graylog updates, test.debyl.io, scripts for reference

ansible/roles/graylog-config/tasks/streams.yml

@@ -0,0 +1,127 @@
+---
+# Graylog Stream Management via REST API
+# Idempotent: checks for existing streams before creating
+
+- name: get existing streams
+  ansible.builtin.uri:
+    url: "{{ graylog_api_url }}/streams"
+    method: GET
+    user: "{{ graylog_api_token }}"
+    password: token
+    force_basic_auth: true
+    headers:
+      X-Requested-By: ansible
+      Accept: application/json
+    status_code: 200
+  register: existing_streams
+  tags: graylog-config, streams
+
+- name: build list of existing stream titles
+  ansible.builtin.set_fact:
+    existing_stream_titles: "{{ existing_streams.json.streams | map(attribute='title') | list }}"
+    existing_stream_map: "{{ existing_streams.json.streams | items2dict(key_name='title', value_name='id') }}"
+  tags: graylog-config, streams
+
+- name: create streams
+  ansible.builtin.uri:
+    url: "{{ graylog_api_url }}/streams"
+    method: POST
+    user: "{{ graylog_api_token }}"
+    password: token
+    force_basic_auth: true
+    headers:
+      X-Requested-By: ansible
+      Content-Type: application/json
+    body_format: json
+    body:
+      title: "{{ item.title }}"
+      description: "{{ item.description | default('') }}"
+      index_set_id: "{{ item.index_set_id | default(graylog_default_index_set) }}"
+      remove_matches_from_default_stream: "{{ item.remove_from_default | default(true) }}"
+    status_code: [200, 201]
+  loop: "{{ graylog_streams }}"
+  loop_control:
+    label: "{{ item.title }}"
+  when: item.title not in existing_stream_titles
+  register: created_streams
+  tags: graylog-config, streams
+
+- name: refresh stream list after creation
+  ansible.builtin.uri:
+    url: "{{ graylog_api_url }}/streams"
+    method: GET
+    user: "{{ graylog_api_token }}"
+    password: token
+    force_basic_auth: true
+    headers:
+      X-Requested-By: ansible
+      Accept: application/json
+    status_code: 200
+  register: all_streams
+  tags: graylog-config, streams
+
+- name: build stream ID lookup
+  ansible.builtin.set_fact:
+    stream_id_map: "{{ all_streams.json.streams | items2dict(key_name='title', value_name='id') }}"
+  tags: graylog-config, streams
+
+- name: get existing rules for each stream
+  ansible.builtin.uri:
+    url: "{{ graylog_api_url }}/streams/{{ stream_id_map[item.title] }}/rules"
+    method: GET
+    user: "{{ graylog_api_token }}"
+    password: token
+    force_basic_auth: true
+    headers:
+      X-Requested-By: ansible
+      Accept: application/json
+    status_code: 200
+  loop: "{{ graylog_streams }}"
+  loop_control:
+    label: "{{ item.title }}"
+  when: item.title in stream_id_map
+  register: stream_rules
+  tags: graylog-config, streams
+
+- name: create stream rules
+  ansible.builtin.uri:
+    url: "{{ graylog_api_url }}/streams/{{ stream_id_map[item.0.title] }}/rules"
+    method: POST
+    user: "{{ graylog_api_token }}"
+    password: token
+    force_basic_auth: true
+    headers:
+      X-Requested-By: ansible
+      Content-Type: application/json
+    body_format: json
+    body:
+      field: "{{ item.1.field }}"
+      value: "{{ item.1.value }}"
+      type: "{{ item.1.type | default(1) }}"
+      inverted: "{{ item.1.inverted | default(false) }}"
+      description: "{{ item.1.description | default('') }}"
+    status_code: [200, 201]
+  loop: "{{ graylog_streams | subelements('rules', skip_missing=True) }}"
+  loop_control:
+    label: "{{ item.0.title }} - {{ item.1.field }}:{{ item.1.value }}"
+  when:
+    - item.0.title in stream_id_map
+    - stream_rules.results | selectattr('item.title', 'equalto', item.0.title) | map(attribute='json.stream_rules') | first | default([]) | selectattr('field', 'equalto', item.1.field) | selectattr('value', 'equalto', item.1.value) | list | length == 0
+  tags: graylog-config, streams
+
+- name: start streams
+  ansible.builtin.uri:
+    url: "{{ graylog_api_url }}/streams/{{ stream_id_map[item.title] }}/resume"
+    method: POST
+    user: "{{ graylog_api_token }}"
+    password: token
+    force_basic_auth: true
+    headers:
+      X-Requested-By: ansible
+    status_code: [200, 204]
+  loop: "{{ graylog_streams }}"
+  loop_control:
+    label: "{{ item.title }}"
+  when: item.title in stream_id_map
+  ignore_errors: true
+  tags: graylog-config, streams