diff --git a/Ansible-ELK-Stack/elk-ansible.yml b/Ansible-ELK-Stack/elk-ansible.yml new file mode 100644 index 0000000..ff9ec72 --- /dev/null +++ b/Ansible-ELK-Stack/elk-ansible.yml @@ -0,0 +1,5 @@ +- hosts: elk_server + become: yes + become_method: sudo + roles: # ทำให้ ansible รันเฉพาะ tag ได้ถ้าไม่ระบุแท๊กก็จะรันทั้งมด ansible-playbook setup.yml -t docker + - {role: elk_ansible, tags: "elk_ansible"} diff --git a/Ansible-ELK-Stack/roles/elk_ansible/tasks/main.yml b/Ansible-ELK-Stack/roles/elk_ansible/tasks/main.yml index 0c7516f..a1ebc83 100644 --- a/Ansible-ELK-Stack/roles/elk_ansible/tasks/main.yml +++ b/Ansible-ELK-Stack/roles/elk_ansible/tasks/main.yml @@ -1,54 +1,63 @@ --- -# tasks file for elk_ansible -- name: "git clone project MeetU" +# tasks file for elk +# vars ไฟล์จะโดนดูดเข้ามาอัตโนมัติทันทีชื่อต้องตาม format yml แท้ๆ ห้ามมีจุด ต้องใช้แบบ key pair indent : +# - name: fdsfsd +# debug: +# msg: "{{kibana_password}}" + +- name: "git clone project MeetU {{kibana.password}}" become: no git: repo: "https://github.com/wdrdres3qew5ts21/MeetU.git" dest: "~/meetu" - update: yes - + update: yes -- name: "Start docker-compose Generate SSL & X.509" - docker_compose: - project_src: "~/meetu" - files: - - create-cert-pem.yml +# ต้องใช้ Certificate จาก Let's Encrypt มาเชื่อมกับ container ของเราผ่าน volume +- name: "Start Elasticsearch Docker" + docker_container: + image: docker.elastic.co/elasticsearch/elasticsearch:7.7.0 state: present + restart: yes + published_ports: + - "9200:9200" + networks: + - name: meetu_elastic + volumes: + - meetu_data01 + ulimits: + - "memlock:-1:-1" + + + + + + + -- name: "Teardown all ELK Stack" - docker_compose: - project_src: "~/meetu" - files: - - docker-compose-elastic-single-ssl.yml - state: absent - remove_orphans: true - -- name: "Start docker-compose ELK stack ;)" - docker_compose: - project_src: "~/meetu" - files: - - docker-compose-elastic-single-ssl.yml - state: present - remove_orphans: true -- name: "Change password for Kibana" - shell: - cmd: > - bash -c " - while true - do - curl --fail -u elastic:PleaseChangeMe \ - 'http://localhost:9200/_cluster/health?wait_for_status=yellow' \ - && break - sleep 5 - done +# - name: "Start Kibana Docker" +# docker_container: +# image: docker.elastic.co/kibana/kibana:7.7.0 +# name: elasticsearch1 +# state: present + - curl -X POST -v -k 'http://localhost:9200/_security/user/kibana/_password?pretty' \ - -u elastic:PleaseChangeMe -H 'Content-Type: application/json' \ - -d ' { \"password\" : \"PleaseChangeMe\" } ' && echo 'success change password success' - " - - \ No newline at end of file +# - name: Change Kibana Password API +# uri: +# url: "https://localhost:9200/_security/user/kibana/_password?pretty" +# follow_redirects: none +# method: POST +# user: elastic +# password: PleaseChangeMe +# validate_certs: no +# force_basic_auth: yes +# body_format: json +# body: > +# { "password": "{{kibana_password}}" } +# register: _result +# until: _result.status == 200 +# retries: 20 +# delay: 5 diff --git a/docker-compose-elastic-single-full-ssl.yml b/docker-compose-elastic-single-full-ssl.yml index 0f47ce3..25ae9bf 100644 --- a/docker-compose-elastic-single-full-ssl.yml +++ b/docker-compose-elastic-single-full-ssl.yml @@ -75,18 +75,6 @@ services: - certs:$CERTS_DIR networks: - elastic - # command: > - # bash -c ' - # curl -X POST -v -k --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt "https://elasticsearch1:9200/_security/user/kibana/_password?pretty" -u elastic:PleaseChangeMe -H 'Content-Type: application/json' -d' { "password" : "PleaseChangeMe" } ' - - # if [[ $? == 51 ]] - # then - # echo "Connect but it not secure So fail to change Password" - # else - # echo "Skip SSL Secure Connection by -k argument so Change password Success" - # fi - # ' - # depends_on: {"elasticsearch1": {"condition": "service_healthy"}} networks: elastic: