From 4077a85b60bce2c22388ab5d2386141ad1082f7b Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Wed, 29 Nov 2023 18:01:46 +0100 Subject: [PATCH 1/9] Typo in path of slow log (#293) Just had the wrong path to the logfiles. --- roles/beats/templates/filebeat.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/beats/templates/filebeat.yml.j2 b/roles/beats/templates/filebeat.yml.j2 index 5e788d45..43456cde 100644 --- a/roles/beats/templates/filebeat.yml.j2 +++ b/roles/beats/templates/filebeat.yml.j2 @@ -43,7 +43,7 @@ filebeat.inputs: - type: log enabled: true paths: - - /var/lib/mysql/*-slow.log + - /var/log/mysql/*-slow.log multiline.pattern: '^\#[[:space:]]Time' multiline.negate: true multiline.match: after From e0996b6aad637c6cb04239057ddaf4495f9728f9 Mon Sep 17 00:00:00 2001 From: Markus Opolka Date: Wed, 13 Dec 2023 08:07:58 +0100 Subject: [PATCH 2/9] Add Issue Templates (#294) --- .github/ISSUE_TEMPLATE/bug_report.yaml | 27 +++++++++++++++++++++ .github/ISSUE_TEMPLATE/documentation.yaml | 10 ++++++++ .github/ISSUE_TEMPLATE/feature_request.yaml | 15 ++++++++++++ .github/ISSUE_TEMPLATE/question.yaml | 10 ++++++++ 4 files changed, 62 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yaml create mode 100644 .github/ISSUE_TEMPLATE/documentation.yaml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yaml create mode 100644 .github/ISSUE_TEMPLATE/question.yaml diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml new file mode 100644 index 00000000..6adb01dd --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yaml @@ -0,0 +1,27 @@ +name: Bug Report +description: File a bug report +title: "[Bug]: " +labels: ["bug", "needs-triage"] +body: + - type: checkboxes + id: terms + attributes: + label: Please try to fill out as much of the information below as you can. Thank you! + options: + - label: Yes, I've searched similar issues on GitHub and didn't find any. + required: true + - type: input + id: app_version + attributes: + label: Which version contains the bug? + placeholder: 1.0.0 + - type: textarea + id: description + attributes: + label: Describe the bug + description: Please provide a concise description of the bug, add any relevant output or error messages. You can use markdown. + - type: textarea + id: recreate + attributes: + label: How to recreate the bug? + description: Please provide the steps to recreate the issue. diff --git a/.github/ISSUE_TEMPLATE/documentation.yaml b/.github/ISSUE_TEMPLATE/documentation.yaml new file mode 100644 index 00000000..088b14f6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/documentation.yaml @@ -0,0 +1,10 @@ +name: Documentation +description: Suggest documentation improvements +title: "[Documentation]: " +labels: ["documentation"] +body: + - type: textarea + id: description + attributes: + label: Describe the improvements you'd like. + description: Please provide as much context as possible. You can use markdown. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yaml b/.github/ISSUE_TEMPLATE/feature_request.yaml new file mode 100644 index 00000000..12c9e2e5 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yaml @@ -0,0 +1,15 @@ +name: Feature Request +description: Request a feature or enhancement +title: "[Feature]: " +labels: ["feature", "needs-triage"] +body: + - type: markdown + attributes: + value: | + Please try to fill out as much of the information below as you can. Thank you! + **Note:** If you want to sponsor new features, contact us at info@netways.de + - type: textarea + id: description + attributes: + label: Describe the feature request + description: Please provide a concise description of the feature. You can use markdown. diff --git a/.github/ISSUE_TEMPLATE/question.yaml b/.github/ISSUE_TEMPLATE/question.yaml new file mode 100644 index 00000000..65183ea8 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/question.yaml @@ -0,0 +1,10 @@ +name: Question +description: Ask a question +title: "[Question]: " +labels: ["question"] +body: + - type: textarea + id: description + attributes: + label: Ask a question + description: Please provide as much context as possible. You can use markdown. From 64d33e7c596d94994b5151bba3d0fe9817ab8f09 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jan 2024 12:52:58 +0100 Subject: [PATCH 3/9] Bump actions/setup-python from 4 to 5 (#295) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
Release notes

Sourced from actions/setup-python's releases.

