- name: install fluentbit gather_facts: no hosts: "{{target}}" become: "{{become}}" tasks: - name: install dependencies ansible.builtin.package: name: - ca-certificates - curl - gnupg1 - logrotate state: present diff: true # handle redhat and debian systems differently - name: define distro vendor ansible.builtin.shell: executable: /bin/bash cmd: "[[ -f /etc/debian_version ]] && echo debian; [[ -f /etc/redhat-release ]] && echo redhat" register: vendor changed_when: false check_mode: false failed_when: false - debug: var=vendor.stdout when: vendor.stdout != 'debian' - debug: var=vendor.stderr when: vendor.stdout != 'debian' # debian systems - name: install dependencies ansible.builtin.package: name: - lsb-release state: present diff: true when: vendor.stdout == 'debian' - name: add official signing key ansible.builtin.shell: executable: /bin/bash cmd: curl -s https://packages.fluentbit.io/fluentbit.key | gpg1 --dearmor > /usr/share/keyrings/fluentbit.gpg creates: /usr/share/keyrings/fluentbit.gpg # pub 4096R/3888C1CD 2022-02-07 Fluentbit releases (Releases signing key) # C3C0 A285 34B9 293E AF51 FABD 9F9D DC08 3888 C1CD when: vendor.stdout == 'debian' # required by fluentbit.list.j2 - name: define distro flavor on debian systems ansible.builtin.shell: executable: /bin/bash cmd: "lsb_release -is 2>/dev/null | tr A-Z a-z || echo unknown" register: distro changed_when: false check_mode: false when: vendor.stdout == 'debian' - debug: var=distro.stdout when: distro.stdout != 'Debian' and distro.stdout != 'Ubuntu' - debug: var=distro.stderr when: distro.stdout != 'Debian' and distro.stdout != 'Ubuntu' # required by fluentbit.list.j2 - name: define distro release on debian systems ansible.builtin.shell: executable: /bin/bash cmd: "lsb_release -cs 2>/dev/null || echo unknown" register: release changed_when: false check_mode: false when: vendor.stdout == 'debian' - debug: var=release.stdout when: vendor.stdout == 'debian' - debug: var=release.stderr when: vendor.stdout == 'debian' - name: add official repository ansible.builtin.template: src: fluentbit.list.j2 dest: /etc/apt/sources.list.d/fluentbit.list diff: true when: vendor.stdout == 'debian' # redhat systems #- name: add official signing key and repository # ansible.builtin.yum_repository: # name: fluent-bit # description: Fluent Bit # baseurl: http://packages.fluentbit.io/centos/{{ansible_distribution_major_version}}/$basearch/ # gpgcheck: true # gpgkey: http://packages.fluentbit.io/fluentbit.key # enabled: true # shared across distro vendors - name: install packages package: name: - fluent-bit # eventually for flb_metrics - sysstat state: present diff: true - name: cleanup default config ansible.builtin.shell: executable: /bin/bash cmd: | set -e cd /etc/fluent-bit/ [[ ! -f fluent-bit.conf.dist ]] && mv -nv fluent-bit.conf fluent-bit.conf.dist [[ ! -f fluent-bit.conf.clean ]] && \ grep -vE '^[[:space:]]*(#|$)' fluent-bit.conf.dist > fluent-bit.conf.clean [[ ! -f fluent-bit.conf ]] && cp -nv fluent-bit.conf.clean fluent-bit.conf creates: /etc/fluent-bit/fluent-bit.conf.dist - name: start and enable service ansible.builtin.service: name: fluent-bit enabled: true state: started diff: true # todo - dedicated role for that? we need config as file/template instead - name: setup logorate ansible.builtin.shell: executable: /bin/bash cmd: | set -e cd /etc/ [[ ! -f logrotate.conf.dist ]] && mv -nv logrotate.conf logrotate.conf.dist [[ ! -f logrotate.conf.clean ]] && grep -vE '^#|^$' logrotate.conf.dist > logrotate.conf.clean [[ ! -f logrotate.conf ]] && cp -nv logrotate.conf.clean logrotate.conf grep ^tabooext logrotate.conf | grep .dist$ || echo 'tabooext + .dist' >> logrotate.conf creates: /etc/logrotate.conf.dist - name: setup fluentbit log rotation ansible.builtin.copy: src: logrotate_fluentbit dest: /etc/logrotate.d/fluentbit diff: true - name: log helper script ansible.builtin.copy: content: "tail -F /var/log/fluent*log\n" dest: /etc/fluent-bit/logfluent mode: 0755 diff: true