log.yml

@@ -2,4 +2,8 @@
 - hosts: log.adm.auro.re
   roles:
     - rsyslog_collector
+
+- hosts: all
+  roles:
+    - rsyslog_common
 ...

roles/logrotate/handlers/main.yml

@@ -1,5 +1,6 @@
 ---
-- name: reload logrotate
+- name: Reload logrotate
-  service:
+  systemd:
-    name: logrotate
+    name: logrotate.service
     state: reloaded
+...

roles/logrotate/tasks/main.yml

@@ -1,29 +1,28 @@
 ---
-# Install and configure logrotate
-
-# Install the apt package
 - name: Install logrotate
   apt:
-    name:
+    name: logrotate
-      - logrotate
+    state: present
 
-# Copy the configuration and reload the service if it has changed
+- name: Create rsyslog configuration directory
-- name: Configure logrotate
+  file:
-  template:
+    path: /etc/rsyslog.d
-    src: logrotate.d/rsyslog.j2
-    dest: /etc/logrotate.d/rsyslog
     owner: root
     group: root
-    mode: "0644"
+    mode: u=rwx,g=rx,o=rx
-  notify: reload logrotate
+
+- name: Configure logrotate
+  template:
+    src: logrotate.conf
+    dest: /etc/logrotate.conf
+    owner: root
+    group: root
+    mode: u=rwx,g=r,o=r
+  notify: Reload logrotate
 
-# Make sure the service is enabled and started
 - name: Enable logrotate service
-  service:
+  systemd:
-    name: logrotate
+    name: logrotate.service
     enabled: true
     state: started
-
+...
-# Enforce new logrotate rules now
-- name: Run logrotate now
-  command: /usr/sbin/logrotate -f /etc/logrotate.d/rsyslog

roles/logrotate/templates/logrotate.conf

@@ -0,0 +1,7 @@
+{{ ansible_managed | comment }}
+
+weekly
+rotate 4
+create
+
+include /etc/logrotate.d

roles/logrotate/templates/logrotate.d/rsyslog.j2

@@ -1,39 +0,0 @@
-# {{ ansible_managed }}
-
-/var/log/syslog
-{
-	rotate 7
-	daily
-	missingok
-	notifempty
-	delaycompress
-	compress
-	postrotate
-		/usr/lib/rsyslog/rsyslog-rotate
-	endscript
-}
-
-/var/log/mail.info
-/var/log/mail.warn
-/var/log/mail.err
-/var/log/mail.log
-/var/log/daemon.log
-/var/log/kern.log
-/var/log/auth.log
-/var/log/user.log
-/var/log/lpr.log
-/var/log/cron.log
-/var/log/debug
-/var/log/messages
-{
-	rotate 90
-	daily
-	missingok
-	notifempty
-	compress
-	delaycompress
-	sharedscripts
-	postrotate
-		/usr/lib/rsyslog/rsyslog-rotate
-	endscript
-}

roles/rsyslog_common/meta/main.yml

@@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: logrotate
+...

roles/rsyslog_common/tasks/main.yml

@@ -51,6 +51,16 @@
     mode: u=rw,g=r,o=r
   notify: Restart systemd-journald
 
+- name: Deploy logrotate configuration
+  become: true
+  template:
+    src: logrotate.j2
+    dest: /etc/logrotate.d/rsyslog
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  notify: Reload logrotate
+
 - name: Enable rsyslog service
   become: true
   systemd:

roles/rsyslog_common/templates/forward-syslog.conf.j2

@@ -1,5 +1,6 @@
 {{ ansible_managed | comment }}
 
 [Journal]
+Storage=volatile
 ForwardToSyslog=yes
 MaxLevelSyslog=debug

roles/rsyslog_common/templates/logrotate.j2

@@ -0,0 +1,17 @@
+{{ ansible_managed | comment }}
+
+/var/log/auth.log
+/var/log/mail.log
+/var/log/kern.log
+/var/log/syslog.log
+{
+	rotate 7
+	daily
+	missingok
+	notifempty
+	delaycompress
+	compress
+	postrotate
+		/usr/lib/rsyslog/rsyslog-rotate
+	endscript
+}