Issue #196: Move ELK example into this repository. Preliminary tests.

Author: geerlingguy

.travis.yml

@@ -29,6 +29,9 @@ env:
   # - playbook: dynamic-inventory.yml
   #   distro: ubuntu1604
 
+  - playbook: elk.yml
+    distro: ubuntu1804
+
   - playbook: https-self-signed.yml
     distro: ubuntu1604
 

elk/README.md

@@ -0,0 +1,43 @@
+# Ansible Vagrant profile for ELK (Elasticsearch, Logstash, Kibana)
+
+## Background
+
+Vagrant and VirtualBox (or some other VM provider) can be used to quickly build or rebuild virtual servers.
+
+This Vagrant profile configures two servers:
+
+  1. A server with the ELK stack ([Elasticsearch](http://www.elasticsearch.org/), [Logstash](http://logstash.net/), and [Kibana](http://www.elasticsearch.org/overview/kibana/)) using the [Ansible](http://www.ansible.com/) provisioner.
+  2. A server with the Nginx and [Filebeat](https://www.elastic.co/products/beats/filebeat) using the [Ansible](http://www.ansible.com/) provisioner, which routes Nginx access logs to the first server.
+
+## Getting Started
+
+This README file is inside a folder that contains a `Vagrantfile` (hereafter this folder shall be called the [vagrant_root]), which tells Vagrant how to set up your virtual machine in VirtualBox.
+
+To use the vagrant file, you will need to have done the following:
+
+  1. Download and Install [VirtualBox](https://www.virtualbox.org/wiki/Downloads)
+  2. Download and Install [Vagrant](https://www.vagrantup.com/downloads.html)
+  3. Install [Ansible](https://www.ansible.com/) ([guide for installing Ansible](http://docs.ansible.com/ansible/latest/intro_installation.html))
+  4. Open a shell prompt (Terminal app on a Mac) and cd into the folder containing the `Vagrantfile`
+  5. Run the following command to install the necessary Ansible roles for this profile: `$ ansible-galaxy install -r requirements.yml`
+
+Once all of that is done, you can simply type in `vagrant up`, and Vagrant will create both new VMs and configure them.
+
+Once the VMs are up and running (after `vagrant up` is complete and you're back at the command prompt), you can log into either one via SSH if you'd like by typing in `vagrant ssh [name]` (either `logs` for the ELK server, or `webs` for the Nginx server). Otherwise, the next steps are below.
+
+### Setting up your hosts file
+
+You need to modify your host machine's hosts file (Mac/Linux: `/etc/hosts`; Windows: `%systemroot%\system32\drivers\etc\hosts`), adding the lines below:
+
+    192.168.9.90  logs.test
+    192.168.9.91  webs.test
+
+(Where `logs.test`/`webs.test` is the hostname you have configured in the `Vagrantfile`).
+
+After that is configured, you could visit http://logs.test/ in a browser, and you'll see the Kibana dashboard, and you can visit http://webs.test/, and you'll see Nginx's default index page.
+
+If you'd like additional assistance editing your hosts file, please read [How do I modify my hosts file?](http://www.rackspace.com/knowledge_center/article/how-do-i-modify-my-hosts-file) from Rackspace.
+
+## Author Information
+
+Created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

elk/Vagrantfile

@@ -0,0 +1,42 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  config.vm.box = "geerlingguy/ubuntu1804"
+  config.ssh.insert_key = false
+
+  config.vm.provider :virtualbox do |v|
+    v.memory = 2048
+    v.cpus = 2
+    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+    v.customize ["modifyvm", :id, "--ioapic", "on"]
+  end
+
+  # ELK server.
+  config.vm.define "logs" do |logs|
+    logs.vm.hostname = "logs.test"
+    logs.vm.network :private_network, ip: "192.168.9.90"
+
+    logs.vm.provision :ansible do |ansible|
+      ansible.playbook = "provisioning/elk/playbook.yml"
+      ansible.inventory_path = "provisioning/elk/inventory"
+      ansible.become = true
+    end
+  end
+
+  # Web server.
+  config.vm.define "webs" do |webs|
+    webs.vm.hostname = "webs.test"
+    webs.vm.network :private_network, ip: "192.168.9.91"
+
+    webs.vm.provision :ansible do |ansible|
+      ansible.compatibility_mode = "2.0"
+      ansible.playbook = "provisioning/web/playbook.yml"
+      ansible.inventory_path = "provisioning/web/inventory"
+      ansible.become = true
+    end
+  end
+
+end

