https://janikvonrotz.ch/tags/kibana/ Recent content in Kibana on Janik von Rotz Hugo en Mon, 28 Oct 2019 17:18:48 +0100 https://janikvonrotz.ch/2019/10/28/deploy-elk-stack-with-ansible-and-docker/ Mon, 28 Oct 2019 17:18:48 +0100 https://janikvonrotz.ch/2019/10/28/deploy-elk-stack-with-ansible-and-docker/ <p>This post was first published at <a href="https://abilium.com/blog/">Abilium - Blog</a>.</p> <p>Recently, we decided to setup a new monitoring service. We opted for the <a href="https://www.elastic.co/de/what-is/elk-stack">ELK stack</a>. The ELK stack constists of three products:</p> <ol> <li><strong>Elasticsearch</strong> - A powerful and flexible search index.</li> <li><strong>Logstash</strong> - Log ingester, filter and forwarder.</li> <li><strong>Kibana</strong> - Dashboard for data visualization.</li> </ol> <p>There exist multiple distros of the ELK stack. One of them is the <a href="https://opendistro.github.io/for-elasticsearch/">Open Distro for Elasticsearch</a> by Amazon and another one is the <a href="https://www.elastic.co/de/products/elastic-stack">Elastic Stack</a> by Elastic.</p> <p>We decided to use the Elastic Stack as they provide a collection of Beats in addition. Beats are services that ship all kinds of data (Log, Metrics, Performance, Uptime) to Logstash. It makes it much easier to actually collect data of your services and forward them to Logstash.</p> <p>At Abilium GmbH Docker and Kubernetes are the default way to run applications. Most times we use Jenkings and Docker Compose to build, test and deploy an application release. But we were not quite happy with docker compose as it does not support a meaningful way to configure the host system. Thus we decided use a very popular automation and configuration management tool: <a href="https://www.ansible.com/">Ansible</a>.</p> <p>In the following paragraph we will show how you can deploy the Elastic Stack using Ansible and Docker.</p> <h2 id="requirements">Requirements</h2> <p>It&rsquo;s assumed that you already know how to handle Ansible and are familiar with the related terms. Moreover, we assume that you know the basic idea of Docker and how it interacts with Ansible.</p> <p>Regarding system requirements for Docker checkout the first section of <a href="https://www.elastic.co/guide/en/elasticsearch/reference/master/docker.html">Install Elasticsearch with Docker</a></p> <h2 id="setup">Setup</h2> <p>Ansible in its plain form is a hierarchy of <code>.yml</code> files which tell what task should performed on which machine. There is no final layout when it comes to structuring these files. To get a grasp of what an Ansible project might look like, we printed the folder tree of our example project:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>├── ansible.cfg <span style="color:#75715e"># Global ansible configuration</span> </span></span><span style="display:flex;"><span>├── elk-clean.yml <span style="color:#75715e"># Cleanup playbook</span> </span></span><span style="display:flex;"><span>├── elk.yml <span style="color:#75715e"># Elastic Stack playbook</span> </span></span><span style="display:flex;"><span>├── inventory <span style="color:#75715e"># Inventory folder</span> </span></span><span style="display:flex;"><span>│ ├── group_vars <span style="color:#75715e"># Folder that contains variables grouped by environment</span> </span></span><span style="display:flex;"><span>│ │ ├── all <span style="color:#75715e"># Variables which apply to every environment</span> </span></span><span style="display:flex;"><span>│ │ │ ├── vars.yml <span style="color:#75715e"># Global configuration</span> </span></span><span style="display:flex;"><span>│ │ │ └── vault.yml <span style="color:#75715e"># Ansible Vault secrets</span> </span></span><span style="display:flex;"><span>│ │ └── prod <span style="color:#75715e"># Production environment</span> </span></span><span style="display:flex;"><span>│ │ └── vars.yml <span style="color:#75715e"># Environment specific folder</span> </span></span><span style="display:flex;"><span>│ └── hosts.yml <span style="color:#75715e"># List of hosts grouped by environment</span> </span></span><span style="display:flex;"><span>└── roles <span style="color:#75715e"># Roles are Ansible modules</span> </span></span><span style="display:flex;"><span> ├── clean <span style="color:#75715e"># Cleanup role that removes all configurations</span> </span></span><span style="display:flex;"><span> │ └── tasks </span></span><span style="display:flex;"><span> │ └── main.yml <span style="color:#75715e"># Tasks to cleanup containers and related config</span> </span></span><span style="display:flex;"><span> ├── elasticsearch <span style="color:#75715e"># The Elasticsearch role</span> </span></span><span style="display:flex;"><span> │ └── tasks </span></span><span style="display:flex;"><span> │ └── main.yml <span style="color:#75715e"># Tasks to deploy the Elasticsearch Docker container</span> </span></span><span style="display:flex;"><span> ├── kibana <span style="color:#75715e"># The Kibana role</span> </span></span><span style="display:flex;"><span> │ └── tasks </span></span><span style="display:flex;"><span> │ └── main.yml <span style="color:#75715e"># Tasks