Commit 85990cfe authored by jtimberman's avatar jtimberman
Browse files

Merge branch 'COOK-1877'

parents 63a14116 b37b6ee4
Description
===========
Installs rsyslog to replace sysklogd for client and/or server use. By default, server will be set up to log to files.
Installs and configures rsyslog to replace sysklogd for client and/or
server use. By default, the service will be configured to log to
files on local disk. See the __Recipes__ and __Examples__ sections
for other uses.
**Major Changes in 1.2.0**: See CHANGELOG.md
**Important Changes in 1.1.0**: See the CHANGELOG.md file for
important changes to this cookbook. There are some incompatibilities
......@@ -14,20 +19,14 @@ Requirements
Platform
--------
Tested on Ubuntu 8.04, 9.10, 10.04.
For Ubuntu 8.04, the rsyslog package will be installed from a PPA via the default.rb recipe in order to get 4.2.0 backported from 10.04.
* https://launchpad.net/~a.bono/+archive/rsyslog
Tested on Ubuntu 9.10, 10.04 and Red Hat 6.3
Ubuntu 8.10 and 9.04 are no longer supported releases and have not been tested with this cookbook.
Other
-----
To use the `recipe[rsyslog::client]` recipe, you'll need to set up the
`rsyslog.server_search` or `rsyslog.server_ip` attributes.
See the __Recipes__, and __Examples__ sections below.
To use the `recipe[rsyslog::client]` recipe, you'll need to set up the `rsyslog.server_search` or `rsyslog.server_ip` attributes. See the __Recipes__ and __Examples__ sections below.
Attributes
==========
......@@ -58,6 +57,12 @@ See `attributes/default.rb` for default values.
not.
* `node['rsyslog']['max_message_size']` - Specify the maximum allowed
message size. Default is 2k.
* `node['rsyslog']['user']` - Who should own the configuration files and directories
* `node['rsyslog']['group']` - Who should group-own the configuration files
and directories
* `node['rsyslog']['defaults_file']` - The full path to the defaults/sysconfig file
for the service.
* `node['rsyslog']['service_name']` - The platform-specific name of the service
Recipes
=======
......@@ -65,32 +70,38 @@ Recipes
default
-------
Installs the rsyslog package, manages the rsyslog service and sets up
basic configuration for a standalone machine.
Installs the rsyslog package, manages the rsyslog service and sets up basic
configuration for a standalone machine.
client
------
Includes `recipe[rsyslog]`.
Uses Chef search to find a remote loghost node with the search criteria specified
by `node['rsyslog']['server_search']` and uses its `ipaddress` attribute
to send log messages. In case the `rsyslog.server_ip` is explicitly defined then
it's used instead the search operation. If the node itself is a rsyslog server ie
it has `rsyslog.server` attribute set to true then the configuration is skipped.
Uses `node['rsyslog']['server_ip']` or Chef search (in that precedence order)
to determine the remote syslog server's IP address. If search is used, the
search query will look for the first `ipaddress` returned from the criteria
specified in `node['rsyslog']['server_search']`.
If the node itself is a rsyslog server ie it has `rsyslog.server` set to true
then the configuration is skipped.
If the node had an `/etc/rsyslog.d/35-server-per-host.conf` file previously configured,
this file gets removed to prevent duplicate logging. Any previous logs are not
cleaned up from the `log_dir`.
this file gets removed to prevent duplicate logging.
Any previous logs are not cleaned up from the `log_dir`.
server
------
Configures the node to be a rsyslog server. The node should be able to be
resolved by the specified search criteria `node['rsyslog']['server_search]`
so that client nodes can find it with search. This recipe will create the logs in
`node['rsyslog']['log_dir']`, and the configuration is in
`/etc/rsyslog.d/server.conf`. This recipe also removes any previous
configuration to a remote server by removing the
Configures the node to be a rsyslog server. The chosen rsyslog server
node should be defined in the `server_ip` attribute or resolvable by
the specified search criteria specified in `node['rsyslog']['server_search]`
(so that nodes making use of the `client` recipe can find the server to log to).
This recipe will create the logs in `node['rsyslog']['log_dir']`, and
the configuration is in `/etc/rsyslog.d/server.conf`. This recipe also
removes any previous configuration to a remote server by removing the
`/etc/rsyslog.d/remote.conf` file.
The cron job used in the previous version of this cookbook is removed,
......@@ -124,8 +135,9 @@ Usage
Use `recipe[rsyslog]` to install and start rsyslog as a basic
configured service for standalone systems.
Use `recipe[rsyslog::client]` to have nodes search for the loghost
automatically to configure remote [r]syslog.
Use `recipe[rsyslog::client]` to have nodes log to a remote server
(which is found via the `server_ip` attribute or by the recipe's
search call -- see __client__)
Use `recipe[rsyslog::server]` to set up a rsyslog server. It will listen on
`node['rsyslog']['port']` protocol `node['rsyslog']['protocol']`.