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: https://github.com/actions/setup-python/compare/v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:

steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
  with:
    python-version: 'graalpy-22.3'
- run: python my_script.py

Besides, the release contains such changes as:

New Contributors

Full Changelog: https://github.com/actions/setup-python/compare/v4...v4.8.0

v4.7.1

What's Changed

Full Changelog: https://github.com/actions/setup-python/compare/v4...v4.7.1

v4.7.0

In scope of this release, the support for reading python version from pyproject.toml was added (actions/setup-python#669).

      - name: Setup Python
        uses: actions/setup-python@v4
</tr></table>

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test_full_stack.yml | 2 +- .github/workflows/test_linting.yml | 2 +- .github/workflows/test_plugins.yml | 10 +++++----- .github/workflows/test_role_beats.yml | 2 +- .github/workflows/test_role_elasticsearch.yml | 2 +- .github/workflows/test_role_kibana.yml | 2 +- .github/workflows/test_role_logstash.yml | 2 +- .github/workflows/test_role_repos.yml | 2 +- .github/workflows/test_roles_pr.yml | 2 +- 9 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test_full_stack.yml b/.github/workflows/test_full_stack.yml index 4568fdd9..c81d24ea 100644 --- a/.github/workflows/test_full_stack.yml +++ b/.github/workflows/test_full_stack.yml @@ -51,7 +51,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.8 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.8 diff --git a/.github/workflows/test_linting.yml b/.github/workflows/test_linting.yml index fa0da927..6e334a7b 100644 --- a/.github/workflows/test_linting.yml +++ b/.github/workflows/test_linting.yml @@ -44,7 +44,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3. - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: '3.x' diff --git a/.github/workflows/test_plugins.yml b/.github/workflows/test_plugins.yml index 8632a0d7..900efc92 100644 --- a/.github/workflows/test_plugins.yml +++ b/.github/workflows/test_plugins.yml @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3. - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: '3.x' @@ -72,7 +72,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.9.14 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.9.14 @@ -118,7 +118,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python_version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python_version }} @@ -157,7 +157,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.9.14 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.9.14 @@ -196,7 +196,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.9.14 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.9.14 diff --git a/.github/workflows/test_role_beats.yml b/.github/workflows/test_role_beats.yml index 3f38fed9..d4e62d65 100644 --- a/.github/workflows/test_role_beats.yml +++ b/.github/workflows/test_role_beats.yml @@ -57,7 +57,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.8 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.8 diff --git a/.github/workflows/test_role_elasticsearch.yml b/.github/workflows/test_role_elasticsearch.yml index 47c8008b..7ae87a96 100644 --- a/.github/workflows/test_role_elasticsearch.yml +++ b/.github/workflows/test_role_elasticsearch.yml @@ -63,7 +63,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.8 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.8 diff --git a/.github/workflows/test_role_kibana.yml b/.github/workflows/test_role_kibana.yml index f11bc1ff..3e3e10f5 100644 --- a/.github/workflows/test_role_kibana.yml +++ b/.github/workflows/test_role_kibana.yml @@ -58,7 +58,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.8 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.8 diff --git a/.github/workflows/test_role_logstash.yml b/.github/workflows/test_role_logstash.yml index cb959a4c..5d80d30a 100644 --- a/.github/workflows/test_role_logstash.yml +++ b/.github/workflows/test_role_logstash.yml @@ -63,7 +63,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.8 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.8 diff --git a/.github/workflows/test_role_repos.yml