Split to separate files for autoloader.

38129b1b · Hans Persson · 6eb79756 · 38129b1b · 38129b1b · 38129b1b
Commit 38129b1b authored 4 years ago by Hans Persson
--- a/manifests/central_server.pp
+++ b/manifests/central_server.pp
+class syslog::central_server
+{
+    include syslog::service
+    include rootuser
+    include syslog::vars
+    $osdist = "${::operatingsystem}-${::operatingsystemrelease}"
+    case $osdist
+    {
+	/^CentOS-6.[0-9]+$/: {
+	    cfgfile::redhat::sysconfig {
+		'rsyslogd-options':
+		    subsystem => 'rsyslog',
+		    setting => 'SYSLOGD_OPTIONS',
+		    value => '"-c5"',
+		    notify => Service['rsyslog'];
+	    }
+	    file {
+		'/etc/rsyslog.conf':
+		    content => template(
+			'syslog/rsyslog-el6.conf-logserver.erb'),
+		    owner => 'root', group => 'root', mode => '0444',
+		    notify => Service['rsyslog'];
+	    }
+	    $rsyslogd_pidfile = '/var/run/syslogd.pid'
+	}
+	default: {
+	    fail("Don't know how to configure rsyslog on ${osdist}")
+	}
+    }
+    iptables {
+	'syslog-input':
+	    ipfamily => ['ipv4','ipv6'], chain => 'INPUT',
+	    saddr => $syslog::vars::allowed_clients,
+	    proto => ['udp','tcp'], dport => 514,
+	    target => 'ACCEPT';
+    }
+    fs::mount {
+	'/syslogs':
+	    before => Class[syslog::service];
+    }
+    file {
+	'/syslogs/audit':
+	    ensure => directory,
+	    owner => 'root', group => 'root', mode => '0755',
+	    before => Class[syslog::service];
+	'/etc/logrotate.d/logstream':
+	    ensure => file,
+	    owner => 'root', group => 'root', mode => '0444';
+	# Replaced by compress-auditlogs script run from cron.
+	'/etc/logrotate.d/auditstream':
+	    ensure => absent;
+    }
+    # On Sunday mornings there will be triple SIGHUPs sent to rsyslogd, since
+    # the rotation of the normal logs in /var/log will also run then.  Would
+    # be nice to avoid that, but that does not seem possible.
+    xaugeas {
+	'logrotate-logstream':
+	    file => '/etc/logrotate.d/logstream', lens => 'Logrotate.lns',
+	    changes => [
+		'rm  *',
+		"set rule/file	    '/syslogs/logstream'",
+		"set rule/rotate	'1'",
+		"set rule/compress	'nocompress'",
+		"set rule/schedule	'daily'",
+		"set rule/create/mode	'644'",
+		"set rule/create/owner	'root'",
+		"set rule/create/group	'root'",
+		"set rule/missingok	'missingok'",
+		"set rule/postrotate	'\t\t/bin/kill -HUP `/bin/cat ${rsyslogd_pidfile} 2>/dev/null` 2>/dev/null || true'",
+	    ],
+	    require => File['/etc/logrotate.d/logstream'];
+    }
+    file {
+	"${rootuser::homedir}/bin/compress-syslogs.sh":
+	    source => 'puppet:///modules/syslog/compress-syslogs.sh',
+	    owner => 'root', group => 'root', mode => '0555';
+	"${rootuser::homedir}/bin/compress-auditlogs.sh":
+	    source => 'puppet:///modules/syslog/compress-auditlogs.sh',
+	    owner => 'root', group => 'root', mode => '0555';
+    }
+    # FIXME: If the syslog server happens to be down when this cron job
+    # runs, that particular month will never be compressed.
+    cron {
+	'compress-old-logs':
+	    command => shellquote(
+		'/root/bin/compress-syslogs.sh', '-v', '3 months ago'),
+	    month => '1-12', monthday => '3', weekday => '*',
+	    hour => 5, minute => 20;
+	'compress-auditlogs':
+	    command => shellquote('/root/bin/compress-auditlogs.sh'),
+	    month => '*', monthday => '*', weekday => '*',
+	    hour => 6, minute => 20;
+    }
+}
--- a/manifests/client.pp
+++ b/manifests/client.pp
+# Configure node to send its system logs to the central syslog server.
