x/browbeat
Code Issues Proposed changes
3980cf5e86
browbeat/ansible/gen_hostfile.sh
Will Foster 21f1f28ab3 Add ELK stack and ELK client Ansible playbooks. 
Fixes for this patchset:
- split out elk-openstack-client.yml to match what's done elsewhere

Fixes for patchset #11:
- split out filebeat into separate role for openstack clients
- update README.md to use elk-openstack-client.yml for this purpose
- cleanup filebeat.yml.j2 to use correct syntax (no need for " anymore)

Fixes for patchset #10:
- add SELinux boolean "httpd_can_network_connect"
- add libsemanage-python package dependency for booleans

Fixes for patchset #9:
- fix for RHEL7 clients, we need to specify remote EPEL rpm
- RHEL7 clients need rpm_key module to import EPEL GPG key
- switch to using uri module instead of curl for checking elasticsearch indices
- add python-httplib2 dependency (needed for uri module)
- use curl -XPOST instead of PUT for filebeat index template in elasticsearch

Fixes from patchset #7
- remove unneeded rpm usage, switch to yum module
- add logic to heapsize tuning so systems > 64G of memory will
  never exceed the 32G recommended heapsize
- logic fix for prepopulating local logs into logstash
- remove elasticsearch.yml, rpm provides this and we're not
  customizing it yet

Fixes from patchset #6:
- use yum repo Ansible module where we can
- remove unecessary EPEL installation (only nginx needs it)
- disable EPEL repo after installation to avoid OpenStack breakage

This adds:

(ELK Server)
- Automated ELK stack deployment
- SSL client generation
- Heap size tuning (1/2 of available memory)
- Firewall port additions (depending on active or not)
  - Supports either firewalld or iptables-services
- Additional upstream Filebeat Kibana dashboards

(ELK Client)
- Sets up filebeat with appropriate SSL certificates
  - utilizes both hostnames and SubjectAltName support (for environments without
    DNS services).

(Usage)

ansible-playbook -i hosts install/elk.yml
ansible-playbook -i hosts install/elk-client.yml --extra-vars 'elk_server=X.X.X.X'