to deploy the Kibana Docker container</span> </span></span><span style="display:flex;"><span> ├── logstash <span style="color:#75715e"># The Logstash role</span> </span></span><span style="display:flex;"><span> │ ├── handlers </span></span><span style="display:flex;"><span> │ │ └── main.yml <span style="color:#75715e"># Tasks which are called by other tasks via notifier</span> </span></span><span style="display:flex;"><span> │ ├── tasks </span></span><span style="display:flex;"><span> │ │ └── main.yml <span style="color:#75715e"># Tasks to deploy the Logstash Docker container</span> </span></span><span style="display:flex;"><span> │ └── templates <span style="color:#75715e"># Logstash configuration files with Ansible variables</span> </span></span><span style="display:flex;"><span> │ ├── beats.conf </span></span><span style="display:flex;"><span> │ └── syslog.conf </span></span><span style="display:flex;"><span> └── nginx <span style="color:#75715e"># The nginx module to expose the Kibana dashboard</span> </span></span><span style="display:flex;"><span> ├── handlers </span></span><span style="display:flex;"><span> │ └── main.yml </span></span><span style="display:flex;"><span> ├── tasks </span></span><span style="display:flex;"><span> │ └── main.yml </span></span><span style="display:flex;"><span> └── templates </span></span><span style="display:flex;"><span> ├── nginx-certbot.conf </span></span><span style="display:flex;"><span> └── nginx-ssl.conf </span></span></code></pre></div><p>You can replicate this folder tree or checkout the single files in the follow-up sections.</p> <h2 id="elasticsearch">Elasticsearch</h2> <p>This Ansible task file deploys the Elasticsearch Docker container to the target host.</p> <p><strong>roles/elasticsearch/tasks/main.yml</strong></p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yml" data-lang="yml"><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Create elastic search volume</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">docker_volume</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">name</span>: <span style="color:#ae81ff">esdata</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">driver</span>: <span style="color:#ae81ff">local</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Start elastic search container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">docker_container</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">name</span>: <span style="color:#e6db74">&#34;{{ elasticsearch_hostname }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#e6db74">&#34;{{ elasticsearch_image }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">env</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">discovery.type</span>: <span style="color:#e6db74">&#34;single-node&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ES_JAVA_OPTS</span>: <span style="color:#e6db74">&#34;-Xms512m -Xmx512m&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">xpack.security.enabled</span>: <span style="color:#e6db74">&#34;true&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">xpack.monitoring.collection.enabled</span>: <span style="color:#e6db74">&#34;true&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;esdata:/usr/share/elasticsearch/data&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ulimits</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">nofile:65535:65535</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">networks</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f92672">name</span>: <span style="color:#e6db74">&#34;{{ network_name }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">state</span>: <span style="color:#ae81ff">started</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">log_driver</span>: <span style="color:#e6db74">&#34;{{ log_driver }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">log_options</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">max-size</span>: <span style="color:#e6db74">&#34;{{ log_max_size }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">max-file</span>: <span style="color:#e6db74">&#34;{{ log_max_file }}&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">debug</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">msg</span>: &gt;<span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> Users have to be configured manually. Enable and set the password for the default users with: </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> `docker exec -it {{ elasticsearch_hostname }} /bin/bash -c &#34;elasticsearch-setup-passwords auto&#34;` </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> Then edit the `vaul.yml` file and copy the password values to the expected variable.</span> </span></span></code></pre></div><h2 id="kibana">Kibana</h2> <p>Kibana is configured with env variables only.