aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

WIP: add logrotate config for rsyslog-managed files

Browse source
This commit is contained in:
jeltz 2021-03-30 06:01:43 +02:00
parent 9f671e71d6
commit f59d9ee6f0
8 changed files with 63 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
log.yml
View file

@ -2,4 +2,8 @@
- hosts: log.adm.auro.re - hosts: log.adm.auro.re
roles: roles:
- rsyslog_collector - rsyslog_collector
- hosts: all
roles:
- rsyslog_common
... ...

7
roles/logrotate/handlers/main.yml
View file

@ -1,5 +1,6 @@
--- ---
- name: reload logrotate - name: Reload logrotate
service: systemd:
name: logrotate name: logrotate.service
state: reloaded state: reloaded
...

29
roles/logrotate/tasks/main.yml
View file

@ -1,29 +1,34 @@
--- ---
# Install and configure logrotate
# Install the apt package # Install the apt package
- name: Install logrotate - name: Install logrotate
apt: apt:
name: name:
- logrotate - logrotate
state: present
# Copy the configuration and reload the service if it has changed - name: Create rsyslog configuration directory
- name: Configure logrotate file:
template: path: /etc/rsyslog.d
src: logrotate.d/rsyslog.j2
dest: /etc/logrotate.d/rsyslog
owner: root owner: root
group: root group: root
mode: "0644" mode: u=rwx,g=rx,o=rx
notify: reload logrotate
- name: Configure logrotate
template:
src: logrotate.conf
dest: /etc/logrotate.conf
owner: root
group: root
mode: u=rwx,g=r,o=r
notify: Reload logrotate
# Make sure the service is enabled and started
- name: Enable logrotate service - name: Enable logrotate service
service: systemd:
name: logrotate name: logrotate.service
enabled: true enabled: true
state: started state: started
# Enforce new logrotate rules now # Enforce new logrotate rules now
- name: Run logrotate now - name: Run logrotate now
command: /usr/sbin/logrotate -f /etc/logrotate.d/rsyslog command: /usr/sbin/logrotate -f /etc/logrotate.d/rsyslog
...

7
roles/logrotate/templates/logrotate.conf Normal file
View file

@ -0,0 +1,7 @@
{{ ansible_managed | comment }}
weekly
rotate 4
create
include /etc/logrotate.d

39
roles/logrotate/templates/logrotate.d/rsyslog.j2
View file

@ -1,39 +0,0 @@
# {{ ansible_managed }}
/var/log/syslog
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 90
daily
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}

4
roles/rsyslog_common/meta/main.yml Normal file
View file

@ -0,0 +1,4 @@
---
dependencies:
- role: logrotate
...

10
roles/rsyslog_common/tasks/main.yml
View file

@ -51,6 +51,16 @@
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
notify: Restart systemd-journald notify: Restart systemd-journald
- name: Deploy logrotate configuration
become: true
template:
src: logrotate.j2
dest: /etc/logrotate.d/rsyslog
owner: root
group: root
mode: u=rw,g=r,o=r
notify: Restart logrotate
- name: Enable rsyslog service - name: Enable rsyslog service
become: true become: true
systemd: systemd:

17
roles/rsyslog_common/templates/logrotate.j2 Normal file
View file

@ -0,0 +1,17 @@
{{ ansible_managed | comment }}
/var/log/auth.log
/var/log/mail.log
/var/log/kern.log
/var/log/syslog.log
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}