+#
+# This will add an rsyslog fragment (to /etc/rsyslog.d) for sending logs
+# to a log server.  By default, UDP over IPv4 will be used to send all
+# logs to the NSC central syslog server.
+#
+# The lookup of the logserver IP address is performed on the Puppet
+# master.  Thus, we need to specify whether IPv4 and/or IPv6 should be
+# used, since the Puppet master might not have the same view of what IP
+# families are useable as the client.  If a node specifies both IPv4 and
+# IPv6 (i.e, ipfamily=>['ipv4','ipv6'], one of them will be selected
+# based on what the resolver library on the Puppet master thinks is best
+# for *it*, not what's best for the node in question.
+class syslog::client(
+	$logserver='syslog.nsc.liu.se',
+	$ipfamily='ipv4',	# 'ipv4', 'ipv6' or ['ipv4','ipv6']
+	$protocol='udp',	# udp, tcp or relp
+	$port=false,		# Default: 514 for TCP/UDP, 2514 for RELP
+	$selector='*.*',
+	$format='RSYSLOG_ForwardFormat',
+      )
+{
+    include syslog::service
+    $cfg_d_file = '/etc/rsyslog.d/log-to-logserver.conf'
+    $syslogaddrs = resolve_ipnets($logserver, $ipfamily, 'stable')
+    $protoprefix = $protocol ? {
+	'udp'	=> '@',
+	'tcp'	=> '@@',
+	'relp'	=> ':omrelp:',
+	default	=> fail("${title}: Bad protocol, ``${protocol}''"),
+    }
+    $xport = $port ? {
+	false	=> $protocol ? { 'relp' => ':2514', default => '' },
+	default => ":${port}",
+    }
+    $cfg_line = sprintf(
+	"%s\t\t%s[%s]%s;%s\n",
+	$selector, $protoprefix, $syslogaddrs[0], $xport, $format)
+    file {
+	$cfg_d_file:
+	    ensure => file, owner => 'root', group => 'root', mode => '0444',
+	    content => $cfg_line,
+	    require => Package['rsyslog'],
+	    notify => Service['rsyslog'];
+    }
+}
--- a/manifests/init.pp
+++ b/manifests/init.pp
-class syslog::vars
+# This file intentionally left blank.
-{
-    include nscnets
-    # We also take care of logs from NDGF.
-    $allowed_clients = [ $nscnets::all_public, $nscnets::network_management,
-			 'bobo.ndgf.org' ]
-}
-# Add or remove $ModLoad directives from the rsyslog configuration.
-define syslog::modload($ensure='present')
-{
-    $modload_re = sprintf(
-	'^\$[Mm][Oo][Dd][Ll][Oo][Aa][Dd]\s+%s(\s*#.*)?$', $name
-    )
-    case $ensure
-    {
-	'present': {
-	    ensure_line {
-		"syslog::modload::${name}":
-		    file => '/etc/rsyslog.conf',
-		    line => "\$ModLoad ${name}",
-		    sufficient => $modload_re,
-		    addhow => prepend,
-		    require => Package['rsyslog'],
-		    notify => Service['rsyslog'];
-	    }
-	}
-	'absent': {
-	    delete_lines {
-		"syslog::modload::${name}":
-		    file => '/etc/rsyslog.conf',
-		    pattern => $modload_re,
-		    require => Package['rsyslog'],
-		    notify => Service['rsyslog'];
-	    }
-	}
-	default: {
-	    fail("Syslog::Modload[${title}]:",
-	         " Bad parameter ensure, \"${ensure}\"")
-	}
-    }
-}
-class syslog::service
-{
-    package {
-	'rsyslog':
-	    ensure => installed,
-	    notify => Service['rsyslog'];
-    }
-    syslog::modload {
-	'imuxsock':   ensure => present;
-    }
-    if $::initsystem == 'systemd' {
-	# Rsyslog should get kernel messages from journald instead of
-	# reading the kernel socket itself.
-	syslog::modload {
-	    'imklog':    ensure => absent;
-	    'imjournal': ensure => present;
-	}
-    } else {
-	# But on non-systemd systems, it is of course the reverse.
