openstack/openstack-ansible-ops
Code Issues Proposed changes

Tune down the collection intervals and default retention policy

Browse Source 
At present we're collecting too much info by default. We're seeing
+500GB on a <50 node environment in just two weeks. While we dont expect
the data set to grow much larger given the use of curator, this change
lowers the default collection intervals of the various beats and updates
the retention / detection policies so we're not storing too much
information.

To correct a unicode problem with py2 the host index loops have been
updated.

Curator has also been updated to run everyday.

Change-Id: Ic202eb19806d1b805fa314d3d8bde05b286740e0
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2018-05-10 16:27:56 -05:00 committed by Kevin Carter (cloudnull)
parent 4a7651c6d2
commit 846a90d025
19 changed files with 130 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
elk_metrics_6x/installAPMserver.yml
View File

@ -49,20 +49,18 @@
shell: >- shell: >-
{% set IP_ARR=[] %} {% set IP_ARR=[] %}
{% for host in groups['elastic-logstash'] %} {% for host in groups['elastic-logstash'] %}
{% if IP_ARR.insert(loop.index,hostvars[host]['ansible_host']) %} {% set _ = IP_ARR.insert(loop.index, ((hostvars[host]['ansible_host'] | string) + ":" + (elastic_port | string))) %}
{% endif %}
{% endfor %} {% endfor %}
{% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %}
apm-server setup apm-server setup
{{ item }} {{ item }}
-E 'apm-server.host=localhost:8200' -E 'apm-server.host=localhost:8200'
-E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}' -E 'output.elasticsearch.hosts={{ IP_ARR | to_json }}'
-e -v -e -v
with_items: with_items:
- "--template" - "--template"
- "--dashboards" - "--dashboards"
register: templates register: templates
until: templates | success until: templates is success
retries: 3 retries: 3
delay: 2 delay: 2
tags: tags:

8
elk_metrics_6x/installAuditbeat.yml
View File

@ -58,20 +58,18 @@
shell: >- shell: >-
{% set IP_ARR=[] %} {% set IP_ARR=[] %}
{% for host in groups['elastic-logstash'] %} {% for host in groups['elastic-logstash'] %}
{% if IP_ARR.insert(loop.index,hostvars[host]['ansible_host']) %} {% set _ = IP_ARR.insert(loop.index, ((hostvars[host]['ansible_host'] | string) + ":" + (elastic_port | string))) %}
{% endif %}
{% endfor %} {% endfor %}
{% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %}
auditbeat setup auditbeat setup
{{ item }} {{ item }}
-E 'output.logstash.enabled=false' -E 'output.logstash.enabled=false'
-E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}' -E 'output.elasticsearch.hosts={{ IP_ARR | to_json }}'
-e -v -e -v
with_items: with_items:
- "--template" - "--template"
- "--dashboards" - "--dashboards"
register: templates register: templates
until: templates | success until: templates is success
retries: 3 retries: 3
delay: 2 delay: 2
tags: tags:

2
elk_metrics_6x/installCurator.yml
View File

@ -91,7 +91,7 @@
state: "started" state: "started"
options: options:
OnBootSec: 30min OnBootSec: 30min
OnUnitActiveSec: 48h OnUnitActiveSec: 24h
Persistent: true Persistent: true
- name: Enable and restart curator.timer - name: Enable and restart curator.timer

4
elk_metrics_6x/installElastic.yml
View File

@ -78,6 +78,10 @@
owner: elasticsearch owner: elasticsearch
group: elasticsearch group: elasticsearch
recurse: true recurse: true
register: e_perms
until: e_perms is success
retries: 3
delay: 1
tags: tags:
- config - config

8
elk_metrics_6x/installFilebeat.yml
View File

@ -149,20 +149,18 @@
shell: >- shell: >-
{% set IP_ARR=[] %} {% set IP_ARR=[] %}
{% for host in groups['elastic-logstash'] %} {% for host in groups['elastic-logstash'] %}
{% if IP_ARR.insert(loop.index,hostvars[host]['ansible_host']) %} {% set _ = IP_ARR.insert(loop.index, ((hostvars[host]['ansible_host'] | string) + ":" + (elastic_port | string))) %}
{% endif %}
{% endfor %} {% endfor %}
{% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %}
filebeat setup filebeat setup
{{ item }} {{ item }}
-E 'output.logstash.enabled=false' -E 'output.logstash.enabled=false'
-E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}' -E 'output.elasticsearch.hosts={{ IP_ARR | to_json }}'
-e -v -e -v
with_items: with_items:
- "--template" - "--template"
- "--dashboards" - "--dashboards"
register: templates register: templates
until: templates | success until: templates is success
retries: 3 retries: 3
delay: 2 delay: 2
tags: tags:

