openstack/openstack-ansible-ops
Code Issues Proposed changes

Update README, beat deployment, and configs

Browse Source 
Beat set is using a loop to ship both templates and dashboards using
different commands. This is being done to ensure no data is lost or
mis-setup during index creation.

Packetbeat only needs to be installed on hosts

All of the beats are now using standard field templates.

Change-Id: Ie6220eb94a12780ad122ba367bf7654d97c212e8
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2018-04-11 21:24:46 -05:00
parent 17fb37f075
commit 83a64509c5
No known key found for this signature in database
GPG Key ID: 9443251A787B9FB3
7 changed files with 134 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
elk_metrics_6x/installAuditbeat.yml
View File

@ -26,6 +26,14 @@
src: templates/auditbeat.yml.j2 src: templates/auditbeat.yml.j2
dest: /etc/auditbeat/auditbeat.yml dest: /etc/auditbeat/auditbeat.yml
- name: Stop auditd
systemd:
name: "auditd"
enabled: "{{ not inventory_hostname in groups['kibana'] | default([]) }}"
state: stopped
when:
- not apply_security_hardening | default(true) | bool
- name: Enable and restart auditbeat - name: Enable and restart auditbeat
systemd: systemd:
name: "auditbeat" name: "auditbeat"
@ -48,6 +56,10 @@
{% endfor %} {% endfor %}
{% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %} {% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %}
auditbeat setup auditbeat setup
{{ item }}
-E 'output.logstash.enabled=false' -E 'output.logstash.enabled=false'
-E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}' -E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}'
-e -v -e -v
with_items:
- "--template"
- "--dashboards"

4
elk_metrics_6x/installMetricbeat.yml
View File

@ -72,6 +72,10 @@
{% endfor %} {% endfor %}
{% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %} {% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %}
metricbeat setup metricbeat setup
{{ item }}
-E 'output.logstash.enabled=false' -E 'output.logstash.enabled=false'
-E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}' -E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}'
-e -v -e -v
with_items:
- "--template"
- "--dashboards"

13
elk_metrics_6x/installPacketbeat.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Install Packetbeat - name: Install Packetbeat
hosts: all hosts: hosts
become: true become: true
vars: vars:
haproxy_ssl: false haproxy_ssl: false
@ -13,9 +13,12 @@
- name: Ensure packetbeat is installed - name: Ensure packetbeat is installed
apt: apt:
name: packetbeat name: "{{ item }}"
state: present state: present
update_cache: true update_cache: true
with_items:
- tcpdump
- packetbeat
post_tasks: post_tasks:
- name: Drop packetbeat conf file - name: Drop packetbeat conf file
@ -31,7 +34,7 @@
- name: Load Packetbeat Dashboards - name: Load Packetbeat Dashboards
hosts: all[0] hosts: hosts[0]
become: true become: true
vars_files: vars_files:
- vars/variables.yml - vars/variables.yml
@ -45,6 +48,10 @@
{% endfor %} {% endfor %}
{% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %} {% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %}
packetbeat setup packetbeat setup
{{ item }}
-E 'output.logstash.enabled=false' -E 'output.logstash.enabled=false'
-E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}' -E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}'
-e -v -e -v
with_items:
- "--template"
- "--dashboards"

