From 1e1e25286b64790141c9627f81b50f579b13b719 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 12 Jul 2016 16:46:28 -0400 Subject: git subrepo clone https://leap.se/git/puppet_rsyslog puppet/modules/rsyslog subrepo: subdir: "puppet/modules/rsyslog" merged: "b8ef11c" upstream: origin: "https://leap.se/git/puppet_rsyslog" branch: "master" commit: "b8ef11c" git-subrepo: version: "0.3.0" origin: "https://github.com/ingydotnet/git-subrepo" commit: "1e79595" Change-Id: Iee06502c6df609f1a261410742360cec8694dab5 --- puppet/modules/rsyslog/.fixtures.yml | 3 + puppet/modules/rsyslog/.gemfile | 14 + puppet/modules/rsyslog/.gitignore | 5 + puppet/modules/rsyslog/.gitrepo | 11 + puppet/modules/rsyslog/.travis.yml | 56 +++ puppet/modules/rsyslog/LICENSE | 202 +++++++++ puppet/modules/rsyslog/README.md | 202 +++++++++ puppet/modules/rsyslog/Rakefile | 6 + .../modules/rsyslog/lib/facter/rsyslog_version.rb | 38 ++ puppet/modules/rsyslog/manifests/client.pp | 64 +++ puppet/modules/rsyslog/manifests/config.pp | 51 +++ puppet/modules/rsyslog/manifests/database.pp | 57 +++ puppet/modules/rsyslog/manifests/imfile.pp | 48 +++ puppet/modules/rsyslog/manifests/init.pp | 54 +++ puppet/modules/rsyslog/manifests/install.pp | 32 ++ puppet/modules/rsyslog/manifests/modload.pp | 15 + puppet/modules/rsyslog/manifests/params.pp | 222 ++++++++++ puppet/modules/rsyslog/manifests/server.pp | 70 +++ puppet/modules/rsyslog/manifests/service.pp | 21 + puppet/modules/rsyslog/manifests/snippet.pp | 35 ++ puppet/modules/rsyslog/metadata.json | 62 +++ .../rsyslog/spec/classes/rsyslog_client_spec.rb | 146 +++++++ .../rsyslog/spec/classes/rsyslog_database_spec.rb | 308 ++++++++++++++ .../rsyslog/spec/classes/rsyslog_server_spec.rb | 182 ++++++++ .../modules/rsyslog/spec/classes/rsyslog_spec.rb | 469 +++++++++++++++++++++ .../rsyslog/spec/defines/rsyslog_imfile_spec.rb | 169 ++++++++ .../rsyslog/spec/defines/rsyslog_snippet_spec.rb | 157 +++++++ puppet/modules/rsyslog/spec/spec.opts | 6 + puppet/modules/rsyslog/spec/spec_helper.rb | 28 ++ puppet/modules/rsyslog/templates/client.conf.erb | 180 ++++++++ puppet/modules/rsyslog/templates/database.conf.erb | 6 + puppet/modules/rsyslog/templates/imfile.erb | 15 + puppet/modules/rsyslog/templates/modload.erb | 3 + puppet/modules/rsyslog/templates/rsyslog.conf.erb | 49 +++ .../modules/rsyslog/templates/rsyslog_default.erb | 9 + .../rsyslog/templates/rsyslog_default_gentoo.erb | 16 + .../rsyslog/templates/rsyslog_default_rhel7.erb | 2 + .../rsyslog/templates/server-default.conf.erb | 42 ++ .../rsyslog/templates/server-hostname.conf.erb | 41 ++ .../templates/server/_default-footer.conf.erb | 13 + .../templates/server/_default-header.conf.erb | 36 ++ puppet/modules/rsyslog/tests/database.pp | 9 + puppet/modules/rsyslog/tests/init.pp | 1 + puppet/modules/rsyslog/tests/log_templates.pp | 9 + puppet/modules/rsyslog/tests/multiple_hosts.pp | 17 + 45 files changed, 3181 insertions(+) create mode 100644 puppet/modules/rsyslog/.fixtures.yml create mode 100644 puppet/modules/rsyslog/.gemfile create mode 100644 puppet/modules/rsyslog/.gitignore create mode 100644 puppet/modules/rsyslog/.gitrepo create mode 100644 puppet/modules/rsyslog/.travis.yml create mode 100644 puppet/modules/rsyslog/LICENSE create mode 100644 puppet/modules/rsyslog/README.md create mode 100644 puppet/modules/rsyslog/Rakefile create mode 100644 puppet/modules/rsyslog/lib/facter/rsyslog_version.rb create mode 100644 puppet/modules/rsyslog/manifests/client.pp create mode 100644 puppet/modules/rsyslog/manifests/config.pp create mode 100644 puppet/modules/rsyslog/manifests/database.pp create mode 100644 puppet/modules/rsyslog/manifests/imfile.pp create mode 100644 puppet/modules/rsyslog/manifests/init.pp create mode 100644 puppet/modules/rsyslog/manifests/install.pp create mode 100644 puppet/modules/rsyslog/manifests/modload.pp create mode 100644 puppet/modules/rsyslog/manifests/params.pp create mode 100644 puppet/modules/rsyslog/manifests/server.pp create mode 100644 puppet/modules/rsyslog/manifests/service.pp create mode 100644 puppet/modules/rsyslog/manifests/snippet.pp create mode 100644 puppet/modules/rsyslog/metadata.json create mode 100644 puppet/modules/rsyslog/spec/classes/rsyslog_client_spec.rb create mode 100644 puppet/modules/rsyslog/spec/classes/rsyslog_database_spec.rb create mode 100644 puppet/modules/rsyslog/spec/classes/rsyslog_server_spec.rb create mode 100644 puppet/modules/rsyslog/spec/classes/rsyslog_spec.rb create mode 100644 puppet/modules/rsyslog/spec/defines/rsyslog_imfile_spec.rb create mode 100644 puppet/modules/rsyslog/spec/defines/rsyslog_snippet_spec.rb create mode 100644 puppet/modules/rsyslog/spec/spec.opts create mode 100644 puppet/modules/rsyslog/spec/spec_helper.rb create mode 100644 puppet/modules/rsyslog/templates/client.conf.erb create mode 100644 puppet/modules/rsyslog/templates/database.conf.erb create mode 100644 puppet/modules/rsyslog/templates/imfile.erb create mode 100644 puppet/modules/rsyslog/templates/modload.erb create mode 100644 puppet/modules/rsyslog/templates/rsyslog.conf.erb create mode 100644 puppet/modules/rsyslog/templates/rsyslog_default.erb create mode 100644 puppet/modules/rsyslog/templates/rsyslog_default_gentoo.erb create mode 100644 puppet/modules/rsyslog/templates/rsyslog_default_rhel7.erb create mode 100644 puppet/modules/rsyslog/templates/server-default.conf.erb create mode 100644 puppet/modules/rsyslog/templates/server-hostname.conf.erb create mode 100644 puppet/modules/rsyslog/templates/server/_default-footer.conf.erb create mode 100644 puppet/modules/rsyslog/templates/server/_default-header.conf.erb create mode 100644 puppet/modules/rsyslog/tests/database.pp create mode 100644 puppet/modules/rsyslog/tests/init.pp create mode 100644 puppet/modules/rsyslog/tests/log_templates.pp create mode 100644 puppet/modules/rsyslog/tests/multiple_hosts.pp diff --git a/puppet/modules/rsyslog/.fixtures.yml b/puppet/modules/rsyslog/.fixtures.yml new file mode 100644 index 00000000..b1fb3e0c --- /dev/null +++ b/puppet/modules/rsyslog/.fixtures.yml @@ -0,0 +1,3 @@ +fixtures: + symlinks: + "rsyslog": "#{source_dir}" diff --git a/puppet/modules/rsyslog/.gemfile b/puppet/modules/rsyslog/.gemfile new file mode 100644 index 00000000..e9e12704 --- /dev/null +++ b/puppet/modules/rsyslog/.gemfile @@ -0,0 +1,14 @@ +source 'https://rubygems.org' + +group :development, :test do + gem 'rake', :require => false + gem 'puppet-lint', :require => false + gem 'rspec-puppet', :require => false + gem 'puppetlabs_spec_helper', :require => false +end + +if puppetversion = ENV['PUPPET_GEM_VERSION'] + gem 'puppet', puppetversion, :require => false +else + gem 'puppet', :require => false +end diff --git a/puppet/modules/rsyslog/.gitignore b/puppet/modules/rsyslog/.gitignore new file mode 100644 index 00000000..d51673f2 --- /dev/null +++ b/puppet/modules/rsyslog/.gitignore @@ -0,0 +1,5 @@ +pkg/ +*.swp +.forge-releng +/spec/fixtures +.DS_Store diff --git a/puppet/modules/rsyslog/.gitrepo b/puppet/modules/rsyslog/.gitrepo new file mode 100644 index 00000000..fa9db13d --- /dev/null +++ b/puppet/modules/rsyslog/.gitrepo @@ -0,0 +1,11 @@ +; DO NOT EDIT (unless you know what you are doing) +; +; This subdirectory is a git "subrepo", and this file is maintained by the +; git-subrepo command. See https://github.com/git-commands/git-subrepo#readme +; +[subrepo] + remote = https://leap.se/git/puppet_rsyslog + branch = master + commit = b8ef11c23949d12732ad5cdaebb3023ff39a297a + parent = 850a14b59444737f703686d0d1996bf09ab08e2b + cmdver = 0.3.0 diff --git a/puppet/modules/rsyslog/.travis.yml b/puppet/modules/rsyslog/.travis.yml new file mode 100644 index 00000000..bf7edebb --- /dev/null +++ b/puppet/modules/rsyslog/.travis.yml @@ -0,0 +1,56 @@ +--- +branches: + only: + - master +language: ruby +bundler_args: --without development +script: bundle exec rake spec SPEC_OPTS='--format documentation' +after_success: + - git clone -q git://github.com/puppetlabs/ghpublisher.git .forge-releng + - .forge-releng/publish +rvm: + - 1.8.7 + - 1.9.3 + - 2.0.0 + - 2.1.1 +env: + matrix: + - PUPPET_GEM_VERSION="~> 2.7.0" + - PUPPET_GEM_VERSION="~> 3.0.0" + - PUPPET_GEM_VERSION="~> 3.1.0" + - PUPPET_GEM_VERSION="~> 3.2.0" + - PUPPET_GEM_VERSION="~> 3.3.0" + - PUPPET_GEM_VERSION="~> 3.4.0" + - PUPPET_GEM_VERSION="~> 3.5.0" + global: + - PUBLISHER_LOGIN=saz + - secure: |- + EmipIx5A93xnHKwdHfuMPGNLjLz0M0wND0IyeucWhIHE+KtZ48oT+mO2XhnJSpu1DH + JaSoYgjQpCILvniWg76o+HY1bTDEP3AmUlxNFgfDAOAQfv0RHv2cEcgNxNrxsddx6S + Ks0FCvVkFgY703X+kBiYTpjP4SBzRe0y9OudSvk= +matrix: + fast_finish: true + exclude: + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 2.7.0" + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 2.7.0" + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 3.0.0" + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 3.1.0" + - rvm: 2.1.1 + env: PUPPET_GEM_VERSION="~> 2.7.0" + - rvm: 2.1.1 + env: PUPPET_GEM_VERSION="~> 3.0.0" + - rvm: 2.1.1 + env: PUPPET_GEM_VERSION="~> 3.1.0" + - rvm: 2.1.1 + env: PUPPET_GEM_VERSION="~> 3.2.0" + - rvm: 2.1.1 + env: PUPPET_GEM_VERSION="~> 3.3.0" + - rvm: 2.1.1 + env: PUPPET_GEM_VERSION="~> 3.4.0" +notifications: + email: false +gemfile: .gemfile diff --git a/puppet/modules/rsyslog/LICENSE b/puppet/modules/rsyslog/LICENSE new file mode 100644 index 00000000..d6456956 --- /dev/null +++ b/puppet/modules/rsyslog/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/puppet/modules/rsyslog/README.md b/puppet/modules/rsyslog/README.md new file mode 100644 index 00000000..d9292866 --- /dev/null +++ b/puppet/modules/rsyslog/README.md @@ -0,0 +1,202 @@ +# puppet-rsyslog [![Build Status](https://secure.travis-ci.org/saz/puppet-rsyslog.png)](https://travis-ci.org/saz/puppet-rsyslog) + +Manage rsyslog client and server via Puppet + +## REQUIREMENTS + +* Puppet >=2.6 if using parameterized classes +* Currently supports Ubuntu >=11.04 & Debian running rsyslog >=4.5 + +## USAGE + +### Client + +#### Using default values +``` + class { 'rsyslog::client': } +``` + +#### Variables and default values +``` + class { 'rsyslog::client': + log_remote => true, + spool_size => '1g', + remote_type => 'tcp', + remote_forward_format => 