8
elk_metrics_6x/installHeartbeat.yml
View File

@ -47,20 +47,18 @@
shell: >- shell: >-
{% set IP_ARR=[] %} {% set IP_ARR=[] %}
{% for host in groups['elastic-logstash'] %} {% for host in groups['elastic-logstash'] %}
{% if IP_ARR.insert(loop.index,hostvars[host]['ansible_host']) %} {% set _ = IP_ARR.insert(loop.index, ((hostvars[host]['ansible_host'] | string) + ":" + (elastic_port | string))) %}
{% endif %}
{% endfor %} {% endfor %}
{% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %}
heartbeat setup heartbeat setup
{{ item }} {{ item }}
-E 'output.logstash.enabled=false' -E 'output.logstash.enabled=false'
-E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}' -E 'output.elasticsearch.hosts={{ IP_ARR | to_json }}'
-e -v -e -v
with_items: with_items:
- "--template" - "--template"
- "--dashboards" - "--dashboards"
register: templates register: templates
until: templates | success until: templates is success
retries: 3 retries: 3
delay: 2 delay: 2
tags: tags:

8
elk_metrics_6x/installJournalbeat.yml
View File

@ -129,16 +129,14 @@
# shell: >- # shell: >-
# {% set IP_ARR=[] %} # {% set IP_ARR=[] %}
# {% for host in groups['elastic-logstash'] %} # {% for host in groups['elastic-logstash'] %}
# {% if IP_ARR.insert(loop.index,hostvars[host]['ansible_host']) %} # {% set _ = IP_ARR.insert(loop.index, ((hostvars[host]['ansible_host'] | string) + ":" + (elastic_port | string))) %}
# {% endif %}
# {% endfor %} # {% endfor %}
# {% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %}
# /usr/local/bin/journalbeat -setup # /usr/local/bin/journalbeat -setup
# -E 'output.logstash.enabled=false' # -E 'output.logstash.enabled=false'
# -E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}' # -E 'output.elasticsearch.hosts={{ IP_ARR | to_json }}'
# -e -v # -e -v
# register: templates # register: templates
# until: templates | success # until: templates is success
# retries: 3 # retries: 3
# delay: 2 # delay: 2
# tags: # tags:

44
elk_metrics_6x/installMetricbeat.yml
View File

@ -30,16 +30,46 @@
path: /etc/apache2 path: /etc/apache2
register: apache2 register: apache2
- name: Check for ceph
stat:
path: /etc/ceph
register: ceph
- name: Check for haproxy
stat:
path: /etc/haproxy
register: haproxy
- name: Check for docker
stat:
path: /var/run/docker.sock
register: docker
- name: Check for httpd - name: Check for httpd
stat: stat:
path: /etc/httpd path: /etc/httpd
register: httpd register: httpd
- name: Check for memcached
stat:
path: /etc/memcached.conf
register: memcached
- name: Check for mysql
stat:
path: /var/lib/mysql
register: mysql
- name: Check for nginx - name: Check for nginx
stat: stat:
path: /etc/nginx/nginx.conf path: /etc/nginx/nginx.conf
register: nginx register: nginx
- name: Check for rabbitmq
stat:
path: /var/lib/rabbitmq
register: rabbitmq
- name: Check for uwsgi - name: Check for uwsgi
stat: stat:
path: /etc/uwsgi path: /etc/uwsgi
@ -48,7 +78,13 @@
- name: Set discovery facts - name: Set discovery facts
set_fact: set_fact:
apache_enabled: "{{ (apache2.stat.exists | bool) or (httpd.stat.exists | bool) }}" apache_enabled: "{{ (apache2.stat.exists | bool) or (httpd.stat.exists | bool) }}"
ceph_enabled: "{{ ceph.stat.exists | bool }}"
docker_enabled: "{{ docker.stat.exists | bool }}"
haproxy_enabled: "{{ haproxy.stat.exists | bool }}"
memcached_enabled: "{{ memcached.stat.exists | bool }}"
mysql_enabled: "{{ mysql.stat.exists | bool }}"
nginx_enabled: "{{ nginx.stat.exists | bool }}" nginx_enabled: "{{ nginx.stat.exists | bool }}"
rabbitmq_enabled: "{{ rabbitmq.stat.exists | bool }}"
uwsgi_enabled: "{{ uwsgi.stat.exists | bool }}" uwsgi_enabled: "{{ uwsgi.stat.exists | bool }}"
post_tasks: post_tasks:
@ -74,20 +110,18 @@
shell: >- shell: >-
{% set IP_ARR=[] %} {% set IP_ARR=[] %}
{% for host in groups['elastic-logstash'] %} {% for host in groups['elastic-logstash'] %}
{% if IP_ARR.insert(loop.index,hostvars[host]['ansible_host']) %} {% set _ = IP_ARR.insert(loop.index, ((hostvars[host]['ansible_host'] | string) + ":" + (elastic_port | string))) %}
{% endif %}
{% endfor %} {% endfor %}
{% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %}
metricbeat setup metricbeat setup
{{ item }} {{ item }}
-E 'output.logstash.enabled=false' -E 'output.logstash.enabled=false'
-E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}' -E 'output.elasticsearch.hosts={{ IP_ARR | to_json }}'
-e -v -e -v
with_items: with_items:
- "--template" - "--template"
- "--dashboards" - "--dashboards"
register: templates register: templates
until: templates | success until: templates is success
retries: 3 retries: 3
delay: 2 delay: 2
tags: tags:

