Add rsyslog portions for further refinement

2024-04-02 13:48:55 -07:00 · 2024-04-02 13:48:55 -07:00 · 1260f2ce54
commit 1260f2ce54
parent 47573d1181
7 changed files with 168 additions and 9 deletions
--- a/files/etc/logrotate.d/syslogserver
+++ b/files/etc/logrotate.d/syslogserver
@ -0,0 +1,13 @@
 /var/log/remote/*.log
 {
  daily
  rotate 5
  missingok
  sharedscripts
  compress
  copytruncate
  minsize 100k
  postrotate
    /usr/bin/systemctl -s HUP kill rsyslog.service >/dev/null 2>&1 || true
  endscript
 }
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -63,6 +63,11 @@
    state: restarted
    daemon_reload: true
 - name: restart_rsyslog
  ansible.builtin.service:
    name: rsyslog
    state: restarted
 - name: enable_crb
  ansible.builtin.shell: "set -o pipefail && /usr/bin/crb enable"
  changed_when: "1 != 1"
--- a/init-rocky-syslog-client.yml
+++ b/init-rocky-syslog-client.yml
@ -0,0 +1,45 @@
 ---
 # This should already be taken care of in the system-config. But run this
 # manually for boxes that need it.
 - name: Setup a syslog client
  hosts: "{{ host }}"
  become: true
  vars_files:
    # Vaults required
    # vars/vaults/encpass.yml
    # vars/vaults/hostman.yml
    # vars/graylog.yml
    - vars/syslog.yml
  vars:
    syslog_type: "client"
  # This is to try to avoid the handler issue in pre/post tasks
  handlers:
    - import_tasks: handlers/main.yml
  pre_tasks:
    - name: Check if ansible cannot be run here
      stat:
        path: /etc/no-ansible
      register: no_ansible
    - name: Verify if we can run ansible
      ansible.builtin.assert:
        that:
          - "not no_ansible.stat.exists"
        success_msg: "We are able to run on this node"
        fail_msg: "/etc/no-ansible exists - skipping run on this node"
  tasks:
    - name: Setup syslog
      ansible.builtin.import_tasks: "tasks/syslog.yml"
  post_tasks:
    - name: Touching run file that ansible has ran here
      ansible.builtin.file:
        path: /var/log/ansible.run
        state: touch
        mode: '0644'
        owner: root
        group: root
 ...
--- a/role-rocky-syslog-server.yml
+++ b/role-rocky-syslog-server.yml
@ -0,0 +1,48 @@
 ---
 # Configure and setup graylog
 # Reccommended specs
 # CPU: 2 cores
 # Memory: 4GB
 # Storage: Yes
 - name: Install syslog server
  hosts: syslog
  become: true
  vars_files:
    # Vaults required
    # vars/vaults/encpass.yml
    # vars/vaults/hostman.yml
    # vars/graylog.yml
    - vars/syslog.yml
  vars:
    syslog_type: "server"
  # This is to try to avoid the handler issue in pre/post tasks
  handlers:
    - import_tasks: handlers/main.yml
  pre_tasks:
    - name: Check if ansible cannot be run here
      stat:
        path: /etc/no-ansible
      register: no_ansible
    - name: Verify if we can run ansible
      ansible.builtin.assert:
        that:
          - "not no_ansible.stat.exists"
        success_msg: "We are able to run on this node"
        fail_msg: "/etc/no-ansible exists - skipping run on this node"
  tasks:
    - name: Setup syslog
      ansible.builtin.import_tasks: "tasks/syslog.yml"
  post_tasks:
    - name: Touching run file that ansible has ran here
      ansible.builtin.file:
        path: /var/log/ansible.run
        state: touch
        mode: '0644'
        owner: root
        group: root
 ...
--- a/tasks/syslog.yml
+++ b/tasks/syslog.yml
@ -1,5 +1,38 @@
 ---
- name: Notice
+- name: Ensure rsyslog is installed
-  ansible.builtin.debug:
+  ansible.builtin.package:
-    msg: "Nothing to do yet"
+    name: rsyslog
    state: present
 - name: Setup rsyslog client
  ansible.builtin.block:
    - name: Drop configuration item for syslog
      ansible.builtin.template:
        src: "etc/rsyslog.d/forwarder.conf"
        dest: "/etc/rsyslog.d/forwarder.conf"
        owner: root
        group: root
        mode: "0644"
      notify: restart_rsyslog
  when: syslog_type == "client"
 - name: Setup rsyslog server
  ansible.builtin.block:
    - name: Drop configuration item for syslog
      ansible.builtin.template:
        src: "etc/rsyslog.d/receiver.conf"
        dest: "/etc/rsyslog.d/receiver.conf"
        owner: root
        group: root
        mode: "0644"
      notify: restart_rsyslog
    - name: Deploy logrotate file
      ansible.builtin.file:
        src: "etc/logrotate.d/syslogserver"
        dest: "/etc/logrotate.d/syslogserver"
        owner: root
        group: root
        mode: '0644'
  when: syslog_type == "server"
 ...
--- a/templates/etc/rsyslog.d/receiver.conf.j2
+++ b/templates/etc/rsyslog.d/receiver.conf.j2
@ -1,12 +1,19 @@
 # Receive logs
 # Logs will appear as /var/log/remote/hostname.example.com-{secure,messages}.log
 module(load="imtcp")
 input(type="imtcp" port="514")
 module(load="imudp")
-input(type="imudp" port="514")
+$AllowedSender UDP, {{ allowed_rsyslog_clients|join(', ') }}
 $AllowedSender TCP, {{ allowed_rsyslog_clients|join(', ') }}
-$template RemoteHostSyslog,"/var/log/remote/%HOSTNAME%-log
+template(name="TmplAuth" type="string" string="/var/log/remote/%FROMHOST%-secure.log")
-$RuleSet remote
+template(name="TmplMsg" type="string" string="/var/log/remote/%FROMHOST%-messages.log")
-*.* -?RemoteHostSyslog
+
-*.info;mail.none;authpriv.none;cron.none ?RemoteHostSyslog
+# Process the equivalent of /var/log/{messages,secure} on a given system
 ruleset(name="remote_1_log"){
  authpriv.*                               action(type="omfile" DynaFile="TmplAuth")
  *.info;mail.none;authpriv.none;cron.none action(type="omfile" DynaFile="TmplMsg")
 }
 input(type="imtcp" port="514" ruleset="remote_1_log")
 input(type="imudp" port="514" ruleset="remote_1_log")
--- a/vars/syslog.yml
+++ b/vars/syslog.yml
@ -0,0 +1,8 @@
 ---
 # remote_rsyslog_host: set in playbook for now, please.
 allowed_rsyslog_clients:
  - "10.32.0.0/16"
  - "10.61.0.0/16"
  - "*.rockylinux.org"
  - "*.resf.org"
 ...