From 1e112667561d75b5d9bbdfdb28dd89fc237ac7a0 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Tue, 14 Sep 2021 17:09:23 -0700 Subject: [PATCH] Performance improvement - Eliminating unnecessary set_fact tasks in tasks/main.yml and moving them to the individual input and output. - Eliminating unnecessary loop for the set_certs tasks. - Fixing a typo and applying the set_certs changes to tests_ovirt_elasticsearch.yml and tests_files_elasticsearch.yml. - Replacing variable names starting with one underscore with two. - Initializing rsyslog_inputs and rsyslog_outputs with []. --- roles/rsyslog/defaults/main.yml | 6 -- roles/rsyslog/tasks/inputs/basics/main.yml | 8 +- roles/rsyslog/tasks/inputs/files/main.yml | 12 +-- roles/rsyslog/tasks/inputs/ovirt/main.yml | 14 ++-- roles/rsyslog/tasks/inputs/relp/main.yml | 8 +- roles/rsyslog/tasks/inputs/remote/main.yml | 14 ++-- roles/rsyslog/tasks/main.yml | 17 +++-- .../tasks/outputs/elasticsearch/main.yml | 14 ++-- roles/rsyslog/tasks/outputs/files/main.yml | 6 +- roles/rsyslog/tasks/outputs/forwards/main.yml | 6 +- roles/rsyslog/tasks/outputs/relp/main.yml | 8 +- .../tasks/outputs/remote_files/main.yml | 6 +- roles/rsyslog/tasks/set_certs.yml | 60 +++++++-------- roles/rsyslog/templates/input_basics.j2 | 14 ++-- roles/rsyslog/templates/input_basics_rhel7.j2 | 10 +-- roles/rsyslog/templates/input_ovirt.j2 | 44 +++++------ roles/rsyslog/templates/input_relp.j2 | 48 ++++++------ roles/rsyslog/templates/input_remote.j2 | 26 +++---- .../rsyslog/templates/input_remote_module.j2 | 14 ++-- roles/rsyslog/templates/input_template.j2 | 16 ++-- .../rsyslog/templates/output_elasticsearch.j2 | 74 +++++++++---------- roles/rsyslog/templates/output_files.j2 | 16 ++-- roles/rsyslog/templates/output_forwards.j2 | 28 +++---- roles/rsyslog/templates/output_relp.j2 | 40 +++++----- .../rsyslog/templates/output_remote_files.j2 | 28 +++---- roles/rsyslog/vars/inputs/ovirt/main.yml | 2 +- tasks/main.yml | 63 ++++------------ tests/tests_files_elasticsearch.yml | 10 +-- tests/tests_ovirt_elasticsearch.yml | 8 +- 29 files changed, 289 insertions(+), 331 deletions(-) diff --git a/roles/rsyslog/defaults/main.yml b/roles/rsyslog/defaults/main.yml index 2e162648..3b63df9e 100644 --- a/roles/rsyslog/defaults/main.yml +++ b/roles/rsyslog/defaults/main.yml @@ -37,9 +37,3 @@ rsyslog_custom_config_files: [] # Traditional timestamp format looks like 'Mar 27 14:16:47' # By setting false, it'd change 2020-03-27T14:16:47.139796+00:00) rsyslog_basics_use_traditional_timestamp_format: true - -# Files and Forwards outputs -# -------------------------- - -rsyslog_output_files: [] -rsyslog_output_forwards: [] diff --git a/roles/rsyslog/tasks/inputs/basics/main.yml b/roles/rsyslog/tasks/inputs/basics/main.yml index a3043949..15984c26 100644 --- a/roles/rsyslog/tasks/inputs/basics/main.yml +++ b/roles/rsyslog/tasks/inputs/basics/main.yml @@ -8,16 +8,16 @@ file: "{{ role_path }}/tasks/deploy.yml" - name: "Create basics input configuration file - input-basics-{{ _input.name }} in /etc/rsyslog.d" + input-basics-{{ __rsyslog_input.name }} in /etc/rsyslog.d" vars: __rsyslog_packages: [] __rsyslog_rules: - - name: "input-basics-{{ _input.name }}" + - name: "input-basics-{{ __rsyslog_input.name }}" type: input - state: "{{ _input.state | d('present') }}" + state: "{{ __rsyslog_input.state | d('present') }}" sections: - options: "{{ lookup('template', __rsyslog_input_basics) }}" include_tasks: file: "{{ role_path }}/tasks/deploy.yml" when: - - _input.type | d() == 'basics' + - __rsyslog_input.type | d() == 'basics' diff --git a/roles/rsyslog/tasks/inputs/files/main.yml b/roles/rsyslog/tasks/inputs/files/main.yml index bd133f63..379be267 100644 --- a/roles/rsyslog/tasks/inputs/files/main.yml +++ b/roles/rsyslog/tasks/inputs/files/main.yml @@ -10,20 +10,20 @@ # yamllint disable rule:line-length - name: "Create files input configuration file - input-files-{{ _input.name }} in /etc/rsyslog.d" + input-files-{{ __rsyslog_input.name }} in /etc/rsyslog.d" vars: __rsyslog_packages: [] __rsyslog_rules: - - name: "input-files-{{ _input.name }}" + - name: "input-files-{{ __rsyslog_input.name }}" type: input - state: "{{ _input.state | d('present') }}" + state: "{{ __rsyslog_input.state | d('present') }}" sections: - options: |- - input(type="imfile" file="{{ _input.input_log_path }}" tag="{{ _input.name }}") + input(type="imfile" file="{{ __rsyslog_input.input_log_path }}" tag="{{ __rsyslog_input.name }}") {{ lookup("template", "input_template.j2") }} include_tasks: file: "{{ role_path }}/tasks/deploy.yml" when: - - _input.type | d() == 'files' - - _input.input_log_path | d() | length > 0 + - __rsyslog_input.type | d() == 'files' + - __rsyslog_input.input_log_path | d() | length > 0 # yamllint enable rule:line-length diff --git a/roles/rsyslog/tasks/inputs/ovirt/main.yml b/roles/rsyslog/tasks/inputs/ovirt/main.yml index b97cf5f2..efa8b742 100644 --- a/roles/rsyslog/tasks/inputs/ovirt/main.yml +++ b/roles/rsyslog/tasks/inputs/ovirt/main.yml @@ -24,25 +24,25 @@ file: "{{ role_path }}/tasks/deploy.yml" - name: "Create oVirt input configuration file - input-ovirt-{{ _input.name }} in /etc/rsyslog.d" + input-ovirt-{{ __rsyslog_input.name }} in /etc/rsyslog.d" vars: __rsyslog_packages: [] __rsyslog_rules: - - name: "input-ovirt-{{ _input.name }}" + - name: "input-ovirt-{{ __rsyslog_input.name }}" type: input sections: - options: "{{ lookup('template', 'input_ovirt.j2') }}" - state: "{{ _input.state | d('present') }}" + state: "{{ __rsyslog_input.state | d('present') }}" include_tasks: file: "{{ role_path }}/tasks/deploy.yml" when: - - _input.type | d('') == 'ovirt' - - _input.subtype | d('') in ['collectd','engine','vdsm'] + - __rsyslog_input.type | d('') == 'ovirt' + - __rsyslog_input.subtype | d('') in ['collectd','engine','vdsm'] - name: Ensure collectd port is allowed for rsyslogd to listen to shell: |- set -euo pipefail - sport={{ _input.rsyslog_read_collectd_port | d(44514) }} + sport={{ __rsyslog_input.rsyslog_read_collectd_port | d(44514) }} plist=$( semanage port -l | grep "$sport" || : ) if [ "$plist" = "" ]; then semanage port -a -t syslogd_port_t -p tcp "$sport" @@ -58,6 +58,6 @@ fi fi when: - - _input.type | d() == 'ovirt' + - __rsyslog_input.type | d() == 'ovirt' - ansible_selinux.mode in ["enforcing", "permissive"] notify: restart rsyslogd diff --git a/roles/rsyslog/tasks/inputs/relp/main.yml b/roles/rsyslog/tasks/inputs/relp/main.yml index 5df25b52..1d520a3c 100644 --- a/roles/rsyslog/tasks/inputs/relp/main.yml +++ b/roles/rsyslog/tasks/inputs/relp/main.yml @@ -3,7 +3,7 @@ include_tasks: file: "{{ role_path }}/tasks/set_certs.yml" vars: - __rsyslog_cert_subject: "{{ rsyslog_input_relp }}" + __rsyslog_cert_subject: "{{ __rsyslog_input }}" # Deploy configuration files - name: "Install/Update relp logging packages and generate @@ -15,14 +15,14 @@ file: "{{ role_path }}/tasks/deploy.yml" - name: "Create relp input configuration file - input-relp-{{ _input.name }} in /etc/rsyslog.d" + input-relp-{{ __rsyslog_input.name }} in /etc/rsyslog.d" vars: __rsyslog_packages: [] __rsyslog_rules: - - name: "input-relp-{{ _input.name }}" + - name: "input-relp-{{ __rsyslog_input.name }}" type: input weight: "11" - state: "{{ _input.state | d('present') }}" + state: "{{ __rsyslog_input.state | d('present') }}" sections: - options: "{{ lookup('template', 'input_relp.j2') }}" include_tasks: diff --git a/roles/rsyslog/tasks/inputs/remote/main.yml b/roles/rsyslog/tasks/inputs/remote/main.yml index f6508ed3..e0d593a0 100644 --- a/roles/rsyslog/tasks/inputs/remote/main.yml +++ b/roles/rsyslog/tasks/inputs/remote/main.yml @@ -9,7 +9,7 @@ when: - item | length > 1 vars: - __logging_remote: "{{ logging_inputs | + __logging_remote: "{{ rsyslog_inputs | selectattr('type', 'match', '^remote$') | list }}" __logging_remote_udp: "{{ __logging_remote | selectattr('udp_ports', 'defined') | list }}" @@ -29,25 +29,25 @@ vars: __rsyslog_packages: "{{ __rsyslog_remote_packages }}" __rsyslog_rules: - - name: "input-remote-modules-{{ _input.name }}" + - name: "input-remote-modules-{{ __rsyslog_input.name }}" type: modules sections: - options: "{{ lookup('template', 'input_remote_module.j2') }}" include_tasks: file: "{{ role_path }}/tasks/deploy.yml" - when: _input.type | d() == 'remote' + when: __rsyslog_input.type | d() == 'remote' - name: "Create remote input configuration file - input-remote-{{ _input.name }} in /etc/rsyslog.d" + input-remote-{{ __rsyslog_input.name }} in /etc/rsyslog.d" vars: __rsyslog_packages: [] __rsyslog_rules: - - name: "input-remote-{{ _input.name }}" + - name: "input-remote-{{ __rsyslog_input.name }}" type: input weight: "11" - state: "{{ _input.state | d('present') }}" + state: "{{ __rsyslog_input.state | d('present') }}" sections: - options: "{{ lookup('template', 'input_remote.j2') }}" include_tasks: file: "{{ role_path }}/tasks/deploy.yml" - when: _input.type | d() == 'remote' + when: __rsyslog_input.type | d() == 'remote' diff --git a/roles/rsyslog/tasks/main.yml b/roles/rsyslog/tasks/main.yml index f771a26d..9d65a108 100644 --- a/roles/rsyslog/tasks/main.yml +++ b/roles/rsyslog/tasks/main.yml @@ -113,7 +113,7 @@ mode: "{{ __rsyslog_register_stat_conf.stat.mode | d('0700') }}" when: - __rsyslog_enabled | bool - - logging_inputs | d([]) + - rsyslog_inputs | d([]) notify: restart rsyslogd - name: Generate global rule to add to __rsyslog_common_rules @@ -156,7 +156,7 @@ loop_var: inner_item when: - __rsyslog_enabled | bool - - logging_inputs | d([]) + - rsyslog_inputs | d([]) - inner_item.filename | d() or inner_item.name | d() - inner_item.state is undefined or inner_item.state != 'absent' - inner_item.options | d() or inner_item.sections | d() @@ -264,11 +264,12 @@ notify: restart rsyslogd vars: - __logging_forwards_tls: "{{ logging_outputs | + __logging_forwards_tls: "{{ rsyslog_outputs | + selectattr('target', 'defined') | selectattr('type', 'match', '^forwards$') | selectattr('tls', 'defined') | selectattr('tls') | list }}" - __logging_remote_tls: "{{ logging_inputs | + __logging_remote_tls: "{{ rsyslog_inputs | selectattr('type', 'match', '^remote$') | selectattr('tcp_ports', 'defined') | selectattr('tls', 'defined') | @@ -282,7 +283,7 @@ file: "{{ role_path }}/vars/{{ varfile }}" vars: varfile: "inputs/{{ input_item.type }}/main.yml" - loop: "{{ logging_inputs }}" + loop: "{{ rsyslog_inputs }}" loop_control: loop_var: input_item when: @@ -293,8 +294,8 @@ file: "{{ tasks }}" vars: tasks: "{{ role_path }}/tasks/inputs/{{ input_item.type }}/main.yml" - _input: "{{ input_item }}" - loop: '{{ logging_inputs | sort(attribute="type") }}' + __rsyslog_input: "{{ input_item }}" + loop: '{{ rsyslog_inputs | sort(attribute="type") }}' loop_control: extended: yes loop_var: input_item @@ -324,7 +325,7 @@ file: "{{ tasks }}" vars: tasks: "{{ role_path }}/tasks/outputs/{{ output_item.type }}/main.yml" - _output: "{{ output_item }}" + __rsyslog_output: "{{ output_item }}" loop: "{{ rsyslog_outputs }}" loop_control: loop_var: output_item diff --git a/roles/rsyslog/tasks/outputs/elasticsearch/main.yml b/roles/rsyslog/tasks/outputs/elasticsearch/main.yml index 2beb0491..aadcab85 100644 --- a/roles/rsyslog/tasks/outputs/elasticsearch/main.yml +++ b/roles/rsyslog/tasks/outputs/elasticsearch/main.yml @@ -3,7 +3,7 @@ include_tasks: file: "{{ role_path }}/tasks/set_certs.yml" vars: - __rsyslog_cert_subject: "{{ rsyslog_output_elasticsearch }}" + __rsyslog_cert_subject: "{{ __rsyslog_output }}" # Deploy configuration files - name: "Install/Update elasticsearch logging packages and generate @@ -15,14 +15,14 @@ file: "{{ role_path }}/tasks/deploy.yml" - name: "Create elasticsearch output configuration file - output-elasticsearch-{{ _output.name }} in /etc/rsyslog.d" + output-elasticsearch-{{ __rsyslog_output.name }} in /etc/rsyslog.d" vars: __rsyslog_packages: [] __rsyslog_rules: - - name: "output-elasticsearch-{{ _output.name }}" + - name: "output-elasticsearch-{{ __rsyslog_output.name }}" type: "output" weight: "31" - state: "{{ _output.state | d('present') }}" + state: "{{ __rsyslog_output.state | d('present') }}" sections: - options: "{{ lookup('template', 'output_elasticsearch.j2') }}" mode: "0600" @@ -34,14 +34,14 @@ (logging_elasticsearch_password | length == 0) - name: "Create elasticsearch output configuration file - output-elasticsearch-{{ _output.name }} in /etc/rsyslog.d (no_log)" + output-elasticsearch-{{ __rsyslog_output.name }} in /etc/rsyslog.d (no_log)" vars: __rsyslog_packages: [] __rsyslog_rules: - - name: "output-elasticsearch-{{ _output.name }}" + - name: "output-elasticsearch-{{ __rsyslog_output.name }}" type: "output" weight: "31" - state: "{{ _output.state | d('present') }}" + state: "{{ __rsyslog_output.state | d('present') }}" sections: - options: "{{ lookup('template', 'output_elasticsearch.j2') }}" mode: "0600" diff --git a/roles/rsyslog/tasks/outputs/files/main.yml b/roles/rsyslog/tasks/outputs/files/main.yml index bdb746cd..4c66ef0d 100644 --- a/roles/rsyslog/tasks/outputs/files/main.yml +++ b/roles/rsyslog/tasks/outputs/files/main.yml @@ -9,13 +9,13 @@ file: "{{ role_path }}/tasks/deploy.yml" - name: "Create files output configuration file - output-files-{{ _output.name }} in /etc/rsyslog.d" + output-files-{{ __rsyslog_output.name }} in /etc/rsyslog.d" vars: __rsyslog_packages: [] __rsyslog_rules: - - name: "output-files-{{ _output.name }}" + - name: "output-files-{{ __rsyslog_output.name }}" type: "output" - state: "{{ _output.state | d('present') }}" + state: "{{ __rsyslog_output.state | d('present') }}" sections: - options: "{{ lookup('template', 'output_files.j2') }}" include_tasks: diff --git a/roles/rsyslog/tasks/outputs/forwards/main.yml b/roles/rsyslog/tasks/outputs/forwards/main.yml index 0f186804..fb56c6fd 100644 --- a/roles/rsyslog/tasks/outputs/forwards/main.yml +++ b/roles/rsyslog/tasks/outputs/forwards/main.yml @@ -9,13 +9,13 @@ file: "{{ role_path }}/tasks/deploy.yml" - name: "Create forwards output configuration file - output-forwards-{{ _output.name }} in /etc/rsyslog.d" + output-forwards-{{ __rsyslog_output.name }} in /etc/rsyslog.d" vars: __rsyslog_packages: [] __rsyslog_rules: - - name: "output-forwards-{{ _output.name }}" + - name: "output-forwards-{{ __rsyslog_output.name }}" type: "output" - state: "{{ _output.state | d('present') }}" + state: "{{ __rsyslog_output.state | d('present') }}" sections: - options: "{{ lookup('template', 'output_forwards.j2') }}" include_tasks: diff --git a/roles/rsyslog/tasks/outputs/relp/main.yml b/roles/rsyslog/tasks/outputs/relp/main.yml index ff65f717..e69160e4 100644 --- a/roles/rsyslog/tasks/outputs/relp/main.yml +++ b/roles/rsyslog/tasks/outputs/relp/main.yml @@ -3,7 +3,7 @@ include_tasks: file: "{{ role_path }}/tasks/set_certs.yml" vars: - __rsyslog_cert_subject: "{{ rsyslog_output_relp }}" + __rsyslog_cert_subject: "{{ __rsyslog_output }}" # Deploy configuration files - name: "Install/Update relp logging packages and generate @@ -15,14 +15,14 @@ file: "{{ role_path }}/tasks/deploy.yml" - name: "Create relp output configuration file - output-relp-{{ _output.name }} in /etc/rsyslog.d" + output-relp-{{ __rsyslog_output.name }} in /etc/rsyslog.d" vars: __rsyslog_packages: [] __rsyslog_rules: - - name: "output-relp-{{ _output.name }}" + - name: "output-relp-{{ __rsyslog_output.name }}" type: "output" weight: "31" - state: "{{ _output.state | d('present') }}" + state: "{{ __rsyslog_output.state | d('present') }}" sections: - options: "{{ lookup('template', 'output_relp.j2') }}" include_tasks: diff --git a/roles/rsyslog/tasks/outputs/remote_files/main.yml b/roles/rsyslog/tasks/outputs/remote_files/main.yml index 8bac9963..6fe9320a 100644 --- a/roles/rsyslog/tasks/outputs/remote_files/main.yml +++ b/roles/rsyslog/tasks/outputs/remote_files/main.yml @@ -1,12 +1,12 @@ --- - name: "Create remote files output configuration file - output-files-{{ _output.name }} in /etc/rsyslog.d" + output-files-{{ __rsyslog_output.name }} in /etc/rsyslog.d" vars: __rsyslog_packages: "{{ __rsyslog_remote_files_output_packages }}" __rsyslog_rules: - - name: "output-files-{{ _output.name }}" + - name: "output-files-{{ __rsyslog_output.name }}" type: "output" - state: "{{ _output.state | d('present') }}" + state: "{{ __rsyslog_output.state | d('present') }}" sections: - options: "{{ lookup('template', 'output_remote_files.j2') }}" include_tasks: diff --git a/roles/rsyslog/tasks/set_certs.yml b/roles/rsyslog/tasks/set_certs.yml index b80ecd3d..0f9968e0 100644 --- a/roles/rsyslog/tasks/set_certs.yml +++ b/roles/rsyslog/tasks/set_certs.yml @@ -6,59 +6,59 @@ - name: "Copy ca_cert on the control host to the specified path on the target host" copy: - src: '{{ item.ca_cert_src }}' - dest: '{{ item.ca_cert | + src: '{{ __rsyslog_cert_subject.ca_cert_src }}' + dest: '{{ __rsyslog_cert_subject.ca_cert | d(__rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir) }}' mode: '0444' - with_items: - - '{{ __rsyslog_cert_subject }}' - when: item.ca_cert_src | d() + when: __rsyslog_cert_subject.ca_cert_src | d() - name: "Copy cert on the control host to the specified path on the target host" copy: - src: '{{ item.cert_src }}' - dest: '{{ item.cert | + src: '{{ __rsyslog_cert_subject.cert_src }}' + dest: '{{ __rsyslog_cert_subject.cert | d(__rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir) }}' mode: '0444' - with_items: - - '{{ __rsyslog_cert_subject }}' - when: item.cert_src | d() + when: __rsyslog_cert_subject.cert_src | d() - name: "Copy key on the control host to the specified path on the target host" copy: - src: '{{ item.private_key_src }}' - dest: '{{ item.private_key | + src: '{{ __rsyslog_cert_subject.private_key_src }}' + dest: '{{ __rsyslog_cert_subject.private_key | d(__rsyslog_default_pki_path + __rsyslog_default_pki_key_dir) }}' mode: '0400' - with_items: - - '{{ __rsyslog_cert_subject }}' - when: item.private_key_src | d() + when: __rsyslog_cert_subject.private_key_src | d() - name: Check certs - tls is true, but triplets are not given fail: msg: "Error: you specified tls: true; you must specify all 3 of ca_cert, cert, private_key, or all 3 of ca_cert_src, cert_src, private_key_src, or set tls: false in the - configuration named {{ item.name }}" - with_items: - - '{{ __rsyslog_cert_subject }}' - when: not ((item.ca_cert | d() and item.cert | d() and - item.private_key | d()) or - (item.ca_cert_src | d() and item.cert_src | d() and - item.private_key_src | d())) - when: item.tls is defined | ternary(item.tls, item.use_cert | d(true)) + configuration named {{ __rsyslog_cert_subject.name }}" + when: not ((__rsyslog_cert_subject.ca_cert | d() and + __rsyslog_cert_subject.cert | d() and + __rsyslog_cert_subject.private_key | d()) or + (__rsyslog_cert_subject.ca_cert_src | d() and + __rsyslog_cert_subject.cert_src | d() and + __rsyslog_cert_subject.private_key_src | d())) + when: __rsyslog_cert_subject.tls is defined | + ternary(__rsyslog_cert_subject.tls, + __rsyslog_cert_subject.use_cert | d(true)) - name: Check certs - key/certs data are provided, but tls is false debug: msg: "WARNING: you specified tls: false and also specified one or - more cert/key files in the configuration named {{ item.name }}" - with_items: - - '{{ __rsyslog_cert_subject }}' + more cert/key files in the configuration named + {{ __rsyslog_cert_subject.name }}" when: - - not (item.tls is defined | ternary(item.tls, item.use_cert | d(true))) - - (item.ca_cert | d() or item.cert | d() or item.private_key | d()) or - (item.ca_cert_src | d() or item.cert_src | d() or - item.private_key_src | d()) + - not (__rsyslog_cert_subject.tls is defined | + ternary(__rsyslog_cert_subject.tls, + __rsyslog_cert_subject.use_cert | d(true))) + - (__rsyslog_cert_subject.ca_cert | d() or + __rsyslog_cert_subject.cert | d() or + __rsyslog_cert_subject.private_key | d()) or + (__rsyslog_cert_subject.ca_cert_src | d() or + __rsyslog_cert_subject.cert_src | d() or + __rsyslog_cert_subject.private_key_src | d()) when: __rsyslog_cert_subject | d([]) diff --git a/roles/rsyslog/templates/input_basics.j2 b/roles/rsyslog/templates/input_basics.j2 index cf8ac35c..0c7c8328 100644 --- a/roles/rsyslog/templates/input_basics.j2 +++ b/roles/rsyslog/templates/input_basics.j2 @@ -1,10 +1,10 @@ -{% if _input.kernel_message | d(false) | bool %} +{% if __rsyslog_input.kernel_message | d(false) | bool %} module(load="imklog" permitnonkernelfacility="on") {% endif %} -{% if _input.use_imuxsock | d(false) | bool %} +{% if __rsyslog_input.use_imuxsock | d(false) | bool %} module(load="imuxsock" # provides support for local system logging (e.g. via logger command) - SysSock.RateLimit.Burst="{{ _input.ratelimit_burst | d(200) }}" - SysSock.RateLimit.Interval="{{ _input.ratelimit_burst | d(0) }}" + SysSock.RateLimit.Burst="{{ __rsyslog_input.ratelimit_burst | d(200) }}" + SysSock.RateLimit.Interval="{{ __rsyslog_input.ratelimit_burst | d(0) }}" SysSock.Use="on") # Turn on message reception via local log socket. input(name="basics_imuxsock" type="imuxsock" socket="/dev/log") {% else %} @@ -12,8 +12,8 @@ module(load="imuxsock" # provides support for local system logging (e.g. via SysSock.Use="off") # Turn off message reception via local log socket. module(load="imjournal" StateFile="{{ __rsyslog_work_dir }}/imjournal.state" - RateLimit.Burst="{{ _input.ratelimit_burst | d(20000) }}" - RateLimit.Interval="{{ _input.ratelimit_interval | d(600) }}" - PersistStateInterval="{{ _input.journal_persist_state_interval | d(10) }}") + RateLimit.Burst="{{ __rsyslog_input.ratelimit_burst | d(20000) }}" + RateLimit.Interval="{{ __rsyslog_input.ratelimit_interval | d(600) }}" + PersistStateInterval="{{ __rsyslog_input.journal_persist_state_interval | d(10) }}") {% endif %} {{ lookup('template', 'input_template.j2') }} diff --git a/roles/rsyslog/templates/input_basics_rhel7.j2 b/roles/rsyslog/templates/input_basics_rhel7.j2 index 76114d55..ea00c03f 100644 --- a/roles/rsyslog/templates/input_basics_rhel7.j2 +++ b/roles/rsyslog/templates/input_basics_rhel7.j2 @@ -1,17 +1,17 @@ -{% if _input.kernel_message | d(false) | bool %} +{% if __rsyslog_input.kernel_message | d(false) | bool %} module(load="imklog" permitnonkernelfacility="on") {% endif %} $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) -{% if _input.use_imuxsock | d(false) | bool %} +{% if __rsyslog_input.use_imuxsock | d(false) | bool %} # Turn on message reception via local log socket; $OmitLocalLogging off {% else %} $ModLoad imjournal # provides access to the systemd journal # File to store the position in the journal $IMJournalStateFile imjournal.state -$imjournalRatelimitBurst {{ _input.ratelimit_burst | d(20000) }} -$imjournalRatelimitInterval {{ _input.ratelimit_interval | d(600) }} -$imjournalPersistStateInterval {{ _input.journal_persist_state_interval | d(10) }} +$imjournalRatelimitBurst {{ __rsyslog_input.ratelimit_burst | d(20000) }} +$imjournalRatelimitInterval {{ __rsyslog_input.ratelimit_interval | d(600) }} +$imjournalPersistStateInterval {{ __rsyslog_input.journal_persist_state_interval | d(10) }} # Turn off message reception via local log socket; # local messages are retrieved through imjournal now. diff --git a/roles/rsyslog/templates/input_ovirt.j2 