kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Initial Chef repository

Browse Source
This commit is contained in:
Greg Karékinian
2015-07-21 19:45:23 +02:00
parent 7e5401fc71
commit ee4079fa85
1151 changed files with 185163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
cookbooks/rsyslog/.gitignore vendored Normal file
View File

@@ -0,0 +1,41 @@
*.gem
.zero-knife.rb
*.rbc
.bundle
.config
coverage
InstalledFiles
lib/bundler/man
pkg
rdoc
spec/reports
test/tmp
test/version_tmp
tmp
Gemfile.lock
_Store
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
*.tmp
*.bk
*.bkup
# YARD artifacts
.yardoc
_yardoc
doc/
#chef stuff
Berksfile.lock
.kitchen
.kitchen.local.yml
vendor/
.coverage/
#vagrant stuff
.vagrant/
.vagrant.d/

86
cookbooks/rsyslog/.kitchen.busted.yml Normal file
View File

@@ -0,0 +1,86 @@
---
driver_plugin: vagrant
driver_plugin: digitalocean
driver_config:
digitalocean_client_id: <%= ENV['DIGITAL_OCEAN_CLIENT_ID'] %>
digitalocean_api_key: <%= ENV['DIGITAL_OCEAN_API_KEY'] %>
aws_access_key_id: <%= ENV['AWS_ACCESS_KEY_ID'] %>
aws_secret_access_key: <%= ENV['AWS_SECRET_ACCESS_KEY'] %>
aws_ssh_key_id: <%= ENV['AWS_KEYPAIR_NAME'] %>
ssh_key: <%= ENV['AWS_PRIVATE_KEY_PATH'] %>
rackspace_username: <%= ENV['RACKSPACE_USERNAME'] %>
rackspace_api_key: <%= ENV['RACKSPACE_API_KEY'] %>
require_chef_omnibus: latest
platforms:
# - name: omnios-r151006c
# driver_plugin: ec2
# driver_config:
# image_id: ami-35eb835c
# username: root
- name: centos-5.8
driver_plugin: digitalocean
driver_config:
image_id: 1601
flavor_id: 63
region_id: 4
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
- name: centos-6.4
driver_plugin: digitalocean
driver_config:
image_id: 562354
flavor_id: 63
region_id: 4
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
# - name: amazon-2013.09
# driver_plugin: ec2
# driver_config:
# image_id: ami-3be4bc52
# username: ec2-user
- name: ubuntu-1004
driver_plugin: digitalocean
driver_config:
image_id: 14097
flavor_id: 63
region_id: 4
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
run_list:
- recipe[apt]
- name: ubuntu-1204
driver_plugin: digitalocean
driver_config:
image_id: 1505447
flavor_id: 63
region_id: 4
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
run_list:
- recipe[apt]
suites:
- name: default
run_list:
- recipe[rsyslog::default]
- name: relp
run_list:
- recipe[rsyslog::default]
attributes:
rsyslog:
use_relp: true
# CentOS and OmniOS do not support relp
excludes:
- centos-5.8
- omnios-r151006c
- name: client
run_list:
- recipe[rsyslog::client]
attributes:
rsyslog:
server_ip: 10.0.0.50
- name: server
run_list:
- recipe[rsyslog::server]

92
cookbooks/rsyslog/.kitchen.cloud.yml Normal file
View File

@@ -0,0 +1,92 @@
---
driver_config:
digitalocean_client_id: <%= ENV['DIGITAL_OCEAN_CLIENT_ID'] %>
digitalocean_api_key: <%= ENV['DIGITAL_OCEAN_API_KEY'] %>
aws_access_key_id: <%= ENV['AWS_ACCESS_KEY_ID'] %>
aws_secret_access_key: <%= ENV['AWS_SECRET_ACCESS_KEY'] %>
aws_ssh_key_id: <%= ENV['AWS_KEYPAIR_NAME'] %>
provisioner:
name: chef_zero
require_chef_omnibus: latest
platforms:
- name: centos-5.8
driver_plugin: digitalocean
driver_config:
image_id: 1601
flavor_id: 63
region_id: 4
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
- name: centos-6.4
driver_plugin: digitalocean
driver_config:
image_id: 562354
flavor_id: 63
region_id: 4
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
# - name: amazon-2013.09
# driver_plugin: ec2
# driver_config:
# image_id: ami-3be4bc52
# username: ec2-user
# ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %>
- name: fedora-19
driver_plugin: digitalocean
driver_config:
image_id: 696598
flavor_id: 63
region_id: 4
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
- name: ubuntu-1004
driver_plugin: digitalocean
driver_config:
image_id: 14097
flavor_id: 63
region_id: 4
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
run_list:
- recipe[apt]
- name: ubuntu-1204
driver_plugin: digitalocean
driver_config:
image_id: 1505447
flavor_id: 63
region_id: 4
ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %>
run_list:
- recipe[apt]
suites:
- name: default
run_list:
- recipe[rsyslog::default]
- name: relp
run_list:
- recipe[rsyslog::default]
attributes:
rsyslog:
use_relp: true
# CentOS and OmniOS do not support relp
excludes:
- centos-5.8
- omnios-r151006c
- name: client
run_list:
- recipe[rsyslog::client]
attributes:
rsyslog:
server_ip: 10.0.0.50
- name: server
run_list:
- recipe[rsyslog::server]

44
cookbooks/rsyslog/.kitchen.yml Normal file
View File

@@ -0,0 +1,44 @@
driver:
name: vagrant
provisioner:
name: chef_zero
platforms:
- name: centos-5.10
- name: centos-6.5
- name: centos-7.0
- name: debian-6.0.10
- name: debian-7.7
- name: fedora-20
- name: fedora-21
- name: ubuntu-10.04
- name: ubuntu-12.04
- name: ubuntu-14.04
suites:
- name: default
run_list:
- recipe[rsyslog::default]
- name: relp
run_list:
- recipe[rsyslog::default]
attributes:
rsyslog:
use_relp: true
# CentOS and OmniOS do not support relp
excludes:
- centos-5.10
- omnios-r151006c
- name: client
run_list:
- recipe[rsyslog_test::client]
attributes:
rsyslog:
server_ip: 10.0.0.50
- name: server
run_list:
- recipe[rsyslog_test::server]
- name: input_file_provider
run_list:
- recipe[rsyslog_test::input_file_provider]

17
cookbooks/rsyslog/.rubocop.yml Normal file
View File

@@ -0,0 +1,17 @@
AllCops:
Exclude:
- vendor/**/*
- Guardfile
AlignParameters:
Enabled: false
Encoding:
Enabled: false
HashSyntax:
Enabled: false
LineLength:
Enabled: false
MethodLength:
Max: 30
SingleSpaceBeforeFirstArg:
Enabled: false

