commit 0c58302da55edc4061d75ce8e5136e7981c96f6d Author: Simon Cornet Date: Tue May 6 10:58:34 2025 +0200 feat: initial commit diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..9b9b52a --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,23 @@ +--- + +exclude_paths: + - ".gitlab/*" + - ".gitlab-ci.yml" + - "defaults/main.yaml" + - "meta/main.yaml" + - "vars/*" + +kinds: + - playbook: "**/*.{yml,yaml}" + +skip_list: + - "command-shell" + - "experimental" + - "git-latest" + - "no-changed-when" + - "no-handler" + - "name[casing]" + - "name[template]" + - "risky-file-permissions" + - "schema[playbook]" + - "var-naming[no-role-prefix]" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..904cae8 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.ansible diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..5d82fc7 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,16 @@ +--- + +# gitLab ci stages +stages: + + # deployment + - "linting" + - "deployment" + + +# include jobs +include: + + # deployment + - local: ".gitlab/linting.yaml" + - local: ".gitlab/deployment.yaml" diff --git a/.gitlab/deployment.yaml b/.gitlab/deployment.yaml new file mode 100644 index 0000000..040754b --- /dev/null +++ b/.gitlab/deployment.yaml @@ -0,0 +1,31 @@ +--- +# deploy ansible/roles/common code +deployment: + stage: "deployment" + image: + name: "cr.simoncor.net/siempie/ssh-client:latest" + entrypoint: ["/bin/sh", "-c"] + rules: + + # run only on push to default branch + - if: + '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == + $CI_DEFAULT_BRANCH' + - when: "never" + + # prepare ssh + before_script: + # prepare ssh + - | + # prepare ssh + mkdir -p ~/.ssh + chmod 700 ~/.ssh + echo "$SSH_CONFIG" > ~/.ssh/config + echo "$SSH_DEPLOYMENT_KEY" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + + # deployment commands + script: + - | + # install ansible roles dependancies + ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER "sudo /usr/local/bin/ansible-galaxy install -r /etc/ansible/roles/requirements.yaml --force" diff --git a/.gitlab/linting.yaml b/.gitlab/linting.yaml new file mode 100644 index 0000000..01b8aa3 --- /dev/null +++ b/.gitlab/linting.yaml @@ -0,0 +1,17 @@ +--- + +# linting +linting: + stage: "linting" + image: + name: "cr.simoncor.net/siempie/ansible-deployment:latest" + entrypoint: ["/bin/sh", "-c"] + rules: + + # run only on push to default branch + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + - when: "never" + + # start linting + script: + - "ansible-lint -c .ansible-lint ." diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..e4db48c --- /dev/null +++ b/.yamllint @@ -0,0 +1,30 @@ +--- +extends: 'default' + +rules: + braces: + max-spaces-inside: 1 + forbid: true + comments: + min-spaces-from-content: 1 + comments-indentation: false + empty-lines: + max: 2 + indentation: + spaces: 2 + check-multi-line-strings: true + line-length: + max: 130 + allow-non-breakable-words: true + allow-non-breakable-inline-mappings: true + new-line-at-end-of-file: 'enable' + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true + truthy: + allowed-values: + - 'true' + - 'false' + quoted-strings: + quote-type: 'any' + required: true diff --git a/defaults/main.yaml b/defaults/main.yaml new file mode 100644 index 0000000..2b7c7c8 --- /dev/null +++ b/defaults/main.yaml @@ -0,0 +1,6 @@ +--- + +# splunk universal