Merge branch 'confrefactor' into 'master'
Confrefactor
Do not merge, just comparing Honza's refactoring
See merge request !1
diff --git a/README.rst b/README.rst
index 26ba09f..c66fcb2 100644
--- a/README.rst
+++ b/README.rst
@@ -27,11 +27,42 @@
format:
name: TraditionalFormatWithPRI
template: '"%syslogpriority% %syslogfacility% %timestamp:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"'
- file:
- owner: root
- group: root
- createmode: 0640
- umask: 0022
+ logfiles:
+ file:
+ -/var/log/syslog:
+ filter: *.*;auth,authpriv.none
+ owner: syslog
+ group: adm
+ createmode: 0640
+ umask: 0022
+ /var/log/auth.log:
+ filter: auth,authpriv.*
+ owner: syslog
+ group: adm
+ createmode: 0640
+ umask: 0022
+ -/var/log/kern.log:
+ filter: kern.*
+ owner: syslog
+ group: adm
+ createmode: 0640
+ umask: 0022
+ -/var/log/mail.log:
+ filter: mail.*
+ owner: syslog
+ group: adm
+ createmode: 0640
+ umask: 0022
+ /var/log/mail.err:
+ filter: mail.err
+ owner: syslog
+ group: adm
+ createmode: 0640
+ umask: 0022
+ ":omusrmsg:*":
+ filter: *.emerg
+ "|/dev/xconsole":
+ filter: "daemon.*;mail.*; news.err; *.=debug;*.=info;*.=notice;*.=warn":
Read more
diff --git a/rsyslog/common.sls b/rsyslog/common.sls
index 7c3c506..1fdadd4 100644
--- a/rsyslog/common.sls
+++ b/rsyslog/common.sls
@@ -1,35 +1,47 @@
-{%- from "rsyslog/map.jinja" import client,server with context %}
+{%- from "rsyslog/map.jinja" import global with context %}
-{%- if server.enabled %}
+{%- if global.enabled %}
rsyslog_packages:
pkg.latest:
- - names: {{ server.pkgs }}
+ - names: {{ global.pkgs }}
-{{ server.configfile }}:
+/etc/rsyslog.conf:
file.managed:
- - source: salt://rsyslog/files/rsyslog.conf.{{ grains.os_family }}
+ - source: salt://rsyslog/files/rsyslog.default.conf
- template: jinja
- mode: 0640
- require:
- pkg: rsyslog_packages
+/etc/rsyslog.d:
+ file.directory:
+ - mode: 0755
+ - require:
+ - pkg: rsyslog_packages
+ {% if global.purge_rsyslog_d is defined and global.purge_rsyslog_d == true %}
+ - clean: true
+ {% endif %}
+
rsyslog_service:
service.running:
- enable: true
- name: rsyslog
- watch:
- - file: {{ server.configfile }}
+ - file: /etc/rsyslog.conf
-{% for logfile in server.logfiles %}
-{{ logfile }}:
+{% if global.manage_file_perms is defined and global.manage_file_perms == true %}
+{% for output,type in global.output.file.iteritems() %}
+{{ output }}:
file.managed:
- - mode: {{ server.file.createmode }}
+ - mode: "{{ type['createmode'] }}"
+ - owner: {{ type['owner'] }}
+ - group: {{ type['group'] }}
- watch:
- - file: {{ server.configfile }}
+ - file: /etc/rsyslog.conf
- watch_in:
- service: rsyslog_service
{% endfor %}
+{% endif %}
{%- endif %}
-
diff --git a/rsyslog/files/rsyslog.conf.Debian b/rsyslog/files/rsyslog.conf.Debian
deleted file mode 100644
index 54a66a3..0000000
--- a/rsyslog/files/rsyslog.conf.Debian
+++ /dev/null
@@ -1,76 +0,0 @@
-{%- from "rsyslog/map.jinja" import client with context -%}
-# /etc/rsyslog.conf Configuration file for rsyslog.
-#
-# For more information see
-# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
-#
-# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
-
-
-#################
-#### MODULES ####
-#################
-
-$ModLoad imuxsock # provides support for local system logging
-$ModLoad imklog # provides kernel logging support
-#$ModLoad immark # provides --MARK-- message capability
-
-# provides UDP syslog reception
-#$ModLoad imudp
-#$UDPServerRun 514
-
-# provides TCP syslog reception
-#$ModLoad imtcp
-#$InputTCPServerRun 514
-
-# Enable non-kernel facility klog messages
-$KLogPermitNonKernelFacility on
-
-###########################
-#### GLOBAL DIRECTIVES ####
-###########################
-
-#
-# Use traditional timestamp format.
