ansible/log-forwarder
ansible/log-forwarder
2
0
Fork 0
Code Issues 1 Pull requests Activity

feat: initial commit

Browse source
This commit is contained in:
Simon Cornet 2025-05-06 10:58:34 +02:00
commit 0c58302da5
20 changed files with 326 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

23
.ansible-lint Normal file
View file

@ -0,0 +1,23 @@
---
exclude_paths:
- ".gitlab/*"
- ".gitlab-ci.yml"
- "defaults/main.yaml"
- "meta/main.yaml"
- "vars/*"
kinds:
- playbook: "**/*.{yml,yaml}"
skip_list:
- "command-shell"
- "experimental"
- "git-latest"
- "no-changed-when"
- "no-handler"
- "name[casing]"
- "name[template]"
- "risky-file-permissions"
- "schema[playbook]"
- "var-naming[no-role-prefix]"

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
.ansible

16
.gitlab-ci.yml Normal file
View file

@ -0,0 +1,16 @@
---
# gitLab ci stages
stages:
# deployment
- "linting"
- "deployment"
# include jobs
include:
# deployment
- local: ".gitlab/linting.yaml"
- local: ".gitlab/deployment.yaml"

31
.gitlab/deployment.yaml Normal file
View file

@ -0,0 +1,31 @@
---
# deploy ansible/roles/common code
deployment:
stage: "deployment"
image:
name: "cr.simoncor.net/siempie/ssh-client:latest"
entrypoint: ["/bin/sh", "-c"]
rules:
# run only on push to default branch
- if:
'$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH ==
$CI_DEFAULT_BRANCH'
- when: "never"
# prepare ssh
before_script:
# prepare ssh
- |
# prepare ssh
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "$SSH_CONFIG" > ~/.ssh/config
echo "$SSH_DEPLOYMENT_KEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
# deployment commands
script:
- |
# install ansible roles dependancies
ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER "sudo /usr/local/bin/ansible-galaxy install -r /etc/ansible/roles/requirements.yaml --force"

17
.gitlab/linting.yaml Normal file
View file

@ -0,0 +1,17 @@
---
# linting
linting:
stage: "linting"
image:
name: "cr.simoncor.net/siempie/ansible-deployment:latest"
entrypoint: ["/bin/sh", "-c"]
rules:
# run only on push to default branch
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- when: "never"
# start linting
script:
- "ansible-lint -c .ansible-lint ."

30
.yamllint Normal file
View file

@ -0,0 +1,30 @@
---
extends: 'default'
rules:
braces:
max-spaces-inside: 1
forbid: true
comments:
min-spaces-from-content: 1
comments-indentation: false
empty-lines:
max: 2
indentation:
spaces: 2
check-multi-line-strings: true
line-length:
max: 130
allow-non-breakable-words: true
allow-non-breakable-inline-mappings: true
new-line-at-end-of-file: 'enable'
octal-values:
forbid-implicit-octal: true
forbid-explicit-octal: true
truthy:
allowed-values:
- 'true'
- 'false'
quoted-strings:
quote-type: 'any'
required: true

6
defaults/main.yaml Normal file
View file

@ -0,0 +1,6 @@
---
# splunk universal forwarder installer deb
splunk_forwarder_deb:
"https://download.splunk.com/products/universalforwarder/releases/9.4.2/\
linux/splunkforwarder-9.4.2-e9664af3d956-linux-amd64.deb"

24
handlers/main.yaml Normal file
View file

@ -0,0 +1,24 @@
---
# rsyslog
- name: "restart rsyslog"
ansible.builtin.systemd:
name: "rsyslog.service"
state: "restarted"
daemon_reload: true
enabled: true
# systemd unit file for tmpfs
- name: "var-log-remote-unit"
ansible.builtin.systemd:
name: "var-log-remote.mount"
daemon_reload: true
enabled: true
state: "mounted"
# splunk uf
- name: "restart splunk"
ansible.builtin.systemd:
name: "SplunkForwarder.service"
state: "restarted"
enabled: true

18
meta/main.yaml Normal file
View file

@ -0,0 +1,18 @@
---
galaxy_info:
role_name: "log_forwarder"
author: "siempie"
description: "configure a rsyslog forwarder using rsyslog and splunk"
license: "MIT"
min_ansible_version: 2.9
platforms:
# debian
- name: "Debian"
versions:
- "bookworm"
galaxy_tags:
- "log_forwarder"
dependencies: []

10
readme.md Normal file
View file

@ -0,0 +1,10 @@
# Overview
This role configures [Atuin](https://atuin.sh/) server, for reasons.
# Supported Operating Systems
| Operating System | Version |
| --- | ----- |
| Debian | 12 |
# Tags
This role has no tags.

