from-scratch 0.3.0 → 0.5.0

data/cookbooks/rsyslog/recipes/client.rb

@@ -0,0 +1,87 @@
+#
+# Cookbook Name:: rsyslog
+# Recipe:: client
+#
+# Copyright 2009-2015, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Do not run this recipe if the server attribute is set
+return if node['rsyslog']['server']
+
+include_recipe 'rsyslog::default'
+
+def chef_solo_search_installed?
+  klass = ::Search.const_get('Helper')
+  return klass.is_a?(Class)
+rescue NameError
+  return false
+end
+
+# On Chef Solo, we use the node['rsyslog']['server_ip'] attribute, and on
+# normal Chef, we leverage the search query.
+if Chef::Config[:solo] && !chef_solo_search_installed?
+  if node['rsyslog']['server_ip']
+    server_ips = Array(node['rsyslog']['server_ip'])
+  else
+    Chef::Application.fatal!("Chef Solo does not support search. You must set node['rsyslog']['server_ip'] or use the chef-solo-search cookbook!")
+  end
+else
+  results = search(:node, node['rsyslog']['server_search']).map do |server|
+    ipaddress = server['ipaddress']
+    # If both server and client are on the same cloud and local network, they may be
+    # instructed to communicate via the internal interface by enabling `use_local_ipv4`
+    if node['rsyslog']['use_local_ipv4'] && server.attribute?('cloud') && server['cloud']['local_ipv4']
+      ipaddress = server['cloud']['local_ipv4']
+    end
+    ipaddress
+  end
+  server_ips = Array(node['rsyslog']['server_ip']) + Array(results)
+end
+
+rsyslog_servers = []
+
+server_ips.each do |ip|
+  rsyslog_servers << { 'server' => ip, 'port' => node['rsyslog']['port'], 'logs' => node['rsyslog']['logs_to_forward'], 'protocol' => node['rsyslog']['protocol'], 'remote_template' => node['rsyslog']['default_remote_template'] }
+end
+
+unless node['rsyslog']['custom_remote'].first.empty?
+  node['rsyslog']['custom_remote'].each do |server|
+    if server['server'].nil?
+      Chef::Application.fatal!('Found a custom_remote server with no IP. Check your custom_remote attribute definition!')
+    end
+  end
+  rsyslog_servers += node['rsyslog']['custom_remote']
+end
+
+if rsyslog_servers.empty?
+  Chef::Application.fatal!('The rsyslog::client recipe was unable to determine the remote syslog server. Checked both the server_ip attribute and search!')
+end
+
+remote_type = node['rsyslog']['use_relp'] ? 'relp' : 'remote'
+
+template "#{node['rsyslog']['config_prefix']}/rsyslog.d/49-remote.conf" do
+  source    "49-#{remote_type}.conf.erb"
+  owner     'root'
+  group     'root'
+  mode      '0644'
+  variables(servers: rsyslog_servers)
+  notifies  :restart, "service[#{node['rsyslog']['service_name']}]"
+  only_if   { node['rsyslog']['remote_logs'] }
+end
+
+file "#{node['rsyslog']['config_prefix']}/rsyslog.d/server.conf" do
+  action   :delete
+  notifies :restart, "service[#{node['rsyslog']['service_name']}]"
+end

