Last active
July 7, 2021 15:17
-
-
Save tassioauad/0a52520473a9ee94b10bd81efd705cfb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- hosts: 165.22.11.66 | |
gather_facts: no | |
remote_user: root | |
become_user: root | |
strategy: debug | |
vars: | |
ansible_ssh_private_key_file: "/home/tassioauad/.ssh/id_rsa.pub" | |
tasks: | |
- name: IMPORTANTO CHAVE GPG PÚBLICA DO ELASTICSEARCH PARA O APT | |
become: true | |
ansible.builtin.shell: wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - | |
- name: ADICIONANDO A LISTA DE ORIGEM DO ELASTIC AO DIRETÓRIO SOURCES.LIST.D | |
become: true | |
ansible.builtin.shell: sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list' | |
- name: APT UPDATE | |
become: true | |
apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 | |
- name: INSTALANDO JAVA | |
become: true | |
apt: | |
name: default-jre | |
state: present | |
- name: INSTALANDO ELASTIC | |
become: true | |
apt: | |
name: elasticsearch | |
state: present | |
- name: CONFIGURANDO NETWORK.HOST DO ELASTICSEARCH.YML | |
become: true | |
ansible.builtin.replace: | |
path: /etc/elasticsearch/elasticsearch.yml | |
regexp: '#network.host: 192.168.0.1' | |
replace: 'network.host: 0.0.0.0' | |
- name: CONFIGURANDO HTTP.PORT DO ELASTICSEARCH.YML | |
become: true | |
ansible.builtin.replace: | |
path: /etc/elasticsearch/elasticsearch.yml | |
regexp: '#http.port: 9200' | |
replace: 'http.port: 9200' | |
- name: CONFIGURANDO XPACK.SECURITY.ENABLED DO ELASTICSEARCH.YML | |
become: true | |
lineinfile: | |
path: /etc/elasticsearch/elasticsearch.yml | |
line: 'xpack.security.enabled: yes' | |
- name: CONFIGURANDO DISCOVERY.TYPE DO ELASTICSEARCH.YML | |
become: true | |
lineinfile: | |
path: /etc/elasticsearch/elasticsearch.yml | |
line: 'discovery.type: single-node' | |
- name: INICIANDO O SERVIÇO ELASTICSEARCH | |
become: true | |
ansible.builtin.systemd: | |
name: elasticsearch | |
state: started | |
enabled: true | |
- name: HABILITANDO UFW E LIBERANDO O SSH | |
become: true | |
ufw: | |
state: enabled | |
rule: allow | |
name: OpenSSH | |
- name: LIBERANDO PORTA DO ELASTIC NO UFW | |
become: true | |
ufw: | |
state: enabled | |
rule: allow | |
port: 9200 | |
proto: tcp | |
- name: ALTERANDO A SENHA DO USUÁRIO DO ELASTICSEARCH | |
become: true | |
ansible.builtin.expect: | |
command: /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive | |
responses: | |
'Please confirm that you would like to continue \[y/N\]': "y" | |
'Enter password for \[elastic\]:': 'q1w2e3r4' | |
'Reenter password for \[elastic\]:': 'q1w2e3r4' | |
'Enter password for \[apm_system\]:': 'q1w2e3r4' | |
'Reenter password for \[apm_system\]:': 'q1w2e3r4' | |
'Enter password for \[kibana_system\]:': 'q1w2e3r4' | |
'Reenter password for \[kibana_system\]:': 'q1w2e3r4' | |
'Enter password for \[logstash_system\]:': 'q1w2e3r4' | |
'Reenter password for \[logstash_system\]:': 'q1w2e3r4' | |
'Enter password for \[beats_system\]:': 'q1w2e3r4' | |
'Reenter password for \[beats_system\]:': 'q1w2e3r4' | |
'Enter password for \[remote_monitoring_user\]:': 'q1w2e3r4' | |
'Reenter password for \[remote_monitoring_user\]:': 'q1w2e3r4' | |
- name: INSTALANDO NGINX | |
become: true | |
apt: | |
name: nginx | |
state: present | |
# - name: ADICIONANDO REPOSITÓRIO CERTBOT | |
# become: true | |
# ansible.builtin.apt_repository: | |
# repo: 'ppa:certbot/certbot' | |
# state: present | |
# - name: APT UPDATE | |
# become: true | |
# apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 | |
- name: INSTALANDO NGINX CERTBOT | |
become: true | |
apt: | |
name: python3-certbot-nginx | |
state: present | |
- name: LIBERANDO NGINX FULL NO UFW | |
become: true | |
ufw: | |
state: enabled | |
rule: allow | |
name: Nginx Full | |
- name: ADICIONANDO CERTIFICADO SSL NO NGINX | |
become: true | |
ansible.builtin.expect: | |
command: certbot --nginx -d jovemcristao.com -d www.jovemcristao.com | |
responses: | |
"Enter email address \(used for urgent renewal and security notices\) \(Enter \'c\' to cancel\):": 'auadtassio@gmail.com' | |
'\(A\)gree/\(C\)ancel:': 'A' | |
'\(Y\)es/\(N\)o:': 'Y' | |
"Select the appropriate number \[1-2\] then \[enter\] \(press \'c\' to cancel\):": 'Y' | |
- name: ADICIONANDO ROTEAMENTO DO NGINX PARA O ELASTIC | |
blockinfile: | |
