Deploying Journalbeat via Minionless Salt
• Mark Eschbach
Alrighty! So now to actually start feeding ElasticSearch some data. journalbeat looks reasonable to gather system logs and ship them to ElasticSearch. First up, a little more YAML Salt:
/srv/elastic/journalbeat:
archive.extracted:
- source: https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-7.1.1-linux-x86_64.tar.gz
- source_hash: https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-7.1.1-linux-x86_64.tar.gz.sha512
- options: "-v --strip-components=1 -C /srv/elastic/journalbeat"
- enforce_toplevel: False
file.directory:
- user: root
- group: root
- recurse:
- user
- group
/etc/journalbeat.yml:
file.managed:
- source: salt://journalbeat.yml
- user: root
- group: root
- mode: 0444
/etc/systemd/system/journalbeat.service:
file.managed:
- source: salt://journalbeat.service
- user: root
- group: root
- mode: 0444
service.running:
- name: journalbeat
- enable: True
- reload: True
Well, that was super easy. The service file I am currently using is:
[Unit]
Description=journalbeat
Wants=elasticsearch.service
After=elasticsearch.service
[Service]
User=root
Group=root
Type=simple
ExecStart=/srv/elastic/journalbeat/journalbeat -c /etc/journalbeat.yml
# Set Sandboxing
PrivateTmp=true
PrivateUsers=true
Restart=on-failure
RestartSec=2