25
elk_metrics_6x/readme.rst
View File

@ -1,17 +1,12 @@
install Elk stack with topbeat to gather metrics Install ELK with beats to gather metrics
################################################# ########################################
:tags: openstack, ansible :tags: openstack, ansible
Changelog
---------
2018-03-06 Per Abildgaard Toft (per@minfejl.dk): Updated to version Elasticsearch,Logstash and Kibana 6.x. Changed Topebeat (deprecated) to metricbeat. Included haproxy endpoint configuration.
About this repository About this repository
--------------------- ---------------------
This set of playbooks will deploy elk cluster (Elasticsearch, Logstash, Kibana) with topbeat to gather metrics from hosts metrics to the ELK cluster. This set of playbooks will deploy elk cluster (Elasticsearch, Logstash, Kibana)
with topbeat to gather metrics from hosts metrics to the ELK cluster.
Process Process
------- -------
@ -27,7 +22,7 @@ Copy the env.d file into place
.. code-block:: bash .. code-block:: bash
cd openstack-ansible-ops/elk_metrics_6x cd /opt/openstack-ansible-ops/elk_metrics_6x
cp env.d/elk.yml /etc/openstack_deploy/env.d/ cp env.d/elk.yml /etc/openstack_deploy/env.d/
Copy the conf.d file into place Copy the conf.d file into place
@ -36,7 +31,9 @@ Copy the conf.d file into place
cp conf.d/elk.yml /etc/openstack_deploy/conf.d/ cp conf.d/elk.yml /etc/openstack_deploy/conf.d/
In **elk.yml**, list your logging hosts under elastic-logstash_hosts to create the elasticsearch cluster in multiple containers and one logging host under kibana_hosts to create the kibana container In **elk.yml**, list your logging hosts under elastic-logstash_hosts to create
the elasticsearch cluster in multiple containers and one logging host under
kibana_hosts to create the kibana container
.. code-block:: bash .. code-block:: bash
@ -70,7 +67,8 @@ Install Kibana, nginx reverse proxy and metricbeat on the kibana container
cd /opt/openstack-ansible-ops/elk_metrics_6x cd /opt/openstack-ansible-ops/elk_metrics_6x
openstack-ansible installKibana.yml openstack-ansible installKibana.yml
install Metricbeat everywhere to start shipping metrics to our logstash instances Install Metricbeat everywhere to start shipping metrics to our logstash
instances
.. code-block:: bash .. code-block:: bash
@ -79,7 +77,8 @@ install Metricbeat everywhere to start shipping metrics to our logstash instance
Optional | conigure haproxy endpoints Optional | conigure haproxy endpoints
Edit the `/etc/openstack_deploy/user_variables.yml` file and add fiel following lines Edit the `/etc/openstack_deploy/user_variables.yml` file and add fiel following
lines
.. code-block:: yaml .. code-block:: yaml

