Initial commit.

.travis.yml

@@ -0,0 +1,36 @@
+---
+language: python
+python: "2.7"
+
+env:
+  - SITE=test.yml
+
+before_install:
+  - sudo apt-get update -qq
+  - sudo apt-get install curl
+
+install:
+  # Install Ansible.
+  - pip install ansible
+
+  # Add ansible.cfg to pick up roles path.
+  - "printf '[defaults]\nroles_path = ../' > ansible.cfg"
+
+  # Install required dependencies.
+  - ansible-galaxy install geerlingguy.elasticsearch
+
+script:
+  # Check the role/playbook's syntax.
+  - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
+
+  # Run the role/playbook with ansible-playbook.
+  - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
+
+  # Run the role/playbook again, checking to make sure it's idempotent.
+  - >
+    ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
+    | grep -q 'changed=0.*failed=0'
+    && (echo 'Idempotence test: pass' && exit 0)
+    || (echo 'Idempotence test: fail' && exit 1)
+
+  # TODO: Test if logstash is working correctly.

README.md

@@ -0,0 +1,45 @@
+# Ansible Role: Logstash
+
+[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-logstash.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-logstash)
+
+An Ansible Role that installs Logstash on Debian/Ubuntu.
+
+**Note**: This role is under active development and is not considered stable quite yet. I am working on making sure it runs across a wider variety of platforms, and also will work with different kinds of workflows you may have. Please file issues on GitHub if you find a problem!
+
+**Security Note**: Until this role reaches a stable release, please consider it insecure, and do not use it on any production systems. Things like SSL and certificates are not being used for message authentication at this time!
+
+## Requirements
+
+Though other methods are possible, this role is made to work with Elasticsearch as a backend for storing log messages.
+
+## Role Variables
+
+Available variables are listed below, along with default values (see `defaults/main.yml`):
+
+    logstash_listen_port_tcp: 5000
+    logstash_listen_port_udp: 5000
+
+The TCP and UDP ports over which logstash will listen for syslog messages.
+
+    logstash_elasticsearch_host: localhost
+
+The host on which Elasticsearch resides.
+
+## Dependencies
+
+  - geerlingguy.elasticsearch
+
+## Example Playbook
+
+    - hosts: search
+      roles:
+        - { role: geerlingguy.elasticsearch }
+        - { role: geerlingguy.logstash }
+
+## License
+
+MIT / BSD
+
+## Author Information
+
+This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

defaults/main.yml

@@ -0,0 +1,4 @@
+---
+logstash_listen_port_tcp: 5000
+logstash_listen_port_udp: 5000
+logstash_elasticsearch_host: localhost

handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart logstash
+  service: name=logstash state=restarted

meta/main.yml

@@ -0,0 +1,24 @@
+---
+dependencies:
+  - { role: geerlingguy.elasticsearch }
+
+galaxy_info:
+  author: geerlingguy
+  description: Logstash for Debian/Ubuntu.
+  company: "Midwestern Mac, LLC"
+  license: "license (BSD, MIT)"
+  min_ansible_version: 1.4
+  platforms:
+  # - name: EL
+  #   versions:
+  #   - all
+  - name: Debian
+    versions:
+    - all
+  - name: Ubuntu
+    versions:
+    - all
+  categories:
+    - web
+    - system
+    - monitoring

tasks/main.yml

@@ -0,0 +1,43 @@
+---
+- name: Add Elasticsearch apt key.
+  apt_key:
+    url: http://packages.elasticsearch.org/GPG-KEY-elasticsearch
+    state: present
+
+- name: Add Logstash repository.
+  apt_repository:
+    repo: 'deb http://packages.elasticsearch.org/logstash/1.4/debian stable main'
+    state: present
+
+- name: Check if Logstash is already installed.
+  stat: path=/etc/init.d/logstash
+  register: logstash_installed
+
+- name: Update apt cache if repository just added.
+  apt: update_cache=yes
+  when: logstash_installed.stat.exists == false
+
+- name: Install Logstash.
+  apt: pkg=logstash state=present
+
+# TODO: Fix this so it's idempotent.
+- name: Add Logstash user to adm group (Debian).
+  user:
+    name: logstash
+    groups: "logstash,adm"
+  when: ansible_os_family == "Debian"
+  notify: restart logstash
+
+- name: Create Logstash configuration files.
+  template:
+    src: "templates/{{ item }}.j2"
+    dest: "/etc/logstash/conf.d/{{ item }}"
+    owner: root
+    group: root
+    mode: 644
+  with_items:
+    - 01-lumberjack-input.conf
+    - 02-local-syslog-input.conf
+    - 10-syslog.conf
+    - 30-lumberjack-output.conf
+  notify: restart logstash

templates/01-lumberjack-input.conf.j2

@@ -0,0 +1,10 @@
+input {
+  tcp {
+    port => {{ logstash_listen_port_tcp }}
+    type => syslog
+  }
+  udp {
+    port => {{ logstash_listen_port_udp }}
+    type => syslog
+  }
+}

templates/02-local-syslog-input.conf.j2

@@ -0,0 +1,5 @@
+input {
+  file {
+    path => "/var/log/syslog"
+  }
+}

templates/10-syslog.conf.j2

@@ -0,0 +1,13 @@
+filter {
+  if [type] == "syslog" {
+    grok {
+      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
+      add_field => [ "received_at", "%{@timestamp}" ]
+      add_field => [ "received_from", "%{host}" ]
+    }
+    syslog_pri { }
+    date {
+      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
+    }
+  }
+}

templates/30-lumberjack-output.conf.j2

@@ -0,0 +1,5 @@
+output {
+  elasticsearch {
+    host => {{ logstash_elasticsearch_host }}
+  }
+}

tests/inventory

@@ -0,0 +1 @@
+localhost

tests/test.yml

@@ -0,0 +1,6 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - geerlingguy.elasticsearch
+    - ansible-role-logstash