initial import

2015-04-20 01:46:12 +02:00
commit 91fc981bbd
17 changed files with 299 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,74 @@
+ansible-rsyslog
+=========
+
+This role installs and configures rsyslog.
+
+Requirements
+------------
+
+None at this time.
+
+Default Role Variables
+--------------
+
+By default this role will provide a minimal configuration
+
+*rsyslog_main_config*: Main config file path (default: "/etc/rsyslog.conf")
+*rsyslog_include_path*: Path of additional config stanzas (default: "/etc/rsyslog.d")
+*rsyslog_file_mode*: Default mode for configuration files (default: "0640")
+*rsyslog_file_create_mode*: Default mode for new files created by rsyslog  (default "0640")
+*rsyslog_umask*: Specify the rsyslogd processes' umask (default "0022")
+*rsyslog_abort_on_unclean_config*: Check config syntax on startup and abort if unclean (default: off)
+*rsyslog_repeated_msg_reduction*: Reduce repeating messages (default: off)
+*rsyslog_action_file_default_template*: Use the default, traditional logformat, as default for loggin (default: RSYSLOG_TraditionalFileFormat)
+*rsyslog_action_file_template*: Define only when a custom logformat is neeed (default: undefined)
+*rsyslog_priv_drop_to_user*: Name of the user rsyslog should run under after startup (default: undefined)
+*rsyslog_priv_drop_to_group*: Name of the group rsyslog should run under after startup (default: undefined)
+*rsyslog_default_config*: Setup a default basic configuration stanza (default: "True")
+
+Dependencies
+------------
+
+None at this time.
+
+Example Playbook
+----------------
+
+    - name: Apply rsyslog role
+      remote_user: root
+      hosts: all
+      sudo: no
+    - role: rsyslog
+      items:
+      - name: "20-iptables"
+        lines: 
+          - ':msg, contains, "iptables" /var/log/iptables.log'
+          - '& ~'
+      - name: "30-dovecot"
+        lines: 
+          - 'if $programname == 'dovecot' and $syslogseverity <= '6' then ~'
+          - '& ~'
+
+Supported Platforms
+-------------------
+
+* RHEL 6
+* Archlinux
+* Ubuntu Trusty
+* Debian Wheezy
+
+It will likely run on other platforms, just drop in vars/ a new file to support your os variant, vars are parsed in the following order/format:
+* {{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml
+* {{ ansible_distribution }}.yml
+* {{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml
+* {{ ansible_os_family }}.yml"
+
+License
+-------
+
+GPLv2
+
+Author Information
+------------------
+
+Alessio Cassibba (x-drum) http://blog.zerodev.it.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -0,0 +1,15 @@
+# rsyslog configuration defaults
+---
+rsyslog_main_config: "/etc/rsyslog.conf"
+rsyslog_include_path: "/etc/rsyslog.d"
+rsyslog_file_mode: "0640"
+rsyslog_file_create_mode: "0640"
+rsyslog_umask: "0022"
+rsyslog_abort_on_unclean_config: "off"
+rsyslog_repeated_msg_reduction: "off"
+rsyslog_action_file_default_template: RSYSLOG_TraditionalFileFormat
+#rsyslog_action_file_template: "%rawmsg%\n"
+#rsyslog_priv_drop_to_user: syslog
+#rsyslog_priv_drop_to_group: syslog
+rsyslog_default_config: "True"
+rsyslog_os_supported: no
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: rsyslog | restart service
+  tags: 
+    - rsyslog
+    - configuration
+  service: name={{ rsyslog_service_name }} state=restarted