data/cookbooks/rsyslog/recipes/default.rb

@@ -0,0 +1,89 @@
+#
+# Cookbook Name:: rsyslog
+# Recipe:: default
+#
+# Copyright 2009-2015, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+extend RsyslogCookbook::Helpers
+
+package 'rsyslog'
+package 'rsyslog-relp' if node['rsyslog']['use_relp']
+
+if node['rsyslog']['enable_tls'] && node['rsyslog']['tls_ca_file']
+  Chef::Application.fatal!("Recipe rsyslog::default can not use 'enable_tls' with protocol '#{node['rsyslog']['protocol']}' (requires 'tcp')") unless node['rsyslog']['protocol'] == 'tcp'
+  package 'rsyslog-gnutls'
+end
+
+directory "#{node['rsyslog']['config_prefix']}/rsyslog.d" do
+  owner 'root'
+  group 'root'
+  mode  '0755'
+end
+
+directory node['rsyslog']['working_dir'] do
+  owner node['rsyslog']['user']
+  group node['rsyslog']['group']
+  mode  '0700'
+end
+
+# Our main stub which then does its own rsyslog-specific
+# include of things in /etc/rsyslog.d/*
+template "#{node['rsyslog']['config_prefix']}/rsyslog.conf" do
+  source  'rsyslog.conf.erb'
+  owner   'root'
+  group   'root'
+  mode    '0644'
+  notifies :restart, "service[#{node['rsyslog']['service_name']}]"
+end
+
+template "#{node['rsyslog']['config_prefix']}/rsyslog.d/50-default.conf" do
+  source  '50-default.conf.erb'
+  owner   'root'
+  group   'root'
+  mode    '0644'
+  notifies :restart, "service[#{node['rsyslog']['service_name']}]"
+end
+
+# syslog needs to be stopped before rsyslog can be started on RHEL versions before 6.0
+if platform_family?('rhel') && node['platform_version'].to_i < 6
+  service 'syslog' do
+    action [:stop, :disable]
+  end
+elsif platform_family?('smartos', 'omnios')
+  # syslog needs to be stopped before rsyslog can be started on SmartOS, OmniOS
+  service 'system-log' do
+    action :disable
+  end
+end
+
+if platform_family?('omnios')
+  # manage the SMF manifest on OmniOS
+  template '/var/svc/manifest/system/rsyslogd.xml' do
+    source 'omnios-manifest.xml.erb'
+    owner 'root'
+    group 'root'
+    mode '0644'
+    notifies :run, 'execute[import rsyslog manifest]', :immediately
+  end
+
+  execute 'import rsyslog manifest' do
+    action :nothing
+    command 'svccfg import /var/svc/manifest/system/rsyslogd.xml'
+    notifies :restart, "service[#{node['rsyslog']['service_name']}]"
+  end
+end
+
+declare_rsyslog_service

data/cookbooks/rsyslog/recipes/server.rb

@@ -0,0 +1,44 @@
+#
+# Cookbook Name:: rsyslog
+# Recipe:: server
+#
+# Copyright 2009-2015, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Manually set this attribute
+node.set['rsyslog']['server'] = true
+
+include_recipe 'rsyslog::default'
+
+directory node['rsyslog']['log_dir'] do
+  owner    node['rsyslog']['user']
+  group    node['rsyslog']['group']
+  mode     '0755'
+  recursive true
+end
+
+template "#{node['rsyslog']['config_prefix']}/rsyslog.d/35-server-per-host.conf" do
+  source   '35-server-per-host.conf.erb'
+  owner    'root'
+  group    'root'
+  mode     '0644'
+  notifies :restart, "service[#{node['rsyslog']['service_name']}]"
+end
+
+file "#{node['rsyslog']['config_prefix']}/rsyslog.d/remote.conf" do
+  action   :delete
+  notifies :restart, "service[#{node['rsyslog']['service_name']}]"
+  only_if  { ::File.exist?("#{node['rsyslog']['config_prefix']}/rsyslog.d/remote.conf") }
+end

data/cookbooks/rsyslog/resources/file_input.rb

@@ -0,0 +1,28 @@
+# Cookbook Name:: rsyslog
+# Resource:: file_input
+#
+# Copyright 2012-2015, Joseph Holsten
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+actions :create
+default_action :create
+
+attribute :name, kind_of: String, name_attribute: true, required: true
+attribute :file, kind_of: String, required: true
+attribute :priority, kind_of: Integer, default: 99
+attribute :severity, kind_of: String
+attribute :facility, kind_of: String
+attribute :cookbook, kind_of: String, default: 'rsyslog'
+attribute :source, kind_of: String, default: 'file-input.conf.erb'