27
elk_metrics_6x/templates/auditbeat.yml.j2
View File

@ -32,7 +32,7 @@ auditbeat.modules:
# The auditd module collects events from the audit framework in the Linux # The auditd module collects events from the audit framework in the Linux
# kernel. You need to specify audit rules for the events that you want to audit. # kernel. You need to specify audit rules for the events that you want to audit.
- module: auditd - module: auditd
socket_type: multicast socket_type: {{ (apply_security_hardening | default(true) | bool) | ternary('multicast', 'unicast') }}
resolve_ids: true resolve_ids: true
failure_mode: silent failure_mode: silent
backlog_limit: 8196 backlog_limit: 8196
@ -55,14 +55,18 @@ auditbeat.modules:
## Executions. ## Executions.
-a always,exit -F arch=b64 -S execve,execveat -k exec -a always,exit -F arch=b64 -S execve,execveat -k exec
## Identity changes. # Things that affect identity.
-w /etc/group -p wa -k identity -w /etc/group -p wa -k identity
-w /etc/passwd -p wa -k identity -w /etc/passwd -p wa -k identity
-w /etc/gshadow -p wa -k identity -w /etc/gshadow -p wa -k identity
-w /etc/shadow -p wa -k identity
# Unauthorized access attempts to files (unsuccessful).
-a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access
-a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access
-a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access
-a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access
## Unauthorized access attempts.
-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -k access
-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access
{% endif %} {% endif %}
# The file integrity module sends events when files are changed (created, # The file integrity module sends events when files are changed (created,
@ -71,11 +75,12 @@ auditbeat.modules:
paths: paths:
- /bin - /bin
- /etc/apt - /etc/apt
- /etc/networking - /etc/network
- /etc/openstack_deploy - /etc/openstack_deploy
- /etc/sysconfig - /etc/sysconfig
- /etc/systemd - /etc/systemd
- /etc/yum - /etc/yum
- /etc/zypp
- /openstack/venvs - /openstack/venvs
- /sbin - /sbin
- /usr/bin - /usr/bin
@ -96,11 +101,11 @@ auditbeat.modules:
# Average scan rate. This throttles the amount of CPU and I/O that Auditbeat # Average scan rate. This throttles the amount of CPU and I/O that Auditbeat
# consumes at startup while scanning. Default is "50 MiB". # consumes at startup while scanning. Default is "50 MiB".
scan_rate_per_sec: 50 MiB scan_rate_per_sec: 64 MiB
# Limit on the size of files that will be hashed. Default is "100 MiB". # Limit on the size of files that will be hashed. Default is "100 MiB".
# Limit on the size of files that will be hashed. Default is "100 MiB". # Limit on the size of files that will be hashed. Default is "100 MiB".
max_file_size: 100 MiB max_file_size: 128 MiB
# Hash types to compute when the file changes. Supported types are # Hash types to compute when the file changes. Supported types are
# blake2b_256, blake2b_384, blake2b_512, md5, sha1, sha224, sha256, sha384, # blake2b_256, blake2b_384, blake2b_512, md5, sha1, sha224, sha256, sha384,
@ -774,15 +779,15 @@ setup.template.enabled: true
# Template name. By default the template name is "auditbeat-%{[beat.version]}" # Template name. By default the template name is "auditbeat-%{[beat.version]}"
# The template name and pattern has to be set in case the elasticsearch index pattern is modified. # The template name and pattern has to be set in case the elasticsearch index pattern is modified.
#setup.template.name: "auditbeat-%{[beat.version]}" setup.template.name: "auditbeat-%{[beat.version]}"
# Template pattern. By default the template pattern is "-%{[beat.version]}-*" to apply to the default index settings. # Template pattern. By default the template pattern is "-%{[beat.version]}-*" to apply to the default index settings.
# The first part is the version of the beat and then -* is used to match all daily indices. # The first part is the version of the beat and then -* is used to match all daily indices.
# The template name and pattern has to be set in case the elasticsearch index pattern is modified. # The template name and pattern has to be set in case the elasticsearch index pattern is modified.
#setup.template.pattern: "auditbeat-%{[beat.version]}-*" setup.template.pattern: "auditbeat-%{[beat.version]}-*"
# Path to fields.yml file to generate the template # Path to fields.yml file to generate the template
#setup.template.fields: "${path.config}/fields.yml" setup.template.fields: "${path.config}/fields.yml"
# Overwrite existing template # Overwrite existing template
setup.template.overwrite: true setup.template.overwrite: true

