2016-11-17 16:17:35 +01:00
|
|
|
---
|
|
|
|
|
2017-07-13 14:43:07 +02:00
|
|
|
- name: APT https transport is enabled
|
|
|
|
apt:
|
|
|
|
name: apt-transport-https
|
|
|
|
state: present
|
|
|
|
tags:
|
2021-05-06 10:42:12 +02:00
|
|
|
- filebeat
|
|
|
|
- packages
|
|
|
|
|
2021-07-04 22:08:47 +02:00
|
|
|
- name: Look for legacy apt keyring
|
|
|
|
stat:
|
|
|
|
path: /etc/apt/trusted.gpg
|
|
|
|
register: _trusted_gpg_keyring
|
|
|
|
tags:
|
|
|
|
- filebeat
|
|
|
|
- packages
|
|
|
|
|
2021-05-06 11:33:19 +02:00
|
|
|
- name: Elastic embedded GPG key is absent
|
2017-07-13 14:43:07 +02:00
|
|
|
apt_key:
|
2021-05-03 14:23:13 +02:00
|
|
|
id: "D88E42B4"
|
2021-05-06 13:43:59 +02:00
|
|
|
keyring: /etc/apt/trusted.gpg
|
2021-05-03 14:23:13 +02:00
|
|
|
state: absent
|
2021-07-04 22:08:47 +02:00
|
|
|
when: _trusted_gpg_keyring.stat.exists
|
2021-05-03 14:23:13 +02:00
|
|
|
tags:
|
2021-05-06 10:42:12 +02:00
|
|
|
- filebeat
|
|
|
|
- packages
|
2021-05-03 14:23:13 +02:00
|
|
|
|
|
|
|
- name: Elastic GPG key is installed
|
|
|
|
copy:
|
|
|
|
src: elastic.asc
|
|
|
|
dest: /etc/apt/trusted.gpg.d/elastic.asc
|
|
|
|
force: yes
|
|
|
|
mode: "0644"
|
2021-05-26 13:47:34 +02:00
|
|
|
owner: root
|
|
|
|
group: root
|
2017-07-13 14:43:07 +02:00
|
|
|
tags:
|
2021-05-06 10:42:12 +02:00
|
|
|
- filebeat
|
|
|
|
- packages
|
2017-07-13 14:43:07 +02:00
|
|
|
|
|
|
|
- name: Elastic sources list is available
|
|
|
|
apt_repository:
|
2017-11-26 12:32:12 +01:00
|
|
|
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
2017-11-14 10:26:48 +01:00
|
|
|
filename: elastic
|
2017-07-13 14:43:07 +02:00
|
|
|
state: present
|
|
|
|
update_cache: yes
|
|
|
|
tags:
|
2021-05-06 10:42:12 +02:00
|
|
|
- filebeat
|
|
|
|
- packages
|
2017-05-21 11:13:48 +02:00
|
|
|
|
2016-11-17 16:17:35 +01:00
|
|
|
- name: Filebeat is installed
|
|
|
|
apt:
|
|
|
|
name: filebeat
|
2021-02-16 16:35:25 +01:00
|
|
|
state: "{% if filebeat_upgrade_package %}latest{% else %}present{% endif %}"
|
|
|
|
notify: restart filebeat
|
2016-11-17 16:17:35 +01:00
|
|
|
tags:
|
2021-02-16 16:35:25 +01:00
|
|
|
- filebeat
|
|
|
|
- packages
|
2016-11-17 16:17:35 +01:00
|
|
|
|
|
|
|
- name: Filebeat service is enabled
|
2017-10-08 22:31:22 +02:00
|
|
|
systemd:
|
2016-11-17 16:17:35 +01:00
|
|
|
name: filebeat
|
|
|
|
enabled: yes
|
2021-03-23 16:29:03 +01:00
|
|
|
notify: restart filebeat
|
2021-12-21 15:27:27 +01:00
|
|
|
when: not ansible_check_mode
|
2016-11-17 16:17:35 +01:00
|
|
|
|
|
|
|
- name: is logstash-plugin available?
|
|
|
|
stat:
|
|
|
|
path: /usr/share/logstash/bin/logstash-plugin
|
2017-03-24 14:15:09 +01:00
|
|
|
check_mode: no
|
2016-11-17 16:17:35 +01:00
|
|
|
register: logstash_plugin
|
|
|
|
|
2016-11-22 16:43:45 +01:00
|
|
|
- name: is logstash-input-beats installed?