'RSYSLOG_ForwardFormat', + log_local => false, + log_auth_local => false, + custom_config => undef, + custom_params => undef, + server => 'log', + port => '514', + remote_servers => false, + ssl_ca => undef, + log_templates => false, + actionfiletemplate => false + } +``` +for read from file +``` + rsyslog::imfile { 'my-imfile': + file_name => '/some/file', + file_tag => 'mytag', + file_facility => 'myfacility', + } + +``` + +#### Defining custom logging templates + +The `log_templates` parameter can be used to set up custom logging templates, which can be used for local and/or remote logging. More detail on template formats can be found in the [rsyslog documentation](http://www.rsyslog.com/doc/rsyslog_conf_templates.html). + +The following examples sets up a custom logging template as per [RFC3164fmt](https://www.ietf.org/rfc/rfc3164.txt): + +```puppet +class{'rsyslog::client': + log_templates => [ + { + name => 'RFC3164fmt', + template => '<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%', + }, + ] +} +``` + +#### Logging to multiple remote servers + +The `remote_servers` parameter can be used to set up logging to multiple remote servers which are supplied as a list of key value pairs for each remote. There is an example configuration provided in `./test/multiple_hosts.pp` + +Using the `remote_servers` parameter over-rides the other remote sever parameters, and they will not be used in the client configuration file: +* `log_remote` +* `remote_type` +* `server` +* `port` + +The following example sets up three remote logging hosts for the client: + +```puppet +class{'rsyslog::client': + remote_servers => [ + { + host => 'logs.example.org', + }, + { + port => '55514', + }, + { + host => 'logs.somewhere.com', + port => '555', + pattern => '*.log', + protocol => 'tcp', + format => 'RFC3164fmt', + }, + ] +} +``` + +Each host has the following parameters: +* *host*: Sets the address or hostname of the remote logging server. Defaults to `localhost` +* *port*: Sets the port the host is listening on. Defaults to `514` +* *pattern*: Sets the pattern to match logs. Defaults to `*.*` +* *protocol*: Sets the protocol. Only recognises TCP and UDP. Defaults to UDP +* *format*: Sets the log format. Defaults to not specifying log format, which defaults to the format set by `ActionFileDefaultTemplate` in the client configuration. + +#### Logging to a MySQL or PostgreSQL database + +Events can also be logged to a MySQL or PostgreSQL database. The database needs to be deployed separately, either locally or remotely. Schema are available from the `rsyslog` source: + + * [MySQL schema](http://git.adiscon.com/?p=rsyslog.git;a=blob_plain;f=plugins/ommysql/createDB.sql) + * [PostgreSQL schema](http://git.adiscon.com/?p=rsyslog.git;a=blob_plain;f=plugins/ompgsql/createDB.sql) + +Declare the following to configure the connection: +```` + class { 'rsyslog::database': + backend => 'mysql', + server => 'localhost', + database => 'Syslog', + username => 'rsyslog', + password => 'secret', + } +```` +### Server + +#### Using default values +``` + class { 'rsyslog::server': } +``` + +#### Variables and default values +``` + class { 'rsyslog::server': + enable_tcp => true, + enable_udp => true, + enable_onefile => false, + server_dir => '/srv/log/', + custom_config => undef, + high_precision_timestamps => false, + } +``` + +Both can be installed at the same time. + +## PARAMETERS + +The following lists all the class parameters this module accepts. + + RSYSLOG::SERVER CLASS PARAMETERS VALUES DESCRIPTION + ------------------------------------------------------------------- + enable_tcp true,false Enable TCP listener. Defaults to true. + enable_udp true,false Enable UDP listener. Defaults to true. + enable_onefile true,false Only one logfile per remote host. Defaults to false. + server_dir STRING Folder where logs will be stored on the server. Defaults to '/srv/log/' + custom_config STRING Specify your own template to use for server config. Defaults to undef. Example usage: custom_config => 'rsyslog/my_config.erb' + high_precision_timestamps true,false Whether or not to use high precision timestamps. + remote_servers HASH Provides a hash of multiple remote logging servers. Check documentation. + + RSYSLOG::CLIENT CLASS PARAMETERS VALUES DESCRIPTION + ------------------------------------------------------------------- + log_remote true,false Log Remotely. Defaults to true. + spool_size STRING Max size for disk queue if remote server failed. Defaults to '1g'. + remote_type 'tcp','udp' Which protocol to use when logging remotely. Defaults to 'tcp'. + remote_forward_format STRING Which forward format for remote servers should be used. Only used if remote_servers is false. + log_local true,false Log locally. Defaults to false. + log_auth_local true,false Just log auth facility locally. Defaults to false. + custom_config STRING Specify your own template to use for client config. Defaults to undef. Example usage: custom_config => 'rsyslog/my_config.erb' + custom_params TODO TODO + server STRING Rsyslog server to log to. Will be used in the client configuration file. Only used, if remote_servers is false. + port '514' Remote server port. Only used if remote_servers is false. + remote_servers Array of hashes Array of hashes with remote servers. See documentation above. Defaults to false. + ssl_ca STRING SSL CA file location. Defaults to undef. + log_templates HASH Provides a has defining custom logging templates using the `$template` configuration parameter. + actionfiletemplate STRING If set this defines the `ActionFileDefaultTemplate` which sets the default logging format for remote and local logging. + + RSYSLOG::DATABASE CLASS PARAMETERS VALUES DESCRIPTION + ------------------------------------------------------------------- + backend 'mysql','pgsql' Database backend (MySQL or PostgreSQL). + server STRING Database server. + database STRING Database name. + username STRING Database username. + password STRING Database password. + +### Other notes + +Due to a missing feature in current RELP versions (InputRELPServerBindRuleset option), +remote logging is using TCP. You can switch between TCP and UDP. As soon as there is +a new RELP version which supports setting Rulesets, I will add support for relp back. + +By default, rsyslog::server will strip numbers from hostnames. This means the logs of +multiple servers with the same non-numerical name will be aggregrated in a single +directory. i.e. www01 www02 and www02 would all log to the www directory. + +To log each host to a seperate directory, set the custom_config parameter to +'rsyslog/server-hostname.conf.erb' + +If any of the following parameters are set to `false`, then the module will not +manage the respective package: + + gnutls_package_name + relp_package_name + rsyslog_package_name + +This can be used when using the adiscon PPA repository, that has merged rsyslog-gnutls +with the main rsyslog package. diff --git a/puppet/modules/rsyslog/Rakefile b/puppet/modules/rsyslog/Rakefile new file mode 100644 index 00000000..469b83c6 --- /dev/null +++ b/puppet/modules/rsyslog/Rakefile @@ -0,0 +1,6 @@ +require 'puppetlabs_spec_helper/rake_tasks' + +# Enable puppet-lint for all manifests: rake lint +require 'puppet-lint/tasks/puppet-lint' +PuppetLint.configuration.send("disable_80chars") # no warnings on lines over 80 chars. +PuppetLint.configuration.ignore_paths = ["spec/fixtures/**/*.pp"] diff --git a/puppet/modules/rsyslog/lib/facter/rsyslog_version.rb b/puppet/modules/rsyslog/lib/facter/rsyslog_version.rb new file mode 100644 index 00000000..de8531e8 --- /dev/null +++ b/puppet/modules/rsyslog/lib/facter/rsyslog_version.rb @@ -0,0 +1,38 @@ +# Fact: :syslog_package +# +# Purpose: retrieve installed rsyslog version +# + +Facter.add(:rsyslog_version) do + setcode do + osfamily = Facter.value('osfamily') + case osfamily + when "Debian" + command='/usr/bin/dpkg-query -f \'${Status};${Version};\' -W rsyslog 2>/dev/null' + version = Facter::Util::Resolution.exec(command) + if version =~ /.*install ok installed;([^;]+);.*/ + $1 + else + nil + end + when "RedHat", "Suse" + command='rpm -qa --qf "%{VERSION}" "rsyslog"' + version = Facter::Util::Resolution.exec(command) + if version =~ /^(.+)$/ + $1 + else + nil + end + when "FreeBSD" + command='pkg query %v rsyslog' + version = Facter::Util::Resolution.exec(command) + if version =~ /^(.+)$/ + $1 + else + nil + end + else + nil + end + end +end diff --git a/puppet/modules/rsyslog/manifests/client.pp b/puppet/modules/rsyslog/manifests/client.pp new file mode 100644 index 00000000..193aa336 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/client.pp @@ -0,0 +1,64 @@ +# == Class: rsyslog::client +# +# Full description of class role here. +# +# === Parameters +# +# [*log_remote*] +# [*spool_size*] +# [*remote_type*] +# [*remote_forward_format*] +# [*log_local*] +# [*log_auth_local*] +# [*custom_config*] +# [*custom_params*] +# [*server*] +# [*port*] +# [*remote_servers*] +# [*ssl_ca*] +# [*log_templates*] +# [*actionfiletemplate*] +# +# === Variables +# +# === Examples +# +# class { 'rsyslog::client': } +# +class rsyslog::client ( + $log_remote = true, + $spool_size = '1g', + $remote_type = 'tcp', + $remote_forward_format = 'RSYSLOG_ForwardFormat', + $log_local = false, + $log_auth_local = false, + $custom_config = undef, + $custom_params = undef, + $server = 'log', + $port = '514', + $remote_servers = false, + $ssl_ca = undef, + $log_templates = false, + $actionfiletemplate = false +) inherits rsyslog { + + if $custom_config { + $content_real = template($custom_config) + } else { + $content_real = template("${module_name}/client.conf.erb") + } + + rsyslog::snippet { $rsyslog::client_conf: + ensure => present, + content => $content_real, + } + + if $rsyslog::ssl and $ssl_ca == undef { + fail('You need to define $ssl_ca in order to use SSL.') + } + + if $rsyslog::ssl and $remote_type != 'tcp' { + fail('You need to enable tcp in order to use SSL.') + } + +} diff --git a/puppet/modules/rsyslog/manifests/config.pp b/puppet/modules/rsyslog/manifests/config.pp new file mode 100644 index 00000000..1aebe47b --- /dev/null +++ b/puppet/modules/rsyslog/manifests/config.pp @@ -0,0 +1,51 @@ +# == Class: rsyslog::config +# +# Full description of class role here. +# +# === Parameters +# +# === Variables +# +# === Examples +# +# class { 'rsyslog::config': } +# +class rsyslog::config { + file { $rsyslog::rsyslog_d: + ensure => directory, + owner => 'root', + group => $rsyslog::run_group, + purge => $rsyslog::purge_rsyslog_d, + recurse => true, + force => true, + require => Class['rsyslog::install'], + } + + file { $rsyslog::rsyslog_conf: + ensure => file, + owner => 'root', + group => $rsyslog::run_group, + content => template("${module_name}/rsyslog.conf.erb"), + require => Class['rsyslog::install'], + notify => Class['rsyslog::service'], + } + + file { $rsyslog::rsyslog_default: + ensure => file, + owner => 'root', + group => $rsyslog::run_group, + content => template("${module_name}/${rsyslog::rsyslog_default_file}.erb"), + require => Class['rsyslog::install'], + notify => Class['rsyslog::service'], + } + + file { $rsyslog::spool_dir: + ensure => directory, + owner => 'root', + group => $rsyslog::run_group, + seltype => 'syslogd_var_lib_t', + require => Class['rsyslog::install'], + notify => Class['rsyslog::service'], + } + +} diff --git a/puppet/modules/rsyslog/manifests/database.pp b/puppet/modules/rsyslog/manifests/database.pp new file mode 100644 index 00000000..fe6d6ac8 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/database.pp @@ -0,0 +1,57 @@ +# == Class: rsyslog::database +# +# Full description of class role here. +# +# === Parameters +# +# [*backend*] - Which backend server to use (mysql|pgsql) +# [*server*] - Server hostname +# [*database*] - Database name +# [*username*] - Database username +# [*password*] - Database password +# +# === Variables +# +# === Examples +# +# class { 'rsyslog::database': +# backend => 'mysql', +# server => 'localhost', +# database => 'mydb', +# username => 'myuser', +# password => 'mypass', +# } +# +class rsyslog::database ( + $backend, + $server, + $database, + $username, + $password +) inherits rsyslog { + + $db_module = "om${backend}" + $db_conf = "${rsyslog::rsyslog_d}${backend}.conf" + + case $backend { + mysql: { $db_package = $rsyslog::mysql_package_name } + pgsql: { $db_package = $rsyslog::pgsql_package_name } + default: { fail("Unsupported backend: ${backend}. Only MySQL (mysql) and PostgreSQL (pgsql) are supported.") } + } + + package { $db_package: + ensure => $rsyslog::package_status, + before => File[$db_conf], + } + + file { $db_conf: + ensure => present, + owner => 'root', + group => $rsyslog::run_group, + mode => '0600', + content => template("${module_name}/database.conf.erb"), + require => Class['rsyslog::config'], + notify => Class['rsyslog::service'], + } + +} diff --git a/puppet/modules/rsyslog/manifests/imfile.pp b/puppet/modules/rsyslog/manifests/imfile.pp new file mode 100644 index 00000000..bd0afa36 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/imfile.pp @@ -0,0 +1,48 @@ +# == Define: rsyslog::imfile +# +# Full description of class role here. +# +# === Parameters +# +# [*file_name*] +# [*file_tag*] +# [*file_facility*] +# [*polling_interval*] +# [*file_severity*] +# [*run_file_monitor*] +# [*persist_state_interval] +# +# === Variables +# +# === Examples +# +# rsyslog::imfile { 'my-imfile': +# file_name => '/some/file', +# file_tag => 'mytag', +# file_facility => 'myfacility', +# } +# +define rsyslog::imfile( + $file_name, + $file_tag, + $file_facility, + $polling_interval = 10, + $file_severity = 'notice', + $run_file_monitor = true, + $persist_state_interval = 0, +) { + + + include rsyslog + $extra_modules = $rsyslog::extra_modules + + file { "${rsyslog::rsyslog_d}${name}.conf": + ensure => file, + owner => 'root', + group => $rsyslog::run_group, + content => template('rsyslog/imfile.erb'), + require => Class['rsyslog::install'], + notify => Class['rsyslog::service'], + } + +} diff --git a/puppet/modules/rsyslog/manifests/init.pp b/puppet/modules/rsyslog/manifests/init.pp new file mode 100644 index 00000000..76d61023 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/init.pp @@ -0,0 +1,54 @@ +# == Class: rsyslog +# +# Meta class to install rsyslog with a basic configuration. +# You probably want rsyslog::client or rsyslog::server +# +# === Parameters +# +# === Variables +# +# === Examples +# +# class { 'rsyslog': } +# +class rsyslog ( + $rsyslog_package_name = $rsyslog::params::rsyslog_package_name, + $relp_package_name = $rsyslog::params::relp_package_name, + $mysql_package_name = $rsyslog::params::mysql_package_name, + $pgsql_package_name = $rsyslog::params::pgsql_package_name, + $gnutls_package_name = $rsyslog::params::gnutls_package_name, + $package_status = $rsyslog::params::package_status, + $rsyslog_d = $rsyslog::params::rsyslog_d, + $purge_rsyslog_d = $rsyslog::params::purge_rsyslog_d, + $rsyslog_conf = $rsyslog::params::rsyslog_conf, + $rsyslog_default = $rsyslog::params::rsyslog_default, + $rsyslog_default_file = $rsyslog::params::default_config_file, + $run_user = $rsyslog::params::run_user, + $run_group = $rsyslog::params::run_group, + $log_user = $rsyslog::params::log_user, + $log_group = $rsyslog::params::log_group, + $log_style = $rsyslog::params::log_style, + $umask = $rsyslog::params::umask, + $perm_file = $rsyslog::params::perm_file, + $perm_dir = $rsyslog::params::perm_dir, + $spool_dir = $rsyslog::params::spool_dir, + $service_name = $rsyslog::params::service_name, + $service_hasrestart = $rsyslog::params::service_hasrestart, + $service_hasstatus = $rsyslog::params::service_hasstatus, + $client_conf = $rsyslog::params::client_conf, + $server_conf = $rsyslog::params::server_conf, + $ssl = $rsyslog::params::ssl, + $modules = $rsyslog::params::modules, + $preserve_fqdn = $rsyslog::params::preserve_fqdn, + $max_message_size = $rsyslog::params::max_message_size, + $extra_modules = $rsyslog::params::extra_modules +) inherits rsyslog::params { + class { 'rsyslog::install': } + class { 'rsyslog::config': } + + if $extra_modules != [] { + class { 'rsyslog::modload': } + } + + class { 'rsyslog::service': } +} diff --git a/puppet/modules/rsyslog/manifests/install.pp b/puppet/modules/rsyslog/manifests/install.pp new file mode 100644 index 00000000..9798b3f4 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/install.pp @@ -0,0 +1,32 @@ +# == Class: rsyslog::install +# +# This class makes sure that the required packages are installed +# +# === Parameters +# +# === Variables +# +# === Examples +# +# class { 'rsyslog::install': } +# +class rsyslog::install { + if $rsyslog::rsyslog_package_name != false { + package { $rsyslog::rsyslog_package_name: + ensure => $rsyslog::package_status, + } + } + + if $rsyslog::relp_package_name != false { + package { $rsyslog::relp_package_name: + ensure => $rsyslog::package_status + } + } + + if $rsyslog::gnutls_package_name != false { + package { $rsyslog::gnutls_package_name: + ensure => $rsyslog::package_status + } + } + +} diff --git a/puppet/modules/rsyslog/manifests/modload.pp b/puppet/modules/rsyslog/manifests/modload.pp new file mode 100644 index 00000000..7a838af1 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/modload.pp @@ -0,0 +1,15 @@ +# == Class: rsyslog::modload +# + +class rsyslog::modload ( + $modload_filename = '10-modload.conf', +) { + file { "${rsyslog::rsyslog_d}${modload_filename}": + ensure => file, + owner => 'root', + group => $rsyslog::run_group, + content => template('rsyslog/modload.erb'), + require => Class['rsyslog::install'], + notify => Class['rsyslog::service'], + } +} diff --git a/puppet/modules/rsyslog/manifests/params.pp b/puppet/modules/rsyslog/manifests/params.pp new file mode 100644 index 00000000..12a67cef --- /dev/null +++ b/puppet/modules/rsyslog/manifests/params.pp @@ -0,0 +1,222 @@ +# == Class: rsyslog::params +# +# This defines default configuration values for rsyslog. +# You don't want to use it directly. +# +# === Parameters +# +# === Variables +# +# === Examples +# +# class { 'rsyslog::params': } +# +class rsyslog::params { + + $max_message_size = '2k' + $purge_rsyslog_d = false + $extra_modules = [] + $run_user = 'root' + $log_user = 'root' + $preserve_fqdn = false + + case $::osfamily { + debian: { + $rsyslog_package_name = 'rsyslog' + $relp_package_name = 'rsyslog-relp' + $mysql_package_name = 'rsyslog-mysql' + $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = 'rsyslog-gnutls' + $package_status = 'latest' + $rsyslog_d = '/etc/rsyslog.d/' + $rsyslog_conf = '/etc/rsyslog.conf' + $rsyslog_default = '/etc/default/rsyslog' + $default_config_file = 'rsyslog_default' + $run_group = 'root' + $log_group = 'adm' + $log_style = 'debian' + $umask = false + $perm_file = '0640' + $perm_dir = '0755' + $spool_dir = '/var/spool/rsyslog' + $service_name = 'rsyslog' + $client_conf = 'client' + $server_conf = 'server' + $ssl = false + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + $service_hasrestart = true + $service_hasstatus = true + + } + redhat: { + if $::operatingsystem == 'Amazon' { + $rsyslog_package_name = 'rsyslog' + $mysql_package_name = 'rsyslog-mysql' + $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = 'rsyslog-gnutls' + $relp_package_name = false + $default_config_file = 'rsyslog_default' + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + } + elsif $::operatingsystemmajrelease == 6 { + $rsyslog_package_name = 'rsyslog' + $mysql_package_name = 'rsyslog-mysql' + $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = 'rsyslog-gnutls' + $relp_package_name = 'rsyslog-relp' + $default_config_file = 'rsyslog_default' + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + } + elsif $::operatingsystemmajrelease >= 7 { + $rsyslog_package_name = 'rsyslog' + $mysql_package_name = 'rsyslog-mysql' + $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = 'rsyslog-gnutls' + $relp_package_name = 'rsyslog-relp' + $default_config_file = 'rsyslog_default_rhel7' + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imjournal # provides access to the systemd journal', + '#$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + } else { + $rsyslog_package_name = 'rsyslog5' + $mysql_package_name = 'rsyslog5-mysql' + $pgsql_package_name = 'rsyslog5-pgsql' + $gnutls_package_name = 'rsyslog5-gnutls' + $relp_package_name = 