ansible-roles/evolinux-base/tasks/logs.yml

---

# TODO: voir comment faire des backups initiaux des fichiers

# RSyslog
- name: Copy rsyslog.conf
  ansible.builtin.copy:
    src: logs/rsyslog.conf
    dest: /etc/rsyslog.conf
    mode: "0644"
  notify: restart rsyslog
  when: evolinux_logs_rsyslog_conf | bool

# Logrotate
- name: Disable logrotate default conf
  ansible.builtin.command:
    cmd: mv /etc/logrotate.d/rsyslog /etc/logrotate.d/rsyslog.disabled
  args:
    removes: /etc/logrotate.d/rsyslog
    creates: /etc/logrotate.d/rsyslog.disabled
  notify: restart rsyslog
  when: evolinux_logs_disable_logrotate_rsyslog | bool

- name: Copy many logrotate files
  ansible.builtin.copy:
    src: logs/logrotate.d/
    dest: /etc/logrotate.d/
  when: evolinux_logs_logrotate_confs | bool

- name: Copy rsyslog logrotate file
  ansible.builtin.template:
    src: logs/zsyslog.j2
    dest: /etc/logrotate.d/zsyslog
  when: evolinux_logs_logrotate_confs | bool

- name: Configure logrotate.conf default rotate value
  ansible.builtin.replace:
    dest: /etc/logrotate.conf
    regexp: "rotate [0-9]+"
    replace: "rotate 12"
  when: evolinux_logs_default_rotate | bool

- name: Enable logrotate.conf dateext option
  ansible.builtin.lineinfile:
    dest: /etc/logrotate.conf
    line: "dateext"
    regexp: "^#?\\s*dateext"
  when: evolinux_logs_default_dateext | bool

- name: Enable logrotate.conf dateformat option
  ansible.builtin.lineinfile:
    dest: /etc/logrotate.conf
    line: "dateformat {{ evolinux_logrotate_dateformat | mandatory }}"
    regexp: "^#?\\s*dateformat.*"
    insertafter: 'dateext'
  when: evolinux_logs_default_dateext | bool

- name: Disable logrotate.conf dateyesterday option
  ansible.builtin.lineinfile:
    dest: /etc/logrotate.conf
    line: "# dateyesterday"
    regexp: "^\\s*dateyesterday"
    insertafter: 'dateext'
  when: evolinux_logs_default_dateext | bool

# Logcheck
- name: Disable logcheck monitoring of journald
  ansible.builtin.lineinfile:
    dest: /etc/logrotate.conf
    line: "#journal"
    regexp: "^journal"
  when: evolinux_logs_disable_logcheck_journald | bool

# Journald
- name: /etc/systemd/journald.conf.d/ is present
  ansible.builtin.file:
    path: /etc/systemd/journald.conf.d/
    state: directory
    mode: "0755"
  when: evolinux_logs_journald_conf | bool

- name: Copy journald.conf
  ansible.builtin.copy:
    src: logs/journald.conf
    dest: /etc/systemd/journald.conf.d/00-evolinux-default.conf
    mode: "0644"
  notify: restart systemd-journald
  when: evolinux_logs_journald_conf | bool

- ansible.builtin.meta: flush_handlers
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00			`---`

			`# TODO: voir comment faire des backups initiaux des fichiers`

evolinux-base: Add comments structure in logs 2023-08-23 15:12:21 +02:00			`# RSyslog`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00			`- name: Copy rsyslog.conf`
evolinux-base: syntax 2023-03-18 18:35:54 +01:00			`ansible.builtin.copy:`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00			`src: logs/rsyslog.conf`
			`dest: /etc/rsyslog.conf`
Change mode with leading 0, but still as String 2017-03-23 16:59:43 +01:00			`mode: "0644"`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00			`notify: restart rsyslog`
Improve Ansible syntax replace « x \| changed » by « x is changed » add explicit « bool » filter use « length » filter instead of string comparison 2021-05-09 23:06:42 +02:00			`when: evolinux_logs_rsyslog_conf \| bool`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00
evolinux-base: Add comments structure in logs 2023-08-23 15:12:21 +02:00			`# Logrotate`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00			`- name: Disable logrotate default conf`
evolinux-base: syntax 2023-03-18 18:35:54 +01:00			`ansible.builtin.command:`
			`cmd: mv /etc/logrotate.d/rsyslog /etc/logrotate.d/rsyslog.disabled`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00			`args:`
			`removes: /etc/logrotate.d/rsyslog`
			`creates: /etc/logrotate.d/rsyslog.disabled`
			`notify: restart rsyslog`
Improve Ansible syntax replace « x \| changed » by « x is changed » add explicit « bool » filter use « length » filter instead of string comparison 2021-05-09 23:06:42 +02:00			`when: evolinux_logs_disable_logrotate_rsyslog \| bool`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00
evolinux-base: copy logorotate files there was a syntax error, the source was copied inside the target 2016-12-26 12:11:16 +01:00			`- name: Copy many logrotate files`
evolinux-base: syntax 2023-03-18 18:35:54 +01:00			`ansible.builtin.copy:`
evolinux-base: copy logorotate files there was a syntax error, the source was copied inside the target 2016-12-26 12:11:16 +01:00			`src: logs/logrotate.d/`
			`dest: /etc/logrotate.d/`
Improve Ansible syntax replace « x \| changed » by « x is changed » add explicit « bool » filter use « length » filter instead of string comparison 2021-05-09 23:06:42 +02:00			`when: evolinux_logs_logrotate_confs \| bool`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00
evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10 I've noticed that some log files, especially /var/log/syslog were empty. After investigating, I've realized that it was happening after a log rotation by logrotate. The old mechanism, `invoke-rc.d rsyslog rotate` isn't working anymore on Debian 10. It will fail with a not so explicit message : [FAIL] Closing open files: rsyslogd failed! Long story short, it seems that the pid file (`/run/rsyslogd.pid`) isn't created any more, so start-stop-daemon as used by /etc/init.d/rsyslog will fail. Explaining the error message. Debian 10 rsyslog now brings `/usr/lib/rsyslog/rsyslog-rotate` that is used by logrotate. It will send the signal HUP the 'right' way, so rsyslog will be aware of the log rotation. Sadly, this script isn't present in Debian 9 nor 8, so the logrotate configuration for rsyslog is now a template, using the right command for the right version. 2019-11-22 16:48:19 +01:00			`- name: Copy rsyslog logrotate file`
evolinux-base: syntax 2023-03-18 18:35:54 +01:00			`ansible.builtin.template:`
evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10 I've noticed that some log files, especially /var/log/syslog were empty. After investigating, I've realized that it was happening after a log rotation by logrotate. The old mechanism, `invoke-rc.d rsyslog rotate` isn't working anymore on Debian 10. It will fail with a not so explicit message : [FAIL] Closing open files: rsyslogd failed! Long story short, it seems that the pid file (`/run/rsyslogd.pid`) isn't created any more, so start-stop-daemon as used by /etc/init.d/rsyslog will fail. Explaining the error message. Debian 10 rsyslog now brings `/usr/lib/rsyslog/rsyslog-rotate` that is used by logrotate. It will send the signal HUP the 'right' way, so rsyslog will be aware of the log rotation. Sadly, this script isn't present in Debian 9 nor 8, so the logrotate configuration for rsyslog is now a template, using the right command for the right version. 2019-11-22 16:48:19 +01:00			`src: logs/zsyslog.j2`
			`dest: /etc/logrotate.d/zsyslog`
Improve Ansible syntax replace « x \| changed » by « x is changed » add explicit « bool » filter use « length » filter instead of string comparison 2021-05-09 23:06:42 +02:00			`when: evolinux_logs_logrotate_confs \| bool`
evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10 I've noticed that some log files, especially /var/log/syslog were empty. After investigating, I've realized that it was happening after a log rotation by logrotate. The old mechanism, `invoke-rc.d rsyslog rotate` isn't working anymore on Debian 10. It will fail with a not so explicit message : [FAIL] Closing open files: rsyslogd failed! Long story short, it seems that the pid file (`/run/rsyslogd.pid`) isn't created any more, so start-stop-daemon as used by /etc/init.d/rsyslog will fail. Explaining the error message. Debian 10 rsyslog now brings `/usr/lib/rsyslog/rsyslog-rotate` that is used by logrotate. It will send the signal HUP the 'right' way, so rsyslog will be aware of the log rotation. Sadly, this script isn't present in Debian 9 nor 8, so the logrotate configuration for rsyslog is now a template, using the right command for the right version. 2019-11-22 16:48:19 +01:00
evolinux-base: logs are rotated with dateext by default 2021-09-30 12:07:02 +02:00			`- name: Configure logrotate.conf default rotate value`
evolinux-base: syntax 2023-03-18 18:35:54 +01:00			`ansible.builtin.replace:`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00			`dest: /etc/logrotate.conf`
evolinux: fix rotate value customization with "[0-9]*" too much lines would be changed 2017-03-30 14:56:29 +02:00			`regexp: "rotate [0-9]+"`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00			`replace: "rotate 12"`
Improve Ansible syntax replace « x \| changed » by « x is changed » add explicit « bool » filter use « length » filter instead of string comparison 2021-05-09 23:06:42 +02:00			`when: evolinux_logs_default_rotate \| bool`
evolinux-base: flush handlers at end of each include 2017-01-03 17:02:23 +01:00
evolinux-base: logs are rotated with dateext by default 2021-09-30 12:07:02 +02:00			`- name: Enable logrotate.conf dateext option`
evolinux-base: syntax 2023-03-18 18:35:54 +01:00			`ansible.builtin.lineinfile:`
evolinux-base: logs are rotated with dateext by default 2021-09-30 12:07:02 +02:00			`dest: /etc/logrotate.conf`
			`line: "dateext"`
			`regexp: "^#?\\s*dateext"`
			`when: evolinux_logs_default_dateext \| bool`

