--- - name: Kibana x509 certificate management block: - name: Create the acme hooks directory if it does not yet exist file: dest={{ letsencrypt_acme_sh_services_scripts_dir }} state=directory owner=root group=root - name: Create the kibana pki subdir file: dest={{ pki_dir }}/kibana state=directory owner=root group=kibana mode=0750 - name: Check if the global certificate private key exists stat: path={{ letsencrypt_acme_certs_dir }}/privkey register: kibana_privkey - name: Check if the kibana certificate private key exists under the pki directory stat: path={{ pki_dir }}/kibana/privkey register: kibana_pki_privkey - name: Copy the private key into the expected place if it is not already there copy: src={{ letsencrypt_acme_certs_dir }}/privkey dest={{ pki_dir }}/kibana/privkey remote_src=yes owner=root group=kibana mode=0440 when: - kibana_privkey.stat.exists - not kibana_pki_privkey.stat.exists - name: Install the kibana hook for letsencrypt template: src=kibana-letsencrypt-hook.sh.j2 dest=/usr/lib/acme/hooks/kibana owner=root group=root mode=0550 when: - elasticsearch_kibana_ssl_enabled | bool - letsencrypt_acme_install is defined and letsencrypt_acme_install | bool tags: [ 'ELK', 'elasticsearch', 'elk', 'kibana' ] - name: Kibana installation block: - name: Install the Kibana packages apt: name='{{ elasticsearch_kibana_packages }}' state={{ elasticsearch_package_state }} update_cache=yes cache_valid_time=1800 - name: Install the kibana systemd configuration to manage the rundir directory template: src=kibana_rundir.conf.j2 dest=/usr/lib/tmpfiles.d/kibana.conf owner=root group=root mode=0644 register: reconfigure_systemd - name: Reload the systemd configuration systemd: daemon_reload=yes - name: Install the Kibana configuration template: src=kibana.yml.j2 dest=/etc/kibana/kibana.yml owner=root group=kibana mode=0640 register: kibana_configuration notify: Restart kibana tags: [ 'ELK', 'elasticsearch', 'elk', 'kibana', 'kibana_conf' ] tags: [ 'ELK', 'elasticsearch', 'elk', 'kibana' ]