Refactor the beats role

punktDe · Jul 19, 2024 · bc9e61e · bc9e61e
1 parent 553f018
commit bc9e61e
Show file tree

Hide file tree

Showing 22 changed files with 293 additions and 72 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -0,0 +1,11 @@
+---
+skip_list:
+  - 'risky-shell-pipe'
+  - 'role-name'
+
+warn_list:
+  - name[template]
+  - package-latest
+  - unnamed-task
+  - command-instead-of-shell
+  - no-handler
diff --git a/.envrc b/.envrc
@@ -0,0 +1,25 @@
+#!/usr/bin/env zsh
+set -e
+
+if [ ! -f venv-ansible-beats/bin/activate ]
+then
+	echo "Creating a virtual Python environment"
+	python3 -m venv venv-ansible-beats >/dev/null
+fi
+
+if [ -f venv-ansible-beats/bin/activate ]
+then
+	echo "Activating the Python virtual environment"
+	. venv-ansible-beats/bin/activate
+fi
+
+if [ -f venv-ansible-beats/bin/pip3 ]
+then
+	echo "Installing Python requirements"
+	venv-ansible-beats/bin/pip3 install --upgrade pip 1> /dev/null
+	venv-ansible-beats/bin/pip3 install -r requirements.txt 1> /dev/null
+fi
+
+export ANSIBLE_ROLES_PATH=roles
+export ANSIBLE_COLLECTIONS_PATH=collections
+export ANSIBLE_HASH_BEHAVIOUR=merge
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,45 @@
+---
+name: Test
+run-name: Run molecule tests on the role
+on:
+  push:
+  workflow_dispatch:
+
+env:
+  ANSIBLE_ROLES_PATH: roles
+  ANSIBLE_HASH_BEHAVIOUR: merge
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install dependencies.
+        run: pip install -r requirements.txt
+
+      - name: Run ansible-lint
+        run: "ansible-lint"
+
+  molecule:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install dependencies.
+        run: pip install -r requirements.txt
+
+      - name: Run molecule
+        run: "molecule test"
diff --git a/.gitignore b/.gitignore
@@ -1 +1,5 @@
 *.pyc
+.DS_Store
+roles
+collections
+venv*
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,6 @@
+---
+repos:
+  - repo: https://github.com/ansible/ansible-lint.git
+    rev: v6.17.2
+    hooks:
+      - id: ansible-lint
diff --git a/.yamllint b/.yamllint
@@ -0,0 +1,33 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable
diff --git a/defaults/main.yaml b/defaults/main.yaml
@@ -1,9 +1,11 @@
+---
 beats:
+  version: 7
   repository:
     apt:
       key_url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
       repository: |
-        deb https://artifacts.elastic.co/packages/7.x/apt stable main
+        https://artifacts.elastic.co/packages/{{ vars.beats.version }}.x/apt
 metricbeat:
   enabled: no
   prefix:
@@ -23,7 +25,13 @@ metricbeat:
       ilm:
         enabled: no
     metricbeat:
-      modules: "{{ metricbeat_modules.values()|selectattr('enabled', 'eq', true)|beatsclient_delete_key_from_dicts('enabled')|list }}"
+      modules: >- 
+        {{
+          metricbeat_modules.values() |
+          selectattr('enabled', 'eq', true) |
+          beatsclient_delete_key_from_dicts('enabled') |
+        list
+        }}
     fields:
       log: metricbeat
     fields_under_root: true
@@ -53,8 +61,20 @@ filebeat:
       ilm:
         enabled: no
     filebeat:
-      inputs: "{{ filebeat_inputs.values()|selectattr('enabled', 'eq', true)|beatsclient_delete_key_from_dicts('enabled')|list }}"
-      modules: "{{ filebeat_modules.values()|selectattr('enabled', 'eq', true)|beatsclient_delete_key_from_dicts('enabled')|list }}"
+      inputs: >-
+        {{
+          filebeat_inputs.values() |
+          selectattr('enabled', 'eq', true) |
+          beatsclient_delete_key_from_dicts('enabled') |
+          list
+        }}
+      modules: >-
+        {{
+          filebeat_modules.values() |
+          selectattr('enabled', 'eq', true) |
+          beatsclient_delete_key_from_dicts('enabled') |
+          list 
+        }}
 filebeat_inputs:
   varnish-access:
     enabled: no

diff --git a/handlers/main.yaml b/handlers/main.yaml
@@ -1,11 +1,12 @@
+---
 - name: Restart Metricbeat
-  service:
+  ansible.builtin.service:
     name: metricbeat
     state: restarted
-  when: not metricbeat_service_start_result.changed|default(false)
+  when: not metricbeat_service_start_result.changed | default(false)
 
