# elk apt repo elk_repo: repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' state: "{{ ((elk_package_state | default('present')) == 'absent') | ternary('absent', 'present') }}" #metricbeats monitoring endpoints elastic_metricbeat_rabbitmq_monitoring_hosts: '"localhost:15672"' elastic_metricbeat_haproxy_monitoring_hosts: '"unix:///var/run/haproxy.stat"' # elastic search vars elastic_port: 9200 elastic_hap_port: 9201 cluster_name: openstack_elk node_name: ${HOSTNAME} elastic_data_interface: "{{ ansible_default_ipv4['alias'] }}" ### Elastic curator variables ## Default retention policy options. All retention options are in days. # elastic_logstash_retention: 1 # elastic_apm_retention: 1 # elastic_auditbeat_retention: 1 # elastic_filebeat_retention: 1 # elastic_heartbeat_retention: 1 # elastic_journalbeat_retention: 1 # elastic_metricbeat_retention: 1 # elastic_packetbeat_retention: 1 # This is used to calculate the storage a beat could generate per node, per day. # This constant is used as a multiplier. If the expected storage is larger than # the actual available storage after the buffer is calculated the multiplier # will be doubled there-by cutting the potential storage days in half. elastic_beat_storage_constant: 512 ## If any retention policy option is undefined a dynamic fact will be generated. ## Fact will be generated for the general retention using the storage constant ## per node, per index, where a given collector is expected to be deployed. The ## equation used will take the total available storage from the ES data nodes ## subtract 25% divided by the total number of data nodes. That is then divided ## by number of hosts assumed to be a beat target which is multiplied by the ## storage constant. elastic_beat_retention_policy_hosts: logstash: "{{ groups['elastic-logstash'] | default([null]) | length }}" apm: "{{ groups['apm-server'] | default([null]) | length }}" auditbeat: "{{ groups['hosts'] | default([null]) | length }}" filebeat: "{{ groups['hosts'] | default([null]) | length }}" heartbeat: "{{ groups['utility_all'] | default([null]) | length }}" journalbeat: "{{ groups['all'] | default([null]) | length }}" metricbeat: "{{ groups['all'] | default([null]) | length }}" packetbeat: "{{ groups['hosts'] | default([null]) | length }}" # This is the URL external services can use to communicate with the # elasticsearch cluster. elastic_vip_url: >- {% if internal_lb_vip_address is defined %} http://{{ internal_lb_vip_address ~ ':' ~ elastic_hap_port }} {% else %} http://{{ hostvars[groups['kibana'][0]]['ansible_host'] ~ ':' ~ elastic_port }} {% endif %} # kibana vars kibana_interface: 0.0.0.0 kibana_port: 5601 kibana_username: admin kibana_password: admin kibana_nginx_port: 81 kibana_server_name: "{{ ansible_hostname }}" kibana_index_on_elasticsearch: "http://{{ hostvars[groups['elastic-logstash'][0]]['ansible_host'] }}:{{ elastic_port}}/.kibana" # logstash vars logstash_beat_input_port: 5044 logstash_deploy_filters: true ## Logstash config showing a complete kafka setup using SSL for authentication. # logstash_kafka_options: # codec: json # topic_id: "elk_kafka" # ssl_key_password: "{{ logstash_kafka_ssl_key_password }}" # ssl_keystore_password: "{{ logstash_kafka_ssl_keystore_password }}" # ssl_keystore_location: "/var/lib/logstash/{{ logstash_kafka_ssl_keystore_location | basename }}" # ssl_truststore_location: "/var/lib/logstash/{{ logstash_kafka_ssl_truststore_location | basename }}" # ssl_truststore_password: "{{ logstash_kafka_ssl_truststore_password }}" # bootstrap_servers: # - server1.local:9092 # - server2.local:9092 # - server3.local:9092 # client_id: "elk_metrics_6x" # compression_type: "gzip" # security_protocol: "SSL" ## The following variables are options that correspond to the ## `logstash_kafka_options` variable. # logstash_kafka_ssl_key_password: "secrete" # logstash_kafka_ssl_keystore_password: "secrete" # logstash_kafka_ssl_truststore_password: "secrete" # logstash_kafka_ssl_keystore_location: "/root/kafka/keystore.jks" # logstash_kafka_ssl_truststore_location: "/root/kafka/truststore.jks" # APM vars apm_interface: 0.0.0.0 apm_port: 8200 # Beat options heartbeat_services: - group: "{{ groups['galera_all'] | default([]) }}" name: galera ports: - 9200 type: http method: HEAD path: "/" - group: "{{ groups['galera_all'] | default([]) }}" name: galera ports: - 3306 type: tcp - group: "{{ groups['repo_all'] | default([]) }}" name: repo-git ports: - 9418 type: tcp - group: "{{ groups['repo_all'] | default([]) }}" name: repo-server ports: - 8181 type: http method: HEAD path: "/" - group: "{{ groups['repo_all'] | default([]) }}" name: repo-acng ports: - 3142 type: http method: HEAD path: "/acng-report.html" - group: "{{ groups['glance_api'] | default([]) }}" name: glance-api ports: - 9292 type: http method: HEAD path: "/healthcheck" - group: "{{ groups['glance_api'] | default([]) }}" name: glance-registry ports: - 9191 type: http method: HEAD path: "/healthcheck" - group: "{{ groups['gnocchi_all'] | default([]) }}" name: gnocchi-api ports: - 8041 type: http method: HEAD path: "/healthcheck" - group: "{{ groups['heat_api_cfn'] | default([]) }}" name: heat-cfn-api ports: - 8000 type: http method: HEAD path: "/" check_response: status: 300 - group: "{{ groups['heat_api'] | default([]) }}" name: heat-api ports: - 8004 type: http method: HEAD path: "/" check_response: status: 300 - group: "{{ groups['keystone_all'] | default([]) }}" name: keystone-api ports: - 5000 type: http method: HEAD path: "/" check_response: status: 300 - group: "{{ groups['neutron_server'] | default([]) }}" name: neutron-server ports: - 9696 type: http method: GET path: "/" - group: "{{ groups['nova_api_metadata'] | default([]) }}" name: nova-api-metadata ports: - 8775 type: http method: HEAD path: "/" - group: "{{ groups['nova_api_os_compute'] | default([]) }}" name: nova-api-compute ports: - 8774 type: http method: HEAD path: "/" - group: "{{ groups['nova_api_placement'] | default([]) }}" name: nova-api-placement ports: - 8780 type: http method: GET path: "/" - group: "{{ groups['nova_console'] | default([]) }}" name: nova-console ports: - 6080 - 6082 - 6083 type: tcp - group: "{{ groups['cinder_api'] | default([]) }}" name: cinder-api ports: - 8776 type: http method: HEAD path: "/" check_response: status: 300 - group: "{{ groups['horizon_all'] | default([]) }}" name: horizon ports: - 80 - 443 type: http method: HEAD path: "/" - group: "{{ groups['sahara_api'] | default([]) }}" name: sahara-api ports: - 8386 type: http method: HEAD path: "/healthcheck" - group: "{{ groups['swift_proxy'] | default([]) }}" name: swift-proxy ports: - 8080 type: http method: HEAD path: "/healthcheck" - group: "{{ groups['aodh_api'] | default([]) }}" name: aodh-api ports: - 8042 type: http method: HEAD path: "/" - group: "{{ groups['ironic_api'] | default([]) }}" name: ironic-api ports: - 6385 type: http method: HEAD path: "/" - group: "{{ groups['rabbitmq_all'] | default([]) }}" name: rabbitmq-management ports: - 15672 type: http method: HEAD path: "/" - group: "{{ groups['rabbitmq_all'] | default([]) }}" name: rabbitmq-access ports: - 5672 - 5671 type: tcp - group: "{{ groups['magnum_all'] | default([]) }}" name: magnum-api ports: - 9511 type: http method: HEAD path: "/" - group: "{{ groups['trove_api'] | default([]) }}" name: trove-api ports: - 8779 type: http method: HEAD path: "/" - group: "{{ groups['barbican_api'] | default([]) }}" name: barbican-api ports: - 9311 type: http method: HEAD path: "/" - group: "{{ groups['designate_api'] | default([]) }}" name: designate-api ports: - 9001 type: http method: HEAD path: "/" - group: "{{ groups['octavia_all'] | default([]) }}" name: octavia-api ports: - 9876 type: http method: HEAD path: "/" - group: "{{ groups['tacker_all'] | default([]) }}" name: tacker-api ports: - 9890 type: http method: HEAD path: "/" - group: "{{ groups['neutron_server'] | default([]) }}" name: opendaylight ports: - 8180 - 8185 type: tcp - group: "{{ groups['neutron_server'] | default([]) }}" name: ceph-rgw ports: - 7980 type: http method: HEAD path: "/" # apm apm_token: SuperSecrete # Grafana grafana_dashboards: - dashboard_id: 5566 revision_id: 5 datasource: "metricbeat-Elasticsearch" - dashboard_id: 5569 revision_id: 3 datasource: "filebeat-Elasticsearch" grafana_datasources: - name: "all-Elasticsearch" type: "elasticsearch" access: "proxy" url: "{{ elastic_vip_url }}" basicAuth: false basicAuthUser: "" basicAuthPassword: "" isDefault: true database: "*" jsonData: esVersion: 56 keepCookies: [] maxConcurrentShardRequests: 256 timeField: "@timestamp" timeInterval: ">10s" - name: "auditbeat-Elasticsearch" type: "elasticsearch" access: "proxy" url: "{{ elastic_vip_url }}" basicAuth: false basicAuthUser: "" basicAuthPassword: "" isDefault: false database: "auditbeat-*" jsonData: esVersion: 56 keepCookies: [] maxConcurrentShardRequests: 256 timeField: "@timestamp" timeInterval: ">10s" - name: "filebeat-Elasticsearch" type: "elasticsearch" access: "proxy" url: "{{ elastic_vip_url }}" basicAuth: false basicAuthUser: "" basicAuthPassword: "" isDefault: false database: "filebeat-*" jsonData: esVersion: 56 keepCookies: [] maxConcurrentShardRequests: 256 timeField: "@timestamp" timeInterval: ">10s" - name: "heartbeat-Elasticsearch" type: "elasticsearch" access: "proxy" url: "{{ elastic_vip_url }}" basicAuth: false basicAuthUser: "" basicAuthPassword: "" isDefault: false database: "heartbeat-*" jsonData: esVersion: 56 keepCookies: [] maxConcurrentShardRequests: 256 timeField: "@timestamp" timeInterval: ">10s" - name: "metricbeat-Elasticsearch" type: "elasticsearch" access: "proxy" url: "{{ elastic_vip_url }}" basicAuth: false basicAuthUser: "" basicAuthPassword: "" isDefault: false database: "metricbeat-*" jsonData: esVersion: 56 keepCookies: [] maxConcurrentShardRequests: 256 timeField: "@timestamp" timeInterval: ">10s" - name: "packetbeat-Elasticsearch" type: "elasticsearch" access: "proxy" url: "{{ elastic_vip_url }}" basicAuth: false basicAuthUser: "" basicAuthPassword: "" isDefault: false database: "packetbeat-*" jsonData: esVersion: 56 keepCookies: [] maxConcurrentShardRequests: 256 timeField: "@timestamp" timeInterval: ">10s"