--- # creates elastic objetcs for smardigo instances # to empower dudes to find relevant logmessages faster and # reduce/abolish "monkey business" in creating needed ES-related objects for (devops|admin)-dudes # - executed on stage specific server: {{ stage }}-elastic-stack-kibana-01-kibana # Parameters: # playbook inventory # stage := the type of the stage (e.g. dev, int, qa, prod) # tenant_id := (unique key for the tenant, e.g. customer) # cluster_name := (business name for the cluster, e.g. product, department ) # cluster_size := (WIP node count for the cluster) # cluster_service := (service to setup, e.g. 'connect', ...) # cluster_features := (optional features to use, e.g. ['wordpress', 'resubmission', ...]) # smardigo message callback # scope_id := (scope id of the management process) # process_instance_id := (process instance id of the management process) # smardigo_management_action := (smardigo management action anme of the management process) ############################################################# # Creating inventory dynamically for given parameters ############################################################# - hosts: localhost gather_facts: false connection: local pre_tasks: - name: "Check if ansible version is at least 2.10.x" assert: that: - ansible_version.major >= 2 - ansible_version.minor >= 10 msg: "The ansible version has to be at least ({{ ansible_version.full }})" # add fictive server to load stage specific variables as context for sending smardigo management messages - name: "Add <{{ stage }}-smardigo-management-message> to hosts" add_host: name: "{{ stage }}-smardigo-management-message" groups: - "stage_{{ stage }}" changed_when: False tasks: - name: Add hosts add_host: name: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-{{ '%02d' | format(item|int) }}" groups: "{{ ['stage_' + stage ] + [cluster_service] + cluster_features }}" with_sequence: start=1 end={{ cluster_size | default(1) }} changed_when: False ############################################################# # Creating kibana search objects for created inventory ############################################################# - hosts: "stage_{{ stage }}:!{{ stage }}-smardigo-management-message" serial: "{{ serial_number | default(1) }}" gather_facts: no remote_user: root vars: ansible_connection: local ansible_ssh_host: "{{ stage_server_domain }}" api_endpoint: '{{ stage }}-elastic-stack-kibana-01-kibana.{{ domain }}' elastic_state: present elastic_users: - username: '{{ stage }}-{{ tenant_id }}' roles: - '{{ stage }}-{{ tenant_id }}' full_name: '' password: '{{ password | default( stage + "-" + tenant_id ) }}' email: '{{ email | default("") }}' enabled: true elastic_state: '{{ elastic_state }}' elastic_roles: - elastic_state: '{{ elastic_state }}' name: '{{ stage }}-{{ tenant_id }}' elasticsearch: cluster: [] indices: - names: - '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-*' privileges: - read - read_cross_cluster allow_restricted_indices: false run_as: [] kibana: - base: [] feature: advancedSettings: - read dashboard: - read discover: - read indexPatterns: - read savedObjectsManagement: - read spaces: - '{{ stage }}-{{ tenant_id }}' elastic_spaces: - elastic_state: '{{ elastic_state }}' id: &es_space_name '{{ stage }}-{{ tenant_id }}' name: '{{ stage }}-{{ tenant_id }}' description: '' disabledFeatures: - canvas - maps - ml - visualize - enterpriseSearch - logs - infrastructure - apm - uptime - observabilityCases - siem - monitoring - fleet - stackAlerts - actions - osquery - savedObjectsTagging es_index_pattern_tenant: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-*' es_index_pattern_service: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-*-{{ cluster_service }}-*' es_search_name: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-{{ cluster_service }}' es_dashboard_name: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-{{ cluster_service }}' es_container_name: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-{{ cluster_service }}' tasks: - name: "Do some stuff in elastic with spaces ... " include_role: name: kibana tasks_from: _configure_spaces.yml apply: tags: - es-spaces loop: "{{ elastic_spaces }}" loop_control: loop_var: elastic_space tags: - es-spaces - name: "Do some stuff in elastic with roles ..." include_role: name: kibana tasks_from: _configure_roles.yml apply: tags: - es-roles loop: "{{ elastic_roles }}" loop_control: loop_var: elastic_role tags: - es-roles - name: "Do some stuff in elastic with users ..." include_role: name: kibana tasks_from: _configure_users.yml apply: tags: - es-users loop: "{{ elastic_users }}" loop_control: loop_var: elastic_user tags: - es-users - name: "Do some stuff in elastic with spaces ..." include_role: name: kibana tasks_from: _import_savedobjects.yml apply: tags: - es-importobjects vars: es_space: *es_space_name es_indexpattern_title: '{{ es_indexpattern_name }}' es_index_pattern_tenant_uuid: '{{ es_index_pattern_tenant | to_uuid }}' es_index_pattern_service_uuid: '{{ es_index_pattern_service | to_uuid }}' es_search_title: '{{ es_search_name }}' es_search_uuid: '{{ es_search_name | to_uuid }}' es_panel_uuid: "{{ 'panel_' + es_dashboard_name | to_uuid }}" es_dashboard_title: '{{ es_dashboard_name }}' es_dashboard_uuid: '{{ es_dashboard_name | to_uuid }}' tags: - es-importobjects ############################################################# # Sending smardigo management message to process ############################################################# - hosts: "{{ stage }}-smardigo-management-message" serial: "{{ serial_number | default(1) }}" gather_facts: false connection: local run_once: true vars: connect_jwt_username: "{{ management_admin_username }}" tasks: - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" include_tasks: tasks/smardigo_management_message.yml