++++++++++++----------- tasks/main.yaml | 5 ++--- tasks/repository.yaml | 27 --------------------------- 4 files changed, 42 insertions(+), 41 deletions(-) create mode 100644 tasks/configure.yaml delete mode 100644 tasks/repository.yaml diff --git a/tasks/configure.yaml b/tasks/configure.yaml new file mode 100644 index 0000000..6e1b5a2 --- /dev/null +++ b/tasks/configure.yaml @@ -0,0 +1,11 @@ +--- +- name: Restart Kibana after package upgrade + lineinfile: + path: /etc/default/kibana + regexp: '^#?RESTART_ON_UPGRADE=' + line: RESTART_ON_UPGRADE=true + +- name: Enable Kibana + service: + name: kibana + enabled: yes diff --git a/tasks/install.yaml b/tasks/install.yaml index 8470e43..dd42a4b 100644 --- a/tasks/install.yaml +++ b/tasks/install.yaml @@ -1,14 +1,32 @@ -- name: Install Kibana - apt: - name: kibana +--- +- name: Install python3-debian package with apt + ansible.builtin.apt: + name: python3-debian + update_cache: yes + +- name: Remove the legacy apt repository + ansible.builtin.file: + dest: /etc/apt/sources.list.d/elastic.list + state: absent + +- name: Add the Kibana apt repository + register: kibana_repository_added + ansible.builtin.deb822_repository: + name: elastic + uris: "{{ kibana.repository.apt.repository }}" + signed_by: "{{ kibana.repository.apt.key_url }}" + types: [deb] + components: [main] + suites: [stable] + state: present + enabled: yes -- name: Restart Kibana after package upgrade - lineinfile: - path: /etc/default/kibana - regexp: '^#?RESTART_ON_UPGRADE=' - line: RESTART_ON_UPGRADE=true +- name: Update apt cache + when: kibana_repository_added.changed + ansible.builtin.apt: + update_cache: yes -- name: Enable Kibana - service: +- name: Install Kibana + notify: Restart Kibana + ansible.builtin.apt: name: kibana - enabled: yes diff --git a/tasks/main.yaml b/tasks/main.yaml index fc4753c..25790e7 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -1,10 +1,9 @@ --- -- import_tasks: repository.yaml - when: ansible_os_family == "Debian" - - import_tasks: install.yaml when: ansible_os_family == "Debian" +- import_tasks: configure.yaml + - import_tasks: nginx.yaml - import_tasks: password.yaml diff --git a/tasks/repository.yaml b/tasks/repository.yaml deleted file mode 100644 index 43d7a54..0000000 --- a/tasks/repository.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Install python3-debian package with apt - ansible.builtin.apt: - name: python3-debian - update_cache: yes - -- name: Remove the legacy apt repository - ansible.builtin.file: - dest: /etc/apt/sources.list.d/elastic.list - state: absent - -- name: Add the Kibana apt repository - register: kibana_repository_added - ansible.builtin.deb822_repository: - name: elastic - uris: "{{ kibana.repository.apt.repository }}" - signed_by: "{{ kibana.repository.apt.key_url }}" - types: [deb] - components: [main] - suites: [stable] - state: present - enabled: yes - -- name: Update apt cache - when: kibana_repository_added.changed - ansible.builtin.apt: - update_cache: yes From 9401d761c7a1f216d07897670c3df1b6c3817c80 Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Mon, 16 Sep 2024 12:00:10 +0200 Subject: [PATCH 10/17] Move restart on upgrade task to Debian-only --- tasks/configure.yaml | 6 ------ tasks/install.yaml | 6 ++++++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tasks/configure.yaml b/tasks/configure.yaml index 6e1b5a2..1639ed1 100644 --- a/tasks/configure.yaml +++ b/tasks/configure.yaml @@ -1,10 +1,4 @@ --- -- name: Restart Kibana after package upgrade - lineinfile: - path: /etc/default/kibana - regexp: '^#?RESTART_ON_UPGRADE=' - line: RESTART_ON_UPGRADE=true - - name: Enable Kibana service: name: kibana diff --git a/tasks/install.yaml b/tasks/install.yaml index dd42a4b..221de90 100644 --- a/tasks/install.yaml +++ b/tasks/install.yaml @@ -30,3 +30,9 @@ notify: Restart Kibana ansible.builtin.apt: name: kibana + +- name: Restart Kibana after package upgrade + lineinfile: + path: /etc/default/kibana + regexp: '^#?RESTART_ON_UPGRADE=' + line: RESTART_ON_UPGRADE=true From 1e0f60e058002f7c20e553906db7ff38fd1592a1 Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Mon, 16 Sep 2024 12:22:24 +0200 Subject: [PATCH 11/17] Remove deb prefix before repository --- defaults/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yaml b/defaults/main.yaml index b14a2d9..05f5055 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -11,7 +11,7 @@ kibana: apt: key_url: https://artifacts.elastic.co/GPG-KEY-elasticsearch repository: | - deb https://artifacts.elastic.co/packages/{{ vars.kibana.version }}.x/apt + https://artifacts.elastic.co/packages/{{ vars.kibana.version }}.x/apt domain: use_dehydrated: yes oauth2_proxy: From ada7eb9f276b011d2279292e49c83a8b2cd79a25 Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Mon, 16 Sep 2024 12:32:16 +0200 Subject: [PATCH 12/17] Convert repo var from multi-line to single-line --- defaults/main.