diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml index 542cef2..12eb5f6 100644 --- a/ansible/roles/common/handlers/main.yml +++ b/ansible/roles/common/handlers/main.yml @@ -10,3 +10,9 @@ ansible.builtin.service: name: fail2ban state: restarted + +- name: restart fluent-bit + become: true + ansible.builtin.systemd: + name: fluent-bit + state: restarted diff --git a/ansible/roles/podman/tasks/containers/base/fluent-bit.yml b/ansible/roles/common/tasks/fluent-bit.yml similarity index 69% rename from ansible/roles/podman/tasks/containers/base/fluent-bit.yml rename to ansible/roles/common/tasks/fluent-bit.yml index bb81659..7144e81 100644 --- a/ansible/roles/podman/tasks/containers/base/fluent-bit.yml +++ b/ansible/roles/common/tasks/fluent-bit.yml @@ -2,25 +2,6 @@ # Fluent Bit - Log forwarder from journald to Graylog GELF # Deployed as systemd service (not container) for direct journal access -# Clean up old container deployment if it exists -- name: stop and remove fluent-bit container if exists - become: true - become_user: "{{ podman_user }}" - containers.podman.podman_container: - name: fluent-bit - state: absent - ignore_errors: true - -- name: disable old fluent-bit container systemd service - become: true - become_user: "{{ podman_user }}" - ansible.builtin.systemd: - name: fluent-bit - enabled: false - state: stopped - scope: user - ignore_errors: true - - name: install fluent-bit package become: true ansible.builtin.dnf: diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml index 8aca606..db08c36 100644 --- a/ansible/roles/common/tasks/main.yml +++ b/ansible/roles/common/tasks/main.yml @@ -3,6 +3,9 @@ - import_tasks: security.yml - import_tasks: service.yml +- import_tasks: fluent-bit.yml + tags: fluent-bit, graylog + - name: create the docker group become: true ansible.builtin.group: diff --git a/ansible/roles/podman/templates/fluent-bit/fluent-bit.conf.j2 b/ansible/roles/common/templates/fluent-bit/fluent-bit.conf.j2 similarity index 95% rename from ansible/roles/podman/templates/fluent-bit/fluent-bit.conf.j2 rename to ansible/roles/common/templates/fluent-bit/fluent-bit.conf.j2 index 4232a86..6db2b29 100644 --- a/ansible/roles/podman/templates/fluent-bit/fluent-bit.conf.j2 +++ b/ansible/roles/common/templates/fluent-bit/fluent-bit.conf.j2 @@ -74,6 +74,12 @@ # ============================================================================= # FILTERS: Add metadata for Graylog categorization # ============================================================================= +# Exclude Graylog stack containers to prevent feedback loop +[FILTER] + Name grep + Match podman.* + Exclude CONTAINER_NAME ^graylog + [FILTER] Name record_modifier Match podman.* @@ -143,7 +149,7 @@ Name gelf Match * Host 127.0.0.1 - Port 12203 - Mode udp + Port 12202 + Mode tcp Gelf_Short_Message_Key MESSAGE Gelf_Host_Key host diff --git a/ansible/roles/podman/templates/fluent-bit/parsers.conf.j2 b/ansible/roles/common/templates/fluent-bit/parsers.conf.j2 similarity index 100% rename from ansible/roles/podman/templates/fluent-bit/parsers.conf.j2 rename to ansible/roles/common/templates/fluent-bit/parsers.conf.j2 diff --git a/ansible/roles/podman/handlers/main.yml b/ansible/roles/podman/handlers/main.yml index 6d45864..fa095dd 100644 --- a/ansible/roles/podman/handlers/main.yml +++ b/ansible/roles/podman/handlers/main.yml @@ -42,11 +42,3 @@ scope: user tags: - zomboid - -- name: restart fluent-bit - become: true - ansible.builtin.systemd: - name: fluent-bit - state: restarted - tags: - - fluent-bit diff --git a/ansible/roles/podman/tasks/containers/debyltech/geoip.yml b/ansible/roles/podman/tasks/data/geoip.yml similarity index 100% rename from ansible/roles/podman/tasks/containers/debyltech/geoip.yml rename to ansible/roles/podman/tasks/data/geoip.yml diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml index a7c3ba9..ad5dc2a 100644 --- a/ansible/roles/podman/tasks/main.yml +++ b/ansible/roles/podman/tasks/main.yml @@ -31,7 +31,7 @@ - import_tasks: containers/home/hass.yml vars: - image: ghcr.io/home-assistant/home-assistant:2025.9 + image: ghcr.io/home-assistant/home-assistant:2026.1 tags: hass - import_tasks: containers/home/partkeepr.yml @@ -86,15 +86,16 @@ image: docker.io/louislam/uptime-kuma:2.0.2 tags: home, uptime -- import_tasks: containers/debyltech/geoip.yml - tags: debyltech, graylog, geoip +- import_tasks: data/geoip.yml + tags: graylog, geoip - import_tasks: containers/debyltech/graylog.yml + vars: + mongo_image: docker.io/mongo:7.0 + opensearch_image: docker.io/opensearchproject/opensearch:2 + image: docker.io/graylog/graylog:7.0.1 tags: debyltech, graylog -- import_tasks: containers/base/fluent-bit.yml - tags: fluent-bit, graylog - - import_tasks: containers/home/gregtime.yml vars: image: localhost/greg-time-bot:3.0.2 diff --git a/ansible/roles/podman/tasks/podman/podman.yml b/ansible/roles/podman/tasks/podman/podman.yml index 14e6e7e..2744f00 100644 --- a/ansible/roles/podman/tasks/podman/podman.yml +++ b/ansible/roles/podman/tasks/podman/podman.yml @@ -112,6 +112,7 @@ - name: fetch subuid of {{ podman_user }} become: true changed_when: false + check_mode: false ansible.builtin.shell: | set -o pipefail && cat /etc/subuid | awk -F':' '/{{ podman_user }}/{ print $2 }' | head -n 1 register: podman_subuid