geerlingguy-filebeat role defaults the filebeats certificate_authorities property to ${filebeat_ssl_certs_dir} if the ${filebeat_ssl_ca_file} property is not provided to ansible.
This results in a startup failure on both the logs and web servers.
2024-03-25T03:18:08.764Z INFO instance/beat.go:292 Setup Beat: filebeat; Version: 7.17.18
2024-03-25T03:18:08.764Z WARN [cfgwarn] tlscommon/config.go:100 DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0
2024-03-25T03:18:08.764Z ERROR [tls] tlscommon/tls.go:162 Failed reading CA certificate: read /etc/pki/logstash/: is a directory
2024-03-25T03:18:08.765Z INFO instance/beat.go:426 filebeat stopped.
2024-03-25T03:18:08.765Z ERROR instance/beat.go:1027 Exiting: error initializing publisher: 1 error: read /etc/pki/logstash/: is a directory reading /etc/pki/logstash/
Exiting: error initializing publisher: 1 error: read /etc/pki/logstash/: is a directory reading /etc/pki/logstash/
Suggested fix is to add the filebeat_ssl_ca_file property to the vars files for both web and elk.
geerlingguy-filebeat role defaults the filebeats
certificate_authoritiesproperty to${filebeat_ssl_certs_dir}if the${filebeat_ssl_ca_file}property is not provided to ansible.https://github.com/geerlingguy/ansible-role-filebeat/blob/master/templates/filebeat.yml.j2#L67
This results in a startup failure on both the logs and web servers.
Suggested fix is to add the
filebeat_ssl_ca_fileproperty to the vars files for both web and elk.