Merge "Separate remote log stream from local"

2016-09-09 12:27:25 +00:00 · 2016-09-09 12:27:25 +00:00 · ae5f9252c8
commit ae5f9252c8
parent 3271242b16 2e9a46068f
5 changed files with 46 additions and 34 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -21,6 +21,7 @@ rsyslog_server_package_state: "latest"

 rsyslog_server_spool_directory: /var/spool/rsyslog
 rsyslog_server_storage_directory: /var/log/rsyslog
+rsyslog_server_logrotation_window: 14 #Number of days to keep logfiles

 # provides UDP syslog reception
 rsyslog_server_udp_reception: true
@ -29,3 +30,9 @@ rsyslog_server_udp_port: 514
 # provides TCP syslog reception
 rsyslog_server_tcp_reception: true
 rsyslog_server_tcp_port: 514
+
+# Rate limits
+rsyslog_server_ratelimit_interval: 0 # Disabled by default
+
+# To use this setting, you have to configure a interval >0 seconds for rsyslog_server_ratelimit_interval
+rsyslog_server_ratelimit_burst: 10000
--- a/releasenotes/notes/rsyslog-remote-log-separation-76de4b64f0c18edb.yaml
+++ b/releasenotes/notes/rsyslog-remote-log-separation-76de4b64f0c18edb.yaml
@ -0,0 +1,8 @@
+---
+upgrade:
+  - New overrides are provided to allow for better customization
+    around logfile retention and rate limiting for UDP/TCP sockets.
+    ``rsyslog_server_logrotation_window`` defaults to 14 days
+    ``rsyslog_server_ratelimit_interval`` defaults to 0 seconds
+    ``rsyslog_server_ratelimit_burst`` defaults to 10000
+  - The rsyslog.conf is now using v7+ style configuration settings
--- a/templates/os_aggregate_storage.j2
+++ b/templates/os_aggregate_storage.j2
@ -3,7 +3,7 @@
        copytruncate
        weekly
        missingok
-        rotate 14
+        rotate {{ rsyslog_server_logrotation_window }}
        compress
        dateext
        maxage 60
--- a/templates/rsyslog.conf.j2
+++ b/templates/rsyslog.conf.j2
@ -3,40 +3,21 @@
 #################
 #### MODULES ####
 #################
-$ModLoad imuxsock # provides support for local system logging
-$ModLoad imklog   # provides kernel logging support
-
-{% if rsyslog_server_udp_reception == true %}
-# provides UDP syslog reception
-$ModLoad imudp
-$UDPServerRun {{ rsyslog_server_udp_port }}
-{% endif %}
-
-{% if rsyslog_server_tcp_reception == true %}
-# provides TCP syslog reception
-$ModLoad imtcp
-$InputTCPServerRun {{ rsyslog_server_tcp_port }}
-{% endif %}
-
-# Enable non-kernel facility klog messages
-$KLogPermitNonKernelFacility on
-
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog") # provides kernel logging support

 ###########################
 #### GLOBAL DIRECTIVES ####
 ###########################
-#
+
 # Use traditional timestamp format.
 # To enable high precision timestamps, comment out the following line.
-#
 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

 # Filter duplicated messages
 $RepeatedMsgReduction on

-#
 # Set the default permissions for all log files.
-#
 $FileOwner syslog
 $FileGroup adm
 $FileCreateMode 0640
@ -45,17 +26,33 @@ $Umask 0022
 $PrivDropToUser syslog
 $PrivDropToGroup syslog

-#
 # Where to place spool and state files
-#
 $WorkDirectory {{ rsyslog_server_spool_directory }}

-#
-# Include all config files in /etc/rsyslog.d/
-#
-$IncludeConfig /etc/rsyslog.d/*.conf

-$template DDF, "{{ rsyslog_server_storage_directory }}/%hostname%/%programname%.log"
-if \
-$source != 'logsrv' \
-then -?DDF
+# Log all remote messages into a sub directory
+template(name="DDF" type="string" string="{{ rsyslog_server_storage_directory }}/%hostname%/%programname%.log")
+ruleset(name="remote"){
+  *.* -?DDF
+}
+
+# Switch back to default ruleset
+$Ruleset RSYSLOG_DefaultRuleset
+
+# Enable non-kernel facility klog messages
+$KLogPermitNonKernelFacility on
+
+{% if rsyslog_server_udp_reception == true %}
+# Provides UDP syslog reception
+module(load="imudp")
+input(type="imudp" port="{{ rsyslog_server_udp_port }}" ruleset="remote" RateLimit.Interval="{{ rsyslog_server_ratelimit_interval }}" RateLimit.Burst="{{ rsyslog_server_ratelimit_burst }}")
+{% endif %}
+
+{% if rsyslog_server_tcp_reception == true %}
+# Provides TCP syslog reception
+module(load="imtcp")
+input(type="imtcp" port="514" ruleset="remote" RateLimit.Interval="{{ rsyslog_server_ratelimit_interval }}" RateLimit.Burst="{{ rsyslog_server_ratelimit_burst }}")
+{% endif %}
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
--- a/tests/test.yml
+++ b/tests/test.yml
@ -33,5 +33,5 @@
    - name: Check role functions
      assert:
        that:
-          - "'$template DDF' in (rsyslog_conf.content | b64decode)"
+          - "'template(name=\"DDF' in (rsyslog_conf.content | b64decode)"
          - "os_aggregate_storage.stat.exists"