feat: initial commit

2025-05-06 10:58:34 +02:00 · 2025-05-06 10:58:34 +02:00 · 0c58302da5
commit 0c58302da5
20 changed files with 326 additions and 0 deletions
--- a/tasks/config.yaml
+++ b/tasks/config.yaml
@ -0,0 +1,41 @@
+---
+
+# configure rsyslog
+- name: "config - rsyslog"
+  ansible.builtin.template:
+    src: "templates/rsylog/incoming-udp514.conf.j2"
+    dest: "/etc/rsyslog.d/incoming-udp514.conf"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify: "restart rsyslog"
+
+# configure logrotate
+- name: "config - logrotate"
+  ansible.builtin.template:
+    src: "templates/logrotate/remote-tmpfs.j2"
+    dest: "/etc/logrotate.d/remote-tmpfs.conf"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify: "restart rsyslog"
+
+# configure splunk universal forwarder - input
+- name: "config - splunk universal forwarder - input"
+  ansible.builtin.template:
+    src: "templates/splunkforwarder/inputs.conf.j2"
+    dest: "/opt/splunkforwarder/etc/system/local/inputs.conf"
+    owner: "splunkfwd"
+    group: "splunkfwd"
+    mode: "0644"
+  notify: "restart splunk"
+
+# configure splunk universal forwarder - outputs
+- name: "config - splunk universal forwarder - outputs"
+  ansible.builtin.template:
+    src: "templates/splunkforwarder/outputs.conf.j2"
+    dest: "/opt/splunkforwarder/etc/system/local/outputs.conf"
+    owner: "splunkfwd"
+    group: "splunkfwd"
+    mode: "0644"
+  notify: "restart splunk"
--- a/tasks/install.yaml
+++ b/tasks/install.yaml
@ -0,0 +1,24 @@
+---
+
+# install rsyslog
+- name: "install - rsyslog"
+  ansible.builtin.apt:
+    name: "rsyslog"
+    state: "present"
+    cache_valid_time: "120"
+  when: 'ansible_os_family == "Debian"'
+
+# install cronjob for logrotate
+- name: "add cron job for logrotate"
+  ansible.builtin.cron:
+    name: "logrotate for /var/log/remote"
+    minute: "*/15"
+    user: "root"
+    job: "logrotate -f /etc/logrotate.d/remote-tmpfs"
+
+# install splunk universal forwarder
+- name: "install - package_name"
+  ansible.builtin.deb:
+    name: "{{ splunk_forwarder_deb }}"
+    state: "present"
+  when: 'ansible_os_family == "Debian"'
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@ -0,0 +1,13 @@
+---
+
+# import install
+- name: "install"
+  ansible.builtin.import_tasks: "install.yaml"
+
+# import tmpfs
+- name: "tmpfs"
+  ansible.builtin.import_tasks: "tmpfs.yaml"
+
+# import config
+- name: "config"
+  ansible.builtin.import_tasks: "config.yaml"
--- a/tasks/tmpfs.yaml
+++ b/tasks/tmpfs.yaml
@ -0,0 +1,32 @@
+---
+
+# create /var/log/remote directory
+- name: "create /var/log/remote directory"
+  ansible.builtin.file:
+    path: "/var/log/remote"
+    state: "directory"
+    mode: "0755"
+
+# create systemd mount unit
+- name: "create systemd mount unit for /var/log/remote"
+  ansible.builtin.copy:
+    dest: "/etc/systemd/system/var-log-remote.mount"
+    content: |
+      [Unit]
+      Description=Mount tmpfs to /var/log/remote
+      Before=local-fs.target
+      Before=rsyslog.service
+      DefaultDependencies=no
+
+      [Mount]
+      What=tmpfs
+      Where=/var/log/remote
+      Type=tmpfs
+      Options=defaults,size=512M
+
+      [Install]
+      WantedBy=multi-user.target
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify: "var-log-remote-unit"