Rewrite of soc::rsyslog::server.

global/overlay/etc/puppet/modules/soc/manifests/rsyslog/server.pp

@@ -3,7 +3,6 @@ class soc::rsyslog::server(
   $daily_rotation = true,
   $syslog_servers = lookup(syslog_servers, undef, undef, []),
   $relp_syslog_servers = lookup(relp_syslog_servers, undef, undef, []),
-  $single_log_file = false,
   $syslog_enable_remote = lookup('syslog_enable_remote', undef, undef, 'true'),
   $udp_port = lookup(udp_port, undef, undef, undef),
   $udp_client = lookup('udp_client', undef, undef, 'any'),
@@ -13,54 +12,48 @@ class soc::rsyslog::server(
   $relp_client = lookup('relp_client', undef, undef, 'any'),
   $traditional_file_format = false,
 ) {
-  ensure_resource('package', 'rsyslog', {
+  # Install rsyslog packages
-    ensure => 'installed'
+  [ 'rsyslog', 'rsyslog-relp', 'rsyslog-openssl' ].each |String $package| {
-  })
+    package { $package:
-
+      ensure => latest,
-  file { '/etc/rsyslog.conf':
-    ensure  => file,
-    mode    => '0644',
-    content => template('soc/rsyslog/rsyslog.conf.erb'),
-    require => Package['rsyslog'],
-    notify  => Service['rsyslog']
     }
-
-  $default_template = $single_log_file ?
-  {
-      true  => 'rsyslog-default-single-logfile.conf.erb',
-      false => 'rsyslog-default.conf.erb',
-  }
-  file { '/etc/rsyslog.d/50-default.conf':
-    ensure  => file,
-    mode    => '0644',
-    content => template("soc/rsyslog/${default_template}"),
-    require => Package['rsyslog'],
-    notify  => Service['rsyslog']
   }
 
   $do_remote = str2bool($syslog_enable_remote)
 
-  file { '/etc/rsyslog.d/60-remote.conf':
+  file {
+    '/var/log/remote':
+      ensure => directory,
+      ;
+    '/etc/rsyslog.conf':
+      ensure  => file,
+      mode    => '0644',
+      content => template('soc/rsyslog/rsyslog.conf.erb'),
+      require => Package['rsyslog'],
+      notify  => Service['rsyslog'],
+      ;
+    '/etc/rsyslog.d/50-default.conf':
+      ensure  => file,
+      mode    => '0644',
+      content => template('soc/rsyslog/rsyslog-default.conf.erb'),
+      require => Package['rsyslog'],
+      notify  => Service['rsyslog'],
+      ;
+    '/etc/rsyslog.d/60-remote.conf':
       ensure  => file,
       mode    => '0644',
       content => template('soc/rsyslog/rsyslog-remote.conf.erb'),
       require => Package['rsyslog'],
+      ;
   }
 
-  ensure_resource('service', 'rsyslog', {
+  service { 'rsyslog':
     ensure    => 'running',
-    enable    => true,
+    enabled   => true,
     subscribe => File['/etc/rsyslog.d/60-remote.conf'],
-  })
-
-  if $relp_syslog_servers != [] {
-    ensure_resource('package', 'rsyslog-relp', {
-      ensure => 'installed'
-      })
   }
 
   if ($tcp_port or $udp_port or $relp_port) {
-
     if ($udp_port) {
         sunet::nftables::allow { "allow-syslog-udp-${udp_port}":
           from  => $udp_client,
@@ -69,7 +62,6 @@ class soc::rsyslog::server(
           port  => $udp_port
         }
     }
-
     if ($tcp_port) {
         sunet::nftables::allow { "allow-syslog-tcp-${tcp_port}":
           from  => $tcp_client,
@@ -78,7 +70,6 @@ class soc::rsyslog::server(
           port  => $tcp_port
         }
     }
-
     if ($relp_port) {
         sunet::nftables::allow { "allow-syslog-relp-${relp_port}":
           from  => $relp_client,
@@ -95,7 +86,6 @@ class soc::rsyslog::server(
       require => Package['rsyslog'],
       notify  => Service['rsyslog']
     }
-
   }
 
   if ($daily_rotation == true)
@@ -106,13 +96,4 @@ class soc::rsyslog::server(
       content => template('soc/rsyslog/rsyslog.logrotate.erb'),
     }
   }
-  if ($single_log_file == true and $facts['fail2ban_is_enabled'] == 'yes') {
-    file { '/etc/fail2ban/jail.d/sshd-rsyslog-single-logfile.conf':
-      ensure  => file,
-      mode    => '0644',
-      content => template('soc/rsyslog/fail2ban-ssh-syslog.conf.erb'),
-      notify  => Service['fail2ban'],
-    }
-
-  }
 }