This is an Ansible role for a reasonably secure installation of Marvel. Marvel sits on top of ElasticSearch and nginx is used to provide a virtual server.
You might also want to look at
- an Ansible role for nginx
- an Ansible role for ElasticSearch
- an Ansible role for Kibana
Creats a virtual host for nginx that forwards requests back to Marvel AND ElasticSearch, making it so that you don't need to give full access to port 9200 on your ElasticSearch cluster to the same browser that is using Marvel. Authentication is handled via an nginx firewall.
Also creates a logstash input file for Marvel's logs. Disable this by
setting marvel_use_logstash
to false
.
Assumes you have already installed nginx, ElasticSearch and that you have a backend in your nginx configuration like this
upstream elasticsearch {
server localhost:9200;
...
}
and a firewall and proxy rules defined already for nginx
(marvel_firewall_rules
and marvel_proxy_params
).
Creates the files:
/etc/nginx/sites-available/marvel.conf
-- nginx virtual host for marvel/var/log/marvel
-- log directory/etc/logstash/conf.d/marvel.conf
-- inputs for logstash
Creates an nginx
virtual host.
Use the role in a playbook like this:
- hosts: all
roles:
- marvel
The following variables are exposed for configuration:
marvel_user
-- Marvel user (default: www-data)marvel_group
-- Marvel group (default: www-data)marvel_fqdn
-- Host nginx virtual server will listen for (e.g. - marvel.example.com)marvel_elasticsearch_url
-- full URL for nginx virtual server (e.g. - https://marvel.example.com)marvel_firewall_rules
-- path to nginx firewall configurationmarvel_proxy_params
-- path to nginx proxy paramsmarvel_kibana_index
-- name of ElasticSearch index used by Marvel for Kibana (default: .marvel-int)marvel_use_logstash
-- set tofalse
to skip logstash configuration
Ensure that marvel_elasticsearch_url
and marvel_fqdn
match. It is
not necessary to directly connect the end-user's browser to port
9200 on the ElasticSearch cluster. The point of the nginx virtual
server created by this role is to obviate that. The nginx virtual
server will proxy traffic for both Marvel and ElasticSearch.