Next iteration of all of this same thing. More automatic and has support for letsencrypt!

Has the ansible playbook that sets up the ELK stack on a single VM - this VM could then be used to demo the ELK stack by giving the attendants a web interface where they can click around themselves.

Requirements:

• A VM with CentOS6/CentOS7 with Internet connectivity
  • Works with RFC1918 IP on interface, as long as it has a public IP (like from public pool in openstack)
• 3.5GB RAM and 1 core is enough for small demo

Run ansible:

• ansible-galaxy install -r requirements.yml
• ansible-playbook -i ansible-inventory setup.yml

Configure the firewall as necessary.

• Allow remote TCP ports: 80 and 443 - both are HTTP - not https
• /etc/ntp.conf is not managed default but the service is set to start on boot

Demo!

More details in the wiki: https://github.com/CSC-IT-Center-for-Science/ELK-demo/wiki/Install-the-ELK-demo-VM-with-ansible

Here the logstash configs and patterns for the DEMO are stored.

• To ingest some data:
  • /opt/logstash/bin/logstash agent -f /home/cloud-user/06-logstash-bf.conf

Fluentd is also installed by default.

variable:

logstash_prod_example: "yes"

If this is set to yes then we'll install templates and logstash configs as found in ../logstash/configs/prod_example and ../logstash/templates/es-template-demo.json

configurable by setting

kibana4_https: "on"

Requires x509 certificates installed into /etc/pki/tls/certs/hostcert.pem and /etc/pki/tls/private/hostkey.pem - this is not handled by this playbook

configurable by setting

kibana4_ldap: True

Requires a secrets.yml in ansible/secrets.yml

Example of that file is found in ansible/roles/ansible-role-elk-httpd/defaults/main.yml