data/cookbooks/rsyslog/templates/default/35-server-per-host.conf.erb

@@ -0,0 +1,62 @@
+# Generated by Chef
+# Local modifications will be overwritten
+
+<% if node['rsyslog']['use_relp'] -%>
+$ModLoad imrelp
+$InputRELPServerRun <%= node['rsyslog']['relp_port'] %>
+<% end -%>
+$DirGroup <%= node['rsyslog']['group'] %>
+$DirCreateMode 0755
+$FileGroup <%= node['rsyslog']['group'] %>
+
+$template PerHostAuth,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/auth.log"
+$template PerHostCron,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/cron.log"
+$template PerHostSyslog,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/syslog"
+$template PerHostDaemon,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/daemon.log"
+$template PerHostKern,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/kern.log"
+$template PerHostLpr,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/lpr.log"
+$template PerHostUser,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/user.log"
+$template PerHostMail,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/mail.log"
+$template PerHostMailInfo,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/mail.info"
+$template PerHostMailWarn,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/mail.warn"
+$template PerHostMailErr,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/mail.err"
+$template PerHostNewsCrit,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/news.crit"
+$template PerHostNewsErr,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/news.err"
+$template PerHostNewsNotice,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/news.notice"
+$template PerHostDebug,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/debug"
+$template PerHostMessages,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/messages"
+
+auth,authpriv.*         ?PerHostAuth
+*.*;auth,authpriv.none  -?PerHostSyslog
+cron.*                  ?PerHostCron
+daemon.*                -?PerHostDaemon
+kern.*                  -?PerHostKern
+lpr.*                   -?PerHostLpr
+mail.*                  -?PerHostMail
+user.*                  -?PerHostUser
+
+mail.info               -?PerHostMailInfo
+mail.warn               ?PerHostMailWarn
+mail.err                ?PerHostMailErr
+
+news.crit               ?PerHostNewsCrit
+news.err                ?PerHostNewsErr
+news.notice             -?PerHostNewsNotice
+
+*.=debug;\
+  auth,authpriv.none;\
+  news.none;mail.none   -?PerHostDebug
+
+*.=info;*.=notice;*.=warn;\
+  auth,authpriv.none;\
+  cron,daemon.none;\
+  mail,news.none        -?PerHostMessages
+
+
+<% unless node['rsyslog']['allow_non_local'] -%>
+#
+# Stop processing of all non-local messages. You can process remote messages
+# on levels less than 35.
+#
+:fromhost-ip,!isequal,"127.0.0.1" ~
+<% end -%>

data/cookbooks/rsyslog/templates/default/49-relp.conf.erb

@@ -0,0 +1,10 @@
+# Generated by Chef
+$ModLoad omrelp
+$ActionQueueType LinkedList # use asynchronous processing
+$ActionQueueFileName srvrfwd # set file name, also enables disk mode
+$ActionResumeRetryCount -1 # infinite retries on insert failure
+$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
+
+<% @servers.each do |server| -%>
+<%= node['rsyslog']['logs_to_forward'] %> :omrelp:<%= "#{server}:#{node['rsyslog']['relp_port']}" %><%= node['rsyslog']['default_remote_template'] ? ';' + node['rsyslog']['default_remote_template'] : nil %>
+<% end -%>

