Browse Source

activate central logging

pull/1/head
Daniel Poelzleithner 1 year ago
parent
commit
bf5e0de49c

+ 1
- 1
README.md View File

@@ -29,7 +29,7 @@ This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
29 29
 4. Adjust hq.nixops, add  [hostname]
30 30
 5. Run
31 31
     ```shell
32
-    ssh k-ot@172.20.73.9
32
+    ssh k-ot@172.20.73.16
33 33
     cd nix-config/
34 34
     nixops deploy -d hq --check --include=[hostname]
35 35
     ```

+ 8
- 0
hosts/containers/elastic/configuration.nix View File

@@ -17,6 +17,14 @@
17 17
 
18 18
   networking = {
19 19
     hostName = "elastic1";
20
+    firewall = {
21
+      allowedTCPPorts = [ 
22
+        22
23
+        9200
24
+        9300
25
+      ];
26
+      enable = true;
27
+    };
20 28
   };
21 29
 
22 30
   nixpkgs.config.allowUnfree = true; 

+ 36
- 3
hosts/containers/logging/configuration.nix View File

@@ -17,6 +17,21 @@
17 17
 
18 18
   networking = {
19 19
     hostName = "logging";
20
+    firewall = {
21
+      allowedTCPPorts = [ 
22
+        22
23
+        9000
24
+        80
25
+        443
26
+        5044
27
+        12201
28
+        514
29
+      ];
30
+      allowedUDPPorts = [ 
31
+        514
32
+      ];
33
+      enable = false;
34
+    };
20 35
   };
21 36
 
22 37
   services.openssh = {
@@ -24,14 +39,32 @@
24 39
     permitRootLogin = "yes";
25 40
   };
26 41
 
42
+  services.nginx = {
43
+    enable = true;
44
+    virtualHosts = {
45
+      default = {
46
+        locations = {
47
+          "/".proxyPass = "http://127.0.0.1:9000/";
48
+        };
49
+      };
50
+    };
51
+  };
52
+
27 53
   services.graylog = {
28 54
     enable = true;
29 55
     passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
30 56
     # mongo.serv.zentralwerk. ?
31
-    elasticsearchHosts = [ "http://172.20.73.10:9200" ];
32
-    rootPasswordSha2 = "0319baba53abe8b33e1da12fd906c27cbe61fad6a129b9d5ecf196b6661e959d";
57
+    elasticsearchHosts = [ "http://172.20.73.15:9200" ];
58
+    rootPasswordSha2 = "3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
33 59
     # mongo.serv.zentralwerk. ?
34
-    mongodbUri = "mongodb://172.20.73.12/graylog";
60
+    mongodbUri = "mongodb://172.20.73.14/graylog";
61
+    extraConfig = ''
62
+    http_bind_address = 0.0.0.0:9000
63
+    elasticsearch_shards = 1
64
+    allow_highlighting = true
65
+    allow_leading_wildcard_searches = true
66
+    '';
67
+    user = "root";
35 68
   };
36 69
 
37 70
   system.stateVersion = "19.03"; # Did you read the comment?

+ 7
- 0
hosts/containers/mongo/configuration.nix View File

@@ -17,6 +17,13 @@
17 17
 
18 18
   networking = {
19 19
     hostName = "mongo";
20
+    firewall = {
21
+      allowedTCPPorts = [ 
22
+        22
23
+        27017
24
+      ];
25
+      enable = true;
26
+    };
20 27
   };
21 28
 
22 29
   services.openssh = {

+ 21
- 0
lib/common/common.nix View File

@@ -5,4 +5,25 @@
5 5
     nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
6 6
   };
7 7
 
8
+  # add central logging
9
+  services.journalbeat = {
10
+    enable = true;
11
+    extraConfig = ''
12
+      journalbeat:
13
+        seek_position: cursor
14
+        cursor_seek_fallback: tail
15
+        write_cursor_state: true
16
+        cursor_flush_period: 5s
17
+        clean_field_names: true
18
+        convert_to_numbers: false
19
+        move_metadata_to_field: journal
20
+        default_type: journal
21
+        kernel: true
22
+      output.logstash:
23
+        # Boolean flag to enable or disable the output module.
24
+        enabled: true
25
+        hosts: ["logging.serv.zentralwerk.org:5044", "172.20.73.13:5044"]
26
+        '';
27
+  };
28
+
8 29
 }

+ 27
- 1
lib/lxc-container.nix View File

@@ -8,9 +8,12 @@
8 8
   nix.useSandbox = false;
9 9
   nix.maxJobs = lib.mkDefault 1;
10 10
   nix.buildCores = lib.mkDefault 4;
11
-  networking.useNetworkd = true;
11
+  #networking.useNetworkd = true;
12
+
13
+  networking.interfaces.eth0.useDHCP = true;
12 14
 
13 15
   boot.isContainer = true;
16
+
14 17
   # /sbin/init
15 18
   boot.loader.initScript.enable = true;
16 19
   boot.loader.grub.enable = false;
@@ -27,6 +30,29 @@
27 30
 
28 31
   fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
29 32
 
33
+  # add central logging
34
+  services.journalbeat = {
35
+    enable = true;
36
+    tags = [ "container" ];
37
+    extraConfig = ''
38
+      journalbeat:
39
+        seek_position: cursor
40
+        cursor_seek_fallback: tail
41
+        write_cursor_state: true
42
+        cursor_flush_period: 5s
43
+        clean_field_names: true
44
+        convert_to_numbers: false
45
+        move_metadata_to_field: journal
46
+        default_type: journal
47
+        kernel: true
48
+      output.logstash:
49
+        # Boolean flag to enable or disable the output module.
50
+        enabled: true
51
+        hosts: ["logging.serv.zentralwerk.org:5044", "172.20.73.13:5044"]
52
+        '';
53
+  };
54
+
30 55
   # Required for remote deployment
31 56
   services.openssh.enable = true;
57
+
32 58
 }

Loading…
Cancel
Save