From 14f8936790bbbd195216d3b7b1ab8c11cfd86e72 Mon Sep 17 00:00:00 2001 From: richard Date: Wed, 22 Dec 2021 15:12:51 -0500 Subject: [PATCH] update_hosts.yml with motd, login page and rsyslog config --- .gitignore | 1 + ansible-5/ansible.cfg | 2 + ansible-5/playbooks/bootstrap.yaml | 57 +++++- ansible-5/playbooks/update_hosts.yaml | 16 ++ ansible-5/roles/common/files/motd/cubox.sh | 163 +++++++++++++++++ ansible-5/roles/common/files/motd/hostname.sh | 2 + ansible-5/roles/common/files/motd/systats.sh | 167 ++++++++++++++++++ .../roles/common/tasks/apply_updates.yml | 18 ++ ansible-5/roles/common/tasks/main.yml | 6 + ansible-5/roles/common/tasks/motd.yml | 38 ++++ ansible-5/roles/rsyslog/defaults/main.yml | 8 + ansible-5/roles/rsyslog/handlers/main.yml | 9 + ansible-5/roles/rsyslog/tasks/main.yml | 31 ++++ .../rsyslog/templates/48-ship2papertrail.j2 | 7 + .../rsyslog/templates/49-shiptograylog.j2 | 1 + .../roles/rsyslog/templates/50-default.conf | 68 +++++++ 16 files changed, 589 insertions(+), 5 deletions(-) create mode 100644 ansible-5/playbooks/update_hosts.yaml create mode 100644 ansible-5/roles/common/files/motd/cubox.sh create mode 100644 ansible-5/roles/common/files/motd/hostname.sh create mode 100644 ansible-5/roles/common/files/motd/systats.sh create mode 100644 ansible-5/roles/common/tasks/apply_updates.yml create mode 100644 ansible-5/roles/common/tasks/main.yml create mode 100644 ansible-5/roles/common/tasks/motd.yml create mode 100644 ansible-5/roles/rsyslog/defaults/main.yml create mode 100644 ansible-5/roles/rsyslog/handlers/main.yml create mode 100644 ansible-5/roles/rsyslog/tasks/main.yml create mode 100644 ansible-5/roles/rsyslog/templates/48-ship2papertrail.j2 create mode 100644 ansible-5/roles/rsyslog/templates/49-shiptograylog.j2 create mode 100644 ansible-5/roles/rsyslog/templates/50-default.conf diff --git a/.gitignore b/.gitignore index ec2b3ee..cb73296 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ password.txt !/dockerfiles/services/sslproxy/certs/live/ venv/ +.pass diff --git a/ansible-5/ansible.cfg b/ansible-5/ansible.cfg index 4d568a1..41a6b0a 100644 --- a/ansible-5/ansible.cfg +++ b/ansible-5/ansible.cfg @@ -3,3 +3,5 @@ inventory = ./inventory.ini remote_user = ansible roles_path = ./roles + +vault_password_file=.pass diff --git a/ansible-5/playbooks/bootstrap.yaml b/ansible-5/playbooks/bootstrap.yaml index 4ee3aaf..a7b4388 100644 --- a/ansible-5/playbooks/bootstrap.yaml +++ b/ansible-5/playbooks/bootstrap.yaml @@ -5,6 +5,9 @@ gather_facts: false # become: true + vars: + authorized_ssh_keys: + pre_tasks: # - raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) - setup: # aka gather_facts @@ -37,14 +40,58 @@ uid: "1001" groups: - sudo -# generate_ssh_key: yes -# ssh_keys: -# - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024" + + - name: Add the user 'richard' + become: true + ansible.builtin.user: + name: richard + state: present + shell: /bin/bash + create_home: yes + password: "$6$yNKLUxX0$lxy/jaJI7cKCq5j.KondUalu9r96gUeRR//5qciZ/RX9z9PGSpbU9j7OsxaOzqV5uLeQ9ouIe8quo/2YqKE46/" + uid: "1000" + groups: + - sudo - name: Add the authorized key for 'ansible' become: true ansible.posix.authorized_key: user: ansible state: present - key: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024" -# key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}" + exclusive: yes + key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64646433313163316163633030333230653437336365363433656332323463376233306162316139 + 6531393536343433653164666162373930393630376564310a393232323031633037313335356432 + 62323763663334393339366537393931613161323537323030623234633631613030623864663162 + 3331373335326664310a313233306233373932323138343866623836646132363135653064636635 + 35616130343963663633623634626434633366393862376562393963343935623236313736656635 + 39343033306163343337313365393635306364653234343031373432346238366162313864616264 + 35313263646331303939376232383062323138373535633739393935396434313230613764363536 + 62346364326130386636353435626162636530353634316234386633613333626266353665356239 + 34626339333733333530373830623764613136363337653061663436633639346532306663303930 + 33313638363939373364373739396330666332353232663661373263373036636634323765633032 + 64346134356161383333313665356463363332613237313032656236303130323936333266333732 + 39656435356234353262373430633331316265316236386564326364616565666364666535353864 + 66313031366566396339333338333338386161303130303361396263396562623231313463623864 + 62666132613033633733336434373161316664626531336363306664373131303937383066363066 + 636534343631376365633666316534663932 + + - name: Add the authorized key for 'richard' + become: true + ansible.posix.authorized_key: + user: richard + state: present +# key: "{{ lookup('file', '/home/richard/.ssh/id_rsa.pub') }}" + key: "{{ item }}" + with_file: + - '/home/richard/.ssh/id_rsa.pub' + + - name: add ansible to sudoers + become: true + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^ansible ALL=' + line: 'ansible ALL=(ALL) NOPASSWD: ALL' + validate: 'visudo -cf %s' diff --git a/ansible-5/playbooks/update_hosts.yaml b/ansible-5/playbooks/update_hosts.yaml new file mode 100644 index 0000000..dee1e59 --- /dev/null +++ b/ansible-5/playbooks/update_hosts.yaml @@ -0,0 +1,16 @@ +--- +# update the managed host machines + +- name: updates + hosts: managed + gather_facts: true + + vars: + + roles: + - role: common + become: true + - role: rsyslog + become: true + + tasks: diff --git a/ansible-5/roles/common/files/motd/cubox.sh b/ansible-5/roles/common/files/motd/cubox.sh new file mode 100644 index 0000000..5ea4ae5 --- /dev/null +++ b/ansible-5/roles/common/files/motd/cubox.sh @@ -0,0 +1,163 @@ +#!/bin/bash +# +# 30-sysinfo - generate the system information +# Copyright (c) 2015-2017 Igor Pecovnik + +export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +THIS_SCRIPT="sysinfo" +MOTD_DISABLE="" + +[[ -f /etc/default/armbian-motd ]] && . /etc/default/armbian-motd + +for f in $MOTD_DISABLE; do + [[ $f == $THIS_SCRIPT ]] && exit 0 +done + +# define which hard drive you want to monitor +storage=/dev/sda1 + +# don't edit below here + +function display() { + # $1=name $2=value $3=red_limit $4=minimal_show_limit $5=unit $6=after $7=acs/desc{ + # battery red color is opposite, lower number + if [[ "$1" == "Battery" ]]; then local great="<"; else local great=">"; fi + if [[ -n "$2" && "$2" > "0" && (( "${2%.*}" -ge "$4" )) ]]; then + printf "%-14s%s" "$1:" + if awk "BEGIN{exit ! ($2 $great $3)}"; then echo -ne "\e[0;91m $2"; else echo -ne "\e[0;92m $2"; fi + printf "%-1s%s\x1B[0m" "$5" + printf "%-11s%s\t" "$6" + return 1 + fi +} # display + +function getboardtemp() { + if [ -f /etc/armbianmonitor/datasources/soctemp ]; then + read raw_temp /dev/null) + case ${amb_temp} in + *"find the USB device"*) + echo "" + ;; + *) + amb_temp=$(awk '{print $NF}' <<<$amb_temp | sed 's/C//g') + echo -n "scale=1;${amb_temp}/1" | grep -oE "\-?