48 lines
1.3 KiB
YAML
48 lines
1.3 KiB
YAML
---
|
|
- name: Verify that all.log exists
|
|
ansible.builtin.stat:
|
|
path: /var/log/all.log
|
|
register: result
|
|
|
|
- name: Create dummy all.log file
|
|
ansible.builtin.file:
|
|
path: /var/log/all.log
|
|
state: touch
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
when: not result.stat.exists
|
|
|
|
- name: Enable all.log
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/syslog.conf
|
|
line: "*.* /var/log/all.log"
|
|
notify: Restart syslogd
|
|
|
|
- name: Enable all.log rotation
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/newsyslog.conf
|
|
regexp: "^/var/log/all.log.*"
|
|
line: |-
|
|
/var/log/all.log root:{{ ansible_wheel }} 640 7 * $D0 Z
|
|
|
|
- name: Configure certificates for remote logging
|
|
ansible.builtin.service:
|
|
name: syslogd
|
|
arguments: >-
|
|
-h -c {{ tls_certs }}/{{ inventory_hostname }}.crt
|
|
-k {{ tls_private }}/{{ inventory_hostname }}.key
|
|
enabled: true
|
|
when: inventory_hostname != "log01.home.foo.sh"
|
|
|
|
- name: Enable remote logging
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/syslog.conf
|
|
regexp: '^\*\.\* @.*'
|
|
line: "*.* @tls://{{ log_server }}:6514"
|
|
notify: Restart syslogd
|
|
when: inventory_hostname != "log01.home.foo.sh"
|
|
|
|
- name: Include server config
|
|
ansible.builtin.include_tasks: server.yml
|
|
when: inventory_hostname == "log01.home.foo.sh"
|