71 lines
2.8 KiB
YAML
71 lines
2.8 KiB
YAML
---
|
|
- name: Configure rsyslog so that it accepts logs from remote services
|
|
block:
|
|
- name: Ensure that the rsyslog package is installed. deb/ubuntu
|
|
apt: pkg=rsyslog state=present cache_valid_time=1800
|
|
when: ansible_distribution_file_variety == "Debian"
|
|
|
|
- name: Ensure that the rsyslog package is installed. centos/rhel
|
|
yum: pkg=rsyslog state=present
|
|
when: ansible_distribution_file_variety == "RedHat"
|
|
|
|
- name: Create the additional rsyslog directory
|
|
file: dest={{ rsyslog_remote_path }} state=directory owner=syslog group=adm
|
|
|
|
- name: Install the rsyslog configuration
|
|
template: src=rsyslog-remote-socket.conf.j2 dest=/etc/rsyslog.d/10-rsyslog-remote-socket.conf
|
|
notify: Restart rsyslog
|
|
|
|
- name: Ensure that rsyslog is running and enabled
|
|
service: name=rsyslog state=started enabled=yes
|
|
|
|
when: rsyslog_enable_remote_socket | bool
|
|
tags: [ 'syslog', 'rsyslog', 'remote_syslog' ]
|
|
|
|
- name: Install the rsyslog TLS package on deb/ubuntu
|
|
block:
|
|
- name: Install the rsyslog TLS support
|
|
apt: pkg={{ rsyslog_tls_deb_pkgs }} state=present cache_valid_time=1800
|
|
notify: Restart rsyslog
|
|
|
|
when:
|
|
- rsyslog_enable_remote_socket | bool
|
|
- rsyslog_tls_status == 'enabled'
|
|
- ansible_distribution_file_variety == "Debian"
|
|
tags: [ 'syslog', 'rsyslog', 'remote_syslog' ]
|
|
|
|
- name: Install the rsyslog TLS package on RHEL/CentOS
|
|
block:
|
|
- name: Install the rsyslog TLS support
|
|
yum: pkg={{ rsyslog_tls_rh_pkgs }} state=present
|
|
notify: Restart rsyslog
|
|
|
|
when:
|
|
- rsyslog_enable_remote_socket | bool
|
|
- rsyslog_tls_status == 'enabled'
|
|
- ansible_distribution_file_variety == "RedHat"
|
|
tags: [ 'syslog', 'rsyslog', 'remote_syslog' ]
|
|
|
|
- name: Configure SELinux and firewalld on RHEL/CentOS
|
|
block:
|
|
- name: SELinux udp port
|
|
seport: ignore_selinux_state=yes ports=514 proto=udp setype=syslogd_port_t state=present
|
|
when: rsyslog_enable_remote_udp == 'enabled'
|
|
|
|
- name: SELinux tcp port
|
|
seport: ignore_selinux_state=yes ports=514 proto=tcp setype=syslogd_port_t state=present
|
|
when: rsyslog_enable_remote_tcp == 'enabled'
|
|
|
|
- name: rsyslog firewalld services
|
|
firewalld: service={{ item.service }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True
|
|
with_items: '{{ rsyslog_firewalld_services }}'
|
|
|
|
- name: rsyslog firewalld ports
|
|
firewalld: port={{ item.port }}/{{ item.protocol }} zone={{ item.zone }} permanent={{ item.permanent | default(False) }} state={{ item.state }} immediate=True
|
|
with_items: '{{ rsyslog_firewalld_ports }}'
|
|
|
|
when:
|
|
- rsyslog_enable_remote_socket | bool
|
|
- ansible_distribution_file_variety == "RedHat"
|
|
tags: [ 'syslog', 'rsyslog', 'remote_syslog', 'selinux', 'firewalld' ]
|