crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'rsyslog' into 'newinfra' 

[rsyslog-server] tealc is the rsyslog server

See merge request nounous/ansible!166
certbot_on_virtu
_benjamin 2021-01-03 10:47:07 +01:00
parent 61508881b7 c8ed25a704
commit f750f50758
5 changed files with 67 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
plays/logs.yml
View File

@ -1,11 +1,15 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
# thot is the log server. # tealc is the log server.
# Servers need to send their logs to thot. # Servers need to send their logs to tealc.
# Send logs to thot # Send logs to tealc
- hosts: server,!thot.adm.crans.org - hosts: server,!tealc.adm.crans.org
vars: vars:
rsyslog: rsyslog:
server: thot.adm.crans.org server: 172.16.10.1
roles: ["rsyslog-client"] roles: ["rsyslog-client"]
- hosts: tealc.adm.crans.org
roles:
- rsyslog-server

24
roles/rsyslog-server/tasks/main.yml 100644
View File

@ -0,0 +1,24 @@
---
- name: Deploy rsyslog cablage config
template:
src: rsyslog.d/30-cablage.conf.j2
dest: /etc/rsyslog.d/30-cablage.conf
mode: 0640
owner: root
group: root
- name: Deploy rsyslog listen relp config
template:
src: rsyslog.d/52-listen_relp.conf.j2
dest: /etc/rsyslog.d/52-listen_relp.conf
mode: 0640
owner: root
group: root
- name: Deploy rsyslog listen switches config
template:
src: rsyslog.d/53-listen_switches.conf.j2
dest: /etc/rsyslog.d/53-listen_switches.conf
mode: 0640
owner: root
group: root

22
roles/rsyslog-server/templates/rsyslog.d/30-cablage.conf.j2 100644
View File

@ -0,0 +1,22 @@
{{ ansible_header | comment }}
# Logs des switches
if $fromhost-ip startswith '172.16.33.' then /pool/logs/tealc/cablage/global.log; CablageFileFormat
# Logs des bornes
## Dropbear est atteint de logorhée, une partie de ses logs ne sont pas vitaux
if $programname contains "dropbear" and $msg contains "Exit before auth: Exited normally" then ~
if $programname contains "dropbear" and re_match($msg, "Child connection from (127.0.0.1|::1|10.231.148.102)") then ~
if $programname contains "dropbear" and re_match($msg, "Pubkey auth succeeded .* from 10.231.148.102") then ~
if $programname contains "dropbear" and re_match($msg, "Exit \\(.*\\): Disconnect received") then ~
if $fromhost-ip startswith '172.16.34.' then /pool/logs/tealc/cablage/global.log; CablageFileFormat
# Logs RADIUS
if $programname contains 'freeradius' then /pool/logs/tealc/cablage/global.log
if $programname contains 'radiusd' then /pool/logs/tealc/cablage/global.log
# Logs DHCP
if $programname contains 'dhcpd' then /pool/logs/tealc/cablage/global.log

4
roles/rsyslog-server/templates/rsyslog.d/52-listen_relp.conf.j2 100644
View File

@ -0,0 +1,4 @@
{{ ansible_header | comment }}
$ModLoad imrelp
$InputRELPServerRun 20514

8
roles/rsyslog-server/templates/rsyslog.d/53-listen_switches.conf.j2 100644
View File

@ -0,0 +1,8 @@
{{ ansible_header | comment }}
# Réception en udp: pour les switchs seulement
# et les bornes wifi
$ModLoad imudp
$UDPServerRun 514
$AllowedSender UDP, 127.0.0.1, *.adm.crans.org, 172.16.10.0/24, *.infra.crans.org, 172.16.33.0/24, 172.16.34.0/24