22
elk_metrics_6x/templates/metricbeat.yml.j2
View File

@ -79,21 +79,21 @@ metricbeat.modules:
# in the top N by CPU or memory, in order to reduce the number of documents created. # in the top N by CPU or memory, in order to reduce the number of documents created.
# If both the `by_cpu` and `by_memory` options are used, the union of the two sets # If both the `by_cpu` and `by_memory` options are used, the union of the two sets
# is included. # is included.
#process.include_top_n: process.include_top_n:
# #
# Set to false to disable this feature and include all processes # Set to false to disable this feature and include all processes
#enabled: true enabled: true
# How many processes to include from the top by CPU. The processes are sorted # How many processes to include from the top by CPU. The processes are sorted
# by the `system.process.cpu.total.pct` field. # by the `system.process.cpu.total.pct` field.
#by_cpu: 0 by_cpu: 20
# How many processes to include from the top by memory. The processes are sorted # How many processes to include from the top by memory. The processes are sorted
# by the `system.process.memory.rss.bytes` field. # by the `system.process.memory.rss.bytes` field.
#by_memory: 0 by_memory: 20
# If false, cmdline of a process is not cached. # If false, cmdline of a process is not cached.
#process.cmdline.cache.enabled: true process.cmdline.cache.enabled: true
# Enable collection of cgroup metrics from processes on Linux. # Enable collection of cgroup metrics from processes on Linux.
process.cgroups.enabled: true process.cgroups.enabled: true
@ -107,9 +107,9 @@ metricbeat.modules:
process.include_cpu_ticks: {{ inventory_hostname == physical_host }} process.include_cpu_ticks: {{ inventory_hostname == physical_host }}
# Configure reverse DNS lookup on remote IP addresses in the socket metricset. # Configure reverse DNS lookup on remote IP addresses in the socket metricset.
#socket.reverse_lookup.enabled: false socket.reverse_lookup.enabled: true
#socket.reverse_lookup.success_ttl: 60s socket.reverse_lookup.success_ttl: 60s
#socket.reverse_lookup.failure_ttl: 60s socket.reverse_lookup.failure_ttl: 60s
##------------------------------ Aerospike Module ----------------------------- ##------------------------------ Aerospike Module -----------------------------
#- module: aerospike #- module: aerospike
@ -1165,15 +1165,15 @@ setup.template.enabled: true
# Template name. By default the template name is "metricbeat-%{[beat.version]}" # Template name. By default the template name is "metricbeat-%{[beat.version]}"
# The template name and pattern has to be set in case the elasticsearch index pattern is modified. # The template name and pattern has to be set in case the elasticsearch index pattern is modified.
#setup.template.name: "metricbeat-%{[beat.version]}" setup.template.name: "metricbeat-%{[beat.version]}"
# Template pattern. By default the template pattern is "-%{[beat.version]}-*" to apply to the default index settings. # Template pattern. By default the template pattern is "-%{[beat.version]}-*" to apply to the default index settings.
# The first part is the version of the beat and then -* is used to match all daily indices. # The first part is the version of the beat and then -* is used to match all daily indices.
# The template name and pattern has to be set in case the elasticsearch index pattern is modified. # The template name and pattern has to be set in case the elasticsearch index pattern is modified.
#setup.template.pattern: "metricbeat-%{[beat.version]}-*" setup.template.pattern: "metricbeat-%{[beat.version]}-*"
# Path to fields.yml file to generate the template # Path to fields.yml file to generate the template
#setup.template.fields: "${path.config}/fields.yml" setup.template.fields: "${path.config}/fields.yml"
# Overwrite existing template # Overwrite existing template
setup.template.overwrite: true setup.template.overwrite: true