 - name: Restart Filebeat
-  service:
+  ansible.builtin.service:
     name: filebeat
     state: restarted
-  when: not filebeat_service_start_result.changed|default(false)
+  when: not filebeat_service_start_result.changed | default(false)
diff --git a/meta/.requirements.yml b/meta/.requirements.yml
@@ -0,0 +1,12 @@
+---
+collections:
+  - name: https://github.com/ansible-collections/community.general
+    type: git
+  - name: https://github.com/ansible-collections/community.crypto
+    type: git
+  - name: https://github.com/ansible-collections/ansible.posix
+    type: git
+  - name: https://github.com/ansible-collections/community.mysql
+    type: git
+  - name: https://github.com/ansible-collections/community.docker
+    type: git
diff --git a/meta/main.yaml b/meta/main.yaml
@@ -0,0 +1,8 @@
+---
+galaxy_info:
+  author: "Punkt.de"
+  license: ""
+  description: "Beats role for Proserver"
+  role_name: "proserver_beats"
+  namespace: "punktde"
+  min_ansible_version: "2.15"
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -0,0 +1,14 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    metricbeat:
+      enabled: yes
+    filebeat:
+      enabled: yes
+  environment:
+    GITHUB_ACTIONS: "maybe"
+  tasks:
+    - name: "Include ansible-proserver-beats"
+      ansible.builtin.include_role:
+        name: "ansible-proserver-beats"
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -0,0 +1,21 @@
+---
+dependency:
+  name: shell
+  command: ansible-galaxy install -r meta/.requirements.yml -p roles/ --force
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: geerlingguy/docker-ubuntu2204-ansible
+    command: /lib/systemd/systemd
+    pre_build_image: true
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+provisioner:
+  name: ansible
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
+verifier:
+  name: ansible
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Example assertion
+      ansible.builtin.assert:
+        that: true
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,6 @@
+ansible
+docker
+molecule
+molecule-plugins
+ansible-lint
+yamllint
diff --git a/tasks/filebeat.yaml b/tasks/filebeat.yaml
@@ -1,44 +1,41 @@
+---
 - name: Install Filebeat
-  when: ansible_distribution == 'Ubuntu'
-  apt:
+  when: ansible_os_family == 'Debian'
+  ansible.builtin.apt:
     name: filebeat
+    update_cache: yes
 
 - name: Create directories for Filebeat
   when: ansible_os_family == 'FreeBSD'
   loop:
     - "{{ filebeat.prefix.config }}"
     - "{{ filebeat.config.path.logs }}"
-  file:
+  ansible.builtin.file:
     state: directory
     path: "{{ item }}"
+    owner: "root"
+    mode: "0755"
   notify: Restart Filebeat
 
 - name: Template Filebeat config
-  loop:
-    - src: filebeat/filebeat.yml
-      dest: "{{ filebeat.prefix.config }}/filebeat.yml"
-  loop_control:
-    label: "{{ item.dest }}"
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
+  ansible.builtin.template:
+    src: filebeat/filebeat.yml
+    dest: "{{ filebeat.prefix.config }}/filebeat.yml"
     mode: o-r
+    owner: "root"
   notify: Restart Filebeat
 
 - name: Configure Filebeat service
   when: ansible_os_family == 'FreeBSD'
-  loop:
-    - src: rc.conf.d/filebeat
-      dest: /usr/local/etc/rc.conf.d/filebeat
-  loop_control:
-    label: "{{ item.dest }}"
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
+  ansible.builtin.template:
+    src: rc.conf.d/filebeat
+    dest: /usr/local/etc/rc.conf.d/filebeat
+    owner: "root"
+    mode: "0755"
   notify: Restart Filebeat
 
 - name: Enable and start Filebeat
-  service:
+  ansible.builtin.service:
     name: filebeat
     state: started
     enabled: yes

diff --git a/tasks/main.yaml b/tasks/main.yaml
@@ -1,5 +1,12 @@
-- import_tasks: repository.yaml
-- import_tasks: metricbeat.yaml
+---
+- name: Set up beats repository
+  ansible.builtin.include_tasks: repository.yaml
+  when: ansible_os_family == 'Debian' and (metricbeat.enabled or filebeat.enabled)
+
+- name: Set up Metricbeat
+  ansible.builtin.include_tasks: metricbeat.yaml
   when: metricbeat.enabled
-- import_tasks: filebeat.yaml
+
+- name: Set up Filebeat
+  ansible.builtin.include_tasks: filebeat.yaml
   when: filebeat.enabled