Add rsyslog role

roles/rsyslog/defaults/main.yaml

@@ -0,0 +1,30 @@
+---
+rsyslog_package_name: rsyslog
+rsyslog_package_state: present
+
+rsyslog_service_name: rsyslog
+rsyslog_service_state: started
+rsyslog_service_enabled: true
+
+rsyslog_module_imuxsock_enabled: true
+rsyslog_module_immark_enabled: true
+rsyslog_module_imudp_enabled: true
+rsyslog_module_imtcp_enabled: true
+
+rsyslog_load_modules:
+  - name: imuxsock
+  - name: immark
+  - name: imklog
+    params:
+      permitnonkernelfacility: "on"
+
+rsyslog_work_directory: /var/spool/rsyslog
+rsyslog_include_config: /etc/rsyslog.d/*.conf
+
+#rsyslog_action_file_default_template: RSYSLOG_TraditionalFileFormat
+rsyslog_repeated_msg_reduction: "on"
+
+rsyslog_default_rules_state: file
+rsyslog_default_rules: []
+rsyslog_rules: []
+rsyslog_archival_format_enabled: false

roles/rsyslog/handlers/main.yaml

@@ -0,0 +1,8 @@
+---
+- name: restart rsyslog
+  service:
+    name: "{{ rsyslog_service_name }}"
+    state: restarted
+  when: rsyslog_service_enabled
+
+# vim:ft=yaml.ansible:

roles/rsyslog/tasks/archival.yaml

@@ -0,0 +1,42 @@
+---
+- name: disable default rules
+  set_fact:
+    rsyslog_default_rules_state: absent
+  when: rsyslog_archival_format_enabled
+
+- name: check status of /var/log/syslog
+  stat:
+    path: /var/log/syslog
+  register: st
+
+- name: delete files
+  file:
+    path: "{{ item }}"
+    state: "{{ rsyslog_archival_format_enabled | ternary('absent', 'file') }}"
+  when: rsyslog_archival_format_enabled and st.stat.exists and  st.stat.isreg
+  with_items:
+    - /var/log/syslog
+
+- name: configure archival format
+  template:
+    src: archival.conf.j2
+    dest: /etc/rsyslog.d/10-archival.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart rsyslog
+  when: rsyslog_archival_format_enabled
+
+- name: manage archive rules
+  file:
+    path: /etc/rsyslog.d/10-archival.conf
+    state: "{{ rsyslog_archival_format_enabled | ternary('file', 'absent') }}"
+
+- name: compress log cron job
+  cron:
+    name: compress syslog
+    minute: "0"
+    hour: "1"
+    user: root
+    job: find /var/log/syslog/ -type f ! -name "*$(date +%Y%m%d)*.log" -name "*.log" -exec xz {} \;
+    state: "{{ rsyslog_archival_format_enabled | ternary('present', 'absent') }}"

roles/rsyslog/tasks/main.yaml

@@ -0,0 +1,44 @@
+- name: gather OS specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+    - "{{ ansible_distribution }}.yaml"
+    - "{{ ansible_os_family }}.yaml"
+
+- name: install package
+  package:
+    name: "{{ rsyslog_package_name }}"
+    state: "{{ rsyslog_package_state }}"
+
+- name: configure
+  template:
+    src: rsyslog.conf.j2
+    dest: /etc/rsyslog.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart rsyslog
+
+- name: configure archival format
+  include: archival.yaml
+
+- name: configure default rules
+  template:
+    src: default.conf.j2
+    dest: /etc/rsyslog.d/50-default.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart rsyslog
+  when: rsyslog_default_rules_state == "file"
+
+- name: manage default rules
+  file:
+    path: /etc/rsyslog.d/50-default.conf
+    state: "{{ rsyslog_default_rules_state }}"
+
+- name: manage service
+  service:
+    name: "{{ rsyslog_service_name }}"
+    state: "{{ rsyslog_service_state }}"
+    enabled: "{{ rsyslog_service_enabled }}"

roles/rsyslog/templates/archival.conf.j2

@@ -0,0 +1,27 @@
+# {{ ansible_managed }}
+
+template(
+    name="FilePerDay"
+    type="list"
+) {
+    constant(value="/var/log/syslog/")
+    property(name="hostname")
+    constant(value="/")
+    property(name="syslogfacility-text")
+    constant(value="/")
+    property(name="timereported" dateformat="year")
+    property(name="timereported" dateformat="month")
+    constant(value="/")
+    property(name="timereported" dateformat="year")
+    property(name="timereported" dateformat="month")
+    property(name="timereported" dateformat="day")
+    constant(value="-")
+    property(name="syslogfacility-text")
+    constant(value=".log")
+}
+
+*.* action(
+    type="omfile"
+    dynafile="FilePerDay"
+    template="RSYSLOG_FileFormat"
+)

roles/rsyslog/templates/default.conf.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for rule in rsyslog_default_rules %}
+{{ rule }}
+{% endfor %}

roles/rsyslog/templates/rsyslog.conf.j2

@@ -0,0 +1,47 @@
+# {{ ansible_managed }}
+
+{% for module in rsyslog_load_modules | default([]) %}
+{% if module.enabled | default(true) %}
+module(
+  load="{{ module.name }}"
+{% if module.params is defined and module.params is mapping %}
+{% for k, v in module.params.items() | default({}) %}
+  {{ k }}="{{ v }}"
+{% endfor %}
+{% endif %}
+)
+{% endif %}
+{% endfor %}
+
+{% if rsyslog_action_file_default_template is defined %}
+$ActionFileDefaultTemplate {{ rsyslog_action_file_default_template }}
+{% endif %}
+
+{% if rsyslog_repeated_msg_reduction is defined %}
+$RepeatedMsgReduction {{ rsyslog_repeated_msg_reduction }}
+{% endif %}
+
+{% if rsyslog_file_owner is defined %}
+$FileOwner {{ rsyslog_file_owner }}
+{% endif %}
+{% if rsyslog_file_group is defined %}
+$FileGroup {{ rsyslog_file_group }}
+{% endif %}
+{% if rsyslog_file_create_mode is defined %}
+$FileCreateMode {{ rsyslog_file_create_mode }}
+{% endif %}
+{% if rsyslog_dir_create_mode is defined %}
+$DirCreateMode {{ rsyslog_dir_create_mode }}
+{% endif %}
+{% if rsyslog_umask is defined %}
+$Umask {{ rsyslog_umask }}
+{% endif %}
+{% if rsyslog_priv_drop_to_user is defined %}
+$PrivDropToUser {{ rsyslog_priv_drop_to_user }}
+{% endif %}
+{% if rsyslog_priv_drop_to_group is defined %}
+$PrivDropToGroup {{ rsyslog_priv_drop_to_group }}
+{% endif %}
+
+$WorkDirectory {{ rsyslog_work_directory }}
+$IncludeConfig {{ rsyslog_include_config }}

roles/rsyslog/templates/rules.conf.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for rule in rsyslog_rules %}
+{{ rule }}
+{% endfor %}

roles/rsyslog/vars/Debian.yaml

@@ -0,0 +1,16 @@
+---
+rsyslog_file_owner: syslog
+rsyslog_file_group: adm
+rsyslog_file_create_mode: "0644"
+rsyslog_dir_create_mode: "0755"
+rsyslog_umask: "0022"
+rsyslog_priv_drop_to_user: syslog
+rsyslog_priv_drop_to_group: syslog
+
+rsyslog_default_rules:
+  - "auth,authpriv.*           /var/log/auth.log"
+  - "*.*;auth,authpriv.none   -/var/log/syslog"
+  - "kern.*                   -/var/log/kern.log"
+  - "mail.*                   -/var/log/mail.log"
+  - "mail.err                 /var/log/mail.err"
+  - "*.emerg                  :omusrmsg:*"