			`- name: Enable logrotate.conf dateformat option`
evolinux-base: syntax 2023-03-18 18:35:54 +01:00			`ansible.builtin.lineinfile:`
evolinux-base: logs are rotated with dateext by default 2021-09-30 12:07:02 +02:00			`dest: /etc/logrotate.conf`
			`line: "dateformat {{ evolinux_logrotate_dateformat \| mandatory }}"`
			`regexp: "^#?\\sdateformat."`
			`insertafter: 'dateext'`
			`when: evolinux_logs_default_dateext \| bool`

			`- name: Disable logrotate.conf dateyesterday option`
evolinux-base: syntax 2023-03-18 18:35:54 +01:00			`ansible.builtin.lineinfile:`
evolinux-base: logs are rotated with dateext by default 2021-09-30 12:07:02 +02:00			`dest: /etc/logrotate.conf`
			`line: "# dateyesterday"`
			`regexp: "^\\s*dateyesterday"`
			`insertafter: 'dateext'`
			`when: evolinux_logs_default_dateext \| bool`

evolinux-base: Disable logcheck monitoring of journald 2023-08-23 15:05:10 +02:00			`# Logcheck`
			`- name: Disable logcheck monitoring of journald`
			`ansible.builtin.lineinfile:`
			`dest: /etc/logrotate.conf`
			`line: "#journal"`
			`regexp: "^journal"`
			`when: evolinux_logs_disable_logcheck_journald \| bool`

evolinux-base: Limit journald to 1 day 2023-08-23 15:11:39 +02:00			`# Journald`
			`- name: /etc/systemd/journald.conf.d/ is present`
			`ansible.builtin.file:`
			`path: /etc/systemd/journald.conf.d/`
			`state: directory`
			`mode: "0755"`
			`when: evolinux_logs_journald_conf \| bool`

			`- name: Copy journald.conf`
			`ansible.builtin.copy:`
			`src: logs/journald.conf`
			`dest: /etc/systemd/journald.conf.d/00-evolinux-default.conf`
			`mode: "0644"`
			`notify: restart systemd-journald`
			`when: evolinux_logs_journald_conf \| bool`

evolinux-base: syntax 2023-03-18 18:35:54 +01:00			`- ansible.builtin.meta: flush_handlers`