version upgrades

filebeat added

README.md

@@ -5,21 +5,21 @@
 In case you need a local cluster providing Kafka (**with SSL and ACL**) including a monitoring suite.
 
 * [Apache Kafka 2.0.0](http://kafka.apache.org/20/documentation.html)
-* [Elastic Search 6.4.0](https://www.elastic.co/guide/en/elasticsearch/reference/6.4/index.html)
-* [Logstash 6.4.0](https://www.elastic.co/guide/en/logstash/6.4/index.html)
-* [Kibana 6.4.0](https://www.elastic.co/guide/en/kibana/6.4/index.html)
-* [Grafana 5.2.4](https://grafana.com)
-* [Graphite 0.9.16](https://graphiteapp.org)
+* [Elastic Search 6.5.4](https://www.elastic.co/guide/en/elasticsearch/reference/6.5/index.html)
+* [Logstash 6.5.4](https://www.elastic.co/guide/en/logstash/6.5/index.html)
+* [Kibana 6.5.4](https://www.elastic.co/guide/en/kibana/6.5/index.html)
+* [Grafana 5.4.2](https://grafana.com)
+* [Graphite-Web & Python-Carbon 0.9.16](https://graphiteapp.org)
 * [Jmxtrans Agent 1.2.6](https://github.com/jmxtrans/jmxtrans-agent/)
 * [Burrow 1.1.0](https://github.com/linkedin/Burrow)
 * [Diamond 4.0.515](https://diamond.readthedocs.io/en/latest/)
 
 ## Prerequisites
 
-* [Vagrant](https://www.vagrantup.com) (tested with 2.1.2)
-* [VirtualBox](http://virtualbox.org) (tested with 5.2.18)
-* [Ansible](http://docs.ansible.com/ansible/index.html) (tested with 2.6.4)
-* The VMs take approx 12 GB of RAM, so you should have more than that.
+* [Vagrant](https://www.vagrantup.com) (tested with 2.2.3)
+* [VirtualBox](http://virtualbox.org) (tested with 6.0.0)
+* [Ansible](http://docs.ansible.com/ansible/index.html) (tested with 2.7.5)
+* The VMs take approx 15 GB of RAM, so you should have more than that.
 
 
 :warning: Vagrant might ask you for your admin password. The reason behind is, that `vagrant-hostsupdater` is used to have the vms available with their names in your network.
@@ -61,7 +61,7 @@ The result if everything wents fine should be
 |Elasticsearch|[http://mon-1:9200](http://mon-1:9200)|
 |Grafana|[http://mon-2:3000](http://mon-2:3000)|
 |Graphite|[http://mon-2](http://mon-2)|
-|Burrow|[http://kafka-3:8000/burrow/admin](http://kafka-3:8000/burrow/admin)|
+|Burrow|[http://kafka-1:8000/burrow/admin](http://kafka-1:8000/burrow/admin)|
 
 
 # Monitoring
@@ -79,12 +79,14 @@ Gathered with Jmxtrans Agent from Kafka Brokers.
 
 ![Kafka Overview](doc/kafka_overview.png)
 
+![Filebeat Kafka](doc/filbeat_kafka.png)
+
 # Usage
 
 ## Zookeeper
 
 ```bash
-lucky:~ markus$ vagrant ssh kafka-1
+vagrant ssh kafka-1
 zkCli.sh -server kafka-1:2181/
 Connecting to kafka-1:2181/
 ...
@@ -103,12 +105,13 @@ WatchedEvent state:SyncConnected type:None path:null
 ### Topic Creation
 
 ```bash
-lucky:~ markus$ vagrant ssh kafka-1
+vagrant ssh kafka-1
 
 KAFKA_OPTS=-Djava.security.auth.login.config=/usr/local/kafka/config/zookeeper_jaas.conf kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --operation Create --cluster --allow-principal User:CN=kafka,OU=org,O=org,L=home,ST=Bavaria,C=DE
 KAFKA_OPTS=-Djava.security.auth.login.config=/usr/local/kafka/config/zookeeper_jaas.conf kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --operation Describe --cluster --allow-principal User:CN=kafka,OU=org,O=org,L=home,ST=Bavaria,C=DE
 
 KAFKA_OPTS=-Djava.security.auth.login.config=/usr/local/kafka/config/zookeeper_jaas.conf kafka-topics.sh --create --zookeeper kafka-1:2181 --replication-factor 1 --partitions 4 --topic sample
+
 ```
 
 ```bash
@@ -137,6 +140,7 @@ KAFKA_OPTS=-Djava.security.auth.login.config=/usr/local/kafka/config/zookeeper_j
 KAFKA_OPTS=-Djava.security.auth.login.config=/usr/local/kafka/config/zookeeper_jaas.conf kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --consumer --topic sample --allow-principal User:CN=kafka,OU=org,O=org,L=home,ST=Bavaria,C=DE  --group console --resource-pattern-type PREFIXED
 
