EBernhardson has uploaded a new change for review. https://gerrit.wikimedia.org/r/296279
Change subject: Update kibana module for kibana 4 ...................................................................... Update kibana module for kibana 4 * Transition kibana from trebuchet deployment to deb * Proxy requests from apache to the node.js application. * Drop previous apache config focused around serving static files and proxying requests to elasticsearch. * default_route argument to kibana module changed to default_app_id to match new config file. * Status check now hits an html page, but it's proxied to the node.js app so probably reasonable. TODO: * Add kibana deb from elastic.co to apt.wikimedia.org * Does this properly uninstall kibana 3 package that was installed via trebuchet? Not sure. Test in beta cluster. * Test apache proxying for sanity. Caching headers look to be set appropriately by the nodejs app. Change-Id: I2a11a05be801c461caeb11228ea5f5b496d743a9 --- M manifests/role/kibana.pp M modules/kibana/manifests/init.pp D modules/kibana/templates/config.js A modules/kibana/templates/kibana.yml.erb M templates/kibana/apache.conf.erb 5 files changed, 22 insertions(+), 152 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/79/296279/1 diff --git a/manifests/role/kibana.pp b/manifests/role/kibana.pp index dd37a23..3015091 100644 --- a/manifests/role/kibana.pp +++ b/manifests/role/kibana.pp @@ -8,8 +8,6 @@ # - $vhost: Apache vhost name # - $serveradmin: Email address for contacting server administrator # - $auth_type: Vhost auth type. One of ldap, local, none -# - $es_host: Elasticsearch host to proxy to -# - $es_port: Elasticsearch port to proxy to # - $require_ssl: Require SSL connection to vhost? # - $auth_realm: HTTP basic auth realm description # - $auth_file: Path to htpasswd file for $auth_type == 'local' @@ -21,8 +19,6 @@ $vhost, $serveradmin, $auth_type, - $es_host = '127.0.0.1', - $es_port = 9200, $require_ssl = true, $auth_realm = undef, $auth_file = undef, @@ -36,9 +32,6 @@ include ::apache::mod::proxy include ::apache::mod::proxy_http include ::apache::mod::rewrite - - # Directory trebuchet puts Kibana files in - $deploy_dir = '/srv/deployment/kibana/kibana' if $auth_type == 'ldap' { include ::apache::mod::authnz_ldap @@ -58,7 +51,7 @@ $apache_auth = template("kibana/apache-auth-${auth_type}.erb") class { '::kibana': - default_route => '/dashboard/elasticsearch/default', + default_app_id => 'dashboard/default', } ferm::service { 'kibana_frontend': diff --git a/modules/kibana/manifests/init.pp b/modules/kibana/manifests/init.pp index 5c8f5d9..69eee2b 100644 --- a/modules/kibana/manifests/init.pp +++ b/modules/kibana/manifests/init.pp @@ -10,28 +10,27 @@ # == Sample usage: # # class { 'kibana': -# default_route => '/dashboard/elasticsearch/default', +# default_app_id => 'dashboard/default', # } # class kibana ( - $default_route = '/dashboard/file/default.json' + $default_app_id = 'dashboard/default' ) { - package { 'kibana': - provider => 'trebuchet', - } + require_package('kibana') - file { '/etc/kibana': - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', - } - - file { '/etc/kibana/config.js': - ensure => present, - content => template('kibana/config.js'), + # kibana 4 + file { '/opt/kibana/config/kibana.yml': + ensure => file, owner => 'root', group => 'root', - mode => '0644', + content => template('kibana/kibana.yml.erb') + mode => '0444', + require => Package['kibana'], } + + # kibana 3 + file { '/etc/kibana': + ensure => absent, + } + } diff --git a/modules/kibana/templates/config.js b/modules/kibana/templates/config.js deleted file mode 100644 index 1e702fd..0000000 --- a/modules/kibana/templates/config.js +++ /dev/null @@ -1,67 +0,0 @@ -/** @scratch /configuration/config.js/1 - * == Configuration - * config.js is where you will find the core Kibana configuration. This file - * contains parameters that must be set before kibana is run for the first time. - */ -define(['settings'], -function (Settings) { - "use strict"; - - /** @scratch /configuration/config.js/2 - * === Parameters - */ - return new Settings({ - - /** @scratch /configuration/config.js/5 - * ==== elasticsearch - * - * Our apache config acts as a reverse proxy to the elasticsearch cluster. - */ - elasticsearch: '//' + window.location.hostname, - - /** @scratch /configuration/config.js/5 - * ==== default_route - * - * This is the default landing page when you don't specify a dashboard to - * load. You can specify files, scripts or saved