--- # Copyright 2018, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Gather variables for each operating system include_vars: "{{ item }}" with_first_found: - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" - "{{ ansible_distribution | lower }}.yml" - "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml" - "{{ ansible_os_family | lower }}.yml" tags: - always - name: Ensure Logstash is installed package: name: "{{ logstash_distro_packages }}" state: "{{ elk_package_state | default('present') }}" update_cache: "{{ (ansible_pkg_mgr == 'apt') | ternary('yes', omit) }}" register: _package_task until: _package_task is success retries: 3 delay: 2 notify: - Enable and restart logstash tags: - package_install - name: Create logstash systemd service config dir file: path: "/etc/systemd/system/logstash.service.d" state: "directory" group: "root" owner: "root" mode: "0755" when: - ansible_service_mgr == 'systemd' - name: Apply systemd options template: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "0644" when: - ansible_service_mgr == 'systemd' with_items: - src: "systemd.general-overrides.conf.j2" dest: "/etc/systemd/system/logstash.service.d/logstash-overrides.conf" notify: - Enable and restart logstash - name: Check queue type block: - name: Get block device for logstash command: findmnt -no SOURCE --target=/var/lib/logstash changed_when: false register: _logstash_block_device - name: Set persisted queue fact set_fact: logstash_queue_type: "{{ ((ansible_devices[_logstash_block_device.stdout.split('/')[-1] | regex_replace('[0-9]$','')]['rotational'] | int) != 1) | ternary('persisted', 'memory') }}" rescue: - name: Set persisted queue fact (fallback) set_fact: logstash_queue_type: memory when: - logstash_queue_type is undefined - name: Systemd memory backed queue block block: - name: Get logstash UID command: id -u logstash register: logstash_uid changed_when: false when: - ansible_service_mgr == 'systemd' - name: Get logstash GID command: id -g logstash register: logstash_gid changed_when: false when: - ansible_service_mgr == 'systemd' - name: Run the systemd mount role include_role: name: systemd_mount private: true vars: systemd_mounts: - what: "tmpfs" where: "/var/lib/logstash/queue" type: "tmpfs" options: "size={{ (q_mem | int) // 2 }}m,uid={{ logstash_uid.stdout }},gid={{ logstash_gid.stdout }},nodev,nodiratime,noatime" unit: Before: - logstash.service state: 'started' enabled: true when: - ansible_service_mgr == 'systemd' - name: Apply fstab options for memory queues mount: path: /var/lib/logstash/queue src: tmpfs fstype: tmpfs opts: size={{ (q_mem | int) // 2 }}m state: mounted when: - ansible_service_mgr != 'systemd' when: - logstash_queue_type == 'memory' - name: Create patterns directory file: name: "/opt/logstash/patterns" owner: "logstash" group: "logstash" state: directory tags: - logstash-patterns - name: Logstash Extra Patterns template: src: "extras" dest: "/opt/logstash/patterns/extras" owner: "logstash" group: "logstash" when: - logstash_deploy_filters notify: - Enable and restart logstash tags: - logstash-filters - config - name: Run kafka ssl deployment include_tasks: logstash_kafka_ssl.yml when: - logstash_kafka_options is defined - logstash_kafka_ssl_keystore_location is defined - name: Drop logstash conf file(s) template: src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - src: "logstash.yml.j2" dest: "/etc/logstash/logstash.yml" - src: "logstash-pipelines.yml.j2" dest: "/etc/logstash/pipelines.yml" notify: - Enable and restart logstash tags: - config - name: Ensure logstash ownership file: path: "/var/lib/logstash/" owner: logstash group: logstash recurse: true register: l_perms until: l_perms is success retries: 3 delay: 1 - name: Ensure logstash tmp dir file: path: "/var/lib/logstash/tmp" state: directory owner: "logstash" group: "logstash" mode: "0750" - name: Deploy arcsight collector include_tasks: logstash_arcsight.yml when: - logstash_arcsight_smart_connectors or logstash_arcsight_event_brokers