[rsyslog_server] pep-cransified + gulp

host_vars/gulp.cachan-adm.crans.org.yml

@@ -28,3 +28,25 @@ loc_borg:
 
 glob_prometheus_node_exporter:
   listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
+
+loc_rsyslog_server:
+  name: gulp
+  root: /var/log
+  rules:
+    - name: cablage
+      rotate: 365
+      ips:
+        - 172.16.33
+        - 172.16.34
+      programs:
+        - firewall
+        - radiusd
+        - dhcpd
+  modules:
+    - name: imudp
+      index: 53
+    - name: imrelp
+      index: 52
+      vars:
+        - name: InputRELPServerRun
+          value: 20514

host_vars/tealc.adm.crans.org.yml

@@ -34,3 +34,25 @@ loc_borg:
     - /etc
     - /var
     - /pool/home
+
+loc_rsyslog_server:
+  name: tealc
+  root: /pool/logs
+  rules:
+    - name: cablage
+      rotate: 365
+      ips:
+        - 172.16.33
+        - 172.16.34
+      programs:
+        - firewall
+        - radiusd
+        - dhcpd
+  modules:
+    - name: imudp
+      index: 53
+    - name: imrelp
+      index: 52
+      vars:
+        - name: InputRELPServerRun
+          value: 20514

hosts

@@ -175,6 +175,10 @@ roundcube.adm.crans.org
 routeur-sam.adm.crans.org
 routeur-gulp.cachan-adm.crans.org
 
+[rsyslog_server]
+gulp.cachan-adm.crans.org
+tealc.adm.crans.org
+
 [slapd]
 tealc.adm.crans.org
 sam.adm.crans.org

plays/logs.yml

@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-# tealc is the log server.
-# Servers need to send their logs to tealc.
-
-# Send logs to tealc
-- hosts: server,!tealc.adm.crans.org
-  vars:
-    rsyslog:
-      server: 172.16.10.1
-  roles: ["rsyslog-client"]
-
-- hosts: tealc.adm.crans.org
-  roles:
-    - rsyslog-server

plays/rsyslog-server.yml

@@ -0,0 +1,10 @@
+#!/usr/bin/env ansible-playbook
+---
+# tealc is the log server.
+# Servers need to send their logs to tealc.
+
+- hosts: rsyslog_server
+  vars:
+    rsyslog_server: "{{ glob_rsyslog_server | default({}) | combine(loc_rsyslog_server | default({})) }}"
+  roles:
+    - rsyslog-server

roles/rsyslog-server/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart rsyslog
+  service:
+     name: rsyslog
+     state: restarted

roles/rsyslog-server/tasks/main.yml

@@ -9,34 +9,29 @@
   retries: 3
   until: apt_result is succeeded
 
-- name: Deploy logrotate cablage config
+- name: Deploy logrotate config
   template:
-    src: logrotate.d/crans.j2
+    src: logrotate.d/logrotate.j2
-    dest: /etc/logrotate.d/crans
+    dest: "/etc/logrotate.d/{{ rsyslog_server.name }}"
     mode: 0644
     owner: root
     group: root
 
-- name: Deploy rsyslog cablage config
+- name: Deploy rsyslog config
   template:
-    src: rsyslog.d/30-cablage.conf.j2
+    src: rsyslog.d/30-rules.conf.j2
-    dest: /etc/rsyslog.d/30-cablage.conf
+    dest: /etc/rsyslog.d/30-rules.conf
     mode: 0640
     owner: root
     group: root
+  notify: restart rsyslog
 
-- name: Deploy rsyslog listen relp config
+- name: Deploy rsyslog modules config
   template:
-    src: rsyslog.d/52-listen_relp.conf.j2
+    src: rsyslog.d/50-module.conf.j2
-    dest: /etc/rsyslog.d/52-listen_relp.conf
+    dest: /etc/rsyslog.d/{{ item.index }}-module_{{ item.name }}.conf
-    mode: 0640
-    owner: root
-    group: root
-
-- name: Deploy rsyslog listen switches config
-  template:
-    src: rsyslog.d/53-listen_switches.conf.j2
-    dest: /etc/rsyslog.d/53-listen_switches.conf
     mode: 0640
     owner: root
     group: root
+  loop: "{{ rsyslog_server.modules }}"
+  notify: restart rsyslog

roles/rsyslog-server/templates/logrotate.d/crans.j2

@@ -1,53 +0,0 @@
-{{ ansible_header | comment }}
-
-# Logs Crans
-
-# Logs pour le cablage
-/pool/logs/tealc/cablage/global.log {
-    daily
-    rotate 365
-    compress
-    notifempty
-    missingok
-    create 640 root adm
-    postrotate
-        invoke-rc.d rsyslog rotate > /dev/null
-    endscript
-}
-
-
-# Logs centralisés
-
-# FreeRADIUS
-/pool/logs/tealc/freeradius/*.log {
-    weekly
-    rotate 365
-    compress
-    delaycompress
-    notifempty
-    missingok
-    postrotate
-        invoke-rc.d rsyslog rotate > /dev/null
-    endscript
-}
-
-# Logs des bornes et des switches
-/pool/logs/tealc/wifi/global.log {
-    daily
-    rotate 365
-    compress
-    notifempty
-    postrotate
-        invoke-rc.d rsyslog rotate > /dev/null
-    endscript
-}
-
-/pool/logs/tealc/filaire/global.log {
-    daily
-    rotate 365
-    compress
-    notifempty
-    postrotate
-        invoke-rc.d rsyslog rotate > /dev/null
-    endscript
-}

roles/rsyslog-server/templates/logrotate.d/logrotate.j2

@@ -0,0 +1,16 @@
+{{ ansible_header | comment }}
+
+# Logs pour le cablage
+{%  for rule in rsyslog_server.rules %}
+{{ rsyslog_server.root }}/{{ rsyslog_server.name }}/{{ rule.name }}/global.log {
+    daily
+    rotate {{ rule.rotate }}
+    compress
+    notifempty
+    missingok
+    create 640 root adm
+    postrotate
+        invoke-rc.d rsyslog rotate > /dev/null
+    endscript
+}
+{% endfor %}

roles/rsyslog-server/templates/rsyslog.d/30-cablage.conf.j2

@@ -1,24 +0,0 @@
-{{ ansible_header | comment }}
-
-$template CablageFileFormat,"%TIMESTAMP:::date-rfc3339% %fromhost% %syslogtag%%msg%\n"
-
-# Logs des switches
-
-if $fromhost-ip startswith '172.16.33.' then /pool/logs/tealc/cablage/global.log; CablageFileFormat
-
-# Logs des bornes
-
-## Dropbear est atteint de logorhée, une partie de ses logs ne sont pas vitaux
-if $programname contains "dropbear" and $msg contains "Exit before auth: Exited normally" then ~
-if $programname contains "dropbear" and re_match($msg, "Child connection from (127.0.0.1|::1|10.231.148.102)") then ~
-if $programname contains "dropbear" and re_match($msg, "Pubkey auth succeeded .* from 10.231.148.102") then ~
-if $programname contains "dropbear" and re_match($msg, "Exit \\(.*\\): Disconnect received") then ~
-
-if $fromhost-ip startswith '172.16.34.' then /pool/logs/tealc/cablage/global.log; CablageFileFormat
-
-# Logs RADIUS
-if $programname contains 'freeradius' then /pool/logs/tealc/cablage/global.log
-if $programname contains 'radiusd' then /pool/logs/tealc/cablage/global.log
-
-# Logs DHCP
-if $programname contains 'dhcpd' then /pool/logs/tealc/cablage/global.log

roles/rsyslog-server/templates/rsyslog.d/30-rules.conf.j2

@@ -0,0 +1,12 @@
+{{ ansible_header | comment }}
+$template CablageFileFormat,"%TIMESTAMP:::date-rfc3339% %fromhost% %syslogtag%%msg%\n"
+
+{% for rule in rsyslog_server.rules %}
+{% set dest = rsyslog_server.root+'/'+rsyslog_server.name+'/'+rule.name+'/global.log' %}
+{% for ip in rule.ips %}
+if $fromhost-ip startswith '{{ ip }}' then {{ dest }}; CablageFileFormat
+{% endfor %}
+{% for program in rule.programs %}
+if $programname contains '{{ program }}' then {{ dest }}
+{% endfor %}
+{% endfor %}

roles/rsyslog-server/templates/rsyslog.d/50-module.conf.j2

@@ -0,0 +1,8 @@
+{{ ansible_header | comment }}
+
+$ModLoad {{ item.name }}
+{% if item.vars is defined %}
+{% for var in item.vars %}
+${{ var.name }} {{ var.value }}
+{% endfor %}
+{% endif %}

roles/rsyslog-server/templates/rsyslog.d/52-listen_relp.conf.j2

@@ -1,4 +0,0 @@
-{{ ansible_header | comment }}
-
-$ModLoad imrelp
-$InputRELPServerRun 20514

roles/rsyslog-server/templates/rsyslog.d/53-listen_switches.conf.j2

@@ -1,8 +0,0 @@
-{{ ansible_header | comment }}
-
-# Réception en udp: pour les switchs seulement
-# et les bornes wifi
-$ModLoad imudp
-$UDPServerRun 514
-
-$AllowedSender UDP, 127.0.0.1, *.adm.crans.org, 172.16.10.0/24, *.infra.crans.org, 172.16.33.0/24, 172.16.34.0/24