From 1652dab16da30e828c3916a253517b72cda9da39 Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Thu, 23 Jan 2025 13:07:47 +0100 Subject: [PATCH 1/6] Remove local `become` Havin `become` only in tasks where needed might be good coding style but it breaks tests with Rocky Linux and might have other unpredicted side effects. So I'm removing it. --- roles/elasticsearch/tasks/main.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml index 65db904e..71d7342b 100644 --- a/roles/elasticsearch/tasks/main.yml +++ b/roles/elasticsearch/tasks/main.yml @@ -204,7 +204,6 @@ when: elasticsearch_jna_workaround | bool - name: Set jvm heap size - become: yes ansible.builtin.template: src: "jvm.options.d/heap.options.j2" dest: "{{ elasticsearch_conf_dir }}/jvm.options.d/10-heap.options" @@ -216,7 +215,6 @@ when: (elasticsearch_heap) - name: Set jvm paths - become: yes ansible.builtin.template: src: "jvm.options.d/paths.options.j2" dest: "{{ elasticsearch_conf_dir }}/jvm.options.d/50-paths.options" @@ -227,7 +225,6 @@ notify: Restart Elasticsearch - name: Set jvm custom options - become: yes ansible.builtin.template: src: "jvm.options.d/custom.options.j2" dest: "{{ elasticsearch_conf_dir }}/jvm.options.d/90-custom.options" From 06a9cfec98940f73791ac54438b7bdb6813dfbfd Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Thu, 23 Jan 2025 14:00:13 +0100 Subject: [PATCH 2/6] Add debug tasks --- molecule/elasticstack_default/converge.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/molecule/elasticstack_default/converge.yml b/molecule/elasticstack_default/converge.yml index f2b9fe28..d77bc541 100644 --- a/molecule/elasticstack_default/converge.yml +++ b/molecule/elasticstack_default/converge.yml @@ -67,3 +67,10 @@ ansible.builtin.service: name: rsyslog state: started + failed_when: false + - name: Fetch journalctl output + command: journalctl -xeu rsyslog.service + register: debug_output + - name: Output rsyslog problems + debug: + var: debug_output From 50765d45ec83c8730f18daf7539f5a110ed66905 Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Thu, 23 Jan 2025 14:12:35 +0100 Subject: [PATCH 3/6] Typo --- molecule/elasticstack_default/converge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/elasticstack_default/converge.yml b/molecule/elasticstack_default/converge.yml index d77bc541..61702efa 100644 --- a/molecule/elasticstack_default/converge.yml +++ b/molecule/elasticstack_default/converge.yml @@ -67,7 +67,7 @@ ansible.builtin.service: name: rsyslog state: started - failed_when: false + failed_when: false - name: Fetch journalctl output command: journalctl -xeu rsyslog.service register: debug_output From 06447912c9ca889ce4925521e1e2928eada6f3ec Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Thu, 23 Jan 2025 14:59:43 +0100 Subject: [PATCH 4/6] Trying to replace syslog input with journald --- molecule/elasticstack_default/converge.yml | 47 +++++++++++----------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/molecule/elasticstack_default/converge.yml b/molecule/elasticstack_default/converge.yml index 61702efa..499dc788 100644 --- a/molecule/elasticstack_default/converge.yml +++ b/molecule/elasticstack_default/converge.yml @@ -22,6 +22,7 @@ redis_requirepass: "{{ logstash_redis_password }}" beats_filebeat_syslog_udp: true beats_filebeat_syslog_tcp: true + beats_filebeat_journald: true beats_filebeat_modules: - system beats_fields: @@ -51,26 +52,26 @@ - name: Include Beats ansible.builtin.include_role: name: beats - - name: Install rsyslog - ansible.builtin.package: - name: rsyslog - - name: Remove cache # noqa: risky-shell-pipe - ansible.builtin.shell: > - if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi; - rm -rf /var/cache/* - changed_when: false - - name: Configure rsyslog - ansible.builtin.lineinfile: - line: "*.* @@localhost:514" - path: /etc/rsyslog.conf - - name: Start rsyslog - ansible.builtin.service: - name: rsyslog - state: started - failed_when: false - - name: Fetch journalctl output - command: journalctl -xeu rsyslog.service - register: debug_output - - name: Output rsyslog problems - debug: - var: debug_output + #- name: Install rsyslog + # ansible.builtin.package: + # name: rsyslog + #- name: Remove cache # noqa: risky-shell-pipe + # ansible.builtin.shell: > + # if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi; + # rm -rf /var/cache/* + # changed_when: false + #- name: Configure rsyslog + # ansible.builtin.lineinfile: + # line: "*.