'librelp' + $default_config_file = 'rsyslog_default' + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + } + $package_status = 'latest' + $rsyslog_d = '/etc/rsyslog.d/' + $rsyslog_conf = '/etc/rsyslog.conf' + $rsyslog_default = '/etc/sysconfig/rsyslog' + $run_group = 'root' + $log_group = 'root' + $log_style = 'redhat' + $umask = '0000' + $perm_file = '0600' + $perm_dir = '0750' + $spool_dir = '/var/lib/rsyslog' + $service_name = 'rsyslog' + $client_conf = 'client' + $server_conf = 'server' + $ssl = false + $service_hasrestart = true + $service_hasstatus = true + } + suse: { + $rsyslog_package_name = 'rsyslog' + $relp_package_name = false + $mysql_package_name = false + $pgsql_package_name = false + $gnutls_package_name = false + $package_status = 'latest' + $rsyslog_d = '/etc/rsyslog.d/' + $rsyslog_conf = '/etc/rsyslog.conf' + $rsyslog_default = '/etc/sysconfig/syslog' + $run_group = 'root' + $log_group = 'root' + $log_style = 'debian' + $umask = false + $perm_file = '0600' + $perm_dir = '0750' + $spool_dir = '/var/spool/rsyslog/' + $service_name = 'syslog' + $client_conf = 'client' + $server_conf = 'server' + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + } + freebsd: { + $rsyslog_package_name = 'sysutils/rsyslog5' + $relp_package_name = 'sysutils/rsyslog5-relp' + $mysql_package_name = 'sysutils/rsyslog5-mysql' + $pgsql_package_name = 'sysutils/rsyslog5-pgsql' + $gnutls_package_name = 'sysutils/rsyslog5-gnutls' + $package_status = 'present' + $rsyslog_d = '/etc/syslog.d/' + $rsyslog_conf = '/etc/syslog.conf' + $rsyslog_default = '/etc/defaults/syslogd' + $default_config_file = 'rsyslog_default' + $run_group = 'wheel' + $log_group = 'wheel' + $log_style = 'debian' + $umask = false + $perm_file = '0640' + $perm_dir = '0755' + $spool_dir = '/var/spool/syslog' + $service_name = 'syslogd' + $client_conf = 'client' + $server_conf = 'server' + $ssl = false + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + $service_hasrestart = true + $service_hasstatus = true + } + + default: { + case $::operatingsystem { + gentoo: { + $rsyslog_package_name = 'app-admin/rsyslog' + $relp_package_name = false + $mysql_package_name = 'rsyslog-mysql' + $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = false + $package_status = 'latest' + $rsyslog_d = '/etc/rsyslog.d/' + $rsyslog_conf = '/etc/rsyslog.conf' + $rsyslog_default = '/etc/conf.d/rsyslog' + $default_config_file = 'rsyslog_default_gentoo' + $run_group = 'root' + $log_group = 'adm' + $log_style = 'debian' + $umask = false + $perm_file = '0640' + $perm_dir = '0755' + $spool_dir = '/var/spool/rsyslog' + $service_name = 'rsyslog' + $client_conf = 'client' + $server_conf = 'server' + $ssl = false + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '#$ModLoad immark # provides --MARK-- message capability', + ] + $service_hasrestart = true + $service_hasstatus = true + + } + default: { + fail("The ${module_name} module is not supported on ${::osfamily}/${::operatingsystem}.") + } + } + } + } +} diff --git a/puppet/modules/rsyslog/manifests/server.pp b/puppet/modules/rsyslog/manifests/server.pp new file mode 100644 index 00000000..13ee56de --- /dev/null +++ b/puppet/modules/rsyslog/manifests/server.pp @@ -0,0 +1,70 @@ +# == Class: rsyslog::server +# +# This class configures rsyslog for a server role. +# +# === Parameters +# +# [*enable_tcp*] +# [*enable_udp*] +# [*enable_onefile*] +# [*server_dir*] +# [*custom_config*] +# [*high_precision_timestamps*] +# [*ssl_ca*] +# [*ssl_cert*] +# [*ssl_key*] +# +# === Variables +# +# === Examples +# +# Defaults +# +# class { 'rsyslog::server': } +# +# Create seperate directory per host +# +# class { 'rsyslog::server': +# custom_config => 'rsyslog/server-hostname.conf.erb' +# } +# +class rsyslog::server ( + $enable_tcp = true, + $enable_udp = true, + $enable_onefile = false, + $server_dir = '/srv/log/', + $custom_config = undef, + $port = '514', + $high_precision_timestamps = false, + $ssl_ca = undef, + $ssl_cert = undef, + $ssl_key = undef, + $rotate = undef +) inherits rsyslog { + + ### Logrotate policy + $logpath = $rotate ? { + 'year' => '/%$YEAR%/', + 'YEAR' => '/%$YEAR%/', + 'month' => '/%$YEAR%/%$MONTH%/', + 'MONTH' => '/%$YEAR%/%$MONTH%/', + 'day' => '/%$YEAR%/%$MONTH%/%$DAY%/', + 'DAY' => '/%$YEAR%/%$MONTH%/%$DAY%/', + default => '/', + } + + if $custom_config { + $real_content = template($custom_config) + } else { + $real_content = template("${module_name}/server-default.conf.erb") + } + + rsyslog::snippet { $rsyslog::server_conf: + ensure => present, + content => $real_content, + } + + if $rsyslog::ssl and (!$enable_tcp or $ssl_ca == undef or $ssl_cert == undef or $ssl_key == undef) { + fail('You need to define all the ssl options and enable tcp in order to use SSL.') + } +} diff --git a/puppet/modules/rsyslog/manifests/service.pp b/puppet/modules/rsyslog/manifests/service.pp new file mode 100644 index 00000000..4be19999 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/service.pp @@ -0,0 +1,21 @@ +# == Class: rsyslog::service +# +# This class enforces running of the rsyslog service. +# +# === Parameters +# +# === Variables +# +# === Examples +# +# class { 'rsyslog::service': } +# +class rsyslog::service { + service { $rsyslog::service_name: + ensure => running, + enable => true, + hasstatus => $rsyslog::service_hasstatus, + hasrestart => $rsyslog::service_hasrestart, + require => Class['rsyslog::config'], + } +} diff --git a/puppet/modules/rsyslog/manifests/snippet.pp b/puppet/modules/rsyslog/manifests/snippet.pp new file mode 100644 index 00000000..f6383963 --- /dev/null +++ b/puppet/modules/rsyslog/manifests/snippet.pp @@ -0,0 +1,35 @@ +# == Define: rsyslog::snippet +# +# This class allows for you to create a rsyslog configuration file with +# whatever content you pass in. +# +# === Parameters +# +# [*content*] - The actual content to place in the file. +# [*ensure*] - How to enforce the file (default: present) +# +# === Variables +# +# === Examples +# +# rsyslog::snippet { 'my-rsyslog-config': +# content => '', +# } +# +define rsyslog::snippet( + $content, + $ensure = 'present' +) { + + include rsyslog + + file { "${rsyslog::rsyslog_d}${name}.conf": + ensure => $ensure, + owner => $rsyslog::run_user, + group => $rsyslog::run_group, + content => "# This file is managed by Puppet, changes may be overwritten\n${content}\n", + require => Class['rsyslog::config'], + notify => Class['rsyslog::service'], + } + +} diff --git a/puppet/modules/rsyslog/metadata.json b/puppet/modules/rsyslog/metadata.json new file mode 100644 index 00000000..c9338eef --- /dev/null +++ b/puppet/modules/rsyslog/metadata.json @@ -0,0 +1,62 @@ +{ + "name": "saz-rsyslog", + "version": "3.4.0", + "author": "saz", + "summary": "Manage rsyslog client and server", + "license": "Apache License, Version 2.0", + "source": "https://github.com/saz/puppet-rsyslog.git", + "project_page": "https://github.com/saz/puppet-rsyslog", + "issues_url": "https://github.com/saz/puppet-rsyslog/issues", + "operatingsystem_support": [ + { + "operatingsystem": "RedHat" + }, + { + "operatingsystem": "Amazon" + }, + { + "operatingsystem": "CentOS" + }, + { + "operatingsystem": "SuSe" + }, + { + "operatingsystem": "SLES" + }, + { + "operatingsystem": "OracleLinux" + }, + { + "operatingsystem": "Scientific" + }, + { + "operatingsystem": "Debian" + }, + { + "operatingsystem": "Ubuntu" + }, + { + "operatingsystem": "FreeBSD" + }, + { + "operatingsystem": "Gentoo" + } + ], + "requirements": [ + { + "name": "pe", + "version_requirement": ">= 3.2.0 < 3.4.0" + }, + { + "name": "puppet", + "version_requirement": "3.x" + } + ], + "description": "Manage rsyslog client and server via Puppet", + "types": [ + + ], + "dependencies": [ + + ] +} diff --git a/puppet/modules/rsyslog/spec/classes/rsyslog_client_spec.rb b/puppet/modules/rsyslog/spec/classes/rsyslog_client_spec.rb new file mode 100644 index 00000000..82865db9 --- /dev/null +++ b/puppet/modules/rsyslog/spec/classes/rsyslog_client_spec.rb @@ -0,0 +1,146 @@ +require 'spec_helper' + +describe 'rsyslog::client', :type => :class do + + context "Rsyslog version >= 8" do + let(:default_facts) do + { + :rsyslog_version => '8.1.2' + } + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-client-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/client.conf') + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-client-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/client.conf') + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-client-basic' } + + it 'should compile' do + should contain_file('/etc/syslog.d/client.conf') + end + end + end + end + + context "Rsyslog version =< 8" do + let(:default_facts) do + { + :rsyslog_version => '7.1.2' + } + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-client-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/client.conf') + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-client-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/client.conf') + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-client-basic' } + + it 'should compile' do + should contain_file('/etc/syslog.d/client.conf') + end + end + end + end + + context "Rsyslog version = nil" do + let(:default_facts) do + { + :rsyslog_version => nil + } + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-client-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/client.conf') + end + end + end + end +end diff --git a/puppet/modules/rsyslog/spec/classes/rsyslog_database_spec.rb b/puppet/modules/rsyslog/spec/classes/rsyslog_database_spec.rb new file mode 100644 index 00000000..0421135a --- /dev/null +++ b/puppet/modules/rsyslog/spec/classes/rsyslog_database_spec.rb @@ -0,0 +1,308 @@ +require 'spec_helper' + +describe 'rsyslog::database', :type => :class do + + context "Rsyslog version >= 8" do + let(:default_facts) do + { + :rsyslog_version => '8.1.2' + } + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage mysql (osfamily = RedHat)" do + let(:title) { 'rsyslog-database-mysql' } + + let (:params) { + { + 'backend' => 'mysql', + 'server' => 'localhost', + 'database' => 'rsyslog', + 'username' => 'us3rname', + 'password' => 'passw0rd', + } + } + + it 'should compile' do + should contain_package('rsyslog-mysql') + should