From 39576fda386e7632cbfbab44618e8ca7bda41f61 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Mon, 28 Aug 2023 17:21:48 +0200 Subject: [PATCH] add bundle:rsyslogd --- bundles/rsyslogd/files/logrotate.conf | 10 +++++++++ bundles/rsyslogd/files/rsyslog.conf | 18 +++++++++++++++ bundles/rsyslogd/items.py | 18 +++++++++++++++ bundles/rsyslogd/metadata.py | 32 +++++++++++++++++++++++++++ bundles/systemd/metadata.py | 8 ++++--- nodes/home/nas.py | 6 +++++ 6 files changed, 89 insertions(+), 3 deletions(-) create mode 100644 bundles/rsyslogd/files/logrotate.conf create mode 100644 bundles/rsyslogd/files/rsyslog.conf create mode 100644 bundles/rsyslogd/items.py create mode 100644 bundles/rsyslogd/metadata.py diff --git a/bundles/rsyslogd/files/logrotate.conf b/bundles/rsyslogd/files/logrotate.conf new file mode 100644 index 0000000..1fef33b --- /dev/null +++ b/bundles/rsyslogd/files/logrotate.conf @@ -0,0 +1,10 @@ +/var/log/rsyslog/*/*.log +{ + rotate 4 + daily + missingok + notifempty + compress + delaycompress + copytruncate +} diff --git a/bundles/rsyslogd/files/rsyslog.conf b/bundles/rsyslogd/files/rsyslog.conf new file mode 100644 index 0000000..b7ca916 --- /dev/null +++ b/bundles/rsyslogd/files/rsyslog.conf @@ -0,0 +1,18 @@ +# provides UDP syslog reception +module(load="imudp") +input(type="imudp" port="514") + +# provides TCP syslog reception +module(load="imtcp") +input(type="imtcp" port="514") + +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +$WorkDirectory /var/spool/rsyslog + +$template remote-incoming-logs,"/var/log/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log" +*.* ?remote-incoming-logs diff --git a/bundles/rsyslogd/items.py b/bundles/rsyslogd/items.py new file mode 100644 index 0000000..1ef2572 --- /dev/null +++ b/bundles/rsyslogd/items.py @@ -0,0 +1,18 @@ +files['/etc/logrotate.d/rsyslog'] = { + 'source': 'logrotate.conf', +} + +files['/etc/rsyslog.conf'] = { + 'triggers': { + 'svc_systemd:rsyslog:restart', + }, +} + +svc_systemd['rsyslog'] = { + 'needs': { + 'pkg_apt:rsyslog', + }, + 'after': { + 'file:/etc/rsyslog.conf', + }, +} diff --git a/bundles/rsyslogd/metadata.py b/bundles/rsyslogd/metadata.py new file mode 100644 index 0000000..3fe9624 --- /dev/null +++ b/bundles/rsyslogd/metadata.py @@ -0,0 +1,32 @@ +from bundlewrap.metadata import atomic + +defaults = { + 'apt': { + 'packages': { + 'rsyslog': {}, + }, + }, + 'icinga2_api': { + 'rsyslog': { + 'services': { + 'RSYSLOGD PROCESS': { + 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit rsyslog', + }, + }, + }, + }, +} + + +@metadata_reactor.provides( + 'firewall/port_rules', +) +def firewall(metadata): + return { + 'firewall': { + 'port_rules': { + '514': atomic(metadata.get('rsyslogd/restrict-to', set())), + '514/udp': atomic(metadata.get('rsyslogd/restrict-to', set())), + }, + }, + } diff --git a/bundles/systemd/metadata.py b/bundles/systemd/metadata.py index 725fc35..15f9b8a 100644 --- a/bundles/systemd/metadata.py +++ b/bundles/systemd/metadata.py @@ -7,9 +7,6 @@ defaults = { 'ntp': { 'installed': False, }, - 'rsyslog': { - 'installed': False, - }, }, }, 'icinga2_api': { @@ -26,6 +23,11 @@ defaults = { }, } +if not node.has_bundle('rsyslogd'): + defaults['apt']['packages']['rsyslog'] = { + 'installed': False, + } + if node.has_bundle('apt') and node.os_version[0] > 10: defaults['apt']['packages']['systemd-timesyncd'] = { 'after': { diff --git a/nodes/home/nas.py b/nodes/home/nas.py index 48c7c4a..8406511 100644 --- a/nodes/home/nas.py +++ b/nodes/home/nas.py @@ -8,6 +8,7 @@ nodes['home.nas'] = { 'mixcloud-downloader', 'mosquitto', 'nfs-server', + 'rsyslogd', 'scansnap', 'smartd', 'vmhost', @@ -133,6 +134,11 @@ nodes['home.nas'] = { }, }, }, + 'rsyslogd': { + 'restrict-to': { + 'home', + }, + }, 'smartd': { 'disks': { '/dev/nvme0',