From ffbd7b7bd889d7c774013058fe25a5b21b6e3263 Mon Sep 17 00:00:00 2001 From: DarkFeather Date: Sun, 18 Oct 2020 23:49:25 -0500 Subject: [PATCH] Adding better syslog --- examples/msn0.yml | 1 + .../files/sharingan-heartbeat.service | 9 ++ .../files/sharingan-heartbeat.timer | 11 +++ roles/Sharingan-Data/tasks/main.yml | 99 ++++++++++++++++++- .../Sharingan-Data/templates/graylog.conf.j2 | 10 ++ roles/basics/tasks/main.yml | 18 ++-- 6 files changed, 134 insertions(+), 14 deletions(-) create mode 100644 roles/Sharingan-Data/files/sharingan-heartbeat.service create mode 100644 roles/Sharingan-Data/files/sharingan-heartbeat.timer create mode 100644 roles/Sharingan-Data/templates/graylog.conf.j2 diff --git a/examples/msn0.yml b/examples/msn0.yml index 4c90d96..380db2d 100644 --- a/examples/msn0.yml +++ b/examples/msn0.yml @@ -2,6 +2,7 @@ all: vars: replica_domain: MSN0.AniNIX.net dns: 10.0.1.7 + logserver: 10.0.1.5 children: prod: hosts: diff --git a/roles/Sharingan-Data/files/sharingan-heartbeat.service b/roles/Sharingan-Data/files/sharingan-heartbeat.service new file mode 100644 index 0000000..0ea2444 --- /dev/null +++ b/roles/Sharingan-Data/files/sharingan-heartbeat.service @@ -0,0 +1,9 @@ +[Unit] +Description=AniNIX/Sharingan | Heartbeat service + +[Service] +ExecStart=/usr/sbin/systemctl is-system-running +Type=oneshot +RemainAfterExit=no +User=root +Group=root diff --git a/roles/Sharingan-Data/files/sharingan-heartbeat.timer b/roles/Sharingan-Data/files/sharingan-heartbeat.timer new file mode 100644 index 0000000..512da02 --- /dev/null +++ b/roles/Sharingan-Data/files/sharingan-heartbeat.timer @@ -0,0 +1,11 @@ +[Unit] +Description=AniNIX/Sharingan | Heartbeat timer + +[Timer] +OnCalendar=*-*-* *:00/5:00 +AccuracySec=12h +Persistent=true + +[Install] +WantedBy=timers.target + diff --git a/roles/Sharingan-Data/tasks/main.yml b/roles/Sharingan-Data/tasks/main.yml index 6c431b7..636b475 100644 --- a/roles/Sharingan-Data/tasks/main.yml +++ b/roles/Sharingan-Data/tasks/main.yml @@ -1,6 +1,95 @@ --- - name: Sharingan data filers - become: yes - package: - name: - - syslog-ng + - name: Sharingan data filers + become: yes + package: + state: present + name: + - syslog-ng + + - name: Sharingan-Data apps dir + become: yes + file: + path: /etc/syslog-ng/apps.d + state: directory + + - name: Sharingan-Data include apps dir + become: yes + lineinfile: + path: /etc/syslog-ng/syslog-ng.conf + line: "{{ item }}" + loop: + - '# Allow compartmentalization of config' + - '@include "apps.d/*.conf"' + + - name: Sharingan-Data conf + become: yes + template: + src: graylog.conf.j2 + dest: /etc/syslog-ng/apps.d/graylog.conf + owner: root + group: root + mode: 0750 + + - name: Sharingan-Data filer service + become: yes + copy: + remote_src: yes + src: /usr/lib/systemd/system/syslog-ng@.service + dest: /usr/lib/systemd/system/sharingan-data.service + owner: root + group: root + mode: 0750 + + - name: Sharingan-Data replace content + become: yes + replace: + path: /usr/lib/systemd/system/sharingan-data.service + regexp: '%i' + replace: 'default' + + - name: Sharingan-Data set vanity description + become: yes + lineinfile: + path: /usr/lib/systemd/system/sharingan-data.service + regexp: 'Description=' + line: 'Description=AniNIX/Sharingan | Data filer' + + + - name: Sharingan-Data heartbeat service + become: yes + copy: + src: sharingan-heartbeat.service + dest: /usr/lib/systemd/system + owner: root + group: root + mode: 0750 + + - name: Sharingan-Data heartbeat timer + become: yes + copy: + src: sharingan-heartbeat.timer + dest: /usr/lib/systemd/system + owner: root + group: root + mode: 0750 + + - systemd: + daemon_reload: yes + become: yes + + - name: Start Sharingan-Data services + become: yes + service: + name: "{{ item }}" + state: started + enabled: yes + loop: + - sharingan-heartbeat.timer + - sharingan-data.service + + - name: Disable default service + become: yes + service: + name: syslog-ng@default.service + state: stopped + enabled: no diff --git a/roles/Sharingan-Data/templates/graylog.conf.j2 b/roles/Sharingan-Data/templates/graylog.conf.j2 new file mode 100644 index 0000000..e3f086d --- /dev/null +++ b/roles/Sharingan-Data/templates/graylog.conf.j2 @@ -0,0 +1,10 @@ +# Define TCP syslog destination. +destination d_graylog { + syslog("{{ logserver }}" port(10514)); +}; +# Tell syslog-ng to send data from source s_src to the newly defined syslog destination. +log { + source(src); # Defined in the default syslog-ng configuration. + destination(d_graylog); +}; + diff --git a/roles/basics/tasks/main.yml b/roles/basics/tasks/main.yml index 93884ad..cad6e46 100644 --- a/roles/basics/tasks/main.yml +++ b/roles/basics/tasks/main.yml @@ -83,17 +83,18 @@ line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}" state: present - - name: Identify depriv user - command: - cmd: "bash -c 'getent passwd 1001 | cut -f 1 -d :'" - register: depriv_user - # This is an AniNIX convention to allow password management by Ansible. - - name: Ensure 1001 has sudo permissions. + - name: Ensure SSH user has sudo permissions. become: yes copy: - dest: /etc/sudoers.d/1001 - content: "{{ depriv_user.stdout }} ALL=(ALL) NOPASSWD: ALL\n" + dest: /etc/sudoers.d/basics + content: "{{ lookup('env','USER') }} ALL=(ALL) NOPASSWD: ALL\n" + + # Remove unneeded file + - file: + path: /etc/sudoers.d/1001 + state: absent + become: yes - name: Test root password ignore_errors: yes @@ -111,7 +112,6 @@ command: cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd" - - name: Define depriv password become: yes when: root_password_test.rc is not defined or root_password_test.rc != 0