b/roles/rsyslog/templates/input_ovirt.j2 index 76467969..a37ce68c 100644 --- a/roles/rsyslog/templates/input_ovirt.j2 +++ b/roles/rsyslog/templates/input_ovirt.j2 @@ -1,11 +1,11 @@ -{% set __rsyslog_ovirt_subtype = _input.subtype | d() %} -{% set __ovirt_env_name = _input.ovirt_env_name | d('engine') %} -{% set __ovirt_env_uuid = _input.ovirt_env_uuid | d() %} +{% set __rsyslog_ovirt_subtype = __rsyslog_input.subtype | d() %} +{% set __ovirt_env_name = __rsyslog_input.ovirt_env_name | d('engine') %} +{% set __ovirt_env_uuid = __rsyslog_input.ovirt_env_uuid | d() %} {% if __rsyslog_ovirt_subtype == "collectd" %} -{% set __rsyslog_collectd_port = _input.ovirt_collectd_port | d(44514) %} -{% set __rsyslog_elasticsearch_index_prefix = _input.ovirt_elasticsearch_index_prefix | d('project.ovirt-metrics') %} -input(name="{{ _input.name }}" type="imtcp" port="{{ __rsyslog_collectd_port }}") -if $inputname == "{{ _input.name }}" then { +{% set __rsyslog_collectd_port = __rsyslog_input.ovirt_collectd_port | d(44514) %} +{% set __rsyslog_elasticsearch_index_prefix = __rsyslog_input.ovirt_elasticsearch_index_prefix | d('project.ovirt-metrics') %} +input(name="{{ __rsyslog_input.name }}" type="imtcp" port="{{ __rsyslog_collectd_port }}") +if $inputname == "{{ __rsyslog_input.name }}" then { set $!original_raw_message = $msg; action(name="collectd_mmjsonparse" type="mmjsonparse" cookie="") # parse entire message as json set $!@timestamp = exec_template('cnvt_to_viaq_timestamp'); @@ -23,27 +23,27 @@ if $inputname == "{{ _input.name }}" then { set $.input_type = "ovirt"; } {% else %} -{% set __rsyslog_elasticsearch_index_prefix = _input.ovirt_elasticsearch_index_prefix | d('project.ovirt-logs') %} -{% set __ovirt_vds_cluster_name = _input.ovirt_vds_cluster_name | d('') %} -{% set __ovirt_engine_fqdn = _input.ovirt_engine_fqdn | d('') %} +{% set __rsyslog_elasticsearch_index_prefix = __rsyslog_input.ovirt_elasticsearch_index_prefix | d('project.ovirt-logs') %} +{% set __ovirt_vds_cluster_name = __rsyslog_input.ovirt_vds_cluster_name | d('') %} +{% set __ovirt_engine_fqdn = __rsyslog_input.ovirt_engine_fqdn | d('') %} {% if __rsyslog_ovirt_subtype == "engine" %} -{% set __ovirt_input_file = _input.ovirt_input_file | d('/var/log/ovirt-engine/engine.log') %} -input(type="imfile" file="{{ __ovirt_input_file }}" tag="{{ _input.name }}" +{% set __ovirt_input_file = __rsyslog_input.ovirt_input_file | d('/var/log/ovirt-engine/engine.log') %} +input(type="imfile" file="{{ __ovirt_input_file }}" tag="{{ __rsyslog_input.name }}" reopenOnTruncate="on" startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}") -if $syslogtag == "{{ _input.name }}" then { +if $syslogtag == "{{ __rsyslog_input.name }}" then { action(name="ovirt-engine_mmnormalize" type="mmnormalize" rulebase="{{ __rsyslog_config_dir }}/ovirt_engine.rulebase" path="$.ovirt") } {% elif __rsyslog_ovirt_subtype == "vdsm" %} -{% set __ovirt_input_file = _input.ovirt_input_file | d('/var/log/vdsm/vdsm.log') %} -input(type="imfile" file="{{ __ovirt_input_file }}" tag="{{ _input.name }}" +{% set __ovirt_input_file = __rsyslog_input.ovirt_input_file | d('/var/log/vdsm/vdsm.log') %} +input(type="imfile" file="{{ __ovirt_input_file }}" tag="{{ __rsyslog_input.name }}" reopenOnTruncate="on" startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}") -if $syslogtag == "{{ _input.name }}" then { +if $syslogtag == "{{ __rsyslog_input.name }}" then { action(name="ovirt-vdsm_mmnormalize" type="mmnormalize" rulebase="{{ __rsyslog_config_dir }}/ovirt_vdsm.rulebase" path="$.ovirt") } {% endif %} -if $syslogtag == "{{ _input.name }}" then { +if $syslogtag == "{{ __rsyslog_input.name }}" then { {% if __ovirt_env_uuid is defined %} set $.index_prefix = "{{ __rsyslog_elasticsearch_index_prefix }}" & "-" & "{{ __ovirt_env_name }}" & "." & "{{ __ovirt_env_uuid }}" & "."; {% else %} @@ -71,9 +71,9 @@ if $syslogtag == "{{ _input.name }}" then { {% endif %} {% set outdict = {} %} {% for flow in logging_flows %} -{% if flow.inputs | intersect([ _input.name ]) %} +{% if flow.inputs | intersect([ __rsyslog_input.name ]) %} {% for oname in flow.outputs %} -{% set _ = outdict.__setitem__(oname, outdict.get(oname,[])|union([ _input.name ])) %} +{% set _ = outdict.__setitem__(oname, outdict.get(oname,[])|union([ __rsyslog_input.name ])) %} {% endfor %} {% endif %} {% endfor %} @@ -81,14 +81,14 @@ if $syslogtag == "{{ _input.name }}" then { {% if outdict[output.name] | d(false) %} if {% for inputname in outdict[output.name] %} -{% if inputname == _input.name %} +{% if inputname == __rsyslog_input.name %} {% if not loop.first %} or {% endif %} {% if __rsyslog_ovirt_subtype == "collectd" %} - ($inputname == "{{ _input.name }}") + ($inputname == "{{ __rsyslog_input.name }}") {% elif __rsyslog_ovirt_subtype == "engine" or __rsyslog_ovirt_subtype == "vdsm" %} - ($syslogtag == "{{ _input.name }}") + ($syslogtag == "{{ __rsyslog_input.name }}") {% endif %} {% endif %} {% endfor %} diff --git a/roles/rsyslog/templates/input_relp.j2 b/roles/rsyslog/templates/input_relp.j2 index 4cdf79fc..2efeb885 100644 --- a/roles/rsyslog/templates/input_relp.j2 +++ b/roles/rsyslog/templates/input_relp.j2 @@ -1,26 +1,26 @@ -input(name="{{ _input.name }}" +input(name="{{ __rsyslog_input.name }}" type="imrelp" - port="{{ _input.port | d(20514) | int }}" - maxDataSize="{{ _input.max_data_size | d(logging_max_message_size) | int }}" -{% if _input.tls | default(true) %} -{% if _input.ca_cert is defined %} -{% set __cacert = _input.ca_cert %} -{% elif _input.ca_cert_src is defined %} -{% set __cacert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + _input.ca_cert_src | basename %} + port="{{ __rsyslog_input.port | d(20514) | int }}" + maxDataSize="{{ __rsyslog_input.max_data_size | d(logging_max_message_size) | int }}" +{% if __rsyslog_input.tls | default(true) %} +{% if __rsyslog_input.ca_cert is defined %} +{% set __cacert = __rsyslog_input.ca_cert %} +{% elif __rsyslog_input.ca_cert_src is defined %} +{% set __cacert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + __rsyslog_input.ca_cert_src | basename %} {% else %} {% set __cacert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + 'relp-ca.crt' %} {% endif %} -{% if _input.cert is defined %} -{% set __mycert = _input.cert %} -{% elif _input.cert_src is defined %} -{% set __mycert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + _input.cert_src | basename %} +{% if __rsyslog_input.cert is defined %} +{% set __mycert = __rsyslog_input.cert %} +{% elif __rsyslog_input.cert_src is defined %} +{% set __mycert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + __rsyslog_input.cert_src | basename %} {% else %} {% set __mycert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + 'relp-cert.pem' %} {% endif %} -{% if _input.private_key is defined %} -{% set __myprivkey = _input.private_key %} -{% elif _input.private_key_src is defined %} -{% set __myprivkey = __rsyslog_default_pki_path + __rsyslog_default_pki_key_dir + _input.private_key_src | basename %} +{% if __rsyslog_input.private_key is defined %} +{% set __myprivkey = __rsyslog_input.private_key %} +{% elif __rsyslog_input.private_key_src is defined %} +{% set __myprivkey = __rsyslog_default_pki_path + __rsyslog_default_pki_key_dir + __rsyslog_input.private_key_src | basename %} {% else %} {% set __myprivkey = __rsyslog_default_pki_path + __rsyslog_default_pki_key_dir + 'relp-key.pem' %} {% endif %} @@ -28,20 +28,20 @@ input(name="{{ _input.name }}" tls.cacert="{{ __cacert }}" tls.mycert="{{ __mycert }}" tls.myprivkey="{{ __myprivkey }}" - tls.authmode="{{ _input.pki_authmode | d('name') }}" -{% if _input.permitted_clients is defined %} - tls.permittedpeer=["{{ _input.permitted_clients | join('","') }}"] + tls.authmode="{{ __rsyslog_input.pki_authmode | d('name') }}" +{% if __rsyslog_input.permitted_clients is defined %} + tls.permittedpeer=["{{ __rsyslog_input.permitted_clients | join('","') }}"] {% else %} tls.permittedpeer=["{{ '*.' + logging_domain }}"] {% endif %} {% endif %} ) -{% set rsyslog_flows = logging_flows | d([ {"name": "default_flow", "inputs": [ _input.name ], "outputs": ["default_files"]} ], true) %} +{% set rsyslog_flows = logging_flows | d([ {"name": "default_flow", "inputs": [ __rsyslog_input.name ], "outputs": ["default_files"]} ], true) %} {% set outdict = {} %} {% for flow in rsyslog_flows %} -{% if flow.inputs | intersect([ _input.name ]) %} +{% if flow.inputs | intersect([ __rsyslog_input.name ]) %} {% for oname in flow.outputs %} -{% set _ = outdict.