-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
91 lines (80 loc) · 3.48 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
---
kibana_enabled: true
# Set to false to completely disable the role
# Installation{{{
kibana_major_version: 7
# The major version of kibana to install.
kibana_minor_version: 7
# The minor version of kibana to install. Set to `*` to install the
# latest minor version for the `kibana_major_version`.
kibana_user: root
# The user that will own kibana files. Kibana itself will run as the kibana user
# as defined in the systemd service file that comes with the installation. If
# you want to change the user kibana will run as, you can use the
# `kibana_startup_overrides` variable to override values in
# `/etc/default/kibana` or `/etc/sysconfig/kibana`, including the `user`
# variable.
kibana_group: kibana
# The group that `kibana_user` will be added to. If the `kibana_user` is `root`,
# the `root` user will not be added to this group. By default, when installing
# kibana, the configuration files are owned by user `root` and group `kibana`.
# The default behavior of the role is to replicate this, while giving the option
# to the user to run kibana as an arbitrary user/group if the need to.
# Whether to exclude kibana from automatic system updates. Set this to true if
# you want to manually update kibana. This is valid only for Linux servers that
# may have some kind of unattended update mechanism.
kibana_disable_auto_update: false
# }}}
# Configuration {{{
kibana_config:
csp:
strict: true
elasticsearch:
hosts:
- "http{{ (kibana_elastic_certificates != None) | ternary('s', '') }}://localhost:9200"
server:
host: localhost
port: 5601
name: "{{ inventory_hostname }}"
telemetry:
enabled: false
# Use this array to set the kibana configuration.
kibana_startup_overrides: ~
# Use this variable to change entries in `/etc/default/kibana` (Debian) or
# `/etc/sysconfig/kibana` (RedHat), such as the user or group kibana will run as
# via systemd. These files are loaded by the systemd kibana service file.
# Example:
# kibana_startup_overrides: |
# user={{ kibana_user }}
# }}}
# Security {{{
kibana_elasticsearch_user: ~
# The elasticsearch user that kibana will use to connect to elasticsearch. Leave
# it `None`/`~` if there is no such user configured (ie if the default built-in
# user should be used without a password). Valid keys:
# kibana_elasticsearch_user:
# name: UserName
# pass: UserPassword
kibana_elastic_certificates: ~
# Valid keys:
# kibana_elastic_certificates:
# ca: path/to/elastic/ca
# crt: path/to/kibana/cert
# key: path/to/kibana/cert/key
# These files will be uploaded to `kibana_elastic_certificates_dir` and kibana
# will be configured to read them (if not overridden by you via
# `kibana_config`). The `ca` key shows the path to the certificate of the CA
# that was used to sign the elastic node's certificate. You can omit this key if
# you used a public CA to sign the certificate. The `crt` key is the path to the
# node certificate that will be used to verify Kibana against elasticsearch. The
# `key` key is the path to the private key used to sign Kibana's certificate.
kibana_elastic_certificates_dir: /etc/kibana/certs
# The path where the `kibana_elastic_certificates` will be uploaded into.
kibana_elastic_certificates_passphrase: ~
# The passphrase used to encrypt the node's private key. If none, leave this
# setting to `None`/`~`.
kibana_update_passwords: false
# Set to true to update the `kibana_user.password` and
# `kibana_elastic_certificates_passphrase` in the kibana keystore. By default
# this is off to support idempotenty in ansible.
# }}}