Add rsyslog_common role

roles/rsyslog_common/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+rsyslog_outputs: []
+...

roles/rsyslog_common/handlers/main.yml

@@ -0,0 +1,13 @@
+---
+- name: Restart rsyslog
+  become: yes
+  systemd:
+    name: rsyslog.service
+    state: restarted
+
+- name: Restart systemd-journald
+  become: yes
+  systemd:
+    name: systemd-journald.service
+    state: restarted
+...

roles/rsyslog_common/tasks/main.yml

@@ -0,0 +1,57 @@
+---
+- name: Install rsyslog
+  become: true
+  apt:
+    name: rsyslog
+    state: latest
+
+- name: Install rsyslog modules if needed
+  become: true
+  apt:
+    name: "{{ item.pkg }}"
+    state: latest
+  when: "rsyslog_outputs | selectattr('proto', 'eq', item.proto) | list"
+  loop:
+    - proto: relp
+      pkg: rsyslog-relp
+    - proto: redis
+      pkg: rsyslog-hiredis
+
+- name: Deploy main rsyslog configuration
+  become: true
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  loop:
+    - src: rsyslog.conf.j2
+      dest: /etc/rsyslog.conf
+    - src: 99-common.conf.j2
+      dest: /etc/rsyslog.d/99-common.conf
+  notify: Restart rsyslog
+
+- name: Create journald.conf.d directory
+  become: true
+  file:
+    path: /etc/systemd/journald.conf.d
+    state: directory
+
+- name: Deploy journald configuration
+  become: true
+  template:
+    src: forward-syslog.conf.j2
+    dest: /etc/systemd/journald.conf.d/forward-syslog.conf
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  notify: Restart systemd-journald
+
+- name: Enable rsyslog service
+  become: true
+  systemd:
+    name: rsyslog.service
+    state: started
+    enabled: true
+...

roles/rsyslog_common/templates/99-common.conf.j2

@@ -0,0 +1,108 @@
+{{ ansible_managed | comment }}
+
+{%
+    set output_modules = {
+        "relp": "omrelp",
+        "udp": "omfwd",
+        "redis": "omhiredis",
+    }
+%}
+
+global(
+    workDirectory="/var/spool/rsyslog"
+    preserveFQDN="on"
+)
+
+# Collect logs via /dev/log
+module(load="imuxsock")
+
+# Collect kernel logs
+module(load="imklog")
+
+# Collect systemd-journald logs
+module(load="imjournal")
+
+# Parse CEE logs
+module(load="mmjsonparse")
+
+# Load export modules
+{%
+    for module in rsyslog_outputs
+        | map(attribute="proto")
+        | map("extract", output_modules)
+        | list
+        | unique
+%}
+module(load="{{ module }}")
+{% endfor %}
+
+# FIXME: Attention, il faut voir si rsyslog arrive bien à créer
+# les fichiers de plusieurs jours (le 1er est peut-être crée avant
+# de dropper les privilèges, mais les suivants je pense pas).
+module(
+    load="builtin:omfile"
+    # Format avec dates précises
+    template="RSYSLOG_FileFormat"
+    fileOwner="root"
+    fileGroup="adm"
+    fileCreateMode="0640"
+    dirCreateMode="0755"
+)
+
+template(name="templateJson" type="list" option.jsonf="on") {
+    property(outname="hostname_reported" name="hostname" format="jsonf")
+    property(outname="src" name="fromhost-ip" format="jsonf")
+    property(outname="facility" name="syslogfacility-text" format="jsonf")
+    property(outname="program" name="programname" format="jsonf")
+    property(outname="pid" name="procid" format="jsonf")
+    property(outname="time_reported" name="timereported" format="jsonf"
+        dateformat="rfc3339")
+    property(outname="time_generated" name="timegenerated" format="jsonf"
+        dateformat="rfc3339")
+    property(outname="message" name="msg" format="jsonf")
+}
+
+ruleset(name="sendLogsToDisk") {
+    auth,authpriv.* action(type="omfile" file="/var/log/auth.log")
+    mail.* action(type="omfile" file="/var/log/mail.log" sync="off")
+    kern.* action(type="omfile" file="/var/log/kern.log")
+    *.*;auth,authpriv.none action(type="omfile" file="/var/log/syslog.log"
+        sync="off")
+}
+
+# Send logs to remote collector(s)
+ruleset(name="sendLogsToRemote") {
+{% for output in rsyslog_outputs %}
+    action(
+        type="{{ output_modules[output.proto] }}"
+
+{% if output_modules[output.proto] == "omfwd" %}
+        protocol="{{ output.proto }}"
+        target="{{ output.address }}"
+        port="{{ output.port }}"
+{% elif output_modules[output.proto] == "omhiredis" %}
+        server="{{ output.address }}"
+        serverport="{{ output.port }}"
+        mode="publish"
+        key="{{ output.key }}"
+        template="templateJson"
+{% if output.password is defined %}
+        serverpassword="{{ output.password }}"
+{% endif %}
+{% elif output_modules[output.proto] == "omrelp" %}
+        target="{{ output.address }}"
+        port="{{ output.port }}"
+{% endif %}
+
+{% if loop.index > 1 and output.fallback %}
+        action.execOnlyWhenPreviousIsSuspended="on"
+{% endif %}
+    )
+{% endfor %}
+}
+
+# Send local logs to files (useful for debugging or if the collector is down)
+call sendLogsToDisk
+
+# Send local logs to the remote collector
+call sendLogsToRemote

roles/rsyslog_common/templates/forward-syslog.conf.j2

@@ -0,0 +1,6 @@
+{{ ansible_managed | comment }}
+
+[Journal]
+# journald logs are already retrieved by rsyslog using imjournal
+ForwardToSyslog=no
+MaxLevelSyslog=debug

roles/rsyslog_common/templates/rsyslog.conf.j2

@@ -0,0 +1,3 @@
+{{ ansible_managed | comment }}
+
+include(file="/etc/rsyslog.d/*.conf")