ansible-playbooks/general#92 Initial code

838e8f6b · jurgenhaas · 498b4cbd · 838e8f6b · 838e8f6b · 838e8f6b
Commit 838e8f6b authored 5 years ago by jurgenhaas
--- a/README.md
+++ b/README.md
+https://www.elastic.co/guide/en/beats/packetbeat/7.4/packetbeat-getting-started.html
--- a/handlers/main.yml
+++ b/handlers/main.yml
+---
+# file: roles/packetbeat/handlers/main.yml
+
+- name: Add Packetbeat to Boot-List
+  systemd:
+    name: packetbeat
+    state: started
+    daemon_reload: yes
+    enabled: yes
+
+- name: Start Packetbeat
+  service:
+    name: packetbeat
+    state: started
+
+- name: Restart Packetbeat
+  service:
+    name: packetbeat
+    state: restarted
--- a/meta/main.yml
+++ b/meta/main.yml
+---
+
+dependencies:
+  - { role: kibana }
--- a/tasks/config.yml
+++ b/tasks/config.yml
+---
+# file: roles/packetbeat/tasks/config.yml
+
+- name: Configure packetbeat
+  template:
+    src: packetbeat.yml
+    dest: /etc/packetbeat/packetbeat.yml
+    owner: root
+    group: root
+    mode: 0600
+  notify:
+    - Restart Packetbeat
--- a/tasks/install.yml
+++ b/tasks/install.yml
+---
+# file: roles/packetbeat/tasks/install.yml
+
+- name: Apt Key
+  apt_key:
+    url: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
+    state: present
+
+- name: Apt Repository
+  apt_repository:
+    repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main'
+    state: present
+    mode: 0644
+
+- name: Install Packetbeat
+  apt:
+    pkg: packetbeat
+    state: present
+    update_cache: yes
+  notify:
+    - Add Packetbeat to Boot-List
+    - Start Packetbeat
--- a/tasks/main.yml
+++ b/tasks/main.yml
+---
+# file: roles/packetbeat/tasks/main.yml
+
+- name: Packetbeat Role
+  set_fact:
+    role_packetbeat_started: yes
+  tags:
+    - always
+
+- block:
+
+    - include_tasks: install.yml
+
+    - include_tasks: config.yml
+
+  when: not excluded_roles or "packetbeat" not in excluded_roles
--- a/templates/packetbeat.yml
+++ b/templates/packetbeat.yml
+#################### Packetbeat Configuration Example #########################
+
+# This file is an example configuration file highlighting only the most common
+# options. The packetbeat.reference.yml file from the same directory contains all the
+# supported options with more comments. You can use it as a reference.
+#
+# You can find the full configuration reference here:
+# https://www.elastic.co/guide/en/beats/packetbeat/index.html
+
+#============================== Network device ================================
+
+# Select the network interface to sniff the data. On Linux, you can use the
+# "any" keyword to sniff on all connected interfaces.
+packetbeat.interfaces.device: any
+
+#================================== Flows =====================================
+
+# Set `enabled: false` or comment out all options to disable flows reporting.
+packetbeat.flows:
+  # Set network flow timeout. Flow is killed if no packet is received before being
+  # timed out.
+  timeout: 30s
+
+  # Configure reporting period. If set to -1, only killed flows will be reported
+  period: 10s
+
+#========================== Transaction protocols =============================
+
+packetbeat.protocols:
+  - type: icmp
+    # Enable ICMPv4 and ICMPv6 monitoring. Default: false
+    enabled: true
+
+  - type: amqp
+    # Configure the ports where to listen for AMQP traffic. You can disable
+    # the AMQP protocol by commenting out the list of ports.
+    ports: [5672]
+
+  - type: cassandra
+    #Cassandra port for traffic monitoring.
+    ports: [9042]
+
+  - type: dhcpv4
+    # Configure the DHCP for IPv4 ports.
+    ports: [67, 68]
+
+  - type: dns
+    # Configure the ports where to listen for DNS traffic. You can disable
+    # the DNS protocol by commenting out the list of ports.
+    ports: [53]
+
+  - type: http
+    # Configure the ports where to listen for HTTP traffic. You can disable
+    # the HTTP protocol by commenting out the list of ports.
+    ports: [80, 8080, 8000, 5000, 8002]
+
+  - type: memcache
+    # Configure the ports where to listen for memcache traffic. You can disable
+    # the Memcache protocol by commenting out the list of ports.
+    ports: [11211]
+
+  - type: mysql
+    # Configure the ports where to listen for MySQL traffic. You can disable
+    # the MySQL protocol by commenting out the list of ports.
+    ports: [3306,3307]
+
+  - type: pgsql
+    # Configure the ports where to listen for Pgsql traffic. You can disable
+    # the Pgsql protocol by commenting out the list of ports.
+    ports: [5432]
+
+  - type: redis
+    # Configure the ports where to listen for Redis traffic. You can disable
+    # the Redis protocol by commenting out the list of ports.
+    ports: [6379]
+
+  - type: thrift
+    # Configure the ports where to listen for Thrift-RPC traffic. You can disable
+    # the Thrift-RPC protocol by commenting out the list of ports.
+    ports: [9090]
+
+  - type: mongodb
+    # Configure the ports where to listen for MongoDB traffic. You can disable
+    # the MongoDB protocol by commenting out the list of ports.