__setitem__(oname, outdict.get(oname,[])|union([ _input.name ])) %} +{% set _ = outdict.__setitem__(oname, outdict.get(oname,[])|union([ __rsyslog_input.name ])) %} {% endfor %} {% endif %} {% endfor %} @@ -49,11 +49,11 @@ input(name="{{ _input.name }}" {% if outdict[output.name] | d(false) %} if {% for inputname in outdict[output.name] %} -{% if inputname == _input.name %} +{% if inputname == __rsyslog_input.name %} {% if not loop.first %} or {% endif %} - ($inputname == "{{ _input.name }}") + ($inputname == "{{ __rsyslog_input.name }}") {% endif %} {% endfor %} then { diff --git a/roles/rsyslog/templates/input_remote.j2 b/roles/rsyslog/templates/input_remote.j2 index 4402c125..dec0f593 100644 --- a/roles/rsyslog/templates/input_remote.j2 +++ b/roles/rsyslog/templates/input_remote.j2 @@ -1,45 +1,45 @@ -{# If both udp_ports and tcp_ports appear in the _input, \ +{# If both udp_ports and tcp_ports appear in the __rsyslog_input, \ udp_ports are used in the rsyslog config and tcp_ports are dropped. \ If both udp_ports and tcp_ports are not configured, \ it is default to 'tcp_ports: [514]'. #} -{% if _input.udp_ports | d([]) %} +{% if __rsyslog_input.udp_ports | d([]) %} # Log messages from remote hosts over UDP {% set __logging_loop_index = loop.index %} -input(name="{{ _input.name }}" type="imudp" port=["{{ _input.udp_ports | join('","') }}"]) +input(name="{{ __rsyslog_input.name }}" type="imudp" port=["{{ __rsyslog_input.udp_ports | join('","') }}"]) {{ lookup('template', 'input_template.j2') }} {% else %} -{% if not _input.tcp_ports | d([]) %} +{% if not __rsyslog_input.tcp_ports | d([]) %} {% set item_tcp_ports = ["514"] %} {% else %} -{% set item_tcp_ports = _input.tcp_ports %} +{% set item_tcp_ports = __rsyslog_input.tcp_ports %} {% endif %} -{% set rsyslog_flows = logging_flows | d([ {"name": "default_flow", "inputs": [ _input.name ], "outputs": ["default_files"]} ], true) %} +{% set rsyslog_flows = logging_flows | d([ {"name": "default_flow", "inputs": [ __rsyslog_input.name ], "outputs": ["default_files"]} ], true) %} {% set outdict = {} %} {% for flow in rsyslog_flows %} -{% if flow.inputs | intersect([ _input.name ]) %} +{% if flow.inputs | intersect([ __rsyslog_input.name ]) %} {% for oname in flow.outputs %} -{% set _ = outdict.__setitem__(oname, outdict.get(oname,[])|union([ _input.name ])) %} +{% set _ = outdict.__setitem__(oname, outdict.get(oname,[])|union([ __rsyslog_input.name ])) %} {% endfor %} {% endif %} {% endfor %} {% for tport in item_tcp_ports %} {% set __logging_loop_index = loop.index %} -{% if not _input.tls | d(false) | bool %} +{% if not __rsyslog_input.tls | d(false) | bool %} # Log messages from remote hosts over plain TCP -input(name="{{ _input.name }}_{{ __logging_loop_index }}" type="imptcp" port="{{ tport }}") +input(name="{{ __rsyslog_input.name }}_{{ __logging_loop_index }}" type="imptcp" port="{{ tport }}") {% else %} # Log messages from remote hosts over TLS -input(name="{{ _input.name }}_{{ __logging_loop_index }}" type="imtcp" port="{{ tport }}") +input(name="{{ __rsyslog_input.name }}_{{ __logging_loop_index }}" type="imtcp" port="{{ tport }}") {% endif %} {% for output in rsyslog_outputs %} {% if outdict[output.name] | d(false) %} if {% for inputname in outdict[output.name] %} -{% if inputname == _input.name %} +{% if inputname == __rsyslog_input.name %} {% if not loop.first %} or {% endif %} - ($inputname == "{{ _input.name }}_{{ __logging_loop_index }}") + ($inputname == "{{ __rsyslog_input.name }}_{{ __logging_loop_index }}") {% endif %} {% endfor %} then { diff --git a/roles/rsyslog/templates/input_remote_module.j2 b/roles/rsyslog/templates/input_remote_module.j2 index c53e7266..aeba0c74 100644 --- a/roles/rsyslog/templates/input_remote_module.j2 +++ b/roles/rsyslog/templates/input_remote_module.j2 @@ -1,14 +1,14 @@ -{# If both udp_ports and tcp_ports appear in the _input, \ +{# If both udp_ports and tcp_ports appear in the __rsyslog_input, \ udp_ports are used in the rsyslog config and tcp_ports are dropped. \ If both udp_ports and tcp_ports are not configured, \ it is default to 'tcp_ports: [514]'. #} -{% if _input.udp_ports | d([]) %} +{% if __rsyslog_input.udp_ports | d([]) %} # Read messages sent over UDP module(load="imudp" threads="{{ logging_udp_threads }}" TimeRequery="{{ logging_udp_system_time_requery }}" BatchSize="{{ logging_udp_batch_size }}") {% else %} -{% if not _input.tls | d(false) | bool %} +{% if not __rsyslog_input.tls | d(false) | bool %} # Read messages sent over plain TCP module(load="imptcp" threads="{{ logging_tcp_threads }}") {% else %} @@ -16,11 +16,11 @@ module(load="imptcp" threads="{{ logging_tcp_threads }}") module(load="imtcp" StreamDriver.Name="{{ __rsyslog_tls_netstream_driver }}" StreamDriver.Mode="1" - StreamDriver.AuthMode="{{ _input.pki_authmode | + StreamDriver.AuthMode="{{ __rsyslog_input.pki_authmode | d(__rsyslog_default_pki_authmode) }}" -{% if _input.pki_authmode | d() != 'anon' %} -{% if _input.permitted_clients | d() %} - PermittedPeer=["{{ _input.permitted_clients | join('","') }}"] +{% if __rsyslog_input.pki_authmode | d() != 'anon' %} +{% if __rsyslog_input.permitted_clients | d() %} + PermittedPeer=["{{ __rsyslog_input.permitted_clients | join('","') }}"] {% else %} PermittedPeer=["*.{{ logging_domain }}"] {% endif %} diff --git a/roles/rsyslog/templates/input_template.j2 b/roles/rsyslog/templates/input_template.j2 index 290b8e1b..1d80609f 100644 --- a/roles/rsyslog/templates/input_template.j2 +++ b/roles/rsyslog/templates/input_template.j2 @@ -1,9 +1,9 @@ -{% set rsyslog_flows = logging_flows | d([ {"name": "default_flow", "inputs": [ _input.name ], "outputs": ["default_files"]} ], true) %} +{% set rsyslog_flows = logging_flows | d([ {"name": "default_flow", "inputs": [ __rsyslog_input.name ], "outputs": ["default_files"]} ], true) %} {% set outdict = {} %} {% for flow in rsyslog_flows %} -{% if flow.inputs | intersect([ _input.name ]) %} +{% if flow.inputs | intersect([ __rsyslog_input.name ]) %} {% for oname in flow.outputs %} -{% set _ = outdict.__setitem__(oname, outdict.get(oname,[])|union([ _input.name ])) %} +{% set _ = outdict.