[MediaWiki-commits] [Gerrit] [WIP] Kibana puppet class - change (operations/puppet)

Fri, 27 Dec 2013 16:41:40 -0800 

BryanDavis has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/104172


Change subject: [WIP] Kibana puppet class
......................................................................

[WIP] Kibana puppet class

Puppet class to install and configure Kibana. This class assumes that an
internal mirror of the kibana github project [0] is available for
deployment via Trebuchet.

It also assumes that SSL termination will be provided by some frontend
proxy, but does not at yet configure such termination. It seems like it
would be possible to terminate SSL via the misc Varnish cluster but that
should be discussed with Operations folks.

[0]: https://github.com/elasticsearch/kibana

Change-Id: I56f921b6b6301c1676bf7911c6e78d4b3a00e1ce
---
M manifests/role/deployment.pp
M manifests/role/logstash.pp
A modules/kibana/files/config.js
A modules/kibana/manifests/init.pp
A modules/kibana/templates/apache.conf.erb
5 files changed, 231 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/72/104172/1

diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp
index a395341..9061898 100644
--- a/manifests/role/deployment.pp
+++ b/manifests/role/deployment.pp
@@ -129,6 +129,10 @@
         'grain'    => 'scholarships',
         'upstream' => 
'https://gerrit.wikimedia.org/r/wikimedia/wikimania-scholarships',
     },
+    'kibana/kibana'      => {
+        'grain'    => 'kibana',
+        'upstream' => 
'https://gerrit.wikimedia.org/r/operations/software/kibana',
+    },
   }
 }
 
diff --git a/manifests/role/logstash.pp b/manifests/role/logstash.pp
index df188e7..1a5f2b2 100644
--- a/manifests/role/logstash.pp
+++ b/manifests/role/logstash.pp
@@ -30,4 +30,12 @@
     }
 