</p> <p><strong>roles/kibana/tasks/main.yml</strong></p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yml" data-lang="yml"><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Start kibana container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">docker_container</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">name</span>: <span style="color:#e6db74">&#34;{{ kibana_hostname }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#e6db74">&#34;{{ kibana_image }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">env</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">servername</span>: <span style="color:#e6db74">&#34;{{ server_name }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ELASTICSEARCH_HOSTS</span>: <span style="color:#e6db74">&#34;http://{{ elasticsearch_hostname }}:9200&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ELASTICSEARCH_USERNAME</span>: <span style="color:#e6db74">&#34;kibana&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ELASTICSEARCH_PASSWORD</span>: <span style="color:#e6db74">&#34;{{ kibana_password }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">networks</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f92672">name</span>: <span style="color:#e6db74">&#34;{{ network_name }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">log_driver</span>: <span style="color:#e6db74">&#34;{{ log_driver }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">log_options</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">max-size</span>: <span style="color:#e6db74">&#34;{{ log_max_size }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">max-file</span>: <span style="color:#e6db74">&#34;{{ log_max_file }}&#34;</span> </span></span></code></pre></div><h2 id="logstash">Logstash</h2> <p>Logstash processes data with pipelines. Each pipeline is configured in a <code>.conf</code> file. These files are deployed with Ansible as well. Everytime a file change occurs Ansible will restart the Logstash container.</p> <p><strong>roles/logstash/tasks/main.yml</strong></p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yml" data-lang="yml"><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Ensure logstash pipeline conf dir exists</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">file</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">path</span>: <span style="color:#e6db74">&#34;{{ logstash_conf_dir }}/pipeline&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">state</span>: <span style="color:#ae81ff">directory</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Copy logstash pipeline conf</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">template</span>: <span style="color:#ae81ff">src={{ item.src }} dest={{ item.dest }}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">with_items</span>: </span></span><span style="display:flex;"><span> - { <span style="color:#f92672">src: &#39;templates/syslog.conf&#39;, dest</span>: <span style="color:#e6db74">&#39;/{{ logstash_conf_dir }}/pipeline/syslog.conf&#39;</span> } </span></span><span style="display:flex;"><span> - { <span style="color:#f92672">src: &#39;templates/beats.conf&#39;, dest</span>: <span style="color:#e6db74">&#39;/{{ logstash_conf_dir }}/pipeline/beats.conf&#39;</span> } </span></span><span style="display:flex;"><span> <span style="color:#f92672">notify</span>: <span style="color:#ae81ff">Restart logstash container</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Start logstash container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">docker_container</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">name</span>: <span style="color:#e6db74">&#34;{{ logstash_hostname }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#e6db74">&#34;{{ logstash_image }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">env</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">XPACK_MONITORING_ELASTICSEARCH_HOSTS</span>: <span style="color:#e6db74">&#34;http://{{ elasticsearch_hostname }}:9200&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">XPACK_MONITORING_ENABLED</span>: <span style="color:#e6db74">&#34;true&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">XPACK_MONITORING_ELASTICSEARCH_USERNAME</span>: <span style="color:#e6db74">&#34;elastic&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">XPACK_MONITORING_ELASTICSEARCH_PASSWORD</span>: <span style="color:#e6db74">&#34;{{ elastic_password }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">PATH_CONFIG</span>: <span style="color:#e6db74">&#34;&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">5000</span>:<span style="color:#ae81ff">5000</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">5044</span>:<span style="color:#ae81ff">5044</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;{{ logstash_conf_dir }}/pipeline:/usr/share/logstash/pipeline:ro&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">networks</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f92672">name</span>: <span style="color:#e6db74">&#34;{{ network_name }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">log_driver</span>: <span style="color:#e6db74">&#34;{{ log_driver }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">log_options</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">max-size</span>: <span style="color:#e6db74">&#34;{{ log_max_size }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">max-file</span>: <span style="color:#e6db74">&#34;{{ log_max_file }}&#34;</span> </span></span></code></pre></div><p><strong>roles/logstash/handlers/main.yml</strong></p> <p>Handlers are notified by tasks and will be processed at the end of a role deployment.