EBernhardson has uploaded a new change for review.
https://gerrit.wikimedia.org/r/296279
Change subject: Update kibana module for kibana 4
......................................................................
Update kibana module for kibana 4
* Transition kibana from trebuchet deployment to deb
* Proxy requests from apache to the node.js application.
* Drop previous apache config focused around serving static files and
proxying requests to elasticsearch.
* default_route argument to kibana module changed to default_app_id to
match new config file.
* Status check now hits an html page, but it's proxied to the node.js
app so probably reasonable.
TODO:
* Add kibana deb from elastic.co to apt.wikimedia.org
* Does this properly uninstall kibana 3 package that was installed via
trebuchet? Not sure. Test in beta cluster.
* Test apache proxying for sanity. Caching headers look to be set
appropriately by the nodejs app.
Change-Id: I2a11a05be801c461caeb11228ea5f5b496d743a9
---
M manifests/role/kibana.pp
M modules/kibana/manifests/init.pp
D modules/kibana/templates/config.js
A modules/kibana/templates/kibana.yml.erb
M templates/kibana/apache.conf.erb
5 files changed, 22 insertions(+), 152 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/79/296279/1
diff --git a/manifests/role/kibana.pp b/manifests/role/kibana.pp
index dd37a23..3015091 100644
--- a/manifests/role/kibana.pp
+++ b/manifests/role/kibana.pp
@@ -8,8 +8,6 @@
# - $vhost: Apache vhost name
# - $serveradmin: Email address for contacting server administrator
# - $auth_type: Vhost auth type. One of ldap, local, none
-# - $es_host: Elasticsearch host to proxy to
-# - $es_port: Elasticsearch port to proxy to
# - $require_ssl: Require SSL connection to vhost?
# - $auth_realm: HTTP basic auth realm description
# - $auth_file: Path to htpasswd file for $auth_type == 'local'
@@ -21,8 +19,6 @@
$vhost,
$serveradmin,
$auth_type,
- $es_host = '127.0.0.1',
- $es_port = 9200,
$require_ssl = true,
$auth_realm = undef,
$auth_file = undef,
@@ -36,9 +32,6 @@
include ::apache::mod::proxy
include ::apache::mod::proxy_http
include ::apache::mod::rewrite
-
- # Directory trebuchet puts Kibana files in
- $deploy_dir = '/srv/deployment/kibana/kibana'
if $auth_type == 'ldap' {
include ::apache::mod::authnz_ldap
@@ -58,7 +51,7 @@
$apache_auth = template("kibana/apache-auth-${auth_type}.erb")
class { '::kibana':
- default_route => '/dashboard/elasticsearch/default',
+ default_app_id => 'dashboard/default',
}
ferm::service { 'kibana_frontend':
diff --git a/modules/kibana/manifests/init.pp b/modules/kibana/manifests/init.pp
index 5c8f5d9..69eee2b 100644
--- a/modules/kibana/manifests/init.pp
+++ b/modules/kibana/manifests/init.pp
@@ -10,28 +10,27 @@
# == Sample usage:
#
# class { 'kibana':
-# default_route => '/dashboard/elasticsearch/default',
+# default_app_id => 'dashboard/default',
# }
#
class kibana (
- $default_route = '/dashboard/file/default.json'
+ $default_app_id = 'dashboard/default'
) {
- package { 'kibana':
- provider => 'trebuchet',
- }
+ require_package('kibana')
- file { '/etc/kibana':
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0755',
- }
-
- file { '/etc/kibana/config.js':
- ensure => present,
- content => template('kibana/config.js'),
+ # kibana 4
+ file { '/opt/kibana/config/kibana.yml':
+ ensure => file,
owner => 'root',
group => 'root',
- mode => '0644',
+ content => template('kibana/kibana.yml.erb')
+ mode => '0444',
+ require => Package['kibana'],
}
+
+ # kibana 3
+ file { '/etc/kibana':
+ ensure => absent,
+ }
+
}
diff --git a/modules/kibana/templates/config.js
b/modules/kibana/templates/config.js
deleted file mode 100644
index 1e702fd..0000000
--- a/modules/kibana/templates/config.js
+++ /dev/null
@@ -1,67 +0,0 @@
-/** @scratch /configuration/config.js/1
- * == Configuration
- * config.js is where you will find the core Kibana configuration. This file
- * contains parameters that must be set before kibana is run for the first
time.
- */
-define(['settings'],
-function (Settings) {
- "use strict";
-
- /** @scratch /configuration/config.js/2
- * === Parameters
- */
- return new Settings({
-
- /** @scratch /configuration/config.js/5
- * ==== elasticsearch
- *
- * Our apache config acts as a reverse proxy to the elasticsearch cluster.