     include ::redis::ganglia
+
+    class { '::kibana':
+        hostname     => 'kibana.wikimedia.org',
+        ldap_authurl => 'ldaps://virt0.wikimedia.org 
virt1000.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn',
+        ldap_binddn  => 'cn=proxyagent,ou=profile,dc=wikimedia,dc=org',
+        ldap_group   => 'cn=wmf,ou=groups,dc=wikimedia,dc=org',
+        auth_realm   => 'WMF Labs (use wiki login name not shell)',
+    }
 }
diff --git a/modules/kibana/files/config.js b/modules/kibana/files/config.js
new file mode 100644
index 0000000..762eb65
--- /dev/null
+++ b/modules/kibana/files/config.js
@@ -0,0 +1,66 @@
+/** @scratch /configuration/config.js/1
+ * == Configuration
+ * config.js is where you will find the core Kibana configuration. This file
+ * contains parameters that must be set before kibana is run for the first 
time.
+ */
+define(['settings'],
+function (Settings) {
+  "use strict";
+
+  /** @scratch /configuration/config.js/2
+   * === Parameters
+   */
+  return new Settings({
+
+    /** @scratch /configuration/config.js/5
+     * ==== elasticsearch
+     *
+     * Our apache config acts as a reverse proxy to the elasticsearch cluster.
+     */
+    elasticsearch: "//"+window.location.hostname,
+
+    /** @scratch /configuration/config.js/5
+     * ==== default_route
+     *
+     * This is the default landing page when you don't specify a dashboard to
+     * load. You can specify files, scripts or saved dashboards here. For
+     * example, if you had saved a dashboard called `WebLogs' to elasticsearch
+     * you might use:
+     *
+     * +default_route: '/dashboard/elasticsearch/WebLogs',+
+     */
+    default_route     : '/dashboard/file/default.json',
+
+    /** @scratch /configuration/config.js/5
+     * ==== kibana-int
+     *
+     * The default ES index to use for storing Kibana specific object
+     * such as stored dashboards
+     */
+    kibana_index: "kibana-int",
+
+    /** @scratch /configuration/config.js/5
+     * ==== panel_name
+     *
+     * An array of panel modules available. Panels will only be loaded when
+     * they are defined in the dashboard, but this list is used in the "add
+     * panel" interface.
+     */
+    panel_names: [
+      'histogram',
+      'map',
+      'pie',
+      'table',
+      'filtering',
+      'timepicker',
+      'text',
+      'hits',
+      'column',
+      'trends',
+      'bettermap',
+      'query',
+      'terms',
+      'sparklines'
+    ]
+  });
+});
diff --git a/modules/kibana/manifests/init.pp b/modules/kibana/manifests/init.pp
new file mode 100644
index 0000000..4daf250
--- /dev/null
+++ b/modules/kibana/manifests/init.pp
@@ -0,0 +1,89 @@
+# vim:sw=4 ts=4 sts=4 et:
+
+# = Class: kibana
+#
+# This class installs/configures/manages the Kibana application.
+#
+# == Parameters:
+# - $hostname: Hostname for apache vhost.
+# - $deploy_dir: Directory application is deployed to. Default
+#       '/srv/deployment/kibana/kibana'.
+# - $es_host: Elasticsearch server. Default '127.0.0.1'.
+# - $es_port: Elasticsearch server port. Default 9200.
+# - $ldap_authurl: Url for LDAP server
+# - $ldap_binddn: DN for binding to LDAP server
+# - $ldap_group: LDAP group to require for authenication
+# - $auth_realm: HTTP basic auth realm
+# - $serveradmin: Administrative contact email address
+#
+# == Sample usage:
+#
+#   class { 'kibana':
+#       hostname     => 'kibana.example.com',
+#       ldap_authurl => 
'ldaps://ldap.example.com/ou=people,dc=example,dc=com?cn',
+#       ldap_binddn  => 'cn=binduser,ou=people,dc=example,dc=com',
+#       ldap_group   => 'cn=kibana,ou=groups,dc=example,dc=com',
+#       auth_realm   => 'Kibana',
+#   }
+#
+class kibana(
+    $hostname     = undef,
+    $deploy_dir   = '/srv/deployment/kibana/kibana',
+    $es_host      = '127.0.0.1',
+    $es_port      = 9200,
+    $ldap_authurl = undef,
+    $ldap_binddn  = undef,
+    $ldap_group   = undef,
+    $auth_realm   = undef,
+    $serveradmin  = '[email protected]',
+) {
+
+    include ::apache
+    include ::passwords::ldap::production
+
+    $proxypass = $passwords::ldap::production::proxypass
+
+    # Trebuchet deployment
+    deployment::target { 'kibana': }
+
+    apache::mod { [
+        'authnz_ldap',
+        'proxy',
+        'proxy_http',
+        'alias',
+    ]: }
+
+    file { "/etc/apache2/sites-available/${hostname}":
+        ensure  => present,
+        mode    => '0444',
+        owner   => 'root',
+        group   => 'root',
+        content => template('kibana/apache.conf.erb');
+        require => Package['httpd'],
+    }
+
+    file { "/etc/apache2/sites-enabled/${hostname}":
+        ensure  => link,
+        target  => "/etc/apache2/sites-available/${hostname}",
+        require => File["/etc/apache2/sites-available/${hostname}"],
+        notify  => Service['httpd'],
+    }
+
+    file { '/etc/kibana':
+        ensure  => directory,
+        mode    => '0755',
+        owner   => 'root',
+        group   => 'root',
+    }
+
+    file { '/etc/kibana/config.js':
+        ensure  => present,
+        mode    => '0644',
+        owner   => 'root',
+        group   => 'root',
+        source  => 'puppet:///files/kibana/config.js',
+        require => File['/etc/kibana'],
+    }
+
+}
+# vim:sw=4 ts=4 sts=4 et:
diff --git a/modules/kibana/templates/apache.conf.erb 
b/modules/kibana/templates/apache.conf.erb
new file mode 100644
index 0000000..514d680
--- /dev/null
+++ b/modules/kibana/templates/apache.conf.erb
@@ -0,0 +1,64 @@
+# vim: sw=2 ts=2 sts=2 et ft=apache
+#####################################################################
+### THIS FILE IS MANAGED BY PUPPET
+### puppet:///modules/kibana/apache.conf
+#####################################################################
+
+<VirtualHost *:80>
+  ServerName <%= @hostname %>
+  ServerAdmin <%= @serveradmin %>
+
+  DocumentRoot <%= @deploy_dir %>/src
+
+  <Directory />
+    Options FollowSymLinks
+    AllowOverride None
+  </Directory>
+
+  <Directory /etc/kibana>
+    Order allow,deny
+    Allow from all
+  </Directory>
+
+  <Directory <%= @deploy_dir %>/src>
+    Options Indexes -Multiviews
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+  </Directory>
+
+  <Location />
+    Order allow,deny
+    Allow from all
+    Satisfy any
+
+    AuthName "<%= @auth_realm %>"
+    AuthType Basic
+    AuthBasicProvider ldap
+    AuthLDAPBindDN <%= @ldap_binddn %>
+    AuthLDAPBindPassword <%= @proxypass %>
+    AuthLDAPURL "<%= @ldap_authurl %>"
+    Require ldap-group <%= @ldap_group %>
+  </Location>
+
+  Alias /config.js /etc/kibana/config.js
+
+  ProxyRequests Off
+
+  <Proxy http://<%= @es_host %>:<%= @es_port %>>
+    ProxySet connectiontimeout=5 timeout=90
+  </Proxy>
+
+  # Proxy for _aliases and .*/_search
+  <LocationMatch 
"^/(_nodes|_aliases|_search|.*/_search|_mapping|.*/_mapping)$">
+    ProxyPassMatch http://<%= @es_host %>:<%= @es_port %>/$1
+    ProxyPassReverse http://<%= @es_host %>:<%= @es_port %>/$1
+  </LocationMatch>
+
+  # Proxy for kibana-int/{dashboard,temp} stuff
+  <LocationMatch "^/(kibana-int/dashboard/|kibana-int/temp)(.*)$">
+    ProxyPassMatch http://<%= @es_host %>:<%= @es_port %>/$1$2
+    ProxyPassReverse http://<%= @es_host %>:<%= @es_port %>/$1$2
+  </LocationMatch>
+
+</VirtualHost>

-- 
To view, visit https://gerrit.wikimedia.org/r/104172
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I56f921b6b6301c1676bf7911c6e78d4b3a00e1ce
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BryanDavis <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to