From 2095ae8f1921aae26ed8558299e6bb04c939b7a3 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Mon, 24 May 2021 17:02:34 +0200
Subject: [PATCH] [rsyslog_server] pep-cransified + gulp
---
host_vars/gulp.cachan-adm.crans.org.yml | 22 ++++++++
host_vars/tealc.adm.crans.org.yml | 22 ++++++++
hosts | 4 ++
plays/logs.yml | 15 ------
plays/rsyslog-server.yml | 10 ++++
roles/rsyslog-server/handlers/main.yml | 5 ++
roles/rsyslog-server/tasks/main.yml | 29 +++++-----
.../templates/logrotate.d/crans.j2 | 53 -------------------
.../templates/logrotate.d/logrotate.j2 | 16 ++++++
.../templates/rsyslog.d/30-cablage.conf.j2 | 24 ---------
.../templates/rsyslog.d/30-rules.conf.j2 | 12 +++++
.../templates/rsyslog.d/50-module.conf.j2 | 8 +++
.../rsyslog.d/52-listen_relp.conf.j2 | 4 --
.../rsyslog.d/53-listen_switches.conf.j2 | 8 ---
14 files changed, 111 insertions(+), 121 deletions(-)
delete mode 100755 plays/logs.yml
create mode 100755 plays/rsyslog-server.yml
create mode 100644 roles/rsyslog-server/handlers/main.yml
delete mode 100644 roles/rsyslog-server/templates/logrotate.d/crans.j2
create mode 100644 roles/rsyslog-server/templates/logrotate.d/logrotate.j2
delete mode 100644 roles/rsyslog-server/templates/rsyslog.d/30-cablage.conf.j2
create mode 100644 roles/rsyslog-server/templates/rsyslog.d/30-rules.conf.j2
create mode 100644 roles/rsyslog-server/templates/rsyslog.d/50-module.conf.j2
delete mode 100644 roles/rsyslog-server/templates/rsyslog.d/52-listen_relp.conf.j2
delete mode 100644 roles/rsyslog-server/templates/rsyslog.d/53-listen_switches.conf.j2
diff --git a/host_vars/gulp.cachan-adm.crans.org.yml b/host_vars/gulp.cachan-adm.crans.org.yml
index a3b8517c..7b436efd 100644
--- a/host_vars/gulp.cachan-adm.crans.org.yml
+++ b/host_vars/gulp.cachan-adm.crans.org.yml
@@ -28,3 +28,25 @@ loc_borg:
glob_prometheus_node_exporter:
listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
+
+loc_rsyslog_server:
+ name: gulp
+ root: /var/log
+ rules:
+ - name: cablage
+ rotate: 365
+ ips:
+ - 172.16.33
+ - 172.16.34
+ programs:
+ - firewall
+ - radiusd
+ - dhcpd
+ modules:
+ - name: imudp
+ index: 53
+ - name: imrelp
+ index: 52
+ vars:
+ - name: InputRELPServerRun
+ value: 20514
diff --git a/host_vars/tealc.adm.crans.org.yml b/host_vars/tealc.adm.crans.org.yml
index aa6545f9..5a0fdfad 100644
--- a/host_vars/tealc.adm.crans.org.yml
+++ b/host_vars/tealc.adm.crans.org.yml
@@ -34,3 +34,25 @@ loc_borg:
- /etc
- /var
- /pool/home
+
+loc_rsyslog_server:
+ name: tealc
+ root: /pool/logs
+ rules:
+ - name: cablage
+ rotate: 365
+ ips:
+ - 172.16.33
+ - 172.16.34
+ programs:
+ - firewall
+ - radiusd
+ - dhcpd
+ modules:
+ - name: imudp
+ index: 53
+ - name: imrelp
+ index: 52
+ vars:
+ - name: InputRELPServerRun
+ value: 20514
diff --git a/hosts b/hosts
index f0d4d472..08780870 100644
--- a/hosts
+++ b/hosts
@@ -175,6 +175,10 @@ roundcube.adm.crans.org
routeur-sam.adm.crans.org
routeur-gulp.cachan-adm.crans.org
+[rsyslog_server]
+gulp.cachan-adm.crans.org
+tealc.adm.crans.org
+
[slapd]
tealc.adm.crans.org
sam.adm.crans.org
diff --git a/plays/logs.yml b/plays/logs.yml
deleted file mode 100755
index 8891c32b..00000000
--- a/plays/logs.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-# tealc is the log server.
-# Servers need to send their logs to tealc.
-
-# Send logs to tealc
-- hosts: server,!tealc.adm.crans.org
- vars:
- rsyslog:
- server: 172.16.10.1
- roles: ["rsyslog-client"]
-
-- hosts: tealc.adm.crans.org
- roles:
- - rsyslog-server
diff --git a/plays/rsyslog-server.yml b/plays/rsyslog-server.yml
new file mode 100755
index 00000000..f692b9ee
--- /dev/null
+++ b/plays/rsyslog-server.yml
@@ -0,0 +1,10 @@
+#!/usr/bin/env ansible-playbook
+---
+# tealc is the log server.
