diff --git a/tasks/filebeat.yml b/tasks/filebeat.yml
index 4d8790353116eba865fbb25835b913c2dfa0c85c..2518dbb2cfb70f95f8b64372d88718e79f5d9f28 100644
--- a/tasks/filebeat.yml
+++ b/tasks/filebeat.yml
@@ -1,36 +1,39 @@
-- name: Add filebeat repository (Debian | Ubuntu)
- become: true
- when: ansible_os_family == 'Debian'
+- name: Run filebeat tasks
+ when: (groups['sidecar-ca'] id defined | ternary(inventory_hostname not in groups['sidecar-ca'], true))
block:
- - name: Ensure Apt Can Use Https
- ansible.builtin.apt:
- name: apt-transport-https
- state: present
+ - name: Add filebeat repository (Debian | Ubuntu)
+ become: true
+ when: ansible_os_family == 'Debian'
+ block:
+ - name: Ensure Apt Can Use Https
+ ansible.builtin.apt:
+ name: apt-transport-https
+ state: present
- - name: Ensure ES Signing Key Is Present
- ansible.builtin.apt_key:
- url: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
- id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
- state: present^
+ - name: Ensure ES Signing Key Is Present
+ ansible.builtin.apt_key:
+ url: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
+ id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
+ state: present^
- - name: Ensure ES Repo Is Enabled
- ansible.builtin.apt_repository:
- repo: "deb {{ filebeat_repo_urls['Debian'] }} stable main"
- state: present
+ - name: Ensure ES Repo Is Enabled
+ ansible.builtin.apt_repository:
+ repo: "deb {{ filebeat_repo_urls['Debian'] }} stable main"
+ state: present
-- name: Add filebeat repository (RedHat)
- ansible.builtin.yum_repository:
- name: elastic-8.x
- description: Elastic Yum Repo 8.x
- baseurl: "{{ filebeat_repo_urls['RedHat'] }}"
- gpgcheck: true
- gpgkey: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
- state: present
- when: ansible_os_family == 'RedHat'
- become: true
+ - name: Add filebeat repository (RedHat)
+ ansible.builtin.yum_repository:
+ name: elastic-8.x
+ description: Elastic Yum Repo 8.x
+ baseurl: "{{ filebeat_repo_urls['RedHat'] }}"
+ gpgcheck: true
+ gpgkey: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
+ state: present
+ when: ansible_os_family == 'RedHat'
+ become: true
-- name: Install filebeat package
- ansible.builtin.package:
- name: filebeat
- state: present
- become: true
+ - name: Install filebeat package
+ ansible.builtin.package:
+ name: filebeat
+ state: present
+ become: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 5e79877d0fca764df6ee375c23f67ecb1fac46bb..651c100679bed7b767e3b0942c29959dcdb9529e 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,71 +1,75 @@
---
-- name: Temp switch to legacy crypto policy
- ansible.builtin.command:
- cmd: update-crypto-policies --set DEFAULT:SHA1
- changed_when: false
- become: true
-
-- name: Add sidecar repo (Debian | Ubuntu)
- when: ansible_os_family == 'Debian'
- become: true
+- name: Run install tasks
+ when: (groups['sidecar-ca'] id defined | ternary(inventory_hostname not in groups['sidecar-ca'], true))
block:
- - name: Download repository file
- ansible.builtin.get_url:
- url: "{{ sidecar_repo_urls['Debian'] }}"
- dest: /tmp/graylog-sidecar-repository.deb
- mode: 0644
-
- - name: Add repository using dpkg
+ - name: Temp switch to legacy crypto policy
ansible.builtin.command:
- cmd: dpkg -i /tmp/graylog-sidecar-repository.deb
+ cmd: update-crypto-policies --set DEFAULT:SHA1
changed_when: false
+ become: true
+
+ - name: Add sidecar repo (Debian | Ubuntu)
+ when: ansible_os_family == 'Debian'
+ become: true
+ block:
+ - name: Download repository file
+ ansible.builtin.get_url:
+ url: "{{ sidecar_repo_urls['Debian'] }}"
+ dest: /tmp/graylog-sidecar-repository.deb