data/cookbooks/rsyslog/templates/default/49-remote.conf.erb

@@ -0,0 +1,30 @@
+# Generated by Chef
+$ActionQueueType LinkedList # use asynchronous processing
+$ActionQueueFileName srvrfwd # set file name, also enables disk mode
+$ActionResumeRetryCount -1 # infinite retries on insert failure
+$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
+$ActionQueueMaxDiskSpace <%= node['rsyslog']['action_queue_max_disk_space'] %> # Don't use more than this much space for the queue
+<% if node['rsyslog']['enable_tls'] && node['rsyslog']['tls_ca_file'] -%>
+$DefaultNetstreamDriverCAFile <%= node['rsyslog']['tls_ca_file'] %>
+<%   if node['rsyslog']['tls_certificate_file'] -%>
+$DefaultNetstreamDriverCertFile <%= node['rsyslog']['tls_certificate_file'] %>
+<%   end -%>
+<%   if node['rsyslog']['tls_key_file'] -%>
+$DefaultNetstreamDriverKeyFile <%= node['rsyslog']['tls_key_file'] %>
+<%   end -%>
+
+$DefaultNetstreamDriver gtls
+$ActionSendStreamDriverMode 1
+$ActionSendStreamDriverAuthMode <%= node['rsyslog']['tls_auth_mode'] %>
+<% end -%>
+
+<% @servers.each do |server| -%>
+<%   case server['protocol'] -%>
+<%     when "tcp" -%>
+<%=      server['logs'] ? server['logs'] : node['rsyslog']['logs_to_forward'] %> @@<%= server['server']  %>:<%= server['port'] ? server['port'] : node['rsyslog']['port'] %><%= server['remote_template'] ? ';' + server['remote_template'] : nil %>
+<%     when "udp" -%>
+<%=      server['logs'] ? server['logs'] : node['rsyslog']['logs_to_forward'] %> @<%= server['server']  %>:<%= server['port'] ? server['port'] : node['rsyslog']['port'] %><%= server['remote_template'] ? ';' + server['remote_template'] : nil %>
+<%     else -%>
+<%=      server['logs'] ? server['logs'] : node['rsyslog']['logs_to_forward'] %><%= node['rsyslog']['protocol'] == "tcp" ? " @@" : " @" %><%= server['server']  %>:<%= server['port'] ? server['port'] : node['rsyslog']['port'] %><%= server['remote_template'] ? ';' + server['remote_template'] : nil %>
+<%   end -%>
+<% end -%>

data/cookbooks/rsyslog/templates/default/50-default.conf.erb

@@ -0,0 +1,6 @@
+# Generated by Chef
+# For more information see rsyslog.conf(5) and /etc/rsyslog.conf
+
+<% node['rsyslog']['default_facility_logs'].each do |key, value| %>
+<%= key %>    <%= value %>
+<% end %>

data/cookbooks/rsyslog/templates/default/file-input.conf.erb

@@ -0,0 +1,15 @@
+# <%= @tag %>.conf - Syslog file inputs for <%= @tag %>
+#
+# Generated by Chef for <%= node['fqdn'] %>
+# Local modifications will be overwritten.
+$ModLoad imfile
+$InputFileName <%= @file_name %>
+$InputFileTag <%= @tag %>:
+$InputFileStateFile <%= @state_file %>
+<% if @severity %>
+$InputFileSeverity <%= @severity %>
+<% end %>
+<% if @facility %>
+$InputFileFacility <%= @facility %>
+<% end %>
+$InputRunFileMonitor

data/cookbooks/rsyslog/templates/default/omnios-manifest.xml.erb

@@ -0,0 +1,30 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<service_bundle type='manifest' name='export'>
+  <service name='<%= node['rsyslog']['service_name'] %>' type='service' version='0'>
+    <create_default_instance enabled='true'/>
+    <single_instance/>
+    <dependency name='network' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/milestone/network:default'/>
+    </dependency>
+    <dependency name='filesystem' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/system/filesystem/local'/>
+    </dependency>
+    <method_context/>
+    <exec_method name='start' type='method' exec='/opt/omni/sbin/rsyslogd -f %{config_file}' timeout_seconds='60'/>
+    <exec_method name='stop' type='method' exec=':kill' timeout_seconds='60'/>
+    <property_group name='startd' type='framework'>
+      <propval name='duration' type='astring' value='contract'/>
+      <propval name='ignore_error' type='astring' value='core,signal'/>
+    </property_group>
+    <property_group name='application' type='application'>
+      <propval name='config_file' type='astring' value='<%= node["rsyslog"]["config_prefix"] %>/rsyslog.conf'/>
+    </property_group>
+    <stability value='Evolving'/>
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>rsyslog daemon</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>

