chaos/salt-master
Archived
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

adm01 i can haz rsyslog and an ssd!

Browse Source
This commit is contained in:
do
2021-02-17 21:30:34 +01:00
parent f60cbb6117
commit a10b2ccd91
10 changed files with 167 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
base/init.sls
View File

@@ -5,9 +5,7 @@
include:
- .packages
- .pki
#- .gluster.client
- sysctl
- rsyslog
- sudoers
- systemd
- .timezone

9
base/packages/common.sls
View File

@@ -26,15 +26,14 @@ common-installed:
- bzip2
- gzip
- unzip
- libwww-perl
- bind9-host
- dnsutils
- tcpdump
- file
- python-pip
- python-dev
- python-pyinotify
- python-m2crypto
- python3-pip
- python3-dev
- python3-pyinotify
- python3-m2crypto
- python3-m2crypto
- lockfile-progs
- virt-what

2
base/pki/host.sls
View File

@@ -14,6 +14,7 @@
- ca_server: tumor.chaos
- signing_policy: host
- public_key: /etc/pki/private.key
- CN: {{ grains['fqdn'] }}
- subjectAltName: 'DNS:{{ grains['fqdn'] }}'
- days_remaining: 5
- backup: True
@@ -29,6 +30,7 @@
- public_key: /etc/pki/private.key
- days_remaining: 5
- backup: False
- CN: {{ grains['fqdn'] }}
- subjectAltName: 'DNS:{{ cn }}'
- require:
- x509: /etc/pki/private.key

4
base/rsyslog/client.sls Normal file
View File

@@ -0,0 +1,4 @@
include:
- rsyslog
- .service

39
base/rsyslog/files/logrotate-server.conf Normal file
View File

@@ -0,0 +1,39 @@
/data/logs/*/syslog
{
rotate 10
daily
minsize 50M
missingok
notifempty
delaycompress
compress
postrotate
invoke-rc.d rsyslog rotate > /dev/null
endscript
}
/data/logs/*/mail.info
/data/logs/*/mail.warn
/data/logs/*/mail.err
/data/logs/*/mail.log
/data/logs/*/daemon.log
/data/logs/*/kern.log
/data/logs/*/auth.log
/data/logs/*/user.log
/data/logs/*/lpr.log
/data/logs/*/cron.log
/data/logs/*/debug
/data/logs/*/messages
{
rotate 5
daily
minsize 100M
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
invoke-rc.d rsyslog rotate > /dev/null
endscript
}

82
base/rsyslog/files/server.conf Normal file
View File

@@ -0,0 +1,82 @@
#
# SALT managed.
#
# Load UDP module
$ModLoad imudp
# Load TCP module
$ModLoad imtcp
# Load RELP module
$ModLoad imrelp
#
# Use traditional timestamp format.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Switch to remote ruleset
$RuleSet remote
# Log files are stored in directories matching the short hostname, excluding numbers
# i.e. web01 web02 and web03 will all log to a the web directory
# Templates
$Template dynAuditLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/audit.log"
$Template dynAuthLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/auth.log"
$Template dynSyslog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/syslog"
$Template dynCronLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/cron.log"
$Template dynDaemonLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/daemon.log"
$Template dynKernLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/kern.log"
$Template dynUserLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/user.log"
$Template dynMailLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/mail.log"
$Template dynDebug,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/debug"
$Template dynMessages,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/messages"
$Template dynLocal0daemon,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/daemon.local0.log"
# Rules
auth,authpriv.* ?dynAuthLog
*.*;auth.none,authpriv.none,mail.none,cron.none,kern.none,user.none,daemon.none -?dynSyslog
cron.* ?dynCronLog
kern.* -?dynKernLog
mail.* -?dynMailLog
user.* -?dynUserLog
#*.=info;*.=notice;*.=warn;\
#
# auth.none,authpriv.none;\
# cron.none,daemon.none;\
# mail.none,news.none -?dynMessages
#hier gibts drachen / here are dragons
#if $syslogfacility-text == 'local0' then /var/log/somelog
daemon.* -?dynDaemonLog
# drachen sind put / dragons borked
#
# Special format to keep audit logs as sent.
$Template auditFormat,"%msg%\n"
# Catch messages from audispd and send to audit log.
:programname, isequal, "audispd" -?dynAuditLog;auditFormat
:programname, isequal, "audispd" stop
# Switch back to default ruleset
$RuleSet RSYSLOG_DefaultRuleset
$InputUDPServerBindRuleset remote
$UDPServerRun 514
$UDPServerAddress *
$InputTCPServerBindRuleset remote
$InputTCPServerRun 514
$InputRELPServerBindRuleset remote
$InputRELPServerRun 20514

22
base/rsyslog/server.sls Normal file
View File

@@ -0,0 +1,22 @@
include:
- rsyslog
- .service
rsyslog-server.conf:
file.managed:
- name: /etc/rsyslog.d/01-server.conf
- source: salt://base/rsyslog/files/server.conf
- user: root
- group: root
- onchange:
- service: rsyslog
lograte-rsyslog-logs:
file.managed:
- name: /etc/logrotate.d/rsyslog-HOSTS-logs
- source: salt://base/rsyslog/files/logrotate-server.conf
- user: root
- group: root

5
base/rsyslog/service.sls Normal file
View File

@@ -0,0 +1,5 @@
rsyslog:
service.running:
- enable: True
- reload: False

1
k8s/podman.sls
View File

@@ -9,6 +9,7 @@ podman_pkgs:
- pkgs:
- podman
- runc
- containers-storage
- require:
- pkgrepo: repo_debian-bullseye

9
top.sls
View File

@@ -6,9 +6,16 @@ base:
'*':
- base
- hardware
- ignore_missing: True
'tumor*':
- base.pki.ca
'adm01.wks':
- base.rsyslog.server
- base.packages.haproxy
- k8s.podman
- systemd.units
'not G@fqdn:adm01.wks':
- match: compound
- base.rsyslog.client
'G@osarch:arm64 or G@osarch:armhf or G@osarch:armel':
- match: compound
- base.packages.arch.arm