From 245470e59f156ca9d587f84bf77c79da881de882 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20K=C3=A4b?= <alexander.kaeb@h-da.de>
Date: Thu, 23 May 2024 16:06:34 +0200
Subject: [PATCH] other: update sidecar version and remove filebeat tasks
Update to sidecar version 1.5.0 and remove the filebeat tasks, as
it is now bundled with sidecar. Also make the sidecar version a
variable.
---
.gitignore | 1 +
README.md | 12 ++----------
defaults/main.yml | 12 ++++--------
tasks/filebeat.yml | 37 -------------------------------------
tasks/main.yml | 19 -------------------
tasks/sidecar.yml | 34 ++++++++++++++++++++++++----------
6 files changed, 31 insertions(+), 84 deletions(-)
create mode 100644 .gitignore
delete mode 100644 tasks/filebeat.yml
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..722d5e7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.vscode
diff --git a/README.md b/README.md
index 8766af4..ab0e778 100644
--- a/README.md
+++ b/README.md
@@ -10,16 +10,8 @@ graylog_sidecar_node_id: 'file:/etc/machine-id'
# Sidecar repository urls based on OS family
sidecar_repo_urls:
- "RedHat": "https://packages.graylog2.org/repo/packages/graylog-sidecar-repository-1-5.noarch.rpm"
- "Debian": "https://packages.graylog2.org/repo/packages/graylog-sidecar-repository_1-5_all.deb"
-
-# Whether to install filebeat (default: true)
-install_filebeat: true
-
-# Filebeat repository urls based on OS family
-filebeat_repo_urls:
- "RedHat": "https://artifacts.elastic.co/packages/oss-8.x/yum"
- "Debian": "https://artifacts.elastic.co/packages/oss-8.x/apt"
+ "RedHat": "https://github.com/Graylog2/collector-sidecar/releases/download/{{ sidecar_version }}/graylog-sidecar-{{ sidecar_version }}-1.x86_64.rpm"
+ "Debian": "https://github.com/Graylog2/collector-sidecar/releases/download/{{ sidecar_version }}/graylog-sidecar_{{ sidecar_version }}-1_amd64.deb"
```
**Variables required by the user**
diff --git a/defaults/main.yml b/defaults/main.yml
index 465dc33..6c47dca 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,14 +1,10 @@
graylog_sidecar_node_id: 'file:/etc/machine-id'
+sidecar_version: '1.5.0'
sidecar_repo_urls:
- "RedHat": "https://github.com/Graylog2/collector-sidecar/releases/download/1.4.0/graylog-sidecar-1.4.0-1.x86_64.rpm"
- "Debian": "https://github.com/Graylog2/collector-sidecar/releases/download/1.4.0/graylog-sidecar_1.4.0-1_amd64.deb"
+ "RedHat": "https://github.com/Graylog2/collector-sidecar/releases/download/{{ sidecar_version }}/graylog-sidecar-{{ sidecar_version }}-1.x86_64.rpm"
+ "Debian": "https://github.com/Graylog2/collector-sidecar/releases/download/{{ sidecar_version }}/graylog-sidecar_{{ sidecar_version }}-1_amd64.deb"
-sidecar_checksum: https://github.com/Graylog2/collector-sidecar/releases/download/1.4.0/CHECKSUMS-SHA256.txt
-
-install_filebeat: true
-filebeat_repo_urls:
- "RedHat": "https://artifacts.elastic.co/packages/oss-8.x/yum"
- "Debian": "https://artifacts.elastic.co/packages/oss-8.x/apt"
+sidecar_checksum: "https://github.com/Graylog2/collector-sidecar/releases/download/{{ sidecar_version }}/CHECKSUMS-SHA256.txt"
# --- OTHER ---
use_central_ca_host: false
diff --git a/tasks/filebeat.yml b/tasks/filebeat.yml
deleted file mode 100644
index e94f359..0000000
--- a/tasks/filebeat.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-- name: Add filebeat repository (Debian | Ubuntu)
- become: true
- when: ansible_os_family == 'Debian'
- block:
- - name: Ensure Apt Can Use Https
- ansible.builtin.apt:
- name: apt-transport-https
- state: present
-
- - name: Ensure ES Signing Key Is Present
- ansible.builtin.apt_key:
- url: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
- id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
- state: present^
-
- - name: Ensure ES Repo Is Enabled
- ansible.builtin.apt_repository:
- repo: "deb {{ filebeat_repo_urls['Debian'] }} stable main"
- state: present
-
-- name: Add filebeat repository (RedHat)
- ansible.builtin.yum_repository:
- name: elastic-8.x
- description: Elastic Yum Repo 8.x
