--- all_systems: vars: {} children: systems: vars: # General Ansible options for OSA ansible_become: yes ansible_become_user: "root" ansible_user: "root" ## Grafana options grafana_admin_password: "{{ haproxy_stats_password }}" ## Kolide options kolide_fleet_db_password: "{{ haproxy_stats_password }}" kolide_fleet_jwt_key: "{{ haproxy_stats_password }}" kolide_fleet_admin_password: "{{ haproxy_stats_password }}" galera_root_password: "{{ galera_root_password | default(haproxy_stats_password) }}" ## Skydive options skydive_password: "{{ haproxy_stats_password }}" skydive_elasticsearch_servers: "{{ groups['elastic-logstash'] | map('extract', hostvars, ['ansible_host']) | list | join(',') }}" skydive_bind_address: "{{ container_address | default(ansible_host) }}" ## Elastic-stack options elastic_skydive_retention: 2 # Elastic retention set to 2 days max elastic_skydive_size: 51200 # Elastic retention set to 50GiB max ## Beat options beat_service_states: true: state: restarted false: state: stopped elastic_retention_refresh: true auditbeat_service_state: "{{ beat_service_states[(inventory_hostname in (groups['hosts'] | default([])) | string | lower)]['state'] }}" filebeat_service_state: "{{ beat_service_states[(inventory_hostname in (groups['hosts'] | default([])) | string | lower)]['state'] }}" heartbeat_service_state: "{{ beat_service_states[(inventory_hostname in (groups['utility_all'] | default([])) | string | lower)]['state'] }}" journalbeat_service_state: "{{ beat_service_states[(inventory_hostname in (groups['hosts'] | default([])) | string | lower)]['state'] }}" metricbeat_service_state: "{{ beat_service_states[(inventory_hostname in (groups['hosts'] | default([])) | string | lower)]['state'] }}" packetbeat_service_state: "{{ beat_service_states[(inventory_hostname in (groups['network_hosts'] | default([])) | string | lower)]['state'] }}" ## HAProxy options haproxy_extra_services: - service: haproxy_service_name: skydive_analyzer haproxy_backend_nodes: "{{ groups['skydive_analyzers'] | default([]) }}" haproxy_bind: "{{ [internal_lb_vip_address] }}" haproxy_port: 8082 haproxy_balance_type: http haproxy_ssl: true haproxy_backend_options: - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - service: haproxy_service_name: traefik haproxy_backend_nodes: "{{ groups['skydive_analyzers'] | default([]) }}" haproxy_bind: "{{ [internal_lb_vip_address] }}" haproxy_port: 8090 haproxy_balance_type: http haproxy_ssl: true haproxy_backend_options: - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" haproxy_backend_httpcheck_options: - expect rstatus 200|401 - service: haproxy_service_name: elasticsearch haproxy_backend_nodes: "{{ groups['elastic-logstash'] | default([]) }}" haproxy_ssl: True haproxy_port: 9201 haproxy_backend_port: 9200 haproxy_balance_type: http haproxy_backend_options: - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - service: haproxy_service_name: kibana_ssl haproxy_backend_nodes: "{{ groups['kibana'] | default([]) }}" haproxy_ssl: True haproxy_port: 8443 haproxy_backend_port: 81 haproxy_balance_type: tcp haproxy_backend_options: - tcpka - service: haproxy_service_name: apm-server haproxy_backend_nodes: "{{ groups['apm-server'] | default([]) }}" haproxy_ssl: True haproxy_port: 8200 haproxy_balance_type: tcp haproxy_backend_options: - tcpka - service: haproxy_service_name: kolide-fleet haproxy_backend_nodes: "{{ groups['kolide-fleet_all'] | default([]) }}" haproxy_ssl: True haproxy_port: 6443 haproxy_check_port: 443 haproxy_backend_port: 443 haproxy_balance_type: tcp haproxy_backend_options: - tcpka - service: haproxy_service_name: grafana haproxy_backend_nodes: "{{ groups['grafana_all'] | default([]) }}" haproxy_ssl: True haproxy_port: 3000 haproxy_balance_type: http haproxy_backend_options: - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" children: traefik_all: children: traefik_build_nodes: {} skydive_all: children: skydive_build_nodes: {} skydive_agents: children: hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited. skydive_analyzers: children: utility_all: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited. elk_all: children: elastic-logstash_all: children: elastic-logstash: children: log_hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited. kibana_all: children: kibana: children: log_hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited. fleet_all: children: kolide-db_all: children: kolide-db: children: log_hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited. kolide-fleet_all: children: kolide-fleet: children: log_hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited. osquery_all: children: osquery: children: hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited. grafana_all: children: grafana: children: utility_all: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited.