diff --git a/elk_metrics_7x/roles/elastic_heartbeat/templates/heartbeat.yml.j2 b/elk_metrics_7x/roles/elastic_heartbeat/templates/heartbeat.yml.j2 index 19ead7aa..f16cfb17 100644 --- a/elk_metrics_7x/roles/elastic_heartbeat/templates/heartbeat.yml.j2 +++ b/elk_metrics_7x/roles/elastic_heartbeat/templates/heartbeat.yml.j2 @@ -1053,384 +1053,3 @@ setup.ilm.policy_file: "{{ ilm_policy_file_location }}/{{ ilm_policy_filename }} # This allows to enable 6.7 migration aliases #migration.6_to_7.enabled: false -################### Heartbeat Configuration Example ######################### - -# This file is a full configuration example documenting all non-deprecated -# options in comments. For a shorter configuration example, that contains -# only some common options, please see heartbeat.yml in the same directory. -# -# You can find the full configuration reference here: -# https://www.elastic.co/guide/en/beats/heartbeat/index.html - -############################# Heartbeat ###################################### -{% set icmp_hosts = [] %} -{% for host_item in groups['all'] %} -{% if hostvars[host_item]['ansible_host'] is defined %} -{% set _ = icmp_hosts.extend([hostvars[host_item]['ansible_host']]) %} -{% endif %} -{% endfor %} - -# Define a directory to load monitor definitions from. Definitions take the form -# of individual yaml files. -heartbeat.config.monitors: - # Directory + glob pattern to search for configuration files - path: ${path.config}/monitors.d/*.yml - # If enabled, heartbeat will periodically check the config.monitors path for changes - reload.enabled: false - # How often to check for changes - reload.period: 5s - -# Configure monitors -heartbeat.monitors: -- type: icmp # monitor type `icmp` (requires root) uses ICMP Echo Request to ping - # configured hosts - - # Monitor name used for job name and document type. - name: icmp - - # Enable/Disable monitor - enabled: true - - # Configure task schedule using cron-like syntax - schedule: '*/5 * * * * * *' # exactly every 5 seconds like 10:00:00, 10:00:05, ... - - # List of hosts to ping - hosts: {{ (icmp_hosts | default([])) | to_json }} - # Configure IP protocol types to ping on if hostnames are configured. - # Ping all resolvable IPs if `mode` is `all`, or only one IP if `mode` is `any`. - ipv4: true - ipv6: true - mode: any - - # Total running time per ping test. - timeout: {{ icmp_hosts | length }}s - - # Waiting duration until another ICMP Echo Request is emitted. - wait: 1s - - # The tags of the monitors are included in their own field with each - # transaction published. Tags make it easy to group servers by different - # logical properties. - #tags: ["service-X", "web-tier"] - - # Optional fields that you can specify to add additional information to the - # monitor output. Fields can be scalar values, arrays, dictionaries, or any nested - # combination of these. - #fields: - # env: staging - - # If this option is set to true, the custom fields are stored as top-level - # fields in the output document instead of being grouped under a fields - # sub-dictionary. Default is false. - #fields_under_root: false - - # NOTE: THIS FEATURE IS DEPRECATED AND WILL BE REMOVED IN A FUTURE RELEASE - # Configure file json file to be watched for changes to the monitor: - #watch.poll_file: - # Path to check for updates. - #path: - - # Interval between file file changed checks. - #interval: 5s - -# Define a directory to load monitor definitions from. Definitions take the form -# of individual yaml files. -# heartbeat.config.monitors: - # Directory + glob pattern to search for configuration files - #path: /path/to/my/monitors.d/*.yml - # If enabled, heartbeat will periodically check the config.monitors path for changes - #reload.enabled: true - # How often to check for changes - #reload.period: 1s - -{% for item in heartbeat_services %} -{% if item.type == 'tcp' %} -{% set hosts = [] %} -{% for port in item.ports | default([]) %} -{% for backend in item.group | default([]) %} -{% set backend_host = hostvars[backend]['ansible_host'] %} -{% set _ = hosts.extend([backend_host + ":" + (port | string)]) %} -{% endfor %} -{% endfor %} -{% if hosts | length > 0 %} -- type: tcp # monitor type `tcp`. Connect via TCP and optionally verify endpoint - # by sending/receiving a custom payload - - # Monitor name used for job name and document type - name: "{{ item.name }}" - - # Enable/Disable monitor - enabled: true - - # Configure task schedule - schedule: '@every 5s' # every 5 seconds from start of beat - - # configure hosts to ping. - # Entries can be: - # - plain host name or IP like `localhost`: - # Requires ports configs to be checked. If ssl is configured, - # a SSL/TLS based connection will be established. Otherwise plain tcp connection - # will be established - # - hostname + port like `localhost:12345`: - # Connect to port on given host. If ssl is configured, - # a SSL/TLS based connection will be established. Otherwise plain tcp connection - # will be established - # - full url syntax. `scheme://:[port]`. The `` can be one of - # `tcp`, `plain`, `ssl` and `tls`. If `tcp`, `plain` is configured, a plain - # tcp connection will be established, even if ssl is configured. - # Using `tls`/`ssl`, an SSL connection is established. If no ssl is configured, - # system defaults will be used (not supported on windows). - # If `port` is missing in url, the ports setting is required. - hosts: {{ (hosts | default([])) | to_json }} - - # Configure IP protocol types to ping on if hostnames are configured. - # Ping all resolvable IPs if `mode` is `all`, or only one IP if `mode` is `any`. - ipv4: true - ipv6: true - mode: any - - # List of ports to ping if host does not contain a port number - # ports: [80, 9200, 5044] - - # Total test connection and data exchange timeout - #timeout: 16s - - # Optional payload string to send to remote and expected answer. If none is - # configured, the endpoint is expected to be up if connection attempt was - # successful. If only `send_string` is configured, any response will be - # accepted as ok. If only `receive_string` is configured, no payload will be - # send, but client expects to receive expected payload on connect. - #check: - #send: '' - #receive: '' - - # SOCKS5 proxy url - # proxy_url: '' - - # Resolve hostnames locally instead on SOCKS5 server: - #proxy_use_local_resolver: false - - # TLS/SSL connection settings: - #ssl: - # Certificate Authorities - #certificate_authorities: [''] - - # Required TLS protocols - #supported_protocols: ["TLSv1.0", "TLSv1.1", "TLSv1.2"] -{% endif %} -{% elif item.type == 'http' %} -{% set hosts = [] %} -{% for port in item.ports | default([]) %} -{% for backend in item.group | default([]) %} -{% set backend_host = hostvars[backend]['ansible_host'] %} -{% set _ = hosts.extend(["http://" + backend_host + ":" + (port | string) + item.path]) %} -{% endfor %} -{% endfor %} -{% if hosts | length > 0 %} - # NOTE: THIS FEATURE IS DEPRECATED AND WILL BE REMOVED IN A FUTURE RELEASE - # Configure file json file to be watched for changes to the monitor: - #watch.poll_file: - # Path to check for updates. - #path: - - # Interval between file file changed checks. - #interval: 5s - -- type: http # monitor type `http`. Connect via HTTP an optionally verify response - - # Monitor name used for job name and document type - name: "{{ item.name }}" - - # Enable/Disable monitor - enabled: true - - # Configure task schedule - schedule: '@every 5s' # every 5 seconds from start of beat - - # Configure URLs to ping - urls: {{ (hosts | default([])) | to_json }} - - # Configure IP protocol types to ping on if hostnames are configured. - # Ping all resolvable IPs if `mode` is `all`, or only one IP if `mode` is `any`. - ipv4: true - ipv6: true - mode: any - - # Configure file json file to be watched for changes to the monitor: - #watch.poll_file: - # Path to check for updates. - #path: - - # Interval between file file changed checks. - #interval: 5s - - # Optional HTTP proxy url. - #proxy_url: '' - - # Total test connection and data exchange timeout - #timeout: 16s - - # Optional Authentication Credentials - #username: '' - #password: '' - - # TLS/SSL connection settings for use with HTTPS endpoint. If not configured - # system defaults will be used. - #ssl: - # Certificate Authorities - #certificate_authorities: [''] - - # Required TLS protocols - #supported_protocols: ["TLSv1.0", "TLSv1.1", "TLSv1.2"] - - # Request settings: - check.request: - # Configure HTTP method to use. Only 'HEAD', 'GET' and 'POST' methods are allowed. - method: "{{ item.method }}" - - # Dictionary of additional HTTP headers to send: - headers: - User-agent: osa-heartbeat-healthcheck - # Optional request body content - #body: - - # Expected response settings -{% if item.check_response is defined %} - check.response: {{ item.check_response }} - #check.response: - # Expected status code. If not configured or set to 0 any status code not - # being 404 is accepted. - #status: 0 - - # Required response headers. - #headers: - - # Required response contents. - #body: -{% endif %} -{% endif %} -{% endif %} -{% endfor %} - - # Parses the body as JSON, then checks against the given condition expression - #json: - #- description: Explanation of what the check does - # condition: - # equals: - # myField: expectedValue - - - # NOTE: THIS FEATURE IS DEPRECATED AND WILL BE REMOVED IN A FUTURE RELEASE - # Configure file json file to be watched for changes to the monitor: - #watch.poll_file: - # Path to check for updates. - #path: - - # Interval between file file changed checks. - #interval: 5s - - -heartbeat.scheduler: - # Limit number of concurrent tasks executed by heartbeat. The task limit if - # disabled if set to 0. The default is 0. - #username: "beats_system" - #password: "changeme" - - # Dictionary of HTTP parameters to pass within the URL with index operations. - #parameters: - #param1: value1 - #param2: value2 - - # Custom HTTP headers to add to each request - #headers: - # X-My-Header: Contents of the header - - # Proxy server url - #proxy_url: http://proxy:3128 - - # The number of times a particular Elasticsearch index operation is attempted. If - # the indexing operation doesn't succeed after this many retries, the events are - # dropped. The default is 3. - #max_retries: 3 - - # The maximum number of events to bulk in a single Elasticsearch bulk API index request. - # The default is 50. - #bulk_max_size: 50 - - # The number of seconds to wait before trying to reconnect to Elasticsearch - # after a network error. After waiting backoff.init seconds, the Beat - # tries to reconnect. If the attempt fails, the backoff timer is increased - # exponentially up to backoff.max. After a successful connection, the backoff - # timer is reset. The default is 1s. - #backoff.init: 1s - - # The maximum number of seconds to wait before attempting to connect to - # Elasticsearch after a network error. The default is 60s. - #backoff.max: 60s - - # Configure HTTP request timeout before failing an request to Elasticsearch. - #timeout: 90 - - # Use SSL settings for HTTPS. - #ssl.enabled: true - - # Configure SSL verification mode. If `none` is configured, all server hosts - # and certificates will be accepted. In this mode, SSL based connections are - # susceptible to man-in-the-middle attacks. Use only for testing. Default is - # `full`. - #ssl.verification_mode: full - - # List of supported/valid TLS versions. By default all TLS versions from 1.0 up to - # 1.2 are enabled. - #ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2] - - # SSL configuration. The default is off. - # List of root certificates for HTTPS server verifications - #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] - - # Certificate for SSL client authentication - #ssl.certificate: "/etc/pki/client/cert.pem" - - # Client certificate key - #ssl.key: "/etc/pki/client/cert.key" - - # Optional passphrase for decrypting the certificate key. - #ssl.key_passphrase: '' - - # Configure cipher suites to be used for SSL connections - #ssl.cipher_suites: [] - - # Configure curve types for ECDHE-based cipher suites - #ssl.curve_types: [] - - # Configure what types of renegotiation are supported. Valid options are - # never, once, and freely. Default is never. - #ssl.renegotiation: never - - #metrics.period: 10s - #state.period: 1m - -#================================ HTTP Endpoint ====================================== -# Each beat can expose internal metrics through a HTTP endpoint. For security -# reasons the endpoint is disabled by default. This feature is currently experimental. -# Stats can be access through http://localhost:5066/stats . For pretty JSON output -# append ?pretty to the URL. - -# Defines if the HTTP endpoint is enabled. -#http.enabled: false - -# The HTTP endpoint will bind to this hostname or IP address. It is recommended to use only localhost. -#http.host: localhost - -# Port on which the HTTP endpoint will bind. Default is 5066. -#http.port: 5066 - -#============================= Process Security ================================ - -# Enable or disable seccomp system call filtering on Linux. Default is enabled. -#seccomp.enabled: true - -#================================= Migration ================================== - -# This allows to enable 6.7 migration aliases -#migration.6_to_7.enabled: false