+# Servers need to send their logs to tealc.
+
+- hosts: rsyslog_server
+ vars:
+ rsyslog_server: "{{ glob_rsyslog_server | default({}) | combine(loc_rsyslog_server | default({})) }}"
+ roles:
+ - rsyslog-server
diff --git a/roles/rsyslog-server/handlers/main.yml b/roles/rsyslog-server/handlers/main.yml
new file mode 100644
index 00000000..3251903d
--- /dev/null
+++ b/roles/rsyslog-server/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart rsyslog
+ service:
+ name: rsyslog
+ state: restarted
diff --git a/roles/rsyslog-server/tasks/main.yml b/roles/rsyslog-server/tasks/main.yml
index 8ea84a19..5717dfb6 100644
--- a/roles/rsyslog-server/tasks/main.yml
+++ b/roles/rsyslog-server/tasks/main.yml
@@ -9,34 +9,29 @@
retries: 3
until: apt_result is succeeded
-- name: Deploy logrotate cablage config
+- name: Deploy logrotate config
template:
- src: logrotate.d/crans.j2
- dest: /etc/logrotate.d/crans
+ src: logrotate.d/logrotate.j2
+ dest: "/etc/logrotate.d/{{ rsyslog_server.name }}"
mode: 0644
owner: root
group: root
-- name: Deploy rsyslog cablage config
+- name: Deploy rsyslog config
template:
- src: rsyslog.d/30-cablage.conf.j2
- dest: /etc/rsyslog.d/30-cablage.conf
+ src: rsyslog.d/30-rules.conf.j2
+ dest: /etc/rsyslog.d/30-rules.conf
mode: 0640
owner: root
group: root
+ notify: restart rsyslog
-- name: Deploy rsyslog listen relp config
+- name: Deploy rsyslog modules config
template:
- src: rsyslog.d/52-listen_relp.conf.j2
- dest: /etc/rsyslog.d/52-listen_relp.conf
- mode: 0640
- owner: root
- group: root
-
-- name: Deploy rsyslog listen switches config
- template:
- src: rsyslog.d/53-listen_switches.conf.j2
- dest: /etc/rsyslog.d/53-listen_switches.conf
+ src: rsyslog.d/50-module.conf.j2
+ dest: /etc/rsyslog.d/{{ item.index }}-module_{{ item.name }}.conf
mode: 0640
owner: root
group: root
+ loop: "{{ rsyslog_server.modules }}"
+ notify: restart rsyslog
diff --git a/roles/rsyslog-server/templates/logrotate.d/crans.j2 b/roles/rsyslog-server/templates/logrotate.d/crans.j2
deleted file mode 100644
index b0b5bd75..00000000
--- a/roles/rsyslog-server/templates/logrotate.d/crans.j2
+++ /dev/null
@@ -1,53 +0,0 @@
-{{ ansible_header | comment }}
-
-# Logs Crans
-
-# Logs pour le cablage
-/pool/logs/tealc/cablage/global.log {
- daily
- rotate 365
- compress
- notifempty
- missingok
- create 640 root adm
- postrotate
- invoke-rc.d rsyslog rotate > /dev/null
- endscript
-}
-
-
-# Logs centralisés
-
-# FreeRADIUS
-/pool/logs/tealc/freeradius/*.log {
- weekly
- rotate 365
- compress
- delaycompress
- notifempty
- missingok
- postrotate
- invoke-rc.d rsyslog rotate > /dev/null
- endscript
-}
-
-# Logs des bornes et des switches
-/pool/logs/tealc/wifi/global.log {
- daily
- rotate 365
- compress
- notifempty
- postrotate
- invoke-rc.d rsyslog rotate > /dev/null
- endscript
-}
-
-/pool/logs/tealc/filaire/global.log {
- daily
- rotate 365
- compress
- notifempty
- postrotate
- invoke-rc.d rsyslog rotate > /dev/null
- endscript
-}
diff --git a/roles/rsyslog-server/templates/logrotate.d/logrotate.j2 b/roles/rsyslog-server/templates/logrotate.d/logrotate.j2
new file mode 100644
index 00000000..c4b7fc9a
--- /dev/null
+++ b/roles/rsyslog-server/templates/logrotate.d/logrotate.j2
@@ -0,0 +1,16 @@
+{{ ansible_header | comment }}
+
+# Logs pour le cablage
+{% for rule in rsyslog_server.rules %}
+{{ rsyslog_server.root }}/{{ rsyslog_server.name }}/{{ rule.name }}/global.log {
+ daily
+ rotate {{ rule.rotate }}
+ compress
+ notifempty
+ missingok
+ create 640 root adm
+ postrotate
+ invoke-rc.d rsyslog rotate > /dev/null
+ endscript
+}
+{% endfor %}