contain_file('/etc/rsyslog.d/mysql.conf') + end + end + + context "default usage pgsql (osfamily = RedHat)" do + let(:title) { 'rsyslog-database-pgsql' } + + let (:params) { + { + 'backend' => 'pgsql', + 'server' => 'localhost', + 'database' => 'rsyslog', + 'username' => 'us3rname', + 'password' => 'passw0rd', + } + } + + it 'should compile' do + should contain_package('rsyslog-pgsql') + should contain_file('/etc/rsyslog.d/pgsql.conf') + end + end + end + + + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + context "default usage mysql (osfamily = Debian)" do + let(:title) { 'rsyslog-database-mysql' } + + let (:params) { + { + 'backend' => 'mysql', + 'server' => 'localhost', + 'database' => 'rsyslog', + 'username' => 'us3rname', + 'password' => 'passw0rd', + } + } + + it 'should compile' do + should contain_package('rsyslog-mysql') + should contain_file('/etc/rsyslog.d/mysql.conf') + end + end + + context "default usage pgsql (osfamily = Debian)" do + let(:title) { 'rsyslog-database-pgsql' } + + let (:params) { + { + 'backend' => 'pgsql', + 'server' => 'localhost', + 'database' => 'rsyslog', + 'username' => 'us3rname', + 'password' => 'passw0rd', + } + } + + it 'should compile' do + should contain_package('rsyslog-pgsql') + should contain_file('/etc/rsyslog.d/pgsql.conf') + end + end + end + + + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage mysql (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-database-mysql' } + + let (:params) { + { + 'backend' => 'mysql', + 'server' => 'localhost', + 'database' => 'rsyslog', + 'username' => 'us3rname', + 'password' => 'passw0rd', + } + } + + it 'should compile' do + should contain_package('sysutils/rsyslog5-mysql') + should contain_file('/etc/syslog.d/mysql.conf') + end + end + + context "default usage pgsql (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-database-pgsql' } + + let (:params) { + { + 'backend' => 'pgsql', + 'server' => 'localhost', + 'database' => 'rsyslog', + 'username' => 'us3rname', + 'password' => 'passw0rd', + } + } + + it 'should compile' do + should contain_package('sysutils/rsyslog5-pgsql') + should contain_file('/etc/syslog.d/pgsql.conf') + end + end + end + end + + context "Rsyslog version =< 8" do + let(:default_facts) do + { + :rsyslog_version => '7.1.2' + } + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage mysql (osfamily = RedHat)" do + let(:title) { 'rsyslog-database-mysql' } + + let (:params) { + { + 'backend' => 'mysql', + 'server' => 'localhost', + 'database' => 'rsyslog', + 'username' => 'us3rname', + 'password' => 'passw0rd', + } + } + + it 'should compile' do + should contain_package('rsyslog-mysql') + should contain_file('/etc/rsyslog.d/mysql.conf') + end + end + + context "default usage pgsql (osfamily = RedHat)" do + let(:title) { 'rsyslog-database-pgsql' } + + let (:params) { + { + 'backend' => 'pgsql', + 'server' => 'localhost', + 'database' => 'rsyslog', + 'username' => 'us3rname', + 'password' => 'passw0rd', + } + } + + it 'should compile' do + should contain_package('rsyslog-pgsql') + should contain_file('/etc/rsyslog.d/pgsql.conf') + end + end + end + + + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + context "default usage mysql (osfamily = Debian)" do + let(:title) { 'rsyslog-database-mysql' } + + let (:params) { + { + 'backend' => 'mysql', + 'server' => 'localhost', + 'database' => 'rsyslog', + 'username' => 'us3rname', + 'password' => 'passw0rd', + } + } + + it 'should compile' do + should contain_package('rsyslog-mysql') + should contain_file('/etc/rsyslog.d/mysql.conf') + end + end + + context "default usage pgsql (osfamily = Debian)" do + let(:title) { 'rsyslog-database-pgsql' } + + let (:params) { + { + 'backend' => 'pgsql', + 'server' => 'localhost', + 'database' => 'rsyslog', + 'username' => 'us3rname', + 'password' => 'passw0rd', + } + } + + it 'should compile' do + should contain_package('rsyslog-pgsql') + should contain_file('/etc/rsyslog.d/pgsql.conf') + end + end + end + + + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage mysql (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-database-mysql' } + + let (:params) { + { + 'backend' => 'mysql', + 'server' => 'localhost', + 'database' => 'rsyslog', + 'username' => 'us3rname', + 'password' => 'passw0rd', + } + } + + it 'should compile' do + should contain_package('sysutils/rsyslog5-mysql') + should contain_file('/etc/syslog.d/mysql.conf') + end + end + + context "default usage pgsql (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-database-pgsql' } + + let (:params) { + { + 'backend' => 'pgsql', + 'server' => 'localhost', + 'database' => 'rsyslog', + 'username' => 'us3rname', + 'password' => 'passw0rd', + } + } + + it 'should compile' do + should contain_package('sysutils/rsyslog5-pgsql') + should contain_file('/etc/syslog.d/pgsql.conf') + end + end + end + end +end diff --git a/puppet/modules/rsyslog/spec/classes/rsyslog_server_spec.rb b/puppet/modules/rsyslog/spec/classes/rsyslog_server_spec.rb new file mode 100644 index 00000000..8f57656b --- /dev/null +++ b/puppet/modules/rsyslog/spec/classes/rsyslog_server_spec.rb @@ -0,0 +1,182 @@ +require 'spec_helper' + +describe 'rsyslog::server', :type => :class do + + context "Rsyslog version >= 8" do + let(:default_facts) do + { + :rsyslog_version => '8.1.2' + } + end + + ['RedHat', 'Debian'].each do |osfamily| + context "osfamily = #{osfamily}" do + let :facts do + default_facts.merge!({ + :osfamily => osfamily, + :operatingsystem => osfamily, + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = #{osfamily})" do + let(:title) { 'rsyslog-server-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/auth.log/) + should contain_file('/etc/rsyslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/messages/) + end + end + + context "enable_onefile (osfamily = #{osfamily})" do + let(:title) { 'rsyslog-server-onefile' } + let(:params) { {'enable_onefile' => 'true'} } + + it 'should compile' do + should_not contain_file('/etc/rsyslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/auth.log/) + should contain_file('/etc/rsyslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/messages/) + end + end + + context "hostname_template (osfamily = #{osfamily})" do + let(:title) { 'rsyslog-server-onefile' } + let(:params) { {'custom_config' => 'rsyslog/server-hostname.conf.erb'} } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/server.conf').with_content(/%hostname%\/auth.log/) + should contain_file('/etc/rsyslog.d/server.conf').with_content(/%hostname%\/messages/) + end + end + + end + end + + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-server-basic' } + + it 'should compile' do + should contain_file('/etc/syslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/auth.log/) + should contain_file('/etc/syslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/messages/) + end + end + + context "enable_onefile (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-server-onefile' } + let(:params) { {'enable_onefile' => 'true'} } + + it 'should compile' do + should_not contain_file('/etc/syslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/auth.log/) + should contain_file('/etc/syslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/messages/) + end + end + + context "hostname_template (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-server-onefile' } + let(:params) { {'custom_config' => 'rsyslog/server-hostname.conf.erb'} } + + it 'should compile' do + should contain_file('/etc/syslog.d/server.conf').with_content(/%hostname%\/auth.log/) + should contain_file('/etc/syslog.d/server.conf').with_content(/%hostname%\/messages/) + end + end + + end + end + + context "Rsyslog version =< 8" do + let(:default_facts) do + { + :rsyslog_version => '7.1.2' + } + end + + ['RedHat', 'Debian'].each do |osfamily| + context "osfamily = #{osfamily}" do + let :facts do + default_facts.merge!({ + :osfamily => osfamily, + :operatingsystem => osfamily, + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = #{osfamily})" do + let(:title) { 'rsyslog-server-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/auth.log/) + should contain_file('/etc/rsyslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/messages/) + end + end + + context "enable_onefile (osfamily = #{osfamily})" do + let(:title) { 'rsyslog-server-onefile' } + let(:params) { {'enable_onefile' => 'true'} } + + it 'should compile' do + should_not contain_file('/etc/rsyslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/auth.log/) + should contain_file('/etc/rsyslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/messages/) + end + end + + context "hostname_template (osfamily = #{osfamily})" do + let(:title) { 'rsyslog-server-onefile' } + let(:params) { {'custom_config' => 'rsyslog/server-hostname.conf.erb'} } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/server.conf').with_content(/%hostname%\/auth.log/) + should contain_file('/etc/rsyslog.d/server.conf').with_content(/%hostname%\/messages/) + end + end + + end + end + + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-server-basic' } + + it 'should compile' do + should contain_file('/etc/syslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/auth.log/) + should contain_file('/etc/syslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/messages/) + end + end + + context "enable_onefile (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-server-onefile' } + let(:params) { {'enable_onefile' => 'true'} } + + it 'should compile' do + should_not contain_file('/etc/syslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/auth.log/) + should contain_file('/etc/syslog.d/server.conf').with_content(/\(\[A-Za-z-\]\*\)--end%\/messages/) + end + end + + context "hostname_template (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-server-onefile' } + let(:params) { {'custom_config' => 'rsyslog/server-hostname.conf.erb'} } + + it 'should compile' do + should contain_file('/etc/syslog.d/server.conf').with_content(/%hostname%\/auth.log/) + should contain_file('/etc/syslog.d/server.conf').with_content(/%hostname%\/messages/) + end + end + + end + end +end # describe 'rsyslog::server' diff --git a/puppet/modules/rsyslog/spec/classes/rsyslog_spec.rb