syslog: add rsyslog::snippet to anonymize logs

it is necessary to install the fixed package from the leap.se repository until it is available in wheezy-backports, so install the apt preferences to pull it from there, and add its necessary library dependency from wheezy-backports

Change-Id: I379ff2ceaac1a978143715d3a7ced0011ca0d747

1 files changed, 24 insertions, 2 deletions

diff --git a/puppet/modules/site_config/manifests/syslog.pp b/puppet/modules/site_config/manifests/syslog.pp
index c7c55c34..6a9da460 100644
--- a/puppet/modules/site_config/manifests/syslog.pp
+++ b/puppet/modules/site_config/manifests/syslog.pp
@@ -1,6 +1,28 @@
 class site_config::syslog {
 
-  class { 'rsyslog::client': log_remote => false, log_local => true }
+  # we need to pull in rsyslog from the leap repository until it is availbale in
+  # wheezy-backports
+  apt::preferences_snippet { 'fixed_rsyslog_anon_package':
+    package  => 'rsyslog',
+    priority => '999',
+    pin      => 'release o=leap.se',
+    before   => Class['rsyslog::install']
+  }
 
-}
+  apt::preferences_snippet { 'rsyslog_anon_libestr0':
+    package  => 'libestr0',
+    priority => '999',
+    pin      => 'release a=wheezy-backports',
+    before   => Class['rsyslog::install']
+  }
+
+  class { 'rsyslog::client':
+    log_remote => false,
+    log_local  => true
+  }
 
+  rsyslog::snippet { '00-anonymize_logs':
+    content => '$ModLoad mmanon
+action(type="mmanon" ipv4.bits="32" mode="rewrite")'
+  }
+}