8
elk_metrics_6x/installPacketbeat.yml
View File

@ -50,20 +50,18 @@
shell: >- shell: >-
{% set IP_ARR=[] %} {% set IP_ARR=[] %}
{% for host in groups['elastic-logstash'] %} {% for host in groups['elastic-logstash'] %}
{% if IP_ARR.insert(loop.index,hostvars[host]['ansible_host']) %} {% set _ = IP_ARR.insert(loop.index, ((hostvars[host]['ansible_host'] | string) + ":" + (elastic_port | string))) %}
{% endif %}
{% endfor %} {% endfor %}
{% set elasticsearch_hosts = [IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' )] %}
packetbeat setup packetbeat setup
{{ item }} {{ item }}
-E 'output.logstash.enabled=false' -E 'output.logstash.enabled=false'
-E 'output.elasticsearch.hosts={{ elasticsearch_hosts }}' -E 'output.elasticsearch.hosts={{ IP_ARR | to_json }}'
-e -v -e -v
with_items: with_items:
- "--template" - "--template"
- "--dashboards" - "--dashboards"
register: templates register: templates
until: templates | success until: templates is success
retries: 3 retries: 3
delay: 2 delay: 2
tags: tags:

2
elk_metrics_6x/readme.rst
View File

@ -150,7 +150,7 @@ deploy logstash, deploy kibana, and then deploy all of the service beats.
.. code-block:: bash .. code-block:: bash
cd /opt/openstack-ansible-ops/elk_metrics_6x cd /opt/openstack-ansible-ops/elk_metrics_6x
ansible-playbook site.yml ansible-playbook site.yml $USER_VARS
* The `openstack-ansible` command can be used if the version of ansible on the * The `openstack-ansible` command can be used if the version of ansible on the

7
elk_metrics_6x/templates/30-elasticsearch-output.conf.j2
View File

@ -1,11 +1,10 @@
{% set IP_ARR=[] %} {% set IP_ARR=[] %}
{% for host in groups['elastic-logstash'] %} {% for host in groups['elastic-logstash'] %}
{% if IP_ARR.insert(loop.index,hostvars[host]['ansible_host']) %} {% set _ = IP_ARR.insert(loop.index, ((hostvars[host]['ansible_host'] | string) + ":" + (elastic_port | string))) %}
{% endif %} {% endfor %}
{% endfor -%}
output { output {
elasticsearch { elasticsearch {
hosts => [{{ IP_ARR | map('regex_replace', '$', ':' ~ elastic_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' ) }}] hosts => {{ IP_ARR | to_json }}
sniffing => true sniffing => true
manage_template => false manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"

5
elk_metrics_6x/templates/_include_log_stash_output.yml.j2
View File

@ -1,14 +1,13 @@
{% set IP_ARR=[] %} {% set IP_ARR=[] %}
{% for host in groups['elastic-logstash'] %} {% for host in groups['elastic-logstash'] %}
{% if IP_ARR.insert(loop.index,hostvars[host]['ansible_host']) %} {% set _ = IP_ARR.insert(loop.index, ((hostvars[host]['ansible_host'] | string) + ":" + (logstash_beat_input_port | string))) %}
{% endif %}
{% endfor %} {% endfor %}
output.logstash: output.logstash:
# Boolean flag to enable or disable the output module. # Boolean flag to enable or disable the output module.
enabled: true enabled: true
# The Logstash hosts # The Logstash hosts
hosts: [{{ IP_ARR | map('regex_replace', '$', ':' ~ logstash_beat_input_port|string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' ) }}] hosts: {{ IP_ARR | to_json }}
# Number of workers per Logstash host. # Number of workers per Logstash host.
#worker: 1 #worker: 1

