diff options
| author | Kevin Fenzi <kevin@scrye.com> | 2014-01-25 17:45:38 +0000 |
|---|---|---|
| committer | Kevin Fenzi <kevin@scrye.com> | 2014-01-25 17:45:38 +0000 |
| commit | 0844a05bf0a44c497c74174fac562d3e3e0211a2 (patch) | |
| tree | cb1a8072318b415ba9b33363dec69d48d65a3fed | |
| parent | 899cff949281598458337c83d1dd9a61c1e045c8 (diff) | |
| download | ansible-0844a05bf0a44c497c74174fac562d3e3e0211a2.tar.gz ansible-0844a05bf0a44c497c74174fac562d3e3e0211a2.tar.xz ansible-0844a05bf0a44c497c74174fac562d3e3e0211a2.zip | |
Rework rsyslog stuff. Use default dist /etc/rsyslog.conf, add our stuff to /etc/rsyslog.d
| -rw-r--r-- | inventory/group_vars/kernel-qa | 1 | ||||
| -rw-r--r-- | roles/base/files/rsyslog/rsyslog-audit.conf | 13 | ||||
| -rw-r--r-- | roles/base/files/rsyslog/rsyslog-disablerate.conf | 3 | ||||
| -rw-r--r-- | roles/base/files/rsyslog/rsyslog-log02.conf | 4 | ||||
| -rw-r--r-- | roles/base/files/rsyslog/rsyslog.conf | 55 | ||||
| -rw-r--r-- | roles/base/files/rsyslog/rsyslog.conf.el6 (renamed from roles/base/files/rsyslog/rsyslog.conf.releng) | 41 | ||||
| -rw-r--r-- | roles/base/files/rsyslog/rsyslog.conf.f20 (renamed from roles/base/files/rsyslog/rsyslog.conf.kojibuilder) | 51 | ||||
| -rw-r--r-- | roles/base/files/rsyslog/rsyslog.conf.phx2 | 97 | ||||
| -rw-r--r-- | roles/base/tasks/main.yml | 15 |
9 files changed, 103 insertions, 177 deletions
diff --git a/inventory/group_vars/kernel-qa b/inventory/group_vars/kernel-qa index 8e0333192..39e618921 100644 --- a/inventory/group_vars/kernel-qa +++ b/inventory/group_vars/kernel-qa @@ -1,6 +1,5 @@ --- freezes: true resolvconf: "{{ files }}/resolv.conf/phx2" -rsyslogconf: "{{ files }}/rsyslog/rsyslog.conf.phx2" fas_client_groups: sysadmin-kernel sudoers: "{{ private }}/files/sudo/kernel-qa" diff --git a/roles/base/files/rsyslog/rsyslog-audit.conf b/roles/base/files/rsyslog/rsyslog-audit.conf new file mode 100644 index 000000000..8e6c2f5b1 --- /dev/null +++ b/roles/base/files/rsyslog/rsyslog-audit.conf @@ -0,0 +1,13 @@ +# monitor auditd log and send out over local6 to central loghost +$ModLoad imfile.so + +# auditd audit.log +$InputFileName /var/log/audit/audit.log +$InputFileTag tag_audit_log: +$InputFileStateFile audit_log +$InputFileSeverity info +$InputFileFacility local6 +$InputRunFileMonitor + +:msg, !contains, "type=AVC" +local6.* @@log02:514 diff --git a/roles/base/files/rsyslog/rsyslog-disablerate.conf b/roles/base/files/rsyslog/rsyslog-disablerate.conf new file mode 100644 index 000000000..e7c93530c --- /dev/null +++ b/roles/base/files/rsyslog/rsyslog-disablerate.conf @@ -0,0 +1,3 @@ +# Disable rate limiting +$IMUXSockRateLimitInterval 0 +$SystemLogRateLimitInterval 0 diff --git a/roles/base/files/rsyslog/rsyslog-log02.conf b/roles/base/files/rsyslog/rsyslog-log02.conf new file mode 100644 index 000000000..8338bfed7 --- /dev/null +++ b/roles/base/files/rsyslog/rsyslog-log02.conf @@ -0,0 +1,4 @@ +# +# Send everything on to central log02 logger machines +# +cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 diff --git a/roles/base/files/rsyslog/rsyslog.conf b/roles/base/files/rsyslog/rsyslog.conf index a1d425816..36cea98f0 100644 --- a/roles/base/files/rsyslog/rsyslog.conf +++ b/roles/base/files/rsyslog/rsyslog.conf @@ -1,20 +1,20 @@ -#rsyslog v3 config file +# rsyslog v5 configuration file -# if you experience problems, check -# http://www.rsyslog.com/troubleshoot for assistance +# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html +# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### -$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) -$ModLoad imklog.so # provides kernel logging support (previously done by rklogd) -#$ModLoad immark.so # provides --MARK-- message capability +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) +$ModLoad imklog # provides kernel logging support (previously done by rklogd) +#$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception -#$ModLoad imudp.so +#$ModLoad imudp #$UDPServerRun 514 # Provides TCP syslog reception -#$ModLoad imtcp.so +#$ModLoad imtcp #$InputTCPServerRun 514 @@ -23,10 +23,13 @@ $ModLoad imklog.so # provides kernel logging support (previously done by