From aadde722759dacd3b4afdbee560bcafb1c9b63ac Mon Sep 17 00:00:00 2001 From: lauralani Date: Fri, 19 Jan 2024 08:25:49 +0100 Subject: [PATCH] first commit --- .gitignore | 160 ++++++++++++++++++ Makefile | 18 ++ production.yaml | 3 + readme.md | 1 + requirements.in | 2 + requirements.txt | 53 ++++++ roles/rsyslog/tasks/main.yml | 38 +++++ .../templates/rsyslog-receiver.logrotate.j2 | 13 ++ roles/rsyslog/templates/rsyslog.conf.j2 | 72 ++++++++ roles/rsyslog/vars/main.yml | 1 + rsyslog.yml | 4 + 11 files changed, 365 insertions(+) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 production.yaml create mode 100644 readme.md create mode 100644 requirements.in create mode 100644 requirements.txt create mode 100644 roles/rsyslog/tasks/main.yml create mode 100644 roles/rsyslog/templates/rsyslog-receiver.logrotate.j2 create mode 100644 roles/rsyslog/templates/rsyslog.conf.j2 create mode 100644 roles/rsyslog/vars/main.yml create mode 100644 rsyslog.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6769e21 --- /dev/null +++ b/.gitignore @@ -0,0 +1,160 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ +cover/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +.pybuilder/ +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +# For a library or package, you might want to ignore these files since the code is +# intended to run in multiple environments; otherwise, check them in: +# .python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# poetry +# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control +#poetry.lock + +# pdm +# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. +#pdm.lock +# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it +# in version control. +# https://pdm.fming.dev/#use-with-ide +.pdm.toml + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# Cython debug symbols +cython_debug/ + +# PyCharm +# JetBrains specific template is maintained in a separate JetBrains.gitignore that can +# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore +# and can be added to the global gitignore or merged into this file. For a more nuclear +# option (not recommended) you can uncomment the following to ignore the entire idea folder. +#.idea/ \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..97b8e55 --- /dev/null +++ b/Makefile @@ -0,0 +1,18 @@ +.PHONY: all venv clean + +ALL_TARGETS := venv + +PYTHON_BIN?=python3 + +all: $(ALL_TARGETS) + +venv: venv/bin/activate + +venv/bin/activate: requirements.txt + test -d venv || $(PYTHON_BIN) -m venv venv + . venv/bin/activate; pip install --upgrade pip wheel + . venv/bin/activate; pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org -r requirements.txt + touch venv/bin/activate + +clean: + test -d venv && rm -rf venv || exit 0 \ No newline at end of file diff --git a/production.yaml b/production.yaml new file mode 100644 index 0000000..9f0b61d --- /dev/null +++ b/production.yaml @@ -0,0 +1,3 @@ +rsyslog_receiver: + hosts: + syslog.lauka-home.net: \ No newline at end of file diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..a3584b8 --- /dev/null +++ b/readme.md @@ -0,0 +1 @@ +# ansible-public-dns \ No newline at end of file diff --git a/requirements.in b/requirements.in new file mode 100644 index 0000000..3ca5142 --- /dev/null +++ b/requirements.in @@ -0,0 +1,2 @@ +ansible +pip-tools \ No newline at end of file diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..d62e6af --- /dev/null +++ b/requirements.txt @@ -0,0 +1,53 @@ +# +# This file is autogenerated by pip-compile with Python 3.9 +# by the following command: +# +# pip-compile --output-file=requirements.txt requirements.in +# +ansible==8.7.0 + # via -r requirements.in +ansible-core==2.15.8 + # via ansible +build==1.0.3 + # via pip-tools +cffi==1.16.0 + # via cryptography +click==8.1.7 + # via pip-tools +cryptography==41.0.7 + # via ansible-core +importlib-metadata==7.0.1 + # via build +importlib-resources==5.0.7 + # via ansible-core +jinja2==3.1.3 + # via ansible-core +markupsafe==2.1.3 + # via jinja2 +packaging==23.2 + # via + # ansible-core + # build +pip-tools==7.3.0 + # via -r requirements.in +pycparser==2.21 + # via cffi +pyproject-hooks==1.0.0 + # via build +pyyaml==6.0.1 + # via ansible-core +resolvelib==1.0.1 + # via ansible-core +tomli==2.0.1 + # via + # build + # pip-tools + # pyproject-hooks +wheel==0.42.0 + # via pip-tools +zipp==3.17.0 + # via importlib-metadata + +# The following packages are considered to be unsafe in a requirements file: +# pip +# setuptools diff --git a/roles/rsyslog/tasks/main.yml b/roles/rsyslog/tasks/main.yml new file mode 100644 index 0000000..fe3b95e --- /dev/null +++ b/roles/rsyslog/tasks/main.yml @@ -0,0 +1,38 @@ +- name: Install rsyslog and logrotate + ansible.builtin.apt: + pkg: + - rsyslog + - logrotate + state: latest + update_cache: yes + register: package_install + +- name: Configure rsyslog + ansible.builtin.template: + src: rsyslog.conf.j2 + dest: /etc/rsyslog.conf + owner: root + group: root + mode: '0644' + register: rsyslog_config + +- name: Configure logrotate + ansible.builtin.template: + src: rsyslog-receiver.logrotate.j2 + dest: /etc/logrotate.d/rsyslog-receiver + owner: root + group: root + mode: '0644' + register: logrotate_config + +- name: Restart logrotate + ansible.builtin.service: + name: rsyslog + state: restarted + when: package_install.changed or rsyslog_config.changed + +- name: Restart logrotate + ansible.builtin.service: + name: logrotate + state: restarted + when: package_install.changed or logrotate_config.changed diff --git a/roles/rsyslog/templates/rsyslog-receiver.logrotate.j2 b/roles/rsyslog/templates/rsyslog-receiver.logrotate.j2 new file mode 100644 index 0000000..05e7522 --- /dev/null +++ b/roles/rsyslog/templates/rsyslog-receiver.logrotate.j2 @@ -0,0 +1,13 @@ +{{ syslog_path }}/*/*.log +{ + rotate 14 + daily + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} \ No newline at end of file diff --git a/roles/rsyslog/templates/rsyslog.conf.j2 b/roles/rsyslog/templates/rsyslog.conf.j2 new file mode 100644 index 0000000..ecf8b52 --- /dev/null +++ b/roles/rsyslog/templates/rsyslog.conf.j2 @@ -0,0 +1,72 @@ +# /etc/rsyslog.conf configuration file for rsyslog +# +# For more information install rsyslog-doc and see +# /usr/share/doc/rsyslog-doc/html/configuration/index.html + + +################# +#### MODULES #### +################# + +module(load="imuxsock") # provides support for local system logging +module(load="imklog") # provides kernel logging support +module(load="immark") # provides --MARK-- message capability + +# provides UDP syslog reception +module(load="imudp") +input(type="imudp" port="514") + +# provides TCP syslog reception +module(load="imtcp") +input(type="imtcp" port="514") + +$template RemoteLogs,"{{ syslog_path }}/%HOSTNAME%/syslog.log" +*.* ?RemoteLogs +& ~ + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + + +############### +#### RULES #### +############### + +# +# Log anything besides private authentication messages to a single log file +# +*.*;auth,authpriv.none -/var/log/syslog + +# +# Log commonly used facilities to their own log file +# +auth,authpriv.* /var/log/auth.log +cron.* -/var/log/cron.log +kern.* -/var/log/kern.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:* \ No newline at end of file diff --git a/roles/rsyslog/vars/main.yml b/roles/rsyslog/vars/main.yml new file mode 100644 index 0000000..f9643a7 --- /dev/null +++ b/roles/rsyslog/vars/main.yml @@ -0,0 +1 @@ +syslog_path: /logs diff --git a/rsyslog.yml b/rsyslog.yml new file mode 100644 index 0000000..d78cb09 --- /dev/null +++ b/rsyslog.yml @@ -0,0 +1,4 @@ +- hosts: rsyslog_receiver + gather_facts: no + roles: + - rsyslog \ No newline at end of file