Initial commit with Kibana coming up

.gitignore

@@ -0,0 +1,104 @@
+
+# Created by https://www.gitignore.io/api/python
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# dotenv
+.env
+
+# virtualenv
+.venv
+venv/
+ENV/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# End of https://www.gitignore.io/api/python

defaults/main.yml

@@ -0,0 +1,51 @@
+---
+# Packaging options
+kibana_major_version: "5.x"
+kibana_version: "5.5.0"
+kibana_pkg_lock: false
+kibana_pkg_name: kibana
+kibana_pkg_deps: []
+kibana_elastic_pgp: "46095ACC8548582C1A2699A9D27D666CD88E42B4"
+kibana_pgp_keyserver: pgp.mit.edu
+kibana_elastic_repo: "deb https://artifacts.elastic.co/packages/{{ kibana_major_version }}/apt stable main"
+
+kibana_config_server:
+  server.port: 5601
+  server.host: "localhost"
+  #server.basePath: ""
+  server.maxPayloadBytes: 1048576
+  #server.name: "your-hostname"
+
+kibana_config_es:
+  elasticsearch.url: "http://localhost:9200"
+  elasticsearch.preserveHost: true
+  elasticsearch.requestTimeout: 30000
+  #elasticsearch.pingTimeout: 1500
+  #elasticsearch.username: "user"
+  #elasticsearch.password: "pass"
+  #elasticsearch.ssl.certificate: /path/to/your/client.crt
+  #elasticsearch.ssl.key: /path/to/your/client.key
+  #elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
+  #elasticsearch.ssl.verificationMode: full
+  #elasticsearch.requestHeadersWhitelist: [ authorization ]
+  #elasticsearch.customHeaders: {}
+  #elasticsearch.shardTimeout: 0
+  #elasticsearch.startupTimeout: 5000
+
+kibana_config_misc:
+  kibana.index: ".kibana"
+  kibana.defaultAppId: "discover"
+  ops.interval: 5000
+  i18n.defaultLocale: "en"
+  #server.ssl.enabled: false
+  #server.ssl.certificate: /path/to/your/server.crt
+  #server.ssl.key: /path/to/your/server.key
+  #pid.file: /var/run/kibana.pid
+
+kibana_config_logging:
+  #logging.dest: stdout
+  logging.silent: false
+  logging.quiet: false
+  logging.verbose: false
+
+kibana_config: "{{ kibana_config_es|combine(kibana_config_server)|combine(kibana_config_misc)|combine(kibana_config_logging) }}"

handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart kibana
+  service:
+    name: kibana
+    state: restarted
+    enabled: yes

kibana.yml

@@ -0,0 +1,104 @@
+# Kibana is served by a back end server. This setting specifies the port to use.
+#server.port: 5601
+
+# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
+# The default is 'localhost', which usually means remote machines will not be able to connect.
+# To allow connections from remote users, set this parameter to a non-loopback address.
+#server.host: "localhost"
+
+# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
+# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
+# to Kibana. This setting cannot end in a slash.
+#server.basePath: ""
+
+# The maximum payload size in bytes for incoming server requests.
+#server.maxPayloadBytes: 1048576
+
+# The Kibana server's name.  This is used for display purposes.
+#server.name: "your-hostname"
+
+# The URL of the Elasticsearch instance to use for all your queries.
+#elasticsearch.url: "http://localhost:9200"
+
+# When this setting's value is true Kibana uses the hostname specified in the server.host
+# setting. When the value of this setting is false, Kibana uses the hostname of the host
+# that connects to this Kibana instance.
+#elasticsearch.preserveHost: true
+
+# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
+# dashboards. Kibana creates a new index if the index doesn't already exist.
+#kibana.index: ".kibana"
+
+# The default application to load.
+#kibana.defaultAppId: "discover"
+
+# If your Elasticsearch is protected with basic authentication, these settings provide
+# the username and password that the Kibana server uses to perform maintenance on the Kibana
+# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
+# is proxied through the Kibana server.
+#elasticsearch.username: "user"
+#elasticsearch.password: "pass"
+
+# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
+# These settings enable SSL for outgoing requests from the Kibana server to the browser.
+#server.ssl.enabled: false
+#server.ssl.certificate: /path/to/your/server.crt
+#server.ssl.key: /path/to/your/server.key
+
+# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
+# These files validate that your Elasticsearch backend uses the same key files.
+#elasticsearch.ssl.certificate: /path/to/your/client.crt
+#elasticsearch.ssl.key: /path/to/your/client.key
+
+# Optional setting that enables you to specify a path to the PEM file for the certificate
+# authority for your Elasticsearch instance.
+#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
+
+# To disregard the validity of SSL certificates, change this setting's value to 'none'.
+#elasticsearch.ssl.verificationMode: full
+
+# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
+# the elasticsearch.requestTimeout setting.
+#elasticsearch.pingTimeout: 1500
+
+# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
+# must be a positive integer.
+#elasticsearch.requestTimeout: 30000
+
+# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
+# headers, set this value to [] (an empty list).
+#elasticsearch.requestHeadersWhitelist: [ authorization ]
+
+# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
+# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
+#elasticsearch.customHeaders: {}
+
+# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
+#elasticsearch.shardTimeout: 0
+
+# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
+#elasticsearch.startupTimeout: 5000
+
+# Specifies the path where Kibana creates the process ID file.
+#pid.file: /var/run/kibana.pid
+
+# Enables you specify a file where Kibana stores log output.
+#logging.dest: stdout
+
+# Set the value of this setting to true to suppress all logging output.
+#logging.silent: false
+
+# Set the value of this setting to true to suppress all logging output other than error messages.
+#logging.quiet: false
+
+# Set the value of this setting to true to log all events, including system usage information
+# and all requests.
+#logging.verbose: false
+
+# Set the interval in milliseconds to sample system and process performance
+# metrics. Minimum is 100ms. Defaults to 5000.
+#ops.interval: 5000
+
+# The default locale. This locale can be used in certain circumstances to substitute any missing
+# translations.
+#i18n.defaultLocale: "en"

