Commit 7c682f65 authored by hadret's avatar hadret

feat: initial commit.

parents
MIT License
Copyright (c) 2019 Filip Chabik
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
# Ansible Role: Rsyslog
This is a internal role for deploying `rsyslog` configuration for both server
and client. Server need to be part of a `syslog-servers` host group in order for
it to receive proper configuration. All of the other servers are treated as
clients. Some of them **can** have tailored configuration, it is however handled
by the template of the client configuration file.
## Requirements
None.
## Role variables
Here are available variables with their default values (as in
[defaults/main.yml](defaults/main.yml)):
## Dependencies
None.
## Example playbook
```
hosts: all
roles:
- hadret.rsyslog
```
## License
MIT.
## Authors
This role was somewhat assembled in 2019 by [Filip Chabik](https://chabik.com).
---
# Use the official rsyslog PPA for Ubuntu (v8-devel/v8-stable)
rsyslog_ppa_use: true
rsyslog_ppa_version: v8-stable
rsyslog_service_state: started
rsyslog_service_enabled: true
rsyslog_action_file_default_template: "RSYSLOG_TraditionalFileFormat"
rsyslog_repeated_msg_reduction: 'off'
rsyslog_conf_template: "rsyslog.conf.j2"
rsyslog_rules_template: "rules.conf.j2"
# Example extra config for the main rsyslog config file
# rsyslog_extra_conf_options: |
# $ModLoad imudp
# $UDPServerRun 514
# Preconfigured default rsyslog rules
rsyslog_rule_default: # /etc/rsyslog.d/50-default.conf
rule_name: "default"
priority: 50
template: "default.conf.j2"
# rsyslog_rule_docker: # /etc/rsyslog.d/20-docker.conf
# rule_name: "docker"
# priority: 20
# template: "docker.conf.j2"
# rsyslog_rule_docker_path: /var/log/docker
# rsyslog_rule_docker_template: "DockerLogFileName"
# rsyslog_rule_docker_tag_all: true
# rsyslog_rule_remote:
# rule_name: "remote"
# role: server # server/client
# priority: 99
# template: "remote.conf.j2"
# ruleset_name: "{{ rsyslog_rule_remote_protocol|default('udp') }}"
# rsyslog_rule_remote_protocol: relp # udp/tcp/relp
# rsyslog_rule_remote_path: /var/log/remote
# rsyslog_rule_remote_relp_pkg: rsyslog-relp
# rsyslog_rule_remote_relp:
# port: 514
# tls: true
# tls_cacert: "/tls-certs/ca.pem"
# tls_mycert: "/tls-certs/cert.pem"
# tls_myprivkey: "/tls-certs/key.pem"
# tls_authmode: "certvalid"
# rsyslog_rules:
# - rule_name: "remote-relp" # name of the rule
# priority: 99 # order of the rules may be important
# ruleset: |
# module(load="omrelp")
# action(type="omrelp")
# # Properties that are only added if defined:
# filename: "99-remote-relp.conf" # default: "$priority-$rule_name.conf"
# template: "" # override the `rsyslog_template` per ruleset
# state: "absent" # remove the ruleset configuration
/var/log/remote/*/*.log
{
rotate 7
daily
missingok
notifempty
compress
compresscmd /usr/bin/pixz
uncompresscmd /usr/bin/pixz
compressext .xz
delaycompress
postrotate
invoke-rc.d rsyslog rotate >/dev/null
endscript
}
/var/log/remote/*/platform/*.log
{
rotate 13
daily
missingok
notifempty
compress
compresscmd /usr/bin/pixz
uncompresscmd /usr/bin/pixz
compressext .xz
delaycompress
sharedscripts
postrotate
invoke-rc.d rsyslog rotate >/dev/null
endscript
}
---
- name: restart rsyslog
service: name=rsyslog state=restarted
---
- name: ensure rsyslog_rule_docker_path exists
file:
path: "{{ rsyslog_rule_docker_path|default('/var/log/docker') }}"
owner: "{{ rsyslog_user }}"
group: "{{ rsyslog_group }}"
mode: 0755
state: directory
when: rsyslog_rule_docker is defined
- name: ensure rsyslog_rule_remote_path exists
file:
path: "{{ rsyslog_rule_remote_path|default('/var/log/remote') }}"
owner: "{{ rsyslog_user }}"
group: "{{ rsyslog_group }}"
mode: 0755
state: directory
when:
