tassioauad/playbook-elastic-ssl.yml

## playbook-elastic-ssl.yml
- hosts: 165.22.11.66
  gather_facts: no
  remote_user: root
  become_user: root
  strategy: debug
  vars:
          ansible_ssh_private_key_file: "/home/tassioauad/.ssh/id_rsa.pub"
  tasks:

          - name: IMPORTANTO CHAVE GPG PÚBLICA DO ELASTICSEARCH PARA O APT
            become: true
            ansible.builtin.shell: wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

          - name: ADICIONANDO A LISTA DE ORIGEM DO ELASTIC AO DIRETÓRIO SOURCES.LIST.D
            become: true
            ansible.builtin.shell: sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'

          - name: APT UPDATE
            become: true
            apt: update_cache=yes force_apt_get=yes cache_valid_time=3600

          - name: INSTALANDO JAVA
            become: true
            apt:
                    name: default-jre
                    state: present

          - name: INSTALANDO ELASTIC
            become: true
            apt:
                    name: elasticsearch
                    state: present

          - name: CONFIGURANDO NETWORK.HOST DO ELASTICSEARCH.YML
            become: true
            ansible.builtin.replace:
                    path: /etc/elasticsearch/elasticsearch.yml
                    regexp: '#network.host: 192.168.0.1'
                    replace: 'network.host: 0.0.0.0'

          - name: CONFIGURANDO HTTP.PORT DO ELASTICSEARCH.YML
            become: true
            ansible.builtin.replace:
                    path: /etc/elasticsearch/elasticsearch.yml
                    regexp: '#http.port: 9200'
                    replace: 'http.port: 9200'

          - name: CONFIGURANDO XPACK.SECURITY.ENABLED DO ELASTICSEARCH.YML
            become: true
            lineinfile:
                    path: /etc/elasticsearch/elasticsearch.yml
                    line: 'xpack.security.enabled: yes'

          - name: CONFIGURANDO DISCOVERY.TYPE DO ELASTICSEARCH.YML
            become: true
            lineinfile:
                    path: /etc/elasticsearch/elasticsearch.yml
                    line: 'discovery.type: single-node'

          - name: INICIANDO O SERVIÇO ELASTICSEARCH
            become: true
            ansible.builtin.systemd:
                    name: elasticsearch
                    state: started
                    enabled: true

          - name: HABILITANDO UFW E LIBERANDO O SSH
            become: true
            ufw:
                    state: enabled
                    rule: allow
                    name: OpenSSH

          - name: LIBERANDO PORTA DO ELASTIC NO UFW
            become: true
            ufw:
                    state: enabled
                    rule: allow
                    port: 9200
                    proto: tcp

          - name: ALTERANDO A SENHA DO USUÁRIO DO ELASTICSEARCH
            become: true
            ansible.builtin.expect:
                    command: /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
                    responses:
                      'Please confirm that you would like to continue \[y/N\]': "y"
                      'Enter password for \[elastic\]:': 'q1w2e3r4'
                      'Reenter password for \[elastic\]:': 'q1w2e3r4'
                      'Enter password for \[apm_system\]:': 'q1w2e3r4'
                      'Reenter password for \[apm_system\]:': 'q1w2e3r4'
                      'Enter password for \[kibana_system\]:': 'q1w2e3r4'
                      'Reenter password for \[kibana_system\]:': 'q1w2e3r4'
                      'Enter password for \[logstash_system\]:': 'q1w2e3r4'
                      'Reenter password for \[logstash_system\]:': 'q1w2e3r4'
                      'Enter password for \[beats_system\]:': 'q1w2e3r4'
                      'Reenter password for \[beats_system\]:': 'q1w2e3r4'
                      'Enter password for \[remote_monitoring_user\]:': 'q1w2e3r4'
                      'Reenter password for \[remote_monitoring_user\]:': 'q1w2e3r4'

          - name: INSTALANDO NGINX
            become: true
            apt:
                    name: nginx
                    state: present

          # - name: ADICIONANDO REPOSITÓRIO CERTBOT
          #   become: true
          #   ansible.builtin.apt_repository:
          #           repo: 'ppa:certbot/certbot'
          #           state: present