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/defaults/main.yaml b/defaults/main.yaml index 05f5055..309331a 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -10,8 +10,7 @@ kibana: repository: apt: key_url: https://artifacts.elastic.co/GPG-KEY-elasticsearch - repository: | - https://artifacts.elastic.co/packages/{{ vars.kibana.version }}.x/apt + repository: https://artifacts.elastic.co/packages/{{ vars.kibana.version }}.x/apt domain: use_dehydrated: yes oauth2_proxy: From c58fa484cc5e853b0f3ac9d2edf42638f590cc33 Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Wed, 20 Nov 2024 13:10:18 +0100 Subject: [PATCH 13/17] Only enable xpack.apm, xpack.ml and xpack.graph on Kibana < 8 --- defaults/main.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/defaults/main.yaml b/defaults/main.yaml index 309331a..829c12e 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -24,10 +24,10 @@ kibana: {%- endif -%} xpack: apm: - enabled: "{{ ansible_system == 'Linux' }}" + enabled: "{{ ansible_system == 'Linux' and vars.kibana.version < 8 }}" graph: - enabled: "{{ ansible_system == 'Linux' }}" + enabled: "{{ ansible_system == 'Linux' and vars.kibana.version < 8 }}" ml: - enabled: "{{ ansible_system == 'Linux' }}" + enabled: "{{ ansible_system == 'Linux' and vars.kibana.version < 8 }}" reporting: enabled: "{{ ansible_system == 'Linux' }}" From 83672cd03962385f9f219cbf42e9f42feb6ebecb Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Wed, 20 Nov 2024 13:13:27 +0100 Subject: [PATCH 14/17] Set the default Kibana version to 8 --- defaults/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yaml b/defaults/main.yaml index 829c12e..4507542 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -1,5 +1,5 @@ kibana: - version: 7 + version: 8 prefix: config: >- {%- if ansible_system == 'Linux' -%} From 66c0a6adc1f0d5b31a00442b742b2e2a52e8918f Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Wed, 20 Nov 2024 13:23:03 +0100 Subject: [PATCH 15/17] Revert "Only enable xpack.apm, xpack.ml and xpack.graph on Kibana < 8" This reverts commit c58fa484cc5e853b0f3ac9d2edf42638f590cc33. --- defaults/main.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/defaults/main.yaml b/defaults/main.yaml index 4507542..372eeea 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -24,10 +24,10 @@ kibana: {%- endif -%} xpack: apm: - enabled: "{{ ansible_system == 'Linux' and vars.kibana.version < 8 }}" + enabled: "{{ ansible_system == 'Linux' }}" graph: - enabled: "{{ ansible_system == 'Linux' and vars.kibana.version < 8 }}" + enabled: "{{ ansible_system == 'Linux' }}" ml: - enabled: "{{ ansible_system == 'Linux' and vars.kibana.version < 8 }}" + enabled: "{{ ansible_system == 'Linux' }}" reporting: enabled: "{{ ansible_system == 'Linux' }}" From db4a97cc614b47a264389b704546f554f874c1f7 Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Wed, 20 Nov 2024 13:30:09 +0100 Subject: [PATCH 16/17] Override Kibana v8 service on Linux --- tasks/install.yaml | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/tasks/install.yaml b/tasks/install.yaml index 221de90..45ef410 100644 --- a/tasks/install.yaml +++ b/tasks/install.yaml @@ -32,7 +32,30 @@ name: kibana - name: Restart Kibana after package upgrade - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/kibana regexp: '^#?RESTART_ON_UPGRADE=' line: RESTART_ON_UPGRADE=true + +- name: Handle Kibana v8 service ovverides + when: kibana.version >= 8 + block: + - name: Make sure the service override folder exists for the Kibana systemd service + ansible.builtin.file: + dest: /etc/systemd/system/kibana.d + state: directory + owner: root + mode: "0755" + + - name: Override the Kibana systemd service to disable the log.dest parameter + notify: Restart Kibana + ansible.builtin.copy: + content: | + [Service] + ExecStart= + ExecStart=/usr/share/kibana/bin/kibana --pid.file="/run/kibana/kibana.pid" + dest: /etc/systemd/system/kibana.d/override.conf + + - name: Reload systemd daemons + ansible.builtin.systemd: + daemon_reload: yes From 162ccb62c865fb7fd23d3a4bb3a00a0e66f0bfdd Mon Sep 17 00:00:00 2001 From: Wolfgang Medina-Erhardt Date: Wed, 20 Nov 2024 13:35:55 +0100 Subject: [PATCH 17/17] Override Kibana v8 service on Linux --- tasks/install.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/install.yaml b/tasks/install.yaml index 45ef410..f7fb6e4 100644 --- a/tasks/install.yaml +++ b/tasks/install.yaml @@ -42,7 +42,7 @@ block: - name: Make sure the service override folder exists for the Kibana systemd service ansible.builtin.file: - dest: /etc/systemd/system/kibana.d + dest: /etc/systemd/system/kibana.service.d state: directory owner: root mode: "0755" @@ -54,7 +54,7 @@ [Service] ExecStart= ExecStart=/usr/share/kibana/bin/kibana --pid.file="/run/kibana/kibana.pid" - dest: /etc/systemd/system/kibana.d/override.conf + dest: /etc/systemd/system/kibana.service.d/override.conf - name: Reload systemd daemons ansible.builtin.systemd: