Ansible playbook automation for deploying pfelk
You can deploy using Ansible Galaxy Collection or with using the manual deploy process.
Note: When using the Ansible Galaxy Collection, you have to manually create a hosts file, and use the playbook provided in this repository.
Currently Ansible can be run from any machine with Python 2 (version 2.7) or Python 3 (versions 3.5 and higher) installed. This includes linux distributions e.g. Red Hat, Debian, CentOS, macOS, any of the BSDs. Windows is not supported for the control node.
Take a look at the following link regarding further details on initial requirements: https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
$ sudo apt update
$ sudo apt install software-properties-common
$ sudo apt-add-repository --yes --update ppa:ansible/ansible
$ sudo apt install ansible
Installation details for further distributions are available on the official site.
$ vi ~/.ansible.cfg
[defaults]
# disable key check if host is not initially in 'known_hosts'
host_key_checking = False
[ssh_connection]
# if True, make ansible use scp if the connection type is ssh (default is sftp)
scp_if_ssh = True
To interact with your managed nodes, you will only need ssh. You don't have to install any other additonal agent on those hosts.
ansible-pfelk/
├── deploy-stack.yml
├── group_vars
│ └── all.yml
├── hosts
└── roles
├── elasticsearch
│ ├── files
│ │ └── elasticsearch.yml
│ ├── handlers
│ │ └── main.yml
│ └── tasks
│ └── main.yml
├── kibana
│ ├── files
│ │ └── kibana.yml
│ ├── handlers
│ │ └── main.yml
│ └── tasks
│ └── main.yml
└── logstash
├── files
│ ├── pipelines.yml
│ ├── 01-inputs.conf
│ ├── 05-apps.conf
│ ├── 20-interfaces.conf
│ ├── 30-geoip.conf
│ ├── 35-rules-desc.conf
│ ├── 36-ports-desc.conf
│ ├── 37-enhanced_user_agent.conf
│ ├── 38-enhanced_url.conf
│ ├── 45-cleanup.conf
│ ├── 49-enhanced_private.conf
│ ├── 50-outputs.conf
│ ├── patterns
│ │ ├── pfelk.grok
│ │ └── openvpn.grok
│ └── databases
│ ├── private-hostnames.csv
│ ├── rule-names.csv
│ └── service-names-port-numbers.csv
├── handlers
│ └── main.yml
└── tasks
└── main.yml
$ ansible-galaxy collection install fktkrt.ansible_pfelk
$ git clone https://github.com/pfelk/ansible-pfelk.git
Provide your target IP address in ansible-pfelk/hosts under elk, the ELK stack will be installed on this target.
$ cd ansible-pfelk/
$ ansible-playbook -i hosts --ask-become deploy-stack.yml
This will take care of the following tasks:
- install elasticsearch
- install kibana
- install logstash
- copy the
.conffiles, patterns and templates to their corresponding locations
- copy the
You can follow the steps starting with the Firewall section at https://github.com/pfelk/pfelk/blob/master/install/configuration.md
Include --check flag.
- run
ansible-playbook -i hosts --check deploy-stack.yml
To deploy the playbook to your local machine you need the do following:
- install and setup
opensshon your machine - if you choose not to use ssh keys, install
sshpassfor auth purposes - under
hostsdefine your IP aslocalhost - run the playbook with:
ansible-playbook -i hosts --ask-pass --ask-become deploy-stack.yml
Include -vvvv flag.
- run
ansible-playbook -i hosts --ask-pass --ask-become -vvvv deploy-stack.yml