          # - name: APT UPDATE
          #   become: true
          #   apt: update_cache=yes force_apt_get=yes cache_valid_time=3600

          - name: INSTALANDO NGINX CERTBOT
            become: true
            apt:
                    name: python3-certbot-nginx
                    state: present

          - name: LIBERANDO NGINX FULL NO UFW
            become: true
            ufw:
                    state: enabled
                    rule: allow
                    name: Nginx Full

          - name: ADICIONANDO CERTIFICADO SSL NO NGINX
            become: true
            ansible.builtin.expect:
                command: certbot --nginx -d jovemcristao.com -d www.jovemcristao.com
                responses:
                        "Enter email address \(used for urgent renewal and security notices\) \(Enter \'c\' to cancel\):": 'auadtassio@gmail.com'
                        '\(A\)gree/\(C\)ancel:': 'A'
                        '\(Y\)es/\(N\)o:': 'Y'
                        "Select the appropriate number \[1-2\] then \[enter\] \(press \'c\' to cancel\):": 'Y'

          - name: ADICIONANDO ROTEAMENTO DO NGINX PARA O ELASTIC
            blockinfile:
              path: /etc/nginx/sites-enabled/default
              block: |
                server {
                    server_name  jovemcristao.com www.jovemcristao.com;

                    listen 443 ssl;
                    ssl_certificate /etc/letsencrypt/live/jovemcristao.com/fullchain.pem;
                    ssl_certificate_key /etc/letsencrypt/live/jovemcristao.com/privkey.pem;

                    include /etc/letsencrypt/options-ssl-nginx.conf;


                    if ($scheme != "https") {
                        return 301 https://$host$request_uri;
                    }

                    location / {
                         proxy_pass http://localhost:9200;
                         proxy_redirect off;
                         proxy_read_timeout    90;
                         proxy_connect_timeout 90;
                         proxy_set_header  X-Real-IP  $remote_addr;
                         proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
                         proxy_set_header  Host $http_host;
                    }

                    error_page   500 502 503 504  /50x.html;
                    location = /50x.html {
                        root   /usr/share/nginx/html;
                    }

                }

          - name: RELOAD DO NGINX
            become: true
            ansible.builtin.shell: certbot --nginx -d jovemcristao.com -d www.jovemcristao.com

## playbook-elastic.yml
- hosts: 192.168.1.18
  gather_facts: no
  remote_user: server
  become_user: root
  strategy: debug
  vars:
          ansible_ssh_private_key_file: "/home/tassioauad/.ssh/id_rsa.pub"
  tasks:

          - name: IMPORTANTO CHAVE GPG PÚBLICA DO ELASTICSEARCH PARA O APT
            become: true
            ansible.builtin.shell: wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

          - name: ADICIONANDO A LISTA DE ORIGEM DO ELASTIC AO DIRETÓRIO SOURCES.LIST.D
            become: true
            ansible.builtin.shell: sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'

          - name: APT UPDATE
            become: true
            apt: update_cache=yes force_apt_get=yes cache_valid_time=3600

          - name: INSTALANDO JAVA
            become: true
            apt:
                    name: default-jre
                    state: present

          - name: INSTALANDO ELASTIC
            become: true
            apt:
                    name: elasticsearch
                    state: present

          - name: CONFIGURANDO NETWORK.HOST DO ELASTICSEARCH.YML
            become: true
            ansible.builtin.replace:
                    path: /etc/elasticsearch/elasticsearch.yml
                    regexp: '#network.host: 192.168.0.1'
                    replace: 'network.host: 0.0.0.0'

          - name: CONFIGURANDO HTTP.PORT DO ELASTICSEARCH.YML
            become: true
            ansible.builtin.replace:
                    path: /etc/elasticsearch/elasticsearch.yml
                    regexp: '#http.port: 9200'
                    replace: 'http.port: 9200'

          - name: CONFIGURANDO XPACK.SECURITY.ENABLED DO ELASTICSEARCH.YML
            become: true
            lineinfile:
                    path: /etc/elasticsearch/elasticsearch.yml
                    line: 'xpack.security.enabled: yes'