meta/main.yml

@@ -0,0 +1,12 @@
+---
+galaxy_info:
+  author: msheiny
+  description: Kibana installation
+  license: "MIT"
+  min_ansible_version: 2.3
+  platforms:
+  - name: Debian
+    versions:
+    - jessie
+  galaxy_tags:
+    - monitoring

molecule/default/.molecule/ansible.cfg

@@ -0,0 +1,9 @@
+# Molecule managed
+
+[ssh_connection]
+scp_if_ssh = True
+[defaults]
+host_key_checking = False
+ansible_managed = Ansible managed: Do NOT edit this file manually!
+retry_files_enabled = False
+nocows = 1

molecule/default/.molecule/ansible_inventory.yml

@@ -0,0 +1,11 @@
+# Molecule managed
+
+---
+all:
+  hosts:
+    kibana_role-default: &id001
+      ansible_connection: docker
+ungrouped:
+  hosts:
+    kibana_role-default: *id001
+  vars: {}

molecule/default/.molecule/state.yml

@@ -0,0 +1,6 @@
+# Molecule managed
+
+---
+converged: true
+created: true
+driver: docker

molecule/default/create.yml

@@ -0,0 +1,45 @@
+---
+- hosts: localhost
+  connection: local
+  vars:
+    molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
+    molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}"
+    molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
+    molecule_yml: "{{ lookup('file', molecule_file) | from_yaml }}"
+    docker_config: "{{ lookup('file', 'docker_hashes.yml') | from_yaml }}"
+  tasks:
+    - name: Start up Elasticsearch
+      docker_container:
+        name: kibana_role_elasticsearch
+        image: "quay.io/freedomofpress/elasticsearch-with-paxflags@{{ docker_config['elasticsearch'] }}"
+        state: started
+        exposed_ports:
+          - 9200
+        env:
+          xpack.security.enabled: "false"
+          xpack.monitoring.enabled: "false"
+          http.cors.allow-origin: "http://localhost:1358"
+          http.cors.enabled: "true"
+          http.cors.allow-credentials: "true"
+          http.cors.allow-headers : "X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization"
+          http.host: 0.0.0.0
+          transport.host: 127.0.0.1
+          discovery.type: "single-node"
+
+    - name: Create molecule instance(s)
+      docker_container:
+        name: "{{ molecule_file | molecule_instance_with_scenario_name(item.name) }}"
+        hostname: "{{ molecule_file | molecule_instance_with_scenario_name(item.name) }}"
+        image: "{{ item.image }}@{{ docker_config[item.image] }}"
+        state: started
+        recreate: False
+        log_driver: syslog
+        command: "{{ item.command | default(omit)}}"
+        privileged: "{{ item.privileged | default(omit) }}"
+        volumes: "{{ item.volumes | default(omit) }}"
+        capabilities: "{{ item.capabilities | default(omit) }}"
+        links:
+          kibana_role_elasticsearch:esserver
+        published_ports: "{{ item.published_ports | default(omit) }}"
+        exposed_ports: "{{ item.exposed_ports | default(omit) }}"
+      with_items: "{{ molecule_yml.platforms }}"

molecule/default/destroy.yml

@@ -0,0 +1,18 @@
+---
+- hosts: localhost
+  connection: local
+  gather_facts: False
+  vars:
+    molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
+    molecule_yml: "{{ lookup('file', molecule_file) | from_yaml }}"
+  tasks:
+    - name: Destroy molecule instance(s)
+      docker_container:
+        name: "{{ item.name }}-{{ molecule_yml.scenario.name }}"
+        state: absent
+      with_items: "{{ molecule_yml.platforms }}"
+
+    - name: Destroy elasticsearch
+      docker_container:
+        name: "kibana_role_elasticsearch"
+        state: absent

molecule/default/docker_hashes.yml

@@ -0,0 +1,2 @@
+quay.io/freedomofpress/debian-jessie-systemd: sha256:540e74955e3491b16c6345da1a848ddb9d2503cce4358813b864494fff9464d0
+elasticsearch: sha256:ae59663f75284249599e9be11453ce9852571a2ef2b41fc125b7a956464db534