b/puppet/modules/rsyslog/spec/classes/rsyslog_spec.rb new file mode 100644 index 00000000..344d7174 --- /dev/null +++ b/puppet/modules/rsyslog/spec/classes/rsyslog_spec.rb @@ -0,0 +1,469 @@ +require 'spec_helper' + +describe 'rsyslog', :type => :class do + + context "Rsyslog version >= 8" do + let(:default_facts) do + { + :rsyslog_version => '8.1.2' + } + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-basic' } + + it 'should compile' do + should contain_class('rsyslog::install') + should contain_class('rsyslog::config') + should contain_class('rsyslog::service') + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-basic' } + + it 'should compile' do + should contain_class('rsyslog::install') + should contain_class('rsyslog::config') + should contain_class('rsyslog::service') + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-basic' } + + it 'should compile' do + should contain_class('rsyslog::install') + should contain_class('rsyslog::config') + should contain_class('rsyslog::service') + end + end + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.conf') + should contain_file('/etc/rsyslog.d/') + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.conf') + should contain_file('/etc/rsyslog.d/') + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-basic' } + + it 'should compile' do + should contain_file('/etc/syslog.conf') + should contain_file('/etc/syslog.d/') + end + end + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-install-basic' } + + it 'should compile' do + should contain_package('rsyslog') + should contain_package('rsyslog-relp') + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-install-basic' } + + it 'should compile' do + should contain_package('rsyslog') + should contain_package('rsyslog-relp') + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-install-basic' } + + it 'should compile' do + should contain_package('sysutils/rsyslog5') + should contain_package('sysutils/rsyslog5-relp') + end + end + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-service-basic' } + + it 'should compile' do + should contain_service('rsyslog') + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-service-basic' } + + it 'should compile' do + should contain_service('rsyslog') + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-service-basic' } + + it 'should compile' do + should contain_service('syslogd') + end + end + end + end + + context "Rsyslog version =< 8" do + let(:default_facts) do + { + :rsyslog_version => '7.1.2' + } + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-basic' } + + it 'should compile' do + should contain_class('rsyslog::install') + should contain_class('rsyslog::config') + should contain_class('rsyslog::service') + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-basic' } + + it 'should compile' do + should contain_class('rsyslog::install') + should contain_class('rsyslog::config') + should contain_class('rsyslog::service') + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage (osfamily = FreeBSD)" do + let(:title) { 'rsyslog-basic' } + + it 'should compile' do + should contain_class('rsyslog::install') + should contain_class('rsyslog::config') + should contain_class('rsyslog::service') + end + end + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.conf') + should contain_file('/etc/rsyslog.d/') + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.conf') + should contain_file('/etc/rsyslog.d/') + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-basic' } + + it 'should compile' do + should contain_file('/etc/syslog.conf') + should contain_file('/etc/syslog.d/') + end + end + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-install-basic' } + + it 'should compile' do + should contain_package('rsyslog') + should contain_package('rsyslog-relp') + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-install-basic' } + + it 'should compile' do + should contain_package('rsyslog') + should contain_package('rsyslog-relp') + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-install-basic' } + + it 'should compile' do + should contain_package('sysutils/rsyslog5') + should contain_package('sysutils/rsyslog5-relp') + end + end + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-service-basic' } + + it 'should compile' do + should contain_service('rsyslog') + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-service-basic' } + + it 'should compile' do + should contain_service('rsyslog') + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-service-basic' } + + it 'should compile' do + should contain_service('syslogd') + end + end + end + end + + context "Rsyslog version >= 8" do + let(:default_facts) do + { + :rsyslog_version => nil + } + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + context "default usage (osfamily = RedHat)" do + it 'should compile' do + should contain_file('/etc/rsyslog.conf') + should contain_file('/etc/rsyslog.d/') + end + end + end + end +end diff --git a/puppet/modules/rsyslog/spec/defines/rsyslog_imfile_spec.rb b/puppet/modules/rsyslog/spec/defines/rsyslog_imfile_spec.rb new file mode 100644 index 00000000..1c505eb7 --- /dev/null +++ b/puppet/modules/rsyslog/spec/defines/rsyslog_imfile_spec.rb @@ -0,0 +1,169 @@ +require 'spec_helper' + +describe 'rsyslog::imfile', :type => :define do + + context "Rsyslog version >= 8" do + let(:default_facts) do + { + :rsyslog_version => '8.1.2' + } + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + let (:params) { + { + 'file_name' => 'mylogfile', + 'file_tag' => 'mytag', + 'file_facility' => 'myfacility', + } + } + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-imfile-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/rsyslog-imfile-basic.conf') + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + let (:params) { + { + 'file_name' => 'mylogfile', + 'file_tag' => 'mytag', + 'file_facility' => 'myfacility', + } + } + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-imfile-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/rsyslog-imfile-basic.conf') + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + let (:params) { + { + 'file_name' => 'mylogfile', + 'file_tag' => 'mytag', + 'file_facility' => 'myfacility', + } + } + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-imfile-basic' } + + it 'should compile' do + should contain_file('/etc/syslog.d/rsyslog-imfile-basic.conf') + end + end + end + end + + context "Rsyslog version =< 8" do + let(:default_facts) do + { + :rsyslog_version => '7.1.2' + } + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemmajrelease => 6, + }) + end + + let (:params) { + { + 'file_name' => 'mylogfile', + 'file_tag' => 'mytag', + 'file_facility' => 'myfacility', + } + } + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-imfile-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/rsyslog-imfile-basic.conf') + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + let (:params) { + { + 'file_name' => 'mylogfile', + 'file_tag' => 'mytag', + 'file_facility' => 'myfacility', + } + } + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-imfile-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/rsyslog-imfile-basic.conf') + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + let (:params) { + { + 'file_name' => 'mylogfile', + 'file_tag' => 'mytag', + 'file_facility' => 'myfacility', + } + } + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-imfile-basic' } + + it 'should compile' do + should contain_file('/etc/syslog.d/rsyslog-imfile-basic.conf') + end + end + end + end + +end diff --git a/puppet/modules/rsyslog/spec/defines/rsyslog_snippet_spec.rb b/puppet/modules/rsyslog/spec/defines/rsyslog_snippet_spec.rb new file mode 100644 index 00000000..6cc68839 --- /dev/null +++ b/puppet/modules/rsyslog/spec/defines/rsyslog_snippet_spec.rb @@ -0,0 +1,157 @@ +require 'spec_helper' + +describe 'rsyslog::snippet', :type => :define do + + context "Rsyslog version >= 8" do + let(:default_facts) do + { + :rsyslog_version => '8.1.2' + } + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'Redhat', + :operatingsystemmajrelease => 6, + }) + end + + let (:params) { + { + 'content' => 'Random Content', + } + } + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-snippet-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/rsyslog-snippet-basic.conf').with_content("# This file is managed by Puppet, changes may be overwritten\nRandom Content\n") + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + let (:params) { + { + 'content' => 'Random Content', + } + } + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-snippet-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/rsyslog-snippet-basic.conf').with_content("# This file is managed by Puppet, changes may be overwritten\nRandom Content\n") + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + let (:params) { + { + 'content' => 'Random Content', + } + } + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-snippet-basic' } + + it 'should compile' do + should contain_file('/etc/syslog.d/rsyslog-snippet-basic.conf').with_content("# This file is managed by Puppet, changes may be overwritten\nRandom Content\n") + end + end + end + end + + context "Rsyslog version =< 8" do + let(:default_facts) do + { + :rsyslog_version => '7.1.2' + } + end + + context "osfamily = RedHat" do + let :facts do + default_facts.merge!({ + :osfamily => 'RedHat', + :operatingsystem => 'Redhat', + :operatingsystemmajrelease => 6, + }) + end + + let (:params) { + { + 'content' => 'Random Content', + } + } + + context "default usage (osfamily = RedHat)" do + let(:title) { 'rsyslog-snippet-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/rsyslog-snippet-basic.conf').with_content("# This file is managed by Puppet, changes may be overwritten\nRandom Content\n") + end + end + end + + context "osfamily = Debian" do + let :facts do + default_facts.merge!({ + :osfamily => 'Debian', + }) + end + + let (:params) { + { + 'content' => 'Random Content', + } + } + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-snippet-basic' } + + it 'should compile' do + should contain_file('/etc/rsyslog.d/rsyslog-snippet-basic.conf').with_content("# This file is managed by Puppet, changes may be overwritten\nRandom Content\n") + end + end + end + + context "osfamily = FreeBSD" do + let :facts do + default_facts.merge!