dashboards here. For - * example, if you had saved a dashboard called `WebLogs' to elasticsearch - * you might use: - * - * +default_route: '/dashboard/elasticsearch/WebLogs',+ - */ - default_route : <%= @default_route.to_pson %>, - - /** @scratch /configuration/config.js/5 - * ==== kibana-int - * - * The default ES index to use for storing Kibana specific object - * such as stored dashboards - */ - kibana_index: "kibana-int", - - /** @scratch /configuration/config.js/5 - * ==== panel_name - * - * An array of panel modules available. Panels will only be loaded when - * they are defined in the dashboard, but this list is used in the "add - * panel" interface. - */ - panel_names: [ - 'histogram', - 'map', - 'pie', - 'table', - 'filtering', - 'timepicker', - 'text', - 'hits', - 'column', - 'trends', - 'bettermap', - 'query', - 'terms', - 'stats', - 'sparklines' - ] - }); -}); diff --git a/modules/kibana/templates/kibana.yml.erb b/modules/kibana/templates/kibana.yml.erb new file mode 100644 index 0000000..cf53ae8 --- /dev/null +++ b/modules/kibana/templates/kibana.yml.erb @@ -0,0 +1 @@ +kibana.defaultAppId: "<%= @default_app_id %>" diff --git a/templates/kibana/apache.conf.erb b/templates/kibana/apache.conf.erb index 6711a6a..1aab008 100644 --- a/templates/kibana/apache.conf.erb +++ b/templates/kibana/apache.conf.erb @@ -8,7 +8,7 @@ ServerName <%= @vhost %> ServerAdmin <%= @serveradmin %> - DocumentRoot <%= @deploy_dir %>/src + DocumentRoot /dev/null RewriteEngine on <%- if @require_ssl -%> @@ -30,79 +30,23 @@ </IfVersion> </Directory> - <Directory /etc/kibana> - <IfVersion >= 2.4> - Require all granted - </IfVersion> - <IfVersion < 2.4> - Order Allow,Deny - Allow from all - </IfVersion> - </Directory> - - <Directory <%= @deploy_dir %>/src> - <IfVersion >= 2.4> - Require all granted - </IfVersion> - <IfVersion < 2.4> - Order Allow,Deny - Allow from all - </IfVersion> - </Directory> - <Location /> <%= @apache_auth -%> </Location> - Alias /config.js /etc/kibana/config.js - ProxyRequests Off - <Proxy http://<%= @es_host %>:<%= @es_port %>> + <Proxy http://localhost:5601> ProxySet connectiontimeout=5 timeout=90 retry=0 </Proxy> # Tell caches that we are using http authentication Header set Vary Authorization - # Allow caching of static content for 1 hour - # We will override this below for dynamic content - Header set Cache-Control "public, must-revalidate, max-age=3600" - - # Elasticsearch searches - <LocationMatch "^/(_search|.*/_search)$"> - ProxyPassMatch http://<%= @es_host %>:<%= @es_port %>/$1 - ProxyPassReverse http://<%= @es_host %>:<%= @es_port %>/$1 - # Disallow caching of search results - Header set Cache-Control "private, must-revalidate, max-age=0" - Header set Expires "Thu, 01 Jan 1970 00:00:00 GMT" - </LocationMatch> - - # Elasticsearch meta-data requests - <LocationMatch "^/(_nodes|_aliases|.*/_aliases|_mapping|.*/_mapping)$"> - ProxyPassMatch http://<%= @es_host %>:<%= @es_port %>/$1 - ProxyPassReverse http://<%= @es_host %>:<%= @es_port %>/$1 - # Allow caching for 1 minute - Header set Cache-Control "public, must-revalidate, max-age=60" - </LocationMatch> - - # Storage/retrieval of saved dashboards via elasticsearch - <LocationMatch "^/(kibana-int/dashboard/|kibana-int/temp)(.*)$"> - ProxyPassMatch http://<%= @es_host %>:<%= @es_port %>/$1$2 - ProxyPassReverse http://<%= @es_host %>:<%= @es_port %>/$1$2 - # Allow caching for 5 minutes - Header set Cache-Control "public, must-revalidate, max-age=900" - </LocationMatch> - - # Expose the cluster status for internal health checks - RewriteRule ^/status$ http://<%= @es_host %>:<%= @es_port %>/ [P] + # Expose the status api without authenticating + # Due to varnish frontend, all requests are seen by Apache as being internal + # so using IP ranges is not any more restrictive than "all" <Location /status> - # Disallow caching of status checks - Header set Cache-Control "private, must-revalidate, max-age=0" - Header set Expires "Thu, 01 Jan 1970 00:00:00 GMT" - # Allow access this URI without authenticating - # Due to varnish frontend, all reqests are seen by Apache as being internal - # so using IP ranges is not any more restrictive than "all". <IfVersion >= 2.4> Require all granted </IfVersion> -- To view, visit https://gerrit.wikimedia.org/r/296279 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I2a11a05be801c461caeb11228ea5f5b496d743a9 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: EBernhardson <ebernhard...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits