From f8303324cbe289d9f42c2f2198566ebcf8c49149 Mon Sep 17 00:00:00 2001
From: Duncan Martin Walker <Duncan.Walker02@bbc.co.uk>
Date: Wed, 5 Feb 2020 17:50:40 +0000
Subject: [PATCH] Propagated ILM changes to auditbeat install

The improvements made to ILM handling in changeset
I2c5c3abd4bb65075f2377227cbbfe31b68b0dc38 did not include auditbeat. This commit
propagates them, such that auditbeat ILM configuration works as for the other
beats.

Change-Id: Icf0190dea0bd1eab14451866f4dca91886812a39
---
 .../roles/elastic_auditbeat/defaults/main.yml | 11 +++++++++
 .../roles/elastic_auditbeat/tasks/main.yml    |  4 ++++
 .../templates/auditbeat.yml.j2                | 24 +++++++++++++++++++
 3 files changed, 39 insertions(+)

diff --git a/elk_metrics_7x/roles/elastic_auditbeat/defaults/main.yml b/elk_metrics_7x/roles/elastic_auditbeat/defaults/main.yml
index 25ab8922..b7264e51 100644
--- a/elk_metrics_7x/roles/elastic_auditbeat/defaults/main.yml
+++ b/elk_metrics_7x/roles/elastic_auditbeat/defaults/main.yml
@@ -14,3 +14,14 @@
 # limitations under the License.
 
 auditbeat_service_state: restarted
+
+auditbeat_ilm_policy_name: "auditbeat-{{ beat_version }}"
+auditbeat_ilm_policy_template: "auditbeat-{{ beat_version }}"
+auditbeat_ilm_policy_filename: "auditbeat-ilm-policy.json"
+auditbeat_ilm_policy_file_location: "/etc/auditbeat"
+
+ilm_policy_name: "{{ auditbeat_ilm_policy_name | default('') }}"
+ilm_policy: "{{ (auditbeat_ilm_policy | default(default_ilm_policy)) | default({}) }}"
+ilm_policy_template: "{{ auditbeat_ilm_policy_template | default('') }}"
+ilm_policy_filename: "{{ (auditbeat_ilm_policy_filename | default(default_ilm_policy_filename)) | default('') }}"
+ilm_policy_file_location: "{{ (auditbeat_ilm_policy_file_location | default(default_ilm_policy_file_location)) | default('') }}"
diff --git a/elk_metrics_7x/roles/elastic_auditbeat/tasks/main.yml b/elk_metrics_7x/roles/elastic_auditbeat/tasks/main.yml
index 2e6cf744..1a25f2d8 100644
--- a/elk_metrics_7x/roles/elastic_auditbeat/tasks/main.yml
+++ b/elk_metrics_7x/roles/elastic_auditbeat/tasks/main.yml
@@ -82,6 +82,10 @@
   notify:
     - Enable and restart auditbeat
 
+- include_role:
+    name: elastic_ilm
+  when: ilm_policy.keys() | length > 0
+
 - name: Run the beat setup role
   include_role:
     name: elastic_beat_setup
diff --git a/elk_metrics_7x/roles/elastic_auditbeat/templates/auditbeat.yml.j2 b/elk_metrics_7x/roles/elastic_auditbeat/templates/auditbeat.yml.j2
index b8affa06..b0e6589a 100644
--- a/elk_metrics_7x/roles/elastic_auditbeat/templates/auditbeat.yml.j2
+++ b/elk_metrics_7x/roles/elastic_auditbeat/templates/auditbeat.yml.j2
@@ -813,6 +813,30 @@ processors:
 #=============================== Template ======================================
 {{ elk_macros.setup_template('auditbeat', inventory_hostname, data_nodes, elasticsearch_beat_settings) }}
 
+#============================== Setup ILM =====================================
+
+# Configure Index Lifecycle Management Index Lifecycle Management creates a
+# write alias and adds additional settings to the template.
+# The elasticsearch.output.index setting will be replaced with the write alias
+# if ILM is enabled.
+
+# Enabled ILM support. Valid values are true, false, and auto. The beat will
+# detect availabilty of Index Lifecycle Management in Elasticsearch and enable
+# or disable ILM support.
+#setup.ilm.enabled: auto
+
+# Configure the ILM write alias name.
+#setup.ilm.rollover_alias: "filebeat"
+
+# Configure rollover index pattern.
+#setup.ilm.pattern: "{now/d}-000001"
+{% if ilm_policy_name is defined %}
+setup.ilm.policy_name: "{{ ilm_policy_name }}"
+{% endif %}
+{% if ilm_policy_file_location is defined %}
+setup.ilm.policy_file: "{{ ilm_policy_file_location }}/{{ ilm_policy_filename }}"
+{% endif %}
+
 #============================== Kibana =====================================
 {% if (groups['kibana'] | length) > 0 %}
 {{ elk_macros.setup_kibana(hostvars[groups['kibana'][0]]['ansible_host'] ~ ':' ~ kibana_port) }}