Update to 2025-07-04 09:00

roles/vector/defaults/main.yml

@@ -0,0 +1,52 @@
+---
+
+vector_base_conf:
+  data_dir: /var/lib/vector
+  wildcard_matching: relaxed
+  sources:
+    in_logs_journald:
+      type: journald
+
+  transforms:
+    route_journald:
+      type: route
+      inputs: ["in_logs_journald"]
+      route:
+        dummy: exists(.dummy) && .dummy == "true"
+        iptables: exists(._TRANSPORT) && ._TRANSPORT == "kernel" && starts_with(string!(.message), "Firewall:")
+
+    parse_journald_dummy:
+      type: remap
+      inputs: ["route_journald.dummy"]
+      source: |
+        # Nothing to do
+
+    parse_journald_iptables:
+      type: remap
+      inputs: ["route_journald.iptables"]
+      source: |
+        msg = string!(.message)
+        msg = replace(msg, "Firewall: ", "")
+        .iptables = parse_key_value!(msg, whitespace:"strict")
+
+    format_logs_journald:
+      type: remap
+      inputs: ["route_journald._unmatched", "parse_journald_*"]
+      source: |
+        .group = "system"
+
+    format_logs_out:
+      type: remap
+      inputs: ['format_logs_*', 'route_*._unmatched']
+      source: |
+        # Nothing to do
+
+  sinks:
+    sink_blackhole:
+      type: blackhole
+      inputs:
+        - format_logs_out
+
+vector_extra_conf: {}
+vector_host_conf: {}
+vector_conf: "{{ vector_base_conf | combine(vector_extra_conf, recursive=true) | combine(vector_host_conf, recursive=true)}}"

roles/vector/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: reload vector
+  service: name=vector state=reloaded
+
+- name: restart vector
+  service: name=vector state=restarted

roles/vector/meta/main.yml

@@ -0,0 +1,5 @@
+---
+
+dependencies:
+  - role: mkdir
+  - role: repo_vector

roles/vector/tasks/conf.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Deploy config
+  template: src=vector.yml dest=/etc/vector/vector.yaml owner=root group=root mode=0600
+  notify: reload vector
+  tags: log,vector
+
+- name: Remove dummy conf if present
+  file: path=/etc/vector/conf.d/_dummy.yml state=absent
+  tags: log,vector

roles/vector/tasks/facts.yml

@@ -0,0 +1 @@
+---

roles/vector/tasks/install.yml

@@ -0,0 +1,16 @@
+---
+
+- name: Install vector
+  package: name=vector
+  tags: log,vector
+
+- name: Deploy custom systemd unit
+  template: src=vector.service.j2 dest=/etc/systemd/system/vector.service
+  register: vector_unit
+  notify: restart vector
+  tags: log,vector
+
+- name: Reload systemd
+  systemd: daemon_reload=true
+  when: vector_unit.changed
+  tags: log,vector

roles/vector/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+

roles/vector/tasks/services.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Start and enable vector
+  service: name=vector state=started enabled=true
+  tags: log,vector

roles/vector/templates/vector.service.j2

@@ -0,0 +1,21 @@
+[Unit]
+Description=Vector
+Documentation=https://vector.dev
+After=network-online.target
+Requires=network-online.target
+
+[Service]
+ExecStartPre=/usr/bin/vector --config /etc/vector/vector.yaml --config-dir /etc/vector/conf.d validate
+ExecStart=/usr/bin/vector --config /etc/vector/vector.yaml --config-dir /etc/vector/conf.d --watch-config
+ExecReload=/usr/bin/vector --config /etc/vector/vector.yaml --config-dir /etc/vector/conf.d validate --no-environment
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+EnvironmentFile=-/etc/default/vector
+# Since systemd 229, should be in [Unit] but in order to support systemd <229,
+# it is also supported to have it here.
+StartLimitInterval=10
+StartLimitBurst=5
+
+[Install]
+WantedBy=multi-user.target

roles/vector/templates/vector.yml

@@ -0,0 +1,2 @@
+---
+{{ vector_conf | to_nice_yaml(indent=2) }}