Add rsyslog_common role

This commit is contained in:
jeltz 2021-03-01 01:27:30 +01:00
parent 89181c6cd6
commit 6263c31785
6 changed files with 190 additions and 0 deletions

View file

@ -0,0 +1,3 @@
---
rsyslog_outputs: []
...

View file

@ -0,0 +1,13 @@
---
- name: Restart rsyslog
become: yes
systemd:
name: rsyslog.service
state: restarted
- name: Restart systemd-journald
become: yes
systemd:
name: systemd-journald.service
state: restarted
...

View file

@ -0,0 +1,57 @@
---
- name: Install rsyslog
become: true
apt:
name: rsyslog
state: latest
- name: Install rsyslog modules if needed
become: true
apt:
name: "{{ item.pkg }}"
state: latest
when: "rsyslog_outputs | selectattr('proto', 'eq', item.proto) | list"
loop:
- proto: relp
pkg: rsyslog-relp
- proto: redis
pkg: rsyslog-hiredis
- name: Deploy main rsyslog configuration
become: true
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: u=rw,g=r,o=r
loop:
- src: rsyslog.conf.j2
dest: /etc/rsyslog.conf
- src: 99-common.conf.j2
dest: /etc/rsyslog.d/99-common.conf
notify: Restart rsyslog
- name: Create journald.conf.d directory
become: true
file:
path: /etc/systemd/journald.conf.d
state: directory
- name: Deploy journald configuration
become: true
template:
src: forward-syslog.conf.j2
dest: /etc/systemd/journald.conf.d/forward-syslog.conf
owner: root
group: root
mode: u=rw,g=r,o=r
notify: Restart systemd-journald
- name: Enable rsyslog service
become: true
systemd:
name: rsyslog.service
state: started
enabled: true
...

View file

@ -0,0 +1,108 @@
{{ ansible_managed | comment }}
{%
set output_modules = {
"relp": "omrelp",
"udp": "omfwd",
"redis": "omhiredis",
}
%}
global(
workDirectory="/var/spool/rsyslog"
preserveFQDN="on"
)
# Collect logs via /dev/log
module(load="imuxsock")
# Collect kernel logs
module(load="imklog")
# Collect systemd-journald logs
module(load="imjournal")
# Parse CEE logs
module(load="mmjsonparse")
# Load export modules
{%
for module in rsyslog_outputs
| map(attribute="proto")
| map("extract", output_modules)
| list
| unique
%}
module(load="{{ module }}")
{% endfor %}
# FIXME: Attention, il faut voir si rsyslog arrive bien à créer
# les fichiers de plusieurs jours (le 1er est peut-être crée avant
# de dropper les privilèges, mais les suivants je pense pas).
module(
load="builtin:omfile"
# Format avec dates précises
template="RSYSLOG_FileFormat"
fileOwner="root"
fileGroup="adm"
fileCreateMode="0640"
dirCreateMode="0755"
)
template(name="templateJson" type="list" option.jsonf="on") {
property(outname="hostname_reported" name="hostname" format="jsonf")
property(outname="src" name="fromhost-ip" format="jsonf")
property(outname="facility" name="syslogfacility-text" format="jsonf")
property(outname="program" name="programname" format="jsonf")
property(outname="pid" name="procid" format="jsonf")
property(outname="time_reported" name="timereported" format="jsonf"
dateformat="rfc3339")
property(outname="time_generated" name="timegenerated" format="jsonf"
dateformat="rfc3339")
property(outname="message" name="msg" format="jsonf")
}
ruleset(name="sendLogsToDisk") {
auth,authpriv.* action(type="omfile" file="/var/log/auth.log")
mail.* action(type="omfile" file="/var/log/mail.log" sync="off")
kern.* action(type="omfile" file="/var/log/kern.log")
*.*;auth,authpriv.none action(type="omfile" file="/var/log/syslog.log"
sync="off")
}
# Send logs to remote collector(s)
ruleset(name="sendLogsToRemote") {
{% for output in rsyslog_outputs %}
action(
type="{{ output_modules[output.proto] }}"
{% if output_modules[output.proto] == "omfwd" %}
protocol="{{ output.proto }}"
target="{{ output.address }}"
port="{{ output.port }}"
{% elif output_modules[output.proto] == "omhiredis" %}
server="{{ output.address }}"
serverport="{{ output.port }}"
mode="publish"
key="{{ output.key }}"
template="templateJson"
{% if output.password is defined %}
serverpassword="{{ output.password }}"
{% endif %}
{% elif output_modules[output.proto] == "omrelp" %}
target="{{ output.address }}"
port="{{ output.port }}"
{% endif %}
{% if loop.index > 1 and output.fallback %}
action.execOnlyWhenPreviousIsSuspended="on"
{% endif %}
)
{% endfor %}
}
# Send local logs to files (useful for debugging or if the collector is down)
call sendLogsToDisk
# Send local logs to the remote collector
call sendLogsToRemote

View file

@ -0,0 +1,6 @@
{{ ansible_managed | comment }}
[Journal]
# journald logs are already retrieved by rsyslog using imjournal
ForwardToSyslog=no
MaxLevelSyslog=debug

View file

@ -0,0 +1,3 @@
{{ ansible_managed | comment }}
include(file="/etc/rsyslog.d/*.conf")