2
elk_metrics_6x/templates/auditbeat.yml.j2
View File

@ -17,7 +17,7 @@ auditbeat.config.modules:
path: ${path.config}/conf.d/*.yml path: ${path.config}/conf.d/*.yml
# Period on which files under path should be checked for changes # Period on which files under path should be checked for changes
reload.period: 10s reload.period: 60s
# Set to true to enable config reloading # Set to true to enable config reloading
reload.enabled: false reload.enabled: false

9
elk_metrics_6x/templates/elasticsearch.yml.j2
View File

@ -32,7 +32,7 @@ bootstrap.memory_lock: false
# ---------------------------------- Network ----------------------------------- # ---------------------------------- Network -----------------------------------
# #
# Set the bind address to a specific IP (IPv4 or IPv6): # Set the bind address to a specific IP (IPv4 or IPv6):
network.host: [127.0.0.1, {{ ansible_host }}] network.host: ["127.0.0.1", "{{ ansible_host }}"]
# Set a custom port for HTTP: # Set a custom port for HTTP:
http.port: {{ elastic_port }} http.port: {{ elastic_port }}
@ -43,8 +43,7 @@ http.port: {{ elastic_port }}
# #
{% set IP_ARR=[] %} {% set IP_ARR=[] %}
{% for host in groups['elastic-logstash'] %} {% for host in groups['elastic-logstash'] %}
{% if IP_ARR.extend([hostvars[host]['ansible_host'] | string]) %} {% set _ = IP_ARR.insert(loop.index, (hostvars[host]['ansible_host'] | string)) %}
{% endif %}
{% endfor %} {% endfor %}
{% set available_nodes = (groups['elastic-logstash'] | length) %} {% set available_nodes = (groups['elastic-logstash'] | length) %}
{# the master node count takes half the available nodes or sets it's self as 1 #} {# the master node count takes half the available nodes or sets it's self as 1 #}
@ -52,7 +51,7 @@ http.port: {{ elastic_port }}
{# if the master node count is even, add one to it otherwise use the provided value #} {# if the master node count is even, add one to it otherwise use the provided value #}
{% set master_node_count = ((_master_node_count | int) % 2 != 0) | ternary(_master_node_count, (_master_node_count + 1)) %} {% set master_node_count = ((_master_node_count | int) % 2 != 0) | ternary(_master_node_count, (_master_node_count + 1)) %}
discovery.zen.ping.unicast.hosts: {{ IP_ARR }} discovery.zen.ping.unicast.hosts: {{ IP_ARR | to_json }}
# #
# Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1): # Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1):
discovery.zen.minimum_master_nodes: {{ master_node_count | int }} discovery.zen.minimum_master_nodes: {{ master_node_count | int }}
@ -68,7 +67,7 @@ node.data: {{ (inventory_hostname in (groups['elastic-logstash'][:master_node_co
# #
# Block initial recovery after a full cluster restart until N nodes are started: # Block initial recovery after a full cluster restart until N nodes are started:
# #
gateway.recover_after_nodes: {{ master_node_count }} gateway.recover_after_nodes: {{ master_node_count | int // 2 }}
# #
# For more information, see the documentation at: # For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-gateway.html> # <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-gateway.html>

4
elk_metrics_6x/templates/heartbeat.yml.j2
View File

@ -85,7 +85,7 @@ heartbeat.monitors:
#enabled: true #enabled: true
# Configure task schedule # Configure task schedule
schedule: '@every 30s' # every 30 seconds from start of beat schedule: '@every 45s' # every 30 seconds from start of beat
# configure hosts to ping. # configure hosts to ping.
# Entries can be: # Entries can be:
@ -166,7 +166,7 @@ heartbeat.monitors:
#enabled: true #enabled: true
# Configure task schedule # Configure task schedule
schedule: '@every 30s' # every 30 seconds from start of beat schedule: '@every 60s' # every 30 seconds from start of beat
# Configure URLs to ping # Configure URLs to ping
urls: [{{ hosts | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' ) }}] urls: [{{ hosts | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' ) }}]

