README.md 7.63 KB
Newer Older
Nugzar Gamtsemlidze's avatar
Nugzar Gamtsemlidze committed
1
2
# Info

Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
3
4
5
6
7
8
9
> #### Supported Operating Systems
>
> - Debian 10
> - Debian 11
> - Ubuntu 18.04
> - Ubuntu 20.04

Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
10
> #### Minimal Hardware Requirements for the single node installation
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
11
12
13
14
15
>
> - 2 Core
> - 8GB Ram
> - 10GB Free space

Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
16
17
##### Clone the project by running:  

Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
18
	git clone git@gitlab.grena.ge:nugzar/wifimon-ansible.git
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
19
20
21
22
23

##### CD to project directory:

	cd wifimon-ansible

Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
24
Please, set the value of `<wifimon_agent_version>` variable in `vars/main.yml` to `1.4.0` or newer. Older versions of wifimon-agent packages are not supported.
Nugzar Gamtsemlidze's avatar
Nugzar Gamtsemlidze committed
25

Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
26
27
---

28
# Usage for single node installation (all in one):
Nugzar Gamtsemlidze's avatar
Nugzar Gamtsemlidze committed
29

Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
30
31
32
33
34
35
36
37
1. Adjust the **IP** address (or **FQDN**) under **[WAS]** section in `hosts.cfg` file. Set **IP** or **FQDN** of the server on which you plan to install **WAS**
```bash
vim hosts.cfg
```
2. Ensure, that your ansible machine have the root access over **SSH** to a target server *(add your SSH public key to /root/.ssh/authorized_keys)*
```bash
ansible -m ping WAS
```
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
38
4. Ensure that the WAS server has the public **IP** address, ***(or is **NATed** in public **IP**)*** and **TCP** ports **80,443** are accessable from the internet.
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
39
5. Ensure that the **FQDN** of **WAS** ***(configured as a combination of **`was_server_hostname`** and **`was_server_domainname`** variables in **`vars/main.yml`**)*** has the **DNS** record of type **A** and resolves to the public **IP** of the **WAS** itself, which is set in **hosts.cfg** file under the **`[WAS]`** section.  
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
40
41
In our case we have:
```bash
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
42
cat vars/main.yml |egrep 'was_server_hostname|was_server_domainname'
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
43
```
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
44
![Tux, the Linux mascot](./files/vars.png)  
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
45
46
47
48
49
And so, the domain name **`was.grena.ge`** resolves to the **`IP`** address, which is set in **hosts.cfg** file under the **`[WAS]`** section:
```ini
[WAS]
217.147.232.109
```
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
50
So, you need to set these two variables: **`was_server_hostname:your_was_hostname_here`** and **`was_server_domainname:your_domain_name_here.com`** in **`vars/main.yaml`** file.  
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
51
52
53
54
6. Following 3 **FQDNs** should be pointed to the same **IP** as **`WAS`**
   - `<was_server_hostname>-ui.<was_server_domainname>`
   - `<was_server_hostname>-elastic.<was_server_domainname>`
   - `<was_server_hostname>-kibana.<was_server_domainname>`
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
55
56
57
58
59
60
61
> In our case we have:
>
> - was-ui.grena.ge
> - was-elastic.grena.ge
> - was-kibana.grena.ge

And, as was mentioned earlier, these domains have the same **`IP`** of **`217.147.232.109`** as the **`was.grena.ge`** domain.  
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
62
63
64
7. Adjust some additional variables (like package versions, database username, admin password) in `vars/main.yml` file. **Do not use** default passwords in production! Set your own secure passwords!  
8. Run the command: **`ansible-playbook wifimon.yml`**  
9. Have a coffee and come back in a few minutes.  
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
65
10. Access the wifimon web-ui `https://<was_server_hostname>-ui.<was_server_domainname>`  
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
66
67
We have a url:  
   <https://was-ui.grena.ge>  
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
68
69
   Credentials are `<wifimon_admin_email>` `<wifimon_admin_pass>` defined in `vars/main.yml`.  
   If you have not changed the admin credentials in `vars/main.yml` file, defaults are **Email: admin@test.com, Password: th1sIs@Secret**  
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
70
   Credentails for the second login window ***(login in kibana)*** are `username:` **elastic** `password:` **<elastic_elasticsearch_password>**,  defined in `vars/main.yml`  
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
71
72
73
74
75
11. To show wifimon-agent logs run the command:
```bash
journalctl -f wifimon.service
```
12. To send the logs to the logstash using `filebeat`, configure output section in `/etc/filebeat/filebeat.yml` as follow:  
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
76
```yml
77
78
79
80
    output.logstash:
      hosts: ["<was_server_hostname>-elastic.<was_server_domainname>:5044"]
      ssl.certificate_authorities:
        - /etc/ssl/certs/ca-certificates.crt   
Tsotne Gozalishvili's avatar
README    
Tsotne Gozalishvili committed
81
```
82
83
84

