To receive notifications about scheduled maintenance, please subscribe to the mailing-list gitlab-operations@sympa.ethz.ch. You can subscribe to the mailing-list at https://sympa.ethz.ch

Commit d3aee742 authored by Bengt Giger's avatar Bengt Giger
Browse files

Added rsyslog_forwarder

parent 05ab1313
Pipeline #88676 failed with stage
in 9 minutes and 12 seconds
......@@ -63,3 +63,12 @@ system_update_manager-test:
molecule test;
molecule test -s increase;
molecule test -s decrease;
# Test rsyslog_forwarder on dedicated runner (systemd)
rsyslog_forwarder-test:
stage: tests
tags:
- docker
script:
- cd roles/rsyslog_forwarder;
molecule test;
......@@ -8,7 +8,7 @@ namespace: ethz
name: system_configuration
# The version of the collection. Must be compatible with semantic versioning
version: 1.0.0
version: 1.1.0
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md
......
---
# Based on ansible-lint config
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: disable
comments-indentation: disable
document-start: disable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: disable
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: disable
new-lines:
type: unix
trailing-spaces: disable
truthy: disable
rsyslog_forwarder
=========
Configure rsyslog client functionality, supports multiple log receiver targets.
Role Variables
--------------
### Global Settings
These settings may be overwritten on a per receiver base, these are the defaults:
- rsyslog_forward_protocol: tcp
- rsyslog_forward_port: 10514
- rsyslog_forward_caching: true
- rsyslog_forward_caching_todisk: false
- rsyslog_forward_caching_retrycount: -1
- rsyslog_forward_caching_queuetype: linkedList
- rsyslog_forward_caching_queuesize: 50000
- rsyslog_forward_caching_disksize: 16m
### RSyslog Server
Targetted servers are supplied as a list:
```
rsyslog_remote_targets:
- name: example.org
active: true
protocol: tcp
caching: true
caching_todisk: false
caching_retrycount: 100
caching_queuetype: linkedList
caching_disksize: 1m
```
### Local Targets
By default, no local targets are configured. You may set
```
rsyslog_local_targets_active: true
```
and supply/change the list of targets. The default targets are:
```
rsyslog_local_targets:
- /var/log/messages: "*.info;mail.none;authpriv.none;cron.none"
- /var/log/secure: "authpriv.*"
- /var/log/maillog: "mail.*"
- /var/log/cron: "cron.*"
- ":omusrmsg:*": "*.emerg"
- /var/log/spooler: "uucp,news.crit"
- /var/log/boot.log: "local7.*"
```
---
# Global defaults, may be overwritten below
rsyslog_forward_protocol: tcp
rsyslog_forward_port: 10514
rsyslog_forward_caching: true
rsyslog_forward_caching_todisk: false
rsyslog_forward_caching_retrycount: -1
rsyslog_forward_caching_queuetype: linkedList
rsyslog_forward_caching_queuesize: 50000
rsyslog_forward_caching_disksize: 16m
# List of remove logging servers
#
# Example item example.org will be inactive, written as comment
# Define this list according to your remote logging servers
rsyslog_remote_targets:
- name: example.org
active: true
protocol: tcp
caching: true
caching_todisk: false
caching_retrycount: 100
caching_queuetype: linkedList
caching_disksize: 1m
rsyslog_local_targets_active: false
rsyslog_local_targets:
- /var/log/messages: "*.info;mail.none;authpriv.none;cron.none"
- /var/log/secure: "authpriv.*"
- /var/log/maillog: "mail.*"
- /var/log/cron: "cron.*"
- ":omusrmsg:*": "*.emerg"
- /var/log/spooler: "uucp,news.crit"
- /var/log/boot.log: "local7.*"
---
- name: restart rsyslog
service:
name: rsyslog
state: restarted
*******
Docker driver installation guide
*******
Requirements
============
* Docker Engine
Install
=======
Please refer to the `Virtual environment`_ documentation for installation best
practices. If not using a virtual environment, please consider passing the
widely recommended `'--user' flag`_ when invoking ``pip``.
