diff --git a/tasks/main.yml b/tasks/main.yml
index a72b51474ce1addd04ac11251190c0d6900d2c3b..25aa8268f16b937c90a6f0e2da1429f6aed7e007 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,99 +1,24 @@
---
-- name: Run install tasks
+- name: Temp switch to legacy crypto policy
+ ansible.builtin.command:
+ cmd: update-crypto-policies --set DEFAULT:SHA1
+ changed_when: false
+ become: true
+
+- name: Include sidecar tasks
+ ansible.builtin.include_tasks: sidecar.yml
when: (groups['sidecar-ca'] is defined | ternary(inventory_hostname not in groups['sidecar-ca'], true))
- block:
- - name: Temp switch to legacy crypto policy
- ansible.builtin.command:
- cmd: update-crypto-policies --set DEFAULT:SHA1
- changed_when: false
- become: true
- - name: Add sidecar repo (Debian | Ubuntu)
- when: ansible_os_family == 'Debian'
- become: true
- block:
- - name: Download repository file (Debian | Ubuntu)
- ansible.builtin.get_url:
- url: "{{ sidecar_repo_urls['Debian'] }}"
- dest: /tmp/graylog-sidecar-repository.deb
- mode: 0644
- delegate_to: localhost
- run_once: true
+- name: Include filebeat tasks
+ ansible.builtin.import_tasks: filebeat.yml
+ when: install_filebeat and (groups['sidecar-ca'] is defined | ternary(inventory_hostname not in groups['sidecar-ca'], true))
- - name: Copy DEB to nodes (Debian | Ubuntu)
- ansible.builtin.copy:
- src: /tmp/graylog-sidecar-repository.deb
- dest: /tmp/graylog-sidecar-repository.deb
- mode: 0644
+- name: Switch back to default policy
+ ansible.builtin.command:
+ cmd: update-crypto-policies --set DEFAULT
+ changed_when: false
+ become: true
- - name: Add repository using dpkg (Debian | Ubuntu)
- ansible.builtin.command:
- cmd: dpkg -i /tmp/graylog-sidecar-repository.deb
- changed_when: false
-
- - name: Add sidecar repo (RedHat)
- when: ansible_os_family == 'RedHat'
- become: true
- block:
- - name: Download rpm file (RedHat)
- ansible.builtin.get_url:
- url: "{{ sidecar_repo_urls['RedHat'] }}"
- dest: /tmp/graylog-sidecar-repository.rpm
- mode: 0644
- delegate_to: localhost
- run_once: true
-
- - name: Copy RPM to nodes (RedHat)
- ansible.builtin.copy:
- src: /tmp/graylog-sidecar-repository.rpm
- dest: /tmp/graylog-sidecar-repository.rpm
- mode: 0644
-
- - name: Install rpm (RedHat)
- ansible.builtin.yum:
- name: /tmp/graylog-sidecar-repository.rpm
- state: present
- disable_gpg_check: true # Here, we are installing the package that contains the gpg key
-
- - name: Install sidecar package
- ansible.builtin.package:
- name: graylog-sidecar
- state: present
- become: true
-
- - name: Run install command
- ansible.builtin.command:
- cmd: /usr/bin/graylog-sidecar -service install
- ignore_errors: true
- changed_when: false
- become: true
-
- - name: Generate sidecar config
- ansible.builtin.template:
- dest: /etc/graylog/sidecar/sidecar.yml
- src: sidecar.yml.j2
- validate: /usr/bin/graylog-sidecar -c %s -configtest
- mode: 0640
- notify: Restart Sidecar
- become: true
-
- - name: Enable / start sidecar service
- ansible.builtin.service:
- name: graylog-sidecar
- state: started
- enabled: true
- become: true
-
- - name: Install filebeat
- ansible.builtin.import_tasks: filebeat.yml
- when: install_filebeat
-
- - name: Switch back to default policy
- ansible.builtin.command:
- cmd: update-crypto-policies --set DEFAULT
- changed_when: false
- become: true
-
- - name: Generate Node certificates
- ansible.builtin.import_tasks: node-certs.yml
- when: generate_node_certs
+- name: Generate Node certificates
+ ansible.builtin.import_tasks: node-certs.yml
+ when: generate_node_certs
diff --git a/tasks/sidecar.yml b/tasks/sidecar.yml
new file mode 100644
index 0000000000000000000000000000000000000000..bd8f5c7099bc1d6c3e6be6e3d5f0147da9f27b61
--- /dev/null
+++ b/tasks/sidecar.yml
@@ -0,0 +1,75 @@
+- name: Add sidecar repo (Debian | Ubuntu)
+ when: ansible_os_family == 'Debian'
+ become: true
+ block:
+ - name: Download repository file (Debian | Ubuntu)
+ ansible.builtin.get_url:
+ url: "{{ sidecar_repo_urls['Debian'] }}"
+ dest: /tmp/graylog-sidecar-repository.deb
+ mode: 0644
+ delegate_to: localhost
+ run_once: true
+
+ - name: Copy DEB to nodes (Debian | Ubuntu)
+ ansible.builtin.copy:
+ src: /tmp/graylog-sidecar-repository.deb
+ dest: /tmp/graylog-sidecar-repository.deb
+ mode: 0644
+
+ - name: Add repository using dpkg (Debian | Ubuntu)
+ ansible.builtin.command:
+ cmd: dpkg -i /tmp/graylog-sidecar-repository.deb
+ changed_when: false
+
+- name: Add sidecar repo (RedHat)
+ when: ansible_os_family == 'RedHat'
+ become: true
+ block:
+ - name: Download rpm file (RedHat)
+ ansible.builtin.get_url:
+ url: "{{ sidecar_repo_urls['RedHat'] }}"
+ dest: /tmp/graylog-sidecar-repository.rpm
+ mode: 0644
+ delegate_to: localhost
+ run_once: true
+
+ - name: Copy RPM to nodes (RedHat)
+ ansible.builtin.copy:
+ src: /tmp/graylog-sidecar-repository.rpm
+ dest: /tmp/graylog-sidecar-repository.rpm
+ mode: 0644
+
+ - name: Install rpm (RedHat)
+ ansible.builtin.yum:
+ name: /tmp/graylog-sidecar-repository.rpm
+ state: present
+ disable_gpg_check: true # Here, we are installing the package that contains the gpg key
+
+- name: Install sidecar package
+ ansible.builtin.package:
+ name: graylog-sidecar
+ state: present
+ become: true
+
+- name: Run install command
+ ansible.builtin.command:
+ cmd: /usr/bin/graylog-sidecar -service install
+ ignore_errors: true
+ changed_when: false
+ become: true
+
+- name: Generate sidecar config
+ ansible.builtin.template:
+ dest: /etc/graylog/sidecar/sidecar.yml
+ src: sidecar.yml.j2
+ validate: /usr/bin/graylog-sidecar -c %s -configtest
+ mode: 0640
+ notify: Restart Sidecar
+ become: true
+
+- name: Enable / start sidecar service
+ ansible.builtin.service:
+ name: graylog-sidecar
+ state: started
+ enabled: true
+ become: true
\ No newline at end of file