11
elk_metrics_6x/templates/journalbeat.yml.j2
View File

@ -17,7 +17,7 @@ journalbeat:
#cursor_state_file: .journalbeat-cursor-state #cursor_state_file: .journalbeat-cursor-state
# How frequently should we save the cursor to disk (defaults to 5s) # How frequently should we save the cursor to disk (defaults to 5s)
#cursor_flush_period: 5s cursor_flush_period: 10s
# Path to the file to store the queue of events pending (defaults to ".journalbeat-pending-queue") # Path to the file to store the queue of events pending (defaults to ".journalbeat-pending-queue")
#pending_queue.file: .journalbeat-pending-queue #pending_queue.file: .journalbeat-pending-queue
@ -30,7 +30,7 @@ journalbeat:
# In case of disaster most probably journalbeat won't get a chance to shutdown # In case of disaster most probably journalbeat won't get a chance to shutdown
# itself gracefully and this flush period option will serve you as a # itself gracefully and this flush period option will serve you as a
# backup creation frequency option. # backup creation frequency option.
#pending_queue.flush_period: 1s pending_queue.flush_period: 5s
# Size of the buffered queue for the published and acknowledged messages # Size of the buffered queue for the published and acknowledged messages
#pending_queue.completed_queue_size: 8192 #pending_queue.completed_queue_size: 8192
@ -157,7 +157,12 @@ name: journalbeat
# Scheme and port can be left out and will be set to the default (http and 9200) # Scheme and port can be left out and will be set to the default (http and 9200)
# In case you specify and additional path, the scheme is required: http://localhost:9200/path # In case you specify and additional path, the scheme is required: http://localhost:9200/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:9200 # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
#hosts: {% set IP_ARR=[] %}{% for host in groups['elastic-logstash'] %}{% if IP_ARR.insert(loop.index,hostvars[host]['ansible_host']) %}{% endif %}{% endfor %}[{{ IP_ARR | map('regex_replace', '$', ':' ~ elastic_port | string()) | map('regex_replace', '$', '"') | map('regex_replace', '^', '"') | list | join(',' ) }}]
#{% set IP_ARR=[] %}
#{% for host in groups['elastic-logstash'] %}
#{% set _ = IP_ARR.insert(loop.index, ((hostvars[host]['ansible_host'] | string) + ":" + (elastic_port | string))) %}
#{% endfor %}
#hosts: {{ IP_ARR | to_json }}
# Set gzip compression level. # Set gzip compression level.
#compression_level: 0 #compression_level: 0

