From 35bd6a1b9542b54823dbca07b4b58801d4ed4a2c Mon Sep 17 00:00:00 2001 From: Jeffrey Serio Date: Wed, 23 Apr 2025 13:31:15 -0500 Subject: [PATCH] update: remote-logging-setup.yml --- freebsd-update.yml | 10 ---- rsyslog-setup.yml => remote-logging-setup.yml | 50 +++++++++---------- 2 files changed, 24 insertions(+), 36 deletions(-) rename rsyslog-setup.yml => remote-logging-setup.yml (59%) diff --git a/freebsd-update.yml b/freebsd-update.yml index 685b1a9..9aea1ac 100644 --- a/freebsd-update.yml +++ b/freebsd-update.yml @@ -18,13 +18,3 @@ state: latest jail: "{{ item }}" with_items: "{{ jails }}" - - - name: Fetch and install updates - ansible.builtin.shell: freebsd-update fetch install - register: updated - changed_when: '"No updates are available to install." not in updated.stdout' - - - name: Fetch and install updates in aa-torrenting jail - ansible.builtin.shell: freebsd-update -j aa-torrenting fetch install - register: updated_aa_torrenting - changed_when: '"No updates are available to install." not in updated_aa_torrenting.stdout' diff --git a/rsyslog-setup.yml b/remote-logging-setup.yml similarity index 59% rename from rsyslog-setup.yml rename to remote-logging-setup.yml index c863b40..e965a3e 100644 --- a/rsyslog-setup.yml +++ b/remote-logging-setup.yml @@ -2,9 +2,6 @@ - hosts: debianservers,freebsdservers gather_facts: true become: true - vars: - etc_dir: "{% if ansible_system == 'FreeBSD' %}/usr/local/etc{% else %}/etc{% endif %}" - group: "{% if ansible_system == 'FreeBSD' %}wheel{% else %}root{% endif %}" tasks: - name: Ensure rsyslog is installed @@ -13,12 +10,6 @@ state: latest when: ansible_system == "Linux" - - name: Ensure rsyslog is installed - community.general.pkgng: - name: "rsyslog" - state: latest - when: ansible_system == "FreeBSD" - - name: Ensure rsyslog is enabled ansible.builtin.systemd_service: name: rsyslog @@ -26,22 +17,11 @@ state: started when: ansible_service_mgr == "systemd" - - name: Ensure rsyslog is enabled in /etc/rc.conf (FreeBSD) - ansible.builtin.shell: sysrc rsyslogd_enable="YES" - register: rsyslogd_enable - when: ansible_system == "FreeBSD" - changed_when: '"YES -> YES" not in rsyslogd_enable.stdout' - - - name: Ensure syslogd is disabled in /etc/rc.conf (FreeBSD) - ansible.builtin.shell: sysrc syslogd_enable="NO" - register: syslogd_enable - when: ansible_system == "FreeBSD" - changed_when: '"YES -> NO" in syslogd_enable.stdout' - - name: Remove any forwarding file if exists ansible.builtin.file: - path: "{{ etc_dir }}/rsyslog.d/forward.conf" + path: /etc/rsyslog.d/forward.conf state: absent + when: ansible_system == "Linux" - name: Get control node headnet IP address ansible.builtin.shell: tailscale status | head -1 | awk '{print $1}' @@ -52,16 +32,17 @@ - name: Configure log forwarding ansible.builtin.blockinfile: - path: "{{ etc_dir }}/rsyslog.d/forward.conf" + path: /etc/rsyslog.d/forward.conf create: true owner: root - group: "{{ group }}" + group: root mode: 0644 block: | # Forward to desktop.headscale.moonshadow.dev ({{ctrl_headnet_ip_addr.stdout}}) *.* action(type="omfwd" target="{{ctrl_headnet_ip_addr.stdout}}" port="514" protocol="tcp" action.resumeRetryCount="100" queue.type="linkedList" queue.size="10000") + when: ansible_system == "Linux" - name: Restart rsyslog ansible.builtin.systemd_service: @@ -70,6 +51,23 @@ state: restarted when: ansible_service_mgr == "systemd" - - name: Restart rsyslog - ansible.builtin.shell: service rsyslogd restart + - name: Set syslog flags for remote logging on FreeBSD + ansible.builtin.shell: sysrc syslog_flags="-s -v -v" + register: set_syslog_flags + changed_when: '"syslog_flags: -> YES" in set_syslog_flags.stdout' + when: ansible_service_mgr == "bsdinit" + + - name: Set log forwarding on FreeBSD + ansible.builtin.lineinfile: + path: /etc/syslog.conf + line: "*.* @{{ctrl_headnet_ip_addr.stdout}}" + owner: root + group: wheel + mode: 0644 + when: ansible_system == "FreeBSD" + + - name: Restart syslogd + ansible.builtin.service: + name: syslogd + state: restarted when: ansible_service_mgr == "bsdinit"