[[:digit:]]+.[[:digit:]]" + esac +} # ambienttemp + +function get_ip_addresses() { + # return up to 2 IPv4 address(es) comma separated + hostname -I | tr " " "\n" | \ + grep -E "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$" | \ + tail -n2 | sed ':a;N;$!ba;s/\n/,/g' +} # get_ip_addresses + +function storage_info() { + # storage info + RootInfo=$(df -h /) + root_usage=$(awk '/\// {print $(NF-1)}' <<<${RootInfo} | sed 's/%//g') + root_total=$(awk '/\// {print $(NF-4)}' <<<${RootInfo}) + StorageInfo=$(df -h $storage 2>/dev/null | grep $storage) + if [ -n "${StorageInfo}" ]; then + storage_usage=$(awk '/\// {print $(NF-1)}' <<<${StorageInfo} | sed 's/%//g') + storage_total=$(awk '/\// {print $(NF-4)}' <<<${StorageInfo}) + [[ "$storage" == */sd* ]] && hdd_temp=$(hddtemp -u C -nq $storage) + fi +} # storage_info + +# query various systems and send some stuff to the background for overall faster execution. +# Works only with ambienttemp and batteryinfo since A20 is slow enough :) +amb_temp=$(ambienttemp &) +ip_address=$(get_ip_addresses &) +batteryinfo +storage_info +getboardtemp +critical_load=$(( 1 + $(grep -c processor /proc/cpuinfo) / 2 )) + +# get uptime, logged in users and load in one take +UptimeString=$(uptime | tr -d ',') +time=$(awk -F" " '{print $3" "$4}' <<<"${UptimeString}") +load="$(awk -F"average: " '{print $2}'<<<"${UptimeString}")" +users="$(awk -F" user" '{print $1}'<<<"${UptimeString}")" +case ${time} in + 1:*) # 1-2 hours + time=$(awk -F" " '{print $3" hour"}' <<<"${UptimeString}") + ;; + *:*) # 2-24 hours + time=$(awk -F" " '{print $3" hours"}' <<<"${UptimeString}") + ;; +esac + +# memory and swap +mem_info=$(LANG=en_US.UTF-8 free -w 2>/dev/null | grep "^Mem" || LANG=en_US.UTF-8 free | grep "^Mem") +memory_usage=$(awk '{printf("%.0f",(($2-($4+$6+$7))/$2) * 100)}' <<<${mem_info}) +memory_total=$(awk '{printf("%d",$2/1024)}' <<<${mem_info}) +swap_info=$(LANG=en_US.UTF-8 free -m | grep "^Swap") +swap_usage=$( (awk '/Swap/ { printf("%3.0f", $3/$2*100) }' <<<${swap_info} 2>/dev/null || echo 0) | tr -c -d '[:digit:]') +swap_total=$(awk '{print $(2)}' <<<${swap_info}) + +# display info +display "System load" "${load%% *}" "${critical_load}" "0" "" "${load#* }" +printf "Up time: \x1B[92m%s\x1B[0m\t\t" "$time" +display "Local users" "${users##* }" "3" "2" "" +echo "" # fixed newline +display "Memory usage" "$memory_usage" "70" "0" " %" " of ${memory_total}MB" +display "Swap usage" "$swap_usage" "10" "0" " %" " of $swap_total""Mb" +printf "IP: " +printf "\x1B[92m%s\x1B[0m" "$ip_address" +echo "" # fixed newline +a=0;b=0;c=0 +display "CPU temp" "$board_temp" "45" "0" "°C" "" ; a=$? +display "HDD temp" "$hdd_temp" "45" "0" "°C" "" ; b=$? +display "Ambient temp" "$amb_temp" "40" "0" "°C" "" ; c=$? +(( ($a+$b+$c) >0 )) && echo "" # new line only if some value is displayed +display "Usage of /" "$root_usage" "90" "1" "%" " of $root_total" +display "storage/" "$storage_usage" "90" "1" "%" " of $storage_total" +display "Battery" "$battery_percent" "20" "1" "%" "$status_battery_text" +echo "" +echo "" diff --git a/ansible-5/roles/common/files/motd/hostname.sh b/ansible-5/roles/common/files/motd/hostname.sh new file mode 100644 index 0000000..77d5177 --- /dev/null +++ b/ansible-5/roles/common/files/motd/hostname.sh @@ -0,0 +1,2 @@ +#!/bin/bash +figlet $(hostname) diff --git a/ansible-5/roles/common/files/motd/systats.sh b/ansible-5/roles/common/files/motd/systats.sh new file mode 100644 index 0000000..09212d4 --- /dev/null +++ b/ansible-5/roles/common/files/motd/systats.sh @@ -0,0 +1,167 @@ +#!/bin/bash +# +# 10-sysinfo - generate the system information +# Copyright (c) 2013 Nick Charlton +# +# Authors: Nick Charlton <hello@nickcharlton.net> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +# define which hard drive you want to monitor +storage=/dev/sda1 + + +function display() { + # $1=name $2=value $3=red_limit $4=minimal_show_limit $5=unit $6=after $7=acs/desc{ + # battery red color is opposite, lower number + if [[ "$1" == "Battery" ]]; then local great="<"; else local great=">"; fi + if [[ -n "$2" && "$2" > "0" && (( "${2%.*}" -ge "$4" )) ]]; then + printf "%-14s%s" "$1:" + if awk "BEGIN{exit ! ($2 $great $3)}"; then echo -ne "\e[0;91m $2"; else echo -ne "\e[0;92m $2"; fi + printf "%-1s%s\x1B[0m" "$5" + printf "%-11s%s\t" "$6" + return 1 + fi +} # display + +#function getboardtemp() { +# if [ -f /etc/armbianmonitor/datasources/soctemp ]; then +# read raw_temp /dev/null) +# case ${amb_temp} in +# *"find the USB device"*) +# echo "" +# ;; +# *) +# amb_temp=$(awk '{print $NF}' <<<$amb_temp | sed 's/C//g') +# echo -n "scale=1;${amb_temp}/1" | grep -oE "\-?[[:digit:]]+.[[:digit:]]" +# esac +#} # ambienttemp + +function get_ip_addresses() { + # return up to 2 IPv4 address(es) comma separated + hostname -I | tr " " "\n" | \ + grep "192.168." | \ + tail -n2 | sed ':a;N;$!ba;s/\n/,/g' +} # get_ip_addresses +ip_address=$(get_ip_addresses &) + +## storage +#function storage_info() { +# # storage info +# RootInfo=$(df -h /) +# root_usage=$(awk '/\// {print $(NF-1)}' <<<${RootInfo} | sed 's/%//g') +# root_total=$(awk '/\// {print $(NF-4)}' <<<${RootInfo}) +# StorageInfo=$(df -h $storage 2>/dev/null | grep $storage) +# if [ -n "${StorageInfo}" ]; then +# storage_usage=$(awk '/\// {print $(NF-1)}' <<<${StorageInfo} | sed 's/%//g') +# storage_total=$(awk '/\// {print $(NF-4)}' <<<${StorageInfo}) +# [[ "$storage" == */sd* ]] && hdd_temp=$(hddtemp -u C -nq $storage) +# fi +#} # storage_info +#storage_info +root_usage=`df -h / | awk '/\// {print $(NF-1)}'` + + + +## System info +date=`date` +UptimeString=$(uptime | tr -d ',') +time=$(awk -F" " '{print $3" "$4}' <<<"${UptimeString}") +load="$(awk -F"average: " '{print $2}'<<<"${UptimeString}")" +users="$(awk -F" user" '{print $1}'<<<"${UptimeString}")" +critical_load=$(( 1 + $(grep -c processor /proc/cpuinfo) / 2 )) +processes=`ps aux | wc -l` + +## memory and swap +mem_info=$(LANG=en_US.UTF-8 free -w 2>/dev/null | grep "^Mem" || LANG=en_US.UTF-8 free | grep "^Mem") +memory_usage=$(awk '{printf("%.0f",(($2-($4+$6+$7))/$2) * 100)}' <<<${mem_info}) +memory_total=$(awk '{printf("%d",$2/1024)}' <<<${mem_info}) +swap_info=$(LANG=en_US.UTF-8 free -m | grep "^Swap") +swap_usage=$( (awk '/Swap/ { printf("%3.0f", $3/$2*100) }' <<<${swap_info} 2>/dev/null || echo 0) | tr -c -d '[:digit:]') +swap_total=$(awk '{print $(2)}' <<<${swap_info}) +swap_usage=`free -m | awk '/Swap:/ { printf("%3.1f%%", $3/$2*100) }'` + + +#batteryinfo +#getboardtemp + +# DISPLAY +echo "System information as of: $date" +echo +display "System load" "${load%% *}" "${critical_load}" "0" "" "${load#* }" +printf "Up time: \x1B[92m%s\x1B[0m\t\t" "$time" +echo "" # fixed newline +display "Memory usage" "$memory_usage" "70" "0" " %" " of ${memory_total}MB" +display "Swap usage" "$swap_usage" "10" "0" " %" " of ${swap_total}Mb" +echo "" +display "Usage of /" "$root_usage" "90" "1" "%" " of $root_total" +printf "IP: " +printf "\x1B[92m%s\x1B[0m" "$ip_address" +echo "" +display "Local users" "${users##* }" "3" "0" "" +display "Processes" "${processes##* }" "150" "100" "" +echo "" + +#a=0;b=0;c=0 +#display "CPU temp" "$board_temp" "45" "0" "°C" "" ; a=$? +#display "HDD temp" "$hdd_temp" "45" "0" "°C" "" ; b=$? +#display "Ambient temp" "$amb_temp" "40" "0" "°C" "" ; c=$? +#(( ($a+$b+$c) >0 )) && echo "" # new line only if some value is displayed + diff --git a/ansible-5/roles/common/tasks/apply_updates.yml b/ansible-5/roles/common/tasks/apply_updates.yml new file mode 100644 index 0000000..045f7a6 --- /dev/null +++ b/ansible-5/roles/common/tasks/apply_updates.yml @@ -0,0 +1,18 @@ +--- +# update packages to latest + +- name: run apt updates + apt: + upgrade: dist + update_cache: yes + cache_valid_time: 3600 + when: ansible_os_family == "Debian" + +- name: check for reboot required + stat: + path: /var/run/reboot-required + register: reboot_required + +- name: reboot after updates + reboot: + when: reboot_required.stat.exists diff --git a/ansible-5/roles/common/tasks/main.yml b/ansible-5/roles/common/tasks/main.yml new file mode 100644 index 0000000..2925313 --- /dev/null +++ b/ansible-5/roles/common/tasks/main.yml @@ -0,0 +1,6 @@ +--- +# update packages to latest + +- include_tasks: apply_updates.yml + +- include_tasks: motd.yml diff --git a/ansible-5/roles/common/tasks/motd.yml b/ansible-5/roles/common/tasks/motd.yml new file mode 100644 index 0000000..5929a15 --- /dev/null +++ b/ansible-5/roles/common/tasks/motd.yml @@ -0,0 +1,38 @@ +--- +# main tasks for setting up motd dynamic shell header + +- debug: var=ansible_nodename + +- name: Install required packages + apt: + name: "{{ item }}" + update_cache: yes + cache_valid_time: 3600 + state: latest + with_items: + - lsb-release + - figlet + - update-motd + - lm-sensors + when: ansible_architecture != 'armv7l' + + +- name: remove help text + file: + state: absent + path: "{{ item }}" + with_items: + - /etc/update-motd.d/10-help-text + - /etc/update-motd.d/51-cloudguest + when: ansible_architecture != 'armv7l' + + +- name: add new info + copy: + src: "{{ item.src }}" + dest: /etc/update-motd.d/{{ item.dest }} + mode: 755 + with_items: + - { src: motd/hostname.sh, dest: 10-hostname } + - { src: motd/systats.sh, dest: 11-sysstats} + when: ansible_architecture != 'armv7l' diff --git a/ansible-5/roles/rsyslog/defaults/main.yml b/ansible-5/roles/rsyslog/defaults/main.yml new file mode 100644 index 0000000..4812687 --- /dev/null +++ b/ansible-5/roles/rsyslog/defaults/main.yml @@ -0,0 +1,8 @@ +--- +# default values + +rsyslog: + user: root + group: root + service: rsyslog + configs: [] diff --git a/ansible-5/roles/rsyslog/handlers/main.yml b/ansible-5/roles/rsyslog/handlers/main.yml new file mode 100644 index 0000000..f45cd40 --- /dev/null +++ b/ansible-5/roles/rsyslog/handlers/main.yml @@ -0,0 +1,9 @@ +--- +# handlers/main.yml +# define handlers here + +- name: restart rsyslog + service: name={{ rsyslog.service }} state=restarted + +- name: stop rsyslog + service: name={{ rsyslog.service }} state=stopped diff --git a/ansible-5/roles/rsyslog/tasks/main.yml b/ansible-5/roles/rsyslog/tasks/main.yml new file mode 100644 index 0000000..747ce58 --- /dev/null +++ b/ansible-5/roles/rsyslog/tasks/main.yml @@ -0,0 +1,31 @@ +--- +# main tasks for rsyslog config + +- debug: var=rsyslog + +- name: remove packages + apt: + state: present + name: "{{item}}" + update_cache: yes + cache_valid_time: 86400 + with_items: + - rsyslog-gnutls + +- name: copy tls certs for papertrail + get_url: + url: https://papertrailapp.com/tools/papertrail-bundle.pem + dest: /etc/papertrail-bundle.pem + force: yes + mode: 0644 + +- name: copy custom configs + template: + src: "{{ item }}.j2" + dest: /etc/rsyslog.d/{{ item }}.conf + owner: "{{ rsyslog.user }}" + group: "{{ rsyslog.group }}" + mode: 0644 + with_items: "{{rsyslog.configs}}" + notify: + - restart rsyslog diff --git a/ansible-5/roles/rsyslog/templates/48-ship2papertrail.j2 b/ansible-5/roles/rsyslog/templates/48-ship2papertrail.j2 new file mode 100644 index 0000000..6d49101 --- /dev/null +++ b/ansible-5/roles/rsyslog/templates/48-ship2papertrail.j2 @@ -0,0 +1,7 @@ +$DefaultNetstreamDriverCAFile /etc/papertrail-bundle.pem # trust these CAs +$ActionSendStreamDriver gtls # use gtls netstream driver +$ActionSendStreamDriverMode 1 # require TLS +$ActionSendStreamDriverAuthMode x509/name # authenticate by hostname +$ActionSendStreamDriverPermittedPeer *.papertrailapp.com + +*.* @@logs6.papertrailapp.com:38577 diff --git a/ansible-5/roles/rsyslog/templates/49-shiptograylog.j2 b/ansible-5/roles/rsyslog/templates/49-shiptograylog.j2 new file mode 100644 index 0000000..822caca --- /dev/null +++ b/ansible-5/roles/rsyslog/templates/49-shiptograylog.j2 @@ -0,0 +1 @@ +*.* @logs.xai-corp.net:31514 diff --git a/ansible-5/roles/rsyslog/templates/50-default.conf b/ansible-5/roles/rsyslog/templates/50-default.conf new file mode 100644 index 0000000..db6bbf6 --- /dev/null +++ b/ansible-5/roles/rsyslog/templates/50-default.conf @@ -0,0 +1,68 @@ +# Default rules for rsyslog. +# +# For more information see rsyslog.conf(5) and /etc/rsyslog.conf + +# +# First some standard log files. Log by facility. +# +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +#daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +#lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +#user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +#mail.info -/var/log/mail.info +#mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Logging for INN news system. +# +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice -/var/log/news/news.notice + +# +# Some "catch-all" log files. +# +#*.=debug;\ +# auth,authpriv.none;\ +# news.none;mail.none -/var/log/debug +#*.=info;*.=notice;*.=warn;\ +# auth,authpriv.none;\ +# cron,daemon.none;\ +# mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:* + +# +# I like to have messages displayed on the console, but only on a virtual +# console I usually leave idle. +# +#daemon,mail.*;\ +# news.=crit;news.=err;news.=notice;\ +# *.=debug;*.=info;\ +# *.=notice;*.=warn /dev/tty8 + +# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, +# you must invoke `xconsole' with the `-file' option: +# +# $ xconsole -file /dev/xconsole [...] +# +# NOTE: adjust the list below, or you'll go crazy if you have a reasonably +# busy site.. +# +daemon.*;mail.*;\ + news.err;\ + *.=debug;*.=info;\ + *.=notice;*.=warn |/dev/xconsole