应审计要求,系统日志需保留1年时间,现将私有云上所有的系统日志message上送elk平台
[root@xxx-1 opt]# more /etc/ansible/yaml/product/message_elk.yaml
#上传私有云系统日志message至elk平台
---
- hosts: "{{ hostlist }}"
remote_user: root
gather_facts: no
tasks:
- name: copy file and untar
unarchive:
copy: yes
src: /root/filebeat.tar.gz
dest: /opt
mode: 0755
owner: root
register: copy_untar_files
- name: copy sh
copy:
src: /tmp/checkfilebeat.sh
dest: /opt
mode: 0755
owner: root
backup: yes
register: copy_sh
- name: install crontab
cron:
minute: "*/20"
user: root
job: /opt/checkfilebeat.sh >/dev/null 2>&1
name: check and start filebeat
脚本checkfilebeat.sh会检查filebeat进程,若不存在则会自动拉起来
[root@xxx-1 product]# ansible-playbook message_elk.yaml -e hostlist=all
执行时若出现卡顿情况可分批执行:
[root@kfzx-filestorge-1 product]# ansible-playbook message_elk.yaml -e hostlist=xa-1,xb-2,xc-1,xd-1,xe-1,xf
[root@xxx-1 opt]# ansible -m shell -a "ps -ef|grep filebeat|grep -v grep " all