path: /etc/nginx/sites-enabled/default | |
block: | | |
server { | |
server_name jovemcristao.com www.jovemcristao.com; | |
listen 443 ssl; | |
ssl_certificate /etc/letsencrypt/live/jovemcristao.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/jovemcristao.com/privkey.pem; | |
include /etc/letsencrypt/options-ssl-nginx.conf; | |
if ($scheme != "https") { | |
return 301 https://$host$request_uri; | |
} | |
location / { | |
proxy_pass http://localhost:9200; | |
proxy_redirect off; | |
proxy_read_timeout 90; | |
proxy_connect_timeout 90; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
} | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
root /usr/share/nginx/html; | |
} | |
} | |
- name: RELOAD DO NGINX | |
become: true | |
ansible.builtin.shell: certbot --nginx -d jovemcristao.com -d www.jovemcristao.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- hosts: 192.168.1.18 | |
gather_facts: no | |
remote_user: server | |
become_user: root | |
strategy: debug | |
vars: | |
ansible_ssh_private_key_file: "/home/tassioauad/.ssh/id_rsa.pub" | |
tasks: | |
- name: IMPORTANTO CHAVE GPG PÚBLICA DO ELASTICSEARCH PARA O APT | |
become: true | |
ansible.builtin.shell: wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - | |
- name: ADICIONANDO A LISTA DE ORIGEM DO ELASTIC AO DIRETÓRIO SOURCES.LIST.D | |
become: true | |
ansible.builtin.shell: sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list' | |
- name: APT UPDATE | |
become: true | |
apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 | |
- name: INSTALANDO JAVA | |
become: true | |
apt: | |
name: default-jre | |
state: present | |
- name: INSTALANDO ELASTIC | |
become: true | |
apt: | |
name: elasticsearch | |
state: present | |
- name: CONFIGURANDO NETWORK.HOST DO ELASTICSEARCH.YML | |
become: true | |
ansible.builtin.replace: | |
path: /etc/elasticsearch/elasticsearch.yml | |
regexp: '#network.host: 192.168.0.1' | |
replace: 'network.host: 0.0.0.0' | |
- name: CONFIGURANDO HTTP.PORT DO ELASTICSEARCH.YML | |
become: true | |
ansible.builtin.replace: | |
path: /etc/elasticsearch/elasticsearch.yml | |
regexp: '#http.port: 9200' | |
replace: 'http.port: 9200' | |
- name: CONFIGURANDO XPACK.SECURITY.ENABLED DO ELASTICSEARCH.YML | |
become: true | |
lineinfile: | |
path: /etc/elasticsearch/elasticsearch.yml | |
line: 'xpack.security.enabled: yes' | |
- name: CONFIGURANDO DISCOVERY.TYPE DO ELASTICSEARCH.YML | |
become: true | |
lineinfile: | |
path: /etc/elasticsearch/elasticsearch.yml | |
line: 'discovery.type: single-node' | |
- name: INICIANDO O SERVIÇO ELASTICSEARCH | |
become: true | |
ansible.builtin.systemd: | |
name: elasticsearch | |
state: started | |
enabled: true | |
- name: HABILITANDO UFW E LIBERANDO O SSH | |
become: true | |
ufw: | |
state: enabled | |
rule: allow | |
name: OpenSSH | |
- name: LIBERANDO PORTA DO ELASTIC NO UFW | |
become: true | |
ufw: | |
state: enabled | |
rule: allow | |
port: 9200 | |
proto: tcp | |
- name: ALTERANDO A SENHA DO USUÁRIO DO ELASTICSEARCH | |
become: true | |
ansible.builtin.expect: | |
command: /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive | |
responses: | |
'Please confirm that you would like to continue \[y/N\]': "y" | |
'Enter password for \[elastic\]:': 'q1w2e3r4' | |
'Reenter password for \[elastic\]:': 'q1w2e3r4' | |
'Enter password for \[apm_system\]:': 'q1w2e3r4' | |
'Reenter password for \[apm_system\]:': 'q1w2e3r4' | |
'Enter password for \[kibana_system\]:': 'q1w2e3r4' | |
'Reenter password for \[kibana_system\]:': 'q1w2e3r4' | |
'Enter password for \[logstash_system\]:': 'q1w2e3r4' | |
'Reenter password for \[logstash_system\]:': 'q1w2e3r4' | |
'Enter password for \[beats_system\]:': 'q1w2e3r4' | |
'Reenter password for \[beats_system\]:': 'q1w2e3r4' | |
'Enter password for \[remote_monitoring_user\]:': 'q1w2e3r4' | |
'Reenter password for \[remote_monitoring_user\]:': 'q1w2e3r4' | |
# - name: ALTERANDO SENHA DO USUARIO ELASTIC DO ELASTICSEARCH | |
# uri: | |
# url: http://localhost:9200/_security/user/elastic/_password | |
# method: POST | |
# body_format: json | |
# body: "{ \"password\":\"q1w2e3r4\" }" | |
# status_code: 200 | |
# user: "elastic" | |
# password: "U5fOGr0cXh3lwdKmBmVi" | |
# force_basic_auth: yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment