refactor ansible code in to ansible-2.0 folder, and created space for ansible-2.10

ansible-2.0/roles/rsyslog/defaults/main.yml

@@ -0,0 +1,8 @@
+---
+# default values
+
+rsyslog:
+  user: root
+  group: root
+  service: rsyslog
+  configs: []

ansible-2.0/roles/rsyslog/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+# handlers/main.yml
+# define handlers here
+
+- name: restart rsyslog
+  service: name={{ rsyslog.service }} state=restarted
+
+- name: stop rsyslog
+  service: name={{ rsyslog.service }} state=stopped

ansible-2.0/roles/rsyslog/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+# main tasks for rsyslog config
+
+- debug: var=rsyslog
+
+- name: remove packages
+  apt:
+    state: present
+    name: "{{item}}"
+    update_cache: yes
+    cache_valid_time: 86400
+  with_items:
+    - rsyslog-gnutls
+
+- name: copy tls certs for papertrail
+  get_url:
+    url: https://papertrailapp.com/tools/papertrail-bundle.pem
+    dest: /etc/papertrail-bundle.pem
+    force: yes
+    mode: 0644
+
+- name: copy custom configs
+  template:
+    src: "{{ item }}.j2"
+    dest: /etc/rsyslog.d/{{ item }}.conf
+    owner: "{{ rsyslog.user }}"
+    group: "{{ rsyslog.group }}"
+    mode: 0644
+  with_items: "{{rsyslog.configs}}"
+  notify:
+    - restart rsyslog

ansible-2.0/roles/rsyslog/templates/48-ship2papertrail.j2

@@ -0,0 +1,7 @@
+$DefaultNetstreamDriverCAFile /etc/papertrail-bundle.pem # trust these CAs
+$ActionSendStreamDriver gtls # use gtls netstream driver
+$ActionSendStreamDriverMode 1 # require TLS
+$ActionSendStreamDriverAuthMode x509/name # authenticate by hostname
+$ActionSendStreamDriverPermittedPeer *.papertrailapp.com
+
+*.*    @@logs6.papertrailapp.com:38577

ansible-2.0/roles/rsyslog/templates/49-shiptograylog.j2

@@ -0,0 +1 @@
+*.* @logs.xai-corp.net:31514

ansible-2.0/roles/rsyslog/templates/50-default.conf

@@ -0,0 +1,68 @@
+#  Default rules for rsyslog.
+#
+#                       For more information see rsyslog.conf(5) and /etc/rsyslog.conf
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*                 /var/log/auth.log
+*.*;auth,authpriv.none          -/var/log/syslog
+#cron.*                         /var/log/cron.log
+#daemon.*                       -/var/log/daemon.log
+kern.*                          -/var/log/kern.log
+#lpr.*                          -/var/log/lpr.log
+mail.*                          -/var/log/mail.log
+#user.*                         -/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+#mail.info                      -/var/log/mail.info
+#mail.warn                      -/var/log/mail.warn
+mail.err                        /var/log/mail.err
+
+#
+# Logging for INN news system.
+#
+news.crit                       /var/log/news/news.crit
+news.err                        /var/log/news/news.err
+news.notice                     -/var/log/news/news.notice
+
+#
+# Some "catch-all" log files.
+#
+#*.=debug;\
+#       auth,authpriv.none;\
+#       news.none;mail.none     -/var/log/debug
+#*.=info;*.=notice;*.=warn;\
+#       auth,authpriv.none;\
+#       cron,daemon.none;\
+#       mail,news.none          -/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg                                :omusrmsg:*
+
+#
+# I like to have messages displayed on the console, but only on a virtual
+# console I usually leave idle.
+#
+#daemon,mail.*;\
+#       news.=crit;news.=err;news.=notice;\
+#       *.=debug;*.=info;\
+#       *.=notice;*.=warn       /dev/tty8
+
+# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
+# you must invoke `xconsole' with the `-file' option:
+#
+#    $ xconsole -file /dev/xconsole [...]
+#
+# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
+#      busy site..
+#
+daemon.*;mail.*;\
+        news.err;\
+        *.=debug;*.=info;\
+        *.=notice;*.=warn       |/dev/xconsole