soc-ops/global/overlay/etc/puppet/modules/soc/manifests/rsyslog/server.pp

# rsyslog
class soc::rsyslog::server(
  $daily_rotation = true,
  $syslog_servers = lookup(syslog_servers, undef, undef, []),
  $gelf_graylog_servers = lookup(gelf_graylog_servers, undef, undef, []),
  $relp_syslog_servers = lookup(relp_syslog_servers, undef, undef, []),
  $syslog_enable_remote = lookup('syslog_enable_remote', undef, undef, 'true'),
  $udp_port = lookup(udp_port, undef, undef, undef),
  $udp_client = lookup('udp_client', undef, undef, 'any'),
  $tcp_port = lookup(tcp_port, undef, undef, undef),
  $tcp_client = lookup('tcp_client', undef, undef, 'any'),
  $relp_port = lookup(relp_port, undef, undef, '2514'),
  $relp_client = lookup('relp_client', undef, undef, 'any'),
  $traditional_file_format = false,
  $hostgroups = $facts['configured_hosts_in_cosmos'],
) {
  # Install rsyslog packages
  [ 'rsyslog', 'rsyslog-relp', 'rsyslog-openssl' ].each |String $package| {
    package { $package:
      ensure => latest,
    }
  }

  $do_remote = str2bool($syslog_enable_remote)

  file {
    '/var/log/remote':
      ensure => directory,
      ;
    '/etc/rsyslog.conf':
      ensure  => file,
      mode    => '0644',
      content => template('soc/rsyslog/rsyslog.conf.erb'),
      require => Package['rsyslog'],
      notify  => Service['rsyslog'],
      ;
    '/etc/rsyslog.d/99-default.conf':
      ensure  => file,
      mode    => '0644',
      content => template('soc/rsyslog/rsyslog-default.conf.erb'),
      require => Package['rsyslog'],
      notify  => Service['rsyslog'],
      ;
    '/etc/rsyslog.d/10-remote.conf':
      ensure  => file,
      mode    => '0644',
      content => template('soc/rsyslog/rsyslog-remote.conf.erb'),
      require => Package['rsyslog'],
      ;
  }

  service { 'rsyslog':
    ensure    => 'running',
    enable    => true,
    subscribe => File['/etc/rsyslog.d/10-remote.conf'],
  }

  if ($tcp_port or $udp_port or $relp_port) {
    if ($udp_port) {
        sunet::nftables::allow { "allow-syslog-udp-${udp_port}":
          from  => $udp_client,
          to    => 'any',
          proto => 'udp',
          port  => $udp_port
        }
    }
    if ($tcp_port) {
        sunet::nftables::allow { "allow-syslog-tcp-${tcp_port}":
          from  => $tcp_client,
          to    => 'any',
          proto => 'tcp',
          port  => $tcp_port
        }
    }
    file { '/etc/rsyslog.d/50-local.conf':
      ensure  => file,
      mode    => '0644',
      content => template('soc/rsyslog/rsyslog-local.conf.erb'),
      require => Package['rsyslog'],
      notify  => Service['rsyslog']
    }
  }

  if ($daily_rotation == true)
  {
    file { '/etc/logrotate.d/rsyslog':
      ensure  => file,
      mode    => '0644',
      content => template('soc/rsyslog/rsyslog.logrotate.erb'),
    }
  }

  if 'all' in $hostgroups {
    $hostgroups['all'].each |String $hostname| {
      $ip_list = dnsLookup($hostname)
      $ip_list.each |String $ip| {
        sunet::nftables::allow { "allow-rsyslog-relp-${ip}":
          from => $ip,
          port => $relp_port,
        }
      }
    }
  }
}
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`# rsyslog`
Split rsyslog to server and to come: client. 2025-02-21 11:02:24 +01:00			`class soc::rsyslog::server(`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`$daily_rotation = true,`
			`$syslog_servers = lookup(syslog_servers, undef, undef, []),`
Switch to gelf forwarding for rsyslog server 2025-02-24 14:47:15 +01:00			`$gelf_graylog_servers = lookup(gelf_graylog_servers, undef, undef, []),`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`$relp_syslog_servers = lookup(relp_syslog_servers, undef, undef, []),`
			`$syslog_enable_remote = lookup('syslog_enable_remote', undef, undef, 'true'),`
			`$udp_port = lookup(udp_port, undef, undef, undef),`
			`$udp_client = lookup('udp_client', undef, undef, 'any'),`
			`$tcp_port = lookup(tcp_port, undef, undef, undef),`
			`$tcp_client = lookup('tcp_client', undef, undef, 'any'),`
Trying to automate setup of nft rules for relp traffic. 2025-02-21 14:00:58 +01:00			`$relp_port = lookup(relp_port, undef, undef, '2514'),`
Set up rsyslog relp listener. 2025-02-20 14:19:17 +01:00			`$relp_client = lookup('relp_client', undef, undef, 'any'),`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`$traditional_file_format = false,`
Trying to automate setup of nft rules for relp traffic. 2025-02-21 14:00:58 +01:00			`$hostgroups = $facts['configured_hosts_in_cosmos'],`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`) {`
Rewrite of soc::rsyslog::server. 2025-02-21 12:48:34 +01:00			`# Install rsyslog packages`
			`[ 'rsyslog', 'rsyslog-relp', 'rsyslog-openssl' ].each \|String $package\| {`
			`package { $package:`
			`ensure => latest,`
			`}`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`}`