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yml" data-lang="yml"><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Restart logstash container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">docker_container</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">name</span>: <span style="color:#e6db74">&#34;{{ logstash_hostname }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">restart</span>: <span style="color:#66d9ef">true</span> </span></span></code></pre></div><p><strong>roles/logstash/templates/beats.conf</strong></p> <p>The beats pipeline forwards messages sent by Beats services to its appropriate index.</p> <pre tabindex="0"><code class="language-conf" data-lang="conf">input { stdin { } } input { beats { port =&gt; 5044 } } output { if [@metadata][beat] in [&#34;heartbeat&#34;, &#34;metricbeat&#34;, &#34;filebeat&#34;] { elasticsearch { hosts =&gt; [&#34;http://{{ elasticsearch_hostname }}:9200&#34;] user =&gt; &#34;elastic&#34; password =&gt; &#34;{{ elastic_password }}&#34; index =&gt; &#34;%{[@metadata][beat]}-%{[@metadata][version]}&#34; } } } </code></pre><p><strong>roles/logstash/templates/syslog.conf</strong></p> <p>The syslog pipeline processes syslog messages using a grok filter.</p> <pre tabindex="0"><code class="language-conf" data-lang="conf">input { stdin { } } input { tcp { port =&gt; 5000 type =&gt; syslog } udp { port =&gt; 5000 type =&gt; syslog } } filter { if [type] == &#34;syslog&#34; { grok { match =&gt; { &#34;message&#34; =&gt; &#34;%{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{HOSTNAME:syslog5424_host}|-) +(?:%{NOTSPACE:syslog5424_app}|-) +(?:%{NOTSPACE:syslog5424_proc}|-) +(?:%{WORD:syslog5424_msgid}|-) +(?:%{SYSLOG5424SD:syslog5424_sd}|-|) +%{GREEDYDATA:syslog5424_msg}&#34; } } syslog_pri { } date { match =&gt; [ &#34;syslog_timestamp&#34;, &#34;MMM d HH:mm:ss&#34;, &#34;MMM dd HH:mm:ss&#34; ] } if !(&#34;_grokparsefailure&#34; in [tags]) { mutate { replace =&gt; [ &#34;@source_host&#34;, &#34;%{syslog_hostname}&#34; ] replace =&gt; [ &#34;@message&#34;, &#34;%{syslog_message}&#34; ] } } mutate { remove_field =&gt; [ &#34;syslog_hostname&#34;, &#34;syslog_message&#34;, &#34;syslog_timestamp&#34; ] } } } output { if [type] == &#34;syslog&#34; { elasticsearch { hosts =&gt; [&#34;http://{{ elasticsearch_hostname }}:9200&#34;] user =&gt; &#34;elastic&#34; password =&gt; &#34;{{ elastic_password }}&#34; index =&gt; &#34;syslog-%{+YYYY.MM.dd}&#34; } } } </code></pre><h2 id="nginx">Nginx</h2> <p>It is easier to setup an Nginx proxy that secures access to the Kibana dashboard than configuring keymaterial for Kibana and setup direct access.</p> <p><strong>roles/nginx/tasks/main.yml</strong></p> <p>First this role checks if LetsEncrypt certificates have been generated for the configured domain. If this is not the case it will setup an Nginx instance whose only purpose is to complete the ACME challenge initialized by the Certbot command. Once the certificates have been generated a ssl secured Nginx instance will be deployed.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yml" data-lang="yml"><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Ensure nginx conf dir exists</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">file</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">path</span>: <span style="color:#e6db74">&#34;{{ nginx_conf_dir }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">state</span>: <span style="color:#ae81ff">directory</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Check if cert files exist</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">stat</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">path</span>: <span style="color:#e6db74">&#34;{{ certbot_conf_dir }}/live/{{ server_name }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">register</span>: <span style="color:#ae81ff">certbot_certs</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Copy nginx certbot conf</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">template</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">src</span>: <span style="color:#ae81ff">templates/nginx-certbot.conf</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">dest</span>: <span style="color:#e6db74">&#34;{{ nginx_conf_dir }}/{{ server_name }}.conf&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">when</span>: <span style="color:#ae81ff">not certbot_certs.stat.exists</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Start nginx container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">docker_container</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">name</span>: <span style="color:#ae81ff">ng01</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#e6db74">&#34;{{ nginx_image }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">80</span>:<span style="color:#ae81ff">80</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;{{ nginx_conf_dir }}/:/etc/nginx/conf.d/:ro&#34;</span> </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;{{ certbot_conf_dir }}/:/etc/letsencrypt/&#34;</span> </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;{{ certbot_conf_dir }}/www/:/var/www/certbot/&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">log_driver</span>: <span style="color:#e6db74">&#34;{{ log_driver }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">log_options</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">max-size</span>: <span style="color:#e6db74">&#34;{{ log_max_size }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">max-file</span>: <span style="color:#e6db74">&#34;{{ log_max_file }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">when</span>: <span style="color:#ae81ff">not certbot_certs.stat.exists</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Wait for nginx container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">pause</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">seconds</span>: <span style="color:#ae81ff">3</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">when</span>: <span style="color:#ae81ff">not certbot_certs.stat.exists</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Issue certificate with certbot command</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">docker_container</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">name</span>: <span style="color:#e6db74">&#34;{{ certbot_hostname }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#e6db74">&#34;{{ certbot_image }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;{{ certbot_conf_dir }}/:/etc/letsencrypt/&#34;</span> </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;{{ certbot_conf_dir }}/www/:/var/www/certbot/&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">command</span>: <span style="color:#ae81ff">certonly --webroot --email {{ certbot_email }} --agree-tos --webroot-path=/var/www/certbot/ -d {{ server_name }}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">when</span>: <span style="color:#ae81ff">not certbot_certs.stat.exists</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Wait for certificate request</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">pause</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">seconds</span>: <span style="color:#ae81ff">3</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">when</span>: <span style="color:#ae81ff">not certbot_certs.stat.exists</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Copy nginx ssl conf</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">template</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">src</span>: <span style="color:#ae81ff">templates/nginx-ssl.conf</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">dest</span>: <span style="color:#e6db74">&#34;{{ nginx_conf_dir }}/{{ server_name }}.conf&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">notify</span>: <span style="color:#ae81ff">Restart nginx container</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Copy nginx ssl param conf</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">copy</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">src</span>: <span style="color:#e6db74">&#34;{{ item }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">dest</span>: <span style="color:#e6db74">&#34;{{ certbot_conf_dir }}/&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">with_items</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">files/options-ssl-nginx.conf</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">files/ssl-dhparams.pem</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Start nginx container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">docker_container</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">name</span>: <span style="color:#ae81ff">ng01</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">nginx:1.15-alpine</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">80</span>:<span style="color:#ae81ff">80</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">443</span>:<span style="color:#ae81ff">443</span> </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">9200</span>:<span style="color:#ae81ff">9200</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;{{ nginx_conf_dir }}/:/etc/nginx/conf.d/:ro&#34;</span> </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;{{ certbot_conf_dir }}/:/etc/letsencrypt/&#34;</span> </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;{{ certbot_conf_dir }}/www/:/var/www/certbot/&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">networks</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f92672">name</span>: <span style="color:#e6db74">&#34;{{ network_name }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">log_driver</span>: <span style="color:#e6db74">&#34;{{ log_driver }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">log_options</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">max-size</span>: <span style="color:#e6db74">&#34;{{ log_max_size }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">max-file</span>: <span style="color:#e6db74">&#34;{{ log_max_file }}&#34;</span> </span></span></code></pre></div><p><strong>roles/nginx/handlers/main.yml</strong></p> <p>The Nginx handler for config updates.