From 7169708aa0f1077e2e0a87b18b88f8bc0c877e16 Mon Sep 17 00:00:00 2001 From: VC Date: Sat, 21 Dec 2019 13:52:50 +0100 Subject: [PATCH] Ajout du syslog un peu partout --- production/hosts | 3 +++ roles/nginx/tasks/main.yml | 6 ------ roles/nginx/templates/header.conf.j2 | 2 ++ roles/nginx/templates/nginx.conf.j2 | 2 ++ .../templates/vhosts/mm.pipoworld.fr.conf.j2 | 2 ++ roles/nginx/templates/vhosts/r.mateu.be.conf.j2 | 2 ++ .../templates/vhosts/www.intendo.fr.conf.j2 | 2 ++ .../templates/vhosts/www.nintendojo.fr.conf.j2 | 2 ++ .../templates/vhosts/z.libertus.eu.conf.j2 | 2 ++ roles/rsyslog/files/remote.conf | 1 + roles/rsyslog/files/sys.conf | 11 +++++++++++ roles/rsyslog/handlers/main.yml | 4 ++++ roles/rsyslog/tasks/main.yml | 17 +++++++++++++++++ site.yml | 1 + syslog.yml | 3 +++ 15 files changed, 54 insertions(+), 6 deletions(-) create mode 100644 roles/rsyslog/files/remote.conf create mode 100644 roles/rsyslog/files/sys.conf create mode 100644 roles/rsyslog/handlers/main.yml create mode 100644 roles/rsyslog/tasks/main.yml create mode 100644 syslog.yml diff --git a/production/hosts b/production/hosts index 7815756..f22153c 100644 --- a/production/hosts +++ b/production/hosts @@ -78,3 +78,6 @@ voice1.dmz.mateu.be [icecastservers] voice3.dmz.mateu.be + +[rsyslogservers] +syslog.dmz.mateu.be diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 81b9dd8..846422a 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -8,12 +8,6 @@ args: creates: /etc/nginx/dhparam.pem -- name: service nginx - service: - name: nginx - enabled: True - state: started - - name: put configuration files template: src: "{{ item.src }}" diff --git a/roles/nginx/templates/header.conf.j2 b/roles/nginx/templates/header.conf.j2 index 3483e7b..ec5f855 100644 --- a/roles/nginx/templates/header.conf.j2 +++ b/roles/nginx/templates/header.conf.j2 @@ -5,4 +5,6 @@ ssl_certificate_key /etc/x509/{{ item }}/{{ item }}.key; server_name {{ item }}; access_log /var/log/nginx/{{ item }}.access.log combined_port; + access_log syslog:server=unix:/dev/log combined_port; error_log /var/log/nginx/{{ item }}.error.log; + error_log syslog:server=unix:/dev/log; diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 index 335dcf4..fa12fcc 100644 --- a/roles/nginx/templates/nginx.conf.j2 +++ b/roles/nginx/templates/nginx.conf.j2 @@ -39,7 +39,9 @@ http { '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; access_log /var/log/nginx/access.log combined_port; + access_log syslog:server=unix:/dev/log combined_port; error_log /var/log/nginx/error.log; + error_log syslog:server=unix:/dev/log; ## # Gzip Settings diff --git a/roles/nginx/templates/vhosts/mm.pipoworld.fr.conf.j2 b/roles/nginx/templates/vhosts/mm.pipoworld.fr.conf.j2 index 914bd51..17549e2 100644 --- a/roles/nginx/templates/vhosts/mm.pipoworld.fr.conf.j2 +++ b/roles/nginx/templates/vhosts/mm.pipoworld.fr.conf.j2 @@ -5,7 +5,9 @@ server { ssl_certificate_key /etc/x509/mm.pipoworld.fr/mm.pipoworld.fr.key; server_name mm.pipoworld.fr mm.nintendojo.fr; access_log /var/log/nginx/mm.pipoworld.fr.access.log combined_port; + access_log syslog:server=unix:/dev/log combined_port; error_log /var/log/nginx/mm.pipoworld.fr.error.log; + error_log syslog:server=unix:/dev/log; location = / { rewrite ^ /cgi-bin/mailman/listinfo permanent; diff --git a/roles/nginx/templates/vhosts/r.mateu.be.conf.j2 b/roles/nginx/templates/vhosts/r.mateu.be.conf.j2 index 1c7ef71..7932106 100644 --- a/roles/nginx/templates/vhosts/r.mateu.be.conf.j2 +++ b/roles/nginx/templates/vhosts/r.mateu.be.conf.j2 @@ -4,7 +4,9 @@ server { server_name r.mateu.be perso.nintendojo.fr perso.libertus.eu; access_log /var/log/nginx/r.mateu.be.access.log combined_port; + access_log syslog:server=unix:/dev/log combined_port; error_log /var/log/nginx/r.mateu.be.error.log; + error_log syslog:server=unix:/dev/log; ssl_certificate /etc/x509/r.mateu.be/fullchain.cer; ssl_certificate_key /etc/x509/r.mateu.be/r.mateu.be.key; diff --git a/roles/nginx/templates/vhosts/www.intendo.fr.conf.j2 