From 6c74d3a5e36035277c38db1690aec13748d7d4fb Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 20 Sep 2018 12:11:04 +0200 Subject: [PATCH] logstash: tmp directory can be customized --- logstash/defaults/main.yml | 2 ++ logstash/tasks/main.yml | 2 ++ logstash/tasks/tmpdir.yml | 31 +++++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 logstash/tasks/tmpdir.yml diff --git a/logstash/defaults/main.yml b/logstash/defaults/main.yml index 38b7f85f..cd16db24 100644 --- a/logstash/defaults/main.yml +++ b/logstash/defaults/main.yml @@ -4,3 +4,5 @@ elastic_stack_version: "5.x" logstash_jvm_xms: 256m logstash_jvm_xmx: 1g logstash_log_rotate_days: 365 +logstash_custom_tmpdir: Null +logstash_default_tmpdir: /var/lib/logstash/tmp diff --git a/logstash/tasks/main.yml b/logstash/tasks/main.yml index 8f740424..e6438abe 100644 --- a/logstash/tasks/main.yml +++ b/logstash/tasks/main.yml @@ -75,3 +75,5 @@ verbosity: 1 - include: logs.yml + +- include: tmpdir.yml diff --git a/logstash/tasks/tmpdir.yml b/logstash/tasks/tmpdir.yml new file mode 100644 index 00000000..4149f5af --- /dev/null +++ b/logstash/tasks/tmpdir.yml @@ -0,0 +1,31 @@ +--- + +- name: Check if /tmp is noexec + shell: "cat /etc/fstab | grep -E \" +/tmp\" | grep noexec" + register: fstab_tmp_noexec + failed_when: False + changed_when: False + check_mode: no + +- block: + - name: "Create {{ logstash_custom_tmpdir or logstash_default_tmpdir | mandatory }}" + file: + path: "{{ logstash_custom_tmpdir or logstash_default_tmpdir | mandatory }}" + owner: logstash + group: logstash + mode: "0755" + state: directory + tags: + - logstash + + - name: change JVM tmpdir + lineinfile: + dest: /etc/logstash/jvm.options + line: "-Djava.io.tmpdir={{ logstash_custom_tmpdir or logstash_default_tmpdir | mandatory }}" + regexp: "^-Djava.io.tmpdir=" + insertafter: "## JVM configuration" + notify: + - restart logstash + tags: + - logstash + when: (logstash_custom_tmpdir != '' and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0