+    ports: [27017]
+
+  - type: nfs
+    # Configure the ports where to listen for NFS traffic. You can disable
+    # the NFS protocol by commenting out the list of ports.
+    ports: [2049]
+
+  - type: tls
+    # Configure the ports where to listen for TLS traffic. You can disable
+    # the TLS protocol by commenting out the list of ports.
+    ports:
+      - 443   # HTTPS
+      - 993   # IMAPS
+      - 995   # POP3S
+      - 5223  # XMPP over SSL
+      - 8443
+      - 8883  # Secure MQTT
+      - 9243  # Elasticsearch
+
+#==================== Elasticsearch template setting ==========================
+
+setup.template.settings:
+  index.number_of_shards: 1
+  #index.codec: best_compression
+  #_source.enabled: false
+
+#================================ General =====================================
+
+# The name of the shipper that publishes the network data. It can be used to group
+# all the transactions sent by a single shipper in the web interface.
+#name:
+
+# The tags of the shipper are included in their own field with each
+# transaction published.
+#tags: ["service-X", "web-tier"]
+
+# Optional fields that you can specify to add additional information to the
+# output.
+#fields:
+#  env: staging
+
+
+#============================== Dashboards =====================================
+# These settings control loading the sample dashboards to the Kibana index. Loading
+# the dashboards is disabled by default and can be enabled either by setting the
+# options here or by using the `setup` command.
+#setup.dashboards.enabled: false
+
+# The URL from where to download the dashboards archive. By default this URL
+# has a value which is computed based on the Beat name and version. For released
+# versions, this URL points to the dashboard archive on the artifacts.elastic.co
+# website.
+#setup.dashboards.url:
+
+#============================== Kibana =====================================
+
+# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
+# This requires a Kibana endpoint configuration.
+setup.kibana:
+
+# Kibana Host
+# Scheme and port can be left out and will be set to the default (http and 5601)
+# In case you specify and additional path, the scheme is required: http://localhost:5601/path
+# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
+#host: "localhost:5601"
+
+# Kibana Space ID
+# ID of the Kibana Space into which the dashboards should be loaded. By default,
+# the Default Space will be used.
+#space.id:
+
+#============================= Elastic Cloud ==================================
+
+# These settings simplify using Packetbeat with the Elastic Cloud (https://cloud.elastic.co/).
+
+# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
+# `setup.kibana.host` options.
+# You can find the `cloud.id` in the Elastic Cloud web UI.
+#cloud.id:
+
+# The cloud.auth setting overwrites the `output.elasticsearch.username` and
+# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
+#cloud.auth:
+
+#================================ Outputs =====================================
+
+# Configure what output to use when sending the data collected by the beat.
+
+#-------------------------- Elasticsearch output ------------------------------
+{% if 'logserver' in groups and inventory_hostname in groups.logserver %}
+output.elasticsearch:
+  # Array of hosts to connect to.
+  hosts: ["localhost:9200"]
+
+  # Optional protocol and basic auth credentials.
+  #protocol: "https"
+  username: "elastic"
+  password: "{{ elasticsearch.users.elastic|default("") }}"
+{% else %}
+#----------------------------- Logstash output --------------------------------
+output.logstash:
+  # The Logstash hosts
+  hosts: ["localhost:5044"]
+
+  # Optional SSL. By default is off.
+  # List of root certificates for HTTPS server verifications
+  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
+
+  # Certificate for SSL client authentication
+  #ssl.certificate: "/etc/pki/client/cert.pem"
+
+  # Client Certificate Key
+  #ssl.key: "/etc/pki/client/cert.key"
+{% endif %}
+#================================ Processors =====================================
+
+# Configure processors to enhance or manipulate events generated by the beat.
+
+processors:
+  - add_host_metadata: ~
+  - add_cloud_metadata: ~
+
+  #================================ Logging =====================================
+
+  # Sets log level. The default log level is info.
+  # Available log levels are: error, warning, info, debug
+  #logging.level: debug
+
+  # At debug level, you can selectively enable logging only for some components.
+  # To enable all selectors use ["*"]. Examples of other selectors are "beat",
+  # "publish", "service".
+  #logging.selectors: ["*"]
+
+  #============================== X-Pack Monitoring ===============================
+  # packetbeat can export internal metrics to a central Elasticsearch monitoring
+  # cluster.  This requires xpack monitoring to be enabled in Elasticsearch.  The
+  # reporting is disabled by default.
+
+  # Set to true to enable the monitoring reporter.
+  #monitoring.enabled: false
+
+  # Sets the UUID of the Elasticsearch cluster under which monitoring data for this
+  # Packetbeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
+  # is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
+  #monitoring.cluster_uuid:
+
+  # Uncomment to send the metrics to Elasticsearch. Most settings from the
+  # Elasticsearch output are accepted here as well.
+  # Note that the settings should point to your Elasticsearch *monitoring* cluster.
+  # Any setting that is not set is automatically inherited from the Elasticsearch
+  # output configuration, so if you have the Elasticsearch output configured such
+  # that it is pointing to your Elasticsearch monitoring cluster, you can simply
+  # uncomment the following line.
+  #monitoring.elasticsearch:
+
+  #================================= Migration ==================================
+
+  # This allows to enable 6.7 migration aliases
+  #migration.6_to_7.enabled: true