diff --git a/roles/rsyslog-server/templates/rsyslog.d/30-cablage.conf.j2 b/roles/rsyslog-server/templates/rsyslog.d/30-cablage.conf.j2
deleted file mode 100644
index 0a87c1d4..00000000
--- a/roles/rsyslog-server/templates/rsyslog.d/30-cablage.conf.j2
+++ /dev/null
@@ -1,24 +0,0 @@
-{{ ansible_header | comment }}
-
-$template CablageFileFormat,"%TIMESTAMP:::date-rfc3339% %fromhost% %syslogtag%%msg%\n"
-
-# Logs des switches
-
-if $fromhost-ip startswith '172.16.33.' then /pool/logs/tealc/cablage/global.log; CablageFileFormat
-
-# Logs des bornes
-
-## Dropbear est atteint de logorhée, une partie de ses logs ne sont pas vitaux
-if $programname contains "dropbear" and $msg contains "Exit before auth: Exited normally" then ~
-if $programname contains "dropbear" and re_match($msg, "Child connection from (127.0.0.1|::1|10.231.148.102)") then ~
-if $programname contains "dropbear" and re_match($msg, "Pubkey auth succeeded .* from 10.231.148.102") then ~
-if $programname contains "dropbear" and re_match($msg, "Exit \\(.*\\): Disconnect received") then ~
-
-if $fromhost-ip startswith '172.16.34.' then /pool/logs/tealc/cablage/global.log; CablageFileFormat
-
-# Logs RADIUS
-if $programname contains 'freeradius' then /pool/logs/tealc/cablage/global.log
-if $programname contains 'radiusd' then /pool/logs/tealc/cablage/global.log
-
-# Logs DHCP
-if $programname contains 'dhcpd' then /pool/logs/tealc/cablage/global.log
diff --git a/roles/rsyslog-server/templates/rsyslog.d/30-rules.conf.j2 b/roles/rsyslog-server/templates/rsyslog.d/30-rules.conf.j2
new file mode 100644
index 00000000..241c3bd1
--- /dev/null
+++ b/roles/rsyslog-server/templates/rsyslog.d/30-rules.conf.j2
@@ -0,0 +1,12 @@
+{{ ansible_header | comment }}
+$template CablageFileFormat,"%TIMESTAMP:::date-rfc3339% %fromhost% %syslogtag%%msg%\n"
+
+{% for rule in rsyslog_server.rules %}
+{% set dest = rsyslog_server.root+'/'+rsyslog_server.name+'/'+rule.name+'/global.log' %}
+{% for ip in rule.ips %}
+if $fromhost-ip startswith '{{ ip }}' then {{ dest }}; CablageFileFormat
+{% endfor %}
+{% for program in rule.programs %}
+if $programname contains '{{ program }}' then {{ dest }}
+{% endfor %}
+{% endfor %}
diff --git a/roles/rsyslog-server/templates/rsyslog.d/50-module.conf.j2 b/roles/rsyslog-server/templates/rsyslog.d/50-module.conf.j2
new file mode 100644
index 00000000..fe40e6ed
--- /dev/null
+++ b/roles/rsyslog-server/templates/rsyslog.d/50-module.conf.j2
@@ -0,0 +1,8 @@
+{{ ansible_header | comment }}
+
+$ModLoad {{ item.name }}
+{% if item.vars is defined %}
+{% for var in item.vars %}
+${{ var.name }} {{ var.value }}
+{% endfor %}
+{% endif %}
diff --git a/roles/rsyslog-server/templates/rsyslog.d/52-listen_relp.conf.j2 b/roles/rsyslog-server/templates/rsyslog.d/52-listen_relp.conf.j2
deleted file mode 100644
index 589ae3b9..00000000
--- a/roles/rsyslog-server/templates/rsyslog.d/52-listen_relp.conf.j2
+++ /dev/null
@@ -1,4 +0,0 @@
-{{ ansible_header | comment }}
-
-$ModLoad imrelp
-$InputRELPServerRun 20514
diff --git a/roles/rsyslog-server/templates/rsyslog.d/53-listen_switches.conf.j2 b/roles/rsyslog-server/templates/rsyslog.d/53-listen_switches.conf.j2
deleted file mode 100644
index 26bb5344..00000000
--- a/roles/rsyslog-server/templates/rsyslog.d/53-listen_switches.conf.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-{{ ansible_header | comment }}
-
-# Réception en udp: pour les switchs seulement
-# et les bornes wifi
-$ModLoad imudp
-$UDPServerRun 514
-
-$AllowedSender UDP, 127.0.0.1, *.adm.crans.org, 172.16.10.0/24, *.infra.crans.org, 172.16.33.0/24, 172.16.34.0/24
--
GitLab