99
elk_metrics_6x/templates/packetbeat.yml.j2
View File

@ -18,24 +18,24 @@ packetbeat.interfaces.device: any
# not the fastest option. # not the fastest option.
# * af_packet, which uses memory-mapped sniffing. This option is faster than # * af_packet, which uses memory-mapped sniffing. This option is faster than
# libpcap and doesn't require a kernel module, but it's Linux-specific. # libpcap and doesn't require a kernel module, but it's Linux-specific.
#packetbeat.interfaces.type: pcap packetbeat.interfaces.type: af_packet
# The maximum size of the packets to capture. The default is 65535, which is # The maximum size of the packets to capture. The default is 65535, which is
# large enough for almost all networks and interface types. If you sniff on a # large enough for almost all networks and interface types. If you sniff on a
# physical network interface, the optimal setting is the MTU size. On virtual # physical network interface, the optimal setting is the MTU size. On virtual
# interfaces, however, it's safer to accept the default value. # interfaces, however, it's safer to accept the default value.
#packetbeat.interfaces.snaplen: 65535 packetbeat.interfaces.snaplen: 65535
# The maximum size of the shared memory buffer to use between the kernel and # The maximum size of the shared memory buffer to use between the kernel and
# user space. A bigger buffer usually results in lower CPU usage, but consumes # user space. A bigger buffer usually results in lower CPU usage, but consumes
# more memory. This setting is only available for the af_packet sniffer type. # more memory. This setting is only available for the af_packet sniffer type.
# The default is 30 MB. # The default is 30 MB.
#packetbeat.interfaces.buffer_size_mb: 30 packetbeat.interfaces.buffer_size_mb: 30
# Packetbeat automatically generates a BPF for capturing only the traffic on # Packetbeat automatically generates a BPF for capturing only the traffic on
# ports where it expects to find known protocols. Use this settings to tell # ports where it expects to find known protocols. Use this settings to tell
# Packetbeat to generate a BPF filter that accepts VLAN tags. # Packetbeat to generate a BPF filter that accepts VLAN tags.
#packetbeat.interfaces.with_vlans: true packetbeat.interfaces.with_vlans: true
# Use this setting to override the automatically generated BPF filter. # Use this setting to override the automatically generated BPF filter.
#packetbeat.interfaces.bpf_filter: #packetbeat.interfaces.bpf_filter:
@ -44,7 +44,7 @@ packetbeat.interfaces.device: any
packetbeat.flows: packetbeat.flows:
# Enable Network flows. Default: true # Enable Network flows. Default: true
#enabled: true enabled: true
# Set network flow timeout. Flow is killed if no packet is received before being # Set network flow timeout. Flow is killed if no packet is received before being
# timed out. # timed out.
@ -60,10 +60,17 @@ packetbeat.protocols:
# Enable ICMPv4 and ICMPv6 monitoring. Default: true # Enable ICMPv4 and ICMPv6 monitoring. Default: true
enabled: true enabled: true
{% if inventory_hostname in groups['rabbitmq_all'] | default([]) %}
- type: amqp - type: amqp
# Enable AMQP monitoring. Default: true # Enable AMQP monitoring. Default: true
enabled: true {% set ns = namespace(enabled=(inventory_hostname in groups['rabbitmq_all'] | default([]))) %}
{% if not ns.enabled | bool %}
{% for _item in groups['rabbitmq_all'] | default([]) %}
{% if not ns.enabled | bool | bool or _item in groups[inventory_hostname + '-host_containers'] | default([]) %}
{% set ns.enabled = true %}
{% endif %}
{% endfor %}
{% endif %}
enabled: {{ ns.enabled | bool }}
# Configure the ports where to listen for AMQP traffic. You can disable # Configure the ports where to listen for AMQP traffic. You can disable
# the AMQP protocol by commenting out the list of ports. # the AMQP protocol by commenting out the list of ports.
@ -97,9 +104,11 @@ packetbeat.protocols:
# Transaction timeout. Expired transactions will no longer be correlated to # Transaction timeout. Expired transactions will no longer be correlated to
# incoming responses, but sent to Elasticsearch immediately. # incoming responses, but sent to Elasticsearch immediately.
#transaction_timeout: 10s #transaction_timeout: 10s
{% endif %}
- type: cassandra - type: cassandra
# Enable cassandra monitoring. Default: false
enabled: false
#Cassandra port for traffic monitoring. #Cassandra port for traffic monitoring.
ports: [9042] ports: [9042]
@ -156,10 +165,17 @@ packetbeat.protocols:
# incoming responses, but sent to Elasticsearch immediately. # incoming responses, but sent to Elasticsearch immediately.
#transaction_timeout: 10s #transaction_timeout: 10s
{% if inventory_hostname in groups['shared-infra_hosts'] | default([]) %}
- type: http - type: http
# Enable HTTP monitoring. Default: true # Enable HTTP monitoring. Default: true
enabled: true {% set ns = namespace(enabled=(inventory_hostname in groups['shared-infra_hosts'] | default([]))) %}
