Deploy NXLog Agent with Ansible

Only control machines can run Ansible, which must be running a UNIX-like operating system, but Windows hosts that have the Windows Subsystem for Linux (WSL) installed are also supported. Managed nodes are agentless. However, both control machines and managed nodes require Python. For further details, see the Ansible Installation Guide.

Execute the commands below to install and configure NXLog Agent on Ubuntu and Windows:

Create the directory structure

$ mkdir -p ansible/config
$ cd ansible
$ touch playbook.yml inventory config/managed.conf

Log in to your NXLog account. Click on Your Account > Downloads, and from the Version drop-down menu select NXLog Agent v6, then download the files:
- nxlog-6.3.9431_ubuntu20_amd64.tar.bz2 for Ubuntu.
- nxlog-6.3.9431_windows_x64.msi for Windows.
  
  Copy both files to the ansible directory you created in the previous step. Ansible will upload and install it during playbook execution.
Compose the inventory file located in the config directory.
Example 1. inventory
The inventory file allows us to define categories or groups of servers. In this example, a single category, nxlog_servers, is used for both binaries.
[nxlog_servers] ubuntu ansible_host=192.168.1.10 windows ansible_host=192.168.1.11

Create the NXLog Agent configuration.

Example 2. NXLog Agent Ansible basic configuration example.

This configuration example will set up NXLog Agent with a basic connection to NXLog Platform. The basic configuration can be downloaded by navigating to Agents > Agents in NXLog Platform and clicking on Add new Agent. The downloaded config will include the correct <YOUR COMPANY ADDRESS> define.

managed.conf

define HOST <YOUR COMPANY ADDRESS>:5514
LogLevel              INFO
LogFile               %MYLOGFILE%
<Extension admin>
    Module            xm_admin
    Host              %HOST%
    SocketType        SSL
    AllowUntrusted    True
    RequireCert       False
    <ACL conf>
        Directory     %CONFDIR%
        AllowRead     TRUE
        AllowWrite    TRUE
    </ACL>
    <ACL cert>
        Directory     %CERTDIR%
        AllowRead     TRUE
        AllowWrite    TRUE
    </ACL>
</Extension>
</Route>

The Ansible playbook defines and configures the automation tasks. For more information on creating playbooks, see Ansible’s Intro to playbooks.

playbook.yaml

---
- hosts: nxlog_servers
  become: true
  become_user: root

  tasks:
    - name: Upload NXLog installer to remote Ubuntu server
      copy:
        src: nxlog-5.4.7313_ubuntu20_amd64.tar.bz2
        dest: /root/
        mode: '0755'
      when: "ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'focal'"

    - name: Install NXLog on Ubuntu Focal
      shell:
        cmd: |
          mkdir -p nxlog; tar -xvf nxlog-5.4.7313_ubuntu20_amd64.tar.bz2 -C nxlog;
          apt install -y ./nxlog/*.deb;
      when: "ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'focal'"

    - name: Copy the "managed.conf" configuration file to the NXLog config directory
      copy:
        src: config/managed.conf
        dest: /opt/nxlog/etc/nxlog.d/managed.conf
        owner: nxlog
        group: nxlog
        mode: '0755'
      when: "ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'focal'"

    - name: Restarting NXLog on Ubuntu Focal
      command: systemctl restart nxlog
      when: "ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'focal'"

#====================================================================================================#

    - name: Upload NXLog installer to remote Windows server
      copy:
        src: nxlog-5.4.7313_windows_x64.msi
        dest: C:\Users\administrator
        owner: nxlog
        group: nxlog
      when: ansible_distribution == 'Windows'

    - name: Install NXLog on Windows
      win_package:
        path: C:\Users\administrator\nxlog-5.4.7313_windows_x64.msi
        state: present
      when: ansible_distribution == 'Windows'

    - name: Copy new "managed.conf" file into the NXLog default config directory
      copy:
        src: config/managed.conf
        dest: C:\Program Files\nxlog\conf\nxlog.d\managed.conf
        owner: nxlog
        group: nxlog
        mode: '750'
      when: ansible_distribution == 'Windows'

    - name: Set nxlog service startup mode to auto and ensure it's started.
      win_service:
        name: nxlog
        state: restarted

Run the playbook.
$ ansible-playbook -i inventory -u root --ask-pass --ask-become-pass playbook.yml
According to the Setting up SSH keys section of the Ansible User Guide, "By default, Ansible assumes you are using SSH keys to connect to remote machines. SSH keys are encouraged …".

This example illustrates which ansible-playbook flags are required if the more secure SSH public key pair authentication method is not an option. The --ask-pass option enables the less secure SSH password authentication method.

The Become directives page explains that the --ask-become-pass flag (or -K for short) enables one to specify a password for sudo.