--- # creates elastic objetcs for smardigo instances # to empower dudes to find relevant logmessages faster and # reduce/abolish "monkey business" in creating needed ES-related objects for (devops|admin)-dudes # - executed on stage specific server: {{ stage }}-elastic-stack-kibana-01-kibana # Parameters: # playbook inventory # stage := the type of the stage (e.g. dev, int, qa, prod) # tenant_id := (unique key for the tenant, e.g. customer) # cluster_name := (business name for the cluster, e.g. product, department ) # cluster_size := (WIP node count for the cluster) (Currently max is 2 master/slave) # cluster_services_str := (services to setup, e.g. 'connect,wordpress') # smardigo message callback # scope_id := (scope id of the management process) # process_instance_id := (process instance id of the management process) # smardigo_management_action := (smardigo management action anme of the management process) ############################################################# # Creating inventory dynamically for given parameters ############################################################# - hosts: localhost gather_facts: false connection: local pre_tasks: - name: "Check if ansible version is at least 2.10.x" assert: that: - ansible_version.major >= 2 - ansible_version.minor >= 10 msg: "The ansible version has to be at least ({{ ansible_version.full }})" - set_fact: cluster_services: "{{ cluster_services_str | split(',') }}" tasks: - name: Add kibana server(s) to hosts if necessary add_host: name: "{{ stage }}-elastic-stack-kibana-01-kibana" groups: - "stage_{{ stage }}" with_items: "{{ cluster_services }}" when: item in ['connect'] ############################################################# # configure elastic search objects ############################################################# - hosts: "stage_{{ stage }}" serial: "{{ serial_number | default(1) }}" gather_facts: no remote_user: root vars: ansible_connection: local ansible_ssh_host: "{{ stage_server_domain }}" api_endpoint: '{{ stage }}-elastic-stack-kibana-01-kibana.{{ domain }}' elastic_state: present elastic_users: - username: '{{ stage }}-{{ tenant_id }}' roles: - '{{ stage }}-{{ tenant_id }}' full_name: '' password: '{{ password | default( stage + "-" + tenant_id ) }}' email: '{{ email | default("") }}' enabled: true elastic_state: '{{ elastic_state }}' elastic_roles: - elastic_state: '{{ elastic_state }}' name: '{{ stage }}-{{ tenant_id }}' elasticsearch: cluster: [] indices: - names: - '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-*' privileges: - read - read_cross_cluster allow_restricted_indices: false run_as: [] kibana: - base: [] feature: advancedSettings: - read dashboard: - read discover: - read indexPatterns: - read savedObjectsManagement: - read spaces: - '{{ stage }}-{{ tenant_id }}' elastic_spaces: - elastic_state: '{{ elastic_state }}' id: &es_space_name '{{ stage }}-{{ tenant_id }}' name: '{{ stage }}-{{ tenant_id }}' description: '' disabledFeatures: - canvas - maps - ml - visualize - enterpriseSearch - logs - infrastructure - apm - uptime - observabilityCases - siem - monitoring - fleet - stackAlerts - actions - osquery - savedObjectsTagging es_indexpattern_name: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-*' es_search_name: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-{{ cluster_services_str }}' es_dashboard_name: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-{{ cluster_services_str }}' tasks: - name: "Do some stuff in elastic with spaces ... " include_role: name: elastic tasks_from: _configure_spaces.yml apply: tags: - es-spaces loop: "{{ elastic_spaces }}" loop_control: loop_var: elastic_space tags: - es-spaces - name: "Do some stuff in elastic with roles ... " include_role: name: elastic tasks_from: _configure_roles.yml apply: tags: - es-roles loop: "{{ elastic_roles }}" loop_control: loop_var: elastic_role tags: - es-roles - name: "Do some stuff in elastic with users ... " include_role: name: elastic tasks_from: _configure_users.yml apply: tags: - es-users loop: "{{ elastic_users }}" loop_control: loop_var: elastic_user tags: - es-users - name: "Do some stuff in elastic with spaces ... " include_role: name: elastic tasks_from: _import_savedobjects.yml apply: tags: - es-importobjects vars: es_space: *es_space_name es_indexpattern_title: '{{ es_indexpattern_name }}' es_indexpattern_uuid: '{{ es_indexpattern_name | to_uuid }}' es_search_title: '{{ es_search_name }}' es_search_uuid: '{{ es_search_name | to_uuid }}' es_panel_uuid: "{{ 'panel_' + es_dashboard_name | to_uuid }}" es_dashboard_title: '{{ es_dashboard_name }}' es_dashboard_uuid: '{{ es_dashboard_name | to_uuid }}' tags: - es-importobjects ############################################################# # Sending smardigo management message to process ############################################################# - hosts: "stage_{{ stage }}" serial: "{{ serial_number | default(1) }}" gather_facts: false connection: local run_once: true vars: connect_jwt_username: "{{ management_admin_username }}" tasks: - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" include_tasks: tasks/smardigo_management_message.yml