{% if not ns.enabled | bool %}
{% for _item in groups['shared-infra_hosts'] | default([]) %}
{% if not ns.enabled | bool or _item in groups[inventory_hostname + '-host_containers'] | default([]) %}
{% set ns.enabled = true %}
{% endif %}
{% endfor %}
{% endif %}
enabled: {{ ns.enabled }}
# Configure the ports where to listen for HTTP traffic. You can disable # Configure the ports where to listen for HTTP traffic. You can disable
# the HTTP protocol by commenting out the list of ports. # the HTTP protocol by commenting out the list of ports.
@ -209,12 +225,18 @@ packetbeat.protocols:
# Maximum message size. If an HTTP message is larger than this, it will # Maximum message size. If an HTTP message is larger than this, it will
# be trimmed to this size. Default is 10 MB. # be trimmed to this size. Default is 10 MB.
#max_message_size: 10485760 #max_message_size: 10485760
{% endif %}
{% if inventory_hostname in groups['memcached_all'] | default([]) %}
- type: memcache - type: memcache
# Enable memcache monitoring. Default: true # Enable memcache monitoring. Default: true
enabled: true {% set ns = namespace(enabled=(inventory_hostname in groups['memcached_all'] | default([]))) %}
{% if not ns.enabled | bool %}
{% for _item in groups['memcached_all'] | default([]) %}
{% if not ns.enabled | bool or _item in groups[inventory_hostname + '-host_containers'] | default([]) %}
{% set ns.enabled = true %}
{% endif %}
{% endfor %}
{% endif %}
enabled: {{ ns.enabled }}
# Configure the ports where to listen for memcache traffic. You can disable # Configure the ports where to listen for memcache traffic. You can disable
# the Memcache protocol by commenting out the list of ports. # the Memcache protocol by commenting out the list of ports.
@ -260,12 +282,18 @@ packetbeat.protocols:
# Transaction timeout. Expired transactions will no longer be correlated to # Transaction timeout. Expired transactions will no longer be correlated to
# incoming responses, but sent to Elasticsearch immediately. # incoming responses, but sent to Elasticsearch immediately.
#transaction_timeout: 10s #transaction_timeout: 10s
{% endif %}
{% if inventory_hostname in groups['galera_all'] | default([]) %}
- type: mysql - type: mysql
# Enable mysql monitoring. Default: true # Enable mysql monitoring. Default: true
enabled: true {% set ns = namespace(enabled=(inventory_hostname in groups['galera_all'] | default([]))) %}
{% if not ns.enabled | bool %}
{% for _item in groups['galera_all'] | default([]) %}
{% if not ns.enabled | bool and _item in groups[inventory_hostname + '-host_containers'] | default([]) %}
{% set ns.enabled = true %}
{% endif %}
{% endfor %}
{% endif %}
enabled: {{ ns.enabled }}
# Configure the ports where to listen for MySQL traffic. You can disable # Configure the ports where to listen for MySQL traffic. You can disable
# the MySQL protocol by commenting out the list of ports. # the MySQL protocol by commenting out the list of ports.
@ -282,11 +310,10 @@ packetbeat.protocols:
# Transaction timeout. Expired transactions will no longer be correlated to # Transaction timeout. Expired transactions will no longer be correlated to
# incoming responses, but sent to Elasticsearch immediately. # incoming responses, but sent to Elasticsearch immediately.
#transaction_timeout: 10s #transaction_timeout: 10s
{% endif %}
- type: pgsql - type: pgsql
# Enable pgsql monitoring. Default: true # Enable pgsql monitoring. Default: true
#enabled: true enabled: false
# Configure the ports where to listen for Pgsql traffic. You can disable # Configure the ports where to listen for Pgsql traffic. You can disable
# the Pgsql protocol by commenting out the list of ports. # the Pgsql protocol by commenting out the list of ports.
@ -306,7 +333,7 @@ packetbeat.protocols:
- type: redis - type: redis
# Enable redis monitoring. Default: true # Enable redis monitoring. Default: true
#enabled: true enabled: false
# Configure the ports where to listen for Redis traffic. You can disable # Configure the ports where to listen for Redis traffic. You can disable
# the Redis protocol by commenting out the list of ports. # the Redis protocol by commenting out the list of ports.
@ -326,7 +353,7 @@ packetbeat.protocols:
- type: thrift - type: thrift
# Enable thrift monitoring. Default: true # Enable thrift monitoring. Default: true
#enabled: true enabled: false
# Configure the ports where to listen for Thrift-RPC traffic. You can disable # Configure the ports where to listen for Thrift-RPC traffic. You can disable
# the Thrift-RPC protocol by commenting out the list of ports. # the Thrift-RPC protocol by commenting out the list of ports.
@ -381,7 +408,7 @@ packetbeat.protocols:
- type: mongodb - type: mongodb
# Enable mongodb monitoring. Default: true # Enable mongodb monitoring. Default: true
#enabled: true enabled: false