rklogd) # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat -# File syncing capability is disabled by default. This feature is usually not required, +# File syncing capability is disabled by default. This feature is usually not required, # not useful and an extreme performance hit #$ActionFileEnableSync on +# Include all config files in /etc/rsyslog.d/ +$IncludeConfig /etc/rsyslog.d/*.conf + #### RULES #### @@ -36,7 +39,7 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Log anything (except mail) of level info or higher. # Don't log private authentication messages! -*.info;local6.none;mail.none;authpriv.none;cron.none /var/log/messages +*.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure @@ -57,16 +60,6 @@ uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log -# monitor auditd log and send out over local6 to central loghost -$ModLoad imfile.so - -# auditd audit.log -$InputFileName /var/log/audit/audit.log -$InputFileTag tag_audit_log: -$InputFileStateFile audit_log -$InputFileSeverity info -$InputFileFacility local6 -$InputRunFileMonitor # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding @@ -76,22 +69,12 @@ $InputRunFileMonitor # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. -$WorkDirectory /var/lib/rsyslog # where to place spool files -$ActionQueueFileName fwdRule1 # unique name prefix for spool files -$ActionQueueMaxDiskSpace 512m # 512M space limit (use as much as possible) -$ActionQueueSaveOnShutdown on # save messages to disk on shutdown -$ActionQueueType LinkedList # run asynchronously -$ActionResumeRetryCount -1 # infinite retries if host is down - -# Disable rate limiting -$IMUXSockRateLimitInterval 0 -$SystemLogRateLimitInterval 0 - +#$WorkDirectory /var/lib/rsyslog # where to place spool files +#$ActionQueueFileName fwdRule1 # unique name prefix for spool files +#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) +#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +#$ActionQueueType LinkedList # run asynchronously +#$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host:514 # ### end of the forwarding rule ### -cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 - -:msg, !contains, "type=AVC" ~ -local6.* @@log02:514 - diff --git a/roles/base/files/rsyslog/rsyslog.conf.releng b/roles/base/files/rsyslog/rsyslog.conf.el6 index 2c2852ddd..36cea98f0 100644 --- a/roles/base/files/rsyslog/rsyslog.conf.releng +++ b/roles/base/files/rsyslog/rsyslog.conf.el6 @@ -1,20 +1,20 @@ -#rsyslog v3 config file +# rsyslog v5 configuration file -# if you experience problems, check -# http://www.rsyslog.com/troubleshoot for assistance +# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html +# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### -$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) -$ModLoad imklog.so # provides kernel logging support (previously done by rklogd) -#$ModLoad immark.so # provides --MARK-- message capability +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) +$ModLoad imklog # provides kernel logging support (previously done by rklogd) +#$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception -#$ModLoad imudp.so +#$ModLoad imudp #$UDPServerRun 514 # Provides TCP syslog reception -#$ModLoad imtcp.so +#$ModLoad imtcp #$InputTCPServerRun 514 @@ -23,6 +23,14 @@ $ModLoad imklog.so # provides kernel logging support (previously done by rklogd) # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat +# File syncing capability is disabled by default. This feature is usually not required, +# not useful and an extreme performance hit +#$ActionFileEnableSync on + +# Include all config files in /etc/rsyslog.d/ +$IncludeConfig /etc/rsyslog.d/*.conf + + #### RULES #### # Log all kernel messages to the console. @@ -31,7 +39,7 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Log anything (except mail) of level info or higher. # Don't log private authentication messages! -*.info;local6.none;mail.none;authpriv.none;cron.none /var/log/messages +*.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure @@ -52,6 +60,7 @@ uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log + # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple @@ -60,14 +69,12 @@ local7.* /var/log/boot.log # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. -$WorkDirectory /var/lib/rsyslog # where to place spool files -$ActionQueueFileName fwdRule1 # unique name prefix for spool files -$ActionQueueMaxDiskSpace 512m # 512M space limit (use as much as possible) -$ActionQueueSaveOnShutdown on # save messages to disk on shutdown -$ActionQueueType LinkedList # run asynchronously -$ActionResumeRetryCount -1 # infinite retries if host is down +#$WorkDirectory /var/lib/rsyslog # where to place spool files +#$ActionQueueFileName fwdRule1 # unique name prefix for spool files +#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) +#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +#$ActionQueueType LinkedList # run asynchronously +#$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host:514 # ### end of the forwarding rule ### -cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 - diff --git a/roles/base/files/rsyslog/rsyslog.conf.kojibuilder b/roles/base/files/rsyslog/rsyslog.conf.f20 index 971977098..6972b4d36 100644 --- a/roles/base/files/rsyslog/rsyslog.conf.kojibuilder +++ b/roles/base/files/rsyslog/rsyslog.conf.f20 @@ -1,38 +1,47 @@ -#rsyslog v3 config file +# rsyslog v5 configuration file -# if you experience problems, check -# http://www.rsyslog.com/troubleshoot for assistance +# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html +# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### -$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) -$ModLoad imjournal # provides access to the systemd journal -$ModLoad imklog # provides kernel logging support (previously done by rklogd) -#$ModLoad immark.so # provides --MARK-- message capability +# The imjournal module bellow is now used as a message source instead of imuxsock. +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) +$ModLoad imjournal # provides access to the systemd journal +$ModLoad imklog # provides kernel logging support (previously done by rklogd) +#$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception -#$ModLoad imudp.so +#$ModLoad imudp #$UDPServerRun 514 # Provides TCP syslog reception -#$ModLoad imtcp.so +#$ModLoad imtcp #$InputTCPServerRun 514 #### GLOBAL DIRECTIVES #### -# Include all config files in /etc/rsyslog.d/ -$IncludeConfig /etc/rsyslog.d/*.conf +# Where to place auxiliary files +$WorkDirectory /var/lib/rsyslog # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat +# File syncing capability is disabled by default. This feature is usually not required, +# not useful and an extreme performance hit +#$ActionFileEnableSync on + +# Include all config files in /etc/rsyslog.d/ +$IncludeConfig /etc/rsyslog.d/*.conf + # Turn off message reception via local log socket; # local messages are retrieved through imjournal now. $OmitLocalLogging on # File to store the position in the journal -$StateFile imjournal.state +$IMJournalStateFile imjournal.state + #### RULES #### @@ -42,7 +51,7 @@ $StateFile imjournal.state # Log anything (except mail) of level info or higher. # Don't log private authentication messages! -*.info;local6.none;mail.none;authpriv.none;cron.none /var/log/messages +*.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure @@ -55,7 +64,7 @@ mail.* -/var/log/maillog cron.* /var/log/cron # Everybody gets emergency messages -*.emerg * +*.emerg :omusrmsg:* # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler @@ -63,6 +72,7 @@ uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log + # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple @@ -71,14 +81,11 @@ local7.* /var/log/boot.log # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. -$WorkDirectory /var/lib/rsyslog # where to place spool files -$ActionQueueFileName fwdRule1 # unique name prefix for spool files -$ActionQueueMaxDiskSpace 512m # 512M space limit (use as much as possible) -$ActionQueueSaveOnShutdown on # save messages to disk on shutdown -$ActionQueueType LinkedList # run asynchronously -$ActionResumeRetryCount -1 # infinite retries if host is down +#$ActionQueueFileName fwdRule1 # unique name prefix for spool files +#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) +#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +#$ActionQueueType