Rewrite of soc::rsyslog::server.
This commit is contained in:
parent
82b24ade7c
commit
72cd56fe4e
GPG key ID:
5E8401339C7F5037
1 changed files with 31 additions and 50 deletions
|
|
@ -3,7 +3,6 @@ class soc::rsyslog::server(
|
||||||
$daily_rotation = true,
|
$daily_rotation = true,
|
||||||
$syslog_servers = lookup(syslog_servers, undef, undef, []),
|
$syslog_servers = lookup(syslog_servers, undef, undef, []),
|
||||||
$relp_syslog_servers = lookup(relp_syslog_servers, undef, undef, []),
|
$relp_syslog_servers = lookup(relp_syslog_servers, undef, undef, []),
|
||||||
$single_log_file = false,
|
|
||||||
$syslog_enable_remote = lookup('syslog_enable_remote', undef, undef, 'true'),
|
$syslog_enable_remote = lookup('syslog_enable_remote', undef, undef, 'true'),
|
||||||
$udp_port = lookup(udp_port, undef, undef, undef),
|
$udp_port = lookup(udp_port, undef, undef, undef),
|
||||||
$udp_client = lookup('udp_client', undef, undef, 'any'),
|
$udp_client = lookup('udp_client', undef, undef, 'any'),
|
||||||
|
|
@ -13,54 +12,48 @@ class soc::rsyslog::server(
|
||||||
$relp_client = lookup('relp_client', undef, undef, 'any'),
|
$relp_client = lookup('relp_client', undef, undef, 'any'),
|
||||||
$traditional_file_format = false,
|
$traditional_file_format = false,
|
||||||
) {
|
) {
|
||||||
ensure_resource('package', 'rsyslog', {
|
# Install rsyslog packages
|
||||||
ensure => 'installed'
|
[ 'rsyslog', 'rsyslog-relp', 'rsyslog-openssl' ].each |String $package| {
|
||||||
})
|
package { $package:
|
||||||
|
ensure => latest,
|
||||||
file { '/etc/rsyslog.conf':
|
}
|
||||||
ensure => file,
|
|
||||||
mode => '0644',
|
|
||||||
content => template('soc/rsyslog/rsyslog.conf.erb'),
|
|
||||||
require => Package['rsyslog'],
|
|
||||||
notify => Service['rsyslog']
|
|
||||||
}
|
|
||||||
|
|
||||||
$default_template = $single_log_file ?
|
|
||||||
{
|
|
||||||
true => 'rsyslog-default-single-logfile.conf.erb',
|
|
||||||
false => 'rsyslog-default.conf.erb',
|
|
||||||
}
|
|
||||||
file { '/etc/rsyslog.d/50-default.conf':
|
|
||||||
ensure => file,
|
|
||||||
mode => '0644',
|
|
||||||
content => template("soc/rsyslog/${default_template}"),
|
|
||||||
require => Package['rsyslog'],
|
|
||||||
notify => Service['rsyslog']
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$do_remote = str2bool($syslog_enable_remote)
|
$do_remote = str2bool($syslog_enable_remote)
|
||||||
|
|
||||||
file { '/etc/rsyslog.d/60-remote.conf':
|
file {
|
||||||
ensure => file,
|
'/var/log/remote':
|
||||||
mode => '0644',
|
ensure => directory,
|
||||||
content => template('soc/rsyslog/rsyslog-remote.conf.erb'),
|
;
|
||||||
require => Package['rsyslog'],
|
'/etc/rsyslog.conf':
|
||||||
|
ensure => file,
|
||||||
|
mode => '0644',
|
||||||
|
content => template('soc/rsyslog/rsyslog.conf.erb'),
|
||||||
|
require => Package['rsyslog'],
|
||||||
|
notify => Service['rsyslog'],
|
||||||
|
;
|
||||||
|
'/etc/rsyslog.d/50-default.conf':
|
||||||
|
ensure => file,
|
||||||
|
mode => '0644',
|
||||||
|
content => template('soc/rsyslog/rsyslog-default.conf.erb'),
|
||||||
|
require => Package['rsyslog'],
|
||||||
|
notify => Service['rsyslog'],
|
||||||
|
;
|
||||||
|
'/etc/rsyslog.d/60-remote.conf':
|
||||||
|
ensure => file,
|
||||||
|
mode => '0644',
|
||||||
|
content => template('soc/rsyslog/rsyslog-remote.conf.erb'),
|
||||||
|
require => Package['rsyslog'],
|
||||||
|
;
|
||||||
}
|
}
|
||||||
|
|
||||||
ensure_resource('service', 'rsyslog', {
|
service { 'rsyslog':
|
||||||
ensure => 'running',
|
ensure => 'running',
|
||||||
enable => true,
|
enabled => true,
|
||||||
subscribe => File['/etc/rsyslog.d/60-remote.conf'],
|
subscribe => File['/etc/rsyslog.d/60-remote.conf'],
|
||||||
})
|
|
||||||
|
|
||||||
if $relp_syslog_servers != [] {
|
|
||||||
ensure_resource('package', 'rsyslog-relp', {
|
|
||||||
ensure => 'installed'
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($tcp_port or $udp_port or $relp_port) {
|
if ($tcp_port or $udp_port or $relp_port) {
|
||||||
|
|
||||||
if ($udp_port) {
|
if ($udp_port) {
|
||||||
sunet::nftables::allow { "allow-syslog-udp-${udp_port}":
|
sunet::nftables::allow { "allow-syslog-udp-${udp_port}":
|
||||||
from => $udp_client,
|
from => $udp_client,
|
||||||
|
|
@ -69,7 +62,6 @@ class soc::rsyslog::server(
|
||||||
port => $udp_port
|
port => $udp_port
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($tcp_port) {
|
if ($tcp_port) {
|
||||||
sunet::nftables::allow { "allow-syslog-tcp-${tcp_port}":
|
sunet::nftables::allow { "allow-syslog-tcp-${tcp_port}":
|
||||||
from => $tcp_client,
|
from => $tcp_client,
|
||||||
|
|
@ -78,7 +70,6 @@ class soc::rsyslog::server(
|
||||||
port => $tcp_port
|
port => $tcp_port
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($relp_port) {
|
if ($relp_port) {
|
||||||
sunet::nftables::allow { "allow-syslog-relp-${relp_port}":
|
sunet::nftables::allow { "allow-syslog-relp-${relp_port}":
|
||||||
from => $relp_client,
|
from => $relp_client,
|
||||||
|
|
@ -95,7 +86,6 @@ class soc::rsyslog::server(
|
||||||
require => Package['rsyslog'],
|
require => Package['rsyslog'],
|
||||||
notify => Service['rsyslog']
|
notify => Service['rsyslog']
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($daily_rotation == true)
|
if ($daily_rotation == true)
|
||||||
|
|
@ -106,13 +96,4 @@ class soc::rsyslog::server(
|
||||||
content => template('soc/rsyslog/rsyslog.logrotate.erb'),
|
content => template('soc/rsyslog/rsyslog.logrotate.erb'),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ($single_log_file == true and $facts['fail2ban_is_enabled'] == 'yes') {
|
|
||||||
file { '/etc/fail2ban/jail.d/sshd-rsyslog-single-logfile.conf':
|
|
||||||
ensure => file,
|
|
||||||
mode => '0644',
|
|
||||||
content => template('soc/rsyslog/fail2ban-ssh-syslog.conf.erb'),
|
|
||||||
notify => Service['fail2ban'],
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue