From a7239e6d7ef8857b6d69fb7873e4225cc4142432 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com>
Date: Wed, 5 Jul 2023 15:41:47 +0200
Subject: [PATCH] [UPD] ansible-lint
---
.ansible-lint | 7 +++
.yamllint | 39 +++++++++++++++
handlers/main.yml | 6 ++-
meta/main.yml | 32 ++++++------
tasks/main.yml | 124 ++++++++++++++++++++++++----------------------
vars/Debian.yml | 4 +-
vars/RedHat.yml | 2 +-
7 files changed, 134 insertions(+), 80 deletions(-)
create mode 100644 .ansible-lint
create mode 100644 .yamllint
diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..8d40d06
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,7 @@
+---
+warn_list: # or 'skip_list' to silence them completely
+ - git-latest # Git checkouts must contain explicit version
+ - ignore-errors # Use failed_when and specify error conditions instead of using ignore_errors
+ - no-changed-when # Commands should not change things if nothing needs doing
+ - no-handler # Tasks that run when changed should likely be handlers
+ - package-latest # Package installs should not use latest
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..fbebdb8
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,39 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+ braces:
+ max-spaces-inside: 1
+ level: error
+ brackets:
+ max-spaces-inside: 1
+ level: error
+ colons:
+ max-spaces-after: -1
+ level: error
+ commas:
+ max-spaces-after: -1
+ level: error
+ # comments enable
+ comments: enable
+ comments-indentation: enable
+ document-start: enable
+ empty-lines:
+ max: 3
+ level: error
+ hyphens:
+ level: error
+ indentation:
+ level: warning
+ indent-sequences: consistent
+ spaces: 4
+ check-multi-line-strings: true
+ key-duplicates: enable
+ line-length: disable
+ new-line-at-end-of-file: enable
+ new-lines:
+ type: unix
+ # trailing-spaces enable
+ trailing-spaces: enable
+ truthy: enable
diff --git a/handlers/main.yml b/handlers/main.yml
index daa89d8..6c6de22 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,4 +1,6 @@
---
-- name: restart filebeat
- service: name=filebeat state=restarted
+- name: Restart filebeat
+ ansible.builtin.service:
+ name: filebeat
+ state: restarted
diff --git a/meta/main.yml b/meta/main.yml
index b1e9b8a..5a5eea9 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,18 +1,18 @@
---
galaxy_info:
- author: RĂ©mi
- description: This role configures filebeat to push logs to ELK stack
- company: Le Filament (https://le-filament.com)
- license: AGPL-3.0-or-later
- min_ansible_version: 2.1
- platforms:
- - name: EL
- versions:
- - 7
- - name: Ubuntu
- versions:
- - focal
- galaxy_tags:
- - filebeat
- - log
- - elk
+ author: lefilament
+ description: This role configures filebeat to push logs to ELK stack
+ company: Le Filament (https://le-filament.com)
+ license: AGPL-3.0-or-later
+ min_ansible_version: "2.1"
+ platforms:
+ - name: EL
+ versions:
+ - "7"
+ - name: Ubuntu
+ versions:
+ - focal
+ galaxy_tags:
+ - filebeat
+ - log
+ - elk
diff --git a/tasks/main.yml b/tasks/main.yml
index 4290b50..af1d9c4 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,96 +1,102 @@
---
- name: Include OS-specific variables.
