diff --git a/roles/filebeat/tasks/filebeat_podman.yml b/roles/filebeat/tasks/filebeat_podman.yml index 207af6c..4516b70 100644 --- a/roles/filebeat/tasks/filebeat_podman.yml +++ b/roles/filebeat/tasks/filebeat_podman.yml @@ -1,21 +1,21 @@ --- - name: Deploy Filebeat in a pod vars: - pod_name: "{{ filebeat_pod_name }}.{{inventory_hostname_short}}.filebeat_{{ filebeat.instance_name }}" + pod_name: "{{ filebeat_pod_name }}.{{ inventory_hostname_short }}.filebeat_{{ filebeat.instance_name }}" block: - name: Create pod for filebeat containers.podman.podman_pod: name: "{{ pod_name }}" - hostname: "{{inventory_hostname_short}}.filebeat_{{ filebeat.instance_name }}" + hostname: "{{ inventory_hostname_short }}.filebeat_{{ filebeat.instance_name }}" state: "{{ state }}" recreate: "{{ recreate }}" - network: "{{filebeat_pod_network}}" + network: "{{ filebeat_pod_network }}" when: filebeat_pod_network != "bridge" - name: Create pod for filebeat containers.podman.podman_pod: name: "{{ pod_name }}" - hostname: "{{inventory_hostname_short}}.filebeat_{{ filebeat.instance_name }}" + hostname: "{{ inventory_hostname_short }}.filebeat_{{ filebeat.instance_name }}" state: "{{ state }}" recreate: "{{ recreate }}" network: "{{ filebeat_pod_network }}" @@ -24,32 +24,32 @@ - name: Run Filebeat-setup container to perform initial setup. It will exit when it's done. podman_container: - name: "{{inventory_hostname_short}}.filebeat_{{ filebeat.instance_name }}" + name: "{{ inventory_hostname_short }}.filebeat_{{ filebeat.instance_name }}" pod: "{{ pod_name }}" image: "{{ filebeat_image }}:{{ filebeat_version }}" command: setup -e --index-management --pipelines --dashboards state: "{{ state }}" user: root recreate: "{{ recreate }}" - network: "{{filebeat_pod_network}}" - ## by default json loggin is used plus filebeat - ## log driver k8s-file - #log_driver: k8s-file - #log_opt: - # path: "{{ filebeat_data }}/logs/filebeat-container.log" - # max_size: 300mb - ## log driver to journald (where syslog-ng can pick-up) - #log_driver: journald - #log_opt: - # tag=filebeat|{{ '{{' }}.ImageName{{ '}}' }}|podman + network: "{{ filebeat_pod_network }}" + # # by default json loggin is used plus filebeat + # # log driver k8s-file + # log_driver: k8s-file + # log_opt: + # path: "{{ filebeat_data }}/logs/filebeat-container.log" + # max_size: 300mb + # # log driver to journald (where syslog-ng can pick-up) + # log_driver: journald + # log_opt: + # tag=filebeat|{{ '{{' }}.ImageName{{ '}}' }}|podman label: process: filebeat-setup - expose: "{{filebeat.ports}}" - memory: "{{filebeat.memory_limit}}" - cpus: "{{filebeat.cpu_limit}}" + expose: "{{ filebeat.ports }}" + memory: "{{ filebeat.memory_limit }}" + cpus: "{{ filebeat.cpu_limit }}" env: TZ: "{{ timezone }}" - NO_PROXY: "{{no_proxy}}" + NO_PROXY: "{{ no_proxy }}" volume: - "{{ filebeat_config }}/certs/http_ca.crt:/usr/share/filebeat/config/http_ca.crt:ro,z" - "{{ filebeat_config }}/certs/kibana_signing_ca.crt:/usr/share/filebeat/config/kibana_signing_ca.crt:ro,z" @@ -64,28 +64,28 @@ - name: Run Filebeat container podman_container: - name: "{{inventory_hostname_short}}.filebeat_{{ filebeat.instance_name }}" + name: "{{ inventory_hostname_short }}.filebeat_{{ filebeat.instance_name }}" pod: "{{ pod_name }}" image: "{{ filebeat_image }}:{{ filebeat_version }}" state: "{{ state }}" user: root recreate: "{{ recreate }}" - network: "{{filebeat_pod_network}}" - ## by default json loggin is used plus filebeat - ## log driver k8s-file - #log_driver: k8s-file - #log_opt: - # path: "{{ filebeat_data }}/logs/filebeat-container.log" - # max_size: 300mb - ## log driver to journald (where syslog-ng can pick-up) - #log_driver: journald - #log_opt: - # tag=filebeat|{{ '{{' }}.ImageName{{ '}}' }}|podman + network: "{{ filebeat_pod_network }}" + # # by default json loggin is used plus filebeat + # # log driver k8s-file + # log_driver: k8s-file + # log_opt: + # path: "{{ filebeat_data }}/logs/filebeat-container.log" + # max_size: 300mb + # # log driver to journald (where syslog-ng can pick-up) + # log_driver: journald + # log_opt: + # tag=filebeat|{{ '{{' }}.ImageName{{ '}}' }}|podman label: process=filebeat - expose: "{{filebeat.ports}}" - memory: "{{filebeat.memory_limit}}" - cpus: "{{filebeat.cpu_limit}}" + expose: "{{ filebeat.ports }}" + memory: "{{ filebeat.memory_limit }}" + cpus: "{{ filebeat.cpu_limit }}" env: TZ: "{{ timezone }}" volume: diff --git a/roles/filebeat/tasks/generatetemplates.yml b/roles/filebeat/tasks/generatetemplates.yml index 2532796..ce86d33 100644 --- a/roles/filebeat/tasks/generatetemplates.yml +++ b/roles/filebeat/tasks/generatetemplates.yml @@ -6,3 +6,4 @@ dest: "{{ filebeat_config }}/config/filebeat.yml" group: "root" owner: "root" + mode: "0644" diff --git a/roles/filebeat/tasks/main.yml b/roles/filebeat/tasks/main.yml index 9bef34d..a28b837 100644 --- a/roles/filebeat/tasks/main.yml +++ b/roles/filebeat/tasks/main.yml @@ -13,8 +13,8 @@ include_vars: file: "../../logstash/defaults/main.yml" tags: - - create_dirs - - includevars + - create_dirs + - includevars - name: Import createdirs include_tasks: diff --git a/roles/kibana/handlers/main.yml b/roles/kibana/handlers/main.yml index 2afd799..7805195 100644 --- a/roles/kibana/handlers/main.yml +++ b/roles/kibana/handlers/main.yml @@ -1,2 +1,2 @@ --- -# handlers file for kibana \ No newline at end of file +# handlers file for kibana diff --git a/roles/kibana/tasks/createdirs.yml b/roles/kibana/tasks/createdirs.yml index 26f96b6..3919ae1 100644 --- a/roles/kibana/tasks/createdirs.yml +++ b/roles/kibana/tasks/createdirs.yml @@ -8,6 +8,6 @@ group: "1000" mode: '0755' loop: - - "{{kibana_config}}/config" - - "{{kibana_config}}/certs" - - "{{kibana_data}}/logs" + - "{{ kibana_config }}/config" + - "{{ kibana_config }}/certs" + - "{{ kibana_data }}/logs" diff --git a/roles/kibana/tasks/kibana_podman.yml b/roles/kibana/tasks/kibana_podman.yml index 3d7cafd..b0c20cd 100644 --- a/roles/kibana/tasks/kibana_podman.yml +++ b/roles/kibana/tasks/kibana_podman.yml @@ -1,21 +1,21 @@ --- - name: Deploy Kibana in a pod vars: - pod_name: "{{ kibana_pod_name }}.{{inventory_hostname_short}}.kibana_{{ kibana.instance_name }}" + pod_name: "{{ kibana_pod_name }}.{{ inventory_hostname_short }}.kibana_{{ kibana.instance_name }}" block: - name: Create pod for kibana containers.podman.podman_pod: name: "{{ pod_name }}" - hostname: "{{inventory_hostname_short}}.kibana_{{ kibana.instance_name }}" + hostname: "{{ inventory_hostname_short }}.kibana_{{ kibana.instance_name }}" state: "{{ state }}" recreate: "{{ recreate }}" - network: "{{kibana_pod_network}}" + network: "{{ kibana_pod_network }}" when: kibana_pod_network != "bridge" - name: Create pod for kibana containers.podman.podman_pod: name: "{{ pod_name }}" - hostname: "{{inventory_hostname_short}}.kibana_{{ kibana.instance_name }}" + hostname: "{{ inventory_hostname_short }}.kibana_{{ kibana.instance_name }}" state: "{{ state }}" recreate: "{{ recreate }}" network: "{{ kibana_pod_network }}" @@ -24,22 +24,22 @@ - name: Run Kibana container podman_container: - name: "{{inventory_hostname_short}}.kibana_{{ kibana.instance_name }}" + name: "{{ inventory_hostname_short }}.kibana_{{ kibana.instance_name }}" pod: "{{ pod_name }}" image: "{{ kibana_image }}:{{ kibana_version }}" state: "{{ state }}" recreate: "{{ recreate }}" - network: "{{kibana_pod_network}}" - ## by default json loggin is used plus filebeat - ## log driver k8s-file - #log_driver: k8s-file - #log_opt: - # path: "{{ kibana_data }}/logs/kibana-container.log" - # max_size: 300mb - ## log driver to journald (where syslog-ng can pick-up) - #log_driver: journald - #log_opt: - # tag=kibana|{{ '{{' }}.ImageName{{ '}}' }}|podman + network: "{{ kibana_pod_network }}" + # # by default json loggin is used plus filebeat + # # log driver k8s-file + # log_driver: k8s-file + # log_opt: + # path: "{{ kibana_data }}/logs/kibana-container.log" + # max_size: 300mb + # # log driver to journald (where syslog-ng can pick-up) + # log_driver: journald + # log_opt: + # tag=kibana|{{ '{{' }}.ImageName{{ '}}' }}|podman label: process=kibana traefik.enable=true @@ -50,8 +50,8 @@ traefik.http.services.kibana-www-service.loadbalancer.server.scheme=https traefik.http.services.kibana-www-service.loadbalancer.server.port={{ kibana.ports[0] }} expose: "{{ kibana.ports }}" - memory: "{{kibana.memory_limit}}" - cpus: "{{kibana.cpu_limit}}" + memory: "{{ kibana.memory_limit }}" + cpus: "{{ kibana.cpu_limit }}" volume: - "{{ kibana_data }}/logs:/var/log/kibana:z" - "{{ kibana_config }}/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro,z" diff --git a/roles/kibana/tests/test.yml b/roles/kibana/tests/test.yml index 4ca1352..5ed0a81 100644 --- a/roles/kibana/tests/test.yml +++ b/roles/kibana/tests/test.yml @@ -2,4 +2,4 @@ - hosts: localhost remote_user: root roles: - - kibana \ No newline at end of file + - kibana diff --git a/roles/kibana/vars/main.yml b/roles/kibana/vars/main.yml index b9a456a..dcb62ac 100644 --- a/roles/kibana/vars/main.yml +++ b/roles/kibana/vars/main.yml @@ -1,2 +1,2 @@ --- -# vars file for kibana \ No newline at end of file +# vars file for kibana diff --git a/roles/logstash/defaults/main.yml b/roles/logstash/defaults/main.yml index 7fcbd4e..71aea92 100644 --- a/roles/logstash/defaults/main.yml +++ b/roles/logstash/defaults/main.yml @@ -53,24 +53,24 @@ logstash: - "9601" logstash_pipelines: - - name: arcsight - type: arcsight - id: "001" - enabled: False - input_port: "7500" - pipeline_workers: "1" - output_user: logstash_internal - output_password: "{{logstash_internal_password}}" - output_index: "arcsight-%{+YYYY.MM.dd}" - - name: beats - type: beats - id: "001" - enabled: False - input_port: "5045" - pipeline_workers: "1" - output_user: logstash_internal - output_password: "{{logstash_internal_password}}" - output_index: '%{[@metadata][beat]}-%{[@metadata][version]}' + - name: arcsight + type: arcsight + id: "001" + enabled: false + input_port: "7500" + pipeline_workers: "1" + output_user: logstash_internal + output_password: "{{logstash_internal_password}}" + output_index: "arcsight-%{+YYYY.MM.dd}" + - name: beats + type: beats + id: "001" + enabled: false + input_port: "5045" + pipeline_workers: "1" + output_user: logstash_internal + output_password: "{{logstash_internal_password}}" + output_index: '%{[@metadata][beat]}-%{[@metadata][version]}' xpack_http_ca: "{{ vault_xpack_http_ca }}" # logstash does not support pkcs12 but only pkcs8 diff --git a/roles/logstash/tasks/generatetemplates.yml b/roles/logstash/tasks/generatetemplates.yml index e8d97b0..32425ad 100644 --- a/roles/logstash/tasks/generatetemplates.yml +++ b/roles/logstash/tasks/generatetemplates.yml @@ -19,7 +19,7 @@ mode: "0644" owner: "1000" group: "1000" - when: item.enabled == True + when: item.enabled loop: "{{ logstash_pipelines }}" - name: Generate log4j2.properties for Logstash node @@ -28,6 +28,4 @@ dest: "{{ logstash_config }}/config/log4j2.properties" group: "1000" owner: "1000" - - - + mode: "0644" diff --git a/roles/logstash/tasks/logstash_podman.yml b/roles/logstash/tasks/logstash_podman.yml index 053b0d5..4379dda 100644 --- a/roles/logstash/tasks/logstash_podman.yml +++ b/roles/logstash/tasks/logstash_podman.yml @@ -1,21 +1,21 @@ --- - name: Deploy Logstash in a pod vars: - pod_name: "{{ logstash_pod_name }}.{{inventory_hostname_short}}.logstash_{{ logstash.instance_name }}" + pod_name: "{{ logstash_pod_name }}.{{ inventory_hostname_short }}.logstash_{{ logstash.instance_name }}" block: - name: Create pod for logstash containers.podman.podman_pod: name: "{{ pod_name }}" - hostname: "{{inventory_hostname_short}}.logstash_{{ logstash.instance_name }}" + hostname: "{{ inventory_hostname_short }}.logstash_{{ logstash.instance_name }}" state: "{{ state }}" recreate: "{{ recreate }}" - network: "{{logstash_pod_network}}" + network: "{{ logstash_pod_network }}" when: logstash_pod_network != "bridge" - name: Create pod for logstash containers.podman.podman_pod: name: "{{ pod_name }}" - hostname: "{{inventory_hostname_short}}.logstash_{{ logstash.instance_name }}" + hostname: "{{ inventory_hostname_short }}.logstash_{{ logstash.instance_name }}" state: "{{ state }}" recreate: "{{ recreate }}" network: "{{ logstash_pod_network }}" @@ -24,31 +24,31 @@ - name: Run Logstash container podman_container: - name: "{{inventory_hostname_short}}.logstash_{{ logstash.instance_name }}" + name: "{{ inventory_hostname_short }}.logstash_{{ logstash.instance_name }}" pod: "{{ pod_name }}" image: "{{ logstash_image }}:{{ logstash_version }}" state: "{{ state }}" recreate: "{{ recreate }}" - network: "{{logstash_pod_network}}" - ## by default json loggin is used plus filebeat - ## log driver k8s-file - #log_driver: k8s-file - #log_opt: - # path: "{{ logstash_data }}/logs/logstash-container.log" - # max_size: 300mb - ## log driver to journald (where syslog-ng can pick-up) - #log_driver: journald - #log_opt: - # tag=logstash|{{ '{{' }}.ImageName{{ '}}' }}|podman + network: "{{ logstash_pod_network }}" + # # by default json loggin is used plus filebeat + # # log driver k8s-file + # log_driver: k8s-file + # log_opt: + # path: "{{ logstash_data }}/logs/logstash-container.log" + # max_size: 300mb + # # log driver to journald (where syslog-ng can pick-up) + # log_driver: journald + # log_opt: + # tag=logstash|{{ '{{' }}.ImageName{{ '}}' }}|podman label: process: logstash - memory: "{{logstash.memory_limit}}" - cpus: "{{logstash.cpu_limit}}" + memory: "{{ logstash.memory_limit }}" + cpus: "{{ logstash.cpu_limit }}" expose: "{{ logstash.ports }}" env: TZ: "{{ timezone }}" - LS_JAVA_OPTS: "{{logstash.java_opts}}" - NO_PROXY: "{{no_proxy}}" + LS_JAVA_OPTS: "{{ logstash.java_opts }}" + NO_PROXY: "{{ no_proxy }}" volume: - "{{ logstash_config }}/certs:/usr/share/logstash/certs:ro,z" - "{{ logstash_config }}/config/log4j2.properties:/usr/share/logstash/config/log4j2.properties:z" diff --git a/roles/metricbeat/.travis.yml b/roles/metricbeat/.travis.yml index 36bbf62..121cc49 100644 --- a/roles/metricbeat/.travis.yml +++ b/roles/metricbeat/.travis.yml @@ -9,7 +9,7 @@ sudo: false addons: apt: packages: - - python-pip + - python-pip install: # Install ansible @@ -26,4 +26,4 @@ script: - ansible-playbook tests/test.yml -i tests/inventory --syntax-check notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/metricbeat/handlers/main.yml b/roles/metricbeat/handlers/main.yml index 1ce00b2..47ab128 100644 --- a/roles/metricbeat/handlers/main.yml +++ b/roles/metricbeat/handlers/main.yml @@ -1,2 +1,2 @@ --- -# handlers file for metricbeat \ No newline at end of file +# handlers file for metricbeat diff --git a/roles/metricbeat/tasks/createdirs.yml b/roles/metricbeat/tasks/createdirs.yml index b056506..c40bb6b 100644 --- a/roles/metricbeat/tasks/createdirs.yml +++ b/roles/metricbeat/tasks/createdirs.yml @@ -11,4 +11,4 @@ - "{{ metricbeat_config }}/certs" - "{{ metricbeat_config }}/config" tags: - - create_dirs + - create_dirs diff --git a/roles/metricbeat/tasks/main.yml b/roles/metricbeat/tasks/main.yml index 5fd654e..04846af 100644 --- a/roles/metricbeat/tasks/main.yml +++ b/roles/metricbeat/tasks/main.yml @@ -14,9 +14,9 @@ include_vars: file: "../../logstash/defaults/main.yml" tags: - - create_dirs - - includevars - + - create_dirs + - includevars + - name: Import createdirs include_tasks: file: "createdirs.yml" diff --git a/roles/metricbeat/tasks/metricbeat_podman.yml b/roles/metricbeat/tasks/metricbeat_podman.yml index 49025b3..a6c4ba9 100644 --- a/roles/metricbeat/tasks/metricbeat_podman.yml +++ b/roles/metricbeat/tasks/metricbeat_podman.yml @@ -2,21 +2,21 @@ # tasks file for metricbeat - name: Deploy Metricbeat in a pod vars: - pod_name: "{{ metricbeat_pod_name }}.{{inventory_hostname_short}}.metricbeat_{{ metricbeat.instance_name }}" + pod_name: "{{ metricbeat_pod_name }}.{{ inventory_hostname_short }}.metricbeat_{{ metricbeat.instance_name }}" block: - name: Create pod for metricbeat containers.podman.podman_pod: name: "{{ pod_name }}" - hostname: "{{inventory_hostname_short}}.metricbeat_{{ metricbeat.instance_name }}" + hostname: "{{ inventory_hostname_short }}.metricbeat_{{ metricbeat.instance_name }}" state: "{{ state }}" recreate: "{{ recreate }}" - network: "{{metricbeat_pod_network}}" + network: "{{ metricbeat_pod_network }}" when: metricbeat_pod_network != "bridge" - name: Create pod for metricbeat containers.podman.podman_pod: name: "{{ pod_name }}" - hostname: "{{inventory_hostname_short}}.metricbeat_{{ metricbeat.instance_name }}" + hostname: "{{ inventory_hostname_short }}.metricbeat_{{ metricbeat.instance_name }}" state: "{{ state }}" recreate: "{{ recreate }}" network: "{{ metricbeat_pod_network }}" @@ -25,19 +25,19 @@ - name: Run Metricbeat container - setup containers.podman.podman_container: - name: "{{inventory_hostname_short}}.metricbeat_{{ metricbeat.instance_name }}" + name: "{{ inventory_hostname_short }}.metricbeat_{{ metricbeat.instance_name }}" pod: "{{ pod_name }}" - image: "{{metricbeat_image}}:{{metricbeat_version}}" + image: "{{ metricbeat_image }}:{{ metricbeat_version }}" state: "{{ state }}" recreate: "{{ recreate }}" - network: "{{metricbeat_pod_network}}" + network: "{{ metricbeat_pod_network }}" label: process=metricbeat - memory: "{{metricbeat.memory_limit}}" - cpus: "{{metricbeat.cpu_limit}}" + memory: "{{ metricbeat.memory_limit }}" + cpus: "{{ metricbeat.cpu_limit }}" env: TZ: "{{ timezone }}" - ELASTICSEARCH_HOSTS: "{{metricbeat.monitoring_cluster_url}}" + ELASTICSEARCH_HOSTS: "{{ metricbeat.monitoring_cluster_url }}" ELASTICSEARCH_USERNAME: "{{ metricbeat.monitoring_write_user_name }}" ELASTICSEARCH_PASSWORD: "{{ metricbeat.monitoring_write_user_pass }}" volume: @@ -53,22 +53,22 @@ - name: Run Metricbeat container containers.podman.podman_container: - name: "{{inventory_hostname_short}}.metricbeat_{{ metricbeat.instance_name }}" + name: "{{ inventory_hostname_short }}.metricbeat_{{ metricbeat.instance_name }}" pod: "{{ pod_name }}" - image: "{{metricbeat_image}}:{{metricbeat_version}}" + image: "{{ metricbeat_image }}:{{ metricbeat_version }}" state: "{{ state }}" recreate: "{{ recreate }}" - network: "{{metricbeat_pod_network}}" + network: "{{ metricbeat_pod_network }}" label: process=metricbeat expose: "{{ metricbeat.ports }}" - memory: "{{metricbeat.memory_limit}}" - cpus: "{{metricbeat.cpu_limit}}" + memory: "{{ metricbeat.memory_limit }}" + cpus: "{{ metricbeat.cpu_limit }}" env: TZ: "{{ timezone }}" - ELASTICSEARCH_HOSTS: "{{metricbeat.monitoring_cluster_url}}" - ELASTICSEARCH_USERNAME: "{{metricbeat.monitoring_write_user_name}}" - ELASTICSEARCH_PASSWORD: "{{metricbeat.monitoring_write_user_pass}}" + ELASTICSEARCH_HOSTS: "{{ metricbeat.monitoring_cluster_url }}" + ELASTICSEARCH_USERNAME: "{{ metricbeat.monitoring_write_user_name }}" + ELASTICSEARCH_PASSWORD: "{{ metricbeat.monitoring_write_user_pass }}" user: root volume: - "{{ metricbeat_config }}/config/metricbeat.docker.yml:/usr/share/metricbeat/metricbeat.yml:z" @@ -86,14 +86,14 @@ immediate: yes state: enabled zone: "{{ firewalld_zone }}" - loop: "{{metricbeat.ports}}" + loop: "{{ metricbeat.ports }}" when: - metricbeat_pod_network == "host" - firewalld_enabled | bool - name: Hand over pod and container mgmt to systemd vars: - container_name: "{{pod_name}}" + container_name: "{{ pod_name }}" type: pod import_role: name: podman_systemd_simple diff --git a/roles/metricbeat/tests/test.yml b/roles/metricbeat/tests/test.yml index 567f672..3c77119 100644 --- a/roles/metricbeat/tests/test.yml +++ b/roles/metricbeat/tests/test.yml @@ -2,4 +2,4 @@ - hosts: localhost remote_user: root roles: - - metricbeat \ No newline at end of file + - metricbeat diff --git a/roles/metricbeat/vars/main.yml b/roles/metricbeat/vars/main.yml index 81cb48c..03f0d6b 100644 --- a/roles/metricbeat/vars/main.yml +++ b/roles/metricbeat/vars/main.yml @@ -1,2 +1,2 @@ --- -# vars file for metricbeat \ No newline at end of file +# vars file for metricbeat diff --git a/roles/podman_systemd_simple/handlers/main.yml b/roles/podman_systemd_simple/handlers/main.yml index 7a23fea..2d8adc7 100644 --- a/roles/podman_systemd_simple/handlers/main.yml +++ b/roles/podman_systemd_simple/handlers/main.yml @@ -1,2 +1,2 @@ --- -# handlers file for podman-systemd-simple \ No newline at end of file +# handlers file for podman-systemd-simple