Jeltz
03f93d0f41
Test de `openssl-cert-builder` depuis le rôle `rsyslog-common` (pourra servir par exemple pour le transport RELP ou TCP via TLS).
71 lines
1.6 KiB
YAML
71 lines
1.6 KiB
YAML
---
|
|
- name: Install rsyslog
|
|
become: yes
|
|
apt:
|
|
name: rsyslog
|
|
state: present
|
|
|
|
- name: Install rsyslog modules if needed
|
|
become: yes
|
|
apt:
|
|
name: " {{ item.pkg }}"
|
|
state: present
|
|
when: "rsyslog_outputs | selectattr('proto', 'eq', item.proto) | list"
|
|
loop:
|
|
- proto: relp
|
|
pkg: rsyslog-relp
|
|
- proto: redis
|
|
pkg: rsyslog-hiredis
|
|
|
|
# FIXME: c'est un ajout de test
|
|
- name: Install a X.509 certificate for RELP over TLS
|
|
include_role:
|
|
name: openssl-cert-builder
|
|
vars:
|
|
certificate:
|
|
# FIXME: il faudra que le hostname dans l'inventaire Ansible
|
|
# corresponde toujours au FQDN de la machine si on reste
|
|
# comme ça.
|
|
slug: "{{ inventory_hostname }}"
|
|
common_name: "{{ inventory_hostname }}"
|
|
not_before: +0s
|
|
not_after: +365d
|
|
|
|
- name: Deploy main rsyslog configuration
|
|
become: yes
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=r
|
|
notify: Restart rsyslog
|
|
loop:
|
|
- src: rsyslog.conf.j2
|
|
dest: /etc/rsyslog.conf
|
|
- src: 10-common.conf.j2
|
|
dest: /etc/rsyslog.d/10-common.conf
|
|
|
|
- name: Create journald.conf.d directory
|
|
become: yes
|
|
file:
|
|
path: /etc/systemd/journald.conf.d
|
|
state: directory
|
|
|
|
- name: Deploy journald configuration
|
|
become: yes
|
|
template:
|
|
src: forward-syslog.conf.j2
|
|
dest: /etc/systemd/journald.conf.d/forward-syslog.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=r
|
|
notify: Restart systemd-journald
|
|
|
|
- name: Enable rsyslog service
|
|
become: yes
|
|
systemd:
|
|
name: rsyslog.service
|
|
state: started
|
|
enabled: yes
|
|
...
|