-	syslog::modload {
-	    'imklog':    ensure => present;
-	    'imjournal': ensure => absent;
-	}
-    }
-    service {
-	'rsyslog':
-	    ensure => $::running, enable => true,
-	    hasstatus => true, hasrestart => true;
-    }
-}
-# Configure node to send its system logs to the central syslog server.
-#
-# This will add an rsyslog fragment (to /etc/rsyslog.d) for sending logs
-# to a log server.  By default, UDP over IPv4 will be used to send all
-# logs to the NSC central syslog server.
-#
-# The lookup of the logserver IP address is performed on the Puppet
-# master.  Thus, we need to specify whether IPv4 and/or IPv6 should be
-# used, since the Puppet master might not have the same view of what IP
-# families are useable as the client.  If a node specifies both IPv4 and
-# IPv6 (i.e, ipfamily=>['ipv4','ipv6'], one of them will be selected
-# based on what the resolver library on the Puppet master thinks is best
-# for *it*, not what's best for the node in question.
-class syslog::client(
-	$logserver='syslog.nsc.liu.se',
-	$ipfamily='ipv4',	# 'ipv4', 'ipv6' or ['ipv4','ipv6']
-	$protocol='udp',	# udp, tcp or relp
-	$port=false,		# Default: 514 for TCP/UDP, 2514 for RELP
-	$selector='*.*',
-	$format='RSYSLOG_ForwardFormat',
-      )
-{
-    include syslog::service
-    $cfg_d_file = '/etc/rsyslog.d/log-to-logserver.conf'
-    $syslogaddrs = resolve_ipnets($logserver, $ipfamily, 'stable')
-    $protoprefix = $protocol ? {
-	'udp'	=> '@',
-	'tcp'	=> '@@',
-	'relp'	=> ':omrelp:',
-	default	=> fail("${title}: Bad protocol, ``${protocol}''"),
-    }
-    $xport = $port ? {
-	false	=> $protocol ? { 'relp' => ':2514', default => '' },
-	default => ":${port}",
-    }
-    $cfg_line = sprintf(
-	"%s\t\t%s[%s]%s;%s\n",
-	$selector, $protoprefix, $syslogaddrs[0], $xport, $format)
-    file {
-	$cfg_d_file:
-	    ensure => file, owner => 'root', group => 'root', mode => '0444',
-	    content => $cfg_line,
-	    require => Package['rsyslog'],
-	    notify => Service['rsyslog'];
-    }
-}
-class syslog::central_server
-{
-    include syslog::service
-    include rootuser
-    include syslog::vars
-    $osdist = "${::operatingsystem}-${::operatingsystemrelease}"
-    case $osdist
-    {
-	/^CentOS-6.[0-9]+$/: {
-	    cfgfile::redhat::sysconfig {
-		'rsyslogd-options':
-		    subsystem => 'rsyslog',
-		    setting => 'SYSLOGD_OPTIONS',
-		    value => '"-c5"',
-		    notify => Service['rsyslog'];
-	    }
-	    file {
-		'/etc/rsyslog.conf':
-		    content => template(
-			'syslog/rsyslog-el6.conf-logserver.erb'),
-		    owner => 'root', group => 'root', mode => '0444',
-		    notify => Service['rsyslog'];
-	    }
-	    $rsyslogd_pidfile = '/var/run/syslogd.pid'
-	}
-	default: {
-	    fail("Don't know how to configure rsyslog on ${osdist}")
-	}
-    }
-    iptables {
-	'syslog-input':
-	    ipfamily => ['ipv4','ipv6'], chain => 'INPUT',
-	    saddr => $syslog::vars::allowed_clients,
-	    proto => ['udp','tcp'], dport => 514,
-	    target => 'ACCEPT';
-    }
-    fs::mount {
-	'/syslogs':
-	    before => Class[syslog::service];
-    }
-    file {
-	'/syslogs/audit':
-	    ensure => directory,
-	    owner => 'root', group => 'root', mode => '0755',
-	    before => Class[syslog::service];
-	'/etc/logrotate.d/logstream':
-	    ensure => file,
-	    owner => 'root', group => 'root', mode => '0444';
-	# Replaced by compress-auditlogs script run from cron.
-	'/etc/logrotate.d/auditstream':
-	    ensure => absent;
-    }
-    # On Sunday mornings there will be triple SIGHUPs sent to rsyslogd, since
-    # the rotation of the normal logs in /var/log will also run then.  Would
-    # be nice to avoid that, but that does not seem possible.
