Refactor Filebeat configuration file

- Avoid checking item by item, we always enable modules and prospectors, with an option to disable with opt-in - Updated MySQL and Apache modules to point to right path - Improved and clean-up tagging - All the prospectors are managed using a variable Change-Id: I2a091669d6a77fd2c89a073cf9071292793e2f6b
2018-09-27 14:54:51 -04:00 · 2018-09-27 14:54:51 -04:00 · aa647953e0
commit aa647953e0
parent db6533481a
3 changed files with 304 additions and 1076 deletions
--- a/elk_metrics_6x/roles/elastic_filebeat/defaults/main.yml
+++ b/elk_metrics_6x/roles/elastic_filebeat/defaults/main.yml
@ -14,3 +14,271 @@
 # limitations under the License.

 filebeat_service_state: restarted
+filebeat_oslo_log_multiline_config:
+  pattern: '^[0-9-]{10} +[0-9:\.]+ +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
+  negate: true
+  match: after
+filebeat_prospectors:
+  - type: log
+    enabled: "{{ filebeat_repo_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*repo_container*/apt-cacher-ng/apt-cacher.*
+      - /openstack/log/*repo_container*/pypiserver/*.log
+      - /openstack/log/*repo_container*/rsyncd.log
+    tags:
+      - infrastructure
+      - repo-server
+  - type: log
+    enabled: "{{ filebeat_haproxy_enabled | default(true) }}"
+    paths:
+      - /var/log/haproxy/*.log
+    tags:
+      - infrastructure
+      - haproxy
+  - type: log
+    enabled: "{{ filebeat_rabbitmq_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*rabbit*/rabbitmq/*.log
+      - /openstack/log/*rabbit*/rabbitmq/log/*.log
+      - /var/log/rabbitmq/*.log
+      - /var/log/rabbitmq/log/*.log
+    multiline:
+      pattern: '^='
+      negate: true
+      match: after
+    tags:
+      - infrastructure
+      - rabbitmq
+  - type: log
+    enabled: "{{ filebeat_ceph_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*ceph*/ceph/ceph-mon.*.log
+      - /var/log/ceph/ceph-mon.*.log
+    tags:
+      - infrastructure
+      - ceph
+      - ceph-mon
+  - type: log
+    enabled: "{{ filebeat_ceph_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*ceph*/ceph/ceph-mgr.*.log
+      - /var/log/ceph/ceph-mgr.*.log
+    tags:
+      - infrastructure
+      - ceph
+      - ceph-mgr
+  - type: log
+    enabled: "{{ filebeat_ceph_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*ceph*/ceph/ceph-osd.*.log
+      - /var/log/ceph-osd.*.log
+    tags:
+      - infrastructure
+      - ceph
+      - ceph-osd
+  - type: log
+    enabled: "{{ filebeat_keystone_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*keystone*/keystone/keystone.log
+      - /var/log/keystone/keystone.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - keystone
+  # NOTE(mnaser): Barbican ships to Journal
+  - type: log
+    enabled: "{{ filebeat_glance_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*glance*/glance/*.log
+      - /var/log/glance/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - glance
+  # NOTE(mnaser): Cinder ships to journal
+  - type: log
+    enabled: "{{ filebeat_nova_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*nova*/nova/*.log
+      - /var/log/nova/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - nova
+  - type: log
+    enabled: "{{ filebeat_neutron_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*neutron*/neutron/*.log
+      - /var/log/neutron/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - neutron
+  - type: log
+    enabled: "{{ filebeat_heat_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*heat*/heat/*.log
+      - /var/log/heat/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - heat
+  - type: log
+    enabled: "{{ filebeat_designate_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*designate*/designate/*.log
+      - /var/log/designate/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - designate
+  - type: log
+    enabled: "{{ filebeat_swift_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*swift*/account*.log
+      - /var/log/swift/account*.log
+    multiline:
+      pattern: '^[A-Za-z]+[[:space:]]* +[0-9]{1,2} +[0-9:\.]+ +[A-Za-z0-9-]+ container-replicator: +[A-Za-z0-9-\ ]+'
+      negate: false
+      match: after
+    tags:
+      - openstack
+      - swift
+      - swift-account
+  - type: log
+    enabled: "{{ filebeat_swift_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*swift*/container*.log
+      - /var/log/swift/container*.log
+    multiline:
+      pattern: '^[A-Za-z]+[[:space:]]* +[0-9]{1,2} +[0-9:\.]+ +[A-Za-z0-9-]+ account-replicator: +[A-Za-z0-9-\ ]+'
+      negate: false
+      match: after
+    tags:
+      - openstack
+      - swift
+      - swift-container
+  - type: log
+    enabled: "{{ filebeat_swift_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*swift*/object*.log
+      - /var/log/swift/object*.log
+    multiline:
+      pattern: '^[A-Za-z]+[[:space:]]* +[0-9]{1,2} +[0-9:\.]+ +[A-Za-z0-9-]+ object-replicator: +[A-Za-z0-9-\ ]+'
+      negate: false
+      match: after
+    tags:
+      - openstack
+      - swift
+      - swift-object
+  - type: log
+    enabled: "{{ filebeat_swift_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*swift*/proxy*.log
+      - /var/log/swift/proxy*.log
+    tags:
+      - openstack
+      - swift
+      - swift-proxy
+  - type: log
+    enabled: "{{ filebeat_gnocchi_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*gnocchi*/gnocchi/*.log
+      - /var/log/gnocchi/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - gnocchi
+  - type: log
+    enabled: "{{ filebeat_ceilometer_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*ceilometer*/ceilometer/*.log
+      - /var/log/ceilometer/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - ceilometer
+  - type: log
+    enabled: "{{ filebeat_aodh_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*aodh*/aodh/*.log
+      - /var/log/aodh/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - aodh
+  - type: log
+    enabled: "{{ filebeat_ironic_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*ironic*/ironic/*.log
+      - /var/log/ironic/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - ironic
+  - type: log
+    enabled: "{{ filebeat_magnum_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*magnum*/magnum/*.log
+      - /var/log/magnum/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - magnum
+  - type: log
+    enabled: "{{ filebeat_trove_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*trove*/trove/*.log
+      - /var/log/trove/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - trove
+  - type: log
+    enabled: "{{ filebeat_sahara_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*sahara*/sahara/*.log
+      - /var/log/sahara/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - sahara
+  - type: log
+    enabled: "{{ filebeat_octavia_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*octavia*/octavia/*.log
+      - /var/log/octavia/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - octavia
+  - type: log
+    enabled: "{{ filebeat_tacker_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*tacker*/tacker/*.log
+      - /var/log/tacker/*.log
+    multiline: "{{ filebeat_oslo_log_multiline_config }}"
+    tags:
+      - openstack
+      - tacker
+  - type: log
+    enabled: "{{ filebeat_system_enabled | default(true) }}"
+    paths:
+      - /openstack/log/ansible-logging/*.log
+      - /var/log/*.log
+      - /var/log/libvirt/*.log
+      - /var/log/libvirt/*/*.log
+      - /var/log/lxc/*.log
+    tags:
+      - system
+  - type: log
+    enabled: "{{ filebeat_logging_enabled | default(true) }}"
+    paths:
+      - /openstack/log/*/beats/*.log
+      - /openstack/log/*/curator/curator
+      - /openstack/log/*/elasticsearch/*.log
+      - /var/log/beats/*.log
+      - /var/log/curator/curator
+      - /var/log/elasticsearch/*.log
+    tags:
+      - beats
--- a/elk_metrics_6x/roles/elastic_filebeat/tasks/main.yml
+++ b/elk_metrics_6x/roles/elastic_filebeat/tasks/main.yml
@ -75,116 +75,6 @@
  notify:
    - Enable and restart filebeat

- name: Check for apache
-  stat:
-    path: /etc/apache2
-  register: apache2
-
- name: Check for auditd
-  stat:
-    path: /etc/audit
-  register: audit
-
- name: Check for ceph
-  stat:
-    path: /var/log/ceph
-  register: ceph
-
- name: Check for cinder
-  stat:
-    path: /var/log/cinder
-  register: cinder
-
- name: Check for glance
-  stat:
-    path: /var/log/glance
-  register: glance
-
- name: Check for heat
-  stat:
-    path: /var/log/heat
-  register: heat
-
- name: Check for horizon
-  stat:
-    path: /var/log/horizon
-  register: horizon
-
- name: Check for httpd
-  stat:
-    path: /var/log/httpd
-  register: httpd
-
- name: Check for keystone
-  stat:
-    path: /var/log/keystone
-  register: keystone
-
- name: Check for mysql
-  stat:
-    path: /var/lib/mysql
-  register: mysql
-
- name: Check for neutron
-  stat:
-    path: /var/log/neutron
-  register: neutron
-
- name: Check for nginx
-  stat:
-    path: /var/log/nginx
-  register: nginx
-
- name: Check for nova
-  stat:
-    path: /var/log/nova
-  register: nova
-
- name: Check for octavia
-  stat:
-    path: /var/log/octavia
-  register: octavia
-
- name: Check for swift
-  stat:
-    path: /var/log/swift
-  register: swift
-
- name: Check for rabbitmq
-  stat:
-    path: /var/lib/rabbitmq
-  register: rabbitmq
-
- name: Check for designate
-  stat:
-    path: /var/log/designate
-  register: designate
-
- name: Check for osquery
-  stat:
-    path: /var/log/osquery/osqueryd.results.log
-  register: osquery
-
- name: Set discovery facts
-  set_fact:
-    apache_enabled: "{{ (apache2.stat.exists | bool) or (httpd.stat.exists | bool) }}"
-    nginx_enabled: "{{ nginx.stat.exists | bool }}"
-    auditd_enabled: "{{ audit.stat.exists | bool }}"
-    mysql_enabled: "{{ (mysql.stat.exists | bool) or (inventory_hostname in groups['galera_all'] | default([])) }}"
-    ceph_enabled: "{{ (ceph.stat.exists | bool) or (inventory_hostname in groups['ceph_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*ceph.*') | list | length) > 0) }}"
-    cinder_enabled: "{{ (cinder.stat.exists | bool) or (inventory_hostname in groups['cinder_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*cinder.*') | list | length) > 0) }}"
-    glance_enabled: "{{ (glance.stat.exists | bool) or (inventory_hostname in groups['glance_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*glance.*') | list | length) > 0) }}"
-    heat_enabled: "{{ (heat.stat.exists | bool) or (inventory_hostname in groups['heat_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*heat.*') | list | length) > 0) }}"
-    horizon_enabled: "{{ (horizon.stat.exists | bool) or (inventory_hostname in groups['horizon_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*horizon.*') | list | length) > 0) }}"
-    keystone_enabled: "{{ (keystone.stat.exists | bool) or (inventory_hostname in groups['keystone_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*keystone.*') | list | length) > 0) }}"
-    neutron_enabled: "{{ (neutron.stat.exists | bool) or (inventory_hostname in groups['neutron_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*neutron.*') | list | length) > 0) }}"
-    nova_enabled: "{{ (nova.stat.exists | bool) or (inventory_hostname in groups['nova_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*nova.*') | list | length) > 0) }}"
-    octavia_enabled: "{{ (octavia.stat.exists | bool) or (inventory_hostname in groups['octavia_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*octavia.*') | list | length) > 0) }}"
-    swift_enabled: "{{ (swift.stat.exists | bool) or (inventory_hostname in groups['swift_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*swift.*') | list | length) > 0) }}"
-    rabbitmq_enabled: "{{ (rabbitmq.stat.exists | bool) or (inventory_hostname in groups['rabbitmq_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*rabbit.*') | list | length) > 0) }}"
-    designate_enabled: "{{ (designate.stat.exists | bool) or (inventory_hostname in groups['designate_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*designate.*') | list | length) > 0) }}"
-    osquery_enabled: "{{ osquery.stat.exists | bool }}"
-
 - name: Drop Filebeat conf file
  template:
    src: "filebeat.yml.j2"
--- a/elk_metrics_6x/roles/elastic_filebeat/templates/filebeat.yml.j2
+++ b/elk_metrics_6x/roles/elastic_filebeat/templates/filebeat.yml.j2