Added forward rule in rsyslog directory

[billmetangmo]

Hi Robert, thanks for sharing your role with community.

---

name: Added forward rule in rsyslog directory about: rsyslog forward rule file

---

Describe the change

Currently the log forwads rule is written directly in rsyslog.conf, this means that the default config is overwritten. This can cause issues because some want to keep default rsyslog config. In my case ( debian duster 10), it was different from your default legacy/advanced file so i needed a way to keep it as it is and just a dd a forward rule.

Here's my rsyslo conf file:

# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html

#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

###############
#### RULES ####
###############

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
#cron.*                         /var/log/cron.log
daemon.*                        -/var/log/daemon.log
kern.*                          -/var/log/kern.log
lpr.*                           -/var/log/lpr.log
mail.*                          -/var/log/mail.log
user.*                          -/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info                       -/var/log/mail.info
mail.warn                       -/var/log/mail.warn
mail.err                        /var/log/mail.err

#
# Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none     -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg                         :omusrmsg:*

Also, when rsyslog_deploy_default_config is set to false, rsyslog can't start because no rules were added. I changed the behaviour rsyslog_deploy_default_config so that:

• when true the behaviour is the same as previously
• when it's false, rsyslog.conf is not overwritten but a new forward rule file ( named after a new variable rsyslog_forward_rule_name) is created in /etc/rsysconf.d based on new template file forward_rule.conf.j2.

Testing Molecule test provided

[robertdebock]

Thanks @billmetangmo for this, I've just pushed some 50 or so commits, CI will take a moment.

Looks good overall, I'll inspect the details when CI has passed. Let me know if you need help with getting the tests green.

Regards,

Robert de Bock.

[billmetangmo]

Thanks @robertdebock . I need your help: It seems to have an issue with the below assert:

- name: test if rsyslog_dircreatemode is set correctly
  assert:
    that:
      - rsyslog_dircreatemode is defined
      - rsyslog_dircreatemode is number
      - rsyslog_dircreatemode | regex_search('^0')
    quiet: yes

I got an error with

fatal: [rsyslog-alpine-latestpy38-ansible-current]: FAILED! => changed=false 
  assertion: rsyslog_dircreatemode | regex_search('^0')
  evaluated_to: false
  msg: Assertion failed

I think it's the same you have with your last commit as rsyslog_dircreatemode is now a number. I tried to replaceregex_search('^0') by regex_search('^[0][0-7]{3}') but it does not work.

[robertdebock]

You can remove this assertion:

- rsyslog_dircreatemode | regex_search('^0')

It's a bit overkill anyway. Thanks!

[robertdebock]

Yes, CI passes, congratulations. Let me check all the proposed changes.

[billmetangmo]

Nice, let me know if there is an issue.

[robertdebock]

I'll merge, but will undo a few things:

rsyslog_dircreatemode: "0700"

I think the value 0700 needs to be quoted, otherwise the leading 0 may be lost. This means I'l restore - rsyslog_dircreatemode | int.

Anyway, I'll merge, work on it a bit and have it included in the next version. Thanks!

[billmetangmo]

Thanks @robertdebock