diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/filebeat/README.md | 3 | ||||
| -rw-r--r-- | roles/filebeat/handlers/main.yml | 6 | ||||
| -rw-r--r-- | roles/filebeat/tasks/main.yml | 57 | ||||
| -rw-r--r-- | roles/filebeat/templates/filebeat.yml.j2 | 97 | ||||
| -rw-r--r-- | roles/filebeat/vars/main/vars.yml | 7 | ||||
| -rw-r--r-- | roles/filebeat/vars/main/vault.yml | 8 |
6 files changed, 178 insertions, 0 deletions
diff --git a/roles/filebeat/README.md b/roles/filebeat/README.md new file mode 100644 index 0000000..7b65e9a --- /dev/null +++ b/roles/filebeat/README.md @@ -0,0 +1,3 @@ +# Role "filebeat" + +The filebeat role installs and configures the filebeat agent, used to ship logs to Elasticsearch. diff --git a/roles/filebeat/handlers/main.yml b/roles/filebeat/handlers/main.yml new file mode 100644 index 0000000..5580f47 --- /dev/null +++ b/roles/filebeat/handlers/main.yml @@ -0,0 +1,6 @@ +- name: restart filebeat + service: + state: restarted + name: filebeat + tags: + - role::filebeat diff --git a/roles/filebeat/tasks/main.yml b/roles/filebeat/tasks/main.yml new file mode 100644 index 0000000..ba3f8e9 --- /dev/null +++ b/roles/filebeat/tasks/main.yml @@ -0,0 +1,57 @@ +--- +- name: Install GPG + package: + name: gpg + state: present + tags: + - role::filebeat + +- name: Install Elasticsearch signing key + shell: >- + wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | + gpg --yes --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg + args: + creates: /usr/share/keyrings/elasticsearch-keyring.gpg + tags: + - role::filebeat + +- name: Add Elasticsearch repository to apt + copy: + content: >- + deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] + https://artifacts.elastic.co/packages/8.x/apt stable main + dest: /etc/apt/sources.list.d/elastic-8.x.list + owner: root + group: root + mode: 0644 + tags: + - role::filebeat + register: add_filebeat_repo + +- name: Install Filebeat + apt: + pkg: filebeat + state: present + update_cache: "{{ add_filebeat_repo.changed }}" + tags: + - role::filebeat + +- name: Configure Filebeat + template: + src: filebeat.yml.j2 + dest: /etc/filebeat/filebeat.yml + mode: 0644 + owner: root + group: root + tags: + - role::filebeat + notify: + - restart filebeat + +- name: Start and enable Filebeat + service: + name: filebeat + state: started + enabled: true + tags: + - role::filebeat diff --git a/roles/filebeat/templates/filebeat.yml.j2 b/roles/filebeat/templates/filebeat.yml.j2 new file mode 100644 index 0000000..c2b48f7 --- /dev/null +++ b/roles/filebeat/templates/filebeat.yml.j2 @@ -0,0 +1,97 @@ +# For more available modules and options, please see the filebeat.reference.yml sample +# configuration file. + +# ============================== Filebeat inputs =============================== + +filebeat.inputs: + +# Each - is an input. Most options can be set at the input level, so +# you can use different inputs for various configurations. +# Below are the input specific configurations. + +# filestream is an input for collecting log messages from files. +- type: filestream + + # Change to true to enable this input configuration. + enabled: false + + # Paths that should be crawled and fetched. Glob based paths. + paths: + - /var/log/*.log + + # Exclude lines. A list of regular expressions to match. It drops the lines that are + # matching any regular expression from the list. + #exclude_lines: ['^DBG'] + + # Include lines. A list of regular expressions to match. It exports the lines that are + # matching any regular expression from the list. + #include_lines: ['^ERR', '^WARN'] + + # Exclude files. A list of regular expressions to match. Filebeat drops the files that + # are matching any regular expression from the list. By default, no files are dropped. + #prospector.scanner.exclude_files: ['.gz$'] + + # Optional additional fields. These fields can be freely picked + # to add additional information to the crawled log files for filtering + #fields: + # level: debug + # review: 1 + +# ============================== Filebeat modules ============================== + +filebeat.config.modules: + # Glob pattern for configuration loading + path: ${path.config}/modules.d/*.yml + + # Set to true to enable config reloading + reload.enabled: false + + # Period on which files under path should be checked for changes + #reload.period: 10s + +filebeat.modules: +{% if "nginx" in group_names %} +- module: nginx + access: + enabled: {{ 'nginx' in group_names }} + error: + enabled: {} +{% endif %} +{% if inventory_hostname == "lovelace" %} +- module: postgresql + log: + enabled: {{ inventory_hostname == "lovelace" }} +{% endif %} +- module: system + auth: + + + +# ======================= Elasticsearch template setting ======================= + +setup.template.settings: + index.number_of_shards: 1 + +# ================================== Outputs =================================== + +# Configure what output to use when sending the data collected by the beat. + +# ---------------------------- Elasticsearch Output ---------------------------- +output.elasticsearch: + # Array of hosts to connect to. + hosts: ["{{ filebeat_elasticsearch_host }}"] + + protocol: "https" + username: "{{ filebeat_elastic_username }}" + password: "{{ filebeat_elastic_password}}" + + ssl: + enabled: true + ca_trusted_fingerprint: "{{ filebeat_elastic_fingerprint }}" + +processors: + - add_host_metadata: + when.not.contains.tags: forwarded + - add_cloud_metadata: ~ + - add_docker_metadata: ~ + - add_kubernetes_metadata: ~ diff --git a/roles/filebeat/vars/main/vars.yml b/roles/filebeat/vars/main/vars.yml new file mode 100644 index 0000000..ec23785 --- /dev/null +++ b/roles/filebeat/vars/main/vars.yml @@ -0,0 +1,7 @@ +filebeat_kibana_host: "http://10.5.0.0:5601" +filebeat_elasticsearch_host: "10.5.0.0:9200" + +filebeat_elastic_username: "pydis" +filebeat_elastic_password: "{{ encrypted_filebeat_elastic_password }}" +filebeat_elastic_fingerprint: >- + e75cfe8591cb5d30ce31f9a094053f4e0090ebd057a120ac9dcbbf5754fb5a73 diff --git a/roles/filebeat/vars/main/vault.yml b/roles/filebeat/vars/main/vault.yml new file mode 100644 index 0000000..b2eca18 --- /dev/null +++ b/roles/filebeat/vars/main/vault.yml @@ -0,0 +1,8 @@ +$ANSIBLE_VAULT;1.1;AES256 +62373038653236313435346433326232383433306265326437303133636536393163373333666432 +3136356638363739653737326363663361653834633038350a356334313264653932333935386665 +39383738393839623937616231633430633465366537363032323133636133653963383036616234 +3433643532393937360a343938643730376330396537343133616462363339643066393631623137 +64616336666638623030343065633965306531303933646232383334333162336438643433623462 +31613039323033333063323736323262326638333765663930633532363531323462396264383966 +306636386335386565636633316235653332 |