other: update sidecar version and remove filebeat tasks

Update to sidecar version 1.5.0 and remove the filebeat tasks, as it is now bundled with sidecar. Also make the sidecar version a variable.

other: update sidecar version and remove filebeat tasks
245470e5 · Alexander Käb · 217d6e6e · 245470e5 · 245470e5 · 245470e5
Commit 245470e5 authored 1 year ago by Alexander Käb
--- a/.gitignore
+++ b/.gitignore
+.vscode
--- a/README.md
+++ b/README.md
@@ -10,16 +10,8 @@ graylog_sidecar_node_id: 'file:/etc/machine-id'
 # Sidecar repository urls based on OS family
 sidecar_repo_urls:
-  "RedHat": "https://packages.graylog2.org/repo/packages/graylog-sidecar-repository-1-5.noarch.rpm"
+  "RedHat": "https://github.com/Graylog2/collector-sidecar/releases/download/{{ sidecar_version }}/graylog-sidecar-{{ sidecar_version }}-1.x86_64.rpm"
-  "Debian": "https://packages.graylog2.org/repo/packages/graylog-sidecar-repository_1-5_all.deb"
+  "Debian": "https://github.com/Graylog2/collector-sidecar/releases/download/{{ sidecar_version }}/graylog-sidecar_{{ sidecar_version }}-1_amd64.deb"
-# Whether to install filebeat (default: true)
-install_filebeat: true
-# Filebeat repository urls based on OS family
-filebeat_repo_urls:
-  "RedHat": "https://artifacts.elastic.co/packages/oss-8.x/yum"
-  "Debian": "https://artifacts.elastic.co/packages/oss-8.x/apt"
 ```
 **Variables required by the user**

--- a/defaults/main.yml
+++ b/defaults/main.yml
 graylog_sidecar_node_id: 'file:/etc/machine-id'
+sidecar_version: '1.5.0'
 sidecar_repo_urls:
-  "RedHat": "https://github.com/Graylog2/collector-sidecar/releases/download/1.4.0/graylog-sidecar-1.4.0-1.x86_64.rpm"
+  "RedHat": "https://github.com/Graylog2/collector-sidecar/releases/download/{{ sidecar_version }}/graylog-sidecar-{{ sidecar_version }}-1.x86_64.rpm"
-  "Debian": "https://github.com/Graylog2/collector-sidecar/releases/download/1.4.0/graylog-sidecar_1.4.0-1_amd64.deb"
+  "Debian": "https://github.com/Graylog2/collector-sidecar/releases/download/{{ sidecar_version }}/graylog-sidecar_{{ sidecar_version }}-1_amd64.deb"
-sidecar_checksum: https://github.com/Graylog2/collector-sidecar/releases/download/1.4.0/CHECKSUMS-SHA256.txt
+sidecar_checksum: "https://github.com/Graylog2/collector-sidecar/releases/download/{{ sidecar_version }}/CHECKSUMS-SHA256.txt"
-install_filebeat: true
-filebeat_repo_urls:
-  "RedHat": "https://artifacts.elastic.co/packages/oss-8.x/yum"
-  "Debian": "https://artifacts.elastic.co/packages/oss-8.x/apt"
 # --- OTHER ---
 use_central_ca_host: false

--- a/tasks/filebeat.yml
+++ b/tasks/filebeat.yml
---
- name: Add filebeat repository (Debian | Ubuntu)
-  become: true
-  when: ansible_os_family == 'Debian'
-  block:
-    - name: Ensure Apt Can Use Https
-      ansible.builtin.apt:
-        name: apt-transport-https
-        state: present
-    - name: Ensure ES Signing Key Is Present
-      ansible.builtin.apt_key:
-        url: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
-        id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
-        state: present^
-    - name: Ensure ES Repo Is Enabled
-      ansible.builtin.apt_repository:
-        repo: "deb {{ filebeat_repo_urls['Debian'] }} stable main"
-        state: present
- name: Add filebeat repository (RedHat)
-  ansible.builtin.yum_repository:
-    name: elastic-8.x
-    description: Elastic Yum Repo 8.x
-    baseurl: "{{ filebeat_repo_urls['RedHat'] }}"
-    gpgcheck: true
-    gpgkey: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
-    state: present
-  when: ansible_os_family == 'RedHat'
-  become: true
- name: Install filebeat package
-  ansible.builtin.package:
-    name: filebeat
-    state: present
-  become: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -35,13 +35,6 @@
        (inventory_hostname not in groups['sidecar-ca']) and
        (inventory_hostname not in groups['graylog-nodes'])