b/.github/workflows/test_role_repos.yml index c9d83220..de2d950c 100644 --- a/.github/workflows/test_role_repos.yml +++ b/.github/workflows/test_role_repos.yml @@ -57,7 +57,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.8 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.8 diff --git a/.github/workflows/test_roles_pr.yml b/.github/workflows/test_roles_pr.yml index 2f18d0a2..fc3dab70 100644 --- a/.github/workflows/test_roles_pr.yml +++ b/.github/workflows/test_roles_pr.yml @@ -63,7 +63,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.8 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.8 From ba6e5aaec58bdd1f762ab94b10066df99c1ad862 Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Tue, 16 Jan 2024 14:12:08 +0000 Subject: [PATCH 4/9] Always run required checks (#301) We have quite sophisticated rules when to run which Molecule checks. Unfortunately it's quite easy to have a PR or push where the full stack checks won't run. But since we require these checks, you can end up in a situation where you don't have check results but can't merge without those results. So I simplified the rules when to run these checks. fixes #300 --- .github/workflows/test_roles_pr.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.github/workflows/test_roles_pr.yml b/.github/workflows/test_roles_pr.yml index fc3dab70..026d9126 100644 --- a/.github/workflows/test_roles_pr.yml +++ b/.github/workflows/test_roles_pr.yml @@ -13,23 +13,7 @@ on: - warning - debug pull_request: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' - paths: - - 'roles/**' - - '.github/workflows/test_roles_pr.yml' - - 'molecule/elasticstack_default/**' push: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' - paths: - - 'roles/**' - - '.github/workflows/test_roles_pr.yml' - - 'molecule/elasticstack_default/**' merge_group: jobs: From 5a91f3b08234971fdd9715cc462fd4040669e2c5 Mon Sep 17 00:00:00 2001 From: xtruthx Date: Tue, 16 Jan 2024 16:12:23 +0100 Subject: [PATCH 5/9] add new variable for extra configuratuon in elasticsearch.yml (#299) Close #298 --------- Co-authored-by: Thomas Widhalm Co-authored-by: Tobias Bauriedel --- docs/role-elasticsearch.md | 13 +++++++++++++ roles/elasticsearch/templates/elasticsearch.yml.j2 | 4 ++++ 2 files changed, 17 insertions(+) diff --git a/docs/role-elasticsearch.md b/docs/role-elasticsearch.md index bfcdf3d1..98e2f8c9 100644 --- a/docs/role-elasticsearch.md +++ b/docs/role-elasticsearch.md @@ -32,6 +32,19 @@ Role Variables * *elasticsearch_check_calculation*: End play in checks (Default: `false`) * *elasticsearch_network_host*: You can configure multipe network addresses where the networking is bind to. You can assign IP addresses or interfaces by their names. You can also use elasticsearch internal variabels as it set as default. Example: `"_ens190_,_local_"` (Default: `"_local_,"_site_"`) (Optional; if not defined `default` is used) +* *elasticsearch_extra_config*: You can set additional configuration in YAML-notation as you would write in the `elasaticsearch.yml`. Example: + +```YAML +... +elasticsearch_extra_config: + xpack.security.authc.token.enabled: true + + xpack.security.authc.realms: + native.native1: + order: 0 + enabled: true +``` + This variable activates a workaround to start on systems that have certain hardening measures active. See [Stackoverflow](https://stackoverflow.com/questions/47824643/unable-to-load-jna-native-support-library-elasticsearch-6-x/50371992#50371992) for details and logmessages to look for. **WARNING**: This will change your `/etc/sysconfig/elasticseach`or `/etc/default/elasticsearch` file and overwrite `ES_JAVA_OPTS`. See this [issue](https://github.com/netways/ansible-role-elasticsearch/issues/79) for details. * *elasticsearch_jna_workaround*: Activate JNA workaround. (default: `false`) diff --git a/roles/elasticsearch/templates/elasticsearch.yml.j2 b/roles/elasticsearch/templates/elasticsearch.yml.j2 index c809f309..1ae60acb 100644 --- a/roles/elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elasticsearch/templates/elasticsearch.yml.j2 @@ -75,3 +75,7 @@ path: {% endfor %} {% endif %} + +{% if elasticsearch_extra_config is