Chef recipe for configuring logstash-forwarder on Windows using nssm

2015/11/05

You’ll need to use some third-party tool to properly configure logstash-forwarder as a service on Windows. We decided to use nssm , although the name is not quite the most professional one. There is a nssm Chef cookbook, so this simplified things.
Please let me know if you succeed in simply running the program as a windows service, cause by using sc in PowerShell script embedded in Chef it was just not enough.

Below is the recipe for configuring logstash-forwarder inside a Chef recipe:

install_path = “d:/your_install_path_here”

powershell_script “Stop logstash-forwarder service” do
  code <<-EOH
    Stop-Service logstash-forwarder
  EOH
  only_if “((Get-Service logstash-forwarder) -ne $null) -and ((Get-Service logstash-forwarder).Status -ne ‘Stopped’)”
end

include_recipe ‘nssm’

username = “your_username”
password = “your_password”
domain = “your_domain”

directory install_path do
  recursive true
  action :create
end

remote_file “#{install_path}/logstash-forwarder_windows_386.exe” do
  source ‘ https://download.elastic.co/logstash-forwarder/binaries/logstash-forwarder_windows_386.exe
  atomic_update false
  action :create_if_missing
end

template “#{install_path}/logstash.crt” do
  source ‘logstash.crt.erb’ # certificate file used by logstash server
  atomic_update false
end

template “#{install_path}/logstash-forwarder.conf” do
  source ‘logstash-forwarder.conf.erb’
  atomic_update false
  variables({
    :logstash_cert_path => install_path,
    :logstash_logpath_watch => “the_path_you_want_to_watch”
  })
end

nssm ‘logstash-forwarder’ do
  program “#{install_path}/logstash-forwarder_windows_386.exe”
  args “-config #{install_path}/logstash-forwarder.conf”
  params(
    ObjectName: “#{username}@#{domain} #{password}”
  )
  action :install
end

windows_service “logstash-forwarder” do
  action [:enable, :start]
end

A simplified version of the logstash-forwarder.conf.erb file would look like below:

{
    “network”: {
      “servers”: [ “url.for.logstash.server:5000” ],
      “timeout”: 15,
      “ssl ca”: “<%= @logstash_cert_path %>/logstash.crt”
    },
    “files”: [
      {
        “paths”: [
          “<%= @logstash_logpath_watch %>”
        ]
      }
    ]
}

Of course, don’t forget to specify the usage of the nssm cookbook, inside the metadata.rb file:

depends ‘nssm’

One thing to note though: even with the windows_service resource set with action start, the Windows service for logstash-forwarder starts only on the second converge.
This might be due to the fact that we do a domain join of the VM where the cookbook is executed, and a restart is needed.

Note 1: Credits go to StackOverflow, IT blogs and alike, sites that helped me with the code when searching for solutions.
Note 2: Be aware that when copy-pasting, the quotes and possibly other characters get messed up by WordPress, you’ll have to replace them.

Advertisements

%d bloggers like this: