diff options
Diffstat (limited to 'puppet/modules/rsyslog/manifests')
-rw-r--r-- | puppet/modules/rsyslog/manifests/client.pp | 64 | ||||
-rw-r--r-- | puppet/modules/rsyslog/manifests/config.pp | 51 | ||||
-rw-r--r-- | puppet/modules/rsyslog/manifests/database.pp | 57 | ||||
-rw-r--r-- | puppet/modules/rsyslog/manifests/imfile.pp | 48 | ||||
-rw-r--r-- | puppet/modules/rsyslog/manifests/init.pp | 54 | ||||
-rw-r--r-- | puppet/modules/rsyslog/manifests/install.pp | 32 | ||||
-rw-r--r-- | puppet/modules/rsyslog/manifests/modload.pp | 15 | ||||
-rw-r--r-- | puppet/modules/rsyslog/manifests/params.pp | 222 | ||||
-rw-r--r-- | puppet/modules/rsyslog/manifests/server.pp | 70 | ||||
-rw-r--r-- | puppet/modules/rsyslog/manifests/service.pp | 21 | ||||
-rw-r--r-- | puppet/modules/rsyslog/manifests/snippet.pp | 35 |
11 files changed, 669 insertions, 0 deletions
diff --git a/puppet/modules/rsyslog/manifests/client.pp b/puppet/modules/rsyslog/manifests/client.pp new file mode 100644 index 00000000..193aa336 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/client.pp @@ -0,0 +1,64 @@ +# == Class: rsyslog::client +# +# Full description of class role here. +# +# === Parameters +# +# [*log_remote*] +# [*spool_size*] +# [*remote_type*] +# [*remote_forward_format*] +# [*log_local*] +# [*log_auth_local*] +# [*custom_config*] +# [*custom_params*] +# [*server*] +# [*port*] +# [*remote_servers*] +# [*ssl_ca*] +# [*log_templates*] +# [*actionfiletemplate*] +# +# === Variables +# +# === Examples +# +# class { 'rsyslog::client': } +# +class rsyslog::client ( + $log_remote = true, + $spool_size = '1g', + $remote_type = 'tcp', + $remote_forward_format = 'RSYSLOG_ForwardFormat', + $log_local = false, + $log_auth_local = false, + $custom_config = undef, + $custom_params = undef, + $server = 'log', + $port = '514', + $remote_servers = false, + $ssl_ca = undef, + $log_templates = false, + $actionfiletemplate = false +) inherits rsyslog { + + if $custom_config { + $content_real = template($custom_config) + } else { + $content_real = template("${module_name}/client.conf.erb") + } + + rsyslog::snippet { $rsyslog::client_conf: + ensure => present, + content => $content_real, + } + + if $rsyslog::ssl and $ssl_ca == undef { + fail('You need to define $ssl_ca in order to use SSL.') + } + + if $rsyslog::ssl and $remote_type != 'tcp' { + fail('You need to enable tcp in order to use SSL.') + } + +} diff --git a/puppet/modules/rsyslog/manifests/config.pp b/puppet/modules/rsyslog/manifests/config.pp new file mode 100644 index 00000000..1aebe47b --- /dev/null +++ b/puppet/modules/rsyslog/manifests/config.pp @@ -0,0 +1,51 @@ +# == Class: rsyslog::config +# +# Full description of class role here. +# +# === Parameters +# +# === Variables +# +# === Examples +# +# class { 'rsyslog::config': } +# +class rsyslog::config { + file { $rsyslog::rsyslog_d: + ensure => directory, + owner => 'root', + group => $rsyslog::run_group, + purge => $rsyslog::purge_rsyslog_d, + recurse => true, + force => true, + require => Class['rsyslog::install'], + } + + file { $rsyslog::rsyslog_conf: + ensure => file, + owner => 'root', + group => $rsyslog::run_group, + content => template("${module_name}/rsyslog.conf.erb"), + require => Class['rsyslog::install'], + notify => Class['rsyslog::service'], + } + + file { $rsyslog::rsyslog_default: + ensure => file, + owner => 'root', + group => $rsyslog::run_group, + content => template("${module_name}/${rsyslog::rsyslog_default_file}.erb"), + require => Class['rsyslog::install'], + notify => Class['rsyslog::service'], + } + + file { $rsyslog::spool_dir: + ensure => directory, + owner => 'root', + group => $rsyslog::run_group, + seltype => 'syslogd_var_lib_t', + require => Class['rsyslog::install'], + notify => Class['rsyslog::service'], + } + +} diff --git a/puppet/modules/rsyslog/manifests/database.pp b/puppet/modules/rsyslog/manifests/database.pp new file mode 100644 index 00000000..fe6d6ac8 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/database.pp @@ -0,0 +1,57 @@ +# == Class: rsyslog::database +# +# Full description of class role here. +# +# === Parameters +# +# [*backend*] - Which backend server to use (mysql|pgsql) +# [*server*] - Server hostname +# [*database*] - Database name +# [*username*] - Database username +# [*password*] - Database password +# +# === Variables +# +# === Examples +# +# class { 'rsyslog::database': +# backend => 'mysql', +# server => 'localhost', +# database => 'mydb', +# username => 'myuser', +# password => 'mypass', +# } +# +class rsyslog::database ( + $backend, + $server, + $database, + $username, + $password +) inherits rsyslog { + + $db_module = "om${backend}" + $db_conf = "${rsyslog::rsyslog_d}${backend}.conf" + + case $backend { + mysql: { $db_package = $rsyslog::mysql_package_name } + pgsql: { $db_package = $rsyslog::pgsql_package_name } + default: { fail("Unsupported backend: ${backend}. Only MySQL (mysql) and PostgreSQL (pgsql) are supported.") } + } + + package { $db_package: + ensure => $rsyslog::package_status, + before => File[$db_conf], + } + + file { $db_conf: + ensure => present, + owner => 'root', + group => $rsyslog::run_group, + mode => '0600', + content => template("${module_name}/database.conf.erb"), + require => Class['rsyslog::config'], + notify => Class['rsyslog::service'], + } + +} diff --git a/puppet/modules/rsyslog/manifests/imfile.pp b/puppet/modules/rsyslog/manifests/imfile.pp new file mode 100644 index 00000000..bd0afa36 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/imfile.pp @@ -0,0 +1,48 @@ +# == Define: rsyslog::imfile +# +# Full description of class role here. +# +# === Parameters +# +# [*file_name*] +# [*file_tag*] +# [*file_facility*] +# [*polling_interval*] +# [*file_severity*] +# [*run_file_monitor*] +# [*persist_state_interval] +# +# === Variables +# +# === Examples +# +# rsyslog::imfile { 'my-imfile': +# file_name => '/some/file', +# file_tag => 'mytag', +# file_facility => 'myfacility', +# } +# +define rsyslog::imfile( + $file_name, + $file_tag, + $file_facility, + $polling_interval = 10, + $file_severity = 'notice', + $run_file_monitor = true, + $persist_state_interval = 0, +) { + + + include rsyslog + $extra_modules = $rsyslog::extra_modules + + file { "${rsyslog::rsyslog_d}${name}.conf": + ensure => file, + owner => 'root', + group => $rsyslog::run_group, + content => template('rsyslog/imfile.erb'), + require => Class['rsyslog::install'], + notify => Class['rsyslog::service'], + } + +} diff --git a/puppet/modules/rsyslog/manifests/init.pp b/puppet/modules/rsyslog/manifests/init.pp new file mode 100644 index 00000000..76d61023 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/init.pp @@ -0,0 +1,54 @@ +# == Class: rsyslog +# +# Meta class to install rsyslog with a basic configuration. +# You probably want rsyslog::client or rsyslog::server +# +# === Parameters +# +# === Variables +# +# === Examples +# +# class { 'rsyslog': } +# +class rsyslog ( + $rsyslog_package_name = $rsyslog::params::rsyslog_package_name, + $relp_package_name = $rsyslog::params::relp_package_name, + $mysql_package_name = $rsyslog::params::mysql_package_name, + $pgsql_package_name = $rsyslog::params::pgsql_package_name, + $gnutls_package_name = $rsyslog::params::gnutls_package_name, + $package_status = $rsyslog::params::package_status, + $rsyslog_d = $rsyslog::params::rsyslog_d, + $purge_rsyslog_d = $rsyslog::params::purge_rsyslog_d, + $rsyslog_conf = $rsyslog::params::rsyslog_conf, + $rsyslog_default = $rsyslog::params::rsyslog_default, + $rsyslog_default_file = $rsyslog::params::default_config_file, + $run_user = $rsyslog::params::run_user, + $run_group = $rsyslog::params::run_group, + $log_user = $rsyslog::params::log_user, + $log_group = $rsyslog::params::log_group, + $log_style = $rsyslog::params::log_style, + $umask = $rsyslog::params::umask, + $perm_file = $rsyslog::params::perm_file, + $perm_dir = $rsyslog::params::perm_dir, + $spool_dir = $rsyslog::params::spool_dir, + $service_name = $rsyslog::params::service_name, + $service_hasrestart = $rsyslog::params::service_hasrestart, + $service_hasstatus = $rsyslog::params::service_hasstatus, + $client_conf = $rsyslog::params::client_conf, + $server_conf = $rsyslog::params::server_conf, + $ssl = $rsyslog::params::ssl, + $modules = $rsyslog::params::modules, + $preserve_fqdn = $rsyslog::params::preserve_fqdn, + $max_message_size = $rsyslog::params::max_message_size, + $extra_modules = $rsyslog::params::extra_modules +) inherits rsyslog::params { + class { 'rsyslog::install': } + class { 'rsyslog::config': } + + if $extra_modules != [] { + class { 'rsyslog::modload': } + } + + class { 'rsyslog::service': } +} diff --git a/puppet/modules/rsyslog/manifests/install.pp b/puppet/modules/rsyslog/manifests/install.pp new file mode 100644 index 00000000..9798b3f4 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/install.pp @@ -0,0 +1,32 @@ +# == Class: rsyslog::install +# +# This class makes sure that the required packages are installed +# +# === Parameters +# +# === Variables +# +# === Examples +# +# class { 'rsyslog::install': } +# +class rsyslog::install { + if $rsyslog::rsyslog_package_name != false { + package { $rsyslog::rsyslog_package_name: + ensure => $rsyslog::package_status, + } + } + + if $rsyslog::relp_package_name != false { + package { $rsyslog::relp_package_name: + ensure => $rsyslog::package_status + } + } + + if $rsyslog::gnutls_package_name != false { + package { $rsyslog::gnutls_package_name: + ensure => $rsyslog::package_status + } + } + +} diff --git a/puppet/modules/rsyslog/manifests/modload.pp b/puppet/modules/rsyslog/manifests/modload.pp new file mode 100644 index 00000000..7a838af1 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/modload.pp @@ -0,0 +1,15 @@ +# == Class: rsyslog::modload +# + +class rsyslog::modload ( + $modload_filename = '10-modload.conf', +) { + file { "${rsyslog::rsyslog_d}${modload_filename}": + ensure => file, + owner => 'root', + group => $rsyslog::run_group, + content => template('rsyslog/modload.erb'), + require => Class['rsyslog::install'], + notify => Class['rsyslog::service'], + } +} diff --git a/puppet/modules/rsyslog/manifests/params.pp b/puppet/modules/rsyslog/manifests/params.pp new file mode 100644 index 00000000..12a67cef --- /dev/null +++ b/puppet/modules/rsyslog/manifests/params.pp @@ -0,0 +1,222 @@ +# == Class: rsyslog::params +# +# This defines default configuration values for rsyslog. +# You don't want to use it directly. +# +# === Parameters +# +# === Variables +# +# === Examples +# +# class { 'rsyslog::params': } +# +class rsyslog::params { + + $max_message_size = '2k' + $purge_rsyslog_d = false + $extra_modules = [] + $run_user = 'root' + $log_user = 'root' + $preserve_fqdn = false + + case $::osfamily { + debian: { + $rsyslog_package_name = 'rsyslog' + $relp_package_name = 'rsyslog-relp' + $mysql_package_name = 'rsyslog-mysql' + $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = 'rsyslog-gnutls' + $package_status = 'latest' + $rsyslog_d = '/etc/rsyslog.d/' + $rsyslog_conf = '/etc/rsyslog.conf' + $rsyslog_default = '/etc/default/rsyslog' + $default_config_file = 'rsyslog_default' + $run_group = 'root' + $log_group = 'adm' + $log_style = 'debian' + $umask = false + $perm_file = '0640' + $perm_dir = '0755' + $spool_dir = '/var/spool/rsyslog' + $service_name = 'rsyslog' + $client_conf = 'client' + $server_conf = 'server' + $ssl = false + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + $service_hasrestart = true + $service_hasstatus = true + + } + redhat: { + if $::operatingsystem == 'Amazon' { + $rsyslog_package_name = 'rsyslog' + $mysql_package_name = 'rsyslog-mysql' + $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = 'rsyslog-gnutls' + $relp_package_name = false + $default_config_file = 'rsyslog_default' + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + } + elsif $::operatingsystemmajrelease == 6 { + $rsyslog_package_name = 'rsyslog' + $mysql_package_name = 'rsyslog-mysql' + $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = 'rsyslog-gnutls' + $relp_package_name = 'rsyslog-relp' + $default_config_file = 'rsyslog_default' + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + } + elsif $::operatingsystemmajrelease >= 7 { + $rsyslog_package_name = 'rsyslog' + $mysql_package_name = 'rsyslog-mysql' + $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = 'rsyslog-gnutls' + $relp_package_name = 'rsyslog-relp' + $default_config_file = 'rsyslog_default_rhel7' + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imjournal # provides access to the systemd journal', + '#$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + } else { + $rsyslog_package_name = 'rsyslog5' + $mysql_package_name = 'rsyslog5-mysql' + $pgsql_package_name = 'rsyslog5-pgsql' + $gnutls_package_name = 'rsyslog5-gnutls' + $relp_package_name = 'librelp' + $default_config_file = 'rsyslog_default' + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + } + $package_status = 'latest' + $rsyslog_d = '/etc/rsyslog.d/' + $rsyslog_conf = '/etc/rsyslog.conf' + $rsyslog_default = '/etc/sysconfig/rsyslog' + $run_group = 'root' + $log_group = 'root' + $log_style = 'redhat' + $umask = '0000' + $perm_file = '0600' + $perm_dir = '0750' + $spool_dir = '/var/lib/rsyslog' + $service_name = 'rsyslog' + $client_conf = 'client' + $server_conf = 'server' + $ssl = false + $service_hasrestart = true + $service_hasstatus = true + } + suse: { + $rsyslog_package_name = 'rsyslog' + $relp_package_name = false + $mysql_package_name = false + $pgsql_package_name = false + $gnutls_package_name = false + $package_status = 'latest' + $rsyslog_d = '/etc/rsyslog.d/' + $rsyslog_conf = '/etc/rsyslog.conf' + $rsyslog_default = '/etc/sysconfig/syslog' + $run_group = 'root' + $log_group = 'root' + $log_style = 'debian' + $umask = false + $perm_file = '0600' + $perm_dir = '0750' + $spool_dir = '/var/spool/rsyslog/' + $service_name = 'syslog' + $client_conf = 'client' + $server_conf = 'server' + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + } + freebsd: { + $rsyslog_package_name = 'sysutils/rsyslog5' + $relp_package_name = 'sysutils/rsyslog5-relp' + $mysql_package_name = 'sysutils/rsyslog5-mysql' + $pgsql_package_name = 'sysutils/rsyslog5-pgsql' + $gnutls_package_name = 'sysutils/rsyslog5-gnutls' + $package_status = 'present' + $rsyslog_d = '/etc/syslog.d/' + $rsyslog_conf = '/etc/syslog.conf' + $rsyslog_default = '/etc/defaults/syslogd' + $default_config_file = 'rsyslog_default' + $run_group = 'wheel' + $log_group = 'wheel' + $log_style = 'debian' + $umask = false + $perm_file = '0640' + $perm_dir = '0755' + $spool_dir = '/var/spool/syslog' + $service_name = 'syslogd' + $client_conf = 'client' + $server_conf = 'server' + $ssl = false + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + $service_hasrestart = true + $service_hasstatus = true + } + + default: { + case $::operatingsystem { + gentoo: { + $rsyslog_package_name = 'app-admin/rsyslog' + $relp_package_name = false + $mysql_package_name = 'rsyslog-mysql' + $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = false + $package_status = 'latest' + $rsyslog_d = '/etc/rsyslog.d/' + $rsyslog_conf = '/etc/rsyslog.conf' + $rsyslog_default = '/etc/conf.d/rsyslog' + $default_config_file = 'rsyslog_default_gentoo' + $run_group = 'root' + $log_group = 'adm' + $log_style = 'debian' + $umask = false + $perm_file = '0640' + $perm_dir = '0755' + $spool_dir = '/var/spool/rsyslog' + $service_name = 'rsyslog' + $client_conf = 'client' + $server_conf = 'server' + $ssl = false + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + $service_hasrestart = true + $service_hasstatus = true + + } + default: { + fail("The ${module_name} module is not supported on ${::osfamily}/${::operatingsystem}.") + } + } + } + } +} diff --git a/puppet/modules/rsyslog/manifests/server.pp b/puppet/modules/rsyslog/manifests/server.pp new file mode 100644 index 00000000..13ee56de --- /dev/null +++ b/puppet/modules/rsyslog/manifests/server.pp @@ -0,0 +1,70 @@ +# == Class: rsyslog::server +# +# This class configures rsyslog for a server role. +# +# === Parameters +# +# [*enable_tcp*] +# [*enable_udp*] +# [*enable_onefile*] +# [*server_dir*] +# [*custom_config*] +# [*high_precision_timestamps*] +# [*ssl_ca*] +# [*ssl_cert*] +# [*ssl_key*] +# +# === Variables +# +# === Examples +# +# Defaults +# +# class { 'rsyslog::server': } +# +# Create seperate directory per host +# +# class { 'rsyslog::server': +# custom_config => 'rsyslog/server-hostname.conf.erb' +# } +# +class rsyslog::server ( + $enable_tcp = true, + $enable_udp = true, + $enable_onefile = false, + $server_dir = '/srv/log/', + $custom_config = undef, + $port = '514', + $high_precision_timestamps = false, + $ssl_ca = undef, + $ssl_cert = undef, + $ssl_key = undef, + $rotate = undef +) inherits rsyslog { + + ### Logrotate policy + $logpath = $rotate ? { + 'year' => '/%$YEAR%/', + 'YEAR' => '/%$YEAR%/', + 'month' => '/%$YEAR%/%$MONTH%/', + 'MONTH' => '/%$YEAR%/%$MONTH%/', + 'day' => '/%$YEAR%/%$MONTH%/%$DAY%/', + 'DAY' => '/%$YEAR%/%$MONTH%/%$DAY%/', + default => '/', + } + + if $custom_config { + $real_content = template($custom_config) + } else { + $real_content = template("${module_name}/server-default.conf.erb") + } + + rsyslog::snippet { $rsyslog::server_conf: + ensure => present, + content => $real_content, + } + + if $rsyslog::ssl and (!$enable_tcp or $ssl_ca == undef or $ssl_cert == undef or $ssl_key == undef) { + fail('You need to define all the ssl options and enable tcp in order to use SSL.') + } +} diff --git a/puppet/modules/rsyslog/manifests/service.pp b/puppet/modules/rsyslog/manifests/service.pp new file mode 100644 index 00000000..4be19999 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/service.pp @@ -0,0 +1,21 @@ +# == Class: rsyslog::service +# +# This class enforces running of the rsyslog service. +# +# === Parameters +# +# === Variables +# +# === Examples +# +# class { 'rsyslog::service': } +# +class rsyslog::service { + service { $rsyslog::service_name: + ensure => running, + enable => true, + hasstatus => $rsyslog::service_hasstatus, + hasrestart => $rsyslog::service_hasrestart, + require => Class['rsyslog::config'], + } +} diff --git a/puppet/modules/rsyslog/manifests/snippet.pp b/puppet/modules/rsyslog/manifests/snippet.pp new file mode 100644 index 00000000..f6383963 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/snippet.pp @@ -0,0 +1,35 @@ +# == Define: rsyslog::snippet +# +# This class allows for you to create a rsyslog configuration file with +# whatever content you pass in. +# +# === Parameters +# +# [*content*] - The actual content to place in the file. +# [*ensure*] - How to enforce the file (default: present) +# +# === Variables +# +# === Examples +# +# rsyslog::snippet { 'my-rsyslog-config': +# content => '<Some rsyslog directive>', +# } +# +define rsyslog::snippet( + $content, + $ensure = 'present' +) { + + include rsyslog + + file { "${rsyslog::rsyslog_d}${name}.conf": + ensure => $ensure, + owner => $rsyslog::run_user, + group => $rsyslog::run_group, + content => "# This file is managed by Puppet, changes may be overwritten\n${content}\n", + require => Class['rsyslog::config'], + notify => Class['rsyslog::service'], + } + +} |