102 lines
2.6 KiB
YAML
102 lines
2.6 KiB
YAML
- name: ensure graylog repository is available
|
|
package:
|
|
name=https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
|
|
state=present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure graylog is installed
|
|
package:
|
|
name:
|
|
- java-1.8.0-openjdk-headless
|
|
- graylog-server
|
|
state: present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure graylog-server systemd unit drop-in directory is present
|
|
file:
|
|
path: /etc/systemd/system/graylog-server.service.d
|
|
mode: '0755'
|
|
state: directory
|
|
- name: ensure graylog-server systemd unit capabilities are configured
|
|
copy:
|
|
src: graylog-server-capabilities.systemd.conf
|
|
dest: /etc/systemd/system/graylog-server.service.d/capabilities.conf
|
|
mode: '0644'
|
|
notify:
|
|
- reload systemd
|
|
- restart graylog
|
|
- name: ensure graylog service is configured
|
|
template:
|
|
src=graylog-server.sysconfig.j2
|
|
dest=/etc/sysconfig/graylog-server
|
|
mode=0644
|
|
notify: restart graylog
|
|
|
|
- name: ensure graylog server is configured
|
|
template:
|
|
src=server.conf.j2
|
|
dest=/etc/graylog/server/server.conf
|
|
owner=root
|
|
group=graylog
|
|
mode=640
|
|
notify: restart graylog
|
|
|
|
- name: ensure syslog tls server certificate is installed
|
|
copy:
|
|
src={{ item }}
|
|
dest=/etc/graylog/syslog-tls.cer
|
|
owner=root
|
|
group=graylog
|
|
mode=0640
|
|
with_fileglob: files/{{ inventory_hostname }}.cer
|
|
# The private key file must be in PKCS#8 format, not the more common PKCS#1
|
|
- name: ensure syslog tls server private key is installed
|
|
copy:
|
|
src={{ item }}
|
|
dest=/etc/graylog/syslog-tls.key
|
|
owner=root
|
|
group=graylog
|
|
mode=0640
|
|
with_fileglob: files/{{ inventory_hostname }}.key
|
|
- name: ensure syslog tls ca certificate is installed
|
|
copy:
|
|
src={{ item }}
|
|
dest=/etc/graylog/syslog-tls-ca.crt
|
|
owner=root
|
|
group=graylog
|
|
mode=0640
|
|
with_fileglob: files/{{ inventory_hostname }}_ca.crt
|
|
|
|
- name: ensure firewall is configured for syslog
|
|
firewalld:
|
|
service: '{{ item.service }}'
|
|
permanent: false
|
|
immediate: true
|
|
state: '{{ item.state }}'
|
|
notify: save firewalld configuration
|
|
with_items:
|
|
- service: syslog
|
|
state: '{{ "enabled" if graylog_use_syslog else "disabled" }}'
|
|
- service: syslog-tls
|
|
state: '{{ "enabled" if graylog_use_syslog_tls else "disabled" }}'
|
|
|
|
- name: ensure apache is allowed to proxy
|
|
seboolean:
|
|
name=httpd_can_network_connect
|
|
persistent=yes
|
|
state=yes
|
|
|
|
- name: ensure apache is configured to proxy for graylog
|
|
template:
|
|
src=graylog.httpd.conf.j2
|
|
dest=/etc/httpd/conf.d/graylog.conf
|
|
mode=0644
|
|
notify: reload httpd
|
|
|
|
- name: ensure graylog starts at boot
|
|
service:
|
|
name=graylog-server
|
|
enabled=yes
|