From 6efaa232acd077b0da62e856a610fa14dd2ffeb4 Mon Sep 17 00:00:00 2001
From: lhahn <lhahn@huehner-cloud.de>
Date: Sat, 8 Feb 2025 00:05:11 +0100
Subject: [PATCH] First setup of kibana

---
 defaults/main.yml                             | 76 ++++++++++++++++++
 handlers/main.yml                             |  5 ++
 meta/main.yml                                 | 15 ++++
 tasks/main.yml                                | 80 +++++++++++++++++++
 .../etc/systemd/system/kibana.service.j2      | 31 +++++++
 .../opt/kibana/home/config/kibana.yml.j2      | 39 +++++++++
 .../opt/kibana/home/config/node.options.j2    | 15 ++++
 vars/main.yml                                 | 10 +++
 8 files changed, 271 insertions(+)
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 meta/main.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/etc/systemd/system/kibana.service.j2
 create mode 100644 templates/opt/kibana/home/config/kibana.yml.j2
 create mode 100644 templates/opt/kibana/home/config/node.options.j2
 create mode 100644 vars/main.yml

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..20b07fc
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,76 @@
+---
+cloud_apps: /opt
+cloud_storage: /opt/storage
+cloud_stage: prod
+cloud_update: false
+
+elastic_version: 8.17.1
+kibana_platform_suffix: linux-x86_64
+
+kibana_data_location: "{{ cloud_storage }}/kibana-data"
+kibana_logs_location: "{{ cloud_storage }}/kibana-logs"
+
+kibana_source: "https://artifacts.elastic.co/downloads/kibana"
+
+kibana_log_filesize: 256mb
+kibana_log_rotationcount: 10
+kibana_log_level: info
+
+kibana_config_server:
+  port: 5601
+  host: "localhost"
+#  basePath: ""
+#  rewriteBasePath: false
+#  publicBaseUrl: ""
+  maxPayload: 1048576
+  name: "{{ cloud_name | default('elasticsearch') | split('-') | map('title') | join(' ') }} {{ cloud_stage | title }}"
+#  ssl:
+#    enabled: false
+#    certificate: /path/to/your/server.crt
+#    key: /path/to/your/server.key
+
+kibana_config_elasticsearch:
+  hosts:
+    - http://cloud-elastic-0.local:9200
+  username: "kibana_system"
+  password: "pass"
+  requestTimeout: 30000
+  pingTimeout: 1500
+  maxSockets: 1024
+  compression: false
+  requestHeadersWhitelist: 
+    - authorization
+  customHeaders: {}
+  shardTimeout: 30000
+  ssl:
+    enabled: true
+    keystore:
+      path: /path/to/your/elastic-http.p12
+      password: ""
+    verificationMode: certificate
+
+kibana_config_logging:
+  root:
+    level: "{{ kibana_log_level }}"
+  appenders:
+    default:
+      type: rolling-file
+      fileName: "{{ kibana_logs_location }}/kibana.log"
+      policy:
+        type: size-limit
+        size: "{{ kibana_log_filesize }}"
+      strategy:
+        type: numeric
+        max: "{{ kibana_log_rotationcount }}"
+      layout:
+        type: json
+  loggers:
+    - name: elasticsearch.query
+      level: "{{ kibana_log_level }}"
+    - name: http.server.response
+      level: "{{ kibana_log_level }}"
+    - name: metrics.ops
+      level: "{{ kibana_log_level }}"
+  browser:
+    root:
+      level: "{{ kibana_log_level }}"
\ No newline at end of file
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..90da255
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart kibana
+  systemd:
+    name: kibana
+    state: restarted
\ No newline at end of file
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..131f884
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+  role_name: kibana
+  namespace: hahn-cloud
+  author: Lars Hahn
+  company: OpenDevChain
+  license: MIT
+  description: Role to setup kibana node/cluster
+  min_ansible_version: 2.7
+  platforms:
+    - name: Debian
+      versions:
+        - 11
+  galaxy_tags:
+    - kibana
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..bac2b42
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,80 @@
+---
+- name: setup kibana group
+  group:
+    name: "{{ kibana_grp }}"
+    state: "present"
+
+- name: setup kibana user
+  user:
+    name: "{{ kibana_usr }}"
+    home: "{{ kibana_home }}"
+    group: "{{ kibana_grp }}"
+    groups:
+      - "{{ kibana_grp }}"
+    comment: Virtual Kibana User
+    shell: /bin/bash
+    state: present
+    system: yes
+
+- name: setup Kibana directories
+  file:
+    state: directory
+    path: "{{ item }}"
+    owner: "{{ kibana_usr }}"
+    group: "{{ kibana_grp }}"
+    mode: 0750
+  loop:
+    - "{{ kibana_path }}"
+    - "{{ kibana_home }}"
+    - "{{ kibana_cert }}"
+    - "{{ kibana_data_location }}"
+    - "{{ kibana_logs_location }}"
+
+- name: download Kibana
+  unarchive:
