112 lines
2.9 KiB
Puppet
112 lines
2.9 KiB
Puppet
class platform::remotelogging::params (
|
|
$enabled = false,
|
|
$ip_address = undef,
|
|
$port = undef,
|
|
$transport = 'tcp',
|
|
$service_name = 'remotelogging',
|
|
) {}
|
|
|
|
|
|
class platform::remotelogging
|
|
inherits ::platform::remotelogging::params {
|
|
|
|
if $enabled {
|
|
include ::platform::params
|
|
$system_name = $::platform::params::system_name
|
|
$hostname = $::hostname
|
|
|
|
if($transport == 'tls') {
|
|
$server = "{tcp(\"${ip_address}\" port(${port}) tls(peer-verify(\"required-untrusted\")));};"
|
|
} else {
|
|
$server = "{${transport}(\"${ip_address}\" port(${port}));};"
|
|
}
|
|
|
|
$destination = 'destination remote_log_server '
|
|
$destination_line = "${destination} ${server}"
|
|
|
|
file_line { 'conf-add-log-server':
|
|
path => '/etc/syslog-ng/syslog-ng.conf',
|
|
line => $destination_line,
|
|
match => $destination,
|
|
}
|
|
-> file_line { 'conf-add-remote':
|
|
path => '/etc/syslog-ng/syslog-ng.conf',
|
|
line => '@include "remotelogging.conf"',
|
|
match => '#@include \"remotelogging.conf\"',
|
|
}
|
|
-> file { '/etc/syslog-ng/remotelogging.conf':
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
content => template('platform/remotelogging.conf.erb'),
|
|
}
|
|
-> exec { 'remotelogging-update-tc':
|
|
command => "/usr/local/bin/remotelogging_tc_setup.sh ${port}"
|
|
}
|
|
-> Exec['syslog-ng-reload']
|
|
|
|
} else {
|
|
# remove remote logging configuration from syslog-ng
|
|
file_line { 'exclude remotelogging conf':
|
|
path => '/etc/syslog-ng/syslog-ng.conf',
|
|
line => '#@include "remotelogging.conf"',
|
|
match => '@include \"remotelogging.conf\"',
|
|
}
|
|
-> Exec['syslog-ng-reload']
|
|
}
|
|
|
|
exec { 'syslog-ng-reload':
|
|
command => '/usr/bin/systemctl reload syslog-ng'
|
|
}
|
|
}
|
|
|
|
|
|
class platform::remotelogging::proxy(
|
|
$table = 'nat',
|
|
$chain = 'POSTROUTING',
|
|
$jump = 'MASQUERADE',
|
|
) inherits ::platform::remotelogging::params {
|
|
|
|
include ::platform::network::oam::params
|
|
|
|
$oam_interface = $::platform::network::oam::params::interface_name
|
|
|
|
if $enabled {
|
|
|
|
if $transport == 'tls' {
|
|
$firewall_proto_transport = 'tcp'
|
|
} else {
|
|
$firewall_proto_transport = $transport
|
|
}
|
|
|
|
platform::firewall::rule { 'remotelogging-nat':
|
|
service_name => $service_name,
|
|
table => $table,
|
|
chain => $chain,
|
|
proto => $firewall_proto_transport,
|
|
outiface => $oam_interface,
|
|
jump => $jump,
|
|
}
|
|
|
|
} else {
|
|
platform::firewall::rule { 'remotelogging-nat':
|
|
ensure => absent,
|
|
service_name => $service_name,
|
|
table => $table,
|
|
chain => $chain,
|
|
outiface => $oam_interface,
|
|
jump => $jump,
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
class platform::remotelogging::runtime {
|
|
include ::platform::remotelogging
|
|
|
|
if $::personality == 'controller' {
|
|
include ::platform::remotelogging::proxy
|
|
}
|
|
}
|