elk/ansible.cfg

@@ -0,0 +1,7 @@
+[defaults]
+roles_path = ./roles
+nocows = 1
+
+[ssh_connection]
+pipelining = True
+control_path = /tmp/ansible-ssh-%%h-%%p-%%r

elk/provisioning/elk/elk-vagrant-example.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpDCCAYwCCQCLxH8FCzXqnjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
+b2dzLnRlc3QwHhcNMjAwMTEzMTg1MDU0WhcNMzAwMTEwMTg1MDU0WjAUMRIwEAYD
+VQQDDAlsb2dzLnRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm
+/AWIzC+jjImCWpJJf8JftlqC8sjkB6SPBwrKpRqkIfuwIYcOvivcd9/jpUe4MMvw
+swy/DQO9gGnopotwaMcGRfYLQDunxjLijgMIdyKi1EQyf6FqHN/zQF5S/hXKJUTf
+ULvuWD/zAJPhPqxRAwPVqVnfZgk4qDr8ctnnchJ6fTAUfaHVKAk7IaPjG90lXdS4
+wYcdz3umIsXZ+GaYrJfrPQ+hJaHgRvlSlLZBKra7GwvSJBfxYObrsW9cBcOxZ+X+
+qWg4pyOew1IIIM00b0rl2KB05xAvmzKfPYOZxxm02W+YVvpxKa+F8ktjLlRWZCBl
+mDwLlL/EutIzVo8Hl4UNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAArsXVWy3BFR
+uF5B3wbBaubfHWQ61/+JBbrUzWfaoNvgjtMOyfz3ijJPtFcb+4IgNIo7WMw1JJeV
+4PR0CEXnNmDl6qiA0dBqrI4PP2h3clG2U/8A4rFZ3wtAFhV2L1kMIsJ5IKd1Z+Jd
+xUY3u4v/MAW6EnH2OZM6VKCDpFPeZA0vEFseLAkxOxW4jj7+eqZjnYVzLxmnxsF5
+nQziI1mN0trtofhcLPi8I9gC0uOyRzgBXbQiqBPIDX+16uhmzS2n3tjBOxdKNqxW
+b9U+xafYa4k693IdnIhtJPDq9G8fbOhKV0fZ548bmkYMPan/OJ3yJx88o6AH8edh
+z48RJYo1BiY=
+-----END CERTIFICATE-----