LinkedList # run asynchronously +#$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host:514 # ### end of the forwarding rule ### -cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 - diff --git a/roles/base/files/rsyslog/rsyslog.conf.phx2 b/roles/base/files/rsyslog/rsyslog.conf.phx2 deleted file mode 100644 index a1d425816..000000000 --- a/roles/base/files/rsyslog/rsyslog.conf.phx2 +++ /dev/null @@ -1,97 +0,0 @@ -#rsyslog v3 config file - -# if you experience problems, check -# http://www.rsyslog.com/troubleshoot for assistance - -#### MODULES #### - -$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) -$ModLoad imklog.so # provides kernel logging support (previously done by rklogd) -#$ModLoad immark.so # provides --MARK-- message capability - -# Provides UDP syslog reception -#$ModLoad imudp.so -#$UDPServerRun 514 - -# Provides TCP syslog reception -#$ModLoad imtcp.so -#$InputTCPServerRun 514 - - -#### GLOBAL DIRECTIVES #### - -# Use default timestamp format -$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - -# File syncing capability is disabled by default. This feature is usually not required, -# not useful and an extreme performance hit -#$ActionFileEnableSync on - - -#### RULES #### - -# Log all kernel messages to the console. -# Logging much else clutters up the screen. -#kern.* /dev/console - -# Log anything (except mail) of level info or higher. -# Don't log private authentication messages! -*.info;local6.none;mail.none;authpriv.none;cron.none /var/log/messages - -# The authpriv file has restricted access. -authpriv.* /var/log/secure - -# Log all the mail messages in one place. -mail.* -/var/log/maillog - - -# Log cron stuff -cron.* /var/log/cron - -# Everybody gets emergency messages -*.emerg * - -# Save news errors of level crit and higher in a special file. -uucp,news.crit /var/log/spooler - -# Save boot messages also to boot.log -local7.* /var/log/boot.log - -# monitor auditd log and send out over local6 to central loghost -$ModLoad imfile.so - -# auditd audit.log -$InputFileName /var/log/audit/audit.log -$InputFileTag tag_audit_log: -$InputFileStateFile audit_log -$InputFileSeverity info -$InputFileFacility local6 -$InputRunFileMonitor - -# ### begin forwarding rule ### -# The statement between the begin ... end define a SINGLE forwarding -# rule. They belong together, do NOT split them. If you create multiple -# forwarding rules, duplicate the whole block! -# Remote Logging (we use TCP for reliable delivery) -# -# An on-disk queue is created for this action. If the remote host is -# down, messages are spooled to disk and sent when it is up again. -$WorkDirectory /var/lib/rsyslog # where to place spool files -$ActionQueueFileName fwdRule1 # unique name prefix for spool files -$ActionQueueMaxDiskSpace 512m # 512M space limit (use as much as possible) -$ActionQueueSaveOnShutdown on # save messages to disk on shutdown -$ActionQueueType LinkedList # run asynchronously -$ActionResumeRetryCount -1 # infinite retries if host is down - -# Disable rate limiting -$IMUXSockRateLimitInterval 0 -$SystemLogRateLimitInterval 0 - -# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional -#*.* @@remote-host:514 -# ### end of the forwarding rule ### -cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 - -:msg, !contains, "type=AVC" ~ -local6.* @@log02:514 - diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 4d11550d8..7eeac12ec 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -106,10 +106,7 @@ - name: rsyslog.conf copy: src={{ item }} dest=/etc/rsyslog.conf mode=644 first_available_file: - - "{{ rsyslogconf }}" - - rsyslog/rsyslog.conf.{{ ansible_fqdn }} - - rsyslog/rsyslog.conf.{{ host_group }} - - rsyslog/rsyslog.conf.{{ datacenter }} + - rsyslog/rsyslog.conf.{{ dist_tag }} - rsyslog/rsyslog.conf notify: @@ -118,6 +115,16 @@ - rsyslogd - config +- name: add rsyslog config to /etc/rsyslog.d + copy: src={{ item }} dest=/etc/rsyslog.d/{{ item }} mode=644 + with_items: + - rsyslog-audit.conf + - rsyslog-disablerate.conf + - rsyslog-log02.conf + tags: + - rsyslogd + - config + - name: /etc/postfix/main.cf copy: src={{ item }} dest=/etc/postfix/main.cf first_available_file: |