78
elk_metrics_6x/templates/metricbeat.yml.j2
View File

@ -17,7 +17,7 @@ metricbeat.config.modules:
path: ${path.config}/conf.d/*.yml path: ${path.config}/conf.d/*.yml
# Period on which files under path should be checked for changes # Period on which files under path should be checked for changes
reload.period: 10s reload.period: 30s
# Set to true to enable config reloading # Set to true to enable config reloading
reload.enabled: false reload.enabled: false
@ -41,7 +41,7 @@ metricbeat.max_start_delay: 10s
# config: # config:
# - module: etcd # - module: etcd
# metricsets: ["leader", "self", "store"] # metricsets: ["leader", "self", "store"]
# period: 10s # period: 30s
# hosts: ["${host}:2379"] # hosts: ["${host}:2379"]
#========================== Modules configuration ============================ #========================== Modules configuration ============================
@ -63,7 +63,7 @@ metricbeat.modules:
- diskio # Disk IO - diskio # Disk IO
- socket # Sockets and connection info (linux only) - socket # Sockets and connection info (linux only)
enabled: true enabled: true
period: 10s period: 30s
processes: ['.*'] processes: ['.*']
# Configure the metric types that are included by these metricsets. # Configure the metric types that are included by these metricsets.
@ -115,14 +115,14 @@ metricbeat.modules:
#- module: aerospike #- module: aerospike
# metricsets: ["namespace"] # metricsets: ["namespace"]
# enabled: false # enabled: false
# period: 10s # period: 30s
# hosts: ["localhost:3000"] # hosts: ["localhost:3000"]
# #
##------------------------------- Apache Module ------------------------------- ##------------------------------- Apache Module -------------------------------
{% if apache_enabled | default(false) | bool %} {% if apache_enabled | default(false) | bool %}
- module: apache - module: apache
metricsets: ["status"] metricsets: ["status"]
period: 10s period: 30s
# #
# # Apache hosts # # Apache hosts
hosts: ["http://127.0.0.1"] hosts: ["http://127.0.0.1"]
@ -138,24 +138,24 @@ metricbeat.modules:
{% endif %} {% endif %}
# #
#-------------------------------- Ceph Module -------------------------------- #-------------------------------- Ceph Module --------------------------------
{% if inventory_hostname in groups['ceph-mon'] | default([]) %} {% if ceph_enabled | default(false) | bool %}
- module: ceph - module: ceph
metricsets: ["cluster_disk", "cluster_health", "monitor_health", "pool_disk", "osd_tree"] metricsets: ["cluster_disk", "cluster_health", "monitor_health", "pool_disk", "osd_tree"]
period: 10s period: 30s
hosts: ["localhost:5000"] hosts: ["localhost:5000"]
# #
{% endif %} {% endif %}
##------------------------------ Couchbase Module ----------------------------- ##------------------------------ Couchbase Module -----------------------------
#- module: couchbase #- module: couchbase
# metricsets: ["bucket", "cluster", "node"] # metricsets: ["bucket", "cluster", "node"]
# period: 10s # period: 30s
# hosts: ["localhost:8091"] # hosts: ["localhost:8091"]
# #
##------------------------------- Docker Module ------------------------------- ##------------------------------- Docker Module -------------------------------
#- module: docker #- module: docker
# metricsets: ["container", "cpu", "diskio", "healthcheck", "info", "memory", "network"] # metricsets: ["container", "cpu", "diskio", "healthcheck", "info", "memory", "network"]
# hosts: ["unix:///var/run/docker.sock"] # hosts: ["unix:///var/run/docker.sock"]
# period: 10s # period: 30s
# #
# # To connect to Docker over TLS you must specify a client and CA certificate. # # To connect to Docker over TLS you must specify a client and CA certificate.
# #ssl: # #ssl:
@ -166,7 +166,7 @@ metricbeat.modules:
##----------------------------- Dropwizard Module ----------------------------- ##----------------------------- Dropwizard Module -----------------------------
#- module: dropwizard #- module: dropwizard
# metricsets: ["collector"] # metricsets: ["collector"]
# period: 10s # period: 30s
# hosts: ["localhost:8080"] # hosts: ["localhost:8080"]
# metrics_path: /metrics/metrics # metrics_path: /metrics/metrics
# namespace: example # namespace: example
@ -175,21 +175,21 @@ metricbeat.modules:
{% if inventory_hostname in groups['elastic-logstash'] | default([]) %} {% if inventory_hostname in groups['elastic-logstash'] | default([]) %}
- module: elasticsearch - module: elasticsearch
metricsets: ["node", "node_stats"] metricsets: ["node", "node_stats"]
period: 10s period: 30s
hosts: ["localhost:9200"] hosts: ["localhost:9200"]
# #
{% endif %} {% endif %}
##-------------------------------- Etcd Module -------------------------------- ##-------------------------------- Etcd Module --------------------------------
#- module: etcd #- module: etcd
# metricsets: ["leader", "self", "store"] # metricsets: ["leader", "self", "store"]
# period: 10s # period: 30s
# hosts: ["localhost:2379"] # hosts: ["localhost:2379"]
# #
# #
##------------------------------- Golang Module ------------------------------- ##------------------------------- Golang Module -------------------------------
#- module: golang #- module: golang
# metricsets: ["expvar","heap"] # metricsets: ["expvar","heap"]
# period: 10s # period: 30s
# hosts: ["localhost:6060"] # hosts: ["localhost:6060"]
# heap.path: "/debug/vars" # heap.path: "/debug/vars"
# expvar: # expvar:
@ -209,17 +209,17 @@ metricbeat.modules:
# #
# #
##------------------------------- HAProxy Module ------------------------------ ##------------------------------- HAProxy Module ------------------------------
{% if inventory_hostname in groups['haproxy_all'] | default([]) %} {% if haproxy_enabled | default(false) | bool %}
- module: haproxy - module: haproxy
metricsets: ["info", "stat"] metricsets: ["info", "stat"]
period: 10s period: 30s
hosts: ["tcp://127.0.0.1:14567"] hosts: ["tcp://127.0.0.1:14567"]
# #
{% endif %} {% endif %}
##-------------------------------- HTTP Module -------------------------------- ##-------------------------------- HTTP Module --------------------------------
#- module: http #- module: http
# metricsets: ["json"] # metricsets: ["json"]
# period: 10s # period: 30s
# hosts: ["localhost:80"] # hosts: ["localhost:80"]
# namespace: "json_namespace" # namespace: "json_namespace"
# path: "/" # path: "/"
@ -233,7 +233,7 @@ metricbeat.modules:
##------------------------------- Jolokia Module ------------------------------ ##------------------------------- Jolokia Module ------------------------------
#- module: jolokia #- module: jolokia
# metricsets: ["jmx"] # metricsets: ["jmx"]
# period: 10s # period: 30s
# hosts: ["localhost"] # hosts: ["localhost"]
# namespace: "metrics" # namespace: "metrics"
# path: "/jolokia/?ignoreErrors=true&canonicalNaming=false" # path: "/jolokia/?ignoreErrors=true&canonicalNaming=false"
@ -244,7 +244,7 @@ metricbeat.modules:
##-------------------------------- Kafka Module ------------------------------- ##-------------------------------- Kafka Module -------------------------------
#- module: kafka #- module: kafka
# metricsets: ["partition"] # metricsets: ["partition"]
# period: 10s # period: 30s
# hosts: ["localhost:9092"] # hosts: ["localhost:9092"]
# #
# #client_id: metricbeat # #client_id: metricbeat
@ -272,7 +272,7 @@ metricbeat.modules:
{% if inventory_hostname in groups['kibana'] | default([]) %} {% if inventory_hostname in groups['kibana'] | default([]) %}
- module: kibana - module: kibana
metricsets: ["status"] metricsets: ["status"]
period: 10s period: 30s
hosts: ["localhost:{{ kibana_port }}"] hosts: ["localhost:{{ kibana_port }}"]
# #
{% endif %} {% endif %}
@ -285,7 +285,7 @@ metricbeat.modules:
# - pod # - pod
# - container # - container
# - volume # - volume
# period: 10s # period: 30s
# hosts: ["localhost:10255"] # hosts: ["localhost:10255"]
# #
## State metrics from kube-state-metrics service: ## State metrics from kube-state-metrics service:
@ -297,7 +297,7 @@ metricbeat.modules:
# - state_replicaset # - state_replicaset
# - state_pod # - state_pod
# - state_container # - state_container
# period: 10s # period: 30s
# hosts: ["kube-state-metrics:8080"] # hosts: ["kube-state-metrics:8080"]
# #
## Kubernetes events ## Kubernetes events
@ -311,23 +311,23 @@ metricbeat.modules:
- module: logstash - module: logstash
metricsets: ["node", "node_stats"] metricsets: ["node", "node_stats"]
enabled: false enabled: false
period: 10s period: 30s
hosts: ["localhost:9600"] hosts: ["localhost:9600"]
# #
# #
{% endif %} {% endif %}
##------------------------------ Memcached Module ----------------------------- ##------------------------------ Memcached Module -----------------------------
{% if inventory_hostname in groups['memcached_all'] | default([]) %} {% if memcached_enabled | default(false) | bool %}
- module: memcached - module: memcached
metricsets: ["stats"] metricsets: ["stats"]
period: 10s period: 30s
hosts: ["localhost:11211"] hosts: ["127.0.0.1:11211"]
{% endif %} {% endif %}
##------------------------------- MongoDB Module ------------------------------ ##------------------------------- MongoDB Module ------------------------------
#- module: mongodb #- module: mongodb
# metricsets: ["dbstats", "status"] # metricsets: ["dbstats", "status"]
# period: 10s # period: 30s
# #
# # The hosts must be passed as MongoDB URLs in the format: # # The hosts must be passed as MongoDB URLs in the format:
# # [mongodb://][user:pass@]host[:port]. # # [mongodb://][user:pass@]host[:port].
@ -343,10 +343,10 @@ metricbeat.modules:
# #password: pass # #password: pass
# #
##-------------------------------- MySQL Module ------------------------------- ##-------------------------------- MySQL Module -------------------------------
{% if (inventory_hostname in groups['galera_all'] | default([])) and galera_root_user is defined and galera_root_password is defined %} {% if (mysql_enabled | default(false) | bool) and galera_root_user is defined and galera_root_password is defined %}
- module: mysql - module: mysql
metricsets: ["status"] metricsets: ["status"]
period: 10s period: 30s
# #
# # Host DSN should be defined as "user:pass@tcp(127.0.0.1:3306)/" # # Host DSN should be defined as "user:pass@tcp(127.0.0.1:3306)/"
# # The username and password can either be set in the DSN or using the username # # The username and password can either be set in the DSN or using the username
@ -369,7 +369,7 @@ metricbeat.modules:
- module: nginx - module: nginx
metricsets: ["stubstatus"] metricsets: ["stubstatus"]
enabled: true enabled: true
period: 10s period: 30s
# Nginx hosts # Nginx hosts
hosts: ["http://127.0.0.1"] hosts: ["http://127.0.0.1"]
@ -380,7 +380,7 @@ metricbeat.modules:
##------------------------------- PHP_FPM Module ------------------------------ ##------------------------------- PHP_FPM Module ------------------------------
#- module: php_fpm #- module: php_fpm
# metricsets: ["pool"] # metricsets: ["pool"]
# period: 10s # period: 30s
# status_path: "/status" # status_path: "/status"
# hosts: ["localhost:8080"] # hosts: ["localhost:8080"]
# #
@ -396,7 +396,7 @@ metricbeat.modules:
# # Stats about every PostgreSQL process # # Stats about every PostgreSQL process
# - activity # - activity
# #
# period: 10s # period: 30s
# #
# # The host must be passed as PostgreSQL URL. Example: # # The host must be passed as PostgreSQL URL. Example:
# # postgres://localhost:5432?sslmode=disable # # postgres://localhost:5432?sslmode=disable
@ -413,16 +413,16 @@ metricbeat.modules:
##----------------------------- Prometheus Module ----------------------------- ##----------------------------- Prometheus Module -----------------------------
#- module: prometheus #- module: prometheus
# metricsets: ["stats"] # metricsets: ["stats"]
# period: 10s # period: 30s
# hosts: ["localhost:9090"] # hosts: ["localhost:9090"]
# metrics_path: /metrics # metrics_path: /metrics
# #namespace: example # #namespace: example
# #
##------------------------------ RabbitMQ Module ------------------------------ ##------------------------------ RabbitMQ Module ------------------------------
{% if inventory_hostname in groups['rabbitmq_all'] | default([]) and rabbitmq_monitoring_password is defined %} {% if (rabbitmq_enabled | default(false) | bool) and (rabbitmq_monitoring_password is defined) %}
- module: rabbitmq - module: rabbitmq
metricsets: ["node", "queue"] metricsets: ["node", "queue"]
period: 10s period: 30s
hosts: ["localhost:5672", "localhost:5671", "localhost:15672", "localhost:15671"] hosts: ["localhost:5672", "localhost:5671", "localhost:15672", "localhost:15671"]
username: {{ rabbitmq_monitoring_userid | default('monitoring') }} username: {{ rabbitmq_monitoring_userid | default('monitoring') }}
password: {{ rabbitmq_monitoring_password }} password: {{ rabbitmq_monitoring_password }}
@ -432,7 +432,7 @@ metricbeat.modules:
##-------------------------------- Redis Module ------------------------------- ##-------------------------------- Redis Module -------------------------------
#- module: redis #- module: redis
# metricsets: ["info", "keyspace"] # metricsets: ["info", "keyspace"]
# period: 10s # period: 30s
# #
# # Redis hosts # # Redis hosts
# hosts: ["127.0.0.1:6379"] # hosts: ["127.0.0.1:6379"]
@ -464,14 +464,14 @@ metricbeat.modules:
{% if uwsgi_enabled | default(false) | bool %} {% if uwsgi_enabled | default(false) | bool %}
- module: uwsgi - module: uwsgi
metricsets: ["status"] metricsets: ["status"]
period: 10s period: 30s
hosts: ["tcp://127.0.0.1:9191"] hosts: ["tcp://127.0.0.1:9191"]
# #
{% endif %} {% endif %}
##------------------------------- vSphere Module ------------------------------ ##------------------------------- vSphere Module ------------------------------
#- module: vsphere #- module: vsphere
# metricsets: ["datastore", "host", "virtualmachine"] # metricsets: ["datastore", "host", "virtualmachine"]
# period: 10s # period: 30s
# hosts: ["https://localhost/sdk"] # hosts: ["https://localhost/sdk"]
# #
# username: "user" # username: "user"
@ -485,7 +485,7 @@ metricbeat.modules:
##------------------------------- Windows Module ------------------------------ ##------------------------------- Windows Module ------------------------------
#- module: windows #- module: windows
# metricsets: ["perfmon"] # metricsets: ["perfmon"]
# period: 10s # period: 30s
# perfmon.counters: # perfmon.counters:
# #
#- module: windows #- module: windows
@ -495,7 +495,7 @@ metricbeat.modules:
##------------------------------ ZooKeeper Module ----------------------------- ##------------------------------ ZooKeeper Module -----------------------------
#- module: zookeeper #- module: zookeeper
# metricsets: ["mntr"] # metricsets: ["mntr"]
# period: 10s # period: 30s
# hosts: ["localhost:2181"] # hosts: ["localhost:2181"]
# #
# #