          - name: CONFIGURANDO DISCOVERY.TYPE DO ELASTICSEARCH.YML
            become: true
            lineinfile:
                    path: /etc/elasticsearch/elasticsearch.yml
                    line: 'discovery.type: single-node'

          - name: INICIANDO O SERVIÇO ELASTICSEARCH
            become: true
            ansible.builtin.systemd:
                    name: elasticsearch
                    state: started
                    enabled: true

          - name: HABILITANDO UFW E LIBERANDO O SSH
            become: true
            ufw:
              state: enabled
              rule: allow
              name: OpenSSH

          - name: LIBERANDO PORTA DO ELASTIC NO UFW
            become: true
            ufw:
              state: enabled
              rule: allow
              port: 9200
              proto: tcp

          - name: ALTERANDO A SENHA DO USUÁRIO DO ELASTICSEARCH
            become: true
            ansible.builtin.expect:
              command: /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
              responses:
                'Please confirm that you would like to continue \[y/N\]': "y"
                'Enter password for \[elastic\]:': 'q1w2e3r4'
                'Reenter password for \[elastic\]:': 'q1w2e3r4'
                'Enter password for \[apm_system\]:': 'q1w2e3r4'
                'Reenter password for \[apm_system\]:': 'q1w2e3r4'
                'Enter password for \[kibana_system\]:': 'q1w2e3r4'
                'Reenter password for \[kibana_system\]:': 'q1w2e3r4'
                'Enter password for \[logstash_system\]:': 'q1w2e3r4'
                'Reenter password for \[logstash_system\]:': 'q1w2e3r4'
                'Enter password for \[beats_system\]:': 'q1w2e3r4'
                'Reenter password for \[beats_system\]:': 'q1w2e3r4'
                'Enter password for \[remote_monitoring_user\]:': 'q1w2e3r4'
                'Reenter password for \[remote_monitoring_user\]:': 'q1w2e3r4'

          # - name: ALTERANDO SENHA DO USUARIO ELASTIC DO ELASTICSEARCH
          #   uri:
          #     url: http://localhost:9200/_security/user/elastic/_password
          #     method: POST
          #     body_format: json
          #     body: "{ \"password\":\"q1w2e3r4\" }"
          #     status_code: 200
          #     user: "elastic"
          #     password: "U5fOGr0cXh3lwdKmBmVi"
          #     force_basic_auth: yes
	- hosts: 165.22.11.66
	gather_facts: no
	remote_user: root
	become_user: root
	strategy: debug
	vars:
	ansible_ssh_private_key_file: "/home/tassioauad/.ssh/id_rsa.pub"
	tasks:

	- name: IMPORTANTO CHAVE GPG PÚBLICA DO ELASTICSEARCH PARA O APT
	become: true
	ansible.builtin.shell: wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch \| sudo apt-key add -

	- name: ADICIONANDO A LISTA DE ORIGEM DO ELASTIC AO DIRETÓRIO SOURCES.LIST.D
	become: true
	ansible.builtin.shell: sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'

	- name: APT UPDATE
	become: true
	apt: update_cache=yes force_apt_get=yes cache_valid_time=3600

	- name: INSTALANDO JAVA
	become: true
	apt:
	name: default-jre
	state: present

	- name: INSTALANDO ELASTIC
	become: true
	apt:
	name: elasticsearch
	state: present

	- name: CONFIGURANDO NETWORK.HOST DO ELASTICSEARCH.YML
	become: true
	ansible.builtin.replace:
	path: /etc/elasticsearch/elasticsearch.yml
	regexp: '#network.host: 192.168.0.1'
	replace: 'network.host: 0.0.0.0'

	- name: CONFIGURANDO HTTP.PORT DO ELASTICSEARCH.YML
	become: true
	ansible.builtin.replace:
	path: /etc/elasticsearch/elasticsearch.yml
	regexp: '#http.port: 9200'
	replace: 'http.port: 9200'

	- name: CONFIGURANDO XPACK.SECURITY.ENABLED DO ELASTICSEARCH.YML
	become: true
	lineinfile:
	path: /etc/elasticsearch/elasticsearch.yml
	line: 'xpack.security.enabled: yes'