__setitem__(oname, outdict.get(oname,[])|union([ __rsyslog_input.name ])) %} {% endfor %} {% endif %} {% endfor %} @@ -11,16 +11,16 @@ {% if outdict[output.name] | d(false) %} if {% for inputname in outdict[output.name] %} -{% if inputname == _input.name %} +{% if inputname == __rsyslog_input.name %} {% if not loop.first %} or {% endif %} -{% if _input.type == "basics" %} +{% if __rsyslog_input.type == "basics" %} ($inputname == "imjournal" or $inputname == "imuxsock") -{% elif _input.type == "remote" %} - ($inputname == "{{ _input.name }}") +{% elif __rsyslog_input.type == "remote" %} + ($inputname == "{{ __rsyslog_input.name }}") {% else %} - ($syslogtag == "{{ _input.name }}") + ($syslogtag == "{{ __rsyslog_input.name }}") {% endif %} {% endif %} {% endfor %} diff --git a/roles/rsyslog/templates/output_elasticsearch.j2 b/roles/rsyslog/templates/output_elasticsearch.j2 index e6cd2a94..b370e5c1 100644 --- a/roles/rsyslog/templates/output_elasticsearch.j2 +++ b/roles/rsyslog/templates/output_elasticsearch.j2 @@ -1,4 +1,4 @@ -ruleset(name="{{ _output.name }}") { +ruleset(name="{{ __rsyslog_output.name }}") { if (strlen($.omes) > 0) and (strlen($.omes!status) > 0) then { # retry case if ($.omes!status == 200) or ($.omes!status == 201) or (($.omes!status == 409) and ($.omes!writeoperation == "create")) then { @@ -29,57 +29,57 @@ ruleset(name="{{ _output.name }}") { } else { set $.index_name = exec_template("prefix_index_template"); } - if ($.input_type == "{{ _output.input_type | d('ovirt') }}") and ($.index_prefix startswith "{{ _output.index_prefix }}") then { + if ($.input_type == "{{ __rsyslog_output.input_type | d('ovirt') }}") and ($.index_prefix startswith "{{ __rsyslog_output.index_prefix }}") then { action( type="omelasticsearch" - name="{{ _output.name }}" -{% if _output.server_host is string %} - server="{{ _output.server_host }}" -{% elif _output.server_host is sequence %} - server=[{% for srv in _output.server_host %}"{{ srv }}"{{ '' if loop.last else ', ' }}{% endfor %}] + name="{{ __rsyslog_output.name }}" +{% if __rsyslog_output.server_host is string %} + server="{{ __rsyslog_output.server_host }}" +{% elif __rsyslog_output.server_host is sequence %} + server=[{% for srv in __rsyslog_output.server_host %}"{{ srv }}"{{ '' if loop.last else ', ' }}{% endfor %}] {% else %} server="logging-es" {% endif %} - serverport="{{ _output.server_port | d(9200) | int }}" - template="{{ _output.template | d("es_template") }}" - searchIndex="{{ _output.searchIndex | d("index_template") }}" - dynSearchIndex="{{ _output.dynSearchIndex | d(true) | ternary('on', 'off') }}" - searchType="{{ _output.searchType | d("com.redhat.viaq.common") }}" - bulkmode="{{ _output.bulkmode | d(true) | ternary('on', 'off') }}" - writeoperation="{{ _output.writeoperation | d("create") }}" - bulkid="{{ _output.bulkid | d("id_template") }}" - dynbulkid="{{ _output.dynbulkid | d(true) | ternary('on', 'off') }}" - allowUnsignedCerts="{{ _output.allowUnsignedCerts | d(false) | ternary('on', 'off') }}" -{% if _output.retryfailures | d(true) %} + serverport="{{ __rsyslog_output.server_port | d(9200) | int }}" + template="{{ __rsyslog_output.template | d("es_template") }}" + searchIndex="{{ __rsyslog_output.searchIndex | d("index_template") }}" + dynSearchIndex="{{ __rsyslog_output.dynSearchIndex | d(true) | ternary('on', 'off') }}" + searchType="{{ __rsyslog_output.searchType | d("com.redhat.viaq.common") }}" + bulkmode="{{ __rsyslog_output.bulkmode | d(true) | ternary('on', 'off') }}" + writeoperation="{{ __rsyslog_output.writeoperation | d("create") }}" + bulkid="{{ __rsyslog_output.bulkid | d("id_template") }}" + dynbulkid="{{ __rsyslog_output.dynbulkid | d(true) | ternary('on', 'off') }}" + allowUnsignedCerts="{{ __rsyslog_output.allowUnsignedCerts | d(false) | ternary('on', 'off') }}" +{% if __rsyslog_output.retryfailures | d(true) %} retryfailures="on" -{% if _output.retryruleset | d() | length > 0 %} - retryruleset="{{ _output.retryruleset }}" +{% if __rsyslog_output.retryruleset | d() | length > 0 %} + retryruleset="{{ __rsyslog_output.retryruleset }}" {% else %} - retryruleset="{{ _output.name }}" + retryruleset="{{ __rsyslog_output.name }}" {% endif %} {% else %} retryfailures="off" {% endif %} - usehttps="{{ _output.usehttps | d(true) | ternary('on', 'off') }}" -{% if (_output.tls is defined) | ternary(_output.tls, _output.use_cert | d(true)) %} -{% if _output.ca_cert is defined %} -{% set __cacert = _output.ca_cert %} -{% elif _output.ca_cert_src is defined %} -{% set __cacert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + _output.ca_cert_src | basename %} + usehttps="{{ __rsyslog_output.usehttps | d(true) | ternary('on', 'off') }}" +{% if (__rsyslog_output.tls is defined) | ternary(__rsyslog_output.tls, __rsyslog_output.use_cert | d(true)) %} +{% if __rsyslog_output.ca_cert is defined %} +{% set __cacert = __rsyslog_output.ca_cert %} +{% elif __rsyslog_output.ca_cert_src is defined %} +{% set __cacert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + __rsyslog_output.ca_cert_src | basename %} {% else %} {% set __cacert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + 'es-ca.crt' %} {% endif %} -{% if _output.cert is defined %} -{% set __mycert = _output.cert %} -{% elif _output.cert_src is defined %} -{% set __mycert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + _output.cert_src | basename %} +{% if __rsyslog_output.cert is defined %} +{% set __mycert = __rsyslog_output.cert %} +{% elif __rsyslog_output.cert_src is defined %} +{% set __mycert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + __rsyslog_output.cert_src | basename %} {% else %} {% set __mycert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + 'es-cert.pem' %} {% endif %} -{% if _output.private_key is defined %} -{% set __myprivkey = _output.private_key %} -{% elif _output.private_key_src is defined %} -{% set __myprivkey = __rsyslog_default_pki_path + __rsyslog_default_pki_key_dir + _output.private_key_src | basename %} +{% if __rsyslog_output.private_key is defined %} +{% set __myprivkey = __rsyslog_output.private_key %} +{% elif __rsyslog_output.private_key_src is defined %} +{% set __myprivkey = __rsyslog_default_pki_path + __rsyslog_default_pki_key_dir + __rsyslog_output.private_key_src | basename %} {% else %} {% set __myprivkey = __rsyslog_default_pki_path + __rsyslog_default_pki_key_dir + 'es-key.pem' %} {% endif %} @@ -87,8 +87,8 @@ ruleset(name="{{ _output.name }}") { tls.mycert="{{ __mycert }}" tls.myprivkey="{{ __myprivkey }}" {% endif %} -{% if logging_elasticsearch_password | length > 0 and _output.uid is defined and _output.uid | length > 0 %} - uid="{{ _output.uid }}" +{% if logging_elasticsearch_password | length > 0 and __rsyslog_output.uid is defined and __rsyslog_output.uid | length > 0 %} + uid="{{ __rsyslog_output.uid }}" pwd="{{ logging_elasticsearch_password }}" {% endif %} ) diff --git a/roles/rsyslog/templates/output_files.j2 b/roles/rsyslog/templates/output_files.j2 index 11e48c15..b637760e 100644 --- a/roles/rsyslog/templates/output_files.j2 +++ b/roles/rsyslog/templates/output_files.j2 @@ -1,15 +1,15 @@ -{% if _output.path is defined %} -ruleset(name="{{ _output.name }}") { -{% if _output.property | d() %} - :{{ _output.property }}, {{ _output.property_op | d('contains') }}, "{{ _output.property_value | d('error') }}" {{ _output.path }} -{% elif _output.exclude | d([]) %} - {{ _output.facility | d('*') }}.{{ _output.severity | d('*') }};{{ _output.exclude | join(';') }} {{ _output.path }} +{% if __rsyslog_output.path is defined %} +ruleset(name="{{ __rsyslog_output.name }}") { +{% if __rsyslog_output.property | d() %} + :{{ __rsyslog_output.property }}, {{ __rsyslog_output.property_op | d('contains') }}, "{{ __rsyslog_output.property_value | d('error') }}" {{ __rsyslog_output.path }} +{% elif __rsyslog_output.exclude | d([]) %} + {{ __rsyslog_output.facility | d('*') }}.{{ __rsyslog_output.severity | d('*') }};{{ __rsyslog_output.exclude | join(';') }} {{ __rsyslog_output.path }} {% else %} - {{ _output.facility | d('*') }}.{{ _output.severity | d('*') }} {{ _output.path }} + {{ __rsyslog_output.facility | d('*') }}.{{ __rsyslog_output.severity | d('*') }} {{ __rsyslog_output.path }} {% endif %} } {% else %} -ruleset(name="{{ _output.name }}") { +ruleset(name="{{ __rsyslog_output.name }}") { # Log all kernel messages to the console. # Logging much else clutters up the screen. kern.