......@@ -174,7 +186,7 @@ License and Author
Author:: Joshua Timberman (<joshua@opscode.com>)
Author:: Denis Barishev (<denz@twiket.com>)
Copyright:: 2009-2011, Opscode, Inc
Copyright:: 2009-2012, Opscode, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
......
......@@ -17,36 +17,33 @@
# limitations under the License.
#
default["rsyslog"]["log_dir"] = "/srv/rsyslog"
default["rsyslog"]["server"] = false
default["rsyslog"]["protocol"] = "tcp"
default["rsyslog"]["port"] = "514"
default["rsyslog"]["server_ip"] = nil
default["rsyslog"]["server_search"] = "role:loghost"
default["rsyslog"]["remote_logs"] = true
default["rsyslog"]["per_host_dir"] = "%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%"
default["rsyslog"]["log_dir"] = "/srv/rsyslog"
default["rsyslog"]["server"] = false
default["rsyslog"]["protocol"] = "tcp"
default["rsyslog"]["port"] = "514"
default["rsyslog"]["server_ip"] = nil
default["rsyslog"]["server_search"] = "role:loghost"
default["rsyslog"]["remote_logs"] = true
default["rsyslog"]["per_host_dir"] = "%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%"
default["rsyslog"]["max_message_size"] = "2k"
# The most likely platform-specific attributes
default["rsyslog"]["service_name"] = "rsyslog"
default["rsyslog"]["user"] = "root"
default["rsyslog"]["group"] = "adm"
default["rsyslog"]["priv_seperation"] = false
default["rsyslog"]["defaults_file"] = "/etc/default/rsyslog"
case node["platform"]
when "debian"
default["rsyslog"]["user"] = "root"
default["rsyslog"]["group"] = "adm"
default["rsyslog"]["priv_seperation"] = false
when "ubuntu"
# syslog user introduced with natty package
if node['platform_version'].to_f >= 10.10 then
default["rsyslog"]["user"] = "root"
default["rsyslog"]["group"] = "adm"
default["rsyslog"]["priv_seperation"] = false
else
if node['platform_version'].to_f < 10.10 then
default["rsyslog"]["user"] = "syslog"
default["rsyslog"]["group"] = "adm"
default["rsyslog"]["priv_seperation"] = true
end
else
#values for fedora at least
default["rsyslog"]["user"] = "root"
default["rsyslog"]["group"] = "root"
default["rsyslog"]["priv_seperation"] = false
when "redhat"
default["rsyslog"]["defaults_file"] = "/etc/sysconfig/rsyslog"
when "arch"
default["rsyslog"]["service_name"] = "rsyslogd"
end
default["rsyslog"]["max_message_size"] = "2k"
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-c 5"
......@@ -12,6 +12,7 @@ recipe "rsyslog::server", "Sets up an rsyslog server"
supports "ubuntu", ">= 8.04"
supports "debian", ">= 5.0"
supports "redhat", ">= 6.0"
attribute "rsyslog",
:display_name => "Rsyslog",
......@@ -51,3 +52,33 @@ attribute "rsyslog/remote_logs",
:display_name => "Remote Logs",
:description => "Specifies whether redirect all log from client to server",
:default => "true"
attribute "rsyslog/user",
:display_name => "User",
:description => "The owner of Rsyslog config files and directories",
:default => "root"
attribute "rsyslog/group",
:display_name => "Group",
:description => "The group-owner of Rsyslog config files and directories",
:default => "adm"
attribute "rsyslog/service_name",
:display_name => "Service name",
:description => "The name of the service for the platform",
:default => "rsyslog"
attribute "rsyslog/defaults_file",
:display_name => "Defaults file",
:description => "The full path to the service's defaults/sysconfig file",
:default => "/etc/default/rsyslog"
attribute "rsyslog/max_message_size",
:display_name => "Maximum Rsyslog message size",
:description => "Specifies the maximum size of allowable Rsyslog messages",
:default => "2k"
attribute "rsyslog/priv_seperation",
:display_name => "Privilege separation",
:description => "Whether or not to make use of Rsyslog privilege separation",
:default => "false"
......@@ -20,28 +20,32 @@
include_recipe "rsyslog"
if !node['rsyslog']['server'] and node['rsyslog']['server_ip'].nil? and Chef::Config[:solo]
Chef::Log.info("The rsyslog::client recipe uses search. Chef Solo does not support search.")
