Ansible部署系列：（九）安装Kibana

9. 安装Kibana

9.1. 说明

Kibana的版本需与Elasticsearch保持一致，我们安装的是7.6.2。

9.2. yml脚本

---
- hosts: kibanaserver
  remote_user: root
  vars_files:
    - ../vars.yml

  tasks:
  - name: copy and unzip kibana
    unarchive:
      src: "{{ PLAYBOOK_DIR }}/files/kibana-7.6.2-linux-x86_64.tar.gz"
      dest: "{{ INSTALL_DIR }}"

  - name: install configuration file for kibana
    template:
      src: "{{ PLAYBOOK_DIR }}/kibana/templates/kibana.yml.j2"
      dest: "{{ INSTALL_DIR }}/kibana-7.6.2-linux-x86_64/config/kibana.yml"

  - name: change owner and group
    file:
      path: "{{ INSTALL_DIR }}/kibana-7.6.2-linux-x86_64"
      owner: elastic
      group: elastic
      recurse: yes

  - name: make kibana permission
    file:
      path: "{{ INSTALL_DIR }}/kibana-7.6.2-linux-x86_64"
      mode: "a+x"
      recurse: yes
  - name: Copy service script
    template:
      src: "{{ PLAYBOOK_DIR }}/kibana/templates/kibana.service.j2"
      dest: /etc/systemd/system/kibana.service
      owner: root
      group: root
      mode: "u=rw,g=r,o=r"

  - name: reload systemctl
    shell: systemctl daemon-reload

  - name: firewarld add 5601
    firewalld:
      port: 5601/tcp
      permanent: true
      immediate: true
      zone: public
      state: enabled

  - name: start kibana
    service:
      name: kibana
      state: started
    tags:
    - start kibana

8.3. 配置模板

8.3.1 kibana.yml.j2

# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "{{ ansible_default_ipv4.address }}"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false

# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576

# The Kibana server's name.  This is used for display purposes.
server.name: "{{ KIBANA_SERVER_NAME }}"

# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://{{ ansible_default_ipv4.address }}:9200"]

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana"
elasticsearch.password: "{{ KIBANA_PASSWORD }}"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000

# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false

# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid

# Enables you specify a file where Kibana stores log output.
#logging.dest: stdout

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
i18n.locale: "zh-CN"

8.3.2 kibana.service.j2

[Unit]
Description=Kibana

[Service]
Type=simple
User=elastic
Group=elastic
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
EnvironmentFile=-/etc/default/kibana
ExecStart={{ INSTALL_DIR }}/kibana-7.6.2-linux-x86_64/bin/kibana
Restart=always

[Install]
WantedBy=multi-user.target

# If this is set to 1, then when stop is called, if the process has
# not exited within a reasonable time, SIGKILL will be sent next.
# The default behavior is to simply log a message "program stop failed; still running"
KILL_ON_STOP_TIMEOUT=0

8.4. 运行ansible-playbook

ansible-playbook -i /etc/ansible/hosts kibana/main.yml

8.4. 安装成功

浏览器打开http://192.168.0.129:5601/

image.png image.png