From 321a32ee15d9f69ee37a4bde75e53ad610ddea2a Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Sat, 14 Mar 2015 15:59:17 -0500 Subject: [PATCH] Add new rsyslog server role This commit adds the rsyslog_server role which will provide a system which all logs will be agregeated. This change is part 2 of 3 to update all of the logging bits within the stack such that they're made more generic and community consumable. Roles added: * rsyslog_server Plays added: * rsyslog-install.yml Plays modified: * setup-infrastructure.yml DocImpact Implements: blueprint rsyslog-update Change-Id: I7627e362a7ee3b560dc02a1beda2034998216451 --- playbooks/inventory/group_vars/all.yml | 5 + .../roles/rsyslog_server/CONTRIBUTING.rst | 85 ++++++++ playbooks/roles/rsyslog_server/LICENSE | 202 ++++++++++++++++++ playbooks/roles/rsyslog_server/README.rst | 15 ++ .../roles/rsyslog_server/defaults/main.yml | 31 +++ .../rsyslog_server/files/50-default.conf | 16 ++ playbooks/roles/rsyslog_server/meta/main.yml | 31 +++ playbooks/roles/rsyslog_server/tasks/main.yml | 18 ++ .../tasks/rsyslog_server_install.yml | 40 ++++ .../tasks/rsyslog_server_post_install.yml | 52 +++++ .../tasks/rsyslog_server_pre_install.yml | 26 +++ .../templates/os_aggregate_storage.j2 | 12 ++ .../rsyslog_server/templates/rsyslog.conf.j2 | 61 ++++++ playbooks/rsyslog-install.yml | 49 +++++ playbooks/setup-infrastructure.yml | 1 + 15 files changed, 644 insertions(+) create mode 100644 playbooks/roles/rsyslog_server/CONTRIBUTING.rst create mode 100644 playbooks/roles/rsyslog_server/LICENSE create mode 100644 playbooks/roles/rsyslog_server/README.rst create mode 100644 playbooks/roles/rsyslog_server/defaults/main.yml create mode 100644 playbooks/roles/rsyslog_server/files/50-default.conf create mode 100644 playbooks/roles/rsyslog_server/meta/main.yml create mode 100644 playbooks/roles/rsyslog_server/tasks/main.yml create mode 100644 playbooks/roles/rsyslog_server/tasks/rsyslog_server_install.yml create mode 100644 playbooks/roles/rsyslog_server/tasks/rsyslog_server_post_install.yml create mode 100644 playbooks/roles/rsyslog_server/tasks/rsyslog_server_pre_install.yml create mode 100644 playbooks/roles/rsyslog_server/templates/os_aggregate_storage.j2 create mode 100644 playbooks/roles/rsyslog_server/templates/rsyslog.conf.j2 create mode 100644 playbooks/rsyslog-install.yml diff --git a/playbooks/inventory/group_vars/all.yml b/playbooks/inventory/group_vars/all.yml index 6d7801859d..70af29cb52 100644 --- a/playbooks/inventory/group_vars/all.yml +++ b/playbooks/inventory/group_vars/all.yml @@ -25,6 +25,11 @@ repo_server_port: 8181 repo_pip_default_index: "http://rpc-repo.rackspace.com/pools" +## Rsyslog server +rsyslog_server_spool_directory: /var/spool/rsyslog +rsyslog_server_storage_directory: /var/log/log-storage + + ## OpenStack Source Code Release openstack_release: master # URL for the frozen internal openstack repo. diff --git a/playbooks/roles/rsyslog_server/CONTRIBUTING.rst b/playbooks/roles/rsyslog_server/CONTRIBUTING.rst new file mode 100644 index 0000000000..5c0ce81b2e --- /dev/null +++ b/playbooks/roles/rsyslog_server/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack rsyslog server +######################## +:tags: openstack, rsyslog, server, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/rsyslog_server/LICENSE b/playbooks/roles/rsyslog_server/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/rsyslog_server/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/rsyslog_server/README.rst b/playbooks/roles/rsyslog_server/README.rst new file mode 100644 index 0000000000..b1c4928248 --- /dev/null +++ b/playbooks/roles/rsyslog_server/README.rst @@ -0,0 +1,15 @@ +OpenStack rsyslog server +######################## +:tags: openstack, rsyslog, server, cloud, ansible +:category: \*nix + +Role to deploy rsyslog for use within OpenStack when deploying services using containers. + +.. code-block:: yaml + + - name: Install rsyslog + hosts: rsyslog + max_fail_percentage: 20 + user: root + roles: + - { role: "rsyslog_server", tags: [ "rsyslog-server" ] } diff --git a/playbooks/roles/rsyslog_server/defaults/main.yml b/playbooks/roles/rsyslog_server/defaults/main.yml new file mode 100644 index 0000000000..5e9598998f --- /dev/null +++ b/playbooks/roles/rsyslog_server/defaults/main.