Browse Source

Adding better syslog

main
DarkFeather 1 month ago
parent
commit
ffbd7b7bd8
Signed by: DarkFeather GPG Key ID: 1CC1E3F4ED06F296
6 changed files with 134 additions and 14 deletions
  1. +1
    -0
      examples/msn0.yml
  2. +9
    -0
      roles/Sharingan-Data/files/sharingan-heartbeat.service
  3. +11
    -0
      roles/Sharingan-Data/files/sharingan-heartbeat.timer
  4. +94
    -5
      roles/Sharingan-Data/tasks/main.yml
  5. +10
    -0
      roles/Sharingan-Data/templates/graylog.conf.j2
  6. +9
    -9
      roles/basics/tasks/main.yml

+ 1
- 0
examples/msn0.yml View File

@@ -2,6 +2,7 @@ all:
vars:
replica_domain: MSN0.AniNIX.net
dns: 10.0.1.7
logserver: 10.0.1.5
children:
prod:
hosts:


+ 9
- 0
roles/Sharingan-Data/files/sharingan-heartbeat.service View File

@@ -0,0 +1,9 @@
[Unit]
Description=AniNIX/Sharingan | Heartbeat service

[Service]
ExecStart=/usr/sbin/systemctl is-system-running
Type=oneshot
RemainAfterExit=no
User=root
Group=root

+ 11
- 0
roles/Sharingan-Data/files/sharingan-heartbeat.timer View File

@@ -0,0 +1,11 @@
[Unit]
Description=AniNIX/Sharingan | Heartbeat timer

[Timer]
OnCalendar=*-*-* *:00/5:00
AccuracySec=12h
Persistent=true

[Install]
WantedBy=timers.target


+ 94
- 5
roles/Sharingan-Data/tasks/main.yml View File

@@ -1,6 +1,95 @@
---
name: Sharingan data filers
become: yes
package:
name:
- syslog-ng
- name: Sharingan data filers
become: yes
package:
state: present
name:
- syslog-ng

- name: Sharingan-Data apps dir
become: yes
file:
path: /etc/syslog-ng/apps.d
state: directory

- name: Sharingan-Data include apps dir
become: yes
lineinfile:
path: /etc/syslog-ng/syslog-ng.conf
line: "{{ item }}"
loop:
- '# Allow compartmentalization of config'
- '@include "apps.d/*.conf"'
- name: Sharingan-Data conf
become: yes
template:
src: graylog.conf.j2
dest: /etc/syslog-ng/apps.d/graylog.conf
owner: root
group: root
mode: 0750

- name: Sharingan-Data filer service
become: yes
copy:
remote_src: yes
src: /usr/lib/systemd/system/syslog-ng@.service
dest: /usr/lib/systemd/system/sharingan-data.service
owner: root
group: root
mode: 0750

- name: Sharingan-Data replace content
become: yes
replace:
path: /usr/lib/systemd/system/sharingan-data.service
regexp: '%i'
replace: 'default'

- name: Sharingan-Data set vanity description
become: yes
lineinfile:
path: /usr/lib/systemd/system/sharingan-data.service
regexp: 'Description='
line: 'Description=AniNIX/Sharingan | Data filer'


- name: Sharingan-Data heartbeat service
become: yes
copy:
src: sharingan-heartbeat.service
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0750

- name: Sharingan-Data heartbeat timer
become: yes
copy:
src: sharingan-heartbeat.timer
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0750

- systemd:
daemon_reload: yes
become: yes

- name: Start Sharingan-Data services
become: yes
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- sharingan-heartbeat.timer
- sharingan-data.service

- name: Disable default service
become: yes
service:
name: syslog-ng@default.service
state: stopped
enabled: no

+ 10
- 0
roles/Sharingan-Data/templates/graylog.conf.j2 View File

@@ -0,0 +1,10 @@
# Define TCP syslog destination.
destination d_graylog {
syslog("{{ logserver }}" port(10514));
};
# Tell syslog-ng to send data from source s_src to the newly defined syslog destination.
log {
source(src); # Defined in the default syslog-ng configuration.
destination(d_graylog);
};


+ 9
- 9
roles/basics/tasks/main.yml View File

@@ -83,17 +83,18 @@
line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
state: present

- name: Identify depriv user
command:
cmd: "bash -c 'getent passwd 1001 | cut -f 1 -d :'"
register: depriv_user

# This is an AniNIX convention to allow password management by Ansible.
- name: Ensure 1001 has sudo permissions.
- name: Ensure SSH user has sudo permissions.
become: yes
copy:
dest: /etc/sudoers.d/1001
content: "{{ depriv_user.stdout }} ALL=(ALL) NOPASSWD: ALL\n"
dest: /etc/sudoers.d/basics
content: "{{ lookup('env','USER') }} ALL=(ALL) NOPASSWD: ALL\n"

# Remove unneeded file
- file:
path: /etc/sudoers.d/1001
state: absent
become: yes

- name: Test root password
ignore_errors: yes
@@ -111,7 +112,6 @@
command:
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd"

- name: Define depriv password
become: yes
when: root_password_test.rc is not defined or root_password_test.rc != 0


Loading…
Cancel
Save