forwarder installer deb +splunk_forwarder_deb: + "https://download.splunk.com/products/universalforwarder/releases/9.4.2/\ + linux/splunkforwarder-9.4.2-e9664af3d956-linux-amd64.deb" diff --git a/handlers/main.yaml b/handlers/main.yaml new file mode 100644 index 0000000..9276bb6 --- /dev/null +++ b/handlers/main.yaml @@ -0,0 +1,24 @@ +--- + +# rsyslog +- name: "restart rsyslog" + ansible.builtin.systemd: + name: "rsyslog.service" + state: "restarted" + daemon_reload: true + enabled: true + +# systemd unit file for tmpfs +- name: "var-log-remote-unit" + ansible.builtin.systemd: + name: "var-log-remote.mount" + daemon_reload: true + enabled: true + state: "mounted" + +# splunk uf +- name: "restart splunk" + ansible.builtin.systemd: + name: "SplunkForwarder.service" + state: "restarted" + enabled: true diff --git a/meta/main.yaml b/meta/main.yaml new file mode 100644 index 0000000..6d31fc8 --- /dev/null +++ b/meta/main.yaml @@ -0,0 +1,18 @@ +--- +galaxy_info: + role_name: "log_forwarder" + author: "siempie" + description: "configure a rsyslog forwarder using rsyslog and splunk" + license: "MIT" + min_ansible_version: 2.9 + platforms: + + # debian + - name: "Debian" + versions: + - "bookworm" + + galaxy_tags: + - "log_forwarder" + +dependencies: [] diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..d09472b --- /dev/null +++ b/readme.md @@ -0,0 +1,10 @@ +# Overview +This role configures [Atuin](https://atuin.sh/) server, for reasons. + +# Supported Operating Systems +| Operating System | Version | +| --- | ----- | +| Debian | 12 | + +# Tags +This role has no tags. diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..da8f5e1 --- /dev/null +++ b/renovate.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ "local>cicd/renovate" ], + "ansible": { + "fileMatch": [ "(.*).ya?ml$" ] + } +} diff --git a/tasks/config.yaml b/tasks/config.yaml new file mode 100644 index 0000000..f3d6f6b --- /dev/null +++ b/tasks/config.yaml @@ -0,0 +1,41 @@ +--- + +# configure rsyslog +- name: "config - rsyslog" + ansible.builtin.template: + src: "templates/rsylog/incoming-udp514.conf.j2" + dest: "/etc/rsyslog.d/incoming-udp514.conf" + owner: "root" + group: "root" + mode: "0644" + notify: "restart rsyslog" + +# configure logrotate +- name: "config - logrotate" + ansible.builtin.template: + src: "templates/logrotate/remote-tmpfs.j2" + dest: "/etc/logrotate.d/remote-tmpfs.conf" + owner: "root" + group: "root" + mode: "0644" + notify: "restart rsyslog" + +# configure splunk universal forwarder - input +- name: "config - splunk universal forwarder - input" + ansible.builtin.template: + src: "templates/splunkforwarder/inputs.conf.j2" + dest: "/opt/splunkforwarder/etc/system/local/inputs.conf" + owner: "splunkfwd" + group: "splunkfwd" + mode: "0644" + notify: "restart splunk" + +# configure splunk universal forwarder - outputs +- name: "config - splunk universal forwarder - outputs" + ansible.builtin.template: + src: "templates/splunkforwarder/outputs.conf.j2" + dest: "/opt/splunkforwarder/etc/system/local/outputs.conf" + owner: "splunkfwd" + group: "splunkfwd" + mode: "0644" + notify: "restart splunk" diff --git a/tasks/install.yaml b/tasks/install.yaml new file mode 100644 index 0000000..7fcfd08 --- /dev/null +++ b/tasks/install.yaml @@ -0,0 +1,24 @@ +--- + +# install rsyslog +- name: "install - rsyslog" + ansible.builtin.apt: + name: "rsyslog" + state: "present" + cache_valid_time: "120" + when: 'ansible_os_family == "Debian"' + +# install cronjob for logrotate +- name: "add cron job for logrotate" + ansible.builtin.cron: + name: "logrotate for /var/log/remote" + minute: "*/15" + user: "root" + job: "logrotate -f /etc/logrotate.d/remote-tmpfs" + +# install splunk universal forwarder +- name: "install - package_name" + ansible.builtin.deb: + name: "{{ splunk_forwarder_deb }}" + state: "present" + when: 'ansible_os_family == "Debian"' diff --git a/tasks/main.yaml b/tasks/main.yaml new file mode 100644 index 0000000..8622dea --- /dev/null +++ b/tasks/main.yaml @@ -0,0 +1,13 @@ +--- + +# import install +- name: "install" + ansible.builtin.import_tasks: "install.yaml" + +# import tmpfs +- name: "tmpfs" + ansible.builtin.import_tasks: "tmpfs.yaml" + +# import config +- name: "config" + ansible.builtin.import_tasks: "config.yaml" diff --git a/tasks/tmpfs.yaml b/tasks/tmpfs.yaml new file mode 100644 index 0000000..69ad645 --- /dev/null +++ b/tasks/tmpfs.yaml @@ -0,0 +1,32 @@ +--- + +# create /var/log/remote directory +- name: "create /var/log/remote directory" + ansible.builtin.file: + path: "/var/log/remote" + state: "directory" + mode: "0755" + +# create systemd mount unit +- name: "create systemd mount unit for /var/log/remote" + ansible.builtin.copy: + dest: "/etc/systemd/system/var-log-remote.mount" + content: | + [Unit] + Description=Mount tmpfs to /var/log/remote + Before=local-fs.target + Before=rsyslog.service + DefaultDependencies=no + + [Mount] + What=tmpfs + Where=/var/log/remote + Type=tmpfs + Options=defaults,size=512M + + [Install] + WantedBy=multi-user.target + owner: "root" + group: "root" + mode: "0644" + notify: "var-log-remote-unit" diff --git a/templates/logrotate/remote-tmpfs.j2 b/templates/logrotate/remote-tmpfs.j2 new file mode 100644 index 0000000..2bbe511 --- /dev/null +++ b/templates/logrotate/remote-tmpfs.j2 @@ -0,0 +1,10 @@ +/var/log/remote/*.log { + size 10M + daily + missingok + notifempty + nocompress + copytruncate + rotate 0 + su root adm +} diff --git a/templates/rsyslog/incoming-udp514.conf.j2 b/templates/rsyslog/incoming-udp514.conf.j2 new file mode 100644 index 0000000..56bb3f5 --- /dev/null +++ b/templates/rsyslog/incoming-udp514.conf.j2 @@ -0,0 +1,2 @@ +module(load="imudp") +input(type="imudp" port="514") diff --git a/templates/splunkforwarder/input.conf.j2 b/templates/splunkforwarder/input.conf.j2 new file mode 100644 index 0000000..10eac2e --- /dev/null +++ b/templates/splunkforwarder/input.conf.j2 @@ -0,0 +1,5 @@ +[monitor:///var/log/remote] +disabled = false +index = default +sourcetype = syslog +host_segment = 3 diff --git a/templates/splunkforwarder/outputs.conf.j2 b/templates/splunkforwarder/outputs.conf.j2 new file mode 100644 index 0000000..3d3f556 --- /dev/null +++ b/templates/splunkforwarder/outputs.conf.j2 @@ -0,0 +1,7 @@ +[tcpout] +defaultGroup = default-autolb-group + +[tcpout:default-autolb-group] +server = 100.64.0.10:9997 + +[tcpout-server://100.64.0.10:9997] diff --git a/vars/Debian.yaml b/vars/Debian.yaml new file mode 100644 index 0000000..82d51cd --- /dev/null +++ b/vars/Debian.yaml @@ -0,0 +1,9 @@ +--- + +# ansible +ansible_remote_tmp: "/tmp" + +# atuin install url +atuin_install_url: + "https://github.com/atuinsh/atuin/releases/download/\ + v{{ atuin_version }}/atuin-x86_64-unknown-linux-gnu.tar.gz"