Fix rsyslog file and directory permissions

roles/rsyslog/templates/archival.conf.j2

@@ -24,4 +24,12 @@ template(
     type="omfile"
     dynafile="FilePerDay"
     template="RSYSLOG_FileFormat"
+    fileCreateMode="{{ rsyslog_file_create_mode }}"
+    dirCreateMode="{{ rsyslog_dir_create_mode }}"
+    createDirs="{{ rsyslog_create_dirs | ternary('on', 'off') }}"
+    fileOwner="{{ rsyslog_file_owner }}"
+    fileGroup="{{ rsyslog_file_group }}"
+    dirOwner="{{ rsyslog_file_owner }}"
+    dirGroup="{{ rsyslog_file_group }}"
+    umask="{{ rsyslog_umask }}"
 )

roles/rsyslog/templates/rsyslog.conf.j2

@@ -27,9 +27,18 @@ $FileOwner {{ rsyslog_file_owner }}
 {% if rsyslog_file_group is defined %}
 $FileGroup {{ rsyslog_file_group }}
 {% endif %}
+{% if rsyslog_dir_owner is defined %}
+$FileOwner {{ rsyslog_dir_owner }}
+{% endif %}
+{% if rsyslog_dir_group is defined %}
+$FileGroup {{ rsyslog_dir_group }}
+{% endif %}
 {% if rsyslog_file_create_mode is defined %}
 $FileCreateMode {{ rsyslog_file_create_mode }}
 {% endif %}
+{% if rsyslog_create_dirs is defined %}
+CreateDirs {{ rsyslog_create_dirs | ternary('on', 'off') }}
+{% endif %}
 {% if rsyslog_dir_create_mode is defined %}
 $DirCreateMode {{ rsyslog_dir_create_mode }}
 {% endif %}

roles/rsyslog/vars/Debian.yaml

@@ -1,8 +1,11 @@
 ---
 rsyslog_file_owner: syslog
 rsyslog_file_group: adm
-rsyslog_file_create_mode: "0644"
+rsyslog_dir_owner: syslog
+rsyslog_dir_group: adm
+rsyslog_file_create_mode: "0640"
 rsyslog_dir_create_mode: "0755"
+rsyslog_create_dirs: yes
 rsyslog_umask: "0022"
 rsyslog_priv_drop_to_user: syslog
 rsyslog_priv_drop_to_group: syslog