- */
- elasticsearch: '//' + window.location.hostname,
-
- /** @scratch /configuration/config.js/5
- * ==== default_route
- *
- * This is the default landing page when you don't specify a dashboard to
- * load. You can specify files, scripts or saved dashboards here. For
- * example, if you had saved a dashboard called `WebLogs' to elasticsearch
- * you might use:
- *
- * +default_route: '/dashboard/elasticsearch/WebLogs',+
- */
- default_route : <%= @default_route.to_pson %>,
-
- /** @scratch /configuration/config.js/5
- * ==== kibana-int
- *
- * The default ES index to use for storing Kibana specific object
- * such as stored dashboards
- */
- kibana_index: "kibana-int",
-
- /** @scratch /configuration/config.js/5
- * ==== panel_name
- *
- * An array of panel modules available. Panels will only be loaded when
- * they are defined in the dashboard, but this list is used in the "add
- * panel" interface.
- */
- panel_names: [
- 'histogram',
- 'map',
- 'pie',
- 'table',
- 'filtering',
- 'timepicker',
- 'text',
- 'hits',
- 'column',
- 'trends',
- 'bettermap',
- 'query',
- 'terms',
- 'stats',
- 'sparklines'
- ]
- });
-});
diff --git a/modules/kibana/templates/kibana.yml.erb
b/modules/kibana/templates/kibana.yml.erb
new file mode 100644
index 0000000..cf53ae8
--- /dev/null
+++ b/modules/kibana/templates/kibana.yml.erb
@@ -0,0 +1 @@
+kibana.defaultAppId: "<%= @default_app_id %>"
diff --git a/templates/kibana/apache.conf.erb b/templates/kibana/apache.conf.erb
index 6711a6a..1aab008 100644
--- a/templates/kibana/apache.conf.erb
+++ b/templates/kibana/apache.conf.erb
@@ -8,7 +8,7 @@
ServerName <%= @vhost %>
ServerAdmin <%= @serveradmin %>
- DocumentRoot <%= @deploy_dir %>/src
+ DocumentRoot /dev/null
RewriteEngine on
<%- if @require_ssl -%>
@@ -30,79 +30,23 @@
</IfVersion>
</Directory>
- <Directory /etc/kibana>
- <IfVersion >= 2.4>
- Require all granted
- </IfVersion>
- <IfVersion < 2.4>
- Order Allow,Deny
- Allow from all
- </IfVersion>
- </Directory>
-
- <Directory <%= @deploy_dir %>/src>
- <IfVersion >= 2.4>
- Require all granted
- </IfVersion>
- <IfVersion < 2.4>
- Order Allow,Deny
- Allow from all
- </IfVersion>
- </Directory>
-
<Location />
<%= @apache_auth -%>
</Location>
- Alias /config.js /etc/kibana/config.js
-
ProxyRequests Off
- <Proxy http://<%= @es_host %>:<%= @es_port %>>
+ <Proxy http://localhost:5601>
ProxySet connectiontimeout=5 timeout=90 retry=0
</Proxy>
# Tell caches that we are using http authentication
Header set Vary Authorization
- # Allow caching of static content for 1 hour
- # We will override this below for dynamic content
- Header set Cache-Control "public, must-revalidate, max-age=3600"
-
- # Elasticsearch searches
- <LocationMatch "^/(_search|.*/_search)$">
- ProxyPassMatch http://<%= @es_host %>:<%= @es_port %>/$1
- ProxyPassReverse http://<%= @es_host %>:<%= @es_port %>/$1
- # Disallow caching of search results
- Header set Cache-Control "private, must-revalidate, max-age=0"
- Header set Expires "Thu, 01 Jan 1970 00:00:00 GMT"
- </LocationMatch>
-
- # Elasticsearch meta-data requests
- <LocationMatch "^/(_nodes|_aliases|.*/_aliases|_mapping|.*/_mapping)$">
- ProxyPassMatch http://<%= @es_host %>:<%= @es_port %>/$1
- ProxyPassReverse http://<%= @es_host %>:<%= @es_port %>/$1
- # Allow caching for 1 minute
- Header set Cache-Control "public, must-revalidate, max-age=60"
- </LocationMatch>
-
- # Storage/retrieval of saved dashboards via elasticsearch
- <LocationMatch "^/(kibana-int/dashboard/|kibana-int/temp)(.*)$">
- ProxyPassMatch http://<%= @es_host %>:<%= @es_port %>/$1$2
- ProxyPassReverse http://<%= @es_host %>:<%= @es_port %>/$1$2
- # Allow caching for 5 minutes
- Header set Cache-Control "public, must-revalidate, max-age=900"
- </LocationMatch>
-
- # Expose the cluster status for internal health checks
- RewriteRule ^/status$ http://<%= @es_host %>:<%= @es_port %>/ [P]
+ # Expose the status api without authenticating
+ # Due to varnish frontend, all requests are seen by Apache as being internal
+ # so using IP ranges is not any more restrictive than "all"
<Location /status>
- # Disallow caching of status checks
- Header set Cache-Control "private, must-revalidate, max-age=0"
- Header set Expires "Thu, 01 Jan 1970 00:00:00 GMT"
- # Allow access this URI without authenticating
- # Due to varnish frontend, all reqests are seen by Apache as being internal
- # so using IP ranges is not any more restrictive than "all".
<IfVersion >= 2.4>
Require all granted
</IfVersion>
--
To view, visit https://gerrit.wikimedia.org/r/296279
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2a11a05be801c461caeb11228ea5f5b496d743a9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: EBernhardson <ebernhard...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