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yml" data-lang="yml"><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Restart nginx container</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">docker_container</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">name</span>: <span style="color:#ae81ff">ng01</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">restart</span>: <span style="color:#66d9ef">true</span> </span></span></code></pre></div><p><strong>roles/nginx/templates/nginx-certbot.conf</strong></p> <p>The ACME challenge Nginx config.</p> <pre tabindex="0"><code class="language-conf" data-lang="conf">server { listen 80; server_name {{ server_name }}; location /.well-known/acme-challenge/ { root /var/www/certbot; } } </code></pre><p><strong>roles/nginx/templates/nginx-ssl.conf</strong></p> <p>The ssl Nginx config that secures access to the Elastic Search API and Kibana dashboard.</p> <pre tabindex="0"><code class="language-conf" data-lang="conf">server { listen 80; server_name {{ server_name }}; location / { return 301 https://$host$request_uri; } location /.well-known/acme-challenge/ { root /var/www/certbot; } } # Kibana Dashboard server { listen 443 ssl; server_name {{ server_name }}; ssl_certificate /etc/letsencrypt/live/{{ server_name }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ server_name }}/privkey.pem; location / { proxy_pass http://{{ kibana_hostname }}:5601; } } # Elastic Search server { listen 9200 ssl; server_name {{ server_name }}; ssl_certificate /etc/letsencrypt/live/{{ server_name }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ server_name }}/privkey.pem; location / { proxy_pass http://{{ elasticsearch_hostname }}:9200; } } </code></pre><p>Note that cipher suite definitions have been removed from the example. Recommended cipher suites must be obtained by a security consultancy.</p> <h2 id="inventory">Inventory</h2> <p>Ansible works against multiple environments. Therefore configurations and code must be separated. Whereas roles are the code, configurations are the inventory.</p> <p><strong>inventory/hosts.yml</strong></p> <pre tabindex="0"><code>all: hosts: children: prod: hosts: monitoring.example.com int: hosts: monitoring-int.example.com </code></pre><p><strong>inventory/group_vars/all/vars.yml</strong></p> <p>These variables are set for all environments.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yml" data-lang="yml"><span style="display:flex;"><span><span style="color:#f92672">log_driver</span>: <span style="color:#e6db74">&#34;json-file&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">log_max_size</span>: <span style="color:#e6db74">&#34;10m&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">log_max_file</span>: <span style="color:#e6db74">&#34;3&#34;</span> </span></span></code></pre></div><p>They configure the log rotation for the Docker daemon.</p> <p><strong>inventory/group_vars/all/vault.yml</strong></p> <p>The vault file stores secrets. It is set for all environments as well. Run the this command to edit the file:</p> <p><code>ansible-vault edit inventory/group_vars/all/vault.yml</code></p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yml" data-lang="yml"><span style="display:flex;"><span><span style="color:#f92672">vault_elastic_password</span>: <span style="color:#ae81ff">password</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">vault_kibana_password</span>: <span style="color:#ae81ff">password</span> </span></span></code></pre></div><p>These passwords must be updated after the first depoyment.</p> <p><strong>inventory/group_vars/prod/vars.yml</strong></p> <p>If you run the Ansible deployment it will use the prod environment definitions by default. The prod environment has been configured with these variables:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yml" data-lang="yml"><span style="display:flex;"><span><span style="color:#f92672">server_name</span>: <span style="color:#ae81ff">monitoring.example.com</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">network_name</span>: <span style="color:#ae81ff">esnet</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">nginx_image</span>: <span style="color:#ae81ff">nginx:1.15-alpine</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">nginx_hostname</span>: <span style="color:#ae81ff">ng01</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">nginx_conf_dir</span>: <span style="color:#ae81ff">/usr/share/nginx</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">elasticsearch_image</span>: <span style="color:#ae81ff">docker.elastic.co/elasticsearch/elasticsearch:7.4.0</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">elasticsearch_hostname</span>: <span style="color:#ae81ff">es01</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">elasticsearch_conf_dir</span>: <span style="color:#ae81ff">/usr/share/elasticsearch</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">kibana_image</span>: <span style="color:#ae81ff">docker.elastic.co/kibana/kibana:7.3.2</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">kibana_hostname</span>: <span style="color:#ae81ff">ki01</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">logstash_image</span>: <span