-# To enable high precision timestamps, comment out the following line.
-#
-{% if client.format is defined %}
-$template {{ client.format.name }},{{ client.format.template }}
-$ActionFileDefaultTemplate {{ client.format.name }}
-{% else %}
-$template RSYSLOG_TraditionalFileFormat
-$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-{% endif %}
-
-# Filter duplicated messages
-$RepeatedMsgReduction on
-
-#
-# Set the default permissions for all log files.
-#
-{% if client.file.owner is defined %}
-$FileOwner {{ client.file.owner }}
-{% endif %}
-{% if client.file.group is defined %}
-$FileGroup {{ client.file.group }}
-{% endif %}
-{% if client.file.createmode is defined %}
-$FileCreateMode {{ client.file.createmode }}
-{% endif %}
-{% if client.file.umask is defined %}
-$Umask {{ client.file.umask }}
-{% endif %}
-
-$DirCreateMode 0755
-$PrivDropToUser syslog
-$PrivDropToGroup syslog
-
-#
-# Where to place spool and state files
-#
-$WorkDirectory /var/spool/rsyslog
-
-#
-# Include all config files in /etc/rsyslog.d/
-#
-$IncludeConfig /etc/rsyslog.d/*.conf
diff --git a/rsyslog/files/rsyslog.conf.RedHat b/rsyslog/files/rsyslog.conf.RedHat
deleted file mode 100644
index 389bd5a..0000000
--- a/rsyslog/files/rsyslog.conf.RedHat
+++ /dev/null
@@ -1,113 +0,0 @@
-{%- from "rsyslog/map.jinja" import client with context -%}
-# rsyslog configuration file
-
-# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
-# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
-
-#### MODULES ####
-
-# The imjournal module bellow is now used as a message source instead of imuxsock.
-$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
-$ModLoad imjournal # provides access to the systemd journal
-#$ModLoad imklog # reads kernel messages (the same are read from journald)
-#$ModLoad immark # provides --MARK-- message capability
-
-# Provides UDP syslog reception
-#$ModLoad imudp
-#$UDPServerRun 514
-
-# Provides TCP syslog reception
-#$ModLoad imtcp
-#$InputTCPServerRun 514
-
-
-#### GLOBAL DIRECTIVES ####
-
-# Where to place auxiliary files
-$WorkDirectory /var/lib/rsyslog
-
-# Use default timestamp format
-# $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-{% if client.format is defined %}
-$template {{ client.format.name }},{{ client.format.template }}
-$ActionFileDefaultTemplate {{ client.format.name }}
-
-{% else %}
-$template RSYSLOG_TraditionalFileFormat
-$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-{% endif %}
-
-# File syncing capability is disabled by default. This feature is usually not required,
-# not useful and an extreme performance hit
-#$ActionFileEnableSync on
-
-# Include all config files in /etc/rsyslog.d/
-$IncludeConfig /etc/rsyslog.d/*.conf
-
-# Turn off message reception via local log socket;
-# local messages are retrieved through imjournal now.
-$OmitLocalLogging on
-
-# File to store the position in the journal
-$IMJournalStateFile imjournal.state
-
-{% if client.file.umask is defined %}
-$Umask {{ client.file.umask }}
-{% endif %}
-{% if client.file.owner is defined %}
-$FileOwner {{ client.file.owner }}
-{% endif %}
-{% if client.file.group is defined %}
-$FileGroup {{ client.file.group }}
-{% endif %}
-{% if client.file.createmode is defined %}
-$FileCreateMode {{ client.file.createmode }}
-{% endif %}
-
-#### RULES ####
-
-# Log all kernel messages to the console.
-# Logging much else clutters up the screen.
-#kern.* /dev/console
-
-# Log anything (except mail) of level info or higher.
-# Don't log private authentication messages!
-*.info;mail.none;authpriv.none;cron.none /var/log/messages
-
-# The authpriv file has restricted access.
-authpriv.* /var/log/secure
-
-# Log all the mail messages in one place.
-mail.* -/var/log/maillog
-
-
-# Log cron stuff
-cron.* /var/log/cron
-
-# Everybody gets emergency messages
-*.emerg :omusrmsg:*
-
-# Save news errors of level crit and higher in a special file.
