From 6085718f5dd8f737946bd9fc4f8a82e074a62163 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 19 Jul 2019 17:55:54 +0300
Subject: [PATCH] enable remote logging for syslogd

---
 group_vars/all.yml           |  3 +++
 roles/syslogd/tasks/main.yml | 14 ++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/group_vars/all.yml b/group_vars/all.yml
index dfb09cf..bd84047 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -14,6 +14,9 @@ mail_domain: foo.sh
 ldap_basedn: dc=foo,dc=sh
 ldap_server: [ldap.foo.sh]
 
+# log server
+log_server: loghost.foo.sh
+
 # kerberos settings
 kerberos_realm: FOO.SH
 
diff --git a/roles/syslogd/tasks/main.yml b/roles/syslogd/tasks/main.yml
index f23ed22..6336075 100644
--- a/roles/syslogd/tasks/main.yml
+++ b/roles/syslogd/tasks/main.yml
@@ -26,6 +26,20 @@
     regexp: "^/var/log/all.log.*"
     line: "/var/log/all.log root:{{ ansible_wheel }}	640  7     *    $D0  Z"
 
+- block:
+    - name: configure certificates for remote logging
+      service:
+        name: syslogd
+        arguments: "-h -c {{ tls_certs }}/{{ inventory_hostname }}.crt -k {{ tls_private }}/{{ inventory_hostname }}.key"
+        enabled: yes
+    - name: enable remote logging
+      lineinfile:
+        path: /etc/syslog.conf
+        regexp: '^\*\.\* @.*'
+        line: "*.* @tls://{{ log_server }}:6514"
+      notify: restart syslogd
+  when: inventory_hostname != "log01.home.foo.sh"
+
 - name: include server config
   include_tasks: server.yml
   when: inventory_hostname == "log01.home.foo.sh"