diff --git a/docs/role-logstash.md b/docs/role-logstash.md index f1a8407b..e0a8d142 100644 --- a/docs/role-logstash.md +++ b/docs/role-logstash.md @@ -87,6 +87,7 @@ Aside from `logstash.yml` we can manage Logstashs pipelines. * *logstash_sniffing_delay*: How long to wait, in seconds, between sniffing attempts (Default: `not set`). * *logstash_sniffing_path*: HTTP Path to be used for the sniffing requests (Default: `not set`). * *logstash_legacy_monitoring*: Enables legacy monitoring - ignored when `elasticstack_full_stack` is not set. (default: `true`) +* *logstash_redis_password*: If set this will use this password when connecting our simple inputs and outputs to Redis. (default: not set) The following variables configure Log4j for Logstash. All default to `true` as this is the default after the installation. diff --git a/molecule/elasticstack_default/converge.yml b/molecule/elasticstack_default/converge.yml index 009b0fdd..0aab909e 100644 --- a/molecule/elasticstack_default/converge.yml +++ b/molecule/elasticstack_default/converge.yml @@ -18,6 +18,8 @@ elasticstack_full_stack: true elasticstack_no_log: false logstash_pipeline_unsafe_shutdown: true + logstash_redis_password: "ThisIsMyRedisTest" + redis_requirepass: "{{ logstash_redis_password }}" beats_filebeat_syslog_udp: true beats_filebeat_syslog_tcp: true beats_filebeat_modules: diff --git a/molecule/logstash_pipelines/converge.yml b/molecule/logstash_pipelines/converge.yml index cb33dcb0..34b1308d 100644 --- a/molecule/logstash_pipelines/converge.yml +++ b/molecule/logstash_pipelines/converge.yml @@ -30,6 +30,7 @@ logstash_pipeline_identifier_field_name: "[mytest][pipelines]" logstash_pipeline_identifier_defaults: true logstash_pipeline_unsafe_shutdown: true + redis_requirepass: "{{ logstash_redis_password }}" elasticstack_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" elasticstack_full_stack: false elasticstack_no_log: false diff --git a/roles/logstash/templates/redis-input.conf.j2 b/roles/logstash/templates/redis-input.conf.j2 index 8b23e30a..0481dc53 100644 --- a/roles/logstash/templates/redis-input.conf.j2 +++ b/roles/logstash/templates/redis-input.conf.j2 @@ -3,5 +3,8 @@ input { host => "localhost" data_type => "list" key => "forwarder" +{% if logstash_redis_password is defined %} + password => "{{ logstash_redis_password }}" +{% endif %} } } diff --git a/roles/logstash/templates/redis-output.conf.j2 b/roles/logstash/templates/redis-output.conf.j2 index 1c3b2e3a..59c5a578 100644 --- a/roles/logstash/templates/redis-output.conf.j2 +++ b/roles/logstash/templates/redis-output.conf.j2 @@ -14,5 +14,8 @@ output { data_type => "list" key => "input" {% if logstash_beats_input_congestion is defined %} congestion_threshold => {{ logstash_beats_input_congestion }}{% endif %} +{% if logstash_redis_password is defined %} + password => "{{ logstash_redis_password }}" +{% endif %} } } diff --git a/roles/logstash/templates/simple-input.conf.j2 b/roles/logstash/templates/simple-input.conf.j2 index 528ba4c7..ce871c7f 100644 --- a/roles/logstash/templates/simple-input.conf.j2 +++ b/roles/logstash/templates/simple-input.conf.j2 @@ -6,6 +6,9 @@ input { host => "localhost" data_type => "list" key => "{{ input.key }}" +{% if logstash_redis_password is defined %} + password => "{{ logstash_redis_password }}" +{% endif %} } {% endfor %} diff --git a/roles/logstash/templates/simple-output.conf.j2 b/roles/logstash/templates/simple-output.conf.j2 index 78fab47c..4b3ace63 100644 --- a/roles/logstash/templates/simple-output.conf.j2 +++ b/roles/logstash/templates/simple-output.conf.j2 @@ -19,6 +19,9 @@ output { host => "localhost" data_type => "list" key => "{{ output.key }}" +{% if logstash_redis_password is defined %} + password => "{{ logstash_redis_password }}" +{% endif %} {% if output.congestion is defined %}congestion_threshold => {{ output.congestion }}{% endif %} }