From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Sat, 4 Feb 2023 01:23:43 -0500
Subject: initial commit

---
 roles/rsyslog_client/defaults/main.yml             |  7 +++
 roles/rsyslog_client/handlers/main.yml             |  4 ++
 roles/rsyslog_client/tasks/main.yml                | 27 ++++++++++
 roles/rsyslog_client/templates/etc/rsyslog.conf.j2 | 61 ++++++++++++++++++++++
 roles/rsyslog_client/vars/main.yml                 |  8 +++
 5 files changed, 107 insertions(+)
 create mode 100644 roles/rsyslog_client/defaults/main.yml
 create mode 100644 roles/rsyslog_client/handlers/main.yml
 create mode 100644 roles/rsyslog_client/tasks/main.yml
 create mode 100644 roles/rsyslog_client/templates/etc/rsyslog.conf.j2
 create mode 100644 roles/rsyslog_client/vars/main.yml

(limited to 'roles/rsyslog_client')

diff --git a/roles/rsyslog_client/defaults/main.yml b/roles/rsyslog_client/defaults/main.yml
new file mode 100644
index 0000000..9ba00aa
--- /dev/null
+++ b/roles/rsyslog_client/defaults/main.yml
@@ -0,0 +1,7 @@
+rsyslog_target: '{{ syslog_host }}'
+rsyslog_forward: yes
+rsyslog_queue_max_disk_space: 250m
+rsyslog_queue_size: 10000
+rsyslog_relp_port: 20514
+rsyslog_relp_tls_port: 10514
+rsyslog_tls: yes
diff --git a/roles/rsyslog_client/handlers/main.yml b/roles/rsyslog_client/handlers/main.yml
new file mode 100644
index 0000000..35e1f2d
--- /dev/null
+++ b/roles/rsyslog_client/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart rsyslog
+  systemd:
+    name: rsyslog
+    state: restarted
diff --git a/roles/rsyslog_client/tasks/main.yml b/roles/rsyslog_client/tasks/main.yml
new file mode 100644
index 0000000..c610d6d
--- /dev/null
+++ b/roles/rsyslog_client/tasks/main.yml
@@ -0,0 +1,27 @@
+- name: install rsyslog
+  dnf:
+    name: '{{ rsyslog_packages }}'
+    state: present
+
+- name: request TLS certificate
+  include_role:
+    name: getcert_request
+  vars:
+    certificate_sans: ['{{ ansible_fqdn }}']
+    certificate_service: syslog
+    certificate_path: '{{ rsyslog_certificate_path }}'
+    certificate_key_path: '{{ rsyslog_certificate_key_path }}'
+    certificate_hook: systemctl restart rsyslog
+  when: rsyslog_tls
+
+- name: generate rsyslog configuration
+  template:
+    src: etc/rsyslog.conf.j2
+    dest: /etc/rsyslog.conf
+  notify: restart rsyslog
+
+- name: enable rsyslog
+  systemd:
+    name: rsyslog
+    enabled: yes
+    state: started
diff --git a/roles/rsyslog_client/templates/etc/rsyslog.conf.j2 b/roles/rsyslog_client/templates/etc/rsyslog.conf.j2
new file mode 100644
index 0000000..83dc799
--- /dev/null
+++ b/roles/rsyslog_client/templates/etc/rsyslog.conf.j2
@@ -0,0 +1,61 @@
+module(load="imklog")
+module(load="imuxsock" SysSock.name="/run/systemd/journal/syslog")
+module(load="imfile")
+module(load="omrelp" tls.tlslib="openssl")
+
+global(
+  workDirectory="/var/lib/rsyslog"
+  parser.escapecontrolcharactertab="off"
+)
+
+module(
+  load="builtin:omfile"
+  template="RSYSLOG_TraditionalFileFormat"
+  fileOwner="root"
+  fileGroup="root"
+  fileCreateMode="0600"
+  dirCreateMode="0700"
+)
+
+include(file="/etc/rsyslog.d/*.conf" mode="optional")
+
+# if message didn't come from imfile, process as normal.
+if ($!metadata!filename == '') then {
+  # EL defaults
+  *.info;mail.none;authpriv.none;cron.none  /var/log/messages
+  authpriv.*                                /var/log/secure
+  mail.*                                    -/var/log/maillog
+  cron.*                                    /var/log/cron
+  *.emerg                                   :omusrmsg:*
+  uucp,news.crit                            /var/log/spooler
+  local7.*                                  /var/log/boot.log
+}
+
+{% if rsyslog_forward %}
+# forward to syslog server
+if prifilt("*.info") then {
+  action(type="omrelp"
+    template="RSYSLOG_ForwardFormat"
+    target="{{ rsyslog_target }}"
+    {% if rsyslog_tls %}
+    port="{{ rsyslog_relp_tls_port }}"
+    tls="on"
+    tls.caCert="{{ rsyslog_certificate_ca_path }}"
+    tls.myCert="{{ rsyslog_certificate_path }}"
+    tls.myPrivKey="{{ rsyslog_certificate_key_path }}"
+    tls.authMode="name"
+    tls.permittedPeer="{{ rsyslog_target }}"
+    {% else %}
+    port="{{ rsyslog_relp_port }}"
+    {% endif %}
+    queue.type="LinkedList"
+    queue.size="{{ rsyslog_queue_size }}"
+    queue.filename="q_forward"
+    queue.saveOnShutdown="on"
+    queue.maxDiskSpace="{{ rsyslog_queue_max_disk_space }}"
+    action.resumeRetryCount="-1"
+    action.resumeInterval="10"
+    action.reportSuspension="on"
+    action.reportSuspensionContinuation="on")
+}
+{% endif %}
diff --git a/roles/rsyslog_client/vars/main.yml b/roles/rsyslog_client/vars/main.yml
new file mode 100644
index 0000000..d36a841
--- /dev/null
+++ b/roles/rsyslog_client/vars/main.yml
@@ -0,0 +1,8 @@
+rsyslog_packages:
+  - rsyslog
+  - rsyslog-relp
+  - rsyslog-openssl
+
+rsyslog_certificate_path: /etc/pki/rsyslog/syslog.pem
+rsyslog_certificate_key_path: /etc/pki/rsyslog/syslog.key
+rsyslog_certificate_ca_path: /etc/ipa/ca.crt
-- 
cgit