From ab7df3b32741a7f4dd9a49f1f8953567666cb0ff Mon Sep 17 00:00:00 2001 From: Duncan Martin Walker Date: Mon, 9 Mar 2020 15:17:06 +0000 Subject: [PATCH] Add Journalbeat support for OS LXC containers Journalbeat currently only parses systemd journals with machine UUID corresponding to the host, requiring a separate journalbeat install to each OS container, even when the container journals are present on the host as subdirectories of /var/log/journal/. This commit searches for these directories and adds them to the Journalbeat journal path such that the container journals are processed by the Journalbeat instance on the physical host. This therefore removes the need for Journalbeat to be deployed to each LXC container. Change-Id: Ifdfc8c52364d02fb2a0ca296b8c41c3d32bc0342 --- .../roles/elastic_journalbeat/tasks/main.yml | 10 ++++++++++ .../elastic_journalbeat/templates/journalbeat.yml.j2 | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/elk_metrics_7x/roles/elastic_journalbeat/tasks/main.yml b/elk_metrics_7x/roles/elastic_journalbeat/tasks/main.yml index ec3e3d71..e991930f 100644 --- a/elk_metrics_7x/roles/elastic_journalbeat/tasks/main.yml +++ b/elk_metrics_7x/roles/elastic_journalbeat/tasks/main.yml @@ -77,6 +77,16 @@ notify: - Enable and restart journalbeat +- name: Gather list of OS container journals + find: + path: "/var/log/journal/" + file_type: directory + register: journal_log_dirs + +- name: Set container journal paths + set_fact: + journal_paths: "{{ journal_log_dirs.files | map(attribute='path') | list }}" + - name: Drop journalbeat configs template: src: "{{ item.src }}" diff --git a/elk_metrics_7x/roles/elastic_journalbeat/templates/journalbeat.yml.j2 b/elk_metrics_7x/roles/elastic_journalbeat/templates/journalbeat.yml.j2 index 6c7b0d5e..7776a49c 100644 --- a/elk_metrics_7x/roles/elastic_journalbeat/templates/journalbeat.yml.j2 +++ b/elk_metrics_7x/roles/elastic_journalbeat/templates/journalbeat.yml.j2 @@ -17,7 +17,7 @@ journalbeat.inputs: # Paths that should be crawled and fetched. Possible values files and directories. # When setting a directory, all journals under it are merged. # When empty starts to read from local journal. -- paths: ["/var/log/journal"] +- paths: {{ journal_paths | to_json }} # The number of seconds to wait before trying to read again from journals. backoff: 10s