+    src: "{{ kibana_source }}/kibana-{{ elastic_version }}-{{ kibana_platform_suffix }}.tar.gz"
+    dest: "{{ kibana_path }}"
+    creates: "{{ kibana_inst }}"
+    remote_src: true
+    owner: "{{ kibana_usr }}"
+    group: "{{ kibana_grp }}"
+    mode: 0755
+  register: kibana_install
+
+- name: configure Kibana
+  template:
+    src: "opt/kibana/home/config/{{ item }}.j2"
+    dest: "{{ kibana_conf }}/{{ item }}"
+    owner: "{{ kibana_usr }}"
+    group: "{{ kibana_grp }}"
+    mode: 0640
+  loop:
+    - kibana.yml
+    - node.options
+
+- name: rollout elasticsearch http p12 certificate
+  copy:
+    content: "{{ elastic_cert_http_p12 }}"
+    dest: "{{ kibana_cert }}/elastic-http.p12"
+    owner: "{{ kibana_usr }}"
+    group: "{{ kibana_grp }}"
+    mode: 0600
+
+- name: setup generic Kibana link
+  file:
+    state: link
+    src: "{{ kibana_inst }}"
+    dest: "{{ kibana_link }}"
+
+- name: setup Kibana systemd unit
+  template:
+    src: etc/systemd/system/kibana.service.j2
+    dest: /etc/systemd/system/kibana.service
+  notify: restart kibana
+
+- name: enable kibana systemd unit
+  systemd:
+    name: kibana
+    enabled: yes
+    daemon_reload: yes
+    state: started
\ No newline at end of file
diff --git a/templates/etc/systemd/system/kibana.service.j2 b/templates/etc/systemd/system/kibana.service.j2
new file mode 100644
index 0000000..a045eec
--- /dev/null
+++ b/templates/etc/systemd/system/kibana.service.j2
@@ -0,0 +1,31 @@
+[Unit]
+Description=Kibana
+Documentation=https://www.elastic.co
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+User={{ kibana_usr }}
+Group={{ kibana_grp }}
+PrivateTmp=true
+
+Environment=KBN_HOME={{ kibana_home }}
+Environment=KBN_PATH_CONF={{ kibana_conf }}
+Environment=PID_DIR={{ kibana_home }}
+
+ExecStart={{ kibana_link }}/bin/kibana
+
+Restart=on-failure
+RestartSec=3
+
+StartLimitBurst=3
+StartLimitInterval=60
+
+WorkingDirectory={{ kibana_home }}
+
+StandardOutput=journal
+StandardError=inherit
+
+[Install]
+WantedBy=multi-user.target
diff --git a/templates/opt/kibana/home/config/kibana.yml.j2 b/templates/opt/kibana/home/config/kibana.yml.j2
new file mode 100644
index 0000000..bd4393e
--- /dev/null
+++ b/templates/opt/kibana/home/config/kibana.yml.j2
@@ -0,0 +1,39 @@
+# For more configuration options see the configuration guide for Kibana in
+# https://www.elastic.co/guide/index.html
+
+# =================== System: Kibana Server ===================
+server:
+    {{ kibana_config_server | to_nice_yaml | indent(4) }}
+
+# =================== System: Elasticsearch ===================
+elasticsearch:
+    {{ kibana_config_elasticsearch }} #| to_nice_yaml | indent(4) }}
+
+# =================== System: Logging ===================
+# Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
+logging:
+    {{ kibana_config_logging | to_nice_yaml | indent(4) }}
+
+
+# =================== System: Other ===================
+path:
+    data: {{ kibana_data_location }}
+pid:
+    file: {{ kibana_home }}/kibana.pid
+ops:
+    interval: 5000
+i18n:
+    locale: "en"
+
+# =================== Saved Objects: Migrations ===================
+migrations:
+    batchSize: 1000
+    maxBatchSizeBytes: 100mb
+    retryAttempts: 15
+
+# =================== Search Autocomplete ===================
+unifiedSearch:
+    autocomplete:
+        valueSuggestions:
+            timeout: 1000
+            terminateAfter: 100000
\ No newline at end of file
diff --git a/templates/opt/kibana/home/config/node.options.j2 b/templates/opt/kibana/home/config/node.options.j2
new file mode 100644
index 0000000..c760ad5
--- /dev/null
+++ b/templates/opt/kibana/home/config/node.options.j2
@@ -0,0 +1,15 @@
+## Node command line options
+## See `node --help` and `node --v8-options` for available options
+## Please note you should specify one option per line
+
+## max size of old space in megabytes
+#--max-old-space-size=4096
+
+## do not terminate process on unhandled promise rejection
+ --unhandled-rejections=warn
+
+## restore < Node 16 default DNS lookup behavior
+--dns-result-order=ipv4first
+
+## enable OpenSSL 3 legacy provider
+--openssl-legacy-provider
\ No newline at end of file
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 0000000..b0c152b
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,10 @@
+---
+kibana_usr: kibana
+kibana_grp: "{{ kibana_usr }}"
+
+kibana_path: "{{ cloud_apps }}/kibana"
+kibana_link: "{{ kibana_path }}/inst"
+kibana_inst: "{{ kibana_path }}/kibana-{{ elastic_version }}"
+kibana_home: "{{ kibana_path }}/home"
+kibana_conf: "{{ kibana_home }}/config"
+kibana_cert: "{{ kibana_conf }}/certs"
\ No newline at end of file