Chef::Log.fatal("Chef Solo does not support search, therefore it is a requirement of the rsyslog::client recipe that the attribute 'server_ip' is set when using Chef Solo. 'server_ip' is not set.")
elsif !node['rsyslog']['server']
rsyslog_server = node['rsyslog']['server_ip'] ||
search(:node, node['rsyslog']['server_search']).first['ipaddress'] rescue nil
if rsyslog_server.nil?
raise "The rsyslog::client recipe was unable to determine the remote syslog server. Checked both the server_ip attribute and search()"
end
template "/etc/rsyslog.d/49-remote.conf" do
only_if { node['rsyslog']['remote_logs'] && !rsyslog_server.nil? }
source "49-remote.conf.erb"
backup false
variables(
:server => rsyslog_server,
:protocol => node['rsyslog']['protocol']
)
owner "root"
group "root"
owner node["rsyslog"]["user"]
group node["rsyslog"]["group"]
mode 0644
only_if { node['rsyslog']['remote_logs'] && !rsyslog_server.nil? }
notifies :restart, "service[rsyslog]"
notifies :restart, "service[#{node['rsyslog']['service_name']}]"
end
file "/etc/rsyslog.d/server.conf" do
action :delete
notifies :reload, "service[rsyslog]"
only_if do ::File.exists?("/etc/rsyslog.d/server.conf") end
action :delete
notifies :reload, "service[#{node['rsyslog']['service_name']}]"
end
end
......@@ -17,32 +17,20 @@
# limitations under the License.
#
if platform?("ubuntu") && node['platform_version'].to_f == 8.04
apt_repository "hardy-rsyslog-ppa" do
uri "http://ppa.launchpad.net/a.bono/rsyslog/ubuntu"
distribution "hardy"
components ["main"]
keyserver "keyserver.ubuntu.com"
key "C0061A4A"
action :add
notifies :run, "execute[apt-get update]", :immediately
end
end
package "rsyslog" do
action :install
end
cookbook_file "/etc/default/rsyslog" do
cookbook_file "#{node["rsyslog"]["defaults_file"]}" do
source "rsyslog.default"
owner "root"
group "root"
owner node['rsyslog']['user']
group node['rsyslog']['group']
mode 0644
end
directory "/etc/rsyslog.d" do
owner "root"
group "root"
owner node['rsyslog']['user']
group node['rsyslog']['group']
mode 0755
end
......@@ -52,28 +40,27 @@ directory "/var/spool/rsyslog" do
mode 0755
end
# Our main stub which then does its own rsyslog-specific
# include of things in /etc/rsyslog.d/*
template "/etc/rsyslog.conf" do
source "rsyslog.conf.erb"
owner "root"
group "root"
source 'rsyslog.conf.erb'
owner node['rsyslog']['user']
group node['rsyslog']['group']
mode 0644
variables(:protocol => node['rsyslog']['protocol'])
notifies :restart, "service[rsyslog]"
notifies :restart, "service[#{node['rsyslog']['service_name']}]"
end
if platform?("ubuntu")
template "/etc/rsyslog.d/50-default.conf" do
source "50-default.conf.erb"
backup false
owner "root"
group "root"
mode 0644
notifies :restart, "service[rsyslog]"
end
template "/etc/rsyslog.d/50-default.conf" do
source "50-default.conf.erb"
backup false
owner node['rsyslog']['user']
group node['rsyslog']['group']
mode 0644
notifies :restart, "service[#{node['rsyslog']['service_name']}]"
end
service "rsyslog" do
service_name "rsyslogd" if platform?("arch")
service "#{node['rsyslog']['service_name']}" do
supports :restart => true, :reload => true
action [:enable, :start]
end
......@@ -23,8 +23,8 @@ node.set['rsyslog']['server'] = true
node.save unless Chef::Config[:solo]
directory ::File.dirname(node['rsyslog']['log_dir']) do
owner "root"
group "root"
owner node["rsyslog"]["user"]
group node["rsyslog"]["group"]
recursive true
mode 0755
end
......@@ -42,15 +42,15 @@ template "/etc/rsyslog.d/35-server-per-host.conf" do
:log_dir => node['rsyslog']['log_dir'],
:per_host_dir => node['rsyslog']['per_host_dir']
)
owner "root"
group "root"
owner node["rsyslog"]["user"]
group node["rsyslog"]["group"]
mode 0644
notifies :restart, "service[rsyslog]"
notifies :restart, "service[#{node['rsyslog']['service_name']}]"
end
file "/etc/rsyslog.d/remote.conf" do
action :delete
backup false
notifies :reload, "service[rsyslog]"
notifies :reload, "service[#{node['rsyslog']['service_name']}]"
only_if do ::File.exists?("/etc/rsyslog.d/remote.conf") end
end
......@@ -62,74 +62,3 @@ $PrivDropToGroup <%= node['rsyslog']['group'] %>
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
<% unless node[:platform] == 'ubuntu' -%>
###############
#### RULES ####
###############
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Logging for INN news system.
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some "catch-all" log files.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
<% end -%>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment