x/browbeat
Code Issues Proposed changes
browbeat/ansible/install/roles/logstash/tasks/main.yml
Will Foster c7b7345154 Add fluentd support to ELK as optional replacement for logstash. 
This adds the ability to substitute fluentd for logstash for ELK stack
deployments.  This is a seamless substitution, but logstash is still
the default if no options are changed.  Rsyslog will be utilized
instead of the official Filebeat logstash forwarder.

To use fluentd instead of logstash change the following parameter
in install/group_vars/all.yml:

logging_backend: fluentd

In addition, the following enhancements were made:

* All service ports are now configurable
* Firewall ports are now configurable

Documentation updates can be viewed here:
http://rst.ninjs.org/?n=aa3ea354e28f4ef11d2a03344d8c34be&theme=basic

Patchset #2: clean up commit message character length.
Patchset #3: explicitly state logstash is the default
Patchset #4: clean up browbeat install instructions
Patchset #5: add /etc/rsyslog.d/openstack-logs.conf that will
pickup common openstack logs in /var/log/*

Change-Id: Ife928c1f6699e0c675d44e857ccb6aaff165752d
2016-06-17 15:00:22 +01:00

163 lines
4.8 KiB
YAML
Raw Blame History

---
#
# Install/run logstash for browbeat
#
- name: Copy logstash yum repo file
copy:
src=logstash.repo
dest=/etc/yum.repos.d/logstash.repo
owner=root
group=root
mode=0644
become: true
- name: Install logstash rpms
yum: name={{ item }} state=present
become: true
with_items:
- logstash
- name: Copy logstash input filters
copy:
src=01-lumberjack-input.conf
dest=/etc/logstash/conf.d/01-lumberjack-input.conf
owner=root
group=root
mode=0644
become: true
- name: Copy logstash output filters
copy:
src=30-elasticsearch-output.conf
dest=/etc/logstash/conf.d/30-lumberjack-output.conf
owner=root
group=root
mode=0644
become: true
- name: Copy logstash syslog filters
copy:
src=10-syslog.conf
dest=/etc/logstash/conf.d/10-syslog.conf
owner=root
group=root
mode=0644
become: true
- name: Copy logstash local syslog filter
copy:
src=10-syslog-filter.conf
dest=/etc/logstash/conf.d/10-syslog-filter.conf
owner=root
group=root
mode=0644
become: true
register: logstash_needs_restart
- name: Copy filebeat input filter
template:
src=02-beats-input.conf.j2
dest=/etc/logstash/conf.d/02-beats-input.conf
owner=root
group=root
mode=0644
become: true
- name: Stage filebeat JSON index template
copy:
src=filebeat-index-template.json
dest=/tmp/filebeat-index-template.json
owner=root
group=root
mode=0644
become: true
- name: Load OpenSSL CA Extended Configuration
template:
src=openssl_extras.cnf.j2
dest=/etc/pki/tls/openssl_extras.cnf
owner=root
group=root
mode=0644
become: true
- name: Check OpenSSL SANs (SubjectAltName) entry for CA
shell: grep "{{ ansible_default_ipv4.address }}" /etc/pki/tls/openssl.cnf | wc -l
ignore_errors: true
register: subjectAltName_exists
- name: Add OpenSSL SANs (SubjectAltName) entry for CA
lineinfile:
dest: /etc/pki/tls/openssl.cnf
line: 'subjectAltName = "{{ ansible_default_ipv4.address }}"'
regexp: '^ Extensions for a typical CA'
insertbefore: '# Extensions for a typical CA'
backup: yes
when: subjectAltName_exists.stdout|int == 0
# note: we can't currently use the Ansible uri module here, curl is a workaround
# https://github.com/ansible/ansible-modules-core/issues/265
# http://stackoverflow.com/questions/28997007/translate-curl-put-into-ansible-uri-module
- name: Load filebeat JSON index template
command: curl -XPOST 'http://localhost:9200/_template/filebeat?pretty' -d@/tmp/filebeat-index-template.json
ignore_errors: true
become: true
- name: Enable logstash service
service: name=logstash state=started enabled=true
become: true
# we need TCP/80 and TCP/8080 open
# determine firewall status and take action
# 1) use firewall-cmd if firewalld is utilized
# 2) insert iptables rule if iptables is used
# Firewalld
- name: Determine if firewalld is in use
shell: systemctl is-enabled firewalld.service | egrep -qv 'masked|disabled'
ignore_errors: true
register: firewalld_in_use
- name: Determine if firewalld is active
shell: systemctl is-active firewalld.service | grep -vq inactive
ignore_errors: true
register: firewalld_is_active
- name: Determine if TCP/{{logstash_syslog_port}} is already active
shell: firewall-cmd --list-ports | egrep -q "^{{logstash_syslog_port}}/tcp"
ignore_errors: true
register: firewalld_tcp{{logstash_syslog_port}}_exists
# add firewall rule via firewall-cmd
- name: Add firewall rule for TCP/{{logstash_syslog_port}} (firewalld)
command: "{{ item }}"
with_items:
- firewall-cmd --zone=public --add-port={{logstash_syslog_port}}/tcp --permanent
- firewall-cmd --reload
ignore_errors: true
become: true
when: firewalld_in_use.rc == 0 and firewalld_is_active.rc == 0 and firewalld_tcp{{logstash_syslog_port}}_exists.rc != 0
# iptables-services
- name: check firewall rules for TCP/{{logstash_syslog_port}} (iptables-services)
shell: grep "dport {{logstash_syslog_port}} \-j ACCEPT" /etc/sysconfig/iptables | wc -l
ignore_errors: true
register: iptables_tcp5044_exists
failed_when: iptables_tcp{{logstash_syslog_port}}_exists == 127
- name: Add firewall rule for TCP/{{logstash_syslog_port}} (iptables-services)
lineinfile:
dest: /etc/sysconfig/iptables
line: '-A INPUT -p tcp -m tcp --dport {{logstash_syslog_port}} -j ACCEPT'
regexp: '^INPUT -i lo -j ACCEPT'
insertbefore: '-A INPUT -i lo -j ACCEPT'
backup: yes
when: firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0 and iptables_tcp5044_exists.stdout|int == 0
register: iptables_needs_restart
- name: Restart iptables-services for TCP/{{logstash_syslog_port}} (iptables-services)
shell: systemctl restart iptables.service
ignore_errors: true
when: iptables_needs_restart != 0 and firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0
View Git Blame Copy Permalink