Commit 129f31cd authored by Nugzar Gamtsemlidze's avatar Nugzar Gamtsemlidze
Browse files

Added precheck of available CPU/RAM. Restrict elasticsearch/logstash versions...

Added precheck of available CPU/RAM. Restrict elasticsearch/logstash versions to 7.16.1 or higher (avoid installation of log4j vulnerable versions)
parent 59d64ae9
......@@ -9,7 +9,7 @@
> #### Minimal Hardware Requirements for the single node installation
>
> - 2 Core
> - 4 Core
> - 8GB Ram
> - 10GB Free space
......
......@@ -14,6 +14,14 @@
- ansible_distribution_release != 'buster'
- ansible_distribution_release != 'bullseye'
- name: Print error if not enough CPU/RAM resources available on target server
fail: msg="You are trying to install WAS on server with lower CPU/RAM resources than required. Please read the README file for details"
when: (ansible_processor_nproc < 4) or (ansible_memtotal_mb <= 7800)
- name: Break if elasticsearch_kibana_version variable is set and elasticsearch/kibana version is less then 7.16.1 or greater than 8.0
fail: msg="Elasticsearch/kibana version you defined in var/main.yml is not higher than 7.16.1 and lower than 8.0."
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Ensure dig and gpg are installed
apt:
update_cache: true
......@@ -39,10 +47,6 @@
fail: msg="There is no or wrong DNS record for {{ was_server_hostname }}-elastic.{{ was_server_domainname }}. It must be resolve to {{ ipify_public_ip }} which is not the case. Please read README for requirements"
when: was_elastic_dns_record.stdout != ipify_public_ip
- name: Break if elasticsearch_kibana_version variable is set and elasticsearch/kibana version is not 7.x
fail: msg="Elasticsearch/kibana version you defined in var/main.yml is not 7.x. Currently only version 7.x is supported"
when: (elasticsearch_kibana_version is defined) and ((elasticsearch_kibana_version < 7.0) or (elasticsearch_kibana_version >= 8.0))
- name: Add elsaticsearch apt signing key
apt_key:
url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
......@@ -76,7 +80,7 @@
cmd: |
apt-cache madison elasticsearch | grep {{ elasticsearch_kibana_version }} | head -n1 | awk -F"|" '{print $2}' | tr -d ' '
register: elasticsearch_kibana_version_latest
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Install elasticsearch specific version if elasticsearch_kibana_version variable is set
apt:
......@@ -85,7 +89,7 @@
- elasticsearch={{ elasticsearch_kibana_version_latest.stdout }}
state: present
dpkg_options: 'force-confold,force-confdef'
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Prevent elasticsearch package from being upgraded if elasticsearch_kibana_version variable is set
dpkg_selections:
......@@ -93,7 +97,7 @@
selection: hold
with_items:
- elasticsearch
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Install latest elasticsearch/logstash 7.x versions if elasticsearch_kibana_version variable is not set
apt:
......
......@@ -14,6 +14,10 @@
- ansible_distribution_release != 'buster'
- ansible_distribution_release != 'bullseye'
- name: Break if elasticsearch_kibana_version variable is set and elasticsearch/kibana version is less then 7.16.1 or greater than 8.0
fail: msg="Elasticsearch/kibana version you defined in var/main.yml is not higher than 7.16.1 and lower than 8.0."