* @@localhost:514" + # path: /etc/rsyslog.conf + #- name: Start rsyslog + # ansible.builtin.service: + # name: rsyslog + # state: started + # failed_when: false + #- name: Fetch journalctl output + # command: journalctl -xeu rsyslog.service + # register: debug_output + #- name: Output rsyslog problems + # debug: + # var: debug_output From dee986dfd2f80ae503627c0c393e5e412c891868 Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Thu, 23 Jan 2025 15:42:04 +0100 Subject: [PATCH 5/6] Replace syslog input with journald for tests --- molecule/elasticstack_default/converge.yml | 25 ------------------- molecule/logstash_full_stack-oss/converge.yml | 19 +------------- 2 files changed, 1 insertion(+), 43 deletions(-) diff --git a/molecule/elasticstack_default/converge.yml b/molecule/elasticstack_default/converge.yml index 499dc788..694db61d 100644 --- a/molecule/elasticstack_default/converge.yml +++ b/molecule/elasticstack_default/converge.yml @@ -20,8 +20,6 @@ logstash_pipeline_unsafe_shutdown: true logstash_redis_password: "{{ lookup('ansible.builtin.password', '/tmp/redispassword', chars=['ascii_letters'], length=15) }}" redis_requirepass: "{{ logstash_redis_password }}" - beats_filebeat_syslog_udp: true - beats_filebeat_syslog_tcp: true beats_filebeat_journald: true beats_filebeat_modules: - system @@ -52,26 +50,3 @@ - name: Include Beats ansible.builtin.include_role: name: beats - #- name: Install rsyslog - # ansible.builtin.package: - # name: rsyslog - #- name: Remove cache # noqa: risky-shell-pipe - # ansible.builtin.shell: > - # if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi; - # rm -rf /var/cache/* - # changed_when: false - #- name: Configure rsyslog - # ansible.builtin.lineinfile: - # line: "*.* @@localhost:514" - # path: /etc/rsyslog.conf - #- name: Start rsyslog - # ansible.builtin.service: - # name: rsyslog - # state: started - # failed_when: false - #- name: Fetch journalctl output - # command: journalctl -xeu rsyslog.service - # register: debug_output - #- name: Output rsyslog problems - # debug: - # var: debug_output diff --git a/molecule/logstash_full_stack-oss/converge.yml b/molecule/logstash_full_stack-oss/converge.yml index 87e032d5..5f163e7a 100644 --- a/molecule/logstash_full_stack-oss/converge.yml +++ b/molecule/logstash_full_stack-oss/converge.yml @@ -19,8 +19,7 @@ logstash_security: false logstash_pipeline_unsafe_shutdown: true elasticstack_security: false - beats_filebeat_syslog_udp: true - beats_filebeat_syslog_tcp: true + beats_filebeat_journald: true logstash_beats_tls: false elasticstack_release: 7 elasticstack_no_log: false @@ -28,13 +27,6 @@ - name: "Include Elastics repos role" ansible.builtin.include_role: name: repos - - name: Install rsyslog - ansible.builtin.package: - name: rsyslog - - name: Start rsyslog - ansible.builtin.service: - name: rsyslog - state: started - name: "Include Elasticsearch role" ansible.builtin.include_role: name: elasticsearch @@ -47,12 +39,3 @@ - name: "Include Logstash" ansible.builtin.include_role: name: logstash - - name: Configure rsyslog - ansible.builtin.lineinfile: - line: "*.* @@localhost:514" - path: /etc/rsyslog.conf - - name: Restart rsyslog - ansible.builtin.service: - name: rsyslog - state: restarted - changed_when: false From bb90066ec4cc85ee5c6f242257e67eeb782ad968 Mon Sep 17 00:00:00 2001 From: Thomas Widhalm Date: Thu, 23 Jan 2025 16:18:31 +0100 Subject: [PATCH 6/6] Don't check for disabled port --- molecule/elasticstack_default/verify.yml | 4 ---- molecule/logstash_full_stack-oss/verify.yml | 4 ---- 2 files changed, 8 deletions(-) diff --git a/molecule/elasticstack_default/verify.yml b/molecule/elasticstack_default/verify.yml index 775790c3..9e9a4ba7 100644 --- a/molecule/elasticstack_default/verify.yml +++ b/molecule/elasticstack_default/verify.yml @@ -17,10 +17,6 @@ port: 5044 when: "'logstash' in group_names" - - name: Wait for syslog port to open - ansible.builtin.wait_for: - port: 514 - - name: Set elasticsearch_ca variable if not already done by user ansible.builtin.set_fact: elasticsearch_ca: "{{ groups[elasticstack_elasticsearch_group_name][0] }}" diff --git a/molecule/logstash_full_stack-oss/verify.yml b/molecule/logstash_full_stack-oss/verify.yml index f4888fa6..fc4bcc65 100644 --- a/molecule/logstash_full_stack-oss/verify.yml +++ b/molecule/logstash_full_stack-oss/verify.yml @@ -13,10 +13,6 @@ - name: Run syntax check ansible.builtin.command: "/usr/share/logstash/bin/logstash --path.settings=/etc/logstash -t" when: "'logstash' in group_names" - - name: Check for open port tcp {{ elasticstack_beats_port }} - ansible.builtin.wait_for: - port: "{{ elasticstack_beats_port }}" - when: "'logstash' in group_names" - name: Query for Logstasch indices ansible.builtin.shell: > curl -s http://localhost:{{ elasticstack_elasticsearch_http_port }}/_cat/indices |