.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
.. code-block:: bash
$ python3 -m pip install 'molecule[docker]'
---
- name: Converge
hosts: all,!logger
become: true
become_user: root
vars:
rsyslog_remote_targets:
- name: example.org
active: true
protocol: tcp
caching: true
caching_retrycount: 100
caching_queuetype: linkedList
caching_queuesize: 10000
- name: logger
active: true
caching: true
port: 514
protocol: tcp
caching_queuesize: 20000
caching_todisk: true
- name: active_noncaching.org
active: true
protocol: tcp
caching: false
- name: inactive.org
active: false
rsyslog_local_targets_active: true
tasks:
- name: "Include rsyslog_forwarder"
include_role:
name: "rsyslog_forwarder"
---
dependency:
name: galaxy
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint tasks
platforms:
- name: EL7
# systemd enabled container setup
image: geerlingguy/docker-centos7-ansible:latest
command: ""
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
- name: EL8
# systemd enabled container setup
image: geerlingguy/docker-centos8-ansible:latest
command: ""
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
- name: Ubuntu2004
# systemd enabled container setup
image: geerlingguy/docker-ubuntu2004-ansible:latest
command: ""
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
- name: Debian10
# systemd enabled container setup
image: geerlingguy/docker-debian10-ansible:latest
command: ""
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
- name: logger
# systemd enabled container setup
image: geerlingguy/docker-debian10-ansible:latest
command: ""
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
verifier:
name: ansible
---
- name: Prepare
hosts: all
pre_tasks:
- set_fact:
ip_addresses: []
- name: Get IP address
include_tasks: prepare_addresses.yml
with_inventory_hostnames:
all
- name: Update hosts file
lineinfile:
path: /etc/hosts
line: "{{ item[1] }} {{ item[0] }}"
regexp: "^{{ item[1] }}"
unsafe_writes: true
loop: "{{ ip_addresses }}"
tasks:
- name: Prepare log server
block:
- name: Install rsyslog
apt:
name: rsyslog
update_cache: true
- name: Configure rsyslog as server
blockinfile:
path: /etc/rsyslog.conf
block: |
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$template RemoteLogs,"/var/log/logtest/%HOSTNAME%.log"
*.* ?RemoteLogs
& ~
- name: Ensure rsyslog is restarted
service:
name: rsyslog
state: restarted
when: ansible_hostname == "logger"
---
- name: Read IP address from docker
local_action: shell docker inspect --format \{\{.NetworkSettings.IPAddress\}\} {{ item }}
register: node_ip
changed_when: false
- set_fact:
ip_addresses: "{{ ip_addresses + [ [ item, node_ip.stdout ] ] }}"
---
- name: Verify
hosts: all
tasks:
- name: Static configuration tests
block:
- name: example.org should be commented out
lineinfile:
path: /etc/rsyslog.d/example.org.conf
regexp: '^#.*action.*omfwd'
line: '# *.* action(type="omfwd" target="example.org" port="10514" protocol="tcp"'
state: present
check_mode: true
register: conf
failed_when: (conf is changed) or (conf is failed)
- name: active_noncaching is configured
lineinfile:
path: /etc/rsyslog.d/active_noncaching.org.conf
regexp: '^\*\.\* action'
line: '*.* action(type="omfwd" target="active_noncaching.org" port="10514" protocol="tcp"'
state: present
check_mode: true
register: conf
failed_when: (conf is changed) or (conf is failed)
- name: active_noncaching has no caching configuration
lineinfile:
path: /etc/rsyslog.d/active_noncaching.org.conf
regexp: '^.*queue\.type'
line: ' queue.type="linkedList"'
state: absent
check_mode: true
register: conf
failed_when: (conf is changed) or (conf is failed)
- name: target logger has caching configuration
lineinfile:
path: /etc/rsyslog.d/logger.conf
regexp: '^.*queue\.type'
line: ' queue.type="linkedList"'
state: present
check_mode: true
register: conf
failed_when: (conf is changed) or (conf is failed)
- name: local rsyslog filter is set
lineinfile:
path: /etc/rsyslog.d/rsyslog_local.conf
line: 'uucp,news.crit /var/log/spooler'
state: present
check_mode: true
register: conf
failed_when: (conf is changed) or (conf is failed)
- name: Test if rsyslogd is running and enabled
service:
name: rsyslog
enabled: true
state: started
when: ansible_hostname != "logger"
# Active logging test, including cache test
- name: Stop log server
service:
name: rsyslog
state: stopped
when: ansible_hostname == "logger"
become: true
- name: Clear log files
file:
path: "/var/log/logtest/{{ item }}"
state: absent
with_inventory_hostnames:
all:!logger
when: ansible_hostname == "logger"
- name: Create log message 1
command: logger -p local3.info MESSAGE_1
when: ansible_hostname != "logger"
# first message gets lost in newer versions of rssyslog
- name: Create log message 1a
command: logger -p local3.info MESSAGE_1a
when: ansible_hostname != "logger"
- name: Start log server
service:
name: rsyslog
state: started
when: ansible_hostname == "logger"
become: true
- name: Create log message 2
command: logger -p local3.info MESSAGE_2
when: ansible_hostname != "logger"
- name: Create log message 3
command: logger -p local3.info MESSAGE_3
when: ansible_hostname != "logger"
- name: Test all logs
include_tasks: verify_testlog.yml
with_inventory_hostnames:
all:!logger
when: ansible_hostname == "logger"
---
- debug:
msg: "Test log for host {{ item }}"
- name: Read log
command: "cat /var/log/logtest/{{ item }}.log"
register: logfile
become: true
- name: Check if second log message is present
assert:
that: "'MESSAGE_2' in logfile.stdout"
- name: Check if first log message is present
assert:
that: "'MESSAGE_1a' in logfile.stdout"
---
extends: default
rules:
line-length:
max: 140
level: warning
../default/converge.yml
\ No newline at end of file
---
dependency:
name: galaxy
driver:
name: vagrant
provider:
name: libvirt
lint: |
set -e
yamllint -c molecule/default/yaml-lint.yml .
ansible-lint tasks
platforms:
- name: EL7
box: generic/centos7
memory: 1024
cpus: 1
instance_raw_config_args:
- 'vagrant.plugins = ["vagrant-libvirt"]'
config_options:
ssh.keep_alive: true
ssh.remote_user: "'vagrant'"
- name: EL8
box: generic/centos8
memory: 1024
cpus: 1
instance_raw_config_args:
- 'vagrant.plugins = ["vagrant-libvirt"]'
config_options:
ssh.keep_alive: true
ssh.remote_user: "'vagrant'"
- name: Debian10
box: generic/debian10
memory: 1024
cpus: 1
instance_raw_config_args:
- 'vagrant.plugins = ["vagrant-libvirt"]'
config_options:
ssh.keep_alive: true
ssh.remote_user: "'vagrant'"
- name: Ubuntu2004
box: generic/ubuntu2004
memory: 1024
cpus: 1
instance_raw_config_args:
- 'vagrant.plugins = ["vagrant-libvirt"]'
config_options:
ssh.keep_alive: true
ssh.remote_user: "'vagrant'"
- name: logger
box: generic/debian10
memory: 1024
cpus: 1
instance_raw_config_args:
- 'vagrant.plugins = ["vagrant-libvirt"]'
config_options:
ssh.keep_alive: true
ssh.remote_user: "'vagrant'"
provisioner:
name: ansible
verifier:
name: ansible
---
- name: Prepare
hosts: all
become: true
become_user: root
pre_tasks:
- name: Get gateway of logging server
shell: ip route sh default | cut -f 3 -d " "
register: gateway
- name: Update resolv.conf with gateway address
copy:
dest: /etc/resolv.conf
content: "nameserver {{ gateway.stdout }}"
tasks:
- name: Prepare log server
block:
- name: Install rsyslog
apt:
name: rsyslog
update_cache: true
- name: Configure rsyslog as server
blockinfile:
path: /etc/rsyslog.conf
block: |
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$template RemoteLogs,"/var/log/logtest/%HOSTNAME%.log"
*.* ?RemoteLogs
& ~
- name: Ensure rsyslog is restarted
service:
name: rsyslog
state: restarted
when: ansible_hostname == "logger"
../default/verify.yml
\ No newline at end of file
../default/verify_testlog.yml
\ No newline at end of file
*******
Docker driver installation guide
*******
Requirements
============
* Docker Engine
Install
=======
Please refer to the `Virtual environment`_ documentation for installation best
practices. If not using a virtual environment, please consider passing the
widely recommended `'--user' flag`_ when invoking ``pip``.
.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site