From 5e8759156f7d1566db0f433dfccc4f054919339b Mon Sep 17 00:00:00 2001 From: richard Date: Mon, 26 Jun 2017 20:43:49 -0400 Subject: [PATCH] setup papertrail logging on managed hosts and sslproxy container --- dockerfiles/sslproxy/docker-compose.yml | 6 ++++ managed_setup.yml | 36 ++++++++++--------- managed_updates.yml | 1 + roles/ns.xai-corp.net/tasks/main.yml | 1 + roles/rsyslog/tasks/main.yml | 16 +++++++++ roles/rsyslog/templates/48-ship2papertrail.j2 | 7 ++++ 6 files changed, 50 insertions(+), 17 deletions(-) create mode 100644 roles/rsyslog/templates/48-ship2papertrail.j2 diff --git a/dockerfiles/sslproxy/docker-compose.yml b/dockerfiles/sslproxy/docker-compose.yml index 65f6cae..24f6626 100644 --- a/dockerfiles/sslproxy/docker-compose.yml +++ b/dockerfiles/sslproxy/docker-compose.yml @@ -24,6 +24,12 @@ services: # options: # gelf-address: "udp://logs.xai-corp.net:12201" + logging: + driver: syslog + options: + syslog-address: "tcp+tls://logs6.papertrailapp.com:38577" + tag: "{{.Name}}/{{.ID}}" + deploy: mode: replicated replicas: 1 diff --git a/managed_setup.yml b/managed_setup.yml index 144bb64..fd5afa7 100644 --- a/managed_setup.yml +++ b/managed_setup.yml @@ -35,22 +35,23 @@ - users_groups: - datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb - datadog_checks: - system: - init_config: [] - instances: [] - disk: - init_config: - instances: - - use_mount: yes - excluded_filesystems: - - sysfs - - cgroup - - tracefs - - debugfs - - proc - - securityfs - excluded_mountpoint_re: /[media/richard|run/user].* + - datadog_checks: + system: + init_config: [] + instances: [] + disk: + init_config: + instances: + - use_mount: yes + excluded_filesystems: + - sysfs + - cgroup + - tracefs + - debugfs + - proc + - securityfs + - shm + excluded_mountpoint_re: /[media/richard|run/user].* - rsyslog: @@ -58,7 +59,7 @@ group: root service: rsyslog configs: - - 49-shiptograylog + - 48-ship2papertrail # prepare python for ansible pre_tasks: @@ -79,6 +80,7 @@ - novuso.users - user-richard - rsyslog + - motd - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash tasks: diff --git a/managed_updates.yml b/managed_updates.yml index 8f22613..b050b99 100644 --- a/managed_updates.yml +++ b/managed_updates.yml @@ -25,6 +25,7 @@ - debugfs - proc - securityfs + - shm excluded_mountpoint_re: /[media/richard|run/user].* roles: diff --git a/roles/ns.xai-corp.net/tasks/main.yml b/roles/ns.xai-corp.net/tasks/main.yml index 01798e1..99931a9 100644 --- a/roles/ns.xai-corp.net/tasks/main.yml +++ b/roles/ns.xai-corp.net/tasks/main.yml @@ -6,6 +6,7 @@ apt: name: "{{ item }}" update_cache: yes + cache_valid_time: 86400 state: latest with_items: - bind9 diff --git a/roles/rsyslog/tasks/main.yml b/roles/rsyslog/tasks/main.yml index ace3d7a..747ce58 100644 --- a/roles/rsyslog/tasks/main.yml +++ b/roles/rsyslog/tasks/main.yml @@ -3,6 +3,22 @@ - debug: var=rsyslog +- name: remove packages + apt: + state: present + name: "{{item}}" + update_cache: yes + cache_valid_time: 86400 + with_items: + - rsyslog-gnutls + +- name: copy tls certs for papertrail + get_url: + url: https://papertrailapp.com/tools/papertrail-bundle.pem + dest: /etc/papertrail-bundle.pem + force: yes + mode: 0644 + - name: copy custom configs template: src: "{{ item }}.j2" diff --git a/roles/rsyslog/templates/48-ship2papertrail.j2 b/roles/rsyslog/templates/48-ship2papertrail.j2 new file mode 100644 index 0000000..6d49101 --- /dev/null +++ b/roles/rsyslog/templates/48-ship2papertrail.j2 @@ -0,0 +1,7 @@ +$DefaultNetstreamDriverCAFile /etc/papertrail-bundle.pem # trust these CAs +$ActionSendStreamDriver gtls # use gtls netstream driver +$ActionSendStreamDriverMode 1 # require TLS +$ActionSendStreamDriverAuthMode x509/name # authenticate by hostname +$ActionSendStreamDriverPermittedPeer *.papertrailapp.com + +*.* @@logs6.papertrailapp.com:38577