({ + :osfamily => 'freebsd', + }) + end + + let (:params) { + { + 'content' => 'Random Content', + } + } + + context "default usage (osfamily = Debian)" do + let(:title) { 'rsyslog-snippet-basic' } + + it 'should compile' do + should contain_file('/etc/syslog.d/rsyslog-snippet-basic.conf').with_content("# This file is managed by Puppet, changes may be overwritten\nRandom Content\n") + end + end + end + end + +end diff --git a/puppet/modules/rsyslog/spec/spec.opts b/puppet/modules/rsyslog/spec/spec.opts new file mode 100644 index 00000000..91cd6427 --- /dev/null +++ b/puppet/modules/rsyslog/spec/spec.opts @@ -0,0 +1,6 @@ +--format +s +--colour +--loadby +mtime +--backtrace diff --git a/puppet/modules/rsyslog/spec/spec_helper.rb b/puppet/modules/rsyslog/spec/spec_helper.rb new file mode 100644 index 00000000..12bb0b7f --- /dev/null +++ b/puppet/modules/rsyslog/spec/spec_helper.rb @@ -0,0 +1,28 @@ +require 'puppetlabs_spec_helper/module_spec_helper' + +RSpec.configure do |c| + c.mock_with :rspec do |mock| + mock.syntax = [:expect, :should] + end + c.include PuppetlabsSpec::Files + + c.before :each do + # Ensure that we don't accidentally cache facts and environment + # between test cases. + Facter::Util::Loader.any_instance.stubs(:load_all) + Facter.clear + Facter.clear_messages + + # Store any environment variables away to be restored later + @old_env = {} + ENV.each_key {|k| @old_env[k] = ENV[k]} + + if Gem::Version.new(`puppet --version`) >= Gem::Version.new('3.5') + Puppet.settings[:strict_variables]=true + end + end + + c.after :each do + PuppetlabsSpec::Files.cleanup + end +end diff --git a/puppet/modules/rsyslog/templates/client.conf.erb b/puppet/modules/rsyslog/templates/client.conf.erb new file mode 100644 index 00000000..c05ae797 --- /dev/null +++ b/puppet/modules/rsyslog/templates/client.conf.erb @@ -0,0 +1,180 @@ + +# An "In-Memory Queue" is created for remote logging. +$WorkDirectory <%= scope.lookupvar('rsyslog::spool_dir') -%> # where to place spool files +$ActionQueueFileName queue # unique name prefix for spool files +$ActionQueueMaxDiskSpace <%= scope.lookupvar('rsyslog::client::spool_size') -%> # spool space limit (use as much as possible) +$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +$ActionQueueType LinkedList # run asynchronously +$ActionResumeRetryCount -1 # infinety retries if host is down +<% if scope.lookupvar('rsyslog::client::log_templates') and ! scope.lookupvar('rsyslog::client::log_templates').empty?-%> + +# Define custom logging templates +<% scope.lookupvar('rsyslog::client::log_templates').flatten.compact.each do |log_template| -%> +$template <%= log_template['name'] %>,"<%= log_template['template'] %>" +<% end -%> +<% end -%> +<% if scope.lookupvar('rsyslog::client::actionfiletemplate') -%> + +# Using specified format for default logging format: +$ActionFileDefaultTemplate <%= scope.lookupvar('rsyslog::client::actionfiletemplate') %> +<% else -%> + +#Using default format for default logging format: +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat +<% end -%> +<% if scope.lookupvar('rsyslog::client::ssl') -%> + +# Setup SSL connection. +# CA/Cert +$DefaultNetStreamDriverCAFile <%= scope.lookupvar('rsyslog::client::ssl_ca') %> + +# Connection settings. +$DefaultNetstreamDriver gtls +$ActionSendStreamDriverMode 1 +$ActionSendStreamDriverAuthMode anon +<% end -%> +<% if scope.lookupvar('rsyslog::client::remote_servers') -%> + +<% scope.lookupvar('rsyslog::client::remote_servers').flatten.compact.each do |server| -%> +<% if server['pattern'] and server['pattern'] != ''-%> +<% pattern = server['pattern'] -%> +<% else -%> +<% pattern = '*.*' -%> +<% end -%> +<% if server['protocol'] == 'TCP' or server['protocol'] == 'tcp'-%> +<% protocol = '@@' -%> +<% protocol_type = 'TCP' -%> +<% else -%> +<% protocol = '@' -%> +<% protocol_type = 'UDP' -%> +<% end -%> +<% if server['host'] and server['host'] != ''-%> +<% host = server['host'] -%> +<% else -%> +<% host = 'localhost' -%> +<% end -%> +<% if server['port'] and server['port'] != ''-%> +<% port = server['port'] -%> +<% else -%> +<% port = '514' -%> +<% end -%> +<% if server['format'] -%> +<% format = ";#{server['format']}" -%> +<% format_type = server['format'] -%> +<% else -%> +<% format = '' -%> +<% format_type = 'the default' -%> +<% end -%> +# Sending logs that match <%= pattern %> to <%= host %> via <%= protocol_type %> on <%= port %> using <%=format_type %> format. +<%= pattern %> <%= protocol %><%= host %>:<%= port %><%= format %> +<% end -%> +<% elsif scope.lookupvar('rsyslog::client::log_remote') -%> + +# Log to remote syslog server using <%= scope.lookupvar('rsyslog::client::remote_type') %> +<% if scope.lookupvar('rsyslog::client::remote_type') == 'tcp' -%> +*.* @@<%= scope.lookupvar('rsyslog::client::server') -%>:<%= scope.lookupvar('rsyslog::client::port') -%>;<%= scope.lookupvar('remote_forward_format') -%> +<% else -%> +*.* @<%= scope.lookupvar('rsyslog::client::server') -%>:<%= scope.lookupvar('rsyslog::client::port') -%>;<%= scope.lookupvar('remote_forward_format') -%> +<% end -%> +<% end -%> +<% if scope.lookupvar('rsyslog::client::log_auth_local') or scope.lookupvar('rsyslog::client::log_local') -%> + +# Logging locally. + +<% if scope.lookupvar('rsyslog::log_style') == 'debian' -%> +# Log auth messages locally +auth,authpriv.* /var/log/auth.log +<% elsif scope.lookupvar('rsyslog::log_style') == 'redhat' -%> +# Log auth messages locally +auth,authpriv.* /var/log/secure +<% end -%> +<% end -%> +<% if scope.lookupvar('rsyslog::client::log_local') -%> +<% if scope.lookupvar('rsyslog::log_style') == 'debian' -%> +# First some standard log files. Log by facility. +# +*.*;auth,authpriv.none -/var/log/syslog +cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +#lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Logging for INN news system. +# +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice -/var/log/news/news.notice + +# +# Some "catch-all" log files. +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# I like to have messages displayed on the console, but only on a virtual +# console I usually leave idle. +# +#daemon,mail.*;\ +# news.=crit;news.=err;news.=notice;\ +# *.=debug;*.=info;\ +# *.=notice;*.=warn /dev/tty8 + +# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, +# you must invoke `xconsole' with the `-file' option: +# +# $ xconsole -file /dev/xconsole [...] +# +# NOTE: adjust the list below, or you'll go crazy if you have a reasonably +# busy site.. +# +daemon.*;mail.*;\ + news.err;\ + *.=debug;*.=info;\ + *.=notice;*.=warn |/dev/xconsole +<% elsif scope.lookupvar('rsyslog::log_style') == 'redhat' -%> +# Log all kernel messages to the console. +# Logging much else clutters up the screen. +#kern.* /dev/console + +# Log anything (except mail) of level info or higher. +# Don't log private authentication messages! +*.info;mail.none;authpriv.none;cron.none /var/log/messages + +# Log all the mail messages in one place. +mail.* -/var/log/maillog + + +# Log cron stuff +cron.* /var/log/cron + +# Everybody gets emergency messages +<% if @rsyslog_version and @rsyslog_version.split('.')[0].to_i >= 8 -%> +*.emerg :omusrmsg:* +<% else -%> +*.emerg * +<% end -%> + +# Save news errors of level crit and higher in a special file. +uucp,news.crit -/var/log/spooler + +# Save boot messages also to boot.log +local7.* -/var/log/boot.log +<% end -%> +<% end -%> diff --git a/puppet/modules/rsyslog/templates/database.conf.erb b/puppet/modules/rsyslog/templates/database.conf.erb new file mode 100644 index 00000000..3934d6cf --- /dev/null +++ b/puppet/modules/rsyslog/templates/database.conf.erb @@ -0,0 +1,6 @@ +# File is managed by Puppet + +## Configuration file for rsyslog-<%= @backend %> + +$ModLoad <%= @db_module %> +*.* :<%= @db_module -%>:<%= @server -%>,<%= @database -%>,<%= @username -%>,<%= @password %> diff --git a/puppet/modules/rsyslog/templates/imfile.erb b/puppet/modules/rsyslog/templates/imfile.erb new file mode 100644 index 00000000..4a11c728 --- /dev/null +++ b/puppet/modules/rsyslog/templates/imfile.erb @@ -0,0 +1,15 @@ +<% if @extra_modules.empty?() or !@extra_modules.include?('imfile') -%> +$ModLoad imfile +<% end -%> + + +$InputFileName <%= @file_name %> +$InputFileTag <%= @file_tag %> +$InputFileStateFile state-<%= @name %> +$InputFileSeverity <%= @file_severity %> +$InputFileFacility <%= @file_facility %> +$InputFilePollInterval <%= @polling_interval %> +$InputFilePersistStateInterval <%= @persist_state_interval %> +<% if @run_file_monitor == true -%> +$InputRunFileMonitor +<% end -%> diff --git a/puppet/modules/rsyslog/templates/modload.erb b/puppet/modules/rsyslog/templates/modload.erb new file mode 100644 index 00000000..a14a612a --- /dev/null +++ b/puppet/modules/rsyslog/templates/modload.erb @@ -0,0 +1,3 @@ +<% @extra_modules.each do |mod| -%> +$ModLoad <%= mod %> +<% end -%> diff --git a/puppet/modules/rsyslog/templates/rsyslog.conf.erb b/puppet/modules/rsyslog/templates/rsyslog.conf.erb new file mode 100644 index 00000000..406aa49c --- /dev/null +++ b/puppet/modules/rsyslog/templates/rsyslog.conf.erb @@ -0,0 +1,49 @@ +# file is managed by puppet + +################# +#### MODULES #### +################# + +<% scope.lookupvar('rsyslog::modules').each do |module_row| -%> +<%= module_row %> +<% end -%> + +########################### +#### GLOBAL DIRECTIVES #### +########################### +# +# Set max message size for sending and receiving +# +$MaxMessageSize <%= scope.lookupvar('rsyslog::max_message_size') %> + +# +# Set the default permissions for all log files. +# +<% if scope.lookupvar('rsyslog::preserve_fqdn') -%> +$PreserveFQDN on +<% end -%> +$FileOwner <%= scope.lookupvar('rsyslog::log_user') %> +$FileGroup <%= scope.lookupvar('rsyslog::log_group') %> +$FileCreateMode <%= scope.lookupvar('rsyslog::perm_file') %> +$DirOwner <%= scope.lookupvar('rsyslog::log_user') %> +$DirGroup <%= scope.lookupvar('rsyslog::log_group') %> +$DirCreateMode <%= scope.lookupvar('rsyslog::perm_dir') %> +$PrivDropToUser <%= scope.lookupvar('rsyslog::run_user') %> +$PrivDropToGroup <%= scope.lookupvar('rsyslog::run_group') %> +<% if scope.lookupvar('rsyslog::umask') -%> +$Umask <%= scope.lookupvar('rsyslog::umask') %> +<% end -%> + +# +# Include all config files in <%= scope.lookupvar('rsyslog::rsyslog_d') %> +# +$IncludeConfig <%= scope.lookupvar('rsyslog::rsyslog_d') -%>*.conf + +# +# Emergencies are sent to everybody logged in. +# +<% if @rsyslog_version and @rsyslog_version.split('.')