First setup of kibana

defaults/main.yml

@@ -0,0 +1,81 @@
+---
+cloud_apps: /opt
+cloud_storage: /opt/storage
+cloud_stage: prod
+cloud_update: false
+
+elastic_version: 8.17.1
+kibana_platform_suffix: linux-x86_64
+
+kibana_data_location: "{{ cloud_storage }}/kibana-data"
+kibana_logs_location: "{{ cloud_storage }}/kibana-logs"
+
+kibana_source: "https://artifacts.elastic.co/downloads/kibana"
+
+kibana_log_filesize: 256mb
+kibana_log_rotationcount: 10
+kibana_log_level: info
+
+kibana_config_server:
+  port: 5601
+  host: "localhost"
+  #basePath: ""
+  #rewriteBasePath: false
+  #publicBaseUrl: ""
+  maxPayload: 1048576
+  server.name: "{{ cloud_name | default('elasticsearch') | split('-') | map('title') | join(' ') }} {{ cloud_stage | title }}"
+    #ssl:
+    #    enable: false
+    #    certificate: /path/to/your/server.crt
+    #    key: /path/to/your/server.key
+kibana_config_elasticsearch:
+  hosts:
+    - http://cloud-elastic-0.local:9200
+  username: "kibana_system"
+  password: "pass"
+  #serviceAccountToken: "my_token"
+  requestTimeout: 30000
+  pingTimeout: 1500
+  maxSockets: 1024
+  compression: false
+  requestHeadersWhitelist: 
+    - authorization
+  customHeaders: {}
+  shardTimeout: 30000
+  ssl:
+    certificate: /path/to/your/client.crt
+    key: /path/to/your/client.key
+    certificateAuthorities:
+      - "/path/to/your/CA.pem"
+    verificationMode: full
+
+kibana_config_logging:
+  root:
+    level: "{{ kibana_log_level }}"
+  appenders:
+    #default:
+    #  type: file
+    #  fileName: /var/logs/kibana.log
+    #  layout:
+    #    type: json
+    default:
+      type: rolling-file
+      fileName: "{{ kibana_logs_location }}/kibana.log"
+      policy:
+        type: size-limit
+        size: "{{ kibana_log_filesize }}"
+      strategy:
+        type: numeric
+        max: "{{ kibana_log_rotationcount }}"
+      layout:
+        type: json
+  loggers:
+    - name: elasticsearch.query
+      level: "{{ kibana_log_level }}"
+    - name: http.server.response
+      level: "{{ kibana_log_level }}"
+    - name: metrics.ops
+      level: "{{ kibana_log_level }}"
+  browser:
+    root:
+      lebel: "{{ kibana_log_level }}"

handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart kibana
+  systemd:
+    name: kibana
+    state: restarted

meta/main.yml

@@ -0,0 +1,15 @@
+---
+galaxy_info:
+  role_name: kibana
+  namespace: hahn-cloud
+  author: Lars Hahn
+  company: OpenDevChain
+  license: MIT
+  description: Role to setup kibana node/cluster
+  min_ansible_version: 2.7
+  platforms:
+    - name: Debian
+      versions:
+        - 11
+  galaxy_tags:
+    - kibana