# Usage for multi node installation (dedicated servers for elasticsearch, kibana and wifimon-agent):

85
1. Adjust IP addresses (or FQDNs) under [WAS], [WAS_ELASTIC], [WAS_KIBANA], [WAS_PGSQL] and [WAS_LOGSTASH] in hosts.cfg file. Set IPs or FQDNs of the servers on which you plan to install WAS, elasticsearch, kibana, PostgreSQL and Logstash. Do not forgot to set value of variable <wifimon_database_host> to PostgreSQL servers address (usually it is the same address you set as [WAS_PGSQL] in hosts.cfg)
86
87
2. Ensure you have root access over SSH to target servers (add your SSH public key to /root/.ssh/authorized_keys)
3. Adjust some variables (like package versions, database username, admin password) in vars/main.yml file. Do not use default passwords in production! Set your own secure passwords!
88
89
90
91
4. Ensure that WAS, WAS_ELASTIC, WAS_KIBANA servers have public IPs, or are NATed in public IPs and TCP ports 80,443 are accessable from internet on these IPs
5. Ensure that WAS_LOGSTASH server has public IP, or is NATed in public IPs and TCP port 5044 are accessable from internet on these IPs
6. Ensure that WAS servers FQDN (configured as was_server_hostname was_server_domainname variables in vars/main.yml) has DNS record of type A which resolves to WAS servers public IP
7. Ensure that WAS_ELASTIC servers FQDN have DNS records of type A which resolves to WAS_ELASTIC servers public IP like this:
92
93
   <br>
   <was_server_hostname>-elastic.<was_server_domainname> where <was_server_hostname> and <was_server_domainname> are variable values defined in vars/main.yml (for examle was-elastic.example.com)
94
8. Ensure that WAS_KIBANA servers FQDN have DNS records of type A which resolves to WAS_KIBANA servers public IP like this:
95
96
   <br>
   <was_server_hostname>-kibana.<was_server_domainname> where <was_server_hostname> and <was_server_domainname> are variable values defined in vars/main.yml (for examle was-kibana.example.com)
97
9. Ensure that WAS_UI FQDN have DNS records of type A which resolves to WAS servers public IP like this:
98
99
   <br>
   <was_server_hostname>-ui.<was_server_domainname> where <was_server_hostname> and <was_server_domainname> are variable values defined in vars/main.yml (for examle was-ui.example.com)
100
101
102
103
10. Ensure that WAS_LOGSTASH FQDN have DNS records of type A which resolves to WAS_LOGSTASH servers public IP like this:
   <br>
   <was_server_hostname>-logstash.<was_server_domainname> where <was_server_hostname> and <was_server_domainname> are variable values defined in vars/main.yml (for examle was-logstash.example.com)
11. Run Commands in this order: 
104
105
   1. ansible-playbook -i hosts.cfg 01-elasticsearch.yml
   2. ansible-playbook -i hosts.cfg 02-kibana.yml
106
107
   3. ansible-playbook -i hosts.cfg 03-postgresql.yml
   4. ansible-playbook -i hosts.cfg 04-wifimon-agent.yml
108
109
   4. ansible-playbook -i hosts.cfg 05-logstash.yml
12. Access wifimon web-ui ```https://<was_server_hostname>-ui.<was_server_domainname>``` where <was_server_hostname> and <was_server_domainname> are variable values defined in vars/main.ym (for examle was-ui.example.com).
Nugzar Gamtsemlidze's avatar
Nugzar Gamtsemlidze committed
110
   Credentials are <wifimon_admin_email> <wifimon_admin_pass> where <wifimon_admin_email> <wifimon_admin_pass> are variable values defined in vars/main.yml.
Nugzar Gamtsemlidze's avatar
Nugzar Gamtsemlidze committed
111
   If you do not changed admin credentials in vars/main.yml, defaults are Email: ```admin@test.com```, Password: th1sIs@Secret.
Nugzar Gamtsemlidze's avatar
Nugzar Gamtsemlidze committed
112
   Credentails for second login window (login in kibana) are username: elastic password: <elastic_elasticsearch_password> . Where <elastic_elasticsearch_password> is value of variable defined in vars/main.yml
113
13. To show wifimon-agent logs run command on WAS server: 
Nugzar Gamtsemlidze's avatar
Nugzar Gamtsemlidze committed
114
    <br>
Nugzar Gamtsemlidze's avatar
Nugzar Gamtsemlidze committed
115
    journalctl -f wifimon.service
116
117
118
119
120
121
14. To send logs to logstash using filebeat, configure output section in /etc/filebeat/filebeat.yml as follow:
    output.logstash:
      hosts: ["<was_server_hostname>-logstash.<was_server_domainname>:5044"]
      ssl.certificate_authorities:
        - /etc/ssl/certs/ca-certificates.crt   
    where <was_server_hostname> and <was_server_domainname> are variable values defined in vars/main.yml (for examle was-logstash.example.com)