Add role for Graylog
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend
|:-:|:-:|:-:|:-:|:-:
|2776|17|2759|4|:-1:
Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/232//ansiblelint">Evolix » ansible-roles » unstable #232</a>
gitea/ansible-roles/pipeline/head This commit looks good
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend
|:-:|:-:|:-:|:-:|:-:
|2776|17|2759|4|:-1:
Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/232//ansiblelint">Evolix » ansible-roles » unstable #232</a>
gitea/ansible-roles/pipeline/head This commit looks good
This commit is contained in:
parent
d37f6c0e3f
commit
ce247dba56
|
@ -13,6 +13,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
* graylog: new role
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
* apt: with Debian 12, backports are installed but disabled by default
|
* apt: with Debian 12, backports are installed but disabled by default
|
||||||
|
|
18
graylog/README.md
Normal file
18
graylog/README.md
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# Graylog
|
||||||
|
|
||||||
|
Installation and basic configuration of Graylog.
|
||||||
|
|
||||||
|
## Tasks
|
||||||
|
|
||||||
|
Everything is in the `tasks/main.yml` file.
|
||||||
|
|
||||||
|
## Available variables
|
||||||
|
|
||||||
|
Main variables are :
|
||||||
|
|
||||||
|
* `graylog_version`: the Graylog version to install (default: `5.0`),
|
||||||
|
* `graylog_listen_ip`: the listen IP for Graylog (default: `"127.0.0.1"`),
|
||||||
|
* `graylog_listen_port`: the listen port for Graylog (default: `9000`),
|
||||||
|
* `graylog_custom_datadir`: the Graylog data directory (default: `""`, the empty string).
|
||||||
|
|
||||||
|
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
5
graylog/defaults/main.yml
Normal file
5
graylog/defaults/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
graylog_version: "5.0"
|
||||||
|
graylog_listen_ip: "127.0.0.1"
|
||||||
|
graylog_listen_port: 9000
|
||||||
|
graylog_custom_datadir: ""
|
100
graylog/tasks/main.yml
Normal file
100
graylog/tasks/main.yml
Normal file
|
@ -0,0 +1,100 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Dependencies are installed
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- apt-transport-https
|
||||||
|
- openjdk-11-jre-headless
|
||||||
|
- uuid-runtime
|
||||||
|
- pwgen
|
||||||
|
- dirmngr
|
||||||
|
- gnupg
|
||||||
|
- wget
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Elasticsearch is configured
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: '/etc/elasticsearch/elasticsearch.yml'
|
||||||
|
line: 'action.auto_create_index: false'
|
||||||
|
register: es_config
|
||||||
|
|
||||||
|
- name: Elasticsearch is restarted
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: elasticsearch
|
||||||
|
state: restarted
|
||||||
|
when: es_config is changed
|
||||||
|
|
||||||
|
- name: Graylog repository is installed
|
||||||
|
ansible.builtin.apt:
|
||||||
|
deb: 'https://packages.graylog2.org/repo/packages/graylog-{{ graylog_version }}-repository_latest.deb'
|
||||||
|
|
||||||
|
- name: Graylog is installed
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- graylog-server
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Graylog password_secret is set
|
||||||
|
ansible.builtin.replace:
|
||||||
|
dest: '/etc/graylog/server/server.conf'
|
||||||
|
regexp: '^(password_secret =)$'
|
||||||
|
replace: '\1 {{ lookup("ansible.builtin.password", "/dev/null chars=ascii_lowercase,digits length=96") }}'
|
||||||
|
|
||||||
|
- name: Graylog root_password_sha2 is set
|
||||||
|
ansible.builtin.replace:
|
||||||
|
dest: '/etc/graylog/server/server.conf'
|
||||||
|
regexp: '^(root_password_sha2 =)$'
|
||||||
|
replace: '\1 {{ graylog_root_password_sha2 }}'
|
||||||
|
when: graylog_root_password_sha2 is defined
|
||||||
|
|
||||||
|
- name: Graylog http_bind_address is set
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: '/etc/graylog/server/server.conf'
|
||||||
|
line: 'http_bind_address = {{ graylog_listen_ip }}:{{ graylog_listen_port }}'
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: "Is {{ graylog_custom_datadir }} present ?"
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "{{ graylog_custom_datadir }}"
|
||||||
|
check_mode: no
|
||||||
|
register: graylog_custom_datadir_test
|
||||||
|
|
||||||
|
- name: "read the real datadir"
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: readlink -f /var/lib/graylog-server
|
||||||
|
changed_when: False
|
||||||
|
check_mode: no
|
||||||
|
register: graylog_current_real_datadir_test
|
||||||
|
when: graylog_custom_datadir is defined and graylog_custom_datadir | length > 0
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Graylog is stopped
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: graylog-server
|
||||||
|
state: stopped
|
||||||
|
|
||||||
|
- name: Move Graylog datadir to {{ graylog_custom_datadir }}
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: mv {{ graylog_current_real_datadir_test.stdout }} {{ graylog_custom_datadir }}
|
||||||
|
args:
|
||||||
|
creates: "{{ graylog_custom_datadir }}"
|
||||||
|
|
||||||
|
- name: Symlink {{ graylog_custom_datadir }} to /var/lib/graylog-server
|
||||||
|
ansible.builtin.file:
|
||||||
|
src: "{{ graylog_custom_datadir }}"
|
||||||
|
dest: '/var/lib/graylog-server'
|
||||||
|
state: link
|
||||||
|
when:
|
||||||
|
- graylog_custom_datadir | length > 0
|
||||||
|
- graylog_custom_datadir != graylog_current_real_datadir_test.stdout
|
||||||
|
- not graylog_custom_datadir_test.stat.exists
|
||||||
|
|
||||||
|
- name: Graylog is started
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: graylog-server
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Graylog is enabled
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: graylog-server
|
||||||
|
enabled: yes
|
Loading…
Reference in a new issue