init

Author: ahochor

.gitignore

@@ -0,0 +1,10 @@
+*.pyc
+*.swp
+*.swo
+*.idea
+*.swp
+*.swo
+*.idea
+.molecule
+.cache
+**__pycache__**

defaults/main.yml

@@ -0,0 +1,14 @@
+---
+filebeat_inputs:
+ - type: "docker"
+   combine_partial: "false"
+   containers.ids:
+   - "*"
+
+### beats
+filebeat_output:
+ type: "logstash"
+ hosts: "0.0.0.0:5044"
+
+processors:
+  - "add_docker_metadata: ~"

handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart filebeat
+  service:
+    name: "filebeat"
+    state: restarted

molecule.yml

@@ -0,0 +1,18 @@
+---
+ansible:
+  playbook: tests/playbook.yml
+  verbose: vv
+driver:
+  name: docker
+verifier:
+  name: testinfra
+docker:
+  containers:
+    - name: xenial
+      image: solita/ubuntu-systemd
+      image_version: 16.04
+      privileged: true
+    - name: centos
+      image: solita/centos-systemd
+      image_version: latest
+      privileged: true

tasks/configure.yml

@@ -0,0 +1,8 @@
+---
+- name: configure filebeat
+  template:
+    src: 'filebeat.yml.j2'
+    dest: '/etc/filebeat/filebeat.yml'
+    mode: 0644
+    backup: yes
+  notify: restart filebeat

tasks/install.yml

@@ -0,0 +1,43 @@
+---
+- name: install apt-transport-https
+  apt:
+    name: apt-transport-https
+    state: present
+  when: ansible_pkg_mgr == "apt"
+
+- name: add GPG key
+  apt_key:
+    url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
+    state: present
+  when: ansible_pkg_mgr == "apt"
+
+- name: add elatic repository
+  apt_repository:
+    repo: deb https://artifacts.elastic.co/packages/6.x/apt stable main
+    state: present
+    update_cache: yes
+  when: ansible_pkg_mgr == "apt"
+
+- name: install filebeat
+  apt:
+    name: filebeat
+    state: present
+  when: ansible_pkg_mgr == "apt"
+
+- name: add GPG key
+  rpm_key:
+    key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
+    state: present
+  when: ansible_pkg_mgr == "yum"
+
+- name: add elastic repository
+  template:
+    src: elastic.repo
+    dest: /etc/yum.repos.d/elastic.repo
+  when: ansible_pkg_mgr == "yum"
+
+- name: install filebeat
+  yum:
+    name: filebeat
+    state: present
+  when: ansible_pkg_mgr == "yum"

tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- include: install.yml
+- include: configure.yml

templates/elastic.repo

@@ -0,0 +1,8 @@
+[elastic-6.x]
+name=Elastic repository for 6.x packages
+baseurl=https://artifacts.elastic.co/packages/6.x/yum
+gpgcheck=1
+gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
+enabled=1
+autorefresh=1
+type=rpm-md