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Ensure dig and gpg installed
apt:
update_cache: true
......@@ -39,10 +43,6 @@
fail: msg="There is no or wrong DNS record for {{ was_server_hostname }}-kibana.{{ was_server_domainname }}. It must be resolve to {{ ipify_public_ip }} which is not the case. Please read README for requirements"
when: was_kibana_dns_record.stdout != ipify_public_ip
- name: Break if elasticsearch_kibana_version variable is set and elasticsearch/kibana version is not 7.x
fail: msg="Elasticsearch/kibana version you defined in var/main.yml is not 7.x. Currently only version 7.x is supported"
when: (elasticsearch_kibana_version is defined) and ((elasticsearch_kibana_version < 7.0) or (elasticsearch_kibana_version >= 8.0))
- name: Add elsaticsearch apt signing key
apt_key:
url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
......@@ -76,7 +76,7 @@
cmd: |
apt-cache madison kibana | grep {{ elasticsearch_kibana_version }} | head -n1 | awk -F"|" '{print $2}' | tr -d ' '
register: elasticsearch_kibana_version_latest
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Install kibana specific versions if elasticsearch_kibana_version variable is set
apt:
......@@ -85,7 +85,7 @@
- kibana={{ elasticsearch_kibana_version_latest.stdout }}
state: present
dpkg_options: 'force-confold,force-confdef'
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Prevent kibana packages from being upgraded if elasticsearch_kibana_version variable is set
dpkg_selections:
......@@ -93,7 +93,7 @@
selection: hold
with_items:
- kibana
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Install latest kibana 7.x versions if elasticsearch_kibana_version variable is not set
apt:
......@@ -102,6 +102,7 @@
- kibana
state: present
dpkg_options: 'force-confold,force-confdef'
when: elasticsearch_kibana_version is not defined
- name: Remove useless packages from the cache
apt:
......
......@@ -14,6 +14,10 @@
- ansible_distribution_release != 'buster'
- ansible_distribution_release != 'bullseye'
- name: Break if elasticsearch_kibana_version variable is set and elasticsearch/kibana version is less then 7.16.1 or greater than 8.0
fail: msg="Elasticsearch/kibana version you defined in var/main.yml is not higher than 7.16.1 and lower than 8.0."
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Ensure dig and gpg are installed
apt:
update_cache: true
......@@ -39,10 +43,6 @@
fail: msg="There is no or wrong DNS record for {{ was_server_hostname }}-logstash.{{ was_server_domainname }}. It must be resolve to {{ ipify_public_ip }} which is not the case. Please read README for requirements"
when: was_logstash_dns_record.stdout != ipify_public_ip
- name: Break if elasticsearch_kibana_version variable is set and elasticsearch/kibana version is not 7.x
fail: msg="Elasticsearch/kibana version you defined in var/main.yml is not 7.x. Currently only version 7.x is supported"
when: (elasticsearch_kibana_version is defined) and ((elasticsearch_kibana_version < 7.0) or (elasticsearch_kibana_version >= 8.0))
- name: Add elsaticsearch apt signing key
apt_key:
url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
......@@ -77,7 +77,7 @@
cmd: |
apt-cache madison logstash | grep {{ elasticsearch_kibana_version }} | head -n1 | awk -F"|" '{print $2}' | tr -d ' '
register: elasticsearch_kibana_version_latest
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Install logstash specific version if elasticsearch_kibana_version variable is set
apt:
......@@ -86,7 +86,7 @@
- logstash={{ elasticsearch_kibana_version_latest.stdout }}
state: present
dpkg_options: 'force-confold,force-confdef'
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Prevent logstash packages from being upgraded if elasticsearch_kibana_version variable is set
dpkg_selections:
......@@ -94,7 +94,7 @@
selection: hold
with_items:
- logstash
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Install latest logstash 7.x version if elasticsearch_kibana_version variable is not set
apt:
......@@ -103,6 +103,7 @@
- logstash
state: present
dpkg_options: 'force-confold,force-confdef'
when: elasticsearch_kibana_version is not defined
- name: Remove useless packages from the cache
apt:
......
......@@ -7,6 +7,14 @@
- ansible_distribution_release != 'buster'
- ansible_distribution_release != 'bullseye'
- name: Print error if not enough CPU/RAM resources available on target server
fail: msg="You are trying to install WAS on server with lower CPU/RAM resources than required. Please read the README file for details"
when: (ansible_processor_nproc < 4) or (ansible_memtotal_mb <= 7800)
- name: Break if elasticsearch_kibana_version variable is set and elasticsearch/kibana version is less then 7.16.1 or greater than 8.0
fail: msg="Elasticsearch/kibana version you defined in var/main.yml is not higher than 7.16.1 and lower than 8.0."
