activate central logging

This commit is contained in:
Daniel Poelzleithner 2019-07-04 04:23:39 +02:00
parent e65f04fb32
commit bf5e0de49c
6 changed files with 100 additions and 5 deletions

View File

@ -29,7 +29,7 @@ This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
4. Adjust hq.nixops, add [hostname]
5. Run
```shell
ssh k-ot@172.20.73.9
ssh k-ot@172.20.73.16
cd nix-config/
nixops deploy -d hq --check --include=[hostname]
```

View File

@ -17,6 +17,14 @@
networking = {
hostName = "elastic1";
firewall = {
allowedTCPPorts = [
22
9200
9300
];
enable = true;
};
};
nixpkgs.config.allowUnfree = true;

View File

@ -17,6 +17,21 @@
networking = {
hostName = "logging";
firewall = {
allowedTCPPorts = [
22
9000
80
443
5044
12201
514
];
allowedUDPPorts = [
514
];
enable = false;
};
};
services.openssh = {
@ -24,14 +39,32 @@
permitRootLogin = "yes";
};
services.nginx = {
enable = true;
virtualHosts = {
default = {
locations = {
"/".proxyPass = "http://127.0.0.1:9000/";
};
};
};
};
services.graylog = {
enable = true;
passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
# mongo.serv.zentralwerk. ?
elasticsearchHosts = [ "http://172.20.73.10:9200" ];
rootPasswordSha2 = "0319baba53abe8b33e1da12fd906c27cbe61fad6a129b9d5ecf196b6661e959d";
elasticsearchHosts = [ "http://172.20.73.15:9200" ];
rootPasswordSha2 = "3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
# mongo.serv.zentralwerk. ?
mongodbUri = "mongodb://172.20.73.12/graylog";
mongodbUri = "mongodb://172.20.73.14/graylog";
extraConfig = ''
http_bind_address = 0.0.0.0:9000
elasticsearch_shards = 1
allow_highlighting = true
allow_leading_wildcard_searches = true
'';
user = "root";
};
system.stateVersion = "19.03"; # Did you read the comment?

View File

@ -17,6 +17,13 @@
networking = {
hostName = "mongo";
firewall = {
allowedTCPPorts = [
22
27017
];
enable = true;
};
};
services.openssh = {

View File

@ -5,4 +5,25 @@
nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
};
# add central logging
services.journalbeat = {
enable = true;
extraConfig = ''
journalbeat:
seek_position: cursor
cursor_seek_fallback: tail
write_cursor_state: true
cursor_flush_period: 5s
clean_field_names: true
convert_to_numbers: false
move_metadata_to_field: journal
default_type: journal
kernel: true
output.logstash:
# Boolean flag to enable or disable the output module.
enabled: true
hosts: ["logging.serv.zentralwerk.org:5044", "172.20.73.13:5044"]
'';
};
}

View File

@ -8,9 +8,12 @@
nix.useSandbox = false;
nix.maxJobs = lib.mkDefault 1;
nix.buildCores = lib.mkDefault 4;
networking.useNetworkd = true;
#networking.useNetworkd = true;
networking.interfaces.eth0.useDHCP = true;
boot.isContainer = true;
# /sbin/init
boot.loader.initScript.enable = true;
boot.loader.grub.enable = false;
@ -27,6 +30,29 @@
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
# add central logging
services.journalbeat = {
enable = true;
tags = [ "container" ];
extraConfig = ''
journalbeat:
seek_position: cursor
cursor_seek_fallback: tail
write_cursor_state: true
cursor_flush_period: 5s
clean_field_names: true
convert_to_numbers: false
move_metadata_to_field: journal
default_type: journal
kernel: true
output.logstash:
# Boolean flag to enable or disable the output module.
enabled: true
hosts: ["logging.serv.zentralwerk.org:5044", "172.20.73.13:5044"]
'';
};
# Required for remote deployment
services.openssh.enable = true;
}