-uucp,news.crit /var/log/spooler
-
-# Save boot messages also to boot.log
-local7.* /var/log/boot.log
-
-
-# ### begin forwarding rule ###
-# The statement between the begin ... end define a SINGLE forwarding
-# rule. They belong together, do NOT split them. If you create multiple
-# forwarding rules, duplicate the whole block!
-# Remote Logging (we use TCP for reliable delivery)
-#
-# An on-disk queue is created for this action. If the remote host is
-# down, messages are spooled to disk and sent when it is up again.
-#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
-#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
-#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
-#$ActionQueueType LinkedList # run asynchronously
-#$ActionResumeRetryCount -1 # infinite retries if host is down
-# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
-#*.* @@remote-host:514
-# ### end of the forwarding rule ###
-#
diff --git a/rsyslog/files/rsyslog.default.conf b/rsyslog/files/rsyslog.default.conf
new file mode 100644
index 0000000..e1237a5
--- /dev/null
+++ b/rsyslog/files/rsyslog.default.conf
@@ -0,0 +1,69 @@
+{%- from "rsyslog/map.jinja" import global with context -%}
+
+{% for modname in global.modules -%}
+$ModLoad {{ modname }}
+{% endfor -%}
+{% if global.preserve_fqdn == true -%}
+$PreserveFQDN on
+{% else -%}
+$PreserveFQDN off
+{% endif -%}
+{% if global.non_kernel_facility is defined and global.non_kernel_facility == true -%}
+$KLogPermitNonKernelFacility on
+{% endif -%}
+{% if global.omit_local_logging is defined and global.omit_local_logging == true -%}
+$OmitLocalLogging on
+{% endif -%}
+{% if global.msg_reduction == true -%}
+$RepeatedMsgReduction on
+{% endif -%}
+{% if global.max_message_size is defined -%}
+$MaxMessageSize {{ global.max_message_size }}
+{% endif -%}
+{% if global.system_log_rate_limit_interval is defined -%}
+$SystemLogRateLimitInterval {{ global.system_log_rate_limit_interval }}
+{% endif -%}
+{% if global.system_log_rateLimit_burst is defined -%}
+$SystemLogRateLimitBurst {{ global.system_log_rateLimit_burst }}
+{% endif -%}
+$DirCreateMode {{ global.perm_dir }}
+$PrivDropToUser {{ global.run_user }}
+$PrivDropToGroup {{ global.run_group }}
+$WorkDirectory {{ global.spool_dir }}
+$IncludeConfig {{ global.rsyslog_d }}/*.conf
+
+{% if global.format is defined -%}
+$template {{ global.format.name }},{{ global.format.template }}
+$ActionFileDefaultTemplate {{ global.format.name }}
+{% else -%}
+$template RSYSLOG_TraditionalFileFormat
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+{% endif -%}
+
+{% for name,config in global.output.file.iteritems() -%}
+{% if config.owner is defined -%}
+$FileOwner {{ config['owner'] }}
+{% endif -%}
+{% if config.group is defined -%}
+$FileGroup {{ config['group'] }}
+{% endif -%}
+{% if config.createmode is defined -%}
+$FileCreateMode {{ config['createmode'] }}
+{% endif -%}
+{% if config.umask is defined -%}
+$Umask {{ config['umask'] }}
+{% endif -%}
+{{ config['filter'] }} {% if config.sync == true %}-{% endif %}{{ name }}
+{% endfor %}
+
+{% if global.output.console is defined -%}
+{% for name,config in global.output.console.iteritems() -%}
+{{ config['filter'] }} {{ config['action'] }}
+{% endfor %}
+{% endif -%}
+
+{% if global.output.remote is defined -%}
+{% for name,config in global.output.remote.iteritems() -%}
+{{ config['filter'] }} {{ config['action'] }}
+{% endfor %}
+{% endif %}
diff --git a/rsyslog/map.jinja b/rsyslog/map.jinja
index 4407bf7..7d4b18d 100644
--- a/rsyslog/map.jinja
+++ b/rsyslog/map.jinja
@@ -4,36 +4,141 @@
- rsyslog
service:
- rsyslogd
- configfile: /etc/rsyslog.conf
- file:
- owner: syslog