elk/provisioning/elk/elk-vagrant-example.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCm/AWIzC+jjImC
+WpJJf8JftlqC8sjkB6SPBwrKpRqkIfuwIYcOvivcd9/jpUe4MMvwswy/DQO9gGno
+potwaMcGRfYLQDunxjLijgMIdyKi1EQyf6FqHN/zQF5S/hXKJUTfULvuWD/zAJPh
+PqxRAwPVqVnfZgk4qDr8ctnnchJ6fTAUfaHVKAk7IaPjG90lXdS4wYcdz3umIsXZ
++GaYrJfrPQ+hJaHgRvlSlLZBKra7GwvSJBfxYObrsW9cBcOxZ+X+qWg4pyOew1II
+IM00b0rl2KB05xAvmzKfPYOZxxm02W+YVvpxKa+F8ktjLlRWZCBlmDwLlL/EutIz
+Vo8Hl4UNAgMBAAECggEAMQj+4w36y08grjvEi3rN7GdTKvL6lSO9ahbKT3muWhZ0
+n2MpEuY7YRF+mI3XgropmTQrAQtkVsiX0S7e8ZKDJ09yEhm5qunj1W2YbGr3q9Mj
+d6TNFKkIBpmXWU2tvl+1WtKNbU9S8BvyUQmjdmKpRJvnfVesS4vzTmC3pmR0Eq2o
+yTZHgOsawPq2n2poOgboJN1XyNi8dFY28Z50tJHjlXNqGi8K3J/EohkIif7wYFna
+a2hwpkh1qdcdZWtjCe/wNbfELOL5WzmYqiKT5NxsmU0Ah0tq9QCAirVZ5q61R/lP
+5M1qfKyWgk7D284f3ezgLvCXozpBxM3hleB2Fmqc4QKBgQDa4doF5TTQVi4acX+Y
+jQu8OIJ0FlaaX8puKUSKR23VTekcXCj/lNZ0s/dhBYpwn8ggqwtGSeQU3qk2WsGz
+0MgjGdVWcnGAfPCgVCS/ULNi9yW6zsPcuX84unzfblei+b9E1eRlpcux/lGaitrh
+csOqiFhr8cUmY3tjYhkivXgJNQKBgQDDTS0QaIoSs+Zpt2gMZqKmuwx6Q8ORTR7L
+LokhOOGJYligEeDHVRNA0f3wItnhazoWJE4sU09hjPLXzIn8QKBDy9xODQqgzTVp
+MlNDR1Kxb+hwxbRIx3WLrrGnqu2wPYWfpOLVkx/oIMWTUehsixq4FbhL0DK9eypA
+K36T0z7feQKBgQCoMm/woc5w3hi1d0w+tPw0mhQdEuFf5YZQGuQxgmwzQpiEk4lp
+xTz7FyRc6P4WR6JpACc8zyE2rFfJjfpVrHVvC7X1pSH1Q41BFwfaADCpNxRGNgcq
+gVzzAdNdepRbh6FkSx0kw0ABOlYI9PT309HqJLYV1QbT1hSGLWb1XDV2lQKBgEju
+1zdbcsSNPiyYe1i2M2OEUqKOD8iBPlCuLjOj5EXD3kjYpFKMKMZ6JRS6TxdpTaXb
+JP5Ulj5dvopsLdNv5umqhbj4EdH/EEUasBFd3zm4CtuiWTMcmX7yXBG7OUwpjW8S
+ykrryGyNYHsliWCPigjYw5w8QdaU2jBgjcJyjvYxAoGBALS3NVYsbCtG6nE/Elx6
+FoYtxJbA7Hy0AsrgvRlZ0nlIzGUhmFNmnlneUy/22KYMR+vFT7qLxPKg5gtSxysC
+EuDv3ODSY0aCT/7m93Nzlp4w/BLjDP0jhSiwkXHkj4vCj37mYrXsAbmzO55M9Cme
+kQHqVKo9bXlTWBg5ONYP7cIb
+-----END PRIVATE KEY-----