b/roles/nginx/templates/vhosts/www.intendo.fr.conf.j2 index 58aa829..8fd39d2 100644 --- a/roles/nginx/templates/vhosts/www.intendo.fr.conf.j2 +++ b/roles/nginx/templates/vhosts/www.intendo.fr.conf.j2 @@ -5,7 +5,9 @@ server { ssl_certificate_key /etc/x509/intendo.fr/intendo.fr.key; server_name intendo.fr www.intendo.fr; access_log /var/log/intendo.fr.access.log combined_port; + access_log syslog:server=unix:/dev/log combined_port; error_log /var/log/intendo.fr.error.log; + error_log syslog:server=unix:/dev/log; location / { return 302 https://www.nintendojo.fr$request_uri; diff --git a/roles/nginx/templates/vhosts/www.nintendojo.fr.conf.j2 b/roles/nginx/templates/vhosts/www.nintendojo.fr.conf.j2 index 7c52487..5405822 100644 --- a/roles/nginx/templates/vhosts/www.nintendojo.fr.conf.j2 +++ b/roles/nginx/templates/vhosts/www.nintendojo.fr.conf.j2 @@ -4,7 +4,9 @@ server { listen [::]:443 ssl http2; server_name nintendojo.fr www.nintendojo.fr; access_log /var/log/nginx/nintendojo.fr.access.log combined_port; + access_log syslog:server=unix:/dev/log combined_port; error_log /var/log/nginx/nintendojo.fr.error.log; + error_log syslog:server=unix:/dev/log; ssl_certificate /etc/x509/www.nintendojo.fr/fullchain.cer; ssl_certificate_key /etc/x509/www.nintendojo.fr/www.nintendojo.fr.key; diff --git a/roles/nginx/templates/vhosts/z.libertus.eu.conf.j2 b/roles/nginx/templates/vhosts/z.libertus.eu.conf.j2 index e7fe259..f815475 100644 --- a/roles/nginx/templates/vhosts/z.libertus.eu.conf.j2 +++ b/roles/nginx/templates/vhosts/z.libertus.eu.conf.j2 @@ -4,7 +4,9 @@ server { server_name z.libertus.eu autodiscover.libertus.eu; access_log /var/log/nginx/z.libertus.eu.access.log combined_port; + access_log syslog:server=unix:/dev/log combined_port; error_log /var/log/nginx/z.libertus.eu.error.log; + error_log syslog:server=unix:/dev/log; ssl_certificate /etc/x509/z.libertus.eu/fullchain.cer; ssl_certificate_key /etc/x509/z.libertus.eu/z.libertus.eu.key; diff --git a/roles/rsyslog/files/remote.conf b/roles/rsyslog/files/remote.conf new file mode 100644 index 0000000..1c89ef5 --- /dev/null +++ b/roles/rsyslog/files/remote.conf @@ -0,0 +1 @@ +*.* @syslog.dmz.mateu.be diff --git a/roles/rsyslog/files/sys.conf b/roles/rsyslog/files/sys.conf new file mode 100644 index 0000000..684467c --- /dev/null +++ b/roles/rsyslog/files/sys.conf @@ -0,0 +1,11 @@ +template(name="RemoteHost" type="string" string="/srv/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.log") + +## Loads UDP +module(load="imudp" port="514") + +ruleset(name="remote") { + action(type="omfile" DynaFile="RemoteHost") +} + +input(type="imudp" port="514" ruleset="remote") + diff --git a/roles/rsyslog/handlers/main.yml b/roles/rsyslog/handlers/main.yml new file mode 100644 index 0000000..ff67619 --- /dev/null +++ b/roles/rsyslog/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart rsyslog + service: + name: rsyslog + state: restarted diff --git a/roles/rsyslog/tasks/main.yml b/roles/rsyslog/tasks/main.yml new file mode 100644 index 0000000..14fb3ae --- /dev/null +++ b/roles/rsyslog/tasks/main.yml @@ -0,0 +1,17 @@ +- name: install rsyslog + package: + name: rsyslog + state: present + +- name: put log concentration file + copy: + src: files/sys.conf + dest: /etc/rsyslog.d/sys.conf + notify: restart rsyslog + when: "'rsyslogservers' in group_names" + +- name: put rsyslog config file + copy: + src: files/remote.conf + dest: /etc/rsyslog.d/remote.conf + notify: restart rsyslog diff --git a/site.yml b/site.yml index 2734553..dc8e10e 100644 --- a/site.yml +++ b/site.yml @@ -3,6 +3,7 @@ - import_playbook: smtprelay.yml - import_playbook: borgbackup.yml - import_playbook: nut.yml +- import_playbook: syslog.yml - import_playbook: firewall.yml - import_playbook: mail.yml - import_playbook: xmpp.yml diff --git a/syslog.yml b/syslog.yml new file mode 100644 index 0000000..47f6c94 --- /dev/null +++ b/syslog.yml @@ -0,0 +1,3 @@ +- hosts: all:!baybay-ponay.mateu.be:!machinbox.mateu.be + roles: + - rsyslog