activate central logging
This commit is contained in:
bovenliggende
e65f04fb32
commit
bf5e0de49c
|
@ -29,7 +29,7 @@ This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
|
|||
4. Adjust hq.nixops, add [hostname]
|
||||
5. Run
|
||||
```shell
|
||||
ssh k-ot@172.20.73.9
|
||||
ssh k-ot@172.20.73.16
|
||||
cd nix-config/
|
||||
nixops deploy -d hq --check --include=[hostname]
|
||||
```
|
||||
|
|
|
@ -17,6 +17,14 @@
|
|||
|
||||
networking = {
|
||||
hostName = "elastic1";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
9200
|
||||
9300
|
||||
];
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
|
|
@ -17,6 +17,21 @@
|
|||
|
||||
networking = {
|
||||
hostName = "logging";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
9000
|
||||
80
|
||||
443
|
||||
5044
|
||||
12201
|
||||
514
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
514
|
||||
];
|
||||
enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
|
@ -24,14 +39,32 @@
|
|||
permitRootLogin = "yes";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
default = {
|
||||
locations = {
|
||||
"/".proxyPass = "http://127.0.0.1:9000/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.graylog = {
|
||||
enable = true;
|
||||
passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
||||
# mongo.serv.zentralwerk. ?
|
||||
elasticsearchHosts = [ "http://172.20.73.10:9200" ];
|
||||
rootPasswordSha2 = "0319baba53abe8b33e1da12fd906c27cbe61fad6a129b9d5ecf196b6661e959d";
|
||||
elasticsearchHosts = [ "http://172.20.73.15:9200" ];
|
||||
rootPasswordSha2 = "3e784172684dcd89d66175b8719cd7894cc96b454ef1d5aa74bd92b3c57da7cd";
|
||||
# mongo.serv.zentralwerk. ?
|
||||
mongodbUri = "mongodb://172.20.73.12/graylog";
|
||||
mongodbUri = "mongodb://172.20.73.14/graylog";
|
||||
extraConfig = ''
|
||||
http_bind_address = 0.0.0.0:9000
|
||||
elasticsearch_shards = 1
|
||||
allow_highlighting = true
|
||||
allow_leading_wildcard_searches = true
|
||||
'';
|
||||
user = "root";
|
||||
};
|
||||
|
||||
system.stateVersion = "19.03"; # Did you read the comment?
|
||||
|
|
|
@ -17,6 +17,13 @@
|
|||
|
||||
networking = {
|
||||
hostName = "mongo";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
27017
|
||||
];
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
|
|
|
@ -5,4 +5,25 @@
|
|||
nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
|
||||
};
|
||||
|
||||
# add central logging
|
||||
services.journalbeat = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
journalbeat:
|
||||
seek_position: cursor
|
||||
cursor_seek_fallback: tail
|
||||
write_cursor_state: true
|
||||
cursor_flush_period: 5s
|
||||
clean_field_names: true
|
||||
convert_to_numbers: false
|
||||
move_metadata_to_field: journal
|
||||
default_type: journal
|
||||
kernel: true
|
||||
output.logstash:
|
||||
# Boolean flag to enable or disable the output module.
|
||||
enabled: true
|
||||
hosts: ["logging.serv.zentralwerk.org:5044", "172.20.73.13:5044"]
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -8,9 +8,12 @@
|
|||
nix.useSandbox = false;
|
||||
nix.maxJobs = lib.mkDefault 1;
|
||||
nix.buildCores = lib.mkDefault 4;
|
||||
networking.useNetworkd = true;
|
||||
#networking.useNetworkd = true;
|
||||
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
|
||||
boot.isContainer = true;
|
||||
|
||||
# /sbin/init
|
||||
boot.loader.initScript.enable = true;
|
||||
boot.loader.grub.enable = false;
|
||||
|
@ -27,6 +30,29 @@
|
|||
|
||||
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
|
||||
|
||||
# add central logging
|
||||
services.journalbeat = {
|
||||
enable = true;
|
||||
tags = [ "container" ];
|
||||
extraConfig = ''
|
||||
journalbeat:
|
||||
seek_position: cursor
|
||||
cursor_seek_fallback: tail
|
||||
write_cursor_state: true
|
||||
cursor_flush_period: 5s
|
||||
clean_field_names: true
|
||||
convert_to_numbers: false
|
||||
move_metadata_to_field: journal
|
||||
default_type: journal
|
||||
kernel: true
|
||||
output.logstash:
|
||||
# Boolean flag to enable or disable the output module.
|
||||
enabled: true
|
||||
hosts: ["logging.serv.zentralwerk.org:5044", "172.20.73.13:5044"]
|
||||
'';
|
||||
};
|
||||
|
||||
# Required for remote deployment
|
||||
services.openssh.enable = true;
|
||||
|
||||
}
|
||||
|
|
Laden…
Verwijs in nieuw issue