Support RELP without TLS (there are bugs).

2020-08-14 17:23:14 +02:00 · 2020-08-14 17:23:14 +02:00 · 9877d604dc
parent 798e5a3395
commit 9877d604dc
3 changed files with 7 additions and 3 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -7,7 +7,7 @@ rsyslog_enable_remote_tcp: 'disabled'
 rsyslog_tcp_port: 514

 rsyslog_remote_path: /var/log/remote
-# RELP, actually. Plain TLS is unreliable
+rsyslog_relp_enabled: False
 rsyslog_tls_status: 'disabled'
 rsyslog_tls_deb_pkgs:
  - 'rsyslog-gnutls'
--- a/templates/rsyslog-remote-socket.conf.j2
+++ b/templates/rsyslog-remote-socket.conf.j2
@ -2,16 +2,20 @@
 #
 # The order counts
 #
-{% if rsyslog_tls_status != 'disabled ' %}
+{% if rsyslog_relp_enabled %}
 module(load="imuxsock")
 module(load="imrelp" ruleset="relp")
 input(type="imrelp" port="{{ rsyslog_relp_port }}"
+{% if rsyslog_tls_status != 'disabled ' %}
 tls="on" 
 tls.caCert="{{ rsyslog_tls_ca }}" 
 tls.myCert="{{ rsyslog_tls_cert }}" 
 tls.myPrivKey="{{ rsyslog_tls_key }}"
 #tls.authMode="name" 
 #tls.permittedpeer=["client1","client2","client3"] )
+{% else %}
+tls="off" 
+{% endif %}
 )
 template (name="remote" type="string" string="{{ rsyslog_remote_path }}/%HOSTNAME%/%HOSTNAME%-syslog.log")
 ruleset (name="relp") { action(type="omfile" DynaFile="remote") }
--- a/templates/rsyslog-send-to-remote.conf.j2
+++ b/templates/rsyslog-send-to-remote.conf.j2
@ -4,6 +4,6 @@
 # We use RELP
 module(load="imuxsock") 
 module(load="omrelp")
-action(type="omrelp" target="{{ rsyslog_remote_collector }}" port="{{ rsyslog_relp_port }}" tls="on" tls.caCert="{{ rsyslog_tls_ca }}" )
+action(type="omrelp" target="{{ rsyslog_remote_collector }}" port="{{ rsyslog_relp_port }}"{% if rsyslog_tls_status != 'disabled ' %} tls="on" tls.caCert="{{ rsyslog_tls_ca }}"{% else %} tls="off"{% endif %} )
 #
 {% endif %}