opstree_devops.elastalert
Ansible Role: ElastAlert
======================== This role installs and configures ElastAlert with the user's specified alert settings.
Version History
| Date | Version | Description | Changed By |
|---|---|---|---|
| 27 June 2020 | v0.0.1 | Initial Draft | Ashutosh Mishra |
| 11 January 2021 | v0.0.2 | Rule management update | Paul Belloc @NanoPish from https://perfmaker.com/ |
Key Features
- Automates the alert setup with ElastAlert.
- Allows attaching ElastAlert rules files.
Supported Operating Systems
- Ubuntu bionic
- Ubuntu xenial
Requirements
- python3
- python-pip3
- PyYAML
- setuptools
Dependencies
- Elasticsearch
Directory Structure
├── README.md
├── defaults
│ └── main.yml
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ ├── install.yml
│ ├── main.yml
│ └── service.yml
├── templates
│ ├── config.yaml.j2
│ └── elastalert-systemd.service.j2
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
7 directories, 12 files
Role Variables
| Variables | Default Values | Description | Type |
|---|---|---|---|
| host_name | localhost | Elasticsearch host | Required |
| es_port | 9200 | Elasticsearch port | Required |
| elastalert_rules_dir | /opt/elastalert/rules | Directory for ElastAlert rules | Required |
| elastalert_upload_local_rules_dir | files/elastalert/rules | Where Ansible uploads rules. Set to False for manual upload | Required for auto upload |
| elastalert_delete_rules_not_in_elastalert_upload_local_rules_dir | yes | Deletes rules not in the upload directory | Required if you want to delete extra rules |
| elastalert_service_user_name | elastalert | User name for ElastAlert | Required |
| elastalert_service_group_name | elastalert | Group name for ElastAlert | Required |
| elastalert_data_dir | /opt | Data storage directory | Required |
| installation_dir | /opt | ElastAlert installation path | Required |
| elastalert_version | 0.2.1 | Version of ElastAlert | Required |
| es_user | elastic | Elasticsearch username | Required for secured ES |
| es_pass | password | Elasticsearch password | Required for secured ES |
| use_ssl | False | Use SSL | Optional (if you need SSL) |
| verify_certs | False | Verify SSL certificates | Optional (if using SSL) |
| client_cert | /opt/elastalert/clientcert.cer | SSL certificate | Optional (if using SSL) |
| client_key | /opt/elastalert/clientcert.key | SSL certificate key | Optional (if using SSL) |
Example Playbook
Basic setup example
---
- name: Automate ElastAlert setup
hosts: elastalert
roles:
- role: osm_elastalert
es_pass: password
host_name: "your Elasticsearch IP or domain"
...
Setup with HTTP Elasticsearch authentication + SSL + local ElastAlert rules directory + Slack webhook
---
- name: Automate ElastAlert setup
hosts: elastalert
roles:
- role: osm_elastalert
es_pass: password
use_ssl: True
client_cert: /opt/elastalert/clientcert.cer
client_key: /opt/elastalert/clientcert.key
slack_webhook_url: "https://hooks.slack.com/services/your_webhook_url"
host_name: "your Elasticsearch IP or domain"
elastalert_upload_local_rules_dir: files/elastalert/cluster_one_elastalert_rules/
...
To run all tasks:
$ ansible-playbook site.yml -i inventory
To only upload and delete rules, synchronizing local rules with ElastAlert rules directory:
$ ansible-playbook site.yml --tags elastalert,elastalert-rules
Inventory Example
Example inventory file:
[server]
192.xxx.x.xxx ansible_user=ubuntu
Future Improvements
- Add support for CentOS 6 and 7.
References
Author Information
Name: Ashutosh Mishra
Email: [email protected]
Informazioni sul progetto
Elastalert ansible role
Installa
ansible-galaxy install opstree_devops.elastalertLicenza
Unknown
Download
77
Proprietario