elk/provisioning/elk/elk-vagrant-example.p8

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCm/AWIzC+jjImC
+WpJJf8JftlqC8sjkB6SPBwrKpRqkIfuwIYcOvivcd9/jpUe4MMvwswy/DQO9gGno
+potwaMcGRfYLQDunxjLijgMIdyKi1EQyf6FqHN/zQF5S/hXKJUTfULvuWD/zAJPh
+PqxRAwPVqVnfZgk4qDr8ctnnchJ6fTAUfaHVKAk7IaPjG90lXdS4wYcdz3umIsXZ
++GaYrJfrPQ+hJaHgRvlSlLZBKra7GwvSJBfxYObrsW9cBcOxZ+X+qWg4pyOew1II
+IM00b0rl2KB05xAvmzKfPYOZxxm02W+YVvpxKa+F8ktjLlRWZCBlmDwLlL/EutIz
+Vo8Hl4UNAgMBAAECggEAMQj+4w36y08grjvEi3rN7GdTKvL6lSO9ahbKT3muWhZ0
+n2MpEuY7YRF+mI3XgropmTQrAQtkVsiX0S7e8ZKDJ09yEhm5qunj1W2YbGr3q9Mj
+d6TNFKkIBpmXWU2tvl+1WtKNbU9S8BvyUQmjdmKpRJvnfVesS4vzTmC3pmR0Eq2o
+yTZHgOsawPq2n2poOgboJN1XyNi8dFY28Z50tJHjlXNqGi8K3J/EohkIif7wYFna
+a2hwpkh1qdcdZWtjCe/wNbfELOL5WzmYqiKT5NxsmU0Ah0tq9QCAirVZ5q61R/lP
+5M1qfKyWgk7D284f3ezgLvCXozpBxM3hleB2Fmqc4QKBgQDa4doF5TTQVi4acX+Y
+jQu8OIJ0FlaaX8puKUSKR23VTekcXCj/lNZ0s/dhBYpwn8ggqwtGSeQU3qk2WsGz
+0MgjGdVWcnGAfPCgVCS/ULNi9yW6zsPcuX84unzfblei+b9E1eRlpcux/lGaitrh
+csOqiFhr8cUmY3tjYhkivXgJNQKBgQDDTS0QaIoSs+Zpt2gMZqKmuwx6Q8ORTR7L
+LokhOOGJYligEeDHVRNA0f3wItnhazoWJE4sU09hjPLXzIn8QKBDy9xODQqgzTVp
+MlNDR1Kxb+hwxbRIx3WLrrGnqu2wPYWfpOLVkx/oIMWTUehsixq4FbhL0DK9eypA
+K36T0z7feQKBgQCoMm/woc5w3hi1d0w+tPw0mhQdEuFf5YZQGuQxgmwzQpiEk4lp
+xTz7FyRc6P4WR6JpACc8zyE2rFfJjfpVrHVvC7X1pSH1Q41BFwfaADCpNxRGNgcq
+gVzzAdNdepRbh6FkSx0kw0ABOlYI9PT309HqJLYV1QbT1hSGLWb1XDV2lQKBgEju
+1zdbcsSNPiyYe1i2M2OEUqKOD8iBPlCuLjOj5EXD3kjYpFKMKMZ6JRS6TxdpTaXb
+JP5Ulj5dvopsLdNv5umqhbj4EdH/EEUasBFd3zm4CtuiWTMcmX7yXBG7OUwpjW8S
+ykrryGyNYHsliWCPigjYw5w8QdaU2jBgjcJyjvYxAoGBALS3NVYsbCtG6nE/Elx6
+FoYtxJbA7Hy0AsrgvRlZ0nlIzGUhmFNmnlneUy/22KYMR+vFT7qLxPKg5gtSxysC
+EuDv3ODSY0aCT/7m93Nzlp4w/BLjDP0jhSiwkXHkj4vCj37mYrXsAbmzO55M9Cme
+kQHqVKo9bXlTWBg5ONYP7cIb
+-----END PRIVATE KEY-----

elk/provisioning/elk/inventory

@@ -0,0 +1,2 @@
+[logs]
+logs.test ansible_ssh_host=192.168.9.90 ansible_ssh_port=22

elk/provisioning/elk/playbook.yml

@@ -0,0 +1,23 @@
+---
+# Ansible playbook for an ELK (Elasticsearch, Logstash, Kibana) logging server.
+#
+# @author Jeff Geerling (2014).
+
+- hosts: logs
+  gather_facts: yes
+
+  vars_files:
+    - vars/main.yml
+
+  pre_tasks:
+    - name: Update apt cache if needed.
+      apt: update_cache=yes cache_valid_time=86400
+
+  roles:
+    - geerlingguy.java
+    - geerlingguy.nginx
+    - geerlingguy.elasticsearch
+    - geerlingguy.elasticsearch-curator
+    - geerlingguy.kibana
+    - geerlingguy.logstash
+    - geerlingguy.filebeat

elk/provisioning/elk/vars/main.yml

@@ -0,0 +1,39 @@
+---
+java_packages:
+  - openjdk-8-jdk
+
+kibana_server_name: logs.test
+kibana_username: kibana
+kibana_password: password
+
+nginx_user: www-data
+nginx_worker_connections: 1024
+nginx_remove_default_vhost: true
+nginx_vhosts:
+  # Kibana proxy.
+  - listen: "80 default_server"
+    filename: kibana.conf
+    server_name: logs.test
+    extra_parameters: |
+      location / {
+          include /etc/nginx/proxy_params;
+          proxy_pass          http://localhost:5601;
+          proxy_set_header   Authorization "";
+          proxy_read_timeout  90s;
+      }
+
+logstash_ssl_key_file: elk-vagrant-example.p8
+logstash_ssl_certificate_file: elk-vagrant-example.crt
+
+filebeat_output_logstash_enabled: true
+filebeat_output_logstash_hosts:
+  - "logs.test:5044"
+
+filebeat_ssl_key_file: elk-vagrant-example.p8
+filebeat_ssl_certificate_file: elk-vagrant-example.crt
+filebeat_ssl_insecure: "true"
+
+filebeat_inputs:
+  - type: log
+    paths:
+      - /var/log/auth.log