{"id":13752955,"url":"https://github.com/sadsfae/ansible-elk","last_synced_at":"2026-01-24T10:29:02.865Z","repository":{"id":37445099,"uuid":"55609784","full_name":"sadsfae/ansible-elk","owner":"sadsfae","description":":bar_chart: Ansible playbook for setting up an ELK/EFK stack and clients.","archived":false,"fork":false,"pushed_at":"2023-04-29T14:13:42.000Z","size":2210,"stargazers_count":338,"open_issues_count":4,"forks_count":192,"subscribers_count":22,"default_branch":"master","last_synced_at":"2024-11-16T05:32:25.791Z","etag":null,"topics":["ansible","centos","efk","elasticsearch","elk","fluentd","kibana","logstash","playbook","rhel"],"latest_commit_sha":null,"homepage":"https://hobo.house/2016/04/08/automate-elk-stack-and-clients-with-ansible/","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sadsfae.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-04-06T13:48:53.000Z","updated_at":"2024-11-15T02:40:00.000Z","dependencies_parsed_at":"2024-07-29T09:45:38.121Z","dependency_job_id":null,"html_url":"https://github.com/sadsfae/ansible-elk","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sadsfae%2Fansible-elk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sadsfae%2Fansible-elk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sadsfae%2Fansible-elk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sadsfae%2Fansible-elk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sadsfae","download_url":"https://codeload.github.com/sadsfae/ansible-elk/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253321803,"owners_count":21890467,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","centos","efk","elasticsearch","elk","fluentd","kibana","logstash","playbook","rhel"],"created_at":"2024-08-03T09:01:13.402Z","updated_at":"2026-01-24T10:29:02.822Z","avatar_url":"https://github.com/sadsfae.png","language":"Jinja","funding_links":[],"categories":["rhel"],"sub_categories":[],"readme":"ansible-elk\n===========\nAnsible Playbook for setting up the ELK/EFK Stack and Filebeat client on remote hosts\n\n![ELK](/image/ansible-elk.png?raw=true)\n\n[![GA](https://github.com/sadsfae/ansible-elk/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/sadsfae/ansible-elk/actions)\n\n## What does it do?\n   - Automated deployment of a full 6.x series ELK or EFK stack (Elasticsearch, Logstash/Fluentd, Kibana)\n     * `5.6` and `2.4` ELK versions are maintained as branches and `master` branch will be 6.x currently.\n     * Uses Nginx as a reverse proxy for Kibana, or optionally Apache via `apache_reverse_proxy: true`\n     * Generates SSL certificates for Filebeat or Logstash-forwarder\n     * Adds either iptables or firewalld rules if firewall is active\n     * Tunes Elasticsearch heapsize to half your memory, to a max of 32G\n     * Deploys ELK clients using SSL and Filebeat for Logstash (Default)\n     * Deploys rsyslog if Fluentd is chosen over Logstash, picks up\n       the same set of OpenStack-related logs in /var/log/*\n     * All service ports can be modified in ```install/group_vars/all.yml```\n     * Optionally install [curator](https://www.elastic.co/guide/en/elasticsearch/client/curator/current/index.html)\n     * Optionally install [Elastic X-Pack Suite](https://www.elastic.co/guide/en/x-pack/current/xpack-introduction.html)\n     * This is also available on [Ansible Galaxy](https://galaxy.ansible.com/sadsfae/ansible-elk/)\n\n## Requirements\n   - RHEL7 or CentOS7 server/client with no modifications\n   - RHEL7/CentOS7, Rocky or Fedora for ELK clients using Filebeat\n   - ELK/EFK server with at least 8G of memory (you can try with less but 5.x series is quite demanding - try 2.4 series if you have scarce resources).