I’m starting to run playbooks automatically via a push server. Basically emulating what you can get with Puppet. As part of that, I’d like to send the output of my cronjob playbooks into my ELK stack. Which is hard to do when the default output is so unreadable.
Here’s effectively what I want to get: http://pastebin.com/eVVcLfKn
Basically, a log entry per task per host.
From what I’ve seen googling around, the way to do this is via a callback plugin. So I looked at https://github.com/ansible/ansible/blob/devel/plugins/callbacks/log_plays.py and got lost. My Python skills are very low, and apparently my general dev skills are currently not up to the task.
I tried modifying log_plays to just dump the data variable raw, but I keep running into errors…
Any tips?
Has anyone already solved this problem?
log_plays was designed to drop the json to syslog-ng which would then
push it to elastic search w/o need for logstash, probably easier to
just setup syslog-ng to do the same.
The default log_plays doesn’t actually output all the information I need.
I have lots of stuff going to syslog and then into ELK already, but in this case, I figured I’d just let logstash-forwarder watch the ansible log file. Then format the output so that logstash doesn’t have to filter it at all.
Currently, I figured out how to get valid json out per line. But I’m stuck figuring out how to get the task name, the role name, and the command line command information.
Are there global vars I can reference from the plugin? Where could I find a list of them?
With some work I have almost exactly what I want. See: http://pastebin.com/G819PEZY
Questions: The status of that restart apache 2 task should be “CHANGED”, since it actually did change during the play run. But it seems like the value for changed tasks is always “OK”. Is there a way to change that?
status will be OK in both cases, you need to look at changed : true/false
Ah, that makes sense. Thanks!
Hi David
This post is quite old, but can you share your experience with me, because I’m trying to build something like you have done.
I’me trying to build environment that is able to track security policies applied at server level, and than I cold create pretty reports from Elastic/Kibana, and use it for generating inventory items.
Thanks in advance.
Thanks
Dubravko
Hi,
Exactly I’ve been looking for, if it collects json results from ansible (will test it)
Thanks
Dubravko
Hi,
Using given callback I’m able to log events from ansible to logstash/elastic search. But can’t search ansible_result field because it represent field as string, for instance:
“{“changed”:“false”, “msg”:“some message”}”.
In ELK I’m trying to get format like this one
“ansible_result”:{
Any ideas how to resolve this issue?
Dubravko
Hi,
I’m author of the module, I can fix it. I will return with result…
Ievgen
Late to the game, but this is the best ranked answer so far: Is there a callback that logs directly to ElasticSearch without logstash?