7
renovate.json Normal file
View file

@ -0,0 +1,7 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [ "local>cicd/renovate" ],
"ansible": {
"fileMatch": [ "(.*).ya?ml$" ]
}
}

41
tasks/config.yaml Normal file
View file

@ -0,0 +1,41 @@
---
# configure rsyslog
- name: "config - rsyslog"
ansible.builtin.template:
src: "templates/rsylog/incoming-udp514.conf.j2"
dest: "/etc/rsyslog.d/incoming-udp514.conf"
owner: "root"
group: "root"
mode: "0644"
notify: "restart rsyslog"
# configure logrotate
- name: "config - logrotate"
ansible.builtin.template:
src: "templates/logrotate/remote-tmpfs.j2"
dest: "/etc/logrotate.d/remote-tmpfs.conf"
owner: "root"
group: "root"
mode: "0644"
notify: "restart rsyslog"
# configure splunk universal forwarder - input
- name: "config - splunk universal forwarder - input"
ansible.builtin.template:
src: "templates/splunkforwarder/inputs.conf.j2"
dest: "/opt/splunkforwarder/etc/system/local/inputs.conf"
owner: "splunkfwd"
group: "splunkfwd"
mode: "0644"
notify: "restart splunk"
# configure splunk universal forwarder - outputs
- name: "config - splunk universal forwarder - outputs"
ansible.builtin.template:
src: "templates/splunkforwarder/outputs.conf.j2"
dest: "/opt/splunkforwarder/etc/system/local/outputs.conf"
owner: "splunkfwd"
group: "splunkfwd"
mode: "0644"
notify: "restart splunk"

24
tasks/install.yaml Normal file
View file

@ -0,0 +1,24 @@
---
# install rsyslog
- name: "install - rsyslog"
ansible.builtin.apt:
name: "rsyslog"
state: "present"
cache_valid_time: "120"
when: 'ansible_os_family == "Debian"'
# install cronjob for logrotate
- name: "add cron job for logrotate"
ansible.builtin.cron:
name: "logrotate for /var/log/remote"
minute: "*/15"
user: "root"
job: "logrotate -f /etc/logrotate.d/remote-tmpfs"
# install splunk universal forwarder
- name: "install - package_name"
ansible.builtin.deb:
name: "{{ splunk_forwarder_deb }}"
state: "present"
when: 'ansible_os_family == "Debian"'

13
tasks/main.yaml Normal file
View file

@ -0,0 +1,13 @@
---
# import install
- name: "install"
ansible.builtin.import_tasks: "install.yaml"
# import tmpfs
- name: "tmpfs"
ansible.builtin.import_tasks: "tmpfs.yaml"
# import config
- name: "config"
ansible.builtin.import_tasks: "config.yaml"

32
tasks/tmpfs.yaml Normal file
View file

@ -0,0 +1,32 @@
---
# create /var/log/remote directory
- name: "create /var/log/remote directory"
ansible.builtin.file:
path: "/var/log/remote"
state: "directory"
mode: "0755"
# create systemd mount unit
- name: "create systemd mount unit for /var/log/remote"
ansible.builtin.copy:
dest: "/etc/systemd/system/var-log-remote.mount"
content: |
[Unit]
Description=Mount tmpfs to /var/log/remote
Before=local-fs.target
Before=rsyslog.service
DefaultDependencies=no
[Mount]
What=tmpfs
Where=/var/log/remote
Type=tmpfs
Options=defaults,size=512M
[Install]
WantedBy=multi-user.target
owner: "root"
group: "root"
mode: "0644"
notify: "var-log-remote-unit"

10
templates/logrotate/remote-tmpfs.j2 Normal file
View file

@ -0,0 +1,10 @@
/var/log/remote/*.log {
size 10M
daily
missingok
notifempty
nocompress
copytruncate
rotate 0
su root adm
}

2
templates/rsyslog/incoming-udp514.conf.j2 Normal file
View file

@ -0,0 +1,2 @@
module(load="imudp")
input(type="imudp" port="514")

5
templates/splunkforwarder/input.conf.j2 Normal file
View file

@ -0,0 +1,5 @@
[monitor:///var/log/remote]
disabled = false
index = default
sourcetype = syslog
host_segment = 3

7
templates/splunkforwarder/outputs.conf.j2 Normal file
View file

@ -0,0 +1,7 @@
[tcpout]
defaultGroup = default-autolb-group
[tcpout:default-autolb-group]
server = 100.64.0.10:9997
[tcpout-server://100.64.0.10:9997]

9
vars/Debian.yaml Normal file
View file

@ -0,0 +1,9 @@
---
# ansible
ansible_remote_tmp: "/tmp"
# atuin install url
atuin_install_url:
"https://github.com/atuinsh/atuin/releases/download/\
v{{ atuin_version }}/atuin-x86_64-unknown-linux-gnu.tar.gz"