* /dev/console diff --git a/roles/rsyslog/templates/output_forwards.j2 b/roles/rsyslog/templates/output_forwards.j2 index 3f33d44d..afa40e38 100644 --- a/roles/rsyslog/templates/output_forwards.j2 +++ b/roles/rsyslog/templates/output_forwards.j2 @@ -1,28 +1,28 @@ -{% if _output.tcp_port | d() %} -{% set __forwards_port = _output.tcp_port %} +{% if __rsyslog_output.tcp_port | d() %} +{% set __forwards_port = __rsyslog_output.tcp_port %} {% set __forwards_protocol = 'tcp' %} -{% elif _output.udp_port | d() %} -{% set __forwards_port = _output.udp_port %} +{% elif __rsyslog_output.udp_port | d() %} +{% set __forwards_port = __rsyslog_output.udp_port %} {% set __forwards_protocol = 'udp' %} {% else %} {% set __forwards_port = '' %} {% set __forwards_protocol = '' %} {% endif %} -ruleset(name="{{ _output.name }}") { -{% if _output.property | d() %} - :{{ _output.property }}, {{ _output.property_op | d('contains') }}, "{{ _output.property_value | d('error') }}" action(name="{{ _output.name }}" -{% elif _output.exclude | d([]) %} - {{ _output.facility | d('*') }}.{{ _output.severity | d('*') }};{{ _output.exclude | join(';') }} action(name="{{ _output.name }}" +ruleset(name="{{ __rsyslog_output.name }}") { +{% if __rsyslog_output.property | d() %} + :{{ __rsyslog_output.property }}, {{ __rsyslog_output.property_op | d('contains') }}, "{{ __rsyslog_output.property_value | d('error') }}" action(name="{{ __rsyslog_output.name }}" +{% elif __rsyslog_output.exclude | d([]) %} + {{ __rsyslog_output.facility | d('*') }}.{{ __rsyslog_output.severity | d('*') }};{{ __rsyslog_output.exclude | join(';') }} action(name="{{ __rsyslog_output.name }}" {% else %} - {{ _output.facility | d('*') }}.{{ _output.severity | d('*') }} action(name="{{ _output.name }}" + {{ __rsyslog_output.facility | d('*') }}.{{ __rsyslog_output.severity | d('*') }} action(name="{{ __rsyslog_output.name }}" {% endif %} type="omfwd" - Target="{{ _output.target }}" -{% if _output.tls | d(false) | bool %} + Target="{{ __rsyslog_output.target }}" +{% if __rsyslog_output.tls | d(false) | bool %} StreamDriver="{{ __rsyslog_tls_netstream_driver }}" StreamDriverMode="1" - StreamDriverAuthMode="{{ _output.pki_authmode | d(__rsyslog_default_pki_authmode) }}" - StreamDriverPermittedPeers="{{ _output.permitted_server | d('*.' + logging_domain) }}" + StreamDriverAuthMode="{{ __rsyslog_output.pki_authmode | d(__rsyslog_default_pki_authmode) }}" + StreamDriverPermittedPeers="{{ __rsyslog_output.permitted_server | d('*.' + logging_domain) }}" {% endif %} {% if __forwards_port != '' %} Port="{{ __forwards_port }}" diff --git a/roles/rsyslog/templates/output_relp.j2 b/roles/rsyslog/templates/output_relp.j2 index bc4af11d..8dc566ad 100644 --- a/roles/rsyslog/templates/output_relp.j2 +++ b/roles/rsyslog/templates/output_relp.j2 @@ -1,27 +1,27 @@ -ruleset(name="{{ _output.name }}") { - action(name="{{ _output.name }}" +ruleset(name="{{ __rsyslog_output.name }}") { + action(name="{{ __rsyslog_output.name }}" type="omrelp" - target="{{ _output.target }}" - port="{{ _output.port | d(20514) | int }}" -{% if _output.tls | default(true) %} -{% if _output.ca_cert is defined %} -{% set __cacert = _output.ca_cert %} -{% elif _output.ca_cert_src is defined %} -{% set __cacert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + _output.ca_cert_src | basename %} + target="{{ __rsyslog_output.target }}" + port="{{ __rsyslog_output.port | d(20514) | int }}" +{% if __rsyslog_output.tls | default(true) %} +{% if __rsyslog_output.ca_cert is defined %} +{% set __cacert = __rsyslog_output.ca_cert %} +{% elif __rsyslog_output.ca_cert_src is defined %} +{% set __cacert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + __rsyslog_output.ca_cert_src | basename %} {% else %} {% set __cacert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + 'relp-ca.crt' %} {% endif %} -{% if _output.cert is defined %} -{% set __mycert = _output.cert %} -{% elif _output.cert_src is defined %} -{% set __mycert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + _output.cert_src | basename %} +{% if __rsyslog_output.cert is defined %} +{% set __mycert = __rsyslog_output.cert %} +{% elif __rsyslog_output.cert_src is defined %} +{% set __mycert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + __rsyslog_output.cert_src | basename %} {% else %} {% set __mycert = __rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + 'relp-cert.pem' %} {% endif %} -{% if _output.private_key is defined %} -{% set __myprivkey = _output.private_key %} -{% elif _output.private_key_src is defined %} -{% set __myprivkey = __rsyslog_default_pki_path + __rsyslog_default_pki_key_dir + _output.private_key_src | basename %} +{% if __rsyslog_output.private_key is defined %} +{% set __myprivkey = __rsyslog_output.private_key %} +{% elif __rsyslog_output.private_key_src is defined %} +{% set __myprivkey = __rsyslog_default_pki_path + __rsyslog_default_pki_key_dir + __rsyslog_output.private_key_src | basename %} {% else %} {% set __myprivkey = __rsyslog_default_pki_path + __rsyslog_default_pki_key_dir + 'relp-key.pem' %} {% endif %} @@ -29,9 +29,9 @@ ruleset(name="{{ _output.name }}") { tls.cacert="{{ __cacert }}" tls.mycert="{{ __mycert }}" tls.myprivkey="{{ __myprivkey }}" - tls.authmode="{{ _output.pki_authmode | d('name') }}" -{% if _output.permitted_servers is defined %} - tls.permittedpeer=["{{ _output.permitted_servers | join('","') }}"] + tls.authmode="{{ __rsyslog_output.pki_authmode | d('name') }}" +{% if __rsyslog_output.permitted_servers is defined %} + tls.permittedpeer=["{{ __rsyslog_output.permitted_servers | join('","') }}"] {% else %} tls.permittedpeer=["{{ '*.' + logging_domain }}"] {% endif %} diff --git a/roles/rsyslog/templates/output_remote_files.j2 b/roles/rsyslog/templates/output_remote_files.j2 index 45ae5e63..03fff167 100644 --- a/roles/rsyslog/templates/output_remote_files.j2 +++ b/roles/rsyslog/templates/output_remote_files.j2 @@ -1,28 +1,28 @@ -{% if _output.remote_log_path | d() or _output.remote_sub_path | d() %} -{% if _output.remote_log_path | d() %} -{% set __remote_log_path = _output.remote_log_path %} +{% if __rsyslog_output.remote_log_path | d() or __rsyslog_output.remote_sub_path | d() %} +{% if __rsyslog_output.remote_log_path | d() %} +{% set __remote_log_path = __rsyslog_output.remote_log_path %} {% else %} -{% set __remote_log_path = __rsyslog_system_log_dir ~ _output.remote_sub_path %} +{% set __remote_log_path = __rsyslog_system_log_dir ~ __rsyslog_output.remote_sub_path %} {% endif %} -{% if _output.comment | d() %} -# {{ _output.comment }} +{% if __rsyslog_output.comment | d() %} +# {{ __rsyslog_output.comment }} {% endif %} template( - name="{{ _output.name }}_template" + name="{{ __rsyslog_output.name }}_template" type="string" string="{{ __remote_log_path }}" ) -ruleset(name="{{ _output.name }}" +ruleset(name="{{ __rsyslog_output.name }}" queue.type="{{ logging_server_queue_type }}" queue.size="{{ logging_server_queue_size }}" queue.workerThreads="{{ logging_server_threads }}") { # Store remote logs in separate logfiles -{% if _output.property | d() %} - :{{ _output.property }}, {{ _output.property_op | d('contains') }}, "{{ _output.property_value | d('error') }}" action(name="{{ _output.name }}" type="omfile" DynaFile="{{ _output.name }}_template" DynaFileCacheSize="{{ _output.client_count | d(10) }}" ioBufferSize="{{ _output.io_buffer_size | d('65536') }}" asyncWriting="{{ 'on' if _output.async_writing | d(false) | bool else 'off' }}") -{% elif _output.exclude | d([]) %} - {{ _output.facility | d('*') }}.