--- all_systems: vars: # General Ansible options for OSA ansible_become: yes ansible_become_user: "root" ansible_user: "root" physical_host: "{{ inventory_hostname }}" children: all_hosts: children: physical_hosts: children: hosts: {} all_metering: children: metering: children: metering_ui_targets: children: log_hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited. metering_infra_targets: children: log_hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited. systems: vars: ## HAProxy options haproxy_extra_services: - service: haproxy_service_name: skydive_analyzer haproxy_backend_nodes: "{{ groups['skydive_analyzers'] | default([]) }}" haproxy_bind: "{{ [internal_lb_vip_address] }}" haproxy_port: 8082 haproxy_balance_type: http haproxy_ssl: true haproxy_backend_options: - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - service: haproxy_service_name: traefik haproxy_backend_nodes: "{{ groups['skydive_analyzers'] | default([]) }}" haproxy_bind: "{{ [internal_lb_vip_address] }}" haproxy_port: 8090 haproxy_balance_type: http haproxy_ssl: true haproxy_backend_options: - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" haproxy_backend_httpcheck_options: - expect rstatus 200|401 - service: haproxy_service_name: elasticsearch haproxy_backend_nodes: "{{ groups['elastic-logstash'] | default([]) }}" haproxy_ssl: True haproxy_port: 9201 haproxy_backend_port: 9200 haproxy_balance_type: http haproxy_backend_options: - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" - service: haproxy_service_name: kibana_ssl haproxy_backend_nodes: "{{ groups['kibana'] | default([]) }}" haproxy_ssl: True haproxy_port: 8443 haproxy_backend_port: 81 haproxy_balance_type: tcp haproxy_backend_options: - tcpka - service: haproxy_service_name: apm-server haproxy_backend_nodes: "{{ groups['apm-server'] | default([]) }}" haproxy_ssl: True haproxy_port: 8200 haproxy_balance_type: tcp haproxy_backend_options: - tcpka - service: haproxy_service_name: kolide-fleet haproxy_backend_nodes: "{{ groups['kolide-fleet_all'] | default([]) }}" haproxy_ssl: True haproxy_port: 6443 haproxy_check_port: 443 haproxy_backend_port: 443 haproxy_balance_type: tcp haproxy_backend_options: - tcpka - service: haproxy_service_name: grafana haproxy_backend_nodes: "{{ groups['grafana_all'] | default([]) }}" haproxy_ssl: True haproxy_port: 3000 haproxy_balance_type: http haproxy_backend_options: - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck" children: traefik_all: children: traefik_build_nodes: vars: {} hosts: {} children: {} skydive_all: vars: skydive_elasticsearch_servers: "{{ groups['elastic-logstash_all'] | map('extract', hostvars, ['ansible_host']) | list | join(',') }}" skydive_bind_address: "{{ container_address | default(ansible_host) }}" children: skydive_build_nodes: hosts: {} vars: {} children: {} skydive_agents: children: physical_hosts: {} skydive_analyzers: children: metering_ui_targets: {} elk_all: vars: elastic_skydive_retention: 2 # Elastic retention set to 2 days max elastic_skydive_size: 51200 # Elastic retention set to 50GiB max children: elastic-logstash_all: children: elastic-logstash: children: metering_infra_targets: {} kibana_all: children: kibana: children: metering_ui_targets: {} beats_all: vars: elastic_retention_refresh: true auditbeat_service_state: "{{ (inventory_hostname in (groups['auditbeat'] | default([]))) | ternary('restarted', 'stopped') }}" filebeat_service_state: "{{ (inventory_hostname in (groups['filebeat'] | default([]))) | ternary('restarted', 'stopped') }}" heartbeat_service_state: "{{ (inventory_hostname in (groups['heartbeat'] | default([]))) | ternary('restarted', 'stopped') }}" journalbeat_service_state: "{{ (inventory_hostname in (groups['journalbeat'] | default([]))) | ternary('restarted', 'stopped') }}" metricbeat_service_state: "{{ (inventory_hostname in (groups['metricbeat'] | default([]))) | ternary('restarted', 'stopped') }}" packetbeat_service_state: "{{ (inventory_hostname in (groups['packetbeat'] | default([]))) | ternary('restarted', 'stopped') }}" children: auditbeat: children: physical_hosts: {} filebeat: children: physical_hosts: {} heartbeat: children: kibana_all: {} journalbeat: children: physical_hosts: {} metricbeat: children: physical_hosts: {} all_containers: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited. packetbeat: children: network_hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited. apm-server_all: children: apm-server: children: metering_ui_targets: {} fleet_all: children: kolide-db_all: children: kolide-db: children: metering_ui_targets: {} kolide-fleet_all: children: kolide-fleet: children: metering_ui_targets: {} osquery_all: children: osquery: children: physical_hosts: {} grafana_all: children: grafana: children: metering_ui_targets: {}