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +rsyslog_server_apt_repos: + - { repo: "ppa:adiscon/v8-stable", state: "present" } + +rsyslog_server_apt_packages: + - rsyslog + +rsyslog_server_spool_directory: /var/spool/rsyslog +rsyslog_server_storage_directory: /var/log/rsyslog + +# provides UDP syslog reception +rsyslog_server_udp_reception: true +rsyslog_server_udp_port: 514 + +# provides TCP syslog reception +rsyslog_server_tcp_reception: true +rsyslog_server_tcp_port: 514 diff --git a/playbooks/roles/rsyslog_server/files/50-default.conf b/playbooks/roles/rsyslog_server/files/50-default.conf new file mode 100644 index 0000000000..45741f5c72 --- /dev/null +++ b/playbooks/roles/rsyslog_server/files/50-default.conf @@ -0,0 +1,16 @@ +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +mail.err /var/log/mail.err + +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice -/var/log/news/news.notice + +*.emerg :omusrmsg:* diff --git a/playbooks/roles/rsyslog_server/meta/main.yml b/playbooks/roles/rsyslog_server/meta/main.yml new file mode 100644 index 0000000000..d52cdce8a7 --- /dev/null +++ b/playbooks/roles/rsyslog_server/meta/main.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Rsyslog server install + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - rsyslog + - development + - openstack +dependencies: [] diff --git a/playbooks/roles/rsyslog_server/tasks/main.yml b/playbooks/roles/rsyslog_server/tasks/main.yml new file mode 100644 index 0000000000..146069a411 --- /dev/null +++ b/playbooks/roles/rsyslog_server/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: rsyslog_server_pre_install.yml +- include: rsyslog_server_install.yml +- include: rsyslog_server_post_install.yml diff --git a/playbooks/roles/rsyslog_server/tasks/rsyslog_server_install.yml b/playbooks/roles/rsyslog_server/tasks/rsyslog_server_install.yml new file mode 100644 index 0000000000..42f8a7818e --- /dev/null +++ b/playbooks/roles/rsyslog_server/tasks/rsyslog_server_install.yml @@ -0,0 +1,40 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Rsyslog apt repository + apt_repository: + repo: "{{ item.repo }}" + state: "{{ item.state }}" + with_items: rsyslog_server_apt_repos + register: add_repos + until: add_repos|success + retries: 5 + delay: 2 + tags: + - rsyslog-apt-repositories + +- name: Install rsyslog packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: rsyslog_server_apt_packages + tags: + - rsyslog-apt-packages diff --git a/playbooks/roles/rsyslog_server/tasks/rsyslog_server_post_install.yml b/playbooks/roles/rsyslog_server/tasks/rsyslog_server_post_install.yml new file mode 100644 index 0000000000..1990c15fb3 --- /dev/null +++ b/playbooks/roles/rsyslog_server/tasks/rsyslog_server_post_install.yml @@ -0,0 +1,52 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Stop rsyslog + service: + name: "rsyslog" + state: "stopped" + failed_when: false + tags: + - rsyslog-config + +- name: Rsyslog basic setup + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "root" + group: "root" + with_items: + - { src: "rsyslog.conf.j2", dest: "/etc/rsyslog.conf" } + - { src: "os_aggregate_storage.j2", dest: "/etc/logrotate.d/os_aggregate_storage" } + tags: + - rsyslog-config + +- name: Rsyslog defaults setup + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "root" + group: "root" + with_items: + - { src: "50-default.conf", dest: "/etc/rsyslog.d/50-default.conf" } + tags: + - rsyslog-config + +- name: Start rsyslog + service: + name: "rsyslog" + state: "started" + tags: + - rsyslog-config diff --git a/playbooks/roles/rsyslog_server/tasks/rsyslog_server_pre_install.yml b/playbooks/roles/rsyslog_server/tasks/rsyslog_server_pre_install.yml new file mode 100644 index 0000000000..de5970cd57 --- /dev/null +++ b/playbooks/roles/rsyslog_server/tasks/rsyslog_server_pre_install.