defined %} +{{ elasticsearch_extra_config | to_nice_yaml(indent=2, sort_keys=False) }} +{% endif %} From 0305dfa9b089f61372fe9fd0d5981e70f0d17483 Mon Sep 17 00:00:00 2001 From: Tobias Bauriedel Date: Tue, 16 Jan 2024 17:19:10 +0100 Subject: [PATCH 6/9] Remove actions for pushs (#303) At the moment workflows are triggered for PRs and pushs. The workflow to contribute says that a PR must be created beforehand for each contribution into main. For this reason (and to avoid duplicate workflows), github workflows should only be triggered for PRs. I have also checked this branch before creating the PR. No workflow were scheduled. Fixes #302 --------- Co-authored-by: Thomas Widhalm --- .github/workflows/test_linting.yml | 17 +---------------- .github/workflows/test_plugins.yml | 11 ----------- .github/workflows/test_role_beats.yml | 9 --------- .github/workflows/test_role_elasticsearch.yml | 9 --------- .github/workflows/test_role_kibana.yml | 9 --------- .github/workflows/test_role_logstash.yml | 9 --------- .github/workflows/test_role_repos.yml | 9 --------- .github/workflows/test_roles_pr.yml | 1 - 8 files changed, 1 insertion(+), 73 deletions(-) diff --git a/.github/workflows/test_linting.yml b/.github/workflows/test_linting.yml index 6e334a7b..de9d9333 100644 --- a/.github/workflows/test_linting.yml +++ b/.github/workflows/test_linting.yml @@ -17,24 +17,9 @@ on: rolename: required: true type: string - push: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' - paths: - - '.github/workflows/test_linting.yml' - - '.config/ansible-lint.yml' - - '.yamllint' pull_request: branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' - paths: - - '.github/workflows/test_linting.yml' - - '.config/ansible-lint.yml' - - '.yamllint' + - '*' jobs: lint: diff --git a/.github/workflows/test_plugins.yml b/.github/workflows/test_plugins.yml index 900efc92..7610b373 100644 --- a/.github/workflows/test_plugins.yml +++ b/.github/workflows/test_plugins.yml @@ -12,17 +12,6 @@ on: - info - warning - debug - push: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' - paths: - - 'plugins/**' - - '.github/workflows/test_plugins.yml' - - 'molecule/plugins/**' - - '.config/pep8.yml' - - 'tests/**' pull_request: branches: - 'feature/**' diff --git a/.github/workflows/test_role_beats.yml b/.github/workflows/test_role_beats.yml index d4e62d65..2c99d5ea 100644 --- a/.github/workflows/test_role_beats.yml +++ b/.github/workflows/test_role_beats.yml @@ -12,15 +12,6 @@ on: - info - warning - debug - push: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' - paths: - - 'roles/beats/**' - - '.github/workflows/test_role_beats.yml' - - 'molecule/beats_**' pull_request: branches: - 'feature/**' diff --git a/.github/workflows/test_role_elasticsearch.yml b/.github/workflows/test_role_elasticsearch.yml index 7ae87a96..3288c332 100644 --- a/.github/workflows/test_role_elasticsearch.yml +++ b/.github/workflows/test_role_elasticsearch.yml @@ -12,15 +12,6 @@ on: - info - warning - debug - push: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' - paths: - - 'roles/elasticsearch/**' - - '.github/workflows/test_role_elasticsearch.yml' - - 'molecule/elasticsearch_**' pull_request: branches: - 'feature/**' diff --git a/.github/workflows/test_role_kibana.yml b/.github/workflows/test_role_kibana.yml index 3e3e10f5..6b9bca44 100644 --- a/.github/workflows/test_role_kibana.yml +++ b/.github/workflows/test_role_kibana.yml @@ -12,15 +12,6 @@ on: - info - warning - debug - push: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' - paths: - - 'roles/kibana/**' - - '.github/workflows/test_role_kibana.yml' - - 'molecule/kibana_**' pull_request: branches: - 'feature/**' diff --git a/.github/workflows/test_role_logstash.yml b/.github/workflows/test_role_logstash.yml index 5d80d30a..13401c64 100644 --- a/.github/workflows/test_role_logstash.yml +++ b/.github/workflows/test_role_logstash.yml @@ -12,15 +12,6 @@ on: - info - warning - debug - push: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' - paths: - - 'roles/logstash/**' - - '.github/workflows/test_role_logstash.yml' - - 'molecule/logstash_**' pull_request: branches: - 'feature/**' diff --git