1fd975aee7
Switch to using the get_url Ansible module over curl. This change is for obtaining the filebeat SSL certificate for the client to connect and send logs over TLS to the logstash instance. Patchset #2: make get_url commands be on multiple lines. Change-Id: I4dfe7e922b576624f23f204c8f696ea8f0a75e14
91 lines
2.4 KiB
YAML
91 lines
2.4 KiB
YAML
---
|
|
#
|
|
# install/run filebeat elk client for browbeat
|
|
#
|
|
|
|
- name: Copy filebeat yum repo file
|
|
copy:
|
|
src=filebeat.repo
|
|
dest=/etc/yum.repos.d/filebeat.repo
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
when: (logging_backend != 'fluentd')
|
|
become: true
|
|
|
|
- name: Import Filebeat GPG Key
|
|
rpm_key: key=http://packages.elastic.co/GPG-KEY-elasticsearch
|
|
state=present
|
|
when: (logging_backend != 'fluentd')
|
|
|
|
- name: Install filebeat rpms
|
|
yum: name={{ item }} state=present
|
|
become: true
|
|
with_items:
|
|
- filebeat
|
|
when: (logging_backend != 'fluentd')
|
|
|
|
- name: Generate filebeat configuration template
|
|
template:
|
|
src=filebeat.yml.j2
|
|
dest=/etc/filebeat/filebeat.yml
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
become: true
|
|
when: (logging_backend != 'fluentd')
|
|
register: filebeat_needs_restart
|
|
|
|
- name: Check ELK server SSL client certificate
|
|
stat: path=/etc/pki/tls/certs/filebeat-forwarder.crt
|
|
ignore_errors: true
|
|
register: elk_client_ssl_cert_exists
|
|
when: (logging_backend != 'fluentd')
|
|
|
|
- name: Install ELK server SSL client certificate
|
|
get_url:
|
|
url=http://{{ elk_server }}:{{ elk_server_ssl_cert_port }}/filebeat-forwarder.crt
|
|
dest=/etc/pki/tls/certs/filebeat-forwarder.crt
|
|
become: true
|
|
when: ((elk_client_ssl_cert_exists != 0) and (logging_backend != 'fluentd'))
|
|
|
|
- name: Start filebeat service
|
|
command: systemctl start filebeat.service
|
|
ignore_errors: true
|
|
become: true
|
|
when: ((filebeat_needs_restart != 0) and (logging_backend != 'fluentd'))
|
|
|
|
- name: Setup filebeat service
|
|
service: name=filebeat state=started enabled=true
|
|
become: true
|
|
when: (logging_backend != 'fluentd')
|
|
|
|
- name: Install rsyslogd for fluentd
|
|
yum: name={{ item }} state=present
|
|
become: true
|
|
with_items:
|
|
- rsyslog
|
|
when: (logging_backend == 'fluentd')
|
|
|
|
- name: Setup rsyslogd for fluentd
|
|
lineinfile: dest=/etc/rsyslog.conf \
|
|
line="*.* @{{ elk_server }}:{{ fluentd_syslog_port }}"
|
|
when: (logging_backend == 'fluentd')
|
|
register: rsyslog_updated
|
|
|
|
- name: Setup common OpenStack rsyslog logging
|
|
template:
|
|
src=rsyslog-openstack.conf.j2
|
|
dest=/etc/rsyslog.d/openstack-logs.conf
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
become: true
|
|
register: rsyslog_updated
|
|
when: (logging_backend == 'fluentd')
|
|
|
|
- name: Restarting rsyslog for fluentd
|
|
command: systemctl restart rsyslog.service
|
|
ignore_errors: true
|
|
when: rsyslog_updated != 0
|