Change-Id: Iee29f985e0bbcdf706ad869f132d4c0f1593a6b6
2016-05-03 15:22:00 -04:00

176 lines
7.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
if [ ! $# -ge 2 ]; then
echo "Usage: ./gen_hostfiles.sh <ospd_ip_address> <ssh_config_file> "
echo "Generates ssh config file to use OSP undercloud host as a jumpbox and creates ansible inventory file."
exit
fi
ospd_ip_address=$1
ansible_inventory_file='hosts'
ssh_config_file=$2
# "Hackish" copy ssh key to self if we are on directly on the undercloud machine:
if [[ "${ospd_ip_address}" == "localhost" ]]; then
cat ~stack/.ssh/id_rsa.pub >> ~stack/.ssh/authorized_keys
chmod 0600 ~stack/.ssh/authorized_keys
sudo bash -c "cat ~stack/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys"
sudo bash -c "chmod 0600 /root/.ssh/authorized_keys"
fi
nodes=$(ssh -t -o "StrictHostKeyChecking no" stack@${ospd_ip_address} ". ~/stackrc; nova list | grep -i -E 'active|running'")
if [ ${#nodes} -lt 1 ]; then
echo "ERROR: nova list failed to execute properly, please check the openstack-nova-api on the undercloud."
exit 1
fi
controller_id=$(ssh -t -o "StrictHostKeyChecking no" stack@${ospd_ip_address} ". ~/stackrc; heat resource-show overcloud Controller | grep physical_resource_id" | awk '{print $4}')
if [ ${#controller_id} -lt 1 ]; then
echo "Error: Controller ID is not reporting correctly. Please see check the openstack-heat-api on the undercloud."
exit 1
fi
compute_id=$(ssh -t -o "StrictHostKeyChecking no" stack@${ospd_ip_address} ". ~/stackrc; heat resource-show overcloud Compute | grep physical_resource_id" | awk '{print $4}')
if [ ${#controller_id} -lt 1 ]; then
echo "Error: Compute ID is not reporting correctly. Please see check the openstack-heat-api on the undercloud."
exit 1
fi
controller_ids=$(ssh -t -o "StrictHostKeyChecking no" stack@${ospd_ip_address} ". ~/stackrc; heat resource-list ${controller_id} | grep -i controller" | awk '{print $2}')
if [ ${#controller_id} -lt 1 ]; then
echo "Error: Controller IDs is not reporting correctly. Please see check the openstack-heat-api on the undercloud."
exit 1
fi
compute_ids=$(ssh -t -o "StrictHostKeyChecking no" stack@${ospd_ip_address} ". ~/stackrc; heat resource-list ${compute_id} | grep -i compute" | awk '{print $2}')
if [ ${#controller_id} -lt 1 ]; then
echo "Error: Compute IDs is not reporting correctly. Please see check the openstack-heat-api on the undercloud."
exit 1
fi
controller_uuids=()
for controller in ${controller_ids}
do
controller_uuids+=$(ssh -t -o "StrictHostKeyChecking no" stack@${ospd_ip_address} ". ~/stackrc; heat resource-show ${controller_id} ${controller} | grep -i nova_server_resource" | awk '{print $4}')
done
compute_uuids=()
for compute in ${compute_ids}
do
compute_uuids+=$(ssh -t -o "StrictHostKeyChecking no" stack@${ospd_ip_address} ". ~/stackrc; heat resource-show ${compute_id} ${compute} | grep -i nova_server_resource" | awk '{print $4}')
done
echo ""
echo "---------------------------"
echo "Creating ssh config file:"
echo "---------------------------"
echo ""
echo "# Generated by gen_hostfile.sh from browbeat" | tee ${ssh_config_file}
echo "" | tee -a ${ssh_config_file}
echo "Host undercloud" | tee -a ${ssh_config_file}
echo " Hostname ${ospd_ip_address}" | tee -a ${ssh_config_file}
echo " IdentityFile ~/.ssh/id_rsa" | tee -a ${ssh_config_file}
echo " StrictHostKeyChecking no" | tee -a ${ssh_config_file}
echo " UserKnownHostsFile=/dev/null" | tee -a ${ssh_config_file}
echo "" | tee -a ${ssh_config_file}
echo "Host undercloud-root" | tee -a ${ssh_config_file}
echo " Hostname ${ospd_ip_address}" | tee -a ${ssh_config_file}
echo " User root" | tee -a ${ssh_config_file}
echo " IdentityFile ~/.ssh/id_rsa" | tee -a ${ssh_config_file}
echo " StrictHostKeyChecking no" | tee -a ${ssh_config_file}
echo " UserKnownHostsFile=/dev/null" | tee -a ${ssh_config_file}
echo "" | tee -a ${ssh_config_file}
echo "Host undercloud-stack" | tee -a ${ssh_config_file}
echo " Hostname ${ospd_ip_address}" | tee -a ${ssh_config_file}
