ansible/roles/rsyslog/tasks/archival.yaml

---
- name: disable default rules
  set_fact:
    rsyslog_default_rules_state: absent
  when: rsyslog_archival_format_enabled

- name: configure systemd tmpfiles.d
  template:
    src: tmpfiles_d-rsyslog.conf
    dest: /etc/tmpfiles.d/00rsyslog.conf
    owner: root
    group: root
    mode: 0644
  when: rsyslog_archival_format_enabled

- name: manage systemd tmpfiles.d override
  file:
    path: /etc/tmpfiles.d/00rsyslog.conf
    state: "{{ rsyslog_archival_format_enabled | ternary('file', 'absent') }}"

- name: find default log files
  find:
    path: /var/log
    file_type: file
    pattern: "{{ rsyslog_default_log_patterns }}"
  when: rsyslog_archival_format_enabled
  register: default_log_files

- name: delete files
  file:
    path: "{{ item.path }}"
    state: "{{ rsyslog_archival_format_enabled | ternary('absent', 'file') }}"
  when: rsyslog_archival_format_enabled
  with_items: "{{ default_log_files.files }}"

- name: delete logrotate configuration
  file:
    path: /etc/logrotate.d/rsyslog
    state: absent
  when: rsyslog_archival_format_enabled

- name: create /var/log/syslog
  file:
    path: /var/log/syslog
    owner: "{{ rsyslog_dir_owner }}"
    group: "{{ rsyslog_dir_group }}"
    mode: "{{ rsyslog_dir_create_mode }}"
    state: directory

- name: configure archival format
  template:
    src: archival.conf.j2
    dest: "{{ rsyslog_etc_path }}/10-archival.conf"
    owner: root
    group: root
    mode: 0644
  notify: restart rsyslog
  when: rsyslog_archival_format_enabled

- name: manage archive rules
  file:
    path: "{{ rsyslog_etc_path }}/10-archival.conf"
    state: "{{ rsyslog_archival_format_enabled | ternary('file', 'absent') }}"

- name: compress log cron job
  cron:
    name: compress syslog
    minute: "0"
    hour: "1"
    user: root
    job: find /var/log/syslog/ -mindepth 4 -type f -name "*.log" ! -newerct 00:00:00 -exec nice xz -f {} \;
    state: "{{ rsyslog_archival_format_enabled | ternary('present', 'absent') }}"

- name: purge log cron job
  cron:
    name: purge syslog
    minute: "0"
    hour: "2"
    user: root
    job: >
      find /var/log/syslog/ -mindepth 4 -type f -name "*.log.xz" -mtime +90 -delete &&
      find /var/log/syslog/ -mindepth 3 -type d -empty -delete      
    state: "{{ rsyslog_archival_format_enabled | ternary('present', 'absent') }}"