a/.github/workflows/test_role_repos.yml b/.github/workflows/test_role_repos.yml index de2d950c..8a1858f3 100644 --- a/.github/workflows/test_role_repos.yml +++ b/.github/workflows/test_role_repos.yml @@ -11,15 +11,6 @@ on: - info - warning - debug - push: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' - paths: - - 'roles/repos/**' - - '.github/workflows/test_role_repos.yml' - - 'molecule/repos_**' pull_request: branches: - 'feature/**' diff --git a/.github/workflows/test_roles_pr.yml b/.github/workflows/test_roles_pr.yml index 026d9126..67855fa4 100644 --- a/.github/workflows/test_roles_pr.yml +++ b/.github/workflows/test_roles_pr.yml @@ -13,7 +13,6 @@ on: - warning - debug pull_request: - push: merge_group: jobs: From 870f26829ed7af6b6995adc436fed883d1bc3460 Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Wed, 17 Jan 2024 11:58:47 +0000 Subject: [PATCH 7/9] Fix extra fields for Beats (#297) fixes #296 --------- Co-authored-by: Tobias Bauriedel --- molecule/beats_peculiar/converge.yml | 3 +++ molecule/beats_peculiar/verify.yml | 8 ++++++++ molecule/elasticstack_default/verify.yml | 1 + roles/beats/templates/filebeat.yml.j2 | 2 +- 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/molecule/beats_peculiar/converge.yml b/molecule/beats_peculiar/converge.yml index 95a68e27..e5a46244 100644 --- a/molecule/beats_peculiar/converge.yml +++ b/molecule/beats_peculiar/converge.yml @@ -18,6 +18,9 @@ pattern: '^[[:space:]]+(at|\.{3})[[:space:]]+\b|^Caused by:' negate: false match: after + fields: + testfield: thisisatest + testfield2: thisisanothertest elasticsearch_jna_workaround: true elasticsearch_disable_systemcallfilterchecks: true elasticstack_full_stack: false diff --git a/molecule/beats_peculiar/verify.yml b/molecule/beats_peculiar/verify.yml index 4d089a38..c7aa9fd5 100644 --- a/molecule/beats_peculiar/verify.yml +++ b/molecule/beats_peculiar/verify.yml @@ -26,3 +26,11 @@ when: - beats_filebeat_version.stdout.find('8.4.1') == -1 - elasticstack_release == 8 + + - name: Ensure field is set correctly + ansible.builtin.lineinfile: + dest: /etc/filebeat/filebeat.yml + line: " testfield: thisisatest" + check_mode: true + register: _field + failed_when: _field.changed diff --git a/molecule/elasticstack_default/verify.yml b/molecule/elasticstack_default/verify.yml index 3a2e8430..110673d4 100644 --- a/molecule/elasticstack_default/verify.yml +++ b/molecule/elasticstack_default/verify.yml @@ -135,3 +135,4 @@ success_msg: "'{{ item }}' was found in nodes.content" with_inventory_hostnames: all when: groups['elasticsearch'] | length > 1 + diff --git a/roles/beats/templates/filebeat.yml.j2 b/roles/beats/templates/filebeat.yml.j2 index 43456cde..96bfebbe 100644 --- a/roles/beats/templates/filebeat.yml.j2 +++ b/roles/beats/templates/filebeat.yml.j2 @@ -17,7 +17,7 @@ filebeat.inputs: {% endif %} {% if beats_filebeat_log_inputs[input].fields is defined %} {% for field in beats_filebeat_log_inputs[input].fields %} - {{ field }} + {{ field }}: {{ beats_filebeat_log_inputs[input].fields[field] }} {% endfor %} {% endif %} {% endif %} From 991c8049a880050bcba68a5cd1cc92fa53bf583b Mon Sep 17 00:00:00 2001 From: Lucinda Siemer <118279543+lcndsmr@users.noreply.github.com> Date: Thu, 1 Feb 2024 15:42:10 +0100 Subject: [PATCH 8/9] fixed filebeat config template to actually use tcp and udp port vars (#310) Filebeat.yml.j2 now uses the vars `beats_filebeat_syslog_tcp_port` and `beats_filebeat_syslog_tcp_port` for the udp and tcp inputs. Fixes #309 --- roles/beats/templates/filebeat.yml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/beats/templates/filebeat.yml.j2 b/roles/beats/templates/filebeat.yml.j2 index 96bfebbe..83591245 100644 --- a/roles/beats/templates/filebeat.yml.j2 +++ b/roles/beats/templates/filebeat.yml.j2 @@ -56,7 +56,7 @@ filebeat.inputs: - type: tcp enabled: true max_message_size: 10MiB - host: "0.0.0.0:514" + host: "0.0.0.0:{{ beats_filebeat_syslog_tcp_port }}" {% if beats_fields is defined %} fields: {% for field in beats_fields %} @@ -69,7 +69,7 @@ filebeat.inputs: - type: udp enabled: true max_message_size: 10MiB - host: "0.0.0.0:514" + host: "0.0.0.0:{{ beats_filebeat_syslog_udp_port }}" {% if