Revert "Add ability to configure rsyslog tls encription"
The patch wasn't reviewed fairly, and this change is not compatible with all SSL structure we have at the moment.
This reverts commit 6cf1ce778e08296b8dace56e4a535aca5fc95992.
Change-Id: Iea2a42512a789ded02c91393ab1839107e5eb288
diff --git a/README.rst b/README.rst
index bddc125..bd98749 100644
--- a/README.rst
+++ b/README.rst
@@ -102,7 +102,7 @@
rabbitmq:
File: "/var/log/rabbitmq/*.log"
Tag: "rabbitmq__"
- Severity: "notice"
+ Severitet: "notice"
Facility: "local0"
PersistStateInterval: "0"
Ruleset: "myapp_logs"
@@ -117,72 +117,6 @@
myapp_logs:
description: 'set $.suffix=re_extract($!metadata!filename, "(.*)/([^/]*[^/.log])", 0, 2, "all.log"); call remote_logs'
-Rsyslog service with GNU TLS encryption for forwarding the messages (omfwd module with gtls network stream driver).
-
-.. code-block:: yaml
-
- rsyslog:
- client:
- pkgs:
- - rsyslog-gnutls
- - rsyslog
- run_user: syslog
- run_group: adm
- enabled: true
- certs:
- /etc/rsyslog.d/key.pem: |
- -----BEGIN RSA PRIVATE KEY-----
- -----END RSA PRIVATE KEY-----
- /etc/rsyslog.d/cert.pem: |
- -----BEGIN CERTIFICATE-----
- -----END CERTIFICATE-----
- /etc/rsyslog.d/ca.pem: |
- -----BEGIN CERTIFICATE-----
- -----END CERTIFICATE-----
- rainerscript:
- global:
- defaultNetstreamDriverCAFile: "/etc/rsyslog.d/ca.pem"
- defaultNetstreamDriverKeyFile: "/etc/rsyslog.d/key.pem"
- defaultNetstreamDriverCertFile: "/etc/rsyslog.d/cert.pem"
- output:
- remote:
- somehost.domain:
- action: 'action(type="omfwd" Target="172.16.10.92" Port="20514" Protocol="tcp" streamDriver="gtls" streamDriverauthMode="anon" streamDriverMode="1")'
- filter: "*.*"
- enabled: true
-
-Rsyslog service with RELP TLS encryption for forwarding the messages (omrelp module).
-
-.. code-block:: yaml
-
- rsyslog:
- client:
- pkgs:
- - rsyslog-relp
- - rsyslog
- run_user: syslog
- run_group: adm
- enabled: true
- certs:
- /etc/rsyslog.d/key.pem: |
- -----BEGIN RSA PRIVATE KEY-----
- -----END RSA PRIVATE KEY-----
- /etc/rsyslog.d/cert.pem: |
- -----BEGIN CERTIFICATE-----
- -----END CERTIFICATE-----
- /etc/rsyslog.d/ca.pem: |
- -----BEGIN CERTIFICATE-----
- -----END CERTIFICATE-----
- rainerscript:
- module:
- omrelp: {}
- output:
- remote:
- somehost.domain:
- action: 'action(type="omrelp" target="172.16.10.92" port="20514" tls="on" tls.caCert="/etc/rsyslog.d/ca.pem" tls.myCert="/etc/rsyslog.d/cert.pem" tls.myPrivKey="/etc/rsyslog.d/key.pem" tls.authmode="name" tls.permittedpeer=["remote.example.com"])'
- filter: "*.*"
- enabled: true
-
Custom templates
================
diff --git a/rsyslog/client.sls b/rsyslog/client.sls
index 0eb1f42..d84c826 100644
--- a/rsyslog/client.sls
+++ b/rsyslog/client.sls
@@ -23,22 +23,6 @@
- watch_in:
- service: rsyslog_service
-{%- for name, content in global.get('certs', {}).iteritems() %}
-
-rsyslog_cert_{{ name | replace('/', '_') }}_client:
- file.managed:
- - name: {{ name }}
- - contents: {{ content | yaml_encode }}
- - owner: {{ global.run_user }}
- - group: {{ global.run_group }}
- - mode: 0400
- - require:
- - pkg: rsyslog_packages
- - watch_in:
- - service: rsyslog_service
-
-{% endfor %}
-
{% if global.manage_file_perms is defined and global.manage_file_perms == true %}
{% for output,type in global.output.file.iteritems() %}
{{ output }}:
diff --git a/rsyslog/files/rsyslog.default.conf b/rsyslog/files/rsyslog.default.conf
index 36de0e6..5199ccc 100644
--- a/rsyslog/files/rsyslog.default.conf
+++ b/rsyslog/files/rsyslog.default.conf
@@ -43,10 +43,6 @@
{%- set rainerscript = global.get('rainerscript', {}) -%}
-{% if rainerscript.global is defined -%}
-global({%- for parameter,value in rainerscript.get('global', {}).iteritems() %} {{parameter}}="{{ value }}"{%- endfor -%})
-{% endif -%}
-
{%- for mod,parameter in rainerscript.get('module', {}).iteritems() %}
module(load="{{ mod }}"{%- for name,value in parameter.iteritems() %} {{name}}="{{value}}"{%- endfor -%})
{%- endfor %}