From 5ecc89682201f90a2cbc81afe5db82eb009943fa Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Thu, 3 Mar 2016 12:07:57 +0100
Subject: [PATCH] Fully install and configure Fluentd aggregator/receiver

---
 defaults/main.yml       |  1 +
 meta/main.yml           |  1 +
 tasks/main.yml          | 27 +++++++++++++++++----------
 templates/td-agent.conf | 23 +++++++++++++++++++++++
 4 files changed, 42 insertions(+), 10 deletions(-)
 create mode 100644 defaults/main.yml
 create mode 100644 templates/td-agent.conf

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..6c205c3
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1 @@
+fluentd_cert_passphrase: ''
diff --git a/meta/main.yml b/meta/main.yml
index 55ae93d..13f53af 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,4 +1,5 @@
 ---
 
 dependencies:
+  - { role: fluentd-client }
   - { role: kibana }
diff --git a/tasks/main.yml b/tasks/main.yml
index ccf8b0d..2977f04 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,16 +1,23 @@
-# fluentd
-# http://www.fluentd.org
-# Prepare: http://docs.fluentd.org/articles/before-install
-# curl -L https://toolbelt.treasuredata.com/sh/install-ubuntu-trusty-td-agent2.sh | sh
-#
-# UI: http://docs.fluentd.org/articles/fluentd-ui
-# Plugins
-# fluent-plugin-elasticsearch
-# fluent-plugin-record-reformer
-#
 # Tutorials
 # https://sonnguyen.ws/centralize-docker-logs-with-fluentd-elasticsearch-and-kibana/
 # https://sonnguyen.ws/monitor-nginx-response-time-with-fluentd-kibana-and-elasticsearch/
+#
+# Create SSL-Cert once upfront in the inventory and use the passührase similar to {{ fluentd_cert_passphrase }}:
+# openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 90 -subj '/CN={{ fluentd_hostname }}'
 
 ---
 # file: roles/fluentd/tasks/main.yml
+
+- name: "Install Plugins"
+  command: td-agent-gem install {{ item }}
+  with_items:
+    - 'fluent-plugin-elasticsearch'
+    - 'fluent-plugin-record-reformer'
+
+- name: "Copy SSL Key"
+  copy:
+    src='{{ inventory_dir }}/files/ssl/td-agent/key.pem'
+    dest='/etc/ssl/td-agent/key.pem'
+    owner='root'
+    group='root'
+    mode=644
diff --git a/templates/td-agent.conf b/templates/td-agent.conf
new file mode 100644
index 0000000..0218b72
--- /dev/null
+++ b/templates/td-agent.conf
@@ -0,0 +1,23 @@
+<source>
+  @type secure_forward
+  shared_key {{ fluentd_shared_key }}
+  self_hostname {{ inventory_hostname }}
+  secure true
+  ca_cert_path /etc/ssl/td-agent/cert.pem
+  ca_private_key_path /etc/ssl/td-agent/key.pem
+  ca_private_key_passphrase {{ fluentd_cert_passphrase }}
+  authentication yes
+  <user>
+    username {{ fluentd_username }}
+    password {{ fluentd_password }}
+  </user>
+</source>
+
+<match **>
+  @type elasticsearch
+  logstash_format true
+  host 127.0.0.1
+  port 9200
+  index_name fluentd
+  type_name fluentd
+</match>
-- 
GitLab