Add rsyslog_common role
This commit is contained in:
parent
89181c6cd6
commit
6263c31785
6 changed files with 190 additions and 0 deletions
3
roles/rsyslog_common/defaults/main.yml
Normal file
3
roles/rsyslog_common/defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
rsyslog_outputs: []
|
||||||
|
...
|
13
roles/rsyslog_common/handlers/main.yml
Normal file
13
roles/rsyslog_common/handlers/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
- name: Restart rsyslog
|
||||||
|
become: yes
|
||||||
|
systemd:
|
||||||
|
name: rsyslog.service
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Restart systemd-journald
|
||||||
|
become: yes
|
||||||
|
systemd:
|
||||||
|
name: systemd-journald.service
|
||||||
|
state: restarted
|
||||||
|
...
|
57
roles/rsyslog_common/tasks/main.yml
Normal file
57
roles/rsyslog_common/tasks/main.yml
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
---
|
||||||
|
- name: Install rsyslog
|
||||||
|
become: true
|
||||||
|
apt:
|
||||||
|
name: rsyslog
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: Install rsyslog modules if needed
|
||||||
|
become: true
|
||||||
|
apt:
|
||||||
|
name: "{{ item.pkg }}"
|
||||||
|
state: latest
|
||||||
|
when: "rsyslog_outputs | selectattr('proto', 'eq', item.proto) | list"
|
||||||
|
loop:
|
||||||
|
- proto: relp
|
||||||
|
pkg: rsyslog-relp
|
||||||
|
- proto: redis
|
||||||
|
pkg: rsyslog-hiredis
|
||||||
|
|
||||||
|
- name: Deploy main rsyslog configuration
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
loop:
|
||||||
|
- src: rsyslog.conf.j2
|
||||||
|
dest: /etc/rsyslog.conf
|
||||||
|
- src: 99-common.conf.j2
|
||||||
|
dest: /etc/rsyslog.d/99-common.conf
|
||||||
|
notify: Restart rsyslog
|
||||||
|
|
||||||
|
- name: Create journald.conf.d directory
|
||||||
|
become: true
|
||||||
|
file:
|
||||||
|
path: /etc/systemd/journald.conf.d
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Deploy journald configuration
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
src: forward-syslog.conf.j2
|
||||||
|
dest: /etc/systemd/journald.conf.d/forward-syslog.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
notify: Restart systemd-journald
|
||||||
|
|
||||||
|
- name: Enable rsyslog service
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: rsyslog.service
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
...
|
108
roles/rsyslog_common/templates/99-common.conf.j2
Normal file
108
roles/rsyslog_common/templates/99-common.conf.j2
Normal file
|
@ -0,0 +1,108 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{%
|
||||||
|
set output_modules = {
|
||||||
|
"relp": "omrelp",
|
||||||
|
"udp": "omfwd",
|
||||||
|
"redis": "omhiredis",
|
||||||
|
}
|
||||||
|
%}
|
||||||
|
|
||||||
|
global(
|
||||||
|
workDirectory="/var/spool/rsyslog"
|
||||||
|
preserveFQDN="on"
|
||||||
|
)
|
||||||
|
|
||||||
|
# Collect logs via /dev/log
|
||||||
|
module(load="imuxsock")
|
||||||
|
|
||||||
|
# Collect kernel logs
|
||||||
|
module(load="imklog")
|
||||||
|
|
||||||
|
# Collect systemd-journald logs
|
||||||
|
module(load="imjournal")
|
||||||
|
|
||||||
|
# Parse CEE logs
|
||||||
|
module(load="mmjsonparse")
|
||||||
|
|
||||||
|
# Load export modules
|
||||||
|
{%
|
||||||
|
for module in rsyslog_outputs
|
||||||
|
| map(attribute="proto")
|
||||||
|
| map("extract", output_modules)
|
||||||
|
| list
|
||||||
|
| unique
|
||||||
|
%}
|
||||||
|
module(load="{{ module }}")