style="color:#ae81ff">docker.elastic.co/logstash/logstash:7.4.0</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">logstash_hostname</span>: <span style="color:#ae81ff">lo01</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">logstash_conf_dir</span>: <span style="color:#ae81ff">/usr/share/logstash</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">certbot_image</span>: <span style="color:#ae81ff">certbot/certbot</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">certbot_hostname</span>: <span style="color:#ae81ff">cb01</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">certbot_conf_dir</span>: <span style="color:#ae81ff">/usr/share/certbot</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">certbot_email</span>: <span style="color:#ae81ff">info@example.com</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">elastic_password</span>: <span style="color:#e6db74">&#34;{{ vault_elastic_password }}&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">kibana_password</span>: <span style="color:#e6db74">&#34;{{ vault_kibana_password }}&#34;</span> </span></span></code></pre></div><p>The hostname is used inside the Docker network.</p> <h2 id="playbooks">Playbooks</h2> <p>We are getting closer to the actual Ansible deployment. Ansible playbooks connect hosts, environments and roles. They describe which role must be installed on which host.</p> <p><strong>elk.yml</strong></p> <p>This playbook installs the described roles. Note that you can use tags to filter roles for deployments.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yml" data-lang="yml"><span style="display:flex;"><span>--- </span></span><span style="display:flex;"><span>- <span style="color:#f92672">hosts</span>: <span style="color:#e6db74">&#34;{{ ehosts | default(&#39;prod&#39;) }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">become</span>: <span style="color:#66d9ef">true</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">roles</span>: </span></span><span style="display:flex;"><span> - { <span style="color:#f92672">role: elasticsearch, tags</span>: [<span style="color:#e6db74">&#34;elasticsearch&#34;</span>] } </span></span><span style="display:flex;"><span> - { <span style="color:#f92672">role: kibana, tags</span>: [<span style="color:#e6db74">&#34;kibana&#34;</span>] } </span></span><span style="display:flex;"><span> - { <span style="color:#f92672">role: logstash, tags</span>: [<span style="color:#e6db74">&#34;logstash&#34;</span>] } </span></span><span style="display:flex;"><span> - { <span style="color:#f92672">role: nginx, tags</span>: [<span style="color:#e6db74">&#34;nginx&#34;</span>] } </span></span></code></pre></div><p><strong>elk-clean.yml</strong></p> <p>The cleanup process has been separated from the installation. Cleaning up installed software requires a different order, therefore the cleanup tasks received an exclusive role.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yml" data-lang="yml"><span style="display:flex;"><span>- <span style="color:#f92672">hosts</span>: <span style="color:#e6db74">&#34;{{ ehosts | default(&#39;prod&#39;) }}&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">become</span>: <span style="color:#66d9ef">true</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">roles</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">clean</span> </span></span></code></pre></div><h2 id="deployment">Deployment</h2> <p>You have reached the most important section. Here we show what commands can be used to deploy the ELK stack with Ansible and Docker.</p> <p>Deploy the ELK stack.</p> <p><code>ansible-playbook -i inventory elk.yml</code></p> <p>Deploy the Logstash role only.</p> <p><code>ansible-playbook -i inventory elk.yml --tags logstash</code></p> <p>Deploy the Nginx role to localhost.</p> <p><code>ansible-playbook -i inventory elk.yml --tags nginx --extra-vars &quot;ehosts=local&quot;</code></p> <p>Deploy the Nginx role to localhost with a specified user.</p> <p><code>ansible-playbook -i inventory elk.yml --tags nginx --extra-vars &quot;ehosts=local&quot; -u username</code></p> <p>Clean the ELK stack.</p> <p><code>ansible-playbook -i inventory elk-clean.yml</code></p> <p>Clean the Logstash role only.</p> <p><code>ansible-playbook -i inventory elk-clean.yml --tags logstash</code></p> <h2 id="demo">Demo</h2> <p>Let&rsquo;s see what a deployment looks like in action:</p> <!-- raw HTML omitted --> <p>That&rsquo;s it! I hope you were able to follow our solution. If not let us know in the comment section.</p> <h2 id="notes">Notes</h2> <p>As you might noticed there are parts of the Ansible project that have not been solved nicely. F.g. The default users have to be configured manually. We wanna address this points and show how to resolve them if there would be more ressources for engineering.</p> <p>Problem: Manual setup of default users.<br> Solution: Create and set the password of the elastic and kibana user automatically with http requests.</p> <p>Problem: Beat and syslog input services communication is not encrypted. Solution: Encrypt connection to Logstash beat and syslog input with LetsEncrypt certificates.</p> <p>Problem: Document role variables. Solution: Generate a documentation based on the inventory vars and comments.</p>