-    xaugeas {
-	'logrotate-logstream':
-	    file => '/etc/logrotate.d/logstream', lens => 'Logrotate.lns',
-	    changes => [
-		'rm  *',
-		"set rule/file	    '/syslogs/logstream'",
-		"set rule/rotate	'1'",
-		"set rule/compress	'nocompress'",
-		"set rule/schedule	'daily'",
-		"set rule/create/mode	'644'",
-		"set rule/create/owner	'root'",
-		"set rule/create/group	'root'",
-		"set rule/missingok	'missingok'",
-		"set rule/postrotate	'\t\t/bin/kill -HUP `/bin/cat ${rsyslogd_pidfile} 2>/dev/null` 2>/dev/null || true'",
-	    ],
-	    require => File['/etc/logrotate.d/logstream'];
-    }
-    file {
-	"${rootuser::homedir}/bin/compress-syslogs.sh":
-	    source => 'puppet:///modules/syslog/compress-syslogs.sh',
-	    owner => 'root', group => 'root', mode => '0555';
-	"${rootuser::homedir}/bin/compress-auditlogs.sh":
-	    source => 'puppet:///modules/syslog/compress-auditlogs.sh',
-	    owner => 'root', group => 'root', mode => '0555';
-    }
-    # FIXME: If the syslog server happens to be down when this cron job
-    # runs, that particular month will never be compressed.
-    cron {
-	'compress-old-logs':
-	    command => shellquote(
-		'/root/bin/compress-syslogs.sh', '-v', '3 months ago'),
-	    month => '1-12', monthday => '3', weekday => '*',
-	    hour => 5, minute => 20;
-	'compress-auditlogs':
-	    command => shellquote('/root/bin/compress-auditlogs.sh'),
-	    month => '*', monthday => '*', weekday => '*',
-	    hour => 6, minute => 20;
-    }
-}
--- a/manifests/modload.pp
+++ b/manifests/modload.pp
+# Add or remove $ModLoad directives from the rsyslog configuration.
+define syslog::modload($ensure='present')
+{
+    $modload_re = sprintf(
+	'^\$[Mm][Oo][Dd][Ll][Oo][Aa][Dd]\s+%s(\s*#.*)?$', $name
+    )
+    case $ensure
+    {
+	'present': {
+	    ensure_line {
+		"syslog::modload::${name}":
+		    file => '/etc/rsyslog.conf',
+		    line => "\$ModLoad ${name}",
+		    sufficient => $modload_re,
+		    addhow => prepend,
+		    require => Package['rsyslog'],
+		    notify => Service['rsyslog'];
+	    }
+	}
+	'absent': {
+	    delete_lines {
+		"syslog::modload::${name}":
+		    file => '/etc/rsyslog.conf',
+		    pattern => $modload_re,
+		    require => Package['rsyslog'],
+		    notify => Service['rsyslog'];
+	    }
+	}
+	default: {
+	    fail("Syslog::Modload[${title}]:",
+	         " Bad parameter ensure, \"${ensure}\"")
+	}
+    }
+}
--- a/manifests/service.pp
+++ b/manifests/service.pp
+class syslog::service
+{
+    package {
+	'rsyslog':
+	    ensure => installed,
+	    notify => Service['rsyslog'];
+    }
+    syslog::modload {
+	'imuxsock':   ensure => present;
+    }
+    if $::initsystem == 'systemd' {
+	# Rsyslog should get kernel messages from journald instead of
+	# reading the kernel socket itself.
+	syslog::modload {
+	    'imklog':    ensure => absent;
+	    'imjournal': ensure => present;
+	}
+    } else {
+	# But on non-systemd systems, it is of course the reverse.
+	syslog::modload {
+	    'imklog':    ensure => present;
+	    'imjournal': ensure => absent;
+	}
+    }
+    service {
+	'rsyslog':
+	    ensure => $::running, enable => true,
+	    hasstatus => true, hasrestart => true;
+    }
+}
--- a/manifests/vars.pp
+++ b/manifests/vars.pp
+class syslog::vars
+{
+    include nscnets
+    # We also take care of logs from NDGF.
+    $allowed_clients = [ $nscnets::all_public, $nscnets::network_management,
+			 'bobo.ndgf.org' ]
+}