|
2017-05-19 22:31:17 +02:00
|
|
|
command: grep logstash-input-beats /usr/share/logstash/Gemfile
|
2017-03-24 14:15:09 +01:00
|
|
|
check_mode: no
|
2016-11-22 16:43:45 +01:00
|
|
|
register: logstash_plugin_installed
|
|
|
|
failed_when: false
|
|
|
|
changed_when: false
|
2021-05-09 23:06:42 +02:00
|
|
|
when:
|
|
|
|
- filebeat_logstash_plugin | bool
|
|
|
|
- logstash_plugin.stat.exists
|
2016-11-22 16:43:45 +01:00
|
|
|
|
2019-12-31 16:56:03 +01:00
|
|
|
- name: Logstash plugin is installed
|
|
|
|
block:
|
|
|
|
- include_role:
|
|
|
|
name: evolix/remount-usr
|
2016-11-22 16:43:45 +01:00
|
|
|
|
2019-12-31 16:56:03 +01:00
|
|
|
- name: logstash-plugin install logstash-input-beats
|
|
|
|
command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats
|
2017-05-19 22:52:33 +02:00
|
|
|
when:
|
2021-05-09 23:06:42 +02:00
|
|
|
- filebeat_logstash_plugin | bool
|
2019-12-31 16:56:03 +01:00
|
|
|
- logstash_plugin.stat.exists
|
2021-05-09 23:06:42 +02:00
|
|
|
- not (logstash_plugin_installed | success)
|
2019-01-29 16:57:45 +01:00
|
|
|
|
2020-08-18 14:00:46 +02:00
|
|
|
# When we don't use a config template (default)
|
|
|
|
- block:
|
|
|
|
- name: cloud_metadata processor is disabled
|
|
|
|
replace:
|
|
|
|
dest: /etc/filebeat/filebeat.yml
|
|
|
|
regexp: '^(\s+)(- add_cloud_metadata:)'
|
|
|
|
replace: '\1# \2'
|
|
|
|
notify: restart filebeat
|
2021-05-09 23:06:42 +02:00
|
|
|
when: not (filebeat_processors_cloud_metadata | bool)
|
2020-08-18 14:00:46 +02:00
|
|
|
|
|
|
|
- name: cloud_metadata processor is disabled
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/filebeat/filebeat.yml
|
|
|
|
line: " - add_cloud_metadata: ~"
|
|
|
|
insert_after: '^processors:'
|
|
|
|
notify: restart filebeat
|
2021-05-09 23:06:42 +02:00
|
|
|
when: filebeat_processors_cloud_metadata | bool
|
2020-08-18 14:00:46 +02:00
|
|
|
|
|
|
|
- name: Filebeat knows where to find Elasticsearch
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/filebeat/filebeat.yml
|
|
|
|
regexp: '^ hosts: .*'
|
|
|
|
line: " hosts: [\"{{ filebeat_elasticsearch_hosts | join('\", \"') }}\"]"
|
|
|
|
insertafter: "output.elasticsearch:"
|
|
|
|
notify: restart filebeat
|
2021-05-09 23:06:42 +02:00
|
|
|
when: filebeat_elasticsearch_hosts | length > 0
|
2019-01-29 16:57:45 +01:00
|
|
|
|
2020-08-18 14:00:46 +02:00
|
|
|
- name: Filebeat protocol for Elasticsearch
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/filebeat/filebeat.yml
|
|
|
|
regexp: '^ #?protocol: .*'
|
|
|
|
line: " protocol: \"{{ filebeat_elasticsearch_protocol }}\""
|
|
|
|
insertafter: "output.elasticsearch:"
|
|
|
|
notify: restart filebeat
|
|
|
|
when: filebeat_elasticsearch_protocol == "http" or filebeat_elasticsearch_protocol == "https"
|
|
|
|
|
|
|
|
- name: Filebeat auth/username for Elasticsearch are configured
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/filebeat/filebeat.yml
|
|
|
|
regexp: '{{ item.regexp }}'
|
|
|
|
line: '{{ item.line }}'
|
|
|
|
insertafter: "output.elasticsearch:"
|
2021-05-04 14:18:40 +02:00
|
|
|
loop:
|
2020-08-18 14:00:46 +02:00
|
|
|
- { regexp: '^ #?username: .*', line: ' username: "{{ filebeat_elasticsearch_auth_username }}"' }
|
|
|
|
- { regexp: '^ #?password: .*', line: ' password: "{{ filebeat_elasticsearch_auth_password }}"' }
|
|
|
|
notify: restart filebeat
|
|
|
|
when:
|
2021-05-09 23:06:42 +02:00
|
|
|
- filebeat_elasticsearch_auth_username | length > 0
|
|
|
|
- filebeat_elasticsearch_auth_password | length > 0
|
2021-12-21 15:27:27 +01:00
|
|
|
when:
|
|
|
|
- not (filebeat_use_config_template | bool)
|
|
|
|
- not ansible_check_mode
|
2020-08-18 14:00:46 +02:00
|
|
|
|
|
|
|
- name: Filebeat api_key for Elasticsearch are configured
|
2019-01-29 16:57:45 +01:00
|
|
|
lineinfile:
|
|
|
|
dest: /etc/filebeat/filebeat.yml
|
2020-08-18 14:00:46 +02:00
|
|
|
regexp: '^ #?api_key: .*'
|
|
|
|
line: ' api_key: "{{ filebeat_elasticsearch_auth_api_key }}"'
|
|
|
|
insertafter: "output.elasticsearch:"
|
2019-01-29 16:57:45 +01:00
|
|
|
notify: restart filebeat
|
2021-05-09 23:06:42 +02:00
|
|
|
when: filebeat_elasticsearch_auth_api_key | length > 0
|
2020-08-18 14:00:46 +02:00
|
|
|
|
|
|
|
# When we use a config template
|
|
|
|
- block:
|
|
|
|
- name: Configuration is up-to-date
|
|
|
|
template:
|
|
|
|
src: "{{ item }}"
|
|
|
|
dest: /etc/filebeat/filebeat.yml
|
|
|
|
force: "{{ filebeat_force_config }}"
|
2021-05-06 10:50:57 +02:00
|
|
|
loop: "{{ query('first_found', templates) }}"
|
|
|
|
vars:
|
|
|
|
templates:
|
|
|
|
- "templates/filebeat/filebeat.{{ inventory_hostname }}.yml.j2"
|
2021-05-19 14:35:08 +02:00
|
|
|
- "templates/filebeat/filebeat.{{ host_group | default('all') }}.yml.j2"
|
2021-05-06 10:50:57 +02:00
|
|
|
- "templates/filebeat/filebeat.default.yml.j2"
|
|
|
|
- "templates/filebeat.default.yml.j2"
|
2020-08-18 14:00:46 +02:00
|
|
|
notify: restart filebeat
|
2021-05-09 23:06:42 +02:00
|
|
|
when: filebeat_update_config | bool
|
|
|
|
when: filebeat_use_config_template | bool
|