-    - name: Include filebeat tasks
-      ansible.builtin.include_tasks: filebeat.yml
-      when: >
-        install_filebeat and
-        (inventory_hostname not in groups['sidecar-ca']) and
-        (inventory_hostname not in groups['graylog-nodes'])
 - name: Include tasks when using single ca-host
  when: use_central_ca_host
  block:
@@ -55,14 +48,6 @@
            (inventory_hostname not in groups['graylog-nodes']) and
            (inventory_hostname not in groups['ca-store'])
-        - name: Include filebeat tasks (when using a single ca store and gl-groups defined)
-          ansible.builtin.include_tasks: filebeat.yml
-          when: >
-            install_filebeat and
-            (inventory_hostname not in groups['sidecar-ca']) and
-            (inventory_hostname not in groups['graylog-nodes']) and
-            (inventory_hostname not in groups['ca-store'])
    - name: Include sidecar tasks (when using a single ca store without gl-groups defined)
      when: not (('sidecar-ca' in groups) and ('graylog-nodes' in groups))
      block:
@@ -70,10 +55,6 @@
          ansible.builtin.include_tasks: sidecar.yml
          when: (inventory_hostname not in groups['ca-store'])
-        - name: Include filebeat tasks  (when using a single ca store without gl-groups defined)
-          ansible.builtin.include_tasks: filebeat.yml
-          when: (inventory_hostname not in groups['ca-store'])
 - name: Switch back to default policy
  ansible.builtin.command:
    cmd: update-crypto-policies --set DEFAULT

--- a/tasks/sidecar.yml
+++ b/tasks/sidecar.yml
+- name: Create download TMP directory
+  ansible.builtin.tempfile:
+    state: directory
+    prefix: 'sidecar.'
+  delegate_to: localhost
+  register: sidecar_tmp_dir
 - name: Add sidecar repo (Debian | Ubuntu)
  when: ansible_os_family == 'Debian'
  become: true
@@ -6,14 +13,14 @@
      ansible.builtin.get_url:
        url: "{{ sidecar_repo_urls['Debian'] }}"
        checksum: "sha256:{{ sidecar_checksum }}"
-        dest: /tmp/graylog-sidecar.deb
+        dest: "{{ sidecar_tmp_dir.path }}/graylog-sidecar.deb"
        mode: 0644
      delegate_to: localhost
      run_once: true
    - name: Copy DEB to nodes (Debian | Ubuntu)
      ansible.builtin.copy:
-        src: /tmp/graylog-sidecar.deb
+        src: "{{ sidecar_tmp_dir.path }}/graylog-sidecar.deb"
        dest: /tmp/graylog-sidecar.deb
        mode: 0644
@@ -30,14 +37,14 @@
      ansible.builtin.get_url:
        url: "{{ sidecar_repo_urls['RedHat'] }}"
        checksum: "sha256:{{ sidecar_checksum }}"
-        dest: /tmp/graylog-sidecar.rpm
+        dest: "{{ sidecar_tmp_dir.path }}/graylog-sidecar.rpm"
        mode: 0644
      delegate_to: localhost
      run_once: true
    - name: Copy RPM to nodes (RedHat)
      ansible.builtin.copy:
-        src: /tmp/graylog-sidecar.rpm
+        src: "{{ sidecar_tmp_dir.path }}/graylog-sidecar.rpm"
        dest: /tmp/graylog-sidecar.rpm
        mode: 0644
@@ -47,12 +54,12 @@
        state: present
        disable_gpg_check: true # Github rpm is not signed, may replace true with actual check if signed or not
- name: Run install command
+- name: Cleanup TMP directory
-  ansible.builtin.command:
+  ansible.builtin.file:
-    cmd: /usr/bin/graylog-sidecar -service install
+    path: "{{ sidecar_tmp_dir.path }}"
-  ignore_errors: true
+    state: absent
-  changed_when: false
+  delegate_to: localhost
-  become: true
+  when: sidecar_tmp_dir.path is defined
 - name: Generate sidecar config
  ansible.builtin.template:
@@ -63,6 +70,13 @@
  notify: Restart Sidecar
  become: true
+- name: Run install command
+  ansible.builtin.command:
+    cmd: /usr/bin/graylog-sidecar -service install
+  ignore_errors: true
+  changed_when: false
+  become: true
 - name: Enable / start sidecar service
  ansible.builtin.service:
    name: graylog-sidecar