data/cookbooks/rsyslog/templates/default/rsyslog.conf.erb

@@ -0,0 +1,117 @@
+# Config generated by Chef - manual edits will be overwritten
+#
+#  /etc/rsyslog.conf  Configuration file for rsyslog.
+#
+#     For more information see
+#     /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
+#
+#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf
+#
+# Set max message size
+#
+$MaxMessageSize <%= node['rsyslog']['max_message_size'] %>
+
+#
+# Preserve FQDN
+#
+$PreserveFQDN <%= node['rsyslog']['preserve_fqdn'] %>
+
+#################
+#### MODULES ####
+#################
+
+<% if node['rsyslog']['modules'] && !node['rsyslog']['modules'].empty? %>
+  <% [*node['rsyslog']['modules']].each do |mod| %>
+$ModLoad <%= mod %>
+  <% end %>
+<% end %>
+
+<% if node['rsyslog']['server'] -%>
+  <% if node['rsyslog']['enable_tls'] && node['rsyslog']['tls_ca_file'] &&
+        node['rsyslog']['tls_key_file'] && node['rsyslog']['tls_certificate_file'] -%>
+$DefaultNetstreamDriver gtls
+$DefaultNetstreamDriverCAFile <%= node['rsyslog']['tls_ca_file'] %>
+$DefaultNetstreamDriverCertFile <%= node['rsyslog']['tls_certificate_file'] %>
+$DefaultNetstreamDriverKeyFile <%= node['rsyslog']['tls_key_file'] %>
+
+$ModLoad imtcp
+
+$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
+$InputTCPServerStreamDriverAuthMode <%= node['rsyslog']['tls_auth_mode'] || 'anon' %>
+$InputTCPServerRun <%= node['rsyslog']['port'] %>
+# Provide <%= node['rsyslog']['protocol'].upcase %> log reception
+  <% else -%>
+<% if node['rsyslog']['protocol'] =~ /tcp/ %>
+  $ModLoad imtcp
+  $InputTCPServerRun <%= node['rsyslog']['port'] %>
+<% end -%>
+<% if node['rsyslog']['protocol'] =~ /udp/ %>
+  $ModLoad imudp
+  $UDPServerAddress <%= node['rsyslog']['bind'] %>
+  $UDPServerRun <%= node['rsyslog']['port'] %>
+<% end -%>
+  <% end -%>
+<% end -%>
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+<% if node["rsyslog"]["default_file_template"] -%>
+#
+# Default log format template
+#
+$ActionFileDefaultTemplate <%= node["rsyslog"]["default_file_template"] %>
+<% elsif !node["rsyslog"]["high_precision_timestamps"] -%>
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+<% end -%>
+
+# Filter duplicated messages
+$RepeatedMsgReduction <%= node['rsyslog']['repeated_msg_reduction'] %>
+
+#
+# Set temporary directory to buffer syslog queue
+#
+$WorkDirectory <%= node['rsyslog']['working_dir'] %>
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner <%= node['rsyslog']['user'] %>
+$FileGroup <%= node['rsyslog']['group'] %>
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+<% if node['rsyslog']['priv_seperation'] %>
+$PrivDropToUser <%= node['rsyslog']['priv_user'] || node['rsyslog']['user'] %>
+$PrivDropToGroup <%= node['rsyslog']['priv_group'] || node['rsyslog']['group'] %>
+<% end %>
+<% unless node['rsyslog']['rate_limit_interval'].nil? %>
+#
+# Set the amount of time that is being measured for rate limiting
+#
+$SystemLogRateLimitInterval <%= node['rsyslog']['rate_limit_interval'] %>
+<% end %>
+<% unless node['rsyslog']['rate_limit_burst'].nil? %>
+#
+# Set the amount of messages, that have to occur in the time limit of
+#   SystemLogRateLimitInterval, to trigger rate limiting
+#
+$SystemLogRateLimitBurst <%= node['rsyslog']['rate_limit_burst'] %>
+<% end %>
+
+#
+# Set other directives
+#
+<% node['rsyslog']['additional_directives'].each_pair do |k,v| %>
+$<%= k %> <%= v %>
+<% end %>
+
+#
+# Include all config files in <%= node['rsyslog']['config_prefix'] %>/rsyslog.d/
+#
+$IncludeConfig <%= node['rsyslog']['config_prefix'] %>/rsyslog.d/*.conf