	- name: CONFIGURANDO DISCOVERY.TYPE DO ELASTICSEARCH.YML
	become: true
	lineinfile:
	path: /etc/elasticsearch/elasticsearch.yml
	line: 'discovery.type: single-node'

	- name: INICIANDO O SERVIÇO ELASTICSEARCH
	become: true
	ansible.builtin.systemd:
	name: elasticsearch
	state: started
	enabled: true

	- name: HABILITANDO UFW E LIBERANDO O SSH
	become: true
	ufw:
	state: enabled
	rule: allow
	name: OpenSSH

	- name: LIBERANDO PORTA DO ELASTIC NO UFW
	become: true
	ufw:
	state: enabled
	rule: allow
	port: 9200
	proto: tcp

	- name: ALTERANDO A SENHA DO USUÁRIO DO ELASTICSEARCH
	become: true
	ansible.builtin.expect:
	command: /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
	responses:
	'Please confirm that you would like to continue \[y/N\]': "y"
	'Enter password for \[elastic\]:': 'q1w2e3r4'
	'Reenter password for \[elastic\]:': 'q1w2e3r4'
	'Enter password for \[apm_system\]:': 'q1w2e3r4'
	'Reenter password for \[apm_system\]:': 'q1w2e3r4'
	'Enter password for \[kibana_system\]:': 'q1w2e3r4'
	'Reenter password for \[kibana_system\]:': 'q1w2e3r4'
	'Enter password for \[logstash_system\]:': 'q1w2e3r4'
	'Reenter password for \[logstash_system\]:': 'q1w2e3r4'
	'Enter password for \[beats_system\]:': 'q1w2e3r4'
	'Reenter password for \[beats_system\]:': 'q1w2e3r4'
	'Enter password for \[remote_monitoring_user\]:': 'q1w2e3r4'
	'Reenter password for \[remote_monitoring_user\]:': 'q1w2e3r4'

	- name: INSTALANDO NGINX
	become: true
	apt:
	name: nginx
	state: present

	# - name: ADICIONANDO REPOSITÓRIO CERTBOT
	# become: true
	# ansible.builtin.apt_repository:
	# repo: 'ppa:certbot/certbot'
	# state: present

	# - name: APT UPDATE
	# become: true
	# apt: update_cache=yes force_apt_get=yes cache_valid_time=3600

	- name: INSTALANDO NGINX CERTBOT
	become: true
	apt:
	name: python3-certbot-nginx
	state: present

	- name: LIBERANDO NGINX FULL NO UFW
	become: true
	ufw:
	state: enabled
	rule: allow
	name: Nginx Full

	- name: ADICIONANDO CERTIFICADO SSL NO NGINX
	become: true
	ansible.builtin.expect:
	command: certbot --nginx -d jovemcristao.com -d www.jovemcristao.com
	responses:
	"Enter email address \(used for urgent renewal and security notices\) \(Enter \'c\' to cancel\):": 'auadtassio@gmail.com'
	'\(A\)gree/\(C\)ancel:': 'A'
	'\(Y\)es/\(N\)o:': 'Y'
	"Select the appropriate number \[1-2\] then \[enter\] \(press \'c\' to cancel\):": 'Y'

	- name: ADICIONANDO ROTEAMENTO DO NGINX PARA O ELASTIC
	blockinfile:
	path: /etc/nginx/sites-enabled/default
	block: \|
	server {
	server_name jovemcristao.com www.jovemcristao.com;

	listen 443 ssl;
	ssl_certificate /etc/letsencrypt/live/jovemcristao.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/jovemcristao.com/privkey.pem;

	include /etc/letsencrypt/options-ssl-nginx.conf;


	if ($scheme != "https") {
	return 301 https://$host$request_uri;
	}

	location / {
	proxy_pass http://localhost:9200;
	proxy_redirect off;
	proxy_read_timeout 90;
	proxy_connect_timeout 90;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	}