- baseurl: "{{ filebeat_repo_urls['RedHat'] }}"
- gpgcheck: true
- gpgkey: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
- state: present
- when: ansible_os_family == 'RedHat'
- become: true
-
-- name: Install filebeat package
- ansible.builtin.package:
- name: filebeat
- state: present
- become: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 3086528..8f6330f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -35,13 +35,6 @@
(inventory_hostname not in groups['sidecar-ca']) and
(inventory_hostname not in groups['graylog-nodes'])
- - name: Include filebeat tasks
- ansible.builtin.include_tasks: filebeat.yml
- when: >
- install_filebeat and
- (inventory_hostname not in groups['sidecar-ca']) and
- (inventory_hostname not in groups['graylog-nodes'])
-
- name: Include tasks when using single ca-host
when: use_central_ca_host
block:
@@ -55,14 +48,6 @@
(inventory_hostname not in groups['graylog-nodes']) and
(inventory_hostname not in groups['ca-store'])
- - name: Include filebeat tasks (when using a single ca store and gl-groups defined)
- ansible.builtin.include_tasks: filebeat.yml
- when: >
- install_filebeat and
- (inventory_hostname not in groups['sidecar-ca']) and
- (inventory_hostname not in groups['graylog-nodes']) and
- (inventory_hostname not in groups['ca-store'])
-
- name: Include sidecar tasks (when using a single ca store without gl-groups defined)
when: not (('sidecar-ca' in groups) and ('graylog-nodes' in groups))
block:
@@ -70,10 +55,6 @@
ansible.builtin.include_tasks: sidecar.yml
when: (inventory_hostname not in groups['ca-store'])
- - name: Include filebeat tasks (when using a single ca store without gl-groups defined)
- ansible.builtin.include_tasks: filebeat.yml
- when: (inventory_hostname not in groups['ca-store'])
-
- name: Switch back to default policy
ansible.builtin.command:
cmd: update-crypto-policies --set DEFAULT
diff --git a/tasks/sidecar.yml b/tasks/sidecar.yml
index b6d30ad..9f3ea5a 100644
--- a/tasks/sidecar.yml
+++ b/tasks/sidecar.yml
@@ -1,3 +1,10 @@
+- name: Create download TMP directory
+ ansible.builtin.tempfile:
+ state: directory
+ prefix: 'sidecar.'
+ delegate_to: localhost
+ register: sidecar_tmp_dir
+
- name: Add sidecar repo (Debian | Ubuntu)
when: ansible_os_family == 'Debian'
become: true
@@ -6,14 +13,14 @@
ansible.builtin.get_url:
url: "{{ sidecar_repo_urls['Debian'] }}"
checksum: "sha256:{{ sidecar_checksum }}"
- dest: /tmp/graylog-sidecar.deb
+ dest: "{{ sidecar_tmp_dir.path }}/graylog-sidecar.deb"
mode: 0644
delegate_to: localhost
run_once: true
- name: Copy DEB to nodes (Debian | Ubuntu)
ansible.builtin.copy:
- src: /tmp/graylog-sidecar.deb
+ src: "{{ sidecar_tmp_dir.path }}/graylog-sidecar.deb"
dest: /tmp/graylog-sidecar.deb
mode: 0644
@@ -30,14 +37,14 @@
ansible.builtin.get_url:
url: "{{ sidecar_repo_urls['RedHat'] }}"
checksum: "sha256:{{ sidecar_checksum }}"
- dest: /tmp/graylog-sidecar.rpm
+ dest: "{{ sidecar_tmp_dir.path }}/graylog-sidecar.rpm"
mode: 0644
delegate_to: localhost
run_once: true
- name: Copy RPM to nodes (RedHat)
ansible.builtin.copy:
- src: /tmp/graylog-sidecar.rpm
+ src: "{{ sidecar_tmp_dir.path }}/graylog-sidecar.rpm"
dest: /tmp/graylog-sidecar.rpm
mode: 0644
@@ -47,12 +54,12 @@
state: present
disable_gpg_check: true # Github rpm is not signed, may replace true with actual check if signed or not
-- name: Run install command
- ansible.builtin.command:
- cmd: /usr/bin/graylog-sidecar -service install
- ignore_errors: true
- changed_when: false
- become: true
+- name: Cleanup TMP directory
+ ansible.builtin.file:
+ path: "{{ sidecar_tmp_dir.path }}"
+ state: absent
+ delegate_to: localhost
+ when: sidecar_tmp_dir.path is defined
- name: Generate sidecar config
ansible.builtin.template:
@@ -63,6 +70,13 @@
notify: Restart Sidecar
become: true
+- name: Run install command
+ ansible.builtin.command:
+ cmd: /usr/bin/graylog-sidecar -service install
+ ignore_errors: true
+ changed_when: false
+ become: true
+
- name: Enable / start sidecar service
ansible.builtin.service:
name: graylog-sidecar
--
GitLab