--- - name: Manage the rsyslog packages and service block: - name: Ensure that the rsyslog package is installed. deb/ubuntu apt: pkg=rsyslog state=present cache_valid_time=1800 when: ansible_distribution_file_variety == "Debian" - name: Ensure that the rsyslog package is installed. centos/rhel yum: pkg=rsyslog state=present when: ansible_distribution_file_variety == "RedHat" - name: Create the target logs rsyslog directory file: dest={{ rsyslog_remote_path }} state=directory owner=syslog group=adm - name: Ensure that rsyslog is running and enabled service: name=rsyslog state=started enabled=yes when: rsyslog_enable_remote_socket or rsyslog_enable_send_to_remote tags: [ 'syslog', 'rsyslog', 'remote_syslog' ] - name: Install the rsyslog TLS package on deb/ubuntu block: - name: Install the rsyslog TLS support apt: pkg={{ rsyslog_tls_deb_pkgs }} state=present cache_valid_time=1800 notify: Restart rsyslog when: - rsyslog_enable_remote_socket or rsyslog_enable_send_to_remote - rsyslog_tls_status == 'enabled' - ansible_distribution_file_variety == "Debian" tags: [ 'syslog', 'rsyslog', 'remote_syslog' ] - name: Install the rsyslog TLS package on RHEL/CentOS block: - name: Install the rsyslog TLS support yum: pkg={{ rsyslog_tls_rh_pkgs }} state=present notify: Restart rsyslog when: - rsyslog_enable_remote_socket or rsyslog_enable_send_to_remote - rsyslog_tls_status == 'enabled' - ansible_distribution_file_variety == "RedHat" tags: [ 'syslog', 'rsyslog', 'remote_syslog' ] - name: Install the rsyslog RELP package on deb/ubuntu block: - name: Install the rsyslog RELP support apt: pkg={{ rsyslog_relp_deb_pkgs }} state=present cache_valid_time=1800 notify: Restart rsyslog when: - rsyslog_enable_remote_socket or rsyslog_enable_send_to_remote - ansible_distribution_file_variety == "Debian" tags: [ 'syslog', 'rsyslog', 'remote_syslog' ] - name: Install the rsyslog RELP package on RHEL/CentOS block: - name: Install the rsyslog RELP support yum: pkg={{ rsyslog_relp_rh_pkgs }} state=present notify: Restart rsyslog when: - rsyslog_enable_remote_socket or rsyslog_enable_send_to_remote - ansible_distribution_file_variety == "RedHat" tags: [ 'syslog', 'rsyslog', 'remote_syslog' ] - name: Initialize the TLS configuration block: - name: Create the PKI directory file: dest={{ rsyslog_tls_certs_dir }} state=directory owner=root group=root mode='0700' - name: Download the remote CA file if required get_url: url={{ rsyslog_remote_ca_url }} dest={{ rsyslog_tls_ca }} owner=root group=root mode='0644' when: rsyslog_ca_is_remote - name: Check if a private key for the certificate is present stat: path: '{{ rsyslog_tls_key }}' get_checksum: no register: cert_key_presence - name: Create a certificate private key openssl_privatekey: path: '{{ rsyslog_tls_key }}' when: not cert_key_presence.stat.exists - name: Create a certificate request openssl_csr: path: '{{ rsyslog_tls_certs_dir }}/cert.csr' privatekey_path: '{{ rsyslog_tls_key }}' common_name: '{{ ansible_fqdn }}' when: not cert_key_presence.stat.exists - name: Create a self signed certificate is one is not present openssl_certificate: path: '{{ rsyslog_tls_cert }}' privatekey_path: '{{ rsyslog_tls_key }}' csr_path: '{{ rsyslog_tls_certs_dir }}/cert.csr' provider: selfsigned when: not cert_key_presence.stat.exists when: - rsyslog_tls_status == 'enabled' tags: [ 'syslog', 'rsyslog', 'remote_syslog' ] - name: Configure rsyslog so that it accepts logs from remote services block: - name: Install the rsyslog configuration that enables the remote socket template: src=rsyslog-remote-socket.conf.j2 dest=/etc/rsyslog.d/10-rsyslog-remote-socket.conf notify: Restart rsyslog when: rsyslog_enable_remote_socket tags: [ 'syslog', 'rsyslog', 'remote_syslog', 'rsyslog_conf' ] - name: Configure rsyslog to send logs to a remote collector block: - name: Install the rsyslog client configuration template: src=rsyslog-send-to-remote.conf.j2 dest=/etc/rsyslog.d/10-rsyslog-send-to-remote.conf notify: Restart rsyslog when: rsyslog_enable_send_to_remote tags: [ 'syslog', 'rsyslog', 'remote_syslog', 'rsyslog_conf' ] - name: Configure SELinux and firewalld on RHEL/CentOS block: - name: SELinux udp port seport: ignore_selinux_state=yes ports={{ rsyslog_udp_port }} proto=udp setype=syslogd_port_t state=present when: rsyslog_enable_remote_udp == 'enabled' - name: SELinux tcp port seport: ignore_selinux_state=yes ports={{ rsyslog_udp_port }} proto=tcp setype=syslogd_port_t state=present when: rsyslog_enable_remote_tcp == 'enabled' - name: SELinux RELP port seport: ignore_selinux_state=yes ports={{ rsyslog_relp_port }} proto=tcp setype=syslogd_port_t state=present when: rsyslog_tls_status == 'enabled' - name: rsyslog firewalld services firewalld: service={{ item.service }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True with_items: '{{ rsyslog_firewalld_services }}' - name: rsyslog firewalld ports firewalld: port={{ item.port }}/{{ item.protocol }} zone={{ item.zone }} permanent={{ item.permanent | default(False) }} state={{ item.state }} immediate=True with_items: '{{ rsyslog_firewalld_ports }}' when: - rsyslog_enable_remote_socket - ansible_distribution_file_variety == "RedHat" tags: [ 'syslog', 'rsyslog', 'remote_syslog', 'selinux', 'firewalld' ]