refactor: reorganize fluent-bit and geoip out of containers
- Move fluent-bit to common role (systemd service, not a container) - Move geoip to podman/tasks/data/ (data prep, not a container) - Remove debyltech tag from geoip (not a debyltech service) - Fix check_mode for fetch subuid task to enable dry-run mode Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Bastian de Byl
@@ -10,3 +10,9 @@
|
||||
ansible.builtin.service:
|
||||
name: fail2ban
|
||||
state: restarted
|
||||
|
||||
- name: restart fluent-bit
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: fluent-bit
|
||||
state: restarted
|
||||
|
||||
@@ -2,25 +2,6 @@
|
||||
# Fluent Bit - Log forwarder from journald to Graylog GELF
|
||||
# Deployed as systemd service (not container) for direct journal access
|
||||
|
||||
# Clean up old container deployment if it exists
|
||||
- name: stop and remove fluent-bit container if exists
|
||||
become: true
|
||||
become_user: "{{ podman_user }}"
|
||||
containers.podman.podman_container:
|
||||
name: fluent-bit
|
||||
state: absent
|
||||
ignore_errors: true
|
||||
|
||||
- name: disable old fluent-bit container systemd service
|
||||
become: true
|
||||
become_user: "{{ podman_user }}"
|
||||
ansible.builtin.systemd:
|
||||
name: fluent-bit
|
||||
enabled: false
|
||||
state: stopped
|
||||
scope: user
|
||||
ignore_errors: true
|
||||
|
||||
- name: install fluent-bit package
|
||||
become: true
|
||||
ansible.builtin.dnf:
|
||||
@@ -3,6 +3,9 @@
|
||||
- import_tasks: security.yml
|
||||
- import_tasks: service.yml
|
||||
|
||||
- import_tasks: fluent-bit.yml
|
||||
tags: fluent-bit, graylog
|
||||
|
||||
- name: create the docker group
|
||||
become: true
|
||||
ansible.builtin.group:
|
||||
|
||||
@@ -74,6 +74,12 @@
|
||||
# =============================================================================
|
||||
# FILTERS: Add metadata for Graylog categorization
|
||||
# =============================================================================
|
||||
# Exclude Graylog stack containers to prevent feedback loop
|
||||
[FILTER]
|
||||
Name grep
|
||||
Match podman.*
|
||||
Exclude CONTAINER_NAME ^graylog
|
||||
|
||||
[FILTER]
|
||||
Name record_modifier
|
||||
Match podman.*
|
||||
@@ -143,7 +149,7 @@
|
||||
Name gelf
|
||||
Match *
|
||||
Host 127.0.0.1
|
||||
Port 12203
|
||||
Mode udp
|
||||
Port 12202
|
||||
Mode tcp
|
||||
Gelf_Short_Message_Key MESSAGE
|
||||
Gelf_Host_Key host
|
||||
@@ -42,11 +42,3 @@
|
||||
scope: user
|
||||
tags:
|
||||
- zomboid
|
||||
|
||||
- name: restart fluent-bit
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: fluent-bit
|
||||
state: restarted
|
||||
tags:
|
||||
- fluent-bit
|
||||
|
||||
@@ -31,7 +31,7 @@
|
||||
|
||||
- import_tasks: containers/home/hass.yml
|
||||
vars:
|
||||
image: ghcr.io/home-assistant/home-assistant:2025.9
|
||||
image: ghcr.io/home-assistant/home-assistant:2026.1
|
||||
tags: hass
|
||||
|
||||
- import_tasks: containers/home/partkeepr.yml
|
||||
@@ -86,15 +86,16 @@
|
||||
image: docker.io/louislam/uptime-kuma:2.0.2
|
||||
tags: home, uptime
|
||||
|
||||
- import_tasks: containers/debyltech/geoip.yml
|
||||
tags: debyltech, graylog, geoip
|
||||
- import_tasks: data/geoip.yml
|
||||
tags: graylog, geoip
|
||||
|
||||
- import_tasks: containers/debyltech/graylog.yml
|
||||
vars:
|
||||
mongo_image: docker.io/mongo:7.0
|
||||
opensearch_image: docker.io/opensearchproject/opensearch:2
|
||||
image: docker.io/graylog/graylog:7.0.1
|
||||
tags: debyltech, graylog
|
||||
|
||||
- import_tasks: containers/base/fluent-bit.yml
|
||||
tags: fluent-bit, graylog
|
||||
|
||||
- import_tasks: containers/home/gregtime.yml
|
||||
vars:
|
||||
image: localhost/greg-time-bot:3.0.2
|
||||
|
||||
@@ -112,6 +112,7 @@
|
||||
- name: fetch subuid of {{ podman_user }}
|
||||
become: true
|
||||
changed_when: false
|
||||
check_mode: false
|
||||
ansible.builtin.shell: |
|
||||
set -o pipefail && cat /etc/subuid | awk -F':' '/{{ podman_user }}/{ print $2 }' | head -n 1
|
||||
register: podman_subuid
|
||||
|
||||
Reference in New Issue
Block a user