101 lines
2.9 KiB
YAML
101 lines
2.9 KiB
YAML
|
---
|
||
|
|
||
|
- name: Dependencies are installed
|
||
|
ansible.builtin.apt:
|
||
|
name:
|
||
|
- apt-transport-https
|
||
|
- openjdk-11-jre-headless
|
||
|
- uuid-runtime
|
||
|
- pwgen
|
||
|
- dirmngr
|
||
|
- gnupg
|
||
|
- wget
|
||
|
update_cache: yes
|
||
|
|
||
|
- name: Elasticsearch is configured
|
||
|
ansible.builtin.lineinfile:
|
||
|
dest: '/etc/elasticsearch/elasticsearch.yml'
|
||
|
line: 'action.auto_create_index: false'
|
||
|
register: es_config
|
||
|
|
||
|
- name: Elasticsearch is restarted
|
||
|
ansible.builtin.systemd:
|
||
|
name: elasticsearch
|
||
|
state: restarted
|
||
|
when: es_config is changed
|
||
|
|
||
|
- name: Graylog repository is installed
|
||
|
ansible.builtin.apt:
|
||
|
deb: 'https://packages.graylog2.org/repo/packages/graylog-{{ graylog_version }}-repository_latest.deb'
|
||
|
|
||
|
- name: Graylog is installed
|
||
|
ansible.builtin.apt:
|
||
|
name:
|
||
|
- graylog-server
|
||
|
update_cache: yes
|
||
|
|
||
|
- name: Graylog password_secret is set
|
||
|
ansible.builtin.replace:
|
||
|
dest: '/etc/graylog/server/server.conf'
|
||
|
regexp: '^(password_secret =)$'
|
||
|
replace: '\1 {{ lookup("ansible.builtin.password", "/dev/null chars=ascii_lowercase,digits length=96") }}'
|
||
|
|
||
|
- name: Graylog root_password_sha2 is set
|
||
|
ansible.builtin.replace:
|
||
|
dest: '/etc/graylog/server/server.conf'
|
||
|
regexp: '^(root_password_sha2 =)$'
|
||
|
replace: '\1 {{ graylog_root_password_sha2 }}'
|
||
|
when: graylog_root_password_sha2 is defined
|
||
|
|
||
|
- name: Graylog http_bind_address is set
|
||
|
ansible.builtin.lineinfile:
|
||
|
dest: '/etc/graylog/server/server.conf'
|
||
|
line: 'http_bind_address = {{ graylog_listen_ip }}:{{ graylog_listen_port }}'
|
||
|
|
||
|
- block:
|
||
|
- name: "Is {{ graylog_custom_datadir }} present ?"
|
||
|
ansible.builtin.stat:
|
||
|
path: "{{ graylog_custom_datadir }}"
|
||
|
check_mode: no
|
||
|
register: graylog_custom_datadir_test
|
||
|
|
||
|
- name: "read the real datadir"
|
||
|
ansible.builtin.command:
|
||
|
cmd: readlink -f /var/lib/graylog-server
|
||
|
changed_when: False
|
||
|
check_mode: no
|
||
|
register: graylog_current_real_datadir_test
|
||
|
when: graylog_custom_datadir is defined and graylog_custom_datadir | length > 0
|
||
|
|
||
|
- block:
|
||
|
- name: Graylog is stopped
|
||
|
ansible.builtin.service:
|
||
|
name: graylog-server
|
||
|
state: stopped
|
||
|
|
||
|
- name: Move Graylog datadir to {{ graylog_custom_datadir }}
|
||
|
ansible.builtin.command:
|
||
|
cmd: mv {{ graylog_current_real_datadir_test.stdout }} {{ graylog_custom_datadir }}
|
||
|
args:
|
||
|
creates: "{{ graylog_custom_datadir }}"
|
||
|
|
||
|
- name: Symlink {{ graylog_custom_datadir }} to /var/lib/graylog-server
|
||
|
ansible.builtin.file:
|
||
|
src: "{{ graylog_custom_datadir }}"
|
||
|
dest: '/var/lib/graylog-server'
|
||
|
state: link
|
||
|
when:
|
||
|
- graylog_custom_datadir | length > 0
|
||
|
- graylog_custom_datadir != graylog_current_real_datadir_test.stdout
|
||
|
- not graylog_custom_datadir_test.stat.exists
|
||
|
|
||
|
- name: Graylog is started
|
||
|
ansible.builtin.service:
|
||
|
name: graylog-server
|
||
|
state: started
|
||
|
|
||
|
- name: Graylog is enabled
|
||
|
ansible.builtin.service:
|
||
|
name: graylog-server
|
||
|
enabled: yes
|