Grab code from Elasticsearch role

26bbb7d4 · jurgenhaas · dfac9089 · 26bbb7d4 · 26bbb7d4 · 26bbb7d4
Commit 26bbb7d4 authored 8 years ago by jurgenhaas
--- a/defaults/main.yml
+++ b/defaults/main.yml
+elastalert_defaults:
+  drupal:
+    syslog:
+      query: '@log_name:"syslog.local0.err" OR @log_name:"syslog.local0.crit" OR @log_name:"syslog.local0.alert" OR @log_name:"syslog.local0.emerg"'
+      extra: []
+    apache:
+      query:
+        access: 'code:[500 TO 599]'
+        error: 'level:"*error"'
+      extra: []
+elastalerts: []
--- a/handlers/main.yml
+++ b/handlers/main.yml
+---
+# file: roles/elastalert/handlers/main.yml
+
+- name: "Add ElastAlert to Boot-List"
+  systemd:
+    name='elastalert'
+    state='started'
+    daemon_reload=yes
+    enabled=yes
+
+- name: "ElastAlert installation"
+  shell: '{{ item }}'
+  args:
+    chdir: '/opt/elastalert'
+  with_items:
+    - 'python setup.py install'
+    - '/usr/local/bin/elastalert-create-index --host "localhost" --port "9200" --no-auth --index "elastalert_status" --old-index ""'
--- a/meta/main.yml
+++ b/meta/main.yml
+---
+
+dependencies:
+  - { role: elasticsearch }
--- a/tasks/install.yml
+++ b/tasks/install.yml
+---
+# file: roles/elastalert/tasks/install.yml
+
+- name: "Clone ElastAlert"
+  git:
+    accept_hostkey: yes
+    repo: 'https://github.com/Yelp/elastalert.git'
+    dest: '/opt/elastalert'
+    force: yes
+    version: 'master'
+
+- name: "Install PIP Components"
+  pip:
+    name='{{ item }}'
+    state='present'
+  with_items:
+    - 'pip'
+    - 'setuptools'
+    - 'six'
+
+- name: "Install PIP Requirements"
+  pip:
+    requirements='/opt/elastalert/requirements.txt'
+
+- name: "Ensure Rules Directory"
+  file:
+    path='/opt/elastalert/my_rules'
+    state='directory'
+    owner='root'
+    group='root'
+    mode='755'
+  notify:
+    - "ElastAlert installation"
+    - "Add ElastAlert to Boot-List"
+
+- name: "Configuration"
+  template:
+    src='config.yaml'
+    dest='/opt/elastalert/config.yaml'
+    owner='root'
+    group='root'
+    mode='644'
--- a/tasks/main.yml
+++ b/tasks/main.yml
+# ElastAlert
+# https://github.com/Yelp/elastalert
+
+---
+# file: roles/elastalert/tasks/main.yml
+
+- name: "ElastAlert Role"
+  set_fact: role_elastalert_started=true
+  tags: always
+
+- block:
+
+  - include: install.yml
+
+  - include: rules.yml
+
+  - include: rules.drupal.yml
+    with_nested:
+      - '{{groups["webserver-drupal"]}}'
+      - ['rule.drupal.syslog', 'rule.drupal.apache']
+    loop_control:
+      loop_var: drupal_host
+
+  when: '"elastalert" not in excluded_roles'
--- a/tasks/rules.drupal.yml
+++ b/tasks/rules.drupal.yml
+---
+# file: roles/elastalert/tasks/rules.drupal.yml
+
+- block:
+  - set_fact:
+      hostname='{{ drupal_host.0 }}'
+      filename='{{ drupal_host.1 }}'
+  - name: "Rule for Drupal"
+    template:
+      src='{{ filename }}.yaml'
+      dest='/opt/elastalert/my_rules/{{ filename }}.{{ item.1.domain }}.yaml'
+      owner='root'
+      group='root'
+      mode='644'
+    with_subelements:
+      - '{{ hostvars[hostname].drupal_settings }}'
+      - 'domains'
+    when: item.1.elastalert is defined
+  tags: Rules
--- a/tasks/rules.yml
+++ b/tasks/rules.yml
+---
+# file: roles/elastalert/tasks/rules.yml
+
+- name: "Rules"
+  template:
+    src='rule.yaml'
+    dest='/opt/elastalert/my_rules/{{ item.key }}.yaml'
+    owner='root'
+    group='root'
+    mode='644'
+  with_items: '{{ elastalerts|default([]) }}'
+  tags: Rules
--- a/templates/config.yaml
+++ b/templates/config.yaml
+rules_folder: 'my_rules'
+run_every:
+  minutes: 1
+buffer_time:
+  minutes: 15
+es_host: 'localhost'
+es_port: 9200
+writeback_index: 'elastalert_status'
+alert_time_limit:
+  days: 2
+
+{% for extra in elastalert_config|default([]) %}
+{{ extra }}: {{ elastalert_config[extra]|to_nice_json }}
+{% endfor %}
--- a/templates/rule.drupal.apache.yaml
+++ b/templates/rule.drupal.apache.yaml
+es_host: 'localhost'
+es_port: 9200
+index: '{{ elastalert_defaults.drupal.apache.index|default("logstash-*") }}'
+name: 'Apache Error {{ item.1.domain }}'
+description: ''
+type: 'frequency'
+alert:
+{% for alert in item.1.elastalert.alert %}
+  - '{{ alert }}'
+{% endfor %}
+{% for entry in ['alert_subject', 'alert_text'] %}
+{% if elastalert_defaults.drupal.syslog[entry] is defined %}
+{{ entry }}: '{{ elastalert_defaults.drupal.syslog[entry] }}'
+{% endif %}
+{% endfor %}
+{% for entry in ['alert_subject_args', 'alert_text_args'] %}
+{% if elastalert_defaults.drupal.syslog[entry] is defined %}
+{{ entry }}:
+{% for line in elastalert_defaults.drupal.syslog[entry] %}
+  - '{{ line }}'
+{% endfor %}
+{% endif %}
+{% endfor %}
+
+#generate_kibana_link: true
+#use_kibana4_dashboard: 'https://{{ kibana_domain }}/app/kibana#/dashboard/Default'
+#kibana_url: 'https://{{ kibana_domain }}/app/kibana'
+
+{% for extra in elastalert_defaults.drupal.syslog.extra|default([]) %}
+{{ extra }}: {{ elastalert_defaults.drupal.syslog.extra[extra]|to_nice_json }}
+{% endfor %}
+{% for extra in item.1.elastalert.extra|default([]) %}
+{{ extra }}: {{ item.1.elastalert.extra[extra]|to_nice_json }}
+{% endfor %}
+
+filter: [
+    {
+        "query_string": {
+            "analyze_wildcard": true,
+            "query": {{ ['(@log_name:"apache.error.var.log.apache2.', item.1.domain, '-error.log" AND (', elastalert_defaults.drupal.apache.query.error, ')) OR (@log_name:"apache.access.var.log.apache2.', item.1.domain, '-access.log" AND (', elastalert_defaults.drupal.apache.query.access, '))']|join("")|to_nice_json }}
+        }
+    }
+]
--- a/templates/rule.drupal.syslog.yaml
+++ b/templates/rule.drupal.syslog.yaml
+es_host: 'localhost'
+es_port: 9200
+index: '{{ elastalert_defaults.drupal.syslog.index|default("logstash-*") }}'
+name: 'Syslog Error {{ item.1.domain }}'
+description: ''
+type: 'frequency'
+alert:
+{% for alert in item.1.elastalert.alert %}
+  - '{{ alert }}'
+{% endfor %}
+{% for entry in ['alert_subject', 'alert_text'] %}
+{% if elastalert_defaults.drupal.syslog[entry] is defined %}
+{{ entry }}: '{{ elastalert_defaults.drupal.syslog[entry] }}'
+{% endif %}
+{% endfor %}
+{% for entry in ['alert_subject_args', 'alert_text_args'] %}
+{% if elastalert_defaults.drupal.syslog[entry] is defined %}
+{{ entry }}:
+{% for line in elastalert_defaults.drupal.syslog[entry] %}
+  - '{{ line }}'
+{% endfor %}
+{% endif %}
+{% endfor %}
+
+#generate_kibana_link: true
+#use_kibana4_dashboard: 'https://{{ kibana_domain }}/app/kibana#/dashboard/Default'
+#kibana_url: 'https://{{ kibana_domain }}/app/kibana'
+
+{% for extra in elastalert_defaults.drupal.syslog.extra|default([]) %}
+{{ extra }}: {{ elastalert_defaults.drupal.syslog.extra[extra]|to_nice_json }}
+{% endfor %}
+{% for extra in item.1.elastalert.extra|default([]) %}
+{{ extra }}: {{ item.1.elastalert.extra[extra]|to_nice_json }}
+{% endfor %}
+
+filter: [
+    {
+        "query_string": {
+            "analyze_wildcard": true,
+            "query": {{ ['ident:', item.1.domain, ' AND (', elastalert_defaults.drupal.syslog.query, ')']|join("")|to_nice_json }}
+        }
+    }
+]
--- a/templates/rule.yaml
+++ b/templates/rule.yaml
+es_host: 'localhost'
+es_port: 9200
+index: '{{ item.index|default("logstash-*") }}'
+name: '{{ item.name }}'
+description: '{{ item.description }}'
+type: '{{ item.type }}'
+alert:
+{% for alert in item.alert %}
+  - '{{ alert }}'
+{% endfor %}
+include:
+  - 'hostname'
+{% for entry in ['alert_subject', 'alert_text'] %}
+{% if item[entry] is defined %}
+{{ entry }}: '{{ item[entry] }}'
+{% endif %}
+{% endfor %}
+{% for entry in ['alert_subject_args', 'alert_text_args'] %}
+{% if item[entry] is defined %}
+{{ entry }}:
+{% for line in item[entry] %}
+  - '{{ line }}'
+{% endfor %}
+{% endif %}
+{% endfor %}
+
+{% for extra in item.extra|default([]) %}
+{{ extra }}: {{ item.extra[extra]|to_nice_json }}
+{% endfor %}