aurore-logs/roles/rsyslog-common/tasks/main.yml
Jeltz 03f93d0f41 Test de génération de certificat pour rsyslog.
Test de `openssl-cert-builder` depuis le rôle `rsyslog-common`
(pourra servir par exemple pour le transport RELP ou TCP via TLS).
2020-09-20 04:13:35 +02:00

71 lines
1.6 KiB
YAML

---
- name: Install rsyslog
become: yes
apt:
name: rsyslog
state: present
- name: Install rsyslog modules if needed
become: yes
apt:
name: " {{ item.pkg }}"
state: present
when: "rsyslog_outputs | selectattr('proto', 'eq', item.proto) | list"
loop:
- proto: relp
pkg: rsyslog-relp
- proto: redis
pkg: rsyslog-hiredis
# FIXME: c'est un ajout de test
- name: Install a X.509 certificate for RELP over TLS
include_role:
name: openssl-cert-builder
vars:
certificate:
# FIXME: il faudra que le hostname dans l'inventaire Ansible
# corresponde toujours au FQDN de la machine si on reste
# comme ça.
slug: "{{ inventory_hostname }}"
common_name: "{{ inventory_hostname }}"
not_before: +0s
not_after: +365d
- name: Deploy main rsyslog configuration
become: yes
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: u=rw,g=r,o=r
notify: Restart rsyslog
loop:
- src: rsyslog.conf.j2
dest: /etc/rsyslog.conf
- src: 10-common.conf.j2
dest: /etc/rsyslog.d/10-common.conf
- name: Create journald.conf.d directory
become: yes
file:
path: /etc/systemd/journald.conf.d
state: directory
- name: Deploy journald configuration
become: yes
template:
src: forward-syslog.conf.j2
dest: /etc/systemd/journald.conf.d/forward-syslog.conf
owner: root
group: root
mode: u=rw,g=r,o=r
notify: Restart systemd-journald
- name: Enable rsyslog service
become: yes
systemd:
name: rsyslog.service
state: started
enabled: yes
...