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /usr/share/nginx/html;
	}

	}

	- name: RELOAD DO NGINX
	become: true
	ansible.builtin.shell: certbot --nginx -d jovemcristao.com -d www.jovemcristao.com
	- hosts: 192.168.1.18
	gather_facts: no
	remote_user: server
	become_user: root
	strategy: debug
	vars:
	ansible_ssh_private_key_file: "/home/tassioauad/.ssh/id_rsa.pub"
	tasks:

	- name: IMPORTANTO CHAVE GPG PÚBLICA DO ELASTICSEARCH PARA O APT
	become: true
	ansible.builtin.shell: wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch \| sudo apt-key add -

	- name: ADICIONANDO A LISTA DE ORIGEM DO ELASTIC AO DIRETÓRIO SOURCES.LIST.D
	become: true
	ansible.builtin.shell: sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'

	- name: APT UPDATE
	become: true
	apt: update_cache=yes force_apt_get=yes cache_valid_time=3600

	- name: INSTALANDO JAVA
	become: true
	apt:
	name: default-jre
	state: present

	- name: INSTALANDO ELASTIC
	become: true
	apt:
	name: elasticsearch
	state: present

	- name: CONFIGURANDO NETWORK.HOST DO ELASTICSEARCH.YML
	become: true
	ansible.builtin.replace:
	path: /etc/elasticsearch/elasticsearch.yml
	regexp: '#network.host: 192.168.0.1'
	replace: 'network.host: 0.0.0.0'

	- name: CONFIGURANDO HTTP.PORT DO ELASTICSEARCH.YML
	become: true
	ansible.builtin.replace:
	path: /etc/elasticsearch/elasticsearch.yml
	regexp: '#http.port: 9200'
	replace: 'http.port: 9200'

	- name: CONFIGURANDO XPACK.SECURITY.ENABLED DO ELASTICSEARCH.YML
	become: true
	lineinfile:
	path: /etc/elasticsearch/elasticsearch.yml
	line: 'xpack.security.enabled: yes'

	- name: CONFIGURANDO DISCOVERY.TYPE DO ELASTICSEARCH.YML
	become: true
	lineinfile:
	path: /etc/elasticsearch/elasticsearch.yml
	line: 'discovery.type: single-node'

	- name: INICIANDO O SERVIÇO ELASTICSEARCH
	become: true
	ansible.builtin.systemd:
	name: elasticsearch
	state: started
	enabled: true

	- name: HABILITANDO UFW E LIBERANDO O SSH
	become: true
	ufw:
	state: enabled
	rule: allow
	name: OpenSSH

	- name: LIBERANDO PORTA DO ELASTIC NO UFW
	become: true
	ufw:
	state: enabled
	rule: allow
	port: 9200
	proto: tcp

	- name: ALTERANDO A SENHA DO USUÁRIO DO ELASTICSEARCH
	become: true
	ansible.builtin.expect:
	command: /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
	responses:
	'Please confirm that you would like to continue \[y/N\]': "y"
	'Enter password for \[elastic\]:': 'q1w2e3r4'
	'Reenter password for \[elastic\]:': 'q1w2e3r4'
	'Enter password for \[apm_system\]:': 'q1w2e3r4'
	'Reenter password for \[apm_system\]:': 'q1w2e3r4'
	'Enter password for \[kibana_system\]:': 'q1w2e3r4'
	'Reenter password for \[kibana_system\]:': 'q1w2e3r4'
	'Enter password for \[logstash_system\]:': 'q1w2e3r4'
	'Reenter password for \[logstash_system\]:': 'q1w2e3r4'
	'Enter password for \[beats_system\]:': 'q1w2e3r4'
	'Reenter password for \[beats_system\]:': 'q1w2e3r4'
	'Enter password for \[remote_monitoring_user\]:': 'q1w2e3r4'
	'Reenter password for \[remote_monitoring_user\]:': 'q1w2e3r4'

	# - name: ALTERANDO SENHA DO USUARIO ELASTIC DO ELASTICSEARCH
	# uri:
	# url: http://localhost:9200/_security/user/elastic/_password
	# method: POST
	# body_format: json
	# body: "{ \"password\":\"q1w2e3r4\" }"
	# status_code: 200
	# user: "elastic"
	# password: "U5fOGr0cXh3lwdKmBmVi"
	# force_basic_auth: yes