echo " User stack" | tee -a ${ssh_config_file}
echo " IdentityFile ~/.ssh/id_rsa" | tee -a ${ssh_config_file}
echo " StrictHostKeyChecking no" | tee -a ${ssh_config_file}
echo " UserKnownHostsFile=/dev/null" | tee -a ${ssh_config_file}
compute_hn=()
controller_hn=()
ceph_hn=()
IFS=$'\n'
for line in $nodes; do
uuid=$(echo $line | awk '{print $2}')
host=$(echo $line | awk '{print $4}')
IP=$(echo $line | awk '{print $12}' | cut -d "=" -f2)
if grep -q $uuid <<< {$controller_uuids}; then
controller_hn+=("$host")
elif grep -q $uuid <<< {$compute_uuids}; then
compute_hn+=("$host")
else
ceph_hn+=("$host")
fi
echo "" | tee -a ${ssh_config_file}
echo "Host ${host}" | tee -a ${ssh_config_file}
echo " ProxyCommand ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ConnectTimeout=60 -i ~/.ssh/id_rsa undercloud-stack -W ${IP}:22" | tee -a ${ssh_config_file}
echo " User heat-admin" | tee -a ${ssh_config_file}
echo " IdentityFile ~/.ssh/heat-admin-id_rsa" | tee -a ${ssh_config_file}
echo " StrictHostKeyChecking no" | tee -a ${ssh_config_file}
echo " UserKnownHostsFile=/dev/null" | tee -a ${ssh_config_file}
done
echo ""
echo "---------------------------"
echo "Creating ansible inventory file:"
echo "---------------------------"
echo ""
echo "[undercloud]" | tee ${ansible_inventory_file}
echo "undercloud" | tee -a ${ansible_inventory_file}
if [[ ${#controller_hn} -gt 0 ]]; then
echo "" | tee -a ${ansible_inventory_file}
echo "[controller]" | tee -a ${ansible_inventory_file}
for ct in ${controller_hn[@]}; do
echo "${ct}" | tee -a ${ansible_inventory_file}
done
fi
if [[ ${#compute_hn} -gt 0 ]]; then
echo "" | tee -a ${ansible_inventory_file}
echo "[compute]" | tee -a ${ansible_inventory_file}
for c in ${compute_hn[@]}; do
echo "${c}" | tee -a ${ansible_inventory_file}
done
fi
if [[ ${#ceph_hn} -gt 0 ]]; then
echo "" | tee -a ${ansible_inventory_file}
echo "[ceph]" | tee -a ${ansible_inventory_file}
for ceph in ${ceph_hn[@]}; do
echo "${ceph}" | tee -a ${ansible_inventory_file}
done
fi
echo "" | tee -a ${ansible_inventory_file}
echo "[graphite]" | tee -a ${ansible_inventory_file}
echo "## example host entry." | tee -a ${ansible_inventory_file}
echo "#host-01" | tee -a ${ansible_inventory_file}
echo "" | tee -a ${ansible_inventory_file}
echo "[grafana]" | tee -a ${ansible_inventory_file}
echo "## example host entry." | tee -a ${ansible_inventory_file}
echo "#host-02" | tee -a ${ansible_inventory_file}
echo "---------------------------"
echo "IMPORTANT: If you plan on deploying graphite and grafana, update hosts and make sure"
echo " the [graphite] and [grafana] hosts entries are updated with valid hosts."
echo " You will need to have passwordless access to root on these hosts."
echo "---------------------------"
echo "" | tee -a ${ansible_inventory_file}
echo "[elk]" | tee -a ${ansible_inventory_file}
echo "## example host entry." | tee -a ${ansible_inventory_file}
echo "#host-01" | tee -a ${ansible_inventory_file}
echo "" | tee -a ${ansible_inventory_file}
echo "[elk-client]" | tee -a ${ansible_inventory_file}
echo "## example host entry." | tee -a ${ansible_inventory_file}
echo "#host-02" | tee -a ${ansible_inventory_file}
echo "---------------------------"
echo "IMPORTANT: If you plan on deploying ELK and ELK clients, update hosts and make sure"
echo " the [elk] and [elk-client] hosts entries are updated with valid hosts."
echo " You will need to have passwordless access to root on these hosts."
echo "---------------------------"
# Before referencing a host in ~/.ssh/config, ensure correct permissions on ssh config file
chmod 0600 ${ssh_config_file}
# Copy heat-admin key so we can use jumpbox
echo ""
echo "---------------------------"
echo "Copying heat-admin key to local machine(~/.ssh/heat-admin-id_rsa) to for use with ssh config file"
echo "---------------------------"
echo ""
scp "stack@${ospd_ip_address}":/home/stack/.ssh/id_rsa ~/.ssh/heat-admin-id_rsa
View Git Blame Copy Permalink