{{ _output.severity | d('*') }};{{ _output.exclude | join(';') }} action(name="{{ _output.name }}" type="omfile" DynaFile="{{ _output.name }}_template" DynaFileCacheSize="{{ _output.client_count | d(10) }}" ioBufferSize="{{ _output.io_buffer_size | d('65536') }}" asyncWriting="{{ 'on' if _output.async_writing | d(false) | bool else 'off' }}") +{% if __rsyslog_output.property | d() %} + :{{ __rsyslog_output.property }}, {{ __rsyslog_output.property_op | d('contains') }}, "{{ __rsyslog_output.property_value | d('error') }}" action(name="{{ __rsyslog_output.name }}" type="omfile" DynaFile="{{ __rsyslog_output.name }}_template" DynaFileCacheSize="{{ __rsyslog_output.client_count | d(10) }}" ioBufferSize="{{ __rsyslog_output.io_buffer_size | d('65536') }}" asyncWriting="{{ 'on' if __rsyslog_output.async_writing | d(false) | bool else 'off' }}") +{% elif __rsyslog_output.exclude | d([]) %} + {{ __rsyslog_output.facility | d('*') }}.{{ __rsyslog_output.severity | d('*') }};{{ __rsyslog_output.exclude | join(';') }} action(name="{{ __rsyslog_output.name }}" type="omfile" DynaFile="{{ __rsyslog_output.name }}_template" DynaFileCacheSize="{{ __rsyslog_output.client_count | d(10) }}" ioBufferSize="{{ __rsyslog_output.io_buffer_size | d('65536') }}" asyncWriting="{{ 'on' if __rsyslog_output.async_writing | d(false) | bool else 'off' }}") {% else %} - {{ _output.facility | d('*') }}.{{ _output.severity | d('*') }} action(name="{{ _output.name }}" type="omfile" DynaFile="{{ _output.name }}_template" DynaFileCacheSize="{{ _output.client_count | d(10) }}" ioBufferSize="{{ _output.io_buffer_size | d('65536') }}" asyncWriting="{{ 'on' if _output.async_writing | d(false) | bool else 'off' }}") + {{ __rsyslog_output.facility | d('*') }}.{{ __rsyslog_output.severity | d('*') }} action(name="{{ __rsyslog_output.name }}" type="omfile" DynaFile="{{ __rsyslog_output.name }}_template" DynaFileCacheSize="{{ __rsyslog_output.client_count | d(10) }}" ioBufferSize="{{ __rsyslog_output.io_buffer_size | d('65536') }}" asyncWriting="{{ 'on' if __rsyslog_output.async_writing | d(false) | bool else 'off' }}") {% endif %} } {% else %} @@ -55,7 +55,7 @@ template( string="{{ __remote_log_path }}/mail/%FROMHOST%/%PROGRAMNAME:::secpath-replace%.log" ) -ruleset(name="{{ _output.name }}") { +ruleset(name="{{ __rsyslog_output.name }}") { # Store remote logs in separate logfiles authpriv.* action(name="remote_authpriv_host_log" type="omfile" DynaFile="RemoteHostAuthLog") *.info;mail.none;authpriv.none;cron.none action(name="remote_message" type="omfile" DynaFile="RemoteMessage") diff --git a/roles/rsyslog/vars/inputs/ovirt/main.yml b/roles/rsyslog/vars/inputs/ovirt/main.yml index 0fd5f179..fba50578 100644 --- a/roles/rsyslog/vars/inputs/ovirt/main.yml +++ b/roles/rsyslog/vars/inputs/ovirt/main.yml @@ -36,7 +36,7 @@ rsyslog_conf_ovirt_local_modules: sections: - options: |- - {% if logging_inputs | selectattr('name', 'defined') | + {% if rsyslog_inputs | selectattr('name', 'defined') | selectattr('type', 'defined') | selectattr('type', 'match', '^basics$') | list | length == 0 %} # Log messages sent to local UNIX socket with use=off' diff --git a/tasks/main.yml b/tasks/main.yml index ad613066..7384497e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,65 +2,30 @@ - name: Set Rsyslog facts then include rsyslog role block: - - name: Set rsyslog_output_elasticsearch for the omelasticsearch output - set_fact: - rsyslog_output_elasticsearch: "{{ logging_outputs | - selectattr('name', 'defined') | - selectattr('type', 'defined') | - selectattr('type', 'match', '^elasticsearch$') | - selectattr('server_host', 'defined') | list }}" - - - name: Set rsyslog_output_files for the omfile outputs - set_fact: - rsyslog_output_files: "{{ logging_outputs | - selectattr('name', 'defined') | - selectattr('type', 'defined') | - selectattr('type', 'match', '^files$') | list }}" - - - name: "Set files output if rsyslog_output_files is empty + - name: "Set files output if files output is not defined and logging_inputs is not empty" set_fact: - rsyslog_output_files: [ {"name": "default_files", "type": "files"} ] + __rsyslog_output_files: [ {"name": "default_files", "type": "files"} ] when: - - rsyslog_output_files | d([]) | length == 0 - - logging_inputs | d([]) - - - name: Set rsyslog_output_forwards for the omfwd output - set_fact: - rsyslog_output_forwards: "{{ logging_outputs | + - logging_outputs | d([]) | selectattr('name', 'defined') | selectattr('type', 'defined') | - selectattr('target', 'defined') | - selectattr('type', 'match', '^forwards$') | list }}" - - - name: "Set rsyslog_output_remote_files for the omfwd output - for the remote input" - set_fact: - rsyslog_output_remote_files: "{{ logging_outputs | - selectattr('name', 'defined') | selectattr('type', 'defined') | - selectattr('type', 'match', '^remote_files$') | list }}" + selectattr('type', 'match', '^files$') | + list | length == 0 + - logging_inputs | d([]) - - name: Set rsyslog_output_relp for the relp output + - name: Set rsyslog_outputs set_fact: - rsyslog_output_relp: "{{ logging_outputs | + rsyslog_outputs: "{{ logging_outputs | d([]) | selectattr('name', 'defined') | - selectattr('type', 'defined') | - selectattr('type', 'match', '^relp$') | - selectattr('target', 'defined') | list }}" + selectattr('type', 'defined') | list }} + + {{ __rsyslog_output_files | d([]) }}" - - name: Set rsyslog_input_relp for the relp input + - name: Set rsyslog_inputs set_fact: - rsyslog_input_relp: "{{ logging_inputs | selectattr('name', 'defined') | - selectattr('type', 'defined') | - selectattr('type', 'match', '^relp$') | list }}" - - - name: Set rsyslog_outputs - set_fact: - rsyslog_outputs: '{{ rsyslog_output_elasticsearch | d([]) }} + - {{ rsyslog_output_files | d([]) }} + - {{ rsyslog_output_forwards | d([]) }} + - {{ rsyslog_output_remote_files | d([]) }} + - {{ rsyslog_output_relp | d([]) }}' + rsyslog_inputs: "{{ logging_inputs | d([]) | + selectattr('name', 'defined') | + selectattr('type', 'defined') | list }}" - name: Set custom_config_files fact set_fact: diff --git a/tests/tests_files_elasticsearch.yml b/tests/tests_files_elasticsearch.yml index 88cc0083..0c391747 100644 --- a/tests/tests_files_elasticsearch.yml +++ b/tests/tests_files_elasticsearch.yml @@ -418,11 +418,10 @@ rescue: - debug: - msg: "Caught an expected error - - {{ ansible_failed_result.results }}" + msg: "Caught an expected error - {{ ansible_failed_result }}" - name: assert... assert: - that: ansible_failed_result.results.0.msg is match(__expected_err1) + that: ansible_failed_result.msg is match(__expected_err1) - name: END TEST CASE 3; Clean up the deployed config vars: @@ -488,11 +487,10 @@ rescue: - debug: - msg: "Caught an expected error - - {{ ansible_failed_result.results }}" + msg: "Caught an expected error - {{ ansible_failed_result }}" - name: assert... assert: - that: ansible_failed_result.results.0.msg is match(__expected_err1) + that: ansible_failed_result.msg is match(__expected_err1) - name: END TEST CASE 4; Clean up the deployed config vars: diff --git a/tests/tests_ovirt_elasticsearch.yml b/tests/tests_ovirt_elasticsearch.yml index f6abcc7d..7b9b4bf4 100644 --- a/tests/tests_ovirt_elasticsearch.yml +++ b/tests/tests_ovirt_elasticsearch.yml @@ -29,7 +29,7 @@ logging_elasticsearch_password: password0 logging_outputs: - name: default_files - type: file + type: files - name: elasticsearch_output type: elasticsearch server_host: logging-es @@ -191,7 +191,7 @@ logging_elasticsearch_password: password0 logging_outputs: - name: default_files - type: file + type: files state: absent - name: elasticsearch_output type: elasticsearch @@ -257,7 +257,7 @@ vars: logging_outputs: - name: default_files - type: file + type: files - name: elasticsearch_output type: elasticsearch server_host: [logging-es0, logging-es1] @@ -456,7 +456,7 @@ logging_enabled: false logging_outputs: - name: default_files - type: file + type: files state: absent - name: elasticsearch_output type: elasticsearch