- group: adm
- createmode: 0640
- umask: 0022
- logfiles:
- - /var/log/auth.log
- - /var/log/syslog
- - /var/log/kern.log
- - /var/log/mail.log
- - /var/log/mail.err
+ enabled: true
+ spool_dir: /var/spool/rsyslog
+ omit_local_logging: false
+ preserve_fqdn: false
+ non_kernel_facility: true
+ msg_reduction: true
+ purge_rsyslog_d: true
+ manage_file_perms: true
+ perm_dir: "0755"
+ run_user: syslog
+ run_group: syslog
+ rsyslog_d: /etc/rsyslog.d
+ modules:
+ - imuxsock
+ - imklog
+ output:
+ file:
+ /var/log/syslog:
+ sync: false
+ filter: "*.*;auth,authpriv.none"
+ owner: syslog
+ group: adm
+ createmode: "0640"
+ umask: "0022"
+ enable: true
+ /var/log/auth:
+ sync: true
+ filter: "auth,authpriv.*"
+ owner: syslog
+ group: adm
+ createmode: "0640"
+ umask: "0022"
+ enable: true
+ /var/log/kern:
+ sync: false
+ filter: "kern.*"
+ owner: syslog
+ group: adm
+ createmode: "0640"
+ umask: "0022"
+ enable: true
+ /var/log/mail.log:
+ sync: false
+ filter: "mail.*"
+ owner: syslog
+ group: adm
+ createmode: "0640"
+ umask: "0022"
+ enable: true
+ /var/log/mail.err:
+ sync: false
+ action: /var/log/mail.err
+ filter: mail.err
+ owner: syslog
+ group: adm
+ createmode: "0640"
+ umask: "0022"
+ enable: true
+ console:
+ wall:
+ action: ":omusrmsg:*"
+ filter: "*.emerg"
+ enable: true
+ xconsole:
+ action: "|/dev/xconsole"
+ filter: "daemon.*;mail.*;news.err;*.=debug;*.=info;*.=notice;*.=warn"
+ enable: true
+ remote:
+ somehost.domain:
+ action: "@@remote-host:514"
+ filter: "*.*"
+ enable: false
RedHat:
pkgs:
- rsyslog
service:
- rsyslogd
- configfile: /etc/rsyslog.conf
- file:
- owner: root
- group: root
- createmode: 0640
- umask: 0000
- logfiles:
- - /var/log/messages
- - /var/log/secure
- - /var/log/maillog
- - /var/log/cron
- - /var/log/spooler
- - /var/log/boot.log
+ enabled: true
+ spool_dir: /var/lib/rsyslog
+ omit_local_logging: true
+ preserve_fqdn: false
+ non_kernel_facility: false
+ msg_reduction: false
+ manage_file_perms: true
+ perm_dir: "0755"
+ run_user: root
+ run_group: root
+ rsyslog_d: /etc/rsyslog.d
+ modules:
+ - imjournal
+ - imuxsock
+ output:
+ file:
+ /var/log/messages:
+ sync: true
+ filter: "*.info;mail.none;authpriv.none;cron.none"
+ owner: root
+ group: root
+ createmode: "0600"
+ umask: "0000"
+ enable: true
+ /var/log/secure:
+ sync: true
+ filter: "authpriv.*"
+ owner: root
+ group: root
+ createmode: "0600"
+ enable: true
+ /var/log/maillog:
+ sync: true
+ filter: "mail.*"
+ owner: root
+ group: root
+ createmode: "0600"
+ enable: true
+ /var/log/cron:
+ sync: true
+ filter: "cron.*"
+ owner: root
+ group: root
+ createmode: "0600"
+ enable: true
+ /var/log/spooler:
+ sync: true
+ filter: "uucp,news.crit"
+ owner: root
+ group: root
+ createmode: "0600"
+ enable: true
+ /var/log/boot.log:
+ sync: false
+ filter: "local7.*"
+ owner: root
+ group: root
+ createmode: "0600"
+ enable: true
{%- endload %}
-{%- set server = salt['grains.filter_by'](base_defaults, merge=salt['pillar.get']('rsyslog:server')) %}
-{%- set client = salt['grains.filter_by'](base_defaults, merge=salt['pillar.get']('rsyslog:client')) %}
+{%- set global = salt['grains.filter_by'](base_defaults, merge=salt['pillar.get']('rsyslog:client')) %}
diff --git a/tests/pillar/client_single.sls b/tests/pillar/client_single.sls
index 87bcd6b..3e08232 100644
--- a/tests/pillar/client_single.sls
+++ b/tests/pillar/client_single.sls
@@ -2,11 +2,5 @@
client:
enabled: true
format:
- name: TraditionalFormatWithPRI
+ name: custom
template: '"%syslogpriority% %syslogfacility% %timestamp:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"'
- file:
- owner: root
- group: root
- createmode: 0640
- umask: 0022
-