4
elk_metrics_6x/templates/packetbeat.yml.j2
View File

@ -48,10 +48,10 @@ packetbeat.flows:
# Set network flow timeout. Flow is killed if no packet is received before being # Set network flow timeout. Flow is killed if no packet is received before being
# timed out. # timed out.
timeout: 30s timeout: 90s
# Configure reporting period. If set to -1, only killed flows will be reported # Configure reporting period. If set to -1, only killed flows will be reported
period: 10s period: 30s
#========================== Transaction protocols ============================= #========================== Transaction protocols =============================

12
elk_metrics_6x/vars/variables.yml
View File

@ -6,14 +6,14 @@ node_name: ${HOSTNAME}
# elastic curator vars # elastic curator vars
# all retention options are in days # all retention options are in days
elastic_logstash_retention: 28 elastic_logstash_retention: 14
elastic_apm_retention: 14 elastic_apm_retention: 3
elastic_auditbeat_retention: 14 elastic_auditbeat_retention: 7
elastic_filebeat_retention: 14 elastic_filebeat_retention: 7
elastic_heartbeat_retention: 7 elastic_heartbeat_retention: 7
elastic_journalbeat_retention: 14 elastic_journalbeat_retention: 14
elastic_metricbeat_retention: 14 elastic_metricbeat_retention: 3
elastic_packetbeat_retention: 7 elastic_packetbeat_retention: 3
# kibana vars # kibana vars
kibana_interface: 0.0.0.0 kibana_interface: 0.0.0.0