xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

setup papertrail logging on managed hosts and sslproxy container

Browse Source
This commit is contained in:
richard
2017-06-26 20:43:49 -04:00
parent 9adfff78e2
commit 5e8759156f
6 changed files with 50 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dockerfiles/sslproxy/docker-compose.yml
View File

@@ -24,6 +24,12 @@ services:
# options: # options:
# gelf-address: "udp://logs.xai-corp.net:12201" # gelf-address: "udp://logs.xai-corp.net:12201"
logging:
driver: syslog
options:
syslog-address: "tcp+tls://logs6.papertrailapp.com:38577"
tag: "{{.Name}}/{{.ID}}"
deploy: deploy:
mode: replicated mode: replicated
replicas: 1 replicas: 1

36
managed_setup.yml
View File

@@ -35,22 +35,23 @@
- users_groups: - users_groups:
- datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb - datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
datadog_checks: - datadog_checks:
system: system:
init_config: [] init_config: []
instances: [] instances: []
disk: disk:
init_config: init_config:
instances: instances:
- use_mount: yes - use_mount: yes
excluded_filesystems: excluded_filesystems:
- sysfs - sysfs
- cgroup - cgroup
- tracefs - tracefs
- debugfs - debugfs
- proc - proc
- securityfs - securityfs
excluded_mountpoint_re: /[media/richard|run/user].* - shm
excluded_mountpoint_re: /[media/richard|run/user].*
- rsyslog: - rsyslog:
@@ -58,7 +59,7 @@
group: root group: root
service: rsyslog service: rsyslog
configs: configs:
- 49-shiptograylog - 48-ship2papertrail
# prepare python for ansible # prepare python for ansible
pre_tasks: pre_tasks:
@@ -79,6 +80,7 @@
- novuso.users - novuso.users
- user-richard - user-richard
- rsyslog - rsyslog
- motd
- { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash
tasks: tasks:

1
managed_updates.yml
View File

@@ -25,6 +25,7 @@
- debugfs - debugfs
- proc - proc
- securityfs - securityfs
- shm
excluded_mountpoint_re: /[media/richard|run/user].* excluded_mountpoint_re: /[media/richard|run/user].*
roles: roles:

1
roles/ns.xai-corp.net/tasks/main.yml
View File

@@ -6,6 +6,7 @@
apt: apt:
name: "{{ item }}" name: "{{ item }}"
update_cache: yes update_cache: yes
cache_valid_time: 86400
state: latest state: latest
with_items: with_items:
- bind9 - bind9

16
roles/rsyslog/tasks/main.yml
View File

@@ -3,6 +3,22 @@
- debug: var=rsyslog - debug: var=rsyslog
- name: remove packages
apt:
state: present
name: "{{item}}"
update_cache: yes
cache_valid_time: 86400
with_items:
- rsyslog-gnutls
- name: copy tls certs for papertrail
get_url:
url: https://papertrailapp.com/tools/papertrail-bundle.pem
dest: /etc/papertrail-bundle.pem
force: yes
mode: 0644
- name: copy custom configs - name: copy custom configs
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"

7
roles/rsyslog/templates/48-ship2papertrail.j2 Normal file
View File

@@ -0,0 +1,7 @@
$DefaultNetstreamDriverCAFile /etc/papertrail-bundle.pem # trust these CAs
$ActionSendStreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS
$ActionSendStreamDriverAuthMode x509/name # authenticate by hostname
$ActionSendStreamDriverPermittedPeer *.papertrailapp.com
*.* @@logs6.papertrailapp.com:38577