 KAFKA_OPTS=-Djava.security.auth.login.config=/usr/local/kafka/config/zookeeper_jaas.conf kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --list
+
 ```
 
 ```bash
@@ -161,13 +165,15 @@ Current ACLs for resource `Topic:PREFIXED:sample`:
 
 ```bash
 kafka-console-producer.sh --broker-list kafka-1:9093,kafka-3:9093 --producer.config /vagrant/exchange/ssl-client/client-ssl.properties --topic sample
+
 Hey, is Kafka up and running?
 ```
 
 ### Consumer
 
 ```bash
 kafka-console-consumer.sh --bootstrap-server kafka-1:9093,kafka-3:9093 --consumer.config /vagrant/exchange/ssl-client/client-ssl.properties  --group console-1 --topic sample --from-beginning
+
 Hey, is Kafka up and running?
 ```
 

Vagrantfile

@@ -61,7 +61,7 @@ Vagrant.configure("2") do |config|
     config.vm.define "kafka-#{i}" do |kafka|
       kafka.vm.hostname = "kafka-#{i}"
       kafka.vm.provider "virtualbox" do |vb|
-        vb.memory = "2048"
+        vb.memory = "3072"
         vb.cpus = "1"
       end
       kafka.vm.network :private_network, ip: "192.168.10.#{3 + i}", auto_config: true

ansible/cluster.yml

@@ -1,14 +1,8 @@
-- hosts: all
-  remote_user: vagrant
-  order: inventory
-  serial: 100%
-  roles:
-  - java8
-
 - hosts: elk
   remote_user: vagrant
   serial: 100%
   roles:
+  - java8
   - elasticsearch
   - logstash
   - kibana
@@ -26,17 +20,20 @@
   remote_user: vagrant
   serial: 33%
   roles:
+    - java8
     - secure
     - zookeeper
 
 - hosts: kafka
   remote_user: vagrant
   serial: 33%
   roles:
+    - java8
     - kafka
     - diamond
+    - filebeat
 
-- hosts: kafka-3
+- hosts: kafka-1
   remote_user: vagrant
   serial: 100%
   roles:

ansible/roles/diamond/tasks/main.yml

@@ -1,22 +1,12 @@
 ---
-- name: install epel repo
-  become: yes
-  yum:
-    name: "{{ item }}"
-    update_cache: true
-    state: installed
-  with_items:
-    - http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
 
-- name: install python pip and devel
+- name: install 'python-pip', 'python-devel'
   become: yes
   yum:
     update_cache: yes
-    name: "{{ item }}"
+    name: ['python-pip', 'python-devel']
     state: installed
-  with_items:
-    - python-pip
-    - python-devel
+    enablerepo: "epel"
 
 - name: install diamond
   become: yes

ansible/roles/elasticsearch/defaults/main.yml

@@ -1,4 +1,4 @@
 ---
-file: elasticsearch-6.4.0.rpm
+file: elasticsearch-6.5.4.rpm
 url: https://artifacts.elastic.co/downloads/elasticsearch/{{ file }}
-checksum: md5:e8cd7bad24575f5b9f14e4277280bcdb
+checksum: md5:8c81044473b2e5851fbfcecde0019eba

ansible/roles/filebeat/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+file: filebeat-6.5.4-x86_64.rpm
+url: https://artifacts.elastic.co/downloads/beats/filebeat/{{ file }}
+checksum: md5:218a46260792e80704706dc903789150

ansible/roles/filebeat/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+- name: restart filebeat
+  become: yes
+  systemd:
+    enabled: yes
+    state: restarted
+    name: filebeat
+    daemon_reload: yes

ansible/roles/filebeat/tasks/main.yml

@@ -0,0 +1,52 @@
+---
+- name: download {{ url }}
+  get_url:
+    url: "{{ url }}"
+    dest: "{{ download }}/{{ file }}"
+    checksum: "{{ checksum }}"
+
+- name: install {{ download }}/{{ file }}
+  become: yes
+  yum:
+    name: "{{ download }}/{{ file }}"
+    state: present
+  notify: restart filebeat
+
+- name: copy filebeat.yml /etc/filebeat/filebeat.yml
+  become: yes
+  template:
+    src: templates/filebeat.yml.j2
+    dest: /etc/filebeat/filebeat.yml
+  notify: restart filebeat
+
+- name: create /etc/filebeat/configs
+  become: yes
+  become_method: sudo
+  file:
+    path: /etc/filebeat/configs
+    state: directory
+    mode: 0755
+
+- name: copy kafka configs to /etc/filebeat/modules.d/kafka.yml
+  become: yes
+  template:
+    src: templates/kafka.yml.j2
+    dest: /etc/filebeat/modules.d/kafka.yml
+  when: inventory_hostname in groups['kafka']
+  notify: restart filebeat
+
+- meta: flush_handlers
+
+- name: filebeat enable kafka module
+  become: yes
+  command: filebeat modules enable kafka
+
+- name: setup filebeat elasticsearch template
+  become: yes
+  command: filebeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["{{ groups['elk'][0] }}:9200"]'
+  run_once: true
+
+- name: setup filebeat dashboards
+  become: yes
+  command: filebeat setup --dashboards -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["{{ groups['elk'][0] }}:9200"]' -E 'setup.kibana.host={{ groups['elk'][0] }}:5601'
+  run_once: true