# Configure the ports where to listen for MongoDB traffic. You can disable # Configure the ports where to listen for MongoDB traffic. You can disable
# the MongoDB protocol by commenting out the list of ports. # the MongoDB protocol by commenting out the list of ports.
@ -409,10 +436,17 @@ packetbeat.protocols:
# incoming responses, but sent to Elasticsearch immediately. # incoming responses, but sent to Elasticsearch immediately.
#transaction_timeout: 10s #transaction_timeout: 10s
{% if (inventory_hostname in groups['glance_all'] | default([])) or (inventory_hostname in groups['nova_compute'] | default([])) %}
- type: nfs - type: nfs
# Enable NFS monitoring. Default: true # Enable NFS monitoring. Default: true
enabled: true {% set ns = namespace(enabled=((inventory_hostname in groups['glance_all'] | default([])) or (inventory_hostname in groups['nova_compute'] | default([])))) %}
{% if not ns.enabled | bool %}
{% for _item in groups['glance_all'] | default([]) + groups['nova_compute'] | default([]) %}
{% if not ns.enabled | bool or _item in groups[inventory_hostname + '-host_containers'] | default([]) %}
{% set ns.enabled = true %}
{% endif %}
{% endfor %}
{% endif %}
enabled: {{ ns.enabled }}
# Configure the ports where to listen for NFS traffic. You can disable # Configure the ports where to listen for NFS traffic. You can disable
# the NFS protocol by commenting out the list of ports. # the NFS protocol by commenting out the list of ports.
@ -429,12 +463,18 @@ packetbeat.protocols:
# Transaction timeout. Expired transactions will no longer be correlated to # Transaction timeout. Expired transactions will no longer be correlated to
# incoming responses, but sent to Elasticsearch immediately. # incoming responses, but sent to Elasticsearch immediately.
#transaction_timeout: 10s #transaction_timeout: 10s
{% endif %}
{% if (inventory_hostname in groups['haproxy_all'] | default([])) or (inventory_hostname in groups['horizon_alll'] | default([])) %}
- type: tls - type: tls
# Enable TLS monitoring. Default: true # Enable TLS monitoring. Default: true
#enabled: true {% set ns = namespace(enabled=((inventory_hostname in groups['haproxy_all'] | default([])) or (inventory_hostname in groups['horizon_all'] | default([])))) %}
{% if not ns.enabled | bool %}
{% for _item in groups['haproxy_all'] | default([]) + groups['horizon_all'] | default([]) %}
{% if not ns.enabled | bool or _item in groups[inventory_hostname + '-host_containers'] | default([]) %}
{% set ns.enabled = true %}
{% endif %}
{% endfor %}
{% endif %}
enabled: {{ ns.enabled }}
# Configure the ports where to listen for TLS traffic. You can disable # Configure the ports where to listen for TLS traffic. You can disable
# the TLS protocol by commenting out the list of ports. # the TLS protocol by commenting out the list of ports.
@ -447,7 +487,6 @@ packetbeat.protocols:
# If this option is enabled, the raw certificates will be stored # If this option is enabled, the raw certificates will be stored
# in PEM format under the `raw` key. The default is false. # in PEM format under the `raw` key. The default is false.
#include_raw_certificates: false #include_raw_certificates: false
{% endif %}
#=========================== Monitored processes ============================== #=========================== Monitored processes ==============================
@ -1127,15 +1166,15 @@ setup.template.enabled: true
# Template name. By default the template name is "packetbeat-%{[beat.version]}" # Template name. By default the template name is "packetbeat-%{[beat.version]}"
# The template name and pattern has to be set in case the elasticsearch index pattern is modified. # The template name and pattern has to be set in case the elasticsearch index pattern is modified.
#setup.template.name: "packetbeat-%{[beat.version]}" setup.template.name: "packetbeat-%{[beat.version]}"
# Template pattern. By default the template pattern is "-%{[beat.version]}-*" to apply to the default index settings. # Template pattern. By default the template pattern is "-%{[beat.version]}-*" to apply to the default index settings.
# The first part is the version of the beat and then -* is used to match all daily indices. # The first part is the version of the beat and then -* is used to match all daily indices.
# The template name and pattern has to be set in case the elasticsearch index pattern is modified. # The template name and pattern has to be set in case the elasticsearch index pattern is modified.
#setup.template.pattern: "packetbeat-%{[beat.version]}-*" setup.template.pattern: "packetbeat-%{[beat.version]}-*"
# Path to fields.yml file to generate the template # Path to fields.yml file to generate the template
#setup.template.fields: "${path.config}/fields.yml" setup.template.fields: "${path.config}/fields.yml"
# Overwrite existing template # Overwrite existing template
setup.template.overwrite: true setup.template.overwrite: true