- Forked from the example role.

README.rst

-Example
-#######
+Syslog forwarding
+#################
 
-An (empty) example Ansible role complete with working tests out of the box. For
-more information read the `blog post
-<https://www.shore.co.il/blog/ansible-example-role/>`_.
+Configure syslog forwarding (syslogd on OpenBSD, rsyslog on Debian).
 
 Requirements
 ------------

defaults/main.yml

 ---
-# defaults file for ansible-role-example
+# defaults file for ansible-role-syslog-forward
+
+syslog_server:

handlers/main.yml

 ---
-# handlers file for ansible-role-example
+# handlers file for ansible-role-syslog-forward
+
+- name: Restart rsyslog
+  service:
+    name: rsyslog
+    state: restarted
+
+- name: Restart syslogd
+  service:
+    name: syslogd
+    state: restarted

meta/main.yml

 galaxy_info:
   author: Nimrod Adar
-  description: An example Ansible role
+  description: Configure syslog forwarding.
   company: Shore technologies
   license: MIT
   min_ansible_version: 2.0
@@ -8,8 +8,8 @@ galaxy_info:
   - name: OpenBSD
     versions:
     - 5.9
-  galaxy_tags: [ ansible ]
-dependencies:
-    - src: https://www.shore.co.il/git/ansible-role-openbsd-bootstrap
-      scm: git
-      name: bootstrap
+  - name: Debian
+    versions:
+    - jessie
+  galaxy_tags: [ syslog ]
+dependencies: []

molecule.yml

@@ -15,8 +15,10 @@ vagrant:
   platforms:
   - name: openbsd
     box: kaorimatz/openbsd-5.9-amd64
+  - name: debian
+    box: debian/jessie64
   instances:
-  - name: ansible-role-example
+  - name: ansible-role-syslog-forward
     options:
         append_platform_to_hostname: yes
   raw_config_args:

tasks/main.yml

 ---
-# tasks file for ansible-role-example
+# tasks file for ansible-role-syslog-forward
 
-- assert:
-    that:
-        - ansible_os_family == 'OpenBSD'
-        - ansible_distribution_release == '5.9'
+- name: Assert
+  assert:
+    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
+
+- name: APT install rsyslog
+  when: ansible_os_family == 'Debian'
+  apt:
+    name: rsyslog-gnutls
+    state: present
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: Configure rsyslog forwarding
+  when: ansible_os_family == 'Debian'
+  template:
+    src: forwarding.conf.j2
+    dest: /etc/rsyslog.d/forwarding.conf
+    owner: root
+    group: root
+    mode: 0o0644
+  notify:
+  - Restart rsyslog
+
+- name: Configure syslogd forwarding
+  when: ansible_os_family == 'OpenBSD'
+  lineinfile:
+    dest: /etc/syslog.conf
+    line: '*.* @tls://{{ syslog_server}}'
+    regexp: '^\*.\* '
+    state: present
+  notify:
+  - Restart syslogd

templates/forwarding.conf.j2

+{#
+$DefaultNetstreamDriver gtls
+$DefaultNetstreamDriverCAFile {{ tls_ca_cert_path }}
+$DefaultNetstreamDriverCertFile {{ tls_cert_path }}
+$DefaultNetstreamDriverKeyFile {{ tls_key_path }}
+$ActionSendStreamDriverAuthMode x509/name
+#}
+
+$ActionSendStreamDriverPermittedPeer {{ syslog_server }}
+$ActionSendStreamDriverMode 1
+*.* @@{{ syslog_server }}

tests/test_syslog_forward.py

 def test_syslog_forward(Service, SystemInfo):
     if SystemInfo.type == 'openbsd':
         assert Service('syslogd').is_running
-    if SystemInfo.type == 'linux' and SystemInfo.distribution == 'debian'
+    elif SystemInfo.type == 'linux' and SystemInfo.distribution in ['debian',
+                                                                    'ubuntu']:
         assert Service('rsyslog').is_running

vars/main.yml

 ---
-# vars file for ansible-role-example
+# vars file for ansible-role-syslog-forward