ansible/roles/filebeat/templates/filebeat.yml.j2

@@ -0,0 +1,139 @@
+###################### Filebeat Configuration Example #########################
+
+# This file is an example configuration file highlighting only the most common
+# options. The filebeat.reference.yml file from the same directory contains all the
+# supported options with more comments. You can use it as a reference.
+#
+# You can find the full configuration reference here:
+# https://www.elastic.co/guide/en/beats/filebeat/index.html
+
+# For more available modules and options, please see the filebeat.reference.yml sample
+# configuration file.
+
+#=========================== Filebeat inputs =============================
+
+filebeat.config.inputs:
+  enabled: true
+  path: ${path.config}/configs/*.yml
+
+#============================= Filebeat modules ===============================
+
+filebeat.config.modules:
+  path: ${path.config}/modules.d/*.yml
+  reload.enabled: false
+  #reload.period: 10s
+
+#==================== Elasticsearch template setting ==========================
+
+setup.template.settings:
+  index.number_of_shards: 3
+  #index.codec: best_compression
+  #_source.enabled: false
+
+#================================ General =====================================
+
+# The name of the shipper that publishes the network data. It can be used to group
+# all the transactions sent by a single shipper in the web interface.
+#name:
+
+# The tags of the shipper are included in their own field with each
+# transaction published.
+#tags: ["service-X", "web-tier"]
+
+# Optional fields that you can specify to add additional information to the
+# output.
+#fields:
+#  env: staging
+
+
+#============================== Dashboards =====================================
+# These settings control loading the sample dashboards to the Kibana index. Loading
+# the dashboards is disabled by default and can be enabled either by setting the
+# options here, or by using the `-setup` CLI flag or the `setup` command.
+#setup.dashboards.enabled: false
+
+# The URL from where to download the dashboards archive. By default this URL
+# has a value which is computed based on the Beat name and version. For released
+# versions, this URL points to the dashboard archive on the artifacts.elastic.co
+# website.
+#setup.dashboards.url:
+
+#============================== Kibana =====================================
+
+# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
+# This requires a Kibana endpoint configuration.
+setup.kibana:
+
+  # Kibana Host
+  # Scheme and port can be left out and will be set to the default (http and 5601)
+  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
+  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
+  host: "{{ groups['elk'][0] }}:5601"
+
+#============================= Elastic Cloud ==================================
+
+# These settings simplify using filebeat with the Elastic Cloud (https://cloud.elastic.co/).
+
+# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
+# `setup.kibana.host` options.
+# You can find the `cloud.id` in the Elastic Cloud web UI.
+#cloud.id:
+
+# The cloud.auth setting overwrites the `output.elasticsearch.username` and
+# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
+#cloud.auth:
+
+#================================ Outputs =====================================
+
+# Configure what output to use when sending the data collected by the beat.
+
+#-------------------------- Elasticsearch output ------------------------------
+output.elasticsearch:
+  # Array of hosts to connect to.
+  hosts: ["{{ groups['elk'][0] }}:9200"]
+
+  # Optional protocol and basic auth credentials.
+  #protocol: "https"
+  #username: "elastic"
+  #password: "changeme"
+
+#----------------------------- Logstash output --------------------------------
+#output.logstash:
+  # The Logstash hosts
+#  hosts: ["{{ groups['elk'][0] }}:5044"]
+
+  # Optional SSL. By default is off.
+  # List of root certificates for HTTPS server verifications
+  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
+
+  # Certificate for SSL client authentication
+  #ssl.certificate: "/etc/pki/client/cert.pem"
+
+  # Client Certificate Key
+  #ssl.key: "/etc/pki/client/cert.key"
+
+#================================ Logging =====================================
+
+# Sets log level. The default log level is info.
+# Available log levels are: error, warning, info, debug
+#logging.level: trace
+
+# At debug level, you can selectively enable logging only for some components.
+# To enable all selectors use ["*"]. Examples of other selectors are "beat",
+# "publish", "service".
+#logging.selectors: ["*"]
+
+#============================== Xpack Monitoring ===============================
+# filebeat can export internal metrics to a central Elasticsearch monitoring
+# cluster.  This requires xpack monitoring to be enabled in Elasticsearch.  The
+# reporting is disabled by default.
+
+# Set to true to enable the monitoring reporter.
+#xpack.monitoring.enabled: false
+
+# Uncomment to send the metrics to Elasticsearch. Most settings from the
+# Elasticsearch output are accepted here as well. Any setting that is not set is
+# automatically inherited from the Elasticsearch output configuration, so if you
+# have the Elasticsearch output configured, you can simply uncomment the
+# following line.
+#xpack.monitoring.elasticsearch: