From 560587d612dc1c95b4bffadba2883b8447b3f9ef Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Sat, 29 Oct 2022 18:36:13 +0000 Subject: [PATCH] syslogd: ansible-lint fixes --- roles/syslogd/handlers/main.yml | 4 +-- roles/syslogd/tasks/main.yml | 52 ++++++++++++++++----------------- roles/syslogd/tasks/server.yml | 41 +++++++++++++------------- 3 files changed, 48 insertions(+), 49 deletions(-) diff --git a/roles/syslogd/handlers/main.yml b/roles/syslogd/handlers/main.yml index 7b651d0..34a36cb 100644 --- a/roles/syslogd/handlers/main.yml +++ b/roles/syslogd/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart syslogd - service: +- name: Restart syslogd + ansible.builtin.service: name: syslogd state: restarted diff --git a/roles/syslogd/tasks/main.yml b/roles/syslogd/tasks/main.yml index 236f6c6..498d76c 100644 --- a/roles/syslogd/tasks/main.yml +++ b/roles/syslogd/tasks/main.yml @@ -1,12 +1,11 @@ --- - -- name: verify that all.log exists - stat: +- name: Verify that all.log exists + ansible.builtin.stat: path: /var/log/all.log register: result -- name: create dummy all.log file - file: +- name: Create dummy all.log file + ansible.builtin.file: path: /var/log/all.log state: touch mode: 0644 @@ -14,35 +13,36 @@ group: "{{ ansible_wheel }}" when: not result.stat.exists -- name: enable all.log - lineinfile: +- name: Enable all.log + ansible.builtin.lineinfile: path: /etc/syslog.conf line: "*.* /var/log/all.log" - notify: restart syslogd + notify: Restart syslogd -- name: enable all.log rotation - lineinfile: +- name: Enable all.log rotation + ansible.builtin.lineinfile: path: /etc/newsyslog.conf regexp: "^/var/log/all.log.*" line: |- /var/log/all.log root:{{ ansible_wheel }} 640 7 * $D0 Z -- block: - - name: configure certificates for remote logging - service: - name: syslogd - arguments: >- - -h -c {{ tls_certs }}/{{ inventory_hostname }}.crt - -k {{ tls_private }}/{{ inventory_hostname }}.key - enabled: true - - name: enable remote logging - lineinfile: - path: /etc/syslog.conf - regexp: '^\*\.\* @.*' - line: "*.* @tls://{{ log_server }}:6514" - notify: restart syslogd +- name: Configure certificates for remote logging + ansible.builtin.service: + name: syslogd + arguments: >- + -h -c {{ tls_certs }}/{{ inventory_hostname }}.crt + -k {{ tls_private }}/{{ inventory_hostname }}.key + enabled: true when: inventory_hostname != "log01.home.foo.sh" -- name: include server config - include_tasks: server.yml +- name: Enable remote logging + ansible.builtin.lineinfile: + path: /etc/syslog.conf + regexp: '^\*\.\* @.*' + line: "*.* @tls://{{ log_server }}:6514" + notify: Restart syslogd + when: inventory_hostname != "log01.home.foo.sh" + +- name: Include server config + ansible.builtin.include_tasks: server.yml when: inventory_hostname == "log01.home.foo.sh" diff --git a/roles/syslogd/tasks/server.yml b/roles/syslogd/tasks/server.yml index 1aa3491..34317d4 100644 --- a/roles/syslogd/tasks/server.yml +++ b/roles/syslogd/tasks/server.yml @@ -1,7 +1,6 @@ --- - -- name: create data directories - file: +- name: Create data directories + ansible.builtin.file: dest: "{{ item }}" state: directory mode: 0750 @@ -11,36 +10,36 @@ - /export/log - /export/log/archive -- name: link data directory - file: +- name: Link data directory + ansible.builtin.file: dest: /srv/log src: /export/log state: link owner: root group: "{{ ansible_wheel }}" -- name: copy server key - copy: +- name: Copy server key + ansible.builtin.copy: dest: "{{ tls_private }}/0.0.0.0:6514.key" src: /srv/letsencrypt/live/loghost.foo.sh/privkey.pem mode: 0600 owner: root group: "{{ ansible_wheel }}" - notify: restart syslogd + notify: Restart syslogd tags: certificates -- name: copy server crt - copy: +- name: Copy server crt + ansible.builtin.copy: dest: "{{ tls_certs }}/0.0.0.0:6514.crt" src: /srv/letsencrypt/live/loghost.foo.sh/fullchain.pem mode: 0644 owner: root group: "{{ ansible_wheel }}" - notify: restart syslogd + notify: Restart syslogd tags: certificates -- name: add archiving to syslog.conf - blockinfile: +- name: Add archiving to syslog.conf + ansible.builtin.blockinfile: path: /etc/syslog.conf insertbefore: BOF block: | @@ -49,31 +48,31 @@ # only local goes to the standard logs +{{ inventory_hostname }} marker: "# {mark} ANSIBLE MANAGED BLOCK (syslogd)" - notify: restart syslogd + notify: Restart syslogd -- name: create dummy all.log +- name: Create dummy all.log shell: umask 027 ; touch /srv/log/all.log args: creates: /srv/log/all.log -- name: install log archiver - copy: +- name: Install log archiver + ansible.builtin.copy: dest: /usr/local/sbin/syslog-archive src: syslog-archive.sh mode: 0755 owner: root group: "{{ ansible_wheel }}" -- name: install log archiver cron - cron: +- name: Install log archiver cron + ansible.builtin.cron: name: syslog-archive user: root hour: "0" minute: "0" job: /usr/local/sbin/syslog-archive all.log > /dev/null -- name: enable syslogd remote logging - service: +- name: Enable syslogd remote logging + ansible.builtin.service: name: syslogd state: started enabled: true