foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add server support for syslogd

Browse source
This commit is contained in:
Timo Makinen 2019-07-19 17:16:59 +03:00
parent 9b3bfe9bc8
commit 7088bc9b14
3 changed files with 159 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

79
roles/syslogd/files/syslog-archive.sh Executable file
View file

@ -0,0 +1,79 @@
#!/bin/sh
LOGDIR="/srv/log"
ARCHIVE="${LOGDIR}/archive"
DATE="`date +%Y-%m-%d`"
YEAR="`date +%Y`"
umask 027
myerror()
{
echo "Error: $*" 1>&2
exit 1
}
archive_log()
{
FILE="${1}"
DEST="${2}"
if [ -f "${DEST}" -o -f "${DEST}.gz" ]; then
echo "Skipping ${FILE}: Archive already exists" 1>&2
else
echo "Archiving file ${FILE} to ${DEST}"
mv "${FILE}" "${DEST}"
touch "${FILE}"
LOGS="${LOGS} ${DEST}"
fi
}
restart_syslog()
{
for i in syslog.pid rsyslogd.pid syslogd.pid ; do
if [ -f "/var/run/$i" ]; then
PIDFILE="/var/run/$i"
break
fi
done
if [ "blah${PIDFILE}" = "blah" ]; then
myerror "Cannot find syslog pid file"
fi
kill -HUP `cat ${PIDFILE}`
}
[ $# -gt 0 ] || myerror "Usage: `basename $0` <file|dir> [file|dir] ..."
[ -d ${LOGDIR} ] || myerror "Not a directory: ${LOGDIR}"
while [ "$*" ]; do
if [ -f "${LOGDIR}/${1}" ]; then
dstdir=${ARCHIVE}/${YEAR}
dstfile=${dstdir}/`basename ${1}`.${DATE}
[ -d "${dstdir}" ] || mkdir -p ${dstdir}
archive_log ${LOGDIR}/${1} ${dstfile}
elif [ -d "${LOGDIR}/${1}" ]; then
for f in ${LOGDIR}/${1}/*.log; do
if [ -f "${f}" ]; then
dstdir=${ARCHIVE}/${1}/${YEAR}
dstfile=${dstdir}/`basename ${f}`.${DATE}
[ -d "${dstdir}" ] || mkdir -p ${dstdir}
archive_log ${f} ${dstfile}
else
echo "Skipping ${f}: not a file" 1>&2
fi
done
else
echo "Skipping ${1}: not a file or directory" 1>&2
fi
shift
done
restart_syslog
for log in ${LOGS}; do
gzip -f ${log} || myerror "Error while gzipping ${log}"
loggz="`basename ${log}`.gz"
( cd `dirname ${log}` && openssl sha1 -out ${loggz}.sha1 ${loggz} )
done

4
roles/syslogd/tasks/main.yml
View file

@ -25,3 +25,7 @@
path: /etc/newsyslog.conf path: /etc/newsyslog.conf
regexp: "^/var/log/all.log.*" regexp: "^/var/log/all.log.*"
line: "/var/log/all.log root:{{ ansible_wheel }} 640 7 * $D0 Z" line: "/var/log/all.log root:{{ ansible_wheel }} 640 7 * $D0 Z"
- name: include server config
include_tasks: server.yml
when: inventory_hostname == "log01.home.foo.sh"

76
roles/syslogd/tasks/server.yml Normal file
View file

@ -0,0 +1,76 @@
---
- name: create data directories
file:
dest: "{{ item }}"
state: directory
mode: 0750
owner: root
group: "{{ ansible_wheel }}"
with_items:
- /export/log
- /export/log/archive
- name: link data directory
file:
dest: /srv/log
src: /export/log
state: link
owner: root
group: "{{ ansible_wheel }}"
- name: copy server key
copy:
dest: "{{ tls_private }}/0.0.0.0:6514.key"
src: /srv/letsencrypt/live/loghost.foo.sh/privkey.pem
mode: 0600
owner: root
group: "{{ ansible_wheel }}"
- name: copy server crt
copy:
dest: "{{ tls_certs }}/0.0.0.0:6514.crt"
src: /srv/letsencrypt/live/loghost.foo.sh/fullchain.pem
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- name: add archiving to syslog.conf
blockinfile:
path: /etc/syslog.conf
insertbefore: BOF
block: |
# everything goes to archive
*.* /srv/log/all.log
# only local goes to the standard logs
+{{ inventory_hostname }}
marker: "# {mark} ANSIBLE MANAGED BLOCK (syslogd)"
notify: restart syslogd
- name: create dummy all.log
shell: umask 027 ; touch /srv/log/all.log
args:
creates: /srv/log/all.log
- name: install log archiver
copy:
dest: /usr/local/sbin/syslog-archive
src: syslog-archive.sh
mode: 0755
owner: root
group: "{{ ansible_wheel }}"
- name: install log archiver cron
cron:
name: syslog-archive
user: root
hour: 0
minute: 0
job: /usr/local/sbin/syslog-archive /srv/log all.log
- name: enable syslogd remote logging
service:
name: syslogd
state: started
enabled: true
arguments: -n -K {{ tls_certs }}/ca.crt -S 0.0.0.0:6514 -S ::::6514