+ mode: 0644
+
+ - name: Add repository using dpkg
+ ansible.builtin.command:
+ cmd: dpkg -i /tmp/graylog-sidecar-repository.deb
+ changed_when: false
-- name: Add sidecar repo (RedHat)
- ansible.builtin.yum:
- name: "{{ sidecar_repo_urls['RedHat'] }}"
- state: present
- when: ansible_os_family == 'RedHat'
- become: true
+ - name: Add sidecar repo (RedHat)
+ ansible.builtin.yum:
+ name: "{{ sidecar_repo_urls['RedHat'] }}"
+ state: present
+ disable_gpg_check: true # Here, we are installing the package that contains the gpg key
+ when: ansible_os_family == 'RedHat'
+ become: true
-- name: Install sidecar package
- ansible.builtin.package:
- name: graylog-sidecar
- state: present
- become: true
+ - name: Install sidecar package
+ ansible.builtin.package:
+ name: graylog-sidecar
+ state: present
+ become: true
-- name: Run install command
- ansible.builtin.command:
- cmd: /usr/bin/graylog-sidecar -service install
- ignore_errors: true
- changed_when: false
- become: true
+ - name: Run install command
+ ansible.builtin.command:
+ cmd: /usr/bin/graylog-sidecar -service install
+ ignore_errors: true
+ changed_when: false
+ become: true
-- name: Generate sidecar config
- ansible.builtin.template:
- dest: /etc/graylog/sidecar/sidecar.yml
- src: sidecar.yml.j2
- validate: /usr/bin/graylog-sidecar -c %s -configtest
- mode: 0640
- notify: Restart Sidecar
- become: true
+ - name: Generate sidecar config
+ ansible.builtin.template:
+ dest: /etc/graylog/sidecar/sidecar.yml
+ src: sidecar.yml.j2
+ validate: /usr/bin/graylog-sidecar -c %s -configtest
+ mode: 0640
+ notify: Restart Sidecar
+ become: true
-- name: Enable / start sidecar service
- ansible.builtin.service:
- name: graylog-sidecar
- state: started
- enabled: true
- become: true
+ - name: Enable / start sidecar service
+ ansible.builtin.service:
+ name: graylog-sidecar
+ state: started
+ enabled: true
+ become: true
-- name: Install filebeat
- ansible.builtin.import_tasks: filebeat.yml
- when: install_filebeat
+ - name: Install filebeat
+ ansible.builtin.import_tasks: filebeat.yml
+ when: install_filebeat
-- name: Switch back to default policy
- ansible.builtin.command:
- cmd: update-crypto-policies --set DEFAULT
- changed_when: false
- become: true
+ - name: Switch back to default policy
+ ansible.builtin.command:
+ cmd: update-crypto-policies --set DEFAULT
+ changed_when: false
+ become: true
-- name: Generate Node certificates
- ansible.builtin.import_tasks: node-certs.yml
- when: generate_node_certs
+ - name: Generate Node certificates
+ ansible.builtin.import_tasks: node-certs.yml
+ when: generate_node_certs
diff --git a/tasks/node-certs.yml b/tasks/node-certs.yml
index 8e85604f0f24a05e15f09abd8781600a30f94992..b968f78d53c1adffe13dd666d45fcc59138db357 100644
--- a/tasks/node-certs.yml
+++ b/tasks/node-certs.yml
@@ -27,6 +27,7 @@
- name: Node Certificates
delegate_to: localhost
+ when: (groups['sidecar-ca'] id defined | ternary(inventory_hostname not in groups['sidecar-ca'], true))
block:
- name: Node Certificates | Generate private keys
community.crypto.openssl_privatekey:
@@ -58,6 +59,7 @@
- name: Node Certificates | Copy Certificates
become: true
+ when: (groups['sidecar-ca'] id defined | ternary(inventory_hostname not in groups['sidecar-ca'], true))
block:
- name: Node Certificates | Copy Node certificates
ansible.builtin.copy:
@@ -67,4 +69,4 @@
with_items:
- { file: "sidecar-{{ inventory_hostname }}.key", mode: "0600" }
- { file: "sidecar-{{ inventory_hostname }}.pem", mode: "0644" }
- - { file: "sidecar-ca.pem", mode: "0644" }
\ No newline at end of file
+ - { file: "sidecar-ca.pem", mode: "0644" }