75
cookbooks/rsyslog/.travis.yml Normal file
View File

@@ -0,0 +1,75 @@
language: ruby
bundler_args: --without kitchen_vagrant --without development
rvm:
- 2.1.1
before_install:
- echo -n $DO_KEY_CHUNK_{0..30} >> ~/.ssh/id_do.base64
- cat ~/.ssh/id_do.base64 | tr -d ' ' | base64 --decode > ~/.ssh/id_do.pem
- echo -n $EC2_KEY_CHUNK_{0..30} >> ~/.ssh/id_ec2.base64
- cat ~/.ssh/id_ec2.base64 | tr -d ' ' | base64 --decode > ~/.ssh/id_ec2.pem
script:
- bundle exec rake travis
after_script:
- bundle exec kitchen destroy
env:
global:
- secure: VTMb359XIsFfszhrq1znF2ANHITta2gyrOloF5GXEColSH1+XB1XikcTyTVeeloHLcLAjmID2LZSbTrhfXu7gT25uKk6AKFCYFo47kIqbvjR/2hChxsZPZJLspEOKl2HyPZvA8QGBJxbTVOVXs46wt1kOui8Hqr3nLbYlKRxnjs=
- secure: bLz73tc0pbS3htWCk6O3dxMfAxQys7RCwvXtc+z9vyLry+nXmHMNBj2irLoyi6ESKdN25LvvbGYtxevwr3e3MtyUNFXhrED4DqYZ6h2PWFY7x7V9ALXdmBXpWSXiycnE9aKbWA01QMSwta8mPHRk7viscXUDX1gab93fQbKG24w=
- secure: FMBQGoAQ3voqsse/tVJHITraljEmpLb+Nz5SDWQsUWmt2aE9yREOjlaoYOHlXY6O+1TwY+Houdb8MVn9oLv4G8nEPzo1f7fS6ddhIZCFZFo6ISGyd4FTw+Ym3401n+dzGFYuZ3JS0oLCZeO5Svvww6mI9eghz6tdXHkODUsUJI0=
- secure: jjI+SZKkwG5ckifd8hgi4gFVj/mOGj4eWK/Y0fpuwu4ycxj5pg2Fa2JgqJXJrmdd4DJMiN1FAPuEftSxErq/6v2doP7knmN+7QoCwsDTsVHlAAHvitL450/PO0dkr9+AY6EnKBu/ablppnNnCxsQqjuxXXfgT1lRVKHFgp4+J9E=
- secure: T2LMLomotIluZ4o/RWxQu4MYuXhHeHkaaHHjvJ1kLdbGcc7HsO0oHSuzHdtZNgPEfHjIUOpj8U5RbMZCCwKNJPJqHlQ3HykmzmNU669NAyTaxCfXDMfdoz3un4vx13FVB0SvX3YgU9J3FQ5P6oEXJynVHoGwlV2QVZ/Hhe0oA6k=
- secure: NrL2uUpo5B39ldZXgL/nmO+DsgciVhxq3WYbX817e54/wUBBJ3KZhk995G7WpnGDaW6EGtJMfpgnIMnqpEyeknW/oi0PTe0mcYd1x1zaijZNRZ97irkb0vHcpdJOyqVpPVyFV8G/ltItRCxhotzLAu5btq0MKD93V/hAcsWD4SQ=
- secure: K1Qjt6eF7ai3362EzShsWWGSq2xG22zj4idjOf1k8pJHrJ/7g/gMaN/bDpqYkksi7R/uD8dbqMTU6l/MBjRV2jzJ7kbG359OxVzXJoFUSxKkJX8TbLoX1P/dyt82XdVyU/j6SprNkhxy2/4uYvbF31ZAsEmiegdkqDbhBxBgmBA=
- secure: DBNraE+2aj4WTBkFbGtSIsxfl0stIAuRDH4ToDMEA6S54zvAIlFYdzjRcYRSOznk9HSk9lRIF/E4Q0RiF6WqZfp7uoHBbhKMNh+SD/anQ4lTyWhxKVTs/2onbr02aP9ztM/GIq3HqvZoLKrMFp2xBj88yOzblz8DZlkNMDPve24=
- secure: KUJpq3781JaY06GVy16L9dx8zFoOANN7I5Ar3juRoKzQztgSuKsqOhFlmZZpj1xX1IJsXEYkFYCvXB72bEBIvwGQnp4TV3LJPGvB1eePrNlheu0mXcxYQSSuAzXN1cg1ok5pgx/zSQovbChEVbQBRyYNnnRkJ41PaUmG8pWaM/I=
- secure: TN+FOCJkYo5tIGp35yqbYadTyIFK10TPqNMCpsfDNK/FXTRjp7GyqhUpTVlYvtDWaOwjqQLjart+ShTnZ8SOrk19znFDZm6PGk/2zVXirtU2zvvJMqqslxrMiVXMUE1ldH4d6U7cFT1ODuvWoUv41uKnbpygGZ+0Z8DMSSRX/x0=
- secure: RkynljZ2W5q4iqvsVkG+pepauzjUZomgf/4JTeRJiekGtvcrFnq+S0YJg9J7Ey9Iry8mHb034lS5OnIHyj8NaCL0vqDJEMVblasM1pVuLc65gv7rAP+5q5pHpwYVhUuerypGJFYKTd9ynhKkTvHOV6CYcqzOEsJGls8+vgvTfwU=
- secure: RsiAYfDJFsqEkJidJEzM4BGaqUwxy2avPSw1y4yh6XXWbgbOdx/eqSPf9ewHwIXPUYdR84sbZkn6PeYWUwTEtN7k1DrE2RXDjapDW8Oxh1U3s/pCvSnh2u0e3DhgD1DBnzN8foB1MV0kseilmx0vMEyDAj8ElhYoV+wvTO1Loxc=
- secure: Equh+0TdmCt1SjnYVJbDtNPBhK5P3/XuCyvU/tgRaGrIsf5gvCfq3tNNlkrdelmJK0UvGICoCKsOTcZDpbQ3jteoBoI3+NFrwVTe10OQ5XRc+/U8duYhS0D6UKzFMWYxWAdZtfmyWOJ5xYrNaV4JRdJgTSTjXk0gOSsPluSK0IY=
- secure: WEZJ1Z51wjYZfhP11tLxWuVZu6N4ZXyoTAb9AFgMzOaULvMOZusXF6o+aZSCr07rUnjlQAg2rE+E800FRUqO3UkL18kxALvtwKmAlyxVT85NcuWbMuaSNMeZwvqGVKJuNNSe3huU9uHePbsUt4trVKA9O1n3Bb4dRJl9wmdcgoU=
- secure: bGtuK+n8hVIibGxOIE/eOCRJHlgaqp2X9KObcBNFCTxKleRm2fDnCPEMVHQJqrX+jlqMGjzGygTnZ8wA1/ZdBwjOOqi3/jaUZ25+r0owaUjS1zaTudTBC61Qcmx+N7bXc3ku8fMWo6WcByTqnqU0oQseoli75KyIRoubIIgwgcM=
- secure: AMYMIfIGAJbPqSRv4ocdsxRWwDr81Wp7hiYjgpzUMFh3SzixKzjgtQ72T9S26PnvhkFjk0QvGixb26IXS8vU0ZtFBtLblUpKvXSd4EafvQ1x/fdN5WFaBlMs01iT4jVMH+wjnSJssuyw+nC5+5/HqeONdZcRm3Hj8uqE/24Qih0=
- secure: UrmjQ1/1OCENKLDezDbh6x4/6P37ybFlyb/gz6vzm2sIpvWeL+1+SvF92xYeeAhCYAtoXU9nAvcMgwqeJIi9P2q7aoTqv9VoK+lq7L1cPqpAjcqJCAdSAH/bYzARu4I0vDbZUhTaZC8+lw9xfl701WHWasyNgcYG3HFULsWQuwI=
- secure: cRhO5SJ0cInh1yYxDKcfymI3dt3PGfPJXCan+QzLoLg7VbJ3zfRKBhjjN2NjdcLxgHUNk5//paooOPoiiOMzwo2GdEDFJjtzL7TC6sQUxP6zN1RAiAIPqjHpuCKv3IQ4hLgTiRaH92I8lpIvst7hEHmPYS6+ItEgJug+tyluaX0=
- secure: LXJ150pAwEHLSMGGxSXs5pA49SwPYsV4Phsi7+ZqZ93uAprO8yw8Pxmhaaz9Y0BSLYVzTtdJI5VbW3XDzwo2tJeMfDz1Oxzqsi5kAXt8DTQRxoVX8FeMyVNLe8TbrI6cGnJrO37u+MrsFz9BI4+TsPoLYcc6Y/zqB2FFan5RMGM=
- secure: ewFdUlqrLoFrBoSx/ikqDgTsASXPZDNjn/nHsC2nv0A5VJDHZb98AwLOnKAFUwxmOkbq4LKoPR1ltQ4KigjpFIIYrkHfRv6izo08cgyd98QVKZSdBJfNjHTe+blwVgh3t/yODxJMPmhE5/lPIC3UnwmGW933UszvkozyPkyE0ag=
- secure: Dt4Kdi/KiydSYcgCUfGQkrFJ4NBNqtNrc1Xi4gdwl+xSpEKEDFFwrGkCaTdWCzB9SKH8Cy+KoNQiToMEp6SFFZGzEAYlN0zITqObyADocmZieEpV44nj+DBneI9h89aGP6XSTYXOwIDluuchR4sD6I5eHUuD3cHTHPbzI7sm3N8=
- secure: BBs+tpDN6MQv3BlnANh/nGzqWCzRwAKmFf8M0/XgidrqXHBxsgAXmAd+jdXQlqBs7bRjT3gNp3xGf3mIRW2gV9+6YNTiFFp8YGxFRxSd7A4x7obcb8HFIyBIqQ9ZgA7R0u3dsbgtAnRclK3+9ZHoZ41e1Qd/8S0PGsry4iTMAgc=
- secure: I3SG0cro9MmyHAASsWqachUWE0kshWtxRcBVgjJHZdvP1RBT2q5KD7p46o7yKP3PD9Kv2qt6DfpSTJJhXA2leIhzUMzRu7fpPu/Llc5k+Ik74tWXdYQMJ4tf5nEtq+A/D8odKax1HuM5L7xpz53Yn3M4Haf2udDm+owk9y/tRHs=
- secure: eNeHY7wbsS8GVhONSEq1crZMdo1fdW30ezoI9xJ4LvZJmYdcMvyR590r2LoV9OZXhYTQaJM+ldWW3rluPFm0oUNoPFdbl0+KuJsTldVhVp7BEQ3rwmoFfUIS+lxWM9qH/iNkOY7A+P9InBbFPbg7WUJ+OaqrQEo7t8muwJxlodc=
- secure: OfngkucaRoVa73QoGIheD7o5DzvWgU27p7wNIsW9bSoiwraOo81E9WiZdFbtwBQXRBy/hIw3TZHrg/BqSAx6HxnubK29IhsxoJ5lkz1Nl5/yxkT/+mqecfji8zu2p1UMnV5+SGUG7df+XWrVcvCJvO4NJyRI1cTIeI79TbOvcBw=
- secure: Fjc0htSGbmkDNFZvt2s89qMlsWGBtHDjewLQDxDX+TpRNk7lc6N43U1TZ7b3G1kzX6gmsST8syplhdo8EfxqBy5thgsNyu9So8CI5/LidOneauBVH8usHIUc7DvXlIxttsC9syjIresfseBrim+aI1HzENMpcWHHcn3UIdQ8yLQ=
- secure: dFD+09BCGyZNe44kZgTF+1rIYLFJQlpx47FctopcXM6Wl/moxVJF8c7e5iaLq34J4L0SvCUHHAF7WyxUjJYgUmxT4GrdET0vDtqqurz5TWxZ+daiJQhA6trcgo/WRQxhEO8qmxgJ6x4kNDyKfhqwVs40R3ThkhEGpNGgQ3jTtoI=
- secure: ch66LvlMlLDSteEkFAykn8dYEd9dEugMiCw/cncUDE6XU8eXusbNtXaCds3kb/rAYHHpGD2IDr+ZjvnoxRdRdh+d/EOBm/9iy0ii26O8iLZdLXqpqxFqiC3rtaoN4fYe1GqAZ03QNYja+XTbNEqUIxb3aozABZLY+wtcGgvtRhE=
- secure: XtH3hwnTIVZmigTJTsNH6flmEsb7Pm2XjzPvLcCNnV6qtwCvR3cgOPiu0Vs+p5s3QGIN8SNnN+mxUEDgcfnKMn2skUalSBgFKVaQg9NiE956dUkytnTDb0KxGoMFJBzMUhEKwSWl3p5+32M0APtzwqQOSP7sYiT+u4ICz5s4aK0=
- secure: J309x5rZal7gJt7qJqFTsj4/y8vF7k4qEpd5KWMs6vjf+hDlmFVyBu3zIDo6NgFAsSazGswwK0SwzAhY20DBcvppwdvCwt2/3wz1ob/fWhNxbEVW0afBGPBXSy/XG38Ag/xZpCRfAnOI9aFzkdKPOsYw6852Vk6exEU73Vxl8OY=
- secure: Bg9S9uiL9Wn5mDIq4BZRAGjWfNJu/b1Ksj8AmobljuASQmRaPvRHrRDJNzOI+TuPb56+ihWSmijGx+sagUyxwSXTmo3wk409rCXU9uaJxQU8nVIrw6nlf5js/j+BgKNtHnYNlcGl6sopYRRS4U0wHLJEZI3Gbvw039VpcStEjEU=
- secure: O7hct2KQBJyBGaHDeA6koGfmRvziI21rIa3cLXYzYK9MfSr5WbYDPI87HnxSxwaBP+Thl0tWxmgEbtVaTmkb2OdhW0JYXqVfLTt1Vbd411/O1xLSkP1INSSNSWJpD9K2/U8nLE3aZcedj/Cosi8GMjhl7wUP07/zTCzYxpnGp4o=
- secure: RNKtHWZEHCLm/2/iqwRUH/iiX9NDxgvHyg4oWnf/Y6oZXM6LEjGRURkouH1dexzZi35ssKdkbnfW/OD/N8jAxyt6KqlvWEPLLMJrrx/TCufdy5SljMH9PfHBSdxZn+U8qeVnufmdPPA3AoxhPabhF8voYaroWAq+oWpNh9sj+3c=
- secure: dkbJ4IGwBa2Z6LVsTyukSaACuHEV6QKyXuO1CHaxI8LRwrZbRee0RTdF4fom83IUn+DQ5LqCnMI2xk4NUVOeMCaY4LthC7f/ImgIxMGCnAq74OxnxCm0CnUhb3E1spPLCa4hgjyBMxp81w/M6ga/qKAIUDLqvqHlbG+Ezf8L+yE=
- secure: g4vz9hPqJhXTbe/zJWsoQ1Rh+Ay+PC7BPkbmqYX2VJPWSsesGQgnY5TrZzEzhiKgKfOkNTItaJs4do5F28XmLOFT+WSOgQGOdg171eS5J1Nq+403hSjOoe5hAdrHbexO5YRMlyjiBeMGP2x+VLIH0ZUeVFsH1Ojc5QfyuzlNxhY=
- secure: IqJosVHlfo49EextXiSrvXtHRgZVyHpqDn0yZIerA6ldaDeNFsai7XT2l5/OsSNYVKM91xm6mWEzhb3uofGnFtCq7pfj4n96kK3zeSx1j0ZtHiiLU4VKQB6qtJuBr0CtNa3XOgKmVYi/xbwIGcRbHSUk45k9jxtPF2ZdbseLb2k=
- secure: cO7k9EiMjXqsELLLqESR8cdU3CJIyO14baXGBzhcxV8B4NEJ1w+mCW5xC8xkOPx0W1uw5kF+ieKNHTb9FuAl+13mztZfEneq5+KzQxhCVC4VLFk37z+YN4XsTtjOpoc+Sejxf7Rk+i2b6iQFgDOnpa2ujy/Kch0TyjjWoDk7z1A=
- secure: CvOZnuItfTL4pQdwh0SYV+J1xGxR5uPChnRqq8sHCIv44ltq0ZiZSu6R+8/SScWN162xW7KlxZYtOJn3obKeIAAiH7OZGOGhsl+li59W0j0ldGEGGAkruaQB8Q29z6sq8HR65fR7hJ/7elo410HgIsMUM5QD9xn5wPePHNTIuv0=
- secure: YY3DZiMltINKWUmnxR5wfzHwPGYzKp6HqHv0fydB4ekKMnxupc5Aegg3Iq9PBGZQ6cAjJprqZX8gJskD5wkPk/NutQ3gUSvpVbHleQmL+blJ1UtE9b7dJqKFDlE12q0KyCydx9hkKMK8G5OLVb/qYsqvrsbqVS2pemGYKL1ztJM=
- secure: NO0zNB/mDzx/qdN9o+jBt+AvVM1ChX5OOdA2s2czrEEZCWYPQUge+p2oNlbkl4+Cc8+N6Np2dUlFZkxIUQ/eDoQv0BVADqzhNvgZn7q1YZCAFtIVT8KJDr3+Ly1YqL9uCHk7hW6rBl+VVYatyo7XyugHneT0RzmQpYY3RKMiSaI=
- secure: KL8bAfL5Q8c5/yMUD8jGuTg52cfYTJPPExI67j8iWfz9WyohyV4wJgRw4G0s4MZP75WXZg74fk5Jhs/jbk3Q8lBtk6a9P8SHZuC7Rh/yHUmVRzYaKTr/yRaFnIBsC/mnvV6JNX5NXfSrmntGs8KA7lWGZeRLpWSOEoT0YgPRn9w=
- secure: U25VWQKe2pFluApjzrA27rHrQTB0SWU/kjnUUXPDxcyqkM5YStNeVb8g3DjT4zR3OIsNsUXCxWHVEMlzP6HQjk+dgIsrlwDi07r7NHAOXFj8m9fCrComKNUZdg79KtHWed2kiB4hrMH51oV7A0fXff51kZiKD0IoH0ySQfPQSBo=
- secure: OSyoiFqPN7IBfIXR1wi64Y8wJf4ZlGOaWYBxWNviKhtuZYyYsb1CnI+zN5kozXr5w83mDxOWnzKS1p6HHMzZD1v+3uJCWRjoLYlUDuOWRJ8OY5kqZsH5LbQ/2Qdl2YuC0YOvZwzfK7CboFLndt/V5bIcVLcQBB5dcDvfqiFW5T0=
- secure: EVdYNRFPFdH5JpULFcS4G9UcPLNwRAy0lL4xD3jVDVbfTt1XC9+GOGa/AsKx3MPFDuSGBCUkbvaq/SxrjL0Fh63X8T6jOeLzWj97qBaAg5Ih7ADSRsdfJ0spQ5K5lI/YbqlumQN+pJg+hkrO0puR7T745Et/WwTfASICr8/ZURU=
- secure: LHf2QsgQZdYiMJM325FLP7wq1eTr3jjMcNlIN6HYwF/zvGwOoqNfYgJqUZXKv45rD2eOeDfXAc2LD6cF6LN5hD+3yzvhybLPCqK4hLWvGnVxSJO2pYn0kdZdTsLMrUTCrQ7X22eFW/wk9ZM/JaefjNwJV2XN+83b+cnMiil0GZ4=
- secure: cNkBHL5W8Ca+X0gLBpHnfiWsas5SKXxbHJm1YKq8Olo/8XUk/90zZvFWSET+a7pwDOzOXVujlE/JfXA5gZVKpbG3JlVt2ntMa5JTaTVVt8GNWkW8slu5niJFdJdpL3EikhX8sgz69q+QFJTBmsDfeJzsUe01VZHsdDCIs/wsPLg=
- secure: bTRB05t28cpSCAxhqXcbDUbrx4QDnDoHQpnhjynwIq+9QuV6IMx65O6+CSL8T61z6BuPVDkvUpLQ8W74rpwtCa91XaSNuiNVciMIaq+yk8FV2gCRzzw55o79IuAFjns/JxGWLV717WR7bGxjU4zR6ybgZzuBgJMXqJSk4iNH62I=
- secure: iBqO1O6827L3eAYrm/X9hN8vsF4Gt+JVZ7kLkm1RGVLAWnQpMYODGl+xQS4WxmY+kaWtHAI8PBhM/WXQ/26d4Iljg/JPvJRH1JSB/+0bLCp+OAfpgEUajbB/6zj6RGNZnU//MyA6h6M/RUW9rES4KHvzQFAtODSyTNFojmEdqTk=
- secure: K0sT+IGy2ncdrfNcPJ5rnwT3oYB1KWK330t6msKlGi6gTwId1z4gDx+iz0ttbP7jCGbQrqj+H+ZTypV+HploVyMAcxFA/tFJsPdMjUmPC/wO2kmP1PCON4OO4+0y4OEA7AX3eBnGTXLJBtqoWb2HCeldA1gQsuM0C0WQ0sz/2lo=
- secure: jAfN1DSUxORr/9LauKKjxeflwufkG3dNOPxwAMX2mUjpV8nfP9N57D+oFsPh4vZYT7kvt2LKAVcn1mMxkXEDb9YOE4UCIB+F5fYqInJGACFUK+VNeM0sbUtkj1cNvd/V/C/cmxG1MbEyIfBy12I8Ezz2+pKpA150QYYaxyOcccQ=
- secure: MGJGwkNaElc8YxEtY2L2iV20srBejwmVqAyKMgfH2GUOEoyZ4ID5va2jAd3TZoteUN5f1wEHVNhBGfT6poYEKcoT09Sl5c81YO8Ws7oKxaSlIUwRwo4Tem+c6WQIkyqSfHaW4pl+nzv2eWBzp/EPQvbRrh6dWbDZYf8S0QqmomU=
- secure: T0osUxN/iHJ4iX/JPhC2dO+OS98SCF2vXCEpszO4LzaC7Cy2ftbzXkN3gcDc4CrbrIdwP/J2dYmBiETlrm6n8eaLNIOPuIJEigSATL4Dke66fQF3DLeSZOC10Ggu72OsIO5RJWQJxYkRjQzaK61553goRAHsIwceO63inKFaFi4=
- secure: DY27wvyRDVQ46WeQjqs7ANuUobazrUU3NT8OdSXXSN5NxBZQK17QmbOuvaCQHKOvuv3YXtKQAl/s7ztgBIH6zTDGVmaCfgJOAX3d5SAvCCHKw9/43Wh7W4ZJ1VprFU9gp1C3wLb45T1kT3rCk2IxCCZxyvepm+43w+hJFFOzFSA=
- secure: TrYhk5FHxgP4O19w56ZtatlJgFtIeBL9Ucco5KGZBvI7ynZm7Bd0k7k2qQ0Nw46FPhCRwTtqK46nx8sRn9jPmkqXGcoYgztDfI9EgD7B79lp7M4897wAa6ditKUDSL+SXG6bgngK5sZCVw749QdJX9F+NPmog5X54QNTBP27XUI=
- secure: SB5cNAQjM1WdYTl8Xe0oib+7S8lp6g0pyRIL1RhStOMjZ2rPS7eFfNUeUw8M1AA11zXXFfsBWCtf+kHI7CK7q4QC2W2129CTTxxgqHpC9hjMlOvddVsbN8vfqCHCWFnjinhvYsKdu6xM6mW6IxIQ1SjShra/u6kyfyKBWrkRvXI=
- secure: H2PPPnH66DD05RdHg8srecBrO/s21MOAqdvFgEhItzMeEmAmTYubCdFIMO4uwyA/bNJiHF0u4g7RYTpsEmW3GNbZ6DGBv2Ltqf/vBP6sTce1LxYTRMsCoYpurTQSODj11+9XU33ml+kH5uNR/CcSSOmco2I5vyBv4qKElsID8CY=
- secure: JWEwbpLg/4KevMApf+z6URboREh56AU5oqZQ7pS9JQG6MffNp1HTcu4R+rxvhM2g28kE/gSxJaEo+pgPCpsggycRC0/ZH2TDOl+WwiPRCjEhqYKkoEDxx4Ot5OP0jwahMTGT/33ihWlnl5DrgjAmvpbSlJsULGV97nYg0llDXb0=
- secure: WUDHKVsOgBFkxNOtifMT3jNOPfR8D7DpyFBWCjwrdIU6DLDFg92/2a7tq1CGCk7uWYUJFgdbCLnJPA304L6AzWKcycvZvgDKzkcmz0iNxpGMOfQPM57UeqQAYpgv+/4wnHzbn85ZXh2gzPsEBvJWaNjE2VftedKkqDXHe5Dg9L0=
- secure: eYgi6mgnI4qkcgi4c7vkR1vaZPcY67U4PeYVcJ0g3Ri1gP0l73D44M6QGpnUrmTdkULjj6ZVOWq2d6i+D8bLGN5R5kj90GzxVhxstVG86ZT7ottipvKez5G7cm1udDzXEK463EX+w4ITTY4Zp4tCS00o4ce+kxR/3ntiGBUYR2Y=
- secure: HOd08Pxhi4thM6PpyIk1PcFsjHKFziWT1VNaC+hhT2p0YIaEeOIL94OcrmYC9cm+Nv4Mns+QNwqazHUc8xyciYo7yVxGPVSxu+qc1GSXtnbEC3KCxjBoae2VEWaVJgZyv3Z525jHXdPKvURMA/+MF39ALRpReUiByi4Q2+rHoBg=

7
cookbooks/rsyslog/Berksfile Normal file
View File

@@ -0,0 +1,7 @@
source 'https://supermarket.getchef.com'
metadata
group :integration do
cookbook 'apt', '~> 2.0'
cookbook 'rsyslog_test', path: 'test/fixtures/rsyslog_test'
end

167
cookbooks/rsyslog/CHANGELOG.md Normal file
View File

@@ -0,0 +1,167 @@
rsyslog Cookbook CHANGELOG
==========================
This file is used to list changes made in each version of the rsyslog cookbook.
v.2.0.0 (2015-05-18)
Note: This version includes several breaking changes for Ubuntu users. Be sure to take care when deploying these changes to production systems.
- 49-relp.conf now properly uses the list of servers discovered in the client recipe
- Fixed a typo that prevented file-input.conf from properly templating
- Added allow_non_local attribute to allow non-local messages. This defaults to false, which preserves the previous functionality
- The rsyslog directory permissions are now properly set using the user/group attributes instead of root/root
- Properly drop permissions on Ubuntu systems to syslog/syslog. Introduces 2 new attributes to control the user/group: priv_user and priv_group
- Remove logging to /dev/xconsole in 50-default.conf on Ubuntu systems. This is generally not something you'd want to do and produces error messages at startup.
v.1.15.0 (2015-02-23)
---------------------
- Change minimum supported Fedora release to 20 to align with the Fedora product lifecycle
- Add supports CentOS to metadata
- Update Rubocop and Test Kitchen dependencies to the latest versions
- Update Chefspec to 4.0
- Fix CentOS 5 support in the Kitchen config
- Fix rsyslog service notification in the file_input LWRP
v.1.14.0 (2015-01-30)
---------------------
- Don't attempt to use journald on Amazon Linux since Amazon Linux doesn't use systemd
- Fixed setting bad permissions on the working directory by using the rsyslog user/group variables.
- Fixed bad variable in the 49-relp.conf template that prevented Chef converges from completing.
- Removed the 'reload' action from the rsyslog service as newer rsyslog releases don't support reload.
- Updated Chefspecs to remove deprecation warnings and added additional tests.
- Removed node name from the comment block in the config files.
- Added a new file_input LWRP for defining configs.
- Added support for chef solo search cookbook.
v1.13.0 (2014-11-25)
--------------------
- Rsyslog's working directory is now an attribute and is set to the appropriate directory on RHEL based distros
- The working directory is now 0700 vs 0755 for additional security
- Add the ActionQueueMaxDiskSpace directive with a default of 1GB to prevent out of disk events during large buffering
- Updated RHEL / Fedora facilities to match those shipped by the distros
- Updated modules to match those used by journald (systemd) on Fedora 19+ and CentOS 7
- Added an attribute additional_directives to pass a hash of configs. This is currently only being used to pass directives necessary for journald support on RHEL 7 / Fedora 19+
- Added basic SUSE support
- Fixed logic that prevented Ubuntu from properly dropping privileges in Ubuntu >= 11.04
- Removed references to rsyslog v3 in the config template
- Added a chefignore file
- Updated Gemfile with newer releases of Test Kitchen, Rubocop, and Berkshelf
- Added Fedora 20, Debian 6/7, CentOS 7, and Ubuntu 12.04/14.04 to the Test Kitchen config
- Removed an attribute that was in the Readme twice
- Updated Travis to Ruby 2.1.1 to better match Chef 12
- Updated the Berksfile to point to Supermarket
- Refactored the specs to be more dry
v1.12.2 (2014-02-28)
--------------------
Fixing bug fix in rsyslog.conf
v1.12.0 (2014-02-27)
--------------------
- [COOK-4021] Allow specifying default templates for local and remote
- [COOK-4126] rsyslog cookbook fails restarts due to not using upstart
v1.11.0 (2014-02-19)
--------------------
### Bug
- **[COOK-4256](https://tickets.opscode.com/browse/COOK-4256)** - Fix syntax errors in default.conf on rhel
### New Feature
- **[COOK-4022](https://tickets.opscode.com/browse/COOK-4022)** - Add use_local_ipv4 option to allow selecting internal interface on cloud systems
- **[COOK-4018](https://tickets.opscode.com/browse/COOK-4018)** - rsyslog TLS encryption support
v1.10.2
-------
No change. Version bump for toolchain.
v1.10.0
-------
### New Feature
- **[COOK-4021](https://tickets.opscode.com/browse/COOK-4021)** - Allow specifying default templates for local and remote
### Improvement
- **[COOK-3876](https://tickets.opscode.com/browse/COOK-3876)** - Cater for setting rate limits
v1.9.0
------
### New Feature
- **[COOK-3736](https://tickets.opscode.com/browse/COOK-3736)** - Support OmniOS
### Improvement
- **[COOK-3609](https://tickets.opscode.com/browse/COOK-3609)** - Add actionqueue to remote rsyslog configurations
### Bug
- **[COOK-3608](https://tickets.opscode.com/browse/COOK-3608)** - Add 50-default template knobs
- **[COOK-3600](https://tickets.opscode.com/browse/COOK-3600)** - SmartOS support
v1.8.0
------
### Improvement
- **[COOK-3573](https://tickets.opscode.com/browse/COOK-3573)** - Add Test Kitchen, Specs, and Travis CI
### New Feature
- **[COOK-3435](https://tickets.opscode.com/browse/COOK-3435)** - Add support for relp
v1.7.0
------
### Improvement
- **[COOK-3253](https://tickets.opscode.com/browse/COOK-3253)** - Enable repeated message reduction
- **[COOK-3190](https://tickets.opscode.com/browse/COOK-3190)** - Allow specifying which logs to send to remote server
- **[COOK-2355](https://tickets.opscode.com/browse/COOK-2355)** - Support forwarding events to more than one server
v1.6.0
------
### New Feature
- [COOK-2831]: enable high precision timestamps
### Bug
- [COOK-2377]: calling node.save has adverse affects on nodes relying on a searched node's ohai attributes
- [COOK-2521]: rsyslog cookbook incorrectly sets directory ownership to rsyslog user
- [COOK-2540]: Syslogd needs to be disabled before starting rsyslogd on RHEL 5
### Improvement
- [COOK-2356]: rsyslog service supports status. Service should use it.
- [COOK-2357]: rsyslog cookbook copies in wrong defaults file on Ubuntu !9.10/10.04
v1.5.0
------
- [COOK-2141] - Add `$PreserveFQDN` configuration directive
v1.4.0
------
- [COOK-1877] - RHEL 6 support and refactoring
v1.3.0
------
- [COOK-1189] - template change does not restart rsyslog on Ubuntu
This actually went into 1.2.0 with action `:reload`, but that change has been reverted and the action is back to `:restart`.
v1.2.0
------
- [COOK-1678] - syslog user does not exist on debian 6.0 and ubuntu versions lower than 11.04
- [COOK-1650] - enable max message size configuration via attribute
v1.1.0
------
Changes from COOK-1167:
- More versatile server discovery - use the IP as an attribute, or use search (see README)
- Removed cron dependency.
- Removed log archival; logrotate is recommended.
- Add an attribute to select the per-host directory in the log dir
- Works with Chef Solo now.
- Set debian/ubuntu default user and group. Drop privileges to `syslog.adm`.
v1.0.0
------
- [COOK-836] - use an attribute to specify the role to search for instead of relying on the rsyslog['server'] attribute.
- Clean up attribute usage to use strings instead of symbols.
- Update this README.
- Better handling for chef-solo.

196
cookbooks/rsyslog/CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,196 @@
# Contributing to Chef Cookbooks
We are glad you want to contribute to Chef Cookbooks! The first
step is the desire to improve the project. If you're new to the Chef
community, please read
[How to become a contributor](https://supermarket.getchef.com/become-a-contributor)
on the Supermarket website for more information.
## Quick-contribute
* Create an account on the [Supermarket](http://supermarket.getchef.com)
* Sign our contributor agreement (CLA)[online](https://supermarket.getchef.com/ccla-signatures/new)
* Visit the Github page for the project.
* Fork the repository
* Create a feature branch for your change.
* Create a Pull Request for your change.
We regularly review contributions and will get back to you if we have
any suggestions or concerns.
## The Apache License and the CLA/CCLA
Licensing is very important to open source projects, it helps ensure
the software continues to be available under the terms that the author
desired. Chef uses the Apache 2.0 license to strike a balance between
open contribution and allowing you to use the software however you
would like to.
The license tells you what rights you have that are provided by the
copyright holder. It is important that the contributor fully
understands what rights they are licensing and agrees to them.
Sometimes the copyright holder isn't the contributor, most often when
the contributor is doing work for a company.
To make a good faith effort to ensure these criteria are met, Chef
Software Inc requires a Contributor License Agreement (CLA) or a Corporate
Contributor License Agreement (CCLA) for all contributions. This is
without exception due to some matters not being related to copyright
and to avoid having to continually check with our lawyers about small
patches.
It only takes a few minutes to complete a CLA, and you retain the
copyright to your contribution.
You can complete our contributor agreement (CLA)
[online](https://supermarket.getchef.com/ccla-signatures/new) If
you're contributing on behalf of your employer, have your employer
fill out our
[Corporate CLA](https://supermarket.getchef.com/ccla-signatures/new)
instead.
## Using git
You can get a quick copy of the repository for this cookbook by
running `git clone git://github.com/opscode-coobkooks/COOKBOOKNAME.git`.
For collaboration purposes, it is best if you create a Github account
and fork the repository to your own account. Once you do this you will
be able to push your changes to your Github repository for others to
see and use.
If you have another repository in your GitHub account named the same
as the cookbook, we suggest you suffix the repository with -cookbook.
### Branches and Commits
Create a _topic branch_ and a pull request on Github. It is a best
practice to have your commit message have a _summary line_ followed by
an empty line and then a brief description of the commit. This also
helps other contributors understand the purpose of changes to the
code.
If your branch has multiple commits, please quash them into a
single commit. If the PR is addressing an issue in the Github issue
tracker, please reference it in the summary line.
[#42] - platform_family and style
* use platform_family for platform checking
* update notifies syntax to "resource_type[resource_name]" instead of
resources() lookup
* #40 - delete config files dropped off by packages in conf.d
* dropped debian 4 support because all other platforms have the same
values, and it is older than "old stable" debian release
Remember that not all users use Chef in the same way or on the same
operating systems as you, so it is helpful to be clear about your use
case and change so they can understand it even when it doesn't apply
to them.
### More information
Additional help with git is available on the
[Working with Git](http://wiki.opscode.com/display/chef/Working+with+Git)
wiki page.
## Functional and Unit Tests
This cookbook is set up to run tests under
[Kitchen-ci's test-kitchen](https://github.com/test-kitchen/test-kitchen).
It uses Serverspec or Bats to perform integration tests after the node
has been converged.
Test kitchen should run completely without exception using the default
[baseboxes provided by Chef](https://github.com/opscode/bento).
Because Test Kitchen creates VirtualBox machines and runs through
every configuration in the Kitchenfile, it may take some time for
these tests to complete.
If your changes are only for a specific recipe, run only its
configuration with Test Kitchen. If you are adding a new recipe, or
other functionality such as a LWRP or definition, please add
appropriate tests and ensure they run with Test Kitchen.
If any don't pass, investigate them before submitting your patch.
Any new feature should have unit tests included with the patch with
good code coverage to help protect it from future changes. Similarly,
patches that fix a bug or regression should have a _regression test_.
Simply put, this is a test that would fail without your patch but
passes with it. The goal is to ensure this bug doesn't regress in the
future. Consider a regular expression that doesn't match a certain
pattern that it should, so you provide a patch and a test to ensure
that the part of the code that uses this regular expression works as
expected. Later another contributor may modify this regular expression
in a way that breaks your use cases. The test you wrote will fail,
signalling to them to research your ticket and use case and accounting
for it.
If you need help writing tests, please ask on the Chef Developer's
mailing list, or the #chef-hacking IRC channel.
## Code Review
Chef regularly reviews code contributions and provides suggestions
for improvement in the code itself or the implementation.
Depending on the project, these tickets are then merged within a week
or two, depending on the current release cycle.
## Release Cycle
The versioning for Chef Cookbook projects is X.Y.Z.
* X is a major release, which may not be fully compatible with prior
major releases
* Y is a minor release, which adds both new features and bug fixes
* Z is a patch release, which adds just bug fixes
Releases of Chef's cookbooks are usually announced on the Chef user
mailing list. Releases of several cookbooks may be batched together
and announced on the [Chef Blog](http://www.getchef.com/blog).
## Working with the community
These resources will help you learn more about Chef and connect to
other members of the Chef community:
* [chef](http://lists.opscode.com/sympa/info/chef) and
[chef-dev](http://lists.opscode.com/sympa/info/chef-dev) mailing
lists
* #chef and #chef-hacking IRC channels on irc.freenode.net
* [Community Cookbook site](http://community.opscode.com)
* [Chef wiki](http://wiki.opscode.com/display/chef)
* Chef, Inc [product page](http://www.getchef.com/chef)
## Cookbook Contribution Do's and Don't's
Please do include tests for your contribution. If you need help, ask
on the [chef-dev mailing list](http://lists.opscode.com/sympa/info/chef-dev)
or the [#chef-hacking IRC channel](http://community.opscode.com/chat/chef-hacking).
Not all platforms that a cookbook supports may be supported by Test
Kitchen. Please provide evidence of testing your contribution if it
isn't trivial so we don't have to duplicate effort in testing. Chef
10.14+ "doc" formatted output is sufficient.
Please do indicate new platform (families) or platform versions in the
commit message, and update the relevant ticket.
If a contribution adds new platforms or platform versions, indicate
such in the body of the commit message(s).
git commit -m 'Updated pool resource to correctly delete.'
Please do ensure that your changes do not break or modify behavior for
other platforms supported by the cookbook. For example if your changes
are for Debian, make sure that they do not break on CentOS.
Please do not modify the version number in the metadata.rb, Chef
Software, Inc will select the appropriate version based on the release
cycle information above.
Please do not update the CHANGELOG.md for a new version. Not all
changes to a cookbook may be merged and released in the same versions.
Opscode will update the CHANGELOG.md when releasing a new version of
the cookbook.

37
cookbooks/rsyslog/Gemfile Normal file
View File

@@ -0,0 +1,37 @@
source 'https://rubygems.org'
group :lint do
gem 'foodcritic', '~> 4.0'
gem 'rubocop', '~> 0.31'
gem 'rainbow', '< 2.0'
gem 'rake'
end
group :unit do
gem 'berkshelf', '~> 3.2.0'
gem 'chefspec', '~> 4.0'
end
group :kitchen_common do
gem 'test-kitchen', '~> 1.4'
end
group :kitchen_vagrant do
gem 'kitchen-vagrant', '~> 0.18'
end
group :kitchen_cloud do
gem 'kitchen-digitalocean'
gem 'kitchen-ec2'
end
group :development do
gem 'ruby_gntp'
gem 'growl'
gem 'rb-fsevent'
gem 'guard', '~> 2.4'
gem 'guard-kitchen'
gem 'guard-foodcritic'
gem 'guard-rspec'
gem 'guard-rubocop'
end

35
cookbooks/rsyslog/Guardfile Normal file
View File

@@ -0,0 +1,35 @@
# A sample Guardfile
# More info at https://github.com/guard/guard#readme
# guard 'kitchen' do
# watch(%r{test/.+})
# watch(%r{^recipes/(.+)\.rb$})
# watch(%r{^attributes/(.+)\.rb$})
# watch(%r{^files/(.+)})
# watch(%r{^templates/(.+)})
# watch(%r{^providers/(.+)\.rb})
# watch(%r{^resources/(.+)\.rb})
# end
guard 'foodcritic', cookbook_paths: '.', all_on_start: false do
watch(%r{attributes/.+\.rb$})
watch(%r{providers/.+\.rb$})
watch(%r{recipes/.+\.rb$})
watch(%r{resources/.+\.rb$})
watch('metadata.rb')
end
guard 'rubocop', all_on_start: false do
watch(%r{attributes/.+\.rb$})
watch(%r{providers/.+\.rb$})
watch(%r{recipes/.+\.rb$})
watch(%r{resources/.+\.rb$})
watch('metadata.rb')
end
guard :rspec, cmd: 'bundle exec rspec', all_on_start: false, notification: false do
watch(%r{^libraries/(.+)\.rb$})
watch(%r{^spec/(.+)_spec\.rb$})
watch(%r{^(recipes)/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" }
watch('spec/spec_helper.rb') { 'spec' }
end

201
cookbooks/rsyslog/LICENSE Normal file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

247
cookbooks/rsyslog/README.md Normal file
View File

@@ -0,0 +1,247 @@
rsyslog Cookbook
================
[![Build Status](https://secure.travis-ci.org/opscode-cookbooks/rsyslog.png?branch=master)](http://travis-ci.org/opscode-cookbooks/rsyslog)
Installs and configures rsyslog to replace sysklogd for client and/or server use. By default, the service will be configured to log to files on local disk. See the Recipes and Examples sections for other uses.
Requirements
------------
### Platforms
Tested on:
- Ubuntu 10.04+
- Red Hat / CentOS 5+
- Fedora 20+
- OmniOS r151006c
### Other
To use the `recipe[rsyslog::client]` recipe, you'll need to set up the `rsyslog.server_search` or `rsyslog.server_ip` attributes. See the __Recipes__ and __Examples__ sections below.
Attributes
----------
See `attributes/default.rb` for default values.
* `node['rsyslog']['log_dir']` - If the node is an rsyslog server, this specifies the directory where the logs should be stored.
* `node['rsyslog']['working_dir']` - The temporary working directory where messages are buffered
* `node['rsyslog']['server']` - Determined automatically and set to true on the server.
* `node['rsyslog']['server_ip']` - If not defined then search will be used to determine rsyslog server. Default is `nil`. This can be a string or an array.
* `node['rsyslog']['server_search']` - Specify the criteria for the server search operation. Default is `role:loghost`.
* `node['rsyslog']['protocol']` - Specify whether to use `udp` or `tcp` for remote loghost. Default is `tcp`.
* `node['rsyslog']['port']` - Specify the port which rsyslog should connect to a remote loghost.
* `node['rsyslog']['remote_logs']` - Specify wether to send all logs to a remote server (client option). Default is `true`.
* `node['rsyslog']['per_host_dir']` - "PerHost" directories for template statements in `35-server-per-host.conf`. Default value is the previous cookbook version's value, to preserve compatibility. See __server__ recipe below.
* `node['rsyslog']['priv_seperation']` - Whether to use privilege separation or not.
* `node['rsyslog']['priv_user']` - User to run as when using privilege separation. Defult is `node['rsyslog']['user']`
* `node['rsyslog']['priv_group']` - Group to run as when using privilege separation. Defult is `node['rsyslog']['group']`
* `node['rsyslog']['max_message_size']` - Specify the maximum allowed message size. Default is 2k.
* `node['rsyslog']['user']` - Who should own the configuration files and directories
* `node['rsyslog']['group']` - Who should group-own the configuration files and directories
* `node['rsyslog']['defaults_file']` - The full path to the defaults/sysconfig file for the service.
* `node['rsyslog']['service_name']` - The platform-specific name of the service
* `node['rsyslog']['preserve_fqdn']` - Value of the `$PreserveFQDN` configuration directive in `/etc/rsyslog.conf`. Default is 'off' for compatibility purposes.
* `node['rsyslog']['high_precision_timestamps']` - Enable high precision timestamps, instead of the "old style" format. Default is 'false'.
* `node['rsyslog']['repeated_msg_reduction']` - Value of `$RepeatedMsgReduction` configuration directive in `/etc/rsyslog.conf`. Default is 'on'
* `node['rsyslog']['logs_to_forward']` - Specifies what logs should be sent to the remote rsyslog server. Default is all ( \*.\* ).
* `node['rsyslog']['default_log_dir']` - log directory used in `50-default.conf` template, defaults to `/var/log`
* `node['rsyslog']['default_facility_logs']` - Hash containing log facilities and destinations used in `50-default.conf` template.
* `node['rsyslog']['default_file_template']` - The name of a pre-defined log format template (ie - RSYSLOG_FileFormat), used for local log files.
* `node['rsyslog']['rate_limit_interval']` - Value of the $SystemLogRateLimitInterval configuration directive in `/etc/rsyslog.conf`. Default is nil, leaving it to the platform default.
* `node['rsyslog']['rate_limit_burst']` - Value of the $SystemLogRateLimitBurst configuration directive in `/etc/rsyslog.conf`. Default is nil, leaving it to the platform default.
* `node['rsyslog']['action_queue_max_disk_space']` - Max amount of disk space the disk-assisted queue is allowed to use ([more info](http://www.rsyslog.com/doc/queues.html)).
* `node['rsyslog']['enable_tls']` - Whether or not to enable TLS encryption. When enabled, forces protocol to `tcp`. Default is `false`.
* `node['rsyslog']['tls_ca_file']` - Path to TLS CA file. Required for both server and clients.
* `node['rsyslog']['tls_certificate_file']` - Path to TLS certificate file. Required for server, optional for clients.
* `node['rsyslog']['tls_key_file']` - Path to TLS key file. Required for server, optional for clients.
* `node['rsyslog']['tls_auth_mode']` - Value for `$InputTCPServerStreamDriverAuthMode`/`$ActionSendStreamDriverAuthMode`, determines whether client certs are validated. Defaults to `anon` (no validation).
* `node['rsyslog']['use_local_ipv4']` - Whether or not to make use the remote local IPv4 address on cloud systems when searching for servers (where available). Default is 'false'.
* `node['rsyslog']['allow_non_local']` - Whether or not to allow non-local messages. If 'false', incoming messages are only allowed from 127.0.0.1. Default is 'false'.
* `node['rsyslog']['additional_directives']` - Hash of additional directives and their values to place in the main rsyslog config file
Recipes
-------
### default
Installs the rsyslog package, manages the rsyslog service and sets up basic configuration for a standalone machine.
### client
Includes `recipe[rsyslog]`.
Uses `node['rsyslog']['server_ip']` or Chef search (in that precedence order) to determine the remote syslog server's IP address. If search is used, the search query will look for the first `ipaddress` returned from the criteria specified in `node['rsyslog']['server_search']`.
If the node itself is a rsyslog server ie it has `rsyslog.server` set to true then the configuration is skipped.
If the node had an `/etc/rsyslog.d/35-server-per-host.conf` file previously configured, this file gets removed to prevent duplicate logging.
Any previous logs are not cleaned up from the `log_dir`.
### server
Configures the node to be a rsyslog server. The chosen rsyslog server node should be defined in the `server_ip` attribute or resolvable by the specified search criteria specified in `node['rsyslog']['server_search]` (so that nodes making use of the `client` recipe can find the server to log to).
This recipe will create the logs in `node['rsyslog']['log_dir']`, and the configuration is in `/etc/rsyslog.d/server.conf`. This recipe also removes any previous configuration to a remote server by removing the `/etc/rsyslog.d/remote.conf` file.
The cron job used in the previous version of this cookbook is removed, but it does not remove any existing cron job from your system (so it doesn't break anything unexpectedly). We recommend setting up logrotate for the logfiles instead.
The `log_dir` will be concatenated with `per_host_dir` to store the logs for each client. Modify the attribute to have a value that is allowed by rsyslogs template matching values, see the rsyslog documentation for this.
Directory structure:
```erb
<%= @log_dir %>/<%= @per_host_dir %>/"logfile"
```
For example for the system with hostname `www`:
```text
/srv/rsyslog/2011/11/19/www/messages
```
For example, to change this to just the hostname, set the attribute `node['rsyslog']['per_host_dir']` via a role:
```ruby
"rsyslog" => { "per_host_dir" => "%HOSTNAME%" }
```
At this time, the server can only listen on UDP *or* TCP.
Resources
=========
file_input
----------
Configures a (text file input
monitor)[http://www.rsyslog.com/doc/imfile.html] to push a log file into
rsyslog.
Attributes:
* `name`: name of the resource, also used for the syslog tag. Required.
* `file`: file path for input file to monitor. Required.
* `priority`: config order priority. Defaults to `99`.
* `severity`: syslog severity. Must be one of `emergency`, `alert`,
`critical`, `error`, `warning`, `notice`, `info` or `debug`. If
undefined, rsyslog interprets this as `notice`.
* `facility`: syslog facility. Must be one of `auth`, `authpriv`,
`daemon`, `cron`, `ftp`, `lpr`, `kern`, `mail`, `news`, `syslog`,
`user`, `uucp`, `local0`, ... , `local7`. If undefined, rsyslog
interprets this as `local0`.
* `cookbook`: cookbook containing the template. Defaults to `rsyslog`.
* `source`: template file source. Defaults to `file-input.conf.erb`
Usage
=====
Use `recipe[rsyslog]` to install and start rsyslog as a basic configured service for standalone systems.
Use `recipe[rsyslog::client]` to have nodes log to a remote server (which is found via the `server_ip` attribute or by the recipe's search call -- see __client__)
Use `recipe[rsyslog::server]` to set up a rsyslog server. It will listen on `node['rsyslog']['port']` protocol `node['rsyslog']['protocol']`.
If you set up a different kind of centralized loghost (syslog-ng, graylog2, logstash, etc), you can still send log messages to it as long as the port and protocol match up with the server software. See __Examples__
Use `rsyslog_file_input` within your recipes to forward log files to
your remote syslog server.
### Examples
A `base` role (e.g., roles/base.rb), applied to all nodes so they are syslog clients:
```ruby
name "base"
description "Base role applied to all nodes
run_list("recipe[rsyslog::client]")
```
Then, a role for the loghost (should only be one):
```ruby
name "loghost"
description "Central syslog server"
run_list("recipe[rsyslog::server]")
```
By default this will set up the clients search for a node with the `loghost` role to talk to the server on TCP port 514. Change the `protocol` and `port` rsyslog attributes to modify this.
If you want to specify another syslog compatible server with a role other than loghost, simply fill free to use the `server_ip` attribute or the `server_search` attribute.
Example role that sets the per host directory:
```ruby
name "loghost"
description "Central syslog server"
run_list("recipe[rsyslog::server]")
default_attributes(
"rsyslog" => { "per_host_dir" => "%HOSTNAME%" }
)
```
Default rsyslog options are rendered for RHEL family platforms, in `/etc/rsyslog.d/50-default.conf`
with other platforms using a configuration like Debian family defaults. You can override these
log facilities and destinations using the `rsyslog['default_facility_logs']` hash.
```ruby
name "facility_log_example"
run_list("recipe[rsyslog::default]")
default_attributes(
"rsyslog" => {
"facility_logs" => {
'*.info;mail.none;authpriv.none;cron.none' => "/var/log/messages",
'authpriv' => '/var/log/secure',
'mail.*' => '-/var/log/maillog',
'*.emerg' => '*'
}
}
)
```
Development
-----------
This section details "quick development" steps. For a detailed explanation, see [[Contributing.md]].
1. Clone this repository from GitHub:
$ git clone git@github.com:opscode-cookbooks/rsyslog.git
2. Create a git branch
$ git checkout -b my_bug_fix
3. Install dependencies:
$ bundle install
4. Make your changes/patches/fixes, committing appropriately
5. **Write tests**
6. Run the tests:
- bundle exec foodcritic -f any .
- bundle exec rspec
- bundle exec rubocop
- bundle exec kitchen test
In detail:
- Foodcritic will catch any Chef-specific style errors
- RSpec will run the unit tests
- Rubocop will check for Ruby-specific style errors
- Test Kitchen will run and converge the recipes
License & Authors
-----------------
- Author:: Joshua Timberman (<joshua@chef.io>)
- Author:: Denis Barishev (<denz@twiket.com>)
- Author:: Tim Smith (<tsmith84@gmail.com>)
```text
Copyright:: 2009-2015, Chef Software, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```

59
cookbooks/rsyslog/Rakefile Normal file
View File

@@ -0,0 +1,59 @@
require 'rspec/core/rake_task'
require 'rubocop/rake_task'
require 'foodcritic'
require 'kitchen'
# Style tests. Rubocop and Foodcritic
namespace :style do
desc 'Run Ruby style checks'
RuboCop::RakeTask.new(:ruby)
desc 'Run Chef style checks'
FoodCritic::Rake::LintTask.new(:chef) do |t|
t.options = {
fail_tags: ['any'],
tags: ['~FC005']
}
end
end
desc 'Run all style checks'
task style: ['style:chef', 'style:ruby']
# Rspec and ChefSpec
desc 'Run ChefSpec examples'
RSpec::Core::RakeTask.new(:spec)
# Integration tests. Kitchen.ci
namespace :integration do
desc 'Run Test Kitchen with Vagrant'
task :vagrant do
Kitchen.logger = Kitchen.default_file_logger
Kitchen::Config.new.instances.each do |instance|
instance.test(:always)
end
end
desc 'Run Test Kitchen with cloud plugins'
task :cloud do
run_kitchen = true
if ENV['TRAVIS'] == 'true' && ENV['TRAVIS_PULL_REQUEST'] != 'false'
run_kitchen = false
end
if run_kitchen
Kitchen.logger = Kitchen.default_file_logger
@loader = Kitchen::Loader::YAML.new(project_config: './.kitchen.cloud.yml')
config = Kitchen::Config.new(loader: @loader)
config.instances.each do |instance|
instance.test(:always)
end
end
end
end
desc 'Run all tests on Travis'
task travis: ['style', 'spec', 'integration:cloud']
# Default
task default: ['style', 'spec', 'integration:vagrant']

187
cookbooks/rsyslog/TESTING.md Normal file
View File

@@ -0,0 +1,187 @@
TESTING doc
========================
Bundler
-------
A ruby environment with Bundler installed is a prerequisite for using
the testing harness shipped with this cookbook. At the time of this
writing, it works with Ruby 2.0 and Bundler 1.5.3. All programs
involved, with the exception of Vagrant, can be installed by cd'ing
into the parent directory of this cookbook and running "bundle install"
Rakefile
--------
The Rakefile ships with a number of tasks, each of which can be ran
individually, or in groups. Typing "rake" by itself will perform style
checks with Rubocop and Foodcritic, ChefSpec with rspec, and
integration with Test Kitchen using the Vagrant driver by
default.Alternatively, integration tests can be ran with Test Kitchen
cloud drivers.
```
$ rake -T
rake integration:cloud # Run Test Kitchen with cloud plugins
rake integration:vagrant # Run Test Kitchen with Vagrant
rake spec # Run ChefSpec examples
rake style # Run all style checks
rake style:chef # Lint Chef cookbooks
rake style:ruby # Run Ruby style checks
rake travis # Run all tests on Travis
```
Style Testing
-------------
Ruby style tests can be performed by Rubocop by issuing either
```
bundle exec rubocop
```
or
```
rake style:ruby
```
Chef style tests can be performed with Foodcritic by issuing either
```
bundle exec foodcritic
```
or
```
rake style:chef
```
Spec Testing
-------------
Unit testing is done by running Rspec examples. Rspec will test any
libraries, then test recipes using ChefSpec. This works by compiling a
recipe (but not converging it), and allowing the user to make
assertions about the resource_collection.
Integration Testing
-------------------
Integration testing is performed by Test Kitchen. Test Kitchen will
use either the Vagrant driver or various cloud drivers to instantiate
machines and apply cookbooks. After a successful converge, tests are
uploaded and ran out of band of Chef. Tests should be designed to
ensure that a recipe has accomplished its goal.
Integration Testing using Vagrant
---------------------------------
Integration tests can be performed on a local workstation using
Virtualbox or VMWare. Detailed instructions for setting this up can be
found at the [Bento](https://github.com/opscode/bento) project web site.
Integration tests using Vagrant can be performed with either
```
bundle exec kitchen test
```
or
```
rake integration:vagrant
```
Integration Testing using Cloud providers
-----------------------------------------
Integration tests can be performed on cloud providers using
Test Kitchen plugins. This cookbook ships a ```.kitchen.cloud.yml```
that references environmental variables present in the shell that
```kitchen test``` is ran from. These usually contain authentication
tokens for driving IaaS APIs, as well as the paths to ssh private keys
needed for Test Kitchen log into them after they've been created.
Examples of environment variables being set in ```~/.bash_profile```:
```
# digital_ocean
export DIGITAL_OCEAN_CLIENT_ID='your_bits_here'
export DIGITAL_OCEAN_API_KEY='your_bits_here'
export DIGITAL_OCEAN_SSH_KEY_IDS='your_bits_here'
# aws
export AWS_ACCESS_KEY_ID='your_bits_here'
export AWS_SECRET_ACCESS_KEY='your_bits_here'
export AWS_KEYPAIR_NAME='your_bits_here'
# joyent
export SDC_CLI_ACCOUNT='your_bits_here'
export SDC_CLI_IDENTITY='your_bits_here'
export SDC_CLI_KEY_ID='your_bits_here'
```
Integration tests using cloud drivers can be performed with either
```
export KITCHEN_YAML=.kitchen.cloud.yml
bundle exec kitchen test
```
or
```
rake integration:cloud
```
Digital Ocean Hint
------------------
At the time of this writing, you cannot find the numerical values
needed for your SSH_KEY_IDS from the GUI. Instead, you will need to
access the API from the command line.
curl -L 'https://api.digitalocean.com/ssh_keys/?client_id=your_bits_here&api_key=your_bits_here'
Words about .travis.yml
-----------------------
In order for Travis to perform integration tests on public cloud
providers, two major things need to happen. First, the environment
variables referenced by ```.kitchen.cloud.yml``` need to be made
available. Second, the private half of the ssh keys needed to log into
machines need to be dropped off on the machine.
The first part is straight forward. The travis gem can encrypt
environment variables against the public key on the Travis repository
and add them to the .travis.yml.
```
gem install travis
travis encrypt AWS_ACCESS_KEY_ID='your_bits_here' --add
travis encrypt AWS_SECRET_ACCESS_'your_bits_here' --add
travis encrypt AWS_KEYPAIR_NAME='your_bits_here' --add
travis encrypt EC2_SSH_KEY_PATH='~/.ssh/id_ec2.pem' --add
travis encrypt DIGITAL_OCEAN_CLIENT_ID='your_bits_here' --add
travis encrypt DIGITAL_OCEAN_API_KEY='your_bits_here' --add
travis encrypt DIGITAL_OCEAN_SSH_KEY_IDS='your_bits_here' --add
travis encrypt DIGITAL_OCEAN_SSH_KEY_PATH='~/.ssh/id_do.pem' --add
```
The second part is a little more complicated. Travis ENV variables are
restricted to 90 bytes, and will not fit an entire SSH key. This can
be worked around by breaking them up into 90 byte chunks, stashing
them into ENV variables, then digging them out in the
```before_install``` section of .travis.yml
Here is an AWK script to do the encoding.
```
base64 ~/.ssh/travisci_cook_digitalocean.pem | \
awk '{
j=0;
for( i=1; i<length; i=i+90 ) {
system("travis encrypt DO_KEY_CHUNK_" j "=" substr($0, i, 90) " --add");
j++;
}
}'
base64 ~/.ssh/travisci_cook_ec2.pem | \
awk '{
j=0;
for( i=1; i<length; i=i+90 ) {
system("travis encrypt EC2_KEY_CHUNK_" j "=" substr($0, i, 90)" --add");
j++;
}
}'
```
Then in .travis.yml:
```
before_install:
- echo -n $DO_KEY_CHUNK_{0..30} >> ~/.ssh/id_do.base64
- cat ~/.ssh/id_do.base64 | tr -d ' ' | base64 --decode > ~/.ssh/id_do.pem
- echo -n $EC2_KEY_CHUNK_{0..30} >> ~/.ssh/id_ec2.base64
- cat ~/.ssh/id_ec2.base64 | tr -d ' ' | base64 --decode > ~/.ssh/id_ec2.pem
```

124
cookbooks/rsyslog/attributes/default.rb Normal file
View File

@@ -0,0 +1,124 @@
#
# Cookbook Name:: rsyslog
# Attributes:: default
#
# Copyright 2009-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['rsyslog']['default_log_dir'] = '/var/log'
default['rsyslog']['log_dir'] = '/srv/rsyslog'
default['rsyslog']['working_dir'] = '/var/spool/rsyslog'
default['rsyslog']['server'] = false
default['rsyslog']['use_relp'] = false
default['rsyslog']['relp_port'] = 20_514
default['rsyslog']['protocol'] = 'tcp'
default['rsyslog']['port'] = 514
default['rsyslog']['server_ip'] = nil
default['rsyslog']['server_search'] = 'role:loghost'
default['rsyslog']['remote_logs'] = true
default['rsyslog']['per_host_dir'] = '%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%'
default['rsyslog']['max_message_size'] = '2k'
default['rsyslog']['preserve_fqdn'] = 'off'
default['rsyslog']['high_precision_timestamps'] = false
default['rsyslog']['repeated_msg_reduction'] = 'on'
default['rsyslog']['logs_to_forward'] = '*.*'
default['rsyslog']['enable_imklog'] = true
default['rsyslog']['config_prefix'] = '/etc'
default['rsyslog']['default_file_template'] = nil
default['rsyslog']['default_remote_template'] = nil
default['rsyslog']['rate_limit_interval'] = nil
default['rsyslog']['rate_limit_burst'] = nil
default['rsyslog']['enable_tls'] = false
default['rsyslog']['action_queue_max_disk_space'] = '1G'
default['rsyslog']['tls_ca_file'] = nil
default['rsyslog']['tls_certificate_file'] = nil
default['rsyslog']['tls_key_file'] = nil
default['rsyslog']['tls_auth_mode'] = 'anon'
default['rsyslog']['use_local_ipv4'] = false
default['rsyslog']['allow_non_local'] = false
default['rsyslog']['additional_directives'] = {}
# The most likely platform-specific attributes
default['rsyslog']['service_name'] = 'rsyslog'
default['rsyslog']['user'] = 'root'
default['rsyslog']['group'] = 'adm'
default['rsyslog']['priv_seperation'] = false
default['rsyslog']['priv_user'] = nil
default['rsyslog']['priv_group'] = nil
default['rsyslog']['modules'] = %w(imuxsock imklog)
# platform family specific attributes
case node['platform_family']
when 'rhel', 'fedora'
default['rsyslog']['working_dir'] = '/var/lib/rsyslog'
# format { facility => destination }
default['rsyslog']['default_facility_logs'] = {
'*.info;mail.none;authpriv.none;cron.none' => "#{node['rsyslog']['default_log_dir']}/messages",
'authpriv.*' => "#{node['rsyslog']['default_log_dir']}/secure",
'mail.*' => "-#{node['rsyslog']['default_log_dir']}/maillog",
'cron.*' => "#{node['rsyslog']['default_log_dir']}/cron",
'*.emerg' => '*',
'uucp,news.crit' => "#{node['rsyslog']['default_log_dir']}/spooler",
'local7.*' => "#{node['rsyslog']['default_log_dir']}/boot.log"
}
# RHEL >= 7 and Fedora >= 19 use journald in systemd. Amazon Linux doesn't.
if node['platform'] != 'amazon' && (node['platform_version'].to_i == 7 || node['platform_version'].to_i >= 19)
default['rsyslog']['modules'] = %w(imuxsock imjournal)
default['rsyslog']['additional_directives'] = { 'OmitLocalLogging' => 'on', 'IMJournalStateFile' => 'imjournal.state' }
end
else
# format { facility => destination }
default['rsyslog']['default_facility_logs'] = {
'auth,authpriv.*' => "#{node['rsyslog']['default_log_dir']}/auth.log",
'*.*;auth,authpriv.none' => "-#{node['rsyslog']['default_log_dir']}/syslog",
'daemon.*' => "-#{node['rsyslog']['default_log_dir']}/daemon.log",
'kern.*' => "-#{node['rsyslog']['default_log_dir']}/kern.log",
'mail.*' => "-#{node['rsyslog']['default_log_dir']}/mail.log",
'user.*' => "-#{node['rsyslog']['default_log_dir']}/user.log",
'mail.info' => "-#{node['rsyslog']['default_log_dir']}/mail.info",
'mail.warn' => "-#{node['rsyslog']['default_log_dir']}/mail.warn",
'mail.err' => "#{node['rsyslog']['default_log_dir']}/mail.err",
'news.crit' => "#{node['rsyslog']['default_log_dir']}/news/news.crit",
'news.err' => "#{node['rsyslog']['default_log_dir']}/news/news.err",
'news.notice' => "-#{node['rsyslog']['default_log_dir']}/news/news.notice",
'*.=debug;auth,authpriv.none;news.none;mail.none' => "-#{node['rsyslog']['default_log_dir']}/debug",
'*.=info;*.=notice;*.=warn;auth,authpriv.none;cron,daemon.none;mail,news.none' => "-#{node['rsyslog']['default_log_dir']}/messages",
'*.emerg' => '*'
}
end
# platform specific attributes
case node['platform']
when 'ubuntu'
# syslog user introduced with natty package
if node['platform_version'].to_f >= 11.04
default['rsyslog']['user'] = 'syslog'
default['rsyslog']['group'] = 'adm'
default['rsyslog']['priv_seperation'] = true
default['rsyslog']['priv_group'] = 'syslog'
end
when 'arch'
default['rsyslog']['service_name'] = 'rsyslogd'
when 'smartos'
default['rsyslog']['config_prefix'] = '/opt/local/etc'
default['rsyslog']['modules'] = %w(immark imsolaris imtcp imudp)
default['rsyslog']['group'] = 'root'
when 'omnios'
default['rsyslog']['service_name'] = 'system/rsyslogd'
default['rsyslog']['modules'] = %w(immark imsolaris imtcp imudp)
default['rsyslog']['group'] = 'root'
when 'suse'
default['rsyslog']['service_name'] = 'syslog'
end

100
cookbooks/rsyslog/chefignore Normal file
View File

@@ -0,0 +1,100 @@
# Put files/directories that should be ignored in this file when uploading
# or sharing to the community site.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
examples/*
Guardfile
Procfile
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Cookbooks #
#############
CONTRIBUTING
CHANGELOG*
# Strainer #
############
Colanderfile
Strainerfile
.colander
.strainer
# Vagrant #
###########
.vagrant
Vagrantfile
# Travis #
##########
.travis.yml
test/
spec/
examples/

18
cookbooks/rsyslog/libraries/helpers.rb Normal file
View File

@@ -0,0 +1,18 @@
module RsyslogCookbook
# helpers for the various service providers on Ubuntu systems
module Helpers
def declare_rsyslog_service
if node['platform'] == 'ubuntu' && node['platform_version'].to_f >= 12.04
service_provider = Chef::Provider::Service::Upstart
else
service_provider = nil
end
service node['rsyslog']['service_name'] do
supports :restart => true, :status => true
action [:enable, :start]
provider service_provider
end
end
end
end

375
cookbooks/rsyslog/metadata.json Normal file
View File

File diff suppressed because one or more lines are too long

131
cookbooks/rsyslog/metadata.rb Normal file
View File

@@ -0,0 +1,131 @@
name 'rsyslog'
maintainer 'Chef Software, Inc.'
maintainer_email 'cookbooks@chef.io'
license 'Apache 2.0'
description 'Installs and configures rsyslog'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '2.0.0'
recipe 'rsyslog', 'Installs rsyslog'
recipe 'rsyslog::client', 'Sets up a client to log to a remote rsyslog server'
recipe 'rsyslog::server', 'Sets up an rsyslog server'
supports 'ubuntu', '>= 10.04'
supports 'debian', '>= 5.0'
supports 'redhat', '>= 5.0'
supports 'centos', '>= 5.0'
supports 'fedora', '>= 20.0'
attribute 'rsyslog',
:display_name => 'Rsyslog',
:description => 'Hash of Rsyslog attributes',
:type => 'hash'
attribute 'rsyslog/log_dir',
:display_name => 'Rsyslog Log Directory',
:description => 'Filesystem location of logs from clients',
:default => '/srv/rsyslog'
attribute 'rsyslog/server',
:display_name => 'Rsyslog Server?',
:description => 'Is this node an rsyslog server?',
:default => 'false'
attribute 'rsyslog/server_ip',
:display_name => 'Rsyslog Server IP Address',
:description => 'Set rsyslog server ip address explicitly'
attribute 'rsyslog/server_search',
:display_name => 'Rsyslog Server Search Criteria',
:description => 'Set the search criteria for rsyslog server resolving',
:default => 'role:loghost'
attribute 'rsyslog/protocol',
:display_name => 'Rsyslog Protocol',
:description => 'Set which network protocol to use for rsyslog',
:default => 'tcp'
attribute 'rsyslog/port',
:display_name => 'Rsyslog Port',
:description => 'Port that Rsyslog listens for incoming connections',
:default => '514'
attribute 'rsyslog/remote_logs',
:display_name => 'Remote Logs',
:description => 'Specifies whether redirect all log from client to server',
:default => 'true'
attribute 'rsyslog/user',
:display_name => 'User',
:description => 'The owner of Rsyslog config files and directories',
:default => 'root'
attribute 'rsyslog/group',
:display_name => 'Group',
:description => 'The group-owner of Rsyslog config files and directories',
:default => 'adm'
attribute 'rsyslog/service_name',
:display_name => 'Service name',
:description => 'The name of the service for the platform',
:default => 'rsyslog'
attribute 'rsyslog/max_message_size',
:display_name => 'Maximum Rsyslog message size',
:description => 'Specifies the maximum size of allowable Rsyslog messages',
:default => '2k'
attribute 'rsyslog/preserve_fqdn',
:display_name => 'Preserve FQDN',
:description => 'Specifies if the short or full host name will be used. The default off setting is more compatible.',
:default => 'off'
attribute 'rsyslog/repeated_msg_reduction',
:display_name => 'Filter duplicated messages',
:description => 'Specifies whether or not repeated messages should be reduced.',
:default => 'on'
attribute 'rsyslog/priv_seperation',
:display_name => 'Privilege separation',
:description => 'Whether or not to make use of Rsyslog privilege separation',
:default => 'false'
attribute 'rsyslog/default_file_template',
:display_name => 'Default file log format template',
:description => 'The name of a pre-defined log format template (ie - `RSYSLOG_FileFormat`), used for local log files.'
attribute 'rsyslog/default_remote_template',
:display_name => 'Default remote log format template',
:description => 'The name of a pre-defined log format template (ie - `RSYSLOG_SyslogProtocol23Format`), used for remote log forwarding.'
attribute 'rsyslog/enable_tls',
:display_name => 'Enable TLS',
:description => 'Whether or not to enable TLS encryption. When enabled, forces protocol to "tcp"',
:default => 'false'
attribute 'rsyslog/tls_ca_file',
:display_name => 'TLS CA file',
:description => 'Path to TLS CA file. Required for both server and clients.'
attribute 'rsyslog/tls_certificate_file',
:display_name => 'TLS certificate file',
:description => 'Path to TLS certificate file. Required for server, optional for clients.'
attribute 'rsyslog/tls_key_file',
:display_name => 'TLS key file',
:description => 'Path to TLS key file. Required for server, optional for clients.'
attribute 'rsyslog/tls_auth_mode',
:display_name => 'TLS auth mode',
:description => 'Value for "$InputTCPServerStreamDriverAuthMode"/"$ActionSendStreamDriverAuthMode", determines whether client certs are validated.',
:default => 'anon'
attribute 'rsyslog/use_local_ipv4',
:display_name => 'Try to use local IPv4 address',
:description => 'Whether or not to make use the remote local IPv4 address on cloud systems when searching for servers (where available).',
:default => 'false'
attribute 'rsyslog/allow_non_local',
:display_name => 'Allow non-local messages',
:description => 'Allow processing of messages coming any IP, not just 127.0.0.1',
:default => 'false'

39
cookbooks/rsyslog/providers/file_input.rb Normal file
View File

@@ -0,0 +1,39 @@
# Cookbook Name:: rsyslog
# Provider:: file_input
#
# Copyright 2012, Joseph Holsten
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use_inline_resources
include RsyslogCookbook::Helpers
action :create do
declare_rsyslog_service
template "/etc/rsyslog.d/#{new_resource.priority}-#{new_resource.name}.conf" do
mode '0664'
owner node['rsyslog']['user']
group node['rsyslog']['group']
source new_resource.source
cookbook new_resource.cookbook
variables 'file_name' => new_resource.file,
'tag' => new_resource.name,
'state_file' => new_resource.name,
'severity' => new_resource.severity,
'facility' => new_resource.facility
notifies :restart, resources('service[rsyslog]')
end
end

72
cookbooks/rsyslog/recipes/client.rb Normal file
View File

@@ -0,0 +1,72 @@
#
# Cookbook Name:: rsyslog
# Recipe:: client
#
# Copyright 2009-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Do not run this recipe if the server attribute is set
return if node['rsyslog']['server']
include_recipe 'rsyslog::default'
def chef_solo_search_installed?
klass = ::Search.const_get('Helper')
return klass.is_a?(Class)
rescue NameError
return false
end
# On Chef Solo, we use the node['rsyslog']['server_ip'] attribute, and on
# normal Chef, we leverage the search query.
if Chef::Config[:solo] && !chef_solo_search_installed?
if node['rsyslog']['server_ip']
rsyslog_servers = Array(node['rsyslog']['server_ip'])
else
Chef::Application.fatal!("Chef Solo does not support search. You must set node['rsyslog']['server_ip'] or use the chef-solo-search cookbook!")
end
else
results = search(:node, node['rsyslog']['server_search']).map do |server|
ipaddress = server['ipaddress']
# If both server and client are on the same cloud and local network, they may be
# instructed to communicate via the internal interface by enabling `use_local_ipv4`
if node['rsyslog']['use_local_ipv4'] && server.attribute?('cloud') && server['cloud']['local_ipv4']
ipaddress = server['cloud']['local_ipv4']
end
ipaddress
end
rsyslog_servers = Array(node['rsyslog']['server_ip']) + Array(results)
end
if rsyslog_servers.empty?
Chef::Application.fatal!('The rsyslog::client recipe was unable to determine the remote syslog server. Checked both the server_ip attribute and search!')
end
remote_type = node['rsyslog']['use_relp'] ? 'relp' : 'remote'
template "#{node['rsyslog']['config_prefix']}/rsyslog.d/49-remote.conf" do
source "49-#{remote_type}.conf.erb"
owner 'root'
group 'root'
mode '0644'
variables(:servers => rsyslog_servers)
notifies :restart, "service[#{node['rsyslog']['service_name']}]"
only_if { node['rsyslog']['remote_logs'] }
end
file "#{node['rsyslog']['config_prefix']}/rsyslog.d/server.conf" do
action :delete
notifies :restart, "service[#{node['rsyslog']['service_name']}]"
end

89
cookbooks/rsyslog/recipes/default.rb Normal file
View File

@@ -0,0 +1,89 @@
#
# Cookbook Name:: rsyslog
# Recipe:: default
#
# Copyright 2009-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
extend RsyslogCookbook::Helpers
package 'rsyslog'
package 'rsyslog-relp' if node['rsyslog']['use_relp']
if node['rsyslog']['enable_tls'] && node['rsyslog']['tls_ca_file']
Chef::Application.fatal!("Recipe rsyslog::default can not use 'enable_tls' with protocol '#{node['rsyslog']['protocol']}' (requires 'tcp')") unless node['rsyslog']['protocol'] == 'tcp'
package 'rsyslog-gnutls'
end
directory "#{node['rsyslog']['config_prefix']}/rsyslog.d" do
owner 'root'
group 'root'
mode '0755'
end
directory node['rsyslog']['working_dir'] do
owner node['rsyslog']['user']
group node['rsyslog']['group']
mode '0700'
end
# Our main stub which then does its own rsyslog-specific
# include of things in /etc/rsyslog.d/*
template "#{node['rsyslog']['config_prefix']}/rsyslog.conf" do
source 'rsyslog.conf.erb'
owner 'root'
group 'root'
mode '0644'
notifies :restart, "service[#{node['rsyslog']['service_name']}]"
end
template "#{node['rsyslog']['config_prefix']}/rsyslog.d/50-default.conf" do
source '50-default.conf.erb'
owner 'root'
group 'root'
mode '0644'
notifies :restart, "service[#{node['rsyslog']['service_name']}]"
end
# syslog needs to be stopped before rsyslog can be started on RHEL versions before 6.0
if platform_family?('rhel') && node['platform_version'].to_i < 6
service 'syslog' do
action [:stop, :disable]
end
elsif platform_family?('smartos', 'omnios')
# syslog needs to be stopped before rsyslog can be started on SmartOS, OmniOS
service 'system-log' do
action :disable
end
end
if platform_family?('omnios')
# manage the SMF manifest on OmniOS
template '/var/svc/manifest/system/rsyslogd.xml' do
source 'omnios-manifest.xml.erb'
owner 'root'
group 'root'
mode '0644'
notifies :run, 'execute[import rsyslog manifest]', :immediately
end
execute 'import rsyslog manifest' do
action :nothing
command 'svccfg import /var/svc/manifest/system/rsyslogd.xml'
notifies :restart, "service[#{node['rsyslog']['service_name']}]"
end
end
declare_rsyslog_service

44
cookbooks/rsyslog/recipes/server.rb Normal file
View File

@@ -0,0 +1,44 @@
#
# Cookbook Name:: rsyslog
# Recipe:: server
#
# Copyright 2009-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Manually set this attribute
node.set['rsyslog']['server'] = true
include_recipe 'rsyslog::default'
directory node['rsyslog']['log_dir'] do
owner node['rsyslog']['user']
group node['rsyslog']['group']
mode '0755'
recursive true
end
template "#{node['rsyslog']['config_prefix']}/rsyslog.d/35-server-per-host.conf" do
source '35-server-per-host.conf.erb'
owner 'root'
group 'root'
mode '0644'
notifies :restart, "service[#{node['rsyslog']['service_name']}]"
end
file "#{node['rsyslog']['config_prefix']}/rsyslog.d/remote.conf" do
action :delete
notifies :restart, "service[#{node['rsyslog']['service_name']}]"
only_if { ::File.exist?("#{node['rsyslog']['config_prefix']}/rsyslog.d/remote.conf") }
end

28
cookbooks/rsyslog/resources/file_input.rb Normal file
View File

@@ -0,0 +1,28 @@
# Cookbook Name:: rsyslog
# Resource:: file_input
#
# Copyright 2012-2015, Joseph Holsten
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
actions :create
default_action :create
attribute :name, :kind_of => String, :name_attribute => true, :required => true
attribute :file, :kind_of => String, :required => true
attribute :priority, :kind_of => Integer, :default => 99
attribute :severity, :kind_of => String
attribute :facility, :kind_of => String
attribute :cookbook, :kind_of => String, :default => 'rsyslog'
attribute :source, :kind_of => String, :default => 'file-input.conf.erb'

62
cookbooks/rsyslog/templates/default/35-server-per-host.conf.erb Normal file
View File

@@ -0,0 +1,62 @@
# Generated by Chef
# Local modifications will be overwritten
<% if node['rsyslog']['use_relp'] -%>
$ModLoad imrelp
$InputRELPServerRun <%= node['rsyslog']['relp_port'] %>
<% end -%>
$DirGroup <%= node['rsyslog']['group'] %>
$DirCreateMode 0755
$FileGroup <%= node['rsyslog']['group'] %>
$template PerHostAuth,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/auth.log"
$template PerHostCron,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/cron.log"
$template PerHostSyslog,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/syslog"
$template PerHostDaemon,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/daemon.log"
$template PerHostKern,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/kern.log"
$template PerHostLpr,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/lpr.log"
$template PerHostUser,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/user.log"
$template PerHostMail,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/mail.log"
$template PerHostMailInfo,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/mail.info"
$template PerHostMailWarn,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/mail.warn"
$template PerHostMailErr,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/mail.err"
$template PerHostNewsCrit,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/news.crit"
$template PerHostNewsErr,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/news.err"
$template PerHostNewsNotice,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/news.notice"
$template PerHostDebug,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/debug"
$template PerHostMessages,"<%= node['rsyslog']['log_dir'] %>/<%= node['rsyslog']['per_host_dir'] %>/messages"
auth,authpriv.* ?PerHostAuth
*.*;auth,authpriv.none -?PerHostSyslog
cron.* ?PerHostCron
daemon.* -?PerHostDaemon
kern.* -?PerHostKern
lpr.* -?PerHostLpr
mail.* -?PerHostMail
user.* -?PerHostUser
mail.info -?PerHostMailInfo
mail.warn ?PerHostMailWarn
mail.err ?PerHostMailErr
news.crit ?PerHostNewsCrit
news.err ?PerHostNewsErr
news.notice -?PerHostNewsNotice
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -?PerHostDebug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -?PerHostMessages
<% unless node['rsyslog']['allow_non_local'] -%>
#
# Stop processing of all non-local messages. You can process remote messages
# on levels less than 35.
#
:fromhost-ip,!isequal,"127.0.0.1" ~
<% end -%>

10
cookbooks/rsyslog/templates/default/49-relp.conf.erb Normal file
View File

@@ -0,0 +1,10 @@
# Generated by Chef
$ModLoad omrelp
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
<% @servers.each do |server| -%>
*.* :omrelp:<%= "#{server}:#{node['rsyslog']['relp_port']}" %><%= node['rsyslog']['default_remote_template'] ? ';' + node['rsyslog']['default_remote_template'] : nil %>
<% end -%>

28
cookbooks/rsyslog/templates/default/49-remote.conf.erb Normal file
View File

@@ -0,0 +1,28 @@
# Generated by Chef
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
$ActionQueueMaxDiskSpace <%= node['rsyslog']['action_queue_max_disk_space'] %> # Don't use more than this much space for the queue
<% if node['rsyslog']['enable_tls'] && node['rsyslog']['tls_ca_file'] -%>
$DefaultNetstreamDriverCAFile <%= node['rsyslog']['tls_ca_file'] %>
<% if node['rsyslog']['tls_certificate_file'] -%>
$DefaultNetstreamDriverCertFile <%= node['rsyslog']['tls_certificate_file'] %>
<% end -%>
<% if node['rsyslog']['tls_key_file'] -%>
$DefaultNetstreamDriverKeyFile <%= node['rsyslog']['tls_key_file'] %>
<% end -%>
$DefaultNetstreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode <%= node['rsyslog']['tls_auth_mode'] %>
<% end -%>
<% @servers.each do |server| -%>
<% case node['rsyslog']['protocol'] -%>
<% when "tcp" -%>
<%= node['rsyslog']['logs_to_forward'] %> @@<%= server %>:<%= node['rsyslog']['port'] %><%= node["rsyslog"]["default_remote_template"] ? ';' + node["rsyslog"]["default_remote_template"] : nil %>
<% when "udp" -%>
<%= node['rsyslog']['logs_to_forward'] %> @<%= server %>:<%= node['rsyslog']['port'] %><%= node["rsyslog"]["default_remote_template"] ? ';' + node["rsyslog"]["default_remote_template"] : nil %>
<% end -%>
<% end -%>

6
cookbooks/rsyslog/templates/default/50-default.conf.erb Normal file
View File

@@ -0,0 +1,6 @@
# Generated by Chef
# For more information see rsyslog.conf(5) and /etc/rsyslog.conf
<% node['rsyslog']['default_facility_logs'].each do |key, value| %>
<%= key %> <%= value %>
<% end %>

15
cookbooks/rsyslog/templates/default/file-input.conf.erb Normal file
View File

@@ -0,0 +1,15 @@
# <%= @tag %>.conf - Syslog file inputs for <%= @tag %>
#
# Generated by Chef for <%= node['fqdn'] %>
# Local modifications will be overwritten.
$ModLoad imfile
$InputFileName <%= @file_name %>
$InputFileTag <%= @tag %>:
$InputFileStateFile <%= @state_file %>
<% if @severity %>
$InputFileSeverity <%= @severity %>
<% end %>
<% if @facility %>
$InputFileFacility <%= @facility %>
<% end %>
$InputRunFileMonitor

30
cookbooks/rsyslog/templates/default/omnios-manifest.xml.erb Normal file
View File

@@ -0,0 +1,30 @@
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type='manifest' name='export'>
<service name='<%= node['rsyslog']['service_name'] %>' type='service' version='0'>
<create_default_instance enabled='true'/>
<single_instance/>
<dependency name='network' grouping='require_all' restart_on='error' type='service'>
<service_fmri value='svc:/milestone/network:default'/>
</dependency>
<dependency name='filesystem' grouping='require_all' restart_on='error' type='service'>
<service_fmri value='svc:/system/filesystem/local'/>
</dependency>
<method_context/>
<exec_method name='start' type='method' exec='/opt/omni/sbin/rsyslogd -f %{config_file}' timeout_seconds='60'/>
<exec_method name='stop' type='method' exec=':kill' timeout_seconds='60'/>
<property_group name='startd' type='framework'>
<propval name='duration' type='astring' value='contract'/>
<propval name='ignore_error' type='astring' value='core,signal'/>
</property_group>
<property_group name='application' type='application'>
<propval name='config_file' type='astring' value='<%= node["rsyslog"]["config_prefix"] %>/rsyslog.conf'/>
</property_group>
<stability value='Evolving'/>
<template>
<common_name>
<loctext xml:lang='C'>rsyslog daemon</loctext>
</common_name>
</template>
</service>
</service_bundle>

106
cookbooks/rsyslog/templates/default/rsyslog.conf.erb Normal file
View File

@@ -0,0 +1,106 @@
# rsyslog configuration file - Generated by Chef
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#
# Set max message size
#
$MaxMessageSize <%= node['rsyslog']['max_message_size'] %>
#
# Preserve FQDN
#
$PreserveFQDN <%= node['rsyslog']['preserve_fqdn'] %>
#################
#### MODULES ####
#################
<% if node['rsyslog']['modules'] && !node['rsyslog']['modules'].empty? %>
<% [*node['rsyslog']['modules']].each do |mod| %>
$ModLoad <%= mod %>
<% end %>
<% end %>
<% if node['rsyslog']['server'] -%>
<% if node['rsyslog']['enable_tls'] && node['rsyslog']['tls_ca_file'] &&
node['rsyslog']['tls_key_file'] && node['rsyslog']['tls_certificate_file'] -%>
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile <%= node['rsyslog']['tls_ca_file'] %>
$DefaultNetstreamDriverCertFile <%= node['rsyslog']['tls_certificate_file'] %>
$DefaultNetstreamDriverKeyFile <%= node['rsyslog']['tls_key_file'] %>
$ModLoad imtcp
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
$InputTCPServerStreamDriverAuthMode <%= node['rsyslog']['tls_auth_mode'] || 'anon' %>
$InputTCPServerRun <%= node['rsyslog']['port'] %>
# Provide <%= node['rsyslog']['protocol'].upcase %> log reception
<% else -%>
<% case node['rsyslog']['protocol'] -%>
<% when "tcp" -%>
$ModLoad imtcp
$InputTCPServerRun <%= node['rsyslog']['port'] %>
<% when "udp" -%>
$ModLoad imudp
$UDPServerRun <%= node['rsyslog']['port'] %>
<% end -%>
<% end -%>
<% end -%>
###########################
#### GLOBAL DIRECTIVES ####
###########################
<% if node["rsyslog"]["default_file_template"] -%>
#
# Default log format template
#
$ActionFileDefaultTemplate <%= node["rsyslog"]["default_file_template"] %>
<% elsif !node["rsyslog"]["high_precision_timestamps"] -%>
#
# Use default timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
<% end -%>
# Filter duplicated messages
$RepeatedMsgReduction <%= node['rsyslog']['repeated_msg_reduction'] %>
#
# Set temporary directory to buffer syslog queue
#
$WorkDirectory <%= node['rsyslog']['working_dir'] %>
#
# Set the default permissions for all log files.
#
$FileOwner <%= node['rsyslog']['user'] %>
$FileGroup <%= node['rsyslog']['group'] %>
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
<% if node['rsyslog']['priv_seperation'] %>
$PrivDropToUser <%= node['rsyslog']['priv_user'] || node['rsyslog']['user'] %>
$PrivDropToGroup <%= node['rsyslog']['priv_group'] || node['rsyslog']['group'] %>
<% end %>
<% unless node['rsyslog']['rate_limit_interval'].nil? %>
#
# Set the amount of time that is being measured for rate limiting
#
$SystemLogRateLimitInterval <%= node['rsyslog']['rate_limit_interval'] %>
<% end %>
<% unless node['rsyslog']['rate_limit_burst'].nil? %>
#
# Set the amount of messages, that have to occur in the time limit of
# SystemLogRateLimitInterval, to trigger rate limiting
#
$SystemLogRateLimitBurst <%= node['rsyslog']['rate_limit_burst'] %>
<% end %>
#
# Include all config files in <%= node['rsyslog']['config_prefix'] %>/rsyslog.d/
#
$IncludeConfig <%= node['rsyslog']['config_prefix'] %>/rsyslog.d/*.conf
<% node['rsyslog']['additional_directives'].each_pair do |k,v| %>
$<%= k %> <%= v %>
<% end %>

18
cookbooks/rsyslog/templates/smartos/50-default.conf.erb Normal file
View File

@@ -0,0 +1,18 @@
# Dropped of by Chef. Modifications will be lost.
#
# Default rules for rsyslog.
#
# For more information see rsyslog.conf(5) and <%= node['rsyslog']['config_prefix'] %>/rsyslog.conf
*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
*.alert;kern.err;daemon.err operator
*.alert root
*.emerg *
mail.debug /var/log/syslog
auth.info /var/log/auth.log
mail.info /var/log/postfix.log