\n   - You may want to modify ```vm.swappiness``` as ELK/EFK is demanding and swapping kills the responsiveness.\n     - I am leaving this up to your judgement.\n```\necho \"vm.swappiness=10\" \u003e\u003e /etc/sysctl.conf\nsysctl -p\n```\n\n## Notes\n   - Current ELK version is 6.x but you can checkout the 5.6 or 2.4 branch if you want that series\n   - I will update this playbook for major ELK versions going forward as time allows.\n   - Sets the nginx htpasswd to admin/admin initially\n   - nginx ports default to 80/8080 for Kibana and SSL cert retrieval (configurable)\n   - Uses OpenJDK for Java\n   - It's fairly quick, takes around 3minutes on a test VM\n   - Fluentd can be substituted for the default Logstash\n     - Set ```logging_backend: fluentd``` in ```group_vars/all.yml```\n   - Install curator by setting ```install_curator_tool: true``` in ```install/group_vars/all.yml```\n   - Install [Elastic X-Pack Suite](https://www.elastic.co/guide/en/x-pack/current/xpack-introduction.html) for Elasticsearch, LogStash or Kibana via:\n     - ```install_elasticsearch_xpack: true```\n     - ```install_kibana_xpack: true```\n     - ```install_logstash_xpack: true```\n     - Note: Deploying X-Pack will wrap your ES with additional authentication and security, Kibana for example will have it's own credentials now - the default is username: ```elastic``` and password: ```changeme```\n\n## ELK/EFK Server Instructions\n   - Clone repo and setup your hosts file\n```\ngit clone https://github.com/sadsfae/ansible-elk\ncd ansible-elk\nsed -i 's/host-01/elkserver/' hosts\nsed -i 's/host-02/elkclient/' hosts\n```\n   - If you're using a non-root user for Ansible, e.g. AWS EC2 likes to use ec2-user then set the follow below, default is root.\n\n```\nansible_system_user: ec2-user\n```\n\n   - Run the playbook\n```\nansible-playbook -i hosts install/elk.yml\n```\n   - (see playbook messages)\n   - Navigate to the ELK at http://host-01:80 (default, nginx) or http://host-01/kibana (apache)\n   - Default login is:\n      - username: ```admin```\n      - password: ```admin```\n\n### Create your Kibana Index Pattern\n   - Next you'll login to your Kibana instance and create a Kibana index pattern.\n\n![ELK](/image/elk6-0.png?raw=true \"Click Explore on my Own\")\n\n   - Note: Sample data can be useful, you can try it later however.\n\n![ELK](/image/elk6-1.png?raw=true \"Click Discover\")\n\n![ELK](/image/elk6-2.png?raw=true \"Create index pattern\")\n\n![ELK](/image/elk6-3.png?raw=true \"Select @timestamp from the drop-down and create index pattern\")\n\n![ELK](/image/elk6-4.png?raw=true \"Click Discover\")\n\n   - At this point you can setup your client(s) to start sending data via Filebeat/SSL\n\n## ELK Client Instructions\n   - Run the client playbook against the generated ``elk_server`` variable\n```\nansible-playbook -i hosts install/elk-client.yml --extra-vars 'elk_server=X.X.X.X'\n```\n   - Once this completes return to your ELK and you'll see log results come in from ELK/EFK clients via filebeat\n\n![ELK](/image/elk6-5.png?raw=true \"watch the magic\")\n\n## 5.6 ELK/EFK (Deprecated)\n   - The 5.6 series of ELK/EFK is also available, to use this just use the 5.6 branch\n```\ngit clone https://github.com/sadsfae/ansible-elk\ncd ansible-elk\ngit checkout 5.6\n```\n## 2.4 ELK/EFK (Deprecated)\n   - The 2.4 series of ELK/EFK is also available, to use this just use the 2.4 branch\n```\ngit clone https://github.com/sadsfae/ansible-elk\ncd ansible-elk\ngit checkout 2.4\n```\n   - You can view a deployment video here:\n\n[![Ansible Elk](http://img.youtube.com/vi/6is6Ecxc2zE/0.jpg)](http://www.youtube.com/watch?v=6is6Ecxc2zE \"Deploying ELK with Ansible\")\n\n\n## File Hierarchy\n```\n.