templates/filebeat.yml.j2

@@ -0,0 +1,228 @@
+###################### Filebeat Configuration Example #########################
+
+# This file is an example configuration file highlighting only the most common
+# options. The filebeat.reference.yml file from the same directory contains all the
+# supported options with more comments. You can use it as a reference.
+#
+# You can find the full configuration reference here:
+# https://www.elastic.co/guide/en/beats/filebeat/index.html
+
+# For more available modules and options, please see the filebeat.reference.yml sample
+# configuration file.
+
+#=========================== Filebeat inputs =============================
+
+#filebeat.inputs:
+
+# Each - is an input. Most options can be set at the input level, so
+# you can use different inputs for various configurations.
+# Below are the input specific configurations.
+
+#- type: log
+
+  # Change to true to enable this input configuration.
+#  enabled: false
+
+  # Paths that should be crawled and fetched. Glob based paths.
+#  paths:
+#    - /var/log/*.log
+    #- c:\programdata\elasticsearch\logs\*
+
+  # Exclude lines. A list of regular expressions to match. It drops the lines that are
+  # matching any regular expression from the list.
+  #exclude_lines: ['^DBG']
+
+  # Include lines. A list of regular expressions to match. It exports the lines that are
+  # matching any regular expression from the list.
+  #include_lines: ['^ERR', '^WARN']
+
+  # Exclude files. A list of regular expressions to match. Filebeat drops the files that
+  # are matching any regular expression from the list. By default, no files are dropped.
+  #exclude_files: ['.gz$']
+
+  # Optional additional fields. These fields can be freely picked
+  # to add additional information to the crawled log files for filtering
+  #fields:
+  #  level: debug
+  #  review: 1
+
+  ### Multiline options
+
+  # Multiline can be used for log messages spanning multiple lines. This is common
+  # for Java Stack Traces or C-Line Continuation
+
+  # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
+  #multiline.pattern: ^\[
+
+  # Defines if the pattern set under pattern should be negated or not. Default is false.
+  #multiline.negate: true
+
+  # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
+  # that was (not) matched before or after or as long as a pattern is not matched based on negate.
+  # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
+  #multiline.match: after
+
+#-------------------------------------------------------------------------------
+filebeat.inputs:
+{% for input in filebeat_inputs %}
+- type: {{ input.type }}
+{% for key in input %}
+{% if key != "type" %}
+  {{ key }} : {{ input[key] | to_json }}
+{% endif %}
+{% endfor %}
+{% endfor %}
+
+multiline.pattern: ^\[
+multiline.negate: true
+multiline.match: after
+
+#============================= Filebeat modules ===============================
+
+filebeat.config.modules:
+  # Glob pattern for configuration loading
+  path: ${path.config}/modules.d/*.yml
+
+  # Set to true to enable config reloading
+  reload.enabled: false
+
+  # Period on which files under path should be checked for changes
+  #reload.period: 10s
+
+#==================== Elasticsearch template setting ==========================
+
+setup.template.settings:
+  index.number_of_shards: 3
+  #index.codec: best_compression
+  _source.enabled: true
+
+#================================ General =====================================
+
+# The name of the shipper that publishes the network data. It can be used to group
+# all the transactions sent by a single shipper in the web interface.
+#name:
+
+# The tags of the shipper are included in their own field with each
+# transaction published.
+#tags: ["service-X", "web-tier"]
+
+# Optional fields that you can specify to add additional information to the
+# output.
+#fields:
+#  env: staging
+
+
+#============================== Dashboards =====================================
+# These settings control loading the sample dashboards to the Kibana index. Loading
+# the dashboards is disabled by default and can be enabled either by setting the
+# options here, or by using the `-setup` CLI flag or the `setup` command.
+#setup.dashboards.enabled: false
+
+# The URL from where to download the dashboards archive. By default this URL
+# has a value which is computed based on the Beat name and version. For released
+# versions, this URL points to the dashboard archive on the artifacts.elastic.co
+# website.
+#setup.dashboards.url:
+
+#============================== Kibana =====================================
+
+# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
+# This requires a Kibana endpoint configuration.
+setup.kibana:
+
+  # Kibana Host
+  # Scheme and port can be left out and will be set to the default (http and 5601)
+  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
+  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
+  #host: "localhost:5601"
+
+  # Kibana Space ID
+  # ID of the Kibana Space into which the dashboards should be loaded. By default,
+  # the Default Space will be used.
+  #space.id:
+
+#============================= Elastic Cloud ==================================
+
+# These settings simplify using filebeat with the Elastic Cloud (https://cloud.elastic.co/).
+
+# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
+# `setup.kibana.host` options.
+# You can find the `cloud.id` in the Elastic Cloud web UI.
+#cloud.id:
+
+# The cloud.auth setting overwrites the `output.elasticsearch.username` and
+# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
+#cloud.auth:
+
+#================================ Outputs =====================================
+
+# Configure what output to use when sending the data collected by the beat.
+
+#-------------------------- Elasticsearch output ------------------------------
+#output.elasticsearch:
+  # Array of hosts to connect to.
+#  hosts: ["localhost:9200"]
+
+  # Optional protocol and basic auth credentials.
+  #protocol: "https"
+  #username: "elastic"
+  #password: "changeme"
+
+#----------------------------- Logstash output --------------------------------
+#output.logstash:
+  # The Logstash hosts
+#  hosts: ["localhost:5044"]
+
+  # Optional SSL. By default is off.
+  # List of root certificates for HTTPS server verifications
+  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
+
+  # Certificate for SSL client authentication
+  #ssl.certificate: "/etc/pki/client/cert.pem"
+
+  # Client Certificate Key
+  #ssl.key: "/etc/pki/client/cert.key"
+
+#------------------------------------------------------------------------------
+
+output.{{ filebeat_output.type }}:
+  hosts: ["{{ filebeat_output.hosts }}"]
+
+#================================ Procesors =====================================
+
+# Configure processors to enhance or manipulate events generated by the beat.
+
+#processors:
+#  - add_host_metadata: ~
+#  - add_cloud_metadata: ~
+
+processors:
+{% for processor in processors %}
+  - {{ processor }}
+{% endfor %}
+
+#================================ Logging =====================================
+
+# Sets log level. The default log level is info.
+# Available log levels are: error, warning, info, debug
+logging.level: debug
+
+# At debug level, you can selectively enable logging only for some components.
+# To enable all selectors use ["*"]. Examples of other selectors are "beat",
+# "publish", "service".
+logging.selectors: ["*"]
+
+#============================== Xpack Monitoring ===============================
+# filebeat can export internal metrics to a central Elasticsearch monitoring
+# cluster.  This requires xpack monitoring to be enabled in Elasticsearch.  The
+# reporting is disabled by default.
+
+# Set to true to enable the monitoring reporter.
+#xpack.monitoring.enabled: false
+
+# Uncomment to send the metrics to Elasticsearch. Most settings from the
+# Elasticsearch output are accepted here as well. Any setting that is not set is
+# automatically inherited from the Elasticsearch output configuration, so if you
+# have the Elasticsearch output configured, you can simply uncomment the
+# following line.
+#xpack.monitoring.elasticsearch:

tests/playbook.yml

@@ -0,0 +1,4 @@
+---
+- hosts: all
+  roles:
+    - ansible-filebeat