setup papertrail logging on managed hosts and sslproxy container

2017-06-26 20:43:49 -04:00
parent 9adfff78e2
commit 5e8759156f
6 changed files with 50 additions and 17 deletions
--- a/dockerfiles/sslproxy/docker-compose.yml
+++ b/dockerfiles/sslproxy/docker-compose.yml
@@ -24,6 +24,12 @@ services:
 #      options:
 #        gelf-address: "udp://logs.xai-corp.net:12201"

+    logging:
+      driver: syslog
+      options:
+        syslog-address: "tcp+tls://logs6.papertrailapp.com:38577"
+        tag: "{{.Name}}/{{.ID}}"
+
    deploy:
      mode: replicated
      replicas: 1
--- a/managed_setup.yml
+++ b/managed_setup.yml
@@ -35,22 +35,23 @@
    - users_groups:

    - datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
-          datadog_checks:
-            system:
-              init_config: []
-              instances: []
-            disk:
-              init_config:
-              instances:
-                  - use_mount: yes
-                    excluded_filesystems:
-                      - sysfs
-                      - cgroup
-                      - tracefs
-                      - debugfs
-                      - proc
-                      - securityfs
-                    excluded_mountpoint_re: /[media/richard|run/user].*
+    - datadog_checks:
+        system:
+          init_config: []
+          instances: []
+        disk:
+          init_config:
+          instances:
+              - use_mount: yes
+                excluded_filesystems:
+                  - sysfs
+                  - cgroup
+                  - tracefs
+                  - debugfs
+                  - proc
+                  - securityfs
+                  - shm
+                excluded_mountpoint_re: /[media/richard|run/user].*


    - rsyslog:
@@ -58,7 +59,7 @@
        group: root
        service: rsyslog
        configs:
-          - 49-shiptograylog
+          - 48-ship2papertrail

  # prepare python for ansible
  pre_tasks:
@@ -79,6 +80,7 @@
    - novuso.users
    - user-richard
    - rsyslog
+    - motd
    - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash

  tasks:
--- a/managed_updates.yml
+++ b/managed_updates.yml
@@ -25,6 +25,7 @@
                - debugfs
                - proc
                - securityfs
+                - shm
              excluded_mountpoint_re: /[media/richard|run/user].*

  roles:
--- a/roles/ns.xai-corp.net/tasks/main.yml
+++ b/roles/ns.xai-corp.net/tasks/main.yml
@@ -6,6 +6,7 @@
  apt:
    name: "{{ item }}"
    update_cache: yes
+    cache_valid_time: 86400
    state: latest
  with_items:
    - bind9
--- a/roles/rsyslog/tasks/main.yml
+++ b/roles/rsyslog/tasks/main.yml
@@ -3,6 +3,22 @@

 - debug: var=rsyslog

+- name: remove packages
+  apt:
+    state: present
+    name: "{{item}}"
+    update_cache: yes
+    cache_valid_time: 86400
+  with_items:
+    - rsyslog-gnutls
+
+- name: copy tls certs for papertrail
+  get_url:
+    url: https://papertrailapp.com/tools/papertrail-bundle.pem
+    dest: /etc/papertrail-bundle.pem
+    force: yes
+    mode: 0644
+
 - name: copy custom configs
  template:
    src: "{{ item }}.j2"
--- a/roles/rsyslog/templates/48-ship2papertrail.j2
+++ b/roles/rsyslog/templates/48-ship2papertrail.j2
@@ -0,0 +1,7 @@
+$DefaultNetstreamDriverCAFile /etc/papertrail-bundle.pem # trust these CAs
+$ActionSendStreamDriver gtls # use gtls netstream driver
+$ActionSendStreamDriverMode 1 # require TLS
+$ActionSendStreamDriverAuthMode x509/name # authenticate by hostname
+$ActionSendStreamDriverPermittedPeer *.papertrailapp.com
+
+*.*    @@logs6.papertrailapp.com:38577