- include_vars: "{{ ansible_os_family }}.yml"
+ ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
# INSTALLATION
- name: Add Filebeat GPG key to APT
- get_url:
- url: "{{ elastic_gpg_key_url }}"
- dest: /etc/apt/trusted.gpg.d/elastic.asc
- mode: '0644'
+ ansible.builtin.get_url:
+ url: "{{ elastic_gpg_key_url }}"
+ dest: /etc/apt/trusted.gpg.d/elastic.asc
+ mode: '0644'
when: ansible_os_family == "Debian"
- name: Add FileBeat repo to APT repositories
- apt_repository:
- repo: deb {{ elastic_packages_url }}/apt stable main
- update_cache: true
+ ansible.builtin.apt_repository:
+ repo: deb {{ elastic_packages_url }}/apt stable main
+ update_cache: true
when: ansible_os_family == "Debian"
- name: Add FileBeat repo to YUM repositories
- yum_repository:
- file: elastic
- name: elastic-7.x
- description: Elastic repository for 7.x packages
- baseurl: "{{ elastic_packages_url }}/yum"
- gpgkey: "{{ elastic_gpg_key_url }}"
- gpgcheck: true
+ ansible.builtin.yum_repository:
+ file: elastic
+ name: elastic-7.x
+ description: Elastic repository for 7.x packages
+ baseurl: "{{ elastic_packages_url }}/yum"
+ gpgkey: "{{ elastic_gpg_key_url }}"
+ gpgcheck: true
when: ansible_os_family == "RedHat"
- name: Install OS packages
- package:
- name: "{{ packages_to_install }}"
- state: latest
+ ansible.builtin.package:
+ name: "{{ packages_to_install }}"
+ state: latest
async: 120
poll: 10
when: not ansible_check_mode
- name: Check installed OS packages
- package:
- name: "{{ packages_to_install }}"
- state: latest
+ ansible.builtin.package:
+ name: "{{ packages_to_install }}"
+ state: latest
when: ansible_check_mode
-- name: make sure filebeat is enabled if log_collection = true
- service: name=filebeat enabled=yes state=started
+- name: Make sure filebeat is enabled if log_collection = true
+ ansible.builtin.service:
+ name: filebeat
+ enabled: true
+ state: started
when: log_collection
-- name: make sure filebeat is disabled if log_collection = false
- service: name=filebeat enabled=no state=stopped
+- name: Make sure filebeat is disabled if log_collection = false
+ ansible.builtin.service:
+ name: filebeat
+ enabled: true
+ state: stopped
when: not log_collection
# CONFIGURATION (only if log_collection = true)
- name: Push logstash certificate
- copy:
- content: "{{ logstash_tls_crt }}"
- dest: "/etc/ssl/certs/logstash.crt"
- owner: root
- group: root
- mode: '0644'
+ ansible.builtin.copy:
+ content: "{{ logstash_tls_crt }}"
+ dest: "/etc/ssl/certs/logstash.crt"
+ owner: root
+ group: root
+ mode: '0644'
when: log_collection
- notify: restart filebeat
+ notify: Restart filebeat
-- name: push Filebeat configuration file
- template:
- src: filebeat.yml.j2
- dest: /etc/filebeat/filebeat.yml
- owner: root
- group: root
- mode: '0600'
+- name: Push Filebeat configuration file
+ ansible.builtin.template:
+ src: filebeat.yml.j2
+ dest: /etc/filebeat/filebeat.yml
+ owner: root
+ group: root
+ mode: '0600'
when: log_collection
- notify: restart filebeat
+ notify: Restart filebeat
-- name: push Filebeat modules configuration file
- copy:
- src: "{{ item }}.yml"
- dest: /etc/filebeat/modules.d/{{ item }}.yml
- owner: root
- group: root
- mode: '0644'
+- name: Push Filebeat modules configuration file
+ ansible.builtin.copy:
+ src: "{{ item }}.yml"
+ dest: /etc/filebeat/modules.d/{{ item }}.yml
+ owner: root
+ group: root
+ mode: '0644'
with_items:
- - iptables
- - system
+ - iptables
+ - system
when: log_collection
- notify: restart filebeat
+ notify: Restart filebeat
-- name: push Filebeat traefik module configuration file
- template:
- src: "{{ item }}.yml.j2"
- dest: /etc/filebeat/modules.d/{{ item }}.yml
- owner: root
- group: root
- mode: '0644'
+- name: Push Filebeat traefik module configuration file
+ ansible.builtin.template:
+ src: "{{ item }}.yml.j2"
+ dest: /etc/filebeat/modules.d/{{ item }}.yml
+ owner: root
+ group: root
+ mode: '0644'
with_items:
- - traefik
+ - traefik
when: inventory_hostname in groups.docker and log_collection
- notify: restart filebeat
+ notify: Restart filebeat
diff --git a/vars/Debian.yml b/vars/Debian.yml
index 7367aca..a0b16e2 100644
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
@@ -1,4 +1,4 @@
---
packages_to_install:
- - apt-transport-https
- - filebeat
+ - apt-transport-https
+ - filebeat
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index cdf9f8f..b0810a1 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -1,3 +1,3 @@
---
packages_to_install:
- - filebeat
+ - filebeat
--
GitLab