refactor: reorganize fluent-bit and geoip out of containers

- Move fluent-bit to common role (systemd service, not a container) - Move geoip to podman/tasks/data/ (data prep, not a container) - Remove debyltech tag from geoip (not a debyltech service) - Fix check_mode for fetch subuid task to enable dry-run mode Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 12:34:43 -05:00
parent 9d562c7188
commit 61692b36a2
9 changed files with 25 additions and 35 deletions
--- a/ansible/roles/common/tasks/fluent-bit.yml
+++ b/ansible/roles/common/tasks/fluent-bit.yml
@@ -0,0 +1,45 @@
+---
+# Fluent Bit - Log forwarder from journald to Graylog GELF
+# Deployed as systemd service (not container) for direct journal access
+
+- name: install fluent-bit package
+  become: true
+  ansible.builtin.dnf:
+    name: fluent-bit
+    state: present
+
+- name: create fluent-bit state directory for tail db files
+  become: true
+  ansible.builtin.file:
+    path: /var/lib/fluent-bit
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: deploy fluent-bit parsers configuration
+  become: true
+  ansible.builtin.template:
+    src: fluent-bit/parsers.conf.j2
+    dest: /etc/fluent-bit/parsers.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart fluent-bit
+
+- name: deploy fluent-bit configuration
+  become: true
+  ansible.builtin.template:
+    src: fluent-bit/fluent-bit.conf.j2
+    dest: /etc/fluent-bit/fluent-bit.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart fluent-bit
+
+- name: enable and start fluent-bit service
+  become: true
+  ansible.builtin.systemd:
+    name: fluent-bit
+    enabled: true
+    state: started