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
# FIXME: Attention, il faut voir si rsyslog arrive bien à créer
|
||||||
|
# les fichiers de plusieurs jours (le 1er est peut-être crée avant
|
||||||
|
# de dropper les privilèges, mais les suivants je pense pas).
|
||||||
|
module(
|
||||||
|
load="builtin:omfile"
|
||||||
|
# Format avec dates précises
|
||||||
|
template="RSYSLOG_FileFormat"
|
||||||
|
fileOwner="root"
|
||||||
|
fileGroup="adm"
|
||||||
|
fileCreateMode="0640"
|
||||||
|
dirCreateMode="0755"
|
||||||
|
)
|
||||||
|
|
||||||
|
template(name="templateJson" type="list" option.jsonf="on") {
|
||||||
|
property(outname="hostname_reported" name="hostname" format="jsonf")
|
||||||
|
property(outname="src" name="fromhost-ip" format="jsonf")
|
||||||
|
property(outname="facility" name="syslogfacility-text" format="jsonf")
|
||||||
|
property(outname="program" name="programname" format="jsonf")
|
||||||
|
property(outname="pid" name="procid" format="jsonf")
|
||||||
|
property(outname="time_reported" name="timereported" format="jsonf"
|
||||||
|
dateformat="rfc3339")
|
||||||
|
property(outname="time_generated" name="timegenerated" format="jsonf"
|
||||||
|
dateformat="rfc3339")
|
||||||
|
property(outname="message" name="msg" format="jsonf")
|
||||||
|
}
|
||||||
|
|
||||||
|
ruleset(name="sendLogsToDisk") {
|
||||||
|
auth,authpriv.* action(type="omfile" file="/var/log/auth.log")
|
||||||
|
mail.* action(type="omfile" file="/var/log/mail.log" sync="off")
|
||||||
|
kern.* action(type="omfile" file="/var/log/kern.log")
|
||||||
|
*.*;auth,authpriv.none action(type="omfile" file="/var/log/syslog.log"
|
||||||
|
sync="off")
|
||||||
|
}
|
||||||
|
|
||||||
|
# Send logs to remote collector(s)
|
||||||
|
ruleset(name="sendLogsToRemote") {
|
||||||
|
{% for output in rsyslog_outputs %}
|
||||||
|
action(
|
||||||
|
type="{{ output_modules[output.proto] }}"
|
||||||
|
|
||||||
|
{% if output_modules[output.proto] == "omfwd" %}
|
||||||
|
protocol="{{ output.proto }}"
|
||||||
|
target="{{ output.address }}"
|
||||||
|
port="{{ output.port }}"
|
||||||
|
{% elif output_modules[output.proto] == "omhiredis" %}
|
||||||
|
server="{{ output.address }}"
|
||||||
|
serverport="{{ output.port }}"
|
||||||
|
mode="publish"
|
||||||
|
key="{{ output.key }}"
|
||||||
|
template="templateJson"
|
||||||
|
{% if output.password is defined %}
|
||||||
|
serverpassword="{{ output.password }}"
|
||||||
|
{% endif %}
|
||||||
|
{% elif output_modules[output.proto] == "omrelp" %}
|
||||||
|
target="{{ output.address }}"
|
||||||
|
port="{{ output.port }}"
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if loop.index > 1 and output.fallback %}
|
||||||
|
action.execOnlyWhenPreviousIsSuspended="on"
|
||||||
|
{% endif %}
|
||||||
|
)
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Send local logs to files (useful for debugging or if the collector is down)
|
||||||
|
call sendLogsToDisk
|
||||||
|
|
||||||
|
# Send local logs to the remote collector
|
||||||
|
call sendLogsToRemote
|
6
roles/rsyslog_common/templates/forward-syslog.conf.j2
Normal file
6
roles/rsyslog_common/templates/forward-syslog.conf.j2
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
[Journal]
|
||||||
|
# journald logs are already retrieved by rsyslog using imjournal
|
||||||
|
ForwardToSyslog=no
|
||||||
|
MaxLevelSyslog=debug
|
3
roles/rsyslog_common/templates/rsyslog.conf.j2
Normal file
3
roles/rsyslog_common/templates/rsyslog.conf.j2
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
include(file="/etc/rsyslog.d/*.conf")
|
Loading…
Reference in a new issue