AniNIX/Kapisi
AniNIX/Kapisi
3
0
Fork 0
Code Issues 25 Pull Requests Projects 1 Releases Wiki Activity

Adding better syslog

Browse Source
This commit is contained in:
DarkFeather 2020-10-18 23:49:25 -05:00
parent e12c8ff0c6
commit ffbd7b7bd8
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
6 changed files with 134 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
examples/msn0.yml
View File

@ -2,6 +2,7 @@ all:
vars: vars:
replica_domain: MSN0.AniNIX.net replica_domain: MSN0.AniNIX.net
dns: 10.0.1.7 dns: 10.0.1.7
logserver: 10.0.1.5
children: children:
prod: prod:
hosts: hosts:

9
roles/Sharingan-Data/files/sharingan-heartbeat.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=AniNIX/Sharingan | Heartbeat service
[Service]
ExecStart=/usr/sbin/systemctl is-system-running
Type=oneshot
RemainAfterExit=no
User=root
Group=root

11
roles/Sharingan-Data/files/sharingan-heartbeat.timer Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=AniNIX/Sharingan | Heartbeat timer
[Timer]
OnCalendar=*-*-* *:00/5:00
AccuracySec=12h
Persistent=true
[Install]
WantedBy=timers.target

99
roles/Sharingan-Data/tasks/main.yml
View File

@ -1,6 +1,95 @@
--- ---
name: Sharingan data filers - name: Sharingan data filers
become: yes become: yes
package: package:
name: state: present
- syslog-ng name:
- syslog-ng
- name: Sharingan-Data apps dir
become: yes
file:
path: /etc/syslog-ng/apps.d
state: directory
- name: Sharingan-Data include apps dir
become: yes
lineinfile:
path: /etc/syslog-ng/syslog-ng.conf
line: "{{ item }}"
loop:
- '# Allow compartmentalization of config'
- '@include "apps.d/*.conf"'
- name: Sharingan-Data conf
become: yes
template:
src: graylog.conf.j2
dest: /etc/syslog-ng/apps.d/graylog.conf
owner: root
group: root
mode: 0750
- name: Sharingan-Data filer service
become: yes
copy:
remote_src: yes
src: /usr/lib/systemd/system/syslog-ng@.service
dest: /usr/lib/systemd/system/sharingan-data.service
owner: root
group: root
mode: 0750
- name: Sharingan-Data replace content
become: yes
replace:
path: /usr/lib/systemd/system/sharingan-data.service
regexp: '%i'
replace: 'default'
- name: Sharingan-Data set vanity description
become: yes
lineinfile:
path: /usr/lib/systemd/system/sharingan-data.service
regexp: 'Description='
line: 'Description=AniNIX/Sharingan | Data filer'
- name: Sharingan-Data heartbeat service
become: yes
copy:
src: sharingan-heartbeat.service
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0750
- name: Sharingan-Data heartbeat timer
become: yes
copy:
src: sharingan-heartbeat.timer
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0750
- systemd:
daemon_reload: yes
become: yes
- name: Start Sharingan-Data services
become: yes
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- sharingan-heartbeat.timer
- sharingan-data.service
- name: Disable default service
become: yes
service:
name: syslog-ng@default.service
state: stopped
enabled: no

10
roles/Sharingan-Data/templates/graylog.conf.j2 Normal file
View File

@ -0,0 +1,10 @@
# Define TCP syslog destination.
destination d_graylog {
syslog("{{ logserver }}" port(10514));
};
# Tell syslog-ng to send data from source s_src to the newly defined syslog destination.
log {
source(src); # Defined in the default syslog-ng configuration.
destination(d_graylog);
};

18
roles/basics/tasks/main.yml
View File

@ -83,17 +83,18 @@
line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}" line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
state: present state: present
- name: Identify depriv user
command:
cmd: "bash -c 'getent passwd 1001 | cut -f 1 -d :'"
register: depriv_user
# This is an AniNIX convention to allow password management by Ansible. # This is an AniNIX convention to allow password management by Ansible.
- name: Ensure 1001 has sudo permissions. - name: Ensure SSH user has sudo permissions.
become: yes become: yes
copy: copy:
dest: /etc/sudoers.d/1001 dest: /etc/sudoers.d/basics
content: "{{ depriv_user.stdout }} ALL=(ALL) NOPASSWD: ALL\n" content: "{{ lookup('env','USER') }} ALL=(ALL) NOPASSWD: ALL\n"
# Remove unneeded file
- file:
path: /etc/sudoers.d/1001
state: absent
become: yes
- name: Test root password - name: Test root password
ignore_errors: yes ignore_errors: yes
@ -111,7 +112,6 @@
command: command:
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd" cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd"
- name: Define depriv password - name: Define depriv password
become: yes become: yes
when: root_password_test.rc is not defined or root_password_test.rc != 0 when: root_password_test.rc is not defined or root_password_test.rc != 0