tasks/main.yml

@@ -0,0 +1,72 @@
+---
+- name: setup kibana group
+  group:
+    name: "{{ kibana_grp }}"
+    state: "present"
+
+- name: setup kibana user
+  user:
+    name: "{{ kibana_usr }}"
+    home: "{{ kibana_home }}"
+    group: "{{ kibana_grp }}"
+    groups:
+      - "{{ kibana_grp }}"
+    comment: Virtual Kibana User
+    shell: /bin/bash
+    state: present
+    system: yes
+
+- name: setup Kibana directories
+  file:
+    state: directory
+    path: "{{ item }}"
+    owner: "{{ kibana_usr }}"
+    group: "{{ kibana_grp }}"
+    mode: 0750
+  loop:
+    - "{{ kibana_path }}"
+    - "{{ kibana_home }}"
+    - "{{ kibana_cert }}"
+    - "{{ kibana_data_location }}"
+    - "{{ kibana_logs_location }}"
+
+- name: download Kibana
+  unarchive:
+    src: "{{ kibana_source }}/kibana-{{ elastic_version }}-{{ kibana_platform_suffix }}.tar.gz"
+    dest: "{{ kibana_path }}"
+    creates: "{{ kibana_inst }}"
+    remote_src: true
+    owner: "{{ kibana_usr }}"
+    group: "{{ kibana_grp }}"
+    mode: 0755
+  register: kibana_install
+
+- name: configure Kibana
+  template:
+    src: "opt/kibana/home/config/{{ item }}.j2"
+    dest: "{{ kibana_conf }}/{{ item }}"
+    owner: "{{ kibana_usr }}"
+    group: "{{ kibana_grp }}"
+    mode: 0640
+  loop:
+    - kibana.yml
+    - node.options
+
+- name: setup generic Kibana link
+  file:
+    state: link
+    src: "{{ kibana_inst }}"
+    dest: "{{ kibana_link }}"
+
+- name: setup Kibana systemd unit
+  template:
+    src: etc/systemd/system/kibana.service.j2
+    dest: /etc/systemd/system/kibana.service
+#  notify: restart kibana
+#
+#- name: enable kibana systemd unit
+#  systemd:
+#    name: kibana
+#    enabled: yes
+#    daemon_reload: yes
+#    state: started

templates/etc/systemd/system/kibana.service.j2

@@ -0,0 +1,31 @@
+[Unit]
+Description=Kibana
+Documentation=https://www.elastic.co
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+User={{ kibana_usr }}
+Group={{ kibana_grp }}
+PrivateTmp=true
+
+Environment=KBN_HOME={{ kibana_home }}
+Environment=KBN_PATH_CONF={{ kibana_conf }}
+Environment=PID_DIR={{ kibana_home }}
+
+ExecStart={{ kibana_link }}/bin/kibana
+
+Restart=on-failure
+RestartSec=3
+
+StartLimitBurst=3
+StartLimitInterval=60
+
+WorkingDirectory={{ kibana_home }}
+
+StandardOutput=journal
+StandardError=inherit
+
+[Install]
+WantedBy=multi-user.target

templates/opt/kibana/home/config/kibana.yml.j2

@@ -0,0 +1,36 @@
+# For more configuration options see the configuration guide for Kibana in
+# https://www.elastic.co/guide/index.html
+
+# =================== System: Kibana Server ===================
+server: {{ kibana_config_server | to_nice_yaml(indent=4) }}
+
+# =================== System: Elasticsearch ===================
+elasticsearch: {{ kibana_config_elasticsearch | to_nice_yaml(indent=4) }}
+
+# =================== System: Logging ===================
+# Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
+logging: {{ kibana_config_logging | to_nice_yaml(indent=4) }}
+
+
+# =================== System: Other ===================
+path:
+    data: {{ kibana_data_location }}
+pid:
+    file: {{ kibana_home }}/kibana.pid
+ops:
+    interval: 5000
+i18n:
+    local: "en"
+
+# =================== Saved Objects: Migrations ===================
+migrations:
+    batchSize: 1000
+    maxBatchSizeBytes: 100mb
+    retryAttempts: 15
+
+# =================== Search Autocomplete ===================
+unifiedSearch:
+    autocomplete:
+        valueSuggestions:
+            timeout: 1000
+            terminateAfter: 100000

templates/opt/kibana/home/config/node.options.j2

@@ -0,0 +1,15 @@
+## Node command line options
+## See `node --help` and `node --v8-options` for available options
+## Please note you should specify one option per line
+
+## max size of old space in megabytes
+#--max-old-space-size=4096
+
+## do not terminate process on unhandled promise rejection
+ --unhandled-rejections=warn
+
+## restore < Node 16 default DNS lookup behavior
+--dns-result-order=ipv4first
+
+## enable OpenSSL 3 legacy provider
+--openssl-legacy-provider

vars/main.yml

@@ -0,0 +1,10 @@
+---
+kibana_usr: kibana
+kibana_grp: "{{ kibana_usr }}"
+
+kibana_path: "{{ cloud_apps }}/kibana"
+kibana_link: "{{ kibana_path }}/inst"
+kibana_inst: "{{ kibana_path }}/kibana-{{ elastic_version }}"
+kibana_home: "{{ kibana_path }}/home"
+kibana_conf: "{{ kibana_home }}/config"
+kibana_cert: "{{ kibana_conf }}/certs"