- rsyslog_rule_remote is defined
- rsyslog_rule_remote.role == "server"
---
- name: include OS-specific variables
include_vars: "{{ ansible_os_family }}.yml"
- name: define rsyslog_user
set_fact:
rsyslog_user: "{{ __rsyslog_user }}"
when: rsyslog_user is not defined
- name: define rsyslog_group
set_fact:
rsyslog_group: "{{ __rsyslog_group }}"
when: rsyslog_group is not defined
- name: define rsyslog_file_create_mode
set_fact:
rsyslog_file_create_mode: "{{ __rsyslog_file_create_mode }}"
when: rsyslog_file_create_mode is not defined
- name: define rsyslog_dir_create_mode
set_fact:
rsyslog_dir_create_mode: "{{ __rsyslog_dir_create_mode }}"
when: rsyslog_dir_create_mode is not defined
- name: define rsyslog_umask
set_fact:
rsyslog_umask: "{{ __rsyslog_umask }}"
when: rsyslog_umask is not defined
- include_tasks: setup-Ubuntu.yml
when: ansible_distribution == 'Ubuntu'
# rules configuration
- import_tasks: rules.yml
# extras configuration
- include_tasks: extras.yml
when: (rsyslog_rule_remote is defined) or
(rsyslog_rule_docker is defined)
# rsyslog setup
- name: copy main rsyslog config file
template:
src: "{{ rsyslog_conf_template }}"
dest: "{{ rsyslog_conf_file_path }}"
owner: root
group: "{{ root_group }}"
mode: 0644
validate: /usr/sbin/rsyslogd -N1 -f %s
notify:
- restart rsyslog
- name: ensure rsyslog is up and enabled on boot
service:
name: rsyslog
state: "{{ rsyslog_service_state }}"
enabled: "{{ rsyslog_service_enabled }}"
---
- name: ensure rsyslog_conf_path exists
file:
path: "{{ rsyslog_conf_path }}"
state: directory
- name: add managed rsyslog rules
template:
src: "{{ item.template|default(rsyslog_rules_template) }}"
dest: "{{ rsyslog_conf_path }}/{{ item.filename|default(item.priority ~ '-' ~ item.rule_name ~ '.conf') }}"
force: true
owner: root
group: "{{ root_group }}"
mode: 0644
when: item.state|default('present') != 'absent'
with_items:
- "{{ rsyslog_rule_default|default([]) }}"
- "{{ rsyslog_rule_docker|default([]) }}"
- "{{ rsyslog_rule_remote|default([]) }}"
- "{{ rsyslog_rules|default([]) }}"
notify: restart rsyslog
tags: ['skip_ansible_lint']
- name: remove managed rsyslog rules
file:
path: "{{ rsyslog_conf_path }}/{{ item.filename|default(item.priority ~ '-' ~ item.rule_name ~ '.conf') }}"
state: absent
when: item.state|default('present') == 'absent'
with_items:
- "{{ rsyslog_rule_default|default([]) }}"
- "{{ rsyslog_rule_docker|default([]) }}"
- "{{ rsyslog_rule_remote|default([]) }}"
- "{{ rsyslog_rules|default([]) }}"
notify: restart rsyslog
tags: ['skip_ansible_lint']
---
- name: add official PPA for rsyslog
apt_repository:
repo: 'ppa:adiscon/{{ rsyslog_ppa_version }}'
state: present
update_cache: true
register: rsyslog_ppa_added
when: rsyslog_ppa_use | bool
- name: upgrade rsyslog to version from PPA
apt:
name: rsyslog
state: latest
when: rsyslog_ppa_added.changed
tags: ['skip_ansible_lint']
- name: ensure rsyslog-relp is installed
apt:
name: "{{ rsyslog_rule_remote_relp_pkg|default('rsyslog-relp') }}"
state: present
when:
- rsyslog_rule_remote_protocol is defined
- rsyslog_rule_remote_protocol == "relp"
# {{ ansible_managed }}
# Default rules for rsyslog.
#
# For more information see rsyslog.conf(5) and {{ rsyslog_conf_file_path }}
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none /var/log/syslog
syslog.* /var/log/rsyslog.log #rsyslog error messages
#cron.* /var/log/cron.log
#daemon.* /var/log/daemon.log
kern.* /var/log/kern.log
#lpr.* /var/log/lpr.log
mail.* /var/log/mail.log
#user.* /var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
#mail.info /var/log/mail.info
#mail.warn /var/log/mail.warn
mail.err /var/log/mail.err
#
# Logging for INN news system.
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice /var/log/news/news.notice