[0].to_i >= 8 -%> +*.emerg :omusrmsg:* +<% else -%> +*.emerg * +<% end -%> diff --git a/puppet/modules/rsyslog/templates/rsyslog_default.erb b/puppet/modules/rsyslog/templates/rsyslog_default.erb new file mode 100644 index 00000000..a49eb59e --- /dev/null +++ b/puppet/modules/rsyslog/templates/rsyslog_default.erb @@ -0,0 +1,9 @@ +# File is managed by puppet + +<% if @rsyslog_version and @rsyslog_version.split('.')[0].to_i < 7 -%> +# Debian, Ubuntu +RSYSLOGD_OPTIONS="-c4" +<% end -%> + +# CentOS, RedHat, Fedora +SYSLOGD_OPTIONS="${RSYSLOGD_OPTIONS}" diff --git a/puppet/modules/rsyslog/templates/rsyslog_default_gentoo.erb b/puppet/modules/rsyslog/templates/rsyslog_default_gentoo.erb new file mode 100644 index 00000000..f5de7b58 --- /dev/null +++ b/puppet/modules/rsyslog/templates/rsyslog_default_gentoo.erb @@ -0,0 +1,16 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/rsyslog/files/7-stable/rsyslog.confd,v 1.1 2012/11/20 13:03:36 ultrabug Exp $ + +# Configuration file +CONFIGFILE="/etc/rsyslog.conf" + +# PID file +PIDFILE="/var/run/rsyslogd.pid" + +# Options to rsyslogd +# See rsyslogd(8) for more details +# Notes: +# * Do not specify another PIDFILE but use the variable above to change the location +# * Do not specify another CONFIGFILE but use the variable above to change the location +RSYSLOG_OPTS="" diff --git a/puppet/modules/rsyslog/templates/rsyslog_default_rhel7.erb b/puppet/modules/rsyslog/templates/rsyslog_default_rhel7.erb new file mode 100644 index 00000000..c3b95c7f --- /dev/null +++ b/puppet/modules/rsyslog/templates/rsyslog_default_rhel7.erb @@ -0,0 +1,2 @@ +# File is managed by puppet +SYSLOGD_OPTIONS="" diff --git a/puppet/modules/rsyslog/templates/server-default.conf.erb b/puppet/modules/rsyslog/templates/server-default.conf.erb new file mode 100644 index 00000000..0c7f67fe --- /dev/null +++ b/puppet/modules/rsyslog/templates/server-default.conf.erb @@ -0,0 +1,42 @@ +# File is managed by puppet + +<% # Common header across all templates -%> +<%= scope.function_template(['rsyslog/server/_default-header.conf.erb']) %> + +# Log files are stored in directories matching the short hostname, excluding numbers +# i.e. web01 web02 and web03 will all log to a the web directory +<% if scope.lookupvar('rsyslog::server::enable_onefile') == false -%> + +# Templates +$Template dynAuthLog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>auth.log" +$Template dynSyslog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>syslog" +$Template dynCronLog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>cron.log" +$Template dynDaemonLog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>daemon.log" +$Template dynKernLog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>kern.log" +$Template dynUserLog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>user.log" +$Template dynMailLog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>mail.log" +$Template dynDebug,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>debug" +$Template dynMessages,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>messages" + +# Rules +auth,authpriv.* ?dynAuthLog +*.*;auth,authpriv.none,mail.none,cron.none -?dynSyslog +cron.* ?dynCronLog +daemon.* -?dynDaemonLog +kern.* -?dynKernLog +mail.* -?dynMailLog +user.* -?dynUserLog +*.=info;*.=notice;*.=warn;\ + auth.none,authpriv.none;\ + cron.none,daemon.none;\ + mail.none,news.none -?dynMessages +<% else -%> +# Template +$Template dynAllMessages,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>messages" + +# Rules +*.* -?dynAllMessages +<% end -%> + +<% # Common footer across all templates -%> +<%= scope.function_template(['rsyslog/server/_default-footer.conf.erb']) %> diff --git a/puppet/modules/rsyslog/templates/server-hostname.conf.erb b/puppet/modules/rsyslog/templates/server-hostname.conf.erb new file mode 100644 index 00000000..67158d95 --- /dev/null +++ b/puppet/modules/rsyslog/templates/server-hostname.conf.erb @@ -0,0 +1,41 @@ +# File is managed by puppet + +<% # Common header across all templates -%> +<%= scope.function_template(['rsyslog/server/_default-header.conf.erb']) %> + +# Log files are stored in directories matching the hostname +<% if scope.lookupvar('rsyslog::server::enable_onefile') == false -%> + +# Templates +$Template dynAuthLog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%hostname%<%= scope.lookupvar('rsyslog::server::logpath') -%>auth.log" +$Template dynSyslog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%hostname%<%= scope.lookupvar('rsyslog::server::logpath') -%>syslog" +$Template dynCronLog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%hostname%<%= scope.lookupvar('rsyslog::server::logpath') -%>cron.log" +$Template dynDaemonLog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%hostname%<%= scope.lookupvar('rsyslog::server::logpath') -%>daemon.log" +$Template dynKernLog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%hostname%<%= scope.lookupvar('rsyslog::server::logpath') -%>kern.log" +$Template dynUserLog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%hostname%<%= scope.lookupvar('rsyslog::server::logpath') -%>user.log" +$Template dynMailLog,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%hostname%<%= scope.lookupvar('rsyslog::server::logpath') -%>mail.log" +$Template dynDebug,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%hostname%<%= scope.lookupvar('rsyslog::server::logpath') -%>debug" +$Template dynMessages,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%hostname%<%= scope.lookupvar('rsyslog::server::logpath') -%>messages" + +# Rules +auth,authpriv.* ?dynAuthLog +*.*;auth,authpriv.none,mail.none,cron.none -?dynSyslog +cron.* ?dynCronLog +daemon.* -?dynDaemonLog +kern.* -?dynKernLog +mail.* -?dynMailLog +user.* -?dynUserLog +*.=info;*.=notice;*.=warn;\ + auth.none,authpriv.none;\ + cron.none,daemon.none;\ + mail.none,news.none -?dynMessages +<% else -%> +# Template +$Template dynAllMessages,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%hostname%<%= scope.lookupvar('rsyslog::server::logpath') -%>messages" + +# Rules +*.* -?dynAllMessages +<% end -%> + +<% # Common footer across all templates -%> +<%= scope.function_template(['rsyslog/server/_default-footer.conf.erb']) %> diff --git a/puppet/modules/rsyslog/templates/server/_default-footer.conf.erb b/puppet/modules/rsyslog/templates/server/_default-footer.conf.erb new file mode 100644 index 00000000..d8bd00ad --- /dev/null +++ b/puppet/modules/rsyslog/templates/server/_default-footer.conf.erb @@ -0,0 +1,13 @@ + +# Switch back to default ruleset +$RuleSet RSYSLOG_DefaultRuleset + +<% if scope.lookupvar('rsyslog::server::enable_udp') -%> +$InputUDPServerBindRuleset remote +$UDPServerRun <%= scope.lookupvar('rsyslog::server::port') %> +<% end -%> + +<% if scope.lookupvar('rsyslog::server::enable_tcp') -%> +$InputTCPServerBindRuleset remote +$InputTCPServerRun <%= scope.lookupvar('rsyslog::server::port') %> +<% end -%> diff --git a/puppet/modules/rsyslog/templates/server/_default-header.conf.erb b/puppet/modules/rsyslog/templates/server/_default-header.conf.erb new file mode 100644 index 00000000..4bffa858 --- /dev/null +++ b/puppet/modules/rsyslog/templates/server/_default-header.conf.erb @@ -0,0 +1,36 @@ +<% if scope.lookupvar('rsyslog::server::enable_udp') -%> +# Load UDP module +$ModLoad imudp +<% end -%> + +<% if scope.lookupvar('rsyslog::server::enable_tcp') -%> +# Load TCP module +$ModLoad imtcp +<% end -%> + +# +<% if scope.lookupvar('rsyslog::server::high_precision_timestamps') == false -%> +# Use traditional timestamp format. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat +<% else -%> +# Use high precision timestamp format. +# +$ActionFileDefaultTemplate RSYSLOG_FileFormat +<% end -%> + +<% if scope.lookupvar('rsyslog::server::ssl') -%> +# Server side SSL. +$DefaultNetstreamDriver gtls + +# Cert files. +$DefaultNetstreamDriverCAFile <%= scope.lookupvar('rsyslog::server::ssl_ca') %> +$DefaultNetstreamDriverCertFile <%= scope.lookupvar('rsyslog::server::ssl_cert') %> +$DefaultNetstreamDriverKeyFile <%= scope.lookupvar('rsyslog::server::ssl_key') %> + +$InputTCPServerStreamDriverMode 1 +$InputTCPServerStreamDriverAuthMode anon +<% end -%> + +# Switch to remote ruleset +$RuleSet remote diff --git a/puppet/modules/rsyslog/tests/database.pp b/puppet/modules/rsyslog/tests/database.pp new file mode 100644 index 00000000..269be696 --- /dev/null +++ b/puppet/modules/rsyslog/tests/database.pp @@ -0,0 +1,9 @@ +include rsyslog + +class { 'rsyslog::database': + backend => 'mysql', + server => 'localhost', + database => 'Syslog', + username => 'rsyslog', + password => 'secret', +} diff --git a/puppet/modules/rsyslog/tests/init.pp b/puppet/modules/rsyslog/tests/init.pp new file mode 100644 index 00000000..7fc50c8b --- /dev/null +++ b/puppet/modules/rsyslog/tests/init.pp @@ -0,0 +1 @@ +include rsyslog diff --git a/puppet/modules/rsyslog/tests/log_templates.pp b/puppet/modules/rsyslog/tests/log_templates.pp new file mode 100644 index 00000000..a6bf75b7 --- /dev/null +++ b/puppet/modules/rsyslog/tests/log_templates.pp @@ -0,0 +1,9 @@ +class { 'rsyslog::client': + log_templates => [ + { + name => 'RFC3164fmt', + template => '<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%', + }, + ], + actionfiletemplate => 'RFC3164fmt', +} diff --git a/puppet/modules/rsyslog/tests/multiple_hosts.pp b/puppet/modules/rsyslog/tests/multiple_hosts.pp new file mode 100644 index 00000000..9e5a60ed --- /dev/null +++ b/puppet/modules/rsyslog/tests/multiple_hosts.pp @@ -0,0 +1,17 @@ +class { 'rsyslog::client': + remote_servers => [ + { + host => 'logs.example.org', + }, + { + port => '55514', + }, + { + host => 'logs.somewhere.com', + port => '555', + pattern => '*.log', + protocol => 'tcp', + format => 'RFC3164fmt', + }, + ] +} -- cgit v1.2.3