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure ownership on working directories are correct + file: + path: "{{ item }}" + state: "directory" + owner: "syslog" + group: "adm" + with_items: + - "{{ rsyslog_server_storage_directory }}" + - "{{ rsyslog_server_spool_directory }}" + tags: + - rsyslog-server-dirs diff --git a/playbooks/roles/rsyslog_server/templates/os_aggregate_storage.j2 b/playbooks/roles/rsyslog_server/templates/os_aggregate_storage.j2 new file mode 100644 index 0000000000..1da60c798e --- /dev/null +++ b/playbooks/roles/rsyslog_server/templates/os_aggregate_storage.j2 @@ -0,0 +1,12 @@ +{{ rsyslog_server_storage_directory }}/**/*.log +{ + copytruncate + weekly + missingok + rotate 14 + compress + dateext + maxage 60 + notifempty + nocreate +} diff --git a/playbooks/roles/rsyslog_server/templates/rsyslog.conf.j2 b/playbooks/roles/rsyslog_server/templates/rsyslog.conf.j2 new file mode 100644 index 0000000000..5f2e35ba2f --- /dev/null +++ b/playbooks/roles/rsyslog_server/templates/rsyslog.conf.j2 @@ -0,0 +1,61 @@ +# {{ ansible_managed }} + +################# +#### MODULES #### +################# +$ModLoad imuxsock # provides support for local system logging +$ModLoad imklog # provides kernel logging support + +{% if rsyslog_server_udp_reception == true %} +# provides UDP syslog reception +$ModLoad imudp +$UDPServerRun {{ rsyslog_server_udp_port }} +{% endif %} + +{% if rsyslog_server_tcp_reception == true %} +# provides TCP syslog reception +$ModLoad imtcp +$InputTCPServerRun {{ rsyslog_server_tcp_port }} +{% endif %} + +# Enable non-kernel facility klog messages +$KLogPermitNonKernelFacility on + + +########################### +#### GLOBAL DIRECTIVES #### +########################### +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# Filter duplicated messages +$RepeatedMsgReduction on + +# +# Set the default permissions for all log files. +# +$FileOwner syslog +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 +$PrivDropToUser syslog +$PrivDropToGroup syslog + +# +# Where to place spool and state files +# +$WorkDirectory {{ rsyslog_server_spool_directory }} + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + +$template DDF, "{{ rsyslog_server_storage_directory }}/%hostname%/%programname%.log" +if \ +$source != 'logsrv' \ +then -?DDF diff --git a/playbooks/rsyslog-install.yml b/playbooks/rsyslog-install.yml new file mode 100644 index 0000000000..2b818c5cb9 --- /dev/null +++ b/playbooks/rsyslog-install.yml @@ -0,0 +1,49 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install rsyslog + hosts: rsyslog + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Ensure log stroage directory exists + file: + path: "/openstack/{{ container_name }}/log-storage" + state: "directory" + delegate_to: "{{ physical_host }}" + when: is_metal == false or is_metal == "False" + tags: + - rsyslog-storage-dirs + - name: Rsyslog server extra lxc config + lxc-container: + name: "{{ container_name }}" + container_command: | + [[ ! -d "{{ storage_directory }}" ]] && mkdir -p "{{ storage_directory }}" + container_config: + - "lxc.mount.entry=/openstack/{{ container_name }}/log-storage {{ storage_directory.lstrip('/') }} none bind 0 0" + delegate_to: "{{ physical_host }}" + when: is_metal == false or is_metal == "False" + tags: + - rsyslog-storage-dirs + - name: Flush net cache + command: /usr/local/bin/lxc-system-manage flush-net-cache + delegate_to: "{{ physical_host }}" + tags: + - flush-net-cache + roles: + - { role: "rsyslog_server", tags: [ "rsyslog-server" ] } + vars: + storage_directory: "{{ rsyslog_server_storage_directory }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/setup-infrastructure.yml b/playbooks/setup-infrastructure.yml index 899cc59d6a..844862a092 100644 --- a/playbooks/setup-infrastructure.yml +++ b/playbooks/setup-infrastructure.yml @@ -18,3 +18,4 @@ - include: galera-install.yml - include: rabbitmq-install.yml - include: utility-install.yml +- include: rsyslog-install.yml