3e06f195b7
Changes in patchset #11:
1) moved to putting default port variables in group_vars/all.yml
2) updated README to specify changing port variables for undercloud deployments
3) removed setting variables in the nginx task, but we can utilize fail: checks
for variable checks instead (cleaner).
Changes in patchet #10:
1) added become: true for filebeat per jtaleric comments
2) added no_log: True to reduce unecessary firewall debug discovery
during the playbook run
Changes in patchset #9:
Rebased against commit 5ef39f88dd
Changes in patchset #8:
1) use restart instead of start for ansible service
this will address when you re-run playbooks if you
decide to change the listener ports
Changes in patchset #7:
1) use rpm_key ansible module instead of rpm command
for GPG key management
Changes in patchset #6:
1) ensure elk_server_ssl_cert_port variable can be set
for non-standard port access like elk_server
Changes in patchset #5:
1) use 'become=true' for all operations within filebeat
so that elk clients running as non-root (but privileged)
users can run client deployments.
Changes in patchset #4:
1) turn logstash stdout off by default
2) remove unneeded logstash refresh
Changes in patchset #3:
1) remove debug statements for port variable testing
Changes in patchset #2:
1) remove unneeded conditional logic, only comparison
for 'none' is needed.
2) fix duplicate variable assignment
3) add more info to group_vars/all comments that you
need to use nonstandard ports for both if you need one
only.
Changes introduced in patchset #1:
This provides the following functionality:
1) adds two new variables to group_vars/all:
* nginx_kibana_port
* elk_server_ssl_cert_port
2) sets a normal default for these ports if
they are not defined explicitly.
If these are not defined then default ports of 80/TCP
and 8080/TCP will be used respectively.
If they are defined (in case of undercloud install where lots
of services/ports are listening on standard ports) then both
nginx jinja2 templates will be updated along with firewall rules.
Why we need this functionality, and why we should use it:
1) Avoid hard-coded defaults like 1.1.1.1 or service ports
2) Minimize the amount of editing needed for variables before
Browbeat can be run by users
Change-Id: Ia689f73d9c0c83de4d34a1954824afbee8205c25
61 lines
1.5 KiB
YAML
61 lines
1.5 KiB
YAML
---
|
|
#
|
|
# install/run filebeat elk client for browbeat
|
|
#
|
|
|
|
- name: Copy filebeat yum repo file
|
|
copy:
|
|
src=filebeat.repo
|
|
dest=/etc/yum.repos.d/filebeat.repo
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
become: true
|
|
|
|
- name: Import Filebeat GPG Key
|
|
rpm_key: key=http://packages.elastic.co/GPG-KEY-elasticsearch
|
|
state=present
|
|
become: true
|
|
|
|
- name: Install filebeat rpms
|
|
yum: name={{ item }} state=present
|
|
become: true
|
|
with_items:
|
|
- filebeat
|
|
|
|
- name: Generate filebeat configuration template
|
|
template:
|
|
src=filebeat.yml.j2
|
|
dest=/etc/filebeat/filebeat.yml
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
become: true
|
|
register: filebeat_needs_restart
|
|
|
|
- name: Check ELK server SSL client certificate
|
|
stat: path=/etc/pki/tls/certs/filebeat-forwarder.crt
|
|
ignore_errors: true
|
|
register: elk_client_ssl_cert_exists
|
|
|
|
# Set standard nginx ports if we're not pointing towards an undercloud
|
|
- name: Assign ELK nginx port value for SSL client certificate
|
|
set_fact:
|
|
elk_server_ssl_cert_port: 8080
|
|
when: elk_server_ssl_cert_port is none
|
|
|
|
- name: Install ELK server SSL client certificate
|
|
shell: curl http://"{{ elk_server }}":{{ elk_server_ssl_cert_port }}/filebeat-forwarder.crt > /etc/pki/tls/certs/filebeat-forwarder.crt
|
|
become: true
|
|
when: elk_client_ssl_cert_exists != 0
|
|
|
|
- name: Start filebeat service
|
|
command: systemctl start filebeat.service
|
|
ignore_errors: true
|
|
become: true
|
|
when: filebeat_needs_restart != 0
|
|
|
|
- name: Setup filebeat service
|
|
service: name=filebeat state=started enabled=true
|
|
become: true
|