Adding better syslog
This commit is contained in:
parent
e12c8ff0c6
commit
ffbd7b7bd8
GPG Key ID:
1CC1E3F4ED06F296
@ -2,6 +2,7 @@ all:
|
||||
vars:
|
||||
replica_domain: MSN0.AniNIX.net
|
||||
dns: 10.0.1.7
|
||||
logserver: 10.0.1.5
|
||||
children:
|
||||
prod:
|
||||
hosts:
|
||||
|
||||
9
roles/Sharingan-Data/files/sharingan-heartbeat.service
Normal file
9
roles/Sharingan-Data/files/sharingan-heartbeat.service
Normal file
@ -0,0 +1,9 @@
|
||||
[Unit]
|
||||
Description=AniNIX/Sharingan | Heartbeat service
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/sbin/systemctl is-system-running
|
||||
Type=oneshot
|
||||
RemainAfterExit=no
|
||||
User=root
|
||||
Group=root
|
||||
11
roles/Sharingan-Data/files/sharingan-heartbeat.timer
Normal file
11
roles/Sharingan-Data/files/sharingan-heartbeat.timer
Normal file
@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=AniNIX/Sharingan | Heartbeat timer
|
||||
|
||||
[Timer]
|
||||
OnCalendar=*-*-* *:00/5:00
|
||||
AccuracySec=12h
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
|
||||
@ -1,6 +1,95 @@
|
||||
---
|
||||
name: Sharingan data filers
|
||||
become: yes
|
||||
package:
|
||||
name:
|
||||
- syslog-ng
|
||||
- name: Sharingan data filers
|
||||
become: yes
|
||||
package:
|
||||
state: present
|
||||
name:
|
||||
- syslog-ng
|
||||
|
||||
- name: Sharingan-Data apps dir
|
||||
become: yes
|
||||
file:
|
||||
path: /etc/syslog-ng/apps.d
|
||||
state: directory
|
||||
|
||||
- name: Sharingan-Data include apps dir
|
||||
become: yes
|
||||
lineinfile:
|
||||
path: /etc/syslog-ng/syslog-ng.conf
|
||||
line: "{{ item }}"
|
||||
loop:
|
||||
- '# Allow compartmentalization of config'
|
||||
- '@include "apps.d/*.conf"'
|
||||
|
||||
- name: Sharingan-Data conf
|
||||
become: yes
|
||||
template:
|
||||
src: graylog.conf.j2
|
||||
dest: /etc/syslog-ng/apps.d/graylog.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0750
|
||||
|
||||
- name: Sharingan-Data filer service
|
||||
become: yes
|
||||
copy:
|
||||
remote_src: yes
|
||||
src: /usr/lib/systemd/system/syslog-ng@.service
|
||||
dest: /usr/lib/systemd/system/sharingan-data.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0750
|
||||
|
||||
- name: Sharingan-Data replace content
|
||||
become: yes
|
||||
replace:
|
||||
path: /usr/lib/systemd/system/sharingan-data.service
|
||||
regexp: '%i'
|
||||
replace: 'default'
|
||||
|
||||
- name: Sharingan-Data set vanity description
|
||||
become: yes
|
||||
lineinfile:
|
||||
path: /usr/lib/systemd/system/sharingan-data.service
|
||||
regexp: 'Description='
|
||||
line: 'Description=AniNIX/Sharingan | Data filer'
|
||||
|
||||
|
||||
- name: Sharingan-Data heartbeat service
|
||||
become: yes
|
||||
copy:
|
||||
src: sharingan-heartbeat.service
|
||||
dest: /usr/lib/systemd/system
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0750
|
||||
|
||||
- name: Sharingan-Data heartbeat timer
|
||||
become: yes
|
||||
copy:
|
||||
src: sharingan-heartbeat.timer
|
||||
dest: /usr/lib/systemd/system
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0750
|
||||
|
||||
- systemd:
|
||||
daemon_reload: yes
|
||||
become: yes
|
||||
|
||||
- name: Start Sharingan-Data services
|
||||
become: yes
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
state: started
|
||||
enabled: yes
|
||||
loop:
|
||||
- sharingan-heartbeat.timer
|
||||
- sharingan-data.service
|
||||
|
||||
- name: Disable default service
|
||||
become: yes
|
||||
service:
|
||||
name: syslog-ng@default.service
|
||||
state: stopped
|
||||
enabled: no
|
||||
|
||||
10
roles/Sharingan-Data/templates/graylog.conf.j2
Normal file
10
roles/Sharingan-Data/templates/graylog.conf.j2
Normal file
@ -0,0 +1,10 @@
|
||||
# Define TCP syslog destination.
|
||||
destination d_graylog {
|
||||
syslog("{{ logserver }}" port(10514));
|
||||
};
|
||||
# Tell syslog-ng to send data from source s_src to the newly defined syslog destination.
|
||||
log {
|
||||
source(src); # Defined in the default syslog-ng configuration.
|
||||
destination(d_graylog);
|
||||
};
|
||||
|
||||
@ -83,17 +83,18 @@
|
||||
line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
|
||||
state: present
|
||||
|
||||
- name: Identify depriv user
|
||||
command:
|
||||
cmd: "bash -c 'getent passwd 1001 | cut -f 1 -d :'"
|
||||
register: depriv_user
|
||||
|
||||
# This is an AniNIX convention to allow password management by Ansible.
|
||||
- name: Ensure 1001 has sudo permissions.
|
||||
- name: Ensure SSH user has sudo permissions.
|
||||
become: yes
|
||||
copy:
|
||||
dest: /etc/sudoers.d/1001
|
||||
content: "{{ depriv_user.stdout }} ALL=(ALL) NOPASSWD: ALL\n"
|
||||
dest: /etc/sudoers.d/basics
|
||||
content: "{{ lookup('env','USER') }} ALL=(ALL) NOPASSWD: ALL\n"
|
||||
|
||||
# Remove unneeded file
|
||||
- file:
|
||||
path: /etc/sudoers.d/1001
|
||||
state: absent
|
||||
become: yes
|
||||
|
||||
- name: Test root password
|
||||
ignore_errors: yes
|
||||
@ -111,7 +112,6 @@
|
||||
command:
|
||||
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd"
|
||||
|
||||
|
||||
- name: Define depriv password
|
||||
become: yes
|
||||
when: root_password_test.rc is not defined or root_password_test.rc != 0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user