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Ensure dig and gpg are installed
apt:
update_cache: true
......@@ -62,10 +70,6 @@
fail: msg="There is no or wrong DNS record for {{ was_server_hostname }}-kibana.{{ was_server_domainname }}. It must be resolve to {{ ipify_public_ip }} which is not the case. Please read README for requirements"
when: was_kibana_dns_record.stdout != ipify_public_ip
- name: Break if elasticsearch_kibana_version variable is set and elasticsearch/kibana version is not 7.x
fail: msg="Elasticsearch/kibana version you defined in var/main.yml is not 7.x. Currently only version 7.x is supported"
when: (elasticsearch_kibana_version is defined) and ((elasticsearch_kibana_version < 7.0) or (elasticsearch_kibana_version >= 8.0))
- name: Set a FQDN hostname
hostname:
name: "{{ was_server_hostname }}"
......@@ -139,14 +143,14 @@
cmd: |
apt-cache madison elasticsearch | grep {{ elasticsearch_kibana_version }} | head -n1 | awk -F"|" '{print $2}' | tr -d ' '
register: elasticsearch_kibana_version_latest
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Find latest minor verions of logstash if elasticsearch_kibana_version variable is set and no minor version specified
shell:
cmd: |
apt-cache madison logstash | grep {{ elasticsearch_kibana_version }} | head -n1 | awk -F"|" '{print $2}' | tr -d ' '
register: logstash_version_latest
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Install elasticsearch/kibana/logstash specific versions if elasticsearch_kibana_version variable is set
apt:
......@@ -157,7 +161,7 @@
- logstash={{ logstash_version_latest.stdout }}
state: present
dpkg_options: 'force-confold,force-confdef'
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Prevent elasticsearch/kibana packages from being upgraded if elasticsearch_kibana_version variable is set
dpkg_selections:
......@@ -167,7 +171,7 @@
- elasticsearch
- kibana
- logstash
when: (elasticsearch_kibana_version is defined) and (elasticsearch_kibana_version >= 7.0) and (elasticsearch_kibana_version <= 8.0)
when: elasticsearch_kibana_version is defined and (elasticsearch_kibana_version is version('7.16.1', '<', strict=True) or elasticsearch_kibana_version is version('8.0', '>=', strict=True))
- name: Install latest elasticsearch/kibana 7.x versions if elasticsearch_kibana_version variable is not set
apt:
......@@ -177,10 +181,10 @@
- kibana
- logstash
state: present
when: elasticsearch_kibana_version is not defined
- name: Install wifimon-agent package
apt:
#deb: http://83.97.95.167/manual/wifimon-agent-{{ wifimon_agent_version }}.deb
deb: https://s3.grena.ge/wifimon-agent/wifimon-agent-{{ wifimon_agent_version }}.deb
dpkg_options: 'force-confold,force-confdef'
......
# Password variable values below are just examples. Don not use them in production! Set your own secure passwords!
---
# Uncoment and set variable elasticsearch_kibana_version below if you wish to install specific versions of elasticsearch/kibana/logstash. These 3 packages will be prevent from being upgraded. The value of this variable can only be float. For example 7.15. Not 7, or 7.15.1. Currently only elasticsearch/kibana/logstash versions 7.x are supported. If you do not define this variable, latest 7.x version packages will be installed.
#elasticsearch_kibana_version: 7.14
# Uncoment and set variable elasticsearch_kibana_version below if you wish to install specific versions of elasticsearch/kibana/logstash. These 3 packages will be prevent from being upgraded. The value of this variable can be float, or complex version number. For example 7.16, or 7.16.1. Currently only elasticsearch/kibana/logstash versions 7.x are supported. If you do not define this variable, latest 7.x version packages will be installed. Due to log4j vulnerability please don't use elasticsearch/logstash version lower than 7.16.1.
#elasticsearch_kibana_version: 7.16.1
# Please set the value of variable <wifimon_agent_version> below to 1.4.0 or higher. This playbook will not work with older versions
wifimon_agent_version: 1.4.1
# It is necessary to set following variable (postgresl_version). Leave it to default value if you are not sure, or you do not requere any specific version of PostgreSQL
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment