Select Git revision
logging.yml
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
logging.yml 1.87 KiB
---
# file: roles/common/task/logging.yml
- name: restrict dmesg access to only root
sysctl: name=kernel.dmesg_restrict value=1 state=present sysctl_set=yes
tags:
- security
- sysctl
- config
- name: ensure system journal is a system-log-daemon with our package
apt: name=systemd-journal-persistent state=present
when:
- syslogserver is not defined or syslogserver.split(":")[0] != ansible_fqdn
- ansible_distribution_major_version|int >= 9
register: syslog_provider
tags:
- config
- syslog
- name: ensure systemd journal is presistent
file: path=/var/log/journal state=directory
when:
- ansible_distribution_major_version|int < 9
notify:
- configure journal directory
tags:
- config
- syslog
- name: ensure rsyslog is absent without broken dependecies
apt: name=rsyslog state=absent purge=yes dpkg_options="force-confdef,force-confold,force-depends"
when:
- not syslog_provider|skipped
- ansible_distribution_major_version|int >= 9
- syslogserver is not defined or syslogserver.split(":")[0] != ansible_fqdn
tags:
- config
- syslog
- name: ensure rsyslog is running and enabled
service: name=rsyslog state=running enabled=yes
when:
- syslogserver is defined
- syslogserver|length > 0
- ansible_distribution_major_version|int < 9
tags:
- syslog
- service
- name: ensure that central logging works
template: src=rsyslog.conf.j2 dest=/etc/rsyslog.conf owner=root group=root mode=0644
when:
- syslogserver is defined
- syslogserver|length > 0
- syslogserver.split(":")[0] != ansible_fqdn
- ansible_distribution_major_version|int < 9
notify:
- restart rsyslogd
tags:
- syslog
- config
- name: ensure our logrotate.conf is present
copy: src=logrotate.conf dest=/etc/logrotate.conf owner=root group=root mode=0644
tags:
- syslog
- config