# limitations under the License.
#
+include_recipe "elasticsearch"
include_recipe "networking"
keys = data_bag_item("logstash", "keys")
package %w[
- openjdk-8-jre-headless
+ openjdk-11-jre-headless
logstash
+ logrotate
]
cookbook_file "/var/lib/logstash/beats.crt" do
source "beats.crt"
user "root"
group "logstash"
- mode 0o644
+ mode "644"
notifies :restart, "service[logstash]"
end
content keys["beats"].join("\n")
user "root"
group "logstash"
- mode 0o640
+ mode "640"
notifies :restart, "service[logstash]"
end
source "logstash.conf.erb"
user "root"
group "root"
- mode 0o644
- notifies :reload, "service[logstash]"
+ mode "644"
+ notifies :start, "service[logstash]"
end
file "/etc/logrotate.d/logstash" do
- mode 0o644
+ mode "644"
end
template "/etc/default/logstash" do
source "logstash.default.erb"
user "root"
group "root"
- mode 0o644
+ mode "644"
notifies :restart, "service[logstash]"
end
service "logstash" do
action [:enable, :start]
- supports :status => true, :restart => true, :reload => true
end
template "/etc/cron.daily/expire-logstash" do
source "expire.erb"
owner "root"
group "root"
- mode 0o755
+ mode "755"
end
-forwarders = search(:node, "recipes:logstash\\:\\:forwarder") # ~FC010
+forwarders = []
-forwarders.sort_by { |n| n[:fqdn] }.each do |forwarder|
- forwarder.interfaces(:role => :external) do |interface|
- firewall_rule "accept-lumberjack-#{forwarder}" do
- action :accept
- family interface[:family]
- source "#{interface[:zone]}:#{interface[:address]}"
- dest "fw"
- proto "tcp:syn"
- dest_ports "5043"
- source_ports "1024:"
- end
-
- firewall_rule "accept-beats-#{forwarder}" do
- action :accept
- family interface[:family]
- source "#{interface[:zone]}:#{interface[:address]}"
- dest "fw"
- proto "tcp:syn"
- dest_ports "5044"
- source_ports "1024:"
- end
- end
+search(:node, "recipes:logstash\\:\\:forwarder").each do |forwarder|
+ forwarders.append(forwarder.ipaddresses(:role => :external))
end
-gateways = search(:node, "roles:gateway") # ~FC010
-
-gateways.sort_by { |n| n[:fqdn] }.each do |gateway|
- gateway.interfaces(:role => :external) do |interface|
- firewall_rule "accept-lumberjack-#{gateway}" do
- action :accept
- family interface[:family]
- source "#{interface[:zone]}:#{interface[:address]}"
- dest "fw"
- proto "tcp:syn"
- dest_ports "5043"
- source_ports "1024:"
- end
+search(:node, "roles:gateway").each do |forwarder|
+ forwarders.append(forwarder.ipaddresses(:role => :external))
+end
- firewall_rule "accept-beats-#{gateway}" do
- action :accept
- family interface[:family]
- source "#{interface[:zone]}:#{interface[:address]}"
- dest "fw"
- proto "tcp:syn"
- dest_ports "5044"
- source_ports "1024:"
- end
- end
+firewall_rule "accept-logstash" do
+ action :accept
+ context :incoming
+ protocol :tcp
+ source forwarders
+ dest_ports %w[5043 5044]
+ source_ports "1024-65535"
+ not_if { forwarders.empty? }
end