\n├── hosts\n├── install\n│   ├── elk_client.yml\n│   ├── elk.yml\n│   ├── group_vars\n│   │   └── all.yml\n│   └── roles\n│       ├── apache\n│       │   ├── tasks\n│       │   │   └── main.yml\n│       │   └── templates\n│       │       ├── 8080vhost.conf.j2\n│       │       └── kibana.conf.j2\n│       ├── curator\n│       │   ├── files\n│       │   │   └── curator.repo\n│       │   ├── tasks\n│       │   │   └── main.yml\n│       │   └── templates\n│       │       ├── curator-action.yml.j2\n│       │       └── curator-config.yml.j2\n│       ├── elasticsearch\n│       │   ├── files\n│       │   │   ├── elasticsearch.in.sh\n│       │   │   └── elasticsearch.repo\n│       │   ├── tasks\n│       │   │   └── main.yml\n│       │   └── templates\n│       │       └── elasticsearch.yml.j2\n│       ├── elk_client\n│       │   ├── files\n│       │   │   └── elk.repo\n│       │   └── tasks\n│       │       └── main.yml\n│       ├── filebeat\n│       │   ├── meta\n│       │   │   └── main.yml\n│       │   ├── tasks\n│       │   │   └── main.yml\n│       │   └── templates\n│       │       ├── filebeat.yml.j2\n│       │       └── rsyslog-openstack.conf.j2\n│       ├── firewall\n│       │   ├── handlers\n│       │   │   └── main.yml\n│       │   └── tasks\n│       │       └── main.yml\n│       ├── fluentd\n│       │   ├── files\n│       │   │   ├── filebeat-index-template.json\n│       │   │   └── fluentd.repo\n│       │   ├── tasks\n│       │   │   └── main.yml\n│       │   └── templates\n│       │       ├── openssl_extras.cnf.j2\n│       │       └── td-agent.conf.j2\n│       ├── heartbeat\n│       │   ├── meta\n│       │   │   └── main.yml\n│       │   ├── tasks\n│       │   │   └── main.yml\n│       │   └── templates\n│       │       └── heartbeat.yml.j2\n│       ├── instructions\n│       │   └── tasks\n│       │       └── main.yml\n│       ├── kibana\n│       │   ├── files\n│       │   │   └── kibana.repo\n│       │   ├── tasks\n│       │   │   └── main.yml\n│       │   └── templates\n│       │       └── kibana.yml.j2\n│       ├── logstash\n│       │   ├── files\n│       │   │   ├── filebeat-index-template.json\n│       │   │   └── logstash.repo\n│       │   ├── tasks\n│       │   │   └── main.yml\n│       │   └── templates\n│       │       ├── 02-beats-input.conf.j2\n│       │       ├── logstash.conf.j2\n│       │       └── openssl_extras.cnf.j2\n│       ├── metricbeat\n│       │   ├── meta\n│       │   │   └── main.yml\n│       │   ├── tasks\n│       │   │   └── main.yml\n│       │   └── templates\n│       │       └── metricbeat.yml.j2\n│       ├── nginx\n│       │   ├── tasks\n│       │   │   └── main.yml\n│       │   └── templates\n│       │       ├── kibana.conf.j2\n│       │       └── nginx.conf.j2\n│       ├── packetbeat\n│       │   ├── meta\n│       │   │   └── main.yml\n│       │   ├── tasks\n│       │   │   └── main.yml\n│       │   └── templates\n│       │       └── packetbeat.yml.j2\n│       └── xpack\n│           └── tasks\n│               └── main.yml\n└── meta\n    └── main.yml\n\n56 directories, 52 files\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsadsfae%2Fansible-elk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsadsfae%2Fansible-elk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsadsfae%2Fansible-elk/lists"}