#
# Some "catch-all" log files.
#
#*.=debug;\
# auth,authpriv.none;\
# news.none;mail.none /var/log/debug
#*.=info;*.=notice;*.=warn;\
# auth,authpriv.none;\
# cron,daemon.none;\
# mail,news.none /var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg :omusrmsg:*
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
#
# As this functionality is almost never needed, it is commented out. If you
# need it, be sure to remove the comment characters below.
#daemon.*;mail.*;\
# news.err;\
# *.=debug;*.=info;\
# *.=notice;*.=warn |/dev/xconsole
# {{ ansible_managed }}
template(name="{{ rsyslog_rule_docker_template|default('DockerLogFileName') }}" type="list") {
constant(value="{{ rsyslog_rule_docker_path|default('/var/log/docker') }}/")
property(name="syslogtag" securepath="replace" \
regex.expression="docker/\\(.*\\)\\[" regex.submatch="1")
constant(value=".log")
}
{% if rsyslog_rule_docker_tag_all is defined -%}
if $programname == 'docker' then {{ rsyslog_rule_docker_path|default('/var/log/docker') }}/all.log
{% endif -%}
if $programname == 'docker' then \
if $syslogtag contains 'docker/' then \
?{{ rsyslog_rule_docker_template|default('DockerLogFileName') }}
else
{{ rsyslog_rule_docker_path|default('/var/log/docker') }}/no_tag.log
& stop
# {{ ansible_managed }}
{% if rsyslog_rule_remote.role == "server" %}
{% if rsyslog_rule_remote_protocol == "relp" %}
module(load="imrelp" ruleset="{%- if rsyslog_rule_remote.ruleset_name is defined %}{{ rsyslog_rule_remote.ruleset_name }}{% endif -%}")
input(type="imrelp"
{%- if rsyslog_rule_remote_relp.port is defined %} port="{{ rsyslog_rule_remote_relp.port }}"{% endif -%}
{%- if rsyslog_rule_remote_relp.tls is defined %} tls="on"
{%- if rsyslog_rule_remote_relp.tls_cacert is defined %} tls_cacert="{{ rsyslog_rule_remote_relp.tls_cacert }}"{% endif -%}
{%- if rsyslog_rule_remote_relp.tls_mycert is defined %} tls_mycert="{{ rsyslog_rule_remote_relp.tls_mycert }}"{% endif -%}
{%- if rsyslog_rule_remote_relp.tls_myprivkey is defined %} tls_myprivkey="{{ rsyslog_rule_remote_relp.tls_myprivkey }}"{% endif -%}
{%- if rsyslog_rule_remote_relp.tls_authmode is defined %} tls_authmode="{{ rsyslog_rule_remote_relp.tls_authmode }}"{% endif -%}
{% endif -%})
{% endif %}
template(name="TmplAuthpriv" type="string"
string="{{ rsyslog_rule_remote_path|default('/var/log/remote') }}/%HOSTNAME%/auth.log"
)
template(name="TmplSyslog" type="string"
string="{{ rsyslog_rule_remote_path|default('/var/log/remote') }}/%HOSTNAME%/syslog.log"
)
template(name="TmplRsyslog" type="string"
string="{{ rsyslog_rule_remote_path|default('/var/log/remote') }}/%HOSTNAME%/rsyslog.log"
)
template(name="TmplKern" type="string"
string="{{ rsyslog_rule_remote_path|default('/var/log/remote') }}/%HOSTNAME%/kern.log"
)
template(name="TmplMail" type="string"
string="{{ rsyslog_rule_remote_path|default('/var/log/remote') }}/%HOSTNAME%/mail.log"
)
ruleset(name="{%- if rsyslog_rule_remote.ruleset_name is defined %}{{ rsyslog_rule_remote.ruleset_name }}{% endif -%}") {
auth,authpriv.* action(type="omfile" DynaFile="TmplAuthpriv")
*.*;auth,authpriv.none action(type="omfile" DynaFile="TmplSyslog")
syslog.* action(type="omfile" DynaFile="TmplRsyslog")
kern.* action(type="omfile" DynaFile="TmplKern")
mail.* action(type="omfile" DynaFile="TmplMail")
}
{% endif %}
# {{ ansible_managed }}
# {{ rsyslog_conf_file_path }} Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in {{ rsyslog_conf_path }}/50-default.conf
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate {{ rsyslog_action_file_default_template }}
# Filter duplicated messages
$RepeatedMsgReduction {{ rsyslog_repeated_msg_reduction }}
#
# Set the default permissions for all log files.
#
$FileOwner {{ rsyslog_user }}
$FileGroup {{ rsyslog_group }}
$FileCreateMode {{ rsyslog_file_create_mode }}
$DirCreateMode {{ rsyslog_dir_create_mode }}
$Umask {{ rsyslog_umask }}
$PrivDropToUser {{ rsyslog_user }}
$PrivDropToGroup {{ rsyslog_user }}
#
# Where to place spool files
#
$WorkDirectory {{ rsyslog_spool_path }}
{% if rsyslog_extra_conf_options is defined -%}
#
# Extra configuration for rsyslog
#
{{ rsyslog_extra_conf_options }}
{% endif -%}
#
# Include all config files in {{ rsyslog_conf_path }}/
#
$IncludeConfig {{ rsyslog_conf_path }}/*.conf
# {{ ansible_managed }}
{% if item.ruleset is defined %}
{{ item.ruleset }}
{% endif %}
---
root_group: root
rsyslog_conf_path: /etc/rsyslog.d
rsyslog_conf_file_path: /etc/rsyslog.conf
rsyslog_spool_path: /var/spool/rsyslog
__rsyslog_user: "syslog"
__rsyslog_group: "adm"
__rsyslog_file_create_mode: "0640"
__rsyslog_dir_create_mode: "0755"
__rsyslog_umask: "0022"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment