An Ansible Role that installs Filebeat on RedHat/CentOS or Debian/Ubuntu.
None.
Available variables are listed below, along with default values (see defaults/main.yml
):
filebeat_version: 7.x
Controls the major version of Filebeat which is installed.
filebeat_create_config: true
Whether to create the Filebeat configuration file and handle the copying of SSL key and cert for filebeat. If you prefer to create a configuration file yourself you can set this to false
.
filebeat_inputs:
- type: log
paths:
- "/var/log/*.log"
Inputs that will be listed in the inputs
section of the Filebeat configuration. Read through the Filebeat Inputs configuration guide for more options.
filebeat_output_elasticsearch_enabled: false
filebeat_output_elasticsearch_hosts:
- "localhost:9200"
Whether to enable Elasticsearch output, and which hosts to send output to.
filebeat_output_logstash_enabled: true
filebeat_output_logstash_hosts:
- "localhost:5000"
Whether to enable Logstash output, and which hosts to send output to.
filebeat_enable_logging: false
filebeat_log_level: warning
filebeat_log_dir: /var/log/filebeat
filebeat_log_filename: filebeat.log
Filebeat logging.
filebeat_ssl_dir: /etc/pki/logstash
The path where certificates and keyfiles will be stored.
filebeat_ssl_certificate_file: ""
filebeat_ssl_key_file: ""
Local paths to the SSL certificate and key files, which will be copied into the filebeat_ssl_dir
.
For utmost security, you should use your own valid certificate and keyfile, and update the filebeat_ssl_*
variables in your playbook to use your certificate.
To generate a self-signed certificate/key pair, you can use use the command:
$ sudo openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout filebeat.key -out filebeat.crt
Note that filebeat and logstash may not work correctly with self-signed certificates unless you also have the full chain of trust (including the Certificate Authority for your self-signed cert) added on your server. See: elastic/logstash#4926 (comment)
filebeat_ssl_insecure: "false"
Set this to "true"
to allow the use of self-signed certificates (when a CA isn't available).
If you can't customize via variables because an option isn't exposed, you can override the template used to generate the filebeat configuration.
filebeat_template: "filebeat.yml.j2"
You can either copy and modify the provided template, or you can, for example, point to a template file in your playbook directory that will be used instead of the managed template.
filebeat_template: "{{ playbook_dir }}/templates/filebeat.yml.j2"
None.
- hosts: logs
- name: Set the java_packages variable (Debian/Ubuntu).
set_fact:
java_packages:
- openjdk-8-jdk
when: ansible_os_family == 'Debian'
roles:
- geerlingguy.java
- geerlingguy.elasticsearch
- geerlingguy.logstash
- geerlingguy.filebeat
MIT / BSD
This role was created in 2016 by Jeff Geerling, author of Ansible for DevOps.