--- a/tasks/arch_packages.yml
+++ b/tasks/arch_packages.yml
@@ -0,0 +1,8 @@
+# install packages for Archlinux
+---
+- name: Install packages for Archlinux
+  tags:
+    - rsyslog
+    - packages
+  pacman: pkg={{item}} state=installed
+  with_items: rsyslog_package_names
--- a/tasks/deb_packages.yml
+++ b/tasks/deb_packages.yml
@@ -0,0 +1,8 @@
+# install packages for Debian
+---
+- name: Install packages for Debian
+  tags:
+    - rsyslog
+    - packages
+  apt: pkg={{item}} state=installed
+  with_items: rsyslog_package_names
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -0,0 +1,106 @@
+# Install and configure rsyslog
+
+# - name: rsyslog | Include default variables
+#   tags:
+#     - rsyslog
+#     - prereq
+#   include_vars: defaults
+
+- name: rsyslog | Set OS dependent variables
+  tags:
+    - rsyslog
+    - prereq
+  include_vars: "{{ item }}"
+  with_first_found:
+   - "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml"
+   - "{{ ansible_distribution }}.yml"
+   - "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
+   - "{{ ansible_os_family }}.yml"
+   - default.yml
+
+- include: main_rh.yml
+  when: ansible_os_family == 'RedHat'
+
+- include: main_deb.yml
+  when: ansible_os_family == 'Debian'
+
+- include: main_arch.yml
+  when: ansible_os_family == 'Archlinux'
+
+- name: rsyslog | Setup main configuration
+  tags:
+    - rsyslog
+    - files
+  template: >
+    src=rsyslog.conf.j2
+    dest={{ rsyslog_main_config }}
+    owner={{ rsyslog_file_owner }}
+    group={{ rsyslog_file_group }}
+    mode={{ rsyslog_file_mode }}
+  notify:
+    - rsyslog | restart service
+  when: rsyslog_os_supported == True
+
+# - name: rsyslog | create additional configuration directory
+#   file: path={{project_root}}/conf state=directory
+- name: rsyslog | create additional configuration directory
+  tags:
+    - rsyslog
+    - files
+  file: >
+    path="{{ rsyslog_include_path }}"
+    owner={{ rsyslog_file_owner }}
+    group={{ rsyslog_file_group }}
+    mode={{ rsyslog_file_mode }}
+    state=directory
+  when: rsyslog_os_supported == True
+
+- name: rsyslog | Setup default additional configuration
+  tags:
+    - rsyslog
+    - files
+  template: > 
+    src=rsyslog.snippet.conf.j2
+    dest={{ rsyslog_include_path }}/{{item.name}}.conf
+    owner={{ rsyslog_file_owner }}
+    group={{ rsyslog_file_group }}
+    mode={{ rsyslog_file_mode }}
+  with_items:
+    - name: "50-default"
+      lines: 
+        - '*.info;mail.none;authpriv.none;cron.none /var/log/messages'
+        - 'kern.*                                   -/var/log/kern.log'
+        - 'auth.*;authpriv.*                        /var/log/auth.log'
+        - 'daemon.*                                 /var/log/daemon.log'
+        - 'cron.*                                   -/var/log/cron.log'
+        - 'mail.*                                   -/var/log/mail.log'
+        - 'uucp,news.*                              /var/log/spooler'
+        - '*.emerg                                  *'
+        - 'local7.*                                 /var/log/boot.log'
+        - '*.*                                      /var/log/uncategorized.log'
+  notify:
+    - rsyslog | restart service
+  when: rsyslog_default_config == "True" and rsyslog_os_supported == True
+
+- name: rsyslog | Setup additional configurations
+  tags:
+    - rsyslog
+    - files
+  template: > 
+    src=rsyslog.snippet.conf.j2
+    dest={{ rsyslog_include_path }}/{{item.name}}.conf
+    owner={{ rsyslog_file_owner }}
+    group={{ rsyslog_file_group }}
+    mode={{ rsyslog_file_mode }}
+  with_items: 
+    - "{{ items }}"
+  notify:
+    - rsyslog | restart service
+  when: rsyslog_os_supported == True
+
+- name: rsyslog | Enable service
+  tags:
+    - rsyslog
+    - configuration
+  service: name={{ rsyslog_service_name }} enabled=yes
+  when: rsyslog_os_supported == True
--- a/tasks/main_arch.yml
+++ b/tasks/main_arch.yml
@@ -0,0 +1,3 @@
+# Archlinux related tasks
+---
+- include: arch_packages.yml
--- a/tasks/main_deb.yml
+++ b/tasks/main_deb.yml
@@ -0,0 +1,3 @@
+# Debian related tasks
+---
+- include: deb_packages.yml
--- a/tasks/main_rh.yml
+++ b/tasks/main_rh.yml
@@ -0,0 +1,3 @@
+# RHEL related tasks
+---
+- include: rh_packages.yml
--- a/tasks/rh_packages.yml
+++ b/tasks/rh_packages.yml
@@ -0,0 +1,8 @@
+# install packages for RHEL
+---
+- name: Install packages for RHEL
+  tags:
+    - rsyslog
+    - packages
+  yum: pkg={{item}} state=installed
+  with_items: rsyslog_package_names
--- a/templates/rsyslog.conf.j2
+++ b/templates/rsyslog.conf.j2
@@ -0,0 +1,28 @@
+## {{ ansible_managed }}
+
+$ModLoad immark.so
+$ModLoad imuxsock.so
+$ModLoad imklog.so
+
+{% if rsyslog_action_file_template is defined %}
+$ActionFileDefaultTemplate myFormat
+$template myFormat,{{ rsyslog_action_file_template }}
+{% else %}
+$ActionFileDefaultTemplate {{ rsyslog_action_file_default_template }}
+{% endif %}
+
+$AbortOnUncleanConfig {{ rsyslog_abort_on_unclean_config | default('off') }}
+$RepeatedMsgReduction {{ rsyslog_repeated_msg_reduction | default('off') }}
+
+$FileOwner {{ rsyslog_file_owner }}
+$FileGroup {{ rsyslog_file_group }}
+$FileCreateMode {{ rsyslog_file_create_mode }}
+$Umask {{ rsyslog_umask }}
+{% if rsyslog_priv_drop_to_user is defined %}
+$PrivDropToUser {{ rsyslog_priv_drop_to_user }}
+{% endif %}
+{% if rsyslog_priv_drop_to_group is defined %}
+$PrivDropToGroup  {{ rsyslog_priv_drop_to_group }}
+{% endif %}
+
+$IncludeConfig {{ rsyslog_include_path }}/*.conf
--- a/templates/rsyslog.snippet.conf.j2
+++ b/templates/rsyslog.snippet.conf.j2
@@ -0,0 +1,5 @@
+## {{ ansible_managed }}
+
+{% for line in item.lines %}
+{{ line }}
+{% endfor %}
--- a/vars/Archlinux.yml
+++ b/vars/Archlinux.yml
@@ -0,0 +1,8 @@
+# Archlinux Family OS defaults
+---
+rsyslog_package_names: 
+  - rsyslog
+rsyslog_service_name: rsyslog
+rsyslog_file_owner: root
+rsyslog_file_group: root
+rsyslog_os_supported: yes
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
@@ -0,0 +1,8 @@
+# Debian Family OS defaults
+---
+rsyslog_package_names: 
+  - rsyslog
+rsyslog_service_name: rsyslog
+rsyslog_file_owner: syslog
+rsyslog_file_group: adm
+rsyslog_os_supported: yes
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -0,0 +1,8 @@
+# RedHat Family OS defaults
+---
+rsyslog_package_names: 
+  - rsyslog
+rsyslog_service_name: rsyslog
+rsyslog_file_owner: root
+rsyslog_file_group: adm
+rsyslog_os_supported: yes
--- a/vars/default.yml
+++ b/vars/default.yml
@@ -0,0 +1,7 @@
+# Fallback OS defaults
+---
+rsyslog_package_names: 
+  - rsyslog
+rsyslog_service_name: rsyslog
+rsyslog_file_owner: root
+rsyslog_file_group: root
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -0,0 +1 @@
+---