diff --git a/group_vars/all/plain.yml b/group_vars/all/plain.yml index 0469852..395f5f9 100644 --- a/group_vars/all/plain.yml +++ b/group_vars/all/plain.yml @@ -29,6 +29,7 @@ docker_enabled: true docker_config_enabled: true traefik_enabled: true filebeat_enabled: true +metricbeat_enabled: false node_exporter_enabled: true common_apt_dependencies: diff --git a/roles/filebeat/vars/main.yml b/roles/filebeat/vars/main.yml index 2cbdd5e..810e7e4 100644 --- a/roles/filebeat/vars/main.yml +++ b/roles/filebeat/vars/main.yml @@ -10,7 +10,7 @@ filebeat_docker: { image_version: "{{ filebeat_image_version }}", user: root, environment: [ - "node.name: \"qa-elastic-stack-filebeat\"", + "node.name: \"{{ filebeat_id }}\"", ], volumes: [ '"./config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro"', diff --git a/roles/metricbeat/defaults/main.yaml b/roles/metricbeat/defaults/main.yaml new file mode 100644 index 0000000..5de9568 --- /dev/null +++ b/roles/metricbeat/defaults/main.yaml @@ -0,0 +1,4 @@ +--- + +metricbeat_image_name: "docker.elastic.co/beats/metricbeat" +metricbeat_image_version: "7.16.3" diff --git a/roles/metricbeat/tasks/main.yaml b/roles/metricbeat/tasks/main.yaml new file mode 100644 index 0000000..6b47203 --- /dev/null +++ b/roles/metricbeat/tasks/main.yaml @@ -0,0 +1,75 @@ +--- + +### tags: +### update_certs +### update_config +### update_deployment + +- name: "Check if metricbeat/docker-compose.yml exists" + stat: + path: '{{ service_base_path }}/metricbeat/docker-compose.yml' + register: check_docker_compose_file + tags: + - update_config + - update_deployment + +- name: "Stop metricbeat" + community.docker.docker_compose: + project_src: '{{ service_base_path }}/metricbeat' + state: absent + when: check_docker_compose_file.stat.exists + tags: + - update_config + - update_deployment + +- name: "Deploy docker templates for metricbeat" + include_role: + name: sma_deploy + tasks_from: templates + vars: + current_config: "_docker" + current_base_path: "{{ service_base_path }}" + current_destination: "metricbeat" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + current_docker: "{{ metricbeat_docker }}" + tags: + - update_config + - update_deployment + +- name: "Deploy service templates for metricbeat" + include_role: + name: sma_deploy + tasks_from: templates + vars: + current_config: "metricbeat" + current_base_path: "{{ service_base_path }}" + current_destination: "metricbeat" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + tags: + - update_config + +- name: "Deploy certificate templates for metricbeat" + include_role: + name: sma_deploy + tasks_from: templates + vars: + current_config: "elastic-certs/{{ stage }}-certs" + current_base_path: "{{ service_base_path }}" + current_destination: "metricbeat/certs" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + cleanup_destination: "true" + tags: + - update_certs + - update_config + +- name: "Update metricbeat" + community.docker.docker_compose: + project_src: '{{ service_base_path }}/metricbeat' + state: present + pull: yes + tags: + - update_config + - update_deployment diff --git a/roles/metricbeat/vars/main.yml b/roles/metricbeat/vars/main.yml new file mode 100644 index 0000000..5d471ad --- /dev/null +++ b/roles/metricbeat/vars/main.yml @@ -0,0 +1,26 @@ +--- + +metricbeat_id: "{{ inventory_hostname }}-metricbeat" + +metricbeat_docker: { + services: [ + { + name: "{{ metricbeat_id }}", + image_name: "{{ metricbeat_image_name }}", + image_version: "{{ metricbeat_image_version }}", + user: root, + environment: [ + "node.name: \"{{ metricbeat_id }}\"", + ], + volumes: [ + '"./config/metricbeat.yml:/usr/share/metricbeat/metricbeat.yml:ro"', + '"/var/run/docker.sock:/var/run/docker.sock:ro"', + '"/sys/fs/cgroup:/hostfs/sys/fs/cgroup:ro"', + '"/proc:/hostfs/proc:ro"', + '"/:/hostfs:ro"', + '"./certs:/usr/share/metricbeat/config/certificates:ro"', + ], + extra_hosts: "{{ metricbeat_extra_hosts | default([]) }}", + }, + ], +} diff --git a/setup.yml b/setup.yml index 0bfaffc..16d91c1 100644 --- a/setup.yml +++ b/setup.yml @@ -74,6 +74,13 @@ tags: - filebeat + - role: metricbeat + when: + - docker_enabled + - metricbeat_enabled + tags: + - metricbeat + - role: traefik when: - docker_enabled diff --git a/templates/metricbeat/config/metricbeat.yml.j2 b/templates/metricbeat/config/metricbeat.yml.j2 new file mode 100644 index 0000000..5fc66cf --- /dev/null +++ b/templates/metricbeat/config/metricbeat.yml.j2 @@ -0,0 +1,59 @@ +# https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-reference-yml.html + +metricbeat.modules: +- module: docker + metricsets: + - "container" + - "cpu" + - "diskio" + - "event" + - "healthcheck" + - "info" + #- "image" + - "memory" + - "network" + #- "network_summary" + hosts: ["unix:///var/run/docker.sock"] + period: 10s + enabled: true + +- module: system + metricsets: + - cpu # CPU usage + - load # CPU load averages + - memory # Memory usage + - network # Network IO + - process # Per process metrics + - process_summary # Process summary + - uptime # System Uptime + - socket_summary # Socket summary + #- core # Per CPU core usage + #- diskio # Disk IO + #- filesystem # File system usage for each mountpoint + #- fsstat # File system summary metrics + #- raid # Raid + #- socket # Sockets and connection info (linux only) + #- service # systemd service information + processes: ['.*'] + period: 10s + enabled: true + +#setup: +# dashboards.enabled: true +# kibana: +# host: "{{ stage }}-elastic-stack-kibana-01-kibana.{{ domain }}:443" +# protocol: "https" +# username: "elastic_admin_username" +# password: "elastic_admin_password" + +fields: + stage: {{ stage }} + hostname: {{ inventory_hostname }} + +output.logstash: + hosts: ["{{ shared_service_elastic_stack_logstash_01_hostname }}:5044"] + ssl: + certificate_authorities: + - /usr/share/metricbeat/config/certificates/ca/ca.crt + certificate: /usr/share/metricbeat/config/certificates/{{ filebeat_certificate }}/{{ filebeat_certificate }}.crt + key: /usr/share/metricbeat/config/certificates/{{ filebeat_certificate }}/{{ filebeat_certificate }}.key