			`$do_remote = str2bool($syslog_enable_remote)`

Rewrite of soc::rsyslog::server. 2025-02-21 12:48:34 +01:00			`file {`
			`'/var/log/remote':`
			`ensure => directory,`
			`;`
			`'/etc/rsyslog.conf':`
			`ensure => file,`
			`mode => '0644',`
			`content => template('soc/rsyslog/rsyslog.conf.erb'),`
			`require => Package['rsyslog'],`
			`notify => Service['rsyslog'],`
			`;`
Switch to gelf forwarding for rsyslog server 2025-02-24 14:47:15 +01:00			`'/etc/rsyslog.d/99-default.conf':`
Rewrite of soc::rsyslog::server. 2025-02-21 12:48:34 +01:00			`ensure => file,`
			`mode => '0644',`
			`content => template('soc/rsyslog/rsyslog-default.conf.erb'),`
			`require => Package['rsyslog'],`
			`notify => Service['rsyslog'],`
			`;`
Switch to gelf forwarding for rsyslog server 2025-02-24 14:47:15 +01:00			`'/etc/rsyslog.d/10-remote.conf':`
			`ensure => file,`
			`mode => '0644',`
Streamline rsyslog conf 2025-02-24 15:15:07 +01:00			`content => template('soc/rsyslog/rsyslog-remote.conf.erb'),`
Switch to gelf forwarding for rsyslog server 2025-02-24 14:47:15 +01:00			`require => Package['rsyslog'],`
			`;`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`}`

Rewrite of soc::rsyslog::server. 2025-02-21 12:48:34 +01:00			`service { 'rsyslog':`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`ensure => 'running',`
Fix typo. 2025-02-21 12:50:19 +01:00			`enable => true,`
Bugfixes. 2025-02-24 14:50:51 +01:00			`subscribe => File['/etc/rsyslog.d/10-remote.conf'],`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`}`

Bugifx 2025-02-21 14:03:23 +01:00			`if ($tcp_port or $udp_port or $relp_port) {`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`if ($udp_port) {`
Use nftables in rsyslog. 2025-02-20 13:51:04 +01:00			`sunet::nftables::allow { "allow-syslog-udp-${udp_port}":`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`from => $udp_client,`
Fixes for nftables in rsyslog. 2025-02-20 13:52:13 +01:00			`to => 'any',`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`proto => 'udp',`
			`port => $udp_port`
			`}`
			`}`
			`if ($tcp_port) {`
Use nftables in rsyslog. 2025-02-20 13:51:04 +01:00			`sunet::nftables::allow { "allow-syslog-tcp-${tcp_port}":`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`from => $tcp_client,`
Fixes for nftables in rsyslog. 2025-02-20 13:52:13 +01:00			`to => 'any',`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`proto => 'tcp',`
			`port => $tcp_port`
			`}`
			`}`
			`file { '/etc/rsyslog.d/50-local.conf':`
			`ensure => file,`
			`mode => '0644',`
Bugfixes. 2025-02-20 14:58:38 +01:00			`content => template('soc/rsyslog/rsyslog-local.conf.erb'),`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`require => Package['rsyslog'],`
			`notify => Service['rsyslog']`
			`}`
			`}`

			`if ($daily_rotation == true)`
			`{`
			`file { '/etc/logrotate.d/rsyslog':`
			`ensure => file,`
			`mode => '0644',`
Bugfixes. 2025-02-20 14:58:38 +01:00			`content => template('soc/rsyslog/rsyslog.logrotate.erb'),`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`}`
			`}`
Trying to automate setup of nft rules for relp traffic. 2025-02-21 14:00:58 +01:00
			`if 'all' in $hostgroups {`
			`$hostgroups['all'].each \|String $hostname\| {`
			`$ip_list = dnsLookup($hostname)`
			`$ip_list.each \|String $ip\| {`
Bugifx 2025-02-21 14:04:19 +01:00			`sunet::nftables::allow { "allow-rsyslog-relp-${ip}":`
Trying to automate setup of nft rules for relp traffic. 2025-02-21 14:00:58 +01:00			`from => $ip,`
			`port => $relp_port,`
			`}`
			`}`
			`}`
			`}`
Move sunet::rsyslog to soc::rsyslog to get it working as we want. 2025-02-20 13:49:00 +01:00			`}`