Add role for Graylog
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend
|:-:|:-:|:-:|:-:|:-:
|2776|17|2759|4|:-1:
Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/232//ansiblelint">Evolix » ansible-roles » unstable #232</a>
gitea/ansible-roles/pipeline/head This commit looks good
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend
|:-:|:-:|:-:|:-:|:-:
|2776|17|2759|4|:-1:
Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/232//ansiblelint">Evolix » ansible-roles » unstable #232</a>
gitea/ansible-roles/pipeline/head This commit looks good
This commit is contained in:
parent
d37f6c0e3f
commit
ce247dba56
4 changed files with 125 additions and 0 deletions
|
@ -13,6 +13,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
|
||||
### Added
|
||||
|
||||
* graylog: new role
|
||||
|
||||
### Changed
|
||||
|
||||
* apt: with Debian 12, backports are installed but disabled by default
|
||||
|
|
18
graylog/README.md
Normal file
18
graylog/README.md
Normal file
|
@ -0,0 +1,18 @@
|
|||
# Graylog
|
||||
|
||||
Installation and basic configuration of Graylog.
|
||||
|
||||
## Tasks
|
||||
|
||||
Everything is in the `tasks/main.yml` file.
|
||||
|
||||
## Available variables
|
||||
|
||||
Main variables are :
|
||||
|
||||
* `graylog_version`: the Graylog version to install (default: `5.0`),
|
||||
* `graylog_listen_ip`: the listen IP for Graylog (default: `"127.0.0.1"`),
|
||||
* `graylog_listen_port`: the listen port for Graylog (default: `9000`),
|
||||
* `graylog_custom_datadir`: the Graylog data directory (default: `""`, the empty string).
|
||||
|
||||
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
5
graylog/defaults/main.yml
Normal file
5
graylog/defaults/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
graylog_version: "5.0"
|
||||
graylog_listen_ip: "127.0.0.1"
|
||||
graylog_listen_port: 9000
|
||||
graylog_custom_datadir: ""
|
100
graylog/tasks/main.yml
Normal file
100
graylog/tasks/main.yml
Normal file
|
@ -0,0 +1,100 @@
|
|||
---
|
||||
|
||||
- name: Dependencies are installed
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
- openjdk-11-jre-headless
|
||||
- uuid-runtime
|
||||
- pwgen
|
||||
- dirmngr
|
||||
- gnupg
|
||||
- wget
|
||||
update_cache: yes
|
||||
|
||||
- name: Elasticsearch is configured
|
||||
ansible.builtin.lineinfile:
|
||||
dest: '/etc/elasticsearch/elasticsearch.yml'
|
||||
line: 'action.auto_create_index: false'
|
||||
register: es_config
|
||||
|
||||
- name: Elasticsearch is restarted
|
||||
ansible.builtin.systemd:
|
||||
name: elasticsearch
|
||||
state: restarted
|
||||
when: es_config is changed
|
||||
|
||||
- name: Graylog repository is installed
|
||||
ansible.builtin.apt:
|
||||
deb: 'https://packages.graylog2.org/repo/packages/graylog-{{ graylog_version }}-repository_latest.deb'
|
||||
|
||||
- name: Graylog is installed
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- graylog-server
|
||||
update_cache: yes
|
||||
|
||||
- name: Graylog password_secret is set
|
||||
ansible.builtin.replace:
|
||||
dest: '/etc/graylog/server/server.conf'
|
||||
regexp: '^(password_secret =)$'
|
||||
replace: '\1 {{ lookup("ansible.builtin.password", "/dev/null chars=ascii_lowercase,digits length=96") }}'
|
||||
|
||||
- name: Graylog root_password_sha2 is set
|
||||
ansible.builtin.replace:
|
||||
dest: '/etc/graylog/server/server.conf'
|
||||
regexp: '^(root_password_sha2 =)$'
|
||||
replace: '\1 {{ graylog_root_password_sha2 }}'
|
||||
when: graylog_root_password_sha2 is defined
|
||||
|
||||
- name: Graylog http_bind_address is set
|
||||
ansible.builtin.lineinfile:
|
||||
dest: '/etc/graylog/server/server.conf'
|
||||
line: 'http_bind_address = {{ graylog_listen_ip }}:{{ graylog_listen_port }}'
|
||||
|
||||
- block:
|
||||
- name: "Is {{ graylog_custom_datadir }} present ?"
|
||||
ansible.builtin.stat:
|
||||
path: "{{ graylog_custom_datadir }}"
|
||||
check_mode: no
|
||||
register: graylog_custom_datadir_test
|
||||
|
||||
- name: "read the real datadir"
|
||||
ansible.builtin.command:
|
||||
cmd: readlink -f /var/lib/graylog-server
|
||||
changed_when: False
|
||||
check_mode: no
|
||||
register: graylog_current_real_datadir_test
|
||||
when: graylog_custom_datadir is defined and graylog_custom_datadir | length > 0
|
||||
|
||||
- block:
|
||||
- name: Graylog is stopped
|
||||
ansible.builtin.service:
|
||||
name: graylog-server
|
||||
state: stopped
|
||||
|
||||
- name: Move Graylog datadir to {{ graylog_custom_datadir }}
|
||||
ansible.builtin.command:
|
||||
cmd: mv {{ graylog_current_real_datadir_test.stdout }} {{ graylog_custom_datadir }}
|
||||
args:
|
||||
creates: "{{ graylog_custom_datadir }}"
|
||||
|
||||
- name: Symlink {{ graylog_custom_datadir }} to /var/lib/graylog-server
|
||||
ansible.builtin.file:
|
||||
src: "{{ graylog_custom_datadir }}"
|
||||
dest: '/var/lib/graylog-server'
|
||||
state: link
|
||||
when:
|
||||
- graylog_custom_datadir | length > 0
|
||||
- graylog_custom_datadir != graylog_current_real_datadir_test.stdout
|
||||
- not graylog_custom_datadir_test.stat.exists
|
||||
|
||||
- name: Graylog is started
|
||||
ansible.builtin.service:
|
||||
name: graylog-server
|
||||
state: started
|
||||
|
||||
- name: Graylog is enabled
|
||||
ansible.builtin.service:
|
||||
name: graylog-server
|
||||
enabled: yes
|
Loading…
Reference in a new issue