foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

syslogd: ansible-lint fixes

Browse source
This commit is contained in:
Timo Makinen 2022-10-29 18:36:13 +00:00
parent 1bd5bfdcb7
commit 560587d612
3 changed files with 48 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/syslogd/handlers/main.yml
View file

@ -1,5 +1,5 @@
--- ---
- name: restart syslogd - name: Restart syslogd
service: ansible.builtin.service:
name: syslogd name: syslogd
state: restarted state: restarted

52
roles/syslogd/tasks/main.yml
View file

@ -1,12 +1,11 @@
--- ---
- name: Verify that all.log exists
- name: verify that all.log exists ansible.builtin.stat:
stat:
path: /var/log/all.log path: /var/log/all.log
register: result register: result
- name: create dummy all.log file - name: Create dummy all.log file
file: ansible.builtin.file:
path: /var/log/all.log path: /var/log/all.log
state: touch state: touch
mode: 0644 mode: 0644
@ -14,35 +13,36 @@
group: "{{ ansible_wheel }}" group: "{{ ansible_wheel }}"
when: not result.stat.exists when: not result.stat.exists
- name: enable all.log - name: Enable all.log
lineinfile: ansible.builtin.lineinfile:
path: /etc/syslog.conf path: /etc/syslog.conf
line: "*.* /var/log/all.log" line: "*.* /var/log/all.log"
notify: restart syslogd notify: Restart syslogd
- name: enable all.log rotation - name: Enable all.log rotation
lineinfile: ansible.builtin.lineinfile:
path: /etc/newsyslog.conf path: /etc/newsyslog.conf
regexp: "^/var/log/all.log.*" regexp: "^/var/log/all.log.*"
line: |- line: |-
/var/log/all.log root:{{ ansible_wheel }} 640 7 * $D0 Z /var/log/all.log root:{{ ansible_wheel }} 640 7 * $D0 Z
- block: - name: Configure certificates for remote logging
- name: configure certificates for remote logging ansible.builtin.service:
service: name: syslogd
name: syslogd arguments: >-
arguments: >- -h -c {{ tls_certs }}/{{ inventory_hostname }}.crt
-h -c {{ tls_certs }}/{{ inventory_hostname }}.crt -k {{ tls_private }}/{{ inventory_hostname }}.key
-k {{ tls_private }}/{{ inventory_hostname }}.key enabled: true
enabled: true
- name: enable remote logging
lineinfile:
path: /etc/syslog.conf
regexp: '^\*\.\* @.*'
line: "*.* @tls://{{ log_server }}:6514"
notify: restart syslogd
when: inventory_hostname != "log01.home.foo.sh" when: inventory_hostname != "log01.home.foo.sh"
- name: include server config - name: Enable remote logging
include_tasks: server.yml ansible.builtin.lineinfile:
path: /etc/syslog.conf
regexp: '^\*\.\* @.*'
line: "*.* @tls://{{ log_server }}:6514"
notify: Restart syslogd
when: inventory_hostname != "log01.home.foo.sh"
- name: Include server config
ansible.builtin.include_tasks: server.yml
when: inventory_hostname == "log01.home.foo.sh" when: inventory_hostname == "log01.home.foo.sh"

41
roles/syslogd/tasks/server.yml
View file

@ -1,7 +1,6 @@
--- ---
- name: Create data directories
- name: create data directories ansible.builtin.file:
file:
dest: "{{ item }}" dest: "{{ item }}"
state: directory state: directory
mode: 0750 mode: 0750
@ -11,36 +10,36 @@
- /export/log - /export/log
- /export/log/archive - /export/log/archive
- name: link data directory - name: Link data directory
file: ansible.builtin.file:
dest: /srv/log dest: /srv/log
src: /export/log src: /export/log
state: link state: link
owner: root owner: root
group: "{{ ansible_wheel }}" group: "{{ ansible_wheel }}"
- name: copy server key - name: Copy server key
copy: ansible.builtin.copy:
dest: "{{ tls_private }}/0.0.0.0:6514.key" dest: "{{ tls_private }}/0.0.0.0:6514.key"
src: /srv/letsencrypt/live/loghost.foo.sh/privkey.pem src: /srv/letsencrypt/live/loghost.foo.sh/privkey.pem
mode: 0600 mode: 0600
owner: root owner: root
group: "{{ ansible_wheel }}" group: "{{ ansible_wheel }}"
notify: restart syslogd notify: Restart syslogd
tags: certificates tags: certificates
- name: copy server crt - name: Copy server crt
copy: ansible.builtin.copy:
dest: "{{ tls_certs }}/0.0.0.0:6514.crt" dest: "{{ tls_certs }}/0.0.0.0:6514.crt"
src: /srv/letsencrypt/live/loghost.foo.sh/fullchain.pem src: /srv/letsencrypt/live/loghost.foo.sh/fullchain.pem
mode: 0644 mode: 0644
owner: root owner: root
group: "{{ ansible_wheel }}" group: "{{ ansible_wheel }}"
notify: restart syslogd notify: Restart syslogd
tags: certificates tags: certificates
- name: add archiving to syslog.conf - name: Add archiving to syslog.conf
blockinfile: ansible.builtin.blockinfile:
path: /etc/syslog.conf path: /etc/syslog.conf
insertbefore: BOF insertbefore: BOF
block: | block: |
@ -49,31 +48,31 @@
# only local goes to the standard logs # only local goes to the standard logs
+{{ inventory_hostname }} +{{ inventory_hostname }}
marker: "# {mark} ANSIBLE MANAGED BLOCK (syslogd)" marker: "# {mark} ANSIBLE MANAGED BLOCK (syslogd)"
notify: restart syslogd notify: Restart syslogd
- name: create dummy all.log - name: Create dummy all.log
shell: umask 027 ; touch /srv/log/all.log shell: umask 027 ; touch /srv/log/all.log
args: args:
creates: /srv/log/all.log creates: /srv/log/all.log
- name: install log archiver - name: Install log archiver
copy: ansible.builtin.copy:
dest: /usr/local/sbin/syslog-archive dest: /usr/local/sbin/syslog-archive
src: syslog-archive.sh src: syslog-archive.sh
mode: 0755 mode: 0755
owner: root owner: root
group: "{{ ansible_wheel }}" group: "{{ ansible_wheel }}"
- name: install log archiver cron - name: Install log archiver cron
cron: ansible.builtin.cron:
name: syslog-archive name: syslog-archive
user: root user: root
hour: "0" hour: "0"
minute: "0" minute: "0"
job: /usr/local/sbin/syslog-archive all.log > /dev/null job: /usr/local/sbin/syslog-archive all.log > /dev/null
- name: enable syslogd remote logging - name: Enable syslogd remote logging
service: ansible.builtin.service:
name: syslogd name: syslogd
state: started state: started
enabled: true enabled: true