beats_fields is defined %} fields: {% for field in beats_fields %} From f3ee73db228d6b2f5564ca1664ad9f8ea969e8ed Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Fri, 9 Feb 2024 16:30:37 +0100 Subject: [PATCH 9/9] Enforce repos only with full stack (#314) RPM installation automatically enabled the Elastic Stack repositories this collection will add to a host. But if you have another tool to manage your repositories, they might have other ids and names. So I added separate installation tasks. If `elasticstack_full_stack` is set to `true`, everything stays as it was. The task will forcefully enable the repository and then install the package. But if `elasticstack_full_stack` is set to `false` it will just ignore the repository and expect the package to be available. While working on this I found a different approach to choosing the correct version in the `beats` role. I couldn't afford to fix it all in a single PR so I opened #313 for this. fixes #312 --- roles/beats/tasks/auditbeat.yml | 26 ++++++++++++++++++++++++-- roles/beats/tasks/filebeat.yml | 25 +++++++++++++++++++++++-- roles/beats/tasks/metricbeat.yml | 26 ++++++++++++++++++++++++-- roles/elasticsearch/tasks/main.yml | 10 +++++++++- roles/kibana/tasks/main.yml | 10 +++++++++- roles/logstash/tasks/main.yml | 10 +++++++++- 6 files changed, 98 insertions(+), 9 deletions(-) diff --git a/roles/beats/tasks/auditbeat.yml b/roles/beats/tasks/auditbeat.yml index 2f18c6c7..f8a0a16a 100644 --- a/roles/beats/tasks/auditbeat.yml +++ b/roles/beats/tasks/auditbeat.yml @@ -10,13 +10,22 @@ string if elasticstack_version is defined else '') | replace(' ', '') }} -- name: Install Auditbeat - rpm + +- name: Install Auditbeat - rpm - full stack ansible.builtin.package: name: "{{ beats_auditbeat_package }}" enablerepo: - 'elastic-{{ elasticstack_release }}.x' when: - ansible_os_family == "RedHat" + - elasticstack_full_stack | bool + +- name: Install Auditbeat - rpm - standalone + ansible.builtin.package: + name: "{{ beats_auditbeat_package }}" + when: + - ansible_os_family == "RedHat" + - not elasticstack_full_stack | bool - name: Install Auditbeat - deb ansible.builtin.package: @@ -24,7 +33,7 @@ when: - ansible_os_family == "Debian" -- name: Install Auditbeat latest version - rpm +- name: Install Auditbeat latest version - rpm - full stack ansible.builtin.package: name: auditbeat state: latest @@ -36,6 +45,19 @@ - elasticstack_version is defined - elasticstack_version == "latest" - ansible_os_family == "RedHat" + - elasticstack_full_stack | bool + +- name: Install Auditbeat latest version - rpm - standalone + ansible.builtin.package: + name: auditbeat + state: latest + notify: + - Restart Auditbeat + when: + - elasticstack_version is defined + - elasticstack_version == "latest" + - ansible_os_family == "RedHat" + - not elasticstack_full_stack | bool - name: Install Auditbeat latest version - deb ansible.builtin.package: diff --git a/roles/beats/tasks/filebeat.yml b/roles/beats/tasks/filebeat.yml index 98d3eaed..965bf1ca 100644 --- a/roles/beats/tasks/filebeat.yml +++ b/roles/beats/tasks/filebeat.yml @@ -10,13 +10,21 @@ string if elasticstack_version is defined else '') | replace(' ', '') }} -- name: Install Filebeat - rpm +- name: Install Filebeat - rpm - full stack ansible.builtin.package: name: "{{ beats_filebeat_package }}" enablerepo: - 'elastic-{{ elasticstack_release }}.x' when: - ansible_os_family == "RedHat" + - elasticstack_full_stack | bool + +- name: Install Filebeat - rpm - standalone + ansible.builtin.package: + name: "{{ beats_filebeat_package }}" + when: + - ansible_os_family == "RedHat" + - not elasticstack_full_stack | bool - name: Install Filebeat - deb ansible.builtin.package: @@ -24,7 +32,7 @@ when: - ansible_os_family == "Debian" -- name: Install Filebeat latest version - rpm +- name: Install Filebeat latest version - rpm - full stack ansible.builtin.package: name: filebeat state: latest @@ -36,6 +44,19 @@ - elasticstack_version is defined - elasticstack_version == "latest" - ansible_os_family == "RedHat" + - elasticstack_full_stack | bool + +- name: Install Filebeat latest version - rpm - standalone + ansible.builtin.package: + name: filebeat + state: latest + notify: + - Restart Filebeat + when: + - elasticstack_version is defined + - elasticstack_version == "latest" + - ansible_os_family == "RedHat" + - not elasticstack_full_stack | bool - name: Install Filebeat latest version - deb ansible.builtin.package: diff --git a/roles/beats/tasks/metricbeat.yml b/roles/beats/tasks/metricbeat.yml index e77d71d9..e65d6094 100644 --- a/roles/beats/tasks/metricbeat.yml +++ b/roles/beats/tasks/metricbeat.yml @@ -11,13 +11,21 @@ replace(' ', '') }} -- name: Install Metricbeat - rpm +- name: Install Metricbeat - rpm - full stack ansible.builtin.package: name: "{{ beats_metricbeat_package }}" enablerepo: - 'elastic-{{ elasticstack_release }}.x' when: - ansible_os_family == "RedHat" + - elasticstack_full_stack | bool + +- name: Install Metricbeat - rpm - standalone + ansible.builtin.package: + name: "{{ beats_metricbeat_package }}" + when: + - ansible_os_family == "RedHat" + - not elasticstack_full_stack | bool - name: Install Metricbeat - deb ansible.builtin.package: @@ -25,7 +33,7 @@ when: - ansible_os_family == "Debian" -- name: Install Metricbeat latest version - rpm +- name: Install Metricbeat latest version - rpm - full stack ansible.builtin.package: name: metricbeat state: latest @@ -37,6 +45,20 @@ - elasticstack_version is defined - elasticstack_version == "latest" - ansible_os_family == "RedHat" + - elasticstack_full_stack | bool + +- name: Install Metricbeat latest version - rpm - standalone + ansible.builtin.package: + name: metricbeat + state: latest + notify: + - Restart Metricbeat + when: + - elasticstack_version is defined + - elasticstack_version == "latest" + - ansible_os_family == "RedHat" + - not elasticstack_full_stack | bool + - name: Install Metricbeat latest version - deb ansible.builtin.package: diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml index fdc11ea6..80af2291 100644 --- a/roles/elasticsearch/tasks/main.yml +++ b/roles/elasticsearch/tasks/main.yml @@ -121,13 +121,21 @@ replace(' ', '') }} -- name: Install Elasticsearch - rpm +- name: Install Elasticsearch - rpm - full stack ansible.builtin.package: name: "{{ elasticsearch_package }}" enablerepo: - 'elastic-{% if elasticstack_variant == "oss" %}oss-{% endif %}{{ elasticstack_release }}.x' when: - ansible_os_family == "RedHat" + - elasticstack_full_stack | bool + +- name: Install Elasticsearch - rpm - standalone + ansible.builtin.package: + name: "{{ elasticsearch_package }}" + when: + - ansible_os_family == "RedHat" + - not elasticstack_full_stack | bool - name: Install Elasticsearch - deb ansible.builtin.package: diff --git a/roles/kibana/tasks/main.yml b/roles/kibana/tasks/main.yml index 87638d4d..9b061774 100644 --- a/roles/kibana/tasks/main.yml +++ b/roles/kibana/tasks/main.yml @@ -45,13 +45,21 @@ string if elasticstack_version is defined else '') | replace(' ', '') }} -- name: Install Kibana - rpm +- name: Install Kibana - rpm - full stack ansible.builtin.package: name: "{{ kibana_package }}" enablerepo: - 'elastic-{% if elasticstack_variant == "oss" %}oss-{% endif %}{{ elasticstack_release }}.x' when: - ansible_os_family == "RedHat" + - elasticstack_full_stack | bool + +- name: Install Kibana - rpm - standalone + ansible.builtin.package: + name: "{{ kibana_package }}" + when: + - ansible_os_family == "RedHat" + - not elasticstack_full_stack | bool - name: Install Kibana - deb ansible.builtin.package: diff --git a/roles/logstash/tasks/main.yml b/roles/logstash/tasks/main.yml index 488926b6..f33ca617 100644 --- a/roles/logstash/tasks/main.yml +++ b/roles/logstash/tasks/main.yml @@ -70,13 +70,21 @@ replace(' ', '') }} -- name: Install Logstash - rpm +- name: Install Logstash - rpm - full stack ansible.builtin.package: name: "{{ logstash_package }}" enablerepo: - 'elastic-{% if elasticstack_variant == "oss" %}oss-{% endif %}{{ elasticstack_release }}.x' when: - ansible_os_family == "RedHat" + - elasticstack_full_stack | bool + +- name: Install Logstash - rpm - standalone + ansible.builtin.package: + name: "{{ logstash_package }}" + when: + - ansible_os_family == "RedHat" + - not elasticstack_full_stack | bool - name: Install Logstash - deb ansible.builtin.package: