---
- name: Configure rsyslog so that it accepts logs from remote services
  block:
    - name: Ensure that the rsyslog package is installed. deb/ubuntu
      apt: pkg=rsyslog state=present cache_valid_time=1800
      when: ansible_distribution_file_variety == "Debian"

    - name: Ensure that the rsyslog package is installed. centos/rhel
      yum: pkg=rsyslog state=present
      when: ansible_distribution_file_variety == "RedHat"

    - name: Create the additional rsyslog directory
      file: dest={{ rsyslog_remote_path }} state=directory owner=syslog group=adm

    - name: Install the rsyslog configuration
      template: src=rsyslog-remote-socket.conf.j2 dest=/etc/rsyslog.d/10-rsyslog-remote-socket.conf
      notify: Restart rsyslog

    - name: Ensure that rsyslog is running and enabled
      service: name=rsyslog state=started enabled=yes

  when: rsyslog_enable_remote_socket | bool
  tags: [ 'syslog', 'rsyslog', 'remote_syslog' ]

- name: Install the rsyslog TLS package on deb/ubuntu
  block:
    - name: Install the rsyslog TLS support
      apt: pkg={{ rsyslog_tls_deb_pkgs }} state=present cache_valid_time=1800
      notify: Restart rsyslog

  when:
    - rsyslog_enable_remote_socket | bool
    - rsyslog_tls_status == 'enabled'
    - ansible_distribution_file_variety == "Debian"
  tags: [ 'syslog', 'rsyslog', 'remote_syslog' ]

- name: Install the rsyslog TLS package on RHEL/CentOS
  block:
    - name: Install the rsyslog TLS support
      yum: pkg={{ rsyslog_tls_rh_pkgs }} state=present
      notify: Restart rsyslog

  when:
    - rsyslog_enable_remote_socket | bool
    - rsyslog_tls_status == 'enabled'
    - ansible_distribution_file_variety == "RedHat"
  tags: [ 'syslog', 'rsyslog', 'remote_syslog' ]

- name: Configure SELinux and firewalld on RHEL/CentOS
  block:
    - name: SELinux udp port
      seport: ignore_selinux_state=yes ports=514 proto=udp setype=syslogd_port_t state=present
      when: rsyslog_enable_remote_udp == 'enabled'

    - name: SELinux tcp port
      seport: ignore_selinux_state=yes ports=514 proto=tcp setype=syslogd_port_t state=present
      when: rsyslog_enable_remote_tcp == 'enabled'

    - name: rsyslog firewalld services
      firewalld: service={{ item.service }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True
      with_items: '{{ rsyslog_firewalld_services }}'

    - name: rsyslog firewalld ports
      firewalld: port={{ item.port }}/{{ item.protocol }} zone={{ item.zone }} permanent={{ item.permanent | default(False) }} state={{ item.state }} immediate=True
      with_items: '{{ rsyslog_firewalld_ports }}'

  when:
    - rsyslog_enable_remote_socket | bool
